Add flag to prevent nin verification in frontend (!275) · Merge requests · it-bott-integrasjoner / greg

Andreas Ellewsen requested to merge GREG-202-prevent-verify-fnr-flag into master Feb 07, 2022

If a sponsor verifies a nin that is already in use by an account in cerebrum, the guest will gain access to that account, which in turn allows the guest to change the password of that account. This makes it possible to abuse the guest service to steal the account of users.

A feature that checks for this problem, and helps the sponsor make a decision on it, will be introduced in the near future. At that point nin verification can be enabled again.

Resolves: GREG-202

Add flag to prevent nin verification in frontend

Merge request reports