bump version: 0.1.1-beta -> 0.1.2-beta

make naming of Providers more consistent
fix IDP-initiated login not working
2019-03-07 14:14:51 +01:00 · 2019-03-07 14:14:49 +01:00 · 2019-03-07 14:10:06 +01:00 · 2019-03-07 14:09:52 +01:00 · 2019-03-03 20:18:23 +00:00 · 2019-03-03 21:05:17 +01:00
143 changed files with 2076 additions and 453 deletions
--- a/.bumpversion.cfg
+++ b/.bumpversion.cfg
@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.0.8-alpha
+current_version = 0.1.2-beta
 tag = True
 commit = True
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-(?P<release>.*)
@ -9,11 +9,14 @@ tag_name = version/{new_version}

 [bumpversion:part:release]
 optional_value = stable
+first_value = beta
 values = 
 	alpha
 	beta
 	stable

+[bumpversion:file:helm/passbook/values.yaml]
+
 [bumpversion:file:helm/passbook/Chart.yaml]

 [bumpversion:file:.gitlab-ci.yml]
@ -34,6 +37,10 @@ values =

 [bumpversion:file:passbook/lib/__init__.py]

+[bumpversion:file:passbook/hibp_policy/__init__.py]
+
+[bumpversion:file:passbook/password_expiry_policy/__init__.py]
+
 [bumpversion:file:passbook/saml_idp/__init__.py]

 [bumpversion:file:passbook/audit/__init__.py]
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -16,7 +16,6 @@ variables:
  POSTGRES_DB: passbook
  POSTGRES_USER: passbook
  POSTGRES_PASSWORD: 'EK-5jnKfjrGRm<77'
-  SUPERVISR_ENV: ci

 include:
  - /allauth/.gitlab-ci.yml
@ -52,9 +51,9 @@ package-docker:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
  before_script:
-    - echo "{\"auths\":{\"https://docker.$NEXUS_URL/\":{\"username\":\"$NEXUS_USER\",\"password\":\"$NEXUS_PASS\"}}}" > /kaniko/.docker/config.json
+    - echo "{\"auths\":{\"docker.$NEXUS_URL\":{\"auth\":\"$NEXUS_AUTH\"}}}" > /kaniko/.docker/config.json
  script:
-    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination docker.pkg.beryju.org/passbook:latest --destination docker.pkg.beryju.org/passbook:0.0.8-alpha
+    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination docker.pkg.beryju.org/passbook:latest --destination docker.pkg.beryju.org/passbook:0.1.2-beta
  stage: build
  only:
    - tags
@ -65,7 +64,7 @@ package-helm:
    - curl https://raw.githubusercontent.com/helm/helm/master/scripts/get | bash
    - helm init --client-only
    - helm package helm/passbook
-    - ./manage.py nexus_upload --method put --url $NEXUS_URL --user $NEXUS_USER --password $NEXUS_PASS --repo helm *.tgz
+    - ./manage.py nexus_upload --method put --url $NEXUS_URL --auth $NEXUS_AUTH --repo helm *.tgz
  only:
    - tags
    - /^version/.*$/
--- a/14
+++ b/14
@ -6,10 +6,13 @@ COPY ./requirements.txt /app/

 WORKDIR /app/

-RUN mkdir /app/static/ && \
+RUN apt-get update && apt-get install build-essential libssl-dev libffi-dev -y && \
+    mkdir /app/static/ && \
    pip install -r requirements.txt && \
    pip install psycopg2 && \
-    ./manage.py collectstatic --no-input
+    ./manage.py collectstatic --no-input && \
+    apt-get remove --purge -y build-essential && \
+    apt-get autoremove --purge -y

 FROM python:3.6-slim-stretch

@ -20,9 +23,12 @@ COPY --from=build /app/static /app/static/

 WORKDIR /app/

-RUN pip install -r requirements.txt && \
+RUN apt-get update && apt-get install build-essential libssl-dev libffi-dev -y && \
+    pip install -r requirements.txt && \
    pip install psycopg2 && \
    adduser --system --home /app/ passbook && \
-    chown -R passbook /app/
+    chown -R passbook /app/ && \
+    apt-get remove --purge -y build-essential && \
+    apt-get autoremove --purge -y

 USER passbook
--- a/helm/passbook/Chart.yaml
+++ b/helm/passbook/Chart.yaml
@ -1,6 +1,6 @@
 apiVersion: v1
-appVersion: "0.0.8-alpha"
+appVersion: "0.1.2-beta"
 description: A Helm chart for passbook.
 name: passbook
-version: 1.0.0
+version: "0.1.2-beta"
 icon: https://passbook.beryju.org/images/logo.png
--- a/helm/passbook/templates/passbook-configmap.yaml
+++ b/helm/passbook/templates/passbook-configmap.yaml
@ -36,7 +36,7 @@ data:
    debug: false
    secure_proxy_header:
      HTTP_X_FORWARDED_PROTO: https
-    redis: {{ .Release.Name }}-redis
+    redis: ":{{ .Values.redis.password }}@{{ .Release.Name }}-redis-master"
    # Error reporting, sends stacktrace to sentry.services.beryju.org
    error_report_enabled: {{ .Values.config.error_reporting }}

@ -105,10 +105,9 @@ data:
        email: mail # or userPrincipalName
      user_attribute_map:
        active_directory:
-          sAMAccountName: username
-          mail: email
-          given_name: first_name
-          name: last_name
+          username: "%(sAMAccountName)s"
+          email: "%(mail)s"
+          name: "%(displayName)"
      # # Create new users in LDAP upon sign-up
      # create_users: true
      # # Reset LDAP password when user reset their password
--- a/helm/passbook/values.yaml
+++ b/helm/passbook/values.yaml
@ -5,7 +5,7 @@
 replicaCount: 1

 image:
-  tag: latest
+  tag: 0.1.2-beta

 nameOverride: ""

--- a/passbook/init.py
+++ b/passbook/init.py
@ -1,2 +1,2 @@
 """passbook"""
-__version__ = '0.0.8-alpha'
+__version__ = '0.1.2-beta'
--- a/passbook/admin/init.py
+++ b/passbook/admin/init.py
@ -1,2 +1,2 @@
 """passbook admin"""
-__version__ = '0.0.8-alpha'
+__version__ = '0.1.2-beta'
--- a/passbook/admin/api/v1/users.py
+++ b/passbook/admin/api/v1/users.py
@ -11,7 +11,7 @@ class UserSerializer(ModelSerializer):

    class Meta:
        model = User
-        fields = ['is_superuser', 'username', 'first_name', 'last_name', 'email', 'date_joined',
+        fields = ['is_superuser', 'username', 'name', 'email', 'date_joined',
                  'uuid']


--- a/passbook/admin/forms/users.py
+++ b/passbook/admin/forms/users.py
@ -0,0 +1,17 @@
+"""passbook administrative user forms"""
+
+from django import forms
+
+from passbook.core.models import User
+
+
+class UserForm(forms.ModelForm):
+    """Update User Details"""
+
+    class Meta:
+
+        model = User
+        fields = ['username', 'name', 'email', 'is_staff', 'is_active']
+        widgets = {
+            'name': forms.TextInput
+        }
--- a/passbook/admin/templates/administration/application/list.html
+++ b/passbook/admin/templates/administration/application/list.html
@ -12,7 +12,7 @@
    <h1><span class="pficon-applications"></span> {% trans "Applications" %}</h1>
    <span>{% trans "External Applications which use passbook as Identity-Provider, utilizing protocols like OAuth2 and SAML." %}</span>
    <hr>
-    <a href="{% url 'passbook_admin:application-create' %}" class="btn btn-primary">
+    <a href="{% url 'passbook_admin:application-create' %}?back={{ request.get_full_path }}" class="btn btn-primary">
        {% trans 'Create...' %}
    </a>
    <hr>
@ -21,6 +21,7 @@
            <tr>
                <th>{% trans 'Name' %}</th>
                <th>{% trans 'Provider' %}</th>
+                <th>{% trans 'Provider Type' %}</th>
                <th></th>
            </tr>
        </thead>
@ -28,7 +29,8 @@
            {% for application in object_list %}
            <tr>
                <td>{{ application.name }}</td>
-                <td>{{ application.provider }}</td>
+                <td>{{ application.get_provider }}</td>
+                <td>{{ application.get_provider|verbose_name }}</td>
                <td>
                    <a class="btn btn-default btn-sm"
                        href="{% url 'passbook_admin:application-update' pk=application.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
--- a/passbook/admin/templates/administration/factor/list.html
+++ b/passbook/admin/templates/administration/factor/list.html
@ -21,7 +21,7 @@
        <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
            {% for type, name in types.items %}
            <li role="presentation"><a role="menuitem" tabindex="-1"
-                    href="{% url 'passbook_admin:factor-create' %}?type={{ type }}">{{ name }}</a></li>
+                    href="{% url 'passbook_admin:factor-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a></li>
            {% endfor %}
        </ul>
    </div>
@ -40,7 +40,7 @@
            {% for factor in object_list %}
            <tr>
                <td>{{ factor.name }} ({{ factor.slug }})</td>
-                <td>{{ factor.type }}</td>
+                <td>{{ factor|verbose_name }}</td>
                <td>{{ factor.order }}</td>
                <td>{{ factor.enabled }}</td>
                <td>
--- a/passbook/admin/templates/administration/invitation/list.html
+++ b/passbook/admin/templates/administration/invitation/list.html
@ -12,7 +12,7 @@
    <h1><span class="pficon-migration"></span> {% trans "Invitations" %}</h1>
    <span>{% trans "Create Invitation Links which optionally force a username or expire on a set date." %}</span>
    <hr>
-    <a href="{% url 'passbook_admin:invitation-create' %}" class="btn btn-primary">
+    <a href="{% url 'passbook_admin:invitation-create' %}?back={{ request.get_full_path }}" class="btn btn-primary">
        {% trans 'Create...' %}
    </a>
    <hr>
--- a/passbook/admin/templates/administration/overview.html
+++ b/passbook/admin/templates/administration/overview.html
@ -54,7 +54,11 @@
                <p class="card-pf-aggregate-status-notifications">
                    <span class="card-pf-aggregate-status-notification">
                        <a href="{% url 'passbook_admin:providers' %}">
+                            {% if providers_without_application.exists %}
+                            <span class="pficon-warning-triangle-o" data-toggle="tooltip" data-placement="right" title="{% trans 'Warning: At least one Provider has no application assigned.' %}"></span> {{ provider_count }}
+                            {% else %}
                            <span class="pficon pficon-ok"></span> {{ provider_count }}
+                            {% endif %}
                        </a>
                    </span>
                </p>
@ -72,9 +76,13 @@
            <div class="card-pf-body">
                <p class="card-pf-aggregate-status-notifications">
                    <span class="card-pf-aggregate-status-notification">
-                        <a href="{% url 'passbook_admin:factors' %}">
+                        {% if factor_count < 1 %}
+                        <span class="pficon-error-circle-o" data-toggle="tooltip" data-placement="right"
+                            title="{% trans 'No Factors configured. No Users will be able to login.' %}"></span>
+                        {{ factor_count }}
+                        {% else %}
                        <span class="pficon pficon-ok"></span>{{ factor_count }}
-                        </a>
+                        {% endif %}
                    </span>
                </p>
            </div>
@ -91,9 +99,13 @@
            <div class="card-pf-body">
                <p class="card-pf-aggregate-status-notifications">
                    <span class="card-pf-aggregate-status-notification">
-                        <a href="{% url 'passbook_admin:policies' %}">
+                        {% if policies_without_attachment > 0 %}
+                        <span class="pficon-warning-triangle-o" data-toggle="tooltip" data-placement="right"
+                            title="{% trans 'Policies without attachment exist.' %}"></span>
+                        {{ policy_count }}
+                        {% else %}
                        <span class="pficon pficon-ok"></span>{{ policy_count }}
-                        </a>
+                        {% endif %}
                    </span>
                </p>
            </div>
@ -137,5 +149,48 @@
            </div>
        </div>
    </div>
+    <div class="col-xs-6 col-sm-2 col-md-2">
+        <div class="card-pf card-pf-accented card-pf-aggregate-status">
+            <h2 class="card-pf-title">
+                <a href="#">
+                    <span class="pficon-bundle"></span>
+                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Version' %}
+                </a>
+            </h2>
+            <div class="card-pf-body">
+                <p class="card-pf-aggregate-status-notifications">
+                    <span class="card-pf-aggregate-status-notification">
+                        <a href="#">
+                            {{ version }}
+                        </a>
+                    </span>
+                </p>
+            </div>
+        </div>
+    </div>
+    <div class="col-xs-6 col-sm-2 col-md-2">
+        <div class="card-pf card-pf-accented card-pf-aggregate-status">
+            <h2 class="card-pf-title">
+                <a href="#">
+                    <span class="pficon-server"></span>
+                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Worker(s)' %}
+                </a>
+            </h2>
+            <div class="card-pf-body">
+                <p class="card-pf-aggregate-status-notifications">
+                    <span class="card-pf-aggregate-status-notification">
+                        <a href="#">
+                            {% if worker_count < 1%}
+                            <span class="pficon-error-circle-o" data-toggle="tooltip" data-placement="right"
+                                title="{% trans 'No workers connected. Policies will not work and you may expect other issues.' %}"></span> {{ worker_count }}
+                            {% else %}
+                            <span class="pficon pficon-ok"></span>{{ worker_count }}
+                            {% endif %}
+                        </a>
+                    </span>
+                </p>
+            </div>
+        </div>
+    </div>
 </div>
 {% endblock %}
--- a/passbook/admin/templates/administration/policy/list.html
+++ b/passbook/admin/templates/administration/policy/list.html
@ -20,7 +20,7 @@
        <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
            {% for type, name in types.items %}
            <li role="presentation"><a role="menuitem" tabindex="-1"
-                    href="{% url 'passbook_admin:policy-create' %}?type={{ type }}">{{ name }}</a></li>
+                    href="{% url 'passbook_admin:policy-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a></li>
            {% endfor %}
        </ul>
    </div>
@ -28,16 +28,24 @@
    <table class="table table-striped table-bordered">
        <thead>
            <tr>
+                <th></th>
                <th>{% trans 'Name' %}</th>
-                <th>{% trans 'Class' %}</th>
+                <th>{% trans 'Type' %}</th>
                <th></th>
            </tr>
        </thead>
        <tbody>
            {% for policy in object_list %}
-            <tr>
+            <tr {% if not policy.policymodel_set.exists %} class="warning" {% endif %}>
+                <th>
+                    {% if not policy.policymodel_set.exists %}
+                    <span class="pficon-warning-triangle-o" data-toggle="tooltip" data-placement="right" title="{% trans 'Warning: Policy is not assigned.' %}"></span>
+                    {% else %}
+                    <span class="pficon-ok" data-toggle="tooltip" data-placement="right" title="{% blocktrans with objects=policy.policymodel_set.all|join:', ' %}Assigned to objects {{ objects }}{% endblocktrans %}"></span>
+                    {% endif %}
+                </th>
                <td>{{ policy.name }}</td>
-                <td>{{ policy|fieldtype }}</td>
+                <td>{{ policy|verbose_name }}</td>
                <td>
                    <a class="btn btn-default btn-sm"
                        href="{% url 'passbook_admin:policy-update' pk=policy.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
--- a/passbook/admin/templates/administration/provider/list.html
+++ b/passbook/admin/templates/administration/provider/list.html
@ -21,7 +21,7 @@
        <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
            {% for type, name in types.items %}
            <li role="presentation"><a role="menuitem" tabindex="-1"
-                    href="{% url 'passbook_admin:provider-create' %}?type={{ type }}">{{ name }}</a></li>
+                    href="{% url 'passbook_admin:provider-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a></li>
            {% endfor %}
        </ul>
    </div>
@ -29,16 +29,24 @@
    <table class="table table-striped table-bordered">
        <thead>
            <tr>
+                <th></th>
                <th>{% trans 'Name' %}</th>
-                <th>{% trans 'Class' %}</th>
+                <th>{% trans 'Type' %}</th>
                <th></th>
            </tr>
        </thead>
        <tbody>
            {% for provider in object_list %}
-            <tr>
+            <tr {% if not provider.application %} class="warning" {% endif %}>
+                <th>
+                    {% if not provider.application %}
+                    <span class="pficon-warning-triangle-o" data-toggle="tooltip" data-placement="right" title="{% trans 'Warning: Provider has no application assigned.' %}"></span>
+                    {% else %}
+                    <span class="pficon-ok" data-toggle="tooltip" data-placement="right" title="{% blocktrans with app=provider.application %}Assigned to Application {{ app }}{% endblocktrans %}"></span>
+                    {% endif %}
+                </th>
                <td>{{ provider.name }}</td>
-                <td>{{ provider|fieldtype }}</td>
+                <td>{{ provider|verbose_name }}</td>
                <td>
                    <a class="btn btn-default btn-sm"
                        href="{% url 'passbook_admin:provider-update' pk=provider.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
--- a/passbook/admin/templates/administration/source/list.html
+++ b/passbook/admin/templates/administration/source/list.html
@ -17,7 +17,7 @@
        <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
            {% for type, name in types.items %}
            <li role="presentation"><a role="menuitem" tabindex="-1"
-                    href="{% url 'passbook_admin:source-create' %}?type={{ type }}">{{ name }}</a></li>
+                    href="{% url 'passbook_admin:source-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a></li>
            {% endfor %}
        </ul>
    </div>
--- a/passbook/admin/templates/administration/user/list.html
+++ b/passbook/admin/templates/administration/user/list.html
@ -11,8 +11,7 @@
        <thead>
            <tr>
                <th>{% trans 'Username' %}</th>
-                <th>{% trans 'First Name' %}</th>
-                <th>{% trans 'Last Name' %}</th>
+                <th>{% trans 'Name' %}</th>
                <th>{% trans 'Active' %}</th>
                <th>{% trans 'Last Login' %}</th>
                <th></th>
@ -22,8 +21,7 @@
            {% for user in object_list %}
            <tr>
                <td>{{ user.username }}</td>
-                <td>{{ user.first_name|default:'-' }}</td>
-                <td>{{ user.last_name|default:'-' }}</td>
+                <td>{{ user.name|default:'-' }}</td>
                <td>{{ user.is_active }}</td>
                <td>{{ user.last_login }}</td>
                <td>
@ -31,6 +29,8 @@
                        href="{% url 'passbook_admin:user-update' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
                    <a class="btn btn-default btn-sm"
                        href="{% url 'passbook_admin:user-delete' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
+                    <a class="btn btn-default btn-sm"
+                        href="{% url 'passbook_admin:user-password-reset' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Reset Password' %}</a>
                </td>
            </tr>
            {% endfor %}
--- a/passbook/admin/templates/generic/create.html
+++ b/passbook/admin/templates/generic/create.html
@ -1,11 +1,12 @@
 {% extends "generic/form.html" %}

+{% load utils %}
 {% load i18n %}

 {% block above_form %}
-<h1>{% trans 'Create' %}</h1>
+<h1>{% blocktrans with type=form|form_verbose_name %}Create {{ type }}{% endblocktrans %}</h1>
 {% endblock %}

 {% block action %}
-{% trans 'Create' %}
+{% blocktrans with type=form|form_verbose_name %}Create {{ type }}{% endblocktrans %}
 {% endblock %}
--- a/passbook/admin/templates/generic/create_inheritance.html
+++ b/passbook/admin/templates/generic/create_inheritance.html
@ -1,11 +0,0 @@
-{% extends "generic/create.html" %}
-
-{% load i18n %}
-
-{% block title %}
-{% blocktrans with type=request.GET.type %}Create {{ type }}{% endblocktrans %}
-{% endblock %}
-
-{% block above_form %}
-<h1>{% blocktrans with type=request.GET.type %}Create {{ type }}{% endblocktrans %}</h1>
-{% endblock %}
--- a/passbook/admin/templates/generic/update.html
+++ b/passbook/admin/templates/generic/update.html
@ -1,11 +1,12 @@
 {% extends "generic/form.html" %}

+{% load utils %}
 {% load i18n %}

 {% block above_form %}
-<h1>{% trans 'Update' %}</h1>
+<h1>{% blocktrans with type=form|form_verbose_name %}Update {{ type }}{% endblocktrans %}</h1>
 {% endblock %}

 {% block action %}
-{% trans 'Update' %}
+{% blocktrans with type=form|form_verbose_name %}Update {{ type }}{% endblocktrans %}
 {% endblock %}
--- a/passbook/admin/urls.py
+++ b/passbook/admin/urls.py
@ -56,6 +56,8 @@ urlpatterns = [
         users.UserUpdateView.as_view(), name='user-update'),
    path('users/<int:pk>/delete/',
         users.UserDeleteView.as_view(), name='user-delete'),
+    path('users/<int:pk>/reset/',
+         users.UserPasswordResetView.as_view(), name='user-password-reset'),
    # Audit Log
    path('audit/', audit.AuditEntryListView.as_view(), name='audit-log'),
    # Groups
--- a/passbook/admin/views/applications.py
+++ b/passbook/admin/views/applications.py
@ -1,4 +1,5 @@
 """passbook Application administration"""
+from django.contrib import messages
 from django.contrib.messages.views import SuccessMessageMixin
 from django.urls import reverse_lazy
 from django.utils.translation import ugettext as _
@ -13,6 +14,7 @@ class ApplicationListView(AdminRequiredMixin, ListView):
    """Show list of all applications"""

    model = Application
+    ordering = 'name'
    template_name = 'administration/application/list.html'

    def get_queryset(self):
@ -28,6 +30,10 @@ class ApplicationCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView)
    success_url = reverse_lazy('passbook_admin:applications')
    success_message = _('Successfully created Application')

+    def get_context_data(self, **kwargs):
+        kwargs['type'] = 'Application'
+        return super().get_context_data(**kwargs)
+

 class ApplicationUpdateView(SuccessMessageMixin, AdminRequiredMixin, UpdateView):
    """Update application"""
@ -45,5 +51,10 @@ class ApplicationDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView)

    model = Application

+    template_name = 'generic/delete.html'
    success_url = reverse_lazy('passbook_admin:applications')
-    success_message = _('Successfully updated Application')
+    success_message = _('Successfully deleted Application')
+
+    def delete(self, request, *args, **kwargs):
+        messages.success(self.request, self.success_message)
+        return super().delete(request, *args, **kwargs)
--- a/passbook/admin/views/factors.py
+++ b/passbook/admin/views/factors.py
@ -1,4 +1,5 @@
 """passbook Factor administration"""
+from django.contrib import messages
 from django.contrib.messages.views import SuccessMessageMixin
 from django.http import Http404
 from django.urls import reverse_lazy
@ -33,7 +34,7 @@ class FactorListView(AdminRequiredMixin, ListView):
 class FactorCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
    """Create new Factor"""

-    template_name = 'generic/create_inheritance.html'
+    template_name = 'generic/create.html'
    success_url = reverse_lazy('passbook_admin:factors')
    success_message = _('Successfully created Factor')

@ -73,7 +74,11 @@ class FactorDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView):
    model = Factor
    template_name = 'generic/delete.html'
    success_url = reverse_lazy('passbook_admin:factors')
-    success_message = _('Successfully updated Factor')
+    success_message = _('Successfully deleted Factor')

    def get_object(self, queryset=None):
        return Factor.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
+
+    def delete(self, request, *args, **kwargs):
+        messages.success(self.request, self.success_message)
+        return super().delete(request, *args, **kwargs)
--- a/passbook/admin/views/invitations.py
+++ b/passbook/admin/views/invitations.py
@ -1,4 +1,5 @@
 """passbook Invitation administration"""
+from django.contrib import messages
 from django.contrib.messages.views import SuccessMessageMixin
 from django.http import HttpResponseRedirect
 from django.urls import reverse_lazy
@ -26,6 +27,10 @@ class InvitationCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
    success_message = _('Successfully created Invitation')
    form_class = InvitationForm

+    def get_context_data(self, **kwargs):
+        kwargs['type'] = 'Invitation'
+        return super().get_context_data(**kwargs)
+
    def form_valid(self, form):
        obj = form.save(commit=False)
        obj.created_by = self.request.user
@ -42,4 +47,8 @@ class InvitationDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView):
    model = Invitation
    template_name = 'generic/delete.html'
    success_url = reverse_lazy('passbook_admin:invitations')
-    success_message = _('Successfully updated Invitation')
+    success_message = _('Successfully deleted Invitation')
+
+    def delete(self, request, *args, **kwargs):
+        messages.success(self.request, self.success_message)
+        return super().delete(request, *args, **kwargs)
--- a/passbook/admin/views/overview.py
+++ b/passbook/admin/views/overview.py
@ -2,6 +2,8 @@
 from django.views.generic import TemplateView

 from passbook.admin.mixins import AdminRequiredMixin
+from passbook.core import __version__
+from passbook.core.celery import CELERY_APP
 from passbook.core.models import (Application, Factor, Invitation, Policy,
                                  Provider, Source, User)

@ -19,4 +21,8 @@ class AdministrationOverviewView(AdminRequiredMixin, TemplateView):
        kwargs['source_count'] = len(Source.objects.all())
        kwargs['factor_count'] = len(Factor.objects.all())
        kwargs['invitation_count'] = len(Invitation.objects.all())
+        kwargs['version'] = __version__
+        kwargs['worker_count'] = len(CELERY_APP.control.ping(timeout=0.5))
+        kwargs['providers_without_application'] = Provider.objects.filter(application=None)
+        kwargs['policies_without_attachment'] = len(Policy.objects.filter(policymodel__isnull=True))
        return super().get_context_data(**kwargs)
--- a/passbook/admin/views/policy.py
+++ b/passbook/admin/views/policy.py
@ -32,7 +32,7 @@ class PolicyListView(AdminRequiredMixin, ListView):
 class PolicyCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
    """Create new Policy"""

-    template_name = 'generic/create_inheritance.html'
+    template_name = 'generic/create.html'
    success_url = reverse_lazy('passbook_admin:policies')
    success_message = _('Successfully created Policy')

@ -68,11 +68,15 @@ class PolicyDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView):
    model = Policy
    template_name = 'generic/delete.html'
    success_url = reverse_lazy('passbook_admin:policies')
-    success_message = _('Successfully updated Policy')
+    success_message = _('Successfully deleted Policy')

    def get_object(self, queryset=None):
        return Policy.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()

+    def delete(self, request, *args, **kwargs):
+        messages.success(self.request, self.success_message)
+        return super().delete(request, *args, **kwargs)
+

 class PolicyTestView(AdminRequiredMixin, DetailView, FormView):
    """View to test policy(s)"""
--- a/passbook/admin/views/providers.py
+++ b/passbook/admin/views/providers.py
@ -1,4 +1,5 @@
 """passbook Provider administration"""
+from django.contrib import messages
 from django.contrib.messages.views import SuccessMessageMixin
 from django.http import Http404
 from django.urls import reverse_lazy
@ -28,7 +29,7 @@ class ProviderListView(AdminRequiredMixin, ListView):
 class ProviderCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
    """Create new Provider"""

-    template_name = 'generic/create_inheritance.html'
+    template_name = 'generic/create.html'
    success_url = reverse_lazy('passbook_admin:providers')
    success_message = _('Successfully created Provider')

@ -64,7 +65,11 @@ class ProviderDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView):
    model = Provider
    template_name = 'generic/delete.html'
    success_url = reverse_lazy('passbook_admin:providers')
-    success_message = _('Successfully updated Provider')
+    success_message = _('Successfully deleted Provider')

    def get_object(self, queryset=None):
        return Provider.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
+
+    def delete(self, request, *args, **kwargs):
+        messages.success(self.request, self.success_message)
+        return super().delete(request, *args, **kwargs)
--- a/passbook/admin/views/sources.py
+++ b/passbook/admin/views/sources.py
@ -1,4 +1,5 @@
 """passbook Source administration"""
+from django.contrib import messages
 from django.contrib.messages.views import SuccessMessageMixin
 from django.http import Http404
 from django.urls import reverse_lazy
@ -33,7 +34,7 @@ class SourceListView(AdminRequiredMixin, ListView):
 class SourceCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
    """Create new Source"""

-    template_name = 'generic/create_inheritance.html'
+    template_name = 'generic/create.html'
    success_url = reverse_lazy('passbook_admin:sources')
    success_message = _('Successfully created Source')

@ -66,9 +67,13 @@ class SourceDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView):
    """Delete source"""

    model = Source
-
+    template_name = 'generic/delete.html'
    success_url = reverse_lazy('passbook_admin:sources')
-    success_message = _('Successfully updated Source')
+    success_message = _('Successfully deleted Source')

    def get_object(self, queryset=None):
        return Source.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
+
+    def delete(self, request, *args, **kwargs):
+        messages.success(self.request, self.success_message)
+        return super().delete(request, *args, **kwargs)
--- a/passbook/admin/views/users.py
+++ b/passbook/admin/views/users.py
@ -1,12 +1,15 @@
 """passbook User administration"""
+from django.contrib import messages
 from django.contrib.messages.views import SuccessMessageMixin
-from django.urls import reverse_lazy
+from django.shortcuts import get_object_or_404, redirect
+from django.urls import reverse, reverse_lazy
 from django.utils.translation import ugettext as _
+from django.views import View
 from django.views.generic import DeleteView, ListView, UpdateView

+from passbook.admin.forms.users import UserForm
 from passbook.admin.mixins import AdminRequiredMixin
-from passbook.core.forms.users import UserDetailForm
-from passbook.core.models import User
+from passbook.core.models import Nonce, User


 class UserListView(AdminRequiredMixin, ListView):
@ -20,7 +23,7 @@ class UserUpdateView(SuccessMessageMixin, AdminRequiredMixin, UpdateView):
    """Update user"""

    model = User
-    form_class = UserDetailForm
+    form_class = UserForm

    template_name = 'generic/update.html'
    success_url = reverse_lazy('passbook_admin:users')
@ -31,6 +34,24 @@ class UserDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView):
    """Delete user"""

    model = User
-
+    template_name = 'generic/delete.html'
    success_url = reverse_lazy('passbook_admin:users')
-    success_message = _('Successfully updated User')
+    success_message = _('Successfully deleted User')
+
+    def delete(self, request, *args, **kwargs):
+        messages.success(self.request, self.success_message)
+        return super().delete(request, *args, **kwargs)
+
+
+class UserPasswordResetView(AdminRequiredMixin, View):
+    """Get Password reset link for user"""
+
+    # pylint: disable=invalid-name
+    def get(self, request, pk):
+        """Create nonce for user and return link"""
+        user = get_object_or_404(User, pk=pk)
+        nonce = Nonce.objects.create(user=user)
+        link = request.build_absolute_uri(reverse(
+            'passbook_core:auth-password-reset', kwargs={'nonce': nonce.uuid}))
+        messages.success(request, _('Password reset link: <pre>%(link)s</pre>' % {'link': link}))
+        return redirect('passbook_admin:users')
--- a/passbook/api/init.py
+++ b/passbook/api/init.py
@ -1,2 +1,2 @@
 """passbook api"""
-__version__ = '0.0.8-alpha'
+__version__ = '0.1.2-beta'
--- a/passbook/api/v1/openid.py
+++ b/passbook/api/v1/openid.py
@ -14,8 +14,8 @@ class OpenIDUserInfoView(ScopedResourceMixin, View):
        payload = {
            'sub': request.user.uuid.int,
            'name': request.user.get_full_name(),
-            'given_name': request.user.first_name,
-            'family_name': request.user.last_name,
+            'given_name': request.user.name,
+            'family_name': '',
            'preferred_username': request.user.username,
            'email': request.user.email,
        }
--- a/passbook/audit/init.py
+++ b/passbook/audit/init.py
@ -1,2 +1,2 @@
 """passbook audit Header"""
-__version__ = '0.0.8-alpha'
+__version__ = '0.1.2-beta'
--- a/passbook/audit/models.py
+++ b/passbook/audit/models.py
@ -1,5 +1,4 @@
 """passbook audit models"""
-from datetime import timedelta
 from logging import getLogger

 from django.conf import settings
@ -7,11 +6,10 @@ from django.contrib.auth.models import AnonymousUser
 from django.contrib.postgres.fields import JSONField
 from django.core.exceptions import ValidationError
 from django.db import models
-from django.utils import timezone
 from django.utils.translation import gettext as _
 from ipware import get_client_ip

-from passbook.lib.models import CreatedUpdatedModel, UUIDModel
+from passbook.lib.models import UUIDModel

 LOGGER = getLogger(__name__)

@ -51,6 +49,9 @@ class AuditEntry(UUIDModel):
    def create(action, request, **kwargs):
        """Create AuditEntry from arguments"""
        client_ip, _ = get_client_ip(request)
+        if not hasattr(request, 'user'):
+            user = None
+        else:
            user = request.user
        if isinstance(user, AnonymousUser):
            user = kwargs.get('user', None)
@ -60,7 +61,7 @@ class AuditEntry(UUIDModel):
            # User 255.255.255.255 as fallback if IP cannot be determined
            request_ip=client_ip or '255.255.255.255',
            context=kwargs)
-        LOGGER.debug("Logged %s from %s (%s)", action, request.user, client_ip)
+        LOGGER.debug("Logged %s from %s (%s)", action, user, client_ip)
        return entry

    def save(self, *args, **kwargs):
@ -72,43 +73,3 @@ class AuditEntry(UUIDModel):

        verbose_name = _('Audit Entry')
        verbose_name_plural = _('Audit Entries')
-
-
-class LoginAttempt(CreatedUpdatedModel):
-    """Track failed login-attempts"""
-
-    target_uid = models.CharField(max_length=254)
-    request_ip = models.GenericIPAddressField()
-    attempts = models.IntegerField(default=1)
-
-    @staticmethod
-    def attempt(target_uid, request):
-        """Helper function to create attempt or count up existing one"""
-        if not target_uid:
-            return
-        client_ip, _ = get_client_ip(request)
-        # Since we can only use 254 chars for target_uid, truncate target_uid.
-        target_uid = target_uid[:254]
-        time_threshold = timezone.now() - timedelta(minutes=10)
-        existing_attempts = LoginAttempt.objects.filter(
-            target_uid=target_uid,
-            request_ip=client_ip,
-            last_updated__gt=time_threshold).order_by('created')
-        if existing_attempts.exists():
-            attempt = existing_attempts.first()
-            attempt.attempts += 1
-            attempt.save()
-            LOGGER.debug("Increased attempts on %s", attempt)
-        else:
-            attempt = LoginAttempt.objects.create(
-                target_uid=target_uid,
-                request_ip=client_ip)
-            LOGGER.debug("Created new attempt %s", attempt)
-
-    def __str__(self):
-        return "LoginAttempt to %s from %s (x%d)" % (self.target_uid,
-                                                     self.request_ip, self.attempts)
-
-    class Meta:
-
-        unique_together = (('target_uid', 'request_ip', 'created'),)
--- a/passbook/audit/requirements.txt
+++ b/passbook/audit/requirements.txt
@ -1 +0,0 @@
-django-ipware
--- a/passbook/audit/signals.py
+++ b/passbook/audit/signals.py
@ -1,9 +1,8 @@
 """passbook audit signal listener"""
-from django.contrib.auth.signals import (user_logged_in, user_logged_out,
-                                         user_login_failed)
+from django.contrib.auth.signals import user_logged_in, user_logged_out
 from django.dispatch import receiver

-from passbook.audit.models import AuditEntry, LoginAttempt
+from passbook.audit.models import AuditEntry
 from passbook.core.signals import (invitation_created, invitation_used,
                                   user_signed_up)

@ -34,8 +33,3 @@ def on_invitation_used(sender, request, invitation, **kwargs):
    """Log Invitation usage"""
    AuditEntry.create(AuditEntry.ACTION_INVITE_USED, request,
                      invitation_uuid=invitation.uuid.hex)
-
-@receiver(user_login_failed)
-def on_user_login_failed(sender, request, credentials, **kwargs):
-    """Log failed login attempt"""
-    LoginAttempt.attempt(target_uid=credentials.get('username'), request=request)
--- a/passbook/captcha_factor/init.py
+++ b/passbook/captcha_factor/init.py
@ -1,2 +1,2 @@
 """passbook captcha_factor Header"""
-__version__ = '0.0.8-alpha'
+__version__ = '0.1.2-beta'
--- a/passbook/core/init.py
+++ b/passbook/core/init.py
@ -1,2 +1,2 @@
 """passbook core"""
-__version__ = '0.0.8-alpha'
+__version__ = '0.1.2-beta'
--- a/passbook/core/auth/factors/password.py
+++ b/passbook/core/auth/factors/password.py
@ -5,13 +5,15 @@ from django.contrib import messages
 from django.contrib.auth import authenticate
 from django.core.exceptions import PermissionDenied
 from django.forms.utils import ErrorList
-from django.shortcuts import redirect
+from django.shortcuts import redirect, reverse
 from django.utils.translation import gettext as _
 from django.views.generic import FormView

 from passbook.core.auth.factor import AuthenticationFactor
 from passbook.core.auth.view import AuthenticationView
 from passbook.core.forms.authentication import PasswordFactorForm
+from passbook.core.models import Nonce
+from passbook.core.tasks import send_email
 from passbook.lib.config import CONFIG

 LOGGER = getLogger(__name__)
@ -29,8 +31,18 @@ class PasswordFactor(FormView, AuthenticationFactor):

    def get(self, request, *args, **kwargs):
        if 'password-forgotten' in request.GET:
-            # TODO: Save nonce key in database for password reset
-            # TODO: Send email to user
+            nonce = Nonce.objects.create(user=self.pending_user)
+            LOGGER.debug("DEBUG %s", str(nonce.uuid))
+            # Send mail to user
+            send_email.delay(self.pending_user.email, _('Forgotten password'),
+                             'email/account_password_reset.html', {
+                                 'url': self.request.build_absolute_uri(
+                                     reverse('passbook_core:passbook_core:auth-password-reset',
+                                             kwargs={
+                                                 'nonce': nonce.uuid
+                                             })
+                                 )
+                             })
            self.authenticator.cleanup()
            messages.success(request, _('Check your E-Mails for a password reset link.'))
            return redirect('passbook_core:auth-login')
--- a/passbook/core/auth/view.py
+++ b/passbook/core/auth/view.py
@ -4,15 +4,23 @@ from logging import getLogger
 from django.contrib.auth import login
 from django.contrib.auth.mixins import UserPassesTestMixin
 from django.shortcuts import get_object_or_404, redirect, reverse
+from django.utils.http import urlencode
 from django.views.generic import View

 from passbook.core.models import Factor, User
+from passbook.core.policies import PolicyEngine
 from passbook.core.views.utils import PermissionDeniedView
 from passbook.lib.utils.reflection import class_to_path, path_to_class
 from passbook.lib.utils.urls import is_url_absolute

 LOGGER = getLogger(__name__)

+def _redirect_with_qs(view, get_query_set=None):
+    """Wrapper to redirect whilst keeping GET Parameters"""
+    target = reverse(view)
+    if get_query_set:
+        target += '?' + urlencode({key: value for key, value in get_query_set.items()})
+    return redirect(target)

 class AuthenticationView(UserPassesTestMixin, View):
    """Wizard-like Multi-factor authenticator"""
@ -37,7 +45,7 @@ class AuthenticationView(UserPassesTestMixin, View):
        # Function from UserPassesTestMixin
        if 'next' in self.request.GET:
            return redirect(self.request.GET.get('next'))
-        return redirect(reverse('passbook_core:overview'))
+        return _redirect_with_qs('passbook_core:overview', self.request.GET)

    def dispatch(self, request, *args, **kwargs):
        # Extract pending user from session (only remember uid)
@ -46,7 +54,7 @@ class AuthenticationView(UserPassesTestMixin, View):
                User, id=self.request.session[AuthenticationView.SESSION_PENDING_USER])
        else:
            # No Pending user, redirect to login screen
-            return redirect(reverse('passbook_core:auth-login'))
+            return _redirect_with_qs('passbook_core:auth-login', request.GET)
        # Write pending factors to session
        if AuthenticationView.SESSION_PENDING_FACTORS in request.session:
            self.pending_factors = request.session[AuthenticationView.SESSION_PENDING_FACTORS]
@ -56,7 +64,9 @@ class AuthenticationView(UserPassesTestMixin, View):
            _all_factors = Factor.objects.filter(enabled=True).order_by('order').select_subclasses()
            self.pending_factors = []
            for factor in _all_factors:
-                if factor.passes(self.pending_user):
+                policy_engine = PolicyEngine(factor.policies.all())
+                policy_engine.for_user(self.pending_user).with_request(request).build()
+                if policy_engine.result[0]:
                    self.pending_factors.append((factor.uuid.hex, factor.type))
        # Read and instantiate factor from session
        factor_uuid, factor_class = None, None
@ -101,8 +111,8 @@ class AuthenticationView(UserPassesTestMixin, View):
                self.pending_factors
            self.request.session[AuthenticationView.SESSION_FACTOR] = next_factor
            LOGGER.debug("Rendering Factor is %s", next_factor)
-            # return redirect(reverse('passbook_core:auth-process', kwargs={'factor': next_factor}))
-            return redirect(reverse('passbook_core:auth-process'))
+            # return _redirect_with_qs('passbook_core:auth-process', kwargs={'factor': next_factor})
+            return _redirect_with_qs('passbook_core:auth-process', self.request.GET)
        # User passed all factors
        LOGGER.debug("User passed all factors, logging in")
        return self._user_passed()
@ -112,7 +122,7 @@ class AuthenticationView(UserPassesTestMixin, View):
        This should only be shown if user authenticated successfully, but is disabled/locked/etc"""
        LOGGER.debug("User invalid")
        self.cleanup()
-        return redirect(reverse('passbook_core:auth-denied'))
+        return _redirect_with_qs('passbook_core:auth-denied', self.request.GET)

    def _user_passed(self):
        """User Successfully passed all factors"""
@ -123,9 +133,9 @@ class AuthenticationView(UserPassesTestMixin, View):
        # Cleanup
        self.cleanup()
        next_param = self.request.GET.get('next', None)
-        if next_param and is_url_absolute(next_param):
+        if next_param and not is_url_absolute(next_param):
            return redirect(next_param)
-        return redirect(reverse('passbook_core:overview'))
+        return _redirect_with_qs('passbook_core:overview')

    def cleanup(self):
        """Remove temporary data from session"""
--- a/passbook/core/celery.py
+++ b/passbook/core/celery.py
@ -5,9 +5,8 @@ import os

 import celery
 from django.conf import settings
-
-# from raven import Client
-# from raven.contrib.celery import register_logger_signal, register_signal
+from raven import Client
+from raven.contrib.celery import register_logger_signal, register_signal

 # set the default Django settings module for the 'celery' program.
 os.environ.setdefault("DJANGO_SETTINGS_MODULE", "passbook.core.settings")
@ -18,16 +17,17 @@ LOGGER = logging.getLogger(__name__)
 class Celery(celery.Celery):
    """Custom Celery class with Raven configured"""

-    # def on_configure(self):
-    #     """Update raven client"""
-    #     try:
-    #         client = Client(settings.RAVEN_CONFIG.get('dsn'))
-    #         # register a custom filter to filter out duplicate logs
-    #         register_logger_signal(client)
-    #         # hook into the Celery error handler
-    #         register_signal(client)
-    #     except RecursionError:  # This error happens when pdoc is running
-    #         pass
+    # pylint: disable=method-hidden
+    def on_configure(self):
+        """Update raven client"""
+        try:
+            client = Client(settings.RAVEN_CONFIG.get('dsn'))
+            # register a custom filter to filter out duplicate logs
+            register_logger_signal(client)
+            # hook into the Celery error handler
+            register_signal(client)
+        except RecursionError:  # This error happens when pdoc is running
+            pass


 # pylint: disable=unused-argument
--- a/passbook/core/exceptions.py
+++ b/passbook/core/exceptions.py
@ -0,0 +1,10 @@
+"""passbook core exceptions"""
+
+class PasswordPolicyInvalid(Exception):
+    """Exception raised when a Password Policy fails"""
+
+    messages = []
+
+    def __init__(self, *messages):
+        super().__init__()
+        self.messages = messages
--- a/passbook/core/forms/authentication.py
+++ b/passbook/core/forms/authentication.py
@ -8,6 +8,7 @@ from django.utils.translation import gettext_lazy as _

 from passbook.core.models import User
 from passbook.lib.config import CONFIG
+from passbook.lib.utils.ui import human_list

 LOGGER = getLogger(__name__)

@ -15,13 +16,16 @@ class LoginForm(forms.Form):
    """Allow users to login"""

    title = _('Log in to your account')
-    uid_field = forms.CharField(widget=forms.TextInput(attrs={'placeholder': _('UID')}))
+    uid_field = forms.CharField()
    remember_me = forms.BooleanField(required=False)

    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
-        if CONFIG.y('passbook.uid_fields') == ['email']:
+        if CONFIG.y('passbook.uid_fields') == ['e-mail']:
            self.fields['uid_field'] = forms.EmailField()
+        self.fields['uid_field'].widget.attrs = {
+            'placeholder': _(human_list([x.title() for x in CONFIG.y('passbook.uid_fields')]))
+        }

    def clean_uid_field(self):
        """Validate uid_field after EmailValidator if 'email' is the only selected uid_fields"""
@ -34,10 +38,8 @@ class SignUpForm(forms.Form):
    """SignUp Form"""

    title = _('Sign Up')
-    first_name = forms.CharField(label=_('First Name'),
-                                 widget=forms.TextInput(attrs={'placeholder': _('First Name')}))
-    last_name = forms.CharField(label=_('Last Name'),
-                                widget=forms.TextInput(attrs={'placeholder': _('Last Name')}))
+    name = forms.CharField(label=_('Name'),
+                           widget=forms.TextInput(attrs={'placeholder': _('Name')}))
    username = forms.CharField(label=_('Username'),
                               widget=forms.TextInput(attrs={'placeholder': _('Username')}))
    email = forms.EmailField(label=_('E-Mail'),
@ -79,12 +81,14 @@ class SignUpForm(forms.Form):
        password_repeat = self.cleaned_data.get('password_repeat')
        if password != password_repeat:
            raise ValidationError(_("Passwords don't match"))
-        # TODO: Password policy? Via Plugin? via Policy?
-        # return check_password(self)
        return self.cleaned_data.get('password_repeat')


 class PasswordFactorForm(forms.Form):
    """Password authentication form"""

-    password = forms.CharField(widget=forms.PasswordInput(attrs={'placeholder': _('Password')}))
+    password = forms.CharField(widget=forms.PasswordInput(attrs={
+        'placeholder': _('Password'),
+        'autofocus': 'autofocus',
+        'autocomplete': 'current-password'
+        }))
--- a/passbook/core/forms/invitations.py
+++ b/passbook/core/forms/invitations.py
@ -27,7 +27,7 @@ class InvitationForm(forms.ModelForm):
    class Meta:

        model = Invitation
-        fields = ['expires', 'fixed_username', 'fixed_email']
+        fields = ['expires', 'fixed_username', 'fixed_email', 'needs_confirmation']
        labels = {
            'fixed_username': "Force user's username (optional)",
            'fixed_email': "Force user's email (optional)",
--- a/passbook/core/forms/policies.py
+++ b/passbook/core/forms/policies.py
@ -3,7 +3,8 @@
 from django import forms
 from django.utils.translation import gettext as _

-from passbook.core.models import DebugPolicy, FieldMatcherPolicy, WebhookPolicy
+from passbook.core.models import (DebugPolicy, FieldMatcherPolicy,
+                                  PasswordPolicy, WebhookPolicy)

 GENERAL_FIELDS = ['name', 'action', 'negate', 'order', ]

@ -50,3 +51,25 @@ class DebugPolicyForm(forms.ModelForm):
        labels = {
            'result': _('Allow user')
        }
+
+
+class PasswordPolicyForm(forms.ModelForm):
+    """PasswordPolicy Form"""
+
+    class Meta:
+
+        model = PasswordPolicy
+        fields = GENERAL_FIELDS + ['amount_uppercase', 'amount_lowercase',
+                                   'amount_symbols', 'length_min', 'symbol_charset',
+                                   'error_message']
+        widgets = {
+            'name': forms.TextInput(),
+            'symbol_charset': forms.TextInput(),
+            'error_message': forms.TextInput(),
+        }
+        labels = {
+            'amount_uppercase': _('Minimum amount of Uppercase Characters'),
+            'amount_lowercase': _('Minimum amount of Lowercase Characters'),
+            'amount_symbols': _('Minimum amount of Symbols Characters'),
+            'length_min': _('Minimum Length'),
+        }
--- a/passbook/core/forms/users.py
+++ b/passbook/core/forms/users.py
@ -13,16 +13,23 @@ class UserDetailForm(forms.ModelForm):
    class Meta:

        model = User
-        fields = ['username', 'first_name', 'last_name', 'email']
+        fields = ['username', 'name', 'email']
+        widgets = {
+            'name': forms.TextInput
+        }

 class PasswordChangeForm(forms.Form):
    """Form to update password"""

    password = forms.CharField(label=_('Password'),
-                               widget=forms.PasswordInput(attrs={'placeholder': _('New Password')}))
+                               widget=forms.PasswordInput(attrs={
+                                   'placeholder': _('New Password'),
+                                   'autocomplete': 'new-password'
+                                   }))
    password_repeat = forms.CharField(label=_('Repeat Password'),
                                      widget=forms.PasswordInput(attrs={
-                                          'placeholder': _('Repeat Password')
+                                          'placeholder': _('Repeat Password'),
+                                          'autocomplete': 'new-password'
                                      }))

    def clean_password_repeat(self):
@ -31,5 +38,4 @@ class PasswordChangeForm(forms.Form):
        password_repeat = self.cleaned_data.get('password_repeat')
        if password != password_repeat:
            raise ValidationError(_("Passwords don't match"))
-        # TODO: Password policy check
        return self.cleaned_data.get('password_repeat')
--- a/passbook/core/management/commands/import_users.py
+++ b/passbook/core/management/commands/import_users.py
@ -0,0 +1,44 @@
+"""passbook import_users management command"""
+from csv import DictReader
+from logging import getLogger
+
+from django.core.management.base import BaseCommand
+from django.core.validators import EmailValidator, ValidationError
+
+from passbook.core.models import User
+
+LOGGER = getLogger(__name__)
+
+class Command(BaseCommand):
+    """Import users from CSV file"""
+
+    def add_arguments(self, parser):
+        # Positional arguments
+        parser.add_argument('file', nargs='+', type=str)
+
+    def handle(self, *args, **options):
+        """Create Users from CSV file"""
+        for file in options.get('file'):
+            with open(file, 'r') as _file:
+                reader = DictReader(_file)
+                for user in reader:
+                    LOGGER.debug('User %s', user.get('username'))
+                    try:
+                        # only import users with valid email addresses
+                        if user.get('email'):
+                            validator = EmailValidator()
+                            validator(user.get('email'))
+                        # use combination of username and email to check for existing user
+                        if User.objects.filter(
+                                username=user.get('username'),
+                                email=user.get('email')).exists():
+                            LOGGER.debug('User %s exists already, skipping', user.get('username'))
+                        # Create user
+                        User.objects.create(
+                            username=user.get('username'),
+                            email=user.get('email'),
+                            name=user.get('name'))
+                        LOGGER.debug('Created User %s', user.get('username'))
+                    except ValidationError as exc:
+                        LOGGER.warning('User %s caused %r, skipping', user.get('username'), exc)
+                        continue
--- a/passbook/core/management/commands/nexus_upload.py
+++ b/passbook/core/management/commands/nexus_upload.py
@ -1,5 +1,5 @@
 """passbook nexus_upload management command"""
-from getpass import getpass
+from base64 import b64decode

 import requests
 from django.core.management.base import BaseCommand
@ -24,9 +24,9 @@ class Command(BaseCommand):
            help='Nexus root URL',
            required=True)
        parser.add_argument(
-            '--user',
+            '--auth',
            action='store',
-            help='Username to use for Nexus upload',
+            help='base64-encoded string of username:password',
            required=True)
        parser.add_argument(
            '--method',
@ -37,29 +37,21 @@ class Command(BaseCommand):
            help=('Method used for uploading files to nexus. '
                  'Apt repositories use post, Helm uses put.'),
            required=True)
-        parser.add_argument(
-            '--password',
-            action='store',
-            help=("Password to use for Nexus upload. "
-                  "If parameter not given, we'll interactively ask"))
        # Positional arguments
        parser.add_argument('file', nargs='+', type=str)

    def handle(self, *args, **options):
        """Upload debian package to nexus repository"""
-        if options.get('password') is None:
-            options['password'] = getpass()
+        auth = tuple(b64decode(options.get('auth')).decode('utf-8').split(':', 1))
        responses = {}
-        url = 'https://%(url)s/repository/%(repo)s//' % options
+        url = 'https://%(url)s/repository/%(repo)s/' % options
        method = options.get('method')
        exit_code = 0
        for file in options.get('file'):
            if method == 'post':
-                responses[file] = requests.post(url, data=open(file, mode='rb'),
-                                                auth=(options.get('user'), options.get('password')))
+                responses[file] = requests.post(url, data=open(file, mode='rb'), auth=auth)
            else:
-                responses[file] = requests.put(url+file, data=open(file, mode='rb'),
-                                               auth=(options.get('user'), options.get('password')))
+                responses[file] = requests.put(url+file, data=open(file, mode='rb'), auth=auth)
        self.stdout.write('Upload results:\n')
        sep = '-' * 60
        self.stdout.write('%s\n' % sep)
--- a/passbook/core/migrations/0012_nonce.py
+++ b/passbook/core/migrations/0012_nonce.py
@ -0,0 +1,31 @@
+# Generated by Django 2.1.7 on 2019-02-25 19:12
+
+import uuid
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+import passbook.core.models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('passbook_core', '0011_auto_20190225_1438'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Nonce',
+            fields=[
+                ('uuid', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False)),
+                ('expires', models.DateTimeField(default=passbook.core.models.default_nonce_duration)),
+                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
+            ],
+            options={
+                'verbose_name': 'Nonce',
+                'verbose_name_plural': 'Nonces',
+            },
+        ),
+    ]
--- a/passbook/core/migrations/0013_invitation_needs_confirmation.py
+++ b/passbook/core/migrations/0013_invitation_needs_confirmation.py
@ -0,0 +1,18 @@
+# Generated by Django 2.1.7 on 2019-02-25 19:57
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('passbook_core', '0012_nonce'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='invitation',
+            name='needs_confirmation',
+            field=models.BooleanField(default=True),
+        ),
+    ]
--- a/passbook/core/migrations/0014_auto_20190226_0850.py
+++ b/passbook/core/migrations/0014_auto_20190226_0850.py
@ -0,0 +1,25 @@
+# Generated by Django 2.1.7 on 2019-02-26 08:50
+
+from django.db import migrations
+
+
+def create_initial_factor(apps, schema_editor):
+    """Create initial PasswordFactor if none exists"""
+    PasswordFactor = apps.get_model("passbook_core", "PasswordFactor")
+    if not PasswordFactor.objects.exists():
+        PasswordFactor.objects.create(
+            name='password',
+            slug='password',
+            order=0,
+            backends=[]
+        )
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('passbook_core', '0013_invitation_needs_confirmation'),
+    ]
+
+    operations = [
+        migrations.RunPython(create_initial_factor)
+    ]
--- a/passbook/core/migrations/0015_passwordpolicy_error_message.py
+++ b/passbook/core/migrations/0015_passwordpolicy_error_message.py
@ -0,0 +1,19 @@
+# Generated by Django 2.1.7 on 2019-02-26 14:28
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('passbook_core', '0014_auto_20190226_0850'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='passwordpolicy',
+            name='error_message',
+            field=models.TextField(default=''),
+            preserve_default=False,
+        ),
+    ]
--- a/passbook/core/migrations/0016_auto_20190227_1355.py
+++ b/passbook/core/migrations/0016_auto_20190227_1355.py
@ -0,0 +1,38 @@
+# Generated by Django 2.1.7 on 2019-02-27 13:55
+
+from django.db import migrations, models
+
+
+def migrate_names(apps, schema_editor):
+    """migrate first_name and last_name to name"""
+    User = apps.get_model("passbook_core", "User")
+    for user in User.objects.all():
+        user.name = '%s %s' % (user.first_name, user.last_name)
+        user.save()
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('passbook_core', '0015_passwordpolicy_error_message'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='name',
+            field=models.TextField(default=''),
+            preserve_default=False,
+        ),
+        migrations.RunPython(migrate_names),
+        migrations.AlterField(
+            model_name='user',
+            name='name',
+            field=models.TextField(),
+            preserve_default=False,
+        ),
+        migrations.AlterField(
+            model_name='fieldmatcherpolicy',
+            name='user_field',
+            field=models.TextField(choices=[('username', 'Username'), ('name', 'Name'), ('email', 'E-Mail'), ('is_staff', 'Is staff'), ('is_active', 'Is active'), ('data_joined', 'Date joined')]),
+        ),
+    ]
--- a/passbook/core/models.py
+++ b/passbook/core/models.py
@ -1,8 +1,10 @@
 """passbook core models"""
 import re
+from datetime import timedelta
 from logging import getLogger
 from random import SystemRandom
 from time import sleep
+from typing import Tuple, Union
 from uuid import uuid4

 from django.contrib.auth.models import AbstractUser
@ -18,6 +20,11 @@ from passbook.lib.models import CreatedUpdatedModel, UUIDModel

 LOGGER = getLogger(__name__)

+
+def default_nonce_duration():
+    """Default duration a Nonce is valid"""
+    return now() + timedelta(hours=4)
+
 class Group(UUIDModel):
    """Custom Group model which supports a basic hierarchy"""

@ -37,12 +44,15 @@ class User(AbstractUser):
    """Custom User model to allow easier adding o f user-based settings"""

    uuid = models.UUIDField(default=uuid4, editable=False)
+    name = models.TextField()
+
    sources = models.ManyToManyField('Source', through='UserSourceConnection')
    applications = models.ManyToManyField('Application')
    groups = models.ManyToManyField('Group')
    password_change_date = models.DateTimeField(auto_now_add=True)

    def set_password(self, password):
+        if self.pk:
            password_changed.send(sender=self, user=self, password=password)
        self.password_change_date = now()
        return super().set_password(password)
@ -63,13 +73,6 @@ class PolicyModel(UUIDModel, CreatedUpdatedModel):

    policies = models.ManyToManyField('Policy', blank=True)

-    def passes(self, user: User) -> bool:
-        """Return true if user passes, otherwise False or raise Exception"""
-        for policy in self.policies.all():
-            if not policy.passes(user):
-                return False
-        return True
-
 class Factor(PolicyModel):
    """Authentication factor, multiple instances of the same Factor can be used"""

@ -150,7 +153,13 @@ class Application(PolicyModel):
    def user_is_authorized(self, user: User) -> bool:
        """Check if user is authorized to use this application"""
        from passbook.core.policies import PolicyEngine
-        return PolicyEngine(self.policies.all()).for_user(user).result
+        return PolicyEngine(self.policies.all()).for_user(user).build().result
+
+    def get_provider(self):
+        """Get casted provider instance"""
+        if not self.provider:
+            return None
+        return Provider.objects.get_subclass(pk=self.provider.pk)

    def __str__(self):
        return self.name
@ -216,7 +225,7 @@ class Policy(UUIDModel, CreatedUpdatedModel):
            return self.name
        return "%s action %s" % (self.name, self.action)

-    def passes(self, user: User) -> bool:
+    def passes(self, user: User) -> Union[bool, Tuple[bool, str]]:
        """Check if user instance passes this policy"""
        raise NotImplementedError()

@ -240,8 +249,7 @@ class FieldMatcherPolicy(Policy):

    USER_FIELDS = (
        ('username', _('Username'),),
-        ('first_name', _('First Name'),),
-        ('last_name', _('Last Name'),),
+        ('name', _('Name'),),
        ('email', _('E-Mail'),),
        ('is_staff', _('Is staff'),),
        ('is_active', _('Is active'),),
@ -261,7 +269,7 @@ class FieldMatcherPolicy(Policy):
            description = "%s: %s" % (self.name, description)
        return description

-    def passes(self, user: User) -> bool:
+    def passes(self, user: User) -> Union[bool, Tuple[bool, str]]:
        """Check if user instance passes this role"""
        if not hasattr(user, self.user_field):
            raise ValueError("Field does not exist")
@ -278,8 +286,7 @@ class FieldMatcherPolicy(Policy):
        if self.match_action == FieldMatcherPolicy.MATCH_REGEXP:
            pattern = re.compile(self.value)
            passes = bool(pattern.match(user_field_value))
-        if self.negate:
-            passes = not passes
+
        LOGGER.debug("User got '%r'", passes)
        return passes

@ -296,10 +303,11 @@ class PasswordPolicy(Policy):
    amount_symbols = models.IntegerField(default=0)
    length_min = models.IntegerField(default=0)
    symbol_charset = models.TextField(default=r"!\"#$%&'()*+,-./:;<=>?@[\]^_`{|}~ ")
+    error_message = models.TextField()

    form = 'passbook.core.forms.policies.PasswordPolicyForm'

-    def passes(self, user: User) -> bool:
+    def passes(self, user: User) -> Union[bool, Tuple[bool, str]]:
        # Only check if password is being set
        if not hasattr(user, '__password__'):
            return True
@ -314,6 +322,8 @@ class PasswordPolicy(Policy):
            filter_regex += r'[%s]{%d,}' % (self.symbol_charset, self.amount_symbols)
        result = bool(re.compile(filter_regex).match(password))
        LOGGER.debug("User got %r", result)
+        if not result:
+            return result, self.error_message
        return result

    class Meta:
@ -372,7 +382,7 @@ class DebugPolicy(Policy):
        wait = SystemRandom().randrange(self.wait_min, self.wait_max)
        LOGGER.debug("Policy '%s' waiting for %ds", self.name, wait)
        sleep(wait)
-        return self.result
+        return self.result, 'Debugging'

    class Meta:

@ -386,6 +396,7 @@ class Invitation(UUIDModel):
    expires = models.DateTimeField(default=None, blank=True, null=True)
    fixed_username = models.TextField(blank=True, default=None)
    fixed_email = models.TextField(blank=True, default=None)
+    needs_confirmation = models.BooleanField(default=True)

    @property
    def link(self):
@ -399,3 +410,17 @@ class Invitation(UUIDModel):

        verbose_name = _('Invitation')
        verbose_name_plural = _('Invitations')
+
+class Nonce(UUIDModel):
+    """One-time link for password resets/signup-confirmations"""
+
+    expires = models.DateTimeField(default=default_nonce_duration)
+    user = models.ForeignKey('User', on_delete=models.CASCADE)
+
+    def __str__(self):
+        return "Nonce %s (expires=%s)" % (self.uuid.hex, self.expires)
+
+    class Meta:
+
+        verbose_name = _('Nonce')
+        verbose_name_plural = _('Nonces')
--- a/passbook/core/policies.py
+++ b/passbook/core/policies.py
@ -2,6 +2,7 @@
 from logging import getLogger

 from celery import group
+from ipware import get_client_ip

 from passbook.core.celery import CELERY_APP
 from passbook.core.models import Policy, User
@ -17,32 +18,64 @@ def _policy_engine_task(user_pk, policy_pk, **kwargs):
        setattr(user_obj, key, value)
    LOGGER.debug("Running policy `%s`#%s for user %s...", policy_obj.name,
                 policy_obj.pk.hex, user_obj)
-    return policy_obj.passes(user_obj)
+    policy_result = policy_obj.passes(user_obj)
+    # Handle policy result correctly if result, message or just result
+    message = None
+    if isinstance(policy_result, (tuple, list)):
+        policy_result, message = policy_result
+    # Invert result if policy.negate is set
+    if policy_obj.negate:
+        policy_result = not policy_result
+    LOGGER.debug("Policy %r#%s got %s", policy_obj.name, policy_obj.pk.hex, policy_result)
+    return policy_obj.action, policy_result, message

 class PolicyEngine:
    """Orchestrate policy checking, launch tasks and return result"""

    policies = None
    _group = None
+    _request = None
+    _user = None

    def __init__(self, policies):
        self.policies = policies
+        self._request = None
+        self._user = None

    def for_user(self, user):
        """Check policies for user"""
+        self._user = user
+        return self
+
+    def with_request(self, request):
+        """Set request"""
+        self._request = request
+        return self
+
+    def build(self):
+        """Build task group"""
        signatures = []
        kwargs = {
-            '__password__': getattr(user, '__password__', None)
+            '__password__': getattr(self._user, '__password__', None),
        }
+        if self._request:
+            kwargs['remote_ip'], _ = get_client_ip(self._request)
+            if not kwargs['remote_ip']:
+                kwargs['remote_ip'] = '255.255.255.255'
        for policy in self.policies:
-            signatures.append(_policy_engine_task.s(user.pk, policy.pk.hex, **kwargs))
+            signatures.append(_policy_engine_task.s(self._user.pk, policy.pk.hex, **kwargs))
        self._group = group(signatures)()
        return self

    @property
    def result(self):
        """Get policy-checking result"""
-        for policy_result in self._group.get():
-            if policy_result is False:
-                return False
-        return True
+        messages = []
+        for policy_action, policy_result, policy_message in self._group.get():
+            passing = (policy_action == Policy.ACTION_ALLOW and policy_result) or \
+                      (policy_action == Policy.ACTION_DENY and not policy_result)
+            if policy_message:
+                messages.append(policy_message)
+            if not passing:
+                return False, messages
+        return True, messages
--- a/passbook/core/requirements.txt
+++ b/passbook/core/requirements.txt
@ -1,5 +1,6 @@
 django>=2.0
 django-model-utils
+django-ipware
 djangorestframework
 PyYAML
 raven
--- a/passbook/core/settings.py
+++ b/passbook/core/settings.py
@ -62,6 +62,7 @@ INSTALLED_APPS = [
    'django.contrib.staticfiles',
    'rest_framework',
    'drf_yasg',
+    'raven.contrib.django.raven_compat',
    'passbook.core.apps.PassbookCoreConfig',
    'passbook.admin.apps.PassbookAdminConfig',
    'passbook.api.apps.PassbookAPIConfig',
@ -74,6 +75,9 @@ INSTALLED_APPS = [
    'passbook.otp.apps.PassbookOTPConfig',
    'passbook.captcha_factor.apps.PassbookCaptchaFactorConfig',
    'passbook.hibp_policy.apps.PassbookHIBPConfig',
+    'passbook.pretend.apps.PassbookPretendConfig',
+    'passbook.password_expiry_policy.apps.PassbookPasswordExpiryPolicyConfig',
+    'passbook.suspicious_policy.apps.PassbookSuspiciousPolicyConfig',
 ]

 # Message Tag fix for bootstrap CSS Classes
@ -102,6 +106,7 @@ MIDDLEWARE = [
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    'raven.contrib.django.raven_compat.middleware.SentryResponseErrorIdMiddleware',
 ]

 ROOT_URLCONF = 'passbook.core.urls'
@ -182,6 +187,14 @@ CELERY_TASK_DEFAULT_QUEUE = 'passbook'
 CELERY_BROKER_URL = 'redis://%s' % CONFIG.get('redis')
 CELERY_RESULT_BACKEND = 'redis://%s' % CONFIG.get('redis')

+# Raven settings
+RAVEN_CONFIG = {
+    'dsn': ('https://55b5dd780bc14f4c96bba69b7a9abbcc:449af483bd0745'
+            '0d83be640d834e5458@sentry.services.beryju.org/8'),
+    'release': VERSION,
+    'environment': 'dev' if DEBUG else 'production',
+}
+
 # CherryPY settings
 with CONFIG.cd('web'):
    CHERRYPY_SERVER = {
@ -290,6 +303,7 @@ TEST_OUTPUT_FILE_NAME = 'unittest.xml'
 if any('test' in arg for arg in sys.argv):
    LOGGING = None
    TEST = True
+    CELERY_TASK_ALWAYS_EAGER = True

 _DISALLOWED_ITEMS = ['INSTALLED_APPS', 'MIDDLEWARE', 'AUTHENTICATION_BACKENDS']
 # Load subapps's INSTALLED_APPS
--- a/passbook/core/signals.py
+++ b/passbook/core/signals.py
@ -1,12 +1,26 @@
 """passbook core signals"""

 from django.core.signals import Signal
+from django.dispatch import receiver

-# from django.db.models.signals import post_save, pre_delete
-# from django.dispatch import receiver
-# from passbook.core.models import Invitation, User
+from passbook.core.exceptions import PasswordPolicyInvalid

 user_signed_up = Signal(providing_args=['request', 'user'])
 invitation_created = Signal(providing_args=['request', 'invitation'])
 invitation_used = Signal(providing_args=['request', 'invitation', 'user'])
 password_changed = Signal(providing_args=['user', 'password'])
+
+@receiver(password_changed)
+# pylint: disable=unused-argument
+def password_policy_checker(sender, password, **kwargs):
+    """Run password through all password policies which are applied to the user"""
+    from passbook.core.models import PasswordFactor
+    from passbook.core.policies import PolicyEngine
+    setattr(sender, '__password__', password)
+    _all_factors = PasswordFactor.objects.filter(enabled=True).order_by('order')
+    for factor in _all_factors:
+        policy_engine = PolicyEngine(factor.password_policies.all().select_subclasses())
+        policy_engine.for_user(sender).build()
+        passing, messages = policy_engine.result
+        if not passing:
+            raise PasswordPolicyInvalid(*messages)
--- a/passbook/core/tasks.py
+++ b/passbook/core/tasks.py
@ -0,0 +1,17 @@
+"""passbook core tasks"""
+from django.core.mail import EmailMultiAlternatives
+from django.template.loader import render_to_string
+from django.utils.html import strip_tags
+
+from passbook.core.celery import CELERY_APP
+from passbook.lib.config import CONFIG
+
+
+@CELERY_APP.task()
+def send_email(to_address, subject, template, context):
+    """Send Email to user(s)"""
+    html_content = render_to_string(template, context=context)
+    text_content = strip_tags(html_content)
+    msg = EmailMultiAlternatives(subject, text_content, CONFIG.y('email.from'), [to_address])
+    msg.attach_alternative(html_content, "text/html")
+    msg.send()
--- a/passbook/core/templates/base/skeleton.html
+++ b/passbook/core/templates/base/skeleton.html
@ -6,6 +6,7 @@
 <html lang="en">
  <head>
    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>
      {% block title %}
        {% title %}
@ -19,6 +20,7 @@
        .login-pf {
            background-attachment: fixed;
            scroll-behavior: smooth;
+            background-size: cover;
        }
    </style>
    {% block head %}
--- a/passbook/core/templates/email/account_confirm.html
+++ b/passbook/core/templates/email/account_confirm.html
@ -0,0 +1,84 @@
+{% extends 'email/base.html' %}
+
+{% load inline %}
+{% load i18n %}
+
+{% block pre_header %}
+{% trans "We're thrilled to have you here! Get ready to dive into your new account." %}
+{% endblock %}
+
+{% block content %}
+<!-- HERO -->
+<tr>
+    <td bgcolor="#3625b7" align="center" style="padding: 0px 10px 0px 10px;">
+        <table border="0" cellpadding="0" cellspacing="0" width="480">
+            <tr>
+                <td bgcolor="#566572" align="center" valign="top"
+                    style="padding: 40px 20px 20px 20px; border-radius: 4px 4px 0px 0px; color: #8F9BA3; font-family: 'Metropolis', Helvetica, Arial, sans-serif; font-size: 48px; font-weight: 400; letter-spacing: 4px; line-height: 48px;">
+                    <h1 style="font-size: 32px; font-weight: 400; margin: 0; color: #E9ECEF;">{% trans 'Welcome!' %}
+                    </h1>
+                </td>
+            </tr>
+        </table>
+    </td>
+</tr>
+<!-- COPY BLOCK -->
+<tr>
+    <td bgcolor="#1b2a32" align="center" style="padding: 0px 10px 0px 10px;">
+        <table border="0" cellpadding="0" cellspacing="0" width="480">
+            <!-- COPY -->
+            <tr>
+                <td bgcolor="#566572" align="left"
+                    style="padding: 20px 30px 40px 30px; color: #E9ECEF; font-family: 'Metropolis', Helvetica, Arial, sans-serif; font-size: 18px; font-weight: 400; line-height: 25px;">
+                    <p style="margin: 0;">
+                        {% trans "We're excited to have you get started. First, you need to confirm your account. Just press the button below."%}
+                    </p>
+                </td>
+            </tr>
+            <!-- BULLETPROOF BUTTON -->
+            <tr>
+                <td bgcolor="#566572" align="left">
+                    <table width="100%" border="0" cellspacing="0" cellpadding="0">
+                        <tr>
+                            <td bgcolor="#566572" align="center" style="padding: 20px 30px 60px 30px;">
+                                <table border="0" cellspacing="0" cellpadding="0">
+                                    <tr>
+                                        <td align="center" style="border-radius: 3px;" bgcolor="#3625b7"><a
+                                                href="{{ url }}" target="_blank"
+                                                style="font-size: 20px; font-family: Helvetica, Arial, sans-serif; color: #ffffff; text-decoration: none; color: #ffffff; text-decoration: none; padding: 15px 25px; border-radius: 2px; border: 1px solid #3625b7; display: inline-block;">{% trans 'Confirm Account' %}</a>
+                                        </td>
+                                    </tr>
+                                </table>
+                            </td>
+                        </tr>
+                    </table>
+                </td>
+            </tr>
+            <!-- COPY -->
+            <tr>
+                <td bgcolor="#566572" align="left"
+                    style="padding: 0px 30px 0px 30px; color: #E9ECEF; font-family: 'Metropolis', Helvetica, Arial, sans-serif; font-size: 18px; font-weight: 400; line-height: 25px;">
+                    <p style="margin: 0;">
+                        {% trans "If that doesn't work, copy and paste the following link in your browser:" %}</p>
+                </td>
+            </tr>
+            <!-- COPY -->
+            <tr>
+                <td bgcolor="#566572" align="left"
+                    style="padding: 20px 30px 20px 30px; color: #E9ECEF; font-family: 'Metropolis', Helvetica, Arial, sans-serif; font-size: 18px; font-weight: 400; line-height: 25px;">
+                    <p style="margin: 0;"><a href="{{ url }}" target="_blank" style="color: #3625b7;">{{ url }}</a></p>
+                </td>
+            </tr>
+            <!-- COPY -->
+            <tr>
+                <td bgcolor="#566572" align="left"
+                    style="padding: 0px 30px 20px 30px; color: #E9ECEF; font-family: 'Metropolis', Helvetica, Arial, sans-serif; font-size: 18px; font-weight: 400; line-height: 25px;">
+                    <p style="margin: 0;">
+                        {% trans "If you have any questions, just reply to this email—we're always happy to help out." %}
+                    </p>
+                </td>
+            </tr>
+        </table>
+    </td>
+</tr>
+{% endblock %}
--- a/passbook/core/templates/email/account_password_reset.html
+++ b/passbook/core/templates/email/account_password_reset.html
@ -0,0 +1,78 @@
+{% extends "email/base.html" %}
+
+{% load utils %}
+{% load i18n %}
+
+{% block pre_header %}
+{% trans "Looks like you tried signing in a few too many times. Let's see if we can get you back into your account." %}
+{% endblock %}
+
+{% block content %}
+{% config 'passbook.branding' as branding %}
+<!-- HERO -->
+<tr>
+  <td bgcolor="#7c72dc" align="center" style="padding: 0px 10px 0px 10px;">
+    <table border="0" cellpadding="0" cellspacing="0" width="600" class="wrapper">
+      <tr>
+        <td bgcolor="#ffffff" align="center" valign="top" style="padding: 40px 20px 20px 20px; border-radius: 4px 4px 0px 0px; color: #111111; font-family: 'Lato', Helvetica, Arial, sans-serif; font-size: 48px; font-weight: 400; letter-spacing: 4px; line-height: 48px;">
+          <h1 style="font-size: 48px; font-weight: 400; margin: 0;">{% trans 'Trouble signing in?' %}</h1>
+        </td>
+      </tr>
+    </table>
+  </td>
+</tr>
+<!-- COPY BLOCK -->
+<tr>
+  <td bgcolor="#f4f4f4" align="center" style="padding: 0px 10px 0px 10px;">
+    <table border="0" cellpadding="0" cellspacing="0" width="600" class="wrapper">
+      <!-- COPY -->
+      <tr>
+        <td bgcolor="#ffffff" align="left" style="padding: 20px 30px 40px 30px; color: #666666; font-family: 'Lato', Helvetica, Arial, sans-serif; font-size: 18px; font-weight: 400; line-height: 25px;">
+          <p style="margin: 0;">{% trans "Resetting your password is easy. Just press the button below and follow the instructions. We'll have you up and running in no time." %}</p>
+        </td>
+      </tr>
+      <!-- BULLETPROOF BUTTON -->
+      <tr>
+        <td bgcolor="#ffffff" align="left">
+          <table width="100%" border="0" cellspacing="0" cellpadding="0">
+            <tr>
+              <td bgcolor="#ffffff" align="center" style="padding: 20px 30px 60px 30px;">
+                <table border="0" cellspacing="0" cellpadding="0">
+                  <tr>
+                    <td align="center" style="border-radius: 3px;" bgcolor="#7c72dc"><a href="{{ url }}" target="_blank" style="font-size: 20px; font-family: Helvetica, Arial, sans-serif; color: #ffffff; text-decoration: none; color: #ffffff; text-decoration: none; padding: 15px 25px; border-radius: 2px; border: 1px solid #7c72dc; display: inline-block;">{% trans 'Reset Password' %}</a></td>
+                  </tr>
+                </table>
+              </td>
+            </tr>
+          </table>
+        </td>
+      </tr>
+    </table>
+  </td>
+</tr>
+<!-- COPY CALLOUT -->
+<tr>
+  <td bgcolor="#f4f4f4" align="center" style="padding: 0px 10px 0px 10px;">
+    <table border="0" cellpadding="0" cellspacing="0" width="600" class="wrapper">
+      <!-- HEADLINE -->
+      <tr>
+        <td bgcolor="#111111" align="left" style="padding: 40px 30px 20px 30px; color: #ffffff; font-family: 'Lato', Helvetica, Arial, sans-serif; font-size: 18px; font-weight: 400; line-height: 25px;">
+          <h2 style="font-size: 24px; font-weight: 400; margin: 0;">{% trans 'Want a more secure account?' %}</h2>
+        </td>
+      </tr>
+      <!-- COPY -->
+      <tr>
+        <td bgcolor="#111111" align="left" style="padding: 0px 30px 20px 30px; color: #666666; font-family: 'Lato', Helvetica, Arial, sans-serif; font-size: 18px; font-weight: 400; line-height: 25px;">
+          <p style="margin: 0;">{% trans 'We support two-factor authentication to help keep your information private.' %}</p>
+        </td>
+      </tr>
+      <!-- COPY -->
+      <tr>
+        <td bgcolor="#111111" align="left" style="padding: 0px 30px 40px 30px; border-radius: 0px 0px 4px 4px; color: #666666; font-family: 'Lato', Helvetica, Arial, sans-serif; font-size: 18px; font-weight: 400; line-height: 25px;">
+          <p style="margin: 0;"><a href="http://litmus.com" target="_blank" style="color: #7c72dc;">{% trans 'See how easy it is to get started' %}</a></p>
+        </td>
+      </tr>
+    </table>
+  </td>
+</tr>
+{% endblock %}
--- a/passbook/core/templates/email/base.html
+++ b/passbook/core/templates/email/base.html
@ -0,0 +1,129 @@
+{% load inline %}
+{% load utils %}
+{% load static %}
+{% load i18n %}
+<!DOCTYPE html>
+<html>
+<head>
+    <title>{% config passbook.branding %}</title>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
+    <style type="text/css">
+        /* CLIENT-SPECIFIC STYLES */
+        body, table, td, a {
+            -webkit-text-size-adjust: 100%;
+            -ms-text-size-adjust: 100%;
+        }
+
+        table, td {
+            mso-table-lspace: 0pt;
+            mso-table-rspace: 0pt;
+        }
+
+        img {
+            -ms-interpolation-mode: bicubic;
+        }
+
+        /* RESET STYLES */
+        img {
+            border: 0;
+            height: auto;
+            line-height: 100%;
+            outline: none;
+            text-decoration: none;
+        }
+
+        table {
+            border-collapse: collapse !important;
+        }
+
+        body {
+            height: 100% !important;
+            margin: 0 !important;
+            padding: 0 !important;
+            width: 100% !important;
+        }
+
+        /* iOS BLUE LINKS */
+        a[x-apple-data-detectors] {
+            color: inherit !important;
+            text-decoration: none !important;
+            font-size: inherit !important;
+            font-family: inherit !important;
+            font-weight: inherit !important;
+            line-height: inherit !important;
+        }
+
+        /* ANDROID CENTER FIX */
+        div[style*="margin: 16px 0;"] {
+            margin: 0 !important;
+        }
+    </style>
+    </head>
+
+    <body style="background-color: #1b2a32; margin: 0 !important; padding: 0 !important;">
+
+        <!-- HIDDEN PREHEADER TEXT -->
+        <div style="display: none; font-size: 1px; color: #fefefe; line-height: 1px; font-family: 'Metropolis', Helvetica, Arial, sans-serif; max-height: 0px; max-width: 0px; opacity: 0; overflow: hidden;">
+            {% block pre_header %}
+            {% endblock %}
+        </div>
+
+        <table border="0" cellpadding="0" cellspacing="0" width="100%">
+            <!-- LOGO -->
+            <tr>
+                <td bgcolor="#3625b7" align="center">
+                    <table border="0" cellpadding="0" cellspacing="0" width="480">
+                        <tr>
+                            <td align="center" valign="top" style="padding: 40px 10px 40px 10px;">
+                                <a href="" target="_blank">
+                                    <img alt="Logo" src="{% inline_static 'assets/dark.svg' %}" width="64" height="64"
+                                    style="display: block; width: 64px; max-width: 64px; min-width: 64px; font-family: 'Metropolis', Helvetica, Arial, sans-serif; color: #ffffff; font-size: 18px;"
+                                    border="0">
+                                </a>
+                            </td>
+                        </tr>
+                    </table>
+                </td>
+            </tr>
+            {% block content %}
+            {% endblock %}
+            <!-- SUPPORT CALLOUT -->
+            <!-- <tr>
+                <td bgcolor="#1b2a32" align="center" style="padding: 30px 10px 0px 10px;">
+                    <table border="0" cellpadding="0" cellspacing="0" width="480">
+                        HEADLINE
+                        <tr>
+                            <td bgcolor="#566572" align="center" style="padding: 30px 30px 30px 30px; border-radius: 4px 4px 4px 4px; color: #E9ECEF; font-family: 'Metropolis', Helvetica, Arial, sans-serif; font-size: 18px; font-weight: 400; line-height: 25px;">
+                                <h2 style="font-size: 20px; font-weight: 400; color: ##E9ECEF; margin: 0;">Need more help?</h2>
+                                <p style="margin: 0;"><a href="http://litmus.com" target="_blank" style="color: #3625b7;">We&rsquo;re
+                                    here, ready to talk</a></p>
+                            </td>
+                        </tr>
+                    </table>
+                </td>
+            </tr> -->
+            <!-- FOOTER -->
+            <tr>
+                <td bgcolor="#1b2a32" align="center" style="padding: 0px 10px 0px 10px;">
+                    <table border="0" cellpadding="0" cellspacing="0" width="480">
+                        <!-- NAVIGATION -->
+                        <tr>
+                            <td bgcolor="#1b2a32" align="left" style="padding: 30px 30px 30px 30px; color: #E9ECEF; font-family: 'Metropolis', Helvetica, Arial, sans-serif; font-size: 14px; font-weight: 400; line-height: 18px;">
+                                <p style="margin: 0;">
+                                </p>
+                            </td>
+                        </tr>
+                        <!-- ADDRESS -->
+                        <tr>
+                            <td bgcolor="#1b2a32" align="left" style="padding: 0px 30px 30px 30px; color: #E9ECEF; font-family: 'Metropolis', Helvetica, Arial, sans-serif; font-size: 14px; font-weight: 400; line-height: 18px;">
+                                <p style="margin: 0;"><a href="{% config 'passbook.branding' %}">{% config 'passbook.branding' %}</a></p>
+                            </td>
+                        </tr>
+                    </table>
+                </td>
+            </tr>
+        </table>
+    </body>
+</html>
--- a/passbook/core/templates/email/generic_email.html
+++ b/passbook/core/templates/email/generic_email.html
@ -0,0 +1,26 @@
+{% extends "email/base.html" %}
+
+{% block content %}
+<tr>
+  <td bgcolor="#3625b7" align="center" style="padding: 0px 10px 0px 10px;">
+    <table border="0" cellpadding="0" cellspacing="0" width="480">
+      <tr>
+        <td bgcolor="#566572" align="center" valign="top" style="padding: 40px 20px 20px 20px; border-radius: 4px 4px 0px 0px; color: #8F9BA3; font-family: 'Lato', Helvetica, Arial, sans-serif; font-size: 48px; font-weight: 400; letter-spacing: 4px; line-height: 48px;">
+          <h1 style="font-size: 32px; font-weight: 400; margin: 0; color: #E9ECEF;">{{ title }}!</h1>
+        </td>
+      </tr>
+    </table>
+  </td>
+</tr>
+<tr>
+  <td bgcolor="#1b2a32" align="center" style="padding: 0px 10px 0px 10px;">
+    <table border="0" cellpadding="0" cellspacing="0" width="480">
+      <tr>
+        <td bgcolor="#566572" align="left" style="padding: 20px 30px 40px 30px; color: #E9ECEF; font-family: 'Lato', Helvetica, Arial, sans-serif; font-size: 18px; font-weight: 400; line-height: 25px;">
+          <p style="margin: 0;">{{ body }}</p>
+        </td>
+      </tr>
+    </table>
+  </td>
+</tr>
+{% endblock %}
--- a/passbook/core/templates/generic/delete.html
+++ b/passbook/core/templates/generic/delete.html
@ -6,12 +6,16 @@
 {% block content %}
 <div class="container">
    {% block above_form %}
-    <h1>{% trans 'Delete' %}</h1>
+    <h1>{% blocktrans with object_type=object|fieldtype|title %}Delete {{ object_type }}{% endblocktrans %}</h1>
    {% endblock %}
    <div class="">
        <form method="post" class="form-horizontal">
            {% csrf_token %}
-      <p>Are you sure you want to delete "{{ object }}"?</p>
+            <p>
+                {% blocktrans with object_type=object|fieldtype|title name=object %}
+                Are you sure you want to delete {{ object_type }} "{{ object }}"?
+                {% endblocktrans %}
+            </p>
            <a href="{% back %}" class="btn btn-default">{% trans 'Back' %}</a>
            <input type="submit" class="btn btn-danger" value="{% trans 'Delete' %}" />
        </form>
--- a/passbook/core/templates/login/base.html
+++ b/passbook/core/templates/login/base.html
@ -29,7 +29,7 @@
 <div class="login-pf-page">
    <div class="container-fluid">
        <div class="row">
-            <div class="col-sm-6 col-sm-offset-3 col-md-6 col-md-offset-3 col-lg-4 col-lg-offset-4">
+            <div class="col-sm-12 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3">
                <header class="login-pf-page-header">
                    <img class="login-pf-brand" style="max-height: 10rem;" src="{% static 'img/logo.svg' %}"
                        alt="passbook logo" />
--- a/passbook/core/templates/login/denied.html
+++ b/passbook/core/templates/login/denied.html
@ -18,7 +18,6 @@
 <header class="login-pf-header">
  <h1>{% trans title %}</h1>
 </header>
-{% include 'partials/messages.html' %}
 <form method="POST">
  {% csrf_token %}
  {% include 'partials/form_login.html' %}
--- a/passbook/core/templates/partials/form.html
+++ b/passbook/core/templates/partials/form.html
@ -2,7 +2,7 @@

 {% csrf_token %}
 {% for field in form %}
-<div class="form-group">
+<div class="form-group {% if field.errors %} has-error {% endif %}">
  {% if field.field.widget|fieldtype == 'RadioSelect' %}
    <label class="col-sm-2 control-label" {% if field.field.required %}class="required"{% endif %} for="{{ field.name }}-{{ forloop.counter0 }}">
      {{ field.label }}
@ -40,11 +40,9 @@
    </span>
    {% endif %}
    {% for error in field.errors %}
-    <hr>
-    <div class="alert alert-danger">
-      <span class="pficon pficon-error-circle-o"></span>
-      <strong>{{ error }}</strong>
-    </div>
+    <span class="help-block">
+        {{ error }}
+    </span>
    {% endfor %}
  </div>
  {% endif %}
--- a/passbook/core/templates/partials/form_login.html
+++ b/passbook/core/templates/partials/form_login.html
@ -3,19 +3,23 @@

 {% csrf_token %}
 {% for field in form %}
-<div class="form-group login-pf-settings">
+<div class="form-group login-pf-settings {% if field.errors %} has-error {% endif %}">
    {% if field.field.widget|fieldtype == 'RadioSelect' %}
-    <label class="col-sm-2 control-label" {% if field.field.required %}class="required"{% endif %} for="{{ field.name }}-{{ forloop.counter0 }}">
+    <label class="col-sm-2 control-label" {% if field.field.required %}class="required" {% endif %}
+        for="{{ field.name }}-{{ forloop.counter0 }}">
        {{ field.label }}
    </label>
    {% for c in field %}
    <div class="radio col-sm-10">
-      <input type="radio" id="{{ field.name }}-{{ forloop.counter0 }}" name="{% if wizard %}{{ wizard.steps.current }}-{% endif %}{{ field.name }}" value="{{ c.data.value }}" {% if c.data.selected %} checked {% endif %}>
+        <input type="radio" id="{{ field.name }}-{{ forloop.counter0 }}"
+            name="{% if wizard %}{{ wizard.steps.current }}-{% endif %}{{ field.name }}" value="{{ c.data.value }}"
+            {% if c.data.selected %} checked {% endif %}>
        <label class="col-sm-2 control-label" for="{{ field.name }}-{{ forloop.counter0 }}">{{ c.choice_label }}</label>
    </div>
    {% endfor %}
    {% elif field.field.widget|fieldtype == 'Select' %}
-    <label class="col-sm-2 control-label" {% if field.field.required %}class="required"{% endif %} for="{{ field.name }}-{{ forloop.counter0 }}">
+    <label class="col-sm-2 control-label" {% if field.field.required %}class="required" {% endif %}
+        for="{{ field.name }}-{{ forloop.counter0 }}">
        {{ field.label }}
    </label>
    <div class="select col-sm-10">
@ -26,7 +30,8 @@
        {{ field }} {{ field.label }}
    </label>
    {% else %}
-  <label class="col-sm-2 sr-only" {% if field.field.required %}class="required"{% endif %} for="{{ field.name }}-{{ forloop.counter0 }}">
+    <label class="col-sm-2 sr-only" {% if field.field.required %}class="required" {% endif %}
+        for="{{ field.name }}-{{ forloop.counter0 }}">
        {{ field.label }}
    </label>
    {{ field|css_class:'form-control input-lg' }}
@ -37,11 +42,9 @@
    {% endif %}
    {% endif %}
    {% for error in field.errors %}
-  <hr>
-  <div class="alert alert-danger alert-block">
-    <span class="pficon pficon-error-circle-o"></span>
-    <strong>{{ error }}</strong>
-  </div>
+    <span class="help-block">
+        {{ error }}
+    </span>
    {% endfor %}
 </div>
 {% endfor %}
--- a/passbook/core/templatetags/passbook_user_settings.py
+++ b/passbook/core/templatetags/passbook_user_settings.py
@ -3,6 +3,7 @@
 from django import template

 from passbook.core.models import Factor
+from passbook.core.policies import PolicyEngine

 register = template.Library()

@ -14,6 +15,8 @@ def user_factors(context):
    matching_factors = []
    for factor in _all_factors:
        _link = factor.has_user_settings()
-        if factor.passes(user) and _link:
+        policy_engine = PolicyEngine(factor.policies.all())
+        policy_engine.for_user(user).with_request(context.get('request')).build()
+        if policy_engine.result[0] and _link:
            matching_factors.append(_link)
    return matching_factors
--- a/passbook/core/tests/test_login.py
+++ b/passbook/core/tests/test_login.py
@ -1,10 +0,0 @@
-"""passbook core login test"""
-
-from django.test import TestCase
-
-
-class LoginTest(TestCase):
-    """Test login"""
-
-    def test(self):
-        """Stub test"""
--- a/passbook/core/tests/test_views_authentication.py
+++ b/passbook/core/tests/test_views_authentication.py
@ -0,0 +1,150 @@
+"""passbook Core Account Test"""
+import string
+from random import SystemRandom
+
+from django.test import TestCase
+from django.urls import reverse
+
+from passbook.core.forms.authentication import LoginForm, SignUpForm
+from passbook.core.models import User
+
+
+class TestAuthenticationViews(TestCase):
+    """passbook Core Account Test"""
+
+    def setUp(self):
+        super().setUp()
+        self.sign_up_data = {
+            'name': 'Test',
+            'username': 'beryjuorg',
+            'email': 'unittest@passbook.beryju.org',
+            'password': 'B3ryju0rg!',
+            'password_repeat': 'B3ryju0rg!',
+        }
+        self.login_data = {
+            'uid_field': 'unittest@example.com',
+        }
+        self.user = User.objects.create_superuser(
+            username='unittest user',
+            email='unittest@example.com',
+            password=''.join(SystemRandom().choice(
+                string.ascii_uppercase + string.digits) for _ in range(8)))
+
+
+    def test_sign_up_view(self):
+        """Test account.sign_up view (Anonymous)"""
+        self.client.logout()
+        response = self.client.get(reverse('passbook_core:auth-sign-up'))
+        self.assertEqual(response.status_code, 200)
+
+    def test_login_view(self):
+        """Test account.login view (Anonymous)"""
+        self.client.logout()
+        response = self.client.get(reverse('passbook_core:auth-login'))
+        self.assertEqual(response.status_code, 200)
+        # test login with post
+        form = LoginForm(self.login_data)
+        self.assertTrue(form.is_valid())
+
+        response = self.client.post(reverse('passbook_core:auth-login'), data=form.cleaned_data)
+        self.assertEqual(response.status_code, 302)
+
+    def test_logout_view(self):
+        """Test account.logout view"""
+        self.client.force_login(self.user)
+        response = self.client.get(reverse('passbook_core:auth-logout'))
+        self.assertEqual(response.status_code, 302)
+
+    def test_sign_up_view_auth(self):
+        """Test account.sign_up view (Authenticated)"""
+        self.client.force_login(self.user)
+        response = self.client.get(reverse('passbook_core:auth-logout'))
+        self.assertEqual(response.status_code, 302)
+
+    def test_login_view_auth(self):
+        """Test account.login view (Authenticated)"""
+        self.client.force_login(self.user)
+        response = self.client.get(reverse('passbook_core:auth-login'))
+        self.assertEqual(response.status_code, 302)
+
+    def test_login_view_post(self):
+        """Test account.login view POST (Anonymous)"""
+        login_response = self.client.post(reverse('passbook_core:auth-login'), data=self.login_data)
+        self.assertEqual(login_response.status_code, 302)
+        self.assertEqual(login_response.url, reverse('passbook_core:auth-process'))
+
+    def test_sign_up_view_post(self):
+        """Test account.sign_up view POST (Anonymous)"""
+        form = SignUpForm(self.sign_up_data)
+        self.assertTrue(form.is_valid())
+
+        response = self.client.post(reverse('passbook_core:auth-sign-up'), data=form.cleaned_data)
+        self.assertEqual(response.status_code, 302)
+
+    # def test_reset_password_init_view(self):
+    #     """Test account.reset_password_init view POST (Anonymous)"""
+    #     form = SignUpForm(self.sign_up_data)
+    #     self.assertTrue(form.is_valid())
+
+    #     res = test_request(accounts.SignUpView.as_view(),
+    #                        method='POST',
+    #                        req_kwargs=form.cleaned_data)
+    #     self.assertEqual(res.status_code, 302)
+
+    #     res = test_request(accounts.PasswordResetInitView.as_view())
+    #     self.assertEqual(res.status_code, 200)
+
+    # def test_resend_confirmation(self):
+    #     """Test AccountController.resend_confirmation"""
+    #     form = SignUpForm(self.sign_up_data)
+    #     self.assertTrue(form.is_valid())
+
+    #     res = test_request(accounts.SignUpView.as_view(),
+    #                        method='POST',
+    #                        req_kwargs=form.cleaned_data)
+    #     self.assertEqual(res.status_code, 302)
+    #     user = User.objects.get(email=self.sign_up_data['email'])
+    #     # Invalidate all other links for this user
+    #     old_acs = AccountConfirmation.objects.filter(
+    #         user=user)
+    #     for old_ac in old_acs:
+    #         old_ac.confirmed = True
+    #         old_ac.save()
+    #     # Create Account Confirmation UUID
+    #     new_ac = AccountConfirmation.objects.create(user=user)
+    #     self.assertFalse(new_ac.is_expired)
+    #     on_user_confirm_resend.send(
+    #         sender=None,
+    #         user=user,
+    #         request=None)
+
+    # def test_reset_passowrd(self):
+    #     """Test reset password POST"""
+    #     # Signup user first
+    #     sign_up_form = SignUpForm(self.sign_up_data)
+    #     self.assertTrue(sign_up_form.is_valid())
+
+    #     sign_up_res = test_request(accounts.SignUpView.as_view(),
+    #                               method='POST',
+    #                               req_kwargs=sign_up_form.cleaned_data)
+    #     self.assertEqual(sign_up_res.status_code, 302)
+
+    #     user = User.objects.get(email=self.sign_up_data['email'])
+    #     # Invalidate all other links for this user
+    #     old_acs = AccountConfirmation.objects.filter(
+    #         user=user)
+    #     for old_ac in old_acs:
+    #         old_ac.confirmed = True
+    #         old_ac.save()
+    #     # Create Account Confirmation UUID
+    #     new_ac = AccountConfirmation.objects.create(user=user)
+    #     self.assertFalse(new_ac.is_expired)
+    #     uuid = AccountConfirmation.objects.filter(user=user).first().pk
+    #     reset_res = test_request(accounts.PasswordResetFinishView.as_view(),
+    #                              method='POST',
+    #                              user=user,
+    #                              url_kwargs={'uuid': uuid},
+    #                              req_kwargs=self.change_data)
+
+    #     self.assertEqual(reset_res.status_code, 302)
+    #     self.assertEqual(reset_res.url, reverse('common-index'))
--- a/passbook/core/tests/test_views_overview.py
+++ b/passbook/core/tests/test_views_overview.py
@ -0,0 +1,25 @@
+"""passbook user view tests"""
+import string
+from random import SystemRandom
+
+from django.shortcuts import reverse
+from django.test import TestCase
+
+from passbook.core.models import User
+
+
+class TestOverviewViews(TestCase):
+    """Test Overview Views"""
+
+    def setUp(self):
+        super().setUp()
+        self.user = User.objects.create_superuser(
+            username='unittest user',
+            email='unittest@example.com',
+            password=''.join(SystemRandom().choice(
+                string.ascii_uppercase + string.digits) for _ in range(8)))
+        self.client.force_login(self.user)
+
+    def test_overview(self):
+        """Test UserSettingsView"""
+        self.assertEqual(self.client.get(reverse('passbook_core:overview')).status_code, 200)
--- a/passbook/core/tests/test_views_user.py
+++ b/passbook/core/tests/test_views_user.py
@ -0,0 +1,47 @@
+"""passbook user view tests"""
+import string
+from random import SystemRandom
+
+from django.shortcuts import reverse
+from django.test import TestCase
+
+from passbook.core.forms.users import PasswordChangeForm
+from passbook.core.models import User
+
+
+class TestUserViews(TestCase):
+    """Test User Views"""
+
+    def setUp(self):
+        super().setUp()
+        self.user = User.objects.create_superuser(
+            username='unittest user',
+            email='unittest@example.com',
+            password=''.join(SystemRandom().choice(
+                string.ascii_uppercase + string.digits) for _ in range(8)))
+        self.client.force_login(self.user)
+
+    def test_user_settings(self):
+        """Test UserSettingsView"""
+        self.assertEqual(self.client.get(reverse('passbook_core:user-settings')).status_code, 200)
+
+    def test_user_delete(self):
+        """Test UserDeleteView"""
+        self.assertEqual(self.client.post(reverse('passbook_core:user-delete')).status_code, 302)
+        self.assertEqual(User.objects.filter(username='unittest user').exists(), False)
+        self.setUp()
+
+    def test_user_change_password(self):
+        """Test UserChangePasswordView"""
+        form_data = {
+            'password': 'test2',
+            'password_repeat': 'test2'
+        }
+        form = PasswordChangeForm(data=form_data)
+        self.assertTrue(form.is_valid())
+        self.assertEqual(self.client.get(
+            reverse('passbook_core:user-change-password')).status_code, 200)
+        self.assertEqual(self.client.post(
+            reverse('passbook_core:user-change-password'), data=form_data).status_code, 302)
+        self.user.refresh_from_db()
+        self.assertTrue(self.user.check_password('test2'))
--- a/passbook/core/tests/test_views_utils.py
+++ b/passbook/core/tests/test_views_utils.py
@ -0,0 +1,25 @@
+"""passbook util view tests"""
+
+from django.test import RequestFactory, TestCase
+
+from passbook.core.views.utils import LoadingView, PermissionDeniedView
+
+
+class TestUtilViews(TestCase):
+    """Test Utility Views"""
+
+    def setUp(self):
+        self.factory = RequestFactory()
+
+    def test_loading_view(self):
+        """Test loading view"""
+        request = self.factory.get('something')
+        response = LoadingView.as_view(target_url='somestring')(request)
+        response.render()
+        self.assertIn('somestring', response.content.decode('utf-8'))
+
+    def test_permission_denied_view(self):
+        """Test PermissionDeniedView"""
+        request = self.factory.get('something')
+        response = PermissionDeniedView.as_view()(request)
+        self.assertEqual(response.status_code, 200)
--- a/passbook/core/urls.py
+++ b/passbook/core/urls.py
@ -19,13 +19,17 @@ core_urls = [
    path('auth/login/', authentication.LoginView.as_view(), name='auth-login'),
    path('auth/logout/', authentication.LogoutView.as_view(), name='auth-logout'),
    path('auth/sign_up/', authentication.SignUpView.as_view(), name='auth-sign-up'),
+    path('auth/sign_up/<uuid:nonce>/confirm/', authentication.SignUpConfirmView.as_view(),
+         name='auth-sign-up-confirm'),
    path('auth/process/denied/', view.FactorPermissionDeniedView.as_view(), name='auth-denied'),
+    path('auth/password/reset/<uuid:nonce>/', authentication.PasswordResetView.as_view(),
+         name='auth-password-reset'),
    path('auth/process/', view.AuthenticationView.as_view(), name='auth-process'),
    path('auth/process/<slug:factor>/', view.AuthenticationView.as_view(), name='auth-process'),
    # User views
-    path('user/', user.UserSettingsView.as_view(), name='user-settings'),
-    path('user/delete/', user.UserDeleteView.as_view(), name='user-delete'),
-    path('user/change_password/', user.UserChangePasswordView.as_view(),
+    path('_/user/', user.UserSettingsView.as_view(), name='user-settings'),
+    path('_/user/delete/', user.UserDeleteView.as_view(), name='user-delete'),
+    path('_/user/change_password/', user.UserChangePasswordView.as_view(),
         name='user-change-password'),
    # Overview
    path('', overview.OverviewView.as_view(), name='overview'),
--- a/passbook/core/views/access.py
+++ b/passbook/core/views/access.py
@ -1,7 +1,8 @@
 """passbook access helper classes"""
 from logging import getLogger

-from django.http import Http404
+from django.contrib import messages
+from django.utils.translation import gettext as _

 from passbook.core.models import Application

@ -11,14 +12,18 @@ class AccessMixin:
    """Mixin class for usage in Authorization views.
    Provider functions to check application access, etc"""

+    # request is set by view but since this Mixin has no base class
+    request = None
+
    def provider_to_application(self, provider):
        """Lookup application assigned to provider, throw error if no application assigned"""
        try:
            return provider.application
        except Application.DoesNotExist as exc:
-            # TODO: Log that no provider has no application assigned
-            LOGGER.warning('Provider "%s" has no application assigned...', provider)
-            raise Http404 from exc
+            messages.error(self.request, _('Provider "%(name)s" has no application assigned' % {
+                'name': provider
+                }))
+            raise exc

    def user_has_access(self, application, user):
        """Check if user has access to application."""
--- a/passbook/core/views/authentication.py
+++ b/passbook/core/views/authentication.py
@ -1,24 +1,28 @@
-"""Core views"""
+"""passbook core authentication views"""
 from logging import getLogger
 from typing import Dict

 from django.contrib import messages
-from django.contrib.auth import logout
+from django.contrib.auth import login, logout
 from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
+from django.forms.utils import ErrorList
 from django.http import HttpRequest, HttpResponse
-from django.shortcuts import redirect, reverse
+from django.shortcuts import get_object_or_404, redirect, reverse
 from django.utils.translation import ugettext as _
 from django.views import View
 from django.views.generic import FormView

-from passbook.core.auth.view import AuthenticationView
+from passbook.core.auth.view import AuthenticationView, _redirect_with_qs
+from passbook.core.exceptions import PasswordPolicyInvalid
 from passbook.core.forms.authentication import LoginForm, SignUpForm
-from passbook.core.models import Invitation, Source, User
+from passbook.core.models import Invitation, Nonce, Source, User
 from passbook.core.signals import invitation_used, user_signed_up
+from passbook.core.tasks import send_email
 from passbook.lib.config import CONFIG

 LOGGER = getLogger(__name__)

+
 class LoginView(UserPassesTestMixin, FormView):
    """Allow users to sign in"""

@ -52,6 +56,9 @@ class LoginView(UserPassesTestMixin, FormView):
    def get_user(self, uid_value) -> User:
        """Find user instance. Returns None if no user was found."""
        for search_field in CONFIG.y('passbook.uid_fields'):
+            # Workaround for E-Mail -> email
+            if search_field == 'e-mail':
+                search_field = 'email'
            users = User.objects.filter(**{search_field: uid_value})
            if users.exists():
                LOGGER.debug("Found user %s with uid_field %s", users.first(), search_field)
@ -66,13 +73,14 @@ class LoginView(UserPassesTestMixin, FormView):
            return self.invalid_login(self.request)
        self.request.session.flush()
        self.request.session[AuthenticationView.SESSION_PENDING_USER] = pre_user.pk
-        return redirect(reverse('passbook_core:auth-process'))
+        return _redirect_with_qs('passbook_core:auth-process', self.request.GET)

    def invalid_login(self, request: HttpRequest, disabled_user: User = None) -> HttpResponse:
        """Handle login for disabled users/invalid login attempts"""
        messages.error(request, _('Failed to authenticate.'))
        return self.render_to_response(self.get_context_data())

+
 class LogoutView(LoginRequiredMixin, View):
    """Log current user out"""

@ -135,7 +143,32 @@ class SignUpView(UserPassesTestMixin, FormView):

    def form_valid(self, form: SignUpForm) -> HttpResponse:
        """Create user"""
+        try:
            self._user = SignUpView.create_user(form.cleaned_data, self.request)
+        except PasswordPolicyInvalid as exc:
+            # Manually inject error into form
+            # pylint: disable=protected-access
+            errors = form._errors.setdefault("password", ErrorList())
+            for error in exc.messages:
+                errors.append(error)
+            return self.form_invalid(form)
+        needs_confirmation = True
+        if self._invitation and not self._invitation.needs_confirmation:
+            needs_confirmation = False
+        if needs_confirmation:
+            nonce = Nonce.objects.create(user=self._user)
+            LOGGER.debug(str(nonce.uuid))
+            # Send email to user
+            send_email.delay(self._user.email, _('Confirm your account.'),
+                             'email/account_confirm.html', {
+                                 'url': self.request.build_absolute_uri(
+                                     reverse('passbook_core:auth-sign-up-confirm', kwargs={
+                                         'nonce': nonce.uuid
+                                     })
+                                 )
+                             })
+            self._user.is_active = False
+            self._user.save()
        self.consume_invitation()
        messages.success(self.request, _("Successfully signed up!"))
        LOGGER.debug("Successfully signed up %s",
@ -164,16 +197,17 @@ class SignUpView(UserPassesTestMixin, FormView):
            The user created

        Raises:
-            SignalException: if any signals raise an exception. This also deletes the created user.
+            PasswordPolicyInvalid: if any policy are not fulfilled.
+                                   This also deletes the created user.
        """
        # Create user
-        new_user = User.objects.create_user(
+        new_user = User.objects.create(
            username=data.get('username'),
            email=data.get('email'),
-            first_name=data.get('first_name'),
-            last_name=data.get('last_name'),
+            name=data.get('name'),
        )
        new_user.is_active = True
+        try:
            new_user.set_password(data.get('password'))
            new_user.save()
            request.user = new_user
@ -182,8 +216,39 @@ class SignUpView(UserPassesTestMixin, FormView):
                sender=SignUpView,
                user=new_user,
                request=request)
-        # TODO: Implement Verification, via email or others
-        # if needs_confirmation:
-        #     Create Account Confirmation UUID
-        #     AccountConfirmation.objects.create(user=new_user)
            return new_user
+        except PasswordPolicyInvalid as exc:
+            new_user.delete()
+            raise exc
+
+
+class SignUpConfirmView(View):
+    """Confirm registration from Nonce"""
+
+    def get(self, request, nonce):
+        """Verify UUID and activate user"""
+        nonce = get_object_or_404(Nonce, uuid=nonce)
+        nonce.user.is_active = True
+        nonce.user.save()
+        # Workaround: hardcoded reference to ModelBackend, needs testing
+        nonce.user.backend = 'django.contrib.auth.backends.ModelBackend'
+        login(request, nonce.user)
+        nonce.delete()
+        messages.success(request, _('Successfully confirmed registration.'))
+        return redirect('passbook_core:overview')
+
+
+class PasswordResetView(View):
+    """Temporarily authenticate User and allow them to reset their password"""
+
+    def get(self, request, nonce):
+        """Authenticate user with nonce and redirect to password change view"""
+        # 3. (Optional) Trap user in password change view
+        nonce = get_object_or_404(Nonce, uuid=nonce)
+        # Workaround: hardcoded reference to ModelBackend, needs testing
+        nonce.user.backend = 'django.contrib.auth.backends.ModelBackend'
+        login(request, nonce.user)
+        nonce.delete()
+        messages.success(request, _(('Temporarily authenticated with Nonce, '
+                                     'please change your password')))
+        return redirect('passbook_core:user-change-password')
--- a/passbook/core/views/user.py
+++ b/passbook/core/views/user.py
@ -1,19 +1,27 @@
 """passbook core user views"""
 from django.contrib import messages
 from django.contrib.auth import logout, update_session_auth_hash
+from django.contrib.messages.views import SuccessMessageMixin
+from django.forms.utils import ErrorList
 from django.shortcuts import redirect, reverse
+from django.urls import reverse_lazy
 from django.utils.translation import gettext as _
 from django.views.generic import DeleteView, FormView, UpdateView

+from passbook.core.exceptions import PasswordPolicyInvalid
 from passbook.core.forms.users import PasswordChangeForm, UserDetailForm
 from passbook.lib.config import CONFIG


-class UserSettingsView(UpdateView):
+class UserSettingsView(SuccessMessageMixin, UpdateView):
    """Update User settings"""
+
    template_name = 'user/settings.html'
    form_class = UserDetailForm

+    success_message = _('Successfully updated user.')
+    success_url = reverse_lazy('passbook_core:user-settings')
+
    def get_object(self):
        return self.request.user

@ -37,10 +45,21 @@ class UserChangePasswordView(FormView):
    template_name = 'login/form_with_user.html'

    def form_valid(self, form: PasswordChangeForm):
+        try:
+            # user.set_password checks against Policies so we don't need to manually do it here
            self.request.user.set_password(form.cleaned_data.get('password'))
            self.request.user.save()
            update_session_auth_hash(self.request, self.request.user)
            messages.success(self.request, _('Successfully changed password'))
+        except PasswordPolicyInvalid as exc:
+            # Manually inject error into form
+            # pylint: disable=protected-access
+            errors = form._errors.setdefault("password_repeat", ErrorList(''))
+            # pylint: disable=protected-access
+            errors = form._errors.setdefault("password", ErrorList())
+            for error in exc.messages:
+                errors.append(error)
+            return self.form_invalid(form)
        return redirect('passbook_core:overview')

    def get_context_data(self, **kwargs):
--- a/passbook/core/wsgi.py
+++ b/passbook/core/wsgi.py
@ -10,7 +10,8 @@ https://docs.djangoproject.com/en/2.1/howto/deployment/wsgi/
 import os

 from django.core.wsgi import get_wsgi_application
+from raven.contrib.django.raven_compat.middleware.wsgi import Sentry

 os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'passbook.settings')

-application = get_wsgi_application()
+application = Sentry(get_wsgi_application())
--- a/passbook/hibp_policy/init.py
+++ b/passbook/hibp_policy/init.py
@ -1,2 +1,2 @@
 """passbook hibp_policy"""
-__version__ = '0.0.7-alpha'
+__version__ = '0.1.2-beta'
--- a/passbook/hibp_policy/migrations/0002_auto_20190225_1912.py
+++ b/passbook/hibp_policy/migrations/0002_auto_20190225_1912.py
@ -0,0 +1,17 @@
+# Generated by Django 2.1.7 on 2019-02-25 19:12
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('passbook_hibp_policy', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='haveibeenpwendpolicy',
+            options={'verbose_name': 'have i been pwned Policy', 'verbose_name_plural': 'have i been pwned Policies'},
+        ),
+    ]
--- a/passbook/hibp_policy/migrations/0003_auto_20190227_1505.py
+++ b/passbook/hibp_policy/migrations/0003_auto_20190227_1505.py
@ -0,0 +1,17 @@
+# Generated by Django 2.1.7 on 2019-02-27 15:05
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('passbook_hibp_policy', '0002_auto_20190225_1912'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='haveibeenpwendpolicy',
+            options={'verbose_name': 'Have I Been Pwned Policy', 'verbose_name_plural': 'Have I Been Pwned Policies'},
+        ),
+    ]
--- a/passbook/hibp_policy/models.py
+++ b/passbook/hibp_policy/models.py
@ -1,6 +1,6 @@
 """passbook HIBP Models"""
-
 from hashlib import sha1
+from logging import getLogger

 from django.db import models
 from django.utils.translation import gettext as _
@ -8,6 +8,7 @@ from requests import get

 from passbook.core.models import Policy, User

+LOGGER = getLogger(__name__)

 class HaveIBeenPwendPolicy(Policy):
    """Check if password is on HaveIBeenPwned's list by upload the first
@ -33,11 +34,12 @@ class HaveIBeenPwendPolicy(Policy):
            full_hash, count = line.split(':')
            if pw_hash[5:] == full_hash.lower():
                final_count = int(count)
+        LOGGER.debug("Got count %d for hash %s", final_count, pw_hash[:5])
        if final_count > self.allowed_count:
-            return False
+            return False, _("Password exists on %(count)d online lists." % {'count': final_count})
        return True

    class Meta:

-        verbose_name = _('have i been pwned Policy')
-        verbose_name_plural = _('have i been pwned Policies')
+        verbose_name = _('Have I Been Pwned Policy')
+        verbose_name_plural = _('Have I Been Pwned Policies')
--- a/passbook/ldap/init.py
+++ b/passbook/ldap/init.py
@ -1,2 +1,2 @@
 """Passbook ldap app Header"""
-__version__ = '0.0.8-alpha'
+__version__ = '0.1.2-beta'
--- a/passbook/ldap/forms.py
+++ b/passbook/ldap/forms.py
@ -39,7 +39,7 @@ class LDAPSourceForm(forms.ModelForm):
 #         (MODE_CREATE_USERS, _('Create Users'))
 #     )

-#     namespace = 'supervisr.mod.auth.ldap'
+#     namespace = 'passbook.ldap'
 #     settings = ['enabled', 'mode']

 #     widgets = {
@ -51,7 +51,7 @@ class LDAPSourceForm(forms.ModelForm):
 # class ConnectionSettings(SettingsForm):
 #     """Connection settings form"""

-#     namespace = 'supervisr.mod.auth.ldap'
+#     namespace = 'passbook.ldap'
 #     settings = ['server', 'server:tls', 'bind:user', 'bind:password', 'domain']

 #     attrs_map = {
@ -68,7 +68,7 @@ class LDAPSourceForm(forms.ModelForm):
 # class AuthenticationBackendSettings(SettingsForm):
 #     """Authentication backend settings"""

-#     namespace = 'supervisr.mod.auth.ldap'
+#     namespace = 'passbook.ldap'
 #     settings = ['base']

 #     attrs_map = {
@ -79,7 +79,7 @@ class LDAPSourceForm(forms.ModelForm):
 # class CreateUsersSettings(SettingsForm):
 #     """Create users settings"""

-#     namespace = 'supervisr.mod.auth.ldap'
+#     namespace = 'passbook.ldap'
 #     settings = ['create_base']

 #     attrs_map = {
--- a/passbook/ldap/ldap_connector.py
+++ b/passbook/ldap/ldap_connector.py
@ -129,7 +129,7 @@ class LDAPConnector:
        # Create the user data.
        field_map = {
            'username': '%(' + USERNAME_FIELD + ')s',
-            'first_name': '%(givenName)s %(sn)s',
+            'name': '%(givenName)s %(sn)s',
            'email': '%(mail)s',
        }
        user_fields = {}
@ -224,9 +224,9 @@ class LDAPConnector:
            'cn': str(username),
            'description': str('t=' + time()),
            'sAMAccountName': str(username_trunk),
-            'givenName': str(user.first_name),
+            'givenName': str(user.name),
            'displayName': str(user.username),
-            'name': str(user.first_name),
+            'name': str(user.name),
            'mail': str(user.email),
            'userPrincipalName': str(username + '@' + self._source.domain),
            'objectClass': ['top', 'person', 'organizationalPerson', 'user'],
--- a/passbook/ldap/models.py
+++ b/passbook/ldap/models.py
@ -57,7 +57,7 @@ class LDAPSource(Source):


 # class LDAPGroupMapping(UUIDModel, CreatedUpdatedModel):
-#     """Model to map an LDAP Group to a supervisr group"""
+#     """Model to map an LDAP Group to a passbook group"""

 #     ldap_dn = models.TextField()
 #     group = models.ForeignKey(Group, on_delete=models.CASCADE)
--- a/passbook/ldap/urls.py
+++ b/passbook/ldap/urls.py
@ -2,7 +2,7 @@

 # from django.conf.urls import url

-# from supervisr.mod.auth.ldap import views
+# from passbook.mod.auth.ldap import views

 # urlpatterns = [
 #     url(r'^settings/$', views.admin_settings, name='admin_settings'),
--- a/passbook/ldap/views.py
+++ b/passbook/ldap/views.py
@ -1,4 +1,4 @@
-# """Supervisr Mod LDAP Views"""
+# """passbook LDAP Views"""


 # from django.contrib import messages
@ -8,7 +8,7 @@
 # from django.urls import reverse
 # from django.utils.translation import ugettext as _

-# from supervisr.mod.auth.ldap.forms import (AuthenticationBackendSettings,
+# from passbook.ldap.forms import (AuthenticationBackendSettings,
 #                                            ConnectionSettings,
 #                                            CreateUsersSettings,
 #                                            GeneralSettingsForm)
@ -34,5 +34,5 @@
 #             if form.is_valid():
 #                 update_count += form.save()
 #         messages.success(request, _('Successfully updated %d settings.' % update_count))
-#         return redirect(reverse('supervisr_mod_auth_ldap:admin_settings'))
+#         return redirect(reverse('passbook_ldap:admin_settings'))
 #     return render(request, 'ldap/settings.html', render_data)
--- a/passbook/lib/init.py
+++ b/passbook/lib/init.py
@ -1,2 +1,2 @@
 """passbook lib"""
-__version__ = '0.0.8-alpha'
+__version__ = '0.1.2-beta'
--- a/passbook/lib/default.yml
+++ b/passbook/lib/default.yml
@ -77,10 +77,9 @@ ldap:
    email: mail # or userPrincipalName
  user_attribute_map:
    active_directory:
-      sAMAccountName: username
-      mail: email
-      given_name: first_name
-      name: last_name
+      username: "%(sAMAccountName)s"
+      email: "%(mail)s"
+      name: "%(displayName)"
 oauth_client:
  # List of python packages with sources types to load.
  types:
--- a/passbook/lib/templatetags/inline.py
+++ b/passbook/lib/templatetags/inline.py
@ -0,0 +1,20 @@
+"""passbook core inlining template tags"""
+import os
+
+from django import template
+from django.conf import settings
+
+register = template.Library()
+
+
+@register.simple_tag()
+def inline_static(path):
+    """Inline static asset. If file is binary, return b64 representation"""
+    prefix = 'data:image/svg+xml;utf8,'
+    data = ''
+    full_path = settings.STATIC_ROOT + '/' + path
+    if os.path.exists(full_path):
+        if full_path.endswith('.svg'):
+            with open(full_path) as _file:
+                data = _file.read()
+    return prefix + data
--- a/passbook/lib/templatetags/utils.py
+++ b/passbook/lib/templatetags/utils.py
@ -207,3 +207,19 @@ def gravatar(email, size=None, rating=None):
        gravatar_url += '?' + urlencode(parameters, doseq=True)

    return escape(gravatar_url)
+
+
+@register.filter
+def verbose_name(obj):
+    """Return Object's Verbose Name"""
+    if not obj:
+        return ''
+    return obj._meta.verbose_name
+
+
+@register.filter
+def form_verbose_name(obj):
+    """Return ModelForm's Object's Verbose Name"""
+    if not obj:
+        return ''
+    return obj._meta.model._meta.verbose_name
--- a/passbook/lib/utils/ui.py
+++ b/passbook/lib/utils/ui.py
@ -0,0 +1,7 @@
+"""passbook UI utils"""
+
+def human_list(_list) -> str:
+    """Convert a list of items into 'a, b or c'"""
+    last_item = _list.pop()
+    result = ', '.join(_list)
+    return '%s or %s' % (result, last_item)
--- a/passbook/oauth_client/init.py
+++ b/passbook/oauth_client/init.py
@ -1,2 +1,2 @@
 """passbook oauth_client Header"""
-__version__ = '0.0.8-alpha'
+__version__ = '0.1.2-beta'
--- a/passbook/oauth_client/source_types/discord.py
+++ b/passbook/oauth_client/source_types/discord.py
@ -2,7 +2,6 @@
 import json
 from logging import getLogger

-from django.contrib.auth import get_user_model
 from requests.exceptions import RequestException

 from passbook.oauth_client.clients import OAuth2Client
@ -50,12 +49,11 @@ class DiscordOAuth2Callback(OAuthCallback):
    client_class = DiscordOAuth2Client

    def get_or_create_user(self, source, access, info):
-        user = get_user_model()
        user_data = {
-            user.USERNAME_FIELD: info.get('username'),
+            'username': info.get('username'),
            'email': info.get('email', 'None'),
-            'first_name': info.get('username'),
+            'name': info.get('username'),
            'password': None,
        }
-        discord_user = user_get_or_create(user_model=user, **user_data)
+        discord_user = user_get_or_create(**user_data)
        return discord_user
--- a/passbook/oauth_client/source_types/facebook.py
+++ b/passbook/oauth_client/source_types/facebook.py
@ -1,7 +1,5 @@
 """Facebook OAuth Views"""

-from django.contrib.auth import get_user_model
-
 from passbook.oauth_client.source_types.manager import MANAGER, RequestKind
 from passbook.oauth_client.utils import user_get_or_create
 from passbook.oauth_client.views.core import OAuthCallback, OAuthRedirect
@ -22,12 +20,11 @@ class FacebookOAuth2Callback(OAuthCallback):
    """Facebook OAuth2 Callback"""

    def get_or_create_user(self, source, access, info):
-        user = get_user_model()
        user_data = {
-            user.USERNAME_FIELD: info.get('name'),
+            'username': info.get('name'),
            'email': info.get('email', ''),
-            'first_name': info.get('name'),
+            'name': info.get('name'),
            'password': None,
        }
-        fb_user = user_get_or_create(user_model=user, **user_data)
+        fb_user = user_get_or_create(**user_data)
        return fb_user
--- a/passbook/oauth_client/source_types/github.py
+++ b/passbook/oauth_client/source_types/github.py
@ -1,7 +1,5 @@
 """GitHub OAuth Views"""

-from django.contrib.auth import get_user_model
-
 from passbook.oauth_client.source_types.manager import MANAGER, RequestKind
 from passbook.oauth_client.utils import user_get_or_create
 from passbook.oauth_client.views.core import OAuthCallback
@ -12,12 +10,11 @@ class GitHubOAuth2Callback(OAuthCallback):
    """GitHub OAuth2 Callback"""

    def get_or_create_user(self, source, access, info):
-        user = get_user_model()
        user_data = {
-            user.USERNAME_FIELD: info.get('login'),
+            'username': info.get('login'),
            'email': info.get('email', ''),
-            'first_name': info.get('name'),
+            'name': info.get('name'),
            'password': None,
        }
-        gh_user = user_get_or_create(user_model=user, **user_data)
+        gh_user = user_get_or_create(**user_data)
        return gh_user
--- a/passbook/oauth_client/source_types/google.py
+++ b/passbook/oauth_client/source_types/google.py
@ -1,6 +1,4 @@
 """Google OAuth Views"""
-from django.contrib.auth import get_user_model
-
 from passbook.oauth_client.source_types.manager import MANAGER, RequestKind
 from passbook.oauth_client.utils import user_get_or_create
 from passbook.oauth_client.views.core import OAuthCallback, OAuthRedirect
@ -21,12 +19,11 @@ class GoogleOAuth2Callback(OAuthCallback):
    """Google OAuth2 Callback"""

    def get_or_create_user(self, source, access, info):
-        user = get_user_model()
        user_data = {
-            user.USERNAME_FIELD: info.get('email'),
+            'username': info.get('email'),
            'email': info.get('email', ''),
-            'first_name': info.get('name'),
+            'name': info.get('name'),
            'password': None,
        }
-        google_user = user_get_or_create(user_model=user, **user_data)
+        google_user = user_get_or_create(**user_data)
        return google_user
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Jens Langhammer	4439378fd4	bump version: 0.1.1-beta -> 0.1.2-beta	2019-03-07 14:14:51 +01:00
Jens Langhammer	acf65eafdd	make naming of Providers more consistent	2019-03-07 14:14:49 +01:00
Jens Langhammer	c2ebff55ef	fix IDP-initiated login not working	2019-03-07 14:10:06 +01:00
Jens Langhammer	99c82676b6	Add some more failsafe for administration	2019-03-07 14:09:52 +01:00
Jens Langhammer	4991e9b825	Merge branch '1-suspicious-request' into 'master' fix broken E-Mail templatetag Closes #1 See merge request BeryJu.org/passbook!5	2019-03-03 20:18:23 +00:00
Jens Langhammer	612f95c3ba	fix broken E-Mail templatetag	2019-03-03 21:05:17 +01:00
Jens Langhammer	cd91d5ca15	Merge branch '1-suspicious-request' into 'master' Resolve "Suspicious request detector (many invalid logins from one IP, many attempts on one username, etc)" Closes #1 See merge request BeryJu.org/passbook!3	2019-03-03 20:04:56 +00:00
Jens Langhammer	cbbbb5dc08	Merge branch '20-sentry' into 'master' Resolve "Sentry Error Tracking" Closes #20 See merge request BeryJu.org/passbook!4	2019-03-03 19:58:18 +00:00
Jens Langhammer	c1640b9411	fix prospector/isort errors	2019-03-03 20:54:23 +01:00
Jens Langhammer	a4842c1f95	add sentry configuration	2019-03-03 20:48:31 +01:00
Jens Langhammer	a4707ddc54	fix failing unittests	2019-03-03 20:34:00 +01:00
Jens Langhammer	fb82d56307	create suspicious request detector and policy, add request to policy engine	2019-03-03 20:26:25 +01:00
Jens Langhammer	1a1005f80d	remove audit's LoginAttempt	2019-03-03 20:13:54 +01:00
Jens Langhammer	e86cae6cac	Merge branch '18-password-expiry' into 'master' Resolve "Password Expiry" Closes #18 See merge request BeryJu.org/passbook!2	2019-03-03 16:53:31 +00:00
Jens Langhammer	0b282f45e0	fix pylint messages	2019-03-03 17:45:20 +01:00
Jens Langhammer	791e88ffc1	Fix negate on FieldMatcherPolicy	2019-03-03 17:21:58 +01:00
Jens Langhammer	7bd3c4bccf	Better handle Policy.action and Policy.negate	2019-03-03 17:12:53 +01:00
Jens Langhammer	722e2e4050	Show warning when un-attached policies exist	2019-03-03 17:12:35 +01:00
Jens Langhammer	c7fc444c95	add password policy	2019-03-03 17:12:05 +01:00
Jens Langhammer	20ad062814	Log SAML Authorization actions	2019-03-03 00:34:34 +01:00
Jens Langhammer	fcb5d36e07	cleanup SAML urls	2019-03-03 00:07:40 +01:00
Jens Langhammer	9b131b619f	Show warning message when no Factor exists	2019-03-02 23:54:40 +01:00
Jens Langhammer	54427f7c68	use HTML5 autocomplete values to better handle password managers	2019-03-02 23:19:58 +01:00
Jens Langhammer	35eef9c28d	improve worker warning	2019-03-02 22:41:25 +01:00
Jens Langhammer	e88a82553d	use separate Form for Admin user editing (allow is_staff and is_active)	2019-03-02 22:41:14 +01:00
Jens Langhammer	01a9520140	add import_users script to import users from CSV with already hashed passwords	2019-03-02 22:40:47 +01:00
Jens Langhammer	46667615c3	switch releases to beta	2019-02-27 17:47:41 +01:00
Jens Langhammer	c6721a83a4	bump version: 0.1.1-alpha -> 0.1.1-beta	2019-02-27 17:45:10 +01:00
Jens Langhammer	46866e8ef0	bump version: 0.1.0-beta -> 0.1.1-alpha	2019-02-27 17:43:28 +01:00
Jens Langhammer	4a49681127	Fix docker build failing	2019-02-27 17:43:24 +01:00
Jens Langhammer	4c3fced4e9	bump version: 0.1.0-alpha -> 0.1.0-beta	2019-02-27 16:45:52 +01:00
Jens Langhammer	172347d90f	bump version: 0.0.13-alpha -> 0.1.0-alpha	2019-02-27 16:42:52 +01:00
Jens Langhammer	f54520b5cf	bump version: 0.0.12-alpha -> 0.0.13-alpha	2019-02-27 16:06:28 +01:00
Jens Langhammer	d7c4697625	Only use one create template, get title from Form's Model	2019-02-27 16:06:20 +01:00
Jens Langhammer	5584f5bda8	switch to PolicyEngine everywhere	2019-02-27 15:49:20 +01:00
Jens Langhammer	2ce6f5a714	improve error display on forms	2019-02-27 15:49:05 +01:00
Jens Langhammer	c66945623a	Improve admin interface more (back links, better headlines)	2019-02-27 15:48:33 +01:00
Jens Langhammer	cbae05c74c	show more useful information on admin overview	2019-02-27 15:45:42 +01:00
Jens Langhammer	5b771da972	switch from first_name and last_name to name	2019-02-27 15:09:05 +01:00
Jens Langhammer	2db1738e4a	make Admin UI more consistent, better show when provider has no application assigned	2019-02-27 14:47:11 +01:00
Jens Langhammer	95de6a14fd	bump version: 0.0.11-alpha -> 0.0.12-alpha	2019-02-27 13:18:28 +01:00
Jens Langhammer	17132ebc19	Verify OAuth Username vuln and fix closes #9	2019-02-27 13:18:16 +01:00
Jens Langhammer	289be46388	fix SAML Views not having LoginRequiredMixin	2019-02-27 12:36:18 +01:00
Jens Langhammer	6c300b7b31	autofocus password field	2019-02-27 12:35:57 +01:00
Jens Langhammer	b726583084	Keep GET parameters throughout entire login process	2019-02-27 12:35:48 +01:00
Jens Langhammer	48055d1cfd	fix CSRF Bug in SAML	2019-02-27 11:20:52 +01:00
Jens Langhammer	436070f5bd	fix redis connection issues in k8s	2019-02-27 09:59:01 +01:00
Jens Langhammer	3ee79818db	explicit version in helm values	2019-02-27 09:33:26 +01:00
Jens Langhammer	e7a02104db	fix display on mobile	2019-02-27 09:33:12 +01:00
Jens Langhammer	556740d7bc	add PasswordPolicyForm back in	2019-02-26 15:41:11 +01:00
Jens Langhammer	421f51770c	implement password policy checking on signup and password change closes #8	2019-02-26 15:40:58 +01:00
Jens Langhammer	96f7e70f9e	enable always_eager when unittesting	2019-02-26 14:24:50 +01:00
Jens Langhammer	ad96f7dbb8	add E-Mail support via celery task, untested, closes #17	2019-02-26 14:10:53 +01:00
Jens Langhammer	e7fb48eba2	bump version: 0.0.10-alpha -> 0.0.11-alpha	2019-02-26 13:06:26 +01:00
Jens Langhammer	b19b5b644d	remove hardcoded passwords	2019-02-26 13:06:22 +01:00
Jens Langhammer	250b6691d4	bump version: 0.0.9-alpha -> 0.0.10-alpha	2019-02-26 12:44:02 +01:00
Jens Langhammer	e3b02a6e78	fix isort/pylint issues	2019-02-26 12:43:59 +01:00
Jens Langhammer	e94ef34d8f	bump version: 0.0.8-alpha -> 0.0.9-alpha	2019-02-26 12:35:28 +01:00
Jens Langhammer	49e945307a	Re-enable OTP Disable View	2019-02-26 12:35:24 +01:00
Jens Langhammer	edfe0e5450	fix broken Docker build and helm package	2019-02-26 12:34:51 +01:00
Jens Langhammer	06b65a7882	add unittests, woo	2019-02-26 10:57:05 +01:00
Jens Langhammer	ff9bc8aa70	Automatically create PasswordFactor on initial setup closes #16	2019-02-26 09:54:51 +01:00
Jens Langhammer	28da67abe6	Improve partially broken Delete Views, show success message on deletion	2019-02-26 09:49:42 +01:00
Jens Langhammer	39d9fe9bf0	add passbook.pretend to use passbook in applications which don't support generic OAuth	2019-02-26 09:10:37 +01:00
Jens Langhammer	750117b0fd	Cleanup templates, handle OAuth Provider without application better	2019-02-26 09:09:19 +01:00
Jens Langhammer	983462f80d	user/ -> _/user/ to prevent duplicate URLs	2019-02-26 09:08:49 +01:00
Jens Langhammer	4ae31d409b	directly use paths instead of including oauth2_provider's	2019-02-26 09:08:22 +01:00
Jens Langhammer	98b414f3e2	add SignUp Confirmation (required by default, can be disabled in invitations) closes #6	2019-02-25 21:03:24 +01:00
Jens Langhammer	a0d42092e3	add Nonce (one-time links), add password reset function (missing e-mail verification), closes #7	2019-02-25 20:46:23 +01:00
Jens Langhammer	f2569b6424	improve placeholder on login template	2019-02-25 19:43:33 +01:00
Jens Langhammer	9d344d887c	add more information to administrator Overview	2019-02-25 17:52:51 +01:00