Skip to content
Snippets Groups Projects

Handle wrong person following invitation link

Merged Handle wrong person following invitation link
GREG-166-invitation-theft-prevention into master
All threads resolved!
Merged Andreas Ellewsen requested to merge GREG-166-invitation-theft-prevention into master
All threads resolved!

If someone that already exists in greg follows an invite, we are kind enough to give the new role to the existing person. This introduced a security risk if the invitation was actually meant for someone else.

Because of this situation, we introduce a security mechanism where we disable the invitationlink if the name of the existing person is too different from the name used in the invitation.

Resolves: GREG-166

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Tore.Brede approved this merge request

    approved this merge request

  • Andreas Ellewsen added 1 commit

    added 1 commit

    • 44eb330d - Log when wrong person uses invitation

    Compare with previous version

  • Andreas Ellewsen resolved all threads

    resolved all threads

  • Andreas Ellewsen resolved all threads

    resolved all threads

  • elg approved this merge request

    approved this merge request

  • Andreas Ellewsen merged

    merged

  • Andreas Ellewsen mentioned in commit 63666de6

    mentioned in commit 63666de6

    • Please register or sign in to reply