diff --git a/gregui/api/views/invitation.py b/gregui/api/views/invitation.py
index 0c2b167a7a63422a2eb9207e7c9fb3eeb8067792..c6e893df7805af51457620859f777011bb5dfa0f 100644
--- a/gregui/api/views/invitation.py
+++ b/gregui/api/views/invitation.py
@@ -133,12 +133,17 @@ class InvitedGuestView(GenericAPIView):
person = role.person
sponsor = role.sponsor_id
+ fnr_verified = False
try:
- fnr = person.identities.get(type="norwegian_national_id_number").value
+ fnr = person.identities.get(type=Identity.IdentityType.NORWEGIAN_NATIONAL_ID_NUMBER)
+ # TODO Maybe other criteria should be specified here
+ if fnr.verified == Identity.Verified.AUTOMATIC:
+ fnr_verified = True
except Identity.DoesNotExist:
fnr = None
+
try:
- passport = person.identities.get(type="passport_number").value
+ passport = person.identities.get(type=Identity.IdentityType.PASSPORT_NUMBER).value
except Identity.DoesNotExist:
passport = None
@@ -148,7 +153,7 @@ class InvitedGuestView(GenericAPIView):
"last_name": person.last_name,
"email": person.private_email and person.private_email.value,
"mobile_phone": person.private_mobile and person.private_mobile.value,
- "fnr": fnr,
+ "fnr": fnr and fnr.value,
"passport": passport,
},
"sponsor": {
@@ -164,6 +169,9 @@ class InvitedGuestView(GenericAPIView):
"end": role.end_date,
"comments": role.comments,
},
+ "meta": {
+ "fnr_verified": fnr_verified
+ }
}
return JsonResponse(data=data, status=status.HTTP_200_OK)
@@ -189,7 +197,11 @@ class InvitedGuestView(GenericAPIView):
data = request.data
- if not self.only_allowed_fields_in_request(data):
+ if self._verified_fnr_already_exists(person) and "fnr" in data:
+ # The user should not be allowed to change a verified fnr
+ return Response(status=status.HTTP_400_BAD_REQUEST)
+
+ if not self._only_allowed_fields_in_request(data):
return Response(status=status.HTTP_400_BAD_REQUEST)
with transaction.atomic():
@@ -207,8 +219,18 @@ class InvitedGuestView(GenericAPIView):
# TODO: Send an email to the sponsor?
return Response(status=status.HTTP_200_OK)
- def only_allowed_fields_in_request(self, request_data) -> bool:
+ def _verified_fnr_already_exists(self, person) -> bool:
+ try:
+ person.identities.get(type=Identity.IdentityType.NORWEGIAN_NATIONAL_ID_NUMBER,
+ verified=Identity.Verified.AUTOMATIC)
+ return True
+ except Identity.DoesNotExist:
+ return False
+
+ def _only_allowed_fields_in_request(self, request_data) -> bool:
+ # Check how many of the allowed fields are filled in
number_of_fields_filled_in = sum(
map(lambda x: x in request_data.keys(), self.fields_allowed_to_update)
)
+ # Check that there are no other fields filled in
return number_of_fields_filled_in == len(request_data.keys())
diff --git a/gregui/authentication/auth_backends.py b/gregui/authentication/auth_backends.py
index 023092bf6a8368f66243efab385e4cb3331bd9e4..264ef3ef54cc1a434ecb0bdc6e087ee28b4d4255 100644
--- a/gregui/authentication/auth_backends.py
+++ b/gregui/authentication/auth_backends.py
@@ -8,6 +8,8 @@ from django.contrib.auth.backends import BaseBackend
from django.core.exceptions import SuspiciousOperation
from mozilla_django_oidc.auth import OIDCAuthenticationBackend
+from django.utils import timezone
+
from greg.models import Identity, Person, Sponsor
from gregui.models import GregUserProfile
@@ -237,18 +239,20 @@ class GregOIDCBackend(ValidatingOIDCBackend):
# Find or create person, and add identity
person = self._get_or_create_person(userinfo)
identity = Identity(
- type="feide_id", value=userinfo["userid_feide"], person=person
+ type=Identity.IdentityType.FEIDE_ID, value=userinfo["userid_feide"], person=person,
+ source=settings.FEIDE_SOURCE, verified=Identity.Verified.AUTOMATIC,
+ verified_at=timezone.now()
)
identity.save()
try:
- email_identity = Identity.objects.get(
+ Identity.objects.get(
type="private_email", value=userinfo["email"]
)
except Identity.DoesNotExist:
# Add email if missing
email_identity = Identity(
- type="private_email", value=userinfo["email"], person=person
+ type="private_email", value=userinfo["email"], person=person, source=settings.FEIDE_SOURCE,
)
email_identity.save()