From 7c6d897854c80480b6c4b7869a1231f61a763cac Mon Sep 17 00:00:00 2001
From: Ben Adida <ben@adida.net>
Date: Fri, 4 Mar 2011 15:16:45 -0800
Subject: [PATCH] made sure that, if voting as local-election voter, not logged
 out of overall account

---
 helios/tests.py |  4 ++++
 helios/views.py | 11 +++++++++--
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/helios/tests.py b/helios/tests.py
index d742458..a563ef7 100644
--- a/helios/tests.py
+++ b/helios/tests.py
@@ -483,6 +483,10 @@ class ElectionBlackboxTests(TestCase):
         self.assertContains(response, ballot.hash)
         self.assertContains(response, html_escape(encrypted_vote))
 
+        # if we request the redirect to cast_done, the voter should be logged out, but not the user
+        response = self.client.get("/helios/elections/%s/cast_done" % election_id)
+        assert not self.client.session.has_key('CURRENT_VOTER')
+
         # encrypted tally
         response = self.client.post("/helios/elections/%s/compute_tally" % election_id, {
                 "csrf_token" : self.client.session['csrf_token']                
diff --git a/helios/views.py b/helios/views.py
index 38d533a..20e2181 100644
--- a/helios/views.py
+++ b/helios/views.py
@@ -649,7 +649,13 @@ def one_election_cast_done(request, election):
     votes = CastVote.get_by_voter(voter)
     vote_hash = votes[0].vote_hash
 
-    logout = settings.LOGOUT_ON_CONFIRMATION
+    # only log out if the setting says so *and* we're dealing
+    # with a site-wide voter. Definitely remove current_voter
+    if voter.user == user:
+      logout = settings.LOGOUT_ON_CONFIRMATION
+    else:
+      logout = False
+      del request.session['CURRENT_VOTER']
 
     save_in_session_across_logouts(request, 'last_vote_hash', vote_hash)
   else:
@@ -664,7 +670,8 @@ def one_election_cast_done(request, election):
   #   auth_views.do_local_logout(request)
     
   # remote logout is happening asynchronously in an iframe to be modular given the logout mechanism
-  return render_template(request, 'cast_done', {'election': election, 'vote_hash': vote_hash, 'logout': logout}, include_user=False)
+  # include_user is set to False if logout is happening
+  return render_template(request, 'cast_done', {'election': election, 'vote_hash': vote_hash, 'logout': logout}, include_user=(not logout))
 
 @election_view()
 @json
-- 
GitLab