bump version: 0.1.19-beta -> 0.1.20-beta

prepare 0.1.20
add user settings for Sources
2019-03-13 16:51:43 +01:00 · 2019-03-13 16:51:38 +01:00 · 2019-03-13 16:49:30 +01:00 · 2019-03-13 15:52:05 +01:00 · 2019-03-13 15:16:48 +01:00 · 2019-03-13 15:14:36 +01:00
139 changed files with 2575 additions and 657 deletions
--- a/.bumpversion.cfg
+++ b/.bumpversion.cfg
@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.1.4-beta
+current_version = 0.1.20-beta
 tag = True
 commit = True
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-(?P<release>.*)
@ -15,6 +15,10 @@ values =
 	beta
 	stable
 [bumpversion:file:client-packages/allauth/setup.py]
 [bumpversion:file:client-packages/sentry-auth-passbook/setup.py]
 [bumpversion:file:helm/passbook/values.yaml]
 [bumpversion:file:helm/passbook/Chart.yaml]
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -8,6 +8,7 @@ stages:
    - test
    - build
    - docs
    - deploy
 image: python:3.6
 services:
    - postgres:latest
@ -15,10 +16,10 @@ services:
 variables:
    POSTGRES_DB: passbook
    POSTGRES_USER: passbook
-  POSTGRES_PASSWORD: 'EK-5jnKfjrGRm<77'
+    POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77"
 include:
-  - /allauth/.gitlab-ci.yml
+    - /client-packages/allauth/.gitlab-ci.yml
 isort:
    script:
@ -53,7 +54,7 @@ package-docker:
    before_script:
        - echo "{\"auths\":{\"docker.$NEXUS_URL\":{\"auth\":\"$NEXUS_AUTH\"}}}" > /kaniko/.docker/config.json
    script:
-    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination docker.pkg.beryju.org/passbook:latest --destination docker.pkg.beryju.org/passbook:0.1.4-beta
+        - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination docker.pkg.beryju.org/passbook:latest --destination docker.pkg.beryju.org/passbook:0.1.20-beta
    stage: build
    only:
        - tags
@ -71,14 +72,14 @@ package-helm:
 package-debian:
    before_script:
        - apt update
-    - apt install -y --no-install-recommends build-essential debhelper devscripts equivs python3 python3-dev python3-venv python3-pip libsasl2-dev libldap2-dev
+        - apt install -y --no-install-recommends build-essential debhelper devscripts equivs python3 python3-dev python3-pip libsasl2-dev libldap2-dev
        - mk-build-deps debian/control
        - apt install ./*build-deps*deb -f -y
        - python3 -m pip install -U virtualenv pip
-    - python3 -m venv env
+        - virtualenv env
        - source env/bin/activate
-    - pip install -U -r requirements-dev.txt
+        - pip3 install -U -r requirements.txt -r requirements-dev.txt
-    - pip install --no-binary psycopg2 psycopg2
+        - ./manage.py collectstatic --no-input
    image: ubuntu:18.04
    script:
        - debuild -us -uc
@ -93,6 +94,32 @@ package-debian:
        - tags
        - /^version/.*$/
 package-client-package-allauth:
    script:
        - cd client-packages/allauth
        - python setup.py sdist
        - twine upload --username $TWINE_USERNAME --password $TWINE_PASSWORD dist/*
    stage: build
    only:
        refs:
            - tags
            - /^version/.*$/
        changes:
            - client-packages/allauth/**
 package-client-package-sentry:
    script:
        - cd client-packages/sentry-auth-passbook
        - python setup.py sdist
        - twine upload --username $TWINE_USERNAME --password $TWINE_PASSWORD dist/*
    stage: build
    only:
        refs:
            - tags
            - /^version/.*$/
        changes:
            - client-packages/sentry-auth-passbook/**
 # docs:
 #   stage: docs
 #   only:
@ -113,3 +140,16 @@ package-debian:
 #     - mkdocs build
 #     - 'rsync -avh --delete web/* "beryjuorg@ory1-web-prod-1.ory1.beryju.org:passbook.beryju.org/"'
 #     - 'rsync -avh --delete site/* "beryjuorg@ory1-web-prod-1.ory1.beryju.org:passbook.beryju.org/docs/"'
 # deploy:
 #   environment:
 #     name: production
 #     url: https://passbook-prod.default.k8s.beryju.org/
 #   stage: deploy
 #   only:
 #   - tags
 #   - /^version/.*$/
 #   script:
 #     - curl https://raw.githubusercontent.com/helm/helm/master/scripts/get | bash
 #     - helm init
 #     - helm upgrade passbook-prod helm/passbook --devel
--- a/.prospector.yaml
+++ b/.prospector.yaml
@ -7,6 +7,7 @@ ignore-paths:
  - migrations
  - docs
  - node_modules
  - client-packages
 uses:
 - django
--- a/client-packages/allauth/.gitlab-ci.yml
+++ b/client-packages/allauth/.gitlab-ci.yml
--- a/client-packages/allauth/allauth_passbook/init.py
+++ b/client-packages/allauth/allauth_passbook/init.py
--- a/client-packages/allauth/allauth_passbook/provider.py
+++ b/client-packages/allauth/allauth_passbook/provider.py
--- a/client-packages/allauth/allauth_passbook/urls.py
+++ b/client-packages/allauth/allauth_passbook/urls.py
@ -1,5 +1,6 @@
 """passbook provider"""
 from allauth.socialaccount.providers.oauth2.urls import default_urlpatterns
 from allauth_passbook.provider import PassbookProvider
 urlpatterns = default_urlpatterns(PassbookProvider)
--- a/client-packages/allauth/allauth_passbook/views.py
+++ b/client-packages/allauth/allauth_passbook/views.py
@ -1,10 +1,10 @@
 """passbook adapter"""
 import requests
 from allauth.socialaccount import app_settings
 from allauth.socialaccount.providers.oauth2.views import (OAuth2Adapter,
                                                          OAuth2CallbackView,
                                                          OAuth2LoginView)
 from allauth_passbook.provider import PassbookProvider
--- a/client-packages/allauth/requirements.txt
+++ b/client-packages/allauth/requirements.txt
--- a/client-packages/allauth/setup.py
+++ b/client-packages/allauth/setup.py
@ -3,7 +3,7 @@ from setuptools import setup
 setup(
    name='django-allauth-passbook',
-    version='1.0.0',
+    version='0.1.20-beta',
    description='passbook support for django-allauth',
    # long_description='\n'.join(read_simple('docs/index.md')[2:]),
    long_description_content_type='text/markdown',
--- a/client-packages/sentry-auth-passbook/.gitignore
+++ b/client-packages/sentry-auth-passbook/.gitignore
@ -0,0 +1,5 @@
 *.pyc
 *.egg-info/
 *.eggs
 /dist
 /build
--- a/client-packages/sentry-auth-passbook/.travis.yml
+++ b/client-packages/sentry-auth-passbook/.travis.yml
@ -0,0 +1,32 @@
 sudo: false
 language: python
 services:
  - memcached
  - postgresql
  - redis-server
 python:
  - '2.7'
 cache:
  directories:
    - node_modules
    - "$HOME/.cache/pip"
 deploy:
  provider: pypi
  user: getsentry
  password:
    secure: kVmxKHkBWRLYyZme05p+WZSJmb8GjHV9uyuaSCVMRlqWCW+GXRB7P1xXR2jb9URTlNdcs56Ab/UrwzCbMFGC8LmwCeFVgIR/ltytVZG2FgXZPWaeA4dH25qK2oGWgzJ/xeiMpmuJqN9hRl25MX6jG7FZKvrrOkG7+8tpPd1yO+uYWZQbnebZMjcPBqEpn7CC0hR39GSoyVAbydpMe5hwENGQM26CepcicdrelfawItoUrXrkJzBHkIQQTO/xRSbCtRJOtzI5lwtv3GP0hcbOy5tI5dhG/93pLwZRc5+dZaCaP7oaVeOcBjN0zfINRQobt8d6h2Qgvd/YyFkGi0/xKn1zMmKIVLOG6VsYwEAUq8wNOsP4A/jdm4Y0J/1oEZStCkpaGpx85TYi4kq1hWQdyqaVJSPhh4Tk4roIaS2zOYQl+nIpbHqmJ4FJrg1il+TCdjBXobATQ1mKRBUrjD+RDzH/r4ogbd8+UwvvvevpqS2K+/wgT6UD0MzDInv9S29CUQvuFhPoqyJb5XRddHMRE9EEK/2Z8tFN91sDATnqfXHgwnvu00q/nKP5JnijBPzGmx7ydgUViIukklDrlPvo9BbRJz0Vr2vbAvMTrLMLCXqi5CwTm+v+iaOf/YaCziaG2vx0eVASYjpOLCedSgRZBubPM8z4E/HMXhChN7sVDWk=
  on:
    tags: true
  distributions: sdist bdist_wheel
 env:
  global:
    - PIP_DOWNLOAD_CACHE=".pip_download_cache"
 before_install:
  - pip install codecov
 install:
  - make develop
 script:
  - PYFLAKES_NODOCTEST=1 flake8
  - coverage run --source=. -m py.test tests
 after_success:
  - codecov
--- a/client-packages/sentry-auth-passbook/LICENSE
+++ b/client-packages/sentry-auth-passbook/LICENSE
@ -0,0 +1,201 @@
                              Apache License
                        Version 2.0, January 2004
                     http://www.apache.org/licenses/
 TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
 1. Definitions.
   "License" shall mean the terms and conditions for use, reproduction,
   and distribution as defined by Sections 1 through 9 of this document.
   "Licensor" shall mean the copyright owner or entity authorized by
   the copyright owner that is granting the License.
   "Legal Entity" shall mean the union of the acting entity and all
   other entities that control, are controlled by, or are under common
   control with that entity. For the purposes of this definition,
   "control" means (i) the power, direct or indirect, to cause the
   direction or management of such entity, whether by contract or
   otherwise, or (ii) ownership of fifty percent (50%) or more of the
   outstanding shares, or (iii) beneficial ownership of such entity.
   "You" (or "Your") shall mean an individual or Legal Entity
   exercising permissions granted by this License.
   "Source" form shall mean the preferred form for making modifications,
   including but not limited to software source code, documentation
   source, and configuration files.
   "Object" form shall mean any form resulting from mechanical
   transformation or translation of a Source form, including but
   not limited to compiled object code, generated documentation,
   and conversions to other media types.
   "Work" shall mean the work of authorship, whether in Source or
   Object form, made available under the License, as indicated by a
   copyright notice that is included in or attached to the work
   (an example is provided in the Appendix below).
   "Derivative Works" shall mean any work, whether in Source or Object
   form, that is based on (or derived from) the Work and for which the
   editorial revisions, annotations, elaborations, or other modifications
   represent, as a whole, an original work of authorship. For the purposes
   of this License, Derivative Works shall not include works that remain
   separable from, or merely link (or bind by name) to the interfaces of,
   the Work and Derivative Works thereof.
   "Contribution" shall mean any work of authorship, including
   the original version of the Work and any modifications or additions
   to that Work or Derivative Works thereof, that is intentionally
   submitted to Licensor for inclusion in the Work by the copyright owner
   or by an individual or Legal Entity authorized to submit on behalf of
   the copyright owner. For the purposes of this definition, "submitted"
   means any form of electronic, verbal, or written communication sent
   to the Licensor or its representatives, including but not limited to
   communication on electronic mailing lists, source code control systems,
   and issue tracking systems that are managed by, or on behalf of, the
   Licensor for the purpose of discussing and improving the Work, but
   excluding communication that is conspicuously marked or otherwise
   designated in writing by the copyright owner as "Not a Contribution."
   "Contributor" shall mean Licensor and any individual or Legal Entity
   on behalf of whom a Contribution has been received by Licensor and
   subsequently incorporated within the Work.
 2. Grant of Copyright License. Subject to the terms and conditions of
   this License, each Contributor hereby grants to You a perpetual,
   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
   copyright license to reproduce, prepare Derivative Works of,
   publicly display, publicly perform, sublicense, and distribute the
   Work and such Derivative Works in Source or Object form.
 3. Grant of Patent License. Subject to the terms and conditions of
   this License, each Contributor hereby grants to You a perpetual,
   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
   (except as stated in this section) patent license to make, have made,
   use, offer to sell, sell, import, and otherwise transfer the Work,
   where such license applies only to those patent claims licensable
   by such Contributor that are necessarily infringed by their
   Contribution(s) alone or by combination of their Contribution(s)
   with the Work to which such Contribution(s) was submitted. If You
   institute patent litigation against any entity (including a
   cross-claim or counterclaim in a lawsuit) alleging that the Work
   or a Contribution incorporated within the Work constitutes direct
   or contributory patent infringement, then any patent licenses
   granted to You under this License for that Work shall terminate
   as of the date such litigation is filed.
 4. Redistribution. You may reproduce and distribute copies of the
   Work or Derivative Works thereof in any medium, with or without
   modifications, and in Source or Object form, provided that You
   meet the following conditions:
   (a) You must give any other recipients of the Work or
       Derivative Works a copy of this License; and
   (b) You must cause any modified files to carry prominent notices
       stating that You changed the files; and
   (c) You must retain, in the Source form of any Derivative Works
       that You distribute, all copyright, patent, trademark, and
       attribution notices from the Source form of the Work,
       excluding those notices that do not pertain to any part of
       the Derivative Works; and
   (d) If the Work includes a "NOTICE" text file as part of its
       distribution, then any Derivative Works that You distribute must
       include a readable copy of the attribution notices contained
       within such NOTICE file, excluding those notices that do not
       pertain to any part of the Derivative Works, in at least one
       of the following places: within a NOTICE text file distributed
       as part of the Derivative Works; within the Source form or
       documentation, if provided along with the Derivative Works; or,
       within a display generated by the Derivative Works, if and
       wherever such third-party notices normally appear. The contents
       of the NOTICE file are for informational purposes only and
       do not modify the License. You may add Your own attribution
       notices within Derivative Works that You distribute, alongside
       or as an addendum to the NOTICE text from the Work, provided
       that such additional attribution notices cannot be construed
       as modifying the License.
   You may add Your own copyright statement to Your modifications and
   may provide additional or different license terms and conditions
   for use, reproduction, or distribution of Your modifications, or
   for any such Derivative Works as a whole, provided Your use,
   reproduction, and distribution of the Work otherwise complies with
   the conditions stated in this License.
 5. Submission of Contributions. Unless You explicitly state otherwise,
   any Contribution intentionally submitted for inclusion in the Work
   by You to the Licensor shall be under the terms and conditions of
   this License, without any additional terms or conditions.
   Notwithstanding the above, nothing herein shall supersede or modify
   the terms of any separate license agreement you may have executed
   with Licensor regarding such Contributions.
 6. Trademarks. This License does not grant permission to use the trade
   names, trademarks, service marks, or product names of the Licensor,
   except as required for reasonable and customary use in describing the
   origin of the Work and reproducing the content of the NOTICE file.
 7. Disclaimer of Warranty. Unless required by applicable law or
   agreed to in writing, Licensor provides the Work (and each
   Contributor provides its Contributions) on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
   implied, including, without limitation, any warranties or conditions
   of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
   PARTICULAR PURPOSE. You are solely responsible for determining the
   appropriateness of using or redistributing the Work and assume any
   risks associated with Your exercise of permissions under this License.
 8. Limitation of Liability. In no event and under no legal theory,
   whether in tort (including negligence), contract, or otherwise,
   unless required by applicable law (such as deliberate and grossly
   negligent acts) or agreed to in writing, shall any Contributor be
   liable to You for damages, including any direct, indirect, special,
   incidental, or consequential damages of any character arising as a
   result of this License or out of the use or inability to use the
   Work (including but not limited to damages for loss of goodwill,
   work stoppage, computer failure or malfunction, or any and all
   other commercial damages or losses), even if such Contributor
   has been advised of the possibility of such damages.
 9. Accepting Warranty or Additional Liability. While redistributing
   the Work or Derivative Works thereof, You may choose to offer,
   and charge a fee for, acceptance of support, warranty, indemnity,
   or other liability obligations and/or rights consistent with this
   License. However, in accepting such obligations, You may act only
   on Your own behalf and on Your sole responsibility, not on behalf
   of any other Contributor, and only if You agree to indemnify,
   defend, and hold each Contributor harmless for any liability
   incurred by, or claims asserted against, such Contributor by reason
   of your accepting any such warranty or additional liability.
 END OF TERMS AND CONDITIONS
 APPENDIX: How to apply the Apache License to your work.
   To apply the Apache License to your work, attach the following
   boilerplate notice, with the fields enclosed by brackets "[]"
   replaced with your own identifying information. (Don't include
   the brackets!)  The text should be enclosed in the appropriate
   comment syntax for the file format. We also recommend that a
   file or class name and description of purpose be included on the
   same "printed page" as the copyright notice for easier
   identification within third-party archives.
 Copyright 2016 Functional Software, Inc.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
--- a/client-packages/sentry-auth-passbook/MANIFEST.in
+++ b/client-packages/sentry-auth-passbook/MANIFEST.in
@ -0,0 +1,3 @@
 include setup.py package.json webpack.config.js README.rst MANIFEST.in LICENSE AUTHORS
 recursive-include sentry_auth_supervisr/templates *
 global-exclude *~
--- a/client-packages/sentry-auth-passbook/Makefile
+++ b/client-packages/sentry-auth-passbook/Makefile
@ -0,0 +1,26 @@
 .PHONY: clean develop install-tests lint publish test
 develop:
 	pip install "pip>=7"
 	pip install -e .
 	make install-tests
 install-tests:
 	pip install .[tests]
 lint:
 	@echo "--> Linting python"
 	flake8
 	@echo ""
 test:
 	@echo "--> Running Python tests"
 	py.test tests || exit 1
 	@echo ""
 publish:
 	python setup.py sdist bdist_wheel upload
 clean:
 	rm -rf *.egg-info src/*.egg-info
 	rm -rf dist build
--- a/client-packages/sentry-auth-passbook/README.rst
+++ b/client-packages/sentry-auth-passbook/README.rst
@ -0,0 +1,55 @@
 GitHub Auth for Sentry
 ======================
 An SSO provider for Sentry which enables GitHub organization-restricted authentication.
 Install
 -------
 ::
    $ pip install https://github.com/getsentry/sentry-auth-github/archive/master.zip
 Setup
 -----
 Create a new application under your organization in GitHub. Enter the **Authorization
 callback URL** as the prefix to your Sentry installation:
 ::
    https://example.sentry.com
 Once done, grab your API keys and drop them in your ``sentry.conf.py``:
 .. code-block:: python
    GITHUB_APP_ID = ""
    GITHUB_API_SECRET = ""
 Verified email addresses can optionally be required:
 .. code-block:: python
    GITHUB_REQUIRE_VERIFIED_EMAIL = True
 Optionally you may also specify the domain (for GHE users):
 .. code-block:: python
    GITHUB_BASE_DOMAIN = "git.example.com"
    GITHUB_API_DOMAIN = "api.git.example.com"
 If Subdomain isolation is disabled in GHE:
 .. code-block:: python
    GITHUB_BASE_DOMAIN = "git.example.com"
    GITHUB_API_DOMAIN = "git.example.com/api/v3"
--- a/client-packages/sentry-auth-passbook/conftest.py
+++ b/client-packages/sentry-auth-passbook/conftest.py
@ -0,0 +1,14 @@
 from __future__ import absolute_import
 # Run tests against sqlite for simplicity
 import os
 import os.path
 import sys
 sys.path.insert(0, os.path.join(os.path.dirname(__file__)))
 os.environ.setdefault('DB', 'sqlite')
 pytest_plugins = [
    'sentry.utils.pytest'
 ]
--- a/client-packages/sentry-auth-passbook/sentry_auth_passbook/init.py
+++ b/client-packages/sentry-auth-passbook/sentry_auth_passbook/init.py
@ -0,0 +1,7 @@
 from __future__ import absolute_import
 from sentry.auth import register
 from .provider import PassbookOAuth2Provider
 register('passbook', PassbookOAuth2Provider)
--- a/client-packages/sentry-auth-passbook/sentry_auth_passbook/client.py
+++ b/client-packages/sentry-auth-passbook/sentry_auth_passbook/client.py
@ -0,0 +1,45 @@
 from __future__ import absolute_import, print_function
 from requests.exceptions import RequestException
 from sentry import http
 from sentry.utils import json
 from .constants import BASE_DOMAIN
 class PassbookApiError(Exception):
    def __init__(self, message='', status=0):
        super(PassbookApiError, self).__init__(message)
        self.status = status
 class PassbookClient(object):
    def __init__(self, client_id, client_secret):
        self.client_id = client_id
        self.client_secret = client_secret
        self.http = http.build_session()
    def _request(self, path, access_token):
        params = {
            'client_id': self.client_id,
            'client_secret': self.client_secret,
        }
        headers = {
            'Authorization': 'Bearer {0}'.format(access_token),
        }
        try:
            req = self.http.get('https://{0}/{1}'.format(BASE_DOMAIN, path.lstrip('/')),
                params=params,
                headers=headers,
            )
        except RequestException as e:
            raise PassbookApiError(unicode(e), status=getattr(e, 'status_code', 0))
        if req.status_code < 200 or req.status_code >= 300:
            raise PassbookApiError(req.content, status=req.status_code)
        return json.loads(req.content)
    def get_user(self, access_token):
        return self._request('/api/v1/openid/', access_token)
--- a/client-packages/sentry-auth-passbook/sentry_auth_passbook/constants.py
+++ b/client-packages/sentry-auth-passbook/sentry_auth_passbook/constants.py
@ -0,0 +1,14 @@
 from __future__ import absolute_import, print_function
 from django.conf import settings
 CLIENT_ID = getattr(settings, 'PASSBOOK_APP_ID', None)
 CLIENT_SECRET = getattr(settings, 'PASSBOOK_API_SECRET', None)
 SCOPE = 'openid:userinfo'
 BASE_DOMAIN = getattr(settings, 'PASSBOOK_BASE_DOMAIN', 'id.beryju.org')
 ACCESS_TOKEN_URL = 'https://{0}/application/oauth/token/'.format(BASE_DOMAIN)
 AUTHORIZE_URL = 'https://{0}/application/oauth/authorize/'.format(BASE_DOMAIN)
--- a/client-packages/sentry-auth-passbook/sentry_auth_passbook/provider.py
+++ b/client-packages/sentry-auth-passbook/sentry_auth_passbook/provider.py
@ -0,0 +1,62 @@
 from __future__ import absolute_import, print_function
 from sentry.auth.exceptions import IdentityNotValid
 from sentry.auth.providers.oauth2 import (OAuth2Callback, OAuth2Login,
                                          OAuth2Provider)
 from .client import PassbookApiError, PassbookClient
 from .constants import (ACCESS_TOKEN_URL, AUTHORIZE_URL, CLIENT_ID,
                        CLIENT_SECRET, SCOPE)
 from .views import FetchUser, PassbookConfigureView
 class PassbookOAuth2Provider(OAuth2Provider):
    access_token_url = ACCESS_TOKEN_URL
    authorize_url = AUTHORIZE_URL
    name = 'Passbook'
    client_id = CLIENT_ID
    client_secret = CLIENT_SECRET
    def __init__(self, **config):
        super(PassbookOAuth2Provider, self).__init__(**config)
    def get_configure_view(self):
        return PassbookConfigureView.as_view()
    def get_auth_pipeline(self):
        return [
            OAuth2Login(
                authorize_url=self.authorize_url,
                client_id=self.client_id,
                scope=SCOPE,
            ),
            OAuth2Callback(
                access_token_url=self.access_token_url,
                client_id=self.client_id,
                client_secret=self.client_secret,
            ),
            FetchUser(
                client_id=self.client_id,
                client_secret=self.client_secret,
            ),
        ]
    def get_refresh_token_url(self):
        return ACCESS_TOKEN_URL
    def build_identity(self, state):
        data = state['data']
        user_data = state['user']
        return {
            'id': user_data['email'],
            'email': user_data['email'],
            'name': user_data['name'],
            'data': self.get_oauth_data(data),
        }
    def build_config(self, state):
        return {}
    def refresh_identity(self, auth_identity):
        client = PassbookClient(self.client_id, self.client_secret)
        access_token = auth_identity.data['access_token']
--- a/client-packages/sentry-auth-passbook/sentry_auth_passbook/templates/sentry_auth_passbook/configure.html
+++ b/client-packages/sentry-auth-passbook/sentry_auth_passbook/templates/sentry_auth_passbook/configure.html
--- a/client-packages/sentry-auth-passbook/sentry_auth_passbook/views.py
+++ b/client-packages/sentry-auth-passbook/sentry_auth_passbook/views.py
@ -0,0 +1,75 @@
 from __future__ import absolute_import, print_function
 from django import forms
 from sentry.auth.view import AuthView, ConfigureView
 from sentry.models import AuthIdentity
 from .client import PassbookClient
 def _get_name_from_email(email):
    """
    Given an email return a capitalized name. Ex. john.smith@example.com would return John Smith.
    """
    name = email.rsplit('@', 1)[0]
    name = ' '.join([n_part.capitalize() for n_part in name.split('.')])
    return name
 class FetchUser(AuthView):
    def __init__(self, client_id, client_secret, *args, **kwargs):
        self.client = PassbookClient(client_id, client_secret)
        super(FetchUser, self).__init__(*args, **kwargs)
    def handle(self, request, helper):
        access_token = helper.fetch_state('data')['access_token']
        user = self.client.get_user(access_token)
        # A user hasn't set their name in their Passbook profile so it isn't
        # populated in the response
        if not user.get('name'):
            user['name'] = _get_name_from_email(user['email'])
        helper.bind_state('user', user)
        return helper.next_step()
 class ConfirmEmailForm(forms.Form):
    email = forms.EmailField(label='Email')
 class ConfirmEmail(AuthView):
    def handle(self, request, helper):
        user = helper.fetch_state('user')
        # TODO(dcramer): this isnt ideal, but our current flow doesnt really
        # support this behavior;
        try:
            auth_identity = AuthIdentity.objects.select_related('user').get(
                auth_provider=helper.auth_provider,
                ident=user['id'],
            )
        except AuthIdentity.DoesNotExist:
            pass
        else:
            user['email'] = auth_identity.user.email
        if user.get('email'):
            return helper.next_step()
        form = ConfirmEmailForm(request.POST or None)
        if form.is_valid():
            user['email'] = form.cleaned_data['email']
            helper.bind_state('user', user)
            return helper.next_step()
        return self.respond('sentry_auth_passbook/enter-email.html', {
            'form': form,
        })
 class PassbookConfigureView(ConfigureView):
    def dispatch(self, request, organization, auth_provider):
        return self.render('sentry_auth_passbook/configure.html')
--- a/client-packages/sentry-auth-passbook/setup.cfg
+++ b/client-packages/sentry-auth-passbook/setup.cfg
@ -0,0 +1,12 @@
 [wheel]
 universal = 1
 [pytest]
 python_files = test*.py
 addopts = --tb=native -p no:doctest
 norecursedirs = bin dist docs htmlcov script hooks node_modules .* {args}
 [flake8]
 ignore = F999,E501,E128,E124,E402,W503,E731,C901
 max-line-length = 100
 exclude = .tox,.git,*/migrations/*,node_modules/*,docs/*
--- a/client-packages/sentry-auth-passbook/setup.py
+++ b/client-packages/sentry-auth-passbook/setup.py
@ -0,0 +1,45 @@
 #!/usr/bin/env python
 """
 sentry-auth-passbook
 ==================
 :copyright: (c) 2016 Functional Software, Inc
 """
 from setuptools import find_packages, setup
 install_requires = [
    'sentry>=7.0.0',
 ]
 tests_require = [
    'mock',
    'flake8>=2.0,<2.1',
 ]
 setup(
    name='sentry-auth-passbook',
    version='0.1.20-beta',
    author='BeryJu.org',
    author_email='support@beryju.org',
    url='https://passbook.beryju.org',
    description='passbook authentication provider for Sentry',
    long_description=__doc__,
    license='MIT',
    packages=find_packages(exclude=['tests']),
    zip_safe=False,
    install_requires=install_requires,
    tests_require=tests_require,
    extras_require={'tests': tests_require},
    include_package_data=True,
    entry_points={
        'sentry.apps': [
            'auth_passbook = sentry_auth_passbook',
        ],
    },
    classifiers=[
        'Intended Audience :: Developers',
        'Intended Audience :: System Administrators',
        'Operating System :: OS Independent',
        'Topic :: Software Development'
    ],
 )
--- a/client-packages/sentry-auth-passbook/tests/test_plugin.py
+++ b/client-packages/sentry-auth-passbook/tests/test_plugin.py
--- a/client-packages/sentry-auth-passbook/tests/test_provider.py
+++ b/client-packages/sentry-auth-passbook/tests/test_provider.py
@ -0,0 +1,6 @@
 from sentry.testutils import TestCase
 class GitHubOAuth2ProviderTest(TestCase):
    def test_simple(self):
        pass
--- a/client-packages/sentry-auth-passbook/tests/test_views.py
+++ b/client-packages/sentry-auth-passbook/tests/test_views.py
@ -0,0 +1,17 @@
 from __future__ import absolute_import, print_function
 import pytest
 from sentry_auth_sentry.views import _get_name_from_email
 expected_data = [
    ('john.smith@example.com', 'John Smith'),
    ('john@example.com', 'John'),
    ('XYZ-234=3523@example.com', 'Xyz-234=3523'),
    ('XYZ.1111@example.com', 'Xyz 1111'),
    ('JOHN@example.com', 'John'),
 ]
@pytest.mark.parametrize("email,expected_name", expected_data)
 def test_get_name_from_email(email, expected_name):
    assert _get_name_from_email(email) == expected_name
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,108 @@
 passbook (0.1.20) stable; urgency=medium
  * bump version: 0.1.18-beta -> 0.1.19-beta
  * fix GitHub Pretend again
  * add user settings for Sources
  -- Jens Langhammer <jens.langhammer@beryju.org>  Wed, 13 Mar 2019 15:49:44 +0000
 passbook (0.1.18) stable; urgency=medium
  * bump version: 0.1.16-beta -> 0.1.17-beta
  * fix Server Error when downloading metadata
  * add sentry client
  * fix included yaml file
  * adjust versions for client packages, auto build client-packages
  * bump version: 0.1.17-beta -> 0.1.18-beta
  * fix API Call for sentry-client, add missing template
  * fix GitHub Pretend throwing a 500 error
 -- Jens Langhammer <jens.langhammer@beryju.org>  Wed, 13 Mar 2019 14:14:10 +0000
 passbook (0.1.17) stable; urgency=medium
  * bump version: 0.1.15-beta -> 0.1.16-beta
  * remove Application.user_is_authorized
  * don't use celery heartbeat, use TCP keepalive instead
  * switch to vertical navigation
 -- Jens Langhammer <jens.langhammer@beryju.org>  Tue, 12 Mar 2019 14:54:27 +0000
 passbook (0.1.16) stable; urgency=medium
  * Replace redis with RabbitMQ
  * updated debian package to suggest RabbitMQ
  * update helm chart to require RabbitMQ
  * fix invalid default config in debian package
 -- Jens Langhammer <jens.langhammer@beryju.org>  Mon, 11 Mar 2019 10:28:36 +0000
 passbook (0.1.14) stable; urgency=medium
  * bump version: 0.1.11-beta -> 0.1.12-beta
  * Fix DoesNotExist error when running PolicyEngine against None user
  * allow custom email server for helm installs
  * fix UserChangePasswordView not requiring Login
 -- Jens Langhammer <jens.langhammer@beryju.org>  Mon, 11 Mar 2019 10:28:36 +0000
 passbook (0.1.12) stable; urgency=medium
  * bump version: 0.1.10-beta -> 0.1.11-beta
  * rewrite PasswordFactor to use backends setting instead of trying all backends
  * install updated helm release from local folder
  * disable automatic k8s deployment for now
  * fix OAuth Authorization View not requiring authentication
 -- Jens Langhammer <jens.langhammer@beryju.org>  Mon, 11 Mar 2019 08:50:29 +0000
 passbook (0.1.11) stable; urgency=medium
  * add group administration
  * bump version: 0.1.9-beta -> 0.1.10-beta
  * fix helm labels being on deployments and not pods
  * automatically deploy after release
  * use Django's Admin FilteredSelectMultiple for Group Membership
  * always use FilteredSelectMultiple for many-to-many fields
  * Add Group Member policy
  * add LDAP Group Membership Policy
 -- Jens Langhammer <jens.langhammer@beryju.org>  Sun, 10 Mar 2019 18:55:31 +0000
 passbook (0.1.10) stable; urgency=high
  * bump version: 0.1.7-beta -> 0.1.8-beta
  * consistently using PolicyEngine
  * add more Verbosity to PolicyEngine, rewrite SAML Authorisation check
  * slightly refactor Factor View, add more unittests
  * add impersonation middleware, add to templates
  * bump version: 0.1.8-beta -> 0.1.9-beta
  * fix k8s service routing http traffic to workers
  * Fix button on policy test page
  * better show loading state when testing a policy
 -- Jens Langhammer <jens.langhammer@beryju.org>  Sun, 10 Mar 2019 14:52:40 +0000
 passbook (0.1.7) stable; urgency=medium
  * bump version: 0.1.3-beta -> 0.1.4-beta
  * implicitly add kubernetes-healthcheck-host in helm configmap
  * fix debian build (again)
  * add PropertyMapping Model, add Subclass for SAML, test with AWS
  * add custom DynamicArrayField to better handle arrays
  * format data before inserting it
  * bump version: 0.1.4-beta -> 0.1.5-beta
  * fix static files missing for debian package
  * fix password not getting set on user import
  * remove audit's login attempt
  * add passing property to PolicyEngine
  * fix captcha factor not loading keys from Factor class
  * bump version: 0.1.5-beta -> 0.1.6-beta
  * fix MATCH_EXACT not working as intended
  * Improve access control for saml
 -- Jens Langhammer <jens.langhammer@beryju.org>  Fri, 08 Mar 2019 20:37:05 +0000
 passbook (0.1.4) stable; urgency=medium
  * initial debian package release
--- a/debian/control
+++ b/debian/control
@ -8,7 +8,7 @@ Standards-Version: 3.9.6
 Package: passbook
 Architecture: all
-Recommends: mysql-server, redis-server
+Recommends: mysql-server, rabbitmq-server
 Pre-Depends: adduser, libldap2-dev, libsasl2-dev
 Depends: python3 (>= 3.5) | python3.6 | python3.7, python3-pip, dbconfig-pgsql | dbconfig-no-thanks, ${misc:Depends}
 Description: Authentication Provider/Proxy supporting protocols like SAML, OAuth, LDAP and more.
--- a/debian/etc/passbook/config.yml
+++ b/debian/etc/passbook/config.yml
@ -1,4 +1,3 @@
 debug: false
 http:
    host: 0.0.0.0
    port: 8000
@ -8,37 +7,71 @@ log:
        console: INFO
        file: DEBUG
    file: /var/log/passbook/passbook.log
-# Error reporting, disabled by default
+debug: false
-# error_report_enabled: true
+secure_proxy_header:
  HTTP_X_FORWARDED_PROTO: https
 rabbitmq: guest:guest@localhost/passbook
 # Error reporting, sends stacktrace to sentry.services.beryju.org
 error_report_enabled: true
-# Set this to the server's external address.
+passbook:
-# This is used to generate external URLs
+  sign_up:
-external_url: http://image.example.com
+    # Enables signup, created users are stored in internal Database and created in LDAP if ldap.create_users is true
-
+    enabled: true
-# This dictates how the Path is generated
+  password_reset:
-# can be either of:
+    # Enable password reset, passwords are reset in internal Database and in LDAP if ldap.reset_password is true
-# - view_sha512_short
+    enabled: true
-# - view_md5
+    # Verification the user has to provide in order to be able to reset passwords. Can be any combination of `email`, `2fa`, `security_questions`
-# - view_sha256
+    verification:
-# - view_sha512
+      - email
-default_return_view: view_sha256
+  # Text used in title, on login page and multiple other places
-
+  branding: passbook
-# Set this to true if you only want to use external authentication
+  login:
-external_auth_only: false
+    # Override URL used for logo
-
+    logo_url: null
-# If this is true, images are automatically claimed if the windows user exists
+    # Override URL used for Background on Login page
-# in django
+    bg_url: null
-auto_claim_enabled: true
+    # Optionally add a subtext, placed below logo on the login page
-
+    subtext: null
-# LDAP Authentication
+  footer:
-# ldap:
+    links:
-#     enabled: false
+      # Optionally add links to the footer on the login page
-#     server:
+      #  - name: test
-#         uri: 'ldap://dc1.example.com'
+      #    href: https://test
-#         tls: false
+  # Specify which fields can be used to authenticate. Can be any combination of `username` and `email`
-#     bind:
+  uid_fields:
-#         dn: ''
+    - username
-#         password: ''
+    - email
-#     search_base: ''
+  session:
-#     filter: '(sAMAccountName=%(user)s)'
+    remember_age: 2592000 # 60 * 60 * 24 * 30, one month
-#     require_group: ''
+# Provider-specific settings
 ldap:
  # Which field from `uid_fields` maps to which LDAP Attribute
  login_field_map:
    username: sAMAccountName
    email: mail # or userPrincipalName
  user_attribute_map:
    active_directory:
      username: "%(sAMAccountName)s"
      email: "%(mail)s"
      name: "%(displayName)"
 oauth_client:
  # List of python packages with sources types to load.
  types:
    - passbook.oauth_client.source_types.discord
    - passbook.oauth_client.source_types.facebook
    - passbook.oauth_client.source_types.github
    - passbook.oauth_client.source_types.google
    - passbook.oauth_client.source_types.reddit
    - passbook.oauth_client.source_types.supervisr
    - passbook.oauth_client.source_types.twitter
 saml_idp:
  # List of python packages with provider types to load.
  types:
    - passbook.saml_idp.processors.generic
    - passbook.saml_idp.processors.aws
    - passbook.saml_idp.processors.gitlab
    - passbook.saml_idp.processors.nextcloud
    - passbook.saml_idp.processors.salesforce
    - passbook.saml_idp.processors.shibboleth
    - passbook.saml_idp.processors.wordpress_orange
--- a/debian/files
+++ b/debian/files
@ -1,2 +0,0 @@
 passbook-dbgsym_0.1.3_amd64.ddeb debug optional
 passbook_0.1.3_amd64.deb admin optional
--- a/debian/passbook.postrm.debhelper
+++ b/debian/passbook.postrm.debhelper
@ -1,6 +0,0 @@
 # Automatically added by dh_installdebconf/11.1.6ubuntu2
 if [ "$1" = purge ] && [ -e /usr/share/debconf/confmodule ]; then
 	. /usr/share/debconf/confmodule
 	db_purge
 fi
 # End automatically added section
--- a/debian/passbook.substvars
+++ b/debian/passbook.substvars
@ -1,3 +0,0 @@
 misc:Depends=debconf (>= 0.5) | debconf-2.0
 shlibs:Depends=libc6 (>= 2.4), passbook
 misc:Pre-Depends=
--- a/debian/rules
+++ b/debian/rules
@ -7,6 +7,7 @@
 	dh $@ --with=systemd
 build-arch:
 	python3 -m pip install setuptools
 	python3 -m pip install --target=vendor/ -r requirements.txt
 override_dh_strip:
--- a/helm/passbook/Chart.yaml
+++ b/helm/passbook/Chart.yaml
@ -1,6 +1,6 @@
 apiVersion: v1
-appVersion: "0.1.4-beta"
+appVersion: "0.1.20-beta"
 description: A Helm chart for passbook.
 name: passbook
-version: "0.1.4-beta"
+version: "0.1.20-beta"
 icon: https://passbook.beryju.org/images/logo.png
--- a/helm/passbook/charts/rabbitmq-4.3.2.tgz
+++ b/helm/passbook/charts/rabbitmq-4.3.2.tgz
--- a/helm/passbook/charts/redis-5.1.0.tgz
+++ b/helm/passbook/charts/redis-5.1.0.tgz
--- a/helm/passbook/requirements.lock
+++ b/helm/passbook/requirements.lock
@ -1,9 +1,9 @@
 dependencies:
- name: redis
+- name: rabbitmq
  repository: https://kubernetes-charts.storage.googleapis.com/
-  version: 5.1.0
+  version: 4.3.2
 - name: postgresql
  repository: https://kubernetes-charts.storage.googleapis.com/
  version: 3.10.1
-digest: sha256:04bd136761f070e94a2ff32ff48ff87f5e07fbd451e5fd7f65551e3bd4680e5e
+digest: sha256:c36e054785f7d706d7d3f525eb1b167dbc89b42f84da7fc167a18bbb6542c999
-generated: 2019-02-08T12:08:49.090666+01:00
+generated: 2019-03-11T20:36:35.125079+01:00
--- a/helm/passbook/requirements.yaml
+++ b/helm/passbook/requirements.yaml
@ -1,6 +1,6 @@
 dependencies:
- name: redis
+- name: rabbitmq
-  version: 5.1.0
+  version: 4.3.2
  repository: https://kubernetes-charts.storage.googleapis.com/
 - name: postgresql
  version: 3.10.1
--- a/helm/passbook/templates/passbook-configmap.yaml
+++ b/helm/passbook/templates/passbook-configmap.yaml
@ -22,7 +22,7 @@ data:
        host: 127.0.0.1
        port: 514
    email:
-      host: localhost
+      host: {{ .Values.config.email.host }}
      port: 25
      user: ''
      password: ''
@ -36,7 +36,7 @@ data:
    debug: false
    secure_proxy_header:
      HTTP_X_FORWARDED_PROTO: https
-    redis: ":{{ .Values.redis.password }}@{{ .Release.Name }}-redis-master"
+    rabbitmq: "user:{{ .Values.rabbitmq.rabbitmq.password }}@{{ .Release.Name }}-rabbitmq"
    # Error reporting, sends stacktrace to sentry.services.beryju.org
    error_report_enabled: {{ .Values.config.error_reporting }}
@ -50,6 +50,7 @@ data:
        {{- range .Values.ingress.hosts }}
        - {{ . | quote }}
        {{- end }}
        - kubernetes-healthcheck-host
    passbook:
      sign_up:
--- a/helm/passbook/templates/passbook-web-deployment.yaml
+++ b/helm/passbook/templates/passbook-web-deployment.yaml
@ -18,6 +18,7 @@ spec:
      labels:
        app.kubernetes.io/name: {{ include "passbook.name" . }}
        app.kubernetes.io/instance: {{ .Release.Name }}
        passbook.io/component: web
    spec:
      volumes:
        - name: config-volume
--- a/helm/passbook/templates/passbook-web-service.yaml
+++ b/helm/passbook/templates/passbook-web-service.yaml
@ -17,3 +17,4 @@ spec:
  selector:
    app.kubernetes.io/name: {{ include "passbook.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    passbook.io/component: web
--- a/helm/passbook/templates/passbook-worker-deployment.yaml
+++ b/helm/passbook/templates/passbook-worker-deployment.yaml
@ -18,6 +18,7 @@ spec:
      labels:
        app.kubernetes.io/name: {{ include "passbook.name" . }}
        app.kubernetes.io/instance: {{ .Release.Name }}
        passbook.io/component: worker
    spec:
      volumes:
        - name: config-volume
--- a/helm/passbook/values.yaml
+++ b/helm/passbook/values.yaml
@ -5,7 +5,7 @@
 replicaCount: 1
 image:
-  tag: 0.1.4-beta
+  tag: 0.1.20-beta
 nameOverride: ""
@ -14,11 +14,17 @@ config:
  # secret_key: _k*@6h2u2@q-dku57hhgzb7tnx*ba9wodcb^s9g0j59@=y(@_o
  # Enable error reporting
  error_reporting: true
  email:
    host: localhost
 postgresql:
  postgresqlDatabase: passbook
  postgresqlPassword: foo
 rabbitmq:
  rabbitmq:
    password: foo
 service:
  type: ClusterIP
  port: 80
@ -31,7 +37,6 @@ ingress:
  path: /
  hosts:
    - passbook.k8s.local
    - kubernetes-healthcheck-host
  defaultHost: passbook.k8s.local
  tls: []
  #  - secretName: chart-example-tls
--- a/passbook/init.py
+++ b/passbook/init.py
@ -1,2 +1,2 @@
 """passbook"""
-__version__ = '0.1.4-beta'
+__version__ = '0.1.20-beta'
--- a/passbook/admin/init.py
+++ b/passbook/admin/init.py
@ -1,2 +1,2 @@
 """passbook admin"""
-__version__ = '0.1.4-beta'
+__version__ = '0.1.20-beta'
--- a/passbook/admin/middleware.py
+++ b/passbook/admin/middleware.py
@ -0,0 +1,25 @@
 """passbook admin Middleware to impersonate users"""
 from passbook.core.models import User
 def impersonate(get_response):
    """Middleware to impersonate users"""
    def middleware(request):
        """Middleware to impersonate users"""
        # User is superuser and has __impersonate ID set
        if request.user.is_superuser and "__impersonate" in request.GET:
            request.session['impersonate_id'] = request.GET["__impersonate"]
        # user wants to stop impersonation
        elif "__unimpersonate" in request.GET and 'impersonate_id' in request.session:
            del request.session['impersonate_id']
        # Actually impersonate user
        if request.user.is_superuser and 'impersonate_id' in request.session:
            request.user = User.objects.get(pk=request.session['impersonate_id'])
        response = get_response(request)
        return response
    return middleware
--- a/passbook/admin/settings.py
+++ b/passbook/admin/settings.py
@ -0,0 +1,5 @@
 """passbook admin settings"""
 MIDDLEWARE = [
    'passbook.admin.middleware.impersonate',
 ]
--- a/passbook/admin/templates/administration/base.html
+++ b/passbook/admin/templates/administration/base.html
@ -4,36 +4,4 @@
 {% load is_active %}
 {% block nav_secondary %}
 <ul class="nav navbar-nav navbar-persistent">
  <li class="{% is_active 'passbook_admin:overview' %}">
    <a href="{% url 'passbook_admin:overview' %}">{% trans 'Overview' %}</a>
  </li>
  <li class="{% is_active 'passbook_admin:applications' 'passbook_admin:application-create' 'passbook_admin:application-update' 'passbook_admin:application-delete' %}">
    <a href="{% url 'passbook_admin:applications' %}">{% trans 'Applications' %}</a>
  </li>
  <li class="{% is_active 'passbook_admin:sources' 'passbook_admin:source-create' 'passbook_admin:source-update' 'passbook_admin:source-delete' %}">
    <a href="{% url 'passbook_admin:sources' %}">{% trans 'Sources' %}</a>
  </li>
  <li class="{% is_active 'passbook_admin:providers' 'passbook_admin:provider-create' 'passbook_admin:provider-update' 'passbook_admin:provider-delete' %}">
    <a href="{% url 'passbook_admin:providers' %}">{% trans 'Providers' %}</a>
  </li>
  <li class="{% is_active 'passbook_admin:factors' 'passbook_admin:factor-create' 'passbook_admin:factor-update' 'passbook_admin:factor-delete' %}">
    <a href="{% url 'passbook_admin:factors' %}">{% trans 'Factors' %}</a>
  </li>
  <li class="{% is_active 'passbook_admin:policies' 'passbook_admin:policy-create' 'passbook_admin:policy-update' 'passbook_admin:policy-delete' 'passbook_admin:policy-test' %}">
    <a href="{% url 'passbook_admin:policies' %}">{% trans 'Policies' %}</a>
  </li>
  <li class="{% is_active 'passbook_admin:invitations' 'passbook_admin:invitation-create' 'passbook_admin:invitation-update' 'passbook_admin:invitation-delete' 'passbook_admin:invitation-test' %}">
    <a href="{% url 'passbook_admin:invitations' %}">{% trans 'Invitations' %}</a>
  </li>
  <li class="{% is_active 'passbook_admin:users' 'passbook_admin:user-update' 'passbook_admin:user-delete' %}">
    <a href="{% url 'passbook_admin:users' %}">{% trans 'Users' %}</a>
  </li>
  <li class="{% is_active 'passbook_admin:audit-log' %}">
    <a href="{% url 'passbook_admin:audit-log' %}">{% trans 'Audit Log' %}</a>
  </li>
  <li class="{% is_active_app 'admin' %}">
    <a href="{% url 'admin:index' %}">{% trans 'Django' %}</a>
  </li>
 </ul>
 {% endblock %}
--- a/passbook/admin/templates/administration/group/list.html
+++ b/passbook/admin/templates/administration/group/list.html
@ -0,0 +1,45 @@
 {% extends "administration/base.html" %}
 {% load i18n %}
 {% load utils %}
 {% block title %}
 {% title %}
 {% endblock %}
 {% block content %}
 <div class="container">
    <h1><span class="pficon-users"></span> {% trans "Groups" %}</h1>
    <span>{% trans "Group users together and give them permissions based on the membership." %}</span>
    <hr>
    <a href="{% url 'passbook_admin:group-create' %}?back={{ request.get_full_path }}" class="btn btn-primary">
        {% trans 'Create...' %}
    </a>
    <hr>
    <table class="table table-striped table-bordered">
        <thead>
            <tr>
                <th>{% trans 'Name' %}</th>
                <th>{% trans 'Parent' %}</th>
                <th>{% trans 'Members' %}</th>
                <th></th>
            </tr>
        </thead>
        <tbody>
            {% for group in object_list %}
            <tr>
                <td>{{ group.name }}</td>
                <td>{{ group.parent }}</td>
                <td>{{ group.user_set.all|length }}</td>
                <td>
                    <a class="btn btn-default btn-sm"
                        href="{% url 'passbook_admin:group-update' pk=group.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
                    <a class="btn btn-default btn-sm"
                        href="{% url 'passbook_admin:group-delete' pk=group.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
                </td>
            </tr>
            {% endfor %}
        </tbody>
    </table>
 </div>
 {% endblock %}
--- a/passbook/admin/templates/administration/groups/list.html
+++ b/passbook/admin/templates/administration/groups/list.html
@ -1,83 +0,0 @@
 {% extends "administration/base.html" %}
 {% load i18n %}
 {% load static %}
 {% load utils %}
 {% block head %}
 {{ block.super }}
 <link rel="stylesheet" href="{% static 'css/bootstrap-treeview.min.css'%}">
 {% endblock %}
 {% block scripts %}
 {{ block.super }}
 <script src="{% static 'js/bootstrap-treeview.min.js' %}"></script>
 <script>
  var cleanupData = function (obj) {
    return {
      text: obj.name,
      href: '?group=' + obj.uuid,
      nodes: obj.children.map(cleanupData),
    };
  }
 $(function() {
   var apiUrl = "{% url 'passbook_admin:group-list' %}?format=json";
   $.ajax({
      url: apiUrl,
    }).done(function(data) {
      $('#treeview1').treeview({
        collapseIcon: "fa fa-angle-down",
        data: data.map(cleanupData),
        expandIcon: "fa fa-angle-right",
        nodeIcon: "fa pficon-users",
        showBorder: true,
        enableLinks: true,
        onNodeSelected: function (event, node) {
          window.location.href = node.href;
        }
      });
    });
  });
 </script>
 {% endblock %}
 {% block title %}
 {% title %}
 {% endblock %}
 {% block content %}
 <div class="col-md-3">
  <div id="treeview1" class="treeview">
  </div>
 </div>
 <div class="col-md-9">
  <h1>{% trans "Invitations" %}</h1>
  <a href="{% url 'passbook_admin:invitation-create' %}" class="btn btn-primary">
    {% trans 'Create...' %}
  </a>
  <hr>
  <table class="table table-striped table-bordered">
    <thead>
      <tr>
        <th>{% trans 'Expiry' %}</th>
        <th>{% trans 'Link' %}</th>
        <th></th>
      </tr>
    </thead>
    <tbody>
      {% for invitation in object_list %}
      <tr>
        <td>{{ invitation.expires|default:"Never" }}</td>
        <td>
          <pre>{{ invitation.link }}</pre>
        </td>
        <td>
          <a class="btn btn-default btn-sm" href="{% url 'passbook_admin:invitation-delete' pk=invitation.uuid %}?back={{ request.get_full_path }}">{%
            trans 'Delete' %}</a>
        </td>
      </tr>
      {% endfor %}
    </tbody>
  </table>
 </div>
 {% endblock %}
--- a/passbook/admin/templates/administration/policy/test.html
+++ b/passbook/admin/templates/administration/policy/test.html
@ -5,3 +5,22 @@
 {% block above_form %}
 <h1>{% blocktrans with policy=policy %}Test policy {{ policy }}{% endblocktrans %}</h1>
 {% endblock %}
 {% block action %}
 {% trans 'Test' %}
 {% endblock %}
 {% block beneath_form %}
 <p class="loading" style="display: none;">
  <span class="spinner spinner-xs spinner-inline"></span> {% trans 'Processing, please wait...' %}
 </p>
 {% endblock %}
 {% block scripts %}
 {{ block.super }}
 <script>
  $('form').on('submit', function () {
    $('p.loading').show();
  })
 </script>
 {% endblock %}
--- a/passbook/admin/templates/administration/property_mapping/list.html
+++ b/passbook/admin/templates/administration/property_mapping/list.html
@ -0,0 +1,52 @@
 {% extends "administration/base.html" %}
 {% load i18n %}
 {% load utils %}
 {% block title %}
 {% title %}
 {% endblock %}
 {% block content %}
 <div class="container">
    <h1><span class="fa fa-table"></span> {% trans "Property Mappings" %}</h1>
    <span>{% trans "Property Mappings allow you expose provider-specific attributes." %}</span>
    <hr>
    <div class="dropdown">
        <button class="btn btn-primary dropdown-toggle" type="button" id="createDropdown" data-toggle="dropdown">
            {% trans 'Create...' %}
            <span class="caret"></span>
        </button>
        <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
            {% for type, name in types.items %}
            <li role="presentation"><a role="menuitem" tabindex="-1"
                    href="{% url 'passbook_admin:property-mapping-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a></li>
            {% endfor %}
        </ul>
    </div>
    <hr>
    <table class="table table-striped table-bordered">
        <thead>
            <tr>
                <th>{% trans 'Name' %}</th>
                <th>{% trans 'Type' %}</th>
                <th></th>
            </tr>
        </thead>
        <tbody>
            {% for property_mapping in object_list %}
            <tr>
                <td>{{ property_mapping.name }} ({{ property_mapping.slug }})</td>
                <td>{{ property_mapping|verbose_name }}</td>
                <td>
                    <a class="btn btn-default btn-sm"
                        href="{% url 'passbook_admin:property-mapping-update' pk=property_mapping.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
                    <a class="btn btn-default btn-sm"
                        href="{% url 'passbook_admin:property-mapping-delete' pk=property_mapping.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
                </td>
            </tr>
            {% endfor %}
        </tbody>
    </table>
 </div>
 {% endblock %}
--- a/passbook/admin/templates/administration/user/list.html
+++ b/passbook/admin/templates/administration/user/list.html
@ -31,6 +31,8 @@
                        href="{% url 'passbook_admin:user-delete' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
                    <a class="btn btn-default btn-sm"
                        href="{% url 'passbook_admin:user-password-reset' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Reset Password' %}</a>
                    <a class="btn btn-default btn-sm"
                        href="{% url 'passbook_core:overview' %}?__impersonate={{ user.pk }}">{% trans 'Impersonate' %}</a>
                </td>
            </tr>
            {% endfor %}
--- a/passbook/admin/templates/generic/form.html
+++ b/passbook/admin/templates/generic/form.html
@ -2,6 +2,21 @@
 {% load i18n %}
 {% load utils %}
 {% load static %}
 {% block head %}
 {{ block.super }}
 {{ form.media.css }}
 <script type="text/javascript" src="{% url 'admin:jsi18n' %}"></script>
 <script type="text/javascript" src="{% static 'admin/js/vendor/jquery/jquery.js' %}"></script>
 <script type="text/javascript" src="{% static 'admin/js/jquery.init.js' %}"></script>
 <script type="text/javascript" src="{% static 'admin/js/core.js' %}"></script>
 <script type="text/javascript" src="{% static 'admin/js/actions.js' %}"></script>
 <script type="text/javascript" src="{% static 'admin/js/urlify.js' %}"></script>
 <script type="text/javascript" src="{% static 'admin/js/prepopulate.js' %}"></script>
 <script type="text/javascript" src="{% static 'admin/js/SelectBox.js' %}"></script>
 <script type="text/javascript" src="{% static 'admin/js/SelectFilter2.js' %}"></script>
 {% endblock %}
 {% block content %}
 <div class="container">
@ -14,5 +29,12 @@
      <input type="submit" class="btn btn-primary" value="{% block action %}{% endblock %}" />
    </form>
  </div>
  {% block beneath_form %}
  {% endblock %}
 </div>
 {% endblock %}
 {% block scripts %}
 {{ block.super }}
 {{ form.media.js }}
 {% endblock %}
--- a/passbook/admin/urls.py
+++ b/passbook/admin/urls.py
@ -2,8 +2,8 @@
 from django.urls import include, path
 from passbook.admin.views import (applications, audit, factors, groups,
-                                  invitations, overview, policy, providers,
+                                  invitations, overview, policy,
-                                  sources, users)
+                                  property_mapping, providers, sources, users)
 urlpatterns = [
    path('', overview.AdministrationOverviewView.as_view(), name='overview'),
@ -43,6 +43,15 @@ urlpatterns = [
         factors.FactorUpdateView.as_view(), name='factor-update'),
    path('factors/<uuid:pk>/delete/',
         factors.FactorDeleteView.as_view(), name='factor-delete'),
    # Factors
    path('property-mappings/', property_mapping.PropertyMappingListView.as_view(),
         name='property-mappings'),
    path('property-mappings/create/',
         property_mapping.PropertyMappingCreateView.as_view(), name='property-mapping-create'),
    path('property-mappings/<uuid:pk>/update/',
         property_mapping.PropertyMappingUpdateView.as_view(), name='property-mapping-update'),
    path('property-mappings/<uuid:pk>/delete/',
         property_mapping.PropertyMappingDeleteView.as_view(), name='property-mapping-delete'),
    # Invitations
    path('invitations/', invitations.InvitationListView.as_view(), name='invitations'),
    path('invitations/create/',
@ -58,6 +67,11 @@ urlpatterns = [
         users.UserDeleteView.as_view(), name='user-delete'),
    path('users/<int:pk>/reset/',
         users.UserPasswordResetView.as_view(), name='user-password-reset'),
    # Groups
    path('group/', groups.GroupListView.as_view(), name='group'),
    path('group/create/', groups.GroupCreateView.as_view(), name='group-create'),
    path('group/<uuid:pk>/update/', groups.GroupUpdateView.as_view(), name='group-update'),
    path('group/<uuid:pk>/delete/', groups.GroupDeleteView.as_view(), name='group-delete'),
    # Audit Log
    path('audit/', audit.AuditEntryListView.as_view(), name='audit-log'),
    # Groups
--- a/passbook/admin/views/groups.py
+++ b/passbook/admin/views/groups.py
@ -1,12 +1,57 @@
 """passbook Group administration"""
-from django.views.generic import ListView
+from django.contrib import messages
 from django.contrib.messages.views import SuccessMessageMixin
 from django.urls import reverse_lazy
 from django.utils.translation import ugettext as _
 from django.views.generic import CreateView, DeleteView, ListView, UpdateView
 from passbook.admin.mixins import AdminRequiredMixin
 from passbook.core.forms.groups import GroupForm
 from passbook.core.models import Group
 class GroupListView(AdminRequiredMixin, ListView):
-    """Show list of all invitations"""
+    """Show list of all groups"""
    model = Group
-    template_name = 'administration/groups/list.html'
+    ordering = 'name'
    template_name = 'administration/group/list.html'
 class GroupCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
    """Create new Group"""
    form_class = GroupForm
    template_name = 'generic/create.html'
    success_url = reverse_lazy('passbook_admin:groups')
    success_message = _('Successfully created Group')
    def get_context_data(self, **kwargs):
        kwargs['type'] = 'Group'
        return super().get_context_data(**kwargs)
 class GroupUpdateView(SuccessMessageMixin, AdminRequiredMixin, UpdateView):
    """Update group"""
    model = Group
    form_class = GroupForm
    template_name = 'generic/update.html'
    success_url = reverse_lazy('passbook_admin:groups')
    success_message = _('Successfully updated Group')
 class GroupDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView):
    """Delete group"""
    model = Group
    template_name = 'generic/delete.html'
    success_url = reverse_lazy('passbook_admin:groups')
    success_message = _('Successfully deleted Group')
    def delete(self, request, *args, **kwargs):
        messages.success(self.request, self.success_message)
        return super().delete(request, *args, **kwargs)
--- a/passbook/admin/views/policy.py
+++ b/passbook/admin/views/policy.py
@ -11,6 +11,7 @@ from django.views.generic.detail import DetailView
 from passbook.admin.forms.policies import PolicyTestForm
 from passbook.admin.mixins import AdminRequiredMixin
 from passbook.core.models import Policy
 from passbook.core.policies import PolicyEngine
 from passbook.lib.utils.reflection import path_to_class
@ -100,7 +101,9 @@ class PolicyTestView(AdminRequiredMixin, DetailView, FormView):
    def form_valid(self, form):
        policy = self.get_object()
        user = form.cleaned_data.get('user')
-        result = policy.passes(user)
+        policy_engine = PolicyEngine([policy])
        policy_engine.for_user(user).with_request(self.request).build()
        result = policy_engine.passing
        if result:
            messages.success(self.request, _('User successfully passed policy.'))
        else:
--- a/passbook/admin/views/property_mapping.py
+++ b/passbook/admin/views/property_mapping.py
@ -0,0 +1,90 @@
 """passbook PropertyMapping administration"""
 from django.contrib import messages
 from django.contrib.messages.views import SuccessMessageMixin
 from django.http import Http404
 from django.urls import reverse_lazy
 from django.utils.translation import ugettext as _
 from django.views.generic import CreateView, DeleteView, ListView, UpdateView
 from passbook.admin.mixins import AdminRequiredMixin
 from passbook.core.models import PropertyMapping
 from passbook.lib.utils.reflection import path_to_class
 def all_subclasses(cls):
    """Recursively return all subclassess of cls"""
    return set(cls.__subclasses__()).union(
        [s for c in cls.__subclasses__() for s in all_subclasses(c)])
 class PropertyMappingListView(AdminRequiredMixin, ListView):
    """Show list of all property_mappings"""
    model = PropertyMapping
    template_name = 'administration/property_mapping/list.html'
    ordering = 'name'
    def get_context_data(self, **kwargs):
        kwargs['types'] = {
            x.__name__: x._meta.verbose_name for x in all_subclasses(PropertyMapping)}
        return super().get_context_data(**kwargs)
    def get_queryset(self):
        return super().get_queryset().select_subclasses()
 class PropertyMappingCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
    """Create new PropertyMapping"""
    template_name = 'generic/create.html'
    success_url = reverse_lazy('passbook_admin:property-mappings')
    success_message = _('Successfully created Property Mapping')
    def get_context_data(self, **kwargs):
        kwargs = super().get_context_data(**kwargs)
        property_mapping_type = self.request.GET.get('type')
        model = next(x for x in all_subclasses(PropertyMapping)
                     if x.__name__ == property_mapping_type)
        kwargs['type'] = model._meta.verbose_name
        return kwargs
    def get_form_class(self):
        property_mapping_type = self.request.GET.get('type')
        model = next(x for x in all_subclasses(PropertyMapping)
                     if x.__name__ == property_mapping_type)
        if not model:
            raise Http404
        return path_to_class(model.form)
 class PropertyMappingUpdateView(SuccessMessageMixin, AdminRequiredMixin, UpdateView):
    """Update property_mapping"""
    model = PropertyMapping
    template_name = 'generic/update.html'
    success_url = reverse_lazy('passbook_admin:property-mappings')
    success_message = _('Successfully updated Property Mapping')
    def get_form_class(self):
        form_class_path = self.get_object().form
        form_class = path_to_class(form_class_path)
        return form_class
    def get_object(self, queryset=None):
        return PropertyMapping.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
 class PropertyMappingDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView):
    """Delete property_mapping"""
    model = PropertyMapping
    template_name = 'generic/delete.html'
    success_url = reverse_lazy('passbook_admin:property-mappings')
    success_message = _('Successfully deleted Property Mapping')
    def get_object(self, queryset=None):
        return PropertyMapping.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
    def delete(self, request, *args, **kwargs):
        messages.success(self.request, self.success_message)
        return super().delete(request, *args, **kwargs)
--- a/passbook/api/init.py
+++ b/passbook/api/init.py
@ -1,2 +1,2 @@
 """passbook api"""
-__version__ = '0.1.4-beta'
+__version__ = '0.1.20-beta'
--- a/passbook/audit/init.py
+++ b/passbook/audit/init.py
@ -1,2 +1,2 @@
 """passbook audit Header"""
-__version__ = '0.1.4-beta'
+__version__ = '0.1.20-beta'
--- a/passbook/audit/migrations/0004_delete_loginattempt.py
+++ b/passbook/audit/migrations/0004_delete_loginattempt.py
@ -0,0 +1,16 @@
 # Generated by Django 2.1.7 on 2019-03-08 14:53
 from django.db import migrations
 class Migration(migrations.Migration):
    dependencies = [
        ('passbook_audit', '0003_auto_20190221_1240'),
    ]
    operations = [
        migrations.DeleteModel(
            name='LoginAttempt',
        ),
    ]
--- a/passbook/captcha_factor/init.py
+++ b/passbook/captcha_factor/init.py
@ -1,2 +1,2 @@
 """passbook captcha_factor Header"""
-__version__ = '0.1.4-beta'
+__version__ = '0.1.20-beta'
--- a/passbook/captcha_factor/factor.py
+++ b/passbook/captcha_factor/factor.py
@ -13,3 +13,10 @@ class CaptchaFactor(FormView, AuthenticationFactor):
    def form_valid(self, form):
        return self.authenticator.user_ok()
    def get_form(self, form_class=None):
        form = CaptchaForm(**self.get_form_kwargs())
        form.fields['captcha'].public_key = '6Lfi1w8TAAAAAELH-YiWp0OFItmMzvjGmw2xkvUN'
        form.fields['captcha'].private_key = '6Lfi1w8TAAAAAMQI3f86tGMvd1QkcqqVQyBWI23D'
        form.fields['captcha'].widget.attrs["data-sitekey"] = form.fields['captcha'].public_key
        return form
--- a/passbook/core/init.py
+++ b/passbook/core/init.py
@ -1,2 +1,2 @@
 """passbook core"""
-__version__ = '0.1.4-beta'
+__version__ = '0.1.20-beta'
--- a/passbook/core/auth/factors/password.py
+++ b/passbook/core/auth/factors/password.py
@ -1,8 +1,10 @@
 """passbook multi-factor authentication engine"""
 from inspect import Signature
 from logging import getLogger
 from django.contrib import messages
-from django.contrib.auth import authenticate
+from django.contrib.auth import _clean_credentials
 from django.contrib.auth.signals import user_login_failed
 from django.core.exceptions import PermissionDenied
 from django.forms.utils import ErrorList
 from django.shortcuts import redirect, reverse
@ -15,10 +17,40 @@ from passbook.core.forms.authentication import PasswordFactorForm
 from passbook.core.models import Nonce
 from passbook.core.tasks import send_email
 from passbook.lib.config import CONFIG
 from passbook.lib.utils.reflection import path_to_class
 LOGGER = getLogger(__name__)
 def authenticate(request, backends, **credentials):
    """If the given credentials are valid, return a User object.
    Customized version of django's authenticate, which accepts a list of backends"""
    for backend_path in backends:
        backend = path_to_class(backend_path)()
        try:
            signature = Signature.from_callable(backend.authenticate)
            signature.bind(request, **credentials)
        except TypeError:
            LOGGER.debug("Backend %s doesn't accept our arguments", backend)
            # This backend doesn't accept these credentials as arguments. Try the next one.
            continue
        LOGGER.debug('Attempting authentication with %s...', backend)
        try:
            user = backend.authenticate(request, **credentials)
        except PermissionDenied:
            LOGGER.debug('Backend %r threw PermissionDenied', backend)
            # This backend says to stop in our tracks - this user should not be allowed in at all.
            break
        if user is None:
            continue
        # Annotate the user object with the path of the backend.
        user.backend = backend_path
        return user
    # The credentials supplied are invalid to all backends, fire signal
    user_login_failed.send(sender=__name__, credentials=_clean_credentials(
        credentials), request=request)
 class PasswordFactor(FormView, AuthenticationFactor):
    """Authentication factor which authenticates against django's AuthBackend"""
@ -37,7 +69,7 @@ class PasswordFactor(FormView, AuthenticationFactor):
            send_email.delay(self.pending_user.email, _('Forgotten password'),
                             'email/account_password_reset.html', {
                                 'url': self.request.build_absolute_uri(
-                                     reverse('passbook_core:passbook_core:auth-password-reset',
+                                     reverse('passbook_core:auth-password-reset',
                                             kwargs={
                                                 'nonce': nonce.uuid
                                             })
@ -57,7 +89,7 @@ class PasswordFactor(FormView, AuthenticationFactor):
        for uid_field in uid_fields:
            kwargs[uid_field] = getattr(self.authenticator.pending_user, uid_field)
        try:
-            user = authenticate(self.request, **kwargs)
+            user = authenticate(self.request, self.authenticator.current_factor.backends, **kwargs)
            if user:
                # User instance returned from authenticate() has .backend property set
                self.authenticator.pending_user = user
--- a/passbook/core/auth/view.py
+++ b/passbook/core/auth/view.py
@ -39,35 +39,41 @@ class AuthenticationView(UserPassesTestMixin, View):
    # Allow only not authenticated users to login
    def test_func(self):
-        return self.request.user.is_authenticated is False
+        return AuthenticationView.SESSION_PENDING_USER in self.request.session
    def handle_no_permission(self):
        # Function from UserPassesTestMixin
        if 'next' in self.request.GET:
            return redirect(self.request.GET.get('next'))
        if self.request.user.is_authenticated:
            return _redirect_with_qs('passbook_core:overview', self.request.GET)
        return _redirect_with_qs('passbook_core:auth-login', self.request.GET)
-    def dispatch(self, request, *args, **kwargs):
+    def get_pending_factors(self):
-        # Extract pending user from session (only remember uid)
+        """Loading pending factors from Database or load from session variable"""
        if AuthenticationView.SESSION_PENDING_USER in request.session:
            self.pending_user = get_object_or_404(
                User, id=self.request.session[AuthenticationView.SESSION_PENDING_USER])
        else:
            # No Pending user, redirect to login screen
            return _redirect_with_qs('passbook_core:auth-login', request.GET)
        # Write pending factors to session
-        if AuthenticationView.SESSION_PENDING_FACTORS in request.session:
+        if AuthenticationView.SESSION_PENDING_FACTORS in self.request.session:
-            self.pending_factors = request.session[AuthenticationView.SESSION_PENDING_FACTORS]
+            return self.request.session[AuthenticationView.SESSION_PENDING_FACTORS]
        else:
        # Get an initial list of factors which are currently enabled
        # and apply to the current user. We check policies here and block the request
        _all_factors = Factor.objects.filter(enabled=True).order_by('order').select_subclasses()
-            self.pending_factors = []
+        pending_factors = []
        for factor in _all_factors:
            policy_engine = PolicyEngine(factor.policies.all())
-                policy_engine.for_user(self.pending_user).with_request(request).build()
+            policy_engine.for_user(self.pending_user).with_request(self.request).build()
-                if policy_engine.result[0]:
+            if policy_engine.passing:
-                    self.pending_factors.append((factor.uuid.hex, factor.type))
+                pending_factors.append((factor.uuid.hex, factor.type))
        return pending_factors
    def dispatch(self, request, *args, **kwargs):
        # Check if user passes test (i.e. SESSION_PENDING_USER is set)
        user_test_result = self.get_test_func()()
        if not user_test_result:
            return self.handle_no_permission()
        # Extract pending user from session (only remember uid)
        self.pending_user = get_object_or_404(
            User, id=self.request.session[AuthenticationView.SESSION_PENDING_USER])
        self.pending_factors = self.get_pending_factors()
        # Read and instantiate factor from session
        factor_uuid, factor_class = None, None
        if AuthenticationView.SESSION_FACTOR not in request.session:
@ -107,11 +113,11 @@ class AuthenticationView(UserPassesTestMixin, View):
        next_factor = None
        if self.pending_factors:
            next_factor = self.pending_factors.pop()
            # Save updated pening_factor list to session
            self.request.session[AuthenticationView.SESSION_PENDING_FACTORS] = \
                self.pending_factors
            self.request.session[AuthenticationView.SESSION_FACTOR] = next_factor
            LOGGER.debug("Rendering Factor is %s", next_factor)
            # return _redirect_with_qs('passbook_core:auth-process', kwargs={'factor': next_factor})
            return _redirect_with_qs('passbook_core:auth-process', self.request.GET)
        # User passed all factors
        LOGGER.debug("User passed all factors, logging in")
@ -126,7 +132,6 @@ class AuthenticationView(UserPassesTestMixin, View):
    def _user_passed(self):
        """User Successfully passed all factors"""
        # user = authenticate(request=self.request, )
        backend = self.request.session[AuthenticationView.SESSION_USER_BACKEND]
        login(self.request, self.pending_user, backend=backend)
        LOGGER.debug("Logged in user %s", self.pending_user)
--- a/passbook/core/forms/applications.py
+++ b/passbook/core/forms/applications.py
@ -1,5 +1,6 @@
 """passbook Core Application forms"""
 from django import forms
 from django.contrib.admin.widgets import FilteredSelectMultiple
 from django.utils.translation import gettext_lazy as _
 from passbook.core.models import Application, Provider
@ -20,6 +21,7 @@ class ApplicationForm(forms.ModelForm):
            'name': forms.TextInput(),
            'launch_url': forms.TextInput(),
            'icon_url': forms.TextInput(),
            'policies': FilteredSelectMultiple(_('policies'), False)
        }
        labels = {
            'launch_url': _('Launch URL'),
--- a/passbook/core/forms/factors.py
+++ b/passbook/core/forms/factors.py
@ -1,10 +1,20 @@
 """passbook administration forms"""
 from django import forms
 from django.conf import settings
 from django.contrib.admin.widgets import FilteredSelectMultiple
 from django.utils.translation import gettext as _
 from passbook.core.models import DummyFactor, PasswordFactor
 from passbook.lib.utils.reflection import path_to_class
 GENERAL_FIELDS = ['name', 'slug', 'order', 'policies', 'enabled']
 def get_authentication_backends():
    """Return all available authentication backends as tuple set"""
    for backend in settings.AUTHENTICATION_BACKENDS:
        klass = path_to_class(backend)
        yield backend, getattr(klass(), 'name', '%s (%s)' % (klass.__name__, klass.__module__))
 class PasswordFactorForm(forms.ModelForm):
    """Form to create/edit Password Factors"""
@ -15,6 +25,9 @@ class PasswordFactorForm(forms.ModelForm):
        widgets = {
            'name': forms.TextInput(),
            'order': forms.NumberInput(),
            'policies': FilteredSelectMultiple(_('policies'), False),
            'backends': FilteredSelectMultiple(_('backends'), False,
                                               choices=get_authentication_backends())
        }
 class DummyFactorForm(forms.ModelForm):
@ -27,4 +40,5 @@ class DummyFactorForm(forms.ModelForm):
        widgets = {
            'name': forms.TextInput(),
            'order': forms.NumberInput(),
            'policies': FilteredSelectMultiple(_('policies'), False)
        }
--- a/passbook/core/forms/groups.py
+++ b/passbook/core/forms/groups.py
@ -0,0 +1,32 @@
 """passbook Core Group forms"""
 from django import forms
 from django.contrib.admin.widgets import FilteredSelectMultiple
 from passbook.core.models import Group, User
 class GroupForm(forms.ModelForm):
    """Group Form"""
    members = forms.ModelMultipleChoiceField(
        User.objects.all(), required=False, widget=FilteredSelectMultiple('users', False))
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        if self.instance.pk:
            self.initial['members'] = self.instance.user_set.values_list('pk', flat=True)
    def save(self, *args, **kwargs):
        instance = super().save(*args, **kwargs)
        if instance.pk:
            instance.user_set.clear()
            instance.user_set.add(*self.cleaned_data['members'])
        return instance
    class Meta:
        model = Group
        fields = ['name', 'parent', 'members', 'tags']
        widgets = {
            'name': forms.TextInput(),
        }
--- a/passbook/core/forms/policies.py
+++ b/passbook/core/forms/policies.py
@ -4,7 +4,8 @@ from django import forms
 from django.utils.translation import gettext as _
 from passbook.core.models import (DebugPolicy, FieldMatcherPolicy,
-                                  PasswordPolicy, WebhookPolicy)
+                                  GroupMembershipPolicy, PasswordPolicy,
                                  WebhookPolicy)
 GENERAL_FIELDS = ['name', 'action', 'negate', 'order', ]
@ -53,6 +54,17 @@ class DebugPolicyForm(forms.ModelForm):
        }
 class GroupMembershipPolicyForm(forms.ModelForm):
    """GroupMembershipPolicy Form"""
    class Meta:
        model = GroupMembershipPolicy
        fields = GENERAL_FIELDS + ['group', ]
        widgets = {
            'name': forms.TextInput(),
        }
 class PasswordPolicyForm(forms.ModelForm):
    """PasswordPolicy Form"""
--- a/passbook/core/management/commands/import_users.py
+++ b/passbook/core/management/commands/import_users.py
@ -37,7 +37,8 @@ class Command(BaseCommand):
                        User.objects.create(
                            username=user.get('username'),
                            email=user.get('email'),
-                            name=user.get('name'))
+                            name=user.get('name'),
                            password=user.get('password'))
                        LOGGER.debug('Created User %s', user.get('username'))
                    except ValidationError as exc:
                        LOGGER.warning('User %s caused %r, skipping', user.get('username'), exc)
--- a/passbook/core/migrations/0014_auto_20190226_0850.py
+++ b/passbook/core/migrations/0014_auto_20190226_0850.py
@ -11,7 +11,7 @@ def create_initial_factor(apps, schema_editor):
            name='password',
            slug='password',
            order=0,
-            backends=[]
+            backends=['django.contrib.auth.backends.ModelBackend']
        )
 class Migration(migrations.Migration):
--- a/passbook/core/migrations/0017_propertymapping.py
+++ b/passbook/core/migrations/0017_propertymapping.py
@ -0,0 +1,26 @@
 # Generated by Django 2.1.7 on 2019-03-08 10:40
 import uuid
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('passbook_core', '0016_auto_20190227_1355'),
    ]
    operations = [
        migrations.CreateModel(
            name='PropertyMapping',
            fields=[
                ('uuid', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False)),
                ('name', models.TextField()),
            ],
            options={
                'verbose_name': 'Property Mapping',
                'verbose_name_plural': 'Property Mappings',
            },
        ),
    ]
--- a/passbook/core/migrations/0018_provider_property_mappings.py
+++ b/passbook/core/migrations/0018_provider_property_mappings.py
@ -0,0 +1,18 @@
 # Generated by Django 2.1.7 on 2019-03-08 10:50
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('passbook_core', '0017_propertymapping'),
    ]
    operations = [
        migrations.AddField(
            model_name='provider',
            name='property_mappings',
            field=models.ManyToManyField(blank=True, default=None, to='passbook_core.PropertyMapping'),
        ),
    ]
--- a/passbook/core/migrations/0019_auto_20190310_1615.py
+++ b/passbook/core/migrations/0019_auto_20190310_1615.py
@ -0,0 +1,25 @@
 # Generated by Django 2.1.7 on 2019-03-10 16:15
 import django.contrib.postgres.fields.hstore
 from django.contrib.postgres.operations import HStoreExtension
 from django.db import migrations
 class Migration(migrations.Migration):
    dependencies = [
        ('passbook_core', '0018_provider_property_mappings'),
    ]
    operations = [
        migrations.RemoveField(
            model_name='group',
            name='extra_data',
        ),
        HStoreExtension(),
        migrations.AddField(
            model_name='group',
            name='tags',
            field=django.contrib.postgres.fields.hstore.HStoreField(default=dict),
        ),
    ]
--- a/passbook/core/migrations/0020_groupmembershippolicy.py
+++ b/passbook/core/migrations/0020_groupmembershippolicy.py
@ -0,0 +1,26 @@
 # Generated by Django 2.1.7 on 2019-03-10 18:25
 import django.db.models.deletion
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('passbook_core', '0019_auto_20190310_1615'),
    ]
    operations = [
        migrations.CreateModel(
            name='GroupMembershipPolicy',
            fields=[
                ('policy_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.Policy')),
                ('group', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='passbook_core.Group')),
            ],
            options={
                'verbose_name': 'Group Membership Policy',
                'verbose_name_plural': 'Group Membership Policies',
            },
            bases=('passbook_core.policy',),
        ),
    ]
--- a/passbook/core/models.py
+++ b/passbook/core/models.py
@ -8,7 +8,7 @@ from typing import Tuple, Union
 from uuid import uuid4
 from django.contrib.auth.models import AbstractUser
-from django.contrib.postgres.fields import ArrayField
+from django.contrib.postgres.fields import ArrayField, HStoreField
 from django.db import models
 from django.urls import reverse_lazy
 from django.utils.timezone import now
@ -31,7 +31,7 @@ class Group(UUIDModel):
    name = models.CharField(_('name'), max_length=80)
    parent = models.ForeignKey('Group', blank=True, null=True,
                               on_delete=models.SET_NULL, related_name='children')
-    extra_data = models.TextField(blank=True)
+    tags = HStoreField(default=dict)
    def __str__(self):
        return "Group %s" % self.name
@ -60,6 +60,8 @@ class User(AbstractUser):
 class Provider(models.Model):
    """Application-independent Provider instance. For example SAML2 Remote, OAuth2 Application"""
    property_mappings = models.ManyToManyField('PropertyMapping', default=None, blank=True)
    objects = InheritanceManager()
    # This class defines no field for easier inheritance
@ -150,11 +152,6 @@ class Application(PolicyModel):
    objects = InheritanceManager()
    def user_is_authorized(self, user: User) -> bool:
        """Check if user is authorized to use this application"""
        from passbook.core.policies import PolicyEngine
        return PolicyEngine(self.policies.all()).for_user(user).build().result
    def get_provider(self):
        """Get casted provider instance"""
        if not self.provider:
@ -189,6 +186,12 @@ class Source(PolicyModel):
        """Return additional Info, such as a callback URL. Show in the administration interface."""
        return None
    def has_user_settings(self):
        """Entrypoint to integrate with User settings. Can either return False if no
        user settings are available, or a tuple or string, string, string where the first string
        is the name the item has, the second string is the icon and the third is the view-name."""
        return False
    def __str__(self):
        return self.name
@ -286,6 +289,8 @@ class FieldMatcherPolicy(Policy):
        if self.match_action == FieldMatcherPolicy.MATCH_REGEXP:
            pattern = re.compile(self.value)
            passes = bool(pattern.match(user_field_value))
        if self.match_action == FieldMatcherPolicy.MATCH_EXACT:
            passes = user_field_value == self.value
        LOGGER.debug("User got '%r'", passes)
        return passes
@ -389,6 +394,21 @@ class DebugPolicy(Policy):
        verbose_name = _('Debug Policy')
        verbose_name_plural = _('Debug Policies')
 class GroupMembershipPolicy(Policy):
    """Policy to check if the user is member in a certain group"""
    group = models.ForeignKey('Group', on_delete=models.CASCADE)
    form = 'passbook.core.forms.policies.GroupMembershipPolicyForm'
    def passes(self, user: User) -> Union[bool, Tuple[bool, str]]:
        return self.group.user_set.filter(pk=user.pk).exists()
    class Meta:
        verbose_name = _('Group Membership Policy')
        verbose_name_plural = _('Group Membership Policies')
 class Invitation(UUIDModel):
    """Single-use invitation link"""
@ -412,7 +432,7 @@ class Invitation(UUIDModel):
        verbose_name_plural = _('Invitations')
 class Nonce(UUIDModel):
-    """One-time link for password resets/signup-confirmations"""
+    """One-time link for password resets/sign-up-confirmations"""
    expires = models.DateTimeField(default=default_nonce_duration)
    user = models.ForeignKey('User', on_delete=models.CASCADE)
@ -424,3 +444,19 @@ class Nonce(UUIDModel):
        verbose_name = _('Nonce')
        verbose_name_plural = _('Nonces')
 class PropertyMapping(UUIDModel):
    """User-defined key -> x mapping which can be used by providers to expose extra data."""
    name = models.TextField()
    form = ''
    objects = InheritanceManager()
    def __str__(self):
        return "Property Mapping %s" % self.name
    class Meta:
        verbose_name = _('Property Mapping')
        verbose_name_plural = _('Property Mappings')
--- a/passbook/core/policies.py
+++ b/passbook/core/policies.py
@ -12,6 +12,8 @@ LOGGER = getLogger(__name__)
@CELERY_APP.task()
 def _policy_engine_task(user_pk, policy_pk, **kwargs):
    """Task wrapper to run policy checking"""
    if not user_pk:
        raise ValueError()
    policy_obj = Policy.objects.filter(pk=policy_pk).select_subclasses().first()
    user_obj = User.objects.get(pk=user_pk)
    for key, value in kwargs.items():
@ -54,6 +56,8 @@ class PolicyEngine:
    def build(self):
        """Build task group"""
        if not self._user:
            raise ValueError("User not set.")
        signatures = []
        kwargs = {
            '__password__': getattr(self._user, '__password__', None),
@ -71,11 +75,22 @@ class PolicyEngine:
    def result(self):
        """Get policy-checking result"""
        messages = []
-        for policy_action, policy_result, policy_message in self._group.get():
+        try:
            # ValueError can be thrown from _policy_engine_task when user is None
            group_result = self._group.get()
        except ValueError as exc:
            return False, str(exc)
        for policy_action, policy_result, policy_message in group_result:
            passing = (policy_action == Policy.ACTION_ALLOW and policy_result) or \
                      (policy_action == Policy.ACTION_DENY and not policy_result)
            LOGGER.debug('Action=%s, Result=%r => %r', policy_action, policy_result, passing)
            if policy_message:
                messages.append(policy_message)
            if not passing:
                return False, messages
        return True, messages
    @property
    def passing(self):
        """Only get true/false if user passes"""
        return self.result[0]
--- a/passbook/core/requirements.txt
+++ b/passbook/core/requirements.txt
@ -7,7 +7,6 @@ raven
 markdown
 colorlog
 celery
 redis
 psycopg2
 idna<2.8,>=2.5
 cherrypy
--- a/passbook/core/settings.py
+++ b/passbook/core/settings.py
@ -47,8 +47,7 @@ SESSION_COOKIE_NAME = 'passbook_session'
 LANGUAGE_COOKIE_NAME = 'passbook_language'
 AUTHENTICATION_BACKENDS = [
-    'django.contrib.auth.backends.ModelBackend',
+    'django.contrib.auth.backends.ModelBackend'
    'passbook.oauth_client.backends.AuthorizedServiceBackend'
 ]
 # Application definition
@ -60,6 +59,7 @@ INSTALLED_APPS = [
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'django.contrib.postgres',
    'rest_framework',
    'drf_yasg',
    'raven.contrib.django.raven_compat',
@ -184,8 +184,10 @@ CELERY_TIMEZONE = TIME_ZONE
 CELERY_BEAT_SCHEDULE = {}
 CELERY_CREATE_MISSING_QUEUES = True
 CELERY_TASK_DEFAULT_QUEUE = 'passbook'
-CELERY_BROKER_URL = 'redis://%s' % CONFIG.get('redis')
+CELERY_BROKER_URL = 'amqp://%s' % CONFIG.get('rabbitmq')
-CELERY_RESULT_BACKEND = 'redis://%s' % CONFIG.get('redis')
+CELERY_RESULT_BACKEND = 'rpc://'
 CELERY_ACKS_LATE = True
 CELERY_BROKER_HEARTBEAT = 0
 # Raven settings
 RAVEN_CONFIG = {
--- a/passbook/core/static/css/passbook.css
+++ b/passbook/core/static/css/passbook.css
@ -0,0 +1,197 @@
 .dynamic-array-widget .array-item {
  display: flex;
  align-items: center;
  margin-bottom: 15px;
 }
 .dynamic-array-widget .remove_sign {
  width: 10px;
  height: 2px;
  background: #a41515;
  border-radius: 1px;
 }
 .dynamic-array-widget .remove {
  height: 15px;
  display: flex;
  align-items: center;
  margin-left: 5px;
 }
 .dynamic-array-widget .remove:hover {
  cursor: pointer;
 }
 /* Selector */
 .selector {
    display: flex;
    width: 100%;
    height: 45vh;
 }
 .selector .selector-filter {
    display: flex;
    align-items: center;
 }
 .selector .selector-filter label {
    margin: 0 8px 0 0;
 }
 .selector .selector-filter input {
    width: auto;
    min-height: 0;
    flex: 1 1;
 }
 .selector-available, .selector-chosen {
    width: auto;
    flex: 1 1;
    display: flex;
    flex-direction: column;
 }
 .selector select {
    width: 100%;
    flex: 1 0 auto;
    margin-bottom: 5px;
 }
 .selector ul.selector-chooser {
    width: 26px;
    height: 52px;
    padding: 2px 0;
    margin: auto 15px;
    border-radius: 20px;
    transform: translateY(-10px);
    list-style: none;
 }
 .selector-add, .selector-remove {
    width: 20px;
    height: 20px;
    background-size: 20px auto;
 }
 .selector-add {
    background-position: 0 -120px;
 }
 .selector-remove {
    background-position: 0 -80px;
 }
 a.selector-chooseall, a.selector-clearall {
    align-self: center;
 }
 .stacked {
    flex-direction: column;
    max-width: 480px;
 }
 .stacked > * {
    flex: 0 1 auto;
 }
 .stacked select {
    margin-bottom: 0;
 }
 .stacked .selector-available, .stacked .selector-chosen {
    width: auto;
 }
 .stacked ul.selector-chooser {
    width: 52px;
    height: 26px;
    padding: 0 2px;
    margin: 15px auto;
    transform: none;
 }
 .stacked .selector-chooser li {
    padding: 3px;
 }
 .stacked .selector-add, .stacked .selector-remove {
    background-size: 20px auto;
 }
 .stacked .selector-add {
    background-position: 0 -40px;
 }
 .stacked .active.selector-add {
    background-position: 0 -60px;
 }
 .stacked .selector-remove {
    background-position: 0 0;
 }
 .stacked .active.selector-remove {
    background-position: 0 -20px;
 }
 .help-tooltip, .selector .help-icon {
    display: none;
 }
 form .form-row p.datetime {
    width: 100%;
 }
 .datetime input {
    width: 50%;
    max-width: 120px;
 }
 .datetime span {
    font-size: 13px;
 }
 .datetime .timezonewarning {
    display: block;
    font-size: 11px;
    color: #999;
 }
 .datetimeshortcuts {
    color: #ccc;
 }
 .inline-group {
    overflow: auto;
 }
 .selector-add, .selector-remove {
    width: 16px;
    height: 16px;
    display: block;
    text-indent: -3000px;
    overflow: hidden;
    cursor: default;
    opacity: 0.3;
 }
 .active.selector-add, .active.selector-remove {
    opacity: 1;
 }
 .active.selector-add:hover, .active.selector-remove:hover {
    cursor: pointer;
 }
 .selector-add {
    background: url(../admin/img/selector-icons.svg) 0 -96px no-repeat;
 }
 .active.selector-add:focus, .active.selector-add:hover {
    background-position: 0 -112px;
 }
 .selector-remove {
    background: url(../admin/img/selector-icons.svg) 0 -64px no-repeat;
 }
--- a/passbook/core/static/img/brand.svg
+++ b/passbook/core/static/img/brand.svg
@ -1,2 +1,2 @@
 <svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
-  width="270px" height="10px" viewBox="0 0 270 10" enable-background="new 0 0 270 10" xml:space="preserve"><defs><style>.cls-1{isolation:isolate;}.cls-2{fill:#fff;}</style></defs><g class="cls-1"><path class="cls-2" d="M1.65,11V2.45H2.87V3a2.81,2.81,0,0,1,.47-.45A1.13,1.13,0,0,1,4,2.38,1.11,1.11,0,0,1,5.1,3a1.55,1.55,0,0,1,.16.5,5.61,5.61,0,0,1,0,.81V6.58c0,.45,0,.77,0,1a1.17,1.17,0,0,1-.55.9,1.23,1.23,0,0,1-.7.16,1.35,1.35,0,0,1-.64-.16A1.53,1.53,0,0,1,2.89,8h0v3ZM4.08,4.43a1.21,1.21,0,0,0-.14-.6.51.51,0,0,0-.46-.22A.54.54,0,0,0,3,3.82a.8.8,0,0,0-.17.54V6.73A.68.68,0,0,0,3,7.2a.6.6,0,0,0,.44.18A.53.53,0,0,0,4,7.17a1,1,0,0,0,.12-.5Z"/><path class="cls-2" d="M8.63,8.54V7.91h0a2.24,2.24,0,0,1-.48.52,1.13,1.13,0,0,1-.69.18A1.39,1.39,0,0,1,7,8.54a1.09,1.09,0,0,1-.43-.24,1.32,1.32,0,0,1-.33-.49A2.33,2.33,0,0,1,6.11,7a4.89,4.89,0,0,1,.08-.91,1.51,1.51,0,0,1,.31-.65,1.44,1.44,0,0,1,.59-.38A3.19,3.19,0,0,1,8,4.93h.59V4.33a1,1,0,0,0-.13-.52A.52.52,0,0,0,8,3.61a.71.71,0,0,0-.44.15.78.78,0,0,0-.26.46H6.13A2,2,0,0,1,6.69,2.9a1.73,1.73,0,0,1,.57-.38A2,2,0,0,1,8,2.38a2.18,2.18,0,0,1,.72.12,1.71,1.71,0,0,1,.59.36,2,2,0,0,1,.38.6,2.18,2.18,0,0,1,.14.84V8.54Zm0-2.62-.34,0a1.2,1.2,0,0,0-.67.18.76.76,0,0,0-.29.68.89.89,0,0,0,.17.56A.55.55,0,0,0,8,7.53a.63.63,0,0,0,.49-.2.91.91,0,0,0,.17-.58Z"/><path class="cls-2" d="M13,4.16a.59.59,0,0,0-.2-.47.65.65,0,0,0-.42-.16.59.59,0,0,0-.45.19.66.66,0,0,0-.15.43.8.8,0,0,0,.08.33.85.85,0,0,0,.44.29l.71.29a1.73,1.73,0,0,1,.95.72,2,2,0,0,1,.26,1,1.85,1.85,0,0,1-.52,1.3,1.56,1.56,0,0,1-.58.39,1.88,1.88,0,0,1-2-.32,1.58,1.58,0,0,1-.4-.57,1.81,1.81,0,0,1-.17-.8h1.15a1.11,1.11,0,0,0,.17.47.56.56,0,0,0,.49.22.71.71,0,0,0,.47-.18A.59.59,0,0,0,13,6.8a.69.69,0,0,0-.13-.43,1.08,1.08,0,0,0-.48-.32l-.59-.21a2.08,2.08,0,0,1-.9-.64,1.66,1.66,0,0,1-.33-1,1.89,1.89,0,0,1,.14-.72,1.78,1.78,0,0,1,.4-.57,1.5,1.5,0,0,1,.56-.36,1.82,1.82,0,0,1,.7-.13,1.93,1.93,0,0,1,.69.13,1.6,1.6,0,0,1,.54.38,1.85,1.85,0,0,1,.36.57,1.82,1.82,0,0,1,.13.7Z"/><path class="cls-2" d="M17.2,4.16a.63.63,0,0,0-.2-.47.69.69,0,0,0-.43-.16.55.55,0,0,0-.44.19.62.62,0,0,0-.16.43.68.68,0,0,0,.09.33.81.81,0,0,0,.43.29l.72.29a1.7,1.7,0,0,1,.94.72,2,2,0,0,1,.26,1,1.85,1.85,0,0,1-.52,1.3,1.61,1.61,0,0,1-.57.39,1.81,1.81,0,0,1-.74.15,1.76,1.76,0,0,1-1.24-.47,1.61,1.61,0,0,1-.41-.57,2,2,0,0,1-.17-.8h1.15a1.12,1.12,0,0,0,.18.47.53.53,0,0,0,.48.22.72.72,0,0,0,.48-.18.59.59,0,0,0,.21-.48.69.69,0,0,0-.14-.43,1,1,0,0,0-.48-.32l-.58-.21a2.06,2.06,0,0,1-.91-.64,1.66,1.66,0,0,1-.33-1A1.89,1.89,0,0,1,15,3.44a1.78,1.78,0,0,1,.4-.57,1.58,1.58,0,0,1,.56-.36,1.82,1.82,0,0,1,.7-.13,1.93,1.93,0,0,1,.69.13,1.75,1.75,0,0,1,.55.38,1.85,1.85,0,0,1,.36.57,2,2,0,0,1,.13.7Z"/><path class="cls-2" d="M19.2,8.54V0h1.22V3h0a1.53,1.53,0,0,1,.48-.47,1.39,1.39,0,0,1,.65-.16,1.26,1.26,0,0,1,.69.16,1.35,1.35,0,0,1,.4.39,1.18,1.18,0,0,1,.15.51,7.72,7.72,0,0,1,0,1V6.73a5.56,5.56,0,0,1-.05.8,1.56,1.56,0,0,1-.15.5,1.12,1.12,0,0,1-1.07.58,1.15,1.15,0,0,1-.7-.18A3.79,3.79,0,0,1,20.42,8v.55Zm2.44-4.21a1,1,0,0,0-.13-.51A.5.5,0,0,0,21,3.61a.57.57,0,0,0-.44.18.66.66,0,0,0-.18.48V6.63a.83.83,0,0,0,.17.54.52.52,0,0,0,.45.21.49.49,0,0,0,.45-.22,1.11,1.11,0,0,0,.15-.6Z"/><path class="cls-2" d="M23.76,4.49a4.83,4.83,0,0,1,0-.68A1.55,1.55,0,0,1,24,3.26a1.59,1.59,0,0,1,.62-.64,1.84,1.84,0,0,1,1-.24,1.87,1.87,0,0,1,1,.24,1.59,1.59,0,0,1,.62.64,1.55,1.55,0,0,1,.18.55,4.83,4.83,0,0,1,.05.68v2a4.72,4.72,0,0,1-.05.68,1.55,1.55,0,0,1-.18.55,1.59,1.59,0,0,1-.62.64,1.87,1.87,0,0,1-1,.24,1.84,1.84,0,0,1-1-.24A1.59,1.59,0,0,1,24,7.73a1.55,1.55,0,0,1-.18-.55,4.72,4.72,0,0,1,0-.68ZM25,6.69a.72.72,0,0,0,.17.52.53.53,0,0,0,.43.17A.55.55,0,0,0,26,7.21a.72.72,0,0,0,.16-.52V4.3A.74.74,0,0,0,26,3.78a.55.55,0,0,0-.44-.17.53.53,0,0,0-.43.17A.74.74,0,0,0,25,4.3Z"/><path class="cls-2" d="M28.2,4.49a4.83,4.83,0,0,1,.05-.68,1.55,1.55,0,0,1,.18-.55,1.59,1.59,0,0,1,.62-.64,1.84,1.84,0,0,1,1-.24,1.87,1.87,0,0,1,1,.24,1.59,1.59,0,0,1,.62.64,1.55,1.55,0,0,1,.18.55,4.83,4.83,0,0,1,.05.68v2a4.72,4.72,0,0,1-.05.68,1.55,1.55,0,0,1-.18.55,1.59,1.59,0,0,1-.62.64,1.87,1.87,0,0,1-1,.24,1.84,1.84,0,0,1-1-.24,1.59,1.59,0,0,1-.62-.64,1.55,1.55,0,0,1-.18-.55,4.72,4.72,0,0,1-.05-.68Zm1.22,2.2a.72.72,0,0,0,.17.52.53.53,0,0,0,.43.17.55.55,0,0,0,.44-.17.72.72,0,0,0,.16-.52V4.3a.74.74,0,0,0-.16-.52A.55.55,0,0,0,30,3.61a.53.53,0,0,0-.43.17.74.74,0,0,0-.17.52Z"/><path class="cls-2" d="M32.75,8.54V0H34V5.11h0l1.47-2.66H36.7L35.24,4.93,37,8.54H35.66l-1.1-2.63L34,6.83V8.54Z"/></g></svg>
+  width="270px" height="20px" viewBox="0 0 270 10" enable-background="new 0 0 270 10" xml:space="preserve"><defs><style>.cls-1{isolation:isolate;}.cls-2{fill:#fff;}</style></defs><g class="cls-1"><path class="cls-2" d="M1.65,11V2.45H2.87V3a2.81,2.81,0,0,1,.47-.45A1.13,1.13,0,0,1,4,2.38,1.11,1.11,0,0,1,5.1,3a1.55,1.55,0,0,1,.16.5,5.61,5.61,0,0,1,0,.81V6.58c0,.45,0,.77,0,1a1.17,1.17,0,0,1-.55.9,1.23,1.23,0,0,1-.7.16,1.35,1.35,0,0,1-.64-.16A1.53,1.53,0,0,1,2.89,8h0v3ZM4.08,4.43a1.21,1.21,0,0,0-.14-.6.51.51,0,0,0-.46-.22A.54.54,0,0,0,3,3.82a.8.8,0,0,0-.17.54V6.73A.68.68,0,0,0,3,7.2a.6.6,0,0,0,.44.18A.53.53,0,0,0,4,7.17a1,1,0,0,0,.12-.5Z"/><path class="cls-2" d="M8.63,8.54V7.91h0a2.24,2.24,0,0,1-.48.52,1.13,1.13,0,0,1-.69.18A1.39,1.39,0,0,1,7,8.54a1.09,1.09,0,0,1-.43-.24,1.32,1.32,0,0,1-.33-.49A2.33,2.33,0,0,1,6.11,7a4.89,4.89,0,0,1,.08-.91,1.51,1.51,0,0,1,.31-.65,1.44,1.44,0,0,1,.59-.38A3.19,3.19,0,0,1,8,4.93h.59V4.33a1,1,0,0,0-.13-.52A.52.52,0,0,0,8,3.61a.71.71,0,0,0-.44.15.78.78,0,0,0-.26.46H6.13A2,2,0,0,1,6.69,2.9a1.73,1.73,0,0,1,.57-.38A2,2,0,0,1,8,2.38a2.18,2.18,0,0,1,.72.12,1.71,1.71,0,0,1,.59.36,2,2,0,0,1,.38.6,2.18,2.18,0,0,1,.14.84V8.54Zm0-2.62-.34,0a1.2,1.2,0,0,0-.67.18.76.76,0,0,0-.29.68.89.89,0,0,0,.17.56A.55.55,0,0,0,8,7.53a.63.63,0,0,0,.49-.2.91.91,0,0,0,.17-.58Z"/><path class="cls-2" d="M13,4.16a.59.59,0,0,0-.2-.47.65.65,0,0,0-.42-.16.59.59,0,0,0-.45.19.66.66,0,0,0-.15.43.8.8,0,0,0,.08.33.85.85,0,0,0,.44.29l.71.29a1.73,1.73,0,0,1,.95.72,2,2,0,0,1,.26,1,1.85,1.85,0,0,1-.52,1.3,1.56,1.56,0,0,1-.58.39,1.88,1.88,0,0,1-2-.32,1.58,1.58,0,0,1-.4-.57,1.81,1.81,0,0,1-.17-.8h1.15a1.11,1.11,0,0,0,.17.47.56.56,0,0,0,.49.22.71.71,0,0,0,.47-.18A.59.59,0,0,0,13,6.8a.69.69,0,0,0-.13-.43,1.08,1.08,0,0,0-.48-.32l-.59-.21a2.08,2.08,0,0,1-.9-.64,1.66,1.66,0,0,1-.33-1,1.89,1.89,0,0,1,.14-.72,1.78,1.78,0,0,1,.4-.57,1.5,1.5,0,0,1,.56-.36,1.82,1.82,0,0,1,.7-.13,1.93,1.93,0,0,1,.69.13,1.6,1.6,0,0,1,.54.38,1.85,1.85,0,0,1,.36.57,1.82,1.82,0,0,1,.13.7Z"/><path class="cls-2" d="M17.2,4.16a.63.63,0,0,0-.2-.47.69.69,0,0,0-.43-.16.55.55,0,0,0-.44.19.62.62,0,0,0-.16.43.68.68,0,0,0,.09.33.81.81,0,0,0,.43.29l.72.29a1.7,1.7,0,0,1,.94.72,2,2,0,0,1,.26,1,1.85,1.85,0,0,1-.52,1.3,1.61,1.61,0,0,1-.57.39,1.81,1.81,0,0,1-.74.15,1.76,1.76,0,0,1-1.24-.47,1.61,1.61,0,0,1-.41-.57,2,2,0,0,1-.17-.8h1.15a1.12,1.12,0,0,0,.18.47.53.53,0,0,0,.48.22.72.72,0,0,0,.48-.18.59.59,0,0,0,.21-.48.69.69,0,0,0-.14-.43,1,1,0,0,0-.48-.32l-.58-.21a2.06,2.06,0,0,1-.91-.64,1.66,1.66,0,0,1-.33-1A1.89,1.89,0,0,1,15,3.44a1.78,1.78,0,0,1,.4-.57,1.58,1.58,0,0,1,.56-.36,1.82,1.82,0,0,1,.7-.13,1.93,1.93,0,0,1,.69.13,1.75,1.75,0,0,1,.55.38,1.85,1.85,0,0,1,.36.57,2,2,0,0,1,.13.7Z"/><path class="cls-2" d="M19.2,8.54V0h1.22V3h0a1.53,1.53,0,0,1,.48-.47,1.39,1.39,0,0,1,.65-.16,1.26,1.26,0,0,1,.69.16,1.35,1.35,0,0,1,.4.39,1.18,1.18,0,0,1,.15.51,7.72,7.72,0,0,1,0,1V6.73a5.56,5.56,0,0,1-.05.8,1.56,1.56,0,0,1-.15.5,1.12,1.12,0,0,1-1.07.58,1.15,1.15,0,0,1-.7-.18A3.79,3.79,0,0,1,20.42,8v.55Zm2.44-4.21a1,1,0,0,0-.13-.51A.5.5,0,0,0,21,3.61a.57.57,0,0,0-.44.18.66.66,0,0,0-.18.48V6.63a.83.83,0,0,0,.17.54.52.52,0,0,0,.45.21.49.49,0,0,0,.45-.22,1.11,1.11,0,0,0,.15-.6Z"/><path class="cls-2" d="M23.76,4.49a4.83,4.83,0,0,1,0-.68A1.55,1.55,0,0,1,24,3.26a1.59,1.59,0,0,1,.62-.64,1.84,1.84,0,0,1,1-.24,1.87,1.87,0,0,1,1,.24,1.59,1.59,0,0,1,.62.64,1.55,1.55,0,0,1,.18.55,4.83,4.83,0,0,1,.05.68v2a4.72,4.72,0,0,1-.05.68,1.55,1.55,0,0,1-.18.55,1.59,1.59,0,0,1-.62.64,1.87,1.87,0,0,1-1,.24,1.84,1.84,0,0,1-1-.24A1.59,1.59,0,0,1,24,7.73a1.55,1.55,0,0,1-.18-.55,4.72,4.72,0,0,1,0-.68ZM25,6.69a.72.72,0,0,0,.17.52.53.53,0,0,0,.43.17A.55.55,0,0,0,26,7.21a.72.72,0,0,0,.16-.52V4.3A.74.74,0,0,0,26,3.78a.55.55,0,0,0-.44-.17.53.53,0,0,0-.43.17A.74.74,0,0,0,25,4.3Z"/><path class="cls-2" d="M28.2,4.49a4.83,4.83,0,0,1,.05-.68,1.55,1.55,0,0,1,.18-.55,1.59,1.59,0,0,1,.62-.64,1.84,1.84,0,0,1,1-.24,1.87,1.87,0,0,1,1,.24,1.59,1.59,0,0,1,.62.64,1.55,1.55,0,0,1,.18.55,4.83,4.83,0,0,1,.05.68v2a4.72,4.72,0,0,1-.05.68,1.55,1.55,0,0,1-.18.55,1.59,1.59,0,0,1-.62.64,1.87,1.87,0,0,1-1,.24,1.84,1.84,0,0,1-1-.24,1.59,1.59,0,0,1-.62-.64,1.55,1.55,0,0,1-.18-.55,4.72,4.72,0,0,1-.05-.68Zm1.22,2.2a.72.72,0,0,0,.17.52.53.53,0,0,0,.43.17.55.55,0,0,0,.44-.17.72.72,0,0,0,.16-.52V4.3a.74.74,0,0,0-.16-.52A.55.55,0,0,0,30,3.61a.53.53,0,0,0-.43.17.74.74,0,0,0-.17.52Z"/><path class="cls-2" d="M32.75,8.54V0H34V5.11h0l1.47-2.66H36.7L35.24,4.93,37,8.54H35.66l-1.1-2.63L34,6.83V8.54Z"/></g></svg>
--- a/passbook/core/static/js/passbook.js
+++ b/passbook/core/static/js/passbook.js
@ -16,3 +16,33 @@ const typeHandler = function (e) {
 $source.on('input', typeHandler) // register for oninput
 $source.on('propertychange', typeHandler) // for IE8
 window.addEventListener('load', function () {
    function addRemoveEventListener(widgetElement) {
        widgetElement.querySelectorAll('.array-remove').forEach(function (element) {
            element.addEventListener('click', function () {
                this.parentNode.parentNode.remove();
            });
        });
    }
    document.querySelectorAll('.dynamic-array-widget').forEach(function (widgetElement) {
        addRemoveEventListener(widgetElement);
        widgetElement.querySelector('.add-array-item').addEventListener('click', function () {
            var first = widgetElement.querySelector('.array-item');
            var newElement = first.cloneNode(true);
            var id_parts = newElement.querySelector('input').getAttribute('id').split('_');
            var id = id_parts.slice(0, -1).join('_') + '_' + String(parseInt(id_parts.slice(-1)[0]) + 1);
            newElement.querySelector('input').setAttribute('id', id);
            newElement.querySelector('input').value = '';
            addRemoveEventListener(newElement);
            first.parentElement.insertBefore(newElement, first.parentNode.lastChild);
        });
    });
 });
--- a/passbook/core/templates/base/skeleton.html
+++ b/passbook/core/templates/base/skeleton.html
@ -4,6 +4,7 @@
 <!DOCTYPE html>
 <html lang="en">
 <head>
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
@ -16,6 +17,7 @@
  <link rel="shortcut icon" type="image/png" href="{% static 'img/logo.png' %}">
  <link rel="stylesheet" type="text/css" href="{% static 'css/patternfly.min.css' %}">
  <link rel="stylesheet" type="text/css" href="{% static 'css/patternfly-additions.min.css' %}">
  <link rel="stylesheet" type="text/css" href="{% static 'css/passbook.css' %}">
  <style>
    .login-pf {
      background-attachment: fixed;
@ -26,7 +28,16 @@
  {% block head %}
  {% endblock %}
 </head>
 <body {% if is_login %} class="login-pf" {% endif %}>
  {% if 'impersonate_id' in request.session %}
  <div class="experimental-pf-bar">
    <span id="experimentalBar" class="experimental-pf-text">
      {% blocktrans with user=user %}You're currently impersonating {{ user }}.{% endblocktrans %}
      <a href="?__unimpersonate=True" id="acceptMessage">{% trans 'Stop impersonation' %}</a>
    </span>
  </div>
  {% endif %}
  {% block body %}
  {% endblock %}
  <script src="{% static 'js/jquery.min.js' %}"></script>
@ -39,4 +50,5 @@
    {% include 'partials/about_modal.html' %}
  </div>
 </body>
 </html>
--- a/passbook/core/templates/generic/delete.html
+++ b/passbook/core/templates/generic/delete.html
@ -6,13 +6,13 @@
 {% block content %}
 <div class="container">
    {% block above_form %}
-    <h1>{% blocktrans with object_type=object|fieldtype|title %}Delete {{ object_type }}{% endblocktrans %}</h1>
+    <h1>{% blocktrans with object_type=object|verbose_name %}Delete {{ object_type }}{% endblocktrans %}</h1>
    {% endblock %}
    <div class="">
        <form method="post" class="form-horizontal">
            {% csrf_token %}
            <p>
-                {% blocktrans with object_type=object|fieldtype|title name=object %}
+                {% blocktrans with object_type=object|verbose_name name=object %}
                Are you sure you want to delete {{ object_type }} "{{ object }}"?
                {% endblocktrans %}
            </p>
--- a/passbook/core/templates/overview/base.html
+++ b/passbook/core/templates/overview/base.html
@ -8,38 +8,40 @@
 <div class="toast-notifications-list-pf">
    {% include 'partials/messages.html' %}
 </div>
-<nav class="navbar navbar-default navbar-pf" role="navigation">
+<nav class="navbar navbar-pf-vertical">
    <div class="navbar-header">
-        <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse-1">
+        <button type="button" class="navbar-toggle">
-            <span class="sr-only">{% trans 'Toggle navigation' %}</span>
+            <span class="sr-only">Toggle navigation</span>
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
        </button>
        <a class="navbar-brand" href="/">
-            <img src="{% static 'img/brand.svg' %}" alt="passbook" />
+            <img class="navbar-brand-icon" src="{% static 'img/logo.png' %}" alt="" />
            <img class="navbar-brand-name" src="{% static 'img/brand.svg' %}" alt="passbook" />
        </a>
    </div>
-    <div class="collapse navbar-collapse navbar-collapse-1">
+    <nav class="collapse navbar-collapse">
-        <ul class="nav navbar-nav navbar-utility">
+        <ul class="nav navbar-nav navbar-right navbar-iconic navbar-utility">
            <li class="dropdown">
-                <button class="btn btn-link nav-item-iconic" id="horizontalDropdownMenu1" data-toggle="dropdown"
+                <button class="btn btn-link dropdown-toggle nav-item-iconic" id="dropdownMenu1" data-toggle="dropdown"
                    aria-haspopup="true" aria-expanded="true">
-                    <span title="Help" class="fa pficon-help dropdown-title"></span>
+                    <span title="Help" class="fa pficon-help"></span>
                </button>
-                <ul class="dropdown-menu" aria-labelledby="horizontalDropdownMenu1">
+                <ul class="dropdown-menu" aria-labelledby="dropdownMenu1">
                    {% comment %} <li><a href="#0">Help</a></li> {% endcomment %}
                    <li><a data-toggle="modal" data-target="#about-modal" href="#0">{% trans 'About' %}</a></li>
                </ul>
            </li>
            <li class="dropdown">
-                <button class="btn btn-link dropdown-toggle" data-toggle="dropdown">
+                <button class="btn btn-link dropdown-toggle nav-item-iconic" id="dropdownMenu2" data-toggle="dropdown"
-                    <span class="pficon pficon-user"></span>
+                    aria-haspopup="true" aria-expanded="true">
                    <span title="Username" class="fa pficon-user"></span>
                    <span class="dropdown-title">
-                        {{ user.username }} <b class="caret"></b>
+                        {{ user.username }} <span class="caret"></span>
                    </span>
                </button>
-                <ul class="dropdown-menu">
+                <ul class="dropdown-menu" aria-labelledby="dropdownMenu2">
                    <li>
                        <a href="{% url 'passbook_core:user-settings' %}">{% trans 'User Settings' %}</a>
                    </li>
@ -53,21 +55,129 @@
                </ul>
            </li>
        </ul>
-        {% is_active_app 'passbook_admin' as is_admin %}
+    </nav>
-        <ul class="nav navbar-nav navbar-primary {% if is_admin == 'active' %}persistent-secondary{% endif %}">
+</nav>
-            <li class="{% is_active_url 'passbook_core:overview' %}">
+<div class="nav-pf-vertical nav-pf-vertical-with-sub-menus hide-nav-pf">
-                <a href="{% url 'passbook_core:overview' %}">{% trans 'Overview' %}</a>
+    <ul class="list-group">
        <li class="list-group-item {% is_active_url 'passbook_core:overview' %}">
            <a href="{% url 'passbook_core:overview' %}">
                <span class="fa fa-dashboard" data-toggle="tooltip" title="{% trans 'Overview' %}"></span>
                <span class="list-group-item-value">{% trans 'Overview' %}</span>
            </a>
        </li>
        {% is_active_app 'passbook_admin' as is_admin %}
        {% if user.is_superuser %}
-            <li class="{% is_active_app 'passbook_admin' %}">
+        <li class="list-group-item {% is_active_app 'passbook_admin' %} secondary-nav-item-pf">
-                <a href="{% url 'passbook_admin:overview' %}">{% trans 'Administration' %}</a>
+            <a href="{% url 'passbook_admin:overview' %}">
-                {% block nav_secondary %}
+                <span class="pficon pficon-user" data-toggle="tooltip" title=""
-                {% endblock %}
+                    data-original-title="{% trans 'Administration' %}"></span>
                <span class="list-group-item-value dropdown-title">{% trans 'Administration' %}</span>
            </a>
            <div id="user-secondary" class="nav-pf-secondary-nav">
                <div class="nav-item-pf-header">
                    <a href="#0" class="secondary-collapse-toggle-pf" data-toggle="collapse-secondary-nav"></a>
                    <span>{% trans 'Administration' %}</span>
                </div>
                <ul class="list-group">
                    <li class="list-group-item {% is_active 'passbook_admin:overview' %}">
                        <a href="{% url 'passbook_admin:overview' %}">
                            <span class="list-group-item-value">
                                {% trans 'Overview' %}
                            </span>
                        </a>
                    </li>
                    <li
                        class="list-group-item {% is_active 'passbook_admin:applications' 'passbook_admin:application-create' 'passbook_admin:application-update' 'passbook_admin:application-delete' %}">
                        <a href="{% url 'passbook_admin:applications' %}">
                            <span class="list-group-item-value">
                                {% trans 'Applications' %}
                            </span>
                        </a>
                    </li>
                    <li
                        class="list-group-item {% is_active 'passbook_admin:sources' 'passbook_admin:source-create' 'passbook_admin:source-update' 'passbook_admin:source-delete' %}">
                        <a href="{% url 'passbook_admin:sources' %}">
                            <span class="list-group-item-value">
                                {% trans 'Sources' %}
                            </span>
                        </a>
                    </li>
                    <li
                        class="list-group-item {% is_active 'passbook_admin:providers' 'passbook_admin:provider-create' 'passbook_admin:provider-update' 'passbook_admin:provider-delete' %}">
                        <a href="{% url 'passbook_admin:providers' %}">
                            <span class="list-group-item-value">
                                {% trans 'Providers' %}
                            </span>
                        </a>
                    </li>
                    <li
                        class="list-group-item {% is_active 'passbook_admin:property-mappings' 'passbook_admin:property-mapping-create' 'passbook_admin:property-mapping-update' 'passbook_admin:property-mapping-delete' %}">
                        <a href="{% url 'passbook_admin:property-mappings' %}">
                            <span class="list-group-item-value">
                                {% trans 'Property Mappings' %}
                            </span>
                        </a>
                    </li>
                    <li
                        class="list-group-item {% is_active 'passbook_admin:factors' 'passbook_admin:factor-create' 'passbook_admin:factor-update' 'passbook_admin:factor-delete' %}">
                        <a href="{% url 'passbook_admin:factors' %}">
                            <span class="list-group-item-value">
                                {% trans 'Factors' %}
                            </span>
                        </a>
                    </li>
                    <li
                        class="list-group-item {% is_active 'passbook_admin:policies' 'passbook_admin:policy-create' 'passbook_admin:policy-update' 'passbook_admin:policy-delete' 'passbook_admin:policy-test' %}">
                        <a href="{% url 'passbook_admin:policies' %}">
                            <span class="list-group-item-value">
                                {% trans 'Policies' %}
                            </span>
                        </a>
                    </li>
                    <li
                        class="list-group-item {% is_active 'passbook_admin:invitations' 'passbook_admin:invitation-create' 'passbook_admin:invitation-update' 'passbook_admin:invitation-delete' 'passbook_admin:invitation-test' %}">
                        <a href="{% url 'passbook_admin:invitations' %}">
                            <span class="list-group-item-value">
                                {% trans 'Invitations' %}
                            </span>
                        </a>
                    </li>
                    <li
                        class="list-group-item {% is_active 'passbook_admin:users' 'passbook_admin:user-update' 'passbook_admin:user-delete' %}">
                        <a href="{% url 'passbook_admin:users' %}">
                            <span class="list-group-item-value">
                                {% trans 'Users' %}
                            </span>
                        </a>
                    </li>
                    <li
                        class="list-group-item {% is_active 'passbook_admin:groups' 'passbook_admin:group-update' 'passbook_admin:group-delete' %}">
                        <a href="{% url 'passbook_admin:groups' %}">
                            <span class="list-group-item-value">
                                {% trans 'Groups' %}
                            </span>
                        </a>
                    </li>
                    <li class="list-group-item {% is_active 'passbook_admin:audit-log' %}">
                        <a href="{% url 'passbook_admin:audit-log' %}">
                            <span class="list-group-item-value">
                                {% trans 'Audit Log' %}
                            </span>
                        </a>
                    </li>
                    <li class="list-group-item {% is_active_app 'admin' %}">
                        <a href="{% url 'admin:index' %}">
                            <span class="list-group-item-value">
                                {% trans 'Django' %}
                            </span>
                        </a>
                    </li>
                </ul>
            </div>
        </li>
        {% endif %}
    </ul>
 </div>
 </nav>
 <div class="container-fluid container-cards-pf">
    {% block content %}
    {% endblock %}
--- a/passbook/core/templates/user/base.html
+++ b/passbook/core/templates/user/base.html
@ -2,6 +2,7 @@
 {% load i18n %}
 {% load is_active %}
 {% load static %}
 {% load passbook_user_settings %}
 {% block content %}
@ -24,6 +25,15 @@
                    </a>
                </li>
                {% endfor %}
                <li class="nav-divider"></li>
                {% user_sources as us %}
                {% for name, icon, link in us %}
                <li class="{% if link == request.get_full_path %} active {% endif %}">
                    <a href="{{ link }}">
                        <img src="{% static icon %}" alt=""> {{ name }}
                    </a>
                </li>
                {% endfor %}
            </ul>
        </div>
    </div>
--- a/passbook/core/templatetags/passbook_user_settings.py
+++ b/passbook/core/templatetags/passbook_user_settings.py
@ -2,7 +2,7 @@
 from django import template
-from passbook.core.models import Factor
+from passbook.core.models import Factor, Source
 from passbook.core.policies import PolicyEngine
 register = template.Library()
@ -17,6 +17,20 @@ def user_factors(context):
        _link = factor.has_user_settings()
        policy_engine = PolicyEngine(factor.policies.all())
        policy_engine.for_user(user).with_request(context.get('request')).build()
-        if policy_engine.result[0] and _link:
+        if policy_engine.passing and _link:
            matching_factors.append(_link)
    return matching_factors
@register.simple_tag(takes_context=True)
 def user_sources(context):
    """Return a list of all sources which are enabled for the user"""
    user = context.get('request').user
    _all_sources = Source.objects.filter(enabled=True).select_subclasses()
    matching_sources = []
    for factor in _all_sources:
        _link = factor.has_user_settings()
        policy_engine = PolicyEngine(factor.policies.all())
        policy_engine.for_user(user).with_request(context.get('request')).build()
        if policy_engine.passing and _link:
            matching_sources.append(_link)
    return matching_sources
--- a/passbook/core/tests/test_auth_view.py
+++ b/passbook/core/tests/test_auth_view.py
@ -0,0 +1,133 @@
 """passbook Core Authentication Test"""
 import string
 from random import SystemRandom
 from django.contrib.auth.models import AnonymousUser
 from django.contrib.sessions.middleware import SessionMiddleware
 from django.test import RequestFactory, TestCase
 from django.urls import reverse
 from passbook.core.auth.view import AuthenticationView
 from passbook.core.models import DummyFactor, PasswordFactor, User
 class TestFactorAuthentication(TestCase):
    """passbook Core Authentication Test"""
    def setUp(self):
        super().setUp()
        self.password = ''.join(SystemRandom().choice(
            string.ascii_uppercase + string.digits) for _ in range(8))
        self.factor, _ = PasswordFactor.objects.get_or_create(slug='password', defaults={
            'name': 'password',
            'slug': 'password',
            'order': 0,
            'backends': ['django.contrib.auth.backends.ModelBackend']
        })
        self.user = User.objects.create_user(username='test',
                                             email='test@test.test',
                                             password=self.password)
    def test_unauthenticated_raw(self):
        """test direct call to AuthenticationView"""
        response = self.client.get(reverse('passbook_core:auth-process'))
        # Response should be 302 since no pending user is set
        self.assertEqual(response.status_code, 302)
        self.assertEqual(response.url, reverse('passbook_core:auth-login'))
    def test_unauthenticated_prepared(self):
        """test direct call but with pending_uesr in session"""
        request = RequestFactory().get(reverse('passbook_core:auth-process'))
        request.user = AnonymousUser()
        request.session = {}
        request.session[AuthenticationView.SESSION_PENDING_USER] = self.user.pk
        response = AuthenticationView.as_view()(request)
        self.assertEqual(response.status_code, 200)
    def test_no_factors(self):
        """Test with all factors disabled"""
        self.factor.enabled = False
        self.factor.save()
        request = RequestFactory().get(reverse('passbook_core:auth-process'))
        request.user = AnonymousUser()
        request.session = {}
        request.session[AuthenticationView.SESSION_PENDING_USER] = self.user.pk
        response = AuthenticationView.as_view()(request)
        self.assertEqual(response.status_code, 302)
        self.assertEqual(response.url, reverse('passbook_core:auth-denied'))
        self.factor.enabled = True
        self.factor.save()
    def test_authenticated(self):
        """Test with already logged in user"""
        self.client.force_login(self.user)
        response = self.client.get(reverse('passbook_core:auth-process'))
        # Response should be 302 since no pending user is set
        self.assertEqual(response.status_code, 302)
        self.assertEqual(response.url, reverse('passbook_core:overview'))
        self.client.logout()
    def test_unauthenticated_post(self):
        """Test post request as unauthenticated user"""
        request = RequestFactory().post(reverse('passbook_core:auth-process'), data={
            'password': self.password
        })
        request.user = AnonymousUser()
        middleware = SessionMiddleware()
        middleware.process_request(request)
        request.session.save()
        request.session[AuthenticationView.SESSION_PENDING_USER] = self.user.pk
        response = AuthenticationView.as_view()(request)
        self.assertEqual(response.status_code, 302)
        self.assertEqual(response.url, reverse('passbook_core:overview'))
        self.client.logout()
    def test_unauthenticated_post_invalid(self):
        """Test post request as unauthenticated user"""
        request = RequestFactory().post(reverse('passbook_core:auth-process'), data={
            'password': self.password + 'a'
        })
        request.user = AnonymousUser()
        middleware = SessionMiddleware()
        middleware.process_request(request)
        request.session.save()
        request.session[AuthenticationView.SESSION_PENDING_USER] = self.user.pk
        response = AuthenticationView.as_view()(request)
        self.assertEqual(response.status_code, 200)
        self.client.logout()
    def test_multifactor(self):
        """Test view with multiple active factors"""
        DummyFactor.objects.get_or_create(name='dummy',
                                          slug='dummy',
                                          order=1)
        request = RequestFactory().post(reverse('passbook_core:auth-process'), data={
            'password': self.password
        })
        request.user = AnonymousUser()
        middleware = SessionMiddleware()
        middleware.process_request(request)
        request.session.save()
        request.session[AuthenticationView.SESSION_PENDING_USER] = self.user.pk
        response = AuthenticationView.as_view()(request)
        session_copy = request.session.items()
        self.assertEqual(response.status_code, 302)
        # Verify view redirects to itself after auth
        self.assertEqual(response.url, reverse('passbook_core:auth-process'))
        # Run another request with same session which should result in a logged in user
        request = RequestFactory().post(reverse('passbook_core:auth-process'))
        request.user = AnonymousUser()
        middleware = SessionMiddleware()
        middleware.process_request(request)
        for key, value in session_copy:
            request.session[key] = value
        request.session.save()
        response = AuthenticationView.as_view()(request)
        self.assertEqual(response.status_code, 302)
        self.assertEqual(response.url, reverse('passbook_core:overview'))
--- a/passbook/core/tests/test_views_utils.py
+++ b/passbook/core/tests/test_views_utils.py
@ -1,7 +1,10 @@
 """passbook util view tests"""
 import string
 from random import SystemRandom
 from django.test import RequestFactory, TestCase
 from passbook.core.models import User
 from passbook.core.views.utils import LoadingView, PermissionDeniedView
@ -9,6 +12,11 @@ class TestUtilViews(TestCase):
    """Test Utility Views"""
    def setUp(self):
        self.user = User.objects.create_superuser(
            username='unittest user',
            email='unittest@example.com',
            password=''.join(SystemRandom().choice(
                string.ascii_uppercase + string.digits) for _ in range(8)))
        self.factory = RequestFactory()
    def test_loading_view(self):
@ -21,5 +29,6 @@ class TestUtilViews(TestCase):
    def test_permission_denied_view(self):
        """Test PermissionDeniedView"""
        request = self.factory.get('something')
        request.user = self.user
        response = PermissionDeniedView.as_view()(request)
        self.assertEqual(response.status_code, 200)
--- a/passbook/core/views/access.py
+++ b/passbook/core/views/access.py
@ -5,6 +5,7 @@ from django.contrib import messages
 from django.utils.translation import gettext as _
 from passbook.core.models import Application
 from passbook.core.policies import PolicyEngine
 LOGGER = getLogger(__name__)
@ -28,4 +29,6 @@ class AccessMixin:
    def user_has_access(self, application, user):
        """Check if user has access to application."""
        LOGGER.debug("Checking permissions of %s on application %s...", user, application)
-        return application.user_is_authorized(user)
+        policy_engine = PolicyEngine(application.policies.all())
        policy_engine.for_user(user).with_request(self.request).build()
        return policy_engine.result
--- a/passbook/core/views/user.py
+++ b/passbook/core/views/user.py
@ -1,6 +1,7 @@
 """passbook core user views"""
 from django.contrib import messages
 from django.contrib.auth import logout, update_session_auth_hash
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib.messages.views import SuccessMessageMixin
 from django.forms.utils import ErrorList
 from django.shortcuts import redirect, reverse
@ -13,7 +14,7 @@ from passbook.core.forms.users import PasswordChangeForm, UserDetailForm
 from passbook.lib.config import CONFIG
-class UserSettingsView(SuccessMessageMixin, UpdateView):
+class UserSettingsView(SuccessMessageMixin, LoginRequiredMixin, UpdateView):
    """Update User settings"""
    template_name = 'user/settings.html'
@ -25,7 +26,8 @@ class UserSettingsView(SuccessMessageMixin, UpdateView):
    def get_object(self):
        return self.request.user
-class UserDeleteView(DeleteView):
+
 class UserDeleteView(LoginRequiredMixin, DeleteView):
    """Delete user account"""
    template_name = 'generic/delete.html'
@ -38,7 +40,8 @@ class UserDeleteView(DeleteView):
        logout(self.request)
        return reverse('passbook_core:auth-login')
-class UserChangePasswordView(FormView):
+
 class UserChangePasswordView(LoginRequiredMixin, FormView):
    """View for users to update their password"""
    form_class = PasswordChangeForm
--- a/passbook/core/views/utils.py
+++ b/passbook/core/views/utils.py
@ -1,5 +1,5 @@
 """passbook core utils view"""
-
+from django.contrib.auth.mixins import LoginRequiredMixin
 from django.utils.translation import ugettext as _
 from django.views.generic import TemplateView
@ -21,7 +21,7 @@ class LoadingView(TemplateView):
        kwargs['target_url'] = self.get_url()
        return super().get_context_data(**kwargs)
-class PermissionDeniedView(TemplateView):
+class PermissionDeniedView(LoginRequiredMixin, TemplateView):
    """Generic Permission denied view"""
    template_name = 'login/denied.html'
--- a/passbook/hibp_policy/init.py
+++ b/passbook/hibp_policy/init.py
@ -1,2 +1,2 @@
 """passbook hibp_policy"""
-__version__ = '0.1.4-beta'
+__version__ = '0.1.20-beta'
--- a/passbook/hibp_policy/forms.py
+++ b/passbook/hibp_policy/forms.py
@ -1,6 +1,8 @@
 """passbook HaveIBeenPwned Policy forms"""
 from django import forms
 from django.contrib.admin.widgets import FilteredSelectMultiple
 from django.utils.translation import gettext as _
 from passbook.core.forms.policies import GENERAL_FIELDS
 from passbook.hibp_policy.models import HaveIBeenPwendPolicy
@ -16,4 +18,5 @@ class HaveIBeenPwnedPolicyForm(forms.ModelForm):
        widgets = {
            'name': forms.TextInput(),
            'order': forms.NumberInput(),
            'policies': FilteredSelectMultiple(_('policies'), False)
        }
--- a/passbook/ldap/init.py
+++ b/passbook/ldap/init.py
@ -1,2 +1,2 @@
 """Passbook ldap app Header"""
-__version__ = '0.1.4-beta'
+__version__ = '0.1.20-beta'
--- a/passbook/ldap/forms.py
+++ b/passbook/ldap/forms.py
@ -1,10 +1,12 @@
 """passbook LDAP Forms"""
 from django import forms
 from django.contrib.admin.widgets import FilteredSelectMultiple
 from django.utils.translation import gettext_lazy as _
 from passbook.admin.forms.source import SOURCE_FORM_FIELDS
-from passbook.ldap.models import LDAPSource
+from passbook.core.forms.policies import GENERAL_FIELDS
 from passbook.ldap.models import LDAPGroupMembershipPolicy, LDAPSource
 class LDAPSourceForm(forms.ModelForm):
@ -23,6 +25,7 @@ class LDAPSourceForm(forms.ModelForm):
            'bind_password': forms.TextInput(),
            'domain': forms.TextInput(),
            'base_dn': forms.TextInput(),
            'policies': FilteredSelectMultiple(_('policies'), False)
        }
        labels = {
            'server_uri': _('Server URI'),
@ -30,58 +33,18 @@ class LDAPSourceForm(forms.ModelForm):
            'base_dn': _('Base DN'),
        }
 # class GeneralSettingsForm(SettingsForm):
 #     """general settings form"""
 #     MODE_AUTHENTICATION_BACKEND = 'auth_backend'
 #     MODE_CREATE_USERS = 'create_users'
 #     MODE_CHOICES = (
 #         (MODE_AUTHENTICATION_BACKEND, _('Authentication Backend')),
 #         (MODE_CREATE_USERS, _('Create Users'))
 #     )
-#     namespace = 'passbook.ldap'
+class LDAPGroupMembershipPolicyForm(forms.ModelForm):
-#     settings = ['enabled', 'mode']
+    """LDAPGroupMembershipPolicy Form"""
-#     widgets = {
+    class Meta:
 #         'enabled': forms.BooleanField(required=False),
 #         'mode': forms.ChoiceField(widget=forms.RadioSelect, choices=MODE_CHOICES),
 #     }
-
+        model = LDAPGroupMembershipPolicy
-# class ConnectionSettings(SettingsForm):
+        fields = GENERAL_FIELDS + ['dn', ]
-#     """Connection settings form"""
+        widgets = {
-
+            'name': forms.TextInput(),
-#     namespace = 'passbook.ldap'
+            'dn': forms.TextInput(),
-#     settings = ['server', 'server:tls', 'bind:user', 'bind:password', 'domain']
+        }
-
+        labels = {
-#     attrs_map = {
+            'dn': _('DN')
-#         'server': {'placeholder': 'dc1.corp.exmaple.com'},
+        }
 #         'bind:user': {'placeholder': 'Administrator'},
 #         'domain': {'placeholder': 'corp.example.com'},
 #     }
 #     widgets = {
 #         'server:tls': forms.BooleanField(required=False, label=_('Server TLS')),
 #     }
 # class AuthenticationBackendSettings(SettingsForm):
 #     """Authentication backend settings"""
 #     namespace = 'passbook.ldap'
 #     settings = ['base']
 #     attrs_map = {
 #         'base': {'placeholder': 'DN in which to search for users'},
 #     }
 # class CreateUsersSettings(SettingsForm):
 #     """Create users settings"""
 #     namespace = 'passbook.ldap'
 #     settings = ['create_base']
 #     attrs_map = {
 #         'create_base': {'placeholder': 'DN in which to create users'},
 #     }
--- a/passbook/ldap/migrations/0002_ldapgroupmembershippolicy.py
+++ b/passbook/ldap/migrations/0002_ldapgroupmembershippolicy.py
@ -0,0 +1,28 @@
 # Generated by Django 2.1.7 on 2019-03-10 18:38
 import django.db.models.deletion
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('passbook_core', '0020_groupmembershippolicy'),
        ('passbook_ldap', '0001_initial'),
    ]
    operations = [
        migrations.CreateModel(
            name='LDAPGroupMembershipPolicy',
            fields=[
                ('policy_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.Policy')),
                ('dn', models.TextField()),
                ('source', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='passbook_ldap.LDAPSource')),
            ],
            options={
                'verbose_name': 'LDAP Group Membership Policy',
                'verbose_name_plural': 'LDAP Group Membership Policys',
            },
            bases=('passbook_core.policy',),
        ),
    ]
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Jens Langhammer	a53a269a8c	bump version: 0.1.19-beta -> 0.1.20-beta	2019-03-13 16:51:43 +01:00
Jens Langhammer	59565a5286	prepare 0.1.20	2019-03-13 16:51:38 +01:00
Jens Langhammer	ae3c092238	add user settings for Sources	2019-03-13 16:49:30 +01:00
Jens Langhammer	e98e5e4e3e	fix GitHub Pretend again	2019-03-13 15:52:05 +01:00
Jens Langhammer	d50c7ec8d4	bump version: 0.1.18-beta -> 0.1.19-beta	2019-03-13 15:16:48 +01:00
Jens Langhammer	c0fdf377d1	prepare 0.1.18	2019-03-13 15:14:36 +01:00
Jens Langhammer	70c11c8988	fix GitHub Pretend throwing a 500 error	2019-03-13 15:12:13 +01:00
Jens Langhammer	67b19becc1	fix API Call for sentry-client, add missing template	2019-03-13 14:27:34 +01:00
Jens Langhammer	ae64024ef4	bump version: 0.1.17-beta -> 0.1.18-beta	2019-03-13 11:31:05 +01:00
Jens Langhammer	e6571826cb	adjust versions for client packages, auto build client-packages	2019-03-12 17:30:57 +01:00
Jens Langhammer	c621e61978	fix included yaml file	2019-03-12 17:19:13 +01:00
Jens Langhammer	3626fa4b98	add sentry client	2019-03-12 17:18:08 +01:00
Jens Langhammer	01b0eb159a	fix Server Error when downloading metadata	2019-03-12 17:08:53 +01:00
Jens Langhammer	63aa48d981	bump version: 0.1.16-beta -> 0.1.17-beta	2019-03-12 15:55:18 +01:00
Jens Langhammer	2e0ba05d55	prepare 0.1.17	2019-03-12 15:55:14 +01:00
Jens Langhammer	b2ac57bb67	switch to vertical navigation	2019-03-12 13:35:09 +01:00
Jens Langhammer	4c22e5c2c8	don't use celery heartbeat, use TCP keepalive instead	2019-03-12 13:34:54 +01:00
Jens Langhammer	4a7b0ec8a9	remove Application.user_is_authorized	2019-03-12 10:56:01 +01:00
Jens Langhammer	330118249e	bump version: 0.1.15-beta -> 0.1.16-beta	2019-03-11 21:35:11 +01:00
Jens Langhammer	8d4dabde02	finalize RabbitMQ replacement, update debian package, remove redis tgz	2019-03-11 21:35:06 +01:00
Jens Langhammer	cf7323c41b	bump version: 0.1.14-beta -> 0.1.15-beta	2019-03-11 21:01:18 +01:00
Jens Langhammer	edd856df7d	redis -> rabbitmq	2019-03-11 20:46:19 +01:00
Jens Langhammer	5e35859db6	bump version: 0.1.13-beta -> 0.1.14-beta	2019-03-11 11:44:34 +01:00
Jens Langhammer	acabb2df54	fix unittests	2019-03-11 11:44:12 +01:00
Jens Langhammer	e6376a05f7	bump version: 0.1.12-beta -> 0.1.13-beta	2019-03-11 11:31:12 +01:00
Jens Langhammer	1f45aff7ad	prepare 0.1.13	2019-03-11 11:31:06 +01:00
Jens Langhammer	e1f1f617b6	fix UserChangePasswordView not requiring Login	2019-03-11 11:25:59 +01:00
Jens Langhammer	2690675dca	allow custom email server for helm installs	2019-03-11 11:03:25 +01:00
Jens Langhammer	7529b51358	Fix DoesNotExist error when running PolicyEngine against None user	2019-03-11 10:52:50 +01:00
Jens Langhammer	c394066d99	bump version: 0.1.11-beta -> 0.1.12-beta	2019-03-11 09:51:00 +01:00
Jens Langhammer	9c585032ef	prepare 0.1.12-beta	2019-03-11 09:50:57 +01:00
Jens Langhammer	d408031304	fix OAuth Authorization View not requiring authentication	2019-03-11 09:48:36 +01:00
Jens Langhammer	c47bc11ec0	disable automatic k8s deployment for now	2019-03-11 09:47:06 +01:00
Jens Langhammer	1deb094afe	install updated helm release from local folder	2019-03-10 21:47:22 +01:00
Jens Langhammer	501fed1922	rewrite PasswordFactor to use backends setting instead of trying all backends	2019-03-10 21:47:08 +01:00
Jens Langhammer	ad8125ac1c	bump version: 0.1.10-beta -> 0.1.11-beta	2019-03-10 19:56:30 +01:00
Jens Langhammer	b42a551fb2	prepare 0.1.11	2019-03-10 19:56:27 +01:00
Jens Langhammer	3256be23df	Merge branch '23-groups' into 'master' Resolve "Group Management" Closes #23 See merge request BeryJu.org/passbook!9	2019-03-10 18:49:01 +00:00
Jens Langhammer	f7c0c0146a	add LDAP Group Membership Policy	2019-03-10 19:45:16 +01:00
Jens Langhammer	e4baf8c21e	Add Group Member policy	2019-03-10 19:32:18 +01:00
Jens Langhammer	364f040b36	always use FilteredSelectMultiple for many-to-many fields	2019-03-10 18:34:09 +01:00
Jens Langhammer	2b8c2b2346	use Django's Admin FilteredSelectMultiple for Group Membership	2019-03-10 18:06:06 +01:00
Jens Langhammer	5f861189e4	Merge branch 'master' into 23-groups # Conflicts: # passbook/admin/templates/administration/base.html	2019-03-10 17:13:29 +01:00
Jens Langhammer	5e11b6687e	automatically deploy after release	2019-03-10 17:08:33 +01:00
Jens Langhammer	c4b429825d	fix helm labels being on deployments and not pods	2019-03-10 16:39:41 +01:00
Jens Langhammer	eebbae0677	bump version: 0.1.9-beta -> 0.1.10-beta	2019-03-10 15:54:50 +01:00
Jens Langhammer	42b30f4507	prepare 0.1.10 release	2019-03-10 15:53:38 +01:00
Jens Langhammer	0e425418df	better show loading state when testing a policy	2019-03-10 15:46:49 +01:00
Jens Langhammer	7fe0300b86	Fix button on policy test page	2019-03-10 15:36:49 +01:00
Jens Langhammer	c012c6be5c	fix k8s service routing http traffic to workers	2019-03-10 15:34:24 +01:00
Jens Langhammer	a5dc193cfd	bump version: 0.1.8-beta -> 0.1.9-beta	2019-03-10 12:17:48 +01:00
Jens Langhammer	7507ad2620	Merge branch '24-impersonate' into 'master' Resolve "Impersonate user" Closes #24 See merge request BeryJu.org/passbook!11	2019-03-10 01:47:29 +00:00
Jens Langhammer	f1291fec8d	add impersonation middleware, add to templates	2019-03-10 02:41:31 +01:00
Jens Langhammer	37aeeea239	slightly refactor Factor View, add more unittests	2019-03-10 02:08:09 +01:00
Jens Langhammer	0fa1fc86da	add more Verbosity to PolicyEngine, rewrite SAML Authorisation check	2019-03-10 02:07:48 +01:00
Jens Langhammer	c3034ab9ac	consistently using PolicyEngine	2019-03-10 02:07:18 +01:00
Jens Langhammer	76694e037a	bump version: 0.1.7-beta -> 0.1.8-beta	2019-03-08 21:43:35 +01:00
Jens Langhammer	787db41cc3	prepare for 0.1.7	2019-03-08 21:43:33 +01:00
Jens Langhammer	74da3df7cd	bump version: 0.1.6-beta -> 0.1.7-beta	2019-03-08 21:37:59 +01:00
Jens Langhammer	a6e435bd70	prepare debian changelog for 0.1.6	2019-03-08 21:37:55 +01:00
Jens Langhammer	c313b496aa	Improve access control for saml	2019-03-08 21:30:16 +01:00
Jens Langhammer	a7eaa74191	fix MATCH_EXACT not working as intended	2019-03-08 21:20:38 +01:00
Jens Langhammer	11ecdc4fcf	bump version: 0.1.5-beta -> 0.1.6-beta	2019-03-08 20:39:27 +01:00
Jens Langhammer	2f7781b67a	fix captcha factor not loading keys from Factor class	2019-03-08 20:08:28 +01:00
Jens Langhammer	296d4f691a	add passing property to PolicyEngine	2019-03-08 19:49:53 +01:00
Jens Langhammer	64033031b1	remove audit's login attempt	2019-03-08 19:45:50 +01:00
Jens Langhammer	9daff7608d	fix password not getting set on user import	2019-03-08 19:45:41 +01:00
Jens Langhammer	0a4af80b9b	fix static files missing for debian package	2019-03-08 16:41:52 +01:00
Jens Langhammer	a54adb05c4	bump version: 0.1.4-beta -> 0.1.5-beta	2019-03-08 16:03:52 +01:00
Jens Langhammer	43a389e596	Merge branch '22-custom-property-mapping' into 'master' Resolve "Custom Property Mapping" Closes #22 See merge request BeryJu.org/passbook!8	2019-03-08 15:03:08 +00:00
Jens Langhammer	2d7e8f1b50	add group administration	2019-03-08 15:49:45 +01:00
Jens Langhammer	cf11f6b121	format data before inserting it	2019-03-08 15:16:25 +01:00
Jens Langhammer	6dcdf7bcce	add custom DynamicArrayField to better handle arrays	2019-03-08 15:11:01 +01:00
Jens Langhammer	56d872af15	add PropertyMapping Model, add Subclass for SAML, test with AWS	2019-03-08 12:47:50 +01:00
Jens Langhammer	ca663d16fc	fix debian build (again)	2019-03-07 20:58:18 +01:00
Jens Langhammer	e05c18b19b	implicitly add kubernetes-healthcheck-host in helm configmap	2019-03-07 17:11:55 +01:00
		`@ -1,2 +0,0 @@`
			`passbook-dbgsym_0.1.3_amd64.ddeb debug optional`
			`passbook_0.1.3_amd64.deb admin optional`
`@ -1,2 +1,2 @@`
	`"""passbook"""`	`"""passbook"""`
	`__version__ = '0.1.4-beta'`	`__version__ = '0.1.20-beta'`
`@ -1,2 +1,2 @@`
	`"""passbook admin"""`	`"""passbook admin"""`
	`__version__ = '0.1.4-beta'`	`__version__ = '0.1.20-beta'`
`@ -1,2 +1,2 @@`
	`"""passbook api"""`	`"""passbook api"""`
	`__version__ = '0.1.4-beta'`	`__version__ = '0.1.20-beta'`
`@ -1,2 +1,2 @@`
	`"""passbook audit Header"""`	`"""passbook audit Header"""`
	`__version__ = '0.1.4-beta'`	`__version__ = '0.1.20-beta'`
`@ -1,2 +1,2 @@`
	`"""passbook captcha_factor Header"""`	`"""passbook captcha_factor Header"""`
	`__version__ = '0.1.4-beta'`	`__version__ = '0.1.20-beta'`
`@ -1,2 +1,2 @@`
	`"""passbook core"""`	`"""passbook core"""`
	`__version__ = '0.1.4-beta'`	`__version__ = '0.1.20-beta'`
`@ -1,2 +1,2 @@`
	`<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"`	`<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"`
	width="270px" height="10px" viewBox="0 0 270 10" enable-background="new 0 0 270 10" xml:space="preserve"><defs><style>.cls-1{isolation:isolate;}.cls-2{fill:#fff;}</style></defs><g class="cls-1"><path class="cls-2" d="M1.65,11V2.45H2.87V3a2.81,2.81,0,0,1,.47-.45A1.13,1.13,0,0,1,4,2.38,1.11,1.11,0,0,1,5.1,3a1.55,1.55,0,0,1,.16.5,5.61,5.61,0,0,1,0,.81V6.58c0,.45,0,.77,0,1a1.17,1.17,0,0,1-.55.9,1.23,1.23,0,0,1-.7.16,1.35,1.35,0,0,1-.64-.16A1.53,1.53,0,0,1,2.89,8h0v3ZM4.08,4.43a1.21,1.21,0,0,0-.14-.6.51.51,0,0,0-.46-.22A.54.54,0,0,0,3,3.82a.8.8,0,0,0-.17.54V6.73A.68.68,0,0,0,3,7.2a.6.6,0,0,0,.44.18A.53.53,0,0,0,4,7.17a1,1,0,0,0,.12-.5Z"/><path class="cls-2" d="M8.63,8.54V7.91h0a2.24,2.24,0,0,1-.48.52,1.13,1.13,0,0,1-.69.18A1.39,1.39,0,0,1,7,8.54a1.09,1.09,0,0,1-.43-.24,1.32,1.32,0,0,1-.33-.49A2.33,2.33,0,0,1,6.11,7a4.89,4.89,0,0,1,.08-.91,1.51,1.51,0,0,1,.31-.65,1.44,1.44,0,0,1,.59-.38A3.19,3.19,0,0,1,8,4.93h.59V4.33a1,1,0,0,0-.13-.52A.52.52,0,0,0,8,3.61a.71.71,0,0,0-.44.15.78.78,0,0,0-.26.46H6.13A2,2,0,0,1,6.69,2.9a1.73,1.73,0,0,1,.57-.38A2,2,0,0,1,8,2.38a2.18,2.18,0,0,1,.72.12,1.71,1.71,0,0,1,.59.36,2,2,0,0,1,.38.6,2.18,2.18,0,0,1,.14.84V8.54Zm0-2.62-.34,0a1.2,1.2,0,0,0-.67.18.76.76,0,0,0-.29.68.89.89,0,0,0,.17.56A.55.55,0,0,0,8,7.53a.63.63,0,0,0,.49-.2.91.91,0,0,0,.17-.58Z"/><path class="cls-2" d="M13,4.16a.59.59,0,0,0-.2-.47.65.65,0,0,0-.42-.16.59.59,0,0,0-.45.19.66.66,0,0,0-.15.43.8.8,0,0,0,.08.33.85.85,0,0,0,.44.29l.71.29a1.73,1.73,0,0,1,.95.72,2,2,0,0,1,.26,1,1.85,1.85,0,0,1-.52,1.3,1.56,1.56,0,0,1-.58.39,1.88,1.88,0,0,1-2-.32,1.58,1.58,0,0,1-.4-.57,1.81,1.81,0,0,1-.17-.8h1.15a1.11,1.11,0,0,0,.17.47.56.56,0,0,0,.49.22.71.71,0,0,0,.47-.18A.59.59,0,0,0,13,6.8a.69.69,0,0,0-.13-.43,1.08,1.08,0,0,0-.48-.32l-.59-.21a2.08,2.08,0,0,1-.9-.64,1.66,1.66,0,0,1-.33-1,1.89,1.89,0,0,1,.14-.72,1.78,1.78,0,0,1,.4-.57,1.5,1.5,0,0,1,.56-.36,1.82,1.82,0,0,1,.7-.13,1.93,1.93,0,0,1,.69.13,1.6,1.6,0,0,1,.54.38,1.85,1.85,0,0,1,.36.57,1.82,1.82,0,0,1,.13.7Z"/><path class="cls-2" d="M17.2,4.16a.63.63,0,0,0-.2-.47.69.69,0,0,0-.43-.16.55.55,0,0,0-.44.19.62.62,0,0,0-.16.43.68.68,0,0,0,.09.33.81.81,0,0,0,.43.29l.72.29a1.7,1.7,0,0,1,.94.72,2,2,0,0,1,.26,1,1.85,1.85,0,0,1-.52,1.3,1.61,1.61,0,0,1-.57.39,1.81,1.81,0,0,1-.74.15,1.76,1.76,0,0,1-1.24-.47,1.61,1.61,0,0,1-.41-.57,2,2,0,0,1-.17-.8h1.15a1.12,1.12,0,0,0,.18.47.53.53,0,0,0,.48.22.72.72,0,0,0,.48-.18.59.59,0,0,0,.21-.48.69.69,0,0,0-.14-.43,1,1,0,0,0-.48-.32l-.58-.21a2.06,2.06,0,0,1-.91-.64,1.66,1.66,0,0,1-.33-1A1.89,1.89,0,0,1,15,3.44a1.78,1.78,0,0,1,.4-.57,1.58,1.58,0,0,1,.56-.36,1.82,1.82,0,0,1,.7-.13,1.93,1.93,0,0,1,.69.13,1.75,1.75,0,0,1,.55.38,1.85,1.85,0,0,1,.36.57,2,2,0,0,1,.13.7Z"/><path class="cls-2" d="M19.2,8.54V0h1.22V3h0a1.53,1.53,0,0,1,.48-.47,1.39,1.39,0,0,1,.65-.16,1.26,1.26,0,0,1,.69.16,1.35,1.35,0,0,1,.4.39,1.18,1.18,0,0,1,.15.51,7.72,7.72,0,0,1,0,1V6.73a5.56,5.56,0,0,1-.05.8,1.56,1.56,0,0,1-.15.5,1.12,1.12,0,0,1-1.07.58,1.15,1.15,0,0,1-.7-.18A3.79,3.79,0,0,1,20.42,8v.55Zm2.44-4.21a1,1,0,0,0-.13-.51A.5.5,0,0,0,21,3.61a.57.57,0,0,0-.44.18.66.66,0,0,0-.18.48V6.63a.83.83,0,0,0,.17.54.52.52,0,0,0,.45.21.49.49,0,0,0,.45-.22,1.11,1.11,0,0,0,.15-.6Z"/><path class="cls-2" d="M23.76,4.49a4.83,4.83,0,0,1,0-.68A1.55,1.55,0,0,1,24,3.26a1.59,1.59,0,0,1,.62-.64,1.84,1.84,0,0,1,1-.24,1.87,1.87,0,0,1,1,.24,1.59,1.59,0,0,1,.62.64,1.55,1.55,0,0,1,.18.55,4.83,4.83,0,0,1,.05.68v2a4.72,4.72,0,0,1-.05.68,1.55,1.55,0,0,1-.18.55,1.59,1.59,0,0,1-.62.64,1.87,1.87,0,0,1-1,.24,1.84,1.84,0,0,1-1-.24A1.59,1.59,0,0,1,24,7.73a1.55,1.55,0,0,1-.18-.55,4.72,4.72,0,0,1,0-.68ZM25,6.69a.72.72,0,0,0,.17.52.53.53,0,0,0,.43.17A.55.55,0,0,0,26,7.21a.72.72,0,0,0,.16-.52V4.3A.74.74,0,0,0,26,3.78a.55.55,0,0,0-.44-.17.53.53,0,0,0-.43.17A.74.74,0,0,0,25,4.3Z"/><path class="cls-2" d="M28.2,4.49a4.83,4.83,0,0,1,.05-.68,1.55,1.55,0,0,1,.18-.55,1.59,1.59,0,0,1,.62-.64,1.84,1.84,0,0,1,1-.24,1.87,1.87,0,0,1,1,.24,1.59,1.59,0,0,1,.62.64,1.55,1.55,0,0,1,.18.55,4.83,4.83,0,0,1,.05.68v2a4.72,4.72,0,0,1-.05.68,1.55,1.55,0,0,1-.18.55,1.59,1.59,0,0,1-.62.64,1.87,1.87,0,0,1-1,.24,1.84,1.84,0,0,1-1-.24,1.59,1.59,0,0,1-.62-.64,1.55,1.55,0,0,1-.18-.55,4.72,4.72,0,0,1-.05-.68Zm1.22,2.2a.72.72,0,0,0,.17.52.53.53,0,0,0,.43.17.55.55,0,0,0,.44-.17.72.72,0,0,0,.16-.52V4.3a.74.74,0,0,0-.16-.52A.55.55,0,0,0,30,3.61a.53.53,0,0,0-.43.17.74.74,0,0,0-.17.52Z"/><path class="cls-2" d="M32.75,8.54V0H34V5.11h0l1.47-2.66H36.7L35.24,4.93,37,8.54H35.66l-1.1-2.63L34,6.83V8.54Z"/></g></svg>	width="270px" height="20px" viewBox="0 0 270 10" enable-background="new 0 0 270 10" xml:space="preserve"><defs><style>.cls-1{isolation:isolate;}.cls-2{fill:#fff;}</style></defs><g class="cls-1"><path class="cls-2" d="M1.65,11V2.45H2.87V3a2.81,2.81,0,0,1,.47-.45A1.13,1.13,0,0,1,4,2.38,1.11,1.11,0,0,1,5.1,3a1.55,1.55,0,0,1,.16.5,5.61,5.61,0,0,1,0,.81V6.58c0,.45,0,.77,0,1a1.17,1.17,0,0,1-.55.9,1.23,1.23,0,0,1-.7.16,1.35,1.35,0,0,1-.64-.16A1.53,1.53,0,0,1,2.89,8h0v3ZM4.08,4.43a1.21,1.21,0,0,0-.14-.6.51.51,0,0,0-.46-.22A.54.54,0,0,0,3,3.82a.8.8,0,0,0-.17.54V6.73A.68.68,0,0,0,3,7.2a.6.6,0,0,0,.44.18A.53.53,0,0,0,4,7.17a1,1,0,0,0,.12-.5Z"/><path class="cls-2" d="M8.63,8.54V7.91h0a2.24,2.24,0,0,1-.48.52,1.13,1.13,0,0,1-.69.18A1.39,1.39,0,0,1,7,8.54a1.09,1.09,0,0,1-.43-.24,1.32,1.32,0,0,1-.33-.49A2.33,2.33,0,0,1,6.11,7a4.89,4.89,0,0,1,.08-.91,1.51,1.51,0,0,1,.31-.65,1.44,1.44,0,0,1,.59-.38A3.19,3.19,0,0,1,8,4.93h.59V4.33a1,1,0,0,0-.13-.52A.52.52,0,0,0,8,3.61a.71.71,0,0,0-.44.15.78.78,0,0,0-.26.46H6.13A2,2,0,0,1,6.69,2.9a1.73,1.73,0,0,1,.57-.38A2,2,0,0,1,8,2.38a2.18,2.18,0,0,1,.72.12,1.71,1.71,0,0,1,.59.36,2,2,0,0,1,.38.6,2.18,2.18,0,0,1,.14.84V8.54Zm0-2.62-.34,0a1.2,1.2,0,0,0-.67.18.76.76,0,0,0-.29.68.89.89,0,0,0,.17.56A.55.55,0,0,0,8,7.53a.63.63,0,0,0,.49-.2.91.91,0,0,0,.17-.58Z"/><path class="cls-2" d="M13,4.16a.59.59,0,0,0-.2-.47.65.65,0,0,0-.42-.16.59.59,0,0,0-.45.19.66.66,0,0,0-.15.43.8.8,0,0,0,.08.33.85.85,0,0,0,.44.29l.71.29a1.73,1.73,0,0,1,.95.72,2,2,0,0,1,.26,1,1.85,1.85,0,0,1-.52,1.3,1.56,1.56,0,0,1-.58.39,1.88,1.88,0,0,1-2-.32,1.58,1.58,0,0,1-.4-.57,1.81,1.81,0,0,1-.17-.8h1.15a1.11,1.11,0,0,0,.17.47.56.56,0,0,0,.49.22.71.71,0,0,0,.47-.18A.59.59,0,0,0,13,6.8a.69.69,0,0,0-.13-.43,1.08,1.08,0,0,0-.48-.32l-.59-.21a2.08,2.08,0,0,1-.9-.64,1.66,1.66,0,0,1-.33-1,1.89,1.89,0,0,1,.14-.72,1.78,1.78,0,0,1,.4-.57,1.5,1.5,0,0,1,.56-.36,1.82,1.82,0,0,1,.7-.13,1.93,1.93,0,0,1,.69.13,1.6,1.6,0,0,1,.54.38,1.85,1.85,0,0,1,.36.57,1.82,1.82,0,0,1,.13.7Z"/><path class="cls-2" d="M17.2,4.16a.63.63,0,0,0-.2-.47.69.69,0,0,0-.43-.16.55.55,0,0,0-.44.19.62.62,0,0,0-.16.43.68.68,0,0,0,.09.33.81.81,0,0,0,.43.29l.72.29a1.7,1.7,0,0,1,.94.72,2,2,0,0,1,.26,1,1.85,1.85,0,0,1-.52,1.3,1.61,1.61,0,0,1-.57.39,1.81,1.81,0,0,1-.74.15,1.76,1.76,0,0,1-1.24-.47,1.61,1.61,0,0,1-.41-.57,2,2,0,0,1-.17-.8h1.15a1.12,1.12,0,0,0,.18.47.53.53,0,0,0,.48.22.72.72,0,0,0,.48-.18.59.59,0,0,0,.21-.48.69.69,0,0,0-.14-.43,1,1,0,0,0-.48-.32l-.58-.21a2.06,2.06,0,0,1-.91-.64,1.66,1.66,0,0,1-.33-1A1.89,1.89,0,0,1,15,3.44a1.78,1.78,0,0,1,.4-.57,1.58,1.58,0,0,1,.56-.36,1.82,1.82,0,0,1,.7-.13,1.93,1.93,0,0,1,.69.13,1.75,1.75,0,0,1,.55.38,1.85,1.85,0,0,1,.36.57,2,2,0,0,1,.13.7Z"/><path class="cls-2" d="M19.2,8.54V0h1.22V3h0a1.53,1.53,0,0,1,.48-.47,1.39,1.39,0,0,1,.65-.16,1.26,1.26,0,0,1,.69.16,1.35,1.35,0,0,1,.4.39,1.18,1.18,0,0,1,.15.51,7.72,7.72,0,0,1,0,1V6.73a5.56,5.56,0,0,1-.05.8,1.56,1.56,0,0,1-.15.5,1.12,1.12,0,0,1-1.07.58,1.15,1.15,0,0,1-.7-.18A3.79,3.79,0,0,1,20.42,8v.55Zm2.44-4.21a1,1,0,0,0-.13-.51A.5.5,0,0,0,21,3.61a.57.57,0,0,0-.44.18.66.66,0,0,0-.18.48V6.63a.83.83,0,0,0,.17.54.52.52,0,0,0,.45.21.49.49,0,0,0,.45-.22,1.11,1.11,0,0,0,.15-.6Z"/><path class="cls-2" d="M23.76,4.49a4.83,4.83,0,0,1,0-.68A1.55,1.55,0,0,1,24,3.26a1.59,1.59,0,0,1,.62-.64,1.84,1.84,0,0,1,1-.24,1.87,1.87,0,0,1,1,.24,1.59,1.59,0,0,1,.62.64,1.55,1.55,0,0,1,.18.55,4.83,4.83,0,0,1,.05.68v2a4.72,4.72,0,0,1-.05.68,1.55,1.55,0,0,1-.18.55,1.59,1.59,0,0,1-.62.64,1.87,1.87,0,0,1-1,.24,1.84,1.84,0,0,1-1-.24A1.59,1.59,0,0,1,24,7.73a1.55,1.55,0,0,1-.18-.55,4.72,4.72,0,0,1,0-.68ZM25,6.69a.72.72,0,0,0,.17.52.53.53,0,0,0,.43.17A.55.55,0,0,0,26,7.21a.72.72,0,0,0,.16-.52V4.3A.74.74,0,0,0,26,3.78a.55.55,0,0,0-.44-.17.53.53,0,0,0-.43.17A.74.74,0,0,0,25,4.3Z"/><path class="cls-2" d="M28.2,4.49a4.83,4.83,0,0,1,.05-.68,1.55,1.55,0,0,1,.18-.55,1.59,1.59,0,0,1,.62-.64,1.84,1.84,0,0,1,1-.24,1.87,1.87,0,0,1,1,.24,1.59,1.59,0,0,1,.62.64,1.55,1.55,0,0,1,.18.55,4.83,4.83,0,0,1,.05.68v2a4.72,4.72,0,0,1-.05.68,1.55,1.55,0,0,1-.18.55,1.59,1.59,0,0,1-.62.64,1.87,1.87,0,0,1-1,.24,1.84,1.84,0,0,1-1-.24,1.59,1.59,0,0,1-.62-.64,1.55,1.55,0,0,1-.18-.55,4.72,4.72,0,0,1-.05-.68Zm1.22,2.2a.72.72,0,0,0,.17.52.53.53,0,0,0,.43.17.55.55,0,0,0,.44-.17.72.72,0,0,0,.16-.52V4.3a.74.74,0,0,0-.16-.52A.55.55,0,0,0,30,3.61a.53.53,0,0,0-.43.17.74.74,0,0,0-.17.52Z"/><path class="cls-2" d="M32.75,8.54V0H34V5.11h0l1.47-2.66H36.7L35.24,4.93,37,8.54H35.66l-1.1-2.63L34,6.83V8.54Z"/></g></svg>
`@ -1,2 +1,2 @@`
	`"""passbook hibp_policy"""`	`"""passbook hibp_policy"""`
	`__version__ = '0.1.4-beta'`	`__version__ = '0.1.20-beta'`