From a1cf9ddc647b8b2904c3980239188b7ec2858575 Mon Sep 17 00:00:00 2001
From: Ville Rantanen <q@moonq.org>
Date: Thu, 13 Dec 2018 22:02:08 +0200
Subject: [PATCH] is voter missing

---
 abot.py  |  4 ++++
 utils.py | 13 +++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/abot.py b/abot.py
index 03f717a..c1f07c8 100644
--- a/abot.py
+++ b/abot.py
@@ -65,6 +65,8 @@ def vote(key, token = None):
     if is_expired(form):
         return render_template('blank.html', message = "Voting has closed")
     if is_closed_vote(form):
+        if is_voter(key, token):
+            return render_template('blank.html', message = "Token invalid")
         if has_voted(key, token):
             return render_template('blank.html', message = "Token already used")
     valid_for = time_to_expiry(form)
@@ -86,6 +88,8 @@ def save_vote():
     if is_expired(form):
         return render_template('blank.html', message = "Voting has closed")
     if is_closed_vote(form):
+        if is_voter(key, token):
+            return render_template('blank.html', message = "Token invalid")
         if has_voted(key, token):
             return render_template('blank.html', message = "Token already used")
 
diff --git a/utils.py b/utils.py
index 432b6bd..9ebde5c 100644
--- a/utils.py
+++ b/utils.py
@@ -155,6 +155,19 @@ def is_show_results(form):
     return form['show_results']
 
 
+def is_voter(key, token):
+    if token == None:
+        return False
+    cur = g.db.cursor()
+    cur.execute(
+        "SELECT token FROM tokens WHERE token = ? AND question_set = ? AND role = 'voter'",
+        (
+            get_hash(token),
+            key
+        )
+    )
+    return len(cur.fetchall()) > 0
+
 def parse_form(key):
     form = {
         'expires': None,