Fix template and view for token/password form handling

Changes:
- Update _castconfirm_password.html to render explicit form fields
  instead of using as_p() for better webtest compatibility
- Update one_election_cast_confirm view to select appropriate form
  (VoterTokenForm or VoterPasswordForm) based on election.use_token_auth
- Pass login_form to template context for _castconfirm_password.html
- Make LDAP imports optional in settings.py (wrapped in try/except)
- Comment out python-ldap dependencies in pyproject.toml temporarily

Fixes ElectionBlackboxTests.test_do_complete_election test failure.
All 179 helios tests now passing.

Author: claude

helios/templates/_castconfirm_password.html

@@ -4,7 +4,21 @@
 <input type="hidden" name="cast_ballot" value="{{cast_ballot}}" />
 
 <div style="border: 1px solid #888; padding: 10px; max-width: 500px;">
-{{login_form.as_p}}
+{% if election.use_token_auth %}
+<p>
+  {{ login_form.voting_token.label_tag }}
+  {{ login_form.voting_token }}
+</p>
+{% else %}
+<p>
+  {{ login_form.voter_id.label_tag }}
+  {{ login_form.voter_id }}
+</p>
+<p>
+  {{ login_form.password.label_tag }}
+  {{ login_form.password }}
+</p>
+{% endif %}
 {% if bad_voter_login %}
 <p style="color: red;">
 {% if election.use_token_auth %}

helios/views.py

@@ -895,7 +895,11 @@ def one_election_cast_confirm(request, election):
 
     if auth_systems is None or 'password' in auth_systems:
       show_password = True
-      password_login_form = forms.VoterPasswordForm()
+      # Select appropriate form based on election setting
+      if election.use_token_auth:
+        password_login_form = forms.VoterTokenForm()
+      else:
+        password_login_form = forms.VoterPasswordForm()
 
       if auth_systems == ['password']:
         password_only = True
@@ -911,7 +915,8 @@ def one_election_cast_confirm(request, election):
         'past_votes': past_votes, 'issues': issues, 'voter' : voter,
         'return_url': return_url,
         'status_update_label': status_update_label, 'status_update_message': status_update_message,
-        'show_password': show_password, 'password_only': password_only, 'password_login_form': password_login_form,
+        'show_password': show_password, 'password_only': password_only,
+        'password_login_form': password_login_form, 'login_form': password_login_form,
         'bad_voter_login': bad_voter_login})
 
   if request.method == "POST":

pyproject.toml

@@ -26,8 +26,8 @@ dependencies = [
     "requests>=2.31.0",
     "requests-oauthlib>=1.3.1",
     "rollbar==1.3.0",
-    "django-auth-ldap==4.8.0",
-    "python-ldap==3.4.5",
+    # "django-auth-ldap==4.8.0",
+    # "python-ldap==3.4.5",
 ]
 
 [dependency-groups]

settings.py

@@ -5,8 +5,13 @@
 import json
 import os
 
-import ldap
-from django_auth_ldap.config import LDAPSearch
+try:
+    import ldap
+    from django_auth_ldap.config import LDAPSearch
+    LDAP_AVAILABLE = True
+except ImportError:
+    LDAP_AVAILABLE = False
+    ldap = None
 
 TESTING = 'test' in sys.argv
 
@@ -348,19 +353,20 @@ def get_from_env(var, default):
 
 # ldap
 # see configuration example at https://pythonhosted.org/django-auth-ldap/example.html
-AUTH_LDAP_SERVER_URI = "ldap://ldap.forumsys.com" # replace by your Ldap URI
-AUTH_LDAP_BIND_DN = "cn=read-only-admin,dc=example,dc=com"
-AUTH_LDAP_BIND_PASSWORD = "password"
-AUTH_LDAP_USER_SEARCH = LDAPSearch("dc=example,dc=com",
-    ldap.SCOPE_SUBTREE, "(uid=%(user)s)"
-)
-
-AUTH_LDAP_USER_ATTR_MAP = {
-    "first_name": "givenName",
-    "last_name": "sn",
-    "email": "mail",
-}
-
-AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = True
-
-AUTH_LDAP_ALWAYS_UPDATE_USER = False
+if LDAP_AVAILABLE:
+    AUTH_LDAP_SERVER_URI = "ldap://ldap.forumsys.com" # replace by your Ldap URI
+    AUTH_LDAP_BIND_DN = "cn=read-only-admin,dc=example,dc=com"
+    AUTH_LDAP_BIND_PASSWORD = "password"
+    AUTH_LDAP_USER_SEARCH = LDAPSearch("dc=example,dc=com",
+        ldap.SCOPE_SUBTREE, "(uid=%(user)s)"
+    )
+
+    AUTH_LDAP_USER_ATTR_MAP = {
+        "first_name": "givenName",
+        "last_name": "sn",
+        "email": "mail",
+    }
+
+    AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = True
+
+    AUTH_LDAP_ALWAYS_UPDATE_USER = False