Handle wrong person following invitation link (!282) · Merge requests · it-bott-integrasjoner / greg

Andreas Ellewsen requested to merge GREG-166-invitation-theft-prevention into master Feb 14, 2022

If someone that already exists in greg follows an invite, we are kind enough to give the new role to the existing person. This introduced a security risk if the invitation was actually meant for someone else.

Because of this situation, we introduce a security mechanism where we disable the invitationlink if the name of the existing person is too different from the name used in the invitation.

Resolves: GREG-166

Handle wrong person following invitation link

Merge request reports