benadida / helios-server Goto Github PK

In production I have been receiving stack trace emails from IE users:

<ModPythonRequest
path:/helios/elections/<guid>/voters/ie.css,

'HTTP_USER_AGENT': 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1)',

This should be hitting the static file instead of a django view I think. Django view results in:

AttributeError: 'NoneType' object has no attribute 'toJSONDict'

A nice idea on the platform can be implementing the Condorcet Method for the result of the election. In this case the platform will be very interesting for some communities that are using this kind of methods.

Ref: http://en.wikipedia.org/wiki/Condorcet_method

We should pull the mailto help email from settings.py so that it can be configured. I don't think everyone wants to rely on [email protected].

If you bulk upload two files at the same time each file gets their own aliases starting from v1. This results in two people having the same alias.

to prevent certain kinds of de-anonymization attacks.

for resending passwords, for example.

the first column looks like first name, instead of unique ID.

in CSV format

I tried to setup helios locally but I am not able to cast votes. Once I have voted I see:
"Congratulations, your vote has been successfully cast! "

But when I browse http://localhost:8000/helios/elections/fe56182c-dd34-11df-962b-00241d77a7d3/voters/list it says:
"no votes yet"

The background job seems to going through:

2010-10-21 20:44:04,652 INFO Got task from broker: helios.tasks.cast_vote_verify_and_store[06cd451d-a10f-4e72-8bc8-bbdf75cd4a23]
2010-10-21 20:44:04,718 INFO Task helios.tasks.cast_vote_verify_and_store[06cd451d-a10f-4e72-8bc8-bbdf75cd4a23] processed: None

The commit in use is 383f010

======================================================================
FAIL: test_create_election (helios.tests.ElectionModelTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/mnt/checkouts/helios-server/helios/tests.py", line 45, in test_create_election
    self.assertTrue(self.election.created_at < datetime.datetime.utcnow())
AssertionError

I am unable to log into Helios using Twitter.

I tried to log in on https://vote.heliosvoting.org/. I created a new account on Twitter and selected to log in with Twitter. I get to a screen where I am asked to authorized the Helios app. After I click "Authorize app", I briefly see a screen saying "Redirecting you back to...", then my browser is redirected to the following page:

Address of the page:
https://vote.heliosvoting.org/auth/after/?oauth_token=[REDACTED]&oauth_verifier=[REDACTED]
Contents of the page:
There was an error while handling your request.

I haven't tried it on another browser or another machine, so I don't know if the problem is on my end or on the Helios server.

I'm following Helios install instructions from http://documentation.heliosvoting.org/install,
and when getting the source from the git repo, I've got the following error after "git checkout origin/pure-django".

What is the issue? How should I proceed?

Thank you very much,
Erick Nogueira do Nascimento

Campinas State University

[root@Fedora helios]$ git clone git://github.com/benadida/helios-server.git
Cloning into helios-server...
remote: Counting objects: 1917, done.
remote: Compressing objects: 100% (840/840), done.
remote: Total 1917 (delta 1170), reused 1758 (delta 1056)
Receiving objects: 100% (1917/1917), 639.20 KiB, done.
Resolving deltas: 100% (1170/1170), done.
[root@Fedora helios]$ cd helios-server
[root@Fedora helios-server]$ git checkout origin/pure-django
error: Updating the following directories would lose untracked files in it:

helios

Aborting

[root@Fedora helios-server]$ git --version git version 1.7.3.4

If I force the checkout I receive this:

[root@Fedora helios-server]$ git checkout -f origin/pure-django
Note: checking out 'origin/pure-django'.

You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.

If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:

git checkout -b new_branch_name

HEAD is now at d9523b5... Alias generation

even when election is aliased.

I find the whole amqp/celery/kombu thing pretty confusing, as a newcomer to the Helios project, and I found the helios-server documentation kinda laconic and lacking as a result.

The official celery instructions mention a daemon running in the background. But the helios-server documentation fails to mention any of that.

In addition, I get this error:

https://gist.github.com/skaag/5810728

I get this error only while trying to actually cast my ballot. Before I get to that step, everything seems to be working fine. I create a public election, add questions, it's all good until helios tries to update celery (That's when the error above occurs).

This is running under Ubuntu 12.04 Precise x64, with Django 1.4.5, Python 2.7.3, all under virtualenv.

Any ideas how to fix this?

discover a vulnerability which allows an adversary to compromise voters' privacy. This vulnerability has been successfully exploited to break privacy in a small election using the current Helios implementation. Moreover, the feasibility of an attack is considered in the context of French legislative elections and, based upon our findings, we believe it constitutes a threat to ballot secrecy in real-world elections. Finally, a fix is proposed.

http://www.di.ens.fr/CryptoSeminaire.html#Attacking_ballot_secrecy_in_Heli

When the election has been started is still possible to replace voters. This is a good behaviour, since allows to change an invalid/not working email address. This is, however, also an issue when using anonymous elections: if the administrator of the election is bribed, he can remove some voters and replace with email addresses where he has access and then insert bogus votes, potentially changing the result of the election.

It seems the url is saved to the database as cast_url. It could as well be calculated dynamically on demand.

trustee can't log in. should prevent trustee with same email address from being created. Unique index?

If i configure the election to "Anyone can vote" then, once freezed the election on the "Voters & Ballot Tracking Center" i get this:

Who can vote?

any g user
any o user
any o user
any g user
any l user
any e user

This, in fact match what's on the database:

helios=# select eligibility from helios_election;
                                                 eligibility                                                              
--------------------------------------------------------------------------------------------------------------------------
 [{"auth_system": "g"}, {"auth_system": "o"}, {"auth_system": "o"}, {"auth_system": "g"}, {"auth_system": "l"}, {"auth_system": "e"}]
(1 row)

Why this happens? For what reason the login system "google" is treated as a sequence of chars?

by using Olivier and Damien's trick of representing objects as arrays, we can get to a strict JSON representation of any object for canonicalization purposes, and thus for hashing. This is better than my previous idea that we should use an arbitrary JSON serialization as the canonical representation, as there are too many cases where we need two sides to re-canonicalize.

on private elections, the note saying "you don't need to log in until you have voted" is wrong. should be removed.

In organising my first vote with Helios, I was hugely reassured by the explanations and previews available. However, I would very much like to see what the email sent to voters looks like.

This would allow administrators to better describe the voting procedure to members before the voting is opened. Perhaps a link on the /view section would suffice?

p.s. I was really impressed by the ease of use of such a secure system!

otherwise it's a 403.

this is too confusing otherwise.

Specifically, some folks are confused by the multi-step process of voting with the smart ballot tracker and the audit link. If voters are going to be confused and if no one is doing the auditing, then the extra complexity is not useful. So this should become optional.

In Firefox 5 on Windows 7, ballots created in the ballot box have an empty array for randomness.

To reproduce:

• open Firefox 5
• go to https://vote.heliosvoting.org/helios/elections/4115c734-1de0-11e0-bf0d-12313f025959/view
• click on Vote in this election
• In voting booth:
  • press Start
  • select Option Yes, then click Proceed
  • click Confirm Choices and Encrypt Ballot
  • click Audit, then Verify Encryption
  • scroll down to the bottom of the ballot audit: the randomness is listed as "randomness": [], which is an empty array

in the trustees page.

I haven't checked against the latest version of helios here on github, but your sample page on heliosvoting.org works.

Affected page: https://vote.heliosvoting.org/booth/vote.html

The election_url parameter is not validated and can be used to insert javascript from another domain. It is inserted into both $.get and $.getJSON, which can both be manipulated by this.

The following javascript code is executed in the client

 // election URL
var election_url = $.query.get('election_url'); 
// ...
BOOTH.load_and_setup_election = function(election_url) {
  // the hash will be computed within the setup function call now
  $.get(election_url, function(raw_json) {
    BOOTH.setup_election(raw_json);
    BOOTH.show_election();
    BOOTH.election_url = election_url;
  });
  if (USE_SJCL) {
    // get more randomness from server
    $.getJSON(election_url + "/get-randomness", {}, function(result) {
      sjcl.random.addEntropy(result.randomness);
     });
  }
};

$.getJSON will automatically use JSONP if it detects "callback=?" inside the request url. This can be abused:

Example using JSONP
https://vote.heliosvoting.org/booth/vote.html?election_url=http%3A%2F%2Fjoakim.uddholm.com%2Fhelios%2Felections%2Fcallback.php%3Fjsoncallback%3D%3F%26
Works in Firefox. Does not work in Chrome

After filling in all the fields on the create election form and submit it, I've got the HTTP 500 error below.

Thank you,
Erick Nogueira do Nascimento
Campinas State University

IntegrityError at /helios/elections/new

null value in column "short_name" violates not-null constraint

Request Method: POST
Request URL: http://127.0.0.1:8000/helios/elections/new
Django Version: 1.2.5
Exception Type: IntegrityError
Exception Value:

null value in column "short_name" violates not-null constraint

Exception Location: /usr/lib/python2.6/site-packages/django/db/models/query.py in get_or_create, line 391
Python Executable: /usr/bin/python
Python Version: 2.6.4
Python Path: ['/home/helios/helios/helios-server', '/usr/lib/python2.6/site-packages/celery-2.2.4-py2.6.egg', '/usr/lib/python2.6/site-packages/pyparsing-1.5.5-py2.6.egg', '/usr/lib/python2.6/site-packages/kombu-1.0.3-py2.6.egg', '/usr/lib/python2.6/site-packages/anyjson-0.3-py2.6.egg', '/usr/lib/python2.6/site-packages/python_dateutil-1.5-py2.6.egg', '/usr/lib/python2.6/site-packages/importlib-1.0.2-py2.6.egg', '/usr/lib/python2.6/site-packages/amqplib-0.6.1-py2.6.egg', '/usr/lib/python2.6/site-packages/django_celery-2.2.4-py2.6.egg', '/usr/lib/python2.6/site-packages/django_picklefield-0.1.9-py2.6.egg', '/usr/lib64/python26.zip', '/usr/lib64/python2.6', '/usr/lib64/python2.6/plat-linux2', '/usr/lib64/python2.6/lib-tk', '/usr/lib64/python2.6/lib-old', '/usr/lib64/python2.6/lib-dynload', '/usr/lib64/python2.6/site-packages', '/usr/lib64/python2.6/site-packages/gtk-2.0', '/usr/lib/python2.6/site-packages', '/usr/lib/python2.6/site-packages/setuptools-0.6c11-py2.6.egg-info']
Server time: Fri, 25 Feb 2011 09:10:01 -0800

Environment:

Request Method: POST
Request URL: http://127.0.0.1:8000/helios/elections/new
Django Version: 1.2.5
Python Version: 2.6.4
Installed Applications:
['django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.sites', 'djcelery', 'auth', 'helios', 'server_ui'] Installed Middleware:
('django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware')

Traceback:
File "/usr/lib/python2.6/site-packages/django/core/handlers/base.py" in get_response
100. response = callback(request, callback_args, **callback_kwargs) File "/home/helios/helios/helios-server/auth/security/init.py" in login_required_wrapper
75. return func(request, args, kw) File "/home/helios/helios/helios-server/helios/views.py" in election_new
142. election, created_p = Election.get_or_create(election_params) File "/home/helios/helios/helios-server/helios/models.py" in get_or_create
118. return cls.objects.get_or_create(short_name = kwargs['short_name'], defaults=kwargs) File "/usr/lib/python2.6/site-packages/django/db/models/manager.py" in get_or_create
135. return self.get_query_set().get_or_create(**kwargs) File "/usr/lib/python2.6/site-packages/django/db/models/query.py" in get_or_create
391. raise e

Exception Type: IntegrityError at /helios/elections/new
Exception Value: null value in column "short_name" violates not-null constraint

• Helios is overly complicated for the typical mass market user. For example, concepts like encryption and smart ballot tracker are not readily understood by the average user with minimal technical knowledge.
• Once the user starts to vote, the progress bar shows that there are three steps, but as the user progresses, Step 1 is displayed twice (Step 2 is skipped) and it goes straight to Step 3.
• I'm unsure as to why a third step is required, as it over-complicates and confuses the process for the user. I would recommend that at Step 2, the ballot is encrypted AND cast in one step (from the user's perspective). Especially seeing as the user sees the message which says, "Your ballot was successfully encrypted", I am not surprised that two of the users who tried to vote in our election (6%) thought that was the end of the process.
• At Step 3, users are asked to keep a record of their smart ballot tracker and given the option to print and/or email it. Would it be possible to automatically email the smart ballot tracker to users in the same email confirming that the vote was cast? The option to print it could still remain available.
• It is even more difficult to complete the process when trying to vote from a mobile device, as the site isn't mobile optimised
• As a further reason for keeping it simple, many of the people who tried to vote in our election are non-native English speakers. Even as a native English speaker, I found the process cumbersome, but I think non-native speakers are even more likely to be confused.

If a trustee is not also a voter in a private election (or happens to not be logged in as a voter), they will be unable to submit decryption results [getting a 302 when attempting to POST to https://www.foo.tld/voting/helios/elections/UUID/trustees/UUID/upload-decryption to a page that would ask them to authenticate to view the election]. Worse yet, this fails silently and appears to claim that uploading the partial decryption was successful rather than displaying an error; since the POST is done as an AJAX call, nobody sees the login page.

This makes Helios provably secure and defends against some particularly advanced attacks.

b64 encoding, probably.

Allow for multiple adminastrators able to add voters, issue questions, etc.

Eventually make them trustees by default?

need to fix the questions NaN thing.

I can't really understand how to start celery to do background jobs.
Looks like celery.py is missing and when I start celery with
celery worker --app helios-server -l info
it just says

ImportError: No module named celery

please can you explain how to start background processes?

Thanks