GREG-85: Adding some more data when Greg user profile is created. Doing some...

GREG-85: Adding some more data when Greg user profile is created. Doing some checks on fnr in invitation endpoint

GREG-85: Adding some more data when Greg user profile is created. Doing some...
GREG-85: Adding some more data when Greg user profile is created. Doing some checks on fnr in invitation endpoint
c4b7e1ea · Tore.Brede · b4c99f6a · c4b7e1ea · c4b7e1ea
Commit c4b7e1ea authored 3 years ago by Tore.Brede
--- a/gregui/api/views/invitation.py
+++ b/gregui/api/views/invitation.py
@@ -133,12 +133,17 @@ class InvitedGuestView(GenericAPIView):
        person = role.person
        sponsor = role.sponsor_id

+        fnr_verified = False
        try:
-            fnr = person.identities.get(type="norwegian_national_id_number").value
+            fnr = person.identities.get(type=Identity.IdentityType.NORWEGIAN_NATIONAL_ID_NUMBER)
+            # TODO Maybe other criteria should be specified here
+            if fnr.verified == Identity.Verified.AUTOMATIC:
+                fnr_verified = True
        except Identity.DoesNotExist:
            fnr = None
+
        try:
-            passport = person.identities.get(type="passport_number").value
+            passport = person.identities.get(type=Identity.IdentityType.PASSPORT_NUMBER).value
        except Identity.DoesNotExist:
            passport = None

@@ -148,7 +153,7 @@ class InvitedGuestView(GenericAPIView):
                "last_name": person.last_name,
                "email": person.private_email and person.private_email.value,
                "mobile_phone": person.private_mobile and person.private_mobile.value,
-                "fnr": fnr,
+                "fnr": fnr and fnr.value,
                "passport": passport,
            },
            "sponsor": {
@@ -164,6 +169,9 @@ class InvitedGuestView(GenericAPIView):
                "end": role.end_date,
                "comments": role.comments,
            },
+            "meta": {
+                "fnr_verified": fnr_verified
+            }
        }
        return JsonResponse(data=data, status=status.HTTP_200_OK)

@@ -189,7 +197,11 @@ class InvitedGuestView(GenericAPIView):

        data = request.data

-        if not self.only_allowed_fields_in_request(data):
+        if self._verified_fnr_already_exists(person) and "fnr" in data:
+            # The user should not be allowed to change a verified fnr
+            return Response(status=status.HTTP_400_BAD_REQUEST)
+
+        if not self._only_allowed_fields_in_request(data):
            return Response(status=status.HTTP_400_BAD_REQUEST)

        with transaction.atomic():
@@ -207,8 +219,18 @@ class InvitedGuestView(GenericAPIView):
            # TODO: Send an email to the sponsor?
        return Response(status=status.HTTP_200_OK)

-    def only_allowed_fields_in_request(self, request_data) -> bool:
+    def _verified_fnr_already_exists(self, person) -> bool:
+        try:
+            person.identities.get(type=Identity.IdentityType.NORWEGIAN_NATIONAL_ID_NUMBER,
+                                  verified=Identity.Verified.AUTOMATIC)
+            return True
+        except Identity.DoesNotExist:
+            return False
+
+    def _only_allowed_fields_in_request(self, request_data) -> bool:
+        # Check how many of the allowed fields are filled in
        number_of_fields_filled_in = sum(
            map(lambda x: x in request_data.keys(), self.fields_allowed_to_update)
        )
+        # Check that there are no other fields filled in
        return number_of_fields_filled_in == len(request_data.keys())
--- a/gregui/authentication/auth_backends.py
+++ b/gregui/authentication/auth_backends.py
@@ -8,6 +8,8 @@ from django.contrib.auth.backends import BaseBackend
 from django.core.exceptions import SuspiciousOperation
 from mozilla_django_oidc.auth import OIDCAuthenticationBackend

+from django.utils import timezone
+
 from greg.models import Identity, Person, Sponsor
 from gregui.models import GregUserProfile

@@ -237,18 +239,20 @@ class GregOIDCBackend(ValidatingOIDCBackend):
                # Find or create person, and add identity
                person = self._get_or_create_person(userinfo)
                identity = Identity(
-                    type="feide_id", value=userinfo["userid_feide"], person=person
+                    type=Identity.IdentityType.FEIDE_ID, value=userinfo["userid_feide"], person=person,
+                    source=settings.FEIDE_SOURCE, verified=Identity.Verified.AUTOMATIC,
+                    verified_at=timezone.now()
                )
                identity.save()

            try:
-                email_identity = Identity.objects.get(
+                Identity.objects.get(
                    type="private_email", value=userinfo["email"]
                )
            except Identity.DoesNotExist:
                # Add email if missing
                email_identity = Identity(
-                    type="private_email", value=userinfo["email"], person=person
+                    type="private_email", value=userinfo["email"], person=person, source=settings.FEIDE_SOURCE,
                )
                email_identity.save()