new release: 0.8.8-beta

PatternFly v4

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.6.3-beta
+current_version = 0.8.8-beta
 tag = True
 commit = True
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-(?P<release>.*)
@@ -15,13 +15,11 @@ values =
 	beta
 	stable
 
-[bumpversion:file:helm/passbook/values.yaml]
+[bumpversion:file:helm/values.yaml]
 
-[bumpversion:file:helm/passbook/Chart.yaml]
+[bumpversion:file:helm/Chart.yaml]
 
-[bumpversion:file:.gitlab-ci.yml]
+[bumpversion:file:.github/workflows/release.yml]
 
 [bumpversion:file:passbook/__init__.py]
 
-[bumpversion:file:docker/nginx.conf]
-

.coveragerc

@@ -21,6 +21,7 @@ exclude_lines =
     def __str__
     def __repr__
     if self\.debug
+    if TYPE_CHECKING
 
     # Don't complain if tests don't hit defensive assertion code:
     raise AssertionError

.dockerignore

@@ -3,3 +3,4 @@ helm
 passbook-ui
 static
 *.env.yml
+node_modules/

.github/workflows/ci.yml

@@ -0,0 +1,217 @@
+name: passbook-ci
+on:
+  - push
+env:
+  POSTGRES_DB: passbook
+  POSTGRES_USER: passbook
+  POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77"
+
+jobs:
+  # Linting
+  pylint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions/setup-python@v1
+        with:
+          python-version: '3.8'
+      - uses: actions/cache@v1
+        with:
+          path: ~/.local/share/virtualenvs/
+          key: ${{ runner.os }}-pipenv-${{ hashFiles('Pipfile.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-pipenv-
+      - name: Install dependencies
+        run: pip install -U pip pipenv && pipenv install --dev
+      - name: Lint with pylint
+        run: pipenv run pylint passbook
+  black:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions/setup-python@v1
+        with:
+          python-version: '3.8'
+      - uses: actions/cache@v1
+        with:
+          path: ~/.local/share/virtualenvs/
+          key: ${{ runner.os }}-pipenv-${{ hashFiles('Pipfile.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-pipenv-
+      - name: Install dependencies
+        run: pip install -U pip pipenv && pipenv install --dev
+      - name: Lint with black
+        run: pipenv run black --check passbook
+  prospector:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions/setup-python@v1
+        with:
+          python-version: '3.8'
+      - uses: actions/cache@v1
+        with:
+          path: ~/.local/share/virtualenvs/
+          key: ${{ runner.os }}-pipenv-${{ hashFiles('Pipfile.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-pipenv-
+      - name: Install dependencies
+        run: pip install -U pip pipenv && pipenv install --dev && pipenv install --dev prospector --skip-lock
+      - name: Lint with prospector
+        run: pipenv run prospector
+  bandit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions/setup-python@v1
+        with:
+          python-version: '3.8'
+      - uses: actions/cache@v1
+        with:
+          path: ~/.local/share/virtualenvs/
+          key: ${{ runner.os }}-pipenv-${{ hashFiles('Pipfile.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-pipenv-
+      - name: Install dependencies
+        run: pip install -U pip pipenv && pipenv install --dev
+      - name: Lint with bandit
+        run: pipenv run bandit -r passbook
+  # Actual CI tests
+  migrations:
+    needs:
+      - pylint
+      - black
+      - prospector
+    services:
+      postgres:
+        image: postgres:latest
+        env:
+          POSTGRES_DB: passbook
+          POSTGRES_USER: passbook
+          POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77"
+        ports:
+          - 5432:5432
+      redis:
+        image: redis:latest
+        ports:
+          - 6379:6379
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions/setup-python@v1
+        with:
+          python-version: '3.8'
+      - uses: actions/cache@v1
+        with:
+          path: ~/.local/share/virtualenvs/
+          key: ${{ runner.os }}-pipenv-${{ hashFiles('Pipfile.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-pipenv-
+      - name: Install dependencies
+        run: pip install -U pip pipenv && pipenv install --dev
+      - name: Run migrations
+        run: pipenv run ./manage.py migrate
+  coverage:
+    needs:
+      - pylint
+      - black
+      - prospector
+    services:
+      postgres:
+        image: postgres:latest
+        env:
+          POSTGRES_DB: passbook
+          POSTGRES_USER: passbook
+          POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77"
+        ports:
+          - 5432:5432
+      redis:
+        image: redis:latest
+        ports:
+          - 6379:6379
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions/setup-python@v1
+        with:
+          python-version: '3.8'
+      - uses: actions/cache@v1
+        with:
+          path: ~/.local/share/virtualenvs/
+          key: ${{ runner.os }}-pipenv-${{ hashFiles('Pipfile.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-pipenv-
+      - name: Install dependencies
+        run: pip install -U pip pipenv && pipenv install --dev
+      - name: Run coverage
+        run: pipenv run ./scripts/coverage.sh
+  # Build
+  build-server:
+    needs:
+      - migrations
+      - coverage
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Docker Login Registry
+        env:
+          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+        run: docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
+      - name: Building Docker Image
+        run: docker build
+          --no-cache
+          -t beryju/passbook:${GITHUB_REF##*/}
+          -f Dockerfile .
+      - name: Push Docker Container to Registry
+        run: docker push beryju/passbook:${GITHUB_REF##*/}
+  build-gatekeeper:
+    needs:
+      - migrations
+      - coverage
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Docker Login Registry
+        env:
+          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+        run: docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
+      - name: Building Docker Image
+        run: |
+          cd gatekeeper
+          docker build \
+          --no-cache \
+          -t beryju/passbook-gatekeeper:${GITHUB_REF##*/} \
+          -f Dockerfile .
+      - name: Push Docker Container to Registry
+        run: docker push beryju/passbook-gatekeeper:${GITHUB_REF##*/}
+  build-static:
+    needs:
+      - migrations
+      - coverage
+    runs-on: ubuntu-latest
+    services:
+      postgres:
+        image: postgres:latest
+        env:
+          POSTGRES_DB: passbook
+          POSTGRES_USER: passbook
+          POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77"
+      redis:
+        image: redis:latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Docker Login Registry
+        env:
+          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+        run: docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
+      - name: Building Docker Image
+        run: docker build
+          --no-cache
+          --network=$(docker network ls | grep github | awk '{print $1}')
+          -t beryju/passbook-static:${GITHUB_REF##*/}
+          -f static.Dockerfile .
+      - name: Push Docker Container to Registry
+        run: docker push beryju/passbook-static:${GITHUB_REF##*/}

.github/workflows/release.yml

@@ -0,0 +1,89 @@
+name: passbook-release
+on:
+  release
+
+jobs:
+  # Build
+  build-server:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Docker Login Registry
+        env:
+          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+        run: docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
+      - name: Building Docker Image
+        run: docker build
+          --no-cache
+          -t beryju/passbook:0.8.8-beta
+          -t beryju/passbook:latest
+          -f Dockerfile .
+      - name: Push Docker Container to Registry (versioned)
+        run: docker push beryju/passbook:0.8.8-beta
+      - name: Push Docker Container to Registry (latest)
+        run: docker push beryju/passbook:latest
+  build-gatekeeper:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Docker Login Registry
+        env:
+          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+        run: docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
+      - name: Building Docker Image
+        run: |
+          cd gatekeeper
+          docker build \
+          --no-cache \
+          -t beryju/passbook-gatekeeper:0.8.8-beta \
+          -t beryju/passbook-gatekeeper:latest \
+          -f Dockerfile .
+      - name: Push Docker Container to Registry (versioned)
+        run: docker push beryju/passbook-gatekeeper:0.8.8-beta
+      - name: Push Docker Container to Registry (latest)
+        run: docker push beryju/passbook-gatekeeper:latest
+  build-static:
+    runs-on: ubuntu-latest
+    services:
+      postgres:
+        image: postgres:latest
+        env:
+          POSTGRES_DB: passbook
+          POSTGRES_USER: passbook
+          POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77"
+      redis:
+        image: redis:latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Docker Login Registry
+        env:
+          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+        run: docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
+      - name: Building Docker Image
+        run: docker build
+          --no-cache
+          --network=$(docker network ls | grep github | awk '{print $1}')
+          -t beryju/passbook-static:0.8.8-beta
+          -t beryju/passbook-static:latest
+          -f static.Dockerfile .
+      - name: Push Docker Container to Registry (versioned)
+        run: docker push beryju/passbook-static:0.8.8-beta
+      - name: Push Docker Container to Registry (latest)
+        run: docker push beryju/passbook-static:latest
+  test-release:
+    needs:
+      - build-server
+      - build-static
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Run test suite in final docker images
+        run: |
+          export PASSBOOK_DOMAIN=localhost
+          docker-compose pull
+          docker-compose up --no-start
+          docker-compose start postgresql redis
+          docker-compose run -u root server bash -c "pip install --no-cache -r requirements-dev.txt && ./manage.py test"

.github/workflows/tag.yml

@@ -0,0 +1,60 @@
+on:
+  push:
+    tags:
+    - 'version/*'
+
+name: passbook-version-tag
+
+jobs:
+  build:
+    name: Create Release from Tag
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: Pre-release test
+        run: |
+          export PASSBOOK_DOMAIN=localhost
+          docker-compose pull
+          docker build \
+            --no-cache \
+            -t beryju/passbook:latest \
+            -f Dockerfile .
+          docker-compose up --no-start
+          docker-compose start postgresql redis
+          docker-compose run -u root server bash -c "pip install --no-cache -r requirements-dev.txt && ./manage.py test"
+      - name: Install Helm
+        run: |
+          apt update && apt install -y curl
+          curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
+      - name: Helm package
+        run: |
+          helm dependency update helm/
+          helm package helm/
+          mv passbook-*.tgz passbook-chart.tgz
+      - name: Extract verison number
+        id: get_version
+        uses: actions/github-script@0.2.0
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            return context.payload.ref.replace(/\/refs\/tags\/version\//, '');
+      - name: Create Release
+        id: create_release
+        uses: actions/create-release@v1.0.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ github.ref }}
+          release_name: Release ${{ steps.get_version.outputs.result }}
+          draft: false
+          prerelease: false
+      - name: Upload packaged Helm Chart
+        id: upload-release-asset
+        uses: actions/upload-release-asset@v1.0.1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./passbook-chart.tgz
+          asset_name: passbook-chart.tgz
+          asset_content_type: application/gzip

.gitignore

@@ -63,6 +63,7 @@ coverage.xml
 *.cover
 .hypothesis/
 .pytest_cache/
+unittest.xml
 
 # Translations
 *.mo
@@ -184,7 +185,6 @@ dmypy.json
 [Ii]nclude
 [Ll]ib64
 [Ll]ocal
-[Ss]cripts
 pyvenv.cfg
 pip-selfcheck.json
 
@@ -192,3 +192,7 @@ pip-selfcheck.json
 /static/
 local.env.yml
 .vscode/
+
+### Helm ###
+# Chart dependencies
+**/charts/*.tgz

.gitlab-ci.yml

@@ -1,135 +0,0 @@
-# Global Variables
-stages:
-  - build-base-image
-  - build-dev-image
-  - test
-  - build
-  - package
-image: docker.beryju.org/passbook/dev:latest
-
-variables:
-  POSTGRES_DB: passbook
-  POSTGRES_USER: passbook
-  POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77"
-
-before_script:
-  - pip install pipenv
-  # Ensure all dependencies are installed, even those not included in passbook/dev
-  # According to pipenv docs, -d outputs all packages, however it actually does not
-  - pipenv lock -r > requirements-all.txt
-  - pipenv lock -rd >> requirements-all.txt
-  - pip install -r requirements-all.txt
-
-create-base-image:
-  image:
-    name: gcr.io/kaniko-project/executor:debug
-    entrypoint: [""]
-  before_script:
-    - echo "{\"auths\":{\"docker.beryju.org\":{\"auth\":\"$DOCKER_AUTH\"}}}" > /kaniko/.docker/config.json
-  script:
-    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/base.Dockerfile --destination docker.beryju.org/passbook/base:latest --destination docker.beryju.org/passbook/base:0.6.3-beta
-  stage: build-base-image
-  only:
-    refs:
-      - tags
-      - /^version/.*$/
-
-build-dev-image:
-  image:
-    name: gcr.io/kaniko-project/executor:debug
-    entrypoint: [""]
-  before_script:
-    - echo "{\"auths\":{\"docker.beryju.org\":{\"auth\":\"$DOCKER_AUTH\"}}}" > /kaniko/.docker/config.json
-  script:
-    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/dev.Dockerfile --destination docker.beryju.org/passbook/dev:latest --destination docker.beryju.org/passbook/dev:0.6.3-beta
-  stage: build-dev-image
-  only:
-    refs:
-      - tags
-      - /^version/.*$/
-
-
-isort:
-  script:
-    - isort -c -sg env
-  stage: test
-  services:
-  - postgres:latest
-  - redis:latest
-migrations:
-  script:
-    - python manage.py migrate
-  stage: test
-  services:
-  - postgres:latest
-  - redis:latest
-# prospector:
-#   script:
-#     - prospector
-#   stage: test
-#   services:
-#   - postgres:latest
-#   - redis:latest
-# pylint:
-#   script:
-#     - pylint passbook
-#   stage: test
-#   services:
-#   - postgres:latest
-#   - redis:latest
-coverage:
-  script:
-    - coverage run manage.py test
-    - coverage report
-    - coverage html
-  stage: test
-  services:
-  - postgres:latest
-  - redis:latest
-
-build-passbook-server:
-  stage: build
-  image:
-    name: gcr.io/kaniko-project/executor:debug
-    entrypoint: [""]
-  before_script:
-    - echo "{\"auths\":{\"docker.beryju.org\":{\"auth\":\"$DOCKER_AUTH\"}}}" > /kaniko/.docker/config.json
-  script:
-    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination docker.beryju.org/passbook/server:latest --destination docker.beryju.org/passbook/server:0.6.3-beta
-  only:
-    - tags
-    - /^version/.*$/
-build-passbook-static:
-  stage: build
-  image:
-    name: gcr.io/kaniko-project/executor:debug
-    entrypoint: [""]
-  before_script:
-    - echo "{\"auths\":{\"docker.beryju.org\":{\"auth\":\"$DOCKER_AUTH\"}}}" > /kaniko/.docker/config.json
-  script:
-    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/static.Dockerfile --destination docker.beryju.org/passbook/static:latest --destination docker.beryju.org/passbook/static:0.6.3-beta
-  only:
-    - tags
-    - /^version/.*$/
-  # running collectstatic fully initialises django, hence we need that databases
-  services:
-    - postgres:latest
-    - redis:latest
-
-package-helm:
-  image: debian:stretch-slim
-  stage: package
-  before_script:
-    - apt update && apt install -y curl
-    - curl https://raw.githubusercontent.com/helm/helm/master/scripts/get | bash
-  script:
-    - helm init --client-only
-    - helm dependency update helm/passbook
-    - helm package helm/passbook
-  artifacts:
-    paths:
-      - passbook-*.tgz
-    expire_in: 1 week
-  only:
-    - tags
-    - /^version/.*$/

.pylintrc

@@ -1,6 +1,6 @@
 [MASTER]
 
-disable=redefined-outer-name,arguments-differ,no-self-use,cyclic-import,fixme,locally-disabled,unpacking-non-sequence,too-many-ancestors,too-many-branches,too-few-public-methods
+disable=redefined-outer-name,arguments-differ,no-self-use,cyclic-import,fixme,locally-disabled,unpacking-non-sequence,too-many-ancestors,too-many-branches,too-few-public-methods,import-outside-toplevel,bad-continuation
 load-plugins=pylint_django,pylint.extensions.bad_builtin
 extension-pkg-whitelist=lxml
 const-rgx=[a-zA-Z0-9_]{1,40}$

Dockerfile

@@ -1,9 +1,30 @@
-FROM docker.beryju.org/passbook/base:latest
+FROM python:3.8-slim-buster as locker
+
+COPY ./Pipfile /app/
+COPY ./Pipfile.lock /app/
+
+WORKDIR /app/
+
+RUN pip install pipenv && \
+    pipenv lock -r > requirements.txt && \
+    pipenv lock -rd > requirements-dev.txt
+
+FROM python:3.8-slim-buster
+
+COPY --from=locker /app/requirements.txt /app/
+COPY --from=locker /app/requirements-dev.txt /app/
+
+WORKDIR /app/
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends postgresql-client-11 && \
+    rm -rf /var/lib/apt/ && \
+    pip install -r requirements.txt  --no-cache-dir && \
+    adduser --system --no-create-home --uid 1000 --group --home /app passbook
 
 COPY ./passbook/ /app/passbook
 COPY ./manage.py /app/
 COPY ./docker/uwsgi.ini /app/
-RUN chown -R passbook: /app
 
 WORKDIR /app/
 

Pipfile

@@ -4,51 +4,58 @@ url = "https://pypi.org/simple"
 verify_ssl = true
 
 [packages]
+boto3 = "*"
 celery = "*"
-cherrypy = "*"
 defusedxml = "*"
 django = "*"
-kombu = "==4.5.0"
 django-cors-middleware = "*"
-django-filters = "*"
-django-ipware = "*"
+django-dbbackup = "*"
+django-filter = "*"
+django-guardian = "*"
 django-model-utils = "*"
 django-oauth-toolkit = "*"
 django-oidc-provider = "*"
 django-otp = "*"
+django-prometheus = "*"
 django-recaptcha = "*"
 django-redis = "*"
 django-rest-framework = "*"
+django-storages = "*"
+djangorestframework-guardian = "*"
 drf-yasg = "*"
+kombu = "*"
 ldap3 = "*"
 lxml = "*"
-markdown = "*"
 oauthlib = "*"
 packaging = "*"
 psycopg2-binary = "*"
 pycryptodome = "*"
+pyuwsgi = "*"
 pyyaml = "*"
 qrcode = "*"
 requests-oauthlib = "*"
 sentry-sdk = "*"
 service_identity = "*"
 signxml = "*"
-urllib3 = {extras = ["secure"],version = "*"}
 structlog = "*"
+swagger-spec-validator = "*"
+urllib3 = {extras = ["secure"],version = "*"}
+jinja2 = "*"
 
 [requires]
-python_version = "3.7"
+python_version = "3.8"
 
 [dev-packages]
-astroid = "==2.2.5"
-coverage = "*"
-isort = "*"
-pylint = "==2.3.1"
-pylint-django = "==2.0.10"
-prospector = "==1.1.7"
-django-debug-toolbar = "*"
-bumpversion = "*"
-unittest-xml-reporting = "*"
 autopep8 = "*"
 bandit = "*"
+bumpversion = "*"
 colorama = "*"
+coverage = "*"
+django-debug-toolbar = "*"
+pylint = "*"
+pylint-django = "*"
+unittest-xml-reporting = "*"
+black = "*"
+
+[pipenv]
+allow_prereleases = true

README.md

@@ -1,9 +1,13 @@
 # passbook
 
+![](https://github.com/BeryJu/passbook/workflows/passbook-ci/badge.svg)
+
 ## Quick instance
 
 ```
 export PASSBOOK_DOMAIN=domain.tld
+# Optionally enable Error-reporting
+# export PASSBOOK_ERROR_REPORTING=true
 docker-compose pull
 docker-compose up -d
 docker-compose exec server ./manage.py migrate

base.Dockerfile

@@ -1,19 +0,0 @@
-FROM python:3.7-slim-stretch
-
-COPY ./Pipfile /app/
-COPY ./Pipfile.lock /app/
-
-WORKDIR /app/
-
-RUN apt-get update && \
-    apt-get install -y --no-install-recommends build-essential && \
-    pip install pipenv uwsgi --no-cache-dir && \
-    apt-get remove -y --purge build-essential && \
-    apt-get autoremove -y --purge && \
-    rm -rf /var/lib/apt/lists/*
-
-RUN pipenv lock -r > requirements.txt && \
-    pipenv --rm && \
-    pip install -r requirements.txt  --no-cache-dir && \
-    adduser --system --no-create-home passbook && \
-    chown -R passbook /app

dev.Dockerfile

@@ -1,5 +0,0 @@
-FROM docker.beryju.org/passbook/base:latest
-
-RUN pipenv lock --dev -r > requirements-dev.txt && \
-    pipenv --rm && \
-    pip install -r /app/requirements-dev.txt  --no-cache-dir

docker-compose.yml

@@ -21,15 +21,14 @@ services:
     labels:
       - traefik.enable=false
   server:
-    build:
-      context: .
-    image: docker.beryju.org/passbook/server:${SERVER_TAG:-latest}
+    image: beryju/passbook:${SERVER_TAG:-latest}
     command:
       - uwsgi
       - uwsgi.ini
     environment:
       - PASSBOOK_DOMAIN=${PASSBOOK_DOMAIN}
       - PASSBOOK_REDIS__HOST=redis
+      - PASSBOOK_ERROR_REPORTING=${PASSBOOK_ERROR_REPORTING:-false}
       - PASSBOOK_POSTGRESQL__HOST=postgresql
       - PASSBOOK_POSTGRESQL__PASSWORD=${PG_PASS:-thisisnotagoodpassword}
     ports:
@@ -41,7 +40,7 @@ services:
       - traefik.docker.network=internal
       - traefik.frontend.rule=PathPrefix:/
   worker:
-    image: docker.beryju.org/passbook/server:${SERVER_TAG:-latest}
+    image: beryju/passbook:${SERVER_TAG:-latest}
     command:
       - celery
       - worker
@@ -49,6 +48,7 @@ services:
       - -E
       - -B
       - -A=passbook.root.celery
+      - -s=/tmp/celerybeat-schedule
     networks:
       - internal
     labels:
@@ -56,18 +56,16 @@ services:
     environment:
       - PASSBOOK_DOMAIN=${PASSBOOK_DOMAIN}
       - PASSBOOK_REDIS__HOST=redis
+      - PASSBOOK_ERROR_REPORTING=${PASSBOOK_ERROR_REPORTING:-false}
       - PASSBOOK_POSTGRESQL__HOST=postgresql
       - PASSBOOK_POSTGRESQL__PASSWORD=${PG_PASS:-thisisnotagoodpassword}
   static:
-    build:
-      context: .
-      dockerfile: static.Dockerfile
-    image: docker.beryju.org/passbook/static:latest
+    image: beryju/passbook-static:latest
     networks:
       - internal
     labels:
       - traefik.frontend.rule=PathPrefix:/static, /robots.txt
-      - traefik.port=80
+      - traefik.port=8080
       - traefik.docker.network=internal
   traefik:
     image: traefik:1.7

docker/nginx.conf

@@ -1,66 +0,0 @@
-user  nginx;
-worker_processes  1;
-
-error_log  stderr warn;
-pid        /var/run/nginx.pid;
-
-events {
-    worker_connections  1024;
-}
-
-http {
-    include       /etc/nginx/mime.types;
-    default_type  application/octet-stream;
-
-    log_format json_combined escape=json
-        '{'
-            '"time_local":"$time_local",'
-            '"remote_addr":"$remote_addr",'
-            '"remote_user":"$remote_user",'
-            '"request":"$request",'
-            '"status": "$status",'
-            '"body_bytes_sent":"$body_bytes_sent",'
-            '"request_time":"$request_time",'
-            '"http_referrer":"$http_referer",'
-            '"http_user_agent":"$http_user_agent"'
-        '}';
-
-    access_log /dev/stdout json_combined;
-
-    sendfile        on;
-    tcp_nopush     on;
-
-    keepalive_timeout  65;
-
-    server {
-
-        server_name _;
-
-        gzip on;
-        gzip_types application/javascript image/* text/css;
-        gunzip on;
-        add_header X-passbook-Version 0.6.3-beta;
-        add_header Vary X-passbook-Version;
-        root /data/;
-
-        location /_/healthz {
-            return 204;
-        }
-        location ~* \.(jpg|jpeg|png|gif|ico)$ {
-            expires 30d;
-        }
-        location ~* \.(css|js)$ {
-            expires 7d;
-        }
-
-    }
-
-    server {
-
-        listen 8080;
-
-        location = /stub_status {
-            stub_status;
-        }
-    }
-}

docker/uwsgi.ini

@@ -1,6 +1,5 @@
 [uwsgi]
 http = 0.0.0.0:8000
-chdir = /app
 wsgi-file = passbook/root/wsgi.py
 processes = 2
 master = true
@@ -8,3 +7,4 @@ threads = 2
 enable-threads = true
 uid = passbook
 gid = passbook
+disable-logging = True

docs/Dockerfile

@@ -0,0 +1,14 @@
+FROM python:3.8-slim-buster as builder
+
+WORKDIR /mkdocs
+
+RUN pip install mkdocs mkdocs-material
+
+COPY docs/ docs
+COPY mkdocs.yml .
+
+RUN mkdocs build
+
+FROM nginx
+
+COPY --from=builder /mkdocs/site /usr/share/nginx/html

docs/factors.md

@@ -0,0 +1,23 @@
+# Factors
+
+A factor represents a single authenticating factor for a user. Common examples of this would be a password or an OTP. These factors can be combined in any order, and can be dynamically enabled using policies.
+
+## Password Factor
+
+This is the standard Password Factor. It allows you to select which Backend the password is checked with. here you can also specify which Policies are used to check the password. You can also specify which Factors a User has to pass to recover their account.
+
+## Dummy Factor
+
+This factor waits a random amount of time. Mostly used for debugging.
+
+## E-Mail Factor
+
+This factor is mostly for recovery, and used in conjunction with the Password Factor.
+
+## OTP Factor
+
+This is your typical One-Time Password implementation, compatible with Authy and Google Authenticator. You can enfore this Factor so that every user has to configure it, or leave it optional.
+
+## Captcha Factor
+
+While this factor doesn't really authenticate a user, it is part of the Authentication Flow. passbook uses Google's reCaptcha implementation.

docs/index.md

@@ -0,0 +1,31 @@
+# Welcome
+
+Welcome to the passbook Documentation. passbook is an open-source Identity Provider and Usermanagement software. It can be used as a central directory for users or customers and it can integrate with your existing Directory.
+
+passbook can also be used as part of an Application to facilitate User Enrollment, Password recovery and Social Login.
+
+passbook uses the following Terminology:
+
+### Policy
+
+A Policy is at a base level a yes/no gate. It will either evaluate to True or False depending on the Policy Kind and settings. For example, a "Group Membership Policy" evaluates to True if the User is member of the specified Group and False if not. This can be used to conditionally apply Factors and grant/deny access.
+
+### Provider
+
+A Provider is a way for other Applications to authenticate against passbook. Common Providers are OpenID Connect (OIDC) and SAML.
+
+### Source
+
+Sources are ways to get users into passbook. This might be an LDAP Connection to import Users from Active Directory, or an OAuth2 Connection to allow Social Logins.
+
+### Application
+
+An application links together Policies with a Provider, allowing you to control access. It also holds Information like UI Name, Icon and more.
+
+### Factors
+
+Factors represent Authentication Factors, like a Password or OTP. These Factors can be dynamically enabled using policies. This allows you to, for example, force users from a certain IP ranges to complete a Captcha to authenticate.
+
+### Property Mappings
+
+Property Mappings allow you to make Information available for external Applications. For example, if you want to login to AWS with passbook, you'd use Property Mappings to set the User's Roles based on their Groups.

docs/installation/docker-compose.md

@@ -0,0 +1,26 @@
+# docker-compose
+
+This installation Method is for test-setups and small-scale productive setups.
+
+## Prerequisites
+
+-   docker
+-   docker-compose
+
+## Install
+
+Download the latest `docker-compose.yml` from [here](https://raw.githubusercontent.com/BeryJu/passbook/master/docker-compose.yml). Place it in a directory of your choice.
+
+passbook needs to know it's primary URL to create links in E-Mails and set cookies, so you have to run the following command:
+
+```
+export PASSBOOK_DOMAIN=domain.tld # this can be any domain or IP, it just needs to point to passbook.
+```
+
+The compose file references the current latest version, which can be overridden with the `SERVER_TAG` Environment variable.
+
+If you plan to use this setup for production, it is also advised to change the PostgreSQL Password by setting `PG_PASS` to a password of your choice.
+
+Now you can pull the Docker images needed by running `docker-compose pull`. After this has finished, run `docker-compose up -d` to start passbook.
+
+passbook will then be reachable on Port 80. You can optionally configure the packaged traefik to use Let's Encrypt for TLS Encryption.

docs/installation/install.md

@@ -0,0 +1,6 @@
+# Installation
+
+There are two supported ways to install passbook:
+
+-   [docker-compose](docker-compose.md) for test- or small productive setups
+-   [Kubernetes](./kubernetes.md) for larger Productive setups

docs/installation/kubernetes.md

@@ -0,0 +1,3 @@
+# Kubernetes
+
+For a mid to high-load Installation, Kubernetes is recommended. passbook is installed using a helm-chart.

docs/integrations/services/aws/index.md

@@ -0,0 +1,32 @@
+# Amazon Web Services Integration
+
+## What is AWS
+
+!!! note ""
+    Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform, offering over 175 fully featured services from data centers globally. Millions of customers—including the fastest-growing startups, largest enterprises, and leading government agencies—are using AWS to lower costs, become more agile, and innovate faster.
+
+## Preparation
+
+The following placeholders will be used:
+
+-   `passbook.company` is the FQDN of the passbook Install
+
+Create an application in passbook and note the slug, as this will be used later. Create a SAML Provider with the following Parameters:
+
+-   ACS URL: `https://signin.aws.amazon.com/saml`
+-   Audience: `urn:amazon:webservices`
+-   Issuer: `passbook`
+
+You can of course use a custom Signing Certificate, and adjust durations.
+
+## AWS
+
+Create a Role with the Permissions you desire, and note the ARN.
+
+AWS requires two custom PropertyMappings; `Role` and `RoleSessionName`. Create them as following:
+
+![](./property-mapping-role.png)
+
+![](./property-mapping-role-session-name.png)
+
+Afterwards export the Metadata from passbook, and create an Identity Provider [here](https://console.aws.amazon.com/iam/home#/providers).

docs/integrations/services/gitlab/index.md

@@ -0,0 +1,58 @@
+# GitLab Integration
+
+## What is GitLab
+
+From https://about.gitlab.com/what-is-gitlab/
+
+!!! note ""
+    GitLab is a complete DevOps platform, delivered as a single application. This makes GitLab unique and makes Concurrent DevOps possible, unlocking your organization from the constraints of a pieced together toolchain. Join us for a live Q&A to learn how GitLab can give you unmatched visibility and higher levels of efficiency in a single application across the DevOps lifecycle.
+
+## Preparation
+
+The following placeholders will be used:
+
+-   `gitlab.company` is the FQDN of the GitLab Install
+-   `passbook.company` is the FQDN of the passbook Install
+
+Create an application in passbook and note the slug, as this will be used later. Create a SAML Provider with the following Parameters:
+
+-   ACS URL: `https://gitlab.company/users/auth/saml/callback`
+-   Audience: `https://gitlab.company`
+-   Issuer: `https://gitlab.company`
+
+You can of course use a custom Signing Certificate, and adjust durations. To get the value for `idp_cert_fingerprint`, you can use a tool like [this](https://www.samltool.com/fingerprint.php).
+
+## GitLab Configuration
+
+Paste the following block in your `gitlab.rb` file, after replacing the placeholder values from above. The file is located in `/etc/gitlab`.
+
+```ruby
+gitlab_rails['omniauth_enabled'] = true
+gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
+gitlab_rails['omniauth_sync_email_from_provider'] = 'saml'
+gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']
+gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
+gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
+gitlab_rails['omniauth_block_auto_created_users'] = false
+gitlab_rails['omniauth_auto_link_saml_user'] = true
+gitlab_rails['omniauth_providers'] = [
+  {
+    name: 'saml',
+    args: {
+      assertion_consumer_service_url: 'https://gitlab.company/users/auth/saml/callback',
+      idp_cert_fingerprint: '4E:1E:CD:67:4A:67:5A:E9:6A:D0:3C:E6:DD:7A:F2:44:2E:76:00:6A',
+      idp_sso_target_url: 'https://passbook.company/application/saml/<passbook application slug>/login/',
+      issuer: 'https://gitlab.company',
+      name_identifier_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
+      attribute_statements: {
+        email: ['urn:oid:1.3.6.1.4.1.5923.1.1.1.6'],
+        first_name: ['urn:oid:2.5.4.3'],
+        nickname: ['urn:oid:2.16.840.1.113730.3.1.241']
+      }
+    },
+    label: 'passbook'
+  }
+]
+```
+
+Afterwards, either run `gitlab-ctl reconfigure` if you're running GitLab Omnibus, or restart the container if you're using the container.

docs/integrations/services/harbor/index.md

@@ -0,0 +1,27 @@
+# Harbor Integration
+
+## What is Harbor
+
+From https://goharbor.io
+
+!!! note ""
+    Harbor is an open source container image registry that secures images with role-based access control, scans images for vulnerabilities, and signs images as trusted. A CNCF Incubating project, Harbor delivers compliance, performance, and interoperability to help you consistently and securely manage images across cloud native compute platforms like Kubernetes and Docker.
+
+## Preparation
+
+The following placeholders will be used:
+
+-   `harbor.company` is the FQDN of the Harbor Install
+-   `passbook.company` is the FQDN of the passbook Install
+
+Create an application in passbook. Create an OpenID Provider with the following Parameters:
+
+-   Client Type: `Confidential`
+-   Response types: `code (Authorization Code Flow)`
+-   JWT Algorithm: `RS256`
+-   Redirect URIs: `https://harbor.company/c/oidc/callback`
+-   Scopes: `openid`
+
+## Harbor
+
+![](./harbor.png)

docs/integrations/services/rancher/index.md

@@ -0,0 +1,28 @@
+# Rancher Integration
+
+## What is Rancher
+
+From https://rancher.com/products/rancher
+
+!!! note ""
+    An Enterprise Platform for Managing Kubernetes Everywhere
+    Rancher is a platform built to address the needs of the DevOps teams deploying applications with Kubernetes, and the IT staff responsible for delivering an enterprise-critical service.
+
+## Preparation
+
+The following placeholders will be used:
+
+-   `rancher.company` is the FQDN of the Rancher Install
+-   `passbook.company` is the FQDN of the passbook Install
+
+Create an application in passbook and note the slug, as this will be used later. Create a SAML Provider with the following Parameters:
+
+-   ACS URL: `https://rancher.company/v1-saml/adfs/saml/acs`
+-   Audience: `https://rancher.company/v1-saml/adfs/saml/metadata`
+-   Issuer: `passbook`
+
+You can of course use a custom Signing Certificate, and adjust durations.
+
+## Rancher
+
+![](./rancher.png)

docs/integrations/services/sentry/index.md

@@ -0,0 +1,41 @@
+# Sentry Integration
+
+## What is Sentry
+
+From https://sentry.io
+
+!!! note ""
+    Sentry provides self-hosted and cloud-based error monitoring that helps all software
+    teams discover, triage, and prioritize errors in real-time.
+
+    One million developers at over fifty thousand companies already ship
+    better software faster with Sentry. Won’t you join them?
+
+## Preparation
+
+The following placeholders will be used:
+
+-   `sentry.company` is the FQDN of the Sentry Install
+-   `passbook.company` is the FQDN of the passbook Install
+
+Create an application in passbook. Create an OpenID Provider with the following Parameters:
+
+-   Client Type: `Confidential`
+-   Response types: `code (Authorization Code Flow)`
+-   JWT Algorithm: `RS256`
+-   Redirect URIs: `https://sentry.company/auth/sso/`
+-   Scopes: `openid email`
+
+## Sentry
+
+**This guide assumes you've installed Sentry using [getsentry/onpremise](https://github.com/getsentry/onpremise)**
+
+- Add `sentry-auth-oidc` to `onpremise/sentry/requirements.txt` (Create the file if it doesn't exist yet)
+- Add the following block to your `onpremise/sentry/sentry.conf.py`:
+```
+OIDC_ISSUER = "passbook"
+OIDC_CLIENT_ID = "<Client ID from passbook>"
+OIDC_CLIENT_SECRET = "<Client Secret from passbook>"
+OIDC_SCOPE = "openid email"
+OIDC_DOMAIN = "https://passbook.company/application/oidc/"
+```

docs/integrations/services/tower-awx/index.md

@@ -0,0 +1,74 @@
+# Ansible Tower / AWX Integration
+
+## What is Tower
+
+From https://docs.ansible.com/ansible/2.5/reference_appendices/tower.html
+
+!!! note ""
+    Ansible Tower (formerly ‘AWX’) is a web-based solution that makes Ansible even more easy to use for IT teams of all kinds. It’s designed to be the hub for all of your automation tasks.
+
+    Tower allows you to control access to who can access what, even allowing sharing of SSH credentials without someone being able to transfer those credentials. Inventory can be graphically managed or synced with a wide variety of cloud sources. It logs all of your jobs, integrates well with LDAP, and has an amazing browsable REST API. Command line tools are available for easy integration with Jenkins as well. Provisioning callbacks provide great support for autoscaling topologies.
+
+!!! note
+    AWX is the Open-Source version of Tower, and AWX will be used interchangeably throughout this document.
+
+## Preparation
+
+The following placeholders will be used:
+
+-   `awx.company` is the FQDN of the AWX/Tower Install
+-   `passbook.company` is the FQDN of the passbook Install
+
+Create an application in passbook and note the slug, as this will be used later. Create a SAML Provider with the following Parameters:
+
+-   ACS URL: `https://awx.company/sso/complete/saml/`
+-   Audience: `awx`
+-   Issuer: `https://awx.company/sso/metadata/saml/`
+
+You can of course use a custom Signing Certificate, and adjust durations.
+
+## AWX Configuration
+
+Navigate to `https://awx.company/#/settings/auth` to configure SAML. Set the Field `SAML SERVICE PROVIDER ENTITY ID` to `awx`.
+
+For the fields `SAML SERVICE PROVIDER PUBLIC CERTIFICATE` and `SAML SERVICE PROVIDER PRIVATE KEY`, you can either use custom Certificates, or use the self-signed Pair generated by Passbook.
+
+Provide Metadata in the `SAML Service Provider Organization Info` Field:
+
+```json
+{
+ "en-US": {
+  "name": "passbook",
+  "url": "https://passbook.company",
+  "displayname": "passbook"
+ }
+}
+```
+
+Provide Metadata in the  `SAML Service Provider Technical Contact` and `SAML Service Provider Technical Contact` Fields:
+
+```json
+{
+ "givenName": "Admin Name",
+ "emailAddress": "admin@company"
+}
+```
+
+In the `SAML Enabled Identity Providers` paste the following configuration:
+
+```json
+{
+ "passbook": {
+  "attr_username": "urn:oid:2.16.840.1.113730.3.1.241",
+  "attr_user_permanent_id": "urn:oid:0.9.2342.19200300.100.1.1",
+  "x509cert": "MIIDEjCCAfqgAwIBAgIRAJZ9pOZ1g0xjiHtQAAejsMEwDQYJKoZIhvcNAQELBQAwMDEuMCwGA1UEAwwlcGFzc2Jvb2sgU2VsZi1zaWduZWQgU0FNTCBDZXJ0aWZpY2F0ZTAeFw0xOTEyMjYyMDEwNDFaFw0yMDEyMjYyMDEwNDFaMFkxLjAsBgNVBAMMJXBhc3Nib29rIFNlbGYtc2lnbmVkIFNBTUwgQ2VydGlmaWNhdGUxETAPBgNVBAoMCHBhc3Nib29rMRQwEgYDVQQLDAtTZWxmLXNpZ25lZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO/ktBYZkY9xAijF4acvzX6Q1K8KoIZeyde8fVgcWBz4L5FgDQ4/dni4k2YAcPdwteGL4nKVzetUzjbRCBUNuO6lqU4J4WNNX4Xg4Ir7XLRoAQeo+omTPBdpJ1p02HjtN5jT01umN3bK2yto1e37CJhK6WJiaXqRewPxh4lI4aqdj3BhFkJ3I3r2qxaWOAXQ6X7fg3w/ny7QP53//ouZo7hSLY3GIcRKgvdjjVM3OW5C3WLpOq5Dez5GWVJ17aeFCfGQ8bwFKde6qfYqyGcU9xHB36TtVHB9hSFP/tUFhkiSOxtsrYwCgCyXm4UTSpP+wiNyjKfFw7qGLBvA2hGTNw8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAh9PeAqPRQk1/SSygIFADZBi08O/DPCshFwEHvJATIcTzcDD8UGAjXh+H5OlkDyX7KyrcaNvYaafCUo63A+WprdtdY5Ty6SBEwTYyiQyQfwM9BfK+imCoif1Ai7xAelD7p9lNazWq7JU+H/Ep7U7Q7LvpxAbK0JArt+IWTb2NcMb3OWE1r0gFbs44O1l6W9UbJTbyLMzbGbe5i+NHlgnwPwuhtRMh0NUYabGHKcHbhwyFhfGAQv2dAp5KF1E5gu6ZzCiFePzc0FrqXQyb2zpFYcJHXquiqaOeG7cZxRHYcjrl10Vxzki64XVA9BpdELgKSnupDGUEJsRUt3WVOmvZuA==",
+  "url": "https://passbook.company/application/saml/awx/login/",
+  "attr_last_name": "User.LastName",
+  "entity_id": "https://awx.company/sso/metadata/saml/",
+  "attr_email": "urn:oid:0.9.2342.19200300.100.1.3",
+  "attr_first_name": "urn:oid:2.5.4.3"
+ }
+}
+```
+
+`x509cert` is the Certificate configured in passbook. Remove the --BEGIN CERTIFICATE-- and --END CERTIFICATE-- headers, then enter the cert as one non-breaking string.

docs/k8s/deployment.yml

@@ -0,0 +1,33 @@
+---
+apiVersion: apps/v1beta2
+kind: Deployment
+metadata:
+  name: passbook-docs
+  namespace: prod-passbook-docs
+  labels:
+    app.kubernetes.io/name: passbook-docs
+    app.kubernetes.io/managed-by: passbook-docs
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: passbook-docs
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: passbook-docs
+    spec:
+      containers:
+        - name: passbook-docs
+          image: "beryju/passbook-docs:latest"
+          ports:
+            - name: http
+              containerPort: 80
+              protocol: TCP
+          resources:
+            limits:
+              cpu: 10m
+              memory: 20Mi
+            requests:
+              cpu: 10m
+              memory: 20Mi

docs/k8s/ingress.yml

@@ -0,0 +1,21 @@
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  labels:
+    app.kubernetes.io/name: passbook-docs
+  name: passbook-docs
+  namespace: prod-passbook-docs
+spec:
+  rules:
+    - host: docs.passbook.beryju.org
+      http:
+        paths:
+          - backend:
+              serviceName: passbook-docs-http
+              servicePort: http
+            path: /
+  tls:
+    - hosts:
+        - docs.passbook.beryju.org
+      secretName: passbook-docs-acme

docs/k8s/service.yml

@@ -0,0 +1,17 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: passbook-docs-http
+  namespace: prod-passbook-docs
+  labels:
+    app.kubernetes.io/name: passbook-docs
+spec:
+  type: ClusterIP
+  ports:
+    - port: 80
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: passbook-docs

docs/policies/expression/index.md

@@ -0,0 +1,21 @@
+# Expression Policy
+
+Expression Policies allows you to write custom Policy Logic using Jinja2 Templating language.
+
+For a language reference, see [here](https://jinja.palletsprojects.com/en/2.11.x/templates/).
+
+The following objects are passed into the variable:
+
+- `request`: A PolicyRequest object, which has the following properties:
+    - `request.user`: The current User, which the Policy is applied against. ([ref](../../property-mappings/reference/user-object.md))
+    - `request.http_request`: The Django HTTP Request, as documented [here](https://docs.djangoproject.com/en/3.0/ref/request-response/#httprequest-objects).
+    - `request.obj`: A Django Model instance. This is only set if the Policy is ran against an object.
+- `pb_is_sso_flow`: Boolean which is true if request was initiated by authenticating through an external Provider.
+- `pb_is_group_member(user, group_name)`: Function which checks if `user` is member of a Group with Name `gorup_name`.
+- `pb_logger`: Standard Python Logger Object, which can be used to debug expressions.
+- `pb_client_ip`: Client's IP Address.
+
+There are also the following custom filters available:
+
+- `regex_match(regex)`: Return True if value matches `regex`
+- `regex_replace(regex, repl)`: Replace string matched by `regex` with `repl`

docs/policies/index.md

@@ -0,0 +1,50 @@
+# Policies
+
+## Kinds
+
+There are two different Kind of policies, a Standard Policy and a Password Policy. Normal Policies just evaluate to True or False, and can be used everywhere. Password Policies apply when a Password is set (during User enrollment, Recovery or anywhere else). These policies can be used to apply Password Rules like length, etc. The can also be used to expire passwords after a certain amount of time.
+
+## Standard Policies
+
+---
+
+### Group-Membership Policy
+
+This policy evaluates to True if the current user is a Member of the selected group.
+
+### Reputation Policy
+
+passbook keeps track of failed login attempts by Source IP and Attempted Username. These values are saved as scores. Each failed login decreases the Score for the Client IP as well as the targeted Username by one.
+
+This policy can be used to for example prompt Clients with a low score to pass a Captcha before they can continue.
+
+## Expression Policy
+
+See [Expression Policy](expression/index.md).
+
+### Webhook Policy
+
+This policy allows you to send an arbitrary HTTP Request to any URL. You can then use JSONPath to extract the result you need.
+
+## Password Policies
+
+---
+
+### Password Policy
+
+This Policy allows you to specify Password rules, like Length and required Characters.
+The following rules can be set:
+
+-   Minimum amount of Uppercase Characters
+-   Minimum amount of Lowercase Characters
+-   Minimum amount of Symbols Characters
+-   Minimum Length
+-   Symbol charset (define which characters are counted as symbols)
+
+### Have I Been Pwned Policy
+
+This Policy checks the hashed Password against the [Have I Been Pwned](https://haveibeenpwned.com/) API. This only sends the first 5 characters of the hashed password. The remaining comparison is done within passbook.
+
+### Password-Expiry Policy
+
+This policy can enforce regular password rotation by expiring set Passwords after a finite amount of time. This forces users to set a new password.

docs/property-mappings/index.md

@@ -0,0 +1,21 @@
+# Property Mappings
+
+Property Mappings allow you to pass information to external Applications. For example, pass the current user's Groups as a SAML Parameter. Property Mappings are also used to map Source fields to passbook fields, for example when using LDAP.
+
+## SAML Property Mapping
+
+SAML Property Mappings allow you embed Information into the SAML AuthN Request. THis Information can then be used by the Application to assign permissions for example.
+
+You can find examples [here](integrations/)
+
+## LDAP Property Mapping
+
+LDAP Property Mappings are used when you define a LDAP Source. These Mappings define which LDAP Property maps to which passbook Property. By default, these mappings are created:
+
+-   Autogenerated LDAP Mapping: givenName -> first_name
+-   Autogenerated LDAP Mapping: mail -> email
+-   Autogenerated LDAP Mapping: name -> name
+-   Autogenerated LDAP Mapping: sAMAccountName -> username
+-   Autogenerated LDAP Mapping: sn -> last_name
+
+These are configured for the most common LDAP Setups.

docs/property-mappings/reference/user-object.md

@@ -0,0 +1,20 @@
+# Passbook User Object
+
+The User object has the following attributes:
+
+ - `username`: User's Username
+ - `email` User's E-Mail
+ - `name` User's Display Name
+ - `is_staff` Boolean field if user is staff
+ - `is_active` Boolean field if user is active
+ - `date_joined` Date User joined/was created
+ - `password_change_date` Date Password was last changed
+ - `attributes` Dynamic Attributes
+
+## Examples
+
+List all the User's Group Names
+
+```jinja2
+[{% for group in user.groups.all() %}'{{ group.name }}',{% endfor %}]
+```

docs/providers.md

@@ -0,0 +1,17 @@
+# Providers
+
+Providers allow external Applications to authenticate against passbook and use its User Information.
+
+## OpenID Provider
+
+This provider uses the commonly used OpenID Connect variation of OAuth2.
+
+## OAuth2 Provider
+
+This provider is slightly different than the OpenID Provider. While it uses the same basic OAuth2 Protocol, it provides a GitHub-compatible Endpoint. This allows you to integrate Applications, which don't support Custom OpenID Providers.
+The API exposes Username, E-Mail, Name and Groups in a GitHub-compatible format.
+
+## SAML Provider
+
+This provider allows you to integrate Enterprise Software using the SAML2 Protocol. It supports signed Requests. This Provider uses [Property Mappings](property-mappings/index.md#saml-property-mapping) to determine which fields are exposed and what values they return. This makes it possible to expose Vendor-specific Fields.
+Default fields are exposed through Auto-generated Property Mappings, which are prefixed with "Autogenerated..."

docs/sources.md

@@ -0,0 +1,39 @@
+# Sources
+
+Sources allow you to connect passbook to an existing User directory. They can also be used for Social-Login, using external Providers like Facebook, Twitter, etc.
+
+## Generic OAuth Source
+
+**All Integration-specific Sources are documented in the Integrations Section**
+
+This source allows users to enroll themselves with an External OAuth-based Identity Provider. The Generic Provider expects the Endpoint to return OpenID-Connect compatible Information. Vendor specific Implementations have their own OAuth Source.
+
+-   Policies: Allow/Forbid Users from linking their Accounts with this Provider
+-   Request Token URL: This field is used for OAuth v1 Implementations and will be provided by the Provider.
+-   Authorization URL: This value will be provided by the Provider.
+-   Access Token URL: This value will be provided by the Provider.
+-   Profile URL: This URL is called by passbook to retrieve User information upon successful authentication.
+-   Consumer key/Consumer secret: These values will be provided by the Provider.
+
+## SAML Source
+
+This source allows passbook to act as a SAML Service Provider. Just like the SAML Provider, it supports signed Requests. Vendor specific documentation can be found in the Integrations Section
+
+## LDAP Source
+
+This source allows you to import Users and Groups from an LDAP Server
+
+-   Server URI: URI to your LDAP Server/Domain Controller
+-   Bind CN: CN to bind as, this can also be a UPN in the format of `user@domain.tld`
+-   Bind password: Password used during the bind process
+-   Enable Start TLS: Enables StartTLS functionality. To use SSL instead, use port `636`
+-   Base DN: Base DN used for all LDAP queries
+-   Addition User DN: Prepended to Base DN for User-queries.
+-   Addition Group DN: Prepended to Base DN for Group-queries.
+-   User object filter: Consider Objects matching this filter to be Users.
+-   Group object filter: Consider Objects matching this filter to be Groups.
+-   User group membership field: Field which contains Groups of user.
+-   Object uniqueness field: Field which contains a unique Identifier.
+-   Sync groups: Enable/disable Group synchronization. Groups are synced in the background every 5 minutes.
+-   Sync parent group: Optionally set this Group as parent Group for all synced Groups (allows you to, for example, import AD Groups under a root `imported-from-ad` group.)
+-   Property mappings: Define which LDAP Properties map to which passbook Properties. The default set of Property Mappings is generated for Active Directory. See also [LDAP Property Mappings](property-mappings/index.md#ldap-property-mapping)

gatekeeper/Dockerfile

@@ -0,0 +1,8 @@
+FROM quay.io/pusher/oauth2_proxy
+
+COPY templates /templates
+
+ENV OAUTH2_PROXY_EMAIL_DOMAINS=*
+ENV OAUTH2_PROXY_PROVIDER=oidc
+ENV OAUTH2_PROXY_CUSTOM_TEMPLATES_DIR=/templates
+ENV OAUTH2_PROXY_HTTP_ADDRESS=:4180

gatekeeper/templates/error.html

@@ -0,0 +1,18 @@
+{{define "error.html"}}
+<!DOCTYPE html>
+<html lang="en" charset="utf-8">
+
+<head>
+    <title>{{.Title}}</title>
+    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
+</head>
+
+<body>
+    <h2>{{.Title}}</h2>
+    <p>{{.Message}}</p>
+    <hr>
+    <p><a href="{{.ProxyPrefix}}/sign_in">Sign In</a></p>
+</body>
+
+</html>
+{{end}}

gatekeeper/templates/sign_in.html

@@ -0,0 +1,119 @@
+{{define "sign_in.html"}}
+<!DOCTYPE html>
+<html lang="en" charset="utf-8">
+<head>
+    <title>Sign In with passbook</title>
+    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
+    <style>
+        body {
+            font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
+            font-size: 14px;
+            line-height: 1.42857143;
+            color: #333;
+            background: #f0f0f0;
+        }
+
+        .signin {
+            display: block;
+            margin: 20px auto;
+            max-width: 400px;
+            background: #fff;
+            border: 1px solid #ccc;
+            border-radius: 10px;
+            padding: 20px;
+        }
+
+        .center {
+            text-align: center;
+        }
+
+        .btn {
+            color: #fff;
+            background-color: #428bca;
+            border: 1px solid #357ebd;
+            -webkit-border-radius: 4;
+            -moz-border-radius: 4;
+            border-radius: 4px;
+            font-size: 14px;
+            padding: 6px 12px;
+            text-decoration: none;
+            cursor: pointer;
+        }
+
+        .btn:hover {
+            background-color: #3071a9;
+            border-color: #285e8e;
+            text-decoration: none;
+        }
+
+        label {
+            display: inline-block;
+            max-width: 100%;
+            margin-bottom: 5px;
+            font-weight: 700;
+        }
+
+        input {
+            display: block;
+            width: 100%;
+            height: 34px;
+            padding: 6px 12px;
+            font-size: 14px;
+            line-height: 1.42857143;
+            color: #555;
+            background-color: #fff;
+            background-image: none;
+            border: 1px solid #ccc;
+            border-radius: 4px;
+            -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, .075);
+            box-shadow: inset 0 1px 1px rgba(0, 0, 0, .075);
+            -webkit-transition: border-color ease-in-out .15s, -webkit-box-shadow ease-in-out .15s;
+            -o-transition: border-color ease-in-out .15s, box-shadow ease-in-out .15s;
+            transition: border-color ease-in-out .15s, box-shadow ease-in-out .15s;
+            margin: 0;
+            box-sizing: border-box;
+        }
+
+        footer {
+            display: block;
+            font-size: 10px;
+            color: #aaa;
+            text-align: center;
+            margin-bottom: 10px;
+        }
+
+        footer a {
+            display: inline-block;
+            height: 25px;
+            line-height: 25px;
+            color: #aaa;
+            text-decoration: underline;
+        }
+
+        footer a:hover {
+            color: #aaa;
+        }
+    </style>
+</head>
+
+<body>
+    <div class="signin center">
+        <form method="GET" action="{{.ProxyPrefix}}/start">
+            <input type="hidden" name="rd" value="{{.Redirect}}">
+            <button type="submit" class="btn">Sign in with passbook</button><br />
+        </form>
+    </div>
+    <script>
+        if (window.location.hash) {
+            (function () {
+                var inputs = document.getElementsByName('rd');
+                for (var i = 0; i < inputs.length; i++) {
+                    inputs[i].value += window.location.hash;
+                }
+            })();
+        }
+    </script>
+</body>
+
+</html>
+{{end}}

helm/Chart.lock

@@ -1,9 +1,9 @@
 dependencies:
 - name: postgresql
   repository: https://kubernetes-charts.storage.googleapis.com/
-  version: 4.2.2
+  version: 6.5.8
 - name: redis
   repository: https://kubernetes-charts.storage.googleapis.com/
-  version: 9.2.1
-digest: sha256:8782e974a1094eaeecf1d68f093ca4fb84977217b2bd38b09790a05ec289aec2
-generated: "2019-10-02T21:03:25.90491153Z"
+  version: 9.5.1
+digest: sha256:f18b5dc8d0be13d584407405c60d10b6b84d25f7fa8aaa3dd0e5385c38f5c516
+generated: "2019-12-14T13:33:48.4341939Z"

helm/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v1
-appVersion: "0.6.3-beta"
+appVersion: "0.8.8-beta"
 description: A Helm chart for passbook.
 name: passbook
-version: "0.6.3-beta"
+version: "0.8.8-beta"
 icon: https://git.beryju.org/uploads/-/system/project/avatar/108/logo.png

helm/requirements.lock

@@ -1,9 +1,9 @@
 dependencies:
 - name: postgresql
   repository: https://kubernetes-charts.storage.googleapis.com/
-  version: 6.3.10
+  version: 6.5.8
 - name: redis
   repository: https://kubernetes-charts.storage.googleapis.com/
-  version: 9.2.1
-digest: sha256:bdde250e1401dccdd5161e39c807f9e88b05e3e8e72e74df767a1bbb5fc39a4a
-generated: "2019-10-01T10:46:06.542706+02:00"
+  version: 9.5.1
+digest: sha256:476834fb82f66bc7242c4a5e7343d0a859d8307cb301256beb0eb749983014e4
+generated: "2019-11-07T10:21:30.902415+01:00"

helm/requirements.yaml

@@ -1,7 +1,7 @@
 dependencies:
 - name: postgresql
-  version: 4.2.2
+  version: 6.5.8
   repository: https://kubernetes-charts.storage.googleapis.com/
 - name: redis
-  version: 9.2.1
+  version: 9.5.1
   repository: https://kubernetes-charts.storage.googleapis.com/

helm/templates/configmap.yaml

@@ -12,5 +12,5 @@ data:
       host: "{{ .Release.Name }}-redis-master"
       cache_db: 0
       message_queue_db: 1
-    error_report_enabled: {{ .Values.config.error_reporting }}
-    domain: ".{{ .Values.ingress.hosts[0] }}"
+    error_reporting: {{ .Values.config.error_reporting }}
+    domain: ".{{ index .Values.ingress.hosts 0 }}"

helm/templates/prom-rules.yaml

@@ -0,0 +1,121 @@
+{{- if .Values.monitoring.enabled -}}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: {{ include "passbook.fullname" . }}-static-rules
+  labels:
+    app.kubernetes.io/name: {{ include "passbook.name" . }}
+    helm.sh/chart: {{ include "passbook.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  groups:
+  - name: Aggregate request counters
+    rules:
+      - record: job:django_http_requests_before_middlewares_total:sum_rate30s
+        expr: sum(rate(django_http_requests_before_middlewares_total[30s])) by (job)
+      - record: job:django_http_requests_unknown_latency_total:sum_rate30s
+        expr: sum(rate(django_http_requests_unknown_latency_total[30s])) by (job)
+      - record: job:django_http_ajax_requests_total:sum_rate30s
+        expr: sum(rate(django_http_ajax_requests_total[30s])) by (job)
+      - record: job:django_http_responses_before_middlewares_total:sum_rate30s
+        expr: sum(rate(django_http_responses_before_middlewares_total[30s])) by (job)
+      - record: job:django_http_requests_unknown_latency_including_middlewares_total:sum_rate30s
+        expr: sum(rate(django_http_requests_unknown_latency_including_middlewares_total[30s])) by (job)
+      - record: job:django_http_requests_body_total_bytes:sum_rate30s
+        expr: sum(rate(django_http_requests_body_total_bytes[30s])) by (job)
+      - record: job:django_http_responses_streaming_total:sum_rate30s
+        expr: sum(rate(django_http_responses_streaming_total[30s])) by (job)
+      - record: job:django_http_responses_body_total_bytes:sum_rate30s
+        expr: sum(rate(django_http_responses_body_total_bytes[30s])) by (job)
+      - record: job:django_http_requests_total:sum_rate30s
+        expr: sum(rate(django_http_requests_total_by_method[30s])) by (job)
+      - record: job:django_http_requests_total_by_method:sum_rate30s
+        expr: sum(rate(django_http_requests_total_by_method[30s])) by (job,method)
+      - record: job:django_http_requests_total_by_transport:sum_rate30s
+        expr: sum(rate(django_http_requests_total_by_transport[30s])) by (job,transport)
+      - record: job:django_http_requests_total_by_view:sum_rate30s
+        expr: sum(rate(django_http_requests_total_by_view_transport_method[30s])) by (job,view)
+      - record: job:django_http_requests_total_by_view_transport_method:sum_rate30s
+        expr: sum(rate(django_http_requests_total_by_view_transport_method[30s])) by (job,view,transport,method)
+      - record: job:django_http_responses_total_by_templatename:sum_rate30s
+        expr: sum(rate(django_http_responses_total_by_templatename[30s])) by (job,templatename)
+      - record: job:django_http_responses_total_by_status:sum_rate30s
+        expr: sum(rate(django_http_responses_total_by_status[30s])) by (job,status)
+      - record: job:django_http_responses_total_by_status_name_method:sum_rate30s
+        expr: sum(rate(django_http_responses_total_by_status_name_method[30s])) by (job,status,name,method)
+      - record: job:django_http_responses_total_by_charset:sum_rate30s
+        expr: sum(rate(django_http_responses_total_by_charset[30s])) by (job,charset)
+      - record: job:django_http_exceptions_total_by_type:sum_rate30s
+        expr: sum(rate(django_http_exceptions_total_by_type[30s])) by (job,type)
+      - record: job:django_http_exceptions_total_by_view:sum_rate30s
+        expr: sum(rate(django_http_exceptions_total_by_view[30s])) by (job,view)
+  - name: Aggregate latency histograms
+    rules:
+      - record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
+        expr: histogram_quantile(0.50, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s])) by (job, le))
+        labels:
+          quantile: "50"
+      - record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
+        expr: histogram_quantile(0.95, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s])) by (job, le))
+        labels:
+          quantile: "95"
+      - record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
+        expr: histogram_quantile(0.99, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s])) by (job, le))
+        labels:
+          quantile: "99"
+      - record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
+        expr: histogram_quantile(0.999, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s])) by (job, le))
+        labels:
+          quantile: "99.9"
+      - record: job:django_http_requests_latency_seconds:quantile_rate30s
+        expr: histogram_quantile(0.50, sum(rate(django_http_requests_latency_seconds_bucket[30s])) by (job, le))
+        labels:
+          quantile: "50"
+      - record: job:django_http_requests_latency_seconds:quantile_rate30s
+        expr: histogram_quantile(0.95, sum(rate(django_http_requests_latency_seconds_bucket[30s])) by (job, le))
+        labels:
+          quantile: "95"
+      - record: job:django_http_requests_latency_seconds:quantile_rate30s
+        expr: histogram_quantile(0.99, sum(rate(django_http_requests_latency_seconds_bucket[30s])) by (job, le))
+        labels:
+          quantile: "99"
+      - record: job:django_http_requests_latency_seconds:quantile_rate30s
+        expr: histogram_quantile(0.999, sum(rate(django_http_requests_latency_seconds_bucket[30s])) by (job, le))
+        labels:
+          quantile: "99.9"
+  - name: Aggregate model operations
+    rules:
+      - record: job:django_model_inserts_total:sum_rate1m
+        expr: sum(rate(django_model_inserts_total[1m])) by (job, model)
+      - record: job:django_model_updates_total:sum_rate1m
+        expr: sum(rate(django_model_updates_total[1m])) by (job, model)
+      - record: job:django_model_deletes_total:sum_rate1m
+        expr: sum(rate(django_model_deletes_total[1m])) by (job, model)
+  - name: Aggregate database operations
+    rules:
+      - record: job:django_db_new_connections_total:sum_rate30s
+        expr: sum(rate(django_db_new_connections_total[30s])) by (alias, vendor)
+      - record: job:django_db_new_connection_errors_total:sum_rate30s
+        expr: sum(rate(django_db_new_connection_errors_total[30s])) by (alias, vendor)
+      - record: job:django_db_execute_total:sum_rate30s
+        expr: sum(rate(django_db_execute_total[30s])) by (alias, vendor)
+      - record: job:django_db_execute_many_total:sum_rate30s
+        expr: sum(rate(django_db_execute_many_total[30s])) by (alias, vendor)
+      - record: job:django_db_errors_total:sum_rate30s
+        expr: sum(rate(django_db_errors_total[30s])) by (alias, vendor, type)
+  - name: Aggregate migrations
+    rules:
+      - record: job:django_migrations_applied_total:max
+        expr: max(django_migrations_applied_total) by (job, connection)
+      - record: job:django_migrations_unapplied_total:max
+        expr: max(django_migrations_unapplied_total) by (job, connection)
+  - name: Alerts
+    rules:
+      - alert: UnappliedMigrations
+        expr: job:django_migrations_unapplied_total:max > 0
+        for: 1m
+        labels:
+          severity: testing
+{{- end }}

helm/templates/secret.yaml

@@ -4,6 +4,7 @@ type: Opaque
 metadata:
   name: {{ include "passbook.fullname" . }}-secret-key
 data:
+  monitoring_username: bW9uaXRvcg== # monitor in base64
   {{- if .Values.config.secret_key }}
   secret_key: {{ .Values.config.secret_key | b64enc | quote }}
   {{- else }}

helm/templates/static-deployment.yaml

@@ -1,4 +1,4 @@
-apiVersion: apps/v1beta2
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "passbook.fullname" . }}-static
@@ -18,14 +18,10 @@ spec:
         app.kubernetes.io/name: {{ include "passbook.name" . }}
         app.kubernetes.io/instance: {{ .Release.Name }}
         k8s.passbook.io/component: static
-      annotations:
-        prometheus.io/scrape: "true"
-        prometheus.io/port: '9113'
-        field.cattle.io/workloadMetrics: '[{"path":"/metrics","port":9113,"schema":"HTTP"}]'
     spec:
       containers:
         - name: {{ .Chart.Name }}-static
-          image: "docker.beryju.org/passbook/static:{{ .Values.image.tag }}"
+          image: "beryju/passbook-static:{{ .Values.image.tag }}"
           imagePullPolicy: IfNotPresent
           ports:
             - name: http
@@ -35,13 +31,13 @@ spec:
             initialDelaySeconds: 10
             timeoutSeconds: 5
             httpGet:
-              path: /_/healthz
+              path: /
               port: http
           readinessProbe:
             initialDelaySeconds: 10
             timeoutSeconds: 5
             httpGet:
-              path: /_/healthz
+              path: /
               port: http
           resources:
             requests:
@@ -50,6 +46,3 @@ spec:
             limits:
               cpu: 20m
               memory: 20M
-        - name: {{ .Chart.Name }}-static-prometheus
-          image: nginx/nginx-prometheus-exporter:0.4.1
-          imagePullPolicy: IfNotPresent

helm/templates/static-sm.yaml

@@ -0,0 +1,17 @@
+{{- if .Values.monitoring.enabled -}}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  labels:
+    app.kubernetes.io/name: {{ include "passbook.name" . }}
+    helm.sh/chart: {{ include "passbook.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  name: {{ include "passbook.fullname" . }}-static-monitoring
+spec:
+  endpoints:
+  - port: http
+  selector:
+    matchLabels:
+      k8s.passbook.io/component: static
+{{- end }}

helm/templates/web-deployment.yaml

@@ -1,4 +1,4 @@
-apiVersion: apps/v1beta2
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "passbook.fullname" . }}-web
@@ -26,7 +26,7 @@ spec:
             name: {{ include "passbook.fullname" . }}-config
       initContainers:
         - name: passbook-database-migrations
-          image: "docker.beryju.org/passbook/server:{{ .Values.image.tag }}"
+          image: "beryju/passbook:{{ .Values.image.tag }}"
           command:
             - ./manage.py
           args:
@@ -56,7 +56,7 @@ spec:
                   key: postgresql-password
       containers:
         - name: {{ .Chart.Name }}
-          image: "docker.beryju.org/passbook/server:{{ .Values.image.tag }}"
+          image: "beryju/passbook:{{ .Values.image.tag }}"
           imagePullPolicy: IfNotPresent
           command:
             - uwsgi

helm/templates/web-service.yaml

@@ -4,13 +4,14 @@ metadata:
   name: {{ include "passbook.fullname" . }}-web
   labels:
     app.kubernetes.io/name: {{ include "passbook.name" . }}
-    helm.sh/chart: {{ include "passbook.chart" . }}
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
+    helm.sh/chart: {{ include "passbook.chart" . }}
+    k8s.passbook.io/component: web
 spec:
-  type: {{ .Values.service.type }}
+  type: ClusterIP
   ports:
-    - port: {{ .Values.service.port }}
+    - port: 80
       targetPort: http
       protocol: TCP
       name: http

helm/templates/web-sm.yaml

@@ -0,0 +1,26 @@
+{{- if .Values.monitoring.enabled -}}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  labels:
+    app.kubernetes.io/name: {{ include "passbook.name" . }}
+    helm.sh/chart: {{ include "passbook.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  name: {{ include "passbook.fullname" . }}-web-monitoring
+spec:
+  endpoints:
+  - basicAuth:
+      password:
+        name: {{ include "passbook.fullname" . }}-secret-key
+        key: secret_key
+      username:
+        name: {{ include "passbook.fullname" . }}-secret-key
+        key: monitoring_username
+    port: http
+    path: /metrics/
+    interval: 10s
+  selector:
+    matchLabels:
+      k8s.passbook.io/component: web
+{{- end }}

helm/templates/worker-deployment.yaml

@@ -1,4 +1,4 @@
-apiVersion: apps/v1beta2
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "passbook.fullname" . }}-worker
@@ -26,7 +26,7 @@ spec:
             name: {{ include "passbook.fullname" . }}-config
       containers:
         - name: {{ .Chart.Name }}
-          image: "docker.beryju.org/passbook/server:{{ .Values.image.tag }}"
+          image: "beryju/passbook:{{ .Values.image.tag }}"
           imagePullPolicy: IfNotPresent
           command:
             - celery
@@ -36,6 +36,7 @@ spec:
             - -E
             - -B
             - -A=passbook.root.celery
+            - -s=/tmp/celerybeat-schedule
           volumeMounts:
             - mountPath: /etc/passbook
               name: config-volume

helm/values.yaml

@@ -2,7 +2,7 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 image:
-  tag: 0.6.3-beta
+  tag: 0.8.8-beta
 
 nameOverride: ""
 
@@ -10,23 +10,14 @@ config:
   # Optionally specify fixed secret_key, otherwise generated automatically
   # secret_key: _k*@6h2u2@q-dku57hhgzb7tnx*ba9wodcb^s9g0j59@=y(@_o
   # Enable error reporting
-  error_reporting: true
+  error_reporting: false
   email:
     host: localhost
 
-postgresql:
-  postgresqlDatabase: passbook
-
-redis:
-  cluster:
-    enabled: false
-  master:
-    persistence:
-      enabled: false
-
-service:
-  type: ClusterIP
-  port: 80
+# This Helm chart ships with built-in Prometheus ServiceMonitors and Rules.
+# This requires the CoreOS Prometheus Operator.
+monitoring:
+  enabled: false
 
 ingress:
   enabled: false
@@ -40,3 +31,16 @@ ingress:
   #  - secretName: chart-example-tls
   #    hosts:
   #      - passbook.k8s.local
+
+# These settings configure the packaged PostgreSQL and Redis chart.
+postgresql:
+  postgresqlDatabase: passbook
+
+redis:
+  cluster:
+    enabled: false
+  master:
+    persistence:
+      enabled: false
+    # https://stackoverflow.com/a/59189742
+    disableCommands: []

manage.py

@@ -2,6 +2,9 @@
 """Django manage.py"""
 import os
 import sys
+from defusedxml import defuse_stdlib
+
+defuse_stdlib()
 
 if __name__ == '__main__':
     os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'passbook.root.settings')

mkdocs.yml

@@ -0,0 +1,39 @@
+site_name: passbook Docs
+site_url: https://beryju.github.io/passbook
+copyright: "Copyright © 2019 - 2020 BeryJu.org"
+
+nav:
+  - Home: index.md
+  - Installation:
+      - Installation: installation/install.md
+      - docker-compose: installation/docker-compose.md
+      - Kubernetes: installation/kubernetes.md
+  - Sources: sources.md
+  - Providers: providers.md
+  - Property Mappings:
+      - Overview: property-mappings/index.md
+      - Reference:
+          - User Object: property-mappings/reference/user-object.md
+  - Factors: factors.md
+  - Policies:
+      - Overview: policies/index.md
+      - Expression: policies/expression/index.md
+  - Integrations:
+      - as Provider:
+          - Amazon Web Services: integrations/services/aws/index.md
+          - GitLab: integrations/services/gitlab/index.md
+          - Rancher: integrations/services/rancher/index.md
+          - Harbor: integrations/services/harbor/index.md
+          - Sentry: integrations/services/sentry/index.md
+          - Ansible Tower/AWX: integrations/services/tower-awx/index.md
+
+repo_name: "BeryJu.org/passbook"
+repo_url: https://github.com/BeryJu/passbook
+theme:
+  name: "material"
+  logo: "images/logo.svg"
+
+markdown_extensions:
+  - toc:
+      permalink: "¶"
+  - admonition

passbook/__init__.py

@@ -1,2 +1,2 @@
 """passbook"""
-__version__ = '0.6.3-beta'
+__version__ = "0.8.8-beta"

passbook/admin/api/urls.py

@@ -1,6 +0,0 @@
-"""Versioned Admin API Urls"""
-from django.conf.urls import include, url
-
-urlpatterns = [
-    url(r'^v1/', include('passbook.admin.api.v1.urls', namespace='v1')),
-]

passbook/admin/api/v1/groups.py

@@ -1,36 +0,0 @@
-"""passbook admin gorup API"""
-from rest_framework.permissions import IsAdminUser
-from rest_framework.serializers import ModelSerializer, Serializer
-from rest_framework.viewsets import ModelViewSet
-
-from passbook.core.models import Group
-
-
-class RecursiveField(Serializer):
-    """Recursive field for manytomanyfield"""
-
-    def to_representation(self, value):
-        serializer = self.parent.parent.__class__(value, context=self.context)
-        return serializer.data
-
-    def create(self):
-        raise NotImplementedError()
-
-    def update(self):
-        raise NotImplementedError()
-
-class GroupSerializer(ModelSerializer):
-    """Group Serializer"""
-
-    children = RecursiveField(many=True)
-
-    class Meta:
-        model = Group
-        fields = '__all__'
-
-class GroupViewSet(ModelViewSet):
-    """Group Viewset"""
-
-    permission_classes = [IsAdminUser]
-    serializer_class = GroupSerializer
-    queryset = Group.objects.filter(parent__isnull=True)

passbook/admin/api/v1/urls.py

@@ -1,33 +0,0 @@
-"""passbook admin API URLs"""
-from django.urls import path
-from drf_yasg import openapi
-from drf_yasg.views import get_schema_view
-from rest_framework import permissions
-from rest_framework.routers import DefaultRouter
-
-from passbook.admin.api.v1.applications import ApplicationViewSet
-from passbook.admin.api.v1.groups import GroupViewSet
-from passbook.admin.api.v1.users import UserViewSet
-
-router = DefaultRouter()
-router.register('applications', ApplicationViewSet)
-router.register('groups', GroupViewSet)
-router.register('users', UserViewSet)
-
-SchemaView = get_schema_view(
-    openapi.Info(
-        title="passbook Administration API",
-        default_version='v1',
-        description="Internal passbook API for Administration Interface",
-        contact=openapi.Contact(email="contact@snippets.local"),
-        license=openapi.License(name="MIT License"),
-    ),
-    public=True,
-    permission_classes=(permissions.IsAdminUser,),
-)
-
-urlpatterns = router.urls + [
-    path('swagger.yml', SchemaView.without_ui(cache_timeout=0), name='schema-json'),
-    path('swagger/', SchemaView.with_ui('swagger', cache_timeout=0), name='schema-swagger-ui'),
-]
-app_name = 'passbook.admin'

passbook/admin/apps.py

@@ -5,7 +5,7 @@ from django.apps import AppConfig
 class PassbookAdminConfig(AppConfig):
     """passbook admin app config"""
 
-    name = 'passbook.admin'
-    label = 'passbook_admin'
-    mountpoint = 'administration/'
-    verbose_name = 'passbook Admin'
+    name = "passbook.admin"
+    label = "passbook_admin"
+    mountpoint = "administration/"
+    verbose_name = "passbook Admin"

passbook/admin/fields.py

@@ -0,0 +1,59 @@
+"""YAML fields"""
+import yaml
+from django import forms
+from django.utils.translation import gettext_lazy as _
+
+
+class InvalidYAMLInput(str):
+    """Invalid YAML String type"""
+
+
+class YAMLString(str):
+    """YAML String type"""
+
+
+class YAMLField(forms.CharField):
+    """Django's JSON Field converted to YAML"""
+
+    default_error_messages = {
+        "invalid": _("'%(value)s' value must be valid YAML."),
+    }
+    widget = forms.Textarea
+
+    def to_python(self, value):
+        if self.disabled:
+            return value
+        if value in self.empty_values:
+            return None
+        if isinstance(value, (list, dict, int, float, YAMLString)):
+            return value
+        try:
+            converted = yaml.safe_load(value)
+        except yaml.YAMLError:
+            raise forms.ValidationError(
+                self.error_messages["invalid"], code="invalid", params={"value": value},
+            )
+        if isinstance(converted, str):
+            return YAMLString(converted)
+        return converted
+
+    def bound_data(self, data, initial):
+        if self.disabled:
+            return initial
+        try:
+            return yaml.safe_load(data)
+        except yaml.YAMLError:
+            return InvalidYAMLInput(data)
+
+    def prepare_value(self, value):
+        if isinstance(value, InvalidYAMLInput):
+            return value
+        return yaml.dump(value, explicit_start=True)
+
+    def has_changed(self, initial, data):
+        if super().has_changed(initial, data):
+            return True
+        # For purposes of seeing whether something has changed, True isn't the
+        # same as 1 and the order of keys doesn't matter.
+        data = self.to_python(data)
+        return yaml.dump(initial, sort_keys=True) != yaml.dump(data, sort_keys=True)

passbook/admin/forms/base.py

@@ -0,0 +1,40 @@
+"""passbook form helpers"""
+from django import forms
+
+from passbook.admin.fields import YAMLField
+
+
+class TagModelForm(forms.ModelForm):
+    """Base form for models that have attributes"""
+
+    def __init__(self, *args, **kwargs):
+        # Check if we have an instance, load tags otherwise use an empty dict
+        instance = kwargs.get("instance", None)
+        tags = instance.tags if instance else {}
+        # Make sure all predefined tags exist in tags, and set default if they don't
+        predefined_tags = (
+            self._meta.model().get_predefined_tags()  # pylint: disable=no-member
+        )
+        for key, value in predefined_tags.items():
+            if key not in tags:
+                tags[key] = value
+        # Format JSON
+        kwargs["initial"]["tags"] = tags
+        super().__init__(*args, **kwargs)
+
+    def clean_tags(self):
+        """Make sure all required tags are set"""
+        if hasattr(self.instance, "get_required_keys") and hasattr(
+            self.instance, "tags"
+        ):
+            for key in self.instance.get_required_keys():
+                if key not in self.cleaned_data.get("tags"):
+                    raise forms.ValidationError("Tag %s missing." % key)
+        return self.cleaned_data.get("tags")
+
+
+# pylint: disable=too-few-public-methods
+class TagModelFormMeta:
+    """Base Meta class that uses the YAMLField"""
+
+    field_classes = {"tags": YAMLField}

passbook/admin/forms/source.py

@@ -1,6 +1,4 @@
 """passbook core source form fields"""
-# from django import forms
 
-SOURCE_FORM_FIELDS = ['name', 'slug', 'enabled', 'policies']
-
-# class SourceForm(forms.Form)
+SOURCE_FORM_FIELDS = ["name", "slug", "enabled"]
+SOURCE_SERIALIZER_FIELDS = ["pk", "name", "slug", "enabled"]

passbook/admin/forms/users.py

@@ -2,6 +2,7 @@
 
 from django import forms
 
+from passbook.admin.fields import YAMLField
 from passbook.core.models import User
 
 
@@ -11,7 +12,10 @@ class UserForm(forms.ModelForm):
     class Meta:
 
         model = User
-        fields = ['username', 'name', 'email', 'is_staff', 'is_active']
+        fields = ["username", "name", "email", "is_staff", "is_active", "attributes"]
         widgets = {
-            'name': forms.TextInput
+            "name": forms.TextInput,
+        }
+        field_classes = {
+            "attributes": YAMLField,
         }

passbook/admin/middleware.py

@@ -11,15 +11,16 @@ def impersonate(get_response):
 
         # User is superuser and has __impersonate ID set
         if request.user.is_superuser and "__impersonate" in request.GET:
-            request.session['impersonate_id'] = request.GET["__impersonate"]
+            request.session["impersonate_id"] = request.GET["__impersonate"]
         # user wants to stop impersonation
-        elif "__unimpersonate" in request.GET and 'impersonate_id' in request.session:
-            del request.session['impersonate_id']
+        elif "__unimpersonate" in request.GET and "impersonate_id" in request.session:
+            del request.session["impersonate_id"]
 
         # Actually impersonate user
-        if request.user.is_superuser and 'impersonate_id' in request.session:
-            request.user = User.objects.get(pk=request.session['impersonate_id'])
+        if request.user.is_superuser and "impersonate_id" in request.session:
+            request.user = User.objects.get(pk=request.session["impersonate_id"])
 
         response = get_response(request)
         return response
+
     return middleware

passbook/admin/settings.py

@@ -1,5 +1,5 @@
 """passbook admin settings"""
 
 MIDDLEWARE = [
-    'passbook.admin.middleware.impersonate',
+    "passbook.admin.middleware.impersonate",
 ]

passbook/admin/templates/administration/application/list.html

@@ -3,43 +3,65 @@
 {% load i18n %}
 {% load utils %}
 
-{% block title %}
-{% title %}
-{% endblock %}
-
 {% block content %}
-<div class="container">
-    <h1><span class="pficon-applications"></span> {% trans "Applications" %}</h1>
-    <span>{% trans "External Applications which use passbook as Identity-Provider, utilizing protocols like OAuth2 and SAML." %}</span>
-    <hr>
-    <a href="{% url 'passbook_admin:application-create' %}?back={{ request.get_full_path }}" class="btn btn-primary">
-        {% trans 'Create...' %}
-    </a>
-    <hr>
-    <table class="table table-striped table-bordered">
-        <thead>
-            <tr>
-                <th>{% trans 'Name' %}</th>
-                <th>{% trans 'Provider' %}</th>
-                <th>{% trans 'Provider Type' %}</th>
-                <th></th>
-            </tr>
-        </thead>
-        <tbody>
-            {% for application in object_list %}
-            <tr>
-                <td>{{ application.name }}</td>
-                <td>{{ application.get_provider }}</td>
-                <td>{{ application.get_provider|verbose_name }}</td>
-                <td>
-                    <a class="btn btn-default btn-sm"
-                        href="{% url 'passbook_admin:application-update' pk=application.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
-                    <a class="btn btn-default btn-sm"
-                        href="{% url 'passbook_admin:application-delete' pk=application.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
-                </td>
-            </tr>
-            {% endfor %}
-        </tbody>
-    </table>
-</div>
+<section class="pf-c-page__main-section pf-m-light">
+    <div class="pf-c-content">
+        <h1>
+            <i class="pf-icon pf-icon-applications"></i>
+            {% trans 'Applications' %}
+        </h1>
+        <p>{% trans "External Applications which use passbook as Identity-Provider, utilizing protocols like OAuth2 and SAML." %}</p>
+    </div>
+</section>
+<section class="pf-c-page__main-section pf-m-no-padding-mobile">
+    <div class="pf-c-card">
+        <div class="pf-c-toolbar" id="page-layout-table-simple-toolbar-top">
+            <div class="pf-c-toolbar__action-group">
+                <a href="{% url 'passbook_admin:application-create' %}?back={{ request.get_full_path }}" class="pf-c-button pf-m-primary" type="button">{% trans 'Create' %}</a>
+            </div>
+            {% include 'partials/pagination.html' %}
+        </div>
+        <table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
+            <thead>
+                <tr role="row">
+                    <th role="columnheader" scope="col">{% trans 'Name' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Provider' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Provider Type' %}</th>
+                    <th role="cell"></th>
+                </tr>
+            </thead>
+            <tbody role="rowgroup">
+                {% for application in object_list %}
+                <tr role="row">
+                    <th role="columnheader">
+                        <div>
+                            <div>{{ application.name }}</div>
+                            {% if application.meta_publisher %}
+                            <small>{{ application.meta_publisher }}</small>
+                            {% endif %}
+                        </div>
+                    </th>
+                    <td role="cell">
+                        <span>
+                            {{ application.get_provider }}
+                        </span>
+                    </td>
+                    <td role="cell">
+                        <span>
+                            {{ application.get_provider|verbose_name }}
+                        </span>
+                    </td>
+                    <td>
+                        <a class="pf-c-button pf-m-secondary" href="{% url 'passbook_admin:application-update' pk=application.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
+                        <a class="pf-c-button pf-m-danger" href="{% url 'passbook_admin:application-delete' pk=application.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
+                    </td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+        <div class="pf-c-toolbar" id="page-layout-table-simple-toolbar-bottom">
+            {% include 'partials/pagination.html' %}
+        </div>
+    </div>
+</section>
 {% endblock %}

passbook/admin/templates/administration/audit/list.html

@@ -3,85 +3,64 @@
 {% load i18n %}
 {% load utils %}
 
-{% block title %}
-{% title %}
-{% endblock %}
-
 {% block content %}
-<h1><span class="pficon-catalog"></span> {% trans "Audit Log" %}</h1>
-<div id="pf-list-standard" class="list-group list-view-pf list-view-pf-view">
-    {% for entry in object_list %}
-    <div class="list-group-item">
-        <div class="list-view-pf-main-info">
-            <div class="list-view-pf-left">
-                <span class="fa fa-plane list-view-pf-icon-sm"></span>
-            </div>
-            <div class="list-view-pf-body">
-                <div class="list-view-pf-description">
-                    <div class="list-group-item-heading">
-                        {{ entry.action }}
-                    </div>
-                    <div class="list-group-item-text">
-                        {{ entry.context }}
-                    </div>
-                </div>
-                <div class="list-view-pf-additional-info">
-                    <div class="list-view-pf-additional-info-item">
-                        <span class="pficon pficon-user"></span>
-                        <strong>{{ entry.user }}</strong>
-                    </div>
-                    <div class="list-view-pf-additional-info-item">
-                        <span class="pficon pficon-cluster"></span>
-                        <strong>{{ entry.app|default:'-' }}</strong>
-                    </div>
-                    <div class="list-view-pf-additional-info-item">
-                        <span class="fa fa-clock-o"></span>
-                        <strong>{{ entry.created }}</strong>
-                    </div>
-                    <div class="list-view-pf-additional-info-item">
-                        <span class="pficon pficon-screen"></span>
-                        <strong>{{ entry.request_ip }}</strong>
-                    </div>
-                </div>
-            </div>
+<section class="pf-c-page__main-section pf-m-light">
+    <div class="pf-c-content">
+        <h1>
+            <i class="pf-icon pf-icon-catalog"></i>
+            {% trans 'Audit Log' %}
+        </h1>
+    </div>
+</section>
+<section class="pf-c-page__main-section pf-m-no-padding-mobile">
+    <div class="pf-c-card">
+        <div class="pf-c-toolbar" id="page-layout-table-simple-toolbar-top">
+            {% include 'partials/pagination.html' %}
+        </div>
+        <table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
+            <thead>
+                <tr role="row">
+                    <th role="columnheader" scope="col">{% trans 'Action' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Context' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'User' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Creation Date' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Client IP' %}</th>
+                </tr>
+            </thead>
+            <tbody role="rowgroup">
+                {% for entry in object_list %}
+                <tr role="row">
+                    <th role="columnheader">
+                        <div>
+                            <div>{{ entry.action }}</div>
+                            <small>{{ entry.app|default:'-' }}</small>
+                        </div>
+                    </th>
+                    <td role="cell">
+                        <code>{{ entry.context }}</code>
+                    </td>
+                    <td role="cell">
+                        <span>
+                            {{ entry.user }}
+                        </span>
+                    </td>
+                    <td role="cell">
+                        <span>
+                            {{ entry.created }}
+                        </span>
+                    </td>
+                    <td role="cell">
+                        <span>
+                            {{ entry.client_ip }}
+                        </span>
+                    </td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+        <div class="pf-c-toolbar" id="page-layout-table-simple-toolbar-bottom">
+            {% include 'partials/pagination.html' %}
         </div>
     </div>
-    {% endfor %}
-    <script>
-        $(document).ready(function () {
-            // Row Checkbox Selection
-            $("#pf-list-standard input[type='checkbox']").change(function (e) {
-                if ($(this).is(":checked")) {
-                    $(this).closest('.list-group-item').addClass("active");
-                } else {
-                    $(this).closest('.list-group-item').removeClass("active");
-                }
-            });
-            // toggle dropdown menu
-            $('#pf-list-standard .list-view-pf-actions').on('show.bs.dropdown', function () {
-                var $this = $(this);
-                var $dropdown = $this.find('.dropdown');
-                var space = $(window).height() - $dropdown[0].getBoundingClientRect().top - $this.find('.dropdown-menu').outerHeight(true);
-                $dropdown.toggleClass('dropup', space < 10);
-            });
-            // allow users to select multiple list items with shift key
-            $('#pf-list-standard .list-group').on('click', '.list-view-pf-checkbox>input', function (event) {
-                var $list = $('.list-group');
-                var prevIndex = $list.data('preIndex');
-                var $listItems = $list.children('.list-group-item');
-                var $currentItem = $(this).closest('.list-group-item');
-                if (event.shiftKey && prevIndex > -1 && this.checked) {
-                    var currentIndex = $listItems.index($currentItem);
-                    var $selectScope = currentIndex - prevIndex > 0
-                        ? $currentItem.prevAll().not($listItems.eq(prevIndex).prevAll().addBack())
-                        : $listItems.eq(prevIndex).prevAll().not($currentItem.prevAll().addBack());
-                    $selectScope.addClass('active').find('.list-view-pf-checkbox').children('input').prop('checked', true);
-                }
-                $list.data('preIndex', this.checked ? $listItems.index($currentItem) : -1);
-            });
-
-        });
-    </script>
-    {% include 'partials/pagination.html' %}
-</div>
+</section>
 {% endblock %}

passbook/admin/templates/administration/base.html

@@ -1,7 +1,14 @@
 {% extends "overview/base.html" %}
 
-{% load i18n %}
-{% load is_active %}
+{% load static %}
 
-{% block nav_secondary %}
+{% block head %}
+{{ block.super }}
+<script src="{% static 'node_modules/codemirror/lib/codemirror.js' %}"></script>
+<script src="{% static 'node_modules/codemirror/addon/display/autorefresh.js' %}"></script>
+<link rel="stylesheet" href="{% static 'node_modules/codemirror/lib/codemirror.css' %}">
+<link rel="stylesheet" href="{% static 'node_modules/codemirror/theme/monokai.css' %}">
+<script src="{% static 'node_modules/codemirror/mode/xml/xml.js' %}"></script>
+<script src="{% static 'node_modules/codemirror/mode/yaml/yaml.js' %}"></script>
+<script src="{% static 'node_modules/codemirror/mode/jinja2/jinja2.js' %}"></script>
 {% endblock %}

passbook/admin/templates/administration/debug/request.html

@@ -3,29 +3,34 @@
 {% load i18n %}
 {% load utils %}
 
-{% block title %}
-{% title %}
-{% endblock %}
-
 {% block content %}
-<div class="container">
-    <h1><span class="pficon-applications"></span> {% trans "Request" %}</h1>
-    <hr>
-    <table class="table table-striped table-bordered">
-        <thead>
-            <tr>
-                <th>{% trans 'Key' %}</th>
-                <th>{% trans 'Value' %}</th>
-            </tr>
-        </thead>
-        <tbody>
-            {% for key, value in request_dict.items %}
-            <tr>
-                <td>{{ key }}</td>
-                <td>{{ value }}</td>
-            </tr>
-            {% endfor %}
-        </tbody>
-    </table>
+<section class="pf-c-page__main-section pf-m-light">
+    <div class="pf-c-content">
+        <h1>
+            <i class="pf-icon pf-icon-applications"></i>
+            {% trans 'Request' %}
+        </h1>
+    </div>
+</section>
+<section class="pf-c-page__main-section pf-m-no-padding-mobile">
+    <div class="pf-c-card">
+        <table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
+            <thead>
+                <tr role="row">
+                    <th role="columnheader" scope="col" style="min-width: 150px;">{% trans 'Key' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Value' %}</th>
+                </tr>
+            </thead>
+            <tbody role="rowgroup">
+                {% for key, value in request_dict.items %}
+                <tr role="row">
+                    <td role="cell">{{ key }}</td>
+                    <td role="cell">{{ value }}</td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+    </div>
+</section>
 </div>
 {% endblock %}

passbook/admin/templates/administration/factor/list.html

@@ -4,59 +4,80 @@
 {% load utils %}
 {% load admin_reflection %}
 
-{% block title %}
-{% title %}
-{% endblock %}
-
 {% block content %}
-<div class="container">
-    <h1><span class="pficon-plugged"></span> {% trans "Factors" %}</h1>
-    <span>{% trans "Factors required for a user to successfully authenticate." %}</span>
-    <hr>
-    <div class="dropdown">
-        <button class="btn btn-primary dropdown-toggle" type="button" id="createDropdown" data-toggle="dropdown">
-            {% trans 'Create...' %}
-            <span class="caret"></span>
-        </button>
-        <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
-            {% for type, name in types.items %}
-            <li role="presentation"><a role="menuitem" tabindex="-1"
-                    href="{% url 'passbook_admin:factor-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a></li>
-            {% endfor %}
-        </ul>
+<section class="pf-c-page__main-section pf-m-light">
+    <div class="pf-c-content">
+        <h1>
+            <i class="pf-icon pf-icon-plugged"></i>
+            {% trans 'Factors' %}
+        </h1>
+        <p>{% trans "Factors required for a user to successfully authenticate." %}
+        </p>
     </div>
-    <hr>
-    <table class="table table-striped table-bordered">
-        <thead>
-            <tr>
-                <th>{% trans 'Name' %}</th>
-                <th>{% trans 'Type' %}</th>
-                <th>{% trans 'Order' %}</th>
-                <th>{% trans 'Enabled?' %}</th>
-                <th></th>
-            </tr>
-        </thead>
-        <tbody>
-            {% for factor in object_list %}
-            <tr>
-                <td>{{ factor.name }} ({{ factor.slug }})</td>
-                <td>{{ factor|verbose_name }}</td>
-                <td>{{ factor.order }}</td>
-                <td>{{ factor.enabled }}</td>
-                <td>
-                    <a class="btn btn-default btn-sm"
-                        href="{% url 'passbook_admin:factor-update' pk=factor.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
-                    <a class="btn btn-default btn-sm"
-                        href="{% url 'passbook_admin:factor-delete' pk=factor.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
-                    {% get_links factor as links %}
-                    {% for name, href in links.items %}
-                    <a class="btn btn-default btn-sm"
-                        href="{{ href }}?back={{ request.get_full_path }}">{% trans name %}</a>
-                    {% endfor %}
-                </td>
-            </tr>
-            {% endfor %}
-        </tbody>
-    </table>
-</div>
+</section>
+<section class="pf-c-page__main-section pf-m-no-padding-mobile">
+    <div class="pf-c-card">
+        <div class="pf-c-toolbar" id="page-layout-table-simple-toolbar-top">
+            <div class="pf-c-toolbar__action-group">
+                <div class="pf-c-dropdown">
+                    <button class="pf-m-primary pf-c-dropdown__toggle" type="button">
+                        <span class="pf-c-dropdown__toggle-text">{% trans 'Create' %}</span>
+                        <i class="fas fa-caret-down pf-c-dropdown__toggle-icon" aria-hidden="true"></i>
+                    </button>
+                    <ul class="pf-c-dropdown__menu" hidden>
+                        {% for type, name in types.items %}
+                        <li>
+                            <a class="pf-c-dropdown__menu-item" href="{% url 'passbook_admin:factor-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a>
+                        </li>
+                        {% endfor %}
+                    </ul>
+                </div>
+            </div>
+            {% include 'partials/pagination.html' %}
+        </div>
+        <table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
+            <thead>
+                <tr role="row">
+                    <th role="columnheader" scope="col">{% trans 'Name' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Order' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Enabled' %}</th>
+                    <th role="cell"></th>
+                </tr>
+            </thead>
+            <tbody role="rowgroup">
+                {% for factor in object_list %}
+                <tr role="row">
+                    <th role="columnheader">
+                        <div>
+                            <div>{{ factor.name }} ({{ factor.slug }})</div>
+                            <small>{{ factor|verbose_name }}</small>
+                        </div>
+                    </th>
+                    <td role="cell">
+                        <span>
+                            {{ factor.order }}
+                        </span>
+                    </td>
+                    <td role="cell">
+                        <span>
+                            {{ factor.enabled }}
+                        </span>
+                    </td>
+                    <td>
+                        <a class="pf-c-button pf-m-secondary" href="{% url 'passbook_admin:factor-update' pk=factor.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
+                        <a class="pf-c-button pf-m-danger" href="{% url 'passbook_admin:factor-delete' pk=factor.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
+                        {% get_links factor as links %}
+                        {% for name, href in links.items %}
+                        <a class="pf-c-button pf-m-tertiary" href="{{ href }}?back={{ request.get_full_path }}">{% trans name %}</a>
+                        {% endfor %}
+                    </td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+        <div class="pf-c-toolbar" id="page-layout-table-simple-toolbar-bottom">
+            {% include 'partials/pagination.html' %}
+        </div>
+    </div>
+</section>
 {% endblock %}

passbook/admin/templates/administration/group/list.html

@@ -3,43 +3,64 @@
 {% load i18n %}
 {% load utils %}
 
-{% block title %}
-{% title %}
-{% endblock %}
-
 {% block content %}
-<div class="container">
-    <h1><span class="pficon-users"></span> {% trans "Groups" %}</h1>
-    <span>{% trans "Group users together and give them permissions based on the membership." %}</span>
-    <hr>
-    <a href="{% url 'passbook_admin:group-create' %}?back={{ request.get_full_path }}" class="btn btn-primary">
-        {% trans 'Create...' %}
-    </a>
-    <hr>
-    <table class="table table-striped table-bordered">
-        <thead>
-            <tr>
-                <th>{% trans 'Name' %}</th>
-                <th>{% trans 'Parent' %}</th>
-                <th>{% trans 'Members' %}</th>
-                <th></th>
-            </tr>
-        </thead>
-        <tbody>
-            {% for group in object_list %}
-            <tr>
-                <td>{{ group.name }}</td>
-                <td>{{ group.parent }}</td>
-                <td>{{ group.user_set.all|length }}</td>
-                <td>
-                    <a class="btn btn-default btn-sm"
-                        href="{% url 'passbook_admin:group-update' pk=group.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
-                    <a class="btn btn-default btn-sm"
-                        href="{% url 'passbook_admin:group-delete' pk=group.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
-                </td>
-            </tr>
-            {% endfor %}
-        </tbody>
-    </table>
-</div>
+<section class="pf-c-page__main-section pf-m-light">
+    <div class="pf-c-content">
+        <h1>
+            <i class="pf-icon pf-icon-users"></i>
+            {% trans 'Groups' %}
+        </h1>
+        <p>{% trans "Group users together and give them permissions based on the membership." %}
+        </p>
+    </div>
+</section>
+<section class="pf-c-page__main-section pf-m-no-padding-mobile">
+    <div class="pf-c-card">
+        <div class="pf-c-toolbar" id="page-layout-table-simple-toolbar-top">
+            <div class="pf-c-toolbar__action-group">
+                <a href="{% url 'passbook_admin:group-create' %}?back={{ request.get_full_path }}"
+                    class="pf-c-button pf-m-primary" type="button">{% trans 'Create' %}</a>
+            </div>
+            {% include 'partials/pagination.html' %}
+        </div>
+        <table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
+            <thead>
+                <tr role="row">
+                    <th role="columnheader" scope="col">{% trans 'Name' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Parent' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Members' %}</th>
+                    <th role="cell"></th>
+                </tr>
+            </thead>
+            <tbody role="rowgroup">
+                {% for group in object_list %}
+                <tr role="row">
+                    <td role="cell">
+                        <span>
+                            {{ group.name }}
+                        </span>
+                    </td>
+                    <td role="cell">
+                        <span>
+                            {{ group.parent }}
+                        </span>
+                    </td>
+                    <td role="cell">
+                        <span>
+                            {{ group.user_set.all|length }}
+                        </span>
+                    </td>
+                    <td>
+                        <a class="pf-c-button pf-m-secondary" href="{% url 'passbook_admin:group-update' pk=group.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
+                        <a class="pf-c-button pf-m-danger" href="{% url 'passbook_admin:group-delete' pk=group.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
+                    </td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+        <div class="pf-c-toolbar" id="page-layout-table-simple-toolbar-bottom">
+            {% include 'partials/pagination.html' %}
+        </div>
+    </div>
+</section>
 {% endblock %}

passbook/admin/templates/administration/invitation/list.html

@@ -3,41 +3,57 @@
 {% load i18n %}
 {% load utils %}
 
-{% block title %}
-{% title %}
-{% endblock %}
-
 {% block content %}
-<div class="container">
-    <h1><span class="pficon-migration"></span> {% trans "Invitations" %}</h1>
-    <span>{% trans "Create Invitation Links which optionally force a username or expire on a set date." %}</span>
-    <hr>
-    <a href="{% url 'passbook_admin:invitation-create' %}?back={{ request.get_full_path }}" class="btn btn-primary">
-        {% trans 'Create...' %}
-    </a>
-    <hr>
-    <table class="table table-striped table-bordered">
-        <thead>
-            <tr>
-                <th>{% trans 'Expiry' %}</th>
-                <th>{% trans 'Link' %}</th>
-                <th></th>
-            </tr>
-        </thead>
-        <tbody>
-            {% for invitation in object_list %}
-            <tr>
-                <td>{{ invitation.expires|default:"Never" }}</td>
-                <td>
-                    <pre>{{ invitation.link }}</pre>
-                </td>
-                <td>
-                    <a class="btn btn-default btn-sm"
-                        href="{% url 'passbook_admin:invitation-delete' pk=invitation.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
-                </td>
-            </tr>
-            {% endfor %}
-        </tbody>
-    </table>
-</div>
+<section class="pf-c-page__main-section pf-m-light">
+    <div class="pf-c-content">
+        <h1>
+            <i class="pf-icon pf-icon-migration"></i>
+            {% trans 'Invitations' %}
+        </h1>
+        <p>{% trans "Create Invitation Links to enroll Users, and optionally force a username or expire on a set date." %}
+        </p>
+    </div>
+</section>
+<section class="pf-c-page__main-section pf-m-no-padding-mobile">
+    <div class="pf-c-card">
+        <div class="pf-c-toolbar" id="page-layout-table-simple-toolbar-top">
+            <div class="pf-c-toolbar__action-group">
+                <a href="{% url 'passbook_admin:invitation-create' %}?back={{ request.get_full_path }}"
+                    class="pf-c-button pf-m-primary" type="button">{% trans 'Create' %}</a>
+            </div>
+            {% include 'partials/pagination.html' %}
+        </div>
+        <table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
+            <thead>
+                <tr role="row">
+                    <th role="columnheader" scope="col">{% trans 'Expiry' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Link' %}</th>
+                    <th role="cell"></th>
+                </tr>
+            </thead>
+            <tbody role="rowgroup">
+                {% for invitation in object_list %}
+                <tr role="row">
+                    <td role="cell">
+                        <span>
+                            {{ invitation.expiry }}
+                        </span>
+                    </td>
+                    <td role="cell">
+                        <span>
+                            {{ invitation.Link }}
+                        </span>
+                    </td>
+                    <td>
+                        <a class="pf-c-button pf-m-danger" href="{% url 'passbook_admin:invitation-delete' pk=invitation.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
+                    </td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+        <div class="pf-c-toolbar" id="page-layout-table-simple-toolbar-bottom">
+            {% include 'partials/pagination.html' %}
+        </div>
+    </div>
+</section>
 {% endblock %}

passbook/admin/templates/administration/overview.html

@@ -3,246 +3,177 @@
 {% load i18n %}
 
 {% block content %}
-<div class="container">
-    <div class="col-xs-6 col-sm-2 col-md-2">
-        <div class="card-pf card-pf-accented card-pf-aggregate-status">
-            <h2 class="card-pf-title">
-                <a href="{% url 'passbook_admin:applications' %}">
-                    <span class="pficon-applications"></span>
-                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Applications' %}
-                </a>
-            </h2>
-            <div class="card-pf-body">
-                <p class="card-pf-aggregate-status-notifications">
-                    <span class="card-pf-aggregate-status-notification">
-                        <a href="{% url 'passbook_admin:applications' %}">
-                            <span class="pficon pficon-ok"></span>{{ application_count }}
-                        </a>
-                    </span>
-                </p>
+<section class="pf-c-page__main-section pf-m-light">
+    <div class="pf-c-content">
+        <h1>{% trans 'System Overview' %}</h1>
+    </div>
+</section>
+<section class="pf-c-page__main-section">
+    <div class="pf-l-gallery pf-m-gutter">
+        <a href="{% url 'passbook_admin:applications' %}" class="pf-c-card pf-m-hoverable pf-m-compact">
+            <div class="pf-c-card__head">
+                <div class="pf-c-card__head-main">
+                    <i class="pf-icon pf-icon-applications"></i> {% trans 'Applications' %}
+                </div>
+            </div>
+            <div class="pf-c-card__body">
+                <i class="pf-icon pf-icon-ok"></i> {{ application_count }}
+            </div>
+        </a>
+
+        <a href="{% url 'passbook_admin:sources' %}" class="pf-c-card pf-m-hoverable pf-m-compact">
+            <div class="pf-c-card__head">
+                <div class="pf-c-card__head-main">
+                    <i class="pf-icon pf-icon-middleware"></i> {% trans 'Sources' %}
+                </div>
+            </div>
+            <div class="pf-c-card__body">
+                <i class="pf-icon pf-icon-ok"></i> {{ source_count }}
+            </div>
+        </a>
+
+        <a href="{% url 'passbook_admin:providers' %}" class="pf-c-card pf-m-hoverable pf-m-compact">
+            <div class="pf-c-card__head">
+                <div class="pf-c-card__head-main">
+                    <i class="pf-icon pf-icon-plugged"></i> {% trans 'Providers' %}
+                </div>
+            </div>
+            <div class="pf-c-card__body">
+                {% if providers_without_application.exists %}
+                <i class="pf-icon pf-icon-warning-triangle"></i> {{ provider_count }}
+                <p>{% trans 'Warning: At least one Provider has no application assigned.' %}</p>
+                {% else %}
+                <i class="pf-icon pf-icon-ok"></i> {{ provider_count }}
+                {% endif %}
+            </div>
+        </a>
+
+        <a href="{% url 'passbook_admin:factors' %}" class="pf-c-card pf-m-hoverable pf-m-compact">
+            <div class="pf-c-card__head">
+                <div class="pf-c-card__head-main">
+                    <i class="pf-icon pf-icon-plugged"></i> {% trans 'Factors' %}
+                </div>
+            </div>
+            <div class="pf-c-card__body">
+                {% if factor_count < 1 %}
+                <i class="pficon-error-circle-o"></i> {{ factor_count }}
+                <p>{% trans 'No Factors configured. No Users will be able to login.' %}"></p>
+                {% else %}
+                <i class="pf-icon pf-icon-ok"></i> {{ factor_count }}
+                {% endif %}
+            </div>
+        </a>
+
+        <a href="{% url 'passbook_admin:policies' %}" class="pf-c-card pf-m-hoverable pf-m-compact">
+            <div class="pf-c-card__head">
+                <div class="pf-c-card__head-main">
+                    <i class="pf-icon pf-icon-infrastructure"></i> {% trans 'Policies' %}
+                </div>
+            </div>
+            <div class="pf-c-card__body">
+                {% if policies_without_binding %}
+                <i class="pf-icon pf-icon-warning-triangle"></i> {{ policy_count }}
+                <p>{% trans 'Policies without binding exist.' %}</p>
+                {% else %}
+                <i class="pf-icon pf-icon-ok"></i> {{ policy_count }}
+                {% endif %}
+            </div>
+        </a>
+
+        <a href="{% url 'passbook_admin:invitations' %}" class="pf-c-card pf-m-hoverable pf-m-compact">
+            <div class="pf-c-card__head">
+                <div class="pf-c-card__head-main">
+                    <i class="pf-icon pf-icon-migration"></i> {% trans 'Invitation' %}
+                </div>
+            </div>
+            <div class="pf-c-card__body">
+                <i class="pf-icon pf-icon-ok"></i> {{ invitation_count }}
+            </div>
+        </a>
+
+        <a href="{% url 'passbook_admin:users' %}" class="pf-c-card pf-m-hoverable pf-m-compact">
+            <div class="pf-c-card__head">
+                <div class="pf-c-card__head-main">
+                    <i class="pf-icon pf-icon-user"></i> {% trans 'Users' %}
+                </div>
+            </div>
+            <div class="pf-c-card__body">
+                <i class="pf-icon pf-icon-ok"></i> {{ user_count }}
+            </div>
+        </a>
+
+        <div class="pf-c-card pf-m-hoverable pf-m-compact">
+            <div class="pf-c-card__head">
+                <div class="pf-c-card__head-main">
+                    <i class="pf-icon pf-icon-bundle"></i> {% trans 'Version' %}
+                </div>
+            </div>
+            <div class="pf-c-card__body">
+                <i class="pf-icon pf-icon-ok"></i> {{ version }}
             </div>
         </div>
-    </div>
-    <div class="col-xs-6 col-sm-2 col-md-2">
-        <div class="card-pf card-pf-accented card-pf-aggregate-status">
-            <h2 class="card-pf-title">
-                <a href="{% url 'passbook_admin:sources' %}">
-                    <span class="pficon-resource-pool"></span>
-                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Sources' %}
-                </a>
-            </h2>
-            <div class="card-pf-body">
-                <p class="card-pf-aggregate-status-notifications">
-                    <span class="card-pf-aggregate-status-notification">
-                        <a href="{% url 'passbook_admin:sources' %}">
-                            <span class="pficon pficon-ok"></span>{{ source_count }}
-                        </a>
-                    </span>
-                </p>
+
+        <div class="pf-c-card pf-m-hoverable pf-m-compact">
+            <div class="pf-c-card__head">
+                <div class="pf-c-card__head-main">
+                    <i class="pf-icon pf-icon-server"></i> {% trans 'Workers' %}
+                </div>
+            </div>
+            <div class="pf-c-card__body">
+                {% if worker_count < 1 %}
+                <i class="pf-icon pf-icon-warning-triangle"></i> {{ worker_count }}
+                <p>{% trans 'No workers connected.' %}</p>
+                {% else %}
+                <i class="pf-icon pf-icon-ok"></i> {{ worker_count }}
+                {% endif %}
             </div>
         </div>
-    </div>
-    <div class="col-xs-6 col-sm-2 col-md-2">
-        <div class="card-pf card-pf-accented card-pf-aggregate-status">
-            <h2 class="card-pf-title">
-                <a href="{% url 'passbook_admin:providers' %}">
-                    <span class="pficon-integration"></span>
-                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Providers' %}
-                </a>
-            </h2>
-            <div class="card-pf-body">
-                <p class="card-pf-aggregate-status-notifications">
-                    <span class="card-pf-aggregate-status-notification">
-                        <a href="{% url 'passbook_admin:providers' %}">
-                            {% if providers_without_application.exists %}
-                            <span class="pficon-warning-triangle-o" data-toggle="tooltip" data-placement="right" title="{% trans 'Warning: At least one Provider has no application assigned.' %}"></span> {{ provider_count }}
-                            {% else %}
-                            <span class="pficon pficon-ok"></span> {{ provider_count }}
-                            {% endif %}
-                        </a>
-                    </span>
-                </p>
+
+        <a class="pf-c-card pf-m-hoverable pf-m-compact" data-target="modal" data-modal="clearCacheModalRoot">
+            <div class="pf-c-card__head">
+                <div class="pf-c-card__head-main">
+                    <i class="pf-icon pf-icon-server"></i> {% trans 'Cached Policies' %}
+                </div>
             </div>
-        </div>
-    </div>
-    <div class="col-xs-6 col-sm-2 col-md-2">
-        <div class="card-pf card-pf-accented card-pf-aggregate-status">
-            <h2 class="card-pf-title">
-                <a href="{% url 'passbook_admin:factors' %}">
-                    <span class="pficon-plugged"></span>
-                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Factors' %}
-                </a>
-            </h2>
-            <div class="card-pf-body">
-                <p class="card-pf-aggregate-status-notifications">
-                    <span class="card-pf-aggregate-status-notification">
-                        {% if factor_count < 1 %}
-                        <span class="pficon-error-circle-o" data-toggle="tooltip" data-placement="right"
-                            title="{% trans 'No Factors configured. No Users will be able to login.' %}"></span>
-                        {{ factor_count }}
-                        {% else %}
-                        <span class="pficon pficon-ok"></span>{{ factor_count }}
-                        {% endif %}
-                    </span>
-                </p>
+            <div class="pf-c-card__body">
+                {% if cached_policies < 1 %}
+                <i class="pf-icon pf-icon-warning-triangle"></i> {{ cached_policies }}
+                <p>{% trans 'No policies cached. Users may experience slow response times.' %}</p>
+                {% else %}
+                <i class="pf-icon pf-icon-ok"></i> {{ cached_policies }}
+                {% endif %}
             </div>
-        </div>
-    </div>
-    <div class="col-xs-6 col-sm-2 col-md-2">
-        <div class="card-pf card-pf-accented card-pf-aggregate-status">
-            <h2 class="card-pf-title">
-                <a href="{% url 'passbook_admin:policies' %}">
-                    <span class="pficon-infrastructure"></span>
-                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Policies' %}
-                </a>
-            </h2>
-            <div class="card-pf-body">
-                <p class="card-pf-aggregate-status-notifications">
-                    <span class="card-pf-aggregate-status-notification">
-                        {% if policies_without_attachment > 0 %}
-                        <span class="pficon-warning-triangle-o" data-toggle="tooltip" data-placement="right"
-                            title="{% trans 'Policies without attachment exist.' %}"></span>
-                        {{ policy_count }}
-                        {% else %}
-                        <span class="pficon pficon-ok"></span>{{ policy_count }}
-                        {% endif %}
-                    </span>
-                </p>
-            </div>
-        </div>
-    </div>
-    <div class="col-xs-6 col-sm-2 col-md-2">
-        <div class="card-pf card-pf-accented card-pf-aggregate-status">
-            <h2 class="card-pf-title">
-                <a href="{% url 'passbook_admin:invitations' %}">
-                    <span class="pficon-migration"></span>
-                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Invitation' %}
-                </a>
-            </h2>
-            <div class="card-pf-body">
-                <p class="card-pf-aggregate-status-notifications">
-                    <span class="card-pf-aggregate-status-notification">
-                        <a href="{% url 'passbook_admin:invitations' %}">
-                            <span class="pficon pficon-ok"></span>{{ invitation_count }}
-                        </a>
-                    </span>
-                </p>
-            </div>
-        </div>
-    </div>
-    <div class="col-xs-6 col-sm-2 col-md-2">
-        <div class="card-pf card-pf-accented card-pf-aggregate-status">
-            <h2 class="card-pf-title">
-                <a href="{% url 'passbook_admin:users' %}">
-                    <span class="pficon-users"></span>
-                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Users' %}
-                </a>
-            </h2>
-            <div class="card-pf-body">
-                <p class="card-pf-aggregate-status-notifications">
-                    <span class="card-pf-aggregate-status-notification">
-                        <a href="{% url 'passbook_admin:users' %}">
-                            <span class="pficon pficon-ok"></span>{{ user_count }}
-                        </a>
-                    </span>
-                </p>
-            </div>
-        </div>
-    </div>
-    <div class="col-xs-6 col-sm-2 col-md-2">
-        <div class="card-pf card-pf-accented card-pf-aggregate-status">
-            <h2 class="card-pf-title">
-                <span class="pficon-bundle"></span>
-                <span class="card-pf-aggregate-status-count"></span> {% trans 'Version' %}
-            </h2>
-            <div class="card-pf-body">
-                <p class="card-pf-aggregate-status-notifications">
-                    <span class="card-pf-aggregate-status-notification">
-                        <a href="#">
-                            {{ version }}
-                        </a>
-                    </span>
-                </p>
-            </div>
-        </div>
-    </div>
-    <div class="col-xs-6 col-sm-2 col-md-2">
-        <div class="card-pf card-pf-accented card-pf-aggregate-status">
-            <h2 class="card-pf-title">
-                <a href="#">
-                    <span class="pficon-server"></span>
-                    <span class="card-pf-aggregate-status-count"></span> {% trans 'Worker(s)' %}
-                </a>
-            </h2>
-            <div class="card-pf-body">
-                <p class="card-pf-aggregate-status-notifications">
-                    <span class="card-pf-aggregate-status-notification">
-                        <a href="#">
-                            {% if worker_count < 1%}
-                            <span class="pficon-warning-triangle-o" data-toggle="tooltip" data-placement="right"
-                                title="{% trans 'No workers connected.' %}"></span> {{ worker_count }}
-                            {% else %}
-                            <span class="pficon pficon-ok"></span>{{ worker_count }}
-                            {% endif %}
-                        </a>
-                    </span>
-                </p>
-            </div>
-        </div>
-    </div>
-    <div class="col-xs-6 col-sm-2 col-md-2">
-        <div class="card-pf card-pf-accented card-pf-aggregate-status">
-            <h2 class="card-pf-title">
-                <span class="pficon-server"></span>
-                <span class="card-pf-aggregate-status-count"></span> {% trans 'Cached Policies' %}
-            </h2>
-            <div class="card-pf-body">
-                <p class="card-pf-aggregate-status-notifications">
-                    <span class="card-pf-aggregate-status-notification">
-                        <a href="#" data-toggle="modal" data-target="#clearCacheMOdal">
-                            {% if cached_policies < 1 %}
-                            <span class="pficon-warning-triangle-o" data-toggle="tooltip" data-placement="right"
-                                title="{% trans 'No policies cached. Users may experience slow response times.' %}"></span> {{ cached_policies }}
-                            {% else %}
-                            <span class="pficon pficon-ok"></span>{{ cached_policies }}
-                            {% endif %}
-                        </a>
-                    </span>
-                </p>
-            </div>
-        </div>
-    </div>
+        </a>
+    </section>
 </div>
-<div class="modal fade" id="clearCacheMOdal" tabindex="-1" role="dialog" aria-labelledby="clearCacheMOdalLabel" aria-hidden="true">
-  <div class="modal-dialog">
-    <div class="modal-content">
-      <div class="modal-header">
-        <button type="button" class="close" data-dismiss="modal" aria-hidden="true">
-          <span class="pficon pficon-close"></span>
-        </button>
-        <h4 class="modal-title" id="clearCacheMOdalLabel">{% trans 'Clear Cache' %}</h4>
-      </div>
-      <div class="modal-body">
-        <form method="post" id="clearForm">
-            {% csrf_token %}
-            <input type="hidden" name="clear">
-            <p>
-                {% blocktrans %}
-                    Are you sure you want to clear the cache? This includes all user sessions and all cached Policy results.
-                {% endblocktrans %}
-            </p>
-            <h3>
-                {% blocktrans %}
-                    This will also log you out.
-                {% endblocktrans %}
-            </h3>
-        </form>
-      </div>
-      <div class="modal-footer">
-        <button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
-        <button form="clearForm" type="submit" type="button" class="btn btn-danger">{% trans 'Clear' %}</button>
-      </div>
+<div class="pf-c-backdrop" id="clearCacheModalRoot" hidden>
+    <div class="pf-l-bullseye">
+        <div class="pf-c-modal-box pf-m-sm" role="dialog">
+            <button data-modal-close class="pf-c-button pf-m-plain" type="button" aria-label="Close dialog">
+                <i class="fas fa-times" aria-hidden="true"></i>
+            </button>
+            <h1 class="pf-c-title pf-m-2xl" id="modal-title">{% trans 'Clear Cache' %}?</h1>
+            <div class="pf-c-modal-box__body" id="modal-description">
+                <form method="post" id="clearForm">
+                    {% csrf_token %}
+                    <input type="hidden" name="clear">
+                    <p>
+                        {% blocktrans %}
+                        Are you sure you want to clear the cache? This includes all user sessions and all cached Policy results.
+                        {% endblocktrans %}
+                    </p>
+                    <h3>
+                        {% blocktrans %}
+                        This will also log you out.
+                        {% endblocktrans %}
+                    </h3>
+                </form>
+            </div>
+            <footer class="pf-c-modal-box__footer pf-m-align-left">
+                <button form="clearForm" class="pf-c-button pf-m-primary" type="submit">{% trans 'Clear' %}</button>
+                <button data-modal-close class="pf-c-button pf-m-link" type="button">{% trans 'Cancel' %}</button>
+            </footer>
+        </div>
     </div>
-  </div>
 </div>
 {% endblock %}

passbook/admin/templates/administration/policy/list.html

@@ -3,60 +3,76 @@
 {% load i18n %}
 {% load utils %}
 
-{% block title %}
-{% title %}
-{% endblock %}
-
 {% block content %}
-<div class="container">
-    <h1><span class="pficon-infrastructure"></span> {% trans "Policies" %}</h1>
-    <span>{% trans "Allow users to use Applications based on properties, enforce Password Criteria and selectively apply Factors." %}</span>
-    <hr>
-    <div class="dropdown">
-        <button class="btn btn-primary dropdown-toggle" type="button" id="createDropdown" data-toggle="dropdown">
-            {% trans 'Create...' %}
-            <span class="caret"></span>
-        </button>
-        <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
-            {% for type, name in types.items %}
-            <li role="presentation"><a role="menuitem" tabindex="-1"
-                    href="{% url 'passbook_admin:policy-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a></li>
-            {% endfor %}
-        </ul>
+<section class="pf-c-page__main-section pf-m-light">
+    <div class="pf-c-content">
+        <h1>
+            <i class="pf-icon pf-icon-infrastructure"></i>
+            {% trans 'Policies' %}
+        </h1>
+        <p>{% trans "Allow users to use Applications based on properties, enforce Password Criteria and selectively apply Factors." %}</p>
     </div>
-    <hr>
-    <table class="table table-striped table-bordered">
-        <thead>
-            <tr>
-                <th></th>
-                <th>{% trans 'Name' %}</th>
-                <th>{% trans 'Type' %}</th>
-                <th></th>
-            </tr>
-        </thead>
-        <tbody>
-            {% for policy in object_list %}
-            <tr {% if not policy.policymodel_set.exists %} class="warning" {% endif %}>
-                <th>
-                    {% if not policy.policymodel_set.exists %}
-                    <span class="pficon-warning-triangle-o" data-toggle="tooltip" data-placement="right" title="{% trans 'Warning: Policy is not assigned.' %}"></span>
-                    {% else %}
-                    <span class="pficon-ok" data-toggle="tooltip" data-placement="right" title="{% blocktrans with objects=policy.policymodel_set.all|join:', ' %}Assigned to objects {{ objects }}{% endblocktrans %}"></span>
-                    {% endif %}
-                </th>
-                <td>{{ policy.name }}</td>
-                <td>{{ policy|verbose_name }}</td>
-                <td>
-                    <a class="btn btn-default btn-sm"
-                        href="{% url 'passbook_admin:policy-update' pk=policy.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
-                    <a class="btn btn-default btn-sm"
-                        href="{% url 'passbook_admin:policy-test' pk=policy.uuid %}?back={{ request.get_full_path }}">{% trans 'Test' %}</a>
-                    <a class="btn btn-default btn-sm"
-                        href="{% url 'passbook_admin:policy-delete' pk=policy.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
-                </td>
-            </tr>
-            {% endfor %}
-        </tbody>
-    </table>
-</div>
+</section>
+<section class="pf-c-page__main-section pf-m-no-padding-mobile">
+    <div class="pf-c-card">
+        <div class="pf-c-toolbar" id="page-layout-table-simple-toolbar-top">
+            <div class="pf-c-toolbar__action-group">
+                <div class="pf-c-dropdown">
+                    <button class="pf-m-primary pf-c-dropdown__toggle" type="button">
+                        <span class="pf-c-dropdown__toggle-text">{% trans 'Create' %}</span>
+                        <i class="fas fa-caret-down pf-c-dropdown__toggle-icon" aria-hidden="true"></i>
+                    </button>
+                    <ul class="pf-c-dropdown__menu" hidden>
+                        {% for type, name in types.items %}
+                        <li>
+                            <a class="pf-c-dropdown__menu-item" href="{% url 'passbook_admin:policy-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a>
+                        </li>
+                        {% endfor %}
+                    </ul>
+                </div>
+            </div>
+            {% include 'partials/pagination.html' %}
+        </div>
+        <table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
+            <thead>
+                <tr role="row">
+                    <th role="columnheader" scope="col">{% trans 'Name' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Type' %}</th>
+                    <th role="cell"></th>
+                </tr>
+            </thead>
+            <tbody role="rowgroup">
+                {% for policy in object_list %}
+                <tr role="row">
+                    <th role="columnheader">
+                        <div>
+                            <div>{{ policy.name }}</div>
+                            {% if not policy.policymodel_set.exists %}
+                            <i class="pf-icon pf-icon-warning-triangle"></i>
+                            <small>{% trans 'Warning: Policy is not assigned.' %}</small>
+                            {% else %}
+                            <i class="pf-icon pf-icon-ok"></i>
+                            <small>{% blocktrans with object_count=policy.policymodel_set.all|length %}Assigned to {{ object_count }} objects.{% endblocktrans %}</small>
+                            {% endif %}
+                        </div>
+                    </th>
+                    <td role="cell">
+                        <span>
+                            {{ policy|verbose_name }}
+                        </span>
+                    </td>
+                    <td>
+                        <a class="pf-c-button pf-m-secondary" href="{% url 'passbook_admin:policy-update' pk=policy.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
+                        <a class="pf-c-button pf-m-tertiary" href="{% url 'passbook_admin:policy-test' pk=policy.pk %}?back={{ request.get_full_path }}">{% trans 'Test' %}</a>
+                        <a class="pf-c-button pf-m-danger" href="{% url 'passbook_admin:policy-delete' pk=policy.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
+                    </td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+        <div class="pf-c-toolbar" id="page-layout-table-simple-toolbar-bottom">
+            {% include 'partials/pagination.html' %}
+        </div>
+    </div>
+</section>
 {% endblock %}

passbook/admin/templates/administration/property_mapping/list.html

@@ -3,50 +3,70 @@
 {% load i18n %}
 {% load utils %}
 
-{% block title %}
-{% title %}
-{% endblock %}
-
 {% block content %}
-<div class="container">
-    <h1><span class="fa fa-table"></span> {% trans "Property Mappings" %}</h1>
-    <span>{% trans "Property Mappings allow you expose provider-specific attributes." %}</span>
-    <hr>
-    <div class="dropdown">
-        <button class="btn btn-primary dropdown-toggle" type="button" id="createDropdown" data-toggle="dropdown">
-            {% trans 'Create...' %}
-            <span class="caret"></span>
-        </button>
-        <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
-            {% for type, name in types.items %}
-            <li role="presentation"><a role="menuitem" tabindex="-1"
-                    href="{% url 'passbook_admin:property-mapping-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a></li>
-            {% endfor %}
-        </ul>
+<section class="pf-c-page__main-section pf-m-light">
+    <div class="pf-c-content">
+        <h1>
+            <i class="pf-icon pf-icon-blueprint"></i>
+            {% trans 'Property Mappings' %}
+        </h1>
+        <p>{% trans "Control how passbook exposes and interprets information." %}
+        </p>
     </div>
-    <hr>
-    <table class="table table-striped table-bordered">
-        <thead>
-            <tr>
-                <th>{% trans 'Name' %}</th>
-                <th>{% trans 'Type' %}</th>
-                <th></th>
-            </tr>
-        </thead>
-        <tbody>
-            {% for property_mapping in object_list %}
-            <tr>
-                <td>{{ property_mapping.name }}</td>
-                <td>{{ property_mapping|verbose_name }}</td>
-                <td>
-                    <a class="btn btn-default btn-sm"
-                        href="{% url 'passbook_admin:property-mapping-update' pk=property_mapping.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
-                    <a class="btn btn-default btn-sm"
-                        href="{% url 'passbook_admin:property-mapping-delete' pk=property_mapping.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
-                </td>
-            </tr>
-            {% endfor %}
-        </tbody>
-    </table>
-</div>
+</section>
+<section class="pf-c-page__main-section pf-m-no-padding-mobile">
+    <div class="pf-c-card">
+        <div class="pf-c-toolbar" id="page-layout-table-simple-toolbar-top">
+            <div class="pf-c-toolbar__action-group">
+                <div class="pf-c-dropdown">
+                    <button class="pf-m-primary pf-c-dropdown__toggle" type="button">
+                        <span class="pf-c-dropdown__toggle-text">{% trans 'Create' %}</span>
+                        <i class="fas fa-caret-down pf-c-dropdown__toggle-icon" aria-hidden="true"></i>
+                    </button>
+                    <ul class="pf-c-dropdown__menu" hidden>
+                        {% for type, name in types.items %}
+                        <li>
+                            <a class="pf-c-dropdown__menu-item"
+                                href="{% url 'passbook_admin:property-mapping-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a>
+                        </li>
+                        {% endfor %}
+                    </ul>
+                </div>
+            </div>
+            {% include 'partials/pagination.html' %}
+        </div>
+        <table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
+            <thead>
+                <tr role="row">
+                    <th role="columnheader" scope="col">{% trans 'Name' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Type' %}</th>
+                    <th role="cell"></th>
+                </tr>
+            </thead>
+            <tbody role="rowgroup">
+                {% for property_mapping in object_list %}
+                <tr role="row">
+                    <td role="cell">
+                        <span>
+                            {{ property_mapping.name }}
+                        </span>
+                    </td>
+                    <td role="cell">
+                        <span>
+                            {{ property_mapping|verbose_name }}
+                        </span>
+                    </td>
+                    <td>
+                        <a class="pf-c-button pf-m-secondary" href="{% url 'passbook_admin:property-mapping-update' pk=property_mapping.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
+                        <a class="pf-c-button pf-m-danger" href="{% url 'passbook_admin:property-mapping-delete' pk=property_mapping.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
+                    </td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+        <div class="pf-c-toolbar" id="page-layout-table-simple-toolbar-bottom">
+            {% include 'partials/pagination.html' %}
+        </div>
+    </div>
+</section>
 {% endblock %}

passbook/admin/templates/administration/provider/list.html

@@ -4,67 +4,88 @@
 {% load utils %}
 {% load admin_reflection %}
 
-{% block title %}
-{% title %}
-{% endblock %}
-
 {% block content %}
-<div class="container">
-    <h1><span class="pficon-integration"></span> {% trans "Providers" %}</h1>
-    <span>{% trans "Authentication Protocol Provider, used as Protocol behind an Application." %}</span>
-    <hr>
-    <div class="dropdown">
-        <button class="btn btn-primary dropdown-toggle" type="button" id="createDropdown" data-toggle="dropdown">
-            {% trans 'Create...' %}
-            <span class="caret"></span>
-        </button>
-        <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
-            {% for type, name in types.items %}
-            <li role="presentation"><a role="menuitem" tabindex="-1"
-                    href="{% url 'passbook_admin:provider-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a></li>
-            {% endfor %}
-        </ul>
+<section class="pf-c-page__main-section pf-m-light">
+    <div class="pf-c-content">
+        <h1>
+            <i class="pf-icon pf-icon-integration"></i>
+            {% trans 'Providers' %}
+        </h1>
+        <p>{% trans "Provide support for protocols like SAML and OAuth to assigned applications." %}
+    </p>
     </div>
-    <hr>
-    <table class="table table-striped table-bordered">
-        <thead>
-            <tr>
-                <th></th>
-                <th>{% trans 'Name' %}</th>
-                <th>{% trans 'Type' %}</th>
-                <th></th>
-            </tr>
-        </thead>
-        <tbody>
-            {% for provider in object_list %}
-            <tr {% if not provider.application %} class="warning" {% endif %}>
-                <th>
-                    {% if not provider.application %}
-                    <span class="pficon-warning-triangle-o" data-toggle="tooltip" data-placement="right" title="{% trans 'Warning: Provider has no application assigned.' %}"></span>
-                    {% else %}
-                    <span class="pficon-ok" data-toggle="tooltip" data-placement="right" title="{% blocktrans with app=provider.application %}Assigned to Application {{ app }}{% endblocktrans %}"></span>
-                    {% endif %}
-                </th>
-                <td>{{ provider.name }}</td>
-                <td>{{ provider|verbose_name }}</td>
-                <td>
-                    <a class="btn btn-default btn-sm"
-                        href="{% url 'passbook_admin:provider-update' pk=provider.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
-                    <a class="btn btn-default btn-sm"
-                        href="{% url 'passbook_admin:provider-delete' pk=provider.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
-                    {% get_links provider as links %}
-                    {% for name, href in links.items %}
-                    <a class="btn btn-default btn-sm"
-                        href="{{ href }}?back={{ request.get_full_path }}">{% trans name %}</a>
-                    {% endfor %}
-                    {% get_htmls provider as htmls %}
-                    {% for html in htmls %}
-                    {{ html|safe }}
-                    {% endfor %}
-                </td>
-            </tr>
-            {% endfor %}
-        </tbody>
-    </table>
-</div>
+</section>
+<section class="pf-c-page__main-section pf-m-no-padding-mobile">
+    <div class="pf-c-card">
+        <div class="pf-c-toolbar" id="page-layout-table-simple-toolbar-top">
+            <div class="pf-c-toolbar__action-group">
+                <div class="pf-c-dropdown">
+                    <button class="pf-m-primary pf-c-dropdown__toggle" type="button">
+                        <span class="pf-c-dropdown__toggle-text">{% trans 'Create' %}</span>
+                        <i class="fas fa-caret-down pf-c-dropdown__toggle-icon" aria-hidden="true"></i>
+                    </button>
+                    <ul class="pf-c-dropdown__menu" hidden>
+                        {% for type, name in types.items %}
+                        <li>
+                            <a class="pf-c-dropdown__menu-item" href="{% url 'passbook_admin:provider-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a>
+                        </li>
+                        {% endfor %}
+                    </ul>
+                </div>
+            </div>
+            {% include 'partials/pagination.html' %}
+        </div>
+        <table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
+            <thead>
+                <tr role="row">
+                    <th role="columnheader" scope="col">{% trans 'Name' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Type' %}</th>
+                    <th role="cell"></th>
+                </tr>
+            </thead>
+            <tbody role="rowgroup">
+                {% for provider in object_list %}
+                <tr role="row">
+                    <th role="columnheader">
+                        <div>
+                            <div>{{ provider.name }}</div>
+                            {% if not provider.application %}
+                            <i class="pf-icon pf-icon-warning-triangle"></i>
+                            <small>{% trans 'Warning: Provider not assigned to any application.' %}</small>
+                            {% else %}
+                            <i class="pf-icon pf-icon-ok"></i>
+                            <small>
+                                {% blocktrans with app=provider.application %}
+                                    Assigned to application {{ app }}.
+                                {% endblocktrans %}
+                            </small>
+                            {% endif %}
+                        </div>
+                    </th>
+                    <td role="cell">
+                        <span>
+                            {{ provider|verbose_name }}
+                        </span>
+                    </td>
+                    <td>
+                        <a class="pf-c-button pf-m-secondary" href="{% url 'passbook_admin:provider-update' pk=provider.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
+                        <a class="pf-c-button pf-m-danger" href="{% url 'passbook_admin:provider-delete' pk=provider.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
+                        {% get_links provider as links %}
+                        {% for name, href in links.items %}
+                            <a class="pf-c-button pf-m-tertiary" href="{{ href }}?back={{ request.get_full_path }}">{% trans name %}</a>
+                        {% endfor %}
+                        {% get_htmls provider as htmls %}
+                        {% for html in htmls %}
+                            {{ html|safe }}
+                        {% endfor %}
+                    </td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+        <div class="pf-c-toolbar" id="page-layout-table-simple-toolbar-bottom">
+            {% include 'partials/pagination.html' %}
+        </div>
+    </div>
+</section>
 {% endblock %}

passbook/admin/templates/administration/source/list.html

@@ -5,52 +5,81 @@
 {% load admin_reflection %}
 
 {% block content %}
-<div class="container">
-    <h1><span class="pficon-resource-pool"></span> {% trans "Sources" %}</h1>
-    <span>{% trans "External Sources which can be used to get Identities into passbook, for example Social Providers like Twiter and GitHub or Enterprise Providers like ADFS and LDAP." %}</span>
-    <hr>
-    <div class="dropdown">
-        <button class="btn btn-primary dropdown-toggle" type="button" id="createDropdown" data-toggle="dropdown">
-            {% trans 'Create...' %}
-            <span class="caret"></span>
-        </button>
-        <ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
-            {% for type, name in types.items %}
-            <li role="presentation"><a role="menuitem" tabindex="-1"
-                    href="{% url 'passbook_admin:source-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a></li>
-            {% endfor %}
-        </ul>
+<section class="pf-c-page__main-section pf-m-light">
+    <div class="pf-c-content">
+        <h1>
+            <i class="pf-icon pf-icon-middleware"></i>
+            {% trans 'Source' %}
+        </h1>
+        <p>{% trans "External Sources which can be used to get Identities into passbook, for example Social Providers like Twiter and GitHub or Enterprise Providers like ADFS and LDAP." %}
+        </p>
     </div>
-    <hr>
-    <table class="table table-striped table-bordered">
-        <thead>
-            <tr>
-                <th>{% trans 'Name' %}</th>
-                <th>{% trans 'Class' %}</th>
-                <th>{% trans 'Additional Info' %}</th>
-                <th></th>
-            </tr>
-        </thead>
-        <tbody>
-            {% for source in object_list %}
-            <tr>
-                <td>{{ source.name }}</td>
-                <td>{{ source|fieldtype }}</td>
-                <td>{{ source.additional_info|safe }}</td>
-                <td>
-                    <a class="btn btn-default btn-sm"
-                        href="{% url 'passbook_admin:source-update' pk=source.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
-                    <a class="btn btn-default btn-sm"
-                        href="{% url 'passbook_admin:source-delete' pk=source.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
-                    {% get_links source as links %}
-                    {% for name, href in links %}
-                    <a class="btn btn-default btn-sm"
-                        href="{{ href }}?back={{ request.get_full_path }}">{% trans name %}</a>
-                    {% endfor %}
-                </td>
-            </tr>
-            {% endfor %}
-        </tbody>
-    </table>
-</div>
+</section>
+<section class="pf-c-page__main-section pf-m-no-padding-mobile">
+    <div class="pf-c-card">
+        <div class="pf-c-toolbar" id="page-layout-table-simple-toolbar-top">
+            <div class="pf-c-toolbar__action-group">
+                <div class="pf-c-dropdown">
+                    <button class="pf-m-primary pf-c-dropdown__toggle" type="button">
+                        <span class="pf-c-dropdown__toggle-text">{% trans 'Create' %}</span>
+                        <i class="fas fa-caret-down pf-c-dropdown__toggle-icon" aria-hidden="true"></i>
+                    </button>
+                    <ul class="pf-c-dropdown__menu" hidden>
+                        {% for type, name in types.items %}
+                        <li>
+                            <a class="pf-c-dropdown__menu-item" href="{% url 'passbook_admin:source-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a>
+                        </li>
+                        {% endfor %}
+                    </ul>
+                </div>
+            </div>
+            {% include 'partials/pagination.html' %}
+        </div>
+        <table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
+            <thead>
+                <tr role="row">
+                    <th role="columnheader" scope="col">{% trans 'Name' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Type' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Additional Info' %}</th>
+                    <th role="cell"></th>
+                </tr>
+            </thead>
+            <tbody role="rowgroup">
+                {% for source in object_list %}
+                <tr role="row">
+                    <th role="columnheader">
+                        <div>
+                            <div>{{ source.name }}</div>
+                            {% if not source.enabled %}
+                            <small>{% trans 'Disabled' %}</small>
+                            {% endif %}
+                        </div>
+                    </th>
+                    <td role="cell">
+                        <span>
+                            {{ source|fieldtype }}
+                        </span>
+                    </td>
+                    <td role="cell">
+                        <span>
+                            {{ source.ui_additional_info|default:""|safe }}
+                        </span>
+                    </td>
+                    <td>
+                        <a class="pf-c-button pf-m-secondary" href="{% url 'passbook_admin:source-update' pk=source.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
+                        <a class="pf-c-button pf-m-danger" href="{% url 'passbook_admin:source-delete' pk=source.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
+                        {% get_links source as links %}
+                        {% for name, href in links %}
+                            <a class="pf-c-button pf-m-tertiary" href="{{ href }}?back={{ request.get_full_path }}">{% trans name %}</a>
+                        {% endfor %}
+                    </td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+        <div class="pf-c-toolbar" id="page-layout-table-simple-toolbar-bottom">
+            {% include 'partials/pagination.html' %}
+        </div>
+    </div>
+</section>
 {% endblock %}

passbook/admin/templates/administration/user/list.html

@@ -4,43 +4,63 @@
 {% load utils %}
 
 {% block content %}
-<div class="container">
-    <h1><span class="pficon-users"></span> {% trans "Users" %}</h1>
-    <hr>
-    <a href="{% url 'passbook_admin:user-create' %}?back={{ request.get_full_path }}" class="btn btn-primary">
-        {% trans 'Create...' %}
-    </a>
-    <hr>
-    <table class="table table-striped table-bordered">
-        <thead>
-            <tr>
-                <th>{% trans 'Username' %}</th>
-                <th>{% trans 'Name' %}</th>
-                <th>{% trans 'Active' %}</th>
-                <th>{% trans 'Last Login' %}</th>
-                <th></th>
-            </tr>
-        </thead>
-        <tbody>
-            {% for user in object_list %}
-            <tr>
-                <td>{{ user.username }}</td>
-                <td>{{ user.name|default:'-' }}</td>
-                <td>{{ user.is_active }}</td>
-                <td>{{ user.last_login }}</td>
-                <td>
-                    <a class="btn btn-default btn-sm"
-                        href="{% url 'passbook_admin:user-update' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
-                    <a class="btn btn-default btn-sm"
-                        href="{% url 'passbook_admin:user-delete' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
-                    <a class="btn btn-default btn-sm"
-                        href="{% url 'passbook_admin:user-password-reset' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Reset Password' %}</a>
-                    <a class="btn btn-default btn-sm"
-                        href="{% url 'passbook_core:overview' %}?__impersonate={{ user.pk }}">{% trans 'Impersonate' %}</a>
-                </td>
-            </tr>
-            {% endfor %}
-        </tbody>
-    </table>
-</div>
+<section class="pf-c-page__main-section pf-m-light">
+    <div class="pf-c-content">
+        <h1>
+            <i class="pf-icon pf-icon-user"></i>
+            {% trans 'Users' %}
+        </h1>
+    </div>
+</section>
+<section class="pf-c-page__main-section pf-m-no-padding-mobile">
+    <div class="pf-c-card">
+        <div class="pf-c-toolbar" id="page-layout-table-simple-toolbar-top">
+            <div class="pf-c-toolbar__action-group">
+                <a href="{% url 'passbook_admin:user-create' %}?back={{ request.get_full_path }}" class="pf-c-button pf-m-primary" type="button">{% trans 'Create' %}</a>
+            </div>
+            {% include 'partials/pagination.html' %}
+        </div>
+        <table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
+            <thead>
+                <tr role="row">
+                    <th role="columnheader" scope="col">{% trans 'Name' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Active' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Last Login' %}</th>
+                    <th role="cell"></th>
+                </tr>
+            </thead>
+            <tbody role="rowgroup">
+                {% for user in object_list %}
+                <tr role="row">
+                    <th role="columnheader">
+                        <div>
+                            <div>{{ user.username }}</div>
+                            <small>{{ user.name }}</small>
+                        </div>
+                    </th>
+                    <td role="cell">
+                        <span>
+                            {{ user.is_active }}
+                        </span>
+                    </td>
+                    <td role="cell">
+                        <span>
+                            {{ user.last_login }}
+                        </span>
+                    </td>
+                    <td>
+                        <a class="pf-c-button pf-m-secondary" href="{% url 'passbook_admin:user-update' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
+                        <a class="pf-c-button pf-m-danger" href="{% url 'passbook_admin:user-delete' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
+                        <a class="pf-c-button pf-m-tertiary" href="{% url 'passbook_admin:user-password-reset' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Reset Password' %}</a>
+                        <a class="pf-c-button pf-m-tertiary" href="{% url 'passbook_core:overview' %}?__impersonate={{ user.pk }}">{% trans 'Impersonate' %}</a>
+                    </td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+        <div class="pf-c-toolbar" id="page-layout-table-simple-toolbar-bottom">
+            {% include 'partials/pagination.html' %}
+        </div>
+    </div>
+</section>
 {% endblock %}

passbook/admin/templates/generic/create.html

@@ -1,4 +1,4 @@
-{% extends "generic/form.html" %}
+{% extends base_template|default:"generic/form.html" %}
 
 {% load utils %}
 {% load i18n %}

passbook/admin/templates/generic/form.html

@@ -19,19 +19,57 @@
 {% endblock %}
 
 {% block content %}
-<div class="container">
-  {% block above_form %}
-  {% endblock %}
-  <div class="">
-    <form action="" method="post" class="form-horizontal">
-      {% include 'partials/form.html' with form=form %}
-      <a class="btn btn-default" href="{% back %}">{% trans "Cancel" %}</a>
-      <input type="submit" class="btn btn-primary" value="{% block action %}{% endblock %}" />
-    </form>
-  </div>
-  {% block beneath_form %}
-  {% endblock %}
-</div>
+<section class="pf-c-page__main-section pf-m-light">
+    <div class="pf-c-content">
+        {% block above_form %}
+        {% endblock %}
+    </div>
+</section>
+<section class="pf-c-page__main-section">
+    <div class="pf-l-stack">
+        <div class="pf-l-stack__item">
+            <div class="pf-c-card">
+                <div class="pf-c-card__body">
+                    <form action="" method="post" class="pf-c-form pf-m-horizontal">
+                        {% include 'partials/form_horizontal.html' with form=form %}
+                        {% block beneath_form %}
+                        {% endblock %}
+                        <div class="pf-c-form__group pf-m-action">
+                            <div class="pf-c-form__horizontal-group">
+                                <div class="pf-c-form__actions">
+                                    <input class="pf-c-button pf-m-primary" type="submit" value="{% block action %}{% endblock %}" />
+                                    <a class="pf-c-button pf-m-secondary" href="{% back %}">{% trans "Cancel" %}</a>
+                                </div>
+                            </div>
+                        </div>
+                    </form>
+                </div>
+            </div>
+        </div>
+    </div>
+</section>
+<script>
+    const attributes = document.getElementsByName('attributes');
+    if (attributes.length > 0) {
+        // https://github.com/codemirror/CodeMirror/issues/5092
+        attributes[0].removeAttribute("required");
+        const attributesCM = CodeMirror.fromTextArea(attributes[0], {
+            mode: 'yaml',
+            theme: 'monokai',
+            lineNumbers: true,
+        });
+    }
+    const expressions = document.getElementsByName('expression');
+    if (expressions.length > 0) {
+        // https://github.com/codemirror/CodeMirror/issues/5092
+        expressions[0].removeAttribute("required");
+        const expressionCM = CodeMirror.fromTextArea(expressions[0], {
+            mode: 'jinja2',
+            theme: 'monokai',
+            lineNumbers: true,
+        });
+    }
+</script>
 {% endblock %}
 
 {% block scripts %}

passbook/admin/templates/generic/list.html

@@ -1,29 +0,0 @@
-{% extends "administration/base.html" %}
-
-{% load i18n %}
-{% load utils %}
-
-{% block content %}
-<div class="container">
-  {% block above_table %}
-  {% endblock %}
-  <table class="table table-striped table-bordered">
-    <thead>
-      <tr>
-        <th>{% trans 'Name' %}</th>
-        <th>{% trans 'Class' %}</th>
-        <th></th>
-      </tr>
-    </thead>
-    <tbody>
-      {% for source in object_list %}
-        <tr>
-          <td>{{ source.name }}</td>
-          <td>{{ source.cast|fieldtype }}</td>
-          <td><a href="{% url 'passbook_admin:source-update' pk=source.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a></td>
-        </tr>
-      {% endfor %}
-    </tbody>
-  </table>
-</div>
-{% endblock %}

passbook/admin/templates/generic/update.html

@@ -1,4 +1,4 @@
-{% extends "generic/form.html" %}
+{% extends base_template|default:"generic/form.html" %}
 
 {% load utils %}
 {% load i18n %}

passbook/admin/templatetags/admin_reflection.py

@@ -3,27 +3,29 @@ import inspect
 
 from django import template
 from django.db.models import Model
+from django.utils.html import mark_safe
 from structlog import get_logger
 
-from passbook.lib.utils.template import render_to_string
-
 register = template.Library()
 LOGGER = get_logger()
 
+
 @register.simple_tag()
 def get_links(model_instance):
     """Find all link_ methods on an object instance, run them and return as dict"""
-    prefix = 'link_'
+    prefix = "link_"
     links = {}
 
     if not isinstance(model_instance, Model):
-        LOGGER.warning("Model %s is not instance of Model", model_instance)
+        LOGGER.warning("Model is not instance of Model", model_instance=model_instance)
         return links
 
     try:
-        for name, method in inspect.getmembers(model_instance, predicate=inspect.ismethod):
+        for name, method in inspect.getmembers(
+            model_instance, predicate=inspect.ismethod
+        ):
             if name.startswith(prefix):
-                human_name = name.replace(prefix, '').replace('_', ' ').capitalize()
+                human_name = name.replace(prefix, "").replace("_", " ").capitalize()
                 link = method()
                 if link:
                     links[human_name] = link
@@ -36,18 +38,21 @@ def get_links(model_instance):
 @register.simple_tag(takes_context=True)
 def get_htmls(context, model_instance):
     """Find all html_ methods on an object instance, run them and return as dict"""
-    prefix = 'html_'
+    prefix = "html_"
     htmls = []
 
     if not isinstance(model_instance, Model):
-        LOGGER.warning("Model %s is not instance of Model", model_instance)
+        LOGGER.warning("Model is not instance of Model", model_instance=model_instance)
         return htmls
 
     try:
-        for name, method in inspect.getmembers(model_instance, predicate=inspect.ismethod):
+        for name, method in inspect.getmembers(
+            model_instance, predicate=inspect.ismethod
+        ):
             if name.startswith(prefix):
-                template, _context = method(context.get('request'))
-                htmls.append(render_to_string(template, _context))
+                html = method(context.get("request"))
+                if html:
+                    htmls.append(mark_safe(html))
     except NotImplementedError:
         pass
 

passbook/admin/urls.py

@@ -1,84 +1,157 @@
 """passbook URL Configuration"""
-from django.urls import include, path
+from django.urls import path
 
-from passbook.admin.views import (applications, audit, debug, factors, groups,
-                                  invitations, overview, policy,
-                                  property_mapping, providers, sources, users)
+from passbook.admin.views import (
+    applications,
+    audit,
+    debug,
+    factors,
+    groups,
+    invitations,
+    overview,
+    policy,
+    property_mapping,
+    providers,
+    sources,
+    users,
+)
 
 urlpatterns = [
-    path('', overview.AdministrationOverviewView.as_view(), name='overview'),
+    path("", overview.AdministrationOverviewView.as_view(), name="overview"),
     # Applications
-    path('applications/', applications.ApplicationListView.as_view(),
-         name='applications'),
-    path('applications/create/', applications.ApplicationCreateView.as_view(),
-         name='application-create'),
-    path('applications/<uuid:pk>/update/',
-         applications.ApplicationUpdateView.as_view(), name='application-update'),
-    path('applications/<uuid:pk>/delete/',
-         applications.ApplicationDeleteView.as_view(), name='application-delete'),
+    path(
+        "applications/", applications.ApplicationListView.as_view(), name="applications"
+    ),
+    path(
+        "applications/create/",
+        applications.ApplicationCreateView.as_view(),
+        name="application-create",
+    ),
+    path(
+        "applications/<uuid:pk>/update/",
+        applications.ApplicationUpdateView.as_view(),
+        name="application-update",
+    ),
+    path(
+        "applications/<uuid:pk>/delete/",
+        applications.ApplicationDeleteView.as_view(),
+        name="application-delete",
+    ),
     # Sources
-    path('sources/', sources.SourceListView.as_view(), name='sources'),
-    path('sources/create/', sources.SourceCreateView.as_view(), name='source-create'),
-    path('sources/<uuid:pk>/update/', sources.SourceUpdateView.as_view(), name='source-update'),
-    path('sources/<uuid:pk>/delete/', sources.SourceDeleteView.as_view(), name='source-delete'),
+    path("sources/", sources.SourceListView.as_view(), name="sources"),
+    path("sources/create/", sources.SourceCreateView.as_view(), name="source-create"),
+    path(
+        "sources/<uuid:pk>/update/",
+        sources.SourceUpdateView.as_view(),
+        name="source-update",
+    ),
+    path(
+        "sources/<uuid:pk>/delete/",
+        sources.SourceDeleteView.as_view(),
+        name="source-delete",
+    ),
     # Policies
-    path('policies/', policy.PolicyListView.as_view(), name='policies'),
-    path('policies/create/', policy.PolicyCreateView.as_view(), name='policy-create'),
-    path('policies/<uuid:pk>/update/', policy.PolicyUpdateView.as_view(), name='policy-update'),
-    path('policies/<uuid:pk>/delete/', policy.PolicyDeleteView.as_view(), name='policy-delete'),
-    path('policies/<uuid:pk>/test/', policy.PolicyTestView.as_view(), name='policy-test'),
+    path("policies/", policy.PolicyListView.as_view(), name="policies"),
+    path("policies/create/", policy.PolicyCreateView.as_view(), name="policy-create"),
+    path(
+        "policies/<uuid:pk>/update/",
+        policy.PolicyUpdateView.as_view(),
+        name="policy-update",
+    ),
+    path(
+        "policies/<uuid:pk>/delete/",
+        policy.PolicyDeleteView.as_view(),
+        name="policy-delete",
+    ),
+    path(
+        "policies/<uuid:pk>/test/", policy.PolicyTestView.as_view(), name="policy-test"
+    ),
     # Providers
-    path('providers/', providers.ProviderListView.as_view(), name='providers'),
-    path('providers/create/',
-         providers.ProviderCreateView.as_view(), name='provider-create'),
-    path('providers/<int:pk>/update/',
-         providers.ProviderUpdateView.as_view(), name='provider-update'),
-    path('providers/<int:pk>/delete/',
-         providers.ProviderDeleteView.as_view(), name='provider-delete'),
+    path("providers/", providers.ProviderListView.as_view(), name="providers"),
+    path(
+        "providers/create/",
+        providers.ProviderCreateView.as_view(),
+        name="provider-create",
+    ),
+    path(
+        "providers/<int:pk>/update/",
+        providers.ProviderUpdateView.as_view(),
+        name="provider-update",
+    ),
+    path(
+        "providers/<int:pk>/delete/",
+        providers.ProviderDeleteView.as_view(),
+        name="provider-delete",
+    ),
     # Factors
-    path('factors/', factors.FactorListView.as_view(), name='factors'),
-    path('factors/create/',
-         factors.FactorCreateView.as_view(), name='factor-create'),
-    path('factors/<uuid:pk>/update/',
-         factors.FactorUpdateView.as_view(), name='factor-update'),
-    path('factors/<uuid:pk>/delete/',
-         factors.FactorDeleteView.as_view(), name='factor-delete'),
+    path("factors/", factors.FactorListView.as_view(), name="factors"),
+    path("factors/create/", factors.FactorCreateView.as_view(), name="factor-create"),
+    path(
+        "factors/<uuid:pk>/update/",
+        factors.FactorUpdateView.as_view(),
+        name="factor-update",
+    ),
+    path(
+        "factors/<uuid:pk>/delete/",
+        factors.FactorDeleteView.as_view(),
+        name="factor-delete",
+    ),
     # Factors
-    path('property-mappings/', property_mapping.PropertyMappingListView.as_view(),
-         name='property-mappings'),
-    path('property-mappings/create/',
-         property_mapping.PropertyMappingCreateView.as_view(), name='property-mapping-create'),
-    path('property-mappings/<uuid:pk>/update/',
-         property_mapping.PropertyMappingUpdateView.as_view(), name='property-mapping-update'),
-    path('property-mappings/<uuid:pk>/delete/',
-         property_mapping.PropertyMappingDeleteView.as_view(), name='property-mapping-delete'),
+    path(
+        "property-mappings/",
+        property_mapping.PropertyMappingListView.as_view(),
+        name="property-mappings",
+    ),
+    path(
+        "property-mappings/create/",
+        property_mapping.PropertyMappingCreateView.as_view(),
+        name="property-mapping-create",
+    ),
+    path(
+        "property-mappings/<uuid:pk>/update/",
+        property_mapping.PropertyMappingUpdateView.as_view(),
+        name="property-mapping-update",
+    ),
+    path(
+        "property-mappings/<uuid:pk>/delete/",
+        property_mapping.PropertyMappingDeleteView.as_view(),
+        name="property-mapping-delete",
+    ),
     # Invitations
-    path('invitations/', invitations.InvitationListView.as_view(), name='invitations'),
-    path('invitations/create/',
-         invitations.InvitationCreateView.as_view(), name='invitation-create'),
-    path('invitations/<uuid:pk>/delete/',
-         invitations.InvitationDeleteView.as_view(), name='invitation-delete'),
+    path("invitations/", invitations.InvitationListView.as_view(), name="invitations"),
+    path(
+        "invitations/create/",
+        invitations.InvitationCreateView.as_view(),
+        name="invitation-create",
+    ),
+    path(
+        "invitations/<uuid:pk>/delete/",
+        invitations.InvitationDeleteView.as_view(),
+        name="invitation-delete",
+    ),
     # Users
-    path('users/', users.UserListView.as_view(),
-         name='users'),
-    path('users/create/', users.UserCreateView.as_view(), name='user-create'),
-    path('users/<int:pk>/update/',
-         users.UserUpdateView.as_view(), name='user-update'),
-    path('users/<int:pk>/delete/',
-         users.UserDeleteView.as_view(), name='user-delete'),
-    path('users/<int:pk>/reset/',
-         users.UserPasswordResetView.as_view(), name='user-password-reset'),
+    path("users/", users.UserListView.as_view(), name="users"),
+    path("users/create/", users.UserCreateView.as_view(), name="user-create"),
+    path("users/<int:pk>/update/", users.UserUpdateView.as_view(), name="user-update"),
+    path("users/<int:pk>/delete/", users.UserDeleteView.as_view(), name="user-delete"),
+    path(
+        "users/<int:pk>/reset/",
+        users.UserPasswordResetView.as_view(),
+        name="user-password-reset",
+    ),
     # Groups
-    path('group/', groups.GroupListView.as_view(), name='group'),
-    path('group/create/', groups.GroupCreateView.as_view(), name='group-create'),
-    path('group/<uuid:pk>/update/', groups.GroupUpdateView.as_view(), name='group-update'),
-    path('group/<uuid:pk>/delete/', groups.GroupDeleteView.as_view(), name='group-delete'),
+    path("group/", groups.GroupListView.as_view(), name="group"),
+    path("group/create/", groups.GroupCreateView.as_view(), name="group-create"),
+    path(
+        "group/<uuid:pk>/update/", groups.GroupUpdateView.as_view(), name="group-update"
+    ),
+    path(
+        "group/<uuid:pk>/delete/", groups.GroupDeleteView.as_view(), name="group-delete"
+    ),
     # Audit Log
-    path('audit/', audit.AuditEntryListView.as_view(), name='audit-log'),
+    path("audit/", audit.EventListView.as_view(), name="audit-log"),
     # Groups
-    path('groups/', groups.GroupListView.as_view(), name='groups'),
-    # API
-    path('api/', include('passbook.admin.api.urls')),
+    path("groups/", groups.GroupListView.as_view(), name="groups"),
     # Debug
-    path('debug/request/', debug.DebugRequestView.as_view(), name='debug-request'),
+    path("debug/request/", debug.DebugRequestView.as_view(), name="debug-request"),
 ]