- User prefetch_related to load data ahead of time
- Adds a new simple serializer, that does not use properties that
  triggers new queries

Marte Fossum authored 2 years ago and Andreas Ellewsen committed 2 years ago

The old version of the client did not fetch short name correctly from
the api response. This new one does, but shortname is now called
short_name, forcing some small adjustments of the tests and their
settings.

Add comments field for roles
Removed contact_person_unit from read_only_fields for roles

Calling norwegian fnr "National ID number" makes people input their id
numbers from their home country in addition to their passport numbers.

This text change hopefully makes it clearer for our non-norwegian
friends.

Refactered the mail sending

We no longer email sponsors(hosts) if they don't need to verify any of
the information provided by their guest.

Add a possibility to search via v1-api, and add birth date to the data in such a case. No changes for previous gui-endpoint.

Sponsosr can now click a button next to passport/fnr values on the
guest info page to see the source and verifier of the value.

Resolves: GREG-275

Introduces the invalid field on the Identity model. The field is used to
indicate that the Identity is in invalid. This is useful when a value is
not a working value, even though the value passes validation checks,
like unused national id numbers, emails tied to non-existing domains,
etc.

Resolves: GREG-252

If the sponsor writes a valid but non-existent email in a guest invite
we retried sending this email indefinitely. Instead of leaving django q
in an endless loop, we now send an email to the sponsor warning about
the problem instead.

Since we may not want to enable the identity check, it must be
togglable. This commit adds environment variable
REACT_APP_ENABLE_IGA_CHECK for toggling the check in the frontend, and
django settings variable IGA_CHECK for toggling the check in the
backend.

Move serializers only used by gregui.

Queries iga for an external id matching ours. If a match is found, the
name of the owner is returend. Otherwise we return null. Uses the new
iga module to fetch the data.

Was removed by mistake at some time in the past. Introduced a few tests
to ensure that things work as expected.

Resolves: GREG-223

Verify that the backend accepts unicode for text fields and that it
survives to the database and back again

Switched from caring about the output to only check the number of
results since that's what we really care about

If someone that already exists in greg follows an invite, we are kind
enough to give the new role to the existing person. This introduced a
security risk if the invitation was actually meant for someone else.

Because of this situation, we introduce a security mechanism where we
disable the invitationlink if the name of the existing person is too
different from the name used in the invitation.

Resolves: GREG-166

Andreas Ellewsen authored 3 years ago and Jonas Braathen committed 3 years ago

If a sponsor verifies a nin that is already in use by an account in
cerebrum, the guest will gain access to that account, which in turn
allows the guest to change the password of that account. This makes it
possible to abuse the guest service to steal the account of users.

A feature that checks for this problem, and helps the sponsor make a
decision on it, will be introduced in the near future. At that point
nin verification can be enabled again.

Resolves: GREG-202

Changed from "IDporten user" top "ID-porten user"..
Assume the login is using ID-porten when only a nin is present.
The claims in a normal feide login will never contain nin.

This ensures that identity values created from values written in the
frontend by guests are given a source value signifying so.

Resolves: GREG-186