new release: 0.10.8-stable

docs: add docs for Tautulli
closes #244
2020-09-30 14:59:02 +02:00 · 2020-09-30 14:32:23 +02:00 · 2020-09-30 14:31:55 +02:00 · 2020-09-30 13:29:11 +02:00 · 2020-09-30 13:14:42 +02:00 · 2020-09-30 12:44:50 +02:00
356 changed files with 7363 additions and 2539 deletions
--- a/.bumpversion.cfg
+++ b/.bumpversion.cfg
@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.10.0-rc5
+current_version = 0.10.8-stable
 tag = True
 commit = True
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-(?P<release>.*)
@ -15,10 +15,10 @@ values =
 	beta
 	stable
 [bumpversion:file:README.md]
 [bumpversion:file:docs/installation/docker-compose.md]
 [bumpversion:file:docs/installation/kubernetes.md]
 [bumpversion:file:docker-compose.yml]
 [bumpversion:file:helm/values.yaml]
@ -28,3 +28,5 @@ values =
 [bumpversion:file:.github/workflows/release.yml]
 [bumpversion:file:passbook/__init__.py]
 [bumpversion:file:proxy/pkg/version.go]
--- a/.coveragerc
+++ b/.coveragerc
@ -1,5 +1,6 @@
 [run]
 source = passbook
 relative_files = true
 omit =
    */asgi.py
    manage.py
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@ -0,0 +1,34 @@
 ---
 name: Bug report
 about: Create a report to help us improve
 title: ''
 labels: bug
 assignees: ''
 ---
 **Describe the bug**
 A clear and concise description of what the bug is.
 **To Reproduce**
 Steps to reproduce the behavior:
 1. Go to '...'
 2. Click on '....'
 3. Scroll down to '....'
 4. See error
 **Expected behavior**
 A clear and concise description of what you expected to happen.
 **Screenshots**
 If applicable, add screenshots to help explain your problem.
 **Logs**
 Output of docker-compose logs or kubectl logs respectively
 **Version and Deployment (please complete the following information):**
 - passbook version: [e.g. 0.10.0-stable]
 - Deployment: [e.g. docker-compose, helm]
 **Additional context**
 Add any other context about the problem here.
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@ -0,0 +1,20 @@
 ---
 name: Feature request
 about: Suggest an idea for this project
 title: ''
 labels: enhancement
 assignees: ''
 ---
 **Is your feature request related to a problem? Please describe.**
 A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
 **Describe the solution you'd like**
 A clear and concise description of what you want to happen.
 **Describe alternatives you've considered**
 A clear and concise description of any alternative solutions or features you've considered.
 **Additional context**
 Add any other context or screenshots about the feature request here.
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -0,0 +1,22 @@
 version: 2
 updates:
 - package-ecosystem: gomod
  directory: "/proxy"
  schedule:
    interval: daily
    time: "04:00"
  open-pull-requests-limit: 10
 - package-ecosystem: npm
  directory: "/passbook/static/static"
  schedule:
    interval: daily
    time: "04:00"
  open-pull-requests-limit: 10
 - package-ecosystem: pip
  directory: "/"
  schedule:
    interval: daily
    time: "04:00"
  open-pull-requests-limit: 10
  assignees:
  - BeryJu
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -2,7 +2,7 @@ name: passbook-on-release
 on:
  release:
-    types: [published]
+    types: [published, created]
 jobs:
  # Build
@ -18,11 +18,11 @@ jobs:
      - name: Building Docker Image
        run: docker build
          --no-cache
-          -t beryju/passbook:0.10.0-rc5
+          -t beryju/passbook:0.10.8-stable
          -t beryju/passbook:latest
          -f Dockerfile .
      - name: Push Docker Container to Registry (versioned)
-        run: docker push beryju/passbook:0.10.0-rc5
+        run: docker push beryju/passbook:0.10.8-stable
      - name: Push Docker Container to Registry (latest)
        run: docker push beryju/passbook:latest
  build-proxy:
@ -30,8 +30,10 @@ jobs:
    steps:
      - uses: actions/checkout@v1
      - uses: actions/setup-go@v2
-        version: "^1.15"
+        with:
-      - run: |
+          go-version: "^1.15"
      - name: prepare go api client
        run: |
          cd proxy
          go get -u github.com/go-swagger/go-swagger/cmd/swagger
          swagger generate client -f ../swagger.yaml -A passbook -t pkg/
@ -46,11 +48,11 @@ jobs:
          cd proxy
          docker build \
          --no-cache \
-          -t beryju/passbook-proxy:0.10.0-rc5 \
+          -t beryju/passbook-proxy:0.10.8-stable \
          -t beryju/passbook-proxy:latest \
          -f Dockerfile .
      - name: Push Docker Container to Registry (versioned)
-        run: docker push beryju/passbook-proxy:0.10.0-rc5
+        run: docker push beryju/passbook-proxy:0.10.8-stable
      - name: Push Docker Container to Registry (latest)
        run: docker push beryju/passbook-proxy:latest
  build-static:
@ -75,11 +77,11 @@ jobs:
        run: docker build
          --no-cache
          --network=$(docker network ls | grep github | awk '{print $1}')
-          -t beryju/passbook-static:0.10.0-rc5
+          -t beryju/passbook-static:0.10.8-stable
          -t beryju/passbook-static:latest
          -f static.Dockerfile .
      - name: Push Docker Container to Registry (versioned)
-        run: docker push beryju/passbook-static:0.10.0-rc5
+        run: docker push beryju/passbook-static:0.10.8-stable
      - name: Push Docker Container to Registry (latest)
        run: docker push beryju/passbook-static:latest
  test-release:
@ -91,10 +93,13 @@ jobs:
      - uses: actions/checkout@v1
      - name: Run test suite in final docker images
        run: |
          sudo apt-get install -y pwgen
          echo "PG_PASS=$(pwgen 40 1)" >> .env
          echo "PASSBOOK_SECRET_KEY=$(pwgen 50 1)" >> .env
          docker-compose pull -q
          docker-compose up --no-start
          docker-compose start postgresql redis
-          docker-compose run -u root --entrypoint /bin/bash server -c "pip install --no-cache -r requirements-dev.txt && ./manage.py test"
+          docker-compose run -u root --entrypoint /bin/bash server -c "pip install --no-cache -r requirements-dev.txt && ./manage.py test passbook"
  sentry-release:
    needs:
      - test-release
@ -109,5 +114,5 @@ jobs:
          SENTRY_PROJECT: passbook
          SENTRY_URL: https://sentry.beryju.org
        with:
-          tagName: 0.10.0-rc5
+          tagName: 0.10.8-stable
          environment: beryjuorg-prod
--- a/.github/workflows/tag.yml
+++ b/.github/workflows/tag.yml
@ -13,7 +13,10 @@ jobs:
      - uses: actions/checkout@master
      - name: Pre-release test
        run: |
-          export PASSBOOK_TAG=latest
+          sudo apt-get install -y pwgen
          echo "PASSBOOK_TAG=latest" >> .env
          echo "PG_PASS=$(pwgen 40 1)" >> .env
          echo "PASSBOOK_SECRET_KEY=$(pwgen 50 1)" >> .env
          docker-compose pull -q
          docker build \
            --no-cache \
@ -21,7 +24,7 @@ jobs:
            -f Dockerfile .
          docker-compose up --no-start
          docker-compose start postgresql redis
-          docker-compose run -u root --entrypoint /bin/bash server -c "pip install --no-cache -r requirements-dev.txt && ./manage.py test"
+          docker-compose run -u root --entrypoint /bin/bash server -c "pip install --no-cache -r requirements-dev.txt && ./manage.py test passbook"
      - name: Install Helm
        run: |
          apt update && apt install -y curl
@ -31,7 +34,7 @@ jobs:
          helm dependency update helm/
          helm package helm/
          mv passbook-*.tgz passbook-chart.tgz
-      - name: Extract verison number
+      - name: Extract version number
        id: get_version
        uses: actions/github-script@0.2.0
        with:
@ -46,7 +49,7 @@ jobs:
        with:
          tag_name: ${{ github.ref }}
          release_name: Release ${{ steps.get_version.outputs.result }}
-          draft: false
+          draft: true
          prerelease: false
      - name: Upload packaged Helm Chart
        id: upload-release-asset
--- a/.pylintrc
+++ b/.pylintrc
@ -1,9 +1,16 @@
 [MASTER]
 disable=arguments-differ,no-self-use,fixme,locally-disabled,too-many-ancestors,too-few-public-methods,import-outside-toplevel,bad-continuation,signature-differs,similarities,cyclic-import
 load-plugins=pylint_django,pylint.extensions.bad_builtin
 extension-pkg-whitelist=lxml
 # Allow constants to be shorter than normal (and lowercase, for settings.py)
 const-rgx=[a-zA-Z0-9_]{1,40}$
 ignored-modules=django-otp
 jobs=12
 ignore=migrations
 max-attributes=12
 jobs=12
--- a/6
+++ b/6
@ -17,10 +17,10 @@ COPY --from=locker /app/requirements-dev.txt /
 RUN apt-get update && \
    apt-get install -y --no-install-recommends postgresql-client-11 build-essential && \
-    rm -rf /var/lib/apt/ && \
+    apt-get clean && \
-    pip install -r /requirements.txt  --no-cache-dir && \
+    pip install -r /requirements.txt --no-cache-dir && \
    apt-get remove --purge -y build-essential && \
-    apt-get autoremove --purge && \
+    apt-get autoremove --purge -y && \
    adduser --system --no-create-home --uid 1000 --group --home /passbook passbook
 COPY ./passbook/ /passbook
--- a/16
+++ b/16
@ -1,20 +1,26 @@
 all: lint-fix lint coverage gen
 coverage:
-	coverage run --concurrency=multiprocessing manage.py test passbook --failfast
+	coverage run --concurrency=multiprocessing manage.py test --failfast -v 3
 	coverage combine
 	coverage html
 	coverage report
 lint-fix:
 	isort -rc .
-	black .
+	black passbook e2e lifecycle
 lint:
-	pyright
+	pyright pyright e2e lifecycle
-	bandit -r .
+	bandit -r passbook e2e lifecycle
-	pylint passbook
+	pylint passbook e2e lifecycle
 	prospector
 gen: coverage
 	./manage.py generate_swagger -o swagger.yaml -f yaml
 local-stack:
 	export PASSBOOK_TAG=testing
 	docker build -t beryju/passbook:testng .
 	docker-compose up -d
 	docker-compose run --rm server migrate
--- a/5
+++ b/5
@ -17,7 +17,7 @@ django-otp = "*"
 django-prometheus = "*"
 django-recaptcha = "*"
 django-redis = "*"
-django-rest-framework = "*"
+djangorestframework = "==3.11.1"
 django-storages = "*"
 djangorestframework-guardian = "*"
 drf-yasg = "*"
@ -59,5 +59,6 @@ docker = "*"
 pylint = "*"
 pylint-django = "*"
 selenium = "*"
 unittest-xml-reporting = "*"
 prospector = "*"
 pytest = "*"
 pytest-django = "*"
--- a/Pipfile.lock
+++ b/Pipfile.lock
@ -1,7 +1,7 @@
 {
    "_meta": {
        "hash": {
-            "sha256": "a798bbd0b97857cac136c1743b8d6ad8bf8c3d95e2760c71d324bb2a7f47f678"
+            "sha256": "39e0a747699dc7e528a215395cc505b380e40e6bd0295fdf4c373a871a9bde96"
        },
        "pipfile-spec": 6,
        "requires": {
@ -16,6 +16,24 @@
        ]
    },
    "default": {
        "aiohttp": {
            "hashes": [
                "sha256:1e984191d1ec186881ffaed4581092ba04f7c61582a177b187d3a2f07ed9719e",
                "sha256:259ab809ff0727d0e834ac5e8a283dc5e3e0ecc30c4d80b3cd17a4139ce1f326",
                "sha256:2f4d1a4fdce595c947162333353d4a44952a724fba9ca3205a3df99a33d1307a",
                "sha256:32e5f3b7e511aa850829fbe5aa32eb455e5534eaa4b1ce93231d00e2f76e5654",
                "sha256:344c780466b73095a72c616fac5ea9c4665add7fc129f285fbdbca3cccf4612a",
                "sha256:460bd4237d2dbecc3b5ed57e122992f60188afe46e7319116da5eb8a9dfedba4",
                "sha256:4c6efd824d44ae697814a2a85604d8e992b875462c6655da161ff18fd4f29f17",
                "sha256:50aaad128e6ac62e7bf7bd1f0c0a24bc968a0c0590a726d5a955af193544bcec",
                "sha256:6206a135d072f88da3e71cc501c59d5abffa9d0bb43269a6dcd28d66bfafdbdd",
                "sha256:65f31b622af739a802ca6fd1a3076fd0ae523f8485c52924a89561ba10c49b48",
                "sha256:ae55bac364c405caa23a4f2d6cfecc6a0daada500274ffca4a9230e7129eac59",
                "sha256:b778ce0c909a2653741cb4b1ac7015b5c130ab9c897611df43ae6a58523cb965"
            ],
            "markers": "python_version >= '3.6'",
            "version": "==3.6.2"
        },
        "aioredis": {
            "hashes": [
                "sha256:15f8af30b044c771aee6787e5ec24694c048184c7b9e54c3b60c750a4b93273a",
@ -25,10 +43,10 @@
        },
        "amqp": {
            "hashes": [
-                "sha256:70cdb10628468ff14e57ec2f751c7aa9e48e7e3651cfd62d431213c0c4e58f21",
+                "sha256:9881f8e6fe23e3db9faa6cfd8c05390213e1d1b95c0162bc50552cad75bffa5f",
-                "sha256:aa7f313fb887c91f15474c1229907a04dac0b8135822d6603437803424c0aa59"
+                "sha256:a8fb8151eb9d12204c9f1784c0da920476077609fa0a70f2468001e3a4258484"
            ],
-            "version": "==2.6.1"
+            "version": "==5.0.1"
        },
        "asgiref": {
            "hashes": [
@ -74,18 +92,18 @@
        },
        "boto3": {
            "hashes": [
-                "sha256:2ab73b0c400ab8c7df84bee7564ef8a0813021da28dd7a05fcbffb77a8ae9de9",
+                "sha256:348cddfd56be6c8b759544f99d20d633cc6a65d346651700ad8ac93a5214c032",
-                "sha256:bb2222fa02fcd09b39e581e532d4f013ea850742d8cd46e9c10a21028b6d2ef5"
+                "sha256:c4ccd1f260660603f965bcc145de87e09dd1229040784fe119cd08caeb00dbe9"
            ],
            "index": "pypi",
-            "version": "==1.14.56"
+            "version": "==1.15.8"
        },
        "botocore": {
            "hashes": [
-                "sha256:37cc3f1013c00dc0f061582198d6b785dadf147bd99307d41c5c0e47debca65c",
+                "sha256:07b399997d8050d3ed1150d4d657b46558999f75246eb5b02cee78b9798b3bd5",
-                "sha256:acd2df778a5e12b2a16ac040ce6e91a6c6f2d7ac67bd4f966472ce5c68b5b62d"
+                "sha256:53a778e6b715ad2ae39bf98e088962e8d524133fb458d83f080964254adc9885"
            ],
-            "version": "==1.17.58"
+            "version": "==1.18.8"
        },
        "cachetools": {
            "hashes": [
@ -96,11 +114,11 @@
        },
        "celery": {
            "hashes": [
-                "sha256:a92e1d56e650781fb747032a3997d16236d037c8199eacd5217d1a72893bca45",
+                "sha256:313930fddde703d8e37029a304bf91429cd11aeef63c57de6daca9d958e1f255",
-                "sha256:d220b13a8ed57c78149acf82c006785356071844afe0b27012a4991d44026f9f"
+                "sha256:72138dc3887f68dc58e1a2397e477256f80f1894c69fa4337f8ed70be460375b"
            ],
            "index": "pypi",
-            "version": "==4.4.7"
+            "version": "==5.0.0"
        },
        "certifi": {
            "hashes": [
@ -111,36 +129,44 @@
        },
        "cffi": {
            "hashes": [
-                "sha256:0da50dcbccd7cb7e6c741ab7912b2eff48e85af217d72b57f80ebc616257125e",
+                "sha256:005f2bfe11b6745d726dbb07ace4d53f057de66e336ff92d61b8c7e9c8f4777d",
-                "sha256:12a453e03124069b6896107ee133ae3ab04c624bb10683e1ed1c1663df17c13c",
+                "sha256:09e96138280241bd355cd585148dec04dbbedb4f46128f340d696eaafc82dd7b",
-                "sha256:15419020b0e812b40d96ec9d369b2bc8109cc3295eac6e013d3261343580cc7e",
+                "sha256:0b1ad452cc824665ddc682400b62c9e4f5b64736a2ba99110712fdee5f2505c4",
-                "sha256:15a5f59a4808f82d8ec7364cbace851df591c2d43bc76bcbe5c4543a7ddd1bf1",
+                "sha256:0ef488305fdce2580c8b2708f22d7785ae222d9825d3094ab073e22e93dfe51f",
-                "sha256:23e44937d7695c27c66a54d793dd4b45889a81b35c0751ba91040fe825ec59c4",
+                "sha256:15f351bed09897fbda218e4db5a3d5c06328862f6198d4fb385f3e14e19decb3",
-                "sha256:29c4688ace466a365b85a51dcc5e3c853c1d283f293dfcc12f7a77e498f160d2",
+                "sha256:22399ff4870fb4c7ef19fff6eeb20a8bbf15571913c181c78cb361024d574579",
-                "sha256:57214fa5430399dffd54f4be37b56fe22cedb2b98862550d43cc085fb698dc2c",
+                "sha256:23e5d2040367322824605bc29ae8ee9175200b92cb5483ac7d466927a9b3d537",
-                "sha256:577791f948d34d569acb2d1add5831731c59d5a0c50a6d9f629ae1cefd9ca4a0",
+                "sha256:2791f68edc5749024b4722500e86303a10d342527e1e3bcac47f35fbd25b764e",
-                "sha256:6539314d84c4d36f28d73adc1b45e9f4ee2a89cdc7e5d2b0a6dbacba31906798",
+                "sha256:2f9674623ca39c9ebe38afa3da402e9326c245f0f5ceff0623dccdac15023e05",
-                "sha256:65867d63f0fd1b500fa343d7798fa64e9e681b594e0a07dc934c13e76ee28fb1",
+                "sha256:3363e77a6176afb8823b6e06db78c46dbc4c7813b00a41300a4873b6ba63b171",
-                "sha256:672b539db20fef6b03d6f7a14b5825d57c98e4026401fce838849f8de73fe4d4",
+                "sha256:33c6cdc071ba5cd6d96769c8969a0531be2d08c2628a0143a10a7dcffa9719ca",
-                "sha256:6843db0343e12e3f52cc58430ad559d850a53684f5b352540ca3f1bc56df0731",
+                "sha256:3b8eaf915ddc0709779889c472e553f0d3e8b7bdf62dab764c8921b09bf94522",
-                "sha256:7057613efefd36cacabbdbcef010e0a9c20a88fc07eb3e616019ea1692fa5df4",
+                "sha256:3cb3e1b9ec43256c4e0f8d2837267a70b0e1ca8c4f456685508ae6106b1f504c",
-                "sha256:76ada88d62eb24de7051c5157a1a78fd853cca9b91c0713c2e973e4196271d0c",
+                "sha256:3eeeb0405fd145e714f7633a5173318bd88d8bbfc3dd0a5751f8c4f70ae629bc",
-                "sha256:837398c2ec00228679513802e3744d1e8e3cb1204aa6ad408b6aff081e99a487",
+                "sha256:44f60519595eaca110f248e5017363d751b12782a6f2bd6a7041cba275215f5d",
-                "sha256:8662aabfeab00cea149a3d1c2999b0731e70c6b5bac596d95d13f643e76d3d4e",
+                "sha256:4d7c26bfc1ea9f92084a1d75e11999e97b62d63128bcc90c3624d07813c52808",
-                "sha256:95e9094162fa712f18b4f60896e34b621df99147c2cee216cfa8f022294e8e9f",
+                "sha256:529c4ed2e10437c205f38f3691a68be66c39197d01062618c55f74294a4a4828",
-                "sha256:99cc66b33c418cd579c0f03b77b94263c305c389cb0c6972dac420f24b3bf123",
+                "sha256:6642f15ad963b5092d65aed022d033c77763515fdc07095208f15d3563003869",
-                "sha256:9b219511d8b64d3fa14261963933be34028ea0e57455baf6781fe399c2c3206c",
+                "sha256:85ba797e1de5b48aa5a8427b6ba62cf69607c18c5d4eb747604b7302f1ec382d",
-                "sha256:ae8f34d50af2c2154035984b8b5fc5d9ed63f32fe615646ab435b05b132ca91b",
+                "sha256:8f0f1e499e4000c4c347a124fa6a27d37608ced4fe9f7d45070563b7c4c370c9",
-                "sha256:b9aa9d8818c2e917fa2c105ad538e222a5bce59777133840b93134022a7ce650",
+                "sha256:a624fae282e81ad2e4871bdb767e2c914d0539708c0f078b5b355258293c98b0",
-                "sha256:bf44a9a0141a082e89c90e8d785b212a872db793a0080c20f6ae6e2a0ebf82ad",
+                "sha256:b0358e6fefc74a16f745afa366acc89f979040e0cbc4eec55ab26ad1f6a9bfbc",
-                "sha256:c0b48b98d79cf795b0916c57bebbc6d16bb43b9fc9b8c9f57f4cf05881904c75",
+                "sha256:bbd2f4dfee1079f76943767fce837ade3087b578aeb9f69aec7857d5bf25db15",
-                "sha256:da9d3c506f43e220336433dffe643fbfa40096d408cb9b7f2477892f369d5f82",
+                "sha256:bf39a9e19ce7298f1bd6a9758fa99707e9e5b1ebe5e90f2c3913a47bc548747c",
-                "sha256:e4082d832e36e7f9b2278bc774886ca8207346b99f278e54c9de4834f17232f7",
+                "sha256:c11579638288e53fc94ad60022ff1b67865363e730ee41ad5e6f0a17188b327a",
-                "sha256:e4b9b7af398c32e408c00eb4e0d33ced2f9121fd9fb978e6c1b57edd014a7d15",
+                "sha256:c150eaa3dadbb2b5339675b88d4573c1be3cb6f2c33a6c83387e10cc0bf05bd3",
-                "sha256:e613514a82539fc48291d01933951a13ae93b6b444a88782480be32245ed4afa",
+                "sha256:c53af463f4a40de78c58b8b2710ade243c81cbca641e34debf3396a9640d6ec1",
-                "sha256:f5033952def24172e60493b68717792e3aebb387a8d186c43c020d9363ee7281"
+                "sha256:cb763ceceae04803adcc4e2d80d611ef201c73da32d8f2722e9d0ab0c7f10768",
                "sha256:cc75f58cdaf043fe6a7a6c04b3b5a0e694c6a9e24050967747251fb80d7bce0d",
                "sha256:d80998ed59176e8cba74028762fbd9b9153b9afc71ea118e63bbf5d4d0f9552b",
                "sha256:de31b5164d44ef4943db155b3e8e17929707cac1e5bd2f363e67a56e3af4af6e",
                "sha256:e66399cf0fc07de4dce4f588fc25bfe84a6d1285cc544e67987d22663393926d",
                "sha256:f0620511387790860b249b9241c2f13c3a80e21a73e0b861a2df24e9d6f56730",
                "sha256:f4eae045e6ab2bb54ca279733fe4eb85f1effda392666308250714e01907f394",
                "sha256:f92cdecb618e5fa4658aeb97d5eb3d2f47aa94ac6477c6daf0f306c5a3b9e6b1",
                "sha256:f92f789e4f9241cd262ad7a555ca2c648a98178a953af117ef7fad46aa1d5591"
            ],
-            "version": "==1.14.2"
+            "version": "==1.14.3"
        },
        "channels": {
            "hashes": [
@ -172,6 +198,19 @@
            ],
            "version": "==7.1.2"
        },
        "click-didyoumean": {
            "hashes": [
                "sha256:112229485c9704ff51362fe34b2d4f0b12fc71cc20f6d2b3afabed4b8bfa6aeb"
            ],
            "version": "==0.0.3"
        },
        "click-repl": {
            "hashes": [
                "sha256:9c4c3d022789cae912aad8a3f5e1d7c2cdd016ee1225b5212ad3e8691563cda5",
                "sha256:b9f29d52abc4d6059f8e276132a111ab8d94980afe6a5432b9d996544afa95d5"
            ],
            "version": "==0.1.6"
        },
        "constantly": {
            "hashes": [
                "sha256:586372eb92059873e29eba4f9dec8381541b4d3834660707faf8ba59146dfc35",
@ -265,11 +304,11 @@
        },
        "django-filter": {
            "hashes": [
-                "sha256:11e63dd759835d9ba7a763926ffb2662cf8a6dcb4c7971a95064de34dbc7e5af",
+                "sha256:84e9d5bb93f237e451db814ed422a3a625751cbc9968b484ecc74964a8696b06",
-                "sha256:616848eab6fc50193a1b3730140c49b60c57a3eda1f7fc57fa8505ac156c6c75"
+                "sha256:e00d32cebdb3d54273c48f4f878f898dced8d5dfaad009438fe61ebdf535ace1"
            ],
            "index": "pypi",
-            "version": "==2.3.0"
+            "version": "==2.4.0"
        },
        "django-guardian": {
            "hashes": [
@ -318,26 +357,20 @@
            "index": "pypi",
            "version": "==4.12.1"
        },
        "django-rest-framework": {
            "hashes": [
                "sha256:47a8f496fa69e3b6bd79f68dd7a1527d907d6b77f009e9db7cf9bb21cc565e4a"
            ],
            "index": "pypi",
            "version": "==0.1.0"
        },
        "django-storages": {
            "hashes": [
-                "sha256:1e37da57678e6cf1e9914f84099a305323e4e1f261afe54fdb703cae7aa6fbc3",
+                "sha256:12de8fb2605b9b57bfaf54b075280d7cbb3b3ee1ca4bc9b9add147af87fe3a2c",
-                "sha256:36ed8dab33d761954498189592ce005920095fcbc02dab4184eb51393c370991"
+                "sha256:652275ab7844538c462b62810276c0244866f345878256a9e0e86f5b1283ae18"
            ],
            "index": "pypi",
-            "version": "==1.10"
+            "version": "==1.10.1"
        },
        "djangorestframework": {
            "hashes": [
                "sha256:6dd02d5a4bd2516fb93f80360673bf540c3b6641fec8766b1da2870a5aa00b32",
                "sha256:8b1ac62c581dbc5799b03e535854b92fc4053ecfe74bad3f9c05782063d4196b"
            ],
            "index": "pypi",
            "version": "==3.11.1"
        },
        "djangorestframework-guardian": {
@ -348,14 +381,6 @@
            "index": "pypi",
            "version": "==0.3.0"
        },
        "docutils": {
            "hashes": [
                "sha256:6c4f696463b79f1fb8ba0c594b63840ebd41f059e92b31957c46b74a4599b6d0",
                "sha256:9e4d7ecfc600058e07ba661411a2b7de2fd0fafa17d1a7f7361cd47b1175c827",
                "sha256:a2aeea129088da402665e92e0b25b04b073c04b2dce4ab65caaa38b7ce2e1a99"
            ],
            "version": "==0.15.2"
        },
        "drf-yasg": {
            "hashes": [
                "sha256:5572e9d5baab9f6b49318169df9789f7399d0e3c7bdac8fdb8dfccf1d5d2b1ca",
@ -387,10 +412,10 @@
        },
        "google-auth": {
            "hashes": [
-                "sha256:bcbd9f970e7144fe933908aa286d7a12c44b7deb6d78a76871f0377a29d09789",
+                "sha256:a73e6fb6d232ed1293ef9a5301e6f8aada7880d19c65d7f63e130dc50ec05593",
-                "sha256:f4d5093f13b1b1c0a434ab1dc851cd26a983f86a4d75c95239974e33ed406a87"
+                "sha256:e86e72142d939a8d90a772947268aacc127ab7a1d1d6f3e0fecca7a8d74d8257"
            ],
-            "version": "==1.21.1"
+            "version": "==1.22.0"
        },
        "gunicorn": {
            "hashes": [
@ -402,10 +427,10 @@
        },
        "h11": {
            "hashes": [
-                "sha256:33d4bca7be0fa039f4e84d50ab00531047e53d6ee8ffbc83501ea602c169cae1",
+                "sha256:311dc5478c2568cc07262e0381cdfc5b9c6ba19775905736c87e81ae6662b9fd",
-                "sha256:4bc6d6a1238b7615b266ada57e0618568066f57dd6fa967d1290ec9309b2f2f1"
+                "sha256:9eecfbafc980976dbff26a01dd3487644dd5d00f8038584451fc64a660f7c502"
            ],
-            "version": "==0.9.0"
+            "version": "==0.10.0"
        },
        "hiredis": {
            "hashes": [
@ -458,24 +483,6 @@
            ],
            "version": "==1.1.0"
        },
        "httptools": {
            "hashes": [
                "sha256:0a4b1b2012b28e68306575ad14ad5e9120b34fccd02a81eb08838d7e3bbb48be",
                "sha256:3592e854424ec94bd17dc3e0c96a64e459ec4147e6d53c0a42d0ebcef9cb9c5d",
                "sha256:41b573cf33f64a8f8f3400d0a7faf48e1888582b6f6e02b82b9bd4f0bf7497ce",
                "sha256:56b6393c6ac7abe632f2294da53f30d279130a92e8ae39d8d14ee2e1b05ad1f2",
                "sha256:86c6acd66765a934e8730bf0e9dfaac6fdcf2a4334212bd4a0a1c78f16475ca6",
                "sha256:96da81e1992be8ac2fd5597bf0283d832287e20cb3cfde8996d2b00356d4e17f",
                "sha256:96eb359252aeed57ea5c7b3d79839aaa0382c9d3149f7d24dd7172b1bcecb009",
                "sha256:a2719e1d7a84bb131c4f1e0cb79705034b48de6ae486eb5297a139d6a3296dce",
                "sha256:ac0aa11e99454b6a66989aa2d44bca41d4e0f968e395a0a8f164b401fefe359a",
                "sha256:bc3114b9edbca5a1eb7ae7db698c669eb53eb8afbbebdde116c174925260849c",
                "sha256:fa3cd71e31436911a44620473e873a256851e1f53dee56669dae403ba41756a4",
                "sha256:fea04e126014169384dee76a153d4573d90d0cbd1d12185da089f73c78390437"
            ],
            "markers": "sys_platform != 'win32' and sys_platform != 'cygwin' and platform_python_implementation != 'PyPy'",
            "version": "==0.1.1"
        },
        "hyperlink": {
            "hashes": [
                "sha256:47fcc7cd339c6cb2444463ec3277bdcfe142c8b1daf2160bdd52248deec815af",
@ -534,10 +541,10 @@
        },
        "kombu": {
            "hashes": [
-                "sha256:be48cdffb54a2194d93ad6533d73f69408486483d189fe9f5990ee24255b0e0a",
+                "sha256:6dc509178ac4269b0e66ab4881f70a2035c33d3a622e20585f965986a5182006",
-                "sha256:ca1b45faac8c0b18493d02a8571792f3c40291cf2bcf1f55afed3d8f3aa7ba74"
+                "sha256:f4965fba0a4718d47d470beeb5d6446e3357a62402b16c510b6a2f251e05ac3c"
            ],
-            "version": "==4.6.11"
+            "version": "==5.0.2"
        },
        "kubernetes": {
            "hashes": [
@ -653,6 +660,28 @@
            ],
            "version": "==1.0.0"
        },
        "multidict": {
            "hashes": [
                "sha256:1ece5a3369835c20ed57adadc663400b5525904e53bae59ec854a5d36b39b21a",
                "sha256:275ca32383bc5d1894b6975bb4ca6a7ff16ab76fa622967625baeebcf8079000",
                "sha256:3750f2205b800aac4bb03b5ae48025a64e474d2c6cc79547988ba1d4122a09e2",
                "sha256:4538273208e7294b2659b1602490f4ed3ab1c8cf9dbdd817e0e9db8e64be2507",
                "sha256:5141c13374e6b25fe6bf092052ab55c0c03d21bd66c94a0e3ae371d3e4d865a5",
                "sha256:51a4d210404ac61d32dada00a50ea7ba412e6ea945bbe992e4d7a595276d2ec7",
                "sha256:5cf311a0f5ef80fe73e4f4c0f0998ec08f954a6ec72b746f3c179e37de1d210d",
                "sha256:6513728873f4326999429a8b00fc7ceddb2509b01d5fd3f3be7881a257b8d463",
                "sha256:7388d2ef3c55a8ba80da62ecfafa06a1c097c18032a501ffd4cabbc52d7f2b19",
                "sha256:9456e90649005ad40558f4cf51dbb842e32807df75146c6d940b6f5abb4a78f3",
                "sha256:c026fe9a05130e44157b98fea3ab12969e5b60691a276150db9eda71710cd10b",
                "sha256:d14842362ed4cf63751648e7672f7174c9818459d169231d03c56e84daf90b7c",
                "sha256:e0d072ae0f2a179c375f67e3da300b47e1a83293c554450b29c900e50afaae87",
                "sha256:f07acae137b71af3bb548bd8da720956a3bc9f9a0b87733e0899226a2317aeb7",
                "sha256:fbb77a75e529021e7c4a8d4e823d88ef4d23674a202be4f5addffc72cbb91430",
                "sha256:fcfbb44c59af3f8ea984de67ec7c306f618a3ec771c2843804069917a8f2e255",
                "sha256:feed85993dbdb1dbc29102f50bca65bdc68f2c0c8d352468c25b54874f23c39d"
            ],
            "version": "==4.7.6"
        },
        "oauthlib": {
            "hashes": [
                "sha256:bee41cc35fcca6e988463cacc3bcb8a96224f470ca547e697b604cc697b2f889",
@ -675,6 +704,13 @@
            ],
            "version": "==0.8.0"
        },
        "prompt-toolkit": {
            "hashes": [
                "sha256:822f4605f28f7d2ba6b0b09a31e25e140871e96364d1d377667b547bb3bf4489",
                "sha256:83074ee28ad4ba6af190593d4d4c607ff525272a504eb159199b6dd9f950c950"
            ],
            "version": "==3.0.7"
        },
        "psycopg2-binary": {
            "hashes": [
                "sha256:0deac2af1a587ae12836aa07970f5cb91964f05a7c6cdb69d8425ff4c15d4e2c",
@ -749,20 +785,25 @@
                "sha256:54bdedd28476dea8a3cd86cb67c0df1f0e3d71cae8022354b0f879c41a3d27b2",
                "sha256:55eb61aca2c883db770999f50d091ff7c14016f2769ad7bca3d9b75d1d7c1b68",
                "sha256:6276478ada411aca97c0d5104916354b3d740d368407912722bd4d11aa9ee4c2",
                "sha256:663f8de2b3df2e744d6e1610506e0ea4e213bde906795953c1e82279c169f0a7",
                "sha256:67dcad1b8b201308586a8ca2ffe89df1e4f731d5a4cdd0610cc4ea790351c739",
                "sha256:709b9f144d23e290b9863121d1ace14a72e01f66ea9c903fbdc690520dfdfcf0",
                "sha256:8063a712fba642f78d3c506b0896846601b6de7f5c3d534e388ad0cc07f5a149",
                "sha256:80d57177a0b7c14d4594c62bbb47fe2f6309ad3b0a34348a291d570925c97a82",
                "sha256:87006cf0d81505408f1ae4f55cf8a5d95a8e029a4793360720ae17c6500f7ecc",
                "sha256:9f62d21bc693f3d7d444f17ed2ad7a913b4c37c15cd807895d013c39c0517dfd",
                "sha256:a207231a52426de3ff20f5608f0687261a3329d97a036c51f7d4c606a6f30c23",
                "sha256:abc2e126c9490e58a36a0f83516479e781d83adfb134576a5cbe5c6af2a3e93c",
                "sha256:b56638d58a3a4be13229c6a815cd448f9e3ce40c00880a5398471b42ee86f50e",
                "sha256:bcd5b8416e73e4b0d48afba3704d8c826414764dafaed7a1a93c442188d90ccc",
                "sha256:bec2bcdf7c9ce7f04d718e51887f3b05dc5c1cfaf5d2c2e9065ecddd1b2f6c9a",
                "sha256:c8bf40cf6e281a4378e25846924327e728a887e8bf0ee83b2604a0f4b61692e8",
                "sha256:cecbf67e81d6144a50dc615629772859463b2e4f815d0c082fa421db362f040e",
                "sha256:d8074c8448cfd0705dfa71ca333277fce9786d0b9cac75d120545de6253f996a",
                "sha256:dd302b6ae3965afeb5ef1b0d92486f986c0e65183cd7835973f0b593800590e6",
                "sha256:de6e1cd75677423ff64712c337521e62e3a7a4fc84caabbd93207752e831a85a",
                "sha256:ef39c98d9b8c0736d91937d193653e47c3b19ddf4fc3bccdc5e09aaa4b0c5d21",
                "sha256:f2e045224074d5664dc9cbabbf4f4d4d46f1ee90f24780e3a9a668fd096ff17f",
                "sha256:f521178e5a991ffd04182ed08f552daca1affcb826aeda0e1945cd989a9d4345",
                "sha256:f78a68c2c820e4731e510a2df3eef0322f24fde1781ced970bf497b6c7d92982",
                "sha256:fbe65d5cfe04ff2f7684160d50f5118bdefb01e3af4718eeb618bfed40f19d94"
@ -779,12 +820,14 @@
                "sha256:2275a663c9e744ee4eace816ef2d446b3060554c5773a92fbc79b05bf47debda",
                "sha256:2710fc8d83b3352b370db932b3710033b9d630b970ff5aaa3e7458b5336e3b32",
                "sha256:35b9c9177a9fe7288b19dd41554c9c8ca1063deb426dd5a02e7e2a7416b6bd11",
                "sha256:3b23d63030819b7d9ac7db9360305fd1241e6870ca5b7e8d59fee4db4674a490",
                "sha256:3caa32cf807422adf33c10c88c22e9e2e08b9d9d042f12e1e25fe23113dd618f",
                "sha256:48cc2cfc251f04a6142badeb666d1ff49ca6fdfc303fd72579f62b768aaa52b9",
                "sha256:4ae6379350a09339109e9b6f419bb2c3f03d3e441f4b0f5b8ca699d47cc9ff7e",
                "sha256:4e0b27697fa1621c6d3d3b4edeec723c2e841285de6a8d378c1962da77b349be",
                "sha256:58e19560814dabf5d788b95a13f6b98279cf41a49b1e49ee6cf6c79a57adb4c9",
                "sha256:8044eae59301dd392fbb4a7c5d64e1aea8ef0be2540549807ecbe703d6233d68",
                "sha256:85c108b42e47d4073344ff61d4e019f1d95bb7725ca0fe87d0a2deb237c10e49",
                "sha256:89be1bf55e50116fe7e493a7c0c483099770dd7f81b87ac8d04a43b1a203e259",
                "sha256:8fcdda24dddf47f716400d54fc7f75cadaaba1dd47cc127e59d752c9c0fc3c48",
                "sha256:914fbb18e29c54585e6aa39d300385f90d0fa3b3cc02ed829b08f95c1acf60c2",
@ -794,13 +837,16 @@
                "sha256:a2ee8ba99d33e1a434fcd27d7d0aa7964163efeee0730fe2efc9d60edae1fc71",
                "sha256:b2d756620078570d3f940c84bc94dd30aa362b795cce8b2723300a8800b87f1c",
                "sha256:c0d085c8187a1e4d3402f626c9e438b5861151ab132d8761d9c5ce6491a87761",
                "sha256:c315262e26d54a9684e323e37ac9254f481d57fcc4fd94002992460898ef5c04",
                "sha256:c990f2c58f7c67688e9e86e6557ed05952669ff6f1343e77b459007d85f7df00",
                "sha256:ccbbec59bf4b74226170c54476da5780c9176bae084878fc94d9a2c841218e34",
                "sha256:dc2bed32c7b138f1331794e454a953360c8cedf3ee62ae31f063822da6007489",
                "sha256:ddb1ae2891c8cb83a25da87a3e00111a9654fc5f0b70f18879c41aece45d6182",
                "sha256:e070a1f91202ed34c396be5ea842b886f6fa2b90d2db437dc9fb35a26c80c060",
                "sha256:e42860fbe1292668b682f6dabd225fbe2a7a4fa1632f0c39881c019e93dea594",
                "sha256:e4e1c486bf226822c8dceac81d0ec59c0a2399dbd1b9e04f03c3efa3605db677",
                "sha256:ea4d4b58f9bc34e224ef4b4604a6be03d72ef1f8c486391f970205f6733dbc46",
                "sha256:f5bd6891380e0fb5467251daf22525644fdf6afd9ae8bc2fe065c78ea1882e0d",
                "sha256:f60b3484ce4be04f5da3777c51c5140d3fe21cdd6674f2b6568f41c8130bcdeb"
            ],
            "version": "==3.9.8"
@ -835,9 +881,9 @@
        },
        "pyrsistent": {
            "hashes": [
-                "sha256:27515d2d5db0629c7dadf6fbe76973eb56f098c1b01d36de42eb69220d2c19e4"
+                "sha256:2e636185d9eb976a18a8a8e96efce62f2905fea90041958d8cc2a189756ebf3e"
            ],
-            "version": "==0.17.2"
+            "version": "==0.17.3"
        },
        "python-dateutil": {
            "hashes": [
@ -952,11 +998,11 @@
        },
        "sentry-sdk": {
            "hashes": [
-                "sha256:97bff68e57402ad39674e6fe2545df0d5eea41c3d51e280c170761705c8c20ff",
+                "sha256:1d91a0059d2d8bb980bec169578035c2f2d4b93cd8a4fb5b85c81904d33e221a",
-                "sha256:a16caf9ce892623081cbb9a95f6c1f892778bb123909b0ed7afdfb52ce7a58a1"
+                "sha256:6222cf623e404c3e62b8e0e81c6db866ac2d12a663b7c1f7963350e3f397522a"
            ],
            "index": "pypi",
-            "version": "==0.17.4"
+            "version": "==0.18.0"
        },
        "service-identity": {
            "hashes": [
@ -1063,33 +1109,25 @@
        },
        "uvicorn": {
            "hashes": [
-                "sha256:46a83e371f37ea7ff29577d00015f02c942410288fb57def6440f2653fff1d26",
+                "sha256:9a8f3501d977dedf77a540a0ec3cfadf409fe48eafca2c100d45d843ac62bc7b",
-                "sha256:4b70ddb4c1946e39db9f3082d53e323dfd50634b95fd83625d778729ef1730ef"
+                "sha256:fbe9d1b764bc1f4599e1f150a0974feea0fd6380bec889c0d907ebd0a2e896a7"
            ],
            "index": "pypi",
-            "version": "==0.11.8"
+            "version": "==0.12.0"
        },
        "uvloop": {
            "hashes": [
                "sha256:08b109f0213af392150e2fe6f81d33261bb5ce968a288eb698aad4f46eb711bd",
                "sha256:123ac9c0c7dd71464f58f1b4ee0bbd81285d96cdda8bc3519281b8973e3a461e",
                "sha256:4315d2ec3ca393dd5bc0b0089d23101276778c304d42faff5dc4579cb6caef09",
                "sha256:4544dcf77d74f3a84f03dd6278174575c44c67d7165d4c42c71db3fdc3860726",
                "sha256:afd5513c0ae414ec71d24f6f123614a80f3d27ca655a4fcf6cabe50994cc1891",
                "sha256:b4f591aa4b3fa7f32fb51e2ee9fea1b495eb75b0b3c8d0ca52514ad675ae63f7",
                "sha256:bcac356d62edd330080aed082e78d4b580ff260a677508718f88016333e2c9c5",
                "sha256:e7514d7a48c063226b7d06617cbb12a14278d4323a065a8d46a7962686ce2e95",
                "sha256:f07909cd9fc08c52d294b1570bba92186181ca01fe3dc9ffba68955273dd7362"
            ],
            "markers": "sys_platform != 'win32' and sys_platform != 'cygwin' and platform_python_implementation != 'PyPy'",
            "version": "==0.14.0"
        },
        "vine": {
            "hashes": [
-                "sha256:133ee6d7a9016f177ddeaf191c1f58421a1dcc6ee9a42c58b34bed40e1d2cd87",
+                "sha256:4c9dceab6f76ed92105027c49c823800dd33cacce13bdedc5b914e3514b7fb30",
-                "sha256:ea4947cc56d1fd6f2095c8d543ee25dad966f78692528e68b4fada11ba3f98af"
+                "sha256:7d3b1624a953da82ef63462013bbd271d3eb75751489f9807598e8f340bd637e"
            ],
-            "version": "==1.3.0"
+            "version": "==5.0.0"
        },
        "wcwidth": {
            "hashes": [
                "sha256:beb4802a9cebb9144e99086eff703a642a13d6a0052920003a230f3294bbe784",
                "sha256:c4d647b99872929fdb7bdcaa4fbe7f01413ed3d98077df798530e5b04f116c83"
            ],
            "version": "==0.2.5"
        },
        "websocket-client": {
            "hashes": [
@ -1098,32 +1136,27 @@
            ],
            "version": "==0.57.0"
        },
-        "websockets": {
+        "yarl": {
            "hashes": [
-                "sha256:0e4fb4de42701340bd2353bb2eee45314651caa6ccee80dbd5f5d5978888fed5",
+                "sha256:04a54f126a0732af75e5edc9addeaa2113e2ca7c6fce8974a63549a70a25e50e",
-                "sha256:1d3f1bf059d04a4e0eb4985a887d49195e15ebabc42364f4eb564b1d065793f5",
+                "sha256:3cc860d72ed989f3b1f3abbd6ecf38e412de722fb38b8f1b1a086315cf0d69c5",
-                "sha256:20891f0dddade307ffddf593c733a3fdb6b83e6f9eef85908113e628fa5a8308",
+                "sha256:5d84cc36981eb5a8533be79d6c43454c8e6a39ee3118ceaadbd3c029ab2ee580",
-                "sha256:295359a2cc78736737dd88c343cd0747546b2174b5e1adc223824bcaf3e164cb",
+                "sha256:5e447e7f3780f44f890360ea973418025e8c0cdcd7d6a1b221d952600fd945dc",
-                "sha256:2db62a9142e88535038a6bcfea70ef9447696ea77891aebb730a333a51ed559a",
+                "sha256:61d3ea3c175fe45f1498af868879c6ffeb989d4143ac542163c45538ba5ec21b",
-                "sha256:3762791ab8b38948f0c4d281c8b2ddfa99b7e510e46bd8dfa942a5fff621068c",
+                "sha256:67c5ea0970da882eaf9efcf65b66792557c526f8e55f752194eff8ec722c75c2",
-                "sha256:3db87421956f1b0779a7564915875ba774295cc86e81bc671631379371af1170",
+                "sha256:6f6898429ec3c4cfbef12907047136fd7b9e81a6ee9f105b45505e633427330a",
-                "sha256:3ef56fcc7b1ff90de46ccd5a687bbd13a3180132268c4254fc0fa44ecf4fc422",
+                "sha256:7ce35944e8e61927a8f4eb78f5bc5d1e6da6d40eadd77e3f79d4e9399e263921",
-                "sha256:4f9f7d28ce1d8f1295717c2c25b732c2bc0645db3215cf757551c392177d7cb8",
+                "sha256:b7c199d2cbaf892ba0f91ed36d12ff41ecd0dde46cbf64ff4bfe997a3ebc925e",
-                "sha256:5c01fd846263a75bc8a2b9542606927cfad57e7282965d96b93c387622487485",
+                "sha256:c15d71a640fb1f8e98a1423f9c64d7f1f6a3a168f803042eaf3a5b5022fde0c1",
-                "sha256:5c65d2da8c6bce0fca2528f69f44b2f977e06954c8512a952222cea50dad430f",
+                "sha256:c22607421f49c0cb6ff3ed593a49b6a99c6ffdeaaa6c944cdda83c2393c8864d",
-                "sha256:751a556205d8245ff94aeef23546a1113b1dd4f6e4d102ded66c39b99c2ce6c8",
+                "sha256:c604998ab8115db802cc55cb1b91619b2831a6128a62ca7eea577fc8ea4d3131",
-                "sha256:7ff46d441db78241f4c6c27b3868c9ae71473fe03341340d2dfdbe8d79310acc",
+                "sha256:d088ea9319e49273f25b1c96a3763bf19a882cff774d1792ae6fba34bd40550a",
-                "sha256:965889d9f0e2a75edd81a07592d0ced54daa5b0785f57dc429c378edbcffe779",
+                "sha256:db9eb8307219d7e09b33bcb43287222ef35cbcf1586ba9472b0a4b833666ada1",
-                "sha256:9b248ba3dd8a03b1a10b19efe7d4f7fa41d158fdaa95e2cf65af5a7b95a4f989",
+                "sha256:e31fef4e7b68184545c3d68baec7074532e077bd1906b040ecfba659737df188",
-                "sha256:9bef37ee224e104a413f0780e29adb3e514a5b698aabe0d969a6ba426b8435d1",
+                "sha256:e32f0fb443afcfe7f01f95172b66f279938fbc6bdaebe294b0ff6747fb6db020",
-                "sha256:c1ec8db4fac31850286b7cd3b9c0e1b944204668b8eb721674916d4e28744092",
+                "sha256:fcbe419805c9b20db9a51d33b942feddbf6e7fb468cb20686fd7089d4164c12a"
                "sha256:c8a116feafdb1f84607cb3b14aa1418424ae71fee131642fc568d21423b51824",
                "sha256:ce85b06a10fc65e6143518b96d3dca27b081a740bae261c2fb20375801a9d56d",
                "sha256:d705f8aeecdf3262379644e4b55107a3b55860eb812b673b28d0fbc347a60c55",
                "sha256:e898a0863421650f0bebac8ba40840fc02258ef4714cb7e1fd76b6a6354bda36",
                "sha256:f8a7bff6e8664afc4e6c28b983845c5bc14965030e3fb98789734d416af77c4b"
            ],
-            "version": "==8.1"
+            "version": "==1.6.0"
        },
        "zope.interface": {
            "hashes": [
@ -1269,43 +1302,43 @@
        },
        "coverage": {
            "hashes": [
-                "sha256:098a703d913be6fbd146a8c50cc76513d726b022d170e5e98dc56d958fd592fb",
+                "sha256:0203acd33d2298e19b57451ebb0bed0ab0c602e5cf5a818591b4918b1f97d516",
-                "sha256:16042dc7f8e632e0dcd5206a5095ebd18cb1d005f4c89694f7f8aafd96dd43a3",
+                "sha256:0f313707cdecd5cd3e217fc68c78a960b616604b559e9ea60cc16795c4304259",
-                "sha256:1adb6be0dcef0cf9434619d3b892772fdb48e793300f9d762e480e043bd8e716",
+                "sha256:1c6703094c81fa55b816f5ae542c6ffc625fec769f22b053adb42ad712d086c9",
-                "sha256:27ca5a2bc04d68f0776f2cdcb8bbd508bbe430a7bf9c02315cd05fb1d86d0034",
+                "sha256:1d44bb3a652fed01f1f2c10d5477956116e9b391320c94d36c6bf13b088a1097",
-                "sha256:28f42dc5172ebdc32622a2c3f7ead1b836cdbf253569ae5673f499e35db0bac3",
+                "sha256:280baa8ec489c4f542f8940f9c4c2181f0306a8ee1a54eceba071a449fb870a0",
-                "sha256:2fcc8b58953d74d199a1a4d633df8146f0ac36c4e720b4a1997e9b6327af43a8",
+                "sha256:29a6272fec10623fcbe158fdf9abc7a5fa032048ac1d8631f14b50fbfc10d17f",
-                "sha256:304fbe451698373dc6653772c72c5d5e883a4aadaf20343592a7abb2e643dae0",
+                "sha256:2b31f46bf7b31e6aa690d4c7a3d51bb262438c6dcb0d528adde446531d0d3bb7",
-                "sha256:30bc103587e0d3df9e52cd9da1dd915265a22fad0b72afe54daf840c984b564f",
+                "sha256:2d43af2be93ffbad25dd959899b5b809618a496926146ce98ee0b23683f8c51c",
-                "sha256:40f70f81be4d34f8d491e55936904db5c527b0711b2a46513641a5729783c2e4",
+                "sha256:381ead10b9b9af5f64646cd27107fb27b614ee7040bb1226f9c07ba96625cbb5",
-                "sha256:4186fc95c9febeab5681bc3248553d5ec8c2999b8424d4fc3a39c9cba5796962",
+                "sha256:47a11bdbd8ada9b7ee628596f9d97fbd3851bd9999d398e9436bd67376dbece7",
-                "sha256:46794c815e56f1431c66d81943fa90721bb858375fb36e5903697d5eef88627d",
+                "sha256:4d6a42744139a7fa5b46a264874a781e8694bb32f1d76d8137b68138686f1729",
-                "sha256:4869ab1c1ed33953bb2433ce7b894a28d724b7aa76c19b11e2878034a4e4680b",
+                "sha256:50691e744714856f03a86df3e2bff847c2acede4c191f9a1da38f088df342978",
-                "sha256:4f6428b55d2916a69f8d6453e48a505c07b2245653b0aa9f0dee38785939f5e4",
+                "sha256:530cc8aaf11cc2ac7430f3614b04645662ef20c348dce4167c22d99bec3480e9",
-                "sha256:52f185ffd3291196dc1aae506b42e178a592b0b60a8610b108e6ad892cfc1bb3",
+                "sha256:582ddfbe712025448206a5bc45855d16c2e491c2dd102ee9a2841418ac1c629f",
-                "sha256:538f2fd5eb64366f37c97fdb3077d665fa946d2b6d95447622292f38407f9258",
+                "sha256:63808c30b41f3bbf65e29f7280bf793c79f54fb807057de7e5238ffc7cc4d7b9",
-                "sha256:64c4f340338c68c463f1b56e3f2f0423f7b17ba6c3febae80b81f0e093077f59",
+                "sha256:71b69bd716698fa62cd97137d6f2fdf49f534decb23a2c6fc80813e8b7be6822",
-                "sha256:675192fca634f0df69af3493a48224f211f8db4e84452b08d5fcebb9167adb01",
+                "sha256:7858847f2d84bf6e64c7f66498e851c54de8ea06a6f96a32a1d192d846734418",
-                "sha256:700997b77cfab016533b3e7dbc03b71d33ee4df1d79f2463a318ca0263fc29dd",
+                "sha256:78e93cc3571fd928a39c0b26767c986188a4118edc67bc0695bc7a284da22e82",
-                "sha256:8505e614c983834239f865da2dd336dcf9d72776b951d5dfa5ac36b987726e1b",
+                "sha256:7f43286f13d91a34fadf61ae252a51a130223c52bfefb50310d5b2deb062cf0f",
-                "sha256:962c44070c281d86398aeb8f64e1bf37816a4dfc6f4c0f114756b14fc575621d",
+                "sha256:86e9f8cd4b0cdd57b4ae71a9c186717daa4c5a99f3238a8723f416256e0b064d",
-                "sha256:9e536783a5acee79a9b308be97d3952b662748c4037b6a24cbb339dc7ed8eb89",
+                "sha256:8f264ba2701b8c9f815b272ad568d555ef98dfe1576802ab3149c3629a9f2221",
-                "sha256:9ea749fd447ce7fb1ac71f7616371f04054d969d412d37611716721931e36efd",
+                "sha256:9342dd70a1e151684727c9c91ea003b2fb33523bf19385d4554f7897ca0141d4",
-                "sha256:a34cb28e0747ea15e82d13e14de606747e9e484fb28d63c999483f5d5188e89b",
+                "sha256:9361de40701666b034c59ad9e317bae95c973b9ff92513dd0eced11c6adf2e21",
-                "sha256:a3ee9c793ffefe2944d3a2bd928a0e436cd0ac2d9e3723152d6fd5398838ce7d",
+                "sha256:9669179786254a2e7e57f0ecf224e978471491d660aaca833f845b72a2df3709",
-                "sha256:aab75d99f3f2874733946a7648ce87a50019eb90baef931698f96b76b6769a46",
+                "sha256:aac1ba0a253e17889550ddb1b60a2063f7474155465577caa2a3b131224cfd54",
-                "sha256:b1ed2bdb27b4c9fc87058a1cb751c4df8752002143ed393899edb82b131e0546",
+                "sha256:aef72eae10b5e3116bac6957de1df4d75909fc76d1499a53fb6387434b6bcd8d",
-                "sha256:b360d8fd88d2bad01cb953d81fd2edd4be539df7bfec41e8753fe9f4456a5082",
+                "sha256:bd3166bb3b111e76a4f8e2980fa1addf2920a4ca9b2b8ca36a3bc3dedc618270",
-                "sha256:b8f58c7db64d8f27078cbf2a4391af6aa4e4767cc08b37555c4ae064b8558d9b",
+                "sha256:c1b78fb9700fc961f53386ad2fd86d87091e06ede5d118b8a50dea285a071c24",
-                "sha256:c1bbb628ed5192124889b51204de27c575b3ffc05a5a91307e7640eff1d48da4",
+                "sha256:c3888a051226e676e383de03bf49eb633cd39fc829516e5334e69b8d81aae751",
-                "sha256:c2ff24df02a125b7b346c4c9078c8936da06964cc2d276292c357d64378158f8",
+                "sha256:c5f17ad25d2c1286436761b462e22b5020d83316f8e8fcb5deb2b3151f8f1d3a",
-                "sha256:c890728a93fffd0407d7d37c1e6083ff3f9f211c83b4316fae3778417eab9811",
+                "sha256:c851b35fc078389bc16b915a0a7c1d5923e12e2c5aeec58c52f4aa8085ac8237",
-                "sha256:c96472b8ca5dc135fb0aa62f79b033f02aa434fb03a8b190600a5ae4102df1fd",
+                "sha256:cb7df71de0af56000115eafd000b867d1261f786b5eebd88a0ca6360cccfaca7",
-                "sha256:ce7866f29d3025b5b34c2e944e66ebef0d92e4a4f2463f7266daa03a1332a651",
+                "sha256:cedb2f9e1f990918ea061f28a0f0077a07702e3819602d3507e2ff98c8d20636",
-                "sha256:e26c993bd4b220429d4ec8c1468eca445a4064a61c74ca08da7429af9bc53bb0"
+                "sha256:e8caf961e1b1a945db76f1b5fa9c91498d15f545ac0ababbe575cfab185d3bd8"
            ],
            "index": "pypi",
-            "version": "==5.2.1"
+            "version": "==5.3"
        },
        "django": {
            "hashes": [
@ -1317,11 +1350,11 @@
        },
        "django-debug-toolbar": {
            "hashes": [
-                "sha256:eabbefe89881bbe4ca7c980ff102e3c35c8e8ad6eb725041f538988f2f39a943",
+                "sha256:a1ce0665f7ef47d27b8df4b5d1058748e1f08500a01421a30d35164f38aaaf4c",
-                "sha256:ff94725e7aae74b133d0599b9bf89bd4eb8f5d2c964106e61d11750228c8774c"
+                "sha256:c97921a9cd421d392e7860dc4b464db8e06c8628df4dc58fedab012888c293c6"
            ],
            "index": "pypi",
-            "version": "==2.2"
+            "version": "==3.1.1"
        },
        "docker": {
            "hashes": [
@ -1373,6 +1406,13 @@
            ],
            "version": "==2.10"
        },
        "iniconfig": {
            "hashes": [
                "sha256:80cf40c597eb564e86346103f609d74efce0f6b4d4f30ec8ce9e2c26411ba437",
                "sha256:e5f92f89355a67de0595932a6c6c02ab4afddc6fcdc0bfc5becd0d60884d3f69"
            ],
            "version": "==1.0.1"
        },
        "isort": {
            "hashes": [
                "sha256:54da7e92468955c4fceacd0c86bd0ec997b0e1ee80d97f67c35a78b719dccab1",
@ -1413,6 +1453,14 @@
            ],
            "version": "==0.6.1"
        },
        "packaging": {
            "hashes": [
                "sha256:4357f74f47b9c12db93624a82154e9b120fa8293699949152b22065d556079f8",
                "sha256:998416ba6962ae7fbd6596850b80e17859a5753ba17c32284f67bfff33784181"
            ],
            "index": "pypi",
            "version": "==20.4"
        },
        "pathspec": {
            "hashes": [
                "sha256:7d91249d21749788d07a2d0f94147accd8f845507400749ea19c1ec9054a12b0",
@ -1434,6 +1482,13 @@
            ],
            "version": "==0.10.0"
        },
        "pluggy": {
            "hashes": [
                "sha256:15b2acde666561e1298d71b523007ed7364de07029219b604cf808bfa1c765b0",
                "sha256:966c145cd83c96502c3c3868f50408687b38434af77734af1e9ca461a4081d2d"
            ],
            "version": "==0.13.1"
        },
        "prospector": {
            "hashes": [
                "sha256:43e5e187c027336b0e4c4aa6a82d66d3b923b5ec5b51968126132e32f9d14a2f"
@ -1441,6 +1496,13 @@
            "index": "pypi",
            "version": "==1.3.0"
        },
        "py": {
            "hashes": [
                "sha256:366389d1db726cd2fcfc79732e75410e5fe4d31db13692115529d34069a043c2",
                "sha256:9ca6883ce56b4e8da7e79ac18787889fa5206c79dcc67fb065376cd2fe03f342"
            ],
            "version": "==1.9.0"
        },
        "pycodestyle": {
            "hashes": [
                "sha256:2295e7b2f6b5bd100585ebcb1f616591b652db8a741695b3d8f5d28bdc934367",
@ -1497,6 +1559,29 @@
            ],
            "version": "==0.6"
        },
        "pyparsing": {
            "hashes": [
                "sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1",
                "sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b"
            ],
            "version": "==2.4.7"
        },
        "pytest": {
            "hashes": [
                "sha256:1cd09785c0a50f9af72220dd12aa78cfa49cbffc356c61eab009ca189e018a33",
                "sha256:d010e24666435b39a4cf48740b039885642b6c273a3f77be3e7e03554d2806b7"
            ],
            "index": "pypi",
            "version": "==6.1.0"
        },
        "pytest-django": {
            "hashes": [
                "sha256:4de6dbd077ed8606616958f77655fed0d5e3ee45159475671c7fa67596c6dba6",
                "sha256:c33e3d3da14d8409b125d825d4e74da17bb252191bf6fc3da6856e27a8b73ea4"
            ],
            "index": "pypi",
            "version": "==3.10.0"
        },
        "pytz": {
            "hashes": [
                "sha256:a494d53b6d39c3c6e44c3bec237336e14305e4f29bbf800b599253057fbb79ed",
@ -1523,29 +1608,29 @@
        },
        "regex": {
            "hashes": [
-                "sha256:0dc64ee3f33cd7899f79a8d788abfbec168410be356ed9bd30bbd3f0a23a7204",
+                "sha256:088afc8c63e7bd187a3c70a94b9e50ab3f17e1d3f52a32750b5b77dbe99ef5ef",
-                "sha256:1269fef3167bb52631ad4fa7dd27bf635d5a0790b8e6222065d42e91bede4162",
+                "sha256:1fe0a41437bbd06063aa184c34804efa886bcc128222e9916310c92cd54c3b4c",
-                "sha256:14a53646369157baa0499513f96091eb70382eb50b2c82393d17d7ec81b7b85f",
+                "sha256:41bb65f54bba392643557e617316d0d899ed5b4946dccee1cb6696152b29844b",
-                "sha256:3a3af27a8d23143c49a3420efe5b3f8cf1a48c6fc8bc6856b03f638abc1833bb",
+                "sha256:4318d56bccfe7d43e5addb272406ade7a2274da4b70eb15922a071c58ab0108c",
-                "sha256:46bac5ca10fb748d6c55843a931855e2727a7a22584f302dd9bb1506e69f83f6",
+                "sha256:4707f3695b34335afdfb09be3802c87fa0bc27030471dbc082f815f23688bc63",
-                "sha256:4c037fd14c5f4e308b8370b447b469ca10e69427966527edcab07f52d88388f7",
+                "sha256:5533a959a1748a5c042a6da71fe9267a908e21eded7a4f373efd23a2cbdb0ecc",
-                "sha256:51178c738d559a2d1071ce0b0f56e57eb315bcf8f7d4cf127674b533e3101f88",
+                "sha256:5f18875ac23d9aa2f060838e8b79093e8bb2313dbaaa9f54c6d8e52a5df097be",
-                "sha256:5ea81ea3dbd6767873c611687141ec7b06ed8bab43f68fad5b7be184a920dc99",
+                "sha256:60b0e9e6dc45683e569ec37c55ac20c582973841927a85f2d8a7d20ee80216ab",
-                "sha256:6961548bba529cac7c07af2fd4d527c5b91bb8fe18995fed6044ac22b3d14644",
+                "sha256:84e9407db1b2eb368b7ecc283121b5e592c9aaedbe8c78b1a2f1102eb2e21d19",
-                "sha256:75aaa27aa521a182824d89e5ab0a1d16ca207318a6b65042b046053cfc8ed07a",
+                "sha256:8d69cef61fa50c8133382e61fd97439de1ae623fe943578e477e76a9d9471637",
-                "sha256:7a2dd66d2d4df34fa82c9dc85657c5e019b87932019947faece7983f2089a840",
+                "sha256:9a02d0ae31d35e1ec12a4ea4d4cca990800f66a917d0fb997b20fbc13f5321fc",
-                "sha256:8a51f2c6d1f884e98846a0a9021ff6861bdb98457879f412fdc2b42d14494067",
+                "sha256:9bc13e0d20b97ffb07821aa3e113f9998e84994fe4d159ffa3d3a9d1b805043b",
-                "sha256:9c568495e35599625f7b999774e29e8d6b01a6fb684d77dee1f56d41b11b40cd",
+                "sha256:a6f32aea4260dfe0e55dc9733ea162ea38f0ea86aa7d0f77b15beac5bf7b369d",
-                "sha256:9eddaafb3c48e0900690c1727fba226c4804b8e6127ea409689c3bb492d06de4",
+                "sha256:ae91972f8ac958039920ef6e8769277c084971a142ce2b660691793ae44aae6b",
-                "sha256:bbb332d45b32df41200380fff14712cb6093b61bd142272a10b16778c418e98e",
+                "sha256:c570f6fa14b9c4c8a4924aaad354652366577b4f98213cf76305067144f7b100",
-                "sha256:bc3d98f621898b4a9bc7fecc00513eec8f40b5b83913d74ccb445f037d58cd89",
+                "sha256:d23a18037313714fb3bb5a94434d3151ee4300bae631894b1ac08111abeaa4a3",
-                "sha256:c11d6033115dc4887c456565303f540c44197f4fc1a2bfb192224a301534888e",
+                "sha256:eaf548d117b6737df379fdd53bdde4f08870e66d7ea653e230477f071f861121",
-                "sha256:c50a724d136ec10d920661f1442e4a8b010a4fe5aebd65e0c2241ea41dbe93dc",
+                "sha256:ebbe29186a3d9b0c591e71b7393f1ae08c83cb2d8e517d2a822b8f7ec99dfd8b",
-                "sha256:d0a5095d52b90ff38592bbdc2644f17c6d495762edf47d876049cfd2968fbccf",
+                "sha256:eda4771e0ace7f67f58bc5b560e27fb20f32a148cbc993b0c3835970935c2707",
-                "sha256:d6cff2276e502b86a25fd10c2a96973fdb45c7a977dca2138d661417f3728341",
+                "sha256:f1b3afc574a3db3b25c89161059d857bd4909a1269b0b3cb3c904677c8c4a3f7",
-                "sha256:e46d13f38cfcbb79bfdb2964b0fe12561fe633caf964a77a5f8d4e45fe5d2ef7"
+                "sha256:f2388013e68e750eaa16ccbea62d4130180c26abb1d8e5d584b9baf69672b30f"
            ],
-            "version": "==2020.7.14"
+            "version": "==2020.9.27"
        },
        "requests": {
            "hashes": [
@ -1604,10 +1689,10 @@
        },
        "stevedore": {
            "hashes": [
-                "sha256:a34086819e2c7a7f86d5635363632829dab8014e5fd7be2454c7cba84ac7514e",
+                "sha256:5e1ab03eaae06ef6ce23859402de785f08d97780ed774948ef16c4652c41bc62",
-                "sha256:ddc09a744dc224c84ec8e8efcb70595042d21c97c76df60daee64c9ad53bc7ee"
+                "sha256:f845868b3a3a77a2489d226568abe7328b5c2d4f6a011cc759dfa99144a521f0"
            ],
-            "version": "==3.2.1"
+            "version": "==3.2.2"
        },
        "toml": {
            "hashes": [
@ -1642,14 +1727,6 @@
            ],
            "version": "==1.4.1"
        },
        "unittest-xml-reporting": {
            "hashes": [
                "sha256:7bf515ea8cb244255a25100cd29db611a73f8d3d0aaf672ed3266307e14cc1ca",
                "sha256:984cebba69e889401bfe3adb9088ca376b3a1f923f0590d005126c1bffd1a695"
            ],
            "index": "pypi",
            "version": "==3.0.4"
        },
        "urllib3": {
            "extras": [
                "secure"
--- a/README.md
+++ b/README.md
@ -1,4 +1,4 @@
-<img src="passbook/static/static/passbook/logo.svg" height="50" alt="passbook logo"><img src="passbook/static/static/passbook/brand_inverted.svg" height="50" alt="passbook">
+<img src="docs/images/logo.svg" height="50" alt="passbook logo"><img src="docs/images/brand_inverted.svg" height="50" alt="passbook">
 [![CI Build status](https://img.shields.io/azure-devops/build/beryjuorg/passbook/1?style=flat-square)](https://dev.azure.com/beryjuorg/passbook/_build?definitionId=1)
 ![Tests](https://img.shields.io/azure-devops/tests/beryjuorg/passbook/1?compact_message&style=flat-square)
@ -13,20 +13,7 @@ passbook is an open-source Identity Provider focused on flexibility and versatil
 ## Installation
-For small/test setups it is recommended to use docker-compose.
+For small/test setups it is recommended to use docker-compose, see the [documentation](https://passbook.beryju.org/installation/docker-compose/)
 ```
 wget https://raw.githubusercontent.com/BeryJu/passbook/master/docker-compose.yml
 # Optionally enable Error-reporting
 # export PASSBOOK_ERROR_REPORTING=true
 # Optionally deploy a different version
 # export PASSBOOK_TAG=0.10.0-rc5
 # If this is a productive installation, set a different PostgreSQL Password
 # export PG_PASS=$(pwgen 40 1)
 docker-compose pull
 docker-compose up -d
 docker-compose run --rm server migrate
 ```
 For bigger setups, there is a Helm Chart in the `helm/` directory. This is documented [here](https://passbook.beryju.org//installation/kubernetes/)
--- a/SECURITY.md
+++ b/SECURITY.md
@ -6,7 +6,8 @@ As passbook is currently in a pre-stable, only the latest "stable" version is su
 | Version  | Supported          |
 | -------- | ------------------ |
-| 0.8.15   | :white_check_mark: |
+| 0.9.x    | :white_check_mark: |
 | 0.10.x   | :white_check_mark: |
 ## Reporting a Vulnerability
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@ -8,6 +8,10 @@ variables:
  POSTGRES_DB: passbook
  POSTGRES_USER: passbook
  POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77"
  ${{ if startsWith(variables['Build.SourceBranch'], 'refs/heads/') }}:
    branchName: ${{ replace(variables['Build.SourceBranchName'], 'refs/heads/', '') }}
  ${{ if startsWith(variables['Build.SourceBranch'], 'refs/pull/') }}:
    branchName: ${{ replace(variables['System.PullRequest.SourceBranch'], 'refs/heads/', '') }}
 stages:
  - stage: Lint
@ -26,7 +30,7 @@ stages:
                pipenv install --dev
          - task: CmdLine@2
            inputs:
-              script: pipenv run pylint passbook
+              script: pipenv run pylint passbook e2e lifecycle
      - job: black
        pool:
          vmImage: 'ubuntu-latest'
@ -41,7 +45,7 @@ stages:
                pipenv install --dev
          - task: CmdLine@2
            inputs:
-              script: pipenv run black --check passbook
+              script: pipenv run black --check passbook e2e lifecycle
      - job: prospector
        pool:
          vmImage: 'ubuntu-latest'
@ -57,7 +61,7 @@ stages:
                pipenv install --dev prospector --skip-lock
          - task: CmdLine@2
            inputs:
-              script: pipenv run prospector passbook
+              script: pipenv run prospector
      - job: bandit
        pool:
          vmImage: 'ubuntu-latest'
@ -72,7 +76,7 @@ stages:
                pipenv install --dev
          - task: CmdLine@2
            inputs:
-              script: pipenv run bandit -r passbook
+              script: pipenv run bandit -r passbook e2e lifecycle
      - job: pyright
        pool:
          vmImage: ubuntu-latest
@ -93,7 +97,7 @@ stages:
                pipenv install --dev
          - task: CmdLine@2
            inputs:
-              script: pipenv run pyright
+              script: pipenv run pyright e2e lifecycle
  - stage: Test
    jobs:
      - job: migrations
@ -117,6 +121,41 @@ stages:
          - task: CmdLine@2
            inputs:
              script: pipenv run ./manage.py migrate
      - job: migrations_from_previous_release
        pool:
          vmImage: 'ubuntu-latest'
        steps:
          - task: UsePythonVersion@0
            inputs:
              versionSpec: '3.8'
          - task: DockerCompose@0
            displayName: Run services
            inputs:
              dockerComposeFile: 'scripts/ci.docker-compose.yml'
              action: 'Run services'
              buildImages: false
          - task: CmdLine@2
            displayName: Prepare Last tagged release
            inputs:
              script: |
                git checkout $(git describe --abbrev=0 --match 'version/*')
                sudo pip install -U wheel pipenv
                pipenv install --dev
          - task: CmdLine@2
            displayName: Migrate to last tagged release
            inputs:
              script: pipenv run ./manage.py migrate
          - task: CmdLine@2
            displayName: Install current branch
            inputs:
              script: |
                set -x
                git checkout ${{ variables.branchName }}
                pipenv sync --dev
          - task: CmdLine@2
            displayName: Migrate to current branch
            inputs:
              script: pipenv run ./manage.py migrate
      - job: coverage_unittest
        pool:
          vmImage: 'ubuntu-latest'
@ -139,7 +178,10 @@ stages:
            displayName: Run full test suite
            inputs:
              script: |
-                pipenv run coverage run ./manage.py test passbook
+                pipenv run coverage run ./manage.py test passbook -v 3
          - task: CmdLine@2
            inputs:
              script: |
                mkdir output-unittest
                mv unittest.xml output-unittest/unittest.xml
                mv .coverage output-unittest/coverage
@ -150,7 +192,7 @@ stages:
              publishLocation: 'pipeline'
      - job: coverage_e2e
        pool:
-          vmImage: 'ubuntu-latest'
+          name: coventry
        steps:
          - task: UsePythonVersion@0
            inputs:
@ -181,7 +223,14 @@ stages:
          - task: CmdLine@2
            displayName: Run full test suite
            inputs:
-              script: pipenv run coverage run ./manage.py test e2e
+              script: |
                pipenv run coverage run ./manage.py test e2e -v 3 --failfast
          - task: CmdLine@2
            condition: always()
            displayName: Cleanup
            inputs:
              script: |
                docker stop $(docker ps -aq)
          - task: CmdLine@2
            displayName: Prepare unittests and coverage for upload
            inputs:
@ -225,11 +274,9 @@ stages:
              script: |
                sudo pip install -U wheel pipenv
                pipenv install --dev
                find .
                pipenv run coverage combine coverage-e2e/coverage coverage-unittest/coverage
                pipenv run coverage xml
                pipenv run coverage html
                find .
          - task: PublishCodeCoverageResults@1
            inputs:
              codeCoverageTool: 'Cobertura'
@ -260,7 +307,7 @@ stages:
            repository: 'beryju/passbook'
            command: 'buildAndPush'
            Dockerfile: 'Dockerfile'
-            tags: 'gh-$(Build.SourceBranchName)'
+            tags: "gh-${{ variables.branchName }}"
      - job: build_static
        pool:
          vmImage: 'ubuntu-latest'
@ -277,14 +324,14 @@ stages:
            repository: 'beryju/passbook-static'
            command: 'build'
            Dockerfile: 'static.Dockerfile'
-            tags: 'gh-$(Build.SourceBranchName)'
+            tags: "gh-${{ variables.branchName }}"
            arguments: "--network=beryjupassbook_default"
        - task: Docker@2
          inputs:
            containerRegistry: 'dockerhub'
            repository: 'beryju/passbook-static'
            command: 'push'
-            tags: 'gh-$(Build.SourceBranchName)'
+            tags: "gh-${{ variables.branchName }}"
  - stage: Deploy
    jobs:
      - job: deploy_dev
@ -300,4 +347,4 @@ stages:
              chartType: 'FilePath'
              chartPath: 'helm/'
              releaseName: 'passbook-dev'
-              recreate: true
+              recreate: true
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -14,6 +14,8 @@ services:
      - POSTGRES_DB=passbook
    labels:
      - traefik.enable=false
    env_file:
      - .env
  redis:
    image: redis
    networks:
@ -21,14 +23,12 @@ services:
    labels:
      - traefik.enable=false
  server:
-    image: beryju/passbook:${PASSBOOK_TAG:-0.10.0-rc5}
+    image: beryju/passbook:${PASSBOOK_TAG:-0.10.8-stable}
    command: server
    environment:
      PASSBOOK_REDIS__HOST: redis
      PASSBOOK_ERROR_REPORTING: ${PASSBOOK_ERROR_REPORTING:-false}
      PASSBOOK_POSTGRESQL__HOST: postgresql
-      PASSBOOK_POSTGRESQL__PASSWORD: ${PG_PASS:-thisisnotagoodpassword}
+      PASSBOOK_POSTGRESQL__PASSWORD: ${PG_PASS}
      PASSBOOK_LOG_LEVEL: debug
    ports:
      - 8000
    networks:
@ -37,8 +37,10 @@ services:
      - traefik.port=8000
      - traefik.docker.network=internal
      - traefik.frontend.rule=PathPrefix:/
    env_file:
      - .env
  worker:
-    image: beryju/passbook:${PASSBOOK_TAG:-0.10.0-rc5}
+    image: beryju/passbook:${PASSBOOK_TAG:-0.10.8-stable}
    command: worker
    networks:
      - internal
@ -46,12 +48,12 @@ services:
      - traefik.enable=false
    environment:
      PASSBOOK_REDIS__HOST: redis
      PASSBOOK_ERROR_REPORTING: ${PASSBOOK_ERROR_REPORTING:-false}
      PASSBOOK_POSTGRESQL__HOST: postgresql
-      PASSBOOK_POSTGRESQL__PASSWORD: ${PG_PASS:-thisisnotagoodpassword}
+      PASSBOOK_POSTGRESQL__PASSWORD: ${PG_PASS}
-      PASSBOOK_LOG_LEVEL: debug
+    env_file:
      - .env
  static:
-    image: beryju/passbook-static:${PASSBOOK_TAG:-0.10.0-rc5}
+    image: beryju/passbook-static:${PASSBOOK_TAG:-0.10.8-stable}
    networks:
      - internal
    labels:
--- a/docs/flow/examples/enrollment-email-verification.json
+++ b/docs/flow/examples/enrollment-email-verification.json
@ -84,15 +84,6 @@
            }
        },
        {
            "identifiers": {
                "pk": "9922212c-47a2-475a-9905-abeb5e621652"
            },
            "model": "passbook_policies_expression.expressionpolicy",
            "attrs": {
                "name": "policy-enrollment-password-equals",
                "expression": "# Verifies that the passwords are equal\r\nreturn request.context['password'] == request.context['password_repeat']"
            }
        },{
            "identifiers": {
                "pk": "096e6282-6b30-4695-bd03-3b143eab5580",
                "name": "default-enrollment-email-verficiation"
@ -135,9 +126,6 @@
                    "cb954fd4-65a5-4ad9-b1ee-180ee9559cf4",
                    "7db91ee8-4290-4e08-8d39-63f132402515",
                    "d30b5eb4-7787-4072-b1ba-65b46e928920"
                ],
                "validation_policies": [
                    "9922212c-47a2-475a-9905-abeb5e621652"
                ]
            }
        },
--- a/docs/flow/examples/recovery-email-verification.json
+++ b/docs/flow/examples/recovery-email-verification.json
@ -55,16 +55,6 @@
                "order": 1
            }
        },
        {
            "identifiers": {
                "pk": "cd042fc6-cc92-4b98-b7e6-f4729df798d8"
            },
            "model": "passbook_policies_expression.expressionpolicy",
            "attrs": {
                "name": "default-password-change-password-equal",
                "expression": "# Check that both passwords are equal.\nreturn request.context['password'] == request.context['password_repeat']"
            }
        },
        {
            "identifiers": {
                "pk": "e54045a7-6ecb-4ad9-ad37-28e72d8e565e",
@ -118,9 +108,6 @@
                "fields": [
                    "7db91ee8-4290-4e08-8d39-63f132402515",
                    "d30b5eb4-7787-4072-b1ba-65b46e928920"
                ],
                "validation_policies": [
                    "cd042fc6-cc92-4b98-b7e6-f4729df798d8"
                ]
            }
        },
--- a/docs/flow/flows.md
+++ b/docs/flow/flows.md
@ -39,7 +39,6 @@ This designates a flow for unenrollment. This flow can contain any amount of ver
 This designates a flow for recovery. This flow normally contains an [**identification**](stages/identification/index.md) stage to find the user. It can also contain any amount of verification stages, such as [**email**](stages/email/index.md) or [**captcha**](stages/captcha/index.md).
 Afterwards, use the [**prompt**](stages/prompt/index.md) stage to ask the user for a new password and the [**user_write**](stages/user_write.md) stage to update the password.
-### Change Password
+### Setup
-This designates a flow for password changes. This flow can contain any amount of verification stages, such as [**email**](stages/email/index.md) or [**captcha**](stages/captcha/index.md).
+This designates a flow for general setup. This designation doesn't have any constraints in what you can do. For example, by default this designation is used to configure Factors, like change a password and setup TOTP.
 Afterwards, use the [**prompt**](stages/prompt/index.md) stage to ask the user for a new password and the [**user_write**](stages/user_write.md) stage to update the password.
--- a/docs/installation/docker-compose.md
+++ b/docs/installation/docker-compose.md
@ -11,14 +11,21 @@ This installation method is for test-setups and small-scale productive setups.
 Download the latest `docker-compose.yml` from [here](https://raw.githubusercontent.com/BeryJu/passbook/master/docker-compose.yml). Place it in a directory of your choice.
 To optionally enable error-reporting, run `echo PASSBOOK_ERROR_REPORTING__ENABLED=true >> .env`
 To optionally deploy a different version run `echo PASSBOOK_TAG=0.10.8-stable >> .env`
 If this is a fresh passbook install run the following commands to generate a password:
 ```
 sudo apt-get install -y pwgen
 echo "PG_PASS=$(pwgen 40 1)" >> .env
 echo "PASSBOOK_SECRET_KEY=$(pwgen 50 1)" >> .env
 ```
 Afterwards, run these commands to finish
 ```
 wget https://raw.githubusercontent.com/BeryJu/passbook/master/docker-compose.yml
 # Optionally enable Error-reporting
 # export PASSBOOK_ERROR_REPORTING=true
 # Optionally deploy a different version
 # export PASSBOOK_TAG=0.10.0-rc5
 # If this is a productive installation, set a different PostgreSQL Password
 # export PG_PASS=$(pwgen 40 1)
 docker-compose pull
 docker-compose up -d
 docker-compose run --rm server migrate
@ -32,4 +39,6 @@ Now you can pull the Docker images needed by running `docker-compose pull`. Afte
 passbook will then be reachable via HTTP on port 80, and HTTPS on port 443. You can optionally configure the packaged traefik to use Let's Encrypt certificates for TLS Encryption.
 If you plan to access passbook via a reverse proxy which does SSL Termination, make sure you use the HTTPS port, so passbook is aware of the SSL connection.
 The initial setup process also creates a default admin user, the username and password for which is `pbadmin`. It is highly recommended to change this password as soon as you log in.
--- a/docs/installation/kubernetes.md
+++ b/docs/installation/kubernetes.md
@ -11,7 +11,7 @@ This installation automatically applies database migrations on startup. After th
 image:
  name: beryju/passbook
  name_static: beryju/passbook-static
-  tag: 0.9.0-stable
+  tag: 0.10.8-stable
 nameOverride: ""
--- a/docs/integrations/services/aws/index.md
+++ b/docs/integrations/services/aws/index.md
@ -9,14 +9,14 @@
 The following placeholders will be used:
-   `passbook.company` is the FQDN of the passbook install.
+- `passbook.company` is the FQDN of the passbook install.
 Create an application in passbook and note the slug, as this will be used later. Create a SAML provider with the following parameters:
-   ACS URL: `https://signin.aws.amazon.com/saml`
+- ACS URL: `https://signin.aws.amazon.com/saml`
-   Audience: `urn:amazon:webservices`
+- Audience: `urn:amazon:webservices`
-   Issuer: `passbook`
+- Issuer: `passbook`
-   Binding: `Post`
+- Binding: `Post`
 You can of course use a custom signing certificate, and adjust durations.
@ -24,10 +24,49 @@ You can of course use a custom signing certificate, and adjust durations.
 Create a role with the permissions you desire, and note the ARN.
-AWS requires two custom PropertyMappings; `Role` and `RoleSessionName`. Create them as following:
+After you've created the Property Mappings below, add them to the Provider.
-![](./property-mapping-role.png)
+Create an application, assign policies, and assign this provider.
-![](./property-mapping-role-session-name.png)
+Export the metadata from passbook, and create an Identity Provider [here](https://console.aws.amazon.com/iam/home#/providers).
-Afterwards export the metadata from passbook, and create an Identity Provider [here](https://console.aws.amazon.com/iam/home#/providers).
+#### Role Mapping
 The Role mapping specifies the AWS ARN(s) of the identity provider, and the role the user should assume ([see](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_assertions.html#saml_role-attribute)).
 This Mapping needs to have the SAML Name field set to "https://aws.amazon.com/SAML/Attributes/Role"
 As expression, you can return a static ARN like so
 ```python
 return "arn:aws:iam::123412341234:role/saml_role,arn:aws:iam::123412341234:saml-provider/passbook"
 ```
 Or, if you want to assign AWS Roles based on Group membership, you can add a custom attribute to the Groups, for example "aws_role", and use this snippet below. Groups are sorted by name and later groups overwrite earlier groups' attributes.
 ```python
 role_name = user.group_attributes().get("aws_role", "")
 return f"arn:aws:iam::123412341234:role/{role_name},arn:aws:iam::123412341234:saml-provider/passbook"
 ```
 If you want to allow a user to choose from multiple roles, use this snippet
 ```python
 return [
    "arn:aws:iam::123412341234:role/role_a,arn:aws:iam::123412341234:saml-provider/passbook",
    "arn:aws:iam::123412341234:role/role_b,arn:aws:iam::123412341234:saml-provider/passbook",
    "arn:aws:iam::123412341234:role/role_c,arn:aws:iam::123412341234:saml-provider/passbook",
 ]
 ```
 ### RoleSessionName Mapping
 The RoleSessionMapping specifies what identifier will be shown at the top of the Management Console ([see](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_assertions.html#saml_role-session-attribute)).
 This mapping needs to have the SAML Name field set to "https://aws.amazon.com/SAML/Attributes/RoleSessionName".
 To use the user's username, use this snippet
 ```python
 return user.username
 ```
--- a/docs/integrations/services/aws/property-mapping-role-session-name.png
+++ b/docs/integrations/services/aws/property-mapping-role-session-name.png
--- a/docs/integrations/services/aws/property-mapping-role.png
+++ b/docs/integrations/services/aws/property-mapping-role.png
--- a/docs/integrations/services/gitlab/index.md
+++ b/docs/integrations/services/gitlab/index.md
@ -11,14 +11,15 @@ From https://about.gitlab.com/what-is-gitlab/
 The following placeholders will be used:
-   `gitlab.company` is the FQDN of the GitLab Install
+- `gitlab.company` is the FQDN of the GitLab Install
-   `passbook.company` is the FQDN of the passbook Install
+- `passbook.company` is the FQDN of the passbook Install
 Create an application in passbook and note the slug, as this will be used later. Create a SAML provider with the following parameters:
-   ACS URL: `https://gitlab.company/users/auth/saml/callback`
+- ACS URL: `https://gitlab.company/users/auth/saml/callback`
-   Audience: `https://gitlab.company`
+- Audience: `https://gitlab.company`
-   Issuer: `https://gitlab.company`
+- Issuer: `https://gitlab.company`
 - Binding: `Post`
 You can of course use a custom signing certificate, and adjust durations. To get the value for `idp_cert_fingerprint`, you can use a tool like [this](https://www.samltool.com/fingerprint.php).
@ -41,7 +42,7 @@ gitlab_rails['omniauth_providers'] = [
    args: {
      assertion_consumer_service_url: 'https://gitlab.company/users/auth/saml/callback',
      idp_cert_fingerprint: '4E:1E:CD:67:4A:67:5A:E9:6A:D0:3C:E6:DD:7A:F2:44:2E:76:00:6A',
-      idp_sso_target_url: 'https://passbook.company/application/saml/<passbook application slug>/login/',
+      idp_sso_target_url: 'https://passbook.company/application/saml/<passbook application slug>/sso/binding/post/',
      issuer: 'https://gitlab.company',
      name_identifier_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
      attribute_statements: {
--- a/docs/integrations/services/sentry/auth.png
+++ b/docs/integrations/services/sentry/auth.png
--- a/docs/integrations/services/sentry/index.md
+++ b/docs/integrations/services/sentry/index.md
@ -15,27 +15,31 @@ From https://sentry.io
 The following placeholders will be used:
-   `sentry.company` is the FQDN of the Sentry install.
+- `sentry.company` is the FQDN of the Sentry install.
-   `passbook.company` is the FQDN of the passbook install.
+- `passbook.company` is the FQDN of the passbook install.
-Create an application in passbook. Create an OpenID provider with the following parameters:
+Create an application in passbook. Create a SAML Provider with the following values
-   Client Type: `Confidential`
+- ACS URL: `https://sentry.company/saml/acs/<sentry organisation name>/`
-   Response types: `code (Authorization Code Flow)`
+- Audience: `https://sentry.company/saml/metadata/<sentry organisation name>/`
-   JWT Algorithm: `RS256`
+- Issuer: `passbook`
-   Redirect URIs: `https://sentry.company/auth/sso/`
+- Service Provider Binding: `Post`
-   Scopes: `openid email`
+- Property Mapping: Select all Autogenerated Mappings
 ## Sentry
 **This guide assumes you've installed Sentry using [getsentry/onpremise](https://github.com/getsentry/onpremise)**
- Add `sentry-auth-oidc` to `onpremise/sentry/requirements.txt` (Create the file if it doesn't exist yet)
+Navigate to Settings -> Auth, and click on Configure next to SAML2
- Add the following block to your `onpremise/sentry/sentry.conf.py`:
+
-```
+![](./auth.png)
-OIDC_ISSUER = "passbook"
+
-OIDC_CLIENT_ID = "<Client ID from passbook>"
+In passbook, get the Metadata URL by right-clicking `Download Metadata` and selecting Copy Link Address, and paste that URL into Sentry.
-OIDC_CLIENT_SECRET = "<Client Secret from passbook>"
+
-OIDC_SCOPE = "openid email"
+On the next screen, input these Values
-OIDC_DOMAIN = "https://passbook.company/application/oidc/"
+
-```
+IdP User ID: `urn:oid:0.9.2342.19200300.100.1.1`
 User Email: `urn:oid:0.9.2342.19200300.100.1.3`
 First Name: `urn:oid:2.5.4.3`
 After confirming, Sentry will authenticate with passbook, and you should be redirected back to a page confirming your settings.
--- a/docs/integrations/services/sonarr/index.md
+++ b/docs/integrations/services/sonarr/index.md
@ -0,0 +1,37 @@
 # Sonarr Integration
 !!! note
    These instructions apply to all projects in the *arr Family. If you use multiple of these projects, you can assign them to the same Outpost.
 ## What is Sonarr
 From https://github.com/Sonarr/Sonarr
 !!! note ""
    Sonarr is a PVR for Usenet and BitTorrent users. It can monitor multiple RSS feeds for new episodes of your favorite shows and will grab, sort and rename them. It can also be configured to automatically upgrade the quality of files already downloaded when a better quality format becomes available.
 ## Preparation
 The following placeholders will be used:
 - `sonarr.company` is the FQDN of the Sonarr install.
 - `passbook.company` is the FQDN of the passbook install.
 Create an application in passbook. Create a Proxy Provider with the following values
 - Internal host
    If Sonarr is running in docker, and you're deploying the passbook proxy on the same host, set the value to `http://sonarr:8989`, where sonarr is the name of your container.
    If Sonarr is running on a different server than where you are deploying the passbook proxy, set the value to `http://sonarr.company:8989`.
 - External host
    Set this to the external URL you will be accessing Sonarr from.
 ## Deployment
 Create an outpost deployment for the provider you've created above, as described [here](../../../outposts/outposts.md). Deploy this Outpost either on the same host or a different host that can access Sonarr.
 The outpost will connect to passbook and configure itself.
--- a/docs/integrations/services/tautulli/index.md
+++ b/docs/integrations/services/tautulli/index.md
@ -0,0 +1,50 @@
 # Tautulli Integration
 ## What is Tautulli
 From https://tautulli.com/
 !!! note
    Tautulli is a 3rd party application that you can run alongside your Plex Media Server to monitor activity and track various statistics. Most importantly, these statistics include what has been watched, who watched it, when and where they watched it, and how it was watched. The only thing missing is "why they watched it", but who am I to question your 42 plays of Frozen. All statistics are presented in a nice and clean interface with many tables and graphs, which makes it easy to brag about your server to everyone else.
 ## Preparation
 The following placeholders will be used:
 - `tautulli.company` is the FQDN of the Tautulli install.
 - `passbook.company` is the FQDN of the passbook install.
 ## passbook Setup
 Because Tautulli requires valid HTTP Basic credentials, you must save your HTTP Basic Credentials in passbook. The recommended way to do this, is to create a Group, called for example "Tautulli Users". For this group, add the following attributes:
 ```yaml
 tautulli_user: username
 tautulli_password: password
 ```
 Add all Tautulli users to the Group. You should also create a Group Membership Policy to limit access to the application.
 Create an application in passbook. Create a Proxy provider with the following parameters:
 - Internal host
    If Tautulli is running in docker, and you're deploying the passbook proxy on the same host, set the value to `http://tautulli:3579`, where tautulli is the name of your container.
    If Tautulli is running on a different server than where you are deploying the passbook proxy, set the value to `http://tautulli.company:3579`.
 - External host
    Set this to the external URL you will be accessing Tautulli from.
 Enable the `Set HTTP-Basic Authentication` option. Set and `HTTP-Basic Username` and `HTTP-Basic Password` to `tautulli_user` and `tautulli_password` respectively. These values can be chosen freely, `tautulli_` is just used a prefix for clarity.
 ## Tautulli Setup
 In Tautulli, navigate to Settings and enable the "Show Advanced" option. Navigate to "Web Interface" on the sidebar, and ensure the Option `Use Basic Authentication` is checked.
 ![](./tautulli.png)
 Save the settings, and restart Tautulli if prompted.
 Afterwards, you need to deploy an Outpost in front of Tautulli, just like descried [here](../sonarr/index.md)
--- a/docs/integrations/services/tautulli/tautulli.png
+++ b/docs/integrations/services/tautulli/tautulli.png
--- a/docs/integrations/services/tower-awx/index.md
+++ b/docs/integrations/services/tower-awx/index.md
@ -16,14 +16,15 @@ From https://docs.ansible.com/ansible/2.5/reference_appendices/tower.html
 The following placeholders will be used:
-   `awx.company` is the FQDN of the AWX/Tower install.
+- `awx.company` is the FQDN of the AWX/Tower install.
-   `passbook.company` is the FQDN of the passbook install.
+- `passbook.company` is the FQDN of the passbook install.
 Create an application in passbook and note the slug, as this will be used later. Create a SAML provider with the following parameters:
-   ACS URL: `https://awx.company/sso/complete/saml/`
+- ACS URL: `https://awx.company/sso/complete/saml/`
-   Audience: `awx`
+- Audience: `awx`
-   Issuer: `https://awx.company/sso/metadata/saml/`
+- Service Provider Binding: Post
 - Issuer: `https://awx.company/sso/metadata/saml/`
 You can of course use a custom signing certificate, and adjust durations.
--- a/docs/integrations/services/ubuntu-landscape/index.md
+++ b/docs/integrations/services/ubuntu-landscape/index.md
@ -0,0 +1,58 @@
 # Ubuntu Landscape Integration
 ## What is Ubuntu Landscape
 From https://en.wikipedia.org/wiki/Landscape_(software)
 !!! note ""
    Landscape is a systems management tool developed by Canonical. It can be run on-premises or in the cloud depending on the needs of the user. It is primarily designed for use with Ubuntu derivatives such as Desktop, Server, and Core.
 !!! warning
    This requires passbook 0.10.3 or newer.
 ## Preparation
 The following placeholders will be used:
 - `landscape.company` is the FQDN of the Landscape server.
 - `passbook.company` is the FQDN of the passbook install.
 Landscape uses the OpenID-Connect Protocol for single-sign on.
 ## passbook Setup
 Create an OAuth2/OpenID-Connect Provider with the default settings. Set the Redirect URIs to `https://landscape.company/login/handle-openid`. Select all Autogenerated Scopes.
 Keep Note of the Client ID and the Client Secret.
 Create an application and assign access policies to the application. Set the application's provider to the provider you've just created.
 ## Landscape Setup
 On the Landscape Server, edit the file `/etc/landscape/service.conf` and add the following snippet under the `[landscape]` section:
 ```
 oidc-issuer = https://passbook.company/application/o/<slug of the application you've created>/
 oidc-client-id = <client ID of the provider you've created>
 oidc-client-secret = <client Secret of the provider you've created>
 ```
 Afterwards, run `sudo lsctl restart` to restart the Landscape services.
 ## Appendix
 To make an OpenID-Connect User admin, you have to insert some rows into the database.
 First login with your passbook user, and make sure the user is created successfully.
 Run `sudo -u postgres psql landscape-standalone-main` on the Landscape server to open a PostgreSQL Prompt.
 Then run `select * from person;` to get a list of all users. Take note of the ID given to your new user.
 Run the following commands to make this user an administrator:
 ```sql
 INSERT INTO person_account VALUES (<user id>, 1);
 INSERT INTO person_access VALUES (<user id>, 1, 1);
 ```
--- a/docs/integrations/services/vmware-vcenter/index.md
+++ b/docs/integrations/services/vmware-vcenter/index.md
@ -0,0 +1,77 @@
 # VMware vCenter Integration
 ## What is vCenter
 From https://en.wikipedia.org/wiki/VCenter
 !!! note ""
    vCenter Server is the centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized location. VMware vMotion and svMotion require the use of vCenter and ESXi hosts.
 !!! warning
    This requires passbook 0.10.3 or newer.
 !!! warning
    This requires VMware vCenter 7.0.0 or newer.
 ## Preparation
 The following placeholders will be used:
 - `vcenter.company` is the FQDN of the vCenter server.
 - `passbook.company` is the FQDN of the passbook install.
 Since vCenter only allows OpenID-Connect in combination with Active Directory, it is recommended to have passbook sync with the same Active Directory.
 ### Step 1
 Under *Property Mappings*, create a *Scope Mapping*. Give it a name like "OIDC-Scope-VMware-vCenter". Set the scope name to `openid` and the expression to the following
 ```python
 return {
  "domain": "<your active directory domain>",
 }
 ```
 ### Step 2
 !!! note
    If your Active Directory Schema is the same as your Email address schema, skip to Step 3.
 Under *Sources*, click *Edit* and ensure that "Autogenerated Active Directory Mapping: userPrincipalName -> attributes.upn" has been added to your source.
 ### Step 3
 Under *Providers*, create an OAuth2/OpenID Provider with these settings:
 - Client Type: Confidential
 - Response Type: code (ADFS Compatibility Mode, sends id_token as access_token)
 - JWT Algorithm: RS256
 - Redirect URI: `https://vcenter.company/ui/login/oauth2/authcode`
 - Post Logout Redirect URIs: `https://vcenter.company/ui/login`
 - Sub Mode: If your Email address Schema matches your UPN, select "Based on the User's Email...", otherwise select "Based on the User's UPN...".
 - Scopes: Select the Scope Mapping you've created in Step 1
 ![](./passbook_setup.png)
 ### Step 4
 Create an application which uses this provider. Optionally apply access restrictions to the application.
 ## vCenter Setup
 Login as local Administrator account (most likely ends with vsphere.local). Using the Menu in the Navigation bar, navigate to *Administration -> Single Sing-on -> Configuration*.
 Click on *Change Identity Provider* in the top-right corner.
 In the wizard, select "Microsoft ADFS" and click Next.
 Fill in the Client Identifier and Shared Secret from the Provider in passbook. For the OpenID Address, click on *View Setup URLs* in passbook, and copy the OpenID Configuration URL.
 On the next page, fill in your Active Directory Connection Details. These should be similar to what you have set in passbook.
 ![](./vcenter_post_setup.png)
 If your vCenter was already setup with LDAP beforehand, your Role assignments will continue to work.
--- a/docs/integrations/services/vmware-vcenter/passbook_setup.png
+++ b/docs/integrations/services/vmware-vcenter/passbook_setup.png
--- a/docs/integrations/services/vmware-vcenter/vcenter_post_setup.png
+++ b/docs/integrations/services/vmware-vcenter/vcenter_post_setup.png
--- a/docs/outposts/deploy-docker-compose.md
+++ b/docs/outposts/deploy-docker-compose.md
@ -0,0 +1,20 @@
 # Outpost deployment in docker-compose
 To deploy an outpost with docker-compose, use  this snippet in your docker-compose file.
 You can also run the outpost in a separate docker-compose project, you just have to ensure that the outpost container can reach your application container.
 ```yaml
 version: 3.5
 services:
  passbook_proxy:
    image: beryju/passbook-proxy:0.10.0-stable
    ports:
      - 4180:4180
      - 4443:4443
    environment:
      PASSBOOK_HOST: https://your-passbook.tld
      PASSBOOK_INSECURE: 'false'
      PASSBOOK_TOKEN: token-generated-by-passbook
 ```
--- a/docs/outposts/deploy-kubernetes.md
+++ b/docs/outposts/deploy-kubernetes.md
@ -0,0 +1,99 @@
 # Outpost deployment on Kubernetes
 Use the following manifest, replacing all values surrounded with `__`.
 Afterwards, configure the proxy provider to connect to `<service name>.<namespace>.svc.cluster.local`, and update your Ingress to connect to the `passbook-outpost` service.
 ```yaml
 apiVersion: v1
 kind: Secret
 metadata:
  labels:
    app.kubernetes.io/instance: test
    app.kubernetes.io/managed-by: passbook.beryju.org
    app.kubernetes.io/name: passbook-proxy
    app.kubernetes.io/version: 0.10.0
  name: passbook-outpost-api
 stringData:
  passbook_host: '__PASSBOOK_URL__'
  passbook_host_insecure: 'true'
  token: '__PASSBOOK_TOKEN__'
 type: Opaque
 ---
 apiVersion: v1
 kind: Service
 metadata:
  labels:
    app.kubernetes.io/instance: test
    app.kubernetes.io/managed-by: passbook.beryju.org
    app.kubernetes.io/name: passbook-proxy
    app.kubernetes.io/version: 0.10.0
  name: passbook-outpost
 spec:
  ports:
  - name: http
    port: 4180
    protocol: TCP
    targetPort: http
  - name: https
    port: 4443
    protocol: TCP
    targetPort: https
  selector:
    app.kubernetes.io/instance: test
    app.kubernetes.io/managed-by: passbook.beryju.org
    app.kubernetes.io/name: passbook-proxy
    app.kubernetes.io/version: 0.10.0
  type: ClusterIP
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  labels:
    app.kubernetes.io/instance: test
    app.kubernetes.io/managed-by: passbook.beryju.org
    app.kubernetes.io/name: passbook-proxy
    app.kubernetes.io/version: 0.10.0
  name: passbook-outpost
 spec:
  selector:
    matchLabels:
      app.kubernetes.io/instance: test
      app.kubernetes.io/managed-by: passbook.beryju.org
      app.kubernetes.io/name: passbook-proxy
      app.kubernetes.io/version: 0.10.0
  template:
    metadata:
      labels:
        app.kubernetes.io/instance: test
        app.kubernetes.io/managed-by: passbook.beryju.org
        app.kubernetes.io/name: passbook-proxy
        app.kubernetes.io/version: 0.10.0
    spec:
      containers:
      - env:
        - name: PASSBOOK_HOST
          valueFrom:
            secretKeyRef:
              key: passbook_host
              name: passbook-outpost-api
        - name: PASSBOOK_TOKEN
          valueFrom:
            secretKeyRef:
              key: token
              name: passbook-outpost-api
        - name: PASSBOOK_INSECURE
          valueFrom:
            secretKeyRef:
              key: passbook_host_insecure
              name: passbook-outpost-api
        image: beryju/passbook-proxy:0.10.0-stable
        name: proxy
        ports:
        - containerPort: 4180
          name: http
          protocol: TCP
        - containerPort: 4443
          name: https
          protocol: TCP
 ```
--- a/docs/outposts/outposts.md
+++ b/docs/outposts/outposts.md
@ -6,21 +6,9 @@ An outpost is a single deployment of a passbook component, which can be deployed
 Upon creation, a service account and a token is generated. The service account only has permissions to read the outpost and provider configuration. This token is used by the Outpost to connect to passbook.
-To deploy an outpost, you can for example use this docker-compose snippet:
+To deploy an outpost, see: <a name="deploy">
-```yaml
+- [Kubernetes](deploy-kubernetes.md)
-version: 3.5
+- [docker-compose](deploy-docker-compose.md)
-services:
+In future versions, this snippet will be automatically generated. You will also be able to deploy an outpost directly into a kubernetes cluster.
  passbook_proxy:
    image: beryju/passbook-proxy:0.10.0-stable
    ports:
      - 4180:4180
      - 4443:4443
    environment:
      PASSBOOK_HOST: https://your-passbook.tld
      PASSBOOK_INSECURE: 'true'
      PASSBOOK_TOKEN: token-generated-by-passbook
 ```
 In future versions, this snippet will be automatically generated. You will also be able to deploy an outpost directly into a kubernetes cluster.w
--- a/docs/outposts/upgrading.md
+++ b/docs/outposts/upgrading.md
@ -0,0 +1,9 @@
 # Upgrading an Outpost
 In the Outpost Overview list, you'll see if any deployed outposts are out of date.
 ![](./upgrading_outdated.png)
 To upgrade the Outpost to the latest version, simple adjust the docker tag of the outpost the the new version.
 Since the configuration is managed by passbook, that's all you have to do.
--- a/docs/outposts/upgrading_outdated.png
+++ b/docs/outposts/upgrading_outdated.png
--- a/docs/policies/expression.md
+++ b/docs/policies/expression.md
@ -27,4 +27,11 @@ return False
    - `request.context`: A dictionary with dynamic data. This depends on the origin of the execution.
 - `pb_is_sso_flow`: Boolean which is true if request was initiated by authenticating through an external provider.
 - `pb_client_ip`: Client's IP Address or '255.255.255.255' if no IP Address could be extracted. Can be [compared](../expressions/index.md#comparing-ip-addresses)
- `pb_flow_plan`: Current Plan if Policy is called from the Flow Planner.
+
 Additionally, when the policy is executed from a flow, every variable from the flow's current context is accessible under the `context` object.
 This includes the following:
 - `prompt_data`: Data which has been saved from a prompt stage or an external source.
 - `application`: The application the user is in the process of authorizing.
 - `pending_user`: The currently pending user
--- a/docs/troubleshooting/access.md
+++ b/docs/troubleshooting/access.md
@ -0,0 +1,11 @@
 # Troubleshooting access problems
 ## I get an access denied error when trying to access an application.
 If your user is a superuser, or has the attribute `passbook_user_debug` set to true:
 ![](./passbook_user_debug.png)
 Afterwards, try to access the application again. You will now see a message explaining which policy denied you access:
 ![](./access_denied_message.png)
--- a/docs/troubleshooting/access_denied_message.png
+++ b/docs/troubleshooting/access_denied_message.png
--- a/docs/troubleshooting/passbook_user_debug.png
+++ b/docs/troubleshooting/passbook_user_debug.png
--- a/e2e/ci.docker-compose.yml
+++ b/e2e/ci.docker-compose.yml
@ -2,7 +2,7 @@ version: '3.7'
 services:
  chrome:
-    image: selenium/standalone-chrome:3.141.59-20200525
+    image: selenium/standalone-chrome:3.141
    volumes:
      - /dev/shm:/dev/shm
    network_mode: host
--- a/e2e/docker-compose.yml
+++ b/e2e/docker-compose.yml
@ -2,7 +2,7 @@ version: '3.7'
 services:
  chrome:
-    image: selenium/standalone-chrome-debug:3.141.59-20200525
+    image: selenium/standalone-chrome-debug:3.141
    volumes:
      - /dev/shm:/dev/shm
    network_mode: host
--- a/e2e/test_flows_enroll.py
+++ b/e2e/test_flows_enroll.py
@ -1,58 +1,38 @@
 """Test Enroll flow"""
-from time import sleep
+from sys import platform
 from typing import Any, Dict, Optional
 from unittest.case import skipUnless
 from django.test import override_settings
 from docker import DockerClient, from_env
 from docker.models.containers import Container
 from docker.types import Healthcheck
 from selenium.webdriver.common.by import By
 from selenium.webdriver.support import expected_conditions as ec
 from structlog import get_logger
 from e2e.utils import USER, SeleniumTestCase
 from passbook.flows.models import Flow, FlowDesignation, FlowStageBinding
 from passbook.policies.expression.models import ExpressionPolicy
 from passbook.stages.email.models import EmailStage, EmailTemplates
 from passbook.stages.identification.models import IdentificationStage
 from passbook.stages.prompt.models import FieldTypes, Prompt, PromptStage
 from passbook.stages.user_login.models import UserLoginStage
 from passbook.stages.user_write.models import UserWriteStage
 LOGGER = get_logger()
@skipUnless(platform.startswith("linux"), "requires local docker")
 class TestFlowsEnroll(SeleniumTestCase):
    """Test Enroll flow"""
-    def setUp(self):
+    def get_container_specs(self) -> Optional[Dict[str, Any]]:
-        self.container = self.setup_client()
+        return {
-        super().setUp()
+            "image": "mailhog/mailhog:v1.0.1",
-
+            "detach": True,
-    def setup_client(self) -> Container:
+            "network_mode": "host",
-        """Setup test IdP container"""
+            "auto_remove": True,
-        client: DockerClient = from_env()
+            "healthcheck": Healthcheck(
        container = client.containers.run(
            image="mailhog/mailhog:v1.0.1",
            detach=True,
            network_mode="host",
            auto_remove=True,
            healthcheck=Healthcheck(
                test=["CMD", "wget", "--spider", "http://localhost:8025"],
                interval=5 * 100 * 1000000,
                start_period=1 * 100 * 1000000,
            ),
-        )
+        }
        while True:
            container.reload()
            status = container.attrs.get("State", {}).get("Health", {}).get("Status")
            if status == "healthy":
                return container
            LOGGER.info("Container failed healthcheck")
            sleep(1)
    def tearDown(self):
        self.container.kill()
        super().tearDown()
    def test_enroll_2_step(self):
        """Test 2-step enroll flow"""
@ -78,16 +58,9 @@ class TestFlowsEnroll(SeleniumTestCase):
            field_key="email", label="E-Mail", order=1, type=FieldTypes.EMAIL
        )
        # Password checking policy
        password_policy = ExpressionPolicy.objects.create(
            name="policy-enrollment-password-equals",
            expression="return request.context['password'] == request.context['password_repeat']",
        )
        # Stages
        first_stage = PromptStage.objects.create(name="prompt-stage-first")
        first_stage.fields.set([username_prompt, password, password_repeat])
        first_stage.validation_policies.set([password_policy])
        first_stage.save()
        second_stage = PromptStage.objects.create(name="prompt-stage-second")
        second_stage.fields.set([name_field, email])
@ -131,8 +104,7 @@ class TestFlowsEnroll(SeleniumTestCase):
        self.wait_for_url(self.url("passbook_core:user-settings"))
        self.assertEqual(
-            self.driver.find_element(By.XPATH, "//a[contains(@href, '/-/user/')]").text,
+            self.driver.find_element(By.ID, "user-settings").text, "foo",
            "foo",
        )
        self.assertEqual(
            self.driver.find_element(By.ID, "id_username").get_attribute("value"), "foo"
@ -171,16 +143,9 @@ class TestFlowsEnroll(SeleniumTestCase):
            field_key="email", label="E-Mail", order=1, type=FieldTypes.EMAIL
        )
        # Password checking policy
        password_policy = ExpressionPolicy.objects.create(
            name="policy-enrollment-password-equals",
            expression="return request.context['password'] == request.context['password_repeat']",
        )
        # Stages
        first_stage = PromptStage.objects.create(name="prompt-stage-first")
        first_stage.fields.set([username_prompt, password, password_repeat])
        first_stage.validation_policies.set([password_policy])
        first_stage.save()
        second_stage = PromptStage.objects.create(name="prompt-stage-second")
        second_stage.fields.set([name_field, email])
@ -220,31 +185,30 @@ class TestFlowsEnroll(SeleniumTestCase):
        self.driver.find_element(By.ID, "id_name").send_keys("some name")
        self.driver.find_element(By.ID, "id_email").send_keys("foo@bar.baz")
        self.driver.find_element(By.CSS_SELECTOR, ".pf-c-button").click()
-        sleep(3)
+        # Wait for the success message so we know the email is sent
        self.wait.until(
            ec.presence_of_element_located((By.CSS_SELECTOR, ".pf-c-form > p"))
        )
        # Open Mailhog
        self.driver.get("http://localhost:8025")
        # Click on first message
        self.wait.until(
            ec.presence_of_element_located((By.CLASS_NAME, "msglist-message"))
        )
        self.driver.find_element(By.CLASS_NAME, "msglist-message").click()
        sleep(3)
        self.driver.switch_to.frame(self.driver.find_element(By.CLASS_NAME, "tab-pane"))
        self.driver.find_element(By.ID, "confirm").click()
        self.driver.close()
        self.driver.switch_to.window(self.driver.window_handles[0])
        # We're now logged in
-        sleep(3)
+        self.wait.until(ec.presence_of_element_located((By.ID, "user-settings")))
-        self.wait.until(
+        self.driver.find_element(By.ID, "user-settings").click()
            ec.presence_of_element_located(
                (By.XPATH, "//a[contains(@href, '/-/user/')]")
            )
        )
        self.driver.find_element(By.XPATH, "//a[contains(@href, '/-/user/')]").click()
        self.assertEqual(
-            self.driver.find_element(By.XPATH, "//a[contains(@href, '/-/user/')]").text,
+            self.driver.find_element(By.ID, "user-settings").text, "foo",
            "foo",
        )
        self.assertEqual(
            self.driver.find_element(By.ID, "id_username").get_attribute("value"), "foo"
--- a/e2e/test_flows_login.py
+++ b/e2e/test_flows_login.py
@ -1,10 +1,14 @@
 """test default login flow"""
 from sys import platform
 from unittest.case import skipUnless
 from selenium.webdriver.common.by import By
 from selenium.webdriver.common.keys import Keys
 from e2e.utils import USER, SeleniumTestCase
@skipUnless(platform.startswith("linux"), "requires local docker")
 class TestFlowsLogin(SeleniumTestCase):
    """test default login flow"""
@ -17,6 +21,5 @@ class TestFlowsLogin(SeleniumTestCase):
        self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
        self.assertEqual(
-            self.driver.find_element(By.XPATH, "//a[contains(@href, '/-/user/')]").text,
+            self.driver.find_element(By.ID, "user-settings").text, USER().username,
            USER().username,
        )
--- a/e2e/test_flows_otp.py
+++ b/e2e/test_flows_otp.py
@ -0,0 +1,138 @@
 """test flow with otp stages"""
 from base64 import b32decode
 from sys import platform
 from time import sleep
 from unittest.case import skipUnless
 from urllib.parse import parse_qs, urlparse
 from django_otp.oath import TOTP
 from django_otp.plugins.otp_static.models import StaticDevice, StaticToken
 from django_otp.plugins.otp_totp.models import TOTPDevice
 from selenium.webdriver.common.by import By
 from selenium.webdriver.common.keys import Keys
 from selenium.webdriver.support import expected_conditions as ec
 from e2e.utils import USER, SeleniumTestCase
 from passbook.flows.models import Flow, FlowStageBinding
 from passbook.stages.otp_validate.models import OTPValidateStage
@skipUnless(platform.startswith("linux"), "requires local docker")
 class TestFlowsOTP(SeleniumTestCase):
    """test flow with otp stages"""
    def test_otp_validate(self):
        """test flow with otp stages"""
        sleep(1)
        # Setup TOTP Device
        user = USER()
        device = TOTPDevice.objects.create(user=user, confirmed=True, digits=6)
        flow: Flow = Flow.objects.get(slug="default-authentication-flow")
        # Move the user_login stage to order 3
        FlowStageBinding.objects.filter(target=flow, order=2).update(order=3)
        FlowStageBinding.objects.create(
            target=flow, order=2, stage=OTPValidateStage.objects.create()
        )
        self.driver.get(f"{self.live_server_url}/flows/{flow.slug}/")
        self.driver.find_element(By.ID, "id_uid_field").click()
        self.driver.find_element(By.ID, "id_uid_field").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_uid_field").send_keys(Keys.ENTER)
        self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
        # Get expected token
        totp = TOTP(device.bin_key, device.step, device.t0, device.digits, device.drift)
        self.driver.find_element(By.ID, "id_code").send_keys(totp.token())
        self.driver.find_element(By.ID, "id_code").send_keys(Keys.ENTER)
        self.wait_for_url(self.url("passbook_core:overview"))
        self.assertEqual(
            self.driver.find_element(By.ID, "user-settings").text, USER().username,
        )
    def test_otp_totp_setup(self):
        """test TOTP Setup stage"""
        flow: Flow = Flow.objects.get(slug="default-authentication-flow")
        self.driver.get(f"{self.live_server_url}/flows/{flow.slug}/")
        self.driver.find_element(By.ID, "id_uid_field").click()
        self.driver.find_element(By.ID, "id_uid_field").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_uid_field").send_keys(Keys.ENTER)
        self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
        self.assertEqual(
            self.driver.find_element(By.ID, "user-settings").text, USER().username,
        )
        self.driver.find_element(By.CSS_SELECTOR, ".pf-c-page__header").click()
        self.driver.get(self.url("passbook_core:user-settings"))
        self.driver.find_element(By.LINK_TEXT, "Time-based OTP").click()
        # Remember the current URL as we should end up back here
        destination_url = self.driver.current_url
        self.driver.find_element(
            By.CSS_SELECTOR, ".pf-c-card__body a.pf-c-button"
        ).click()
        self.wait.until(ec.presence_of_element_located((By.ID, "qr")))
        otp_uri = self.driver.find_element(By.ID, "qr").get_attribute("data-otpuri")
        # Parse the OTP URI, extract the secret and get the next token
        otp_args = urlparse(otp_uri)
        self.assertEqual(otp_args.scheme, "otpauth")
        otp_qs = parse_qs(otp_args.query)
        secret_key = b32decode(otp_qs["secret"][0])
        totp = TOTP(secret_key)
        self.driver.find_element(By.ID, "id_code").send_keys(totp.token())
        self.driver.find_element(By.ID, "id_code").send_keys(Keys.ENTER)
        self.wait_for_url(destination_url)
        sleep(1)
        self.assertTrue(TOTPDevice.objects.filter(user=USER(), confirmed=True).exists())
    def test_otp_static_setup(self):
        """test Static OTP Setup stage"""
        flow: Flow = Flow.objects.get(slug="default-authentication-flow")
        self.driver.get(f"{self.live_server_url}/flows/{flow.slug}/")
        self.driver.find_element(By.ID, "id_uid_field").click()
        self.driver.find_element(By.ID, "id_uid_field").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_uid_field").send_keys(Keys.ENTER)
        self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
        self.assertEqual(
            self.driver.find_element(By.ID, "user-settings").text, USER().username,
        )
        self.driver.find_element(By.CSS_SELECTOR, ".pf-c-page__header").click()
        self.driver.find_element(By.ID, "user-settings").click()
        self.wait_for_url(self.url("passbook_core:user-settings"))
        self.driver.find_element(By.LINK_TEXT, "Static OTP").click()
        # Remember the current URL as we should end up back here
        destination_url = self.driver.current_url
        self.driver.find_element(
            By.CSS_SELECTOR, ".pf-c-card__body a.pf-c-button"
        ).click()
        token = self.driver.find_element(
            By.CSS_SELECTOR, ".pb-otp-tokens li:nth-child(1)"
        ).text
        self.driver.find_element(By.CSS_SELECTOR, "button[type=submit]").click()
        self.wait_for_url(destination_url)
        sleep(1)
        self.assertTrue(
            StaticDevice.objects.filter(user=USER(), confirmed=True).exists()
        )
        device = StaticDevice.objects.filter(user=USER(), confirmed=True).first()
        self.assertTrue(StaticToken.objects.filter(token=token, device=device).exists())
--- a/e2e/test_flows_stage_setup.py
+++ b/e2e/test_flows_stage_setup.py
@ -1,7 +1,6 @@
 """test stage setup flows (password change)"""
-import string
+from sys import platform
-from random import SystemRandom
+from unittest.case import skipUnless
 from time import sleep
 from selenium.webdriver.common.by import By
 from selenium.webdriver.common.keys import Keys
@ -9,9 +8,11 @@ from selenium.webdriver.common.keys import Keys
 from e2e.utils import USER, SeleniumTestCase
 from passbook.core.models import User
 from passbook.flows.models import Flow, FlowDesignation
 from passbook.providers.oauth2.generators import generate_client_secret
 from passbook.stages.password.models import PasswordStage
@skipUnless(platform.startswith("linux"), "requires local docker")
 class TestFlowsStageSetup(SeleniumTestCase):
    """test stage setup flows"""
@ -19,18 +20,15 @@ class TestFlowsStageSetup(SeleniumTestCase):
        """test password change flow"""
        # Ensure that password stage has change_flow set
        flow = Flow.objects.get(
-            slug="default-password-change", designation=FlowDesignation.STAGE_SETUP,
+            slug="default-password-change",
            designation=FlowDesignation.STAGE_CONFIGURATION,
        )
-        stages = PasswordStage.objects.filter(name="default-authentication-password")
+        stage = PasswordStage.objects.get(name="default-authentication-password")
-        stage = stages.first()
+        stage.configure_flow = flow
        stage.change_flow = flow
        stage.save()
-        new_password = "".join(
+        new_password = generate_client_secret()
            SystemRandom().choice(string.ascii_uppercase + string.digits)
            for _ in range(8)
        )
        self.driver.get(
            f"{self.live_server_url}/flows/default-authentication-flow/?next=%2F"
@ -40,7 +38,7 @@ class TestFlowsStageSetup(SeleniumTestCase):
        self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
        self.driver.find_element(By.CSS_SELECTOR, ".pf-c-page__header").click()
-        self.driver.find_element(By.XPATH, "//a[contains(@href, '/-/user/')]").click()
+        self.driver.find_element(By.ID, "user-settings").click()
        self.wait_for_url(self.url("passbook_core:user-settings"))
        self.driver.find_element(By.LINK_TEXT, "Change password").click()
        self.driver.find_element(By.ID, "id_password").send_keys(new_password)
@ -48,7 +46,7 @@ class TestFlowsStageSetup(SeleniumTestCase):
        self.driver.find_element(By.ID, "id_password_repeat").send_keys(new_password)
        self.driver.find_element(By.CSS_SELECTOR, ".pf-c-button").click()
-        sleep(2)
+        self.wait_for_url(self.url("passbook_core:user-settings"))
        # Because USER() is cached, we need to get the user manually here
        user = User.objects.get(username=USER().username)
        self.assertTrue(user.check_password(new_password))
--- a/e2e/test_provider_oauth2_github.py
+++ b/e2e/test_provider_oauth2_github.py
@ -1,12 +1,13 @@
 """test OAuth Provider flow"""
 from sys import platform
 from time import sleep
 from typing import Any, Dict, Optional
 from unittest.case import skipUnless
 from docker import DockerClient, from_env
 from docker.models.containers import Container
 from docker.types import Healthcheck
 from selenium.webdriver.common.by import By
 from selenium.webdriver.common.keys import Keys
-from structlog import get_logger
+from selenium.webdriver.support import expected_conditions as ec
 from e2e.utils import USER, SeleniumTestCase
 from passbook.core.models import Application
@ -19,32 +20,29 @@ from passbook.providers.oauth2.generators import (
 )
 from passbook.providers.oauth2.models import ClientTypes, OAuth2Provider, ResponseTypes
 LOGGER = get_logger()
@skipUnless(platform.startswith("linux"), "requires local docker")
 class TestProviderOAuth2Github(SeleniumTestCase):
    """test OAuth Provider flow"""
    def setUp(self):
        self.client_id = generate_client_id()
        self.client_secret = generate_client_secret()
        self.container = self.setup_client()
        super().setUp()
-    def setup_client(self) -> Container:
+    def get_container_specs(self) -> Optional[Dict[str, Any]]:
        """Setup client grafana container which we test OAuth against"""
-        client: DockerClient = from_env()
+        return {
-        container = client.containers.run(
+            "image": "grafana/grafana:7.1.0",
-            image="grafana/grafana:7.1.0",
+            "detach": True,
-            detach=True,
+            "network_mode": "host",
-            network_mode="host",
+            "auto_remove": True,
-            auto_remove=True,
+            "healthcheck": Healthcheck(
            healthcheck=Healthcheck(
                test=["CMD", "wget", "--spider", "http://localhost:3000"],
                interval=5 * 100 * 1000000,
                start_period=1 * 100 * 1000000,
            ),
-            environment={
+            "environment": {
                "GF_AUTH_GITHUB_ENABLED": "true",
                "GF_AUTH_GITHUB_ALLOW_SIGN_UP": "true",
                "GF_AUTH_GITHUB_CLIENT_ID": self.client_id,
@ -61,22 +59,10 @@ class TestProviderOAuth2Github(SeleniumTestCase):
                ),
                "GF_LOG_LEVEL": "debug",
            },
-        )
+        }
        while True:
            container.reload()
            status = container.attrs.get("State", {}).get("Health", {}).get("Status")
            if status == "healthy":
                return container
            LOGGER.info("Container failed healthcheck")
            sleep(1)
    def tearDown(self):
        self.container.kill()
        super().tearDown()
    def test_authorization_consent_implied(self):
        """test OAuth Provider flow (default authorization flow with implied consent)"""
        sleep(1)
        # Bootstrap all needed objects
        authorization_flow = Flow.objects.get(
            slug="default-provider-authorization-implicit-consent"
@ -103,7 +89,7 @@ class TestProviderOAuth2Github(SeleniumTestCase):
        self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
        self.wait_for_url("http://localhost:3000/?orgId=1")
-        self.driver.find_element(By.XPATH, "//a[contains(@href, '/profile')]").click()
+        self.driver.get("http://localhost:3000/profile")
        self.assertEqual(
            self.driver.find_element(By.CLASS_NAME, "page-header__title").text,
            USER().username,
@ -129,7 +115,6 @@ class TestProviderOAuth2Github(SeleniumTestCase):
    def test_authorization_consent_explicit(self):
        """test OAuth Provider flow (default authorization flow with explicit consent)"""
        sleep(1)
        # Bootstrap all needed objects
        authorization_flow = Flow.objects.get(
            slug="default-provider-authorization-explicit-consent"
@ -155,23 +140,19 @@ class TestProviderOAuth2Github(SeleniumTestCase):
        self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
-        self.assertIn(
+        sleep(1)
-            app.name,
+
-            self.driver.find_element(
+        self.assertEqual(
-                By.XPATH, "/html/body/div[2]/div/main/div/form/div[2]/p[1]"
+            app.name, self.driver.find_element(By.ID, "application-name").text,
            ).text,
        )
        self.assertEqual(
            "GitHub Compatibility: Access you Email addresses",
-            self.driver.find_element(
+            self.driver.find_element(By.ID, "scope-user:email").text,
                By.XPATH, "/html/body/div[2]/div/main/div/form/div[2]/ul/li[1]"
            ).text,
        )
-        sleep(1)
+        self.driver.find_element(By.CSS_SELECTOR, ("[type=submit]"),).click()
        self.driver.find_element(By.CSS_SELECTOR, "[type=submit]").click()
        self.wait_for_url("http://localhost:3000/?orgId=1")
-        self.driver.find_element(By.XPATH, "//a[contains(@href, '/profile')]").click()
+        self.driver.get("http://localhost:3000/profile")
        self.assertEqual(
            self.driver.find_element(By.CLASS_NAME, "page-header__title").text,
            USER().username,
@ -197,7 +178,6 @@ class TestProviderOAuth2Github(SeleniumTestCase):
    def test_denied(self):
        """test OAuth Provider flow (default authorization flow, denied)"""
        sleep(1)
        # Bootstrap all needed objects
        authorization_flow = Flow.objects.get(
            slug="default-provider-authorization-explicit-consent"
@ -227,7 +207,10 @@ class TestProviderOAuth2Github(SeleniumTestCase):
        self.driver.find_element(By.ID, "id_uid_field").send_keys(Keys.ENTER)
        self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
-        self.wait_for_url(self.url("passbook_flows:denied"))
+
        self.wait.until(
            ec.presence_of_element_located((By.CSS_SELECTOR, "header > h1"))
        )
        self.assertEqual(
            self.driver.find_element(By.CSS_SELECTOR, "header > h1").text,
            "Permission denied",
--- a/e2e/test_provider_oauth2_grafana.py
+++ b/e2e/test_provider_oauth2_grafana.py
@ -0,0 +1,364 @@
 """test OAuth2 OpenID Provider flow"""
 from sys import platform
 from time import sleep
 from typing import Any, Dict, Optional
 from unittest.case import skipUnless
 from docker.types import Healthcheck
 from selenium.webdriver.common.by import By
 from selenium.webdriver.common.keys import Keys
 from selenium.webdriver.support import expected_conditions as ec
 from structlog import get_logger
 from e2e.utils import USER, SeleniumTestCase
 from passbook.core.models import Application
 from passbook.crypto.models import CertificateKeyPair
 from passbook.flows.models import Flow
 from passbook.policies.expression.models import ExpressionPolicy
 from passbook.policies.models import PolicyBinding
 from passbook.providers.oauth2.constants import (
    SCOPE_OPENID,
    SCOPE_OPENID_EMAIL,
    SCOPE_OPENID_PROFILE,
 )
 from passbook.providers.oauth2.generators import (
    generate_client_id,
    generate_client_secret,
 )
 from passbook.providers.oauth2.models import (
    ClientTypes,
    OAuth2Provider,
    ResponseTypes,
    ScopeMapping,
 )
 LOGGER = get_logger()
 APPLICATION_SLUG = "grafana"
@skipUnless(platform.startswith("linux"), "requires local docker")
 class TestProviderOAuth2OAuth(SeleniumTestCase):
    """test OAuth with OAuth Provider flow"""
    def setUp(self):
        self.client_id = generate_client_id()
        self.client_secret = generate_client_secret()
        super().setUp()
    def get_container_specs(self) -> Optional[Dict[str, Any]]:
        return {
            "image": "grafana/grafana:7.1.0",
            "detach": True,
            "network_mode": "host",
            "auto_remove": True,
            "healthcheck": Healthcheck(
                test=["CMD", "wget", "--spider", "http://localhost:3000"],
                interval=5 * 100 * 1000000,
                start_period=1 * 100 * 1000000,
            ),
            "environment": {
                "GF_AUTH_GENERIC_OAUTH_ENABLED": "true",
                "GF_AUTH_GENERIC_OAUTH_CLIENT_ID": self.client_id,
                "GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET": self.client_secret,
                "GF_AUTH_GENERIC_OAUTH_SCOPES": "openid email profile",
                "GF_AUTH_GENERIC_OAUTH_AUTH_URL": (
                    self.url("passbook_providers_oauth2:authorize")
                ),
                "GF_AUTH_GENERIC_OAUTH_TOKEN_URL": (
                    self.url("passbook_providers_oauth2:token")
                ),
                "GF_AUTH_GENERIC_OAUTH_API_URL": (
                    self.url("passbook_providers_oauth2:userinfo")
                ),
                "GF_AUTH_SIGNOUT_REDIRECT_URL": (
                    self.url(
                        "passbook_providers_oauth2:end-session",
                        application_slug=APPLICATION_SLUG,
                    )
                ),
                "GF_LOG_LEVEL": "debug",
            },
        }
    def test_redirect_uri_error(self):
        """test OpenID Provider flow (invalid redirect URI, check error message)"""
        sleep(1)
        # Bootstrap all needed objects
        authorization_flow = Flow.objects.get(
            slug="default-provider-authorization-implicit-consent"
        )
        provider = OAuth2Provider.objects.create(
            name="grafana",
            client_type=ClientTypes.CONFIDENTIAL,
            client_id=self.client_id,
            client_secret=self.client_secret,
            rsa_key=CertificateKeyPair.objects.first(),
            redirect_uris="http://localhost:3000/",
            authorization_flow=authorization_flow,
            response_type=ResponseTypes.CODE,
        )
        provider.property_mappings.set(
            ScopeMapping.objects.filter(
                scope_name__in=[SCOPE_OPENID, SCOPE_OPENID_EMAIL, SCOPE_OPENID_PROFILE]
            )
        )
        provider.save()
        Application.objects.create(
            name="Grafana", slug=APPLICATION_SLUG, provider=provider,
        )
        self.driver.get("http://localhost:3000")
        self.driver.find_element(By.CLASS_NAME, "btn-service--oauth").click()
        self.driver.find_element(By.ID, "id_uid_field").click()
        self.driver.find_element(By.ID, "id_uid_field").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_uid_field").send_keys(Keys.ENTER)
        self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
        sleep(2)
        self.assertEqual(
            self.driver.find_element(By.CLASS_NAME, "pf-c-title").text,
            "Redirect URI Error",
        )
    def test_authorization_consent_implied(self):
        """test OpenID Provider flow (default authorization flow with implied consent)"""
        sleep(1)
        # Bootstrap all needed objects
        authorization_flow = Flow.objects.get(
            slug="default-provider-authorization-implicit-consent"
        )
        provider = OAuth2Provider.objects.create(
            name="grafana",
            client_type=ClientTypes.CONFIDENTIAL,
            client_id=self.client_id,
            client_secret=self.client_secret,
            rsa_key=CertificateKeyPair.objects.first(),
            redirect_uris="http://localhost:3000/login/generic_oauth",
            authorization_flow=authorization_flow,
            response_type=ResponseTypes.CODE,
        )
        provider.property_mappings.set(
            ScopeMapping.objects.filter(
                scope_name__in=[SCOPE_OPENID, SCOPE_OPENID_EMAIL, SCOPE_OPENID_PROFILE]
            )
        )
        provider.save()
        Application.objects.create(
            name="Grafana", slug=APPLICATION_SLUG, provider=provider,
        )
        self.driver.get("http://localhost:3000")
        self.driver.find_element(By.CLASS_NAME, "btn-service--oauth").click()
        self.driver.find_element(By.ID, "id_uid_field").click()
        self.driver.find_element(By.ID, "id_uid_field").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_uid_field").send_keys(Keys.ENTER)
        self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
        self.wait_for_url("http://localhost:3000/?orgId=1")
        self.driver.get("http://localhost:3000/profile")
        self.assertEqual(
            self.driver.find_element(By.CLASS_NAME, "page-header__title").text,
            USER().name,
        )
        self.assertEqual(
            self.driver.find_element(By.CSS_SELECTOR, "input[name=name]").get_attribute(
                "value"
            ),
            USER().name,
        )
        self.assertEqual(
            self.driver.find_element(
                By.CSS_SELECTOR, "input[name=email]"
            ).get_attribute("value"),
            USER().email,
        )
        self.assertEqual(
            self.driver.find_element(
                By.CSS_SELECTOR, "input[name=login]"
            ).get_attribute("value"),
            USER().email,
        )
    def test_authorization_logout(self):
        """test OpenID Provider flow with logout"""
        sleep(1)
        # Bootstrap all needed objects
        authorization_flow = Flow.objects.get(
            slug="default-provider-authorization-implicit-consent"
        )
        provider = OAuth2Provider.objects.create(
            name="grafana",
            client_type=ClientTypes.CONFIDENTIAL,
            client_id=self.client_id,
            client_secret=self.client_secret,
            rsa_key=CertificateKeyPair.objects.first(),
            redirect_uris="http://localhost:3000/login/generic_oauth",
            authorization_flow=authorization_flow,
            response_type=ResponseTypes.CODE,
        )
        provider.property_mappings.set(
            ScopeMapping.objects.filter(
                scope_name__in=[SCOPE_OPENID, SCOPE_OPENID_EMAIL, SCOPE_OPENID_PROFILE]
            )
        )
        provider.save()
        Application.objects.create(
            name="Grafana", slug=APPLICATION_SLUG, provider=provider,
        )
        self.driver.get("http://localhost:3000")
        self.driver.find_element(By.CLASS_NAME, "btn-service--oauth").click()
        self.driver.find_element(By.ID, "id_uid_field").click()
        self.driver.find_element(By.ID, "id_uid_field").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_uid_field").send_keys(Keys.ENTER)
        self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
        self.wait_for_url("http://localhost:3000/?orgId=1")
        self.driver.get("http://localhost:3000/profile")
        self.assertEqual(
            self.driver.find_element(By.CLASS_NAME, "page-header__title").text,
            USER().name,
        )
        self.assertEqual(
            self.driver.find_element(By.CSS_SELECTOR, "input[name=name]").get_attribute(
                "value"
            ),
            USER().name,
        )
        self.assertEqual(
            self.driver.find_element(
                By.CSS_SELECTOR, "input[name=email]"
            ).get_attribute("value"),
            USER().email,
        )
        self.assertEqual(
            self.driver.find_element(
                By.CSS_SELECTOR, "input[name=login]"
            ).get_attribute("value"),
            USER().email,
        )
        self.driver.get("http://localhost:3000/logout")
        self.wait_for_url(
            self.url(
                "passbook_providers_oauth2:end-session",
                application_slug=APPLICATION_SLUG,
            )
        )
        self.driver.find_element(By.ID, "logout").click()
    def test_authorization_consent_explicit(self):
        """test OpenID Provider flow (default authorization flow with explicit consent)"""
        sleep(1)
        # Bootstrap all needed objects
        authorization_flow = Flow.objects.get(
            slug="default-provider-authorization-explicit-consent"
        )
        provider = OAuth2Provider.objects.create(
            name="grafana",
            authorization_flow=authorization_flow,
            response_type=ResponseTypes.CODE,
            client_type=ClientTypes.CONFIDENTIAL,
            client_id=self.client_id,
            client_secret=self.client_secret,
            rsa_key=CertificateKeyPair.objects.first(),
            redirect_uris="http://localhost:3000/login/generic_oauth",
        )
        provider.property_mappings.set(
            ScopeMapping.objects.filter(
                scope_name__in=[SCOPE_OPENID, SCOPE_OPENID_EMAIL, SCOPE_OPENID_PROFILE]
            )
        )
        provider.save()
        app = Application.objects.create(
            name="Grafana", slug=APPLICATION_SLUG, provider=provider,
        )
        self.driver.get("http://localhost:3000")
        self.driver.find_element(By.CLASS_NAME, "btn-service--oauth").click()
        self.driver.find_element(By.ID, "id_uid_field").click()
        self.driver.find_element(By.ID, "id_uid_field").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_uid_field").send_keys(Keys.ENTER)
        self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
        self.assertEqual(
            app.name, self.driver.find_element(By.ID, "application-name").text,
        )
        self.wait.until(
            ec.presence_of_element_located((By.CSS_SELECTOR, "[type=submit]"))
        )
        sleep(1)
        self.driver.find_element(By.CSS_SELECTOR, "[type=submit]").click()
        self.wait_for_url("http://localhost:3000/?orgId=1")
        self.driver.get("http://localhost:3000/profile")
        self.assertEqual(
            self.driver.find_element(By.CLASS_NAME, "page-header__title").text,
            USER().name,
        )
        self.assertEqual(
            self.driver.find_element(By.CSS_SELECTOR, "input[name=name]").get_attribute(
                "value"
            ),
            USER().name,
        )
        self.assertEqual(
            self.driver.find_element(
                By.CSS_SELECTOR, "input[name=email]"
            ).get_attribute("value"),
            USER().email,
        )
        self.assertEqual(
            self.driver.find_element(
                By.CSS_SELECTOR, "input[name=login]"
            ).get_attribute("value"),
            USER().email,
        )
    def test_authorization_denied(self):
        """test OpenID Provider flow (default authorization with access deny)"""
        sleep(1)
        # Bootstrap all needed objects
        authorization_flow = Flow.objects.get(
            slug="default-provider-authorization-explicit-consent"
        )
        provider = OAuth2Provider.objects.create(
            name="grafana",
            authorization_flow=authorization_flow,
            response_type=ResponseTypes.CODE,
            client_type=ClientTypes.CONFIDENTIAL,
            client_id=self.client_id,
            client_secret=self.client_secret,
            rsa_key=CertificateKeyPair.objects.first(),
            redirect_uris="http://localhost:3000/login/generic_oauth",
        )
        provider.property_mappings.set(
            ScopeMapping.objects.filter(
                scope_name__in=[SCOPE_OPENID, SCOPE_OPENID_EMAIL, SCOPE_OPENID_PROFILE]
            )
        )
        provider.save()
        app = Application.objects.create(
            name="Grafana", slug=APPLICATION_SLUG, provider=provider,
        )
        negative_policy = ExpressionPolicy.objects.create(
            name="negative-static", expression="return False"
        )
        PolicyBinding.objects.create(target=app, policy=negative_policy, order=0)
        self.driver.get("http://localhost:3000")
        self.driver.find_element(By.CLASS_NAME, "btn-service--oauth").click()
        self.driver.find_element(By.ID, "id_uid_field").click()
        self.driver.find_element(By.ID, "id_uid_field").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_uid_field").send_keys(Keys.ENTER)
        self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
        self.wait.until(
            ec.presence_of_element_located((By.CSS_SELECTOR, "header > h1"))
        )
        self.assertEqual(
            self.driver.find_element(By.CSS_SELECTOR, "header > h1").text,
            "Permission denied",
        )
--- a/e2e/test_provider_oauth2_oidc.py
+++ b/e2e/test_provider_oauth2_oidc.py
@ -1,5 +1,8 @@
 """test OAuth2 OpenID Provider flow"""
 from json import loads
 from sys import platform
 from time import sleep
 from unittest.case import skipUnless
 from docker import DockerClient, from_env
 from docker.models.containers import Container
@ -34,43 +37,35 @@ from passbook.providers.oauth2.models import (
 LOGGER = get_logger()
@skipUnless(platform.startswith("linux"), "requires local docker")
 class TestProviderOAuth2OIDC(SeleniumTestCase):
    """test OAuth with OpenID Provider flow"""
    def setUp(self):
        self.client_id = generate_client_id()
        self.client_secret = generate_client_secret()
-        self.container = self.setup_client()
+        self.application_slug = "test"
        super().setUp()
    def setup_client(self) -> Container:
-        """Setup client grafana container which we test OIDC against"""
+        """Setup client saml-sp container which we test SAML against"""
        sleep(1)
        client: DockerClient = from_env()
        client.images.pull("beryju/oidc-test-client")
        container = client.containers.run(
-            image="grafana/grafana:7.1.0",
+            image="beryju/oidc-test-client",
            detach=True,
            network_mode="host",
            auto_remove=True,
            healthcheck=Healthcheck(
-                test=["CMD", "wget", "--spider", "http://localhost:3000"],
+                test=["CMD", "wget", "--spider", "http://localhost:9009/health"],
                interval=5 * 100 * 1000000,
                start_period=1 * 100 * 1000000,
            ),
            environment={
-                "GF_AUTH_GENERIC_OAUTH_ENABLED": "true",
+                "OIDC_CLIENT_ID": self.client_id,
-                "GF_AUTH_GENERIC_OAUTH_CLIENT_ID": self.client_id,
+                "OIDC_CLIENT_SECRET": self.client_secret,
-                "GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET": self.client_secret,
+                "OIDC_PROVIDER": f"{self.live_server_url}/application/o/{self.application_slug}/",
                "GF_AUTH_GENERIC_OAUTH_SCOPES": "openid email profile",
                "GF_AUTH_GENERIC_OAUTH_AUTH_URL": (
                    self.url("passbook_providers_oauth2:authorize")
                ),
                "GF_AUTH_GENERIC_OAUTH_TOKEN_URL": (
                    self.url("passbook_providers_oauth2:token")
                ),
                "GF_AUTH_GENERIC_OAUTH_API_URL": (
                    self.url("passbook_providers_oauth2:userinfo")
                ),
                "GF_LOG_LEVEL": "debug",
            },
        )
        while True:
@ -81,10 +76,6 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
            LOGGER.info("Container failed healthcheck")
            sleep(1)
    def tearDown(self):
        self.container.kill()
        super().tearDown()
    def test_redirect_uri_error(self):
        """test OpenID Provider flow (invalid redirect URI, check error message)"""
        sleep(1)
@ -93,12 +84,12 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
            slug="default-provider-authorization-implicit-consent"
        )
        provider = OAuth2Provider.objects.create(
-            name="grafana",
+            name=self.application_slug,
            client_type=ClientTypes.CONFIDENTIAL,
            client_id=self.client_id,
            client_secret=self.client_secret,
            rsa_key=CertificateKeyPair.objects.first(),
-            redirect_uris="http://localhost:3000/",
+            redirect_uris="http://localhost:9009/",
            authorization_flow=authorization_flow,
            response_type=ResponseTypes.CODE,
        )
@ -109,11 +100,12 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
        )
        provider.save()
        Application.objects.create(
-            name="Grafana", slug="grafana", provider=provider,
+            name=self.application_slug, slug=self.application_slug, provider=provider,
        )
        self.container = self.setup_client()
        self.driver.get("http://localhost:9009")
        self.driver.get("http://localhost:3000")
        self.driver.find_element(By.CLASS_NAME, "btn-service--oauth").click()
        self.driver.find_element(By.ID, "id_uid_field").click()
        self.driver.find_element(By.ID, "id_uid_field").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_uid_field").send_keys(Keys.ENTER)
@ -133,12 +125,12 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
            slug="default-provider-authorization-implicit-consent"
        )
        provider = OAuth2Provider.objects.create(
-            name="grafana",
+            name=self.application_slug,
            client_type=ClientTypes.CONFIDENTIAL,
            client_id=self.client_id,
            client_secret=self.client_secret,
            rsa_key=CertificateKeyPair.objects.first(),
-            redirect_uris="http://localhost:3000/login/generic_oauth",
+            redirect_uris="http://localhost:9009/auth/callback",
            authorization_flow=authorization_flow,
            response_type=ResponseTypes.CODE,
        )
@ -149,39 +141,29 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
        )
        provider.save()
        Application.objects.create(
-            name="Grafana", slug="grafana", provider=provider,
+            name=self.application_slug, slug=self.application_slug, provider=provider,
        )
        self.container = self.setup_client()
        self.driver.get("http://localhost:9009")
        self.driver.get("http://localhost:3000")
        self.driver.find_element(By.CLASS_NAME, "btn-service--oauth").click()
        self.driver.find_element(By.ID, "id_uid_field").click()
        self.driver.find_element(By.ID, "id_uid_field").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_uid_field").send_keys(Keys.ENTER)
        self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
-        self.driver.find_element(By.XPATH, "//a[contains(@href, '/profile')]").click()
+
-        self.assertEqual(
+        self.wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "pre")))
-            self.driver.find_element(By.CLASS_NAME, "page-header__title").text,
+        body = loads(self.driver.find_element(By.CSS_SELECTOR, "pre").text)
-            USER().name,
+
-        )
+        self.assertEqual(body["IDTokenClaims"]["nickname"], USER().username)
-        self.assertEqual(
+        self.assertEqual(body["UserInfo"]["nickname"], USER().username)
-            self.driver.find_element(By.CSS_SELECTOR, "input[name=name]").get_attribute(
+
-                "value"
+        self.assertEqual(body["IDTokenClaims"]["name"], USER().name)
-            ),
+        self.assertEqual(body["UserInfo"]["name"], USER().name)
-            USER().name,
+
-        )
+        self.assertEqual(body["IDTokenClaims"]["email"], USER().email)
-        self.assertEqual(
+        self.assertEqual(body["UserInfo"]["email"], USER().email)
            self.driver.find_element(
                By.CSS_SELECTOR, "input[name=email]"
            ).get_attribute("value"),
            USER().email,
        )
        self.assertEqual(
            self.driver.find_element(
                By.CSS_SELECTOR, "input[name=login]"
            ).get_attribute("value"),
            USER().email,
        )
    def test_authorization_consent_explicit(self):
        """test OpenID Provider flow (default authorization flow with explicit consent)"""
@ -191,14 +173,14 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
            slug="default-provider-authorization-explicit-consent"
        )
        provider = OAuth2Provider.objects.create(
-            name="grafana",
+            name=self.application_slug,
            authorization_flow=authorization_flow,
            response_type=ResponseTypes.CODE,
            client_type=ClientTypes.CONFIDENTIAL,
            client_id=self.client_id,
            client_secret=self.client_secret,
            rsa_key=CertificateKeyPair.objects.first(),
-            redirect_uris="http://localhost:3000/login/generic_oauth",
+            redirect_uris="http://localhost:9009/auth/callback",
        )
        provider.property_mappings.set(
            ScopeMapping.objects.filter(
@ -207,22 +189,20 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
        )
        provider.save()
        app = Application.objects.create(
-            name="Grafana", slug="grafana", provider=provider,
+            name=self.application_slug, slug=self.application_slug, provider=provider,
        )
        self.container = self.setup_client()
        self.driver.get("http://localhost:9009")
        self.driver.get("http://localhost:3000")
        self.driver.find_element(By.CLASS_NAME, "btn-service--oauth").click()
        self.driver.find_element(By.ID, "id_uid_field").click()
        self.driver.find_element(By.ID, "id_uid_field").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_uid_field").send_keys(Keys.ENTER)
        self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
-        self.assertIn(
+        self.assertEqual(
-            app.name,
+            app.name, self.driver.find_element(By.ID, "application-name").text,
            self.driver.find_element(
                By.XPATH, "/html/body/div[2]/div/main/div/form/div[2]/p[1]"
            ).text,
        )
        self.wait.until(
            ec.presence_of_element_located((By.CSS_SELECTOR, "[type=submit]"))
@ -230,34 +210,17 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
        sleep(1)
        self.driver.find_element(By.CSS_SELECTOR, "[type=submit]").click()
-        self.wait.until(
+        self.wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "pre")))
-            ec.presence_of_element_located(
+        body = loads(self.driver.find_element(By.CSS_SELECTOR, "pre").text)
-                (By.XPATH, "//a[contains(@href, '/profile')]")
+
-            )
+        self.assertEqual(body["IDTokenClaims"]["nickname"], USER().username)
-        )
+        self.assertEqual(body["UserInfo"]["nickname"], USER().username)
-        self.driver.find_element(By.XPATH, "//a[contains(@href, '/profile')]").click()
+
-        self.assertEqual(
+        self.assertEqual(body["IDTokenClaims"]["name"], USER().name)
-            self.driver.find_element(By.CLASS_NAME, "page-header__title").text,
+        self.assertEqual(body["UserInfo"]["name"], USER().name)
-            USER().name,
+
-        )
+        self.assertEqual(body["IDTokenClaims"]["email"], USER().email)
-        self.assertEqual(
+        self.assertEqual(body["UserInfo"]["email"], USER().email)
            self.driver.find_element(By.CSS_SELECTOR, "input[name=name]").get_attribute(
                "value"
            ),
            USER().name,
        )
        self.assertEqual(
            self.driver.find_element(
                By.CSS_SELECTOR, "input[name=email]"
            ).get_attribute("value"),
            USER().email,
        )
        self.assertEqual(
            self.driver.find_element(
                By.CSS_SELECTOR, "input[name=login]"
            ).get_attribute("value"),
            USER().email,
        )
    def test_authorization_denied(self):
        """test OpenID Provider flow (default authorization with access deny)"""
@ -267,14 +230,14 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
            slug="default-provider-authorization-explicit-consent"
        )
        provider = OAuth2Provider.objects.create(
-            name="grafana",
+            name=self.application_slug,
            authorization_flow=authorization_flow,
            response_type=ResponseTypes.CODE,
            client_type=ClientTypes.CONFIDENTIAL,
            client_id=self.client_id,
            client_secret=self.client_secret,
            rsa_key=CertificateKeyPair.objects.first(),
-            redirect_uris="http://localhost:3000/login/generic_oauth",
+            redirect_uris="http://localhost:9009/auth/callback",
        )
        provider.property_mappings.set(
            ScopeMapping.objects.filter(
@ -283,21 +246,26 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
        )
        provider.save()
        app = Application.objects.create(
-            name="Grafana", slug="grafana", provider=provider,
+            name=self.application_slug, slug=self.application_slug, provider=provider,
        )
        negative_policy = ExpressionPolicy.objects.create(
            name="negative-static", expression="return False"
        )
        PolicyBinding.objects.create(target=app, policy=negative_policy, order=0)
-        self.driver.get("http://localhost:3000")
+
-        self.driver.find_element(By.CLASS_NAME, "btn-service--oauth").click()
+        self.container = self.setup_client()
        self.driver.get("http://localhost:9009")
        self.driver.find_element(By.ID, "id_uid_field").click()
        self.driver.find_element(By.ID, "id_uid_field").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_uid_field").send_keys(Keys.ENTER)
        self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
-        self.wait_for_url(self.url("passbook_flows:denied"))
+
        self.wait.until(
            ec.presence_of_element_located((By.CSS_SELECTOR, "header > h1"))
        )
        self.assertEqual(
            self.driver.find_element(By.CSS_SELECTOR, "header > h1").text,
            "Permission denied",
--- a/e2e/test_provider_proxy.py
+++ b/e2e/test_provider_proxy.py
@ -0,0 +1,163 @@
 """Proxy and Outpost e2e tests"""
 from sys import platform
 from time import sleep
 from typing import Any, Dict, Optional
 from unittest.case import skipUnless
 from channels.testing import ChannelsLiveServerTestCase
 from docker.client import DockerClient, from_env
 from docker.models.containers import Container
 from selenium.webdriver.common.by import By
 from selenium.webdriver.common.keys import Keys
 from e2e.utils import USER, SeleniumTestCase
 from passbook import __version__
 from passbook.core.models import Application
 from passbook.flows.models import Flow
 from passbook.outposts.models import Outpost, OutpostDeploymentType, OutpostType
 from passbook.providers.proxy.models import ProxyProvider
@skipUnless(platform.startswith("linux"), "requires local docker")
 class TestProviderProxy(SeleniumTestCase):
    """Proxy and Outpost e2e tests"""
    proxy_container: Container
    def tearDown(self) -> None:
        super().tearDown()
        self.proxy_container.kill()
    def get_container_specs(self) -> Optional[Dict[str, Any]]:
        return {
            "image": "traefik/whoami:latest",
            "detach": True,
            "network_mode": "host",
            "auto_remove": True,
        }
    def start_proxy(self, outpost: Outpost) -> Container:
        """Start proxy container based on outpost created"""
        client: DockerClient = from_env()
        client.images.pull("beryju/oidc-test-client")
        container = client.containers.run(
            image="beryju/passbook-proxy:latest",
            detach=True,
            network_mode="host",
            auto_remove=True,
            environment={
                "PASSBOOK_HOST": self.live_server_url,
                "PASSBOOK_TOKEN": outpost.token.token_uuid.hex,
            },
        )
        return container
    def test_proxy_simple(self):
        """Test simple outpost setup with single provider"""
        proxy: ProxyProvider = ProxyProvider.objects.create(
            name="proxy_provider",
            authorization_flow=Flow.objects.get(
                slug="default-provider-authorization-implicit-consent"
            ),
            internal_host="http://localhost:80",
            external_host="http://localhost:4180",
        )
        # Ensure OAuth2 Params are set
        proxy.set_oauth_defaults()
        proxy.save()
        # we need to create an application to actually access the proxy
        Application.objects.create(name="proxy", slug="proxy", provider=proxy)
        outpost: Outpost = Outpost.objects.create(
            name="proxy_outpost",
            type=OutpostType.PROXY,
            deployment_type=OutpostDeploymentType.CUSTOM,
        )
        outpost.providers.add(proxy)
        outpost.save()
        self.proxy_container = self.start_proxy(outpost)
        # Wait until outpost healthcheck succeeds
        healthcheck_retries = 0
        while healthcheck_retries < 50:
            if outpost.deployment_health:
                break
            healthcheck_retries += 1
            sleep(0.5)
        self.driver.get("http://localhost:4180")
        self.driver.find_element(By.ID, "id_uid_field").click()
        self.driver.find_element(By.ID, "id_uid_field").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_uid_field").send_keys(Keys.ENTER)
        self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
        sleep(1)
        full_body_text = self.driver.find_element(By.CSS_SELECTOR, "pre").text
        self.assertIn("X-Forwarded-Preferred-Username: pbadmin", full_body_text)
@skipUnless(platform.startswith("linux"), "requires local docker")
 class TestProviderProxyConnect(ChannelsLiveServerTestCase):
    """Test Proxy connectivity over websockets"""
    proxy_container: Container
    def tearDown(self) -> None:
        self.proxy_container.kill()
        super().tearDown()
    def start_proxy(self, outpost: Outpost) -> Container:
        """Start proxy container based on outpost created"""
        client: DockerClient = from_env()
        client.images.pull("beryju/oidc-test-client")
        container = client.containers.run(
            image="beryju/passbook-proxy:latest",
            detach=True,
            network_mode="host",
            auto_remove=True,
            environment={
                "PASSBOOK_HOST": self.live_server_url,
                "PASSBOOK_TOKEN": outpost.token.token_uuid.hex,
            },
        )
        return container
    def test_proxy_connectivity(self):
        """Test proxy connectivity over websocket"""
        SeleniumTestCase().apply_default_data()
        proxy: ProxyProvider = ProxyProvider.objects.create(
            name="proxy_provider",
            authorization_flow=Flow.objects.get(
                slug="default-provider-authorization-implicit-consent"
            ),
            internal_host="http://localhost:80",
            external_host="http://localhost:4180",
        )
        # Ensure OAuth2 Params are set
        proxy.set_oauth_defaults()
        proxy.save()
        # we need to create an application to actually access the proxy
        Application.objects.create(name="proxy", slug="proxy", provider=proxy)
        outpost: Outpost = Outpost.objects.create(
            name="proxy_outpost",
            type=OutpostType.PROXY,
            deployment_type=OutpostDeploymentType.CUSTOM,
        )
        outpost.providers.add(proxy)
        outpost.save()
        self.proxy_container = self.start_proxy(outpost)
        # Wait until outpost healthcheck succeeds
        healthcheck_retries = 0
        while healthcheck_retries < 50:
            if outpost.deployment_health:
                break
            healthcheck_retries += 1
            sleep(0.5)
        self.assertIsNotNone(outpost.deployment_health)
        self.assertEqual(outpost.deployment_version.get("version"), __version__)
--- a/e2e/test_provider_saml.py
+++ b/e2e/test_provider_saml.py
@ -1,11 +1,15 @@
 """test SAML Provider flow"""
 from json import loads
 from sys import platform
 from time import sleep
 from unittest.case import skipUnless
 from docker import DockerClient, from_env
 from docker.models.containers import Container
 from docker.types import Healthcheck
 from selenium.webdriver.common.by import By
 from selenium.webdriver.common.keys import Keys
 from selenium.webdriver.support import expected_conditions as ec
 from structlog import get_logger
 from e2e.utils import USER, SeleniumTestCase
@ -23,6 +27,7 @@ from passbook.providers.saml.models import (
 LOGGER = get_logger()
@skipUnless(platform.startswith("linux"), "requires local docker")
 class TestProviderSAML(SeleniumTestCase):
    """test SAML Provider flow"""
@ -31,6 +36,7 @@ class TestProviderSAML(SeleniumTestCase):
    def setup_client(self, provider: SAMLProvider) -> Container:
        """Setup client saml-sp container which we test SAML against"""
        client: DockerClient = from_env()
        client.images.pull("beryju/oidc-test-client")
        container = client.containers.run(
            image="beryju/saml-test-sp",
            detach=True,
@ -60,10 +66,6 @@ class TestProviderSAML(SeleniumTestCase):
            LOGGER.info("Container failed healthcheck")
            sleep(1)
    def tearDown(self):
        self.container.kill()
        super().tearDown()
    def test_sp_initiated_implicit(self):
        """test SAML Provider flow SP-initiated flow (implicit consent)"""
        # Bootstrap all needed objects
@ -92,10 +94,14 @@ class TestProviderSAML(SeleniumTestCase):
        self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
        self.wait_for_url("http://localhost:9009/")
-        self.assertEqual(
+
-            self.driver.find_element(By.XPATH, "/html/body/pre").text,
+        body = loads(self.driver.find_element(By.CSS_SELECTOR, "pre").text)
-            f"Hello, {USER().name}!",
+
-        )
+        self.assertEqual(body["attr"]["cn"], [USER().name])
        self.assertEqual(body["attr"]["displayName"], [USER().username])
        self.assertEqual(body["attr"]["eduPersonPrincipalName"], [USER().email])
        self.assertEqual(body["attr"]["mail"], [USER().email])
        self.assertEqual(body["attr"]["uid"], [str(USER().pk)])
    def test_sp_initiated_explicit(self):
        """test SAML Provider flow SP-initiated flow (explicit consent)"""
@ -124,19 +130,20 @@ class TestProviderSAML(SeleniumTestCase):
        self.driver.find_element(By.ID, "id_uid_field").send_keys(Keys.ENTER)
        self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
-        self.assertIn(
+        self.assertEqual(
-            app.name,
+            app.name, self.driver.find_element(By.ID, "application-name").text,
            self.driver.find_element(
                By.XPATH, "/html/body/div[2]/div/main/div/form/div[2]/p[1]"
            ).text,
        )
        sleep(1)
        self.driver.find_element(By.CSS_SELECTOR, "[type=submit]").click()
        self.wait_for_url("http://localhost:9009/")
-        self.assertEqual(
+
-            self.driver.find_element(By.XPATH, "/html/body/pre").text,
+        body = loads(self.driver.find_element(By.CSS_SELECTOR, "pre").text)
-            f"Hello, {USER().name}!",
+
-        )
+        self.assertEqual(body["attr"]["cn"], [USER().name])
        self.assertEqual(body["attr"]["displayName"], [USER().username])
        self.assertEqual(body["attr"]["eduPersonPrincipalName"], [USER().email])
        self.assertEqual(body["attr"]["mail"], [USER().email])
        self.assertEqual(body["attr"]["uid"], [str(USER().pk)])
    def test_idp_initiated_implicit(self):
        """test SAML Provider flow IdP-initiated flow (implicit consent)"""
@ -170,11 +177,16 @@ class TestProviderSAML(SeleniumTestCase):
        self.driver.find_element(By.ID, "id_uid_field").send_keys(Keys.ENTER)
        self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
        sleep(1)
        self.wait_for_url("http://localhost:9009/")
-        self.assertEqual(
+
-            self.driver.find_element(By.XPATH, "/html/body/pre").text,
+        body = loads(self.driver.find_element(By.CSS_SELECTOR, "pre").text)
-            f"Hello, {USER().name}!",
+
-        )
+        self.assertEqual(body["attr"]["cn"], [USER().name])
        self.assertEqual(body["attr"]["displayName"], [USER().username])
        self.assertEqual(body["attr"]["eduPersonPrincipalName"], [USER().email])
        self.assertEqual(body["attr"]["mail"], [USER().email])
        self.assertEqual(body["attr"]["uid"], [str(USER().pk)])
    def test_sp_initiated_denied(self):
        """test SAML Provider flow SP-initiated flow (Policy denies access)"""
@ -207,7 +219,10 @@ class TestProviderSAML(SeleniumTestCase):
        self.driver.find_element(By.ID, "id_uid_field").send_keys(Keys.ENTER)
        self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
        self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
-        self.wait_for_url(self.url("passbook_flows:denied"))
+
        self.wait.until(
            ec.presence_of_element_located((By.CSS_SELECTOR, "header > h1"))
        )
        self.assertEqual(
            self.driver.find_element(By.CSS_SELECTOR, "header > h1").text,
            "Permission denied",
--- a/e2e/test_sources_oauth.py
+++ b/e2e/test_sources_oauth.py
@ -1,8 +1,11 @@
 """test OAuth Source"""
 from os.path import abspath
 from sys import platform
 from time import sleep
 from typing import Any, Dict, Optional
 from unittest.case import skipUnless
-from docker import DockerClient, from_env
+from django.test import override_settings
 from docker.models.containers import Container
 from docker.types import Healthcheck
 from selenium.webdriver.common.by import By
@ -13,22 +16,25 @@ from yaml import safe_dump
 from e2e.utils import SeleniumTestCase
 from passbook.flows.models import Flow
-from passbook.providers.oauth2.generators import generate_client_secret
+from passbook.providers.oauth2.generators import (
    generate_client_id,
    generate_client_secret,
 )
 from passbook.sources.oauth.models import OAuthSource
 TOKEN_URL = "http://127.0.0.1:5556/dex/token"
 CONFIG_PATH = "/tmp/dex.yml"
 LOGGER = get_logger()
-class TestSourceOAuth(SeleniumTestCase):
+@skipUnless(platform.startswith("linux"), "requires local docker")
 class TestSourceOAuth2(SeleniumTestCase):
    """test OAuth Source flow"""
    container: Container
    def setUp(self):
        self.client_secret = generate_client_secret()
-        self.container = self.setup_client()
+        self.prepare_dex_config()
        super().setUp()
    def prepare_dex_config(self):
@ -66,55 +72,40 @@ class TestSourceOAuth(SeleniumTestCase):
        with open(CONFIG_PATH, "w+") as _file:
            safe_dump(config, _file)
-    def setup_client(self) -> Container:
+    def get_container_specs(self) -> Optional[Dict[str, Any]]:
-        """Setup test Dex container"""
+        return {
-        self.prepare_dex_config()
+            "image": "quay.io/dexidp/dex:v2.24.0",
-        client: DockerClient = from_env()
+            "detach": True,
-        container = client.containers.run(
+            "network_mode": "host",
-            image="quay.io/dexidp/dex:v2.24.0",
+            "auto_remove": True,
-            detach=True,
+            "command": "serve /config.yml",
-            network_mode="host",
+            "healthcheck": Healthcheck(
            auto_remove=True,
            command="serve /config.yml",
            healthcheck=Healthcheck(
                test=["CMD", "wget", "--spider", "http://localhost:5556/dex/healthz"],
                interval=5 * 100 * 1000000,
                start_period=1 * 100 * 1000000,
            ),
-            volumes={abspath(CONFIG_PATH): {"bind": "/config.yml", "mode": "ro"}},
+            "volumes": {abspath(CONFIG_PATH): {"bind": "/config.yml", "mode": "ro"}},
-        )
+        }
        while True:
            container.reload()
            status = container.attrs.get("State", {}).get("Health", {}).get("Status")
            if status == "healthy":
                return container
            LOGGER.info("Container failed healthcheck")
            sleep(1)
    def create_objects(self):
        """Create required objects"""
        sleep(1)
        # Bootstrap all needed objects
        authentication_flow = Flow.objects.get(slug="default-source-authentication")
        enrollment_flow = Flow.objects.get(slug="default-source-enrollment")
-        OAuthSource.objects.create(
+        OAuthSource.objects.create(  # nosec
            name="dex",
            slug="dex",
            authentication_flow=authentication_flow,
            enrollment_flow=enrollment_flow,
            provider_type="openid-connect",
            authorization_url="http://127.0.0.1:5556/dex/auth",
-            access_token_url=TOKEN_URL,
+            access_token_url="http://127.0.0.1:5556/dex/token",
            profile_url="http://127.0.0.1:5556/dex/userinfo",
            consumer_key="example-app",
            consumer_secret=self.client_secret,
        )
    def tearDown(self):
        self.container.kill()
        super().tearDown()
    def test_oauth_enroll(self):
        """test OAuth Source With With OIDC"""
        self.create_objects()
@ -141,6 +132,7 @@ class TestSourceOAuth(SeleniumTestCase):
        )
        self.driver.find_element(By.CSS_SELECTOR, "button[type=submit]").click()
        self.wait.until(ec.presence_of_element_located((By.NAME, "username")))
        # At this point we've been redirected back
        # and we're asked for the username
        self.driver.find_element(By.NAME, "username").click()
@ -148,13 +140,11 @@ class TestSourceOAuth(SeleniumTestCase):
        self.driver.find_element(By.NAME, "username").send_keys(Keys.ENTER)
        # Wait until we've loaded the user info page
-        self.wait.until(ec.presence_of_element_located((By.LINK_TEXT, "foo")))
+        self.wait.until(ec.presence_of_element_located((By.ID, "user-settings")))
-        self.driver.find_element(By.LINK_TEXT, "foo").click()
+        self.driver.get(self.url("passbook_core:user-settings"))
        self.wait_for_url(self.url("passbook_core:user-settings"))
        self.assertEqual(
-            self.driver.find_element(By.XPATH, "//a[contains(@href, '/-/user/')]").text,
+            self.driver.find_element(By.ID, "user-settings").text, "foo",
            "foo",
        )
        self.assertEqual(
            self.driver.find_element(By.ID, "id_username").get_attribute("value"), "foo"
@ -167,11 +157,12 @@ class TestSourceOAuth(SeleniumTestCase):
            "admin@example.com",
        )
-    def test_oauth_enroll_auth(self):
+    @override_settings(SESSION_COOKIE_SAMESITE="strict")
-        """test OAuth Source With With OIDC (enroll and authenticate again)"""
+    def test_oauth_samesite_strict(self):
-        self.test_oauth_enroll()
+        """test OAuth Source With SameSite set to strict
-        # We're logged in at the end of this, log out and re-login
+        (=will fail because session is not carried over)"""
-        self.driver.find_element(By.CSS_SELECTOR, "[aria-label=logout]").click()
+        self.create_objects()
        self.driver.get(self.live_server_url)
        self.wait.until(
            ec.presence_of_element_located(
@ -194,14 +185,47 @@ class TestSourceOAuth(SeleniumTestCase):
        )
        self.driver.find_element(By.CSS_SELECTOR, "button[type=submit]").click()
-        # Wait until we've loaded the user info page
+        self.wait.until(
-        self.wait.until(ec.presence_of_element_located((By.LINK_TEXT, "foo")))
+            ec.presence_of_element_located((By.CSS_SELECTOR, ".pf-c-alert__title"))
-        self.driver.find_element(By.LINK_TEXT, "foo").click()
+        )
        self.wait_for_url(self.url("passbook_core:user-settings"))
        self.assertEqual(
-            self.driver.find_element(By.XPATH, "//a[contains(@href, '/-/user/')]").text,
+            self.driver.find_element(By.CSS_SELECTOR, ".pf-c-alert__title").text,
-            "foo",
+            "Authentication Failed.",
        )
    def test_oauth_enroll_auth(self):
        """test OAuth Source With With OIDC (enroll and authenticate again)"""
        self.test_oauth_enroll()
        # We're logged in at the end of this, log out and re-login
        self.driver.find_element(By.ID, "logout").click()
        self.wait.until(
            ec.presence_of_element_located(
                (By.CLASS_NAME, "pf-c-login__main-footer-links-item-link")
            )
        )
        sleep(1)
        self.driver.find_element(
            By.CLASS_NAME, "pf-c-login__main-footer-links-item-link"
        ).click()
        sleep(1)
        # Now we should be at the IDP, wait for the login field
        self.wait.until(ec.presence_of_element_located((By.ID, "login")))
        self.driver.find_element(By.ID, "login").send_keys("admin@example.com")
        self.driver.find_element(By.ID, "password").send_keys("password")
        self.driver.find_element(By.ID, "password").send_keys(Keys.ENTER)
        # Wait until we're logged in
        self.wait.until(
            ec.presence_of_element_located((By.CSS_SELECTOR, "button[type=submit]"))
        )
        self.driver.find_element(By.CSS_SELECTOR, "button[type=submit]").click()
        self.wait.until(ec.presence_of_element_located((By.ID, "user-settings")))
        self.driver.get(self.url("passbook_core:user-settings"))
        self.assertEqual(
            self.driver.find_element(By.ID, "user-settings").text, "foo",
        )
        self.assertEqual(
            self.driver.find_element(By.ID, "id_username").get_attribute("value"), "foo"
@ -213,3 +237,97 @@ class TestSourceOAuth(SeleniumTestCase):
            self.driver.find_element(By.ID, "id_email").get_attribute("value"),
            "admin@example.com",
        )
@skipUnless(platform.startswith("linux"), "requires local docker")
 class TestSourceOAuth1(SeleniumTestCase):
    """Test OAuth1 Source"""
    def setUp(self) -> None:
        self.client_id = generate_client_id()
        self.client_secret = generate_client_secret()
        self.source_slug = "oauth1-test"
        super().setUp()
    def get_container_specs(self) -> Optional[Dict[str, Any]]:
        return {
            "image": "beryju/oauth1-test-server",
            "detach": True,
            "network_mode": "host",
            "auto_remove": True,
            "environment": {
                "OAUTH1_CLIENT_ID": self.client_id,
                "OAUTH1_CLIENT_SECRET": self.client_secret,
                "OAUTH1_REDIRECT_URI": (
                    self.url(
                        "passbook_sources_oauth:oauth-client-callback",
                        source_slug=self.source_slug,
                    )
                ),
            },
        }
    def create_objects(self):
        """Create required objects"""
        # Bootstrap all needed objects
        authentication_flow = Flow.objects.get(slug="default-source-authentication")
        enrollment_flow = Flow.objects.get(slug="default-source-enrollment")
        OAuthSource.objects.create(  # nosec
            name="oauth1",
            slug=self.source_slug,
            authentication_flow=authentication_flow,
            enrollment_flow=enrollment_flow,
            provider_type="twitter",
            request_token_url="http://localhost:5000/oauth/request_token",
            access_token_url="http://localhost:5000/oauth/access_token",
            authorization_url="http://localhost:5000/oauth/authorize",
            profile_url="http://localhost:5000/api/me",
            consumer_key=self.client_id,
            consumer_secret=self.client_secret,
        )
    def test_oauth_enroll(self):
        """test OAuth Source With With OIDC"""
        self.create_objects()
        self.driver.get(self.live_server_url)
        self.wait.until(
            ec.presence_of_element_located(
                (By.CLASS_NAME, "pf-c-login__main-footer-links-item-link")
            )
        )
        self.driver.find_element(
            By.CLASS_NAME, "pf-c-login__main-footer-links-item-link"
        ).click()
        # Now we should be at the IDP, wait for the login field
        self.wait.until(ec.presence_of_element_located((By.NAME, "username")))
        self.driver.find_element(By.NAME, "username").send_keys("example-user")
        self.driver.find_element(By.NAME, "username").send_keys(Keys.ENTER)
        # Wait until we're logged in
        self.wait.until(
            ec.presence_of_element_located((By.CSS_SELECTOR, "[name='confirm']"))
        )
        self.driver.find_element(By.CSS_SELECTOR, "[name='confirm']").click()
        # Wait until we've loaded the user info page
        self.wait.until(ec.presence_of_element_located((By.ID, "user-settings")))
        self.driver.get(self.url("passbook_core:user-settings"))
        self.assertEqual(
            self.driver.find_element(By.ID, "user-settings").text, "example-user",
        )
        self.assertEqual(
            self.driver.find_element(By.ID, "id_username").get_attribute("value"),
            "example-user",
        )
        self.assertEqual(
            self.driver.find_element(By.ID, "id_name").get_attribute("value"),
            "test name",
        )
        self.assertEqual(
            self.driver.find_element(By.ID, "id_email").get_attribute("value"),
            "foo@example.com",
        )
--- a/e2e/test_source_saml.py
+++ b/e2e/test_source_saml.py
@ -1,8 +1,9 @@
 """test SAML Source"""
 from sys import platform
 from time import sleep
 from typing import Any, Dict, Optional
 from unittest.case import skipUnless
 from docker import DockerClient, from_env
 from docker.models.containers import Container
 from docker.types import Healthcheck
 from selenium.webdriver.common.by import By
 from selenium.webdriver.common.keys import Keys
@ -68,48 +69,31 @@ Sm75WXsflOxuTn08LbgGc4s=
 -----END PRIVATE KEY-----"""
@skipUnless(platform.startswith("linux"), "requires local docker")
 class TestSourceSAML(SeleniumTestCase):
    """test SAML Source flow"""
-    def setUp(self):
+    def get_container_specs(self) -> Optional[Dict[str, Any]]:
-        self.container = self.setup_client()
+        return {
-        super().setUp()
+            "image": "kristophjunge/test-saml-idp:1.15",
-
+            "detach": True,
-    def setup_client(self) -> Container:
+            "network_mode": "host",
-        """Setup test IdP container"""
+            "auto_remove": True,
-        client: DockerClient = from_env()
+            "healthcheck": Healthcheck(
        container = client.containers.run(
            image="kristophjunge/test-saml-idp:1.15",
            detach=True,
            network_mode="host",
            auto_remove=True,
            healthcheck=Healthcheck(
                test=["CMD", "curl", "http://localhost:8080"],
                interval=5 * 100 * 1000000,
                start_period=1 * 100 * 1000000,
            ),
-            environment={
+            "environment": {
                "SIMPLESAMLPHP_SP_ENTITY_ID": "entity-id",
                "SIMPLESAMLPHP_SP_ASSERTION_CONSUMER_SERVICE": (
                    f"{self.live_server_url}/source/saml/saml-idp-test/acs/"
                ),
            },
-        )
+        }
        while True:
            container.reload()
            status = container.attrs.get("State", {}).get("Health", {}).get("Status")
            if status == "healthy":
                return container
            LOGGER.info("Container failed healthcheck")
            sleep(1)
    def tearDown(self):
        self.container.kill()
        super().tearDown()
    def test_idp_redirect(self):
        """test SAML Source With redirect binding"""
        sleep(1)
        # Bootstrap all needed objects
        authentication_flow = Flow.objects.get(slug="default-source-authentication")
        enrollment_flow = Flow.objects.get(slug="default-source-enrollment")
@ -146,12 +130,8 @@ class TestSourceSAML(SeleniumTestCase):
        self.driver.find_element(By.ID, "password").send_keys(Keys.ENTER)
        # Wait until we're logged in
-        self.wait.until(
+        self.wait.until(ec.presence_of_element_located((By.ID, "user-settings")))
-            ec.presence_of_element_located(
+        self.driver.get(self.url("passbook_core:user-settings"))
                (By.XPATH, "//a[contains(@href, '/-/user/')]")
            )
        )
        self.driver.find_element(By.XPATH, "//a[contains(@href, '/-/user/')]").click()
        # Wait until we've loaded the user info page
        self.wait.until(ec.presence_of_element_located((By.ID, "id_username")))
@ -161,7 +141,6 @@ class TestSourceSAML(SeleniumTestCase):
    def test_idp_post(self):
        """test SAML Source With post binding"""
        sleep(1)
        # Bootstrap all needed objects
        authentication_flow = Flow.objects.get(slug="default-source-authentication")
        enrollment_flow = Flow.objects.get(slug="default-source-enrollment")
@ -200,12 +179,8 @@ class TestSourceSAML(SeleniumTestCase):
        self.driver.find_element(By.ID, "password").send_keys(Keys.ENTER)
        # Wait until we're logged in
-        self.wait.until(
+        self.wait.until(ec.presence_of_element_located((By.ID, "user-settings")))
-            ec.presence_of_element_located(
+        self.driver.get(self.url("passbook_core:user-settings"))
                (By.XPATH, "//a[contains(@href, '/-/user/')]")
            )
        )
        self.driver.find_element(By.XPATH, "//a[contains(@href, '/-/user/')]").click()
        # Wait until we've loaded the user info page
        self.wait.until(ec.presence_of_element_located((By.ID, "id_username")))
@ -215,7 +190,6 @@ class TestSourceSAML(SeleniumTestCase):
    def test_idp_post_auto(self):
        """test SAML Source With post binding (auto redirect)"""
        sleep(1)
        # Bootstrap all needed objects
        authentication_flow = Flow.objects.get(slug="default-source-authentication")
        enrollment_flow = Flow.objects.get(slug="default-source-enrollment")
@ -252,12 +226,8 @@ class TestSourceSAML(SeleniumTestCase):
        self.driver.find_element(By.ID, "password").send_keys(Keys.ENTER)
        # Wait until we're logged in
-        self.wait.until(
+        self.wait.until(ec.presence_of_element_located((By.ID, "user-settings")))
-            ec.presence_of_element_located(
+        self.driver.get(self.url("passbook_core:user-settings"))
                (By.XPATH, "//a[contains(@href, '/-/user/')]")
            )
        )
        self.driver.find_element(By.XPATH, "//a[contains(@href, '/-/user/')]").click()
        # Wait until we've loaded the user info page
        self.wait.until(ec.presence_of_element_located((By.ID, "id_username")))
--- a/e2e/utils.py
+++ b/e2e/utils.py
@ -1,16 +1,18 @@
 """passbook e2e testing utilities"""
 from functools import lru_cache
 from glob import glob
 from importlib.util import module_from_spec, spec_from_file_location
 from inspect import getmembers, isfunction
 from os import environ, makedirs
-from time import time
+from time import sleep, time
 from typing import Any, Dict, Optional
 from django.apps import apps
 from django.contrib.staticfiles.testing import StaticLiveServerTestCase
 from django.db import connection, transaction
 from django.db.utils import IntegrityError
 from django.shortcuts import reverse
 from docker import DockerClient, from_env
 from docker.models.containers import Container
 from selenium import webdriver
 from selenium.webdriver.common.desired_capabilities import DesiredCapabilities
 from selenium.webdriver.remote.webdriver import WebDriver
@ -20,7 +22,6 @@ from structlog import get_logger
 from passbook.core.models import User
@lru_cache
 # pylint: disable=invalid-name
 def USER() -> User:  # noqa
    """Cached function that always returns pbadmin"""
@ -30,15 +31,38 @@ def USER() -> User:  # noqa
 class SeleniumTestCase(StaticLiveServerTestCase):
    """StaticLiveServerTestCase which automatically creates a Webdriver instance"""
    container: Optional[Container] = None
    def setUp(self):
        super().setUp()
        makedirs("selenium_screenshots/", exist_ok=True)
        self.driver = self._get_driver()
        self.driver.maximize_window()
        self.driver.implicitly_wait(30)
-        self.wait = WebDriverWait(self.driver, 50)
+        self.wait = WebDriverWait(self.driver, 60)
        self.apply_default_data()
        self.logger = get_logger()
        if specs := self.get_container_specs():
            self.container = self._start_container(specs)
    def _start_container(self, specs: Dict[str, Any]) -> Container:
        client: DockerClient = from_env()
        client.images.pull(specs["image"])
        container = client.containers.run(**specs)
        if "healthcheck" not in specs:
            return container
        while True:
            container.reload()
            status = container.attrs.get("State", {}).get("Health", {}).get("Status")
            if status == "healthy":
                return container
            self.logger.info("Container failed healthcheck")
            sleep(1)
    def get_container_specs(self) -> Optional[Dict[str, Any]]:
        """Optionally get container specs which will launched on setup, wait for the container to
        be healthy, and deleted again on tearDown"""
        return None
    def _get_driver(self) -> WebDriver:
        return webdriver.Remote(
@ -57,6 +81,8 @@ class SeleniumTestCase(StaticLiveServerTestCase):
            self.logger.warning(
                line["message"], source=line["source"], level=line["level"]
            )
        if self.container:
            self.container.kill()
        self.driver.quit()
        super().tearDown()
--- a/helm/Chart.yaml
+++ b/helm/Chart.yaml
@ -1,15 +1,15 @@
 apiVersion: v2
-appVersion: "0.10.0-rc5"
+appVersion: "0.10.8-stable"
 description: A Helm chart for passbook.
 name: passbook
-version: "0.10.0-rc5"
+version: "0.10.8-stable"
-icon: https://github.com/BeryJu/passbook/blob/master/passbook/static/static/passbook/logo.svg
+icon: https://github.com/BeryJu/passbook/blob/master/docs/images/logo.svg
 dependencies:
  - name: postgresql
-    version: 9.3.2
+    version: 9.4.1
    repository: https://charts.bitnami.com/bitnami
    condition: install.postgresql
  - name: redis
-    version: 10.7.16
+    version: 10.9.0
    repository: https://charts.bitnami.com/bitnami
    condition: install.redis
--- a/helm/templates/web-deployment.yaml
+++ b/helm/templates/web-deployment.yaml
@ -9,7 +9,7 @@ metadata:
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    k8s.passbook.beryju.org/component: web
 spec:
-  replicas: {{ serverReplicas }}
+  replicas: {{ .Values.serverReplicas }}
  selector:
    matchLabels:
      app.kubernetes.io/name: {{ include "passbook.name" . }}
@ -22,10 +22,29 @@ spec:
        app.kubernetes.io/instance: {{ .Release.Name }}
        k8s.passbook.beryju.org/component: web
    spec:
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - weight: 1
            podAffinityTerm:
              labelSelector:
                matchExpressions:
                - key: app.kubernetes.io/name
                  operator: In
                  values:
                  - {{ include "passbook.name" . }}
                - key: app.kubernetes.io/instance
                  operator: In
                  values:
                  - {{ .Release.Name }}
                - key: k8s.passbook.beryju.org/component
                  operator: In
                  values:
                  - web
              topologyKey: "kubernetes.io/hostname"
      initContainers:
        - name: passbook-database-migrations
          image: "{{ .Values.image.name }}:{{ .Values.image.tag }}"
          imagePullPolicy: Always
          args: [migrate]
          envFrom:
            - configMapRef:
@ -50,7 +69,6 @@ spec:
      containers:
        - name: {{ .Chart.Name }}
          image: "{{ .Values.image.name }}:{{ .Values.image.tag }}"
          imagePullPolicy: Always
          args: [server]
          envFrom:
            - configMapRef:
@ -93,7 +111,7 @@ spec:
          resources:
            requests:
              cpu: 100m
-              memory: 200M
+              memory: 300M
            limits:
              cpu: 300m
-              memory: 350M
+              memory: 500M
--- a/helm/templates/worker-deployment.yaml
+++ b/helm/templates/worker-deployment.yaml
@ -9,7 +9,7 @@ metadata:
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    k8s.passbook.beryju.org/component: worker
 spec:
-  replicas: {{ workerReplicas }}
+  replicas: {{ .Values.workerReplicas }}
  selector:
    matchLabels:
      app.kubernetes.io/name: {{ include "passbook.name" . }}
@ -22,6 +22,26 @@ spec:
        app.kubernetes.io/instance: {{ .Release.Name }}
        k8s.passbook.beryju.org/component: worker
    spec:
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - weight: 1
            podAffinityTerm:
              labelSelector:
                matchExpressions:
                - key: app.kubernetes.io/name
                  operator: In
                  values:
                  - {{ include "passbook.name" . }}
                - key: app.kubernetes.io/instance
                  operator: In
                  values:
                  - {{ .Release.Name }}
                - key: k8s.passbook.beryju.org/component
                  operator: In
                  values:
                  - worker
              topologyKey: "kubernetes.io/hostname"
      containers:
        - name: {{ .Chart.Name }}
          image: "{{ .Values.image.name }}:{{ .Values.image.tag }}"
@ -50,7 +70,7 @@ spec:
          resources:
            requests:
              cpu: 150m
-              memory: 300M
+              memory: 400M
            limits:
              cpu: 300m
-              memory: 500M
+              memory: 600M
--- a/helm/values.yaml
+++ b/helm/values.yaml
@ -4,7 +4,7 @@
 image:
  name: beryju/passbook
  name_static: beryju/passbook-static
-  tag: 0.10.0-rc5
+  tag: 0.10.8-stable
 nameOverride: ""
--- a/lifecycle/bootstrap.sh
+++ b/lifecycle/bootstrap.sh
@ -4,7 +4,7 @@ printf '{"event": "Bootstrap completed", "level": "info", "logger": "bootstrap",
 if [[ "$1" == "server" ]]; then
    gunicorn -c /lifecycle/gunicorn.conf.py passbook.root.asgi:application
 elif [[ "$1" == "worker" ]]; then
-    celery worker --autoscale=10,3 -E -B -A=passbook.root.celery -s=/tmp/celerybeat-schedule
+    celery -A passbook.root.celery worker --autoscale 10,3 -E -B -s /tmp/celerybeat-schedule -Q passbook,passbook_scheduled
 elif [[ "$1" == "migrate" ]]; then
    # Run system migrations first, run normal migrations after
    python -m lifecycle.migrate
--- a/lifecycle/gunicorn.conf.py
+++ b/lifecycle/gunicorn.conf.py
@ -1,9 +1,10 @@
 """Gunicorn config"""
 from multiprocessing import cpu_count
 from pathlib import Path
 import structlog
 bind = "0.0.0.0:8000"
 workers = 2
 threads = 4
 user = "passbook"
 group = "passbook"
@ -40,3 +41,11 @@ logconfig_dict = {
        "gunicorn": {"handlers": ["console"], "level": "INFO", "propagate": False},
    },
 }
 # if we're running in kubernetes, use fixed workers because we can scale with more pods
 # otherwise (assume docker-compose), use as much as we can
 if Path("/var/run/secrets/kubernetes.io").exists():
    workers = 2
 else:
    worker = cpu_count() * 2 + 1
 threads = 4
--- a/lifecycle/wait_for_db.py
+++ b/lifecycle/wait_for_db.py
@ -1,16 +1,28 @@
 #!/usr/bin/env python
 """This file needs to be run from the root of the project to correctly
 import passbook. This is done by the dockerfile."""
 from json import dumps
 from sys import stderr
 from time import sleep
 from psycopg2 import OperationalError, connect
 from redis import Redis
 from redis.exceptions import RedisError
 from structlog import get_logger
 from passbook.lib.config import CONFIG
-LOGGER = get_logger()
+
 def j_print(event: str, log_level: str = "info", **kwargs):
    """Print event in the same format as structlog with JSON.
    Used before structlog is configured."""
    data = {
        "event": event,
        "level": log_level,
        "logger": __name__,
    }
    data.update(**kwargs)
    print(dumps(data), file=stderr)
 while True:
    try:
@ -24,7 +36,7 @@ while True:
        break
    except OperationalError:
        sleep(1)
-        LOGGER.warning("PostgreSQL Connection failed, retrying...")
+        j_print("PostgreSQL Connection failed, retrying...")
 while True:
    try:
@ -38,4 +50,4 @@ while True:
        break
    except RedisError:
        sleep(1)
-        LOGGER.warning("Redis Connection failed, retrying...")
+        j_print("Redis Connection failed, retrying...")
--- a/mkdocs.yml
+++ b/mkdocs.yml
@ -30,7 +30,11 @@ nav:
    - OAuth2: providers/oauth2.md
    - SAML: providers/saml.md
    - Proxy: providers/proxy.md
-  - Outposts: outposts/outposts.md
+  - Outposts:
    - Overview: outposts/outposts.md
    - Upgrading: outposts/upgrading.md
    - Deploy on docker-compose: outposts/deploy-docker-compose.md
    - Deploy on Kubernetes: outposts/deploy-kubernetes.md
  - Expressions:
    - Overview: expressions/index.md
    - Reference:
@ -49,9 +53,15 @@ nav:
        - Harbor: integrations/services/harbor/index.md
        - Sentry: integrations/services/sentry/index.md
        - Ansible Tower/AWX: integrations/services/tower-awx/index.md
        - VMware vCenter: integrations/services/vmware-vcenter/index.md
        - Ubuntu Landscape: integrations/services/ubuntu-landscape/index.md
        - Sonarr: integrations/services/sonarr/index.md
        - Tautulli: integrations/services/tautulli/index.md
  - Upgrading:
    - to 0.9: upgrading/to-0.9.md
    - to 0.10: upgrading/to-0.10.md
  - Troubleshooting:
    - Access problems: troubleshooting/access.md
 repo_name: "BeryJu/passbook"
 repo_url: https://github.com/BeryJu/passbook
--- a/passbook/init.py
+++ b/passbook/init.py
@ -1,2 +1,2 @@
 """passbook"""
-__version__ = "0.10.0-rc5"
+__version__ = "0.10.8-stable"
--- a/passbook/admin/fields.py
+++ b/passbook/admin/fields.py
@ -15,11 +15,8 @@ class CodeMirrorWidget(forms.Textarea):
        self.mode = mode
    def render(self, *args, **kwargs):
-        if "attrs" not in kwargs:
+        attrs = kwargs.setdefault("attrs", {})
-            kwargs["attrs"] = {}
+        attrs.setdefault("class", "")
        attrs = kwargs["attrs"]
        if "class" not in attrs:
            attrs["class"] = ""
        attrs["class"] += " codemirror"
        attrs["data-cm-mode"] = self.mode
        return super().render(*args, **kwargs)
@ -56,6 +53,8 @@ class YAMLField(forms.JSONField):
            )
        if isinstance(converted, str):
            return YAMLString(converted)
        if converted is None:
            return {}
        return converted
    def bound_data(self, data, initial):
--- a/passbook/admin/forms/users.py
+++ b/passbook/admin/forms/users.py
@ -12,7 +12,7 @@ class UserForm(forms.ModelForm):
    class Meta:
        model = User
-        fields = ["username", "name", "email", "is_staff", "is_active", "attributes"]
+        fields = ["username", "name", "email", "is_active", "attributes"]
        widgets = {
            "name": forms.TextInput,
            "attributes": CodeMirrorWidget,
--- a/passbook/admin/middleware.py
+++ b/passbook/admin/middleware.py
@ -1,26 +0,0 @@
 """passbook admin Middleware to impersonate users"""
 from passbook.core.models import User
 def impersonate(get_response):
    """Middleware to impersonate users"""
    def middleware(request):
        """Middleware to impersonate users"""
        # User is superuser and has __impersonate ID set
        if request.user.is_superuser and "__impersonate" in request.GET:
            request.session["impersonate_id"] = request.GET["__impersonate"]
        # user wants to stop impersonation
        elif "__unimpersonate" in request.GET and "impersonate_id" in request.session:
            del request.session["impersonate_id"]
        # Actually impersonate user
        if request.user.is_superuser and "impersonate_id" in request.session:
            request.user = User.objects.get(pk=request.session["impersonate_id"])
        response = get_response(request)
        return response
    return middleware
--- a/passbook/admin/settings.py
+++ b/passbook/admin/settings.py
@ -1,5 +1,10 @@
 """passbook admin settings"""
 from celery.schedules import crontab
-MIDDLEWARE = [
+CELERY_BEAT_SCHEDULE = {
-    "passbook.admin.middleware.impersonate",
+    "admin_latest_version": {
-]
+        "task": "passbook.admin.tasks.update_latest_version",
        "schedule": crontab(minute=0),  # Run every hour
        "options": {"queue": "passbook_scheduled"},
    }
 }
--- a/passbook/admin/tasks.py
+++ b/passbook/admin/tasks.py
@ -0,0 +1,23 @@
 """passbook admin tasks"""
 from django.core.cache import cache
 from requests import RequestException, get
 from structlog import get_logger
 from passbook.root.celery import CELERY_APP
 LOGGER = get_logger()
 VERSION_CACHE_KEY = "passbook_latest_version"
 VERSION_CACHE_TIMEOUT = 2 * 60 * 60  # 2 hours
@CELERY_APP.task()
 def update_latest_version():
    """Update latest version info"""
    try:
        data = get(
            "https://api.github.com/repos/beryju/passbook/releases/latest"
        ).json()
        tag_name = data.get("tag_name")
        cache.set(VERSION_CACHE_KEY, tag_name.split("/")[1], VERSION_CACHE_TIMEOUT)
    except (RequestException, IndexError):
        cache.set(VERSION_CACHE_KEY, "0.0.0", VERSION_CACHE_TIMEOUT)
--- a/passbook/admin/templates/administration/base.html
+++ b/passbook/admin/templates/administration/base.html
@ -58,7 +58,7 @@
                        {% trans 'Property Mappings' %}
                    </a>
                </li>
-                <li class="pf-c-nav__item pf-m-expandable pf-m-expanded">
+                <li class="pf-c-nav__item pf-m-expanded">
                    <a href="#" class="pf-c-nav__link" aria-expanded="true">{% trans 'Flows' %}
                        <span class="pf-c-nav__toggle">
                            <i class="fas fa-angle-right" aria-hidden="true"></i>
@ -99,7 +99,7 @@
                        </ul>
                    </section>
                </li>
-                <li class="pf-c-nav__item pf-m-expandable pf-m-expanded">
+                <li class="pf-c-nav__item pf-m-expanded">
                    <a href="#" class="pf-c-nav__link" aria-expanded="true">{% trans 'Policies' %}
                        <span class="pf-c-nav__toggle">
                            <i class="fas fa-angle-right" aria-hidden="true"></i>
--- a/passbook/admin/templates/administration/group/list.html
+++ b/passbook/admin/templates/administration/group/list.html
@ -50,7 +50,7 @@
                    </td>
                    <td role="cell">
                        <span>
-                            {{ group.user_set.all|length }}
+                            {{ group.users.all|length }}
                        </span>
                    </td>
                    <td>
--- a/passbook/admin/templates/administration/outpost/list.html
+++ b/passbook/admin/templates/administration/outpost/list.html
@ -3,18 +3,7 @@
 {% load i18n %}
 {% load humanize %}
 {% load passbook_utils %}
-
+{% load admin_reflection %}
 {% block head %}
 {{ block.super }}
 <style>
 .pf-m-success {
    color: var(--pf-global--success-color--100);
 }
 .pf-m-danger {
    color: var(--pf-global--danger-color--100);
 }
 </style>
 {% endblock %}
 {% block content %}
 <section class="pf-c-page__main-section pf-m-light">
@ -32,7 +21,7 @@
        <div class="pf-c-toolbar">
            <div class="pf-c-toolbar__content">
                <div class="pf-c-toolbar__bulk-select">
-                    <a href="{% url 'passbook_admin:flow-create' %}?back={{ request.get_full_path }}" class="pf-c-button pf-m-primary" type="button">{% trans 'Create' %}</a>
+                    <a href="{% url 'passbook_admin:outpost-create' %}?back={{ request.get_full_path }}" class="pf-c-button pf-m-primary" type="button">{% trans 'Create' %}</a>
                </div>
                {% include 'partials/pagination.html' %}
            </div>
@ -43,6 +32,7 @@
                    <th role="columnheader" scope="col">{% trans 'Name' %}</th>
                    <th role="columnheader" scope="col">{% trans 'Providers' %}</th>
                    <th role="columnheader" scope="col">{% trans 'Health' %}</th>
                    <th role="columnheader" scope="col">{% trans 'Version' %}</th>
                    <th role="cell"></th>
                </tr>
            </thead>
@ -50,7 +40,7 @@
                {% for outpost in object_list %}
                <tr role="row">
                    <th role="columnheader">
-                        <a href="{% url 'passbook_outposts:setup' outpost_pk=outpost.pk %}">{{ outpost.name }}</a>
+                        <span>{{ outpost.name }}</span>
                    </th>
                    <td role="cell">
                        <span>
@ -58,7 +48,7 @@
                        </span>
                    </td>
                    <td role="cell">
-                        {% with health=outpost.health %}
+                        {% with health=outpost.deployment_health %}
                        {% if health %}
                            <i class="fas fa-check pf-m-success"></i> {{ health|naturaltime }}
                        {% else %}
@ -66,9 +56,28 @@
                        {% endif %}
                        {% endwith %}
                    </td>
                    <td role="cell">
                        <span>
                            {% with ver=outpost.deployment_version %}
                            {% if ver.outdated %}
                                {% if ver.version == "" %}
                                <i class="fas fa-times pf-m-danger"></i> -
                                {% else %}
                                <i class="fas fa-times pf-m-danger"></i> {% blocktrans with is=ver.version should=ver.should %}{{ is }}, should be {{ should }}{% endblocktrans %}
                                {% endif %}
                            {% else %}
                            <i class="fas fa-check pf-m-success"></i> {{ ver.version }}
                            {% endif %}
                            {% endwith %}
                        </span>
                    </td>
                    <td>
                        <a class="pf-c-button pf-m-secondary" href="{% url 'passbook_admin:outpost-update' pk=outpost.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
                        <a class="pf-c-button pf-m-danger" href="{% url 'passbook_admin:outpost-delete' pk=outpost.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
                        {% get_htmls outpost as htmls %}
                        {% for html in htmls %}
                        {{ html|safe }}
                        {% endfor %}
                    </td>
                </tr>
                {% endfor %}
--- a/passbook/admin/templates/administration/policy/list.html
+++ b/passbook/admin/templates/administration/policy/list.html
@ -55,7 +55,7 @@
                    <th role="columnheader">
                        <div>
                            <div>{{ policy.name }}</div>
-                            {% if not policy.bindings.exists %}
+                            {% if not policy.bindings.exists and not policy.promptstage_set.exists %}
                            <i class="pf-icon pf-icon-warning-triangle"></i>
                            <small>{% trans 'Warning: Policy is not assigned.' %}</small>
                            {% else %}
--- a/passbook/admin/templates/administration/user/list.html
+++ b/passbook/admin/templates/administration/user/list.html
@ -55,7 +55,7 @@
                        <a class="pf-c-button pf-m-secondary" href="{% url 'passbook_admin:user-update' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
                        <a class="pf-c-button pf-m-danger" href="{% url 'passbook_admin:user-delete' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
                        <a class="pf-c-button pf-m-tertiary" href="{% url 'passbook_admin:user-password-reset' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Reset Password' %}</a>
-                        <a class="pf-c-button pf-m-tertiary" href="{% url 'passbook_core:overview' %}?__impersonate={{ user.pk }}">{% trans 'Impersonate' %}</a>
+                        <a class="pf-c-button pf-m-tertiary" href="{% url 'passbook_core:impersonate-init' user_id=user.pk %}">{% trans 'Impersonate' %}</a>
                    </td>
                </tr>
                {% endfor %}
--- a/passbook/admin/tests.py
+++ b/passbook/admin/tests.py
@ -8,7 +8,7 @@ from django.test import Client, TestCase
 from django.urls.exceptions import NoReverseMatch
 from passbook.admin.urls import urlpatterns
-from passbook.core.models import User
+from passbook.core.models import Group, User
 from passbook.lib.utils.reflection import get_apps
@ -16,7 +16,9 @@ class TestAdmin(TestCase):
    """Generic admin tests"""
    def setUp(self):
-        self.user = User.objects.create_superuser(username="test")
+        self.user = User.objects.create_user(username="test")
        self.user.pb_groups.add(Group.objects.filter(is_superuser=True).first())
        self.user.save()
        self.client = Client()
        self.client.force_login(self.user)
--- a/passbook/admin/views/applications.py
+++ b/passbook/admin/views/applications.py
@ -5,28 +5,34 @@ from django.contrib.auth.mixins import (
 )
 from django.contrib.messages.views import SuccessMessageMixin
 from django.urls import reverse_lazy
-from django.utils.translation import ugettext as _
+from django.utils.translation import gettext as _
 from django.views.generic import ListView, UpdateView
 from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
-from passbook.admin.views.utils import DeleteMessageView
+from passbook.admin.views.utils import (
    BackSuccessUrlMixin,
    DeleteMessageView,
    UserPaginateListMixin,
 )
 from passbook.core.forms.applications import ApplicationForm
 from passbook.core.models import Application
 from passbook.lib.views import CreateAssignPermView
-class ApplicationListView(LoginRequiredMixin, PermissionListMixin, ListView):
+class ApplicationListView(
    LoginRequiredMixin, PermissionListMixin, UserPaginateListMixin, ListView
 ):
    """Show list of all applications"""
    model = Application
    permission_required = "passbook_core.view_application"
    ordering = "name"
    paginate_by = 40
    template_name = "administration/application/list.html"
 class ApplicationCreateView(
    SuccessMessageMixin,
    BackSuccessUrlMixin,
    LoginRequiredMixin,
    DjangoPermissionRequiredMixin,
    CreateAssignPermView,
@ -43,7 +49,11 @@ class ApplicationCreateView(
 class ApplicationUpdateView(
-    SuccessMessageMixin, LoginRequiredMixin, PermissionRequiredMixin, UpdateView
+    SuccessMessageMixin,
    BackSuccessUrlMixin,
    LoginRequiredMixin,
    PermissionRequiredMixin,
    UpdateView,
 ):
    """Update application"""
--- a/passbook/admin/views/certificate_key_pair.py
+++ b/passbook/admin/views/certificate_key_pair.py
@ -5,28 +5,34 @@ from django.contrib.auth.mixins import (
 )
 from django.contrib.messages.views import SuccessMessageMixin
 from django.urls import reverse_lazy
-from django.utils.translation import ugettext as _
+from django.utils.translation import gettext as _
 from django.views.generic import ListView, UpdateView
 from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
-from passbook.admin.views.utils import DeleteMessageView
+from passbook.admin.views.utils import (
    BackSuccessUrlMixin,
    DeleteMessageView,
    UserPaginateListMixin,
 )
 from passbook.crypto.forms import CertificateKeyPairForm
 from passbook.crypto.models import CertificateKeyPair
 from passbook.lib.views import CreateAssignPermView
-class CertificateKeyPairListView(LoginRequiredMixin, PermissionListMixin, ListView):
+class CertificateKeyPairListView(
    LoginRequiredMixin, PermissionListMixin, UserPaginateListMixin, ListView
 ):
    """Show list of all keypairs"""
    model = CertificateKeyPair
    permission_required = "passbook_crypto.view_certificatekeypair"
    ordering = "name"
    paginate_by = 40
    template_name = "administration/certificatekeypair/list.html"
 class CertificateKeyPairCreateView(
    SuccessMessageMixin,
    BackSuccessUrlMixin,
    LoginRequiredMixin,
    DjangoPermissionRequiredMixin,
    CreateAssignPermView,
@ -43,7 +49,11 @@ class CertificateKeyPairCreateView(
 class CertificateKeyPairUpdateView(
-    SuccessMessageMixin, LoginRequiredMixin, PermissionRequiredMixin, UpdateView
+    SuccessMessageMixin,
    BackSuccessUrlMixin,
    LoginRequiredMixin,
    PermissionRequiredMixin,
    UpdateView,
 ):
    """Update certificatekeypair"""
--- a/passbook/admin/views/flows.py
+++ b/passbook/admin/views/flows.py
@ -7,11 +7,15 @@ from django.contrib.auth.mixins import (
 from django.contrib.messages.views import SuccessMessageMixin
 from django.http import HttpRequest, HttpResponse, JsonResponse
 from django.urls import reverse_lazy
-from django.utils.translation import ugettext as _
+from django.utils.translation import gettext as _
 from django.views.generic import DetailView, FormView, ListView, UpdateView
 from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
-from passbook.admin.views.utils import DeleteMessageView
+from passbook.admin.views.utils import (
    BackSuccessUrlMixin,
    DeleteMessageView,
    UserPaginateListMixin,
 )
 from passbook.flows.forms import FlowForm, FlowImportForm
 from passbook.flows.models import Flow
 from passbook.flows.planner import PLAN_CONTEXT_PENDING_USER
@ -23,18 +27,20 @@ from passbook.lib.utils.urls import redirect_with_qs
 from passbook.lib.views import CreateAssignPermView
-class FlowListView(LoginRequiredMixin, PermissionListMixin, ListView):
+class FlowListView(
    LoginRequiredMixin, PermissionListMixin, UserPaginateListMixin, ListView
 ):
    """Show list of all flows"""
    model = Flow
    permission_required = "passbook_flows.view_flow"
    ordering = "name"
    paginate_by = 40
    template_name = "administration/flow/list.html"
 class FlowCreateView(
    SuccessMessageMixin,
    BackSuccessUrlMixin,
    LoginRequiredMixin,
    DjangoPermissionRequiredMixin,
    CreateAssignPermView,
@ -51,7 +57,11 @@ class FlowCreateView(
 class FlowUpdateView(
-    SuccessMessageMixin, LoginRequiredMixin, PermissionRequiredMixin, UpdateView
+    SuccessMessageMixin,
    BackSuccessUrlMixin,
    LoginRequiredMixin,
    PermissionRequiredMixin,
    UpdateView,
 ):
    """Update flow"""
--- a/passbook/admin/views/groups.py
+++ b/passbook/admin/views/groups.py
@ -5,28 +5,34 @@ from django.contrib.auth.mixins import (
 )
 from django.contrib.messages.views import SuccessMessageMixin
 from django.urls import reverse_lazy
-from django.utils.translation import ugettext as _
+from django.utils.translation import gettext as _
 from django.views.generic import ListView, UpdateView
 from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
-from passbook.admin.views.utils import DeleteMessageView
+from passbook.admin.views.utils import (
    BackSuccessUrlMixin,
    DeleteMessageView,
    UserPaginateListMixin,
 )
 from passbook.core.forms.groups import GroupForm
 from passbook.core.models import Group
 from passbook.lib.views import CreateAssignPermView
-class GroupListView(LoginRequiredMixin, PermissionListMixin, ListView):
+class GroupListView(
    LoginRequiredMixin, PermissionListMixin, UserPaginateListMixin, ListView
 ):
    """Show list of all groups"""
    model = Group
    permission_required = "passbook_core.view_group"
    ordering = "name"
    paginate_by = 40
    template_name = "administration/group/list.html"
 class GroupCreateView(
    SuccessMessageMixin,
    BackSuccessUrlMixin,
    LoginRequiredMixin,
    DjangoPermissionRequiredMixin,
    CreateAssignPermView,
@ -43,7 +49,11 @@ class GroupCreateView(
 class GroupUpdateView(
-    SuccessMessageMixin, LoginRequiredMixin, PermissionRequiredMixin, UpdateView
+    SuccessMessageMixin,
    BackSuccessUrlMixin,
    LoginRequiredMixin,
    PermissionRequiredMixin,
    UpdateView,
 ):
    """Update group"""
--- a/passbook/admin/views/outposts.py
+++ b/passbook/admin/views/outposts.py
@ -1,32 +1,41 @@
 """passbook Outpost administration"""
 from dataclasses import asdict
 from typing import Any, Dict
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib.auth.mixins import (
    PermissionRequiredMixin as DjangoPermissionRequiredMixin,
 )
 from django.contrib.messages.views import SuccessMessageMixin
 from django.urls import reverse_lazy
-from django.utils.translation import ugettext as _
+from django.utils.translation import gettext as _
 from django.views.generic import ListView, UpdateView
 from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
-from passbook.admin.views.utils import DeleteMessageView
+from passbook.admin.views.utils import (
    BackSuccessUrlMixin,
    DeleteMessageView,
    UserPaginateListMixin,
 )
 from passbook.lib.views import CreateAssignPermView
 from passbook.outposts.forms import OutpostForm
-from passbook.outposts.models import Outpost
+from passbook.outposts.models import Outpost, OutpostConfig
-class OutpostListView(LoginRequiredMixin, PermissionListMixin, ListView):
+class OutpostListView(
    LoginRequiredMixin, PermissionListMixin, UserPaginateListMixin, ListView
 ):
    """Show list of all outposts"""
    model = Outpost
    permission_required = "passbook_outposts.view_outpost"
    ordering = "name"
    paginate_by = 40
    template_name = "administration/outpost/list.html"
 class OutpostCreateView(
    SuccessMessageMixin,
    BackSuccessUrlMixin,
    LoginRequiredMixin,
    DjangoPermissionRequiredMixin,
    CreateAssignPermView,
@ -41,9 +50,20 @@ class OutpostCreateView(
    success_url = reverse_lazy("passbook_admin:outposts")
    success_message = _("Successfully created Outpost")
    def get_initial(self) -> Dict[str, Any]:
        return {
            "_config": asdict(
                OutpostConfig(passbook_host=self.request.build_absolute_uri("/"))
            )
        }
 class OutpostUpdateView(
-    SuccessMessageMixin, LoginRequiredMixin, PermissionRequiredMixin, UpdateView
+    SuccessMessageMixin,
    BackSuccessUrlMixin,
    LoginRequiredMixin,
    PermissionRequiredMixin,
    UpdateView,
 ):
    """Update outpost"""
@ -53,7 +73,7 @@ class OutpostUpdateView(
    template_name = "generic/update.html"
    success_url = reverse_lazy("passbook_admin:outposts")
-    success_message = _("Successfully updated Certificate-Key Pair")
+    success_message = _("Successfully updated Outpost")
 class OutpostDeleteView(LoginRequiredMixin, PermissionRequiredMixin, DeleteMessageView):
@ -64,4 +84,4 @@ class OutpostDeleteView(LoginRequiredMixin, PermissionRequiredMixin, DeleteMessa
    template_name = "generic/delete.html"
    success_url = reverse_lazy("passbook_admin:outposts")
-    success_message = _("Successfully deleted Certificate-Key Pair")
+    success_message = _("Successfully deleted Outpost")
--- a/passbook/admin/views/overview.py
+++ b/passbook/admin/views/overview.py
@ -1,34 +1,20 @@
 """passbook administration overview"""
 from typing import Union
 from django.core.cache import cache
 from django.shortcuts import redirect, reverse
 from django.views.generic import TemplateView
-from packaging.version import Version, parse
+from packaging.version import LegacyVersion, Version, parse
 from requests import RequestException, get
 from passbook import __version__
 from passbook.admin.mixins import AdminRequiredMixin
 from passbook.admin.tasks import VERSION_CACHE_KEY, update_latest_version
 from passbook.core.models import Application, Provider, Source, User
 from passbook.flows.models import Flow, Stage
 from passbook.policies.models import Policy
 from passbook.root.celery import CELERY_APP
 from passbook.stages.invitation.models import Invitation
 VERSION_CACHE_KEY = "passbook_latest_version"
 def latest_version() -> Version:
    """Get latest release from GitHub, cached"""
    if not cache.get(VERSION_CACHE_KEY):
        try:
            data = get(
                "https://api.github.com/repos/beryju/passbook/releases/latest"
            ).json()
            tag_name = data.get("tag_name")
            cache.set(VERSION_CACHE_KEY, tag_name.split("/")[1], 30)
        except (RequestException, IndexError):
            cache.set(VERSION_CACHE_KEY, "0.0.0", 30)
    return parse(cache.get(VERSION_CACHE_KEY))
 class AdministrationOverviewView(AdminRequiredMixin, TemplateView):
    """Overview View"""
@ -42,23 +28,31 @@ class AdministrationOverviewView(AdminRequiredMixin, TemplateView):
            return redirect(reverse("passbook_flows:default-authentication"))
        return self.get(*args, **kwargs)
    def get_latest_version(self) -> Union[LegacyVersion, Version]:
        """Get latest version from cache"""
        version_in_cache = cache.get(VERSION_CACHE_KEY)
        if not version_in_cache:
            update_latest_version.delay()
            return parse(__version__)
        return parse(version_in_cache)
    def get_context_data(self, **kwargs):
        kwargs["application_count"] = len(Application.objects.all())
        kwargs["policy_count"] = len(Policy.objects.all())
-        kwargs["user_count"] = len(User.objects.all())
+        kwargs["user_count"] = len(User.objects.all()) - 1  # Remove anonymous user
        kwargs["provider_count"] = len(Provider.objects.all())
        kwargs["source_count"] = len(Source.objects.all())
        kwargs["stage_count"] = len(Stage.objects.all())
        kwargs["flow_count"] = len(Flow.objects.all())
        kwargs["invitation_count"] = len(Invitation.objects.all())
        kwargs["version"] = parse(__version__)
-        kwargs["version_latest"] = latest_version()
+        kwargs["version_latest"] = self.get_latest_version()
        kwargs["worker_count"] = len(CELERY_APP.control.ping(timeout=0.5))
        kwargs["providers_without_application"] = Provider.objects.filter(
            application=None
        )
        kwargs["policies_without_binding"] = len(
-            Policy.objects.filter(bindings__isnull=True)
+            Policy.objects.filter(bindings__isnull=True, promptstage__isnull=True)
        )
        kwargs["cached_policies"] = len(cache.keys("policy_*"))
        kwargs["cached_flows"] = len(cache.keys("flow_*"))
--- a/passbook/admin/views/policies.py
+++ b/passbook/admin/views/policies.py
@ -10,34 +10,38 @@ from django.contrib.messages.views import SuccessMessageMixin
 from django.db.models import QuerySet
 from django.http import HttpResponse
 from django.urls import reverse_lazy
-from django.utils.translation import ugettext as _
+from django.utils.translation import gettext as _
 from django.views.generic import FormView
 from django.views.generic.detail import DetailView
 from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
 from passbook.admin.forms.policies import PolicyTestForm
 from passbook.admin.views.utils import (
    BackSuccessUrlMixin,
    DeleteMessageView,
    InheritanceCreateView,
    InheritanceListView,
    InheritanceUpdateView,
    UserPaginateListMixin,
 )
 from passbook.policies.models import Policy, PolicyBinding
 from passbook.policies.process import PolicyProcess, PolicyRequest
-class PolicyListView(LoginRequiredMixin, PermissionListMixin, InheritanceListView):
+class PolicyListView(
    LoginRequiredMixin, PermissionListMixin, UserPaginateListMixin, InheritanceListView
 ):
    """Show list of all policies"""
    model = Policy
    permission_required = "passbook_policies.view_policy"
    paginate_by = 10
    ordering = "name"
    template_name = "administration/policy/list.html"
 class PolicyCreateView(
    SuccessMessageMixin,
    BackSuccessUrlMixin,
    LoginRequiredMixin,
    DjangoPermissionRequiredMixin,
    InheritanceCreateView,
@ -54,6 +58,7 @@ class PolicyCreateView(
 class PolicyUpdateView(
    SuccessMessageMixin,
    BackSuccessUrlMixin,
    LoginRequiredMixin,
    PermissionRequiredMixin,
    InheritanceUpdateView,
--- a/passbook/admin/views/policies_bindings.py
+++ b/passbook/admin/views/policies_bindings.py
@ -6,22 +6,28 @@ from django.contrib.auth.mixins import (
 from django.contrib.messages.views import SuccessMessageMixin
 from django.db.models import QuerySet
 from django.urls import reverse_lazy
-from django.utils.translation import ugettext as _
+from django.utils.translation import gettext as _
 from django.views.generic import ListView, UpdateView
 from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
 from guardian.shortcuts import get_objects_for_user
-from passbook.admin.views.utils import DeleteMessageView
+from passbook.admin.views.utils import (
    BackSuccessUrlMixin,
    DeleteMessageView,
    UserPaginateListMixin,
 )
 from passbook.lib.views import CreateAssignPermView
 from passbook.policies.forms import PolicyBindingForm
-from passbook.policies.models import PolicyBinding, PolicyBindingModel
+from passbook.policies.models import PolicyBinding
-class PolicyBindingListView(LoginRequiredMixin, PermissionListMixin, ListView):
+class PolicyBindingListView(
    LoginRequiredMixin, PermissionListMixin, UserPaginateListMixin, ListView
 ):
    """Show list of all policies"""
    model = PolicyBinding
    permission_required = "passbook_policies.view_policybinding"
    paginate_by = 10
    ordering = ["order", "target"]
    template_name = "administration/policy_binding/list.html"
@ -29,18 +35,24 @@ class PolicyBindingListView(LoginRequiredMixin, PermissionListMixin, ListView):
        # Since `select_subclasses` does not work with a foreign key, we have to do two queries here
        # First, get all pbm objects that have bindings attached
        objects = (
-            PolicyBindingModel.objects.filter(policies__isnull=False)
+            get_objects_for_user(
                self.request.user, "passbook_policies.view_policybindingmodel"
            )
            .filter(policies__isnull=False)
            .select_subclasses()
            .select_related()
            .order_by("pk")
        )
        for pbm in objects:
-            pbm.bindings = PolicyBinding.objects.filter(target__pk=pbm.pbm_uuid)
+            pbm.bindings = get_objects_for_user(
                self.request.user, self.permission_required
            ).filter(target__pk=pbm.pbm_uuid)
        return objects
 class PolicyBindingCreateView(
    SuccessMessageMixin,
    BackSuccessUrlMixin,
    LoginRequiredMixin,
    DjangoPermissionRequiredMixin,
    CreateAssignPermView,
@ -57,7 +69,11 @@ class PolicyBindingCreateView(
 class PolicyBindingUpdateView(
-    SuccessMessageMixin, LoginRequiredMixin, PermissionRequiredMixin, UpdateView
+    SuccessMessageMixin,
    BackSuccessUrlMixin,
    LoginRequiredMixin,
    PermissionRequiredMixin,
    UpdateView,
 ):
    """Update policybinding"""
--- a/passbook/admin/views/property_mapping.py
+++ b/passbook/admin/views/property_mapping.py
@ -5,20 +5,22 @@ from django.contrib.auth.mixins import (
 )
 from django.contrib.messages.views import SuccessMessageMixin
 from django.urls import reverse_lazy
-from django.utils.translation import ugettext as _
+from django.utils.translation import gettext as _
 from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
 from passbook.admin.views.utils import (
    BackSuccessUrlMixin,
    DeleteMessageView,
    InheritanceCreateView,
    InheritanceListView,
    InheritanceUpdateView,
    UserPaginateListMixin,
 )
 from passbook.core.models import PropertyMapping
 class PropertyMappingListView(
-    LoginRequiredMixin, PermissionListMixin, InheritanceListView
+    LoginRequiredMixin, PermissionListMixin, UserPaginateListMixin, InheritanceListView
 ):
    """Show list of all property_mappings"""
@ -26,11 +28,11 @@ class PropertyMappingListView(
    permission_required = "passbook_core.view_propertymapping"
    template_name = "administration/property_mapping/list.html"
    ordering = "name"
    paginate_by = 40
 class PropertyMappingCreateView(
    SuccessMessageMixin,
    BackSuccessUrlMixin,
    LoginRequiredMixin,
    DjangoPermissionRequiredMixin,
    InheritanceCreateView,
@ -47,6 +49,7 @@ class PropertyMappingCreateView(
 class PropertyMappingUpdateView(
    SuccessMessageMixin,
    BackSuccessUrlMixin,
    LoginRequiredMixin,
    PermissionRequiredMixin,
    InheritanceUpdateView,
--- a/passbook/admin/views/providers.py
+++ b/passbook/admin/views/providers.py
@ -5,30 +5,34 @@ from django.contrib.auth.mixins import (
 )
 from django.contrib.messages.views import SuccessMessageMixin
 from django.urls import reverse_lazy
-from django.utils.translation import ugettext as _
+from django.utils.translation import gettext as _
 from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
 from passbook.admin.views.utils import (
    BackSuccessUrlMixin,
    DeleteMessageView,
    InheritanceCreateView,
    InheritanceListView,
    InheritanceUpdateView,
    UserPaginateListMixin,
 )
 from passbook.core.models import Provider
-class ProviderListView(LoginRequiredMixin, PermissionListMixin, InheritanceListView):
+class ProviderListView(
    LoginRequiredMixin, PermissionListMixin, UserPaginateListMixin, InheritanceListView
 ):
    """Show list of all providers"""
    model = Provider
    permission_required = "passbook_core.add_provider"
    template_name = "administration/provider/list.html"
    paginate_by = 10
    ordering = "id"
 class ProviderCreateView(
    SuccessMessageMixin,
    BackSuccessUrlMixin,
    LoginRequiredMixin,
    DjangoPermissionRequiredMixin,
    InheritanceCreateView,
@ -45,6 +49,7 @@ class ProviderCreateView(
 class ProviderUpdateView(
    SuccessMessageMixin,
    BackSuccessUrlMixin,
    LoginRequiredMixin,
    PermissionRequiredMixin,
    InheritanceUpdateView,
--- a/passbook/admin/views/sources.py
+++ b/passbook/admin/views/sources.py
@ -5,30 +5,34 @@ from django.contrib.auth.mixins import (
 )
 from django.contrib.messages.views import SuccessMessageMixin
 from django.urls import reverse_lazy
-from django.utils.translation import ugettext as _
+from django.utils.translation import gettext as _
 from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
 from passbook.admin.views.utils import (
    BackSuccessUrlMixin,
    DeleteMessageView,
    InheritanceCreateView,
    InheritanceListView,
    InheritanceUpdateView,
    UserPaginateListMixin,
 )
 from passbook.core.models import Source
-class SourceListView(LoginRequiredMixin, PermissionListMixin, InheritanceListView):
+class SourceListView(
    LoginRequiredMixin, PermissionListMixin, UserPaginateListMixin, InheritanceListView
 ):
    """Show list of all sources"""
    model = Source
    permission_required = "passbook_core.view_source"
    ordering = "name"
    paginate_by = 40
    template_name = "administration/source/list.html"
 class SourceCreateView(
    SuccessMessageMixin,
    BackSuccessUrlMixin,
    LoginRequiredMixin,
    DjangoPermissionRequiredMixin,
    InheritanceCreateView,
@ -45,6 +49,7 @@ class SourceCreateView(
 class SourceUpdateView(
    SuccessMessageMixin,
    BackSuccessUrlMixin,
    LoginRequiredMixin,
    PermissionRequiredMixin,
    InheritanceUpdateView,
--- a/passbook/admin/views/stages.py
+++ b/passbook/admin/views/stages.py
@ -5,30 +5,34 @@ from django.contrib.auth.mixins import (
 )
 from django.contrib.messages.views import SuccessMessageMixin
 from django.urls import reverse_lazy
-from django.utils.translation import ugettext as _
+from django.utils.translation import gettext as _
 from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
 from passbook.admin.views.utils import (
    BackSuccessUrlMixin,
    DeleteMessageView,
    InheritanceCreateView,
    InheritanceListView,
    InheritanceUpdateView,
    UserPaginateListMixin,
 )
 from passbook.flows.models import Stage
-class StageListView(LoginRequiredMixin, PermissionListMixin, InheritanceListView):
+class StageListView(
    LoginRequiredMixin, PermissionListMixin, UserPaginateListMixin, InheritanceListView
 ):
    """Show list of all stages"""
    model = Stage
    template_name = "administration/stage/list.html"
    permission_required = "passbook_flows.view_stage"
    ordering = "name"
    paginate_by = 40
 class StageCreateView(
    SuccessMessageMixin,
    BackSuccessUrlMixin,
    LoginRequiredMixin,
    DjangoPermissionRequiredMixin,
    InheritanceCreateView,
@ -45,6 +49,7 @@ class StageCreateView(
 class StageUpdateView(
    SuccessMessageMixin,
    BackSuccessUrlMixin,
    LoginRequiredMixin,
    PermissionRequiredMixin,
    InheritanceUpdateView,
--- a/passbook/admin/views/stages_bindings.py
+++ b/passbook/admin/views/stages_bindings.py
@ -5,28 +5,34 @@ from django.contrib.auth.mixins import (
 )
 from django.contrib.messages.views import SuccessMessageMixin
 from django.urls import reverse_lazy
-from django.utils.translation import ugettext as _
+from django.utils.translation import gettext as _
 from django.views.generic import ListView, UpdateView
 from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
-from passbook.admin.views.utils import DeleteMessageView
+from passbook.admin.views.utils import (
    BackSuccessUrlMixin,
    DeleteMessageView,
    UserPaginateListMixin,
 )
 from passbook.flows.forms import FlowStageBindingForm
 from passbook.flows.models import FlowStageBinding
 from passbook.lib.views import CreateAssignPermView
-class StageBindingListView(LoginRequiredMixin, PermissionListMixin, ListView):
+class StageBindingListView(
    LoginRequiredMixin, PermissionListMixin, UserPaginateListMixin, ListView
 ):
    """Show list of all flows"""
    model = FlowStageBinding
    permission_required = "passbook_flows.view_flowstagebinding"
    paginate_by = 10
    ordering = ["target", "order"]
    template_name = "administration/stage_binding/list.html"
 class StageBindingCreateView(
    SuccessMessageMixin,
    BackSuccessUrlMixin,
    LoginRequiredMixin,
    DjangoPermissionRequiredMixin,
    CreateAssignPermView,
@ -43,7 +49,11 @@ class StageBindingCreateView(
 class StageBindingUpdateView(
-    SuccessMessageMixin, LoginRequiredMixin, PermissionRequiredMixin, UpdateView
+    SuccessMessageMixin,
    BackSuccessUrlMixin,
    LoginRequiredMixin,
    PermissionRequiredMixin,
    UpdateView,
 ):
    """Update FlowStageBinding"""
--- a/passbook/admin/views/stages_invitations.py
+++ b/passbook/admin/views/stages_invitations.py
@ -6,29 +6,35 @@ from django.contrib.auth.mixins import (
 from django.contrib.messages.views import SuccessMessageMixin
 from django.http import HttpResponseRedirect
 from django.urls import reverse_lazy
-from django.utils.translation import ugettext as _
+from django.utils.translation import gettext as _
 from django.views.generic import ListView
 from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
-from passbook.admin.views.utils import DeleteMessageView
+from passbook.admin.views.utils import (
    BackSuccessUrlMixin,
    DeleteMessageView,
    UserPaginateListMixin,
 )
 from passbook.lib.views import CreateAssignPermView
 from passbook.stages.invitation.forms import InvitationForm
 from passbook.stages.invitation.models import Invitation
 from passbook.stages.invitation.signals import invitation_created
-class InvitationListView(LoginRequiredMixin, PermissionListMixin, ListView):
+class InvitationListView(
    LoginRequiredMixin, PermissionListMixin, UserPaginateListMixin, ListView
 ):
    """Show list of all invitations"""
    model = Invitation
    permission_required = "passbook_stages_invitation.view_invitation"
    template_name = "administration/stage_invitation/list.html"
    paginate_by = 10
    ordering = "-expires"
 class InvitationCreateView(
    SuccessMessageMixin,
    BackSuccessUrlMixin,
    LoginRequiredMixin,
    DjangoPermissionRequiredMixin,
    CreateAssignPermView,
--- a/passbook/admin/views/stages_prompts.py
+++ b/passbook/admin/views/stages_prompts.py
@ -5,28 +5,34 @@ from django.contrib.auth.mixins import (
 )
 from django.contrib.messages.views import SuccessMessageMixin
 from django.urls import reverse_lazy
-from django.utils.translation import ugettext as _
+from django.utils.translation import gettext as _
 from django.views.generic import ListView, UpdateView
 from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
-from passbook.admin.views.utils import DeleteMessageView
+from passbook.admin.views.utils import (
    BackSuccessUrlMixin,
    DeleteMessageView,
    UserPaginateListMixin,
 )
 from passbook.lib.views import CreateAssignPermView
 from passbook.stages.prompt.forms import PromptAdminForm
 from passbook.stages.prompt.models import Prompt
-class PromptListView(LoginRequiredMixin, PermissionListMixin, ListView):
+class PromptListView(
    LoginRequiredMixin, PermissionListMixin, UserPaginateListMixin, ListView
 ):
    """Show list of all prompts"""
    model = Prompt
    permission_required = "passbook_stages_prompt.view_prompt"
    ordering = "order"
    paginate_by = 40
    template_name = "administration/stage_prompt/list.html"
 class PromptCreateView(
    SuccessMessageMixin,
    BackSuccessUrlMixin,
    LoginRequiredMixin,
    DjangoPermissionRequiredMixin,
    CreateAssignPermView,
@ -43,7 +49,11 @@ class PromptCreateView(
 class PromptUpdateView(
-    SuccessMessageMixin, LoginRequiredMixin, PermissionRequiredMixin, UpdateView
+    SuccessMessageMixin,
    BackSuccessUrlMixin,
    LoginRequiredMixin,
    PermissionRequiredMixin,
    UpdateView,
 ):
    """Update prompt"""
--- a/passbook/admin/views/tokens.py
+++ b/passbook/admin/views/tokens.py
@ -1,21 +1,22 @@
 """passbook Token administration"""
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.urls import reverse_lazy
-from django.utils.translation import ugettext as _
+from django.utils.translation import gettext as _
 from django.views.generic import ListView
 from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
-from passbook.admin.views.utils import DeleteMessageView
+from passbook.admin.views.utils import DeleteMessageView, UserPaginateListMixin
 from passbook.core.models import Token
-class TokenListView(LoginRequiredMixin, PermissionListMixin, ListView):
+class TokenListView(
    LoginRequiredMixin, PermissionListMixin, UserPaginateListMixin, ListView
 ):
    """Show list of all tokens"""
    model = Token
    permission_required = "passbook_core.view_token"
    ordering = "expires"
    paginate_by = 40
    template_name = "administration/token/list.html"
--- a/passbook/admin/views/users.py
+++ b/passbook/admin/views/users.py
@ -9,7 +9,7 @@ from django.http import HttpRequest, HttpResponse
 from django.shortcuts import redirect
 from django.urls import reverse, reverse_lazy
 from django.utils.http import urlencode
-from django.utils.translation import ugettext as _
+from django.utils.translation import gettext as _
 from django.views.generic import DetailView, ListView, UpdateView
 from guardian.mixins import (
    PermissionListMixin,
@ -18,18 +18,23 @@ from guardian.mixins import (
 )
 from passbook.admin.forms.users import UserForm
-from passbook.admin.views.utils import DeleteMessageView
+from passbook.admin.views.utils import (
    BackSuccessUrlMixin,
    DeleteMessageView,
    UserPaginateListMixin,
 )
 from passbook.core.models import Token, User
 from passbook.lib.views import CreateAssignPermView
-class UserListView(LoginRequiredMixin, PermissionListMixin, ListView):
+class UserListView(
    LoginRequiredMixin, PermissionListMixin, UserPaginateListMixin, ListView
 ):
    """Show list of all users"""
    model = User
    permission_required = "passbook_core.view_user"
    ordering = "username"
    paginate_by = 40
    template_name = "administration/user/list.html"
    def get_queryset(self):
@ -38,6 +43,7 @@ class UserListView(LoginRequiredMixin, PermissionListMixin, ListView):
 class UserCreateView(
    SuccessMessageMixin,
    BackSuccessUrlMixin,
    LoginRequiredMixin,
    DjangoPermissionRequiredMixin,
    CreateAssignPermView,
@ -54,7 +60,11 @@ class UserCreateView(
 class UserUpdateView(
-    SuccessMessageMixin, LoginRequiredMixin, PermissionRequiredMixin, UpdateView
+    SuccessMessageMixin,
    BackSuccessUrlMixin,
    LoginRequiredMixin,
    PermissionRequiredMixin,
    UpdateView,
 ):
    """Update user"""
--- a/passbook/admin/views/utils.py
+++ b/passbook/admin/views/utils.py
@ -1,9 +1,12 @@
 """passbook admin util views"""
-from typing import Any, Dict
+from typing import Any, Dict, Optional
 from urllib.parse import urlparse
 from django.contrib import messages
 from django.contrib.messages.views import SuccessMessageMixin
 from django.db.models import QuerySet
 from django.http import Http404
 from django.http.request import HttpRequest
 from django.views.generic import DeleteView, ListView, UpdateView
 from passbook.lib.utils.reflection import all_subclasses
@ -40,7 +43,7 @@ class InheritanceCreateView(CreateAssignPermView):
            )
        except StopIteration as exc:
            raise Http404 from exc
-        return model.form(model)
+        return model().form
    def get_context_data(self, **kwargs: Any) -> Dict[str, Any]:
        kwargs = super().get_context_data(**kwargs)
@ -61,7 +64,7 @@ class InheritanceUpdateView(UpdateView):
        return kwargs
    def get_form_class(self):
-        return self.get_object().form()
+        return self.get_object().form
    def get_object(self, queryset=None):
        return (
@ -69,3 +72,31 @@ class InheritanceUpdateView(UpdateView):
            .select_subclasses()
            .first()
        )
 class BackSuccessUrlMixin:
    """Checks if a relative URL has been given as ?back param, and redirect to it. Otherwise
    default to self.success_url."""
    request: HttpRequest
    success_url: Optional[str]
    def get_success_url(self) -> str:
        """get_success_url from FormMixin"""
        back_param = self.request.GET.get("back")
        if back_param:
            if not bool(urlparse(back_param).netloc):
                return back_param
        return str(self.success_url)
 class UserPaginateListMixin:
    """Get paginate_by value from user's attributes, defaulting to 15"""
    request: HttpRequest
    # pylint: disable=unused-argument
    def get_paginate_by(self, queryset: QuerySet) -> int:
        """get_paginate_by Function of ListView"""
        return self.request.user.attributes.get("paginate_by", 15)
--- a/passbook/api/v2/urls.py
+++ b/passbook/api/v2/urls.py
@ -1,6 +1,5 @@
 """api v2 urls"""
-from django.conf.urls import url
+from django.urls import path, re_path
 from django.urls import path
 from drf_yasg import openapi
 from drf_yasg.views import get_schema_view
 from rest_framework import routers
@ -119,7 +118,7 @@ SchemaView = get_schema_view(
 )
 urlpatterns = [
-    url(
+    re_path(
        r"^swagger(?P<format>\.json|\.yaml)$",
        SchemaView.without_ui(cache_timeout=0),
        name="schema-json",
--- a/passbook/audit/middleware.py
+++ b/passbook/audit/middleware.py
@ -0,0 +1,85 @@
 """Audit middleware"""
 from functools import partial
 from typing import Callable
 from django.contrib.auth.models import User
 from django.db.models import Model
 from django.db.models.signals import post_save, pre_delete
 from django.http import HttpRequest, HttpResponse
 from passbook.audit.models import Event, EventAction, model_to_dict
 from passbook.audit.signals import EventNewThread
 from passbook.core.middleware import LOCAL
 class AuditMiddleware:
    """Register handlers for duration of request-response that log creation/update/deletion
    of models"""
    get_response: Callable[[HttpRequest], HttpResponse]
    def __init__(self, get_response: Callable[[HttpRequest], HttpResponse]):
        self.get_response = get_response
    def __call__(self, request: HttpRequest) -> HttpResponse:
        # Connect signal for automatic logging
        if hasattr(request, "user") and getattr(
            request.user, "is_authenticated", False
        ):
            post_save_handler = partial(
                self.post_save_handler, user=request.user, request=request
            )
            pre_delete_handler = partial(
                self.pre_delete_handler, user=request.user, request=request
            )
            post_save.connect(
                post_save_handler,
                dispatch_uid=LOCAL.passbook["request_id"],
                weak=False,
            )
            pre_delete.connect(
                pre_delete_handler,
                dispatch_uid=LOCAL.passbook["request_id"],
                weak=False,
            )
        response = self.get_response(request)
        post_save.disconnect(dispatch_uid=LOCAL.passbook["request_id"])
        pre_delete.disconnect(dispatch_uid=LOCAL.passbook["request_id"])
        return response
    # pylint: disable=unused-argument
    def process_exception(self, request: HttpRequest, exception: Exception):
        """Unregister handlers in case of exception"""
        post_save.disconnect(dispatch_uid=LOCAL.passbook["request_id"])
        pre_delete.disconnect(dispatch_uid=LOCAL.passbook["request_id"])
    @staticmethod
    # pylint: disable=unused-argument
    def post_save_handler(
        user: User, request: HttpRequest, sender, instance: Model, created: bool, **_
    ):
        """Signal handler for all object's post_save"""
        if isinstance(instance, Event):
            return
        action = EventAction.MODEL_CREATED if created else EventAction.MODEL_UPDATED
        EventNewThread(action, request, user=user, model=model_to_dict(instance)).run()
    @staticmethod
    # pylint: disable=unused-argument
    def pre_delete_handler(
        user: User, request: HttpRequest, sender, instance: Model, **_
    ):
        """Signal handler for all object's pre_delete"""
        if isinstance(instance, Event):
            return
        EventNewThread(
            EventAction.MODEL_DELETED,
            request,
            user=user,
            model=model_to_dict(instance),
        ).run()
--- a/passbook/audit/migrations/0002_auto_20200918_2116.py
+++ b/passbook/audit/migrations/0002_auto_20200918_2116.py
@ -0,0 +1,33 @@
 # Generated by Django 3.1.1 on 2020-09-18 21:16
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ("passbook_audit", "0001_initial"),
    ]
    operations = [
        migrations.AlterField(
            model_name="event",
            name="action",
            field=models.TextField(
                choices=[
                    ("LOGIN", "login"),
                    ("LOGIN_FAILED", "login_failed"),
                    ("LOGOUT", "logout"),
                    ("AUTHORIZE_APPLICATION", "authorize_application"),
                    ("SUSPICIOUS_REQUEST", "suspicious_request"),
                    ("SIGN_UP", "sign_up"),
                    ("PASSWORD_RESET", "password_reset"),
                    ("INVITE_CREATED", "invitation_created"),
                    ("INVITE_USED", "invitation_used"),
                    ("IMPERSONATION_STARTED", "impersonation_started"),
                    ("IMPERSONATION_ENDED", "impersonation_ended"),
                    ("CUSTOM", "custom"),
                ]
            ),
        ),
    ]
--- a/passbook/audit/migrations/0003_auto_20200917_1155.py
+++ b/passbook/audit/migrations/0003_auto_20200917_1155.py
@ -0,0 +1,59 @@
 # Generated by Django 3.1.1 on 2020-09-17 11:55
 from django.apps.registry import Apps
 from django.db import migrations, models
 from django.db.backends.base.schema import BaseDatabaseSchemaEditor
 import passbook.audit.models
 def convert_user_to_json(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
    Event = apps.get_model("passbook_audit", "Event")
    db_alias = schema_editor.connection.alias
    for event in Event.objects.all():
        event.delete()
        # Because event objects cannot be updated, we have to re-create them
        event.pk = None
        event.user_json = (
            passbook.audit.models.get_user(event.user) if event.user else {}
        )
        event._state.adding = True
        event.save()
 class Migration(migrations.Migration):
    dependencies = [
        ("passbook_audit", "0002_auto_20200918_2116"),
    ]
    operations = [
        migrations.AlterField(
            model_name="event",
            name="action",
            field=models.TextField(
                choices=[
                    ("LOGIN", "login"),
                    ("LOGIN_FAILED", "login_failed"),
                    ("LOGOUT", "logout"),
                    ("AUTHORIZE_APPLICATION", "authorize_application"),
                    ("SUSPICIOUS_REQUEST", "suspicious_request"),
                    ("SIGN_UP", "sign_up"),
                    ("PASSWORD_RESET", "password_reset"),
                    ("INVITE_CREATED", "invitation_created"),
                    ("INVITE_USED", "invitation_used"),
                    ("IMPERSONATION_STARTED", "impersonation_started"),
                    ("IMPERSONATION_ENDED", "impersonation_ended"),
                    ("CUSTOM", "custom"),
                ]
            ),
        ),
        migrations.AddField(
            model_name="event", name="user_json", field=models.JSONField(default=dict),
        ),
        migrations.RunPython(convert_user_to_json),
        migrations.RemoveField(model_name="event", name="user",),
        migrations.RenameField(
            model_name="event", old_name="user_json", new_name="user"
        ),
    ]
--- a/Show More
+++ b/Show More
`@ -1,2 +1,2 @@`
	`"""passbook"""`	`"""passbook"""`
	`__version__ = "0.10.0-rc5"`	`__version__ = "0.10.8-stable"`