pirati-cz · stanley89 · Feb 19, 2019 · Feb 19, 2019 · Feb 19, 2019 · Feb 19, 2019
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,61 @@
+name: CI
+
+on:
+  push:
+    branches: [main, master]
+  pull_request:
+    branches: [main, master]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ['3.13']
+        postgres-version: ['16']
+
+    services:
+      postgres:
+        image: postgres:${{ matrix.postgres-version }}
+        env:
+          POSTGRES_USER: postgres
+          POSTGRES_PASSWORD: postgres
+          POSTGRES_DB: helios
+          POSTGRES_HOST_AUTH_METHOD: trust
+        ports:
+          - 5432:5432
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+
+    env:
+      PGHOST: localhost
+      PGUSER: postgres
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v5
+
+      - name: Install system dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libldap2-dev libsasl2-dev
+
+      - name: Install Python dependencies
+        run: |
+          uv sync
+          uv pip freeze
+
+      - name: Run tests
+        run: uv run python -Wall manage.py test -v 2 --settings=settings_ci
diff --git a/.gitignore b/.gitignore
@@ -3,7 +3,9 @@ deploy-latest.sh
 .DS_Store
 *~
 media/*
-venv
+.venv
+venv*
 celerybeat-*
 env.sh
-.cache
+.cache
+.idea/
diff --git a/.python-version b/.python-version
@@ -0,0 +1 @@
+3.13
diff --git a/.travis.yml b/.travis.yml
diff --git a/CLAUDE.md b/CLAUDE.md
@@ -0,0 +1,158 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code when working with the Helios Election System codebase.
+
+## Project Overview
+
+Helios is an end-to-end verifiable voting system that provides secure, transparent online elections with cryptographic verification. It supports multiple authentication systems (Google, Facebook, GitHub, LDAP, CAS, password, etc.) and uses homomorphic encryption for privacy-preserving vote tallying.
+
+## Critical Instructions for Claude when preparing a PR
+
+- always run the tests. Install everything and run the tests. Every time.
+
+## Technology Stack
+
+- **Python**: 3.13
+- **Framework**: Django 5.2
+- **Database**: PostgreSQL 9.5+
+- **Task Queue**: Celery with RabbitMQ
+- **Crypto**: pycryptodome
+- **Package Manager**: uv
+
+## Common Commands
+
+```bash
+# Install dependencies
+uv sync
+
+# Run development server
+uv run python manage.py runserver
+
+# Run all tests
+uv run python manage.py test -v 2
+
+# Run tests for a specific app
+uv run python manage.py test helios -v 2
+uv run python manage.py test helios_auth -v 2
+
+# Run a specific test class
+uv run python manage.py test helios.tests.ElectionModelTests -v 2
+
+# Database migrations
+uv run python manage.py makemigrations
+uv run python manage.py migrate
+
+# Reset database (drops and recreates)
+./reset.sh
+
+# Start Celery worker (for background tasks)
+uv run celery --app helios worker --events --beat --concurrency 1
+```
+
+## Project Structure
+
+- `helios/` - Core election system (models, views, crypto, forms)
+- `helios_auth/` - Authentication system with multiple backends
+- `server_ui/` - Admin web interface
+- `heliosbooth/` - JavaScript voting booth interface
+- `heliosverifier/` - JavaScript ballot verification interface
+
+## Code Style Conventions
+
+### Naming
+
+- **Boolean fields**: Use `_p` suffix (e.g., `private_p`, `frozen_p`, `admin_p`, `featured_p`)
+- **Datetime fields**: Use `_at` suffix (e.g., `created_at`, `frozen_at`, `voting_ends_at`)
+- **Functions/methods**: snake_case
+- **Classes**: PascalCase
+
+### Indentation
+
+- Use 2-space indentation throughout Python files
+
+### Imports
+
+```python
+# Standard library
+import copy, csv, datetime, uuid
+
+# Third-party
+from django.db import models, transaction
+import bleach
+
+# Local
+from helios import datatypes, utils
+from helios_auth.jsonfield import JSONField
+```
+
+## Key Patterns
+
+### View Decorators
+
+Use existing security decorators for views:
+
+```python
+from helios.security import election_view, election_admin, trustee_check
+
+@election_view(frozen=True)
+def my_view(request, election):
+    pass
+
+@election_admin()
+def admin_view(request, election):
+    pass
+```
+
+### Model Base Class
+
+All domain models inherit from `HeliosModel`:
+
+```python
+class MyModel(HeliosModel):
+    class Meta:
+        app_label = 'helios'
+```
+
+### JSON Responses
+
+```python
+from helios.views import render_json
+return render_json({'key': 'value'})
+```
+
+### Template Rendering
+
+```python
+from helios.views import render_template
+return render_template(request, 'template_name', {'context': 'vars'})
+```
+
+### Database Queries
+
+- Use `@transaction.atomic` for operations that need atomicity
+- Prefer `select_related()` for foreign key joins
+- Use `get_or_create()` pattern for safe creation
+
+## Security Considerations
+
+- Always use `check_csrf(request)` for POST handlers
+- Use `bleach.clean()` for user-provided HTML (see `description_bleached` pattern)
+- Never store plaintext passwords; use the auth system's hashing
+- Check permissions with `user_can_admin_election()` and similar helpers
+
+## Configuration
+
+Settings use environment variables with defaults:
+
+```python
+from settings import get_from_env
+MY_SETTING = get_from_env('MY_SETTING', 'default_value')
+```
+
+Key environment variables: `DEBUG`, `SECRET_KEY`, `DATABASE_URL`, `CELERY_BROKER_URL`, `AUTH_ENABLED_AUTH_SYSTEMS`
+
+## Testing
+
+- Tests use Django's TestCase with django-webtest
+- Fixtures are in `helios/fixtures/`
+- Test classes: `ElectionModelTests`, `VoterModelTests`, `ElectionBlackboxTests`, etc.
diff --git a/CONTRIBUTORS.txt b/CONTRIBUTORS.txt
@@ -7,3 +7,6 @@ Significant contributors:
 - Olivier de Marneffe
 - Emily Stark, Mike Hamburg, Tom Wu, and Dan Boneh for SJCL and integration of javascript crypto.
 - Nicholas Chang-Fong and Aleksander Essex for security reports and fixes.
+- Shirley Chaves
+- Marco Ciotola
+- Lucas Araujo
diff --git a/INSTALL.md b/INSTALL.md
@@ -1,50 +1,69 @@
-* install PostgreSQL 8.3+
+# Helios Server Installation
 
-* make sure you have virtualenv installed:
-http://www.virtualenv.org/en/latest/
+## Prerequisites
 
-* download helios-server
+* Install PostgreSQL 12+
 
-* cd into the helios-server directory
+* Install RabbitMQ
+  This is needed for Celery to work, which does background processing such as
+  the processing of uploaded list-of-voter CSV files.
 
-* create a virtualenv:
+* Download helios-server
+
+* `cd` into the helios-server directory
+
+## Python Setup
+
+* Install Python 3.13 including dev packages
 
 ```
-virtualenv venv
+sudo apt install python3 python3-dev
 ```
 
-* activate virtual environment
+* Install uv (modern Python package manager)
 
 ```
-source venv/bin/activate
-````
+curl -LsSf https://astral.sh/uv/install.sh | sh
+```
 
-* install requirements
+* You'll also need Postgres dev libraries. For example on Ubuntu:
 
 ```
-pip install -r requirements.txt
+sudo apt install libpq-dev
 ```
 
-* reset database
+* Install dependencies (uv creates a virtual environment automatically)
+
+```
+uv sync
+```
+
+## Database Setup
+
+* Reset database
 
 ```
 ./reset.sh
 ```
 
-* start server
+## Running the Server
+
+* Start server
 
 ```
-python manage.py runserver
+uv run python manage.py runserver
 ```
 
-* to get Google Auth working:
+## Google Auth Configuration
+
+To get Google Auth working:
 
-** go to https://console.developers.google.com
+* Go to https://console.developers.google.com
 
-** create an application
+* Create an application
 
-** set up oauth2 credentials as a web application, with your origin, e.g. https://myhelios.example.com, and your auth callback, which, based on our example, is https://myhelios.example.com/auth/after/
+* Set up OAuth2 credentials as a web application, with your origin, e.g. `https://myhelios.example.com`, and your auth callback, which based on our example is `https://myhelios.example.com/auth/after/`
 
-** still in the developer console, enable the Google+ API.
+* In the developer console, enable the Google People API
 
-** set the GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET configuration variables accordingly.
+* Set the `GOOGLE_CLIENT_ID` and `GOOGLE_CLIENT_SECRET` configuration variables accordingly
diff --git a/Procfile b/Procfile
@@ -1,2 +1,2 @@
 web: gunicorn wsgi:application -b 0.0.0.0:$PORT -w 8
-worker: python manage.py celeryd -E -B --beat --concurrency=1
+worker: celery --app helios worker --events --beat --concurrency 1
diff --git a/README.md b/README.md
@@ -2,6 +2,6 @@
 
 Helios is an end-to-end verifiable voting system.
 
-![Travis Build Status](https://travis-ci.org/benadida/helios-server.svg?branch=master)
+[![Travis Build Status](https://travis-ci.org/benadida/helios-server.svg?branch=master)](https://travis-ci.org/benadida/helios-server)
 
 [![Stories in Ready](https://badge.waffle.io/benadida/helios-server.png?label=ready&title=Ready)](https://waffle.io/benadida/helios-server)
-Original file line number
+Diff line change
@@ Expand Up / @@ -3,7 +3,9 @@ deploy-latest.sh @@
     .DS_Store
     *~
     media/*
-    venv
+    .venv
+    venv*
     celerybeat-*
     env.sh
-    .cache
+    .cache
+    .idea/