If someone that already exists in greg follows an invite, we are kind
enough to give the new role to the existing person. This introduced a
security risk if the invitation was actually meant for someone else.

Because of this situation, we introduce a security mechanism where we
disable the invitationlink if the name of the existing person is too
different from the name used in the invitation.

Resolves: GREG-166

Andreas Ellewsen authored 3 years ago and Jonas Braathen committed 3 years ago

If a sponsor verifies a nin that is already in use by an account in
cerebrum, the guest will gain access to that account, which in turn
allows the guest to change the password of that account. This makes it
possible to abuse the guest service to steal the account of users.

A feature that checks for this problem, and helps the sponsor make a
decision on it, will be introduced in the near future. At that point
nin verification can be enabled again.

Resolves: GREG-202

Changed from "IDporten user" top "ID-porten user"..
Assume the login is using ID-porten when only a nin is present.
The claims in a normal feide login will never contain nin.

This ensures that identity values created from values written in the
frontend by guests are given a source value signifying so.

Resolves: GREG-186

If the user logs in through the frontpage we now check if they have
completed the registration process. If they have completed it halfway
before, we find their info through the GregUserProfile of the user and
redirect to the register page. If we dont find any profile connected to
the user they are treated as anonymous users as before.

Resolves: GREG-164

Resolves: GREG-173

Issue: greg-105

The setup has five parts:
- a new email template type
- a new django-q task for notifying
- a management command for scheduling the task periodically
- a new settings variable NOTIFIER_LIMIT for controlling the number of
  days into the future the notifier script should use for end date of
  roles.
- a new settings variable NOTIFIER_SCHEDULE_TYPE for controlling how
  often the notifier task should be scheduled when using the management
  command.

Resolves: GREG-162

Issue: GREG-105

Issue: greg-112

It has been decided that a sponsor at a unit should have access to all
roles at that unit. This includes all units accessible through
hierarchical access.

Resolves: GREG-150

Dates can now be changed after they have started and ended. This means
that there is no situation which needs disabling the input fields, and
disabling has been removed.

Start and end date can now be in the past. The following rules apply:
 - Start dates can be any date in the past, and no more into the future
   than the max days property of the role type.
 - End dates follow the same rules
 - End dates must be equal to or later than start date.

Notification publishing has been reviewed to ensure duplicate
notifications are not created when start or end date is today.

Resolve: GREG-148