bump version: 0.0.11-alpha -> 0.0.12-alpha

Verify OAuth Username vuln and fix closes #9
fix SAML Views not having LoginRequiredMixin
2019-02-27 13:18:28 +01:00 · 2019-02-27 13:18:16 +01:00 · 2019-02-27 12:36:18 +01:00 · 2019-02-27 12:35:57 +01:00 · 2019-02-27 12:35:48 +01:00 · 2019-02-27 11:20:52 +01:00
215 changed files with 4144 additions and 1996 deletions
--- a/.bumpversion.cfg
+++ b/.bumpversion.cfg
@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.0.2-alpha
+current_version = 0.0.12-alpha
 tag = True
 commit = True
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-(?P<release>.*)
@ -14,12 +14,16 @@ values =
 	beta
 	stable
 [bumpversion:file:helm/passbook/values.yaml]
 [bumpversion:file:helm/passbook/Chart.yaml]
 [bumpversion:file:.gitlab-ci.yml]
 [bumpversion:file:passbook/__init__.py]
 [bumpversion:file:passbook/api/__init__.py]
 [bumpversion:file:passbook/core/__init__.py]
 [bumpversion:file:passbook/admin/__init__.py]
@ -30,11 +34,13 @@ values =
 [bumpversion:file:passbook/ldap/__init__.py]
 [bumpversion:file:passbook/lib/__init__.py]
 [bumpversion:file:passbook/saml_idp/__init__.py]
 [bumpversion:file:passbook/audit/__init__.py]
 [bumpversion:file:passbook/oauth_provider/__init__.py]
-[bumpversion:file:passbook/totp/__init__.py]
+[bumpversion:file:passbook/otp/__init__.py]
--- a/.dockerignore
+++ b/.dockerignore
@ -1,3 +1,4 @@
 env
 helm
 passbook-ui
 static
--- a/.gitignore
+++ b/.gitignore
@ -189,5 +189,5 @@ pyvenv.cfg
 pip-selfcheck.json
 # End of https://www.gitignore.io/api/python,django
-/static/*
+/static/
 local.env.yml
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -8,7 +8,14 @@ stages:
  - test
  - build
  - docs
-image: python:3.5
+image: python:3.6
 services:
  - postgres:latest
 variables:
  POSTGRES_DB: passbook
  POSTGRES_USER: passbook
  POSTGRES_PASSWORD: 'EK-5jnKfjrGRm<77'
 include:
  - /allauth/.gitlab-ci.yml
@ -44,9 +51,9 @@ package-docker:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
  before_script:
-    - echo "{\"auths\":{\"https://docker.$NEXUS_URL/\":{\"username\":\"$NEXUS_USER\",\"password\":\"$NEXUS_PASS\"}}}" > /kaniko/.docker/config.json
+    - echo "{\"auths\":{\"docker.$NEXUS_URL\":{\"auth\":\"$NEXUS_AUTH\"}}}" > /kaniko/.docker/config.json
  script:
-    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination docker.pkg.beryju.org/passbook:latest --destination docker.pkg.beryju.org/passbook:0.0.2-alpha
+    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination docker.pkg.beryju.org/passbook:latest --destination docker.pkg.beryju.org/passbook:0.0.12-alpha
  stage: build
  only:
    - tags
@ -55,8 +62,9 @@ package-helm:
  stage: build
  script:
    - curl https://raw.githubusercontent.com/helm/helm/master/scripts/get | bash
    - helm init --client-only
    - helm package helm/passbook
-    - ./manage.py nexus_upload --method put --url $NEXUS_URL --user $NEXUS_USER --password $NEXUS_PASS --repo helm *.tgz
+    - ./manage.py nexus_upload --method put --url $NEXUS_URL --auth $NEXUS_AUTH --repo helm *.tgz
  only:
    - tags
    - /^version/.*$/
--- a/.prospector.yaml
+++ b/.prospector.yaml
@ -0,0 +1,12 @@
 strictness: medium
 test-warnings: true
 doc-warnings: false
 ignore-paths:
  - env
  - migrations
  - docs
  - node_modules
 uses:
 - django
--- a/19
+++ b/19
@ -1,14 +1,25 @@
-FROM python:3.6-slim-stretch
+FROM python:3.6-slim-stretch as build
 # LABEL version="1.8.8"
 COPY ./passbook/ /app/passbook
 COPY ./static/ /app/static
 COPY ./manage.py /app/
 COPY ./requirements.txt /app/
 WORKDIR /app/
-#RUN apk add --no-cache libffi-dev build-base py2-pip python2-dev libxml-dev && \
+RUN mkdir /app/static/ && \
    pip install -r requirements.txt && \
    pip install psycopg2 && \
    ./manage.py collectstatic --no-input
 FROM python:3.6-slim-stretch
 COPY ./passbook/ /app/passbook
 COPY ./manage.py /app/
 COPY ./requirements.txt /app/
 COPY --from=build /app/static /app/static/
 WORKDIR /app/
 RUN pip install -r requirements.txt && \
    pip install psycopg2 && \
    adduser --system --home /app/ passbook && \
--- a/14
+++ b/14
@ -1,14 +0,0 @@
 ## oauth_client
 - Move provider_type logic to own class, not name-based URL matching
 - add provider_type field to Provider Model
 - make Provider inherit core.application
 - Add template for popular services like github, twitter, facebook, etc
 ## saml_idp
 - move certificates to Provider so each provider can have different certificates
 ## admin
 - add testing page where user can supply input and let rules run against it to debug/test
--- a/allauth/allauth_passbook/urls.py
+++ b/allauth/allauth_passbook/urls.py
@ -1,6 +1,5 @@
 """passbook provider"""
 from allauth.socialaccount.providers.oauth2.urls import default_urlpatterns
 from allauth_passbook.provider import PassbookProvider
 urlpatterns = default_urlpatterns(PassbookProvider)
--- a/allauth/allauth_passbook/views.py
+++ b/allauth/allauth_passbook/views.py
@ -1,10 +1,10 @@
 """passbook adapter"""
 import requests
 from allauth.socialaccount import app_settings
 from allauth.socialaccount.providers.oauth2.views import (OAuth2Adapter,
                                                          OAuth2CallbackView,
                                                          OAuth2LoginView)
 from allauth_passbook.provider import PassbookProvider
--- a/helm/passbook/Chart.yaml
+++ b/helm/passbook/Chart.yaml
@ -1,6 +1,6 @@
 apiVersion: v1
-appVersion: "0.0.2-alpha"
+appVersion: "0.0.12-alpha"
 description: A Helm chart for passbook.
 name: passbook
-version: 1.0.0
+version: "0.0.12-alpha"
 icon: https://passbook.beryju.org/images/logo.png
--- a/helm/passbook/templates/passbook-configmap.yaml
+++ b/helm/passbook/templates/passbook-configmap.yaml
@ -36,7 +36,7 @@ data:
    debug: false
    secure_proxy_header:
      HTTP_X_FORWARDED_PROTO: https
-    redis: {{ .Release.Name }}-redis
+    redis: ":{{ .Values.redis.password }}@{{ .Release.Name }}-redis-master"
    # Error reporting, sends stacktrace to sentry.services.beryju.org
    error_report_enabled: {{ .Values.config.error_reporting }}
--- a/helm/passbook/values.yaml
+++ b/helm/passbook/values.yaml
@ -5,7 +5,7 @@
 replicaCount: 1
 image:
-  tag: latest
+  tag: 0.0.12-alpha
 nameOverride: ""
--- a/passbook/init.py
+++ b/passbook/init.py
@ -1,2 +1,2 @@
 """passbook"""
-__version__ = '0.0.2-alpha'
+__version__ = '0.0.12-alpha'
--- a/passbook/admin/init.py
+++ b/passbook/admin/init.py
@ -1,2 +1,2 @@
 """passbook admin"""
-__version__ = '0.0.2-alpha'
+__version__ = '0.0.12-alpha'
--- a/passbook/admin/api/urls.py
+++ b/passbook/admin/api/urls.py
@ -0,0 +1,6 @@
 """Versioned Admin API Urls"""
 from django.conf.urls import include, url
 urlpatterns = [
    url(r'^v1/', include('passbook.admin.api.v1.urls', namespace='v1')),
 ]
--- a/passbook/admin/api/v1/applications.py
+++ b/passbook/admin/api/v1/applications.py
@ -0,0 +1,22 @@
 """passbook admin application API"""
 from rest_framework.permissions import IsAdminUser
 from rest_framework.serializers import ModelSerializer
 from rest_framework.viewsets import ModelViewSet
 from passbook.core.models import Application
 class ApplicationSerializer(ModelSerializer):
    """Application Serializer"""
    class Meta:
        model = Application
        fields = '__all__'
 class ApplicationViewSet(ModelViewSet):
    """Application Viewset"""
    permission_classes = [IsAdminUser]
    serializer_class = ApplicationSerializer
    queryset = Application.objects.all()
--- a/passbook/admin/api/v1/urls.py
+++ b/passbook/admin/api/v1/urls.py
@ -1,9 +1,33 @@
 """passbook admin API URLs"""
 from django.urls import path
 from drf_yasg import openapi
 from drf_yasg.views import get_schema_view
 from rest_framework import permissions
 from rest_framework.routers import DefaultRouter
 from passbook.admin.api.v1.applications import ApplicationViewSet
 from passbook.admin.api.v1.groups import GroupViewSet
 from passbook.admin.api.v1.users import UserViewSet
 router = DefaultRouter()
-router.register(r'groups', GroupViewSet)
+router.register('applications', ApplicationViewSet)
 router.register('groups', GroupViewSet)
 router.register('users', UserViewSet)
-urlpatterns = router.urls
+SchemaView = get_schema_view(
    openapi.Info(
        title="passbook Administration API",
        default_version='v1',
        description="Internal passbook API for Administration Interface",
        contact=openapi.Contact(email="contact@snippets.local"),
        license=openapi.License(name="MIT License"),
    ),
    public=True,
    permission_classes=(permissions.IsAdminUser,),
 )
 urlpatterns = router.urls + [
    path('swagger.yml', SchemaView.without_ui(cache_timeout=0), name='schema-json'),
    path('swagger/', SchemaView.with_ui('swagger', cache_timeout=0), name='schema-swagger-ui'),
 ]
 app_name = 'passbook.admin'
--- a/passbook/admin/api/v1/users.py
+++ b/passbook/admin/api/v1/users.py
@ -0,0 +1,23 @@
 """passbook admin user API"""
 from rest_framework.permissions import IsAdminUser
 from rest_framework.serializers import ModelSerializer
 from rest_framework.viewsets import ModelViewSet
 from passbook.core.models import User
 class UserSerializer(ModelSerializer):
    """User Serializer"""
    class Meta:
        model = User
        fields = ['is_superuser', 'username', 'first_name', 'last_name', 'email', 'date_joined',
                  'uuid']
 class UserViewSet(ModelViewSet):
    """User Viewset"""
    permission_classes = [IsAdminUser]
    serializer_class = UserSerializer
    queryset = User.objects.all()
--- a/passbook/admin/apps.py
+++ b/passbook/admin/apps.py
@ -8,3 +8,4 @@ class PassbookAdminConfig(AppConfig):
    name = 'passbook.admin'
    label = 'passbook_admin'
    mountpoint = 'administration/'
    verbose_name = 'passbook Admin'
--- a/passbook/admin/forms/policies.py
+++ b/passbook/admin/forms/policies.py
@ -4,7 +4,7 @@ from django import forms
 from passbook.core.models import User
-class RuleTestForm(forms.Form):
+class PolicyTestForm(forms.Form):
-    """Form to test rule against user"""
+    """Form to test policies against user"""
    user = forms.ModelChoiceField(queryset=User.objects.all())
--- a/passbook/admin/forms/source.py
+++ b/passbook/admin/forms/source.py
@ -1,6 +1,6 @@
 """passbook core source form fields"""
 # from django import forms
-SOURCE_FORM_FIELDS = ['name', 'slug', 'enabled']
+SOURCE_FORM_FIELDS = ['name', 'slug', 'enabled', 'policies']
 # class SourceForm(forms.Form)
--- a/passbook/admin/requirements.txt
+++ b/passbook/admin/requirements.txt
@ -1,2 +1,2 @@
 django-rest-framework
-django-rest-swagger
+drf_yasg
--- a/passbook/admin/templates/administration/application/list.html
+++ b/passbook/admin/templates/administration/application/list.html
@ -9,31 +9,35 @@
 {% block content %}
 <div class="container">
-  <h1>{% trans "Applications" %}</h1>
+    <h1><span class="pficon-applications"></span> {% trans "Applications" %}</h1>
-  <a href="{% url 'passbook_admin:application-create' %}" class="btn btn-primary">
+    <span>{% trans "External Applications which use passbook as Identity-Provider, utilizing protocols like OAuth2 and SAML." %}</span>
-    {% trans 'Create...' %}
+    <hr>
-  </a>
+    <a href="{% url 'passbook_admin:application-create' %}" class="btn btn-primary">
-  <hr>
+        {% trans 'Create...' %}
-  <table class="table table-striped table-bordered">
+    </a>
-    <thead>
+    <hr>
-      <tr>
+    <table class="table table-striped table-bordered">
-        <th>{% trans 'Name' %}</th>
+        <thead>
-        <th>{% trans 'Provider' %}</th>
+            <tr>
-        <th></th>
+                <th>{% trans 'Name' %}</th>
-      </tr>
+                <th>{% trans 'Provider' %}</th>
-    </thead>
+                <th></th>
-    <tbody>
+            </tr>
-      {% for application in object_list %}
+        </thead>
-        <tr>
+        <tbody>
-          <td>{{ application.name }}</td>
+            {% for application in object_list %}
-          <td>{{ application.provider }}</td>
+            <tr>
-          <td>
+                <td>{{ application.name }}</td>
-            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:application-update' pk=application.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
+                <td>{{ application.provider }}</td>
-            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:application-delete' pk=application.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
+                <td>
-          </td>
+                    <a class="btn btn-default btn-sm"
-        </tr>
+                        href="{% url 'passbook_admin:application-update' pk=application.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
-      {% endfor %}
+                    <a class="btn btn-default btn-sm"
-    </tbody>
+                        href="{% url 'passbook_admin:application-delete' pk=application.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
-  </table>
+                </td>
            </tr>
            {% endfor %}
        </tbody>
    </table>
 </div>
 {% endblock %}
--- a/passbook/admin/templates/administration/audit/list.html
+++ b/passbook/admin/templates/administration/audit/list.html
@ -8,77 +8,80 @@
 {% endblock %}
 {% block content %}
-<div class="container">
+<h1><span class="pficon-catalog"></span> {% trans "Audit Log" %}</h1>
-  <h1>{% trans "Audit Log" %}</h1>
+<div id="pf-list-standard" class="list-group list-view-pf list-view-pf-view">
  <div id="pf-list-standard" class="list-group list-view-pf list-view-pf-view">
    {% for entry in object_list %}
    <div class="list-group-item">
-      <div class="list-view-pf-main-info">
+        <div class="list-view-pf-main-info">
-        <div class="list-view-pf-left">
+            <div class="list-view-pf-left">
-          <span class="fa fa-plane list-view-pf-icon-sm"></span>
+                <span class="fa fa-plane list-view-pf-icon-sm"></span>
            </div>
            <div class="list-view-pf-body">
                <div class="list-view-pf-description">
                    <div class="list-group-item-heading">
                        {{ entry.action }}
                    </div>
                    <div class="list-group-item-text">
                        {{ entry.context }}
                    </div>
                </div>
                <div class="list-view-pf-additional-info">
                    <div class="list-view-pf-additional-info-item">
                        <span class="pficon pficon-user"></span>
                        <strong>{{ entry.user }}</strong>
                    </div>
                    <div class="list-view-pf-additional-info-item">
                        <span class="pficon pficon-cluster"></span>
                        <strong>{{ entry.app|default:'-' }}</strong>
                    </div>
                    <div class="list-view-pf-additional-info-item">
                        <span class="fa fa-clock-o"></span>
                        <strong>{{ entry.created }}</strong>
                    </div>
                    <div class="list-view-pf-additional-info-item">
                        <span class="pficon pficon-screen"></span>
                        <strong>{{ entry.request_ip }}</strong>
                    </div>
                </div>
            </div>
        </div>
        <div class="list-view-pf-body">
          <div class="list-view-pf-description">
            <div class="list-group-item-heading">
              {{ entry.action }}
            </div>
            <div class="list-group-item-text">
            </div>
          </div>
          <div class="list-view-pf-additional-info">
            <div class="list-view-pf-additional-info-item">
              <span class="pficon pficon-user"></span>
              <strong>{{ entry.user }}</strong>
            </div>
            <div class="list-view-pf-additional-info-item">
              <span class="pficon pficon-screen"></span>
              <strong>{{ entry.request_ip }}</strong>
            </div>
            <div class="list-view-pf-additional-info-item">
              <span class="pficon pficon-cluster"></span>
              <strong>{{ entry.app|default:'-' }}</strong>
            </div>
          </div>
        </div>
      </div>
    </div>
    {% endfor %}
-  </div>
+    <script>
-  <script>
+        $(document).ready(function () {
-    $(document).ready(function () {
+            // Row Checkbox Selection
-      // Row Checkbox Selection
+            $("#pf-list-standard input[type='checkbox']").change(function (e) {
-      $("#pf-list-standard input[type='checkbox']").change(function (e) {
+                if ($(this).is(":checked")) {
-        if ($(this).is(":checked")) {
+                    $(this).closest('.list-group-item').addClass("active");
-          $(this).closest('.list-group-item').addClass("active");
+                } else {
-        } else {
+                    $(this).closest('.list-group-item').removeClass("active");
-          $(this).closest('.list-group-item').removeClass("active");
+                }
-        }
+            });
-      });
+            // toggle dropdown menu
-      // toggle dropdown menu
+            $('#pf-list-standard .list-view-pf-actions').on('show.bs.dropdown', function () {
-      $('#pf-list-standard .list-view-pf-actions').on('show.bs.dropdown', function () {
+                var $this = $(this);
-        var $this = $(this);
+                var $dropdown = $this.find('.dropdown');
-        var $dropdown = $this.find('.dropdown');
+                var space = $(window).height() - $dropdown[0].getBoundingClientRect().top - $this.find('.dropdown-menu').outerHeight(true);
-        var space = $(window).height() - $dropdown[0].getBoundingClientRect().top - $this.find('.dropdown-menu').outerHeight(true);
+                $dropdown.toggleClass('dropup', space < 10);
-        $dropdown.toggleClass('dropup', space < 10);
+            });
-      });
+            // allow users to select multiple list items with shift key
-      // allow users to select multiple list items with shift key
+            $('#pf-list-standard .list-group').on('click', '.list-view-pf-checkbox>input', function (event) {
-      $('#pf-list-standard .list-group').on('click', '.list-view-pf-checkbox>input', function (event) {
+                var $list = $('.list-group');
-        var $list = $('.list-group');
+                var prevIndex = $list.data('preIndex');
-        var prevIndex = $list.data('preIndex');
+                var $listItems = $list.children('.list-group-item');
-        var $listItems = $list.children('.list-group-item');
+                var $currentItem = $(this).closest('.list-group-item');
-        var $currentItem = $(this).closest('.list-group-item');
+                if (event.shiftKey && prevIndex > -1 && this.checked) {
-        if (event.shiftKey && prevIndex > -1 && this.checked) {
+                    var currentIndex = $listItems.index($currentItem);
-          var currentIndex = $listItems.index($currentItem);
+                    var $selectScope = currentIndex - prevIndex > 0
-          var $selectScope = currentIndex - prevIndex > 0
+                        ? $currentItem.prevAll().not($listItems.eq(prevIndex).prevAll().addBack())
-            ? $currentItem.prevAll().not($listItems.eq(prevIndex).prevAll().addBack())
+                        : $listItems.eq(prevIndex).prevAll().not($currentItem.prevAll().addBack());
-            : $listItems.eq(prevIndex).prevAll().not($currentItem.prevAll().addBack());
+                    $selectScope.addClass('active').find('.list-view-pf-checkbox').children('input').prop('checked', true);
-          $selectScope.addClass('active').find('.list-view-pf-checkbox').children('input').prop('checked', true);
+                }
-        }
+                $list.data('preIndex', this.checked ? $listItems.index($currentItem) : -1);
-        $list.data('preIndex', this.checked ? $listItems.index($currentItem) : -1);
+            });
      });
-    });
+        });
-  </script>
+    </script>
-  {% include 'partials/pagination.html' %}
+    {% include 'partials/pagination.html' %}
 </div>
 {% endblock %}
--- a/passbook/admin/templates/administration/base.html
+++ b/passbook/admin/templates/administration/base.html
@ -17,8 +17,11 @@
  <li class="{% is_active 'passbook_admin:providers' 'passbook_admin:provider-create' 'passbook_admin:provider-update' 'passbook_admin:provider-delete' %}">
    <a href="{% url 'passbook_admin:providers' %}">{% trans 'Providers' %}</a>
  </li>
-  <li class="{% is_active 'passbook_admin:rules' 'passbook_admin:rule-create' 'passbook_admin:rule-update' 'passbook_admin:rule-delete' 'passbook_admin:rule-test' %}">
+  <li class="{% is_active 'passbook_admin:factors' 'passbook_admin:factor-create' 'passbook_admin:factor-update' 'passbook_admin:factor-delete' %}">
-    <a href="{% url 'passbook_admin:rules' %}">{% trans 'Rules' %}</a>
+    <a href="{% url 'passbook_admin:factors' %}">{% trans 'Factors' %}</a>
  </li>
  <li class="{% is_active 'passbook_admin:policies' 'passbook_admin:policy-create' 'passbook_admin:policy-update' 'passbook_admin:policy-delete' 'passbook_admin:policy-test' %}">
    <a href="{% url 'passbook_admin:policies' %}">{% trans 'Policies' %}</a>
  </li>
  <li class="{% is_active 'passbook_admin:invitations' 'passbook_admin:invitation-create' 'passbook_admin:invitation-update' 'passbook_admin:invitation-delete' 'passbook_admin:invitation-test' %}">
    <a href="{% url 'passbook_admin:invitations' %}">{% trans 'Invitations' %}</a>
--- a/passbook/admin/templates/administration/factor/list.html
+++ b/passbook/admin/templates/administration/factor/list.html
@ -0,0 +1,62 @@
 {% extends "administration/base.html" %}
 {% load i18n %}
 {% load utils %}
 {% load admin_reflection %}
 {% block title %}
 {% title %}
 {% endblock %}
 {% block content %}
 <div class="container">
    <h1><span class="pficon-plugged"></span> {% trans "Factors" %}</h1>
    <span>{% trans "Factors required for a user to successfully authenticate." %}</span>
    <hr>
    <div class="dropdown">
        <button class="btn btn-primary dropdown-toggle" type="button" id="createDropdown" data-toggle="dropdown">
            {% trans 'Create...' %}
            <span class="caret"></span>
        </button>
        <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
            {% for type, name in types.items %}
            <li role="presentation"><a role="menuitem" tabindex="-1"
                    href="{% url 'passbook_admin:factor-create' %}?type={{ type }}">{{ name }}</a></li>
            {% endfor %}
        </ul>
    </div>
    <hr>
    <table class="table table-striped table-bordered">
        <thead>
            <tr>
                <th>{% trans 'Name' %}</th>
                <th>{% trans 'Type' %}</th>
                <th>{% trans 'Order' %}</th>
                <th>{% trans 'Enabled?' %}</th>
                <th></th>
            </tr>
        </thead>
        <tbody>
            {% for factor in object_list %}
            <tr>
                <td>{{ factor.name }} ({{ factor.slug }})</td>
                <td>{{ factor.type }}</td>
                <td>{{ factor.order }}</td>
                <td>{{ factor.enabled }}</td>
                <td>
                    <a class="btn btn-default btn-sm"
                        href="{% url 'passbook_admin:factor-update' pk=factor.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
                    <a class="btn btn-default btn-sm"
                        href="{% url 'passbook_admin:factor-delete' pk=factor.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
                    {% get_links factor as links %}
                    {% for name, href in links.items %}
                    <a class="btn btn-default btn-sm"
                        href="{{ href }}?back={{ request.get_full_path }}">{% trans name %}</a>
                    {% endfor %}
                </td>
            </tr>
            {% endfor %}
        </tbody>
    </table>
 </div>
 {% endblock %}
--- a/passbook/admin/templates/administration/invitation/list.html
+++ b/passbook/admin/templates/administration/invitation/list.html
@ -9,30 +9,35 @@
 {% block content %}
 <div class="container">
-  <h1>{% trans "Invitations" %}</h1>
+    <h1><span class="pficon-migration"></span> {% trans "Invitations" %}</h1>
-  <a href="{% url 'passbook_admin:invitation-create' %}" class="btn btn-primary">
+    <span>{% trans "Create Invitation Links which optionally force a username or expire on a set date." %}</span>
-    {% trans 'Create...' %}
+    <hr>
-  </a>
+    <a href="{% url 'passbook_admin:invitation-create' %}" class="btn btn-primary">
-  <hr>
+        {% trans 'Create...' %}
-  <table class="table table-striped table-bordered">
+    </a>
-    <thead>
+    <hr>
-      <tr>
+    <table class="table table-striped table-bordered">
-        <th>{% trans 'Expiry' %}</th>
+        <thead>
-        <th>{% trans 'Link' %}</th>
+            <tr>
-        <th></th>
+                <th>{% trans 'Expiry' %}</th>
-      </tr>
+                <th>{% trans 'Link' %}</th>
-    </thead>
+                <th></th>
-    <tbody>
+            </tr>
-      {% for invitation in object_list %}
+        </thead>
-        <tr>
+        <tbody>
-          <td>{{ invitation.expires|default:"Never" }}</td>
+            {% for invitation in object_list %}
-          <td><pre>{{ invitation.link }}</pre></td>
+            <tr>
-          <td>
+                <td>{{ invitation.expires|default:"Never" }}</td>
-            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:invitation-delete' pk=invitation.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
+                <td>
-          </td>
+                    <pre>{{ invitation.link }}</pre>
-        </tr>
+                </td>
-      {% endfor %}
+                <td>
-    </tbody>
+                    <a class="btn btn-default btn-sm"
-  </table>
+                        href="{% url 'passbook_admin:invitation-delete' pk=invitation.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
                </td>
            </tr>
            {% endfor %}
        </tbody>
    </table>
 </div>
 {% endblock %}
--- a/passbook/admin/templates/administration/overview.html
+++ b/passbook/admin/templates/administration/overview.html
@ -4,53 +4,176 @@
 {% block content %}
 <div class="container">
-  <div class="col-xs-6 col-sm-2 col-md-2">
+    <div class="col-xs-6 col-sm-2 col-md-2">
-    <div class="card-pf card-pf-accented card-pf-aggregate-status">
+        <div class="card-pf card-pf-accented card-pf-aggregate-status">
-      <h2 class="card-pf-title">
+            <h2 class="card-pf-title">
-        <a href="#"><span class="fa fa-shield"></span><span class="card-pf-aggregate-status-count"></span> {% trans 'Applications' %}</a>
+                <a href="{% url 'passbook_admin:applications' %}">
-      </h2>
+                    <span class="pficon-applications"></span>
-      <div class="card-pf-body">
+                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Applications' %}
-        <p class="card-pf-aggregate-status-notifications">
+                </a>
-          <span class="card-pf-aggregate-status-notification"><a href="#"><span class="pficon pficon-ok"></span>{{ application_count }}</a></span>
+            </h2>
-        </p>
+            <div class="card-pf-body">
-      </div>
+                <p class="card-pf-aggregate-status-notifications">
                    <span class="card-pf-aggregate-status-notification">
                        <a href="{% url 'passbook_admin:applications' %}">
                            <span class="pficon pficon-ok"></span>{{ application_count }}
                        </a>
                    </span>
                </p>
            </div>
        </div>
    </div>
-  </div>
+    <div class="col-xs-6 col-sm-2 col-md-2">
-  <div class="col-xs-6 col-sm-2 col-md-2">
+        <div class="card-pf card-pf-accented card-pf-aggregate-status">
-    <div class="card-pf card-pf-accented card-pf-aggregate-status">
+            <h2 class="card-pf-title">
-      <h2 class="card-pf-title">
+                <a href="{% url 'passbook_admin:sources' %}">
-        <a href="#"><span class="fa fa-shield"></span><span class="card-pf-aggregate-status-count"></span> {% trans 'Providers' %}</a>
+                    <span class="pficon-resource-pool"></span>
-      </h2>
+                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Sources' %}
-      <div class="card-pf-body">
+                </a>
-        <p class="card-pf-aggregate-status-notifications">
+            </h2>
-          <span class="card-pf-aggregate-status-notification"><a href="#"><span class="pficon pficon-ok"></span>{{ provider_count }}</a></span>
+            <div class="card-pf-body">
-        </p>
+                <p class="card-pf-aggregate-status-notifications">
-      </div>
+                    <span class="card-pf-aggregate-status-notification">
                        <a href="{% url 'passbook_admin:sources' %}">
                            <span class="pficon pficon-ok"></span>{{ source_count }}
                        </a>
                    </span>
                </p>
            </div>
        </div>
    </div>
-  </div>
+    <div class="col-xs-6 col-sm-2 col-md-2">
-  <div class="col-xs-6 col-sm-2 col-md-2">
+        <div class="card-pf card-pf-accented card-pf-aggregate-status">
-    <div class="card-pf card-pf-accented card-pf-aggregate-status">
+            <h2 class="card-pf-title">
-      <h2 class="card-pf-title">
+                <a href="{% url 'passbook_admin:providers' %}">
-        <a href="#"><span class="fa fa-shield"></span><span class="card-pf-aggregate-status-count"></span> {% trans 'Rules' %}</a>
+                    <span class="pficon-integration"></span>
-      </h2>
+                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Providers' %}
-      <div class="card-pf-body">
+                </a>
-        <p class="card-pf-aggregate-status-notifications">
+            </h2>
-          <span class="card-pf-aggregate-status-notification"><a href="#"><span class="pficon pficon-ok"></span>{{ rule_count }}</a></span>
+            <div class="card-pf-body">
-        </p>
+                <p class="card-pf-aggregate-status-notifications">
-      </div>
+                    <span class="card-pf-aggregate-status-notification">
                        <a href="{% url 'passbook_admin:providers' %}">
                            <span class="pficon pficon-ok"></span>{{ provider_count }}
                        </a>
                    </span>
                </p>
            </div>
        </div>
    </div>
-  </div>
+    <div class="col-xs-6 col-sm-2 col-md-2">
-  <div class="col-xs-6 col-sm-2 col-md-2">
+        <div class="card-pf card-pf-accented card-pf-aggregate-status">
-    <div class="card-pf card-pf-accented card-pf-aggregate-status">
+            <h2 class="card-pf-title">
-      <h2 class="card-pf-title">
+                <a href="{% url 'passbook_admin:factors' %}">
-        <a href="#"><span class="fa fa-shield"></span><span class="card-pf-aggregate-status-count"></span> {% trans 'Users' %}</a>
+                    <span class="pficon-plugged"></span>
-      </h2>
+                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Factors' %}
-      <div class="card-pf-body">
+                </a>
-        <p class="card-pf-aggregate-status-notifications">
+            </h2>
-          <span class="card-pf-aggregate-status-notification"><a href="#"><span class="pficon pficon-ok"></span>{{ user_count }}</a></span>
+            <div class="card-pf-body">
-        </p>
+                <p class="card-pf-aggregate-status-notifications">
-      </div>
+                    <span class="card-pf-aggregate-status-notification">
                        <a href="{% url 'passbook_admin:factors' %}">
                            <span class="pficon pficon-ok"></span>{{ factor_count }}
                        </a>
                    </span>
                </p>
            </div>
        </div>
    </div>
    <div class="col-xs-6 col-sm-2 col-md-2">
        <div class="card-pf card-pf-accented card-pf-aggregate-status">
            <h2 class="card-pf-title">
                <a href="{% url 'passbook_admin:policies' %}">
                    <span class="pficon-infrastructure"></span>
                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Policies' %}
                </a>
            </h2>
            <div class="card-pf-body">
                <p class="card-pf-aggregate-status-notifications">
                    <span class="card-pf-aggregate-status-notification">
                        <a href="{% url 'passbook_admin:policies' %}">
                            <span class="pficon pficon-ok"></span>{{ policy_count }}
                        </a>
                    </span>
                </p>
            </div>
        </div>
    </div>
    <div class="col-xs-6 col-sm-2 col-md-2">
        <div class="card-pf card-pf-accented card-pf-aggregate-status">
            <h2 class="card-pf-title">
                <a href="{% url 'passbook_admin:invitations' %}">
                    <span class="pficon-migration"></span>
                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Invitation' %}
                </a>
            </h2>
            <div class="card-pf-body">
                <p class="card-pf-aggregate-status-notifications">
                    <span class="card-pf-aggregate-status-notification">
                        <a href="{% url 'passbook_admin:invitations' %}">
                            <span class="pficon pficon-ok"></span>{{ invitation_count }}
                        </a>
                    </span>
                </p>
            </div>
        </div>
    </div>
    <div class="col-xs-6 col-sm-2 col-md-2">
        <div class="card-pf card-pf-accented card-pf-aggregate-status">
            <h2 class="card-pf-title">
                <a href="{% url 'passbook_admin:users' %}">
                    <span class="pficon-users"></span>
                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Users' %}
                </a>
            </h2>
            <div class="card-pf-body">
                <p class="card-pf-aggregate-status-notifications">
                    <span class="card-pf-aggregate-status-notification">
                        <a href="{% url 'passbook_admin:users' %}">
                            <span class="pficon pficon-ok"></span>{{ user_count }}
                        </a>
                    </span>
                </p>
            </div>
        </div>
    </div>
    <div class="col-xs-6 col-sm-2 col-md-2">
        <div class="card-pf card-pf-accented card-pf-aggregate-status">
            <h2 class="card-pf-title">
                <a href="#">
                    <span class="pficon-bundle"></span>
                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Version' %}
                </a>
            </h2>
            <div class="card-pf-body">
                <p class="card-pf-aggregate-status-notifications">
                    <span class="card-pf-aggregate-status-notification">
                        <a href="#">
                            {{ version }}
                        </a>
                    </span>
                </p>
            </div>
        </div>
    </div>
    <div class="col-xs-6 col-sm-2 col-md-2">
        <div class="card-pf card-pf-accented card-pf-aggregate-status">
            <h2 class="card-pf-title">
                <a href="#">
                    <span class="pficon-server"></span>
                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Worker(s)' %}
                </a>
            </h2>
            <div class="card-pf-body">
                <p class="card-pf-aggregate-status-notifications">
                    <span class="card-pf-aggregate-status-notification">
                        <a href="#">
                            <span class="pficon pficon-ok"></span>{{ worker_count }}
                        </a>
                    </span>
                </p>
            </div>
        </div>
    </div>
  </div>
 </div>
 {% endblock %}
--- a/passbook/admin/templates/administration/policy/list.html
+++ b/passbook/admin/templates/administration/policy/list.html
@ -0,0 +1,54 @@
 {% extends "administration/base.html" %}
 {% load i18n %}
 {% load utils %}
 {% block title %}
 {% title %}
 {% endblock %}
 {% block content %}
 <div class="container">
    <h1><span class="pficon-infrastructure"></span> {% trans "Policies" %}</h1>
    <span>{% trans "Allow users to use Applications based on properties, enforce Password Criteria and selectively apply Factors." %}</span>
    <hr>
    <div class="dropdown">
        <button class="btn btn-primary dropdown-toggle" type="button" id="createDropdown" data-toggle="dropdown">
            {% trans 'Create...' %}
            <span class="caret"></span>
        </button>
        <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
            {% for type, name in types.items %}
            <li role="presentation"><a role="menuitem" tabindex="-1"
                    href="{% url 'passbook_admin:policy-create' %}?type={{ type }}">{{ name }}</a></li>
            {% endfor %}
        </ul>
    </div>
    <hr>
    <table class="table table-striped table-bordered">
        <thead>
            <tr>
                <th>{% trans 'Name' %}</th>
                <th>{% trans 'Class' %}</th>
                <th></th>
            </tr>
        </thead>
        <tbody>
            {% for policy in object_list %}
            <tr>
                <td>{{ policy.name }}</td>
                <td>{{ policy|fieldtype }}</td>
                <td>
                    <a class="btn btn-default btn-sm"
                        href="{% url 'passbook_admin:policy-update' pk=policy.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
                    <a class="btn btn-default btn-sm"
                        href="{% url 'passbook_admin:policy-test' pk=policy.uuid %}?back={{ request.get_full_path }}">{% trans 'Test' %}</a>
                    <a class="btn btn-default btn-sm"
                        href="{% url 'passbook_admin:policy-delete' pk=policy.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
                </td>
            </tr>
            {% endfor %}
        </tbody>
    </table>
 </div>
 {% endblock %}
--- a/passbook/admin/templates/administration/policy/test.html
+++ b/passbook/admin/templates/administration/policy/test.html
@ -0,0 +1,7 @@
 {% extends 'generic/form.html' %}
 {% load i18n %}
 {% block above_form %}
 <h1>{% blocktrans with policy=policy %}Test policy {{ policy }}{% endblocktrans %}</h1>
 {% endblock %}
--- a/passbook/admin/templates/administration/provider/list.html
+++ b/passbook/admin/templates/administration/provider/list.html
@ -10,43 +10,49 @@
 {% block content %}
 <div class="container">
-  <h1>{% trans "Providers" %}</h1>
+    <h1><span class="pficon-integration"></span> {% trans "Providers" %}</h1>
-  <div class="dropdown">
+    <span>{% trans "Authentication Protocol Provider, used as Protocol behind an Application." %}</span>
-    <button class="btn btn-primary dropdown-toggle" type="button" id="createDropdown" data-toggle="dropdown">
+    <hr>
-      {% trans 'Create...' %}
+    <div class="dropdown">
-      <span class="caret"></span>
+        <button class="btn btn-primary dropdown-toggle" type="button" id="createDropdown" data-toggle="dropdown">
-    </button>
+            {% trans 'Create...' %}
-    <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
+            <span class="caret"></span>
-      {% for type, name in types.items %}
+        </button>
-      <li role="presentation"><a role="menuitem" tabindex="-1" href="{% url 'passbook_admin:provider-create' %}?type={{ type }}">{{ name }}</a></li>
+        <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
-      {% endfor %}
+            {% for type, name in types.items %}
-    </ul>
+            <li role="presentation"><a role="menuitem" tabindex="-1"
-  </div>
+                    href="{% url 'passbook_admin:provider-create' %}?type={{ type }}">{{ name }}</a></li>
  <hr>
  <table class="table table-striped table-bordered">
    <thead>
      <tr>
        <th>{% trans 'Name' %}</th>
        <th>{% trans 'Class' %}</th>
        <th></th>
      </tr>
    </thead>
    <tbody>
      {% for provider in object_list %}
        <tr>
          <td>{{ provider.name }}</td>
          <td>{{ provider|fieldtype }}</td>
          <td>
            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:provider-update' pk=provider.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:provider-delete' pk=provider.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
            {% get_links provider as links %}
            {% for name, href in links.items %}
              <a class="btn btn-default btn-sm" href="{{ href }}?back={{ request.get_full_path }}">{% trans name %}</a>
            {% endfor %}
-          </td>
+        </ul>
-        </tr>
+    </div>
-      {% endfor %}
+    <hr>
-    </tbody>
+    <table class="table table-striped table-bordered">
-  </table>
+        <thead>
            <tr>
                <th>{% trans 'Name' %}</th>
                <th>{% trans 'Class' %}</th>
                <th></th>
            </tr>
        </thead>
        <tbody>
            {% for provider in object_list %}
            <tr>
                <td>{{ provider.name }}</td>
                <td>{{ provider|fieldtype }}</td>
                <td>
                    <a class="btn btn-default btn-sm"
                        href="{% url 'passbook_admin:provider-update' pk=provider.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
                    <a class="btn btn-default btn-sm"
                        href="{% url 'passbook_admin:provider-delete' pk=provider.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
                    {% get_links provider as links %}
                    {% for name, href in links.items %}
                    <a class="btn btn-default btn-sm"
                        href="{{ href }}?back={{ request.get_full_path }}">{% trans name %}</a>
                    {% endfor %}
                </td>
            </tr>
            {% endfor %}
        </tbody>
    </table>
 </div>
 {% endblock %}
--- a/passbook/admin/templates/administration/rule/list.html
+++ b/passbook/admin/templates/administration/rule/list.html
@ -1,48 +0,0 @@
 {% extends "administration/base.html" %}
 {% load i18n %}
 {% load utils %}
 {% block title %}
 {% title %}
 {% endblock %}
 {% block content %}
 <div class="container">
  <h1>{% trans "Rules" %}</h1>
  <div class="dropdown">
    <button class="btn btn-primary dropdown-toggle" type="button" id="createDropdown" data-toggle="dropdown">
      {% trans 'Create...' %}
      <span class="caret"></span>
    </button>
    <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
      {% for type, name in types.items %}
      <li role="presentation"><a role="menuitem" tabindex="-1" href="{% url 'passbook_admin:rule-create' %}?type={{ type }}">{{ name }}</a></li>
      {% endfor %}
    </ul>
  </div>
  <hr>
  <table class="table table-striped table-bordered">
    <thead>
      <tr>
        <th>{% trans 'Name' %}</th>
        <th>{% trans 'Class' %}</th>
        <th></th>
      </tr>
    </thead>
    <tbody>
      {% for rule in object_list %}
        <tr>
          <td>{{ rule.name }}</td>
          <td>{{ rule|fieldtype }}</td>
          <td>
            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:rule-update' pk=rule.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:rule-test' pk=rule.uuid %}?back={{ request.get_full_path }}">{% trans 'Test' %}</a>
            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:rule-delete' pk=rule.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
          </td>
        </tr>
      {% endfor %}
    </tbody>
  </table>
 </div>
 {% endblock %}
--- a/passbook/admin/templates/administration/rule/test.html
+++ b/passbook/admin/templates/administration/rule/test.html
@ -1,7 +0,0 @@
 {% extends 'generic/form.html' %}
 {% load i18n %}
 {% block above_form %}
 <h1>{% blocktrans with rule=rule %}Test rule {{ rule }}{% endblocktrans %}</h1>
 {% endblock %}
--- a/passbook/admin/templates/administration/source/list.html
+++ b/passbook/admin/templates/administration/source/list.html
@ -6,43 +6,51 @@
 {% block content %}
 <div class="container">
-  <h1>{% trans "Sources" %}</h1>
+    <h1><span class="pficon-resource-pool"></span> {% trans "Sources" %}</h1>
-  <div class="dropdown">
+    <span>{% trans "External Sources which can be used to get Identities into passbook, for example Social Providers like Twiter and GitHub or Enterprise Providers like ADFS and LDAP." %}</span>
-    <button class="btn btn-primary dropdown-toggle" type="button" id="createDropdown" data-toggle="dropdown">
+    <hr>
-      {% trans 'Create...' %}
+    <div class="dropdown">
-      <span class="caret"></span>
+        <button class="btn btn-primary dropdown-toggle" type="button" id="createDropdown" data-toggle="dropdown">
-    </button>
+            {% trans 'Create...' %}
-    <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
+            <span class="caret"></span>
-      {% for type, name in types.items %}
+        </button>
-      <li role="presentation"><a role="menuitem" tabindex="-1" href="{% url 'passbook_admin:source-create' %}?type={{ type }}">{{ name }}</a></li>
+        <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
-      {% endfor %}
+            {% for type, name in types.items %}
-    </ul>
+            <li role="presentation"><a role="menuitem" tabindex="-1"
-  </div>
+                    href="{% url 'passbook_admin:source-create' %}?type={{ type }}">{{ name }}</a></li>
  <hr>
  <table class="table table-striped table-bordered">
    <thead>
      <tr>
        <th>{% trans 'Name' %}</th>
        <th>{% trans 'Class' %}</th>
        <th></th>
      </tr>
    </thead>
    <tbody>
      {% for source in object_list %}
        <tr>
          <td>{{ source.name }}</td>
          <td>{{ source|fieldtype }}</td>
          <td>
            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:source-update' pk=source.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:source-delete' pk=source.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
            {% get_links source as links %}
            {% for name, href in links %}
              <a class="btn btn-default btn-sm" href="{{ href }}?back={{ request.get_full_path }}">{% trans name %}</a>
            {% endfor %}
-          </td>
+        </ul>
-        </tr>
+    </div>
-      {% endfor %}
+    <hr>
-    </tbody>
+    <table class="table table-striped table-bordered">
-  </table>
+        <thead>
            <tr>
                <th>{% trans 'Name' %}</th>
                <th>{% trans 'Class' %}</th>
                <th>{% trans 'Additional Info' %}</th>
                <th></th>
            </tr>
        </thead>
        <tbody>
            {% for source in object_list %}
            <tr>
                <td>{{ source.name }}</td>
                <td>{{ source|fieldtype }}</td>
                <td>{{ source.additional_info }}</td>
                <td>
                    <a class="btn btn-default btn-sm"
                        href="{% url 'passbook_admin:source-update' pk=source.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
                    <a class="btn btn-default btn-sm"
                        href="{% url 'passbook_admin:source-delete' pk=source.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
                    {% get_links source as links %}
                    {% for name, href in links %}
                    <a class="btn btn-default btn-sm"
                        href="{{ href }}?back={{ request.get_full_path }}">{% trans name %}</a>
                    {% endfor %}
                </td>
            </tr>
            {% endfor %}
        </tbody>
    </table>
 </div>
 {% endblock %}
--- a/passbook/admin/templates/administration/user/list.html
+++ b/passbook/admin/templates/administration/user/list.html
@ -5,34 +5,38 @@
 {% block content %}
 <div class="container">
-  <h1>{% trans "Users" %}</h1>
+    <h1><span class="pficon-users"></span> {% trans "Users" %}</h1>
-  <hr>
+    <hr>
-  <table class="table table-striped table-bordered">
+    <table class="table table-striped table-bordered">
-    <thead>
+        <thead>
-      <tr>
+            <tr>
-        <th>{% trans 'Username' %}</th>
+                <th>{% trans 'Username' %}</th>
-        <th>{% trans 'First Name' %}</th>
+                <th>{% trans 'First Name' %}</th>
-        <th>{% trans 'Last Name' %}</th>
+                <th>{% trans 'Last Name' %}</th>
-        <th>{% trans 'Active' %}</th>
+                <th>{% trans 'Active' %}</th>
-        <th>{% trans 'Last Login' %}</th>
+                <th>{% trans 'Last Login' %}</th>
-        <th></th>
+                <th></th>
-      </tr>
+            </tr>
-    </thead>
+        </thead>
-    <tbody>
+        <tbody>
-      {% for user in object_list %}
+            {% for user in object_list %}
-        <tr>
+            <tr>
-          <td>{{ user.username }}</td>
+                <td>{{ user.username }}</td>
-          <td>{{ user.first_name|default:'-' }}</td>
+                <td>{{ user.first_name|default:'-' }}</td>
-          <td>{{ user.last_name|default:'-' }}</td>
+                <td>{{ user.last_name|default:'-' }}</td>
-          <td>{{ user.is_active }}</td>
+                <td>{{ user.is_active }}</td>
-          <td>{{ user.last_login }}</td>
+                <td>{{ user.last_login }}</td>
-          <td>
+                <td>
-            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:user-update' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
+                    <a class="btn btn-default btn-sm"
-            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:user-delete' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
+                        href="{% url 'passbook_admin:user-update' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
-          </td>
+                    <a class="btn btn-default btn-sm"
-        </tr>
+                        href="{% url 'passbook_admin:user-delete' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
-      {% endfor %}
+                    <a class="btn btn-default btn-sm"
-    </tbody>
+                        href="{% url 'passbook_admin:user-password-reset' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Reset Password' %}</a>
-  </table>
+                </td>
            </tr>
            {% endfor %}
        </tbody>
    </table>
 </div>
 {% endblock %}
--- a/passbook/admin/templates/generic/create.html
+++ b/passbook/admin/templates/generic/create.html
@ -5,3 +5,7 @@
 {% block above_form %}
 <h1>{% trans 'Create' %}</h1>
 {% endblock %}
 {% block action %}
 {% trans 'Create' %}
 {% endblock %}
--- a/passbook/admin/templates/generic/form.html
+++ b/passbook/admin/templates/generic/form.html
@ -11,7 +11,7 @@
    <form action="" method="post" class="form-horizontal">
      {% include 'partials/form.html' with form=form %}
      <a class="btn btn-default" href="{% back %}">{% trans "Cancel" %}</a>
-      <input type="submit" class="btn btn-primary" value="{% trans 'Create' %}" />
+      <input type="submit" class="btn btn-primary" value="{% block action %}{% endblock %}" />
    </form>
  </div>
 </div>
--- a/passbook/admin/templates/generic/update.html
+++ b/passbook/admin/templates/generic/update.html
@ -5,3 +5,7 @@
 {% block above_form %}
 <h1>{% trans 'Update' %}</h1>
 {% endblock %}
 {% block action %}
 {% trans 'Update' %}
 {% endblock %}
--- a/passbook/admin/urls.py
+++ b/passbook/admin/urls.py
@ -1,12 +1,9 @@
 """passbook URL Configuration"""
 from django.urls import include, path
 from rest_framework_swagger.views import get_swagger_view
 from passbook.admin.views import (applications, audit, groups, invitations,
                                  overview, providers, rules, sources, users)
 schema_view = get_swagger_view(title='passbook Admin Internal API')
 from passbook.admin.views import (applications, audit, factors, groups,
                                  invitations, overview, policy, providers,
                                  sources, users)
 urlpatterns = [
    path('', overview.AdministrationOverviewView.as_view(), name='overview'),
@ -24,12 +21,12 @@ urlpatterns = [
    path('sources/create/', sources.SourceCreateView.as_view(), name='source-create'),
    path('sources/<uuid:pk>/update/', sources.SourceUpdateView.as_view(), name='source-update'),
    path('sources/<uuid:pk>/delete/', sources.SourceDeleteView.as_view(), name='source-delete'),
-    # Rules
+    # Policies
-    path('rules/', rules.RuleListView.as_view(), name='rules'),
+    path('policies/', policy.PolicyListView.as_view(), name='policies'),
-    path('rules/create/', rules.RuleCreateView.as_view(), name='rule-create'),
+    path('policies/create/', policy.PolicyCreateView.as_view(), name='policy-create'),
-    path('rules/<uuid:pk>/update/', rules.RuleUpdateView.as_view(), name='rule-update'),
+    path('policies/<uuid:pk>/update/', policy.PolicyUpdateView.as_view(), name='policy-update'),
-    path('rules/<uuid:pk>/delete/', rules.RuleDeleteView.as_view(), name='rule-delete'),
+    path('policies/<uuid:pk>/delete/', policy.PolicyDeleteView.as_view(), name='policy-delete'),
-    path('rules/<uuid:pk>/test/', rules.RuleTestView.as_view(), name='rule-test'),
+    path('policies/<uuid:pk>/test/', policy.PolicyTestView.as_view(), name='policy-test'),
    # Providers
    path('providers/', providers.ProviderListView.as_view(), name='providers'),
    path('providers/create/',
@ -38,6 +35,14 @@ urlpatterns = [
         providers.ProviderUpdateView.as_view(), name='provider-update'),
    path('providers/<int:pk>/delete/',
         providers.ProviderDeleteView.as_view(), name='provider-delete'),
    # Factors
    path('factors/', factors.FactorListView.as_view(), name='factors'),
    path('factors/create/',
         factors.FactorCreateView.as_view(), name='factor-create'),
    path('factors/<uuid:pk>/update/',
         factors.FactorUpdateView.as_view(), name='factor-update'),
    path('factors/<uuid:pk>/delete/',
         factors.FactorDeleteView.as_view(), name='factor-delete'),
    # Invitations
    path('invitations/', invitations.InvitationListView.as_view(), name='invitations'),
    path('invitations/create/',
@ -51,11 +56,12 @@ urlpatterns = [
         users.UserUpdateView.as_view(), name='user-update'),
    path('users/<int:pk>/delete/',
         users.UserDeleteView.as_view(), name='user-delete'),
    path('users/<int:pk>/reset/',
         users.UserPasswordResetView.as_view(), name='user-password-reset'),
    # Audit Log
    path('audit/', audit.AuditEntryListView.as_view(), name='audit-log'),
    # Groups
    path('groups/', groups.GroupListView.as_view(), name='groups'),
    # API
-    path('api/', schema_view),
+    path('api/', include('passbook.admin.api.urls'))
    path('api/v1/', include('passbook.admin.api.v1.urls'))
 ]
--- a/passbook/admin/views/applications.py
+++ b/passbook/admin/views/applications.py
@ -1,4 +1,5 @@
 """passbook Application administration"""
 from django.contrib import messages
 from django.contrib.messages.views import SuccessMessageMixin
 from django.urls import reverse_lazy
 from django.utils.translation import ugettext as _
@ -45,5 +46,10 @@ class ApplicationDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView)
    model = Application
    template_name = 'generic/delete.html'
    success_url = reverse_lazy('passbook_admin:applications')
-    success_message = _('Successfully updated Application')
+    success_message = _('Successfully deleted Application')
    def delete(self, request, *args, **kwargs):
        messages.success(self.request, self.success_message)
        return super().delete(request, *args, **kwargs)
--- a/passbook/admin/views/factors.py
+++ b/passbook/admin/views/factors.py
@ -0,0 +1,84 @@
 """passbook Factor administration"""
 from django.contrib import messages
 from django.contrib.messages.views import SuccessMessageMixin
 from django.http import Http404
 from django.urls import reverse_lazy
 from django.utils.translation import ugettext as _
 from django.views.generic import CreateView, DeleteView, ListView, UpdateView
 from passbook.admin.mixins import AdminRequiredMixin
 from passbook.core.models import Factor
 from passbook.lib.utils.reflection import path_to_class
 def all_subclasses(cls):
    """Recursively return all subclassess of cls"""
    return set(cls.__subclasses__()).union(
        [s for c in cls.__subclasses__() for s in all_subclasses(c)])
 class FactorListView(AdminRequiredMixin, ListView):
    """Show list of all factors"""
    model = Factor
    template_name = 'administration/factor/list.html'
    ordering = 'order'
    def get_context_data(self, **kwargs):
        kwargs['types'] = {
            x.__name__: x._meta.verbose_name for x in all_subclasses(Factor)}
        return super().get_context_data(**kwargs)
    def get_queryset(self):
        return super().get_queryset().select_subclasses()
 class FactorCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
    """Create new Factor"""
    template_name = 'generic/create_inheritance.html'
    success_url = reverse_lazy('passbook_admin:factors')
    success_message = _('Successfully created Factor')
    def get_context_data(self, **kwargs):
        kwargs = super().get_context_data(**kwargs)
        factor_type = self.request.GET.get('type')
        model = next(x for x in all_subclasses(Factor) if x.__name__ == factor_type)
        kwargs['type'] = model._meta.verbose_name
        return kwargs
    def get_form_class(self):
        factor_type = self.request.GET.get('type')
        model = next(x for x in all_subclasses(Factor) if x.__name__ == factor_type)
        if not model:
            raise Http404
        return path_to_class(model.form)
 class FactorUpdateView(SuccessMessageMixin, AdminRequiredMixin, UpdateView):
    """Update factor"""
    model = Factor
    template_name = 'generic/update.html'
    success_url = reverse_lazy('passbook_admin:factors')
    success_message = _('Successfully updated Factor')
    def get_form_class(self):
        form_class_path = self.get_object().form
        form_class = path_to_class(form_class_path)
        return form_class
    def get_object(self, queryset=None):
        return Factor.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
 class FactorDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView):
    """Delete factor"""
    model = Factor
    template_name = 'generic/delete.html'
    success_url = reverse_lazy('passbook_admin:factors')
    success_message = _('Successfully deleted Factor')
    def get_object(self, queryset=None):
        return Factor.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
    def delete(self, request, *args, **kwargs):
        messages.success(self.request, self.success_message)
        return super().delete(request, *args, **kwargs)
--- a/passbook/admin/views/invitations.py
+++ b/passbook/admin/views/invitations.py
@ -1,4 +1,5 @@
 """passbook Invitation administration"""
 from django.contrib import messages
 from django.contrib.messages.views import SuccessMessageMixin
 from django.http import HttpResponseRedirect
 from django.urls import reverse_lazy
@ -42,4 +43,8 @@ class InvitationDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView):
    model = Invitation
    template_name = 'generic/delete.html'
    success_url = reverse_lazy('passbook_admin:invitations')
-    success_message = _('Successfully updated Invitation')
+    success_message = _('Successfully deleted Invitation')
    def delete(self, request, *args, **kwargs):
        messages.success(self.request, self.success_message)
        return super().delete(request, *args, **kwargs)
--- a/passbook/admin/views/overview.py
+++ b/passbook/admin/views/overview.py
@ -2,7 +2,10 @@
 from django.views.generic import TemplateView
 from passbook.admin.mixins import AdminRequiredMixin
-from passbook.core.models import Application, Provider, Rule, User
+from passbook.core import __version__
 from passbook.core.celery import CELERY_APP
 from passbook.core.models import (Application, Factor, Invitation, Policy,
                                  Provider, Source, User)
 class AdministrationOverviewView(AdminRequiredMixin, TemplateView):
@ -12,7 +15,12 @@ class AdministrationOverviewView(AdminRequiredMixin, TemplateView):
    def get_context_data(self, **kwargs):
        kwargs['application_count'] = len(Application.objects.all())
-        kwargs['rule_count'] = len(Rule.objects.all())
+        kwargs['policy_count'] = len(Policy.objects.all())
        kwargs['user_count'] = len(User.objects.all())
        kwargs['provider_count'] = len(Provider.objects.all())
        kwargs['source_count'] = len(Source.objects.all())
        kwargs['factor_count'] = len(Factor.objects.all())
        kwargs['invitation_count'] = len(Invitation.objects.all())
        kwargs['version'] = __version__
        kwargs['worker_count'] = len(CELERY_APP.control.ping(timeout=0.5))
        return super().get_context_data(**kwargs)
--- a/passbook/admin/views/policy.py
+++ b/passbook/admin/views/policy.py
@ -0,0 +1,108 @@
 """passbook Policy administration"""
 from django.contrib import messages
 from django.contrib.messages.views import SuccessMessageMixin
 from django.http import Http404
 from django.urls import reverse_lazy
 from django.utils.translation import ugettext as _
 from django.views.generic import (CreateView, DeleteView, FormView, ListView,
                                  UpdateView)
 from django.views.generic.detail import DetailView
 from passbook.admin.forms.policies import PolicyTestForm
 from passbook.admin.mixins import AdminRequiredMixin
 from passbook.core.models import Policy
 from passbook.lib.utils.reflection import path_to_class
 class PolicyListView(AdminRequiredMixin, ListView):
    """Show list of all policies"""
    model = Policy
    template_name = 'administration/policy/list.html'
    def get_context_data(self, **kwargs):
        kwargs['types'] = {
            x.__name__: x._meta.verbose_name for x in Policy.__subclasses__()}
        return super().get_context_data(**kwargs)
    def get_queryset(self):
        return super().get_queryset().order_by('order').select_subclasses()
 class PolicyCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
    """Create new Policy"""
    template_name = 'generic/create_inheritance.html'
    success_url = reverse_lazy('passbook_admin:policies')
    success_message = _('Successfully created Policy')
    def get_form_class(self):
        policy_type = self.request.GET.get('type')
        model = next(x for x in Policy.__subclasses__()
                     if x.__name__ == policy_type)
        if not model:
            raise Http404
        return path_to_class(model.form)
 class PolicyUpdateView(SuccessMessageMixin, AdminRequiredMixin, UpdateView):
    """Update policy"""
    model = Policy
    template_name = 'generic/update.html'
    success_url = reverse_lazy('passbook_admin:policies')
    success_message = _('Successfully updated Policy')
    def get_form_class(self):
        form_class_path = self.get_object().form
        form_class = path_to_class(form_class_path)
        return form_class
    def get_object(self, queryset=None):
        return Policy.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
 class PolicyDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView):
    """Delete policy"""
    model = Policy
    template_name = 'generic/delete.html'
    success_url = reverse_lazy('passbook_admin:policies')
    success_message = _('Successfully deleted Policy')
    def get_object(self, queryset=None):
        return Policy.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
    def delete(self, request, *args, **kwargs):
        messages.success(self.request, self.success_message)
        return super().delete(request, *args, **kwargs)
 class PolicyTestView(AdminRequiredMixin, DetailView, FormView):
    """View to test policy(s)"""
    model = Policy
    form_class = PolicyTestForm
    template_name = 'administration/policy/test.html'
    object = None
    def get_object(self, queryset=None):
        return Policy.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
    def get_context_data(self, **kwargs):
        kwargs['policy'] = self.get_object()
        return super().get_context_data(**kwargs)
    def post(self, *args, **kwargs):
        self.object = self.get_object()
        return super().post(*args, **kwargs)
    def form_valid(self, form):
        policy = self.get_object()
        user = form.cleaned_data.get('user')
        result = policy.passes(user)
        if result:
            messages.success(self.request, _('User successfully passed policy.'))
        else:
            messages.error(self.request, _("User didn't pass policy."))
        return self.render_to_response(self.get_context_data(form=form, result=result))
--- a/passbook/admin/views/providers.py
+++ b/passbook/admin/views/providers.py
@ -1,4 +1,5 @@
 """passbook Provider administration"""
 from django.contrib import messages
 from django.contrib.messages.views import SuccessMessageMixin
 from django.http import Http404
 from django.urls import reverse_lazy
@ -64,7 +65,11 @@ class ProviderDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView):
    model = Provider
    template_name = 'generic/delete.html'
    success_url = reverse_lazy('passbook_admin:providers')
-    success_message = _('Successfully updated Provider')
+    success_message = _('Successfully deleted Provider')
    def get_object(self, queryset=None):
        return Provider.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
    def delete(self, request, *args, **kwargs):
        messages.success(self.request, self.success_message)
        return super().delete(request, *args, **kwargs)
--- a/passbook/admin/views/rules.py
+++ b/passbook/admin/views/rules.py
@ -1,104 +0,0 @@
 """passbook Rule administration"""
 from django.contrib import messages
 from django.contrib.messages.views import SuccessMessageMixin
 from django.http import Http404
 from django.urls import reverse_lazy
 from django.utils.translation import ugettext as _
 from django.views.generic import (CreateView, DeleteView, FormView, ListView,
                                  UpdateView)
 from django.views.generic.detail import DetailView
 from passbook.admin.forms.rule import RuleTestForm
 from passbook.admin.mixins import AdminRequiredMixin
 from passbook.core.models import Rule
 from passbook.lib.utils.reflection import path_to_class
 class RuleListView(AdminRequiredMixin, ListView):
    """Show list of all rules"""
    model = Rule
    template_name = 'administration/rule/list.html'
    def get_context_data(self, **kwargs):
        kwargs['types'] = {
            x.__name__: x._meta.verbose_name for x in Rule.__subclasses__()}
        return super().get_context_data(**kwargs)
    def get_queryset(self):
        return super().get_queryset().order_by('order').select_subclasses()
 class RuleCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
    """Create new Rule"""
    template_name = 'generic/create_inheritance.html'
    success_url = reverse_lazy('passbook_admin:rules')
    success_message = _('Successfully created Rule')
    def get_form_class(self):
        rule_type = self.request.GET.get('type')
        model = next(x for x in Rule.__subclasses__()
                     if x.__name__ == rule_type)
        if not model:
            raise Http404
        return path_to_class(model.form)
 class RuleUpdateView(SuccessMessageMixin, AdminRequiredMixin, UpdateView):
    """Update rule"""
    model = Rule
    template_name = 'generic/update.html'
    success_url = reverse_lazy('passbook_admin:rules')
    success_message = _('Successfully updated Rule')
    def get_form_class(self):
        form_class_path = self.get_object().form
        form_class = path_to_class(form_class_path)
        return form_class
    def get_object(self, queryset=None):
        return Rule.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
 class RuleDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView):
    """Delete rule"""
    model = Rule
    template_name = 'generic/delete.html'
    success_url = reverse_lazy('passbook_admin:rules')
    success_message = _('Successfully updated Rule')
    def get_object(self, queryset=None):
        return Rule.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
 class RuleTestView(AdminRequiredMixin, DetailView, FormView):
    """View to test rule(s)"""
    model = Rule
    form_class = RuleTestForm
    template_name = 'administration/rule/test.html'
    object = None
    def get_object(self, queryset=None):
        return Rule.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
    def get_context_data(self, **kwargs):
        kwargs['rule'] = self.get_object()
        return super().get_context_data(**kwargs)
    def post(self, *args, **kwargs):
        self.object = self.get_object()
        return super().post(*args, **kwargs)
    def form_valid(self, form):
        rule = self.get_object()
        user = form.cleaned_data.get('user')
        result = rule.passes(user)
        if result:
            messages.success(self.request, _('User successfully passed rule.'))
        else:
            messages.error(self.request, _("User didn't pass rule."))
        return self.render_to_response(self.get_context_data(form=form, result=result))
--- a/passbook/admin/views/sources.py
+++ b/passbook/admin/views/sources.py
@ -1,4 +1,5 @@
 """passbook Source administration"""
 from django.contrib import messages
 from django.contrib.messages.views import SuccessMessageMixin
 from django.http import Http404
 from django.urls import reverse_lazy
@ -66,9 +67,13 @@ class SourceDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView):
    """Delete source"""
    model = Source
-
+    template_name = 'generic/delete.html'
    success_url = reverse_lazy('passbook_admin:sources')
-    success_message = _('Successfully updated Source')
+    success_message = _('Successfully deleted Source')
    def get_object(self, queryset=None):
        return Source.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
    def delete(self, request, *args, **kwargs):
        messages.success(self.request, self.success_message)
        return super().delete(request, *args, **kwargs)
--- a/passbook/admin/views/users.py
+++ b/passbook/admin/views/users.py
@ -1,12 +1,15 @@
 """passbook User administration"""
 from django.contrib import messages
 from django.contrib.messages.views import SuccessMessageMixin
-from django.urls import reverse_lazy
+from django.shortcuts import get_object_or_404, redirect
 from django.urls import reverse, reverse_lazy
 from django.utils.translation import ugettext as _
 from django.views import View
 from django.views.generic import DeleteView, ListView, UpdateView
 from passbook.admin.mixins import AdminRequiredMixin
-from passbook.core.forms.user import UserDetailForm
+from passbook.core.forms.users import UserDetailForm
-from passbook.core.models import User
+from passbook.core.models import Nonce, User
 class UserListView(AdminRequiredMixin, ListView):
@ -31,6 +34,24 @@ class UserDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView):
    """Delete user"""
    model = User
-
+    template_name = 'generic/delete.html'
    success_url = reverse_lazy('passbook_admin:users')
-    success_message = _('Successfully updated User')
+    success_message = _('Successfully deleted User')
    def delete(self, request, *args, **kwargs):
        messages.success(self.request, self.success_message)
        return super().delete(request, *args, **kwargs)
 class UserPasswordResetView(AdminRequiredMixin, View):
    """Get Password reset link for user"""
    # pylint: disable=invalid-name
    def get(self, request, pk):
        """Create nonce for user and return link"""
        user = get_object_or_404(User, pk=pk)
        nonce = Nonce.objects.create(user=user)
        link = request.build_absolute_uri(reverse(
            'passbook_core:auth-password-reset', kwargs={'nonce': nonce.uuid}))
        messages.success(request, _('Password reset link: <pre>%(link)s</pre>' % {'link': link}))
        return redirect('passbook_admin:users')
--- a/passbook/api/init.py
+++ b/passbook/api/init.py
@ -1,2 +1,2 @@
 """passbook api"""
-__version__ = '0.0.1-alpha'
+__version__ = '0.0.12-alpha'
--- a/passbook/api/apps.py
+++ b/passbook/api/apps.py
@ -9,3 +9,4 @@ class PassbookAPIConfig(AppConfig):
    name = 'passbook.api'
    label = 'passbook_api'
    mountpoint = 'api/'
    verbose_name = 'passbook API'
--- a/passbook/api/requirements.txt
+++ b/passbook/api/requirements.txt
@ -0,0 +1,3 @@
 django-rest-framework
 drf_yasg
 django-filters
--- a/passbook/audit/init.py
+++ b/passbook/audit/init.py
@ -1,2 +1,2 @@
 """passbook audit Header"""
-__version__ = '0.0.2-alpha'
+__version__ = '0.0.12-alpha'
--- a/passbook/audit/migrations/0001_initial.py
+++ b/passbook/audit/migrations/0001_initial.py
@ -1,4 +1,4 @@
-# Generated by Django 2.1.3 on 2018-11-25 10:39
+# Generated by Django 2.1.7 on 2019-02-16 09:13
 import uuid
@ -20,13 +20,32 @@ class Migration(migrations.Migration):
            name='AuditEntry',
            fields=[
                ('uuid', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False)),
-                ('action', models.TextField()),
+                ('action', models.TextField(choices=[('login', 'login'), ('login_failed', 'login_failed'), ('logout', 'logout'), ('authorize_application', 'authorize_application'), ('suspicious_request', 'suspicious_request'), ('sign_up', 'sign_up'), ('password_reset', 'password_reset'), ('invitation_created', 'invitation_created'), ('invitation_used', 'invitation_used')])),
                ('date', models.DateTimeField(auto_now_add=True)),
                ('app', models.TextField()),
                ('_context', models.TextField()),
                ('request_ip', models.GenericIPAddressField()),
                ('created', models.DateTimeField(auto_now_add=True)),
                ('user', models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, to=settings.AUTH_USER_MODEL)),
            ],
            options={
-                'abstract': False,
+                'verbose_name': 'Audit Entry',
                'verbose_name_plural': 'Audit Entries',
            },
        ),
        migrations.CreateModel(
            name='LoginAttempt',
            fields=[
                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
                ('created', models.DateField(auto_now_add=True)),
                ('last_updated', models.DateTimeField(auto_now=True)),
                ('target_uid', models.CharField(max_length=254)),
                ('request_ip', models.GenericIPAddressField()),
                ('attempts', models.IntegerField(default=1)),
            ],
        ),
        migrations.AlterUniqueTogether(
            name='loginattempt',
            unique_together={('target_uid', 'request_ip', 'created')},
        ),
    ]
--- a/passbook/audit/migrations/0002_auto_20181210_1039.py
+++ b/passbook/audit/migrations/0002_auto_20181210_1039.py
@ -1,30 +0,0 @@
 # Generated by Django 2.1.4 on 2018-12-10 10:39
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('passbook_audit', '0001_initial'),
    ]
    operations = [
        migrations.AddField(
            model_name='auditentry',
            name='context',
            field=models.TextField(default=''),
            preserve_default=False,
        ),
        migrations.AddField(
            model_name='auditentry',
            name='request_ip',
            field=models.GenericIPAddressField(default=''),
            preserve_default=False,
        ),
        migrations.AlterField(
            model_name='auditentry',
            name='action',
            field=models.TextField(choices=[('login', 'login'), ('login_failed', 'login_failed'), ('logout', 'logout'), ('authorize_application', 'authorize_application'), ('suspicious_request', 'suspicious_request'), ('sign_up', 'sign_up'), ('password_reset', 'password_reset')]),
        ),
    ]
--- a/passbook/audit/migrations/0002_auto_20190221_1201.py
+++ b/passbook/audit/migrations/0002_auto_20190221_1201.py
@ -0,0 +1,18 @@
 # Generated by Django 2.1.7 on 2019-02-21 12:01
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('passbook_audit', '0001_initial'),
    ]
    operations = [
        migrations.AlterField(
            model_name='loginattempt',
            name='created',
            field=models.DateTimeField(auto_now_add=True),
        ),
    ]
--- a/passbook/audit/migrations/0003_auto_20181210_1213.py
+++ b/passbook/audit/migrations/0003_auto_20181210_1213.py
@ -1,27 +0,0 @@
 # Generated by Django 2.1.4 on 2018-12-10 12:13
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('passbook_audit', '0002_auto_20181210_1039'),
    ]
    operations = [
        migrations.AlterModelOptions(
            name='auditentry',
            options={'verbose_name': 'Audit Entry', 'verbose_name_plural': 'Audit Entries'},
        ),
        migrations.RenameField(
            model_name='auditentry',
            old_name='context',
            new_name='_context',
        ),
        migrations.AlterField(
            model_name='auditentry',
            name='action',
            field=models.TextField(choices=[('login', 'login'), ('login_failed', 'login_failed'), ('logout', 'logout'), ('authorize_application', 'authorize_application'), ('suspicious_request', 'suspicious_request'), ('sign_up', 'sign_up'), ('password_reset', 'password_reset'), ('invitation_used', 'invitation_used')]),
        ),
    ]
--- a/passbook/audit/migrations/0003_auto_20190221_1240.py
+++ b/passbook/audit/migrations/0003_auto_20190221_1240.py
@ -0,0 +1,23 @@
 # Generated by Django 2.1.7 on 2019-02-21 12:40
 import django.contrib.postgres.fields.jsonb
 from django.db import migrations
 class Migration(migrations.Migration):
    dependencies = [
        ('passbook_audit', '0002_auto_20190221_1201'),
    ]
    operations = [
        migrations.RemoveField(
            model_name='auditentry',
            name='_context',
        ),
        migrations.AddField(
            model_name='auditentry',
            name='context',
            field=django.contrib.postgres.fields.jsonb.JSONField(blank=True, default=dict),
        ),
    ]
--- a/passbook/audit/migrations/0004_auto_20181210_1348.py
+++ b/passbook/audit/migrations/0004_auto_20181210_1348.py
@ -1,18 +0,0 @@
 # Generated by Django 2.1.4 on 2018-12-10 13:48
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('passbook_audit', '0003_auto_20181210_1213'),
    ]
    operations = [
        migrations.AlterField(
            model_name='auditentry',
            name='action',
            field=models.TextField(choices=[('login', 'login'), ('login_failed', 'login_failed'), ('logout', 'logout'), ('authorize_application', 'authorize_application'), ('suspicious_request', 'suspicious_request'), ('sign_up', 'sign_up'), ('password_reset', 'password_reset'), ('invitation_created', 'invitation_created'), ('invitation_used', 'invitation_used')]),
        ),
    ]
--- a/passbook/audit/migrations/0005_auditentry_created.py
+++ b/passbook/audit/migrations/0005_auditentry_created.py
@ -1,20 +0,0 @@
 # Generated by Django 2.1.4 on 2018-12-11 15:00
 import django.utils.timezone
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('passbook_audit', '0004_auto_20181210_1348'),
    ]
    operations = [
        migrations.AddField(
            model_name='auditentry',
            name='created',
            field=models.DateTimeField(auto_now_add=True, default=django.utils.timezone.now),
            preserve_default=False,
        ),
    ]
--- a/passbook/audit/migrations/0006_auto_20181218_1252.py
+++ b/passbook/audit/migrations/0006_auto_20181218_1252.py
@ -1,28 +0,0 @@
 # Generated by Django 2.1.4 on 2018-12-18 12:52
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('passbook_audit', '0005_auditentry_created'),
    ]
    operations = [
        migrations.CreateModel(
            name='LoginAttempt',
            fields=[
                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
                ('created', models.DateField(auto_now_add=True)),
                ('last_updated', models.DateTimeField(auto_now=True)),
                ('target_uid', models.CharField(max_length=254)),
                ('request_ip', models.GenericIPAddressField()),
                ('attempts', models.IntegerField(default=1)),
            ],
        ),
        migrations.AlterUniqueTogether(
            name='loginattempt',
            unique_together={('target_uid', 'request_ip', 'created')},
        ),
    ]
--- a/passbook/audit/models.py
+++ b/passbook/audit/models.py
@ -1,22 +1,20 @@
 """passbook audit models"""
 from datetime import timedelta
 from json import dumps, loads
 from logging import getLogger
 from django.conf import settings
 from django.contrib.auth.models import AnonymousUser
 from django.contrib.postgres.fields import JSONField
 from django.core.exceptions import ValidationError
 from django.db import models
 from django.utils import timezone
 from django.utils.translation import gettext as _
 from ipware import get_client_ip
 from reversion import register
 from passbook.lib.models import CreatedUpdatedModel, UUIDModel
 LOGGER = getLogger(__name__)
@register()
 class AuditEntry(UUIDModel):
    """An individual audit log entry"""
@ -45,23 +43,18 @@ class AuditEntry(UUIDModel):
    action = models.TextField(choices=ACTIONS)
    date = models.DateTimeField(auto_now_add=True)
    app = models.TextField()
-    _context = models.TextField()
+    context = JSONField(default=dict, blank=True)
    _context_cache = None
    request_ip = models.GenericIPAddressField()
    created = models.DateTimeField(auto_now_add=True)
    @property
    def context(self):
        """Load context data and load json"""
        if not self._context_cache:
            self._context_cache = loads(self._context)
        return self._context_cache
    @staticmethod
    def create(action, request, **kwargs):
        """Create AuditEntry from arguments"""
        client_ip, _ = get_client_ip(request)
-        user = request.user
+        if not hasattr(request, 'user'):
            user = None
        else:
            user = request.user
        if isinstance(user, AnonymousUser):
            user = kwargs.get('user', None)
        entry = AuditEntry.objects.create(
@ -69,8 +62,8 @@ class AuditEntry(UUIDModel):
            user=user,
            # User 255.255.255.255 as fallback if IP cannot be determined
            request_ip=client_ip or '255.255.255.255',
-            _context=dumps(kwargs))
+            context=kwargs)
-        LOGGER.debug("Logged %s from %s (%s)", action, request.user, client_ip)
+        LOGGER.debug("Logged %s from %s (%s)", action, user, client_ip)
        return entry
    def save(self, *args, **kwargs):
@ -94,6 +87,8 @@ class LoginAttempt(CreatedUpdatedModel):
    @staticmethod
    def attempt(target_uid, request):
        """Helper function to create attempt or count up existing one"""
        if not target_uid:
            return
        client_ip, _ = get_client_ip(request)
        # Since we can only use 254 chars for target_uid, truncate target_uid.
        target_uid = target_uid[:254]
--- a/passbook/captcha_factor/init.py
+++ b/passbook/captcha_factor/init.py
@ -1,2 +1,2 @@
 """passbook captcha_factor Header"""
-__version__ = '0.0.2-alpha'
+__version__ = '0.0.12-alpha'
--- a/passbook/captcha_factor/forms.py
+++ b/passbook/captcha_factor/forms.py
@ -2,8 +2,25 @@
 from captcha.fields import ReCaptchaField
 from django import forms
 from passbook.captcha_factor.models import CaptchaFactor
 from passbook.core.forms.factors import GENERAL_FIELDS
 class CaptchaForm(forms.Form):
    """passbook captcha factor form"""
    captcha = ReCaptchaField()
 class CaptchaFactorForm(forms.ModelForm):
    """Form to edit CaptchaFactor Instance"""
    class Meta:
        model = CaptchaFactor
        fields = GENERAL_FIELDS + ['public_key', 'private_key']
        widgets = {
            'name': forms.TextInput(),
            'order': forms.NumberInput(),
            'public_key': forms.TextInput(),
            'private_key': forms.TextInput(),
        }
--- a/passbook/captcha_factor/migrations/0001_initial.py
+++ b/passbook/captcha_factor/migrations/0001_initial.py
@ -0,0 +1,29 @@
 # Generated by Django 2.1.7 on 2019-02-24 21:35
 import django.db.models.deletion
 from django.db import migrations, models
 class Migration(migrations.Migration):
    initial = True
    dependencies = [
        ('passbook_core', '0010_auto_20190224_1016'),
    ]
    operations = [
        migrations.CreateModel(
            name='CaptchaFactor',
            fields=[
                ('factor_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.Factor')),
                ('public_key', models.TextField()),
                ('private_key', models.TextField()),
            ],
            options={
                'verbose_name': 'Captcha Factor',
                'verbose_name_plural': 'Captcha Factors',
            },
            bases=('passbook_core.factor',),
        ),
    ]
--- a/passbook/captcha_factor/migrations/init.py
+++ b/passbook/captcha_factor/migrations/init.py
--- a/passbook/captcha_factor/models.py
+++ b/passbook/captcha_factor/models.py
@ -0,0 +1,23 @@
 """passbook captcha factor"""
 from django.db import models
 from django.utils.translation import gettext as _
 from passbook.core.models import Factor
 class CaptchaFactor(Factor):
    """Captcha Factor instance"""
    public_key = models.TextField()
    private_key = models.TextField()
    type = 'passbook.captcha_factor.factor.CaptchaFactor'
    form = 'passbook.captcha_factor.forms.CaptchaFactorForm'
    def __str__(self):
        return "Captcha Factor %s" % self.slug
    class Meta:
        verbose_name = _('Captcha Factor')
        verbose_name_plural = _('Captcha Factors')
--- a/passbook/core/init.py
+++ b/passbook/core/init.py
@ -1,2 +1,2 @@
 """passbook core"""
-__version__ = '0.0.2-alpha'
+__version__ = '0.0.12-alpha'
--- a/passbook/core/apps.py
+++ b/passbook/core/apps.py
@ -1,8 +1,12 @@
 """passbook core app config"""
 from importlib import import_module
 from logging import getLogger
 from django.apps import AppConfig
 from passbook.lib.config import CONFIG
 LOGGER = getLogger(__name__)
 class PassbookCoreConfig(AppConfig):
    """passbook core app config"""
@ -12,4 +16,11 @@ class PassbookCoreConfig(AppConfig):
    verbose_name = 'passbook Core'
    def ready(self):
-        import_module('passbook.core.rules')
+        import_module('passbook.core.policies')
        factors_to_load = CONFIG.y('passbook.factors', [])
        for factors_to_load in factors_to_load:
            try:
                import_module(factors_to_load)
                LOGGER.info("Loaded %s", factors_to_load)
            except ImportError as exc:
                LOGGER.debug(exc)
--- a/passbook/core/auth/factor.py
+++ b/passbook/core/auth/factor.py
@ -1,13 +1,9 @@
 """passbook multi-factor authentication engine"""
 from logging import getLogger
 from django.utils.translation import gettext as _
 from django.views.generic import TemplateView
 from passbook.lib.config import CONFIG
 LOGGER = getLogger(__name__)
 class AuthenticationFactor(TemplateView):
    """Abstract Authentication factor, inherits TemplateView but can be combined with FormView"""
@ -15,8 +11,9 @@ class AuthenticationFactor(TemplateView):
    form = None
    required = True
    authenticator = None
    pending_user = None
    request = None
-    template_name = 'login/form.html'
+    template_name = 'login/form_with_user.html'
    def __init__(self, authenticator):
        self.authenticator = authenticator
@ -26,4 +23,5 @@ class AuthenticationFactor(TemplateView):
        kwargs['is_login'] = True
        kwargs['title'] = _('Log in to your account')
        kwargs['primary_action'] = _('Log in')
        kwargs['user'] = self.pending_user
        return super().get_context_data(**kwargs)
--- a/passbook/core/auth/factors/init.py
+++ b/passbook/core/auth/factors/init.py
--- a/passbook/core/auth/factors/dummy.py
+++ b/passbook/core/auth/factors/dummy.py
--- a/passbook/core/auth/factors/password.py
+++ b/passbook/core/auth/factors/password.py
@ -1,26 +1,53 @@
 """passbook multi-factor authentication engine"""
 from logging import getLogger
 from django.contrib import messages
 from django.contrib.auth import authenticate
 from django.core.exceptions import PermissionDenied
 from django.forms.utils import ErrorList
 from django.shortcuts import redirect, reverse
 from django.utils.translation import gettext as _
 from django.views.generic import FormView
 from passbook.core.auth.factor import AuthenticationFactor
-from passbook.core.auth.mfa import MultiFactorAuthenticator
+from passbook.core.auth.view import AuthenticationView
-from passbook.core.forms.authentication import AuthenticationBackendFactorForm
+from passbook.core.forms.authentication import PasswordFactorForm
 from passbook.core.models import Nonce
 from passbook.core.tasks import send_email
 from passbook.lib.config import CONFIG
 LOGGER = getLogger(__name__)
-class AuthenticationBackendFactor(FormView, AuthenticationFactor):
+class PasswordFactor(FormView, AuthenticationFactor):
    """Authentication factor which authenticates against django's AuthBackend"""
-    form_class = AuthenticationBackendFactorForm
+    form_class = PasswordFactorForm
    template_name = 'login/factors/backend.html'
    def get_context_data(self, **kwargs):
        kwargs['show_password_forget_notice'] = CONFIG.y('passbook.password_reset.enabled')
        return super().get_context_data(**kwargs)
    def get(self, request, *args, **kwargs):
        if 'password-forgotten' in request.GET:
            nonce = Nonce.objects.create(user=self.pending_user)
            LOGGER.debug("DEBUG %s", str(nonce.uuid))
            # Send mail to user
            send_email.delay(self.pending_user.email, _('Forgotten password'),
                             'email/account_password_reset.html', {
                                 'url': self.request.build_absolute_uri(
                                     reverse('passbook_core:passbook_core:auth-password-reset',
                                             kwargs={
                                                 'nonce': nonce.uuid
                                             })
                                 )
                             })
            self.authenticator.cleanup()
            messages.success(request, _('Check your E-Mails for a password reset link.'))
            return redirect('passbook_core:auth-login')
        return super().get(request, *args, **kwargs)
    def form_valid(self, form):
        """Authenticate against django's authentication backend"""
        uid_fields = CONFIG.y('passbook.uid_fields')
@ -34,7 +61,7 @@ class AuthenticationBackendFactor(FormView, AuthenticationFactor):
            if user:
                # User instance returned from authenticate() has .backend property set
                self.authenticator.pending_user = user
-                self.request.session[MultiFactorAuthenticator.SESSION_USER_BACKEND] = user.backend
+                self.request.session[AuthenticationView.SESSION_USER_BACKEND] = user.backend
                return self.authenticator.user_ok()
            # No user was found -> invalid credentials
            LOGGER.debug("Invalid credentials")
--- a/passbook/core/auth/mfa.py
+++ b/passbook/core/auth/mfa.py
@ -1,119 +0,0 @@
 """passbook multi-factor authentication engine"""
 from logging import getLogger
 from django.conf import settings
 from django.contrib.auth import login
 from django.contrib.auth.mixins import UserPassesTestMixin
 from django.shortcuts import get_object_or_404, redirect, reverse
 from django.views.generic import View
 from passbook.core.models import User
 from passbook.core.views.utils import PermissionDeniedView
 from passbook.lib.utils.reflection import class_to_path, path_to_class
 LOGGER = getLogger(__name__)
 class MultiFactorAuthenticator(UserPassesTestMixin, View):
    """Wizard-like Multi-factor authenticator"""
    SESSION_FACTOR = 'passbook_factor'
    SESSION_PENDING_FACTORS = 'passbook_pending_factors'
    SESSION_PENDING_USER = 'passbook_pending_user'
    SESSION_USER_BACKEND = 'passbook_user_backend'
    pending_user = None
    pending_factors = []
    factors = settings.AUTHENTICATION_FACTORS.copy()
    _current_factor = None
    # Allow only not authenticated users to login
    def test_func(self):
        return self.request.user.is_authenticated is False
    def handle_no_permission(self):
        if 'next' in self.request.GET:
            return redirect(self.request.GET.get('next'))
        return redirect(reverse('passbook_core:overview'))
    def dispatch(self, request, *args, **kwargs):
        # Extract pending user from session (only remember uid)
        if MultiFactorAuthenticator.SESSION_PENDING_USER in request.session:
            self.pending_user = get_object_or_404(
                User, id=self.request.session[MultiFactorAuthenticator.SESSION_PENDING_USER])
        else:
            # No Pending user, redirect to login screen
            return redirect(reverse('passbook_core:auth-login'))
        # Write pending factors to session
        if MultiFactorAuthenticator.SESSION_PENDING_FACTORS in request.session:
            self.pending_factors = request.session[MultiFactorAuthenticator.SESSION_PENDING_FACTORS]
        else:
            self.pending_factors = self.factors.copy()
        # Read and instantiate factor from session
        factor_class = None
        if MultiFactorAuthenticator.SESSION_FACTOR not in request.session:
            factor_class = self.pending_factors[0]
        else:
            factor_class = request.session[MultiFactorAuthenticator.SESSION_FACTOR]
        factor = path_to_class(factor_class)
        self._current_factor = factor(self)
        self._current_factor.request = request
        return super().dispatch(request, *args, **kwargs)
    def get(self, request, *args, **kwargs):
        """pass get request to current factor"""
        LOGGER.debug("Passing GET to %s", class_to_path(self._current_factor.__class__))
        return self._current_factor.get(request, *args, **kwargs)
    def post(self, request, *args, **kwargs):
        """pass post request to current factor"""
        LOGGER.debug("Passing POST to %s", class_to_path(self._current_factor.__class__))
        return self._current_factor.post(request, *args, **kwargs)
    def user_ok(self):
        """Redirect to next Factor"""
        LOGGER.debug("Factor %s passed", class_to_path(self._current_factor.__class__))
        # Remove passed factor from pending factors
        if class_to_path(self._current_factor.__class__) in self.pending_factors:
            self.pending_factors.remove(class_to_path(self._current_factor.__class__))
        next_factor = None
        if self.pending_factors:
            next_factor = self.pending_factors.pop()
            self.request.session[MultiFactorAuthenticator.SESSION_PENDING_FACTORS] = \
                self.pending_factors
            self.request.session[MultiFactorAuthenticator.SESSION_FACTOR] = next_factor
            LOGGER.debug("Rendering Factor is %s", next_factor)
            return redirect(reverse('passbook_core:mfa'))
        # User passed all factors
        LOGGER.debug("User passed all factors, logging in")
        return self._user_passed()
    def user_invalid(self):
        """Show error message, user cannot login.
        This should only be shown if user authenticated successfully, but is disabled/locked/etc"""
        LOGGER.debug("User invalid")
        return redirect(reverse('passbook_core:mfa-denied'))
    def _user_passed(self):
        """User Successfully passed all factors"""
        # user = authenticate(request=self.request, )
        backend = self.request.session[MultiFactorAuthenticator.SESSION_USER_BACKEND]
        login(self.request, self.pending_user, backend=backend)
        LOGGER.debug("Logged in user %s", self.pending_user)
        # Cleanup
        self._cleanup()
        return redirect(reverse('passbook_core:overview'))
    def _cleanup(self):
        """Remove temporary data from session"""
        session_keys = ['SESSION_FACTOR', 'SESSION_PENDING_FACTORS',
                        'SESSION_PENDING_USER', 'SESSION_USER_BACKEND', ]
        for key in session_keys:
            if key in self.request.session:
                del self.request.session[key]
        LOGGER.debug("Cleaned up sessions")
 class MFAPermissionDeniedView(PermissionDeniedView):
    """User could not be authenticated"""
--- a/passbook/core/auth/view.py
+++ b/passbook/core/auth/view.py
@ -0,0 +1,147 @@
 """passbook multi-factor authentication engine"""
 from logging import getLogger
 from django.contrib.auth import login
 from django.contrib.auth.mixins import UserPassesTestMixin
 from django.shortcuts import get_object_or_404, redirect, reverse
 from django.utils.http import urlencode
 from django.views.generic import View
 from passbook.core.models import Factor, User
 from passbook.core.views.utils import PermissionDeniedView
 from passbook.lib.utils.reflection import class_to_path, path_to_class
 from passbook.lib.utils.urls import is_url_absolute
 LOGGER = getLogger(__name__)
 def _redirect_with_qs(view, get_query_set=None):
    """Wrapper to redirect whilst keeping GET Parameters"""
    target = reverse(view)
    if get_query_set:
        target += '?' + urlencode({key: value for key, value in get_query_set.items()})
    return redirect(target)
 class AuthenticationView(UserPassesTestMixin, View):
    """Wizard-like Multi-factor authenticator"""
    SESSION_FACTOR = 'passbook_factor'
    SESSION_PENDING_FACTORS = 'passbook_pending_factors'
    SESSION_PENDING_USER = 'passbook_pending_user'
    SESSION_USER_BACKEND = 'passbook_user_backend'
    pending_user = None
    pending_factors = []
    _current_factor_class = None
    current_factor = None
    # Allow only not authenticated users to login
    def test_func(self):
        return self.request.user.is_authenticated is False
    def handle_no_permission(self):
        # Function from UserPassesTestMixin
        if 'next' in self.request.GET:
            return redirect(self.request.GET.get('next'))
        return _redirect_with_qs('passbook_core:overview', self.request.GET)
    def dispatch(self, request, *args, **kwargs):
        # Extract pending user from session (only remember uid)
        if AuthenticationView.SESSION_PENDING_USER in request.session:
            self.pending_user = get_object_or_404(
                User, id=self.request.session[AuthenticationView.SESSION_PENDING_USER])
        else:
            # No Pending user, redirect to login screen
            return _redirect_with_qs('passbook_core:auth-login', request.GET)
        # Write pending factors to session
        if AuthenticationView.SESSION_PENDING_FACTORS in request.session:
            self.pending_factors = request.session[AuthenticationView.SESSION_PENDING_FACTORS]
        else:
            # Get an initial list of factors which are currently enabled
            # and apply to the current user. We check policies here and block the request
            _all_factors = Factor.objects.filter(enabled=True).order_by('order').select_subclasses()
            self.pending_factors = []
            for factor in _all_factors:
                if factor.passes(self.pending_user):
                    self.pending_factors.append((factor.uuid.hex, factor.type))
        # Read and instantiate factor from session
        factor_uuid, factor_class = None, None
        if AuthenticationView.SESSION_FACTOR not in request.session:
            # Case when no factors apply to user, return error denied
            if not self.pending_factors:
                return self.user_invalid()
            factor_uuid, factor_class = self.pending_factors[0]
        else:
            factor_uuid, factor_class = request.session[AuthenticationView.SESSION_FACTOR]
        # Lookup current factor object
        self.current_factor = Factor.objects.filter(uuid=factor_uuid).select_subclasses().first()
        # Instantiate Next Factor and pass request
        factor = path_to_class(factor_class)
        self._current_factor_class = factor(self)
        self._current_factor_class.pending_user = self.pending_user
        self._current_factor_class.request = request
        return super().dispatch(request, *args, **kwargs)
    def get(self, request, *args, **kwargs):
        """pass get request to current factor"""
        LOGGER.debug("Passing GET to %s", class_to_path(self._current_factor_class.__class__))
        return self._current_factor_class.get(request, *args, **kwargs)
    def post(self, request, *args, **kwargs):
        """pass post request to current factor"""
        LOGGER.debug("Passing POST to %s", class_to_path(self._current_factor_class.__class__))
        return self._current_factor_class.post(request, *args, **kwargs)
    def user_ok(self):
        """Redirect to next Factor"""
        LOGGER.debug("Factor %s passed", class_to_path(self._current_factor_class.__class__))
        # Remove passed factor from pending factors
        current_factor_tuple = (self.current_factor.uuid.hex,
                                class_to_path(self._current_factor_class.__class__))
        if current_factor_tuple in self.pending_factors:
            self.pending_factors.remove(current_factor_tuple)
        next_factor = None
        if self.pending_factors:
            next_factor = self.pending_factors.pop()
            self.request.session[AuthenticationView.SESSION_PENDING_FACTORS] = \
                self.pending_factors
            self.request.session[AuthenticationView.SESSION_FACTOR] = next_factor
            LOGGER.debug("Rendering Factor is %s", next_factor)
            # return _redirect_with_qs('passbook_core:auth-process', kwargs={'factor': next_factor})
            return _redirect_with_qs('passbook_core:auth-process', self.request.GET)
        # User passed all factors
        LOGGER.debug("User passed all factors, logging in")
        return self._user_passed()
    def user_invalid(self):
        """Show error message, user cannot login.
        This should only be shown if user authenticated successfully, but is disabled/locked/etc"""
        LOGGER.debug("User invalid")
        self.cleanup()
        return _redirect_with_qs('passbook_core:auth-denied', self.request.GET)
    def _user_passed(self):
        """User Successfully passed all factors"""
        # user = authenticate(request=self.request, )
        backend = self.request.session[AuthenticationView.SESSION_USER_BACKEND]
        login(self.request, self.pending_user, backend=backend)
        LOGGER.debug("Logged in user %s", self.pending_user)
        # Cleanup
        self.cleanup()
        next_param = self.request.GET.get('next', None)
        if next_param and not is_url_absolute(next_param):
            return redirect(next_param)
        return _redirect_with_qs('passbook_core:overview')
    def cleanup(self):
        """Remove temporary data from session"""
        session_keys = [self.SESSION_FACTOR, self.SESSION_PENDING_FACTORS,
                        self.SESSION_PENDING_USER, self.SESSION_USER_BACKEND, ]
        for key in session_keys:
            if key in self.request.session:
                del self.request.session[key]
        LOGGER.debug("Cleaned up sessions")
 class FactorPermissionDeniedView(PermissionDeniedView):
    """User could not be authenticated"""
--- a/passbook/core/celery.py
+++ b/passbook/core/celery.py
@ -4,14 +4,11 @@ import logging
 import os
 import celery
 # import pymysql
 from django.conf import settings
 # from raven import Client
 # from raven.contrib.celery import register_logger_signal, register_signal
 # pymysql.install_as_MySQLdb()
 # set the default Django settings module for the 'celery' program.
 os.environ.setdefault("DJANGO_SETTINGS_MODULE", "passbook.core.settings")
--- a/passbook/core/exceptions.py
+++ b/passbook/core/exceptions.py
@ -0,0 +1,10 @@
 """passbook core exceptions"""
 class PasswordPolicyInvalid(Exception):
    """Exception raised when a Password Policy fails"""
    messages = []
    def __init__(self, *messages):
        super().__init__()
        self.messages = messages
--- a/passbook/core/forms/applications.py
+++ b/passbook/core/forms/applications.py
@ -1,5 +1,6 @@
 """passbook Core Application forms"""
 from django import forms
 from django.utils.translation import gettext_lazy as _
 from passbook.core.models import Application, Provider
@ -7,15 +8,20 @@ from passbook.core.models import Application, Provider
 class ApplicationForm(forms.ModelForm):
    """Application Form"""
-    provider = forms.ModelChoiceField(queryset=Provider.objects.all().select_subclasses())
+    provider = forms.ModelChoiceField(queryset=Provider.objects.all().select_subclasses(),
                                      required=False)
    class Meta:
        model = Application
        fields = ['name', 'slug', 'launch_url', 'icon_url',
-                  'rules', 'provider', 'skip_authorization']
+                  'policies', 'provider', 'skip_authorization']
        widgets = {
            'name': forms.TextInput(),
            'launch_url': forms.TextInput(),
            'icon_url': forms.TextInput(),
        }
        labels = {
            'launch_url': _('Launch URL'),
            'icon_url': _('Icon URL'),
        }
--- a/passbook/core/forms/authentication.py
+++ b/passbook/core/forms/authentication.py
@ -8,6 +8,7 @@ from django.utils.translation import gettext_lazy as _
 from passbook.core.models import User
 from passbook.lib.config import CONFIG
 from passbook.lib.utils.ui import human_list
 LOGGER = getLogger(__name__)
@ -15,19 +16,23 @@ class LoginForm(forms.Form):
    """Allow users to login"""
    title = _('Log in to your account')
-    uid_field = forms.CharField(widget=forms.TextInput(attrs={'placeholder': _('UID')}))
+    uid_field = forms.CharField()
    remember_me = forms.BooleanField(required=False)
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        if CONFIG.y('passbook.uid_fields') == ['e-mail']:
            self.fields['uid_field'] = forms.EmailField()
        self.fields['uid_field'].widget.attrs = {
            'placeholder': _(human_list([x.title() for x in CONFIG.y('passbook.uid_fields')]))
        }
    def clean_uid_field(self):
        """Validate uid_field after EmailValidator if 'email' is the only selected uid_fields"""
        if CONFIG.y('passbook.uid_fields') == ['email']:
            validate_email(self.cleaned_data.get('uid_field'))
        return self.cleaned_data.get('uid_field')
 class AuthenticationBackendFactorForm(forms.Form):
    """Password authentication form"""
    password = forms.CharField(widget=forms.PasswordInput(attrs={'placeholder': _('Password')}))
 class SignUpForm(forms.Form):
    """SignUp Form"""
@ -74,6 +79,19 @@ class SignUpForm(forms.Form):
    def clean_password_repeat(self):
        """Check if Password adheres to filter and if passwords matche"""
        password = self.cleaned_data.get('password')
        password_repeat = self.cleaned_data.get('password_repeat')
        if password != password_repeat:
            raise ValidationError(_("Passwords don't match"))
        # TODO: Password policy? Via Plugin? via Policy?
        # return check_password(self)
        return self.cleaned_data.get('password_repeat')
 class PasswordFactorForm(forms.Form):
    """Password authentication form"""
    password = forms.CharField(widget=forms.PasswordInput(attrs={
        'placeholder': _('Password'),
        'autofocus': 'autofocus'
        }))
--- a/passbook/core/forms/factors.py
+++ b/passbook/core/forms/factors.py
@ -0,0 +1,30 @@
 """passbook administration forms"""
 from django import forms
 from passbook.core.models import DummyFactor, PasswordFactor
 GENERAL_FIELDS = ['name', 'slug', 'order', 'policies', 'enabled']
 class PasswordFactorForm(forms.ModelForm):
    """Form to create/edit Password Factors"""
    class Meta:
        model = PasswordFactor
        fields = GENERAL_FIELDS + ['backends', 'password_policies']
        widgets = {
            'name': forms.TextInput(),
            'order': forms.NumberInput(),
        }
 class DummyFactorForm(forms.ModelForm):
    """Form to create/edit Dummy Factor"""
    class Meta:
        model = DummyFactor
        fields = GENERAL_FIELDS
        widgets = {
            'name': forms.TextInput(),
            'order': forms.NumberInput(),
        }
--- a/passbook/core/forms/invitations.py
+++ b/passbook/core/forms/invitations.py
@ -27,7 +27,7 @@ class InvitationForm(forms.ModelForm):
    class Meta:
        model = Invitation
-        fields = ['expires', 'fixed_username', 'fixed_email']
+        fields = ['expires', 'fixed_username', 'fixed_email', 'needs_confirmation']
        labels = {
            'fixed_username': "Force user's username (optional)",
            'fixed_email': "Force user's email (optional)",
--- a/passbook/core/forms/policies.py
+++ b/passbook/core/forms/policies.py
@ -0,0 +1,75 @@
 """passbook Policy forms"""
 from django import forms
 from django.utils.translation import gettext as _
 from passbook.core.models import (DebugPolicy, FieldMatcherPolicy,
                                  PasswordPolicy, WebhookPolicy)
 GENERAL_FIELDS = ['name', 'action', 'negate', 'order', ]
 class FieldMatcherPolicyForm(forms.ModelForm):
    """FieldMatcherPolicy Form"""
    class Meta:
        model = FieldMatcherPolicy
        fields = GENERAL_FIELDS + ['user_field', 'match_action', 'value', ]
        widgets = {
            'name': forms.TextInput(),
            'value': forms.TextInput(),
        }
 class WebhookPolicyForm(forms.ModelForm):
    """WebhookPolicyForm Form"""
    class Meta:
        model = WebhookPolicy
        fields = GENERAL_FIELDS + ['url', 'method', 'json_body', 'json_headers',
                                   'result_jsonpath', 'result_json_value', ]
        widgets = {
            'name': forms.TextInput(),
            'json_body': forms.TextInput(),
            'json_headers': forms.TextInput(),
            'result_jsonpath': forms.TextInput(),
            'result_json_value': forms.TextInput(),
        }
 class DebugPolicyForm(forms.ModelForm):
    """DebugPolicyForm Form"""
    class Meta:
        model = DebugPolicy
        fields = GENERAL_FIELDS + ['result', 'wait_min', 'wait_max']
        widgets = {
            'name': forms.TextInput(),
        }
        labels = {
            'result': _('Allow user')
        }
 class PasswordPolicyForm(forms.ModelForm):
    """PasswordPolicy Form"""
    class Meta:
        model = PasswordPolicy
        fields = GENERAL_FIELDS + ['amount_uppercase', 'amount_lowercase',
                                   'amount_symbols', 'length_min', 'symbol_charset',
                                   'error_message']
        widgets = {
            'name': forms.TextInput(),
            'symbol_charset': forms.TextInput(),
            'error_message': forms.TextInput(),
        }
        labels = {
            'amount_uppercase': _('Minimum amount of Uppercase Characters'),
            'amount_lowercase': _('Minimum amount of Lowercase Characters'),
            'amount_symbols': _('Minimum amount of Symbols Characters'),
            'length_min': _('Minimum Length'),
        }
--- a/passbook/core/forms/rules.py
+++ b/passbook/core/forms/rules.py
@ -1,52 +0,0 @@
 """passbook rule forms"""
 from django import forms
 from django.utils.translation import gettext as _
 from passbook.core.models import DebugRule, FieldMatcherRule, WebhookRule
 GENERAL_FIELDS = ['name', 'action', 'negate', 'order', ]
 class FieldMatcherRuleForm(forms.ModelForm):
    """FieldMatcherRule Form"""
    class Meta:
        model = FieldMatcherRule
        fields = GENERAL_FIELDS + ['user_field', 'match_action', 'value', ]
        widgets = {
            'name': forms.TextInput(),
            'value': forms.TextInput(),
        }
 class WebhookRuleForm(forms.ModelForm):
    """WebhookRuleForm Form"""
    class Meta:
        model = WebhookRule
        fields = GENERAL_FIELDS + ['url', 'method', 'json_body', 'json_headers',
                                   'result_jsonpath', 'result_json_value', ]
        widgets = {
            'name': forms.TextInput(),
            'json_body': forms.TextInput(),
            'json_headers': forms.TextInput(),
            'result_jsonpath': forms.TextInput(),
            'result_json_value': forms.TextInput(),
        }
 class DebugRuleForm(forms.ModelForm):
    """DebugRuleForm Form"""
    class Meta:
        model = DebugRule
        fields = GENERAL_FIELDS + ['result', 'wait_min', 'wait_max']
        widgets = {
            'name': forms.TextInput(),
        }
        labels = {
            'result': _('Allow user')
        }
--- a/passbook/core/forms/user.py
+++ b/passbook/core/forms/user.py
@ -1,14 +0,0 @@
 """passbook core user forms"""
 from django import forms
 from passbook.core.models import User
 class UserDetailForm(forms.ModelForm):
    """Update User Details"""
    class Meta:
        model = User
        fields = ['username', 'first_name', 'last_name', 'email']
--- a/passbook/core/forms/users.py
+++ b/passbook/core/forms/users.py
@ -0,0 +1,35 @@
 """passbook core user forms"""
 from django import forms
 from django.forms import ValidationError
 from django.utils.translation import gettext_lazy as _
 from passbook.core.models import User
 class UserDetailForm(forms.ModelForm):
    """Update User Details"""
    class Meta:
        model = User
        fields = ['username', 'first_name', 'last_name', 'email']
 class PasswordChangeForm(forms.Form):
    """Form to update password"""
    password = forms.CharField(label=_('Password'),
                               widget=forms.PasswordInput(attrs={'placeholder': _('New Password')}))
    password_repeat = forms.CharField(label=_('Repeat Password'),
                                      widget=forms.PasswordInput(attrs={
                                          'placeholder': _('Repeat Password')
                                      }))
    def clean_password_repeat(self):
        """Check if Password adheres to filter and if passwords matche"""
        password = self.cleaned_data.get('password')
        password_repeat = self.cleaned_data.get('password_repeat')
        if password != password_repeat:
            raise ValidationError(_("Passwords don't match"))
        # TODO: Password policy check
        return self.cleaned_data.get('password_repeat')
--- a/passbook/core/management/commands/nexus_upload.py
+++ b/passbook/core/management/commands/nexus_upload.py
@ -0,0 +1,63 @@
 """passbook nexus_upload management command"""
 from base64 import b64decode
 import requests
 from django.core.management.base import BaseCommand
 class Command(BaseCommand):
    """Upload debian package to nexus repository"""
    url = None
    user = None
    password = None
    def add_arguments(self, parser):
        parser.add_argument(
            '--repo',
            action='store',
            help='Repository to upload to',
            required=True)
        parser.add_argument(
            '--url',
            action='store',
            help='Nexus root URL',
            required=True)
        parser.add_argument(
            '--auth',
            action='store',
            help='base64-encoded string of username:password',
            required=True)
        parser.add_argument(
            '--method',
            action='store',
            nargs='?',
            const='post',
            choices=['post', 'put'],
            help=('Method used for uploading files to nexus. '
                  'Apt repositories use post, Helm uses put.'),
            required=True)
        # Positional arguments
        parser.add_argument('file', nargs='+', type=str)
    def handle(self, *args, **options):
        """Upload debian package to nexus repository"""
        auth = tuple(b64decode(options.get('auth')).decode('utf-8').split(':', 1))
        responses = {}
        url = 'https://%(url)s/repository/%(repo)s/' % options
        method = options.get('method')
        exit_code = 0
        for file in options.get('file'):
            if method == 'post':
                responses[file] = requests.post(url, data=open(file, mode='rb'), auth=auth)
            else:
                responses[file] = requests.put(url+file, data=open(file, mode='rb'), auth=auth)
        self.stdout.write('Upload results:\n')
        sep = '-' * 60
        self.stdout.write('%s\n' % sep)
        for path, response in responses.items():
            self.stdout.write('%-55s: %d\n' % (path, response.status_code))
            if response.status_code >= 400:
                exit_code = 1
        self.stdout.write('%s\n' % sep)
        exit(exit_code)
--- a/passbook/core/migrations/0001_initial.py
+++ b/passbook/core/migrations/0001_initial.py
@ -1,12 +1,13 @@
-# Generated by Django 2.1.5 on 2019-02-08 10:42
+# Generated by Django 2.1.7 on 2019-02-16 09:10
 import uuid
 from django.conf import settings
 import django.contrib.auth.models
 import django.contrib.auth.validators
 from django.db import migrations, models
 import django.db.models.deletion
 import django.utils.timezone
-import uuid
+from django.conf import settings
 from django.db import migrations, models
 class Migration(migrations.Migration):
@ -67,13 +68,7 @@ class Migration(migrations.Migration):
            },
        ),
        migrations.CreateModel(
-            name='Provider',
+            name='Policy',
            fields=[
                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
            ],
        ),
        migrations.CreateModel(
            name='Rule',
            fields=[
                ('created', models.DateField(auto_now_add=True)),
                ('last_updated', models.DateTimeField(auto_now=True)),
@ -88,7 +83,7 @@ class Migration(migrations.Migration):
            },
        ),
        migrations.CreateModel(
-            name='RuleModel',
+            name='PolicyModel',
            fields=[
                ('created', models.DateField(auto_now_add=True)),
                ('last_updated', models.DateTimeField(auto_now=True)),
@ -98,6 +93,12 @@ class Migration(migrations.Migration):
                'abstract': False,
            },
        ),
        migrations.CreateModel(
            name='Provider',
            fields=[
                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
            ],
        ),
        migrations.CreateModel(
            name='UserSourceConnection',
            fields=[
@ -110,51 +111,82 @@ class Migration(migrations.Migration):
        migrations.CreateModel(
            name='Application',
            fields=[
-                ('rulemodel_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.RuleModel')),
+                ('policymodel_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.PolicyModel')),
                ('name', models.TextField()),
                ('slug', models.SlugField()),
                ('launch_url', models.URLField(blank=True, null=True)),
                ('icon_url', models.TextField(blank=True, null=True)),
                ('skip_authorization', models.BooleanField(default=False)),
-                ('provider', models.OneToOneField(default=None, null=True, on_delete=django.db.models.deletion.SET_DEFAULT, to='passbook_core.Provider')),
+                ('provider', models.OneToOneField(blank=True, default=None, null=True, on_delete=django.db.models.deletion.SET_DEFAULT, to='passbook_core.Provider')),
            ],
            options={
                'abstract': False,
            },
-            bases=('passbook_core.rulemodel',),
+            bases=('passbook_core.policymodel',),
        ),
        migrations.CreateModel(
-            name='DebugRule',
+            name='DebugPolicy',
            fields=[
-                ('rule_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.Rule')),
+                ('policy_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.Policy')),
                ('result', models.BooleanField(default=False)),
                ('wait_min', models.IntegerField(default=5)),
                ('wait_max', models.IntegerField(default=30)),
            ],
            options={
-                'verbose_name': 'Debug Rule',
+                'verbose_name': 'Debug Policy',
-                'verbose_name_plural': 'Debug Rules',
+                'verbose_name_plural': 'Debug Policys',
            },
-            bases=('passbook_core.rule',),
+            bases=('passbook_core.policy',),
        ),
        migrations.CreateModel(
-            name='FieldMatcherRule',
+            name='Factor',
            fields=[
-                ('rule_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.Rule')),
+                ('policymodel_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.PolicyModel')),
-                ('user_field', models.TextField(choices=[('username', 'username'), ('first_name', 'first_name'), ('last_name', 'last_name'), ('email', 'email'), ('is_staff', 'is_staff'), ('is_active', 'is_active'), ('data_joined', 'data_joined')])),
+                ('name', models.TextField()),
                ('slug', models.SlugField(unique=True)),
                ('order', models.IntegerField()),
                ('type', models.TextField(unique=True)),
                ('enabled', models.BooleanField(default=True)),
            ],
            options={
                'abstract': False,
            },
            bases=('passbook_core.policymodel',),
        ),
        migrations.CreateModel(
            name='FieldMatcherPolicy',
            fields=[
                ('policy_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.Policy')),
                ('user_field', models.TextField(choices=[('username', 'Username'), ('first_name', 'First Name'), ('last_name', 'Last Name'), ('email', 'E-Mail'), ('is_staff', 'Is staff'), ('is_active', 'Is active'), ('data_joined', 'Date joined')])),
                ('match_action', models.CharField(choices=[('startswith', 'Starts with'), ('endswith', 'Ends with'), ('endswith', 'Contains'), ('regexp', 'Regexp'), ('exact', 'Exact')], max_length=50)),
                ('value', models.TextField()),
            ],
            options={
-                'verbose_name': 'Field matcher Rule',
+                'verbose_name': 'Field matcher Policy',
-                'verbose_name_plural': 'Field matcher Rules',
+                'verbose_name_plural': 'Field matcher Policys',
            },
-            bases=('passbook_core.rule',),
+            bases=('passbook_core.policy',),
        ),
        migrations.CreateModel(
            name='PasswordPolicyPolicy',
            fields=[
                ('policy_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.Policy')),
                ('amount_uppercase', models.IntegerField(default=0)),
                ('amount_lowercase', models.IntegerField(default=0)),
                ('amount_symbols', models.IntegerField(default=0)),
                ('length_min', models.IntegerField(default=0)),
                ('symbol_charset', models.TextField(default='!\\"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~ ')),
            ],
            options={
                'verbose_name': 'Password Policy Policy',
                'verbose_name_plural': 'Password Policy Policys',
            },
            bases=('passbook_core.policy',),
        ),
        migrations.CreateModel(
            name='Source',
            fields=[
-                ('rulemodel_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.RuleModel')),
+                ('policymodel_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.PolicyModel')),
                ('name', models.TextField()),
                ('slug', models.SlugField()),
                ('enabled', models.BooleanField(default=True)),
@ -162,12 +194,12 @@ class Migration(migrations.Migration):
            options={
                'abstract': False,
            },
-            bases=('passbook_core.rulemodel',),
+            bases=('passbook_core.policymodel',),
        ),
        migrations.CreateModel(
-            name='WebhookRule',
+            name='WebhookPolicy',
            fields=[
-                ('rule_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.Rule')),
+                ('policy_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.Policy')),
                ('url', models.URLField()),
                ('method', models.CharField(choices=[('GET', 'GET'), ('POST', 'POST'), ('PATCH', 'PATCH'), ('DELETE', 'DELETE'), ('PUT', 'PUT')], max_length=10)),
                ('json_body', models.TextField()),
@ -176,15 +208,15 @@ class Migration(migrations.Migration):
                ('result_json_value', models.TextField()),
            ],
            options={
-                'verbose_name': 'Webhook Rule',
+                'verbose_name': 'Webhook Policy',
-                'verbose_name_plural': 'Webhook Rules',
+                'verbose_name_plural': 'Webhook Policys',
            },
-            bases=('passbook_core.rule',),
+            bases=('passbook_core.policy',),
        ),
        migrations.AddField(
-            model_name='rulemodel',
+            model_name='policymodel',
-            name='rules',
+            name='policies',
-            field=models.ManyToManyField(blank=True, to='passbook_core.Rule'),
+            field=models.ManyToManyField(blank=True, to='passbook_core.Policy'),
        ),
        migrations.AddField(
            model_name='user',
--- a/passbook/core/migrations/0002_auto_20190216_1002.py
+++ b/passbook/core/migrations/0002_auto_20190216_1002.py
@ -0,0 +1,29 @@
 # Generated by Django 2.1.7 on 2019-02-16 10:02
 from django.db import migrations
 class Migration(migrations.Migration):
    dependencies = [
        ('passbook_core', '0001_initial'),
    ]
    operations = [
        migrations.AlterModelOptions(
            name='debugpolicy',
            options={'verbose_name': 'Debug Policy', 'verbose_name_plural': 'Debug Policies'},
        ),
        migrations.AlterModelOptions(
            name='fieldmatcherpolicy',
            options={'verbose_name': 'Field matcher Policy', 'verbose_name_plural': 'Field matcher Policies'},
        ),
        migrations.AlterModelOptions(
            name='passwordpolicypolicy',
            options={'verbose_name': 'Password Policy Policy', 'verbose_name_plural': 'Password Policy Policies'},
        ),
        migrations.AlterModelOptions(
            name='webhookpolicy',
            options={'verbose_name': 'Webhook Policy', 'verbose_name_plural': 'Webhook Policies'},
        ),
    ]
--- a/passbook/core/migrations/0003_auto_20190216_1004.py
+++ b/passbook/core/migrations/0003_auto_20190216_1004.py
@ -0,0 +1,17 @@
 # Generated by Django 2.1.7 on 2019-02-16 10:04
 from django.db import migrations
 class Migration(migrations.Migration):
    dependencies = [
        ('passbook_core', '0002_auto_20190216_1002'),
    ]
    operations = [
        migrations.RenameModel(
            old_name='PasswordPolicyPolicy',
            new_name='PasswordPolicy',
        ),
    ]
--- a/passbook/core/migrations/0004_auto_20190216_1013.py
+++ b/passbook/core/migrations/0004_auto_20190216_1013.py
@ -0,0 +1,17 @@
 # Generated by Django 2.1.7 on 2019-02-16 10:13
 from django.db import migrations
 class Migration(migrations.Migration):
    dependencies = [
        ('passbook_core', '0003_auto_20190216_1004'),
    ]
    operations = [
        migrations.AlterModelOptions(
            name='passwordpolicy',
            options={'verbose_name': 'Password Policy', 'verbose_name_plural': 'Password Policies'},
        ),
    ]
--- a/passbook/core/migrations/0005_auto_20190221_1201.py
+++ b/passbook/core/migrations/0005_auto_20190221_1201.py
@ -0,0 +1,28 @@
 # Generated by Django 2.1.7 on 2019-02-21 12:01
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('passbook_core', '0004_auto_20190216_1013'),
    ]
    operations = [
        migrations.AlterField(
            model_name='policy',
            name='created',
            field=models.DateTimeField(auto_now_add=True),
        ),
        migrations.AlterField(
            model_name='policymodel',
            name='created',
            field=models.DateTimeField(auto_now_add=True),
        ),
        migrations.AlterField(
            model_name='usersourceconnection',
            name='created',
            field=models.DateTimeField(auto_now_add=True),
        ),
    ]
--- a/passbook/core/migrations/0006_factor_arguments.py
+++ b/passbook/core/migrations/0006_factor_arguments.py
@ -0,0 +1,19 @@
 # Generated by Django 2.1.7 on 2019-02-21 12:32
 import django.contrib.postgres.fields.jsonb
 from django.db import migrations
 class Migration(migrations.Migration):
    dependencies = [
        ('passbook_core', '0005_auto_20190221_1201'),
    ]
    operations = [
        migrations.AddField(
            model_name='factor',
            name='arguments',
            field=django.contrib.postgres.fields.jsonb.JSONField(default=dict),
        ),
    ]
--- a/passbook/core/migrations/0007_auto_20190221_1233.py
+++ b/passbook/core/migrations/0007_auto_20190221_1233.py
@ -0,0 +1,19 @@
 # Generated by Django 2.1.7 on 2019-02-21 12:33
 import django.contrib.postgres.fields.jsonb
 from django.db import migrations
 class Migration(migrations.Migration):
    dependencies = [
        ('passbook_core', '0006_factor_arguments'),
    ]
    operations = [
        migrations.AlterField(
            model_name='factor',
            name='arguments',
            field=django.contrib.postgres.fields.jsonb.JSONField(blank=True, default=dict),
        ),
    ]
--- a/passbook/core/migrations/0008_auto_20190221_1516.py
+++ b/passbook/core/migrations/0008_auto_20190221_1516.py
@ -0,0 +1,18 @@
 # Generated by Django 2.1.7 on 2019-02-21 15:16
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('passbook_core', '0007_auto_20190221_1233'),
    ]
    operations = [
        migrations.AlterField(
            model_name='fieldmatcherpolicy',
            name='match_action',
            field=models.CharField(choices=[('startswith', 'Starts with'), ('endswith', 'Ends with'), ('contains', 'Contains'), ('regexp', 'Regexp'), ('exact', 'Exact')], max_length=50),
        ),
    ]
--- a/passbook/core/migrations/0009_auto_20190224_0950.py
+++ b/passbook/core/migrations/0009_auto_20190224_0950.py
@ -0,0 +1,44 @@
 # Generated by Django 2.1.7 on 2019-02-24 09:50
 import django.contrib.postgres.fields
 import django.db.models.deletion
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('passbook_core', '0008_auto_20190221_1516'),
    ]
    operations = [
        migrations.CreateModel(
            name='DummyFactor',
            fields=[
                ('factor_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.Factor')),
            ],
            options={
                'abstract': False,
            },
            bases=('passbook_core.factor',),
        ),
        migrations.CreateModel(
            name='PasswordFactor',
            fields=[
                ('factor_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.Factor')),
                ('backends', django.contrib.postgres.fields.ArrayField(base_field=models.TextField(), size=None)),
            ],
            options={
                'abstract': False,
            },
            bases=('passbook_core.factor',),
        ),
        migrations.RemoveField(
            model_name='factor',
            name='arguments',
        ),
        migrations.RemoveField(
            model_name='factor',
            name='type',
        ),
    ]
--- a/passbook/core/migrations/0010_auto_20190224_1016.py
+++ b/passbook/core/migrations/0010_auto_20190224_1016.py
@ -0,0 +1,21 @@
 # Generated by Django 2.1.7 on 2019-02-24 10:16
 from django.db import migrations
 class Migration(migrations.Migration):
    dependencies = [
        ('passbook_core', '0009_auto_20190224_0950'),
    ]
    operations = [
        migrations.AlterModelOptions(
            name='dummyfactor',
            options={'verbose_name': 'Dummy Factor', 'verbose_name_plural': 'Dummy Factors'},
        ),
        migrations.AlterModelOptions(
            name='passwordfactor',
            options={'verbose_name': 'Password Factor', 'verbose_name_plural': 'Password Factors'},
        ),
    ]
--- a/passbook/core/migrations/0011_auto_20190225_1438.py
+++ b/passbook/core/migrations/0011_auto_20190225_1438.py
@ -0,0 +1,25 @@
 # Generated by Django 2.1.7 on 2019-02-25 14:38
 import django.utils.timezone
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('passbook_core', '0010_auto_20190224_1016'),
    ]
    operations = [
        migrations.AddField(
            model_name='passwordfactor',
            name='password_policies',
            field=models.ManyToManyField(blank=True, to='passbook_core.Policy'),
        ),
        migrations.AddField(
            model_name='user',
            name='password_change_date',
            field=models.DateTimeField(auto_now_add=True, default=django.utils.timezone.now),
            preserve_default=False,
        ),
    ]
--- a/passbook/core/migrations/0012_nonce.py
+++ b/passbook/core/migrations/0012_nonce.py
@ -0,0 +1,31 @@
 # Generated by Django 2.1.7 on 2019-02-25 19:12
 import uuid
 import django.db.models.deletion
 from django.conf import settings
 from django.db import migrations, models
 import passbook.core.models
 class Migration(migrations.Migration):
    dependencies = [
        ('passbook_core', '0011_auto_20190225_1438'),
    ]
    operations = [
        migrations.CreateModel(
            name='Nonce',
            fields=[
                ('uuid', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False)),
                ('expires', models.DateTimeField(default=passbook.core.models.default_nonce_duration)),
                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
            ],
            options={
                'verbose_name': 'Nonce',
                'verbose_name_plural': 'Nonces',
            },
        ),
    ]
--- a/passbook/core/migrations/0013_invitation_needs_confirmation.py
+++ b/passbook/core/migrations/0013_invitation_needs_confirmation.py
@ -0,0 +1,18 @@
 # Generated by Django 2.1.7 on 2019-02-25 19:57
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('passbook_core', '0012_nonce'),
    ]
    operations = [
        migrations.AddField(
            model_name='invitation',
            name='needs_confirmation',
            field=models.BooleanField(default=True),
        ),
    ]
--- a/passbook/core/migrations/0014_auto_20190226_0850.py
+++ b/passbook/core/migrations/0014_auto_20190226_0850.py
@ -0,0 +1,25 @@
 # Generated by Django 2.1.7 on 2019-02-26 08:50
 from django.db import migrations
 def create_initial_factor(apps, schema_editor):
    """Create initial PasswordFactor if none exists"""
    PasswordFactor = apps.get_model("passbook_core", "PasswordFactor")
    if not PasswordFactor.objects.exists():
        PasswordFactor.objects.create(
            name='password',
            slug='password',
            order=0,
            backends=[]
        )
 class Migration(migrations.Migration):
    dependencies = [
        ('passbook_core', '0013_invitation_needs_confirmation'),
    ]
    operations = [
        migrations.RunPython(create_initial_factor)
    ]
--- a/passbook/core/migrations/0015_passwordpolicy_error_message.py
+++ b/passbook/core/migrations/0015_passwordpolicy_error_message.py
@ -0,0 +1,19 @@
 # Generated by Django 2.1.7 on 2019-02-26 14:28
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('passbook_core', '0014_auto_20190226_0850'),
    ]
    operations = [
        migrations.AddField(
            model_name='passwordpolicy',
            name='error_message',
            field=models.TextField(default=''),
            preserve_default=False,
        ),
    ]
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Jens Langhammer	95de6a14fd	bump version: 0.0.11-alpha -> 0.0.12-alpha	2019-02-27 13:18:28 +01:00
Jens Langhammer	17132ebc19	Verify OAuth Username vuln and fix closes #9	2019-02-27 13:18:16 +01:00
Jens Langhammer	289be46388	fix SAML Views not having LoginRequiredMixin	2019-02-27 12:36:18 +01:00
Jens Langhammer	6c300b7b31	autofocus password field	2019-02-27 12:35:57 +01:00
Jens Langhammer	b726583084	Keep GET parameters throughout entire login process	2019-02-27 12:35:48 +01:00
Jens Langhammer	48055d1cfd	fix CSRF Bug in SAML	2019-02-27 11:20:52 +01:00
Jens Langhammer	436070f5bd	fix redis connection issues in k8s	2019-02-27 09:59:01 +01:00
Jens Langhammer	3ee79818db	explicit version in helm values	2019-02-27 09:33:26 +01:00
Jens Langhammer	e7a02104db	fix display on mobile	2019-02-27 09:33:12 +01:00
Jens Langhammer	556740d7bc	add PasswordPolicyForm back in	2019-02-26 15:41:11 +01:00
Jens Langhammer	421f51770c	implement password policy checking on signup and password change closes #8	2019-02-26 15:40:58 +01:00
Jens Langhammer	96f7e70f9e	enable always_eager when unittesting	2019-02-26 14:24:50 +01:00
Jens Langhammer	ad96f7dbb8	add E-Mail support via celery task, untested, closes #17	2019-02-26 14:10:53 +01:00
Jens Langhammer	e7fb48eba2	bump version: 0.0.10-alpha -> 0.0.11-alpha	2019-02-26 13:06:26 +01:00
Jens Langhammer	b19b5b644d	remove hardcoded passwords	2019-02-26 13:06:22 +01:00
Jens Langhammer	250b6691d4	bump version: 0.0.9-alpha -> 0.0.10-alpha	2019-02-26 12:44:02 +01:00
Jens Langhammer	e3b02a6e78	fix isort/pylint issues	2019-02-26 12:43:59 +01:00
Jens Langhammer	e94ef34d8f	bump version: 0.0.8-alpha -> 0.0.9-alpha	2019-02-26 12:35:28 +01:00
Jens Langhammer	49e945307a	Re-enable OTP Disable View	2019-02-26 12:35:24 +01:00
Jens Langhammer	edfe0e5450	fix broken Docker build and helm package	2019-02-26 12:34:51 +01:00
Jens Langhammer	06b65a7882	add unittests, woo	2019-02-26 10:57:05 +01:00
Jens Langhammer	ff9bc8aa70	Automatically create PasswordFactor on initial setup closes #16	2019-02-26 09:54:51 +01:00
Jens Langhammer	28da67abe6	Improve partially broken Delete Views, show success message on deletion	2019-02-26 09:49:42 +01:00
Jens Langhammer	39d9fe9bf0	add passbook.pretend to use passbook in applications which don't support generic OAuth	2019-02-26 09:10:37 +01:00
Jens Langhammer	750117b0fd	Cleanup templates, handle OAuth Provider without application better	2019-02-26 09:09:19 +01:00
Jens Langhammer	983462f80d	user/ -> _/user/ to prevent duplicate URLs	2019-02-26 09:08:49 +01:00
Jens Langhammer	4ae31d409b	directly use paths instead of including oauth2_provider's	2019-02-26 09:08:22 +01:00
Jens Langhammer	98b414f3e2	add SignUp Confirmation (required by default, can be disabled in invitations) closes #6	2019-02-25 21:03:24 +01:00
Jens Langhammer	a0d42092e3	add Nonce (one-time links), add password reset function (missing e-mail verification), closes #7	2019-02-25 20:46:23 +01:00
Jens Langhammer	f2569b6424	improve placeholder on login template	2019-02-25 19:43:33 +01:00
Jens Langhammer	9d344d887c	add more information to administrator Overview	2019-02-25 17:52:51 +01:00
Jens Langhammer	7e9154a0ea	bump version: 0.0.7-alpha -> 0.0.8-alpha	2019-02-25 17:39:39 +01:00
Jens Langhammer	e0ef061771	fix pylint errors....	2019-02-25 17:32:52 +01:00
Jens Langhammer	b8694a7ade	fix bandit error (SHA1 has to be used)	2019-02-25 17:23:42 +01:00
Jens Langhammer	10d6a30f2c	add experimental HaveIBeenPwned Password Policy	2019-02-25 17:21:56 +01:00
Jens Langhammer	8c94aef6d0	add stub test so coverage doesn't crash	2019-02-25 17:21:06 +01:00
Jens Langhammer	19bd3bfffb	fix allauth imports	2019-02-25 17:20:53 +01:00
Jens Langhammer	8611ac624c	Make links on admin overview site actually useful	2019-02-25 17:11:52 +01:00
Jens Langhammer	fa93b59a8c	switch to toast notifications everywhere	2019-02-25 16:41:53 +01:00
Jens Langhammer	8b66b40f0d	move forgot password to PasswordFactor	2019-02-25 16:41:33 +01:00
Jens Langhammer	c2756f15fc	Correctly display action on Create/Update templates	2019-02-25 16:40:46 +01:00
Jens Langhammer	408e205c5f	add signal for password change, add field for password policies	2019-02-25 15:41:36 +01:00
Jens Langhammer	5f3ab49535	fix bug when Empty username is given to LoginAttempt.attempt	2019-02-25 14:10:29 +01:00
Jens Langhammer	33431ae013	improve OAuth Source Setup process, fix login template, closes #3	2019-02-25 14:10:10 +01:00
Jens Langhammer	b40ac6dc5d	more Icons cause everyone loves icons	2019-02-25 13:31:11 +01:00
Jens Langhammer	fec9b5cf94	bump version: 0.0.6-alpha -> 0.0.7-alpha	2019-02-25 13:20:12 +01:00
Jens Langhammer	986fed3e7c	add hook for Factors to show user settings. closes #5	2019-02-25 13:20:07 +01:00
Jens Langhammer	da5568b571	cleanup, fix Permission Denied when Cancelling login, fix display of messages on login template	2019-02-25 13:02:50 +01:00
Jens Langhammer	07f5dce97a	remove todo file	2019-02-25 12:31:27 +01:00
Jens Langhammer	bb81bb5a8d	totp => otp, integrate with factors, new setup form	2019-02-25 12:29:40 +01:00
Jens Langhammer	9c2cfd7db4	use Inheritance for Factors instead of JSONField	2019-02-24 22:39:09 +01:00
Jens Langhammer	292fbecca0	add password change view	2019-02-23 20:56:41 +01:00
Jens Langhammer	e5a405bf43	Register applications with Branded name for UI Dropdown	2019-02-23 20:42:14 +01:00
Jens Langhammer	66c0fc9d9a	Move factor base template to form_with_user	2019-02-23 20:41:43 +01:00
Jens Langhammer	5fa8711bfa	change hostname to localhost for k8s CI	2019-02-21 17:04:46 +01:00
Jens Langhammer	dd9cd7aa0c	automatically fill slug field while typing	2019-02-21 17:01:12 +01:00
Jens Langhammer	8bc8765035	use postgres service for CI	2019-02-21 16:50:36 +01:00
Jens Langhammer	b7ac4f1dd2	add psycopg2 as dependency	2019-02-21 16:30:56 +01:00
Jens Langhammer	183308e444	fix Contains not working correctly	2019-02-21 16:21:45 +01:00
Jens Langhammer	c941107d42	Rules -> Policies, more things	2019-02-21 16:06:57 +01:00
Jens Langhammer	d3d75737ed	switch to drf_yasg	2019-02-21 16:05:59 +01:00
Jens Langhammer	458decfbb3	add prospector config	2019-02-21 16:00:39 +01:00
Jens Langhammer	7601351f51	add help texts to explain naming	2019-02-16 11:25:53 +01:00
Jens Langhammer	df45797b4a	fix inconsistent naming again	2019-02-16 11:13:00 +01:00
Jens Langhammer	744a320731	fix inconsistent naming	2019-02-16 10:59:23 +01:00
Jens Langhammer	89722336e3	fix duplicate Class naming	2019-02-16 10:54:15 +01:00
Jens Langhammer	d6f4832e90	Rule -> Policies	2019-02-16 10:24:31 +01:00
Jens Langhammer	d32699b332	remove reversion	2019-02-16 09:53:32 +01:00
Jens Langhammer	59a15c988f	Move Factor instances to database	2019-02-16 09:52:37 +01:00
Jens Langhammer	57e5996513	Fix Docker Image having messed up static files	2019-02-14 16:31:40 +01:00
Jens Langhammer	6649eb401e	bump version: 0.0.5-alpha -> 0.0.6-alpha	2019-02-13 16:41:59 +01:00
Jens Langhammer	b657d7319d	fix failing docker build and failing helm packaging	2019-02-13 16:41:51 +01:00
Jens Langhammer	a9d29067bf	bump version: 0.0.4-alpha -> 0.0.5-alpha	2019-02-11 18:01:45 +01:00
Jens Langhammer	b7791f3b9a	use build image in docker to generate static files	2019-02-11 18:01:29 +01:00
Jens Langhammer	9161a6e41d	initialize helm properly, include built static files	2019-02-11 17:58:25 +01:00
Jens Langhammer	b4cb157257	bump version: 0.0.3-alpha -> 0.0.4-alpha	2019-02-11 17:44:42 +01:00
Jens Langhammer	d9ccbdd962	fix bumpversion typo	2019-02-11 17:44:40 +01:00
Jens Langhammer	d5ab20ee12	fix coverage failing	2019-02-11 17:36:36 +01:00
Jens Langhammer	0e73702fca	add PasswordPolicyRule (not used yet)	2019-02-10 20:09:47 +01:00
Jens Langhammer	58ebd15ada	fix mismatched Version numbers and missing verbose_names	2019-02-10 20:08:29 +01:00
Jens Langhammer	1a998e5020	bump version: 0.0.2-alpha -> 0.0.3-alpha	2019-02-08 15:19:31 +01:00
Jens Langhammer	d8eb926a76	fix migration import order	2019-02-08 15:19:29 +01:00
`@ -1,2 +1,2 @@`
	`"""passbook"""`	`"""passbook"""`
	`__version__ = '0.0.2-alpha'`	`__version__ = '0.0.12-alpha'`
`@ -1,2 +1,2 @@`
	`"""passbook admin"""`	`"""passbook admin"""`
	`__version__ = '0.0.2-alpha'`	`__version__ = '0.0.12-alpha'`
`@ -1,2 +1,2 @@`
	`django-rest-framework`	`django-rest-framework`
	`django-rest-swagger`	`drf_yasg`
`@ -1,2 +1,2 @@`
	`"""passbook api"""`	`"""passbook api"""`
	`__version__ = '0.0.1-alpha'`	`__version__ = '0.0.12-alpha'`
`@ -1,2 +1,2 @@`
	`"""passbook audit Header"""`	`"""passbook audit Header"""`
	`__version__ = '0.0.2-alpha'`	`__version__ = '0.0.12-alpha'`
`@ -1,2 +1,2 @@`
	`"""passbook captcha_factor Header"""`	`"""passbook captcha_factor Header"""`
	`__version__ = '0.0.2-alpha'`	`__version__ = '0.0.12-alpha'`
`@ -1,2 +1,2 @@`
	`"""passbook core"""`	`"""passbook core"""`
	`__version__ = '0.0.2-alpha'`	`__version__ = '0.0.12-alpha'`