Queries iga for an external id matching ours. If a match is found, the
name of the owner is returend. Otherwise we return null. Uses the new
iga module to fetch the data.

Andreas Ellewsen authored 3 years ago and Jonas Braathen committed 3 years ago

If a sponsor verifies a nin that is already in use by an account in
cerebrum, the guest will gain access to that account, which in turn
allows the guest to change the password of that account. This makes it
possible to abuse the guest service to steal the account of users.

A feature that checks for this problem, and helps the sponsor make a
decision on it, will be introduced in the near future. At that point
nin verification can be enabled again.

Resolves: GREG-202

Link login was replaced by our own implementation some time ago, making
sesame pointless.

Introduces the CEREBRUM_MANUAL_SPONSOR_UNITS settings variable which
contains a list of stedkode for units where sponsors are handled
manually.

Resolves: GREG-163

To reduce the amount of code and complexity of the service we move away
from a management command triggered by a cronjob, to a task handled by
django-q. Everything works the same way as before, but the management
command now schedules the task instead of doing it. Introduces the
ORGREG_SCHEDULE_TYPE settings variable controlling the scheduled when
scheduling the import using the management command.

The setup has five parts:
- a new email template type
- a new django-q task for notifying
- a management command for scheduling the task periodically
- a new settings variable NOTIFIER_LIMIT for controlling the number of
  days into the future the notifier script should use for end date of
  roles.
- a new settings variable NOTIFIER_SCHEDULE_TYPE for controlling how
  often the notifier task should be scheduled when using the management
  command.

Resolves: GREG-162

Done to make djangoq settings accessible in production.
The sync setting is changed to the default False value since the run
order of the tasks is not relevant for our use case.
Mail sending functions have gotten a sync argument to force the tasks to
complete before checking their consequences in tests.

- Set the default to IsAdminUser
- Set it explicitly on all the views
- Add tests

We do not use the token after initial login, no need to refresh.

Set cookie SameSite policy to Lax and skip the HttpOnly flag to allow the cookies to be used by the frontend

To prevent hammering on the invite endpoint we throttle requests to the
endpoint to 100/day per ip.

Resolves: GREG-84

To facilitate multiple identifiers of OUs we introduce the OuIdentifier
model and removed the orgreg_id field from OrganizationalUnit.

All current orgreg_ids are recreated as OuIdentifiers with name
'orgreg_id' and source 'orgreg'. Both values are configurable in the
base settings file in the gregsite app. Note that changing this value
after migration will require manual work changing all OuIdentifiers
already created before the next run of the orgreg_import management
command since that assumes all current orgreg identifiers uses these
values.

All endpoints that previously exposed the orgreg_id field now exposes an
identifiers field with a list of OuIdentifiers connected to that model
with fields id, name, source, and value.

Resolves: GREG-88

- Rename management command start_notification_publisher to notification_publisher
- Rename management command start_schedule_tasks to task_scheduler
- Stop using python-daemon and lockfiles, as these will run as standalone containers anyway
- Remove management commands stop_notification_publisher and stop_schedule_tasks
- Remove python-daemon dependency

- Expanded output from guest info api endpoint
- Share guest info between both routes under /sponsor of the frontend.
- More localised text options added for use on the sponsor pages
- Details button on the sponsor overview page now points to the guest
  info page for each person.

Resolves: GREG-74

Enable testing for gregui

Issue: GREG-66

Issue: GREG-66

- Introduces the Invitation and InvitationLink models for keeping track
  of guest invitations and the links connected to them.
- Adds a post endpoint accessible by sponsors to create invitations for
  guests.
- Adds a get endpoint for the guests to review their invitation
  information.
- Adds a post endpoint for the guests to confirm their invitation with
  updated mobile_phone number if they want.
- Removes token field from Person since it is not used.

Make all URLs relative. Move /oidc and /admin endpoints up from /api and proxy them during development.