+ Once that is running, go to [localhost:5005](http://localhost:5005/) in your

+ ### Register the application using openid-connect

+ 

+ Run:

+ 

+ ```

+ oidc-register https://iddev.fedorainfracloud.org/ http://localhost:5005/oidc_callback

+ ```

+ 

+ Copy the corresponding ``client_secrets.json`` in the sources:

+ 

+ ```

+ cp client_secrets.json fedora_elections/client_secrets.json

+ ```

+ 

+ ### Create a local configuration file

+ 

+ Run:

+ 

+ ```

+ cat > config <<EOL

+ OIDC_ID_TOKEN_COOKIE_SECURE = False

+ OIDC_REQUIRE_VERIFIED_EMAIL = False

+ EOL

+ ```

+ 

+ 

+ http://127.0.0.1:5005.

+ ./runserver.py -c config

+ Place the configuration file in `/etc/fedora-elections/fedora-elections.cfg`

+ and adjust it as you wish.

+ import munch  # noqa

+ from flask_oidc import OpenIDConnect  # noqa

+ OIDC = OpenIDConnect(APP, credentials_store=flask.session)

+ def is_admin(user, user_groups=None):

+     if not user_groups:

+         user_groups = []

+ 

+     if not user.cla_done:

+         return False

+ 

+     user_groups = []

+     if is_authenticated() and OIDC.user_loggedin:

+         user_groups = OIDC.user_getfield('groups')

+ 

+     if len(user_groups) < 1:

+     return len(set(user_groups).intersection(admins)) > 0

+     if is_authenticated() and OIDC.user_loggedin:

+ def set_session():  # pragma: no-cover

+     if OIDC.user_loggedin:

+         if not hasattr(flask.session, 'fas_user') or not flask.session.fas_user:

+             flask.session.fas_user = munch.Munch({

+                 'username': OIDC.user_getfield('nickname'),

+                 'email': OIDC.user_getfield('email') or '',

+                 'timezone': OIDC.user_getfield('zoneinfo'),

+                 'cla_done': \

+                     'http://admin.fedoraproject.org/accounts/cla/done' \

+                     in (OIDC.user_getfield('cla') or []),

+             })

+         flask.g.fas_user = flask.session.fas_user

+     else:

+         flask.session.fas_user = None

+         flask.g.fas_user = None

+ 

+ @OIDC.require_login

+         return flask.redirect(next_url)

+         OIDC.logout()

+         flask.session.fas_user = None

+ import os

+ 

+ 

+ OIDC_CLIENT_SECRETS = os.path.join(os.path.dirname(

+     os.path.abspath(__file__)), 'client_secrets.json')

+ OIDC_SCOPES = ['openid', 'email', 'profile', 'fedora']

+ OIDC_OPENID_REALM = 'http://localhost:5005/oidc_callback'

+     OIDC, APP, SESSION, is_authenticated, is_admin, is_election_admin,

+         else:

+             user_groups = OIDC.user_getfield('groups')

+             if len(user_groups) == 0:

+                 flask.flash(

+                     'You need to be in one another group than CLA to vote',

+                     'error')

+                 return safe_redirect_back()

+         user_groups = OIDC.user_getfield('groups')

+         if len(set(user_groups).intersection(

+ flask-oidc

+     '--port', '-p', default=5005,

+ FEDORA_ELECTIONS_CONFIG=`pwd`/tests/config \

+ def user_set(APP, user, oidc_id_token=None):

+         g.oidc_id_token = oidc_id_token

+ {

+ 	"web": {

+ 		"redirect_uris": ["http://localhost:5005/oidc_callback"],

+ 		"token_uri": "https://iddev.fedorainfracloud.org/openidc/Token",

+ 		"auth_uri": "https://iddev.fedorainfracloud.org/openidc/Authorization",

+ 		"client_id": "client_id",

+ 		"client_secret": "client_secret",

+ 		"userinfo_uri": "https://iddev.fedorainfracloud.org/openidc/UserInfo",

+ 		"token_introspection_uri": "https://iddev.fedorainfracloud.org/openidc/TokenInfo",

+ 		"issuer": "https://iddev.fedorainfracloud.org/openidc/"

+ 	}

+ }

+ import os

+ 

+ OIDC_CLIENT_SECRETS = os.path.join(os.path.dirname(

+     os.path.abspath(__file__)), 'client_secrets.json')

+ from mock import patch, MagicMock

+             flask.g.oidc_id_token = 'foobar'

+ 

+             with patch(

+                     'fedora_elections.OIDC.user_getfield',

+                     MagicMock(return_value=['foobar'])):

+                 flask.g.fas_user = FakeUser()

+                 self.assertFalse(fedora_elections.is_admin(flask.g.fas_user))

+             with patch(

+                     'fedora_elections.OIDC.user_getfield',

+                     MagicMock(return_value=['elections'])):

+                 flask.g.fas_user = FakeUser(

+                     fedora_elections.APP.config['FEDORA_ELECTIONS_ADMIN_GROUP'])

+                 self.assertTrue(

+                     fedora_elections.is_admin(flask.g.fas_user, ['elections']))

+             with patch(

+                     'fedora_elections.OIDC.user_getfield',

+                     MagicMock(return_value=['sysadmin-main'])):

+ 

+                 fedora_elections.APP.config['FEDORA_ELECTIONS_ADMIN_GROUP'] = [

+                     'sysadmin-main', 'sysadmin-elections']

+                 flask.g.fas_user = FakeUser(['sysadmin-main'])

+                 self.assertTrue(

+                     fedora_elections.is_admin(flask.g.fas_user, ['sysadmin-main']))

+ 

+             flask.g.oidc_id_token = 'foobar'

+ 

+             with patch(

+                     'fedora_elections.OIDC.user_getfield',

+                     MagicMock(return_value=['elections'])):

+                 flask.g.fas_user = FakeUser(

+                     fedora_elections.APP.config['FEDORA_ELECTIONS_ADMIN_GROUP'])

+                 self.assertTrue(fedora_elections.is_election_admin(

+                     flask.g.fas_user, 1))

+             flask.g.oidc_id_token = 'foobar'

+             # This is user is not an admin for election #1

+             with patch(

+                     'fedora_elections.OIDC.user_getfield',

+                     MagicMock(return_value=['foobar'])):

+                 self.assertFalse(

+                     fedora_elections.is_election_admin(

+                         flask.g.fas_user, 1)

+                 )

+ 

+                 # This is user is an admin for election #2

+                 self.assertTrue(

+                     fedora_elections.is_election_admin(

+                         flask.g.fas_user, 2)

+                 )

+             self.assertEqual(output.status_code, 302)

+             self.assertIn(

+                 'https://iddev.fedorainfracloud.org/openidc/Authorization?',

+                 output.data)

+             self.assertEqual(output.status_code, 302)

+             self.assertIn(

+                 'https://iddev.fedorainfracloud.org/openidc/Authorization?',

+                 output.data)

+ 

+         # self.setup_db()

+         # user = FakeUser([], username='pingou')

+         # with user_set(fedora_elections.APP, user):

+             # output = self.app.get('/login', follow_redirects=True)

+             # self.assertEqual(output.status_code, 200)

+             # self.assertTrue('<title>Fedora elections</title>' in output.data)

+ from mock import patch, MagicMock

+         with user_set(fedora_elections.APP, user, oidc_id_token='foobar'):

+             with patch(

+                     'fedora_elections.OIDC.user_getfield',

+                     MagicMock(return_value=['elections'])):

+                 output = self.app.get('/admin/election_test/')

+                 self.assertEqual(output.status_code, 404)

+ 

+         self.setup_db()

+ 

+         with user_set(fedora_elections.APP, user, oidc_id_token='foobar'):

+             with patch(

+                     'fedora_elections.OIDC.user_getfield',

+                     MagicMock(return_value=['elections'])):

+                 output = self.app.get('/admin/test_election/')

+                 self.assertEqual(output.status_code, 200)

+                 self.assertTrue('Candidates <span class="label label-pill label-default">3</span>' in output.data)

+ 

+     def test_admin_no_cla(self):

+         """ Test the admin_new_election function. """

+         user = FakeUser(

+             fedora_elections.APP.config['FEDORA_ELECTIONS_ADMIN_GROUP'],

+             username='toshio')

+ 

+         user.cla_done = False

+         with user_set(fedora_elections.APP, user, oidc_id_token='foobar'):

+             with patch(

+                     'fedora_elections.OIDC.user_getfield',

+                     MagicMock(return_value=['elections'])):

+                 output = self.app.get('/admin/new')

+                 self.assertEqual(output.status_code, 403)

+ 

+         with user_set(fedora_elections.APP, user, oidc_id_token='foobar'):

+             with patch(

+                     'fedora_elections.OIDC.user_getfield',

+                     MagicMock(return_value=['elections'])):

+                 output = self.app.get('/admin/new')

+                 self.assertEqual(output.status_code, 200)

+                 self.assertTrue(

+                     '<h2>Create new election</h2>' in output.data)

+                 if self.get_wtforms_version() >= (2, 2):

+                     self.assertIn(

+                         'input class="form-control" id="shortdesc" '

+                         'name="shortdesc" required type="text" ', output.data)

+                 else:

+                     self.assertIn(

+                         'input class="form-control" id="shortdesc" '

+                         'name="shortdesc" type="text" ', output.data)

+ 

+                 # No csrf provided

+                 data = {

+                     'alias': 'new_election',

+                     'shortdesc': 'new election shortdesc',

+                     'description': 'new election description',

+                     'voting_type': 'simple',

+                     'url': 'https://fedoraproject.org',

+                     'start_date': TODAY + timedelta(days=2),

+                     'end_date': TODAY + timedelta(days=4),

+                     'seats_elected': '2',

+                     'candidates_are_fasusers': False,

+                     'embargoed': True,

+                 }

+ 

+                 output = self.app.post('/admin/new', data=data)

+                 self.assertEqual(output.status_code, 200)

+                 self.assertTrue(

+                     '<h2>Create new election</h2>' in output.data)

+                 if self.get_wtforms_version() >= (2, 2):

+                     self.assertIn(

+                         'input class="form-control" id="shortdesc" '

+                         'name="shortdesc" required type="text" ', output.data)

+                 else:

+                     self.assertIn(

+                         'input class="form-control" id="shortdesc" '

+                         'name="shortdesc" type="text" ', output.data)

+ 

+                 csrf_token = self.get_csrf(output=output)

+ 

+                 # Description missing

+                 data = {

+                     'alias': 'new_election',

+                     'shortdesc': 'new election shortdesc',

+                     'voting_type': 'simple',

+                     'url': 'https://fedoraproject.org',

+                     'start_date': TODAY + timedelta(days=2),

+                     'end_date': TODAY + timedelta(days=4),

+                     'seats_elected': '2',

+                     'candidates_are_fasusers': False,

+                     'embargoed': True,

+                     'csrf_token': csrf_token,

+                 }

+ 

+                 output = self.app.post('/admin/new', data=data)

+                 self.assertEqual(output.status_code, 200)

+                 self.assertTrue(

+                     '<h2>Create new election</h2>' in output.data)

+                 if self.get_wtforms_version() >= (2, 2):

+                     self.assertIn(

+                         'input class="form-control" id="shortdesc" '

+                         'name="shortdesc" required type="text" ', output.data)

+                 else:

+                     self.assertIn(

+                         'input class="form-control" id="shortdesc" '

+                         'name="shortdesc" type="text" ', output.data)

+                 self.assertTrue(

+                     '<div class="form-control-feedback">This field is required.</div>'

+                     in output.data)

+ 

+                 # Invalid alias

+                 data = {

+                     'alias': 'new',

+                     'shortdesc': 'new election shortdesc',

+                     'description': 'new election description',

+                     'voting_type': 'simple',

+                     'url': 'https://fedoraproject.org',

+                     'start_date': TODAY + timedelta(days=2),

+                     'end_date': TODAY + timedelta(days=4),

+                     'seats_elected': 2,

+                     'candidates_are_fasusers': False,

+                     'embargoed': True,

+                     'csrf_token': csrf_token,

+                 }

+ 

+                 output = self.app.post('/admin/new', data=data)

+                 self.assertEqual(output.status_code, 200)

+                 self.assertTrue(

+                     '<h2>Create new election</h2>' in output.data)

+                 if self.get_wtforms_version() >= (2, 2):

+                     self.assertIn(

+                         'input class="form-control" id="shortdesc" '

+                         'name="shortdesc" required type="text" ', output.data)

+                 else:

+                     self.assertIn(

+                         'input class="form-control" id="shortdesc" '

+                         'name="shortdesc" type="text" ', output.data)

+                 self.assertTrue(

+                     '<div class="form-control-feedback">The alias cannot be <code>new</code>.</div>'

+                     in output.data)

+ 

+                 # Invalid: end_date earlier than start_date

+                 data = {

+                     'alias': 'new_election',

+                     'shortdesc': 'new election shortdesc',

+                     'description': 'new election description',

+                     'voting_type': 'simple',

+                     'url': 'https://fedoraproject.org',

+                     'start_date': TODAY + timedelta(days=6),

+                     'end_date': TODAY + timedelta(days=4),

+                     'seats_elected': 2,

+                     'candidates_are_fasusers': False,

+                     'embargoed': True,

+                     'csrf_token': csrf_token,

+                 }

+ 

+                 output = self.app.post('/admin/new', data=data)

+                 self.assertEqual(output.status_code, 200)

+                 self.assertTrue(

+                     '<h2>Create new election</h2>' in output.data)

+                 if self.get_wtforms_version() >= (2, 2):

+                     self.assertIn(

+                         'input class="form-control" id="shortdesc" '

+                         'name="shortdesc" required type="text" ', output.data)

+                 else:

+                     self.assertIn(

+                         'input class="form-control" id="shortdesc" '

+                         'name="shortdesc" type="text" ', output.data)

+                 self.assertTrue(

+                     'class="form-control-feedback">End date must be later than start date.</div>'

+                     in output.data)

+ 

+                 # Invalid: alias already taken

+                 data = {

+                     'alias': 'test_election',

+                     'shortdesc': 'new election shortdesc',

+                     'description': 'new election description',

+                     'voting_type': 'simple',

+                     'url': 'https://fedoraproject.org',

+                     'start_date': TODAY + timedelta(days=6),

+                     'end_date': TODAY + timedelta(days=4),

+                     'seats_elected': 2,

+                     'candidates_are_fasusers': False,

+                     'embargoed': True,

+                     'csrf_token': csrf_token,

+                 }

+ 

+                 output = self.app.post('/admin/new', data=data)

+                 self.assertEqual(output.status_code, 200)

+                 self.assertTrue(

+                     '<h2>Create new election</h2>' in output.data)

+                 if self.get_wtforms_version() >= (2, 2):

+                     self.assertIn(

+                         'input class="form-control" id="shortdesc" '

+                         'name="shortdesc" required type="text" ', output.data)

+                 else:

+                     self.assertIn(

+                         'input class="form-control" id="shortdesc" '

+                         'name="shortdesc" type="text" ', output.data)

+                 self.assertTrue(

+                     '<div class="form-control-feedback">There is already another election with '

+                     'this alias.</div>' in output.data)

+ 

+                 # Invalid: shortdesc already taken

+                 data = {

+                     'alias': 'new_election',

+                     'shortdesc': 'test election shortdesc',

+                     'description': 'new election description',

+                     'voting_type': 'simple',

+                     'url': 'https://fedoraproject.org',

+                     'start_date': TODAY + timedelta(days=6),

+                     'end_date': TODAY + timedelta(days=4),

+                     'seats_elected': 2,

+                     'candidates_are_fasusers': False,

+                     'embargoed': True,

+                     'csrf_token': csrf_token,

+                 }

+ 

+                 output = self.app.post('/admin/new', data=data)

+                 self.assertEqual(output.status_code, 200)

+                 self.assertTrue(

+                     '<h2>Create new election</h2>' in output.data)

+                 if self.get_wtforms_version() >= (2, 2):

+                     self.assertIn(

+                         'input class="form-control" id="shortdesc" '

+                         'name="shortdesc" required type="text" ', output.data)

+                 else:

+                     self.assertIn(

+                         'input class="form-control" id="shortdesc" '

+                         'name="shortdesc" type="text" ', output.data)

+                 self.assertTrue(

+                     '<div class="form-control-feedback">There is already another election with '

+                     'this summary.</div>' in output.data)