bump version: 0.1.10-beta -> 0.1.11-beta

prepare 0.1.11
Merge branch '23-groups' into 'master'
2019-03-10 19:56:30 +01:00 · 2019-03-10 19:56:27 +01:00 · 2019-03-10 18:49:01 +00:00 · 2019-03-10 19:45:16 +01:00 · 2019-03-10 19:32:18 +01:00 · 2019-03-10 18:34:09 +01:00
294 changed files with 6438 additions and 2453 deletions
--- a/.bumpversion.cfg
+++ b/.bumpversion.cfg
@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.0.3-alpha
+current_version = 0.1.11-beta
 tag = True
 commit = True
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-(?P<release>.*)
@ -9,17 +9,22 @@ tag_name = version/{new_version}

 [bumpversion:part:release]
 optional_value = stable
+first_value = beta
 values = 
 	alpha
 	beta
 	stable

+[bumpversion:file:helm/passbook/values.yaml]
+
 [bumpversion:file:helm/passbook/Chart.yaml]

 [bumpversion:file:.gitlab-ci.yml]

 [bumpversion:file:passbook/__init__.py]

+[bumpversion:file:passbook/api/__init__.py]
+
 [bumpversion:file:passbook/core/__init__.py]

 [bumpversion:file:passbook/admin/__init__.py]
@ -30,11 +35,17 @@ values =

 [bumpversion:file:passbook/ldap/__init__.py]

+[bumpversion:file:passbook/lib/__init__.py]
+
+[bumpversion:file:passbook/hibp_policy/__init__.py]
+
+[bumpversion:file:passbook/password_expiry_policy/__init__.py]
+
 [bumpversion:file:passbook/saml_idp/__init__.py]

 [bumpversion:file:passbook/audit/__init__.py]

 [bumpversion:file:passbook/oauth_provider/__init__.py]

-[bumpversion:file:passbook/totp/__init__.py]
+[bumpversion:file:passbook/otp/__init__.py]

--- a/.dockerignore
+++ b/.dockerignore
@ -1,3 +1,4 @@
 env
 helm
 passbook-ui
+static
--- a/.gitignore
+++ b/.gitignore
@ -189,5 +189,5 @@ pyvenv.cfg
 pip-selfcheck.json

 # End of https://www.gitignore.io/api/python,django
-/static/*
+/static/
 local.env.yml
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -8,7 +8,15 @@ stages:
  - test
  - build
  - docs
-image: python:3.5
+  - deploy
+image: python:3.6
+services:
+  - postgres:latest
+
+variables:
+  POSTGRES_DB: passbook
+  POSTGRES_USER: passbook
+  POSTGRES_PASSWORD: 'EK-5jnKfjrGRm<77'

 include:
  - /allauth/.gitlab-ci.yml
@ -44,9 +52,9 @@ package-docker:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
  before_script:
-    - echo "{\"auths\":{\"https://docker.$NEXUS_URL/\":{\"username\":\"$NEXUS_USER\",\"password\":\"$NEXUS_PASS\"}}}" > /kaniko/.docker/config.json
+    - echo "{\"auths\":{\"docker.$NEXUS_URL\":{\"auth\":\"$NEXUS_AUTH\"}}}" > /kaniko/.docker/config.json
  script:
-    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination docker.pkg.beryju.org/passbook:latest --destination docker.pkg.beryju.org/passbook:0.0.3-alpha
+    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination docker.pkg.beryju.org/passbook:latest --destination docker.pkg.beryju.org/passbook:0.1.11-beta
  stage: build
  only:
    - tags
@ -55,59 +63,36 @@ package-helm:
  stage: build
  script:
    - curl https://raw.githubusercontent.com/helm/helm/master/scripts/get | bash
+    - helm init --client-only
    - helm package helm/passbook
-    - ./manage.py nexus_upload --method put --url $NEXUS_URL --user $NEXUS_USER --password $NEXUS_PASS --repo helm *.tgz
+    - ./manage.py nexus_upload --method put --url $NEXUS_URL --auth $NEXUS_AUTH --repo helm *.tgz
  only:
    - tags
    - /^version/.*$/
-# package-3.5:
-#   before_script:
-#     - apt update
-#     - apt install -y build-essential debhelper devscripts equivs python3 python3-pip
-#     - cp debian/control-3.5 debian/control
-#     - mk-build-deps debian/control
-#     - apt install ./*build-deps*deb -f -y
-#     - "python3 -m pip install -U virtualenv"
-#     - "virtualenv env"
-#     - "source env/bin/activate"
-#     - "pip3 install -U -r requirements.txt -r requirements-dev.txt"
-#   image: debian
-#   script:
-#     - debuild -us -uc
-#     - cp ../passbook*.deb .
-#     - python manage.py nexus_upload
-#   artifacts:
-#     paths:
-#     - passbook-python3.5*deb
-#     expire_in: 2 days
-#   stage: build
-#   only:
-#   - tags
-#   - /^debian/.*$/
-# package-3.6:
-#   before_script:
-#     - apt update
-#     - apt install -y build-essential debhelper devscripts equivs python3 python3-pip
-#     - cp debian/control-3.6 debian/control
-#     - mk-build-deps debian/control
-#     - apt install ./*build-deps*deb -f -y
-#     - "python3 -m pip install -U virtualenv"
-#     - "virtualenv env"
-#     - "source env/bin/activate"
-#     - "pip3 install -U -r requirements.txt -r requirements-dev.txt"
-#   image: debian:buster
-#   script:
-#     - debuild -us -uc
-#     - cp ../passbook*.deb .
-#     - python manage.py nexus_upload
-#   artifacts:
-#     paths:
-#     - passbook-python3.6*deb
-#     expire_in: 2 days
-#   stage: build
-#   only:
-#     - tags
-#     - /^debian/.*$r
+package-debian:
+  before_script:
+    - apt update
+    - apt install -y --no-install-recommends build-essential debhelper devscripts equivs python3 python3-dev python3-pip libsasl2-dev libldap2-dev
+    - mk-build-deps debian/control
+    - apt install ./*build-deps*deb -f -y
+    - python3 -m pip install -U virtualenv pip
+    - virtualenv env
+    - source env/bin/activate
+    - pip3 install -U -r requirements.txt -r requirements-dev.txt
+    - ./manage.py collectstatic --no-input
+  image: ubuntu:18.04
+  script:
+    - debuild -us -uc
+    - cp ../passbook*.deb .
+    - ./manage.py nexus_upload --method post --url $NEXUS_URL --auth $NEXUS_AUTH --repo apt passbook*deb
+  artifacts:
+    paths:
+    - passbook*deb
+    expire_in: 2 days
+  stage: build
+  only:
+  - tags
+  - /^version/.*$/

 # docs:
 #   stage: docs
@ -129,3 +114,18 @@ package-helm:
 #     - mkdocs build
 #     - 'rsync -avh --delete web/* "beryjuorg@ory1-web-prod-1.ory1.beryju.org:passbook.beryju.org/"'
 #     - 'rsync -avh --delete site/* "beryjuorg@ory1-web-prod-1.ory1.beryju.org:passbook.beryju.org/docs/"'
+
+deploy:
+  environment:
+    name: production
+    url: https://passbook-prod.default.k8s.beryju.org/
+  stage: deploy
+  only:
+  - tags
+  - /^version/.*$/
+  script:
+    - curl https://raw.githubusercontent.com/helm/helm/master/scripts/get | bash
+    - helm init --client-only
+    - helm repo add beryju.org https://pkg.beryju.org/repository/helm/
+    - helm repo update
+    - helm upgrade passbook-prod beryju.org/passbook --devel
--- a/.prospector.yaml
+++ b/.prospector.yaml
@ -0,0 +1,12 @@
+strictness: medium
+test-warnings: true
+doc-warnings: false
+
+ignore-paths:
+  - env
+  - migrations
+  - docs
+  - node_modules
+
+uses:
+ - django
--- a/29
+++ b/29
@ -1,17 +1,34 @@
-FROM python:3.6-slim-stretch
-# LABEL version="1.8.8"
+FROM python:3.6-slim-stretch as build

 COPY ./passbook/ /app/passbook
-COPY ./static/ /app/static
 COPY ./manage.py /app/
 COPY ./requirements.txt /app/

 WORKDIR /app/

-#RUN apk add --no-cache libffi-dev build-base py2-pip python2-dev libxml-dev && \
-RUN pip install -r requirements.txt && \
+RUN apt-get update && apt-get install build-essential libssl-dev libffi-dev -y && \
+    mkdir /app/static/ && \
+    pip install -r requirements.txt && \
+    pip install psycopg2 && \
+    ./manage.py collectstatic --no-input && \
+    apt-get remove --purge -y build-essential && \
+    apt-get autoremove --purge -y
+
+FROM python:3.6-slim-stretch
+
+COPY ./passbook/ /app/passbook
+COPY ./manage.py /app/
+COPY ./requirements.txt /app/
+COPY --from=build /app/static /app/static/
+
+WORKDIR /app/
+
+RUN apt-get update && apt-get install build-essential libssl-dev libffi-dev -y && \
+    pip install -r requirements.txt && \
    pip install psycopg2 && \
    adduser --system --home /app/ passbook && \
-    chown -R passbook /app/
+    chown -R passbook /app/ && \
+    apt-get remove --purge -y build-essential && \
+    apt-get autoremove --purge -y

 USER passbook
--- a/14
+++ b/14
@ -1,14 +0,0 @@
-## oauth_client
-
- - Move provider_type logic to own class, not name-based URL matching
- - add provider_type field to Provider Model
- - make Provider inherit core.application
- - Add template for popular services like github, twitter, facebook, etc
-
-## saml_idp
-
- - move certificates to Provider so each provider can have different certificates
-
-## admin
-
- - add testing page where user can supply input and let rules run against it to debug/test
--- a/allauth/allauth_passbook/urls.py
+++ b/allauth/allauth_passbook/urls.py
@ -1,6 +1,5 @@
 """passbook provider"""
 from allauth.socialaccount.providers.oauth2.urls import default_urlpatterns
-
 from allauth_passbook.provider import PassbookProvider

 urlpatterns = default_urlpatterns(PassbookProvider)
--- a/allauth/allauth_passbook/views.py
+++ b/allauth/allauth_passbook/views.py
@ -1,10 +1,10 @@
 """passbook adapter"""
 import requests
+
 from allauth.socialaccount import app_settings
 from allauth.socialaccount.providers.oauth2.views import (OAuth2Adapter,
                                                          OAuth2CallbackView,
                                                          OAuth2LoginView)
-
 from allauth_passbook.provider import PassbookProvider


--- a/debian/changelog
+++ b/debian/changelog
@ -0,0 +1,52 @@
+passbook (0.1.11) stable; urgency=medium
+
+  * add group administration
+  * bump version: 0.1.9-beta -> 0.1.10-beta
+  * fix helm labels being on deployments and not pods
+  * automatically deploy after release
+  * use Django's Admin FilteredSelectMultiple for Group Membership
+  * always use FilteredSelectMultiple for many-to-many fields
+  * Add Group Member policy
+  * add LDAP Group Membership Policy
+
+ -- Jens Langhammer <jens.langhammer@beryju.org>  Sun, 10 Mar 2019 18:55:31 +0000
+
+passbook (0.1.10) stable; urgency=high
+
+  * bump version: 0.1.7-beta -> 0.1.8-beta
+  * consistently using PolicyEngine
+  * add more Verbosity to PolicyEngine, rewrite SAML Authorisation check
+  * slightly refactor Factor View, add more unittests
+  * add impersonation middleware, add to templates
+  * bump version: 0.1.8-beta -> 0.1.9-beta
+  * fix k8s service routing http traffic to workers
+  * Fix button on policy test page
+  * better show loading state when testing a policy
+
+ -- Jens Langhammer <jens.langhammer@beryju.org>  Sun, 10 Mar 2019 14:52:40 +0000
+
+passbook (0.1.7) stable; urgency=medium
+
+  * bump version: 0.1.3-beta -> 0.1.4-beta
+  * implicitly add kubernetes-healthcheck-host in helm configmap
+  * fix debian build (again)
+  * add PropertyMapping Model, add Subclass for SAML, test with AWS
+  * add custom DynamicArrayField to better handle arrays
+  * format data before inserting it
+  * bump version: 0.1.4-beta -> 0.1.5-beta
+  * fix static files missing for debian package
+  * fix password not getting set on user import
+  * remove audit's login attempt
+  * add passing property to PolicyEngine
+  * fix captcha factor not loading keys from Factor class
+  * bump version: 0.1.5-beta -> 0.1.6-beta
+  * fix MATCH_EXACT not working as intended
+  * Improve access control for saml
+
+ -- Jens Langhammer <jens.langhammer@beryju.org>  Fri, 08 Mar 2019 20:37:05 +0000
+
+passbook (0.1.4) stable; urgency=medium
+
+  * initial debian package release
+
+ -- Jens Langhammer <jens.langhammer@beryju.org>  Wed, 06 Mar 2019 18:22:41 +0000
--- a/debian/compat
+++ b/debian/compat
@ -0,0 +1 @@
+10
--- a/debian/config
+++ b/debian/config
@ -0,0 +1,20 @@
+#!/bin/sh
+# config maintainer script for passbook
+set -e
+
+# source debconf stuff
+. /usr/share/debconf/confmodule
+
+dbc_first_version=1.0.0
+dbc_dbuser=passbook
+dbc_dbname=passbook
+
+# source dbconfig-common shell library, and call the hook function
+if [ -f /usr/share/dbconfig-common/dpkg/config.pgsql ]; then
+    . /usr/share/dbconfig-common/dpkg/config.pgsql
+    dbc_go passbook "$@"
+fi
+
+#DEBHELPER#
+
+exit 0
--- a/debian/control
+++ b/debian/control
@ -0,0 +1,14 @@
+Source: passbook
+Section: admin
+Priority: optional
+Maintainer: BeryJu.org <support@beryju.org>
+Uploaders: Jens Langhammer <jens@beryju.org>, BeryJu.org <support@beryju.org>
+Build-Depends: debhelper (>= 10), dh-systemd (>= 1.5), dh-exec, wget, dh-exec, python3 (>= 3.5) | python3.6 | python3.7
+Standards-Version: 3.9.6
+
+Package: passbook
+Architecture: all
+Recommends: mysql-server, redis-server
+Pre-Depends: adduser, libldap2-dev, libsasl2-dev
+Depends: python3 (>= 3.5) | python3.6 | python3.7, python3-pip, dbconfig-pgsql | dbconfig-no-thanks, ${misc:Depends}
+Description: Authentication Provider/Proxy supporting protocols like SAML, OAuth, LDAP and more.
--- a/debian/copyright
+++ b/debian/copyright
@ -0,0 +1,22 @@
+MIT License
+
+Copyright (c) 2019 BeryJu.org
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
--- a/debian/dirs
+++ b/debian/dirs
@ -0,0 +1,4 @@
+etc/passbook/
+etc/passbook/config.d/
+var/log/passbook/
+usr/share/passbook/
--- a/debian/etc/passbook/config.yml
+++ b/debian/etc/passbook/config.yml
@ -0,0 +1,44 @@
+debug: false
+http:
+    host: 0.0.0.0
+    port: 8000
+secret_key_file: /etc/passbook/secret_key
+log:
+    level:
+        console: INFO
+        file: DEBUG
+    file: /var/log/passbook/passbook.log
+# Error reporting, disabled by default
+# error_report_enabled: true
+
+# Set this to the server's external address.
+# This is used to generate external URLs
+external_url: http://image.example.com
+
+# This dictates how the Path is generated
+# can be either of:
+# - view_sha512_short
+# - view_md5
+# - view_sha256
+# - view_sha512
+default_return_view: view_sha256
+
+# Set this to true if you only want to use external authentication
+external_auth_only: false
+
+# If this is true, images are automatically claimed if the windows user exists
+# in django
+auto_claim_enabled: true
+
+# LDAP Authentication
+# ldap:
+#     enabled: false
+#     server:
+#         uri: 'ldap://dc1.example.com'
+#         tls: false
+#     bind:
+#         dn: ''
+#         password: ''
+#     search_base: ''
+#     filter: '(sAMAccountName=%(user)s)'
+#     require_group: ''
--- a/debian/gbp.conf
+++ b/debian/gbp.conf
@ -0,0 +1,2 @@
+[buildpackage]
+export-dir=../build-area
--- a/debian/install
+++ b/debian/install
@ -0,0 +1,8 @@
+passbook		/usr/share/passbook/
+static			/usr/share/passbook/
+manage.py		/usr/share/passbook/
+passbook.sh		/usr/share/passbook/
+vendor			/usr/share/passbook/
+
+debian/etc/passbook								/etc/
+debian/templates/database.yml					/usr/share/passbook/
--- a/passbook/totp/tests/init.py
+++ b/passbook/totp/tests/init.py
--- a/debian/passbook-worker.service
+++ b/debian/passbook-worker.service
@ -0,0 +1,14 @@
+[Unit]
+Description=passbook - Authentication Provider/Proxy (Background worker)
+After=network.target
+Requires=network.target
+
+[Service]
+User=passbook
+Group=passbook
+WorkingDirectory=/usr/share/passbook
+Type=simple
+ExecStart=/usr/share/passbook/passbook.sh worker
+
+[Install]
+WantedBy=multi-user.target
--- a/debian/passbook.service
+++ b/debian/passbook.service
@ -0,0 +1,14 @@
+[Unit]
+Description=passbook - Authentication Provider/Proxy
+After=network.target
+Requires=network.target
+
+[Service]
+User=passbook
+Group=passbook
+WorkingDirectory=/usr/share/passbook
+Type=simple
+ExecStart=/usr/share/passbook/passbook.sh web
+
+[Install]
+WantedBy=multi-user.target
--- a/debian/postinst
+++ b/debian/postinst
@ -0,0 +1,36 @@
+#!/bin/bash
+
+set -e
+
+. /usr/share/debconf/confmodule
+. /usr/share/dbconfig-common/dpkg/postinst.pgsql
+
+# you can set the default database encoding to something else
+dbc_pgsql_createdb_encoding="UTF8"
+dbc_generate_include=template:/etc/passbook/config.d/database.yml
+dbc_generate_include_args="-o template_infile=/usr/share/passbook/database.yml"
+dbc_go passbook "$@"
+
+if [ -z "`getent group passbook`" ]; then
+	addgroup --quiet --system passbook
+fi
+if [ -z "`getent passwd passbook`" ]; then
+	echo " * Creating user and group passbook..."
+	adduser --quiet --system --home /usr/share/passbook --shell /bin/false --ingroup passbook --disabled-password --disabled-login --gecos "passbook User" passbook  >> /var/log/passbook/passbook.log 2>&1
+fi
+echo " * Updating binary packages (psycopg2)"
+python3 -m pip install --target=/usr/share/passbook/vendor/ --no-cache-dir --upgrade --force-reinstall psycopg2 >> /var/log/passbook/passbook.log 2>&1
+if [ ! -f '/etc/passbook/secret_key' ]; then
+	echo " * Generating Secret Key"
+	python3 -c 'import random; result = "".join([random.choice("abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)") for i in range(50)]); print(result)' > /etc/passbook/secret_key 2> /dev/null
+fi
+chown -R passbook: /usr/share/passbook/
+chown -R passbook: /etc/passbook/
+chown -R passbook: /var/log/passbook/
+chmod 440 /etc/passbook/secret_key
+echo " * Running Database Migration"
+/usr/share/passbook/passbook.sh migrate
+echo " * A superuser can be created with this command '/usr/share/passbook/passbook.sh createsuperuser'"
+echo " * You should probably also adjust your settings in '/etc/passbook/config.yml'"
+
+#DEBHELPER#
--- a/debian/postrm
+++ b/debian/postrm
@ -0,0 +1,24 @@
+#!/bin/sh
+
+set -e
+
+if [ -f /usr/share/debconf/confmodule ]; then
+    . /usr/share/debconf/confmodule
+fi
+if [ -f /usr/share/dbconfig-common/dpkg/postrm.pgsql ]; then
+    . /usr/share/dbconfig-common/dpkg/postrm.pgsql
+    dbc_go passbook "$@"
+fi
+
+
+if [ "$1" = "purge" ]; then
+    if which ucf >/dev/null 2>&1; then
+        ucf --purge /etc/passbook/config.d/database.yml
+        ucfr --purge passbook /etc/passbook/config.d/database.yml
+    fi
+    rm -rf /etc/passbook/
+    rm -rf /usr/share/passbook/
+fi
+
+#DEBHELPER#
+
--- a/debian/prerm
+++ b/debian/prerm
@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -e
+
+. /usr/share/debconf/confmodule
+. /usr/share/dbconfig-common/dpkg/prerm.pgsql
+dbc_go passbook "$@"
+
+#DEBHELPER#
+
--- a/debian/rules
+++ b/debian/rules
@ -0,0 +1,27 @@
+#!/usr/bin/make -f
+
+# Uncomment this to turn on verbose mode.
+# export DH_VERBOSE=1
+
+%:
+	dh $@ --with=systemd
+
+build-arch:
+	python3 -m pip install setuptools
+	python3 -m pip install --target=vendor/ -r requirements.txt
+
+override_dh_strip:
+	dh_strip --exclude=psycopg2
+
+override_dh_shlibdeps:
+	dh_shlibdeps --exclude=psycopg2
+
+override_dh_installinit:
+	dh_installinit --name=passbook
+	dh_installinit --name=passbook-worker
+	dh_systemd_enable --name=passbook
+	dh_systemd_enable --name=passbook-worker
+	dh_systemd_start
+
+# override_dh_usrlocal to do nothing
+override_dh_usrlocal:
--- a/debian/source/format
+++ b/debian/source/format
@ -0,0 +1 @@
+3.0 (native)
--- a/debian/templates/database.yml
+++ b/debian/templates/database.yml
@ -0,0 +1,8 @@
+databases:
+  default:
+    engine: django.db.backends.postgresql
+    name: _DBC_DBNAME_
+    user: _DBC_DBUSER_
+    password: _DBC_DBPASS_
+    host: _DBC_DBSERVER_
+    port: _DBC_DBPORT_
--- a/helm/passbook/Chart.yaml
+++ b/helm/passbook/Chart.yaml
@ -1,6 +1,6 @@
 apiVersion: v1
-appVersion: "0.0.3-alpha"
+appVersion: "0.1.11-beta"
 description: A Helm chart for passbook.
 name: passbook
-version: 1.0.0
+version: "0.1.11-beta"
 icon: https://passbook.beryju.org/images/logo.png
--- a/helm/passbook/templates/passbook-configmap.yaml
+++ b/helm/passbook/templates/passbook-configmap.yaml
@ -36,7 +36,7 @@ data:
    debug: false
    secure_proxy_header:
      HTTP_X_FORWARDED_PROTO: https
-    redis: {{ .Release.Name }}-redis
+    redis: ":{{ .Values.redis.password }}@{{ .Release.Name }}-redis-master"
    # Error reporting, sends stacktrace to sentry.services.beryju.org
    error_report_enabled: {{ .Values.config.error_reporting }}

@ -50,6 +50,7 @@ data:
        {{- range .Values.ingress.hosts }}
        - {{ . | quote }}
        {{- end }}
+        - kubernetes-healthcheck-host

    passbook:
      sign_up:
@ -105,10 +106,9 @@ data:
        email: mail # or userPrincipalName
      user_attribute_map:
        active_directory:
-          sAMAccountName: username
-          mail: email
-          given_name: first_name
-          name: last_name
+          username: "%(sAMAccountName)s"
+          email: "%(mail)s"
+          name: "%(displayName)"
      # # Create new users in LDAP upon sign-up
      # create_users: true
      # # Reset LDAP password when user reset their password
@ -131,6 +131,7 @@ data:
      # List of python packages with provider types to load.
      types:
        - passbook.saml_idp.processors.generic
+        - passbook.saml_idp.processors.aws
        - passbook.saml_idp.processors.gitlab
        - passbook.saml_idp.processors.nextcloud
        - passbook.saml_idp.processors.salesforce
--- a/helm/passbook/templates/passbook-web-deployment.yaml
+++ b/helm/passbook/templates/passbook-web-deployment.yaml
@ -18,6 +18,7 @@ spec:
      labels:
        app.kubernetes.io/name: {{ include "passbook.name" . }}
        app.kubernetes.io/instance: {{ .Release.Name }}
+        passbook.io/component: web
    spec:
      volumes:
        - name: config-volume
--- a/helm/passbook/templates/passbook-web-service.yaml
+++ b/helm/passbook/templates/passbook-web-service.yaml
@ -17,3 +17,4 @@ spec:
  selector:
    app.kubernetes.io/name: {{ include "passbook.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
+    passbook.io/component: web
--- a/helm/passbook/templates/passbook-worker-deployment.yaml
+++ b/helm/passbook/templates/passbook-worker-deployment.yaml
@ -18,6 +18,7 @@ spec:
      labels:
        app.kubernetes.io/name: {{ include "passbook.name" . }}
        app.kubernetes.io/instance: {{ .Release.Name }}
+        passbook.io/component: worker
    spec:
      volumes:
        - name: config-volume
--- a/helm/passbook/values.yaml
+++ b/helm/passbook/values.yaml
@ -5,7 +5,7 @@
 replicaCount: 1

 image:
-  tag: latest
+  tag: 0.1.11-beta

 nameOverride: ""

--- a/passbook.sh
+++ b/passbook.sh
@ -0,0 +1,7 @@
+#!/bin/bash
+
+# Check if this file is a symlink, if so, read real base dir
+BASE_DIR=$(dirname $(readlink -f ${BASH_SOURCE[0]}))
+
+cd $BASE_DIR
+PYTHONPATH="${BASE_DIR}/vendor/" python3 manage.py $@
--- a/passbook/init.py
+++ b/passbook/init.py
@ -1,2 +1,2 @@
 """passbook"""
-__version__ = '0.0.3-alpha'
+__version__ = '0.1.11-beta'
--- a/passbook/admin/init.py
+++ b/passbook/admin/init.py
@ -1,2 +1,2 @@
 """passbook admin"""
-__version__ = '0.0.3-alpha'
+__version__ = '0.1.11-beta'
--- a/passbook/admin/api/urls.py
+++ b/passbook/admin/api/urls.py
@ -0,0 +1,6 @@
+"""Versioned Admin API Urls"""
+from django.conf.urls import include, url
+
+urlpatterns = [
+    url(r'^v1/', include('passbook.admin.api.v1.urls', namespace='v1')),
+]
--- a/passbook/admin/api/v1/applications.py
+++ b/passbook/admin/api/v1/applications.py
@ -0,0 +1,22 @@
+"""passbook admin application API"""
+from rest_framework.permissions import IsAdminUser
+from rest_framework.serializers import ModelSerializer
+from rest_framework.viewsets import ModelViewSet
+
+from passbook.core.models import Application
+
+
+class ApplicationSerializer(ModelSerializer):
+    """Application Serializer"""
+
+    class Meta:
+        model = Application
+        fields = '__all__'
+
+
+class ApplicationViewSet(ModelViewSet):
+    """Application Viewset"""
+
+    permission_classes = [IsAdminUser]
+    serializer_class = ApplicationSerializer
+    queryset = Application.objects.all()
--- a/passbook/admin/api/v1/urls.py
+++ b/passbook/admin/api/v1/urls.py
@ -1,9 +1,33 @@
 """passbook admin API URLs"""
+from django.urls import path
+from drf_yasg import openapi
+from drf_yasg.views import get_schema_view
+from rest_framework import permissions
 from rest_framework.routers import DefaultRouter

+from passbook.admin.api.v1.applications import ApplicationViewSet
 from passbook.admin.api.v1.groups import GroupViewSet
+from passbook.admin.api.v1.users import UserViewSet

 router = DefaultRouter()
-router.register(r'groups', GroupViewSet)
+router.register('applications', ApplicationViewSet)
+router.register('groups', GroupViewSet)
+router.register('users', UserViewSet)

-urlpatterns = router.urls
+SchemaView = get_schema_view(
+    openapi.Info(
+        title="passbook Administration API",
+        default_version='v1',
+        description="Internal passbook API for Administration Interface",
+        contact=openapi.Contact(email="contact@snippets.local"),
+        license=openapi.License(name="MIT License"),
+    ),
+    public=True,
+    permission_classes=(permissions.IsAdminUser,),
+)
+
+urlpatterns = router.urls + [
+    path('swagger.yml', SchemaView.without_ui(cache_timeout=0), name='schema-json'),
+    path('swagger/', SchemaView.with_ui('swagger', cache_timeout=0), name='schema-swagger-ui'),
+]
+app_name = 'passbook.admin'
--- a/passbook/admin/api/v1/users.py
+++ b/passbook/admin/api/v1/users.py
@ -0,0 +1,23 @@
+"""passbook admin user API"""
+from rest_framework.permissions import IsAdminUser
+from rest_framework.serializers import ModelSerializer
+from rest_framework.viewsets import ModelViewSet
+
+from passbook.core.models import User
+
+
+class UserSerializer(ModelSerializer):
+    """User Serializer"""
+
+    class Meta:
+        model = User
+        fields = ['is_superuser', 'username', 'name', 'email', 'date_joined',
+                  'uuid']
+
+
+class UserViewSet(ModelViewSet):
+    """User Viewset"""
+
+    permission_classes = [IsAdminUser]
+    serializer_class = UserSerializer
+    queryset = User.objects.all()
--- a/passbook/admin/apps.py
+++ b/passbook/admin/apps.py
@ -8,3 +8,4 @@ class PassbookAdminConfig(AppConfig):
    name = 'passbook.admin'
    label = 'passbook_admin'
    mountpoint = 'administration/'
+    verbose_name = 'passbook Admin'
--- a/passbook/admin/forms/policies.py
+++ b/passbook/admin/forms/policies.py
@ -4,7 +4,7 @@ from django import forms
 from passbook.core.models import User


-class RuleTestForm(forms.Form):
-    """Form to test rule against user"""
+class PolicyTestForm(forms.Form):
+    """Form to test policies against user"""

    user = forms.ModelChoiceField(queryset=User.objects.all())
--- a/passbook/admin/forms/source.py
+++ b/passbook/admin/forms/source.py
@ -1,6 +1,6 @@
 """passbook core source form fields"""
 # from django import forms

-SOURCE_FORM_FIELDS = ['name', 'slug', 'enabled']
+SOURCE_FORM_FIELDS = ['name', 'slug', 'enabled', 'policies']

 # class SourceForm(forms.Form)
--- a/passbook/admin/forms/users.py
+++ b/passbook/admin/forms/users.py
@ -0,0 +1,17 @@
+"""passbook administrative user forms"""
+
+from django import forms
+
+from passbook.core.models import User
+
+
+class UserForm(forms.ModelForm):
+    """Update User Details"""
+
+    class Meta:
+
+        model = User
+        fields = ['username', 'name', 'email', 'is_staff', 'is_active']
+        widgets = {
+            'name': forms.TextInput
+        }
--- a/passbook/admin/middleware.py
+++ b/passbook/admin/middleware.py
@ -0,0 +1,25 @@
+"""passbook admin Middleware to impersonate users"""
+
+from passbook.core.models import User
+
+
+def impersonate(get_response):
+    """Middleware to impersonate users"""
+
+    def middleware(request):
+        """Middleware to impersonate users"""
+
+        # User is superuser and has __impersonate ID set
+        if request.user.is_superuser and "__impersonate" in request.GET:
+            request.session['impersonate_id'] = request.GET["__impersonate"]
+        # user wants to stop impersonation
+        elif "__unimpersonate" in request.GET and 'impersonate_id' in request.session:
+            del request.session['impersonate_id']
+
+        # Actually impersonate user
+        if request.user.is_superuser and 'impersonate_id' in request.session:
+            request.user = User.objects.get(pk=request.session['impersonate_id'])
+
+        response = get_response(request)
+        return response
+    return middleware
--- a/passbook/admin/requirements.txt
+++ b/passbook/admin/requirements.txt
@ -1,2 +1,2 @@
 django-rest-framework
-django-rest-swagger
+drf_yasg
--- a/passbook/admin/settings.py
+++ b/passbook/admin/settings.py
@ -0,0 +1,5 @@
+"""passbook admin settings"""
+
+MIDDLEWARE = [
+    'passbook.admin.middleware.impersonate',
+]
--- a/passbook/admin/templates/administration/application/list.html
+++ b/passbook/admin/templates/administration/application/list.html
@ -9,31 +9,37 @@

 {% block content %}
 <div class="container">
-  <h1>{% trans "Applications" %}</h1>
-  <a href="{% url 'passbook_admin:application-create' %}" class="btn btn-primary">
-    {% trans 'Create...' %}
-  </a>
-  <hr>
-  <table class="table table-striped table-bordered">
-    <thead>
-      <tr>
-        <th>{% trans 'Name' %}</th>
-        <th>{% trans 'Provider' %}</th>
-        <th></th>
-      </tr>
-    </thead>
-    <tbody>
-      {% for application in object_list %}
-        <tr>
-          <td>{{ application.name }}</td>
-          <td>{{ application.provider }}</td>
-          <td>
-            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:application-update' pk=application.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
-            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:application-delete' pk=application.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
-          </td>
-        </tr>
-      {% endfor %}
-    </tbody>
-  </table>
+    <h1><span class="pficon-applications"></span> {% trans "Applications" %}</h1>
+    <span>{% trans "External Applications which use passbook as Identity-Provider, utilizing protocols like OAuth2 and SAML." %}</span>
+    <hr>
+    <a href="{% url 'passbook_admin:application-create' %}?back={{ request.get_full_path }}" class="btn btn-primary">
+        {% trans 'Create...' %}
+    </a>
+    <hr>
+    <table class="table table-striped table-bordered">
+        <thead>
+            <tr>
+                <th>{% trans 'Name' %}</th>
+                <th>{% trans 'Provider' %}</th>
+                <th>{% trans 'Provider Type' %}</th>
+                <th></th>
+            </tr>
+        </thead>
+        <tbody>
+            {% for application in object_list %}
+            <tr>
+                <td>{{ application.name }}</td>
+                <td>{{ application.get_provider }}</td>
+                <td>{{ application.get_provider|verbose_name }}</td>
+                <td>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:application-update' pk=application.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:application-delete' pk=application.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
+                </td>
+            </tr>
+            {% endfor %}
+        </tbody>
+    </table>
 </div>
 {% endblock %}
--- a/passbook/admin/templates/administration/audit/list.html
+++ b/passbook/admin/templates/administration/audit/list.html
@ -8,77 +8,80 @@
 {% endblock %}

 {% block content %}
-<div class="container">
-  <h1>{% trans "Audit Log" %}</h1>
-  <div id="pf-list-standard" class="list-group list-view-pf list-view-pf-view">
+<h1><span class="pficon-catalog"></span> {% trans "Audit Log" %}</h1>
+<div id="pf-list-standard" class="list-group list-view-pf list-view-pf-view">
    {% for entry in object_list %}
    <div class="list-group-item">
-      <div class="list-view-pf-main-info">
-        <div class="list-view-pf-left">
-          <span class="fa fa-plane list-view-pf-icon-sm"></span>
+        <div class="list-view-pf-main-info">
+            <div class="list-view-pf-left">
+                <span class="fa fa-plane list-view-pf-icon-sm"></span>
+            </div>
+            <div class="list-view-pf-body">
+                <div class="list-view-pf-description">
+                    <div class="list-group-item-heading">
+                        {{ entry.action }}
+                    </div>
+                    <div class="list-group-item-text">
+                        {{ entry.context }}
+                    </div>
+                </div>
+                <div class="list-view-pf-additional-info">
+                    <div class="list-view-pf-additional-info-item">
+                        <span class="pficon pficon-user"></span>
+                        <strong>{{ entry.user }}</strong>
+                    </div>
+                    <div class="list-view-pf-additional-info-item">
+                        <span class="pficon pficon-cluster"></span>
+                        <strong>{{ entry.app|default:'-' }}</strong>
+                    </div>
+                    <div class="list-view-pf-additional-info-item">
+                        <span class="fa fa-clock-o"></span>
+                        <strong>{{ entry.created }}</strong>
+                    </div>
+                    <div class="list-view-pf-additional-info-item">
+                        <span class="pficon pficon-screen"></span>
+                        <strong>{{ entry.request_ip }}</strong>
+                    </div>
+                </div>
+            </div>
        </div>
-        <div class="list-view-pf-body">
-          <div class="list-view-pf-description">
-            <div class="list-group-item-heading">
-              {{ entry.action }}
-            </div>
-            <div class="list-group-item-text">
-            </div>
-          </div>
-          <div class="list-view-pf-additional-info">
-            <div class="list-view-pf-additional-info-item">
-              <span class="pficon pficon-user"></span>
-              <strong>{{ entry.user }}</strong>
-            </div>
-            <div class="list-view-pf-additional-info-item">
-              <span class="pficon pficon-screen"></span>
-              <strong>{{ entry.request_ip }}</strong>
-            </div>
-            <div class="list-view-pf-additional-info-item">
-              <span class="pficon pficon-cluster"></span>
-              <strong>{{ entry.app|default:'-' }}</strong>
-            </div>
-          </div>
-        </div>
-      </div>
    </div>
    {% endfor %}
-  </div>
-  <script>
-    $(document).ready(function () {
-      // Row Checkbox Selection
-      $("#pf-list-standard input[type='checkbox']").change(function (e) {
-        if ($(this).is(":checked")) {
-          $(this).closest('.list-group-item').addClass("active");
-        } else {
-          $(this).closest('.list-group-item').removeClass("active");
-        }
-      });
-      // toggle dropdown menu
-      $('#pf-list-standard .list-view-pf-actions').on('show.bs.dropdown', function () {
-        var $this = $(this);
-        var $dropdown = $this.find('.dropdown');
-        var space = $(window).height() - $dropdown[0].getBoundingClientRect().top - $this.find('.dropdown-menu').outerHeight(true);
-        $dropdown.toggleClass('dropup', space < 10);
-      });
-      // allow users to select multiple list items with shift key
-      $('#pf-list-standard .list-group').on('click', '.list-view-pf-checkbox>input', function (event) {
-        var $list = $('.list-group');
-        var prevIndex = $list.data('preIndex');
-        var $listItems = $list.children('.list-group-item');
-        var $currentItem = $(this).closest('.list-group-item');
-        if (event.shiftKey && prevIndex > -1 && this.checked) {
-          var currentIndex = $listItems.index($currentItem);
-          var $selectScope = currentIndex - prevIndex > 0
-            ? $currentItem.prevAll().not($listItems.eq(prevIndex).prevAll().addBack())
-            : $listItems.eq(prevIndex).prevAll().not($currentItem.prevAll().addBack());
-          $selectScope.addClass('active').find('.list-view-pf-checkbox').children('input').prop('checked', true);
-        }
-        $list.data('preIndex', this.checked ? $listItems.index($currentItem) : -1);
-      });
+    <script>
+        $(document).ready(function () {
+            // Row Checkbox Selection
+            $("#pf-list-standard input[type='checkbox']").change(function (e) {
+                if ($(this).is(":checked")) {
+                    $(this).closest('.list-group-item').addClass("active");
+                } else {
+                    $(this).closest('.list-group-item').removeClass("active");
+                }
+            });
+            // toggle dropdown menu
+            $('#pf-list-standard .list-view-pf-actions').on('show.bs.dropdown', function () {
+                var $this = $(this);
+                var $dropdown = $this.find('.dropdown');
+                var space = $(window).height() - $dropdown[0].getBoundingClientRect().top - $this.find('.dropdown-menu').outerHeight(true);
+                $dropdown.toggleClass('dropup', space < 10);
+            });
+            // allow users to select multiple list items with shift key
+            $('#pf-list-standard .list-group').on('click', '.list-view-pf-checkbox>input', function (event) {
+                var $list = $('.list-group');
+                var prevIndex = $list.data('preIndex');
+                var $listItems = $list.children('.list-group-item');
+                var $currentItem = $(this).closest('.list-group-item');
+                if (event.shiftKey && prevIndex > -1 && this.checked) {
+                    var currentIndex = $listItems.index($currentItem);
+                    var $selectScope = currentIndex - prevIndex > 0
+                        ? $currentItem.prevAll().not($listItems.eq(prevIndex).prevAll().addBack())
+                        : $listItems.eq(prevIndex).prevAll().not($currentItem.prevAll().addBack());
+                    $selectScope.addClass('active').find('.list-view-pf-checkbox').children('input').prop('checked', true);
+                }
+                $list.data('preIndex', this.checked ? $listItems.index($currentItem) : -1);
+            });

-    });
-  </script>
-  {% include 'partials/pagination.html' %}
+        });
+    </script>
+    {% include 'partials/pagination.html' %}
 </div>
 {% endblock %}
--- a/passbook/admin/templates/administration/base.html
+++ b/passbook/admin/templates/administration/base.html
@ -5,32 +5,48 @@

 {% block nav_secondary %}
 <ul class="nav navbar-nav navbar-persistent">
-  <li class="{% is_active 'passbook_admin:overview' %}">
-    <a href="{% url 'passbook_admin:overview' %}">{% trans 'Overview' %}</a>
-  </li>
-  <li class="{% is_active 'passbook_admin:applications' 'passbook_admin:application-create' 'passbook_admin:application-update' 'passbook_admin:application-delete' %}">
-    <a href="{% url 'passbook_admin:applications' %}">{% trans 'Applications' %}</a>
-  </li>
-  <li class="{% is_active 'passbook_admin:sources' 'passbook_admin:source-create' 'passbook_admin:source-update' 'passbook_admin:source-delete' %}">
-    <a href="{% url 'passbook_admin:sources' %}">{% trans 'Sources' %}</a>
-  </li>
-  <li class="{% is_active 'passbook_admin:providers' 'passbook_admin:provider-create' 'passbook_admin:provider-update' 'passbook_admin:provider-delete' %}">
-    <a href="{% url 'passbook_admin:providers' %}">{% trans 'Providers' %}</a>
-  </li>
-  <li class="{% is_active 'passbook_admin:rules' 'passbook_admin:rule-create' 'passbook_admin:rule-update' 'passbook_admin:rule-delete' 'passbook_admin:rule-test' %}">
-    <a href="{% url 'passbook_admin:rules' %}">{% trans 'Rules' %}</a>
-  </li>
-  <li class="{% is_active 'passbook_admin:invitations' 'passbook_admin:invitation-create' 'passbook_admin:invitation-update' 'passbook_admin:invitation-delete' 'passbook_admin:invitation-test' %}">
-    <a href="{% url 'passbook_admin:invitations' %}">{% trans 'Invitations' %}</a>
-  </li>
-  <li class="{% is_active 'passbook_admin:users' 'passbook_admin:user-update' 'passbook_admin:user-delete' %}">
-    <a href="{% url 'passbook_admin:users' %}">{% trans 'Users' %}</a>
-  </li>
-  <li class="{% is_active 'passbook_admin:audit-log' %}">
-    <a href="{% url 'passbook_admin:audit-log' %}">{% trans 'Audit Log' %}</a>
-  </li>
-  <li class="{% is_active_app 'admin' %}">
-    <a href="{% url 'admin:index' %}">{% trans 'Django' %}</a>
-  </li>
+    <li class="{% is_active 'passbook_admin:overview' %}">
+        <a href="{% url 'passbook_admin:overview' %}">{% trans 'Overview' %}</a>
+    </li>
+    <li
+        class="{% is_active 'passbook_admin:applications' 'passbook_admin:application-create' 'passbook_admin:application-update' 'passbook_admin:application-delete' %}">
+        <a href="{% url 'passbook_admin:applications' %}">{% trans 'Applications' %}</a>
+    </li>
+    <li
+        class="{% is_active 'passbook_admin:sources' 'passbook_admin:source-create' 'passbook_admin:source-update' 'passbook_admin:source-delete' %}">
+        <a href="{% url 'passbook_admin:sources' %}">{% trans 'Sources' %}</a>
+    </li>
+    <li
+        class="{% is_active 'passbook_admin:providers' 'passbook_admin:provider-create' 'passbook_admin:provider-update' 'passbook_admin:provider-delete' %}">
+        <a href="{% url 'passbook_admin:providers' %}">{% trans 'Providers' %}</a>
+    </li>
+    <li
+        class="{% is_active 'passbook_admin:property-mappings' 'passbook_admin:property-mapping-create' 'passbook_admin:property-mapping-update' 'passbook_admin:property-mapping-delete' %}">
+        <a href="{% url 'passbook_admin:property-mappings' %}">{% trans 'Property Mappings' %}</a>
+    </li>
+    <li
+        class="{% is_active 'passbook_admin:factors' 'passbook_admin:factor-create' 'passbook_admin:factor-update' 'passbook_admin:factor-delete' %}">
+        <a href="{% url 'passbook_admin:factors' %}">{% trans 'Factors' %}</a>
+    </li>
+    <li
+        class="{% is_active 'passbook_admin:policies' 'passbook_admin:policy-create' 'passbook_admin:policy-update' 'passbook_admin:policy-delete' 'passbook_admin:policy-test' %}">
+        <a href="{% url 'passbook_admin:policies' %}">{% trans 'Policies' %}</a>
+    </li>
+    <li
+        class="{% is_active 'passbook_admin:invitations' 'passbook_admin:invitation-create' 'passbook_admin:invitation-update' 'passbook_admin:invitation-delete' 'passbook_admin:invitation-test' %}">
+        <a href="{% url 'passbook_admin:invitations' %}">{% trans 'Invitations' %}</a>
+    </li>
+    <li class="{% is_active 'passbook_admin:users' 'passbook_admin:user-update' 'passbook_admin:user-delete' %}">
+        <a href="{% url 'passbook_admin:users' %}">{% trans 'Users' %}</a>
+    </li>
+    <li class="{% is_active 'passbook_admin:groups' 'passbook_admin:group-update' 'passbook_admin:group-delete' %}">
+        <a href="{% url 'passbook_admin:groups' %}">{% trans 'Groups' %}</a>
+    </li>
+    <li class="{% is_active 'passbook_admin:audit-log' %}">
+        <a href="{% url 'passbook_admin:audit-log' %}">{% trans 'Audit Log' %}</a>
+    </li>
+    <li class="{% is_active_app 'admin' %}">
+        <a href="{% url 'admin:index' %}">{% trans 'Django' %}</a>
+    </li>
 </ul>
 {% endblock %}
--- a/passbook/admin/templates/administration/factor/list.html
+++ b/passbook/admin/templates/administration/factor/list.html
@ -0,0 +1,62 @@
+{% extends "administration/base.html" %}
+
+{% load i18n %}
+{% load utils %}
+{% load admin_reflection %}
+
+{% block title %}
+{% title %}
+{% endblock %}
+
+{% block content %}
+<div class="container">
+    <h1><span class="pficon-plugged"></span> {% trans "Factors" %}</h1>
+    <span>{% trans "Factors required for a user to successfully authenticate." %}</span>
+    <hr>
+    <div class="dropdown">
+        <button class="btn btn-primary dropdown-toggle" type="button" id="createDropdown" data-toggle="dropdown">
+            {% trans 'Create...' %}
+            <span class="caret"></span>
+        </button>
+        <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
+            {% for type, name in types.items %}
+            <li role="presentation"><a role="menuitem" tabindex="-1"
+                    href="{% url 'passbook_admin:factor-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a></li>
+            {% endfor %}
+        </ul>
+    </div>
+    <hr>
+    <table class="table table-striped table-bordered">
+        <thead>
+            <tr>
+                <th>{% trans 'Name' %}</th>
+                <th>{% trans 'Type' %}</th>
+                <th>{% trans 'Order' %}</th>
+                <th>{% trans 'Enabled?' %}</th>
+                <th></th>
+            </tr>
+        </thead>
+        <tbody>
+            {% for factor in object_list %}
+            <tr>
+                <td>{{ factor.name }} ({{ factor.slug }})</td>
+                <td>{{ factor|verbose_name }}</td>
+                <td>{{ factor.order }}</td>
+                <td>{{ factor.enabled }}</td>
+                <td>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:factor-update' pk=factor.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:factor-delete' pk=factor.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
+                    {% get_links factor as links %}
+                    {% for name, href in links.items %}
+                    <a class="btn btn-default btn-sm"
+                        href="{{ href }}?back={{ request.get_full_path }}">{% trans name %}</a>
+                    {% endfor %}
+                </td>
+            </tr>
+            {% endfor %}
+        </tbody>
+    </table>
+</div>
+{% endblock %}
--- a/passbook/admin/templates/administration/group/list.html
+++ b/passbook/admin/templates/administration/group/list.html
@ -0,0 +1,45 @@
+{% extends "administration/base.html" %}
+
+{% load i18n %}
+{% load utils %}
+
+{% block title %}
+{% title %}
+{% endblock %}
+
+{% block content %}
+<div class="container">
+    <h1><span class="pficon-users"></span> {% trans "Groups" %}</h1>
+    <span>{% trans "Group users together and give them permissions based on the membership." %}</span>
+    <hr>
+    <a href="{% url 'passbook_admin:group-create' %}?back={{ request.get_full_path }}" class="btn btn-primary">
+        {% trans 'Create...' %}
+    </a>
+    <hr>
+    <table class="table table-striped table-bordered">
+        <thead>
+            <tr>
+                <th>{% trans 'Name' %}</th>
+                <th>{% trans 'Parent' %}</th>
+                <th>{% trans 'Members' %}</th>
+                <th></th>
+            </tr>
+        </thead>
+        <tbody>
+            {% for group in object_list %}
+            <tr>
+                <td>{{ group.name }}</td>
+                <td>{{ group.parent }}</td>
+                <td>{{ group.user_set.all|length }}</td>
+                <td>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:group-update' pk=group.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:group-delete' pk=group.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
+                </td>
+            </tr>
+            {% endfor %}
+        </tbody>
+    </table>
+</div>
+{% endblock %}
--- a/passbook/admin/templates/administration/groups/list.html
+++ b/passbook/admin/templates/administration/groups/list.html
@ -1,83 +0,0 @@
-{% extends "administration/base.html" %}
-
-{% load i18n %}
-{% load static %}
-{% load utils %}
-
-{% block head %}
-{{ block.super }}
-<link rel="stylesheet" href="{% static 'css/bootstrap-treeview.min.css'%}">
-{% endblock %}
-
-{% block scripts %}
-{{ block.super }}
-<script src="{% static 'js/bootstrap-treeview.min.js' %}"></script>
-<script>
-  var cleanupData = function (obj) {
-    return {
-      text: obj.name,
-      href: '?group=' + obj.uuid,
-      nodes: obj.children.map(cleanupData),
-    };
-  }
- $(function() {
-   var apiUrl = "{% url 'passbook_admin:group-list' %}?format=json";
-   $.ajax({
-      url: apiUrl,
-    }).done(function(data) {
-      $('#treeview1').treeview({
-        collapseIcon: "fa fa-angle-down",
-        data: data.map(cleanupData),
-        expandIcon: "fa fa-angle-right",
-        nodeIcon: "fa pficon-users",
-        showBorder: true,
-        enableLinks: true,
-        onNodeSelected: function (event, node) {
-          window.location.href = node.href;
-        }
-      });
-    });
-  });
-</script>
-{% endblock %}
-
-{% block title %}
-{% title %}
-{% endblock %}
-
-{% block content %}
-<div class="col-md-3">
-  <div id="treeview1" class="treeview">
-  </div>
-</div>
-<div class="col-md-9">
-  <h1>{% trans "Invitations" %}</h1>
-  <a href="{% url 'passbook_admin:invitation-create' %}" class="btn btn-primary">
-    {% trans 'Create...' %}
-  </a>
-  <hr>
-  <table class="table table-striped table-bordered">
-    <thead>
-      <tr>
-        <th>{% trans 'Expiry' %}</th>
-        <th>{% trans 'Link' %}</th>
-        <th></th>
-      </tr>
-    </thead>
-    <tbody>
-      {% for invitation in object_list %}
-      <tr>
-        <td>{{ invitation.expires|default:"Never" }}</td>
-        <td>
-          <pre>{{ invitation.link }}</pre>
-        </td>
-        <td>
-          <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:invitation-delete' pk=invitation.uuid %}?back={{ request.get_full_path }}">{%
-            trans 'Delete' %}</a>
-        </td>
-      </tr>
-      {% endfor %}
-    </tbody>
-  </table>
-</div>
-{% endblock %}
--- a/passbook/admin/templates/administration/invitation/list.html
+++ b/passbook/admin/templates/administration/invitation/list.html
@ -9,30 +9,35 @@

 {% block content %}
 <div class="container">
-  <h1>{% trans "Invitations" %}</h1>
-  <a href="{% url 'passbook_admin:invitation-create' %}" class="btn btn-primary">
-    {% trans 'Create...' %}
-  </a>
-  <hr>
-  <table class="table table-striped table-bordered">
-    <thead>
-      <tr>
-        <th>{% trans 'Expiry' %}</th>
-        <th>{% trans 'Link' %}</th>
-        <th></th>
-      </tr>
-    </thead>
-    <tbody>
-      {% for invitation in object_list %}
-        <tr>
-          <td>{{ invitation.expires|default:"Never" }}</td>
-          <td><pre>{{ invitation.link }}</pre></td>
-          <td>
-            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:invitation-delete' pk=invitation.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
-          </td>
-        </tr>
-      {% endfor %}
-    </tbody>
-  </table>
+    <h1><span class="pficon-migration"></span> {% trans "Invitations" %}</h1>
+    <span>{% trans "Create Invitation Links which optionally force a username or expire on a set date." %}</span>
+    <hr>
+    <a href="{% url 'passbook_admin:invitation-create' %}?back={{ request.get_full_path }}" class="btn btn-primary">
+        {% trans 'Create...' %}
+    </a>
+    <hr>
+    <table class="table table-striped table-bordered">
+        <thead>
+            <tr>
+                <th>{% trans 'Expiry' %}</th>
+                <th>{% trans 'Link' %}</th>
+                <th></th>
+            </tr>
+        </thead>
+        <tbody>
+            {% for invitation in object_list %}
+            <tr>
+                <td>{{ invitation.expires|default:"Never" }}</td>
+                <td>
+                    <pre>{{ invitation.link }}</pre>
+                </td>
+                <td>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:invitation-delete' pk=invitation.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
+                </td>
+            </tr>
+            {% endfor %}
+        </tbody>
+    </table>
 </div>
 {% endblock %}
--- a/passbook/admin/templates/administration/overview.html
+++ b/passbook/admin/templates/administration/overview.html
@ -4,53 +4,193 @@

 {% block content %}
 <div class="container">
-  <div class="col-xs-6 col-sm-2 col-md-2">
-    <div class="card-pf card-pf-accented card-pf-aggregate-status">
-      <h2 class="card-pf-title">
-        <a href="#"><span class="fa fa-shield"></span><span class="card-pf-aggregate-status-count"></span> {% trans 'Applications' %}</a>
-      </h2>
-      <div class="card-pf-body">
-        <p class="card-pf-aggregate-status-notifications">
-          <span class="card-pf-aggregate-status-notification"><a href="#"><span class="pficon pficon-ok"></span>{{ application_count }}</a></span>
-        </p>
-      </div>
+    <div class="col-xs-6 col-sm-2 col-md-2">
+        <div class="card-pf card-pf-accented card-pf-aggregate-status">
+            <h2 class="card-pf-title">
+                <a href="{% url 'passbook_admin:applications' %}">
+                    <span class="pficon-applications"></span>
+                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Applications' %}
+                </a>
+            </h2>
+            <div class="card-pf-body">
+                <p class="card-pf-aggregate-status-notifications">
+                    <span class="card-pf-aggregate-status-notification">
+                        <a href="{% url 'passbook_admin:applications' %}">
+                            <span class="pficon pficon-ok"></span>{{ application_count }}
+                        </a>
+                    </span>
+                </p>
+            </div>
+        </div>
    </div>
-  </div>
-  <div class="col-xs-6 col-sm-2 col-md-2">
-    <div class="card-pf card-pf-accented card-pf-aggregate-status">
-      <h2 class="card-pf-title">
-        <a href="#"><span class="fa fa-shield"></span><span class="card-pf-aggregate-status-count"></span> {% trans 'Providers' %}</a>
-      </h2>
-      <div class="card-pf-body">
-        <p class="card-pf-aggregate-status-notifications">
-          <span class="card-pf-aggregate-status-notification"><a href="#"><span class="pficon pficon-ok"></span>{{ provider_count }}</a></span>
-        </p>
-      </div>
+    <div class="col-xs-6 col-sm-2 col-md-2">
+        <div class="card-pf card-pf-accented card-pf-aggregate-status">
+            <h2 class="card-pf-title">
+                <a href="{% url 'passbook_admin:sources' %}">
+                    <span class="pficon-resource-pool"></span>
+                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Sources' %}
+                </a>
+            </h2>
+            <div class="card-pf-body">
+                <p class="card-pf-aggregate-status-notifications">
+                    <span class="card-pf-aggregate-status-notification">
+                        <a href="{% url 'passbook_admin:sources' %}">
+                            <span class="pficon pficon-ok"></span>{{ source_count }}
+                        </a>
+                    </span>
+                </p>
+            </div>
+        </div>
    </div>
-  </div>
-  <div class="col-xs-6 col-sm-2 col-md-2">
-    <div class="card-pf card-pf-accented card-pf-aggregate-status">
-      <h2 class="card-pf-title">
-        <a href="#"><span class="fa fa-shield"></span><span class="card-pf-aggregate-status-count"></span> {% trans 'Rules' %}</a>
-      </h2>
-      <div class="card-pf-body">
-        <p class="card-pf-aggregate-status-notifications">
-          <span class="card-pf-aggregate-status-notification"><a href="#"><span class="pficon pficon-ok"></span>{{ rule_count }}</a></span>
-        </p>
-      </div>
+    <div class="col-xs-6 col-sm-2 col-md-2">
+        <div class="card-pf card-pf-accented card-pf-aggregate-status">
+            <h2 class="card-pf-title">
+                <a href="{% url 'passbook_admin:providers' %}">
+                    <span class="pficon-integration"></span>
+                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Providers' %}
+                </a>
+            </h2>
+            <div class="card-pf-body">
+                <p class="card-pf-aggregate-status-notifications">
+                    <span class="card-pf-aggregate-status-notification">
+                        <a href="{% url 'passbook_admin:providers' %}">
+                            {% if providers_without_application.exists %}
+                            <span class="pficon-warning-triangle-o" data-toggle="tooltip" data-placement="right" title="{% trans 'Warning: At least one Provider has no application assigned.' %}"></span> {{ provider_count }}
+                            {% else %}
+                            <span class="pficon pficon-ok"></span> {{ provider_count }}
+                            {% endif %}
+                        </a>
+                    </span>
+                </p>
+            </div>
+        </div>
    </div>
-  </div>
-  <div class="col-xs-6 col-sm-2 col-md-2">
-    <div class="card-pf card-pf-accented card-pf-aggregate-status">
-      <h2 class="card-pf-title">
-        <a href="#"><span class="fa fa-shield"></span><span class="card-pf-aggregate-status-count"></span> {% trans 'Users' %}</a>
-      </h2>
-      <div class="card-pf-body">
-        <p class="card-pf-aggregate-status-notifications">
-          <span class="card-pf-aggregate-status-notification"><a href="#"><span class="pficon pficon-ok"></span>{{ user_count }}</a></span>
-        </p>
-      </div>
+    <div class="col-xs-6 col-sm-2 col-md-2">
+        <div class="card-pf card-pf-accented card-pf-aggregate-status">
+            <h2 class="card-pf-title">
+                <a href="{% url 'passbook_admin:factors' %}">
+                    <span class="pficon-plugged"></span>
+                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Factors' %}
+                </a>
+            </h2>
+            <div class="card-pf-body">
+                <p class="card-pf-aggregate-status-notifications">
+                    <span class="card-pf-aggregate-status-notification">
+                        {% if factor_count < 1 %}
+                        <span class="pficon-error-circle-o" data-toggle="tooltip" data-placement="right"
+                            title="{% trans 'No Factors configured. No Users will be able to login.' %}"></span>
+                        {{ factor_count }}
+                        {% else %}
+                        <span class="pficon pficon-ok"></span>{{ factor_count }}
+                        {% endif %}
+                    </span>
+                </p>
+            </div>
+        </div>
+    </div>
+    <div class="col-xs-6 col-sm-2 col-md-2">
+        <div class="card-pf card-pf-accented card-pf-aggregate-status">
+            <h2 class="card-pf-title">
+                <a href="{% url 'passbook_admin:policies' %}">
+                    <span class="pficon-infrastructure"></span>
+                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Policies' %}
+                </a>
+            </h2>
+            <div class="card-pf-body">
+                <p class="card-pf-aggregate-status-notifications">
+                    <span class="card-pf-aggregate-status-notification">
+                        {% if policies_without_attachment > 0 %}
+                        <span class="pficon-warning-triangle-o" data-toggle="tooltip" data-placement="right"
+                            title="{% trans 'Policies without attachment exist.' %}"></span>
+                        {{ policy_count }}
+                        {% else %}
+                        <span class="pficon pficon-ok"></span>{{ policy_count }}
+                        {% endif %}
+                    </span>
+                </p>
+            </div>
+        </div>
+    </div>
+    <div class="col-xs-6 col-sm-2 col-md-2">
+        <div class="card-pf card-pf-accented card-pf-aggregate-status">
+            <h2 class="card-pf-title">
+                <a href="{% url 'passbook_admin:invitations' %}">
+                    <span class="pficon-migration"></span>
+                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Invitation' %}
+                </a>
+            </h2>
+            <div class="card-pf-body">
+                <p class="card-pf-aggregate-status-notifications">
+                    <span class="card-pf-aggregate-status-notification">
+                        <a href="{% url 'passbook_admin:invitations' %}">
+                            <span class="pficon pficon-ok"></span>{{ invitation_count }}
+                        </a>
+                    </span>
+                </p>
+            </div>
+        </div>
+    </div>
+    <div class="col-xs-6 col-sm-2 col-md-2">
+        <div class="card-pf card-pf-accented card-pf-aggregate-status">
+            <h2 class="card-pf-title">
+                <a href="{% url 'passbook_admin:users' %}">
+                    <span class="pficon-users"></span>
+                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Users' %}
+                </a>
+            </h2>
+            <div class="card-pf-body">
+                <p class="card-pf-aggregate-status-notifications">
+                    <span class="card-pf-aggregate-status-notification">
+                        <a href="{% url 'passbook_admin:users' %}">
+                            <span class="pficon pficon-ok"></span>{{ user_count }}
+                        </a>
+                    </span>
+                </p>
+            </div>
+        </div>
+    </div>
+    <div class="col-xs-6 col-sm-2 col-md-2">
+        <div class="card-pf card-pf-accented card-pf-aggregate-status">
+            <h2 class="card-pf-title">
+                <a href="#">
+                    <span class="pficon-bundle"></span>
+                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Version' %}
+                </a>
+            </h2>
+            <div class="card-pf-body">
+                <p class="card-pf-aggregate-status-notifications">
+                    <span class="card-pf-aggregate-status-notification">
+                        <a href="#">
+                            {{ version }}
+                        </a>
+                    </span>
+                </p>
+            </div>
+        </div>
+    </div>
+    <div class="col-xs-6 col-sm-2 col-md-2">
+        <div class="card-pf card-pf-accented card-pf-aggregate-status">
+            <h2 class="card-pf-title">
+                <a href="#">
+                    <span class="pficon-server"></span>
+                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Worker(s)' %}
+                </a>
+            </h2>
+            <div class="card-pf-body">
+                <p class="card-pf-aggregate-status-notifications">
+                    <span class="card-pf-aggregate-status-notification">
+                        <a href="#">
+                            {% if worker_count < 1%}
+                            <span class="pficon-error-circle-o" data-toggle="tooltip" data-placement="right"
+                                title="{% trans 'No workers connected. Policies will not work and you may expect other issues.' %}"></span> {{ worker_count }}
+                            {% else %}
+                            <span class="pficon pficon-ok"></span>{{ worker_count }}
+                            {% endif %}
+                        </a>
+                    </span>
+                </p>
+            </div>
+        </div>
    </div>
-  </div>
 </div>
-{% endblock %}
+{% endblock %}
--- a/passbook/admin/templates/administration/policy/list.html
+++ b/passbook/admin/templates/administration/policy/list.html
@ -0,0 +1,62 @@
+{% extends "administration/base.html" %}
+
+{% load i18n %}
+{% load utils %}
+
+{% block title %}
+{% title %}
+{% endblock %}
+
+{% block content %}
+<div class="container">
+    <h1><span class="pficon-infrastructure"></span> {% trans "Policies" %}</h1>
+    <span>{% trans "Allow users to use Applications based on properties, enforce Password Criteria and selectively apply Factors." %}</span>
+    <hr>
+    <div class="dropdown">
+        <button class="btn btn-primary dropdown-toggle" type="button" id="createDropdown" data-toggle="dropdown">
+            {% trans 'Create...' %}
+            <span class="caret"></span>
+        </button>
+        <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
+            {% for type, name in types.items %}
+            <li role="presentation"><a role="menuitem" tabindex="-1"
+                    href="{% url 'passbook_admin:policy-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a></li>
+            {% endfor %}
+        </ul>
+    </div>
+    <hr>
+    <table class="table table-striped table-bordered">
+        <thead>
+            <tr>
+                <th></th>
+                <th>{% trans 'Name' %}</th>
+                <th>{% trans 'Type' %}</th>
+                <th></th>
+            </tr>
+        </thead>
+        <tbody>
+            {% for policy in object_list %}
+            <tr {% if not policy.policymodel_set.exists %} class="warning" {% endif %}>
+                <th>
+                    {% if not policy.policymodel_set.exists %}
+                    <span class="pficon-warning-triangle-o" data-toggle="tooltip" data-placement="right" title="{% trans 'Warning: Policy is not assigned.' %}"></span>
+                    {% else %}
+                    <span class="pficon-ok" data-toggle="tooltip" data-placement="right" title="{% blocktrans with objects=policy.policymodel_set.all|join:', ' %}Assigned to objects {{ objects }}{% endblocktrans %}"></span>
+                    {% endif %}
+                </th>
+                <td>{{ policy.name }}</td>
+                <td>{{ policy|verbose_name }}</td>
+                <td>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:policy-update' pk=policy.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:policy-test' pk=policy.uuid %}?back={{ request.get_full_path }}">{% trans 'Test' %}</a>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:policy-delete' pk=policy.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
+                </td>
+            </tr>
+            {% endfor %}
+        </tbody>
+    </table>
+</div>
+{% endblock %}
--- a/passbook/admin/templates/administration/policy/test.html
+++ b/passbook/admin/templates/administration/policy/test.html
@ -0,0 +1,26 @@
+{% extends 'generic/form.html' %}
+
+{% load i18n %}
+
+{% block above_form %}
+<h1>{% blocktrans with policy=policy %}Test policy {{ policy }}{% endblocktrans %}</h1>
+{% endblock %}
+
+{% block action %}
+{% trans 'Test' %}
+{% endblock %}
+
+{% block beneath_form %}
+<p class="loading" style="display: none;">
+  <span class="spinner spinner-xs spinner-inline"></span> {% trans 'Processing, please wait...' %}
+</p>
+{% endblock %}
+
+{% block scripts %}
+{{ block.super }}
+<script>
+  $('form').on('submit', function () {
+    $('p.loading').show();
+  })
+</script>
+{% endblock %}
--- a/passbook/admin/templates/administration/property_mapping/list.html
+++ b/passbook/admin/templates/administration/property_mapping/list.html
@ -0,0 +1,52 @@
+{% extends "administration/base.html" %}
+
+{% load i18n %}
+{% load utils %}
+
+{% block title %}
+{% title %}
+{% endblock %}
+
+{% block content %}
+<div class="container">
+    <h1><span class="fa fa-table"></span> {% trans "Property Mappings" %}</h1>
+    <span>{% trans "Property Mappings allow you expose provider-specific attributes." %}</span>
+    <hr>
+    <div class="dropdown">
+        <button class="btn btn-primary dropdown-toggle" type="button" id="createDropdown" data-toggle="dropdown">
+            {% trans 'Create...' %}
+            <span class="caret"></span>
+        </button>
+        <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
+            {% for type, name in types.items %}
+            <li role="presentation"><a role="menuitem" tabindex="-1"
+                    href="{% url 'passbook_admin:property-mapping-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a></li>
+            {% endfor %}
+        </ul>
+    </div>
+    <hr>
+    <table class="table table-striped table-bordered">
+        <thead>
+            <tr>
+                <th>{% trans 'Name' %}</th>
+                <th>{% trans 'Type' %}</th>
+                <th></th>
+            </tr>
+        </thead>
+        <tbody>
+            {% for property_mapping in object_list %}
+            <tr>
+                <td>{{ property_mapping.name }} ({{ property_mapping.slug }})</td>
+                <td>{{ property_mapping|verbose_name }}</td>
+                <td>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:property-mapping-update' pk=property_mapping.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:property-mapping-delete' pk=property_mapping.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
+                </td>
+            </tr>
+            {% endfor %}
+        </tbody>
+    </table>
+</div>
+{% endblock %}
--- a/passbook/admin/templates/administration/provider/list.html
+++ b/passbook/admin/templates/administration/provider/list.html
@ -10,43 +10,57 @@

 {% block content %}
 <div class="container">
-  <h1>{% trans "Providers" %}</h1>
-  <div class="dropdown">
-    <button class="btn btn-primary dropdown-toggle" type="button" id="createDropdown" data-toggle="dropdown">
-      {% trans 'Create...' %}
-      <span class="caret"></span>
-    </button>
-    <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
-      {% for type, name in types.items %}
-      <li role="presentation"><a role="menuitem" tabindex="-1" href="{% url 'passbook_admin:provider-create' %}?type={{ type }}">{{ name }}</a></li>
-      {% endfor %}
-    </ul>
-  </div>
-  <hr>
-  <table class="table table-striped table-bordered">
-    <thead>
-      <tr>
-        <th>{% trans 'Name' %}</th>
-        <th>{% trans 'Class' %}</th>
-        <th></th>
-      </tr>
-    </thead>
-    <tbody>
-      {% for provider in object_list %}
-        <tr>
-          <td>{{ provider.name }}</td>
-          <td>{{ provider|fieldtype }}</td>
-          <td>
-            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:provider-update' pk=provider.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
-            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:provider-delete' pk=provider.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
-            {% get_links provider as links %}
-            {% for name, href in links.items %}
-              <a class="btn btn-default btn-sm" href="{{ href }}?back={{ request.get_full_path }}">{% trans name %}</a>
+    <h1><span class="pficon-integration"></span> {% trans "Providers" %}</h1>
+    <span>{% trans "Authentication Protocol Provider, used as Protocol behind an Application." %}</span>
+    <hr>
+    <div class="dropdown">
+        <button class="btn btn-primary dropdown-toggle" type="button" id="createDropdown" data-toggle="dropdown">
+            {% trans 'Create...' %}
+            <span class="caret"></span>
+        </button>
+        <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
+            {% for type, name in types.items %}
+            <li role="presentation"><a role="menuitem" tabindex="-1"
+                    href="{% url 'passbook_admin:provider-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a></li>
            {% endfor %}
-          </td>
-        </tr>
-      {% endfor %}
-    </tbody>
-  </table>
+        </ul>
+    </div>
+    <hr>
+    <table class="table table-striped table-bordered">
+        <thead>
+            <tr>
+                <th></th>
+                <th>{% trans 'Name' %}</th>
+                <th>{% trans 'Type' %}</th>
+                <th></th>
+            </tr>
+        </thead>
+        <tbody>
+            {% for provider in object_list %}
+            <tr {% if not provider.application %} class="warning" {% endif %}>
+                <th>
+                    {% if not provider.application %}
+                    <span class="pficon-warning-triangle-o" data-toggle="tooltip" data-placement="right" title="{% trans 'Warning: Provider has no application assigned.' %}"></span>
+                    {% else %}
+                    <span class="pficon-ok" data-toggle="tooltip" data-placement="right" title="{% blocktrans with app=provider.application %}Assigned to Application {{ app }}{% endblocktrans %}"></span>
+                    {% endif %}
+                </th>
+                <td>{{ provider.name }}</td>
+                <td>{{ provider|verbose_name }}</td>
+                <td>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:provider-update' pk=provider.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:provider-delete' pk=provider.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
+                    {% get_links provider as links %}
+                    {% for name, href in links.items %}
+                    <a class="btn btn-default btn-sm"
+                        href="{{ href }}?back={{ request.get_full_path }}">{% trans name %}</a>
+                    {% endfor %}
+                </td>
+            </tr>
+            {% endfor %}
+        </tbody>
+    </table>
 </div>
 {% endblock %}
--- a/passbook/admin/templates/administration/rule/list.html
+++ b/passbook/admin/templates/administration/rule/list.html
@ -1,48 +0,0 @@
-{% extends "administration/base.html" %}
-
-{% load i18n %}
-{% load utils %}
-
-{% block title %}
-{% title %}
-{% endblock %}
-
-{% block content %}
-<div class="container">
-  <h1>{% trans "Rules" %}</h1>
-  <div class="dropdown">
-    <button class="btn btn-primary dropdown-toggle" type="button" id="createDropdown" data-toggle="dropdown">
-      {% trans 'Create...' %}
-      <span class="caret"></span>
-    </button>
-    <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
-      {% for type, name in types.items %}
-      <li role="presentation"><a role="menuitem" tabindex="-1" href="{% url 'passbook_admin:rule-create' %}?type={{ type }}">{{ name }}</a></li>
-      {% endfor %}
-    </ul>
-  </div>
-  <hr>
-  <table class="table table-striped table-bordered">
-    <thead>
-      <tr>
-        <th>{% trans 'Name' %}</th>
-        <th>{% trans 'Class' %}</th>
-        <th></th>
-      </tr>
-    </thead>
-    <tbody>
-      {% for rule in object_list %}
-        <tr>
-          <td>{{ rule.name }}</td>
-          <td>{{ rule|fieldtype }}</td>
-          <td>
-            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:rule-update' pk=rule.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
-            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:rule-test' pk=rule.uuid %}?back={{ request.get_full_path }}">{% trans 'Test' %}</a>
-            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:rule-delete' pk=rule.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
-          </td>
-        </tr>
-      {% endfor %}
-    </tbody>
-  </table>
-</div>
-{% endblock %}
--- a/passbook/admin/templates/administration/rule/test.html
+++ b/passbook/admin/templates/administration/rule/test.html
@ -1,7 +0,0 @@
-{% extends 'generic/form.html' %}
-
-{% load i18n %}
-
-{% block above_form %}
-<h1>{% blocktrans with rule=rule %}Test rule {{ rule }}{% endblocktrans %}</h1>
-{% endblock %}
--- a/passbook/admin/templates/administration/source/list.html
+++ b/passbook/admin/templates/administration/source/list.html
@ -6,43 +6,51 @@

 {% block content %}
 <div class="container">
-  <h1>{% trans "Sources" %}</h1>
-  <div class="dropdown">
-    <button class="btn btn-primary dropdown-toggle" type="button" id="createDropdown" data-toggle="dropdown">
-      {% trans 'Create...' %}
-      <span class="caret"></span>
-    </button>
-    <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
-      {% for type, name in types.items %}
-      <li role="presentation"><a role="menuitem" tabindex="-1" href="{% url 'passbook_admin:source-create' %}?type={{ type }}">{{ name }}</a></li>
-      {% endfor %}
-    </ul>
-  </div>
-  <hr>
-  <table class="table table-striped table-bordered">
-    <thead>
-      <tr>
-        <th>{% trans 'Name' %}</th>
-        <th>{% trans 'Class' %}</th>
-        <th></th>
-      </tr>
-    </thead>
-    <tbody>
-      {% for source in object_list %}
-        <tr>
-          <td>{{ source.name }}</td>
-          <td>{{ source|fieldtype }}</td>
-          <td>
-            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:source-update' pk=source.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
-            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:source-delete' pk=source.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
-            {% get_links source as links %}
-            {% for name, href in links %}
-              <a class="btn btn-default btn-sm" href="{{ href }}?back={{ request.get_full_path }}">{% trans name %}</a>
+    <h1><span class="pficon-resource-pool"></span> {% trans "Sources" %}</h1>
+    <span>{% trans "External Sources which can be used to get Identities into passbook, for example Social Providers like Twiter and GitHub or Enterprise Providers like ADFS and LDAP." %}</span>
+    <hr>
+    <div class="dropdown">
+        <button class="btn btn-primary dropdown-toggle" type="button" id="createDropdown" data-toggle="dropdown">
+            {% trans 'Create...' %}
+            <span class="caret"></span>
+        </button>
+        <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
+            {% for type, name in types.items %}
+            <li role="presentation"><a role="menuitem" tabindex="-1"
+                    href="{% url 'passbook_admin:source-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a></li>
            {% endfor %}
-          </td>
-        </tr>
-      {% endfor %}
-    </tbody>
-  </table>
+        </ul>
+    </div>
+    <hr>
+    <table class="table table-striped table-bordered">
+        <thead>
+            <tr>
+                <th>{% trans 'Name' %}</th>
+                <th>{% trans 'Class' %}</th>
+                <th>{% trans 'Additional Info' %}</th>
+                <th></th>
+            </tr>
+        </thead>
+        <tbody>
+            {% for source in object_list %}
+            <tr>
+                <td>{{ source.name }}</td>
+                <td>{{ source|fieldtype }}</td>
+                <td>{{ source.additional_info }}</td>
+                <td>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:source-update' pk=source.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:source-delete' pk=source.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
+                    {% get_links source as links %}
+                    {% for name, href in links %}
+                    <a class="btn btn-default btn-sm"
+                        href="{{ href }}?back={{ request.get_full_path }}">{% trans name %}</a>
+                    {% endfor %}
+                </td>
+            </tr>
+            {% endfor %}
+        </tbody>
+    </table>
 </div>
 {% endblock %}
--- a/passbook/admin/templates/administration/user/list.html
+++ b/passbook/admin/templates/administration/user/list.html
@ -5,34 +5,38 @@

 {% block content %}
 <div class="container">
-  <h1>{% trans "Users" %}</h1>
-  <hr>
-  <table class="table table-striped table-bordered">
-    <thead>
-      <tr>
-        <th>{% trans 'Username' %}</th>
-        <th>{% trans 'First Name' %}</th>
-        <th>{% trans 'Last Name' %}</th>
-        <th>{% trans 'Active' %}</th>
-        <th>{% trans 'Last Login' %}</th>
-        <th></th>
-      </tr>
-    </thead>
-    <tbody>
-      {% for user in object_list %}
-        <tr>
-          <td>{{ user.username }}</td>
-          <td>{{ user.first_name|default:'-' }}</td>
-          <td>{{ user.last_name|default:'-' }}</td>
-          <td>{{ user.is_active }}</td>
-          <td>{{ user.last_login }}</td>
-          <td>
-            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:user-update' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
-            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:user-delete' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
-          </td>
-        </tr>
-      {% endfor %}
-    </tbody>
-  </table>
+    <h1><span class="pficon-users"></span> {% trans "Users" %}</h1>
+    <hr>
+    <table class="table table-striped table-bordered">
+        <thead>
+            <tr>
+                <th>{% trans 'Username' %}</th>
+                <th>{% trans 'Name' %}</th>
+                <th>{% trans 'Active' %}</th>
+                <th>{% trans 'Last Login' %}</th>
+                <th></th>
+            </tr>
+        </thead>
+        <tbody>
+            {% for user in object_list %}
+            <tr>
+                <td>{{ user.username }}</td>
+                <td>{{ user.name|default:'-' }}</td>
+                <td>{{ user.is_active }}</td>
+                <td>{{ user.last_login }}</td>
+                <td>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:user-update' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:user-delete' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:user-password-reset' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Reset Password' %}</a>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_core:overview' %}?__impersonate={{ user.pk }}">{% trans 'Impersonate' %}</a>
+                </td>
+            </tr>
+            {% endfor %}
+        </tbody>
+    </table>
 </div>
 {% endblock %}
--- a/passbook/admin/templates/generic/create.html
+++ b/passbook/admin/templates/generic/create.html
@ -1,7 +1,12 @@
 {% extends "generic/form.html" %}

+{% load utils %}
 {% load i18n %}

 {% block above_form %}
-<h1>{% trans 'Create' %}</h1>
-{% endblock %}
+<h1>{% blocktrans with type=form|form_verbose_name %}Create {{ type }}{% endblocktrans %}</h1>
+{% endblock %}
+
+{% block action %}
+{% blocktrans with type=form|form_verbose_name %}Create {{ type }}{% endblocktrans %}
+{% endblock %}
--- a/passbook/admin/templates/generic/create_inheritance.html
+++ b/passbook/admin/templates/generic/create_inheritance.html
@ -1,11 +0,0 @@
-{% extends "generic/create.html" %}
-
-{% load i18n %}
-
-{% block title %}
-{% blocktrans with type=request.GET.type %}Create {{ type }}{% endblocktrans %}
-{% endblock %}
-
-{% block above_form %}
-<h1>{% blocktrans with type=request.GET.type %}Create {{ type }}{% endblocktrans %}</h1>
-{% endblock %}
--- a/passbook/admin/templates/generic/form.html
+++ b/passbook/admin/templates/generic/form.html
@ -2,6 +2,21 @@

 {% load i18n %}
 {% load utils %}
+{% load static %}
+
+{% block head %}
+{{ block.super }}
+{{ form.media.css }}
+<script type="text/javascript" src="{% url 'admin:jsi18n' %}"></script>
+<script type="text/javascript" src="{% static 'admin/js/vendor/jquery/jquery.js' %}"></script>
+<script type="text/javascript" src="{% static 'admin/js/jquery.init.js' %}"></script>
+<script type="text/javascript" src="{% static 'admin/js/core.js' %}"></script>
+<script type="text/javascript" src="{% static 'admin/js/actions.js' %}"></script>
+<script type="text/javascript" src="{% static 'admin/js/urlify.js' %}"></script>
+<script type="text/javascript" src="{% static 'admin/js/prepopulate.js' %}"></script>
+<script type="text/javascript" src="{% static 'admin/js/SelectBox.js' %}"></script>
+<script type="text/javascript" src="{% static 'admin/js/SelectFilter2.js' %}"></script>
+{% endblock %}

 {% block content %}
 <div class="container">
@ -11,8 +26,15 @@
    <form action="" method="post" class="form-horizontal">
      {% include 'partials/form.html' with form=form %}
      <a class="btn btn-default" href="{% back %}">{% trans "Cancel" %}</a>
-      <input type="submit" class="btn btn-primary" value="{% trans 'Create' %}" />
+      <input type="submit" class="btn btn-primary" value="{% block action %}{% endblock %}" />
    </form>
  </div>
+  {% block beneath_form %}
+  {% endblock %}
 </div>
 {% endblock %}
+
+{% block scripts %}
+{{ block.super }}
+{{ form.media.js }}
+{% endblock %}
--- a/passbook/admin/templates/generic/update.html
+++ b/passbook/admin/templates/generic/update.html
@ -1,7 +1,12 @@
 {% extends "generic/form.html" %}

+{% load utils %}
 {% load i18n %}

 {% block above_form %}
-<h1>{% trans 'Update' %}</h1>
-{% endblock %}
+<h1>{% blocktrans with type=form|form_verbose_name %}Update {{ type }}{% endblocktrans %}</h1>
+{% endblock %}
+
+{% block action %}
+{% blocktrans with type=form|form_verbose_name %}Update {{ type }}{% endblocktrans %}
+{% endblock %}
--- a/passbook/admin/urls.py
+++ b/passbook/admin/urls.py
@ -1,12 +1,9 @@
 """passbook URL Configuration"""
 from django.urls import include, path
-from rest_framework_swagger.views import get_swagger_view
-
-from passbook.admin.views import (applications, audit, groups, invitations,
-                                  overview, providers, rules, sources, users)
-
-schema_view = get_swagger_view(title='passbook Admin Internal API')

+from passbook.admin.views import (applications, audit, factors, groups,
+                                  invitations, overview, policy,
+                                  property_mapping, providers, sources, users)

 urlpatterns = [
    path('', overview.AdministrationOverviewView.as_view(), name='overview'),
@ -24,12 +21,12 @@ urlpatterns = [
    path('sources/create/', sources.SourceCreateView.as_view(), name='source-create'),
    path('sources/<uuid:pk>/update/', sources.SourceUpdateView.as_view(), name='source-update'),
    path('sources/<uuid:pk>/delete/', sources.SourceDeleteView.as_view(), name='source-delete'),
-    # Rules
-    path('rules/', rules.RuleListView.as_view(), name='rules'),
-    path('rules/create/', rules.RuleCreateView.as_view(), name='rule-create'),
-    path('rules/<uuid:pk>/update/', rules.RuleUpdateView.as_view(), name='rule-update'),
-    path('rules/<uuid:pk>/delete/', rules.RuleDeleteView.as_view(), name='rule-delete'),
-    path('rules/<uuid:pk>/test/', rules.RuleTestView.as_view(), name='rule-test'),
+    # Policies
+    path('policies/', policy.PolicyListView.as_view(), name='policies'),
+    path('policies/create/', policy.PolicyCreateView.as_view(), name='policy-create'),
+    path('policies/<uuid:pk>/update/', policy.PolicyUpdateView.as_view(), name='policy-update'),
+    path('policies/<uuid:pk>/delete/', policy.PolicyDeleteView.as_view(), name='policy-delete'),
+    path('policies/<uuid:pk>/test/', policy.PolicyTestView.as_view(), name='policy-test'),
    # Providers
    path('providers/', providers.ProviderListView.as_view(), name='providers'),
    path('providers/create/',
@ -38,6 +35,23 @@ urlpatterns = [
         providers.ProviderUpdateView.as_view(), name='provider-update'),
    path('providers/<int:pk>/delete/',
         providers.ProviderDeleteView.as_view(), name='provider-delete'),
+    # Factors
+    path('factors/', factors.FactorListView.as_view(), name='factors'),
+    path('factors/create/',
+         factors.FactorCreateView.as_view(), name='factor-create'),
+    path('factors/<uuid:pk>/update/',
+         factors.FactorUpdateView.as_view(), name='factor-update'),
+    path('factors/<uuid:pk>/delete/',
+         factors.FactorDeleteView.as_view(), name='factor-delete'),
+    # Factors
+    path('property-mappings/', property_mapping.PropertyMappingListView.as_view(),
+         name='property-mappings'),
+    path('property-mappings/create/',
+         property_mapping.PropertyMappingCreateView.as_view(), name='property-mapping-create'),
+    path('property-mappings/<uuid:pk>/update/',
+         property_mapping.PropertyMappingUpdateView.as_view(), name='property-mapping-update'),
+    path('property-mappings/<uuid:pk>/delete/',
+         property_mapping.PropertyMappingDeleteView.as_view(), name='property-mapping-delete'),
    # Invitations
    path('invitations/', invitations.InvitationListView.as_view(), name='invitations'),
    path('invitations/create/',
@ -51,11 +65,17 @@ urlpatterns = [
         users.UserUpdateView.as_view(), name='user-update'),
    path('users/<int:pk>/delete/',
         users.UserDeleteView.as_view(), name='user-delete'),
+    path('users/<int:pk>/reset/',
+         users.UserPasswordResetView.as_view(), name='user-password-reset'),
+    # Groups
+    path('group/', groups.GroupListView.as_view(), name='group'),
+    path('group/create/', groups.GroupCreateView.as_view(), name='group-create'),
+    path('group/<uuid:pk>/update/', groups.GroupUpdateView.as_view(), name='group-update'),
+    path('group/<uuid:pk>/delete/', groups.GroupDeleteView.as_view(), name='group-delete'),
    # Audit Log
    path('audit/', audit.AuditEntryListView.as_view(), name='audit-log'),
    # Groups
    path('groups/', groups.GroupListView.as_view(), name='groups'),
    # API
-    path('api/', schema_view),
-    path('api/v1/', include('passbook.admin.api.v1.urls'))
+    path('api/', include('passbook.admin.api.urls'))
 ]
--- a/passbook/admin/views/applications.py
+++ b/passbook/admin/views/applications.py
@ -1,4 +1,5 @@
 """passbook Application administration"""
+from django.contrib import messages
 from django.contrib.messages.views import SuccessMessageMixin
 from django.urls import reverse_lazy
 from django.utils.translation import ugettext as _
@ -13,6 +14,7 @@ class ApplicationListView(AdminRequiredMixin, ListView):
    """Show list of all applications"""

    model = Application
+    ordering = 'name'
    template_name = 'administration/application/list.html'

    def get_queryset(self):
@ -28,6 +30,10 @@ class ApplicationCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView)
    success_url = reverse_lazy('passbook_admin:applications')
    success_message = _('Successfully created Application')

+    def get_context_data(self, **kwargs):
+        kwargs['type'] = 'Application'
+        return super().get_context_data(**kwargs)
+

 class ApplicationUpdateView(SuccessMessageMixin, AdminRequiredMixin, UpdateView):
    """Update application"""
@ -45,5 +51,10 @@ class ApplicationDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView)

    model = Application

+    template_name = 'generic/delete.html'
    success_url = reverse_lazy('passbook_admin:applications')
-    success_message = _('Successfully updated Application')
+    success_message = _('Successfully deleted Application')
+
+    def delete(self, request, *args, **kwargs):
+        messages.success(self.request, self.success_message)
+        return super().delete(request, *args, **kwargs)
--- a/passbook/admin/views/factors.py
+++ b/passbook/admin/views/factors.py
@ -0,0 +1,84 @@
+"""passbook Factor administration"""
+from django.contrib import messages
+from django.contrib.messages.views import SuccessMessageMixin
+from django.http import Http404
+from django.urls import reverse_lazy
+from django.utils.translation import ugettext as _
+from django.views.generic import CreateView, DeleteView, ListView, UpdateView
+
+from passbook.admin.mixins import AdminRequiredMixin
+from passbook.core.models import Factor
+from passbook.lib.utils.reflection import path_to_class
+
+
+def all_subclasses(cls):
+    """Recursively return all subclassess of cls"""
+    return set(cls.__subclasses__()).union(
+        [s for c in cls.__subclasses__() for s in all_subclasses(c)])
+
+class FactorListView(AdminRequiredMixin, ListView):
+    """Show list of all factors"""
+
+    model = Factor
+    template_name = 'administration/factor/list.html'
+    ordering = 'order'
+
+    def get_context_data(self, **kwargs):
+        kwargs['types'] = {
+            x.__name__: x._meta.verbose_name for x in all_subclasses(Factor)}
+        return super().get_context_data(**kwargs)
+
+    def get_queryset(self):
+        return super().get_queryset().select_subclasses()
+
+class FactorCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
+    """Create new Factor"""
+
+    template_name = 'generic/create.html'
+    success_url = reverse_lazy('passbook_admin:factors')
+    success_message = _('Successfully created Factor')
+
+    def get_context_data(self, **kwargs):
+        kwargs = super().get_context_data(**kwargs)
+        factor_type = self.request.GET.get('type')
+        model = next(x for x in all_subclasses(Factor) if x.__name__ == factor_type)
+        kwargs['type'] = model._meta.verbose_name
+        return kwargs
+
+    def get_form_class(self):
+        factor_type = self.request.GET.get('type')
+        model = next(x for x in all_subclasses(Factor) if x.__name__ == factor_type)
+        if not model:
+            raise Http404
+        return path_to_class(model.form)
+
+class FactorUpdateView(SuccessMessageMixin, AdminRequiredMixin, UpdateView):
+    """Update factor"""
+
+    model = Factor
+    template_name = 'generic/update.html'
+    success_url = reverse_lazy('passbook_admin:factors')
+    success_message = _('Successfully updated Factor')
+
+    def get_form_class(self):
+        form_class_path = self.get_object().form
+        form_class = path_to_class(form_class_path)
+        return form_class
+
+    def get_object(self, queryset=None):
+        return Factor.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
+
+class FactorDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView):
+    """Delete factor"""
+
+    model = Factor
+    template_name = 'generic/delete.html'
+    success_url = reverse_lazy('passbook_admin:factors')
+    success_message = _('Successfully deleted Factor')
+
+    def get_object(self, queryset=None):
+        return Factor.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
+
+    def delete(self, request, *args, **kwargs):
+        messages.success(self.request, self.success_message)
+        return super().delete(request, *args, **kwargs)
--- a/passbook/admin/views/groups.py
+++ b/passbook/admin/views/groups.py
@ -1,12 +1,57 @@
 """passbook Group administration"""
-from django.views.generic import ListView
+from django.contrib import messages
+from django.contrib.messages.views import SuccessMessageMixin
+from django.urls import reverse_lazy
+from django.utils.translation import ugettext as _
+from django.views.generic import CreateView, DeleteView, ListView, UpdateView

 from passbook.admin.mixins import AdminRequiredMixin
+from passbook.core.forms.groups import GroupForm
 from passbook.core.models import Group


 class GroupListView(AdminRequiredMixin, ListView):
-    """Show list of all invitations"""
+    """Show list of all groups"""

    model = Group
-    template_name = 'administration/groups/list.html'
+    ordering = 'name'
+    template_name = 'administration/group/list.html'
+
+
+class GroupCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
+    """Create new Group"""
+
+    form_class = GroupForm
+
+    template_name = 'generic/create.html'
+    success_url = reverse_lazy('passbook_admin:groups')
+    success_message = _('Successfully created Group')
+
+    def get_context_data(self, **kwargs):
+        kwargs['type'] = 'Group'
+        return super().get_context_data(**kwargs)
+
+
+class GroupUpdateView(SuccessMessageMixin, AdminRequiredMixin, UpdateView):
+    """Update group"""
+
+    model = Group
+    form_class = GroupForm
+
+    template_name = 'generic/update.html'
+    success_url = reverse_lazy('passbook_admin:groups')
+    success_message = _('Successfully updated Group')
+
+
+class GroupDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView):
+    """Delete group"""
+
+    model = Group
+
+    template_name = 'generic/delete.html'
+    success_url = reverse_lazy('passbook_admin:groups')
+    success_message = _('Successfully deleted Group')
+
+    def delete(self, request, *args, **kwargs):
+        messages.success(self.request, self.success_message)
+        return super().delete(request, *args, **kwargs)
--- a/passbook/admin/views/invitations.py
+++ b/passbook/admin/views/invitations.py
@ -1,4 +1,5 @@
 """passbook Invitation administration"""
+from django.contrib import messages
 from django.contrib.messages.views import SuccessMessageMixin
 from django.http import HttpResponseRedirect
 from django.urls import reverse_lazy
@ -26,6 +27,10 @@ class InvitationCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
    success_message = _('Successfully created Invitation')
    form_class = InvitationForm

+    def get_context_data(self, **kwargs):
+        kwargs['type'] = 'Invitation'
+        return super().get_context_data(**kwargs)
+
    def form_valid(self, form):
        obj = form.save(commit=False)
        obj.created_by = self.request.user
@ -42,4 +47,8 @@ class InvitationDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView):
    model = Invitation
    template_name = 'generic/delete.html'
    success_url = reverse_lazy('passbook_admin:invitations')
-    success_message = _('Successfully updated Invitation')
+    success_message = _('Successfully deleted Invitation')
+
+    def delete(self, request, *args, **kwargs):
+        messages.success(self.request, self.success_message)
+        return super().delete(request, *args, **kwargs)
--- a/passbook/admin/views/overview.py
+++ b/passbook/admin/views/overview.py
@ -2,7 +2,10 @@
 from django.views.generic import TemplateView

 from passbook.admin.mixins import AdminRequiredMixin
-from passbook.core.models import Application, Provider, Rule, User
+from passbook.core import __version__
+from passbook.core.celery import CELERY_APP
+from passbook.core.models import (Application, Factor, Invitation, Policy,
+                                  Provider, Source, User)


 class AdministrationOverviewView(AdminRequiredMixin, TemplateView):
@ -12,7 +15,14 @@ class AdministrationOverviewView(AdminRequiredMixin, TemplateView):

    def get_context_data(self, **kwargs):
        kwargs['application_count'] = len(Application.objects.all())
-        kwargs['rule_count'] = len(Rule.objects.all())
+        kwargs['policy_count'] = len(Policy.objects.all())
        kwargs['user_count'] = len(User.objects.all())
        kwargs['provider_count'] = len(Provider.objects.all())
+        kwargs['source_count'] = len(Source.objects.all())
+        kwargs['factor_count'] = len(Factor.objects.all())
+        kwargs['invitation_count'] = len(Invitation.objects.all())
+        kwargs['version'] = __version__
+        kwargs['worker_count'] = len(CELERY_APP.control.ping(timeout=0.5))
+        kwargs['providers_without_application'] = Provider.objects.filter(application=None)
+        kwargs['policies_without_attachment'] = len(Policy.objects.filter(policymodel__isnull=True))
        return super().get_context_data(**kwargs)
--- a/passbook/admin/views/policy.py
+++ b/passbook/admin/views/policy.py
@ -0,0 +1,111 @@
+"""passbook Policy administration"""
+from django.contrib import messages
+from django.contrib.messages.views import SuccessMessageMixin
+from django.http import Http404
+from django.urls import reverse_lazy
+from django.utils.translation import ugettext as _
+from django.views.generic import (CreateView, DeleteView, FormView, ListView,
+                                  UpdateView)
+from django.views.generic.detail import DetailView
+
+from passbook.admin.forms.policies import PolicyTestForm
+from passbook.admin.mixins import AdminRequiredMixin
+from passbook.core.models import Policy
+from passbook.core.policies import PolicyEngine
+from passbook.lib.utils.reflection import path_to_class
+
+
+class PolicyListView(AdminRequiredMixin, ListView):
+    """Show list of all policies"""
+
+    model = Policy
+    template_name = 'administration/policy/list.html'
+
+    def get_context_data(self, **kwargs):
+        kwargs['types'] = {
+            x.__name__: x._meta.verbose_name for x in Policy.__subclasses__()}
+        return super().get_context_data(**kwargs)
+
+    def get_queryset(self):
+        return super().get_queryset().order_by('order').select_subclasses()
+
+
+class PolicyCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
+    """Create new Policy"""
+
+    template_name = 'generic/create.html'
+    success_url = reverse_lazy('passbook_admin:policies')
+    success_message = _('Successfully created Policy')
+
+    def get_form_class(self):
+        policy_type = self.request.GET.get('type')
+        model = next(x for x in Policy.__subclasses__()
+                     if x.__name__ == policy_type)
+        if not model:
+            raise Http404
+        return path_to_class(model.form)
+
+
+class PolicyUpdateView(SuccessMessageMixin, AdminRequiredMixin, UpdateView):
+    """Update policy"""
+
+    model = Policy
+    template_name = 'generic/update.html'
+    success_url = reverse_lazy('passbook_admin:policies')
+    success_message = _('Successfully updated Policy')
+
+    def get_form_class(self):
+        form_class_path = self.get_object().form
+        form_class = path_to_class(form_class_path)
+        return form_class
+
+    def get_object(self, queryset=None):
+        return Policy.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
+
+
+class PolicyDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView):
+    """Delete policy"""
+
+    model = Policy
+    template_name = 'generic/delete.html'
+    success_url = reverse_lazy('passbook_admin:policies')
+    success_message = _('Successfully deleted Policy')
+
+    def get_object(self, queryset=None):
+        return Policy.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
+
+    def delete(self, request, *args, **kwargs):
+        messages.success(self.request, self.success_message)
+        return super().delete(request, *args, **kwargs)
+
+
+class PolicyTestView(AdminRequiredMixin, DetailView, FormView):
+    """View to test policy(s)"""
+
+    model = Policy
+    form_class = PolicyTestForm
+    template_name = 'administration/policy/test.html'
+    object = None
+
+    def get_object(self, queryset=None):
+        return Policy.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
+
+    def get_context_data(self, **kwargs):
+        kwargs['policy'] = self.get_object()
+        return super().get_context_data(**kwargs)
+
+    def post(self, *args, **kwargs):
+        self.object = self.get_object()
+        return super().post(*args, **kwargs)
+
+    def form_valid(self, form):
+        policy = self.get_object()
+        user = form.cleaned_data.get('user')
+        policy_engine = PolicyEngine([policy])
+        policy_engine.for_user(user).with_request(self.request).build()
+        result = policy_engine.passing
+        if result:
+            messages.success(self.request, _('User successfully passed policy.'))
+        else:
+            messages.error(self.request, _("User didn't pass policy."))
+        return self.render_to_response(self.get_context_data(form=form, result=result))
--- a/passbook/admin/views/property_mapping.py
+++ b/passbook/admin/views/property_mapping.py
@ -0,0 +1,90 @@
+"""passbook PropertyMapping administration"""
+from django.contrib import messages
+from django.contrib.messages.views import SuccessMessageMixin
+from django.http import Http404
+from django.urls import reverse_lazy
+from django.utils.translation import ugettext as _
+from django.views.generic import CreateView, DeleteView, ListView, UpdateView
+
+from passbook.admin.mixins import AdminRequiredMixin
+from passbook.core.models import PropertyMapping
+from passbook.lib.utils.reflection import path_to_class
+
+
+def all_subclasses(cls):
+    """Recursively return all subclassess of cls"""
+    return set(cls.__subclasses__()).union(
+        [s for c in cls.__subclasses__() for s in all_subclasses(c)])
+
+
+class PropertyMappingListView(AdminRequiredMixin, ListView):
+    """Show list of all property_mappings"""
+
+    model = PropertyMapping
+    template_name = 'administration/property_mapping/list.html'
+    ordering = 'name'
+
+    def get_context_data(self, **kwargs):
+        kwargs['types'] = {
+            x.__name__: x._meta.verbose_name for x in all_subclasses(PropertyMapping)}
+        return super().get_context_data(**kwargs)
+
+    def get_queryset(self):
+        return super().get_queryset().select_subclasses()
+
+
+class PropertyMappingCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
+    """Create new PropertyMapping"""
+
+    template_name = 'generic/create.html'
+    success_url = reverse_lazy('passbook_admin:property-mappings')
+    success_message = _('Successfully created Property Mapping')
+
+    def get_context_data(self, **kwargs):
+        kwargs = super().get_context_data(**kwargs)
+        property_mapping_type = self.request.GET.get('type')
+        model = next(x for x in all_subclasses(PropertyMapping)
+                     if x.__name__ == property_mapping_type)
+        kwargs['type'] = model._meta.verbose_name
+        return kwargs
+
+    def get_form_class(self):
+        property_mapping_type = self.request.GET.get('type')
+        model = next(x for x in all_subclasses(PropertyMapping)
+                     if x.__name__ == property_mapping_type)
+        if not model:
+            raise Http404
+        return path_to_class(model.form)
+
+
+class PropertyMappingUpdateView(SuccessMessageMixin, AdminRequiredMixin, UpdateView):
+    """Update property_mapping"""
+
+    model = PropertyMapping
+    template_name = 'generic/update.html'
+    success_url = reverse_lazy('passbook_admin:property-mappings')
+    success_message = _('Successfully updated Property Mapping')
+
+    def get_form_class(self):
+        form_class_path = self.get_object().form
+        form_class = path_to_class(form_class_path)
+        return form_class
+
+    def get_object(self, queryset=None):
+        return PropertyMapping.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
+
+
+class PropertyMappingDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView):
+    """Delete property_mapping"""
+
+    model = PropertyMapping
+    template_name = 'generic/delete.html'
+    success_url = reverse_lazy('passbook_admin:property-mappings')
+    success_message = _('Successfully deleted Property Mapping')
+
+    def get_object(self, queryset=None):
+        return PropertyMapping.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
+
+    def delete(self, request, *args, **kwargs):
+        messages.success(self.request, self.success_message)
+        return super().delete(request, *args, **kwargs)
--- a/passbook/admin/views/providers.py
+++ b/passbook/admin/views/providers.py
@ -1,4 +1,5 @@
 """passbook Provider administration"""
+from django.contrib import messages
 from django.contrib.messages.views import SuccessMessageMixin
 from django.http import Http404
 from django.urls import reverse_lazy
@ -28,7 +29,7 @@ class ProviderListView(AdminRequiredMixin, ListView):
 class ProviderCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
    """Create new Provider"""

-    template_name = 'generic/create_inheritance.html'
+    template_name = 'generic/create.html'
    success_url = reverse_lazy('passbook_admin:providers')
    success_message = _('Successfully created Provider')

@ -64,7 +65,11 @@ class ProviderDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView):
    model = Provider
    template_name = 'generic/delete.html'
    success_url = reverse_lazy('passbook_admin:providers')
-    success_message = _('Successfully updated Provider')
+    success_message = _('Successfully deleted Provider')

    def get_object(self, queryset=None):
        return Provider.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
+
+    def delete(self, request, *args, **kwargs):
+        messages.success(self.request, self.success_message)
+        return super().delete(request, *args, **kwargs)
--- a/passbook/admin/views/rules.py
+++ b/passbook/admin/views/rules.py
@ -1,104 +0,0 @@
-"""passbook Rule administration"""
-from django.contrib import messages
-from django.contrib.messages.views import SuccessMessageMixin
-from django.http import Http404
-from django.urls import reverse_lazy
-from django.utils.translation import ugettext as _
-from django.views.generic import (CreateView, DeleteView, FormView, ListView,
-                                  UpdateView)
-from django.views.generic.detail import DetailView
-
-from passbook.admin.forms.rule import RuleTestForm
-from passbook.admin.mixins import AdminRequiredMixin
-from passbook.core.models import Rule
-from passbook.lib.utils.reflection import path_to_class
-
-
-class RuleListView(AdminRequiredMixin, ListView):
-    """Show list of all rules"""
-
-    model = Rule
-    template_name = 'administration/rule/list.html'
-
-    def get_context_data(self, **kwargs):
-        kwargs['types'] = {
-            x.__name__: x._meta.verbose_name for x in Rule.__subclasses__()}
-        return super().get_context_data(**kwargs)
-
-    def get_queryset(self):
-        return super().get_queryset().order_by('order').select_subclasses()
-
-
-class RuleCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
-    """Create new Rule"""
-
-    template_name = 'generic/create_inheritance.html'
-    success_url = reverse_lazy('passbook_admin:rules')
-    success_message = _('Successfully created Rule')
-
-    def get_form_class(self):
-        rule_type = self.request.GET.get('type')
-        model = next(x for x in Rule.__subclasses__()
-                     if x.__name__ == rule_type)
-        if not model:
-            raise Http404
-        return path_to_class(model.form)
-
-
-class RuleUpdateView(SuccessMessageMixin, AdminRequiredMixin, UpdateView):
-    """Update rule"""
-
-    model = Rule
-    template_name = 'generic/update.html'
-    success_url = reverse_lazy('passbook_admin:rules')
-    success_message = _('Successfully updated Rule')
-
-    def get_form_class(self):
-        form_class_path = self.get_object().form
-        form_class = path_to_class(form_class_path)
-        return form_class
-
-    def get_object(self, queryset=None):
-        return Rule.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
-
-
-class RuleDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView):
-    """Delete rule"""
-
-    model = Rule
-    template_name = 'generic/delete.html'
-    success_url = reverse_lazy('passbook_admin:rules')
-    success_message = _('Successfully updated Rule')
-
-    def get_object(self, queryset=None):
-        return Rule.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
-
-
-class RuleTestView(AdminRequiredMixin, DetailView, FormView):
-    """View to test rule(s)"""
-
-    model = Rule
-    form_class = RuleTestForm
-    template_name = 'administration/rule/test.html'
-    object = None
-
-    def get_object(self, queryset=None):
-        return Rule.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
-
-    def get_context_data(self, **kwargs):
-        kwargs['rule'] = self.get_object()
-        return super().get_context_data(**kwargs)
-
-    def post(self, *args, **kwargs):
-        self.object = self.get_object()
-        return super().post(*args, **kwargs)
-
-    def form_valid(self, form):
-        rule = self.get_object()
-        user = form.cleaned_data.get('user')
-        result = rule.passes(user)
-        if result:
-            messages.success(self.request, _('User successfully passed rule.'))
-        else:
-            messages.error(self.request, _("User didn't pass rule."))
-        return self.render_to_response(self.get_context_data(form=form, result=result))
--- a/passbook/admin/views/sources.py
+++ b/passbook/admin/views/sources.py
@ -1,4 +1,5 @@
 """passbook Source administration"""
+from django.contrib import messages
 from django.contrib.messages.views import SuccessMessageMixin
 from django.http import Http404
 from django.urls import reverse_lazy
@ -33,7 +34,7 @@ class SourceListView(AdminRequiredMixin, ListView):
 class SourceCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
    """Create new Source"""

-    template_name = 'generic/create_inheritance.html'
+    template_name = 'generic/create.html'
    success_url = reverse_lazy('passbook_admin:sources')
    success_message = _('Successfully created Source')

@ -66,9 +67,13 @@ class SourceDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView):
    """Delete source"""

    model = Source
-
+    template_name = 'generic/delete.html'
    success_url = reverse_lazy('passbook_admin:sources')
-    success_message = _('Successfully updated Source')
+    success_message = _('Successfully deleted Source')

    def get_object(self, queryset=None):
        return Source.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
+
+    def delete(self, request, *args, **kwargs):
+        messages.success(self.request, self.success_message)
+        return super().delete(request, *args, **kwargs)
--- a/passbook/admin/views/users.py
+++ b/passbook/admin/views/users.py
@ -1,12 +1,15 @@
 """passbook User administration"""
+from django.contrib import messages
 from django.contrib.messages.views import SuccessMessageMixin
-from django.urls import reverse_lazy
+from django.shortcuts import get_object_or_404, redirect
+from django.urls import reverse, reverse_lazy
 from django.utils.translation import ugettext as _
+from django.views import View
 from django.views.generic import DeleteView, ListView, UpdateView

+from passbook.admin.forms.users import UserForm
 from passbook.admin.mixins import AdminRequiredMixin
-from passbook.core.forms.user import UserDetailForm
-from passbook.core.models import User
+from passbook.core.models import Nonce, User


 class UserListView(AdminRequiredMixin, ListView):
@ -20,7 +23,7 @@ class UserUpdateView(SuccessMessageMixin, AdminRequiredMixin, UpdateView):
    """Update user"""

    model = User
-    form_class = UserDetailForm
+    form_class = UserForm

    template_name = 'generic/update.html'
    success_url = reverse_lazy('passbook_admin:users')
@ -31,6 +34,24 @@ class UserDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView):
    """Delete user"""

    model = User
-
+    template_name = 'generic/delete.html'
    success_url = reverse_lazy('passbook_admin:users')
-    success_message = _('Successfully updated User')
+    success_message = _('Successfully deleted User')
+
+    def delete(self, request, *args, **kwargs):
+        messages.success(self.request, self.success_message)
+        return super().delete(request, *args, **kwargs)
+
+
+class UserPasswordResetView(AdminRequiredMixin, View):
+    """Get Password reset link for user"""
+
+    # pylint: disable=invalid-name
+    def get(self, request, pk):
+        """Create nonce for user and return link"""
+        user = get_object_or_404(User, pk=pk)
+        nonce = Nonce.objects.create(user=user)
+        link = request.build_absolute_uri(reverse(
+            'passbook_core:auth-password-reset', kwargs={'nonce': nonce.uuid}))
+        messages.success(request, _('Password reset link: <pre>%(link)s</pre>' % {'link': link}))
+        return redirect('passbook_admin:users')
--- a/passbook/api/init.py
+++ b/passbook/api/init.py
@ -1,2 +1,2 @@
 """passbook api"""
-__version__ = '0.0.1-alpha'
+__version__ = '0.1.11-beta'
--- a/passbook/api/apps.py
+++ b/passbook/api/apps.py
@ -9,3 +9,4 @@ class PassbookAPIConfig(AppConfig):
    name = 'passbook.api'
    label = 'passbook_api'
    mountpoint = 'api/'
+    verbose_name = 'passbook API'
--- a/passbook/api/requirements.txt
+++ b/passbook/api/requirements.txt
@ -0,0 +1,3 @@
+django-rest-framework
+drf_yasg
+django-filters
--- a/passbook/api/v1/openid.py
+++ b/passbook/api/v1/openid.py
@ -14,8 +14,8 @@ class OpenIDUserInfoView(ScopedResourceMixin, View):
        payload = {
            'sub': request.user.uuid.int,
            'name': request.user.get_full_name(),
-            'given_name': request.user.first_name,
-            'family_name': request.user.last_name,
+            'given_name': request.user.name,
+            'family_name': '',
            'preferred_username': request.user.username,
            'email': request.user.email,
        }
--- a/passbook/audit/init.py
+++ b/passbook/audit/init.py
@ -1,2 +1,2 @@
 """passbook audit Header"""
-__version__ = '0.0.3-alpha'
+__version__ = '0.1.11-beta'
--- a/passbook/audit/migrations/0001_initial.py
+++ b/passbook/audit/migrations/0001_initial.py
@ -1,4 +1,4 @@
-# Generated by Django 2.1.3 on 2018-11-25 10:39
+# Generated by Django 2.1.7 on 2019-02-16 09:13

 import uuid

@ -20,13 +20,32 @@ class Migration(migrations.Migration):
            name='AuditEntry',
            fields=[
                ('uuid', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False)),
-                ('action', models.TextField()),
+                ('action', models.TextField(choices=[('login', 'login'), ('login_failed', 'login_failed'), ('logout', 'logout'), ('authorize_application', 'authorize_application'), ('suspicious_request', 'suspicious_request'), ('sign_up', 'sign_up'), ('password_reset', 'password_reset'), ('invitation_created', 'invitation_created'), ('invitation_used', 'invitation_used')])),
                ('date', models.DateTimeField(auto_now_add=True)),
                ('app', models.TextField()),
+                ('_context', models.TextField()),
+                ('request_ip', models.GenericIPAddressField()),
+                ('created', models.DateTimeField(auto_now_add=True)),
                ('user', models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, to=settings.AUTH_USER_MODEL)),
            ],
            options={
-                'abstract': False,
+                'verbose_name': 'Audit Entry',
+                'verbose_name_plural': 'Audit Entries',
            },
        ),
+        migrations.CreateModel(
+            name='LoginAttempt',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('created', models.DateField(auto_now_add=True)),
+                ('last_updated', models.DateTimeField(auto_now=True)),
+                ('target_uid', models.CharField(max_length=254)),
+                ('request_ip', models.GenericIPAddressField()),
+                ('attempts', models.IntegerField(default=1)),
+            ],
+        ),
+        migrations.AlterUniqueTogether(
+            name='loginattempt',
+            unique_together={('target_uid', 'request_ip', 'created')},
+        ),
    ]
--- a/passbook/audit/migrations/0002_auto_20181210_1039.py
+++ b/passbook/audit/migrations/0002_auto_20181210_1039.py
@ -1,30 +0,0 @@
-# Generated by Django 2.1.4 on 2018-12-10 10:39
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('passbook_audit', '0001_initial'),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name='auditentry',
-            name='context',
-            field=models.TextField(default=''),
-            preserve_default=False,
-        ),
-        migrations.AddField(
-            model_name='auditentry',
-            name='request_ip',
-            field=models.GenericIPAddressField(default=''),
-            preserve_default=False,
-        ),
-        migrations.AlterField(
-            model_name='auditentry',
-            name='action',
-            field=models.TextField(choices=[('login', 'login'), ('login_failed', 'login_failed'), ('logout', 'logout'), ('authorize_application', 'authorize_application'), ('suspicious_request', 'suspicious_request'), ('sign_up', 'sign_up'), ('password_reset', 'password_reset')]),
-        ),
-    ]
--- a/passbook/audit/migrations/0002_auto_20190221_1201.py
+++ b/passbook/audit/migrations/0002_auto_20190221_1201.py
@ -0,0 +1,18 @@
+# Generated by Django 2.1.7 on 2019-02-21 12:01
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('passbook_audit', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='loginattempt',
+            name='created',
+            field=models.DateTimeField(auto_now_add=True),
+        ),
+    ]
--- a/passbook/audit/migrations/0003_auto_20181210_1213.py
+++ b/passbook/audit/migrations/0003_auto_20181210_1213.py
@ -1,27 +0,0 @@
-# Generated by Django 2.1.4 on 2018-12-10 12:13
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('passbook_audit', '0002_auto_20181210_1039'),
-    ]
-
-    operations = [
-        migrations.AlterModelOptions(
-            name='auditentry',
-            options={'verbose_name': 'Audit Entry', 'verbose_name_plural': 'Audit Entries'},
-        ),
-        migrations.RenameField(
-            model_name='auditentry',
-            old_name='context',
-            new_name='_context',
-        ),
-        migrations.AlterField(
-            model_name='auditentry',
-            name='action',
-            field=models.TextField(choices=[('login', 'login'), ('login_failed', 'login_failed'), ('logout', 'logout'), ('authorize_application', 'authorize_application'), ('suspicious_request', 'suspicious_request'), ('sign_up', 'sign_up'), ('password_reset', 'password_reset'), ('invitation_used', 'invitation_used')]),
-        ),
-    ]
--- a/passbook/audit/migrations/0003_auto_20190221_1240.py
+++ b/passbook/audit/migrations/0003_auto_20190221_1240.py
@ -0,0 +1,23 @@
+# Generated by Django 2.1.7 on 2019-02-21 12:40
+
+import django.contrib.postgres.fields.jsonb
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('passbook_audit', '0002_auto_20190221_1201'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='auditentry',
+            name='_context',
+        ),
+        migrations.AddField(
+            model_name='auditentry',
+            name='context',
+            field=django.contrib.postgres.fields.jsonb.JSONField(blank=True, default=dict),
+        ),
+    ]
--- a/passbook/audit/migrations/0004_auto_20181210_1348.py
+++ b/passbook/audit/migrations/0004_auto_20181210_1348.py
@ -1,18 +0,0 @@
-# Generated by Django 2.1.4 on 2018-12-10 13:48
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('passbook_audit', '0003_auto_20181210_1213'),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name='auditentry',
-            name='action',
-            field=models.TextField(choices=[('login', 'login'), ('login_failed', 'login_failed'), ('logout', 'logout'), ('authorize_application', 'authorize_application'), ('suspicious_request', 'suspicious_request'), ('sign_up', 'sign_up'), ('password_reset', 'password_reset'), ('invitation_created', 'invitation_created'), ('invitation_used', 'invitation_used')]),
-        ),
-    ]
--- a/passbook/audit/migrations/0004_delete_loginattempt.py
+++ b/passbook/audit/migrations/0004_delete_loginattempt.py
@ -0,0 +1,16 @@
+# Generated by Django 2.1.7 on 2019-03-08 14:53
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('passbook_audit', '0003_auto_20190221_1240'),
+    ]
+
+    operations = [
+        migrations.DeleteModel(
+            name='LoginAttempt',
+        ),
+    ]
--- a/passbook/audit/migrations/0005_auditentry_created.py
+++ b/passbook/audit/migrations/0005_auditentry_created.py
@ -1,20 +0,0 @@
-# Generated by Django 2.1.4 on 2018-12-11 15:00
-
-import django.utils.timezone
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('passbook_audit', '0004_auto_20181210_1348'),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name='auditentry',
-            name='created',
-            field=models.DateTimeField(auto_now_add=True, default=django.utils.timezone.now),
-            preserve_default=False,
-        ),
-    ]
--- a/passbook/audit/migrations/0006_auto_20181218_1252.py
+++ b/passbook/audit/migrations/0006_auto_20181218_1252.py
@ -1,28 +0,0 @@
-# Generated by Django 2.1.4 on 2018-12-18 12:52
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('passbook_audit', '0005_auditentry_created'),
-    ]
-
-    operations = [
-        migrations.CreateModel(
-            name='LoginAttempt',
-            fields=[
-                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
-                ('created', models.DateField(auto_now_add=True)),
-                ('last_updated', models.DateTimeField(auto_now=True)),
-                ('target_uid', models.CharField(max_length=254)),
-                ('request_ip', models.GenericIPAddressField()),
-                ('attempts', models.IntegerField(default=1)),
-            ],
-        ),
-        migrations.AlterUniqueTogether(
-            name='loginattempt',
-            unique_together={('target_uid', 'request_ip', 'created')},
-        ),
-    ]
--- a/passbook/audit/models.py
+++ b/passbook/audit/models.py
@ -1,22 +1,18 @@
 """passbook audit models"""
-from datetime import timedelta
-from json import dumps, loads
 from logging import getLogger

 from django.conf import settings
 from django.contrib.auth.models import AnonymousUser
+from django.contrib.postgres.fields import JSONField
 from django.core.exceptions import ValidationError
 from django.db import models
-from django.utils import timezone
 from django.utils.translation import gettext as _
 from ipware import get_client_ip
-from reversion import register

-from passbook.lib.models import CreatedUpdatedModel, UUIDModel
+from passbook.lib.models import UUIDModel

 LOGGER = getLogger(__name__)

-@register()
 class AuditEntry(UUIDModel):
    """An individual audit log entry"""

@ -45,23 +41,18 @@ class AuditEntry(UUIDModel):
    action = models.TextField(choices=ACTIONS)
    date = models.DateTimeField(auto_now_add=True)
    app = models.TextField()
-    _context = models.TextField()
-    _context_cache = None
+    context = JSONField(default=dict, blank=True)
    request_ip = models.GenericIPAddressField()
    created = models.DateTimeField(auto_now_add=True)

-    @property
-    def context(self):
-        """Load context data and load json"""
-        if not self._context_cache:
-            self._context_cache = loads(self._context)
-        return self._context_cache
-
    @staticmethod
    def create(action, request, **kwargs):
        """Create AuditEntry from arguments"""
        client_ip, _ = get_client_ip(request)
-        user = request.user
+        if not hasattr(request, 'user'):
+            user = None
+        else:
+            user = request.user
        if isinstance(user, AnonymousUser):
            user = kwargs.get('user', None)
        entry = AuditEntry.objects.create(
@ -69,8 +60,8 @@ class AuditEntry(UUIDModel):
            user=user,
            # User 255.255.255.255 as fallback if IP cannot be determined
            request_ip=client_ip or '255.255.255.255',
-            _context=dumps(kwargs))
-        LOGGER.debug("Logged %s from %s (%s)", action, request.user, client_ip)
+            context=kwargs)
+        LOGGER.debug("Logged %s from %s (%s)", action, user, client_ip)
        return entry

    def save(self, *args, **kwargs):
@ -82,41 +73,3 @@ class AuditEntry(UUIDModel):

        verbose_name = _('Audit Entry')
        verbose_name_plural = _('Audit Entries')
-
-
-class LoginAttempt(CreatedUpdatedModel):
-    """Track failed login-attempts"""
-
-    target_uid = models.CharField(max_length=254)
-    request_ip = models.GenericIPAddressField()
-    attempts = models.IntegerField(default=1)
-
-    @staticmethod
-    def attempt(target_uid, request):
-        """Helper function to create attempt or count up existing one"""
-        client_ip, _ = get_client_ip(request)
-        # Since we can only use 254 chars for target_uid, truncate target_uid.
-        target_uid = target_uid[:254]
-        time_threshold = timezone.now() - timedelta(minutes=10)
-        existing_attempts = LoginAttempt.objects.filter(
-            target_uid=target_uid,
-            request_ip=client_ip,
-            last_updated__gt=time_threshold).order_by('created')
-        if existing_attempts.exists():
-            attempt = existing_attempts.first()
-            attempt.attempts += 1
-            attempt.save()
-            LOGGER.debug("Increased attempts on %s", attempt)
-        else:
-            attempt = LoginAttempt.objects.create(
-                target_uid=target_uid,
-                request_ip=client_ip)
-            LOGGER.debug("Created new attempt %s", attempt)
-
-    def __str__(self):
-        return "LoginAttempt to %s from %s (x%d)" % (self.target_uid,
-                                                     self.request_ip, self.attempts)
-
-    class Meta:
-
-        unique_together = (('target_uid', 'request_ip', 'created'),)
--- a/passbook/audit/requirements.txt
+++ b/passbook/audit/requirements.txt
@ -1 +0,0 @@
-django-ipware
--- a/passbook/audit/signals.py
+++ b/passbook/audit/signals.py
@ -1,9 +1,8 @@
 """passbook audit signal listener"""
-from django.contrib.auth.signals import (user_logged_in, user_logged_out,
-                                         user_login_failed)
+from django.contrib.auth.signals import user_logged_in, user_logged_out
 from django.dispatch import receiver

-from passbook.audit.models import AuditEntry, LoginAttempt
+from passbook.audit.models import AuditEntry
 from passbook.core.signals import (invitation_created, invitation_used,
                                   user_signed_up)

@ -34,8 +33,3 @@ def on_invitation_used(sender, request, invitation, **kwargs):
    """Log Invitation usage"""
    AuditEntry.create(AuditEntry.ACTION_INVITE_USED, request,
                      invitation_uuid=invitation.uuid.hex)
-
-@receiver(user_login_failed)
-def on_user_login_failed(sender, request, credentials, **kwargs):
-    """Log failed login attempt"""
-    LoginAttempt.attempt(target_uid=credentials.get('username'), request=request)
--- a/passbook/captcha_factor/init.py
+++ b/passbook/captcha_factor/init.py
@ -1,2 +1,2 @@
 """passbook captcha_factor Header"""
-__version__ = '0.0.3-alpha'
+__version__ = '0.1.11-beta'
--- a/passbook/captcha_factor/factor.py
+++ b/passbook/captcha_factor/factor.py
@ -13,3 +13,10 @@ class CaptchaFactor(FormView, AuthenticationFactor):

    def form_valid(self, form):
        return self.authenticator.user_ok()
+
+    def get_form(self, form_class=None):
+        form = CaptchaForm(**self.get_form_kwargs())
+        form.fields['captcha'].public_key = '6Lfi1w8TAAAAAELH-YiWp0OFItmMzvjGmw2xkvUN'
+        form.fields['captcha'].private_key = '6Lfi1w8TAAAAAMQI3f86tGMvd1QkcqqVQyBWI23D'
+        form.fields['captcha'].widget.attrs["data-sitekey"] = form.fields['captcha'].public_key
+        return form
--- a/passbook/captcha_factor/forms.py
+++ b/passbook/captcha_factor/forms.py
@ -2,8 +2,25 @@
 from captcha.fields import ReCaptchaField
 from django import forms

+from passbook.captcha_factor.models import CaptchaFactor
+from passbook.core.forms.factors import GENERAL_FIELDS
+

 class CaptchaForm(forms.Form):
    """passbook captcha factor form"""

    captcha = ReCaptchaField()
+
+class CaptchaFactorForm(forms.ModelForm):
+    """Form to edit CaptchaFactor Instance"""
+
+    class Meta:
+
+        model = CaptchaFactor
+        fields = GENERAL_FIELDS + ['public_key', 'private_key']
+        widgets = {
+            'name': forms.TextInput(),
+            'order': forms.NumberInput(),
+            'public_key': forms.TextInput(),
+            'private_key': forms.TextInput(),
+        }
--- a/passbook/captcha_factor/migrations/0001_initial.py
+++ b/passbook/captcha_factor/migrations/0001_initial.py
@ -0,0 +1,29 @@
+# Generated by Django 2.1.7 on 2019-02-24 21:35
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        ('passbook_core', '0010_auto_20190224_1016'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='CaptchaFactor',
+            fields=[
+                ('factor_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.Factor')),
+                ('public_key', models.TextField()),
+                ('private_key', models.TextField()),
+            ],
+            options={
+                'verbose_name': 'Captcha Factor',
+                'verbose_name_plural': 'Captcha Factors',
+            },
+            bases=('passbook_core.factor',),
+        ),
+    ]
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Jens Langhammer	ad8125ac1c	bump version: 0.1.10-beta -> 0.1.11-beta	2019-03-10 19:56:30 +01:00
Jens Langhammer	b42a551fb2	prepare 0.1.11	2019-03-10 19:56:27 +01:00
Jens Langhammer	3256be23df	Merge branch '23-groups' into 'master' Resolve "Group Management" Closes #23 See merge request BeryJu.org/passbook!9	2019-03-10 18:49:01 +00:00
Jens Langhammer	f7c0c0146a	add LDAP Group Membership Policy	2019-03-10 19:45:16 +01:00
Jens Langhammer	e4baf8c21e	Add Group Member policy	2019-03-10 19:32:18 +01:00
Jens Langhammer	364f040b36	always use FilteredSelectMultiple for many-to-many fields	2019-03-10 18:34:09 +01:00
Jens Langhammer	2b8c2b2346	use Django's Admin FilteredSelectMultiple for Group Membership	2019-03-10 18:06:06 +01:00
Jens Langhammer	5f861189e4	Merge branch 'master' into 23-groups # Conflicts: # passbook/admin/templates/administration/base.html	2019-03-10 17:13:29 +01:00
Jens Langhammer	5e11b6687e	automatically deploy after release	2019-03-10 17:08:33 +01:00
Jens Langhammer	c4b429825d	fix helm labels being on deployments and not pods	2019-03-10 16:39:41 +01:00
Jens Langhammer	eebbae0677	bump version: 0.1.9-beta -> 0.1.10-beta	2019-03-10 15:54:50 +01:00
Jens Langhammer	42b30f4507	prepare 0.1.10 release	2019-03-10 15:53:38 +01:00
Jens Langhammer	0e425418df	better show loading state when testing a policy	2019-03-10 15:46:49 +01:00
Jens Langhammer	7fe0300b86	Fix button on policy test page	2019-03-10 15:36:49 +01:00
Jens Langhammer	c012c6be5c	fix k8s service routing http traffic to workers	2019-03-10 15:34:24 +01:00
Jens Langhammer	a5dc193cfd	bump version: 0.1.8-beta -> 0.1.9-beta	2019-03-10 12:17:48 +01:00
Jens Langhammer	7507ad2620	Merge branch '24-impersonate' into 'master' Resolve "Impersonate user" Closes #24 See merge request BeryJu.org/passbook!11	2019-03-10 01:47:29 +00:00
Jens Langhammer	f1291fec8d	add impersonation middleware, add to templates	2019-03-10 02:41:31 +01:00
Jens Langhammer	37aeeea239	slightly refactor Factor View, add more unittests	2019-03-10 02:08:09 +01:00
Jens Langhammer	0fa1fc86da	add more Verbosity to PolicyEngine, rewrite SAML Authorisation check	2019-03-10 02:07:48 +01:00
Jens Langhammer	c3034ab9ac	consistently using PolicyEngine	2019-03-10 02:07:18 +01:00
Jens Langhammer	76694e037a	bump version: 0.1.7-beta -> 0.1.8-beta	2019-03-08 21:43:35 +01:00
Jens Langhammer	787db41cc3	prepare for 0.1.7	2019-03-08 21:43:33 +01:00
Jens Langhammer	74da3df7cd	bump version: 0.1.6-beta -> 0.1.7-beta	2019-03-08 21:37:59 +01:00
Jens Langhammer	a6e435bd70	prepare debian changelog for 0.1.6	2019-03-08 21:37:55 +01:00
Jens Langhammer	c313b496aa	Improve access control for saml	2019-03-08 21:30:16 +01:00
Jens Langhammer	a7eaa74191	fix MATCH_EXACT not working as intended	2019-03-08 21:20:38 +01:00
Jens Langhammer	11ecdc4fcf	bump version: 0.1.5-beta -> 0.1.6-beta	2019-03-08 20:39:27 +01:00
Jens Langhammer	2f7781b67a	fix captcha factor not loading keys from Factor class	2019-03-08 20:08:28 +01:00
Jens Langhammer	296d4f691a	add passing property to PolicyEngine	2019-03-08 19:49:53 +01:00
Jens Langhammer	64033031b1	remove audit's login attempt	2019-03-08 19:45:50 +01:00
Jens Langhammer	9daff7608d	fix password not getting set on user import	2019-03-08 19:45:41 +01:00
Jens Langhammer	0a4af80b9b	fix static files missing for debian package	2019-03-08 16:41:52 +01:00
Jens Langhammer	a54adb05c4	bump version: 0.1.4-beta -> 0.1.5-beta	2019-03-08 16:03:52 +01:00
Jens Langhammer	43a389e596	Merge branch '22-custom-property-mapping' into 'master' Resolve "Custom Property Mapping" Closes #22 See merge request BeryJu.org/passbook!8	2019-03-08 15:03:08 +00:00
Jens Langhammer	2d7e8f1b50	add group administration	2019-03-08 15:49:45 +01:00
Jens Langhammer	cf11f6b121	format data before inserting it	2019-03-08 15:16:25 +01:00
Jens Langhammer	6dcdf7bcce	add custom DynamicArrayField to better handle arrays	2019-03-08 15:11:01 +01:00
Jens Langhammer	56d872af15	add PropertyMapping Model, add Subclass for SAML, test with AWS	2019-03-08 12:47:50 +01:00
Jens Langhammer	ca663d16fc	fix debian build (again)	2019-03-07 20:58:18 +01:00
Jens Langhammer	e05c18b19b	implicitly add kubernetes-healthcheck-host in helm configmap	2019-03-07 17:11:55 +01:00
Jens Langhammer	a7b86e46bc	bump version: 0.1.3-beta -> 0.1.4-beta	2019-03-07 16:24:09 +01:00
Jens Langhammer	84f56674c2	prepare 0.1.4	2019-03-07 16:24:07 +01:00
Jens Langhammer	02ab177c6d	install python3-venv for debian build	2019-03-07 16:23:42 +01:00
Jens Langhammer	1232c487e9	bump version: 0.1.2-beta -> 0.1.3-beta	2019-03-07 16:13:05 +01:00
Jens Langhammer	ef0a2bfbe8	Merge branch '11-debian-packaging' into 'master' add debian package files Closes #11 See merge request BeryJu.org/passbook!7	2019-03-07 15:06:33 +00:00
Jens Langhammer	05242a11ad	add debian package files	2019-03-07 16:01:31 +01:00
Jens Langhammer	4593ad7bcc	load AWS processor by default on helm	2019-03-07 14:49:06 +01:00
Jens Langhammer	d7fd5a7fa6	Fix redis dependency being too old	2019-03-07 14:39:00 +01:00
Jens Langhammer	4439378fd4	bump version: 0.1.1-beta -> 0.1.2-beta	2019-03-07 14:14:51 +01:00
Jens Langhammer	acf65eafdd	make naming of Providers more consistent	2019-03-07 14:14:49 +01:00
Jens Langhammer	c2ebff55ef	fix IDP-initiated login not working	2019-03-07 14:10:06 +01:00
Jens Langhammer	99c82676b6	Add some more failsafe for administration	2019-03-07 14:09:52 +01:00
Jens Langhammer	4991e9b825	Merge branch '1-suspicious-request' into 'master' fix broken E-Mail templatetag Closes #1 See merge request BeryJu.org/passbook!5	2019-03-03 20:18:23 +00:00
Jens Langhammer	612f95c3ba	fix broken E-Mail templatetag	2019-03-03 21:05:17 +01:00
Jens Langhammer	cd91d5ca15	Merge branch '1-suspicious-request' into 'master' Resolve "Suspicious request detector (many invalid logins from one IP, many attempts on one username, etc)" Closes #1 See merge request BeryJu.org/passbook!3	2019-03-03 20:04:56 +00:00
Jens Langhammer	cbbbb5dc08	Merge branch '20-sentry' into 'master' Resolve "Sentry Error Tracking" Closes #20 See merge request BeryJu.org/passbook!4	2019-03-03 19:58:18 +00:00
Jens Langhammer	c1640b9411	fix prospector/isort errors	2019-03-03 20:54:23 +01:00
Jens Langhammer	a4842c1f95	add sentry configuration	2019-03-03 20:48:31 +01:00
Jens Langhammer	a4707ddc54	fix failing unittests	2019-03-03 20:34:00 +01:00
Jens Langhammer	fb82d56307	create suspicious request detector and policy, add request to policy engine	2019-03-03 20:26:25 +01:00
Jens Langhammer	1a1005f80d	remove audit's LoginAttempt	2019-03-03 20:13:54 +01:00
Jens Langhammer	e86cae6cac	Merge branch '18-password-expiry' into 'master' Resolve "Password Expiry" Closes #18 See merge request BeryJu.org/passbook!2	2019-03-03 16:53:31 +00:00
Jens Langhammer	0b282f45e0	fix pylint messages	2019-03-03 17:45:20 +01:00
Jens Langhammer	791e88ffc1	Fix negate on FieldMatcherPolicy	2019-03-03 17:21:58 +01:00
Jens Langhammer	7bd3c4bccf	Better handle Policy.action and Policy.negate	2019-03-03 17:12:53 +01:00
Jens Langhammer	722e2e4050	Show warning when un-attached policies exist	2019-03-03 17:12:35 +01:00
Jens Langhammer	c7fc444c95	add password policy	2019-03-03 17:12:05 +01:00
Jens Langhammer	20ad062814	Log SAML Authorization actions	2019-03-03 00:34:34 +01:00
Jens Langhammer	fcb5d36e07	cleanup SAML urls	2019-03-03 00:07:40 +01:00
Jens Langhammer	9b131b619f	Show warning message when no Factor exists	2019-03-02 23:54:40 +01:00
Jens Langhammer	54427f7c68	use HTML5 autocomplete values to better handle password managers	2019-03-02 23:19:58 +01:00
Jens Langhammer	35eef9c28d	improve worker warning	2019-03-02 22:41:25 +01:00
Jens Langhammer	e88a82553d	use separate Form for Admin user editing (allow is_staff and is_active)	2019-03-02 22:41:14 +01:00
Jens Langhammer	01a9520140	add import_users script to import users from CSV with already hashed passwords	2019-03-02 22:40:47 +01:00
Jens Langhammer	46667615c3	switch releases to beta	2019-02-27 17:47:41 +01:00
Jens Langhammer	c6721a83a4	bump version: 0.1.1-alpha -> 0.1.1-beta	2019-02-27 17:45:10 +01:00
Jens Langhammer	46866e8ef0	bump version: 0.1.0-beta -> 0.1.1-alpha	2019-02-27 17:43:28 +01:00
Jens Langhammer	4a49681127	Fix docker build failing	2019-02-27 17:43:24 +01:00
Jens Langhammer	4c3fced4e9	bump version: 0.1.0-alpha -> 0.1.0-beta	2019-02-27 16:45:52 +01:00
Jens Langhammer	172347d90f	bump version: 0.0.13-alpha -> 0.1.0-alpha	2019-02-27 16:42:52 +01:00
Jens Langhammer	f54520b5cf	bump version: 0.0.12-alpha -> 0.0.13-alpha	2019-02-27 16:06:28 +01:00
Jens Langhammer	d7c4697625	Only use one create template, get title from Form's Model	2019-02-27 16:06:20 +01:00
Jens Langhammer	5584f5bda8	switch to PolicyEngine everywhere	2019-02-27 15:49:20 +01:00
Jens Langhammer	2ce6f5a714	improve error display on forms	2019-02-27 15:49:05 +01:00
Jens Langhammer	c66945623a	Improve admin interface more (back links, better headlines)	2019-02-27 15:48:33 +01:00
Jens Langhammer	cbae05c74c	show more useful information on admin overview	2019-02-27 15:45:42 +01:00
Jens Langhammer	5b771da972	switch from first_name and last_name to name	2019-02-27 15:09:05 +01:00
Jens Langhammer	2db1738e4a	make Admin UI more consistent, better show when provider has no application assigned	2019-02-27 14:47:11 +01:00
Jens Langhammer	95de6a14fd	bump version: 0.0.11-alpha -> 0.0.12-alpha	2019-02-27 13:18:28 +01:00
Jens Langhammer	17132ebc19	Verify OAuth Username vuln and fix closes #9	2019-02-27 13:18:16 +01:00
Jens Langhammer	289be46388	fix SAML Views not having LoginRequiredMixin	2019-02-27 12:36:18 +01:00
Jens Langhammer	6c300b7b31	autofocus password field	2019-02-27 12:35:57 +01:00
Jens Langhammer	b726583084	Keep GET parameters throughout entire login process	2019-02-27 12:35:48 +01:00
Jens Langhammer	48055d1cfd	fix CSRF Bug in SAML	2019-02-27 11:20:52 +01:00
Jens Langhammer	436070f5bd	fix redis connection issues in k8s	2019-02-27 09:59:01 +01:00
Jens Langhammer	3ee79818db	explicit version in helm values	2019-02-27 09:33:26 +01:00
Jens Langhammer	e7a02104db	fix display on mobile	2019-02-27 09:33:12 +01:00
Jens Langhammer	556740d7bc	add PasswordPolicyForm back in	2019-02-26 15:41:11 +01:00
Jens Langhammer	421f51770c	implement password policy checking on signup and password change closes #8	2019-02-26 15:40:58 +01:00
Jens Langhammer	96f7e70f9e	enable always_eager when unittesting	2019-02-26 14:24:50 +01:00
Jens Langhammer	ad96f7dbb8	add E-Mail support via celery task, untested, closes #17	2019-02-26 14:10:53 +01:00
Jens Langhammer	e7fb48eba2	bump version: 0.0.10-alpha -> 0.0.11-alpha	2019-02-26 13:06:26 +01:00
Jens Langhammer	b19b5b644d	remove hardcoded passwords	2019-02-26 13:06:22 +01:00
Jens Langhammer	250b6691d4	bump version: 0.0.9-alpha -> 0.0.10-alpha	2019-02-26 12:44:02 +01:00
Jens Langhammer	e3b02a6e78	fix isort/pylint issues	2019-02-26 12:43:59 +01:00
Jens Langhammer	e94ef34d8f	bump version: 0.0.8-alpha -> 0.0.9-alpha	2019-02-26 12:35:28 +01:00
Jens Langhammer	49e945307a	Re-enable OTP Disable View	2019-02-26 12:35:24 +01:00
Jens Langhammer	edfe0e5450	fix broken Docker build and helm package	2019-02-26 12:34:51 +01:00
Jens Langhammer	06b65a7882	add unittests, woo	2019-02-26 10:57:05 +01:00
Jens Langhammer	ff9bc8aa70	Automatically create PasswordFactor on initial setup closes #16	2019-02-26 09:54:51 +01:00
Jens Langhammer	28da67abe6	Improve partially broken Delete Views, show success message on deletion	2019-02-26 09:49:42 +01:00
Jens Langhammer	39d9fe9bf0	add passbook.pretend to use passbook in applications which don't support generic OAuth	2019-02-26 09:10:37 +01:00
Jens Langhammer	750117b0fd	Cleanup templates, handle OAuth Provider without application better	2019-02-26 09:09:19 +01:00
Jens Langhammer	983462f80d	user/ -> _/user/ to prevent duplicate URLs	2019-02-26 09:08:49 +01:00
Jens Langhammer	4ae31d409b	directly use paths instead of including oauth2_provider's	2019-02-26 09:08:22 +01:00
Jens Langhammer	98b414f3e2	add SignUp Confirmation (required by default, can be disabled in invitations) closes #6	2019-02-25 21:03:24 +01:00
Jens Langhammer	a0d42092e3	add Nonce (one-time links), add password reset function (missing e-mail verification), closes #7	2019-02-25 20:46:23 +01:00
Jens Langhammer	f2569b6424	improve placeholder on login template	2019-02-25 19:43:33 +01:00
Jens Langhammer	9d344d887c	add more information to administrator Overview	2019-02-25 17:52:51 +01:00
Jens Langhammer	7e9154a0ea	bump version: 0.0.7-alpha -> 0.0.8-alpha	2019-02-25 17:39:39 +01:00
Jens Langhammer	e0ef061771	fix pylint errors....	2019-02-25 17:32:52 +01:00
Jens Langhammer	b8694a7ade	fix bandit error (SHA1 has to be used)	2019-02-25 17:23:42 +01:00
Jens Langhammer	10d6a30f2c	add experimental HaveIBeenPwned Password Policy	2019-02-25 17:21:56 +01:00
Jens Langhammer	8c94aef6d0	add stub test so coverage doesn't crash	2019-02-25 17:21:06 +01:00
Jens Langhammer	19bd3bfffb	fix allauth imports	2019-02-25 17:20:53 +01:00
Jens Langhammer	8611ac624c	Make links on admin overview site actually useful	2019-02-25 17:11:52 +01:00
Jens Langhammer	fa93b59a8c	switch to toast notifications everywhere	2019-02-25 16:41:53 +01:00
Jens Langhammer	8b66b40f0d	move forgot password to PasswordFactor	2019-02-25 16:41:33 +01:00
Jens Langhammer	c2756f15fc	Correctly display action on Create/Update templates	2019-02-25 16:40:46 +01:00
Jens Langhammer	408e205c5f	add signal for password change, add field for password policies	2019-02-25 15:41:36 +01:00
Jens Langhammer	5f3ab49535	fix bug when Empty username is given to LoginAttempt.attempt	2019-02-25 14:10:29 +01:00
Jens Langhammer	33431ae013	improve OAuth Source Setup process, fix login template, closes #3	2019-02-25 14:10:10 +01:00
Jens Langhammer	b40ac6dc5d	more Icons cause everyone loves icons	2019-02-25 13:31:11 +01:00
Jens Langhammer	fec9b5cf94	bump version: 0.0.6-alpha -> 0.0.7-alpha	2019-02-25 13:20:12 +01:00
Jens Langhammer	986fed3e7c	add hook for Factors to show user settings. closes #5	2019-02-25 13:20:07 +01:00
Jens Langhammer	da5568b571	cleanup, fix Permission Denied when Cancelling login, fix display of messages on login template	2019-02-25 13:02:50 +01:00
Jens Langhammer	07f5dce97a	remove todo file	2019-02-25 12:31:27 +01:00
Jens Langhammer	bb81bb5a8d	totp => otp, integrate with factors, new setup form	2019-02-25 12:29:40 +01:00
Jens Langhammer	9c2cfd7db4	use Inheritance for Factors instead of JSONField	2019-02-24 22:39:09 +01:00
Jens Langhammer	292fbecca0	add password change view	2019-02-23 20:56:41 +01:00
Jens Langhammer	e5a405bf43	Register applications with Branded name for UI Dropdown	2019-02-23 20:42:14 +01:00
Jens Langhammer	66c0fc9d9a	Move factor base template to form_with_user	2019-02-23 20:41:43 +01:00
Jens Langhammer	5fa8711bfa	change hostname to localhost for k8s CI	2019-02-21 17:04:46 +01:00
Jens Langhammer	dd9cd7aa0c	automatically fill slug field while typing	2019-02-21 17:01:12 +01:00
Jens Langhammer	8bc8765035	use postgres service for CI	2019-02-21 16:50:36 +01:00
Jens Langhammer	b7ac4f1dd2	add psycopg2 as dependency	2019-02-21 16:30:56 +01:00
Jens Langhammer	183308e444	fix Contains not working correctly	2019-02-21 16:21:45 +01:00
Jens Langhammer	c941107d42	Rules -> Policies, more things	2019-02-21 16:06:57 +01:00
Jens Langhammer	d3d75737ed	switch to drf_yasg	2019-02-21 16:05:59 +01:00
Jens Langhammer	458decfbb3	add prospector config	2019-02-21 16:00:39 +01:00
Jens Langhammer	7601351f51	add help texts to explain naming	2019-02-16 11:25:53 +01:00
Jens Langhammer	df45797b4a	fix inconsistent naming again	2019-02-16 11:13:00 +01:00
Jens Langhammer	744a320731	fix inconsistent naming	2019-02-16 10:59:23 +01:00
Jens Langhammer	89722336e3	fix duplicate Class naming	2019-02-16 10:54:15 +01:00
Jens Langhammer	d6f4832e90	Rule -> Policies	2019-02-16 10:24:31 +01:00
Jens Langhammer	d32699b332	remove reversion	2019-02-16 09:53:32 +01:00
Jens Langhammer	59a15c988f	Move Factor instances to database	2019-02-16 09:52:37 +01:00
Jens Langhammer	57e5996513	Fix Docker Image having messed up static files	2019-02-14 16:31:40 +01:00
Jens Langhammer	6649eb401e	bump version: 0.0.5-alpha -> 0.0.6-alpha	2019-02-13 16:41:59 +01:00
Jens Langhammer	b657d7319d	fix failing docker build and failing helm packaging	2019-02-13 16:41:51 +01:00
Jens Langhammer	a9d29067bf	bump version: 0.0.4-alpha -> 0.0.5-alpha	2019-02-11 18:01:45 +01:00
Jens Langhammer	b7791f3b9a	use build image in docker to generate static files	2019-02-11 18:01:29 +01:00
Jens Langhammer	9161a6e41d	initialize helm properly, include built static files	2019-02-11 17:58:25 +01:00
Jens Langhammer	b4cb157257	bump version: 0.0.3-alpha -> 0.0.4-alpha	2019-02-11 17:44:42 +01:00
Jens Langhammer	d9ccbdd962	fix bumpversion typo	2019-02-11 17:44:40 +01:00
Jens Langhammer	d5ab20ee12	fix coverage failing	2019-02-11 17:36:36 +01:00
Jens Langhammer	0e73702fca	add PasswordPolicyRule (not used yet)	2019-02-10 20:09:47 +01:00
Jens Langhammer	58ebd15ada	fix mismatched Version numbers and missing verbose_names	2019-02-10 20:08:29 +01:00