bump version: 0.1.31-beta -> 0.1.32-beta

Resolve "Guardian"

Closes #37

See merge request BeryJu.org/passbook!23

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.0.6-alpha
+current_version = 0.1.32-beta
 tag = True
 commit = True
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-(?P<release>.*)
@@ -9,11 +9,18 @@ tag_name = version/{new_version}
 
 [bumpversion:part:release]
 optional_value = stable
+first_value = beta
 values = 
 	alpha
 	beta
 	stable
 
+[bumpversion:file:client-packages/allauth/setup.py]
+
+[bumpversion:file:client-packages/sentry-auth-passbook/setup.py]
+
+[bumpversion:file:helm/passbook/values.yaml]
+
 [bumpversion:file:helm/passbook/Chart.yaml]
 
 [bumpversion:file:.gitlab-ci.yml]
@@ -34,11 +41,19 @@ values =
 
 [bumpversion:file:passbook/lib/__init__.py]
 
+[bumpversion:file:passbook/hibp_policy/__init__.py]
+
+[bumpversion:file:passbook/password_expiry_policy/__init__.py]
+
 [bumpversion:file:passbook/saml_idp/__init__.py]
 
 [bumpversion:file:passbook/audit/__init__.py]
 
 [bumpversion:file:passbook/oauth_provider/__init__.py]
 
-[bumpversion:file:passbook/totp/__init__.py]
+[bumpversion:file:passbook/otp/__init__.py]
+
+[bumpversion:file:passbook/app_gw/__init__.py]
+
+[bumpversion:file:passbook/suspicious_policy/__init__.py]
 

.dockerignore

@@ -1,3 +1,4 @@
 env
 helm
 passbook-ui
+static

.gitignore

@@ -189,5 +189,5 @@ pyvenv.cfg
 pip-selfcheck.json
 
 # End of https://www.gitignore.io/api/python,django
-static/
+/static/
 local.env.yml

.gitlab-ci.yml

@@ -1,114 +1,126 @@
 # Global Variables
 before_script:
-  - "python3 -m pip install -U virtualenv"
-  - "virtualenv env"
-  - "source env/bin/activate"
-  - "pip3 install -U -r requirements-dev.txt"
+    - "python3 -m pip install -U virtualenv"
+    - "virtualenv env"
+    - "source env/bin/activate"
+    - "pip3 install -U -r requirements-dev.txt"
 stages:
-  - test
-  - build
-  - docs
-image: python:3.5
+    - test
+    - build
+    - docs
+    - deploy
+image: python:3.6
+services:
+    - postgres:latest
+    - redis:latest
+
+variables:
+    POSTGRES_DB: passbook
+    POSTGRES_USER: passbook
+    POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77"
 
 include:
-  - /allauth/.gitlab-ci.yml
+    - /client-packages/allauth/.gitlab-ci.yml
 
 isort:
-  script:
-    - isort -c -sg env
-  stage: test
+    script:
+        - isort -c -sg env
+    stage: test
 migrations:
-  script:
-    - python manage.py migrate
-  stage: test
+    script:
+        - python manage.py migrate
+    stage: test
 prospector:
-  script:
-    - prospector
-  stage: test
+    script:
+        - prospector
+    stage: test
 pylint:
-  script:
-    - pylint passbook
-  stage: test
+    script:
+        - pylint passbook
+    stage: test
 coverage:
-  script:
-    - coverage run manage.py test
-    - coverage report
-  stage: test
+    script:
+        - python manage.py collectstatic --no-input
+        - coverage run manage.py test
+        - coverage report
+    stage: test
 bandit:
-  script:
-    - bandit -r passbook
-  stage: test
+    script:
+        - bandit -r passbook
+    stage: test
 
 package-docker:
-  image:
-    name: gcr.io/kaniko-project/executor:debug
-    entrypoint: [""]
-  before_script:
-    - echo "{\"auths\":{\"https://docker.$NEXUS_URL/\":{\"username\":\"$NEXUS_USER\",\"password\":\"$NEXUS_PASS\"}}}" > /kaniko/.docker/config.json
-  script:
-    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination docker.pkg.beryju.org/passbook:latest --destination docker.pkg.beryju.org/passbook:0.0.6-alpha
-  stage: build
-  only:
-    - tags
-    - /^version/.*$/
+    image:
+        name: gcr.io/kaniko-project/executor:debug
+        entrypoint: [""]
+    before_script:
+        - echo "{\"auths\":{\"docker.$NEXUS_URL\":{\"auth\":\"$NEXUS_AUTH\"}}}" > /kaniko/.docker/config.json
+    script:
+        - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination docker.pkg.beryju.org/passbook:latest --destination docker.pkg.beryju.org/passbook:0.1.32-beta
+    stage: build
+    only:
+        - tags
+        - /^version/.*$/
 package-helm:
-  stage: build
-  script:
-    - curl https://raw.githubusercontent.com/helm/helm/master/scripts/get | bash
-    - helm init --client-only
-    - helm package helm/passbook
-    - ./manage.py nexus_upload --method put --url $NEXUS_URL --user $NEXUS_USER --password $NEXUS_PASS --repo helm *.tgz
-  only:
-    - tags
-    - /^version/.*$/
-# package-3.5:
-#   before_script:
-#     - apt update
-#     - apt install -y build-essential debhelper devscripts equivs python3 python3-pip
-#     - cp debian/control-3.5 debian/control
-#     - mk-build-deps debian/control
-#     - apt install ./*build-deps*deb -f -y
-#     - "python3 -m pip install -U virtualenv"
-#     - "virtualenv env"
-#     - "source env/bin/activate"
-#     - "pip3 install -U -r requirements.txt -r requirements-dev.txt"
-#   image: debian
-#   script:
-#     - debuild -us -uc
-#     - cp ../passbook*.deb .
-#     - python manage.py nexus_upload
-#   artifacts:
-#     paths:
-#     - passbook-python3.5*deb
-#     expire_in: 2 days
-#   stage: build
-#   only:
-#   - tags
-#   - /^debian/.*$/
-# package-3.6:
-#   before_script:
-#     - apt update
-#     - apt install -y build-essential debhelper devscripts equivs python3 python3-pip
-#     - cp debian/control-3.6 debian/control
-#     - mk-build-deps debian/control
-#     - apt install ./*build-deps*deb -f -y
-#     - "python3 -m pip install -U virtualenv"
-#     - "virtualenv env"
-#     - "source env/bin/activate"
-#     - "pip3 install -U -r requirements.txt -r requirements-dev.txt"
-#   image: debian:buster
-#   script:
-#     - debuild -us -uc
-#     - cp ../passbook*.deb .
-#     - python manage.py nexus_upload
-#   artifacts:
-#     paths:
-#     - passbook-python3.6*deb
-#     expire_in: 2 days
-#   stage: build
-#   only:
-#     - tags
-#     - /^debian/.*$r
+    stage: build
+    script:
+        - curl https://raw.githubusercontent.com/helm/helm/master/scripts/get | bash
+        - helm init --client-only
+        - helm package helm/passbook
+        - ./manage.py nexus_upload --method put --url $NEXUS_URL --auth $NEXUS_AUTH --repo helm *.tgz
+    only:
+        - tags
+        - /^version/.*$/
+package-debian:
+    before_script:
+        - apt update
+        - apt install -y --no-install-recommends build-essential debhelper devscripts equivs python3 python3-dev python3-pip libsasl2-dev libldap2-dev
+        - mk-build-deps debian/control
+        - apt install ./*build-deps*deb -f -y
+        - python3 -m pip install -U virtualenv pip
+        - virtualenv env
+        - source env/bin/activate
+        - pip3 install -U -r requirements.txt -r requirements-dev.txt
+        - ./manage.py collectstatic --no-input
+    image: ubuntu:18.04
+    script:
+        - debuild -us -uc
+        - cp ../passbook*.deb .
+        - ./manage.py nexus_upload --method post --url $NEXUS_URL --auth $NEXUS_AUTH --repo apt passbook*deb
+    artifacts:
+        paths:
+            - passbook*deb
+        expire_in: 2 days
+    stage: build
+    only:
+        - tags
+        - /^version/.*$/
+
+package-client-package-allauth:
+    script:
+        - cd client-packages/allauth
+        - python setup.py sdist
+        - twine upload --username $TWINE_USERNAME --password $TWINE_PASSWORD dist/*
+    stage: build
+    only:
+        refs:
+            - tags
+            - /^version/.*$/
+        changes:
+            - client-packages/allauth/**
+
+package-client-package-sentry:
+    script:
+        - cd client-packages/sentry-auth-passbook
+        - python setup.py sdist
+        - twine upload --username $TWINE_USERNAME --password $TWINE_PASSWORD dist/*
+    stage: build
+    only:
+        refs:
+            - tags
+            - /^version/.*$/
+        changes:
+            - client-packages/sentry-auth-passbook/**
 
 # docs:
 #   stage: docs
@@ -130,3 +142,16 @@ package-helm:
 #     - mkdocs build
 #     - 'rsync -avh --delete web/* "beryjuorg@ory1-web-prod-1.ory1.beryju.org:passbook.beryju.org/"'
 #     - 'rsync -avh --delete site/* "beryjuorg@ory1-web-prod-1.ory1.beryju.org:passbook.beryju.org/docs/"'
+
+# deploy:
+#   environment:
+#     name: production
+#     url: https://passbook-prod.default.k8s.beryju.org/
+#   stage: deploy
+#   only:
+#   - tags
+#   - /^version/.*$/
+#   script:
+#     - curl https://raw.githubusercontent.com/helm/helm/master/scripts/get | bash
+#     - helm init
+#     - helm upgrade passbook-prod helm/passbook --devel

.prospector.yaml

@@ -0,0 +1,13 @@
+strictness: medium
+test-warnings: true
+doc-warnings: false
+
+ignore-paths:
+  - env
+  - migrations
+  - docs
+  - node_modules
+  - client-packages
+
+uses:
+ - django

Dockerfile

@@ -6,23 +6,29 @@ COPY ./requirements.txt /app/
 
 WORKDIR /app/
 
-RUN mkdir /app/static/ && \
+RUN apt-get update && apt-get install build-essential libssl-dev libffi-dev libpq-dev -y && \
+    mkdir /app/static/ && \
     pip install -r requirements.txt && \
     pip install psycopg2 && \
-    ./manage.py collectstatic --no-input
+    ./manage.py collectstatic --no-input && \
+    apt-get remove --purge -y build-essential && \
+    apt-get autoremove --purge -y
 
 FROM python:3.6-slim-stretch
 
 COPY ./passbook/ /app/passbook
 COPY ./manage.py /app/
 COPY ./requirements.txt /app/
-COPY --from=build /app/static/* /app/static/
+COPY --from=build /app/static /app/static/
 
 WORKDIR /app/
 
-RUN pip install -r requirements.txt && \
+RUN apt-get update && apt-get install build-essential libssl-dev libffi-dev libpq-dev -y && \
+    pip install -r requirements.txt && \
     pip install psycopg2 && \
     adduser --system --home /app/ passbook && \
-    chown -R passbook /app/
+    chown -R passbook /app/ && \
+    apt-get remove --purge -y build-essential && \
+    apt-get autoremove --purge -y
 
 USER passbook

TODO

@@ -1,14 +0,0 @@
-## oauth_client
-
- - Move provider_type logic to own class, not name-based URL matching
- - add provider_type field to Provider Model
- - make Provider inherit core.application
- - Add template for popular services like github, twitter, facebook, etc
-
-## saml_idp
-
- - move certificates to Provider so each provider can have different certificates
-
-## admin
-
- - add testing page where user can supply input and let rules run against it to debug/test

client-packages/allauth/setup.py

@@ -3,7 +3,7 @@ from setuptools import setup
 
 setup(
     name='django-allauth-passbook',
-    version='1.0.0',
+    version='0.1.32-beta',
     description='passbook support for django-allauth',
     # long_description='\n'.join(read_simple('docs/index.md')[2:]),
     long_description_content_type='text/markdown',

client-packages/sentry-auth-passbook/.gitignore

@@ -0,0 +1,5 @@
+*.pyc
+*.egg-info/
+*.eggs
+/dist
+/build

client-packages/sentry-auth-passbook/.travis.yml

@@ -0,0 +1,32 @@
+sudo: false
+language: python
+services:
+  - memcached
+  - postgresql
+  - redis-server
+python:
+  - '2.7'
+cache:
+  directories:
+    - node_modules
+    - "$HOME/.cache/pip"
+deploy:
+  provider: pypi
+  user: getsentry
+  password:
+    secure: kVmxKHkBWRLYyZme05p+WZSJmb8GjHV9uyuaSCVMRlqWCW+GXRB7P1xXR2jb9URTlNdcs56Ab/UrwzCbMFGC8LmwCeFVgIR/ltytVZG2FgXZPWaeA4dH25qK2oGWgzJ/xeiMpmuJqN9hRl25MX6jG7FZKvrrOkG7+8tpPd1yO+uYWZQbnebZMjcPBqEpn7CC0hR39GSoyVAbydpMe5hwENGQM26CepcicdrelfawItoUrXrkJzBHkIQQTO/xRSbCtRJOtzI5lwtv3GP0hcbOy5tI5dhG/93pLwZRc5+dZaCaP7oaVeOcBjN0zfINRQobt8d6h2Qgvd/YyFkGi0/xKn1zMmKIVLOG6VsYwEAUq8wNOsP4A/jdm4Y0J/1oEZStCkpaGpx85TYi4kq1hWQdyqaVJSPhh4Tk4roIaS2zOYQl+nIpbHqmJ4FJrg1il+TCdjBXobATQ1mKRBUrjD+RDzH/r4ogbd8+UwvvvevpqS2K+/wgT6UD0MzDInv9S29CUQvuFhPoqyJb5XRddHMRE9EEK/2Z8tFN91sDATnqfXHgwnvu00q/nKP5JnijBPzGmx7ydgUViIukklDrlPvo9BbRJz0Vr2vbAvMTrLMLCXqi5CwTm+v+iaOf/YaCziaG2vx0eVASYjpOLCedSgRZBubPM8z4E/HMXhChN7sVDWk=
+  on:
+    tags: true
+  distributions: sdist bdist_wheel
+env:
+  global:
+    - PIP_DOWNLOAD_CACHE=".pip_download_cache"
+before_install:
+  - pip install codecov
+install:
+  - make develop
+script:
+  - PYFLAKES_NODOCTEST=1 flake8
+  - coverage run --source=. -m py.test tests
+after_success:
+  - codecov

client-packages/sentry-auth-passbook/LICENSE

@@ -0,0 +1,201 @@
+                              Apache License
+                        Version 2.0, January 2004
+                     http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+   "License" shall mean the terms and conditions for use, reproduction,
+   and distribution as defined by Sections 1 through 9 of this document.
+
+   "Licensor" shall mean the copyright owner or entity authorized by
+   the copyright owner that is granting the License.
+
+   "Legal Entity" shall mean the union of the acting entity and all
+   other entities that control, are controlled by, or are under common
+   control with that entity. For the purposes of this definition,
+   "control" means (i) the power, direct or indirect, to cause the
+   direction or management of such entity, whether by contract or
+   otherwise, or (ii) ownership of fifty percent (50%) or more of the
+   outstanding shares, or (iii) beneficial ownership of such entity.
+
+   "You" (or "Your") shall mean an individual or Legal Entity
+   exercising permissions granted by this License.
+
+   "Source" form shall mean the preferred form for making modifications,
+   including but not limited to software source code, documentation
+   source, and configuration files.
+
+   "Object" form shall mean any form resulting from mechanical
+   transformation or translation of a Source form, including but
+   not limited to compiled object code, generated documentation,
+   and conversions to other media types.
+
+   "Work" shall mean the work of authorship, whether in Source or
+   Object form, made available under the License, as indicated by a
+   copyright notice that is included in or attached to the work
+   (an example is provided in the Appendix below).
+
+   "Derivative Works" shall mean any work, whether in Source or Object
+   form, that is based on (or derived from) the Work and for which the
+   editorial revisions, annotations, elaborations, or other modifications
+   represent, as a whole, an original work of authorship. For the purposes
+   of this License, Derivative Works shall not include works that remain
+   separable from, or merely link (or bind by name) to the interfaces of,
+   the Work and Derivative Works thereof.
+
+   "Contribution" shall mean any work of authorship, including
+   the original version of the Work and any modifications or additions
+   to that Work or Derivative Works thereof, that is intentionally
+   submitted to Licensor for inclusion in the Work by the copyright owner
+   or by an individual or Legal Entity authorized to submit on behalf of
+   the copyright owner. For the purposes of this definition, "submitted"
+   means any form of electronic, verbal, or written communication sent
+   to the Licensor or its representatives, including but not limited to
+   communication on electronic mailing lists, source code control systems,
+   and issue tracking systems that are managed by, or on behalf of, the
+   Licensor for the purpose of discussing and improving the Work, but
+   excluding communication that is conspicuously marked or otherwise
+   designated in writing by the copyright owner as "Not a Contribution."
+
+   "Contributor" shall mean Licensor and any individual or Legal Entity
+   on behalf of whom a Contribution has been received by Licensor and
+   subsequently incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   copyright license to reproduce, prepare Derivative Works of,
+   publicly display, publicly perform, sublicense, and distribute the
+   Work and such Derivative Works in Source or Object form.
+
+3. Grant of Patent License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   (except as stated in this section) patent license to make, have made,
+   use, offer to sell, sell, import, and otherwise transfer the Work,
+   where such license applies only to those patent claims licensable
+   by such Contributor that are necessarily infringed by their
+   Contribution(s) alone or by combination of their Contribution(s)
+   with the Work to which such Contribution(s) was submitted. If You
+   institute patent litigation against any entity (including a
+   cross-claim or counterclaim in a lawsuit) alleging that the Work
+   or a Contribution incorporated within the Work constitutes direct
+   or contributory patent infringement, then any patent licenses
+   granted to You under this License for that Work shall terminate
+   as of the date such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the
+   Work or Derivative Works thereof in any medium, with or without
+   modifications, and in Source or Object form, provided that You
+   meet the following conditions:
+
+   (a) You must give any other recipients of the Work or
+       Derivative Works a copy of this License; and
+
+   (b) You must cause any modified files to carry prominent notices
+       stating that You changed the files; and
+
+   (c) You must retain, in the Source form of any Derivative Works
+       that You distribute, all copyright, patent, trademark, and
+       attribution notices from the Source form of the Work,
+       excluding those notices that do not pertain to any part of
+       the Derivative Works; and
+
+   (d) If the Work includes a "NOTICE" text file as part of its
+       distribution, then any Derivative Works that You distribute must
+       include a readable copy of the attribution notices contained
+       within such NOTICE file, excluding those notices that do not
+       pertain to any part of the Derivative Works, in at least one
+       of the following places: within a NOTICE text file distributed
+       as part of the Derivative Works; within the Source form or
+       documentation, if provided along with the Derivative Works; or,
+       within a display generated by the Derivative Works, if and
+       wherever such third-party notices normally appear. The contents
+       of the NOTICE file are for informational purposes only and
+       do not modify the License. You may add Your own attribution
+       notices within Derivative Works that You distribute, alongside
+       or as an addendum to the NOTICE text from the Work, provided
+       that such additional attribution notices cannot be construed
+       as modifying the License.
+
+   You may add Your own copyright statement to Your modifications and
+   may provide additional or different license terms and conditions
+   for use, reproduction, or distribution of Your modifications, or
+   for any such Derivative Works as a whole, provided Your use,
+   reproduction, and distribution of the Work otherwise complies with
+   the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise,
+   any Contribution intentionally submitted for inclusion in the Work
+   by You to the Licensor shall be under the terms and conditions of
+   this License, without any additional terms or conditions.
+   Notwithstanding the above, nothing herein shall supersede or modify
+   the terms of any separate license agreement you may have executed
+   with Licensor regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade
+   names, trademarks, service marks, or product names of the Licensor,
+   except as required for reasonable and customary use in describing the
+   origin of the Work and reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or
+   agreed to in writing, Licensor provides the Work (and each
+   Contributor provides its Contributions) on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+   implied, including, without limitation, any warranties or conditions
+   of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+   PARTICULAR PURPOSE. You are solely responsible for determining the
+   appropriateness of using or redistributing the Work and assume any
+   risks associated with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory,
+   whether in tort (including negligence), contract, or otherwise,
+   unless required by applicable law (such as deliberate and grossly
+   negligent acts) or agreed to in writing, shall any Contributor be
+   liable to You for damages, including any direct, indirect, special,
+   incidental, or consequential damages of any character arising as a
+   result of this License or out of the use or inability to use the
+   Work (including but not limited to damages for loss of goodwill,
+   work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses), even if such Contributor
+   has been advised of the possibility of such damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing
+   the Work or Derivative Works thereof, You may choose to offer,
+   and charge a fee for, acceptance of support, warranty, indemnity,
+   or other liability obligations and/or rights consistent with this
+   License. However, in accepting such obligations, You may act only
+   on Your own behalf and on Your sole responsibility, not on behalf
+   of any other Contributor, and only if You agree to indemnify,
+   defend, and hold each Contributor harmless for any liability
+   incurred by, or claims asserted against, such Contributor by reason
+   of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+   To apply the Apache License to your work, attach the following
+   boilerplate notice, with the fields enclosed by brackets "[]"
+   replaced with your own identifying information. (Don't include
+   the brackets!)  The text should be enclosed in the appropriate
+   comment syntax for the file format. We also recommend that a
+   file or class name and description of purpose be included on the
+   same "printed page" as the copyright notice for easier
+   identification within third-party archives.
+
+Copyright 2016 Functional Software, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

client-packages/sentry-auth-passbook/MANIFEST.in

@@ -0,0 +1,3 @@
+include setup.py package.json webpack.config.js README.rst MANIFEST.in LICENSE AUTHORS
+recursive-include sentry_auth_supervisr/templates *
+global-exclude *~

client-packages/sentry-auth-passbook/Makefile

@@ -0,0 +1,26 @@
+.PHONY: clean develop install-tests lint publish test
+
+develop:
+	pip install "pip>=7"
+	pip install -e .
+	make install-tests
+
+install-tests:
+	pip install .[tests]
+
+lint:
+	@echo "--> Linting python"
+	flake8
+	@echo ""
+
+test:
+	@echo "--> Running Python tests"
+	py.test tests || exit 1
+	@echo ""
+
+publish:
+	python setup.py sdist bdist_wheel upload
+
+clean:
+	rm -rf *.egg-info src/*.egg-info
+	rm -rf dist build

client-packages/sentry-auth-passbook/README.rst

@@ -0,0 +1,55 @@
+GitHub Auth for Sentry
+======================
+
+An SSO provider for Sentry which enables GitHub organization-restricted authentication.
+
+Install
+-------
+
+::
+
+    $ pip install https://github.com/getsentry/sentry-auth-github/archive/master.zip
+
+Setup
+-----
+
+Create a new application under your organization in GitHub. Enter the **Authorization
+callback URL** as the prefix to your Sentry installation:
+
+::
+
+    https://example.sentry.com
+
+
+Once done, grab your API keys and drop them in your ``sentry.conf.py``:
+
+.. code-block:: python
+
+    GITHUB_APP_ID = ""
+
+    GITHUB_API_SECRET = ""
+
+
+Verified email addresses can optionally be required:
+
+.. code-block:: python
+
+    GITHUB_REQUIRE_VERIFIED_EMAIL = True
+
+
+Optionally you may also specify the domain (for GHE users):
+
+.. code-block:: python
+
+    GITHUB_BASE_DOMAIN = "git.example.com"
+
+    GITHUB_API_DOMAIN = "api.git.example.com"
+
+
+If Subdomain isolation is disabled in GHE:
+
+.. code-block:: python
+
+    GITHUB_BASE_DOMAIN = "git.example.com"
+
+    GITHUB_API_DOMAIN = "git.example.com/api/v3"

client-packages/sentry-auth-passbook/conftest.py

@@ -0,0 +1,14 @@
+from __future__ import absolute_import
+
+# Run tests against sqlite for simplicity
+import os
+import os.path
+import sys
+
+sys.path.insert(0, os.path.join(os.path.dirname(__file__)))
+
+os.environ.setdefault('DB', 'sqlite')
+
+pytest_plugins = [
+    'sentry.utils.pytest'
+]

client-packages/sentry-auth-passbook/sentry_auth_passbook/__init__.py

@@ -0,0 +1,7 @@
+from __future__ import absolute_import
+
+from sentry.auth import register
+
+from .provider import PassbookOAuth2Provider
+
+register('passbook', PassbookOAuth2Provider)

client-packages/sentry-auth-passbook/sentry_auth_passbook/client.py

@@ -0,0 +1,45 @@
+from __future__ import absolute_import, print_function
+
+from requests.exceptions import RequestException
+
+from sentry import http
+from sentry.utils import json
+
+from .constants import BASE_DOMAIN
+
+
+class PassbookApiError(Exception):
+    def __init__(self, message='', status=0):
+        super(PassbookApiError, self).__init__(message)
+        self.status = status
+
+
+class PassbookClient(object):
+    def __init__(self, client_id, client_secret):
+        self.client_id = client_id
+        self.client_secret = client_secret
+        self.http = http.build_session()
+
+    def _request(self, path, access_token):
+        params = {
+            'client_id': self.client_id,
+            'client_secret': self.client_secret,
+        }
+
+        headers = {
+            'Authorization': 'Bearer {0}'.format(access_token),
+        }
+
+        try:
+            req = self.http.get('https://{0}/{1}'.format(BASE_DOMAIN, path.lstrip('/')),
+                params=params,
+                headers=headers,
+            )
+        except RequestException as e:
+            raise PassbookApiError(unicode(e), status=getattr(e, 'status_code', 0))
+        if req.status_code < 200 or req.status_code >= 300:
+            raise PassbookApiError(req.content, status=req.status_code)
+        return json.loads(req.content)
+
+    def get_user(self, access_token):
+        return self._request('/api/v1/openid/', access_token)

client-packages/sentry-auth-passbook/sentry_auth_passbook/constants.py

@@ -0,0 +1,14 @@
+from __future__ import absolute_import, print_function
+
+from django.conf import settings
+
+CLIENT_ID = getattr(settings, 'PASSBOOK_APP_ID', None)
+
+CLIENT_SECRET = getattr(settings, 'PASSBOOK_API_SECRET', None)
+
+SCOPE = 'openid:userinfo'
+
+BASE_DOMAIN = getattr(settings, 'PASSBOOK_BASE_DOMAIN', 'id.beryju.org')
+
+ACCESS_TOKEN_URL = 'https://{0}/application/oauth/token/'.format(BASE_DOMAIN)
+AUTHORIZE_URL = 'https://{0}/application/oauth/authorize/'.format(BASE_DOMAIN)

client-packages/sentry-auth-passbook/sentry_auth_passbook/provider.py

@@ -0,0 +1,62 @@
+from __future__ import absolute_import, print_function
+
+from sentry.auth.exceptions import IdentityNotValid
+from sentry.auth.providers.oauth2 import (OAuth2Callback, OAuth2Login,
+                                          OAuth2Provider)
+
+from .client import PassbookApiError, PassbookClient
+from .constants import (ACCESS_TOKEN_URL, AUTHORIZE_URL, CLIENT_ID,
+                        CLIENT_SECRET, SCOPE)
+from .views import FetchUser, PassbookConfigureView
+
+
+class PassbookOAuth2Provider(OAuth2Provider):
+    access_token_url = ACCESS_TOKEN_URL
+    authorize_url = AUTHORIZE_URL
+    name = 'Passbook'
+    client_id = CLIENT_ID
+    client_secret = CLIENT_SECRET
+
+    def __init__(self, **config):
+        super(PassbookOAuth2Provider, self).__init__(**config)
+
+    def get_configure_view(self):
+        return PassbookConfigureView.as_view()
+
+    def get_auth_pipeline(self):
+        return [
+            OAuth2Login(
+                authorize_url=self.authorize_url,
+                client_id=self.client_id,
+                scope=SCOPE,
+            ),
+            OAuth2Callback(
+                access_token_url=self.access_token_url,
+                client_id=self.client_id,
+                client_secret=self.client_secret,
+            ),
+            FetchUser(
+                client_id=self.client_id,
+                client_secret=self.client_secret,
+            ),
+        ]
+
+    def get_refresh_token_url(self):
+        return ACCESS_TOKEN_URL
+
+    def build_identity(self, state):
+        data = state['data']
+        user_data = state['user']
+        return {
+            'id': user_data['email'],
+            'email': user_data['email'],
+            'name': user_data['name'],
+            'data': self.get_oauth_data(data),
+        }
+
+    def build_config(self, state):
+        return {}
+
+    def refresh_identity(self, auth_identity):
+        client = PassbookClient(self.client_id, self.client_secret)
+        access_token = auth_identity.data['access_token']

client-packages/sentry-auth-passbook/sentry_auth_passbook/views.py

@@ -0,0 +1,75 @@
+from __future__ import absolute_import, print_function
+
+from django import forms
+
+from sentry.auth.view import AuthView, ConfigureView
+from sentry.models import AuthIdentity
+
+from .client import PassbookClient
+
+
+def _get_name_from_email(email):
+    """
+    Given an email return a capitalized name. Ex. john.smith@example.com would return John Smith.
+    """
+    name = email.rsplit('@', 1)[0]
+    name = ' '.join([n_part.capitalize() for n_part in name.split('.')])
+    return name
+
+
+class FetchUser(AuthView):
+    def __init__(self, client_id, client_secret, *args, **kwargs):
+        self.client = PassbookClient(client_id, client_secret)
+        super(FetchUser, self).__init__(*args, **kwargs)
+
+    def handle(self, request, helper):
+        access_token = helper.fetch_state('data')['access_token']
+
+        user = self.client.get_user(access_token)
+
+        # A user hasn't set their name in their Passbook profile so it isn't
+        # populated in the response
+        if not user.get('name'):
+            user['name'] = _get_name_from_email(user['email'])
+
+        helper.bind_state('user', user)
+
+        return helper.next_step()
+
+
+class ConfirmEmailForm(forms.Form):
+    email = forms.EmailField(label='Email')
+
+
+class ConfirmEmail(AuthView):
+    def handle(self, request, helper):
+        user = helper.fetch_state('user')
+
+        # TODO(dcramer): this isnt ideal, but our current flow doesnt really
+        # support this behavior;
+        try:
+            auth_identity = AuthIdentity.objects.select_related('user').get(
+                auth_provider=helper.auth_provider,
+                ident=user['id'],
+            )
+        except AuthIdentity.DoesNotExist:
+            pass
+        else:
+            user['email'] = auth_identity.user.email
+
+        if user.get('email'):
+            return helper.next_step()
+
+        form = ConfirmEmailForm(request.POST or None)
+        if form.is_valid():
+            user['email'] = form.cleaned_data['email']
+            helper.bind_state('user', user)
+            return helper.next_step()
+
+        return self.respond('sentry_auth_passbook/enter-email.html', {
+            'form': form,
+        })
+
+class PassbookConfigureView(ConfigureView):
+    def dispatch(self, request, organization, auth_provider):
+        return self.render('sentry_auth_passbook/configure.html')

client-packages/sentry-auth-passbook/setup.cfg

@@ -0,0 +1,12 @@
+[wheel]
+universal = 1
+
+[pytest]
+python_files = test*.py
+addopts = --tb=native -p no:doctest
+norecursedirs = bin dist docs htmlcov script hooks node_modules .* {args}
+
+[flake8]
+ignore = F999,E501,E128,E124,E402,W503,E731,C901
+max-line-length = 100
+exclude = .tox,.git,*/migrations/*,node_modules/*,docs/*

client-packages/sentry-auth-passbook/setup.py

@@ -0,0 +1,45 @@
+#!/usr/bin/env python
+"""
+sentry-auth-passbook
+==================
+
+:copyright: (c) 2016 Functional Software, Inc
+"""
+from setuptools import find_packages, setup
+
+install_requires = [
+    'sentry>=7.0.0',
+]
+
+tests_require = [
+    'mock',
+    'flake8>=2.0,<2.1',
+]
+
+setup(
+    name='sentry-auth-passbook',
+    version='0.1.32-beta',
+    author='BeryJu.org',
+    author_email='support@beryju.org',
+    url='https://passbook.beryju.org',
+    description='passbook authentication provider for Sentry',
+    long_description=__doc__,
+    license='MIT',
+    packages=find_packages(exclude=['tests']),
+    zip_safe=False,
+    install_requires=install_requires,
+    tests_require=tests_require,
+    extras_require={'tests': tests_require},
+    include_package_data=True,
+    entry_points={
+        'sentry.apps': [
+            'auth_passbook = sentry_auth_passbook',
+        ],
+    },
+    classifiers=[
+        'Intended Audience :: Developers',
+        'Intended Audience :: System Administrators',
+        'Operating System :: OS Independent',
+        'Topic :: Software Development'
+    ],
+)

client-packages/sentry-auth-passbook/tests/test_provider.py

@@ -0,0 +1,6 @@
+from sentry.testutils import TestCase
+
+
+class GitHubOAuth2ProviderTest(TestCase):
+    def test_simple(self):
+        pass

client-packages/sentry-auth-passbook/tests/test_views.py

@@ -0,0 +1,17 @@
+from __future__ import absolute_import, print_function
+
+import pytest
+from sentry_auth_sentry.views import _get_name_from_email
+
+expected_data = [
+    ('john.smith@example.com', 'John Smith'),
+    ('john@example.com', 'John'),
+    ('XYZ-234=3523@example.com', 'Xyz-234=3523'),
+    ('XYZ.1111@example.com', 'Xyz 1111'),
+    ('JOHN@example.com', 'John'),
+]
+
+
+@pytest.mark.parametrize("email,expected_name", expected_data)
+def test_get_name_from_email(email, expected_name):
+    assert _get_name_from_email(email) == expected_name

debian/changelog

@@ -0,0 +1,240 @@
+passbook (0.1.32) stable; urgency=medium
+
+  * bump version: 0.1.30-beta -> 0.1.31-beta
+  * automatically add response_type if not given in OAuth Request
+
+ -- Jens Langhammer <jens.langhammer@beryju.org>  Wed, 17 Apr 2019 12:25:58 +0000
+
+passbook (0.1.31) stable; urgency=medium
+
+  * bump version: 0.1.29-beta -> 0.1.30-beta
+  * allow setting authentication_header to empty string (disabling the header)
+  * use global urllib Pools
+  * try to fix app_gw being null
+  * only enable sentry when not DEBUG
+  * move logging to separate thread
+  * move actual proxying logic to separate class
+  * remove logging to increase speed, add more caching to policy and rewriter
+
+ -- Jens Langhammer <jens.langhammer@beryju.org>  Sat, 13 Apr 2019 15:56:55 +0000
+
+passbook (0.1.30) stable; urgency=medium
+
+  * bump version: 0.1.28-beta -> 0.1.29-beta
+  * don't use context manager in web command
+
+ -- Jens Langhammer <jens.langhammer@beryju.org>  Thu, 11 Apr 2019 12:21:58 +0000
+
+passbook (0.1.29) stable; urgency=medium
+
+  * bump version: 0.1.27-beta -> 0.1.28-beta
+  * Add libpq-dev dependency so psycopg2 build works
+  * switch to whitenoise for static files
+  * replace cherrypy with daphne
+  * Run collectstatic before coverage, use autoreload on celery worker
+
+ -- Jens Langhammer <jens.langhammer@beryju.org>  Thu, 11 Apr 2019 12:00:27 +0000
+
+passbook (0.1.28) stable; urgency=medium
+
+  * bump version: 0.1.26-beta -> 0.1.27-beta
+  * fix allauth client's formatting
+  * switch from raven to sentry_sdk
+  * add ability to have non-expiring nonces, clean up expired nonces
+  * fully remove raven and switch WSGI and logging to sentry_sdk
+  * fix failing CI
+  * trigger autoreload from config files
+  * Choose upstream more cleverly
+  * Move code from django-revproxy to app_gw to fix cookie bug
+  * Implement websocket proxy
+  * switch kubernetes deployment to daphne server
+  * set default log level to warn, fix clean_nonces not working
+
+ -- Jens Langhammer <jens.langhammer@beryju.org>  Thu, 11 Apr 2019 08:46:44 +0000
+
+passbook (0.1.27) stable; urgency=medium
+
+  * bump version: 0.1.25-beta -> 0.1.26-beta
+  * fix broken app_gw
+
+ -- Jens Langhammer <jens.langhammer@beryju.org>  Fri, 22 Mar 2019 13:50:31 +0000
+
+passbook (0.1.26) stable; urgency=medium
+
+  * bump version: 0.1.24-beta -> 0.1.25-beta
+  * always parse url instead of once
+  * validate upstream in form
+  * add custom template views
+
+ -- Jens Langhammer <jens.langhammer@beryju.org>  Fri, 22 Mar 2019 11:47:08 +0000
+
+passbook (0.1.25) stable; urgency=medium
+
+  * initial implementation of reverse proxy, using django-revproxy from within a middleware
+  * fix TypeError: can only concatenate list (not "str") to list
+  * bump version: 0.1.23-beta -> 0.1.24-beta
+  * add redis dependency back in for caching
+  * utilise cache in PolicyEngine
+  * explicitly use redis db
+  * invalidate cache when policy is saved
+  * add redis as service in CI for unittests
+  * add timeout field to policy to prevent stuck policies
+  * Don't use LoginRequired for PermissionDenied View
+  * Check for policies in app_gw
+  * Better handle policy timeouts
+  * cleanup post-migration mess
+  * prevent ZeroDivisionError
+  * Redirect to login on reverse proxy
+  * cleanup property_mapping list
+  * add compiled regex to RewriteRule
+  * implement actual Rewriting logic
+  * Invalidate cache when ApplicationGateway instance is saved
+  * validate server_name in form
+
+ -- Jens Langhammer <jens.langhammer@beryju.org>  Thu, 21 Mar 2019 15:47:58 +0000
+
+passbook (0.1.24) stable; urgency=medium
+
+  * bump version: 0.1.22-beta -> 0.1.23-beta
+  * add modal for OAuth Providers showing the URLs
+  * remove user field from form. Closes #32
+
+ -- Jens Langhammer <jens.langhammer@beryju.org>  Wed, 20 Mar 2019 21:59:21 +0000
+
+passbook (0.1.23) stable; urgency=medium
+
+  * add support for OpenID-Connect Discovery
+
+ -- Jens Langhammer <jens.langhammer@beryju.org>  Thu, 18 Mar 2019 20:19:27 +0000
+
+passbook (0.1.22) stable; urgency=medium
+
+  * bump version: 0.1.20-beta -> 0.1.21-beta
+  * fix missing debug template
+  * move icons to single folder, cleanup
+  * fix layout when on mobile viewport and scrolling
+  * fix delete form not working
+  * point to correct icons
+  * add Azure AD Source
+  * Fix OAuth Client's disconnect view having invalid URL names
+
+ -- Jens Langhammer <jens.langhammer@beryju.org>  Thu, 14 Mar 2019 20:19:27 +0000
+
+passbook (0.1.21) stable; urgency=medium
+
+  * bump version: 0.1.19-beta -> 0.1.20-beta
+  * add request debug view
+  * detect HTTPS from reverse proxy
+
+ -- Jens Langhammer <jens.langhammer@beryju.org>  Thu, 14 Mar 2019 17:01:49 +0000
+
+passbook (0.1.20) stable; urgency=medium
+
+  * bump version: 0.1.18-beta -> 0.1.19-beta
+  * fix GitHub Pretend again
+  * add user settings for Sources
+
+ -- Jens Langhammer <jens.langhammer@beryju.org>  Wed, 13 Mar 2019 15:49:44 +0000
+
+passbook (0.1.18) stable; urgency=medium
+
+  * bump version: 0.1.16-beta -> 0.1.17-beta
+  * fix Server Error when downloading metadata
+  * add sentry client
+  * fix included yaml file
+  * adjust versions for client packages, auto build client-packages
+  * bump version: 0.1.17-beta -> 0.1.18-beta
+  * fix API Call for sentry-client, add missing template
+  * fix GitHub Pretend throwing a 500 error
+
+ -- Jens Langhammer <jens.langhammer@beryju.org>  Wed, 13 Mar 2019 14:14:10 +0000
+
+passbook (0.1.17) stable; urgency=medium
+
+  * bump version: 0.1.15-beta -> 0.1.16-beta
+  * remove Application.user_is_authorized
+  * don't use celery heartbeat, use TCP keepalive instead
+  * switch to vertical navigation
+
+ -- Jens Langhammer <jens.langhammer@beryju.org>  Tue, 12 Mar 2019 14:54:27 +0000
+
+passbook (0.1.16) stable; urgency=medium
+
+  * Replace redis with RabbitMQ
+  * updated debian package to suggest RabbitMQ
+  * update helm chart to require RabbitMQ
+  * fix invalid default config in debian package
+
+ -- Jens Langhammer <jens.langhammer@beryju.org>  Mon, 11 Mar 2019 10:28:36 +0000
+
+passbook (0.1.14) stable; urgency=medium
+
+  * bump version: 0.1.11-beta -> 0.1.12-beta
+  * Fix DoesNotExist error when running PolicyEngine against None user
+  * allow custom email server for helm installs
+  * fix UserChangePasswordView not requiring Login
+
+ -- Jens Langhammer <jens.langhammer@beryju.org>  Mon, 11 Mar 2019 10:28:36 +0000
+
+passbook (0.1.12) stable; urgency=medium
+
+  * bump version: 0.1.10-beta -> 0.1.11-beta
+  * rewrite PasswordFactor to use backends setting instead of trying all backends
+  * install updated helm release from local folder
+  * disable automatic k8s deployment for now
+  * fix OAuth Authorization View not requiring authentication
+
+ -- Jens Langhammer <jens.langhammer@beryju.org>  Mon, 11 Mar 2019 08:50:29 +0000
+
+passbook (0.1.11) stable; urgency=medium
+
+  * add group administration
+  * bump version: 0.1.9-beta -> 0.1.10-beta
+  * fix helm labels being on deployments and not pods
+  * automatically deploy after release
+  * use Django's Admin FilteredSelectMultiple for Group Membership
+  * always use FilteredSelectMultiple for many-to-many fields
+  * Add Group Member policy
+  * add LDAP Group Membership Policy
+
+ -- Jens Langhammer <jens.langhammer@beryju.org>  Sun, 10 Mar 2019 18:55:31 +0000
+
+passbook (0.1.10) stable; urgency=high
+
+  * bump version: 0.1.7-beta -> 0.1.8-beta
+  * consistently using PolicyEngine
+  * add more Verbosity to PolicyEngine, rewrite SAML Authorisation check
+  * slightly refactor Factor View, add more unittests
+  * add impersonation middleware, add to templates
+  * bump version: 0.1.8-beta -> 0.1.9-beta
+  * fix k8s service routing http traffic to workers
+  * Fix button on policy test page
+  * better show loading state when testing a policy
+
+ -- Jens Langhammer <jens.langhammer@beryju.org>  Sun, 10 Mar 2019 14:52:40 +0000
+
+passbook (0.1.7) stable; urgency=medium
+
+  * bump version: 0.1.3-beta -> 0.1.4-beta
+  * implicitly add kubernetes-healthcheck-host in helm configmap
+  * fix debian build (again)
+  * add PropertyMapping Model, add Subclass for SAML, test with AWS
+  * add custom DynamicArrayField to better handle arrays
+  * format data before inserting it
+  * bump version: 0.1.4-beta -> 0.1.5-beta
+  * fix static files missing for debian package
+  * fix password not getting set on user import
+  * remove audit's login attempt
+  * add passing property to PolicyEngine
+  * fix captcha factor not loading keys from Factor class
+  * bump version: 0.1.5-beta -> 0.1.6-beta
+  * fix MATCH_EXACT not working as intended
+  * Improve access control for saml
+
+ -- Jens Langhammer <jens.langhammer@beryju.org>  Fri, 08 Mar 2019 20:37:05 +0000
+
+passbook (0.1.4) stable; urgency=medium
+
+  * initial debian package release
+
+ -- Jens Langhammer <jens.langhammer@beryju.org>  Wed, 06 Mar 2019 18:22:41 +0000

debian/compat

@@ -0,0 +1 @@
+10

debian/config

@@ -0,0 +1,20 @@
+#!/bin/sh
+# config maintainer script for passbook
+set -e
+
+# source debconf stuff
+. /usr/share/debconf/confmodule
+
+dbc_first_version=1.0.0
+dbc_dbuser=passbook
+dbc_dbname=passbook
+
+# source dbconfig-common shell library, and call the hook function
+if [ -f /usr/share/dbconfig-common/dpkg/config.pgsql ]; then
+    . /usr/share/dbconfig-common/dpkg/config.pgsql
+    dbc_go passbook "$@"
+fi
+
+#DEBHELPER#
+
+exit 0

debian/control

@@ -0,0 +1,14 @@
+Source: passbook
+Section: admin
+Priority: optional
+Maintainer: BeryJu.org <support@beryju.org>
+Uploaders: Jens Langhammer <jens@beryju.org>, BeryJu.org <support@beryju.org>
+Build-Depends: debhelper (>= 10), dh-systemd (>= 1.5), dh-exec, wget, dh-exec, python3 (>= 3.5) | python3.6 | python3.7, libpq-dev
+Standards-Version: 3.9.6
+
+Package: passbook
+Architecture: all
+Recommends: mysql-server, rabbitmq-server, redis-server
+Pre-Depends: adduser, libldap2-dev, libsasl2-dev
+Depends: python3 (>= 3.5) | python3.6 | python3.7, python3-pip, dbconfig-pgsql | dbconfig-no-thanks, ${misc:Depends}
+Description: Authentication Provider/Proxy supporting protocols like SAML, OAuth, LDAP and more.

debian/copyright

@@ -0,0 +1,22 @@
+MIT License
+
+Copyright (c) 2019 BeryJu.org
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+

debian/dirs

@@ -0,0 +1,4 @@
+etc/passbook/
+etc/passbook/config.d/
+var/log/passbook/
+usr/share/passbook/

debian/etc/passbook/config.yml

@@ -0,0 +1,81 @@
+http:
+    host: 0.0.0.0
+    port: 8000
+secret_key_file: /etc/passbook/secret_key
+log:
+    level:
+        console: INFO
+        file: DEBUG
+    file: /var/log/passbook/passbook.log
+debug: false
+secure_proxy_header:
+  HTTP_X_FORWARDED_PROTO: https
+rabbitmq: guest:guest@localhost/passbook
+redis: localhost/0
+
+# Error reporting, sends stacktrace to sentry.services.beryju.org
+error_report_enabled: true
+
+primary_domain: passbook.local
+
+passbook:
+  sign_up:
+    # Enables signup, created users are stored in internal Database and created in LDAP if ldap.create_users is true
+    enabled: true
+  password_reset:
+    # Enable password reset, passwords are reset in internal Database and in LDAP if ldap.reset_password is true
+    enabled: true
+    # Verification the user has to provide in order to be able to reset passwords. Can be any combination of `email`, `2fa`, `security_questions`
+    verification:
+      - email
+  # Text used in title, on login page and multiple other places
+  branding: passbook
+  login:
+    # Override URL used for logo
+    logo_url: null
+    # Override URL used for Background on Login page
+    bg_url: null
+    # Optionally add a subtext, placed below logo on the login page
+    subtext: null
+  footer:
+    links:
+      # Optionally add links to the footer on the login page
+      #  - name: test
+      #    href: https://test
+  # Specify which fields can be used to authenticate. Can be any combination of `username` and `email`
+  uid_fields:
+    - username
+    - email
+  session:
+    remember_age: 2592000 # 60 * 60 * 24 * 30, one month
+# Provider-specific settings
+ldap:
+  # Which field from `uid_fields` maps to which LDAP Attribute
+  login_field_map:
+    username: sAMAccountName
+    email: mail # or userPrincipalName
+  user_attribute_map:
+    active_directory:
+      username: "%(sAMAccountName)s"
+      email: "%(mail)s"
+      name: "%(displayName)"
+oauth_client:
+  # List of python packages with sources types to load.
+  types:
+    - passbook.oauth_client.source_types.discord
+    - passbook.oauth_client.source_types.facebook
+    - passbook.oauth_client.source_types.github
+    - passbook.oauth_client.source_types.google
+    - passbook.oauth_client.source_types.reddit
+    - passbook.oauth_client.source_types.supervisr
+    - passbook.oauth_client.source_types.twitter
+saml_idp:
+  # List of python packages with provider types to load.
+  types:
+    - passbook.saml_idp.processors.generic
+    - passbook.saml_idp.processors.aws
+    - passbook.saml_idp.processors.gitlab
+    - passbook.saml_idp.processors.nextcloud
+    - passbook.saml_idp.processors.salesforce
+    - passbook.saml_idp.processors.shibboleth
+    - passbook.saml_idp.processors.wordpress_orange

debian/gbp.conf

@@ -0,0 +1,2 @@
+[buildpackage]
+export-dir=../build-area

debian/install

@@ -0,0 +1,8 @@
+passbook		/usr/share/passbook/
+static			/usr/share/passbook/
+manage.py		/usr/share/passbook/
+passbook.sh		/usr/share/passbook/
+vendor			/usr/share/passbook/
+
+debian/etc/passbook								/etc/
+debian/templates/database.yml					/usr/share/passbook/

debian/passbook-worker.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=passbook - Authentication Provider/Proxy (Background worker)
+After=network.target
+Requires=network.target
+
+[Service]
+User=passbook
+Group=passbook
+WorkingDirectory=/usr/share/passbook
+Type=simple
+ExecStart=/usr/share/passbook/passbook.sh worker
+
+[Install]
+WantedBy=multi-user.target

debian/passbook.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=passbook - Authentication Provider/Proxy
+After=network.target
+Requires=network.target
+
+[Service]
+User=passbook
+Group=passbook
+WorkingDirectory=/usr/share/passbook
+Type=simple
+ExecStart=/usr/share/passbook/passbook.sh web
+
+[Install]
+WantedBy=multi-user.target

debian/postinst

@@ -0,0 +1,36 @@
+#!/bin/bash
+
+set -e
+
+. /usr/share/debconf/confmodule
+. /usr/share/dbconfig-common/dpkg/postinst.pgsql
+
+# you can set the default database encoding to something else
+dbc_pgsql_createdb_encoding="UTF8"
+dbc_generate_include=template:/etc/passbook/config.d/database.yml
+dbc_generate_include_args="-o template_infile=/usr/share/passbook/database.yml"
+dbc_go passbook "$@"
+
+if [ -z "`getent group passbook`" ]; then
+	addgroup --quiet --system passbook
+fi
+if [ -z "`getent passwd passbook`" ]; then
+	echo " * Creating user and group passbook..."
+	adduser --quiet --system --home /usr/share/passbook --shell /bin/false --ingroup passbook --disabled-password --disabled-login --gecos "passbook User" passbook  >> /var/log/passbook/passbook.log 2>&1
+fi
+echo " * Updating binary packages (psycopg2)"
+python3 -m pip install --target=/usr/share/passbook/vendor/ --no-cache-dir --upgrade --force-reinstall psycopg2 >> /var/log/passbook/passbook.log 2>&1
+if [ ! -f '/etc/passbook/secret_key' ]; then
+	echo " * Generating Secret Key"
+	python3 -c 'import random; result = "".join([random.choice("abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)") for i in range(50)]); print(result)' > /etc/passbook/secret_key 2> /dev/null
+fi
+chown -R passbook: /usr/share/passbook/
+chown -R passbook: /etc/passbook/
+chown -R passbook: /var/log/passbook/
+chmod 440 /etc/passbook/secret_key
+echo " * Running Database Migration"
+/usr/share/passbook/passbook.sh migrate
+echo " * A superuser can be created with this command '/usr/share/passbook/passbook.sh createsuperuser'"
+echo " * You should probably also adjust your settings in '/etc/passbook/config.yml'"
+
+#DEBHELPER#

debian/postrm

@@ -0,0 +1,24 @@
+#!/bin/sh
+
+set -e
+
+if [ -f /usr/share/debconf/confmodule ]; then
+    . /usr/share/debconf/confmodule
+fi
+if [ -f /usr/share/dbconfig-common/dpkg/postrm.pgsql ]; then
+    . /usr/share/dbconfig-common/dpkg/postrm.pgsql
+    dbc_go passbook "$@"
+fi
+
+
+if [ "$1" = "purge" ]; then
+    if which ucf >/dev/null 2>&1; then
+        ucf --purge /etc/passbook/config.d/database.yml
+        ucfr --purge passbook /etc/passbook/config.d/database.yml
+    fi
+    rm -rf /etc/passbook/
+    rm -rf /usr/share/passbook/
+fi
+
+#DEBHELPER#
+

debian/prerm

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -e
+
+. /usr/share/debconf/confmodule
+. /usr/share/dbconfig-common/dpkg/prerm.pgsql
+dbc_go passbook "$@"
+
+#DEBHELPER#
+

debian/rules

@@ -0,0 +1,27 @@
+#!/usr/bin/make -f
+
+# Uncomment this to turn on verbose mode.
+# export DH_VERBOSE=1
+
+%:
+	dh $@ --with=systemd
+
+build-arch:
+	python3 -m pip install setuptools
+	python3 -m pip install --target=vendor/ -r requirements.txt
+
+override_dh_strip:
+	dh_strip --exclude=psycopg2
+
+override_dh_shlibdeps:
+	dh_shlibdeps --exclude=psycopg2
+
+override_dh_installinit:
+	dh_installinit --name=passbook
+	dh_installinit --name=passbook-worker
+	dh_systemd_enable --name=passbook
+	dh_systemd_enable --name=passbook-worker
+	dh_systemd_start
+
+# override_dh_usrlocal to do nothing
+override_dh_usrlocal:

debian/source/format

@@ -0,0 +1 @@
+3.0 (native)

debian/templates/database.yml

@@ -0,0 +1,8 @@
+databases:
+  default:
+    engine: django.db.backends.postgresql
+    name: _DBC_DBNAME_
+    user: _DBC_DBUSER_
+    password: _DBC_DBPASS_
+    host: _DBC_DBSERVER_
+    port: _DBC_DBPORT_

helm/passbook/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v1
-appVersion: "0.0.6-alpha"
+appVersion: "0.1.32-beta"
 description: A Helm chart for passbook.
 name: passbook
-version: 1.0.0
+version: "0.1.32-beta"
 icon: https://passbook.beryju.org/images/logo.png

helm/passbook/requirements.lock

@@ -1,9 +1,12 @@
 dependencies:
-- name: redis
+- name: rabbitmq
   repository: https://kubernetes-charts.storage.googleapis.com/
-  version: 5.1.0
+  version: 4.3.2
 - name: postgresql
   repository: https://kubernetes-charts.storage.googleapis.com/
   version: 3.10.1
-digest: sha256:04bd136761f070e94a2ff32ff48ff87f5e07fbd451e5fd7f65551e3bd4680e5e
-generated: 2019-02-08T12:08:49.090666+01:00
+- name: redis
+  repository: https://kubernetes-charts.storage.googleapis.com/
+  version: 5.1.0
+digest: sha256:8bf68bc928a2e3c0f05139635be05fa0840554c7bde4cecd624fac78fb5fa5a3
+generated: 2019-03-21T11:06:51.553379+01:00

helm/passbook/requirements.yaml

@@ -1,7 +1,10 @@
 dependencies:
-- name: redis
-  version: 5.1.0
+- name: rabbitmq
+  version: 4.3.2
   repository: https://kubernetes-charts.storage.googleapis.com/
 - name: postgresql
   version: 3.10.1
   repository: https://kubernetes-charts.storage.googleapis.com/
+- name: redis
+  version: 5.1.0
+  repository: https://kubernetes-charts.storage.googleapis.com/

helm/passbook/templates/passbook-configmap.yaml

@@ -15,14 +15,14 @@ data:
         port: ''
     log:
       level:
-        console: DEBUG
-        file: DEBUG
+        console: WARNING
+        file: WARNING
       file: /dev/null
       syslog:
         host: 127.0.0.1
         port: 514
     email:
-      host: localhost
+      host: {{ .Values.config.email.host }}
       port: 25
       user: ''
       password: ''
@@ -36,7 +36,8 @@ data:
     debug: false
     secure_proxy_header:
       HTTP_X_FORWARDED_PROTO: https
-    redis: {{ .Release.Name }}-redis
+    rabbitmq: "user:{{ .Values.rabbitmq.rabbitmq.password }}@{{ .Release.Name }}-rabbitmq"
+    redis: ":{{ .Values.redis.password }}@{{ .Release.Name }}-redis-master/0"
     # Error reporting, sends stacktrace to sentry.services.beryju.org
     error_report_enabled: {{ .Values.config.error_reporting }}
 
@@ -46,10 +47,12 @@ data:
     secret_key: {{ randAlphaNum 50 }}
     {{- end }}
 
+    primary_domain: {{ .Values.primary_domain }}
     domains:
         {{- range .Values.ingress.hosts }}
         - {{ . | quote }}
         {{- end }}
+        - kubernetes-healthcheck-host
 
     passbook:
       sign_up:
@@ -105,10 +108,9 @@ data:
         email: mail # or userPrincipalName
       user_attribute_map:
         active_directory:
-          sAMAccountName: username
-          mail: email
-          given_name: first_name
-          name: last_name
+          username: "%(sAMAccountName)s"
+          email: "%(mail)s"
+          name: "%(displayName)"
       # # Create new users in LDAP upon sign-up
       # create_users: true
       # # Reset LDAP password when user reset their password
@@ -123,6 +125,7 @@ data:
         - passbook.oauth_client.source_types.reddit
         - passbook.oauth_client.source_types.supervisr
         - passbook.oauth_client.source_types.twitter
+        - passbook.oauth_client.source_types.azure_ad
     saml_idp:
       signing: true
       autosubmit: false
@@ -131,6 +134,7 @@ data:
       # List of python packages with provider types to load.
       types:
         - passbook.saml_idp.processors.generic
+        - passbook.saml_idp.processors.aws
         - passbook.saml_idp.processors.gitlab
         - passbook.saml_idp.processors.nextcloud
         - passbook.saml_idp.processors.salesforce

helm/passbook/templates/passbook-web-deployment.yaml

@@ -18,6 +18,7 @@ spec:
       labels:
         app.kubernetes.io/name: {{ include "passbook.name" . }}
         app.kubernetes.io/instance: {{ .Release.Name }}
+        passbook.io/component: web
     spec:
       volumes:
         - name: config-volume

helm/passbook/templates/passbook-web-service.yaml

@@ -17,3 +17,4 @@ spec:
   selector:
     app.kubernetes.io/name: {{ include "passbook.name" . }}
     app.kubernetes.io/instance: {{ .Release.Name }}
+    passbook.io/component: web

helm/passbook/templates/passbook-worker-deployment.yaml

@@ -18,6 +18,7 @@ spec:
       labels:
         app.kubernetes.io/name: {{ include "passbook.name" . }}
         app.kubernetes.io/instance: {{ .Release.Name }}
+        passbook.io/component: worker
     spec:
       volumes:
         - name: config-volume

helm/passbook/values.yaml

@@ -5,7 +5,7 @@
 replicaCount: 1
 
 image:
-  tag: latest
+  tag: 0.1.32-beta
 
 nameOverride: ""
 
@@ -14,10 +14,16 @@ config:
   # secret_key: _k*@6h2u2@q-dku57hhgzb7tnx*ba9wodcb^s9g0j59@=y(@_o
   # Enable error reporting
   error_reporting: true
+  email:
+    host: localhost
 
 postgresql:
-    postgresqlDatabase: passbook
-    postgresqlPassword: foo
+  postgresqlDatabase: passbook
+  postgresqlPassword: foo
+
+rabbitmq:
+  rabbitmq:
+    password: foo
 
 service:
   type: ClusterIP
@@ -31,7 +37,6 @@ ingress:
   path: /
   hosts:
     - passbook.k8s.local
-    - kubernetes-healthcheck-host
   defaultHost: passbook.k8s.local
   tls: []
   #  - secretName: chart-example-tls

passbook.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# Check if this file is a symlink, if so, read real base dir
+BASE_DIR=$(dirname $(readlink -f ${BASH_SOURCE[0]}))
+
+cd $BASE_DIR
+PYTHONPATH="${BASE_DIR}/vendor/" python3 manage.py $@

passbook/__init__.py

@@ -1,2 +1,2 @@
 """passbook"""
-__version__ = '0.0.6-alpha'
+__version__ = '0.1.32-beta'

passbook/admin/__init__.py

@@ -1,2 +1,2 @@
 """passbook admin"""
-__version__ = '0.0.6-alpha'
+__version__ = '0.1.32-beta'

passbook/admin/api/urls.py

@@ -0,0 +1,6 @@
+"""Versioned Admin API Urls"""
+from django.conf.urls import include, url
+
+urlpatterns = [
+    url(r'^v1/', include('passbook.admin.api.v1.urls', namespace='v1')),
+]

passbook/admin/api/v1/applications.py

@@ -0,0 +1,22 @@
+"""passbook admin application API"""
+from rest_framework.permissions import IsAdminUser
+from rest_framework.serializers import ModelSerializer
+from rest_framework.viewsets import ModelViewSet
+
+from passbook.core.models import Application
+
+
+class ApplicationSerializer(ModelSerializer):
+    """Application Serializer"""
+
+    class Meta:
+        model = Application
+        fields = '__all__'
+
+
+class ApplicationViewSet(ModelViewSet):
+    """Application Viewset"""
+
+    permission_classes = [IsAdminUser]
+    serializer_class = ApplicationSerializer
+    queryset = Application.objects.all()

passbook/admin/api/v1/urls.py

@@ -1,9 +1,33 @@
 """passbook admin API URLs"""
+from django.urls import path
+from drf_yasg import openapi
+from drf_yasg.views import get_schema_view
+from rest_framework import permissions
 from rest_framework.routers import DefaultRouter
 
+from passbook.admin.api.v1.applications import ApplicationViewSet
 from passbook.admin.api.v1.groups import GroupViewSet
+from passbook.admin.api.v1.users import UserViewSet
 
 router = DefaultRouter()
-router.register(r'groups', GroupViewSet)
+router.register('applications', ApplicationViewSet)
+router.register('groups', GroupViewSet)
+router.register('users', UserViewSet)
 
-urlpatterns = router.urls
+SchemaView = get_schema_view(
+    openapi.Info(
+        title="passbook Administration API",
+        default_version='v1',
+        description="Internal passbook API for Administration Interface",
+        contact=openapi.Contact(email="contact@snippets.local"),
+        license=openapi.License(name="MIT License"),
+    ),
+    public=True,
+    permission_classes=(permissions.IsAdminUser,),
+)
+
+urlpatterns = router.urls + [
+    path('swagger.yml', SchemaView.without_ui(cache_timeout=0), name='schema-json'),
+    path('swagger/', SchemaView.with_ui('swagger', cache_timeout=0), name='schema-swagger-ui'),
+]
+app_name = 'passbook.admin'

passbook/admin/api/v1/users.py

@@ -0,0 +1,23 @@
+"""passbook admin user API"""
+from rest_framework.permissions import IsAdminUser
+from rest_framework.serializers import ModelSerializer
+from rest_framework.viewsets import ModelViewSet
+
+from passbook.core.models import User
+
+
+class UserSerializer(ModelSerializer):
+    """User Serializer"""
+
+    class Meta:
+        model = User
+        fields = ['is_superuser', 'username', 'name', 'email', 'date_joined',
+                  'uuid']
+
+
+class UserViewSet(ModelViewSet):
+    """User Viewset"""
+
+    permission_classes = [IsAdminUser]
+    serializer_class = UserSerializer
+    queryset = User.objects.all()

passbook/admin/forms/policies.py

@@ -4,7 +4,7 @@ from django import forms
 from passbook.core.models import User
 
 
-class RuleTestForm(forms.Form):
-    """Form to test rule against user"""
+class PolicyTestForm(forms.Form):
+    """Form to test policies against user"""
 
     user = forms.ModelChoiceField(queryset=User.objects.all())

passbook/admin/forms/source.py

@@ -1,6 +1,6 @@
 """passbook core source form fields"""
 # from django import forms
 
-SOURCE_FORM_FIELDS = ['name', 'slug', 'enabled']
+SOURCE_FORM_FIELDS = ['name', 'slug', 'enabled', 'policies']
 
 # class SourceForm(forms.Form)

passbook/admin/forms/users.py

@@ -0,0 +1,17 @@
+"""passbook administrative user forms"""
+
+from django import forms
+
+from passbook.core.models import User
+
+
+class UserForm(forms.ModelForm):
+    """Update User Details"""
+
+    class Meta:
+
+        model = User
+        fields = ['username', 'name', 'email', 'is_staff', 'is_active']
+        widgets = {
+            'name': forms.TextInput
+        }

passbook/admin/middleware.py

@@ -0,0 +1,25 @@
+"""passbook admin Middleware to impersonate users"""
+
+from passbook.core.models import User
+
+
+def impersonate(get_response):
+    """Middleware to impersonate users"""
+
+    def middleware(request):
+        """Middleware to impersonate users"""
+
+        # User is superuser and has __impersonate ID set
+        if request.user.is_superuser and "__impersonate" in request.GET:
+            request.session['impersonate_id'] = request.GET["__impersonate"]
+        # user wants to stop impersonation
+        elif "__unimpersonate" in request.GET and 'impersonate_id' in request.session:
+            del request.session['impersonate_id']
+
+        # Actually impersonate user
+        if request.user.is_superuser and 'impersonate_id' in request.session:
+            request.user = User.objects.get(pk=request.session['impersonate_id'])
+
+        response = get_response(request)
+        return response
+    return middleware

passbook/admin/requirements.txt

@@ -1,2 +1,2 @@
 django-rest-framework
-django-rest-swagger
+drf_yasg

passbook/admin/settings.py

@@ -0,0 +1,5 @@
+"""passbook admin settings"""
+
+MIDDLEWARE = [
+    'passbook.admin.middleware.impersonate',
+]

passbook/admin/templates/administration/application/list.html

@@ -9,31 +9,37 @@
 
 {% block content %}
 <div class="container">
-  <h1>{% trans "Applications" %}</h1>
-  <a href="{% url 'passbook_admin:application-create' %}" class="btn btn-primary">
-    {% trans 'Create...' %}
-  </a>
-  <hr>
-  <table class="table table-striped table-bordered">
-    <thead>
-      <tr>
-        <th>{% trans 'Name' %}</th>
-        <th>{% trans 'Provider' %}</th>
-        <th></th>
-      </tr>
-    </thead>
-    <tbody>
-      {% for application in object_list %}
-        <tr>
-          <td>{{ application.name }}</td>
-          <td>{{ application.provider }}</td>
-          <td>
-            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:application-update' pk=application.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
-            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:application-delete' pk=application.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
-          </td>
-        </tr>
-      {% endfor %}
-    </tbody>
-  </table>
+    <h1><span class="pficon-applications"></span> {% trans "Applications" %}</h1>
+    <span>{% trans "External Applications which use passbook as Identity-Provider, utilizing protocols like OAuth2 and SAML." %}</span>
+    <hr>
+    <a href="{% url 'passbook_admin:application-create' %}?back={{ request.get_full_path }}" class="btn btn-primary">
+        {% trans 'Create...' %}
+    </a>
+    <hr>
+    <table class="table table-striped table-bordered">
+        <thead>
+            <tr>
+                <th>{% trans 'Name' %}</th>
+                <th>{% trans 'Provider' %}</th>
+                <th>{% trans 'Provider Type' %}</th>
+                <th></th>
+            </tr>
+        </thead>
+        <tbody>
+            {% for application in object_list %}
+            <tr>
+                <td>{{ application.name }}</td>
+                <td>{{ application.get_provider }}</td>
+                <td>{{ application.get_provider|verbose_name }}</td>
+                <td>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:application-update' pk=application.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:application-delete' pk=application.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
+                </td>
+            </tr>
+            {% endfor %}
+        </tbody>
+    </table>
 </div>
 {% endblock %}

passbook/admin/templates/administration/audit/list.html

@@ -8,77 +8,80 @@
 {% endblock %}
 
 {% block content %}
-<div class="container">
-  <h1>{% trans "Audit Log" %}</h1>
-  <div id="pf-list-standard" class="list-group list-view-pf list-view-pf-view">
+<h1><span class="pficon-catalog"></span> {% trans "Audit Log" %}</h1>
+<div id="pf-list-standard" class="list-group list-view-pf list-view-pf-view">
     {% for entry in object_list %}
     <div class="list-group-item">
-      <div class="list-view-pf-main-info">
-        <div class="list-view-pf-left">
-          <span class="fa fa-plane list-view-pf-icon-sm"></span>
+        <div class="list-view-pf-main-info">
+            <div class="list-view-pf-left">
+                <span class="fa fa-plane list-view-pf-icon-sm"></span>
+            </div>
+            <div class="list-view-pf-body">
+                <div class="list-view-pf-description">
+                    <div class="list-group-item-heading">
+                        {{ entry.action }}
+                    </div>
+                    <div class="list-group-item-text">
+                        {{ entry.context }}
+                    </div>
+                </div>
+                <div class="list-view-pf-additional-info">
+                    <div class="list-view-pf-additional-info-item">
+                        <span class="pficon pficon-user"></span>
+                        <strong>{{ entry.user }}</strong>
+                    </div>
+                    <div class="list-view-pf-additional-info-item">
+                        <span class="pficon pficon-cluster"></span>
+                        <strong>{{ entry.app|default:'-' }}</strong>
+                    </div>
+                    <div class="list-view-pf-additional-info-item">
+                        <span class="fa fa-clock-o"></span>
+                        <strong>{{ entry.created }}</strong>
+                    </div>
+                    <div class="list-view-pf-additional-info-item">
+                        <span class="pficon pficon-screen"></span>
+                        <strong>{{ entry.request_ip }}</strong>
+                    </div>
+                </div>
+            </div>
         </div>
-        <div class="list-view-pf-body">
-          <div class="list-view-pf-description">
-            <div class="list-group-item-heading">
-              {{ entry.action }}
-            </div>
-            <div class="list-group-item-text">
-            </div>
-          </div>
-          <div class="list-view-pf-additional-info">
-            <div class="list-view-pf-additional-info-item">
-              <span class="pficon pficon-user"></span>
-              <strong>{{ entry.user }}</strong>
-            </div>
-            <div class="list-view-pf-additional-info-item">
-              <span class="pficon pficon-screen"></span>
-              <strong>{{ entry.request_ip }}</strong>
-            </div>
-            <div class="list-view-pf-additional-info-item">
-              <span class="pficon pficon-cluster"></span>
-              <strong>{{ entry.app|default:'-' }}</strong>
-            </div>
-          </div>
-        </div>
-      </div>
     </div>
     {% endfor %}
-  </div>
-  <script>
-    $(document).ready(function () {
-      // Row Checkbox Selection
-      $("#pf-list-standard input[type='checkbox']").change(function (e) {
-        if ($(this).is(":checked")) {
-          $(this).closest('.list-group-item').addClass("active");
-        } else {
-          $(this).closest('.list-group-item').removeClass("active");
-        }
-      });
-      // toggle dropdown menu
-      $('#pf-list-standard .list-view-pf-actions').on('show.bs.dropdown', function () {
-        var $this = $(this);
-        var $dropdown = $this.find('.dropdown');
-        var space = $(window).height() - $dropdown[0].getBoundingClientRect().top - $this.find('.dropdown-menu').outerHeight(true);
-        $dropdown.toggleClass('dropup', space < 10);
-      });
-      // allow users to select multiple list items with shift key
-      $('#pf-list-standard .list-group').on('click', '.list-view-pf-checkbox>input', function (event) {
-        var $list = $('.list-group');
-        var prevIndex = $list.data('preIndex');
-        var $listItems = $list.children('.list-group-item');
-        var $currentItem = $(this).closest('.list-group-item');
-        if (event.shiftKey && prevIndex > -1 && this.checked) {
-          var currentIndex = $listItems.index($currentItem);
-          var $selectScope = currentIndex - prevIndex > 0
-            ? $currentItem.prevAll().not($listItems.eq(prevIndex).prevAll().addBack())
-            : $listItems.eq(prevIndex).prevAll().not($currentItem.prevAll().addBack());
-          $selectScope.addClass('active').find('.list-view-pf-checkbox').children('input').prop('checked', true);
-        }
-        $list.data('preIndex', this.checked ? $listItems.index($currentItem) : -1);
-      });
+    <script>
+        $(document).ready(function () {
+            // Row Checkbox Selection
+            $("#pf-list-standard input[type='checkbox']").change(function (e) {
+                if ($(this).is(":checked")) {
+                    $(this).closest('.list-group-item').addClass("active");
+                } else {
+                    $(this).closest('.list-group-item').removeClass("active");
+                }
+            });
+            // toggle dropdown menu
+            $('#pf-list-standard .list-view-pf-actions').on('show.bs.dropdown', function () {
+                var $this = $(this);
+                var $dropdown = $this.find('.dropdown');
+                var space = $(window).height() - $dropdown[0].getBoundingClientRect().top - $this.find('.dropdown-menu').outerHeight(true);
+                $dropdown.toggleClass('dropup', space < 10);
+            });
+            // allow users to select multiple list items with shift key
+            $('#pf-list-standard .list-group').on('click', '.list-view-pf-checkbox>input', function (event) {
+                var $list = $('.list-group');
+                var prevIndex = $list.data('preIndex');
+                var $listItems = $list.children('.list-group-item');
+                var $currentItem = $(this).closest('.list-group-item');
+                if (event.shiftKey && prevIndex > -1 && this.checked) {
+                    var currentIndex = $listItems.index($currentItem);
+                    var $selectScope = currentIndex - prevIndex > 0
+                        ? $currentItem.prevAll().not($listItems.eq(prevIndex).prevAll().addBack())
+                        : $listItems.eq(prevIndex).prevAll().not($currentItem.prevAll().addBack());
+                    $selectScope.addClass('active').find('.list-view-pf-checkbox').children('input').prop('checked', true);
+                }
+                $list.data('preIndex', this.checked ? $listItems.index($currentItem) : -1);
+            });
 
-    });
-  </script>
-  {% include 'partials/pagination.html' %}
+        });
+    </script>
+    {% include 'partials/pagination.html' %}
 </div>
 {% endblock %}

passbook/admin/templates/administration/base.html

@@ -4,33 +4,4 @@
 {% load is_active %}
 
 {% block nav_secondary %}
-<ul class="nav navbar-nav navbar-persistent">
-  <li class="{% is_active 'passbook_admin:overview' %}">
-    <a href="{% url 'passbook_admin:overview' %}">{% trans 'Overview' %}</a>
-  </li>
-  <li class="{% is_active 'passbook_admin:applications' 'passbook_admin:application-create' 'passbook_admin:application-update' 'passbook_admin:application-delete' %}">
-    <a href="{% url 'passbook_admin:applications' %}">{% trans 'Applications' %}</a>
-  </li>
-  <li class="{% is_active 'passbook_admin:sources' 'passbook_admin:source-create' 'passbook_admin:source-update' 'passbook_admin:source-delete' %}">
-    <a href="{% url 'passbook_admin:sources' %}">{% trans 'Sources' %}</a>
-  </li>
-  <li class="{% is_active 'passbook_admin:providers' 'passbook_admin:provider-create' 'passbook_admin:provider-update' 'passbook_admin:provider-delete' %}">
-    <a href="{% url 'passbook_admin:providers' %}">{% trans 'Providers' %}</a>
-  </li>
-  <li class="{% is_active 'passbook_admin:rules' 'passbook_admin:rule-create' 'passbook_admin:rule-update' 'passbook_admin:rule-delete' 'passbook_admin:rule-test' %}">
-    <a href="{% url 'passbook_admin:rules' %}">{% trans 'Rules' %}</a>
-  </li>
-  <li class="{% is_active 'passbook_admin:invitations' 'passbook_admin:invitation-create' 'passbook_admin:invitation-update' 'passbook_admin:invitation-delete' 'passbook_admin:invitation-test' %}">
-    <a href="{% url 'passbook_admin:invitations' %}">{% trans 'Invitations' %}</a>
-  </li>
-  <li class="{% is_active 'passbook_admin:users' 'passbook_admin:user-update' 'passbook_admin:user-delete' %}">
-    <a href="{% url 'passbook_admin:users' %}">{% trans 'Users' %}</a>
-  </li>
-  <li class="{% is_active 'passbook_admin:audit-log' %}">
-    <a href="{% url 'passbook_admin:audit-log' %}">{% trans 'Audit Log' %}</a>
-  </li>
-  <li class="{% is_active_app 'admin' %}">
-    <a href="{% url 'admin:index' %}">{% trans 'Django' %}</a>
-  </li>
-</ul>
 {% endblock %}

passbook/admin/templates/administration/debug/request.html

@@ -0,0 +1,31 @@
+{% extends "administration/base.html" %}
+
+{% load i18n %}
+{% load utils %}
+
+{% block title %}
+{% title %}
+{% endblock %}
+
+{% block content %}
+<div class="container">
+    <h1><span class="pficon-applications"></span> {% trans "Request" %}</h1>
+    <hr>
+    <table class="table table-striped table-bordered">
+        <thead>
+            <tr>
+                <th>{% trans 'Key' %}</th>
+                <th>{% trans 'Value' %}</th>
+            </tr>
+        </thead>
+        <tbody>
+            {% for key, value in request_dict.items %}
+            <tr>
+                <td>{{ key }}</td>
+                <td>{{ value }}</td>
+            </tr>
+            {% endfor %}
+        </tbody>
+    </table>
+</div>
+{% endblock %}

passbook/admin/templates/administration/factor/list.html

@@ -0,0 +1,62 @@
+{% extends "administration/base.html" %}
+
+{% load i18n %}
+{% load utils %}
+{% load admin_reflection %}
+
+{% block title %}
+{% title %}
+{% endblock %}
+
+{% block content %}
+<div class="container">
+    <h1><span class="pficon-plugged"></span> {% trans "Factors" %}</h1>
+    <span>{% trans "Factors required for a user to successfully authenticate." %}</span>
+    <hr>
+    <div class="dropdown">
+        <button class="btn btn-primary dropdown-toggle" type="button" id="createDropdown" data-toggle="dropdown">
+            {% trans 'Create...' %}
+            <span class="caret"></span>
+        </button>
+        <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
+            {% for type, name in types.items %}
+            <li role="presentation"><a role="menuitem" tabindex="-1"
+                    href="{% url 'passbook_admin:factor-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a></li>
+            {% endfor %}
+        </ul>
+    </div>
+    <hr>
+    <table class="table table-striped table-bordered">
+        <thead>
+            <tr>
+                <th>{% trans 'Name' %}</th>
+                <th>{% trans 'Type' %}</th>
+                <th>{% trans 'Order' %}</th>
+                <th>{% trans 'Enabled?' %}</th>
+                <th></th>
+            </tr>
+        </thead>
+        <tbody>
+            {% for factor in object_list %}
+            <tr>
+                <td>{{ factor.name }} ({{ factor.slug }})</td>
+                <td>{{ factor|verbose_name }}</td>
+                <td>{{ factor.order }}</td>
+                <td>{{ factor.enabled }}</td>
+                <td>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:factor-update' pk=factor.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:factor-delete' pk=factor.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
+                    {% get_links factor as links %}
+                    {% for name, href in links.items %}
+                    <a class="btn btn-default btn-sm"
+                        href="{{ href }}?back={{ request.get_full_path }}">{% trans name %}</a>
+                    {% endfor %}
+                </td>
+            </tr>
+            {% endfor %}
+        </tbody>
+    </table>
+</div>
+{% endblock %}

passbook/admin/templates/administration/group/list.html

@@ -0,0 +1,45 @@
+{% extends "administration/base.html" %}
+
+{% load i18n %}
+{% load utils %}
+
+{% block title %}
+{% title %}
+{% endblock %}
+
+{% block content %}
+<div class="container">
+    <h1><span class="pficon-users"></span> {% trans "Groups" %}</h1>
+    <span>{% trans "Group users together and give them permissions based on the membership." %}</span>
+    <hr>
+    <a href="{% url 'passbook_admin:group-create' %}?back={{ request.get_full_path }}" class="btn btn-primary">
+        {% trans 'Create...' %}
+    </a>
+    <hr>
+    <table class="table table-striped table-bordered">
+        <thead>
+            <tr>
+                <th>{% trans 'Name' %}</th>
+                <th>{% trans 'Parent' %}</th>
+                <th>{% trans 'Members' %}</th>
+                <th></th>
+            </tr>
+        </thead>
+        <tbody>
+            {% for group in object_list %}
+            <tr>
+                <td>{{ group.name }}</td>
+                <td>{{ group.parent }}</td>
+                <td>{{ group.user_set.all|length }}</td>
+                <td>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:group-update' pk=group.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:group-delete' pk=group.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
+                </td>
+            </tr>
+            {% endfor %}
+        </tbody>
+    </table>
+</div>
+{% endblock %}

passbook/admin/templates/administration/groups/list.html

@@ -1,83 +0,0 @@
-{% extends "administration/base.html" %}
-
-{% load i18n %}
-{% load static %}
-{% load utils %}
-
-{% block head %}
-{{ block.super }}
-<link rel="stylesheet" href="{% static 'css/bootstrap-treeview.min.css'%}">
-{% endblock %}
-
-{% block scripts %}
-{{ block.super }}
-<script src="{% static 'js/bootstrap-treeview.min.js' %}"></script>
-<script>
-  var cleanupData = function (obj) {
-    return {
-      text: obj.name,
-      href: '?group=' + obj.uuid,
-      nodes: obj.children.map(cleanupData),
-    };
-  }
- $(function() {
-   var apiUrl = "{% url 'passbook_admin:group-list' %}?format=json";
-   $.ajax({
-      url: apiUrl,
-    }).done(function(data) {
-      $('#treeview1').treeview({
-        collapseIcon: "fa fa-angle-down",
-        data: data.map(cleanupData),
-        expandIcon: "fa fa-angle-right",
-        nodeIcon: "fa pficon-users",
-        showBorder: true,
-        enableLinks: true,
-        onNodeSelected: function (event, node) {
-          window.location.href = node.href;
-        }
-      });
-    });
-  });
-</script>
-{% endblock %}
-
-{% block title %}
-{% title %}
-{% endblock %}
-
-{% block content %}
-<div class="col-md-3">
-  <div id="treeview1" class="treeview">
-  </div>
-</div>
-<div class="col-md-9">
-  <h1>{% trans "Invitations" %}</h1>
-  <a href="{% url 'passbook_admin:invitation-create' %}" class="btn btn-primary">
-    {% trans 'Create...' %}
-  </a>
-  <hr>
-  <table class="table table-striped table-bordered">
-    <thead>
-      <tr>
-        <th>{% trans 'Expiry' %}</th>
-        <th>{% trans 'Link' %}</th>
-        <th></th>
-      </tr>
-    </thead>
-    <tbody>
-      {% for invitation in object_list %}
-      <tr>
-        <td>{{ invitation.expires|default:"Never" }}</td>
-        <td>
-          <pre>{{ invitation.link }}</pre>
-        </td>
-        <td>
-          <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:invitation-delete' pk=invitation.uuid %}?back={{ request.get_full_path }}">{%
-            trans 'Delete' %}</a>
-        </td>
-      </tr>
-      {% endfor %}
-    </tbody>
-  </table>
-</div>
-{% endblock %}

passbook/admin/templates/administration/invitation/list.html

@@ -9,30 +9,35 @@
 
 {% block content %}
 <div class="container">
-  <h1>{% trans "Invitations" %}</h1>
-  <a href="{% url 'passbook_admin:invitation-create' %}" class="btn btn-primary">
-    {% trans 'Create...' %}
-  </a>
-  <hr>
-  <table class="table table-striped table-bordered">
-    <thead>
-      <tr>
-        <th>{% trans 'Expiry' %}</th>
-        <th>{% trans 'Link' %}</th>
-        <th></th>
-      </tr>
-    </thead>
-    <tbody>
-      {% for invitation in object_list %}
-        <tr>
-          <td>{{ invitation.expires|default:"Never" }}</td>
-          <td><pre>{{ invitation.link }}</pre></td>
-          <td>
-            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:invitation-delete' pk=invitation.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
-          </td>
-        </tr>
-      {% endfor %}
-    </tbody>
-  </table>
+    <h1><span class="pficon-migration"></span> {% trans "Invitations" %}</h1>
+    <span>{% trans "Create Invitation Links which optionally force a username or expire on a set date." %}</span>
+    <hr>
+    <a href="{% url 'passbook_admin:invitation-create' %}?back={{ request.get_full_path }}" class="btn btn-primary">
+        {% trans 'Create...' %}
+    </a>
+    <hr>
+    <table class="table table-striped table-bordered">
+        <thead>
+            <tr>
+                <th>{% trans 'Expiry' %}</th>
+                <th>{% trans 'Link' %}</th>
+                <th></th>
+            </tr>
+        </thead>
+        <tbody>
+            {% for invitation in object_list %}
+            <tr>
+                <td>{{ invitation.expires|default:"Never" }}</td>
+                <td>
+                    <pre>{{ invitation.link }}</pre>
+                </td>
+                <td>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:invitation-delete' pk=invitation.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
+                </td>
+            </tr>
+            {% endfor %}
+        </tbody>
+    </table>
 </div>
 {% endblock %}

passbook/admin/templates/administration/overview.html

@@ -4,53 +4,193 @@
 
 {% block content %}
 <div class="container">
-  <div class="col-xs-6 col-sm-2 col-md-2">
-    <div class="card-pf card-pf-accented card-pf-aggregate-status">
-      <h2 class="card-pf-title">
-        <a href="#"><span class="fa fa-shield"></span><span class="card-pf-aggregate-status-count"></span> {% trans 'Applications' %}</a>
-      </h2>
-      <div class="card-pf-body">
-        <p class="card-pf-aggregate-status-notifications">
-          <span class="card-pf-aggregate-status-notification"><a href="#"><span class="pficon pficon-ok"></span>{{ application_count }}</a></span>
-        </p>
-      </div>
+    <div class="col-xs-6 col-sm-2 col-md-2">
+        <div class="card-pf card-pf-accented card-pf-aggregate-status">
+            <h2 class="card-pf-title">
+                <a href="{% url 'passbook_admin:applications' %}">
+                    <span class="pficon-applications"></span>
+                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Applications' %}
+                </a>
+            </h2>
+            <div class="card-pf-body">
+                <p class="card-pf-aggregate-status-notifications">
+                    <span class="card-pf-aggregate-status-notification">
+                        <a href="{% url 'passbook_admin:applications' %}">
+                            <span class="pficon pficon-ok"></span>{{ application_count }}
+                        </a>
+                    </span>
+                </p>
+            </div>
+        </div>
     </div>
-  </div>
-  <div class="col-xs-6 col-sm-2 col-md-2">
-    <div class="card-pf card-pf-accented card-pf-aggregate-status">
-      <h2 class="card-pf-title">
-        <a href="#"><span class="fa fa-shield"></span><span class="card-pf-aggregate-status-count"></span> {% trans 'Providers' %}</a>
-      </h2>
-      <div class="card-pf-body">
-        <p class="card-pf-aggregate-status-notifications">
-          <span class="card-pf-aggregate-status-notification"><a href="#"><span class="pficon pficon-ok"></span>{{ provider_count }}</a></span>
-        </p>
-      </div>
+    <div class="col-xs-6 col-sm-2 col-md-2">
+        <div class="card-pf card-pf-accented card-pf-aggregate-status">
+            <h2 class="card-pf-title">
+                <a href="{% url 'passbook_admin:sources' %}">
+                    <span class="pficon-resource-pool"></span>
+                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Sources' %}
+                </a>
+            </h2>
+            <div class="card-pf-body">
+                <p class="card-pf-aggregate-status-notifications">
+                    <span class="card-pf-aggregate-status-notification">
+                        <a href="{% url 'passbook_admin:sources' %}">
+                            <span class="pficon pficon-ok"></span>{{ source_count }}
+                        </a>
+                    </span>
+                </p>
+            </div>
+        </div>
     </div>
-  </div>
-  <div class="col-xs-6 col-sm-2 col-md-2">
-    <div class="card-pf card-pf-accented card-pf-aggregate-status">
-      <h2 class="card-pf-title">
-        <a href="#"><span class="fa fa-shield"></span><span class="card-pf-aggregate-status-count"></span> {% trans 'Rules' %}</a>
-      </h2>
-      <div class="card-pf-body">
-        <p class="card-pf-aggregate-status-notifications">
-          <span class="card-pf-aggregate-status-notification"><a href="#"><span class="pficon pficon-ok"></span>{{ rule_count }}</a></span>
-        </p>
-      </div>
+    <div class="col-xs-6 col-sm-2 col-md-2">
+        <div class="card-pf card-pf-accented card-pf-aggregate-status">
+            <h2 class="card-pf-title">
+                <a href="{% url 'passbook_admin:providers' %}">
+                    <span class="pficon-integration"></span>
+                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Providers' %}
+                </a>
+            </h2>
+            <div class="card-pf-body">
+                <p class="card-pf-aggregate-status-notifications">
+                    <span class="card-pf-aggregate-status-notification">
+                        <a href="{% url 'passbook_admin:providers' %}">
+                            {% if providers_without_application.exists %}
+                            <span class="pficon-warning-triangle-o" data-toggle="tooltip" data-placement="right" title="{% trans 'Warning: At least one Provider has no application assigned.' %}"></span> {{ provider_count }}
+                            {% else %}
+                            <span class="pficon pficon-ok"></span> {{ provider_count }}
+                            {% endif %}
+                        </a>
+                    </span>
+                </p>
+            </div>
+        </div>
     </div>
-  </div>
-  <div class="col-xs-6 col-sm-2 col-md-2">
-    <div class="card-pf card-pf-accented card-pf-aggregate-status">
-      <h2 class="card-pf-title">
-        <a href="#"><span class="fa fa-shield"></span><span class="card-pf-aggregate-status-count"></span> {% trans 'Users' %}</a>
-      </h2>
-      <div class="card-pf-body">
-        <p class="card-pf-aggregate-status-notifications">
-          <span class="card-pf-aggregate-status-notification"><a href="#"><span class="pficon pficon-ok"></span>{{ user_count }}</a></span>
-        </p>
-      </div>
+    <div class="col-xs-6 col-sm-2 col-md-2">
+        <div class="card-pf card-pf-accented card-pf-aggregate-status">
+            <h2 class="card-pf-title">
+                <a href="{% url 'passbook_admin:factors' %}">
+                    <span class="pficon-plugged"></span>
+                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Factors' %}
+                </a>
+            </h2>
+            <div class="card-pf-body">
+                <p class="card-pf-aggregate-status-notifications">
+                    <span class="card-pf-aggregate-status-notification">
+                        {% if factor_count < 1 %}
+                        <span class="pficon-error-circle-o" data-toggle="tooltip" data-placement="right"
+                            title="{% trans 'No Factors configured. No Users will be able to login.' %}"></span>
+                        {{ factor_count }}
+                        {% else %}
+                        <span class="pficon pficon-ok"></span>{{ factor_count }}
+                        {% endif %}
+                    </span>
+                </p>
+            </div>
+        </div>
+    </div>
+    <div class="col-xs-6 col-sm-2 col-md-2">
+        <div class="card-pf card-pf-accented card-pf-aggregate-status">
+            <h2 class="card-pf-title">
+                <a href="{% url 'passbook_admin:policies' %}">
+                    <span class="pficon-infrastructure"></span>
+                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Policies' %}
+                </a>
+            </h2>
+            <div class="card-pf-body">
+                <p class="card-pf-aggregate-status-notifications">
+                    <span class="card-pf-aggregate-status-notification">
+                        {% if policies_without_attachment > 0 %}
+                        <span class="pficon-warning-triangle-o" data-toggle="tooltip" data-placement="right"
+                            title="{% trans 'Policies without attachment exist.' %}"></span>
+                        {{ policy_count }}
+                        {% else %}
+                        <span class="pficon pficon-ok"></span>{{ policy_count }}
+                        {% endif %}
+                    </span>
+                </p>
+            </div>
+        </div>
+    </div>
+    <div class="col-xs-6 col-sm-2 col-md-2">
+        <div class="card-pf card-pf-accented card-pf-aggregate-status">
+            <h2 class="card-pf-title">
+                <a href="{% url 'passbook_admin:invitations' %}">
+                    <span class="pficon-migration"></span>
+                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Invitation' %}
+                </a>
+            </h2>
+            <div class="card-pf-body">
+                <p class="card-pf-aggregate-status-notifications">
+                    <span class="card-pf-aggregate-status-notification">
+                        <a href="{% url 'passbook_admin:invitations' %}">
+                            <span class="pficon pficon-ok"></span>{{ invitation_count }}
+                        </a>
+                    </span>
+                </p>
+            </div>
+        </div>
+    </div>
+    <div class="col-xs-6 col-sm-2 col-md-2">
+        <div class="card-pf card-pf-accented card-pf-aggregate-status">
+            <h2 class="card-pf-title">
+                <a href="{% url 'passbook_admin:users' %}">
+                    <span class="pficon-users"></span>
+                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Users' %}
+                </a>
+            </h2>
+            <div class="card-pf-body">
+                <p class="card-pf-aggregate-status-notifications">
+                    <span class="card-pf-aggregate-status-notification">
+                        <a href="{% url 'passbook_admin:users' %}">
+                            <span class="pficon pficon-ok"></span>{{ user_count }}
+                        </a>
+                    </span>
+                </p>
+            </div>
+        </div>
+    </div>
+    <div class="col-xs-6 col-sm-2 col-md-2">
+        <div class="card-pf card-pf-accented card-pf-aggregate-status">
+            <h2 class="card-pf-title">
+                <a href="#">
+                    <span class="pficon-bundle"></span>
+                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Version' %}
+                </a>
+            </h2>
+            <div class="card-pf-body">
+                <p class="card-pf-aggregate-status-notifications">
+                    <span class="card-pf-aggregate-status-notification">
+                        <a href="#">
+                            {{ version }}
+                        </a>
+                    </span>
+                </p>
+            </div>
+        </div>
+    </div>
+    <div class="col-xs-6 col-sm-2 col-md-2">
+        <div class="card-pf card-pf-accented card-pf-aggregate-status">
+            <h2 class="card-pf-title">
+                <a href="#">
+                    <span class="pficon-server"></span>
+                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Worker(s)' %}
+                </a>
+            </h2>
+            <div class="card-pf-body">
+                <p class="card-pf-aggregate-status-notifications">
+                    <span class="card-pf-aggregate-status-notification">
+                        <a href="#">
+                            {% if worker_count < 1%}
+                            <span class="pficon-error-circle-o" data-toggle="tooltip" data-placement="right"
+                                title="{% trans 'No workers connected. Policies will not work and you may expect other issues.' %}"></span> {{ worker_count }}
+                            {% else %}
+                            <span class="pficon pficon-ok"></span>{{ worker_count }}
+                            {% endif %}
+                        </a>
+                    </span>
+                </p>
+            </div>
+        </div>
     </div>
-  </div>
 </div>
-{% endblock %}
+{% endblock %}

passbook/admin/templates/administration/policy/list.html

@@ -0,0 +1,62 @@
+{% extends "administration/base.html" %}
+
+{% load i18n %}
+{% load utils %}
+
+{% block title %}
+{% title %}
+{% endblock %}
+
+{% block content %}
+<div class="container">
+    <h1><span class="pficon-infrastructure"></span> {% trans "Policies" %}</h1>
+    <span>{% trans "Allow users to use Applications based on properties, enforce Password Criteria and selectively apply Factors." %}</span>
+    <hr>
+    <div class="dropdown">
+        <button class="btn btn-primary dropdown-toggle" type="button" id="createDropdown" data-toggle="dropdown">
+            {% trans 'Create...' %}
+            <span class="caret"></span>
+        </button>
+        <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
+            {% for type, name in types.items %}
+            <li role="presentation"><a role="menuitem" tabindex="-1"
+                    href="{% url 'passbook_admin:policy-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a></li>
+            {% endfor %}
+        </ul>
+    </div>
+    <hr>
+    <table class="table table-striped table-bordered">
+        <thead>
+            <tr>
+                <th></th>
+                <th>{% trans 'Name' %}</th>
+                <th>{% trans 'Type' %}</th>
+                <th></th>
+            </tr>
+        </thead>
+        <tbody>
+            {% for policy in object_list %}
+            <tr {% if not policy.policymodel_set.exists %} class="warning" {% endif %}>
+                <th>
+                    {% if not policy.policymodel_set.exists %}
+                    <span class="pficon-warning-triangle-o" data-toggle="tooltip" data-placement="right" title="{% trans 'Warning: Policy is not assigned.' %}"></span>
+                    {% else %}
+                    <span class="pficon-ok" data-toggle="tooltip" data-placement="right" title="{% blocktrans with objects=policy.policymodel_set.all|join:', ' %}Assigned to objects {{ objects }}{% endblocktrans %}"></span>
+                    {% endif %}
+                </th>
+                <td>{{ policy.name }}</td>
+                <td>{{ policy|verbose_name }}</td>
+                <td>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:policy-update' pk=policy.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:policy-test' pk=policy.uuid %}?back={{ request.get_full_path }}">{% trans 'Test' %}</a>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:policy-delete' pk=policy.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
+                </td>
+            </tr>
+            {% endfor %}
+        </tbody>
+    </table>
+</div>
+{% endblock %}

passbook/admin/templates/administration/policy/test.html

@@ -0,0 +1,26 @@
+{% extends 'generic/form.html' %}
+
+{% load i18n %}
+
+{% block above_form %}
+<h1>{% blocktrans with policy=policy %}Test policy {{ policy }}{% endblocktrans %}</h1>
+{% endblock %}
+
+{% block action %}
+{% trans 'Test' %}
+{% endblock %}
+
+{% block beneath_form %}
+<p class="loading" style="display: none;">
+  <span class="spinner spinner-xs spinner-inline"></span> {% trans 'Processing, please wait...' %}
+</p>
+{% endblock %}
+
+{% block scripts %}
+{{ block.super }}
+<script>
+  $('form').on('submit', function () {
+    $('p.loading').show();
+  })
+</script>
+{% endblock %}

passbook/admin/templates/administration/property_mapping/list.html

@@ -0,0 +1,52 @@
+{% extends "administration/base.html" %}
+
+{% load i18n %}
+{% load utils %}
+
+{% block title %}
+{% title %}
+{% endblock %}
+
+{% block content %}
+<div class="container">
+    <h1><span class="fa fa-table"></span> {% trans "Property Mappings" %}</h1>
+    <span>{% trans "Property Mappings allow you expose provider-specific attributes." %}</span>
+    <hr>
+    <div class="dropdown">
+        <button class="btn btn-primary dropdown-toggle" type="button" id="createDropdown" data-toggle="dropdown">
+            {% trans 'Create...' %}
+            <span class="caret"></span>
+        </button>
+        <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
+            {% for type, name in types.items %}
+            <li role="presentation"><a role="menuitem" tabindex="-1"
+                    href="{% url 'passbook_admin:property-mapping-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a></li>
+            {% endfor %}
+        </ul>
+    </div>
+    <hr>
+    <table class="table table-striped table-bordered">
+        <thead>
+            <tr>
+                <th>{% trans 'Name' %}</th>
+                <th>{% trans 'Type' %}</th>
+                <th></th>
+            </tr>
+        </thead>
+        <tbody>
+            {% for property_mapping in object_list %}
+            <tr>
+                <td>{{ property_mapping.name }}</td>
+                <td>{{ property_mapping|verbose_name }}</td>
+                <td>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:property-mapping-update' pk=property_mapping.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:property-mapping-delete' pk=property_mapping.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
+                </td>
+            </tr>
+            {% endfor %}
+        </tbody>
+    </table>
+</div>
+{% endblock %}

passbook/admin/templates/administration/provider/list.html

@@ -10,43 +10,61 @@
 
 {% block content %}
 <div class="container">
-  <h1>{% trans "Providers" %}</h1>
-  <div class="dropdown">
-    <button class="btn btn-primary dropdown-toggle" type="button" id="createDropdown" data-toggle="dropdown">
-      {% trans 'Create...' %}
-      <span class="caret"></span>
-    </button>
-    <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
-      {% for type, name in types.items %}
-      <li role="presentation"><a role="menuitem" tabindex="-1" href="{% url 'passbook_admin:provider-create' %}?type={{ type }}">{{ name }}</a></li>
-      {% endfor %}
-    </ul>
-  </div>
-  <hr>
-  <table class="table table-striped table-bordered">
-    <thead>
-      <tr>
-        <th>{% trans 'Name' %}</th>
-        <th>{% trans 'Class' %}</th>
-        <th></th>
-      </tr>
-    </thead>
-    <tbody>
-      {% for provider in object_list %}
-        <tr>
-          <td>{{ provider.name }}</td>
-          <td>{{ provider|fieldtype }}</td>
-          <td>
-            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:provider-update' pk=provider.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
-            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:provider-delete' pk=provider.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
-            {% get_links provider as links %}
-            {% for name, href in links.items %}
-              <a class="btn btn-default btn-sm" href="{{ href }}?back={{ request.get_full_path }}">{% trans name %}</a>
+    <h1><span class="pficon-integration"></span> {% trans "Providers" %}</h1>
+    <span>{% trans "Authentication Protocol Provider, used as Protocol behind an Application." %}</span>
+    <hr>
+    <div class="dropdown">
+        <button class="btn btn-primary dropdown-toggle" type="button" id="createDropdown" data-toggle="dropdown">
+            {% trans 'Create...' %}
+            <span class="caret"></span>
+        </button>
+        <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
+            {% for type, name in types.items %}
+            <li role="presentation"><a role="menuitem" tabindex="-1"
+                    href="{% url 'passbook_admin:provider-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a></li>
             {% endfor %}
-          </td>
-        </tr>
-      {% endfor %}
-    </tbody>
-  </table>
+        </ul>
+    </div>
+    <hr>
+    <table class="table table-striped table-bordered">
+        <thead>
+            <tr>
+                <th></th>
+                <th>{% trans 'Name' %}</th>
+                <th>{% trans 'Type' %}</th>
+                <th></th>
+            </tr>
+        </thead>
+        <tbody>
+            {% for provider in object_list %}
+            <tr {% if not provider.application %} class="warning" {% endif %}>
+                <th>
+                    {% if not provider.application %}
+                    <span class="pficon-warning-triangle-o" data-toggle="tooltip" data-placement="right" title="{% trans 'Warning: Provider has no application assigned.' %}"></span>
+                    {% else %}
+                    <span class="pficon-ok" data-toggle="tooltip" data-placement="right" title="{% blocktrans with app=provider.application %}Assigned to Application {{ app }}{% endblocktrans %}"></span>
+                    {% endif %}
+                </th>
+                <td>{{ provider.name }}</td>
+                <td>{{ provider|verbose_name }}</td>
+                <td>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:provider-update' pk=provider.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:provider-delete' pk=provider.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
+                    {% get_links provider as links %}
+                    {% for name, href in links.items %}
+                    <a class="btn btn-default btn-sm"
+                        href="{{ href }}?back={{ request.get_full_path }}">{% trans name %}</a>
+                    {% endfor %}
+                    {% get_htmls provider as htmls %}
+                    {% for html in htmls %}
+                    {{ html|safe }}
+                    {% endfor %}
+                </td>
+            </tr>
+            {% endfor %}
+        </tbody>
+    </table>
 </div>
 {% endblock %}

passbook/admin/templates/administration/rule/list.html

@@ -1,48 +0,0 @@
-{% extends "administration/base.html" %}
-
-{% load i18n %}
-{% load utils %}
-
-{% block title %}
-{% title %}
-{% endblock %}
-
-{% block content %}
-<div class="container">
-  <h1>{% trans "Rules" %}</h1>
-  <div class="dropdown">
-    <button class="btn btn-primary dropdown-toggle" type="button" id="createDropdown" data-toggle="dropdown">
-      {% trans 'Create...' %}
-      <span class="caret"></span>
-    </button>
-    <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
-      {% for type, name in types.items %}
-      <li role="presentation"><a role="menuitem" tabindex="-1" href="{% url 'passbook_admin:rule-create' %}?type={{ type }}">{{ name }}</a></li>
-      {% endfor %}
-    </ul>
-  </div>
-  <hr>
-  <table class="table table-striped table-bordered">
-    <thead>
-      <tr>
-        <th>{% trans 'Name' %}</th>
-        <th>{% trans 'Class' %}</th>
-        <th></th>
-      </tr>
-    </thead>
-    <tbody>
-      {% for rule in object_list %}
-        <tr>
-          <td>{{ rule.name }}</td>
-          <td>{{ rule|fieldtype }}</td>
-          <td>
-            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:rule-update' pk=rule.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
-            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:rule-test' pk=rule.uuid %}?back={{ request.get_full_path }}">{% trans 'Test' %}</a>
-            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:rule-delete' pk=rule.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
-          </td>
-        </tr>
-      {% endfor %}
-    </tbody>
-  </table>
-</div>
-{% endblock %}

passbook/admin/templates/administration/rule/test.html

@@ -1,7 +0,0 @@
-{% extends 'generic/form.html' %}
-
-{% load i18n %}
-
-{% block above_form %}
-<h1>{% blocktrans with rule=rule %}Test rule {{ rule }}{% endblocktrans %}</h1>
-{% endblock %}

passbook/admin/templates/administration/source/list.html

@@ -6,43 +6,51 @@
 
 {% block content %}
 <div class="container">
-  <h1>{% trans "Sources" %}</h1>
-  <div class="dropdown">
-    <button class="btn btn-primary dropdown-toggle" type="button" id="createDropdown" data-toggle="dropdown">
-      {% trans 'Create...' %}
-      <span class="caret"></span>
-    </button>
-    <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
-      {% for type, name in types.items %}
-      <li role="presentation"><a role="menuitem" tabindex="-1" href="{% url 'passbook_admin:source-create' %}?type={{ type }}">{{ name }}</a></li>
-      {% endfor %}
-    </ul>
-  </div>
-  <hr>
-  <table class="table table-striped table-bordered">
-    <thead>
-      <tr>
-        <th>{% trans 'Name' %}</th>
-        <th>{% trans 'Class' %}</th>
-        <th></th>
-      </tr>
-    </thead>
-    <tbody>
-      {% for source in object_list %}
-        <tr>
-          <td>{{ source.name }}</td>
-          <td>{{ source|fieldtype }}</td>
-          <td>
-            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:source-update' pk=source.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
-            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:source-delete' pk=source.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
-            {% get_links source as links %}
-            {% for name, href in links %}
-              <a class="btn btn-default btn-sm" href="{{ href }}?back={{ request.get_full_path }}">{% trans name %}</a>
+    <h1><span class="pficon-resource-pool"></span> {% trans "Sources" %}</h1>
+    <span>{% trans "External Sources which can be used to get Identities into passbook, for example Social Providers like Twiter and GitHub or Enterprise Providers like ADFS and LDAP." %}</span>
+    <hr>
+    <div class="dropdown">
+        <button class="btn btn-primary dropdown-toggle" type="button" id="createDropdown" data-toggle="dropdown">
+            {% trans 'Create...' %}
+            <span class="caret"></span>
+        </button>
+        <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
+            {% for type, name in types.items %}
+            <li role="presentation"><a role="menuitem" tabindex="-1"
+                    href="{% url 'passbook_admin:source-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a></li>
             {% endfor %}
-          </td>
-        </tr>
-      {% endfor %}
-    </tbody>
-  </table>
+        </ul>
+    </div>
+    <hr>
+    <table class="table table-striped table-bordered">
+        <thead>
+            <tr>
+                <th>{% trans 'Name' %}</th>
+                <th>{% trans 'Class' %}</th>
+                <th>{% trans 'Additional Info' %}</th>
+                <th></th>
+            </tr>
+        </thead>
+        <tbody>
+            {% for source in object_list %}
+            <tr>
+                <td>{{ source.name }}</td>
+                <td>{{ source|fieldtype }}</td>
+                <td>{{ source.additional_info }}</td>
+                <td>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:source-update' pk=source.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:source-delete' pk=source.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
+                    {% get_links source as links %}
+                    {% for name, href in links %}
+                    <a class="btn btn-default btn-sm"
+                        href="{{ href }}?back={{ request.get_full_path }}">{% trans name %}</a>
+                    {% endfor %}
+                </td>
+            </tr>
+            {% endfor %}
+        </tbody>
+    </table>
 </div>
 {% endblock %}

passbook/admin/templates/administration/user/list.html

@@ -5,34 +5,38 @@
 
 {% block content %}
 <div class="container">
-  <h1>{% trans "Users" %}</h1>
-  <hr>
-  <table class="table table-striped table-bordered">
-    <thead>
-      <tr>
-        <th>{% trans 'Username' %}</th>
-        <th>{% trans 'First Name' %}</th>
-        <th>{% trans 'Last Name' %}</th>
-        <th>{% trans 'Active' %}</th>
-        <th>{% trans 'Last Login' %}</th>
-        <th></th>
-      </tr>
-    </thead>
-    <tbody>
-      {% for user in object_list %}
-        <tr>
-          <td>{{ user.username }}</td>
-          <td>{{ user.first_name|default:'-' }}</td>
-          <td>{{ user.last_name|default:'-' }}</td>
-          <td>{{ user.is_active }}</td>
-          <td>{{ user.last_login }}</td>
-          <td>
-            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:user-update' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
-            <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:user-delete' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
-          </td>
-        </tr>
-      {% endfor %}
-    </tbody>
-  </table>
+    <h1><span class="pficon-users"></span> {% trans "Users" %}</h1>
+    <hr>
+    <table class="table table-striped table-bordered">
+        <thead>
+            <tr>
+                <th>{% trans 'Username' %}</th>
+                <th>{% trans 'Name' %}</th>
+                <th>{% trans 'Active' %}</th>
+                <th>{% trans 'Last Login' %}</th>
+                <th></th>
+            </tr>
+        </thead>
+        <tbody>
+            {% for user in object_list %}
+            <tr>
+                <td>{{ user.username }}</td>
+                <td>{{ user.name|default:'-' }}</td>
+                <td>{{ user.is_active }}</td>
+                <td>{{ user.last_login }}</td>
+                <td>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:user-update' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:user-delete' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:user-password-reset' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Reset Password' %}</a>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_core:overview' %}?__impersonate={{ user.pk }}">{% trans 'Impersonate' %}</a>
+                </td>
+            </tr>
+            {% endfor %}
+        </tbody>
+    </table>
 </div>
 {% endblock %}

passbook/admin/templates/generic/create.html

@@ -1,7 +1,12 @@
 {% extends "generic/form.html" %}
 
+{% load utils %}
 {% load i18n %}
 
 {% block above_form %}
-<h1>{% trans 'Create' %}</h1>
-{% endblock %}
+<h1>{% blocktrans with type=form|form_verbose_name %}Create {{ type }}{% endblocktrans %}</h1>
+{% endblock %}
+
+{% block action %}
+{% blocktrans with type=form|form_verbose_name %}Create {{ type }}{% endblocktrans %}
+{% endblock %}

passbook/admin/templates/generic/create_inheritance.html

@@ -1,11 +0,0 @@
-{% extends "generic/create.html" %}
-
-{% load i18n %}
-
-{% block title %}
-{% blocktrans with type=request.GET.type %}Create {{ type }}{% endblocktrans %}
-{% endblock %}
-
-{% block above_form %}
-<h1>{% blocktrans with type=request.GET.type %}Create {{ type }}{% endblocktrans %}</h1>
-{% endblock %}

passbook/admin/templates/generic/form.html

@@ -2,6 +2,21 @@
 
 {% load i18n %}
 {% load utils %}
+{% load static %}
+
+{% block head %}
+{{ block.super }}
+{{ form.media.css }}
+<script type="text/javascript" src="{% url 'admin:jsi18n' %}"></script>
+<script type="text/javascript" src="{% static 'admin/js/vendor/jquery/jquery.js' %}"></script>
+<script type="text/javascript" src="{% static 'admin/js/jquery.init.js' %}"></script>
+<script type="text/javascript" src="{% static 'admin/js/core.js' %}"></script>
+<script type="text/javascript" src="{% static 'admin/js/actions.js' %}"></script>
+<script type="text/javascript" src="{% static 'admin/js/urlify.js' %}"></script>
+<script type="text/javascript" src="{% static 'admin/js/prepopulate.js' %}"></script>
+<script type="text/javascript" src="{% static 'admin/js/SelectBox.js' %}"></script>
+<script type="text/javascript" src="{% static 'admin/js/SelectFilter2.js' %}"></script>
+{% endblock %}
 
 {% block content %}
 <div class="container">
@@ -11,8 +26,15 @@
     <form action="" method="post" class="form-horizontal">
       {% include 'partials/form.html' with form=form %}
       <a class="btn btn-default" href="{% back %}">{% trans "Cancel" %}</a>
-      <input type="submit" class="btn btn-primary" value="{% trans 'Create' %}" />
+      <input type="submit" class="btn btn-primary" value="{% block action %}{% endblock %}" />
     </form>
   </div>
+  {% block beneath_form %}
+  {% endblock %}
 </div>
 {% endblock %}
+
+{% block scripts %}
+{{ block.super }}
+{{ form.media.js }}
+{% endblock %}

passbook/admin/templates/generic/update.html

@@ -1,7 +1,12 @@
 {% extends "generic/form.html" %}
 
+{% load utils %}
 {% load i18n %}
 
 {% block above_form %}
-<h1>{% trans 'Update' %}</h1>
-{% endblock %}
+<h1>{% blocktrans with type=form|form_verbose_name %}Update {{ type }}{% endblocktrans %}</h1>
+{% endblock %}
+
+{% block action %}
+{% blocktrans with type=form|form_verbose_name %}Update {{ type }}{% endblocktrans %}
+{% endblock %}

passbook/admin/templatetags/admin_reflection.py

@@ -5,6 +5,8 @@ from logging import getLogger
 from django import template
 from django.db.models import Model
 
+from passbook.lib.utils.template import render_to_string
+
 register = template.Library()
 LOGGER = getLogger(__name__)
 
@@ -29,3 +31,24 @@ def get_links(model_instance):
         pass
 
     return links
+
+
+@register.simple_tag(takes_context=True)
+def get_htmls(context, model_instance):
+    """Find all html_ methods on an object instance, run them and return as dict"""
+    prefix = 'html_'
+    htmls = []
+
+    if not isinstance(model_instance, Model):
+        LOGGER.warning("Model %s is not instance of Model", model_instance)
+        return htmls
+
+    try:
+        for name, method in inspect.getmembers(model_instance, predicate=inspect.ismethod):
+            if name.startswith(prefix):
+                template, _context = method(context.get('request'))
+                htmls.append(render_to_string(template, _context))
+    except NotImplementedError:
+        pass
+
+    return htmls

passbook/admin/urls.py

@@ -1,12 +1,9 @@
 """passbook URL Configuration"""
 from django.urls import include, path
-from rest_framework_swagger.views import get_swagger_view
-
-from passbook.admin.views import (applications, audit, groups, invitations,
-                                  overview, providers, rules, sources, users)
-
-schema_view = get_swagger_view(title='passbook Admin Internal API')
 
+from passbook.admin.views import (applications, audit, debug, factors, groups,
+                                  invitations, overview, policy,
+                                  property_mapping, providers, sources, users)
 
 urlpatterns = [
     path('', overview.AdministrationOverviewView.as_view(), name='overview'),
@@ -24,12 +21,12 @@ urlpatterns = [
     path('sources/create/', sources.SourceCreateView.as_view(), name='source-create'),
     path('sources/<uuid:pk>/update/', sources.SourceUpdateView.as_view(), name='source-update'),
     path('sources/<uuid:pk>/delete/', sources.SourceDeleteView.as_view(), name='source-delete'),
-    # Rules
-    path('rules/', rules.RuleListView.as_view(), name='rules'),
-    path('rules/create/', rules.RuleCreateView.as_view(), name='rule-create'),
-    path('rules/<uuid:pk>/update/', rules.RuleUpdateView.as_view(), name='rule-update'),
-    path('rules/<uuid:pk>/delete/', rules.RuleDeleteView.as_view(), name='rule-delete'),
-    path('rules/<uuid:pk>/test/', rules.RuleTestView.as_view(), name='rule-test'),
+    # Policies
+    path('policies/', policy.PolicyListView.as_view(), name='policies'),
+    path('policies/create/', policy.PolicyCreateView.as_view(), name='policy-create'),
+    path('policies/<uuid:pk>/update/', policy.PolicyUpdateView.as_view(), name='policy-update'),
+    path('policies/<uuid:pk>/delete/', policy.PolicyDeleteView.as_view(), name='policy-delete'),
+    path('policies/<uuid:pk>/test/', policy.PolicyTestView.as_view(), name='policy-test'),
     # Providers
     path('providers/', providers.ProviderListView.as_view(), name='providers'),
     path('providers/create/',
@@ -38,6 +35,23 @@ urlpatterns = [
          providers.ProviderUpdateView.as_view(), name='provider-update'),
     path('providers/<int:pk>/delete/',
          providers.ProviderDeleteView.as_view(), name='provider-delete'),
+    # Factors
+    path('factors/', factors.FactorListView.as_view(), name='factors'),
+    path('factors/create/',
+         factors.FactorCreateView.as_view(), name='factor-create'),
+    path('factors/<uuid:pk>/update/',
+         factors.FactorUpdateView.as_view(), name='factor-update'),
+    path('factors/<uuid:pk>/delete/',
+         factors.FactorDeleteView.as_view(), name='factor-delete'),
+    # Factors
+    path('property-mappings/', property_mapping.PropertyMappingListView.as_view(),
+         name='property-mappings'),
+    path('property-mappings/create/',
+         property_mapping.PropertyMappingCreateView.as_view(), name='property-mapping-create'),
+    path('property-mappings/<uuid:pk>/update/',
+         property_mapping.PropertyMappingUpdateView.as_view(), name='property-mapping-update'),
+    path('property-mappings/<uuid:pk>/delete/',
+         property_mapping.PropertyMappingDeleteView.as_view(), name='property-mapping-delete'),
     # Invitations
     path('invitations/', invitations.InvitationListView.as_view(), name='invitations'),
     path('invitations/create/',
@@ -51,11 +65,19 @@ urlpatterns = [
          users.UserUpdateView.as_view(), name='user-update'),
     path('users/<int:pk>/delete/',
          users.UserDeleteView.as_view(), name='user-delete'),
+    path('users/<int:pk>/reset/',
+         users.UserPasswordResetView.as_view(), name='user-password-reset'),
+    # Groups
+    path('group/', groups.GroupListView.as_view(), name='group'),
+    path('group/create/', groups.GroupCreateView.as_view(), name='group-create'),
+    path('group/<uuid:pk>/update/', groups.GroupUpdateView.as_view(), name='group-update'),
+    path('group/<uuid:pk>/delete/', groups.GroupDeleteView.as_view(), name='group-delete'),
     # Audit Log
     path('audit/', audit.AuditEntryListView.as_view(), name='audit-log'),
     # Groups
     path('groups/', groups.GroupListView.as_view(), name='groups'),
     # API
-    path('api/', schema_view),
-    path('api/v1/', include('passbook.admin.api.v1.urls'))
+    path('api/', include('passbook.admin.api.urls')),
+    # Debug
+    path('debug/request/', debug.DebugRequestView.as_view(), name='debug-request'),
 ]

passbook/admin/views/applications.py

@@ -1,4 +1,5 @@
 """passbook Application administration"""
+from django.contrib import messages
 from django.contrib.messages.views import SuccessMessageMixin
 from django.urls import reverse_lazy
 from django.utils.translation import ugettext as _
@@ -13,6 +14,7 @@ class ApplicationListView(AdminRequiredMixin, ListView):
     """Show list of all applications"""
 
     model = Application
+    ordering = 'name'
     template_name = 'administration/application/list.html'
 
     def get_queryset(self):
@@ -28,6 +30,10 @@ class ApplicationCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView)
     success_url = reverse_lazy('passbook_admin:applications')
     success_message = _('Successfully created Application')
 
+    def get_context_data(self, **kwargs):
+        kwargs['type'] = 'Application'
+        return super().get_context_data(**kwargs)
+
 
 class ApplicationUpdateView(SuccessMessageMixin, AdminRequiredMixin, UpdateView):
     """Update application"""
@@ -45,5 +51,10 @@ class ApplicationDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView)
 
     model = Application
 
+    template_name = 'generic/delete.html'
     success_url = reverse_lazy('passbook_admin:applications')
-    success_message = _('Successfully updated Application')
+    success_message = _('Successfully deleted Application')
+
+    def delete(self, request, *args, **kwargs):
+        messages.success(self.request, self.success_message)
+        return super().delete(request, *args, **kwargs)

passbook/admin/views/debug.py

@@ -0,0 +1,17 @@
+"""passbook administration debug views"""
+
+from django.views.generic import TemplateView
+
+from passbook.admin.mixins import AdminRequiredMixin
+
+
+class DebugRequestView(AdminRequiredMixin, TemplateView):
+    """Show debug info about request"""
+
+    template_name = 'administration/debug/request.html'
+
+    def get_context_data(self, **kwargs):
+        kwargs['request_dict'] = {}
+        for key in dir(self.request):
+            kwargs['request_dict'][key] = getattr(self.request, key)
+        return super().get_context_data(**kwargs)

passbook/admin/views/factors.py

@@ -0,0 +1,84 @@
+"""passbook Factor administration"""
+from django.contrib import messages
+from django.contrib.messages.views import SuccessMessageMixin
+from django.http import Http404
+from django.urls import reverse_lazy
+from django.utils.translation import ugettext as _
+from django.views.generic import CreateView, DeleteView, ListView, UpdateView
+
+from passbook.admin.mixins import AdminRequiredMixin
+from passbook.core.models import Factor
+from passbook.lib.utils.reflection import path_to_class
+
+
+def all_subclasses(cls):
+    """Recursively return all subclassess of cls"""
+    return set(cls.__subclasses__()).union(
+        [s for c in cls.__subclasses__() for s in all_subclasses(c)])
+
+class FactorListView(AdminRequiredMixin, ListView):
+    """Show list of all factors"""
+
+    model = Factor
+    template_name = 'administration/factor/list.html'
+    ordering = 'order'
+
+    def get_context_data(self, **kwargs):
+        kwargs['types'] = {
+            x.__name__: x._meta.verbose_name for x in all_subclasses(Factor)}
+        return super().get_context_data(**kwargs)
+
+    def get_queryset(self):
+        return super().get_queryset().select_subclasses()
+
+class FactorCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
+    """Create new Factor"""
+
+    template_name = 'generic/create.html'
+    success_url = reverse_lazy('passbook_admin:factors')
+    success_message = _('Successfully created Factor')
+
+    def get_context_data(self, **kwargs):
+        kwargs = super().get_context_data(**kwargs)
+        factor_type = self.request.GET.get('type')
+        model = next(x for x in all_subclasses(Factor) if x.__name__ == factor_type)
+        kwargs['type'] = model._meta.verbose_name
+        return kwargs
+
+    def get_form_class(self):
+        factor_type = self.request.GET.get('type')
+        model = next(x for x in all_subclasses(Factor) if x.__name__ == factor_type)
+        if not model:
+            raise Http404
+        return path_to_class(model.form)
+
+class FactorUpdateView(SuccessMessageMixin, AdminRequiredMixin, UpdateView):
+    """Update factor"""
+
+    model = Factor
+    template_name = 'generic/update.html'
+    success_url = reverse_lazy('passbook_admin:factors')
+    success_message = _('Successfully updated Factor')
+
+    def get_form_class(self):
+        form_class_path = self.get_object().form
+        form_class = path_to_class(form_class_path)
+        return form_class
+
+    def get_object(self, queryset=None):
+        return Factor.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
+
+class FactorDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView):
+    """Delete factor"""
+
+    model = Factor
+    template_name = 'generic/delete.html'
+    success_url = reverse_lazy('passbook_admin:factors')
+    success_message = _('Successfully deleted Factor')
+
+    def get_object(self, queryset=None):
+        return Factor.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
+
+    def delete(self, request, *args, **kwargs):
+        messages.success(self.request, self.success_message)
+        return super().delete(request, *args, **kwargs)

passbook/admin/views/groups.py

@@ -1,12 +1,57 @@
 """passbook Group administration"""
-from django.views.generic import ListView
+from django.contrib import messages
+from django.contrib.messages.views import SuccessMessageMixin
+from django.urls import reverse_lazy
+from django.utils.translation import ugettext as _
+from django.views.generic import CreateView, DeleteView, ListView, UpdateView
 
 from passbook.admin.mixins import AdminRequiredMixin
+from passbook.core.forms.groups import GroupForm
 from passbook.core.models import Group
 
 
 class GroupListView(AdminRequiredMixin, ListView):
-    """Show list of all invitations"""
+    """Show list of all groups"""
 
     model = Group
-    template_name = 'administration/groups/list.html'
+    ordering = 'name'
+    template_name = 'administration/group/list.html'
+
+
+class GroupCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
+    """Create new Group"""
+
+    form_class = GroupForm
+
+    template_name = 'generic/create.html'
+    success_url = reverse_lazy('passbook_admin:groups')
+    success_message = _('Successfully created Group')
+
+    def get_context_data(self, **kwargs):
+        kwargs['type'] = 'Group'
+        return super().get_context_data(**kwargs)
+
+
+class GroupUpdateView(SuccessMessageMixin, AdminRequiredMixin, UpdateView):
+    """Update group"""
+
+    model = Group
+    form_class = GroupForm
+
+    template_name = 'generic/update.html'
+    success_url = reverse_lazy('passbook_admin:groups')
+    success_message = _('Successfully updated Group')
+
+
+class GroupDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView):
+    """Delete group"""
+
+    model = Group
+
+    template_name = 'generic/delete.html'
+    success_url = reverse_lazy('passbook_admin:groups')
+    success_message = _('Successfully deleted Group')
+
+    def delete(self, request, *args, **kwargs):
+        messages.success(self.request, self.success_message)
+        return super().delete(request, *args, **kwargs)

passbook/admin/views/invitations.py

@@ -1,4 +1,5 @@
 """passbook Invitation administration"""
+from django.contrib import messages
 from django.contrib.messages.views import SuccessMessageMixin
 from django.http import HttpResponseRedirect
 from django.urls import reverse_lazy
@@ -26,6 +27,10 @@ class InvitationCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
     success_message = _('Successfully created Invitation')
     form_class = InvitationForm
 
+    def get_context_data(self, **kwargs):
+        kwargs['type'] = 'Invitation'
+        return super().get_context_data(**kwargs)
+
     def form_valid(self, form):
         obj = form.save(commit=False)
         obj.created_by = self.request.user
@@ -42,4 +47,8 @@ class InvitationDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView):
     model = Invitation
     template_name = 'generic/delete.html'
     success_url = reverse_lazy('passbook_admin:invitations')
-    success_message = _('Successfully updated Invitation')
+    success_message = _('Successfully deleted Invitation')
+
+    def delete(self, request, *args, **kwargs):
+        messages.success(self.request, self.success_message)
+        return super().delete(request, *args, **kwargs)