new release: 0.7.15-beta

Merge pull request #4 from BeryJu/propertymapping-jinja
PropertyMappings using Jinja
2020-02-17 20:45:56 +01:00 · 2020-02-17 20:45:04 +01:00 · 2020-02-17 20:38:14 +01:00 · 2020-02-17 20:30:14 +01:00 · 2020-02-17 20:29:41 +01:00 · 2020-02-17 17:55:48 +01:00
400 changed files with 7827 additions and 5427 deletions
--- a/.bumpversion.cfg
+++ b/.bumpversion.cfg
@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.7.2-beta
+current_version = 0.7.15-beta
 tag = True
 commit = True
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-(?P<release>.*)
@ -15,13 +15,11 @@ values =
 	beta
 	stable
-[bumpversion:file:helm/passbook/values.yaml]
+[bumpversion:file:helm/values.yaml]
-[bumpversion:file:helm/passbook/Chart.yaml]
+[bumpversion:file:helm/Chart.yaml]
-[bumpversion:file:.gitlab-ci.yml]
+[bumpversion:file:.github/workflows/release.yml]
 [bumpversion:file:passbook/__init__.py]
 [bumpversion:file:docker/nginx.conf]
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -0,0 +1,147 @@
 name: passbook-ci
 on:
  - push
 env:
  POSTGRES_DB: passbook
  POSTGRES_USER: passbook
  POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77"
 jobs:
  # Linting
  pylint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - uses: actions/setup-python@v1
        with:
          python-version: '3.8'
      - uses: actions/cache@v1
        with:
          path: ~/.local/share/virtualenvs/
          key: ${{ runner.os }}-pipenv-${{ hashFiles('Pipfile.lock') }}
          restore-keys: |
            ${{ runner.os }}-pipenv-
      - name: Install dependencies
        run: pip install -U pip pipenv && pipenv install --dev
      - name: Lint with pylint
        run: pipenv run pylint passbook
  black:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - uses: actions/setup-python@v1
        with:
          python-version: '3.8'
      - uses: actions/cache@v1
        with:
          path: ~/.local/share/virtualenvs/
          key: ${{ runner.os }}-pipenv-${{ hashFiles('Pipfile.lock') }}
          restore-keys: |
            ${{ runner.os }}-pipenv-
      - name: Install dependencies
        run: pip install -U pip pipenv && pipenv install --dev
      - name: Lint with black
        run: pipenv run black --check passbook
  prospector:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - uses: actions/setup-python@v1
        with:
          python-version: '3.8'
      - uses: actions/cache@v1
        with:
          path: ~/.local/share/virtualenvs/
          key: ${{ runner.os }}-pipenv-${{ hashFiles('Pipfile.lock') }}
          restore-keys: |
            ${{ runner.os }}-pipenv-
      - name: Install dependencies
        run: pip install -U pip pipenv && pipenv install --dev && pipenv install --dev prospector --skip-lock
      - name: Lint with prospector
        run: pipenv run prospector
  bandit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - uses: actions/setup-python@v1
        with:
          python-version: '3.8'
      - uses: actions/cache@v1
        with:
          path: ~/.local/share/virtualenvs/
          key: ${{ runner.os }}-pipenv-${{ hashFiles('Pipfile.lock') }}
          restore-keys: |
            ${{ runner.os }}-pipenv-
      - name: Install dependencies
        run: pip install -U pip pipenv && pipenv install --dev
      - name: Lint with bandit
        run: pipenv run bandit -r passbook
  # Actual CI tests
  migrations:
    needs:
      - pylint
      - black
      - prospector
    services:
      postgres:
        image: postgres:latest
        env:
          POSTGRES_DB: passbook
          POSTGRES_USER: passbook
          POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77"
        ports:
          - 5432:5432
      redis:
        image: redis:latest
        ports:
          - 6379:6379
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - uses: actions/setup-python@v1
        with:
          python-version: '3.8'
      - uses: actions/cache@v1
        with:
          path: ~/.local/share/virtualenvs/
          key: ${{ runner.os }}-pipenv-${{ hashFiles('Pipfile.lock') }}
          restore-keys: |
            ${{ runner.os }}-pipenv-
      - name: Install dependencies
        run: pip install -U pip pipenv && pipenv install --dev
      - name: Run migrations
        run: pipenv run ./manage.py migrate
  coverage:
    needs:
      - pylint
      - black
      - prospector
    services:
      postgres:
        image: postgres:latest
        env:
          POSTGRES_DB: passbook
          POSTGRES_USER: passbook
          POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77"
        ports:
          - 5432:5432
      redis:
        image: redis:latest
        ports:
          - 6379:6379
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - uses: actions/setup-python@v1
        with:
          python-version: '3.8'
      - uses: actions/cache@v1
        with:
          path: ~/.local/share/virtualenvs/
          key: ${{ runner.os }}-pipenv-${{ hashFiles('Pipfile.lock') }}
          restore-keys: |
            ${{ runner.os }}-pipenv-
      - name: Install dependencies
        run: pip install -U pip pipenv && pipenv install --dev
      - name: Run coverage
        run: pipenv run ./scripts/coverage.sh
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -0,0 +1,89 @@
 name: passbook-release
 on:
  release
 jobs:
  # Build
  build-server:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - name: Docker Login Registry
        env:
          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
        run: docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
      - name: Building Docker Image
        run: docker build
          --no-cache
          -t beryju/passbook:0.7.15-beta
          -t beryju/passbook:latest
          -f Dockerfile .
      - name: Push Docker Container to Registry (versioned)
        run: docker push beryju/passbook:0.7.15-beta
      - name: Push Docker Container to Registry (latest)
        run: docker push beryju/passbook:latest
  build-gatekeeper:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - name: Docker Login Registry
        env:
          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
        run: docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
      - name: Building Docker Image
        run: |
          cd gatekeeper
          docker build \
          --no-cache \
          -t beryju/passbook-gatekeeper:0.7.15-beta \
          -t beryju/passbook-gatekeeper:latest \
          -f Dockerfile .
      - name: Push Docker Container to Registry (versioned)
        run: docker push beryju/passbook-gatekeeper:0.7.15-beta
      - name: Push Docker Container to Registry (latest)
        run: docker push beryju/passbook-gatekeeper:latest
  build-static:
    runs-on: ubuntu-latest
    services:
      postgres:
        image: postgres:latest
        env:
          POSTGRES_DB: passbook
          POSTGRES_USER: passbook
          POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77"
      redis:
        image: redis:latest
    steps:
      - uses: actions/checkout@v1
      - name: Docker Login Registry
        env:
          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
        run: docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
      - name: Building Docker Image
        run: docker build
          --no-cache
          --network=$(docker network ls | grep github | awk '{print $1}')
          -t beryju/passbook-static:0.7.15-beta
          -t beryju/passbook-static:latest
          -f static.Dockerfile .
      - name: Push Docker Container to Registry (versioned)
        run: docker push beryju/passbook-static:0.7.15-beta
      - name: Push Docker Container to Registry (latest)
        run: docker push beryju/passbook-static:latest
  test-release:
    needs:
      - build-server
      - build-static
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - name: Run test suite in final docker images
        run: |
          export PASSBOOK_DOMAIN=localhost
          docker-compose pull
          docker-compose up --no-start
          docker-compose start postgresql redis
          docker-compose run -u root server bash -c "pip install --no-cache -r requirements-dev.txt && ./manage.py test"
--- a/.github/workflows/tag.yml
+++ b/.github/workflows/tag.yml
@ -0,0 +1,60 @@
 on:
  push:
    tags:
    - 'version/*'
 name: passbook-version-tag
 jobs:
  build:
    name: Create Release from Tag
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@master
      - name: Pre-release test
        run: |
          export PASSBOOK_DOMAIN=localhost
          docker-compose pull
          docker build \
            --no-cache \
            -t beryju/passbook:latest \
            -f Dockerfile .
          docker-compose up --no-start
          docker-compose start postgresql redis
          docker-compose run -u root server bash -c "pip install --no-cache -r requirements-dev.txt && ./manage.py test"
      - name: Install Helm
        run: |
          apt update && apt install -y curl
          curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
      - name: Helm package
        run: |
          helm dependency update helm/
          helm package helm/
          mv passbook-*.tgz passbook-chart.tgz
      - name: Extract verison number
        id: get_version
        uses: actions/github-script@0.2.0
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            return context.payload.ref.replace(/\/refs\/tags\/version\//, '');
      - name: Create Release
        id: create_release
        uses: actions/create-release@v1.0.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          tag_name: ${{ github.ref }}
          release_name: Release ${{ steps.get_version.outputs.result }}
          draft: false
          prerelease: false
      - name: Upload packaged Helm Chart
        id: upload-release-asset
        uses: actions/upload-release-asset@v1.0.1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          upload_url: ${{ steps.create_release.outputs.upload_url }}
          asset_path: ./passbook-chart.tgz
          asset_name: passbook-chart.tgz
          asset_content_type: application/gzip
--- a/.gitignore
+++ b/.gitignore
@ -63,6 +63,7 @@ coverage.xml
 *.cover
 .hypothesis/
 .pytest_cache/
 unittest.xml
 # Translations
 *.mo
@ -184,7 +185,6 @@ dmypy.json
 [Ii]nclude
 [Ll]ib64
 [Ll]ocal
 [Ss]cripts
 pyvenv.cfg
 pip-selfcheck.json
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -1,152 +0,0 @@
 # Global Variables
 stages:
  - build-base-image
  - build-dev-image
  - test
  - build
  - package
  - post-release
 image: docker.beryju.org/passbook/dev:latest
 variables:
  POSTGRES_DB: passbook
  POSTGRES_USER: passbook
  POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77"
 before_script:
  - pip install pipenv
  # Ensure all dependencies are installed, even those not included in passbook/dev
  # According to pipenv docs, -d outputs all packages, however it actually does not
  - pipenv lock -r > requirements-all.txt
  - pipenv lock -rd >> requirements-all.txt
  - pip install -r requirements-all.txt
 create-base-image:
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
  before_script:
    - echo "{\"auths\":{\"docker.beryju.org\":{\"auth\":\"$DOCKER_AUTH\"}}}" > /kaniko/.docker/config.json
  script:
    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/base.Dockerfile --destination docker.beryju.org/passbook/base:latest
  stage: build-base-image
  only:
    refs:
      - tags
      - /^version/.*$/
 build-dev-image:
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
  before_script:
    - echo "{\"auths\":{\"docker.beryju.org\":{\"auth\":\"$DOCKER_AUTH\"}}}" > /kaniko/.docker/config.json
  script:
    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/dev.Dockerfile --destination docker.beryju.org/passbook/dev:latest
  stage: build-dev-image
  only:
    refs:
      - tags
      - /^version/.*$/
 isort:
  script:
    - isort -c -sg env
  stage: test
  services:
  - postgres:latest
  - redis:latest
 migrations:
  script:
    - python manage.py migrate
  stage: test
  services:
  - postgres:latest
  - redis:latest
 # prospector:
 #   script:
 #     - prospector
 #   stage: test
 #   services:
 #   - postgres:latest
 #   - redis:latest
 pylint:
  script:
    - pylint passbook
  stage: test
  services:
  - postgres:latest
  - redis:latest
 coverage:
  script:
    - coverage run --concurrency=multiprocessing manage.py test
    - coverage combine
    - coverage report
  stage: test
  services:
  - postgres:latest
  - redis:latest
 build-passbook-server:
  stage: build
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
  before_script:
    - echo "{\"auths\":{\"docker.beryju.org\":{\"auth\":\"$DOCKER_AUTH\"}}}" > /kaniko/.docker/config.json
  script:
    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination docker.beryju.org/passbook/server:latest --destination docker.beryju.org/passbook/server:0.7.2-beta
  only:
    - tags
    - /^version/.*$/
 build-passbook-static:
  stage: build
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
  before_script:
    - echo "{\"auths\":{\"docker.beryju.org\":{\"auth\":\"$DOCKER_AUTH\"}}}" > /kaniko/.docker/config.json
  script:
    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/static.Dockerfile --destination docker.beryju.org/passbook/static:latest --destination docker.beryju.org/passbook/static:0.7.2-beta
  only:
    - tags
    - /^version/.*$/
  # running collectstatic fully initialises django, hence we need that databases
  services:
    - postgres:latest
    - redis:latest
 package-helm:
  image: debian:stretch-slim
  stage: package
  before_script:
    - apt update && apt install -y curl
    - curl https://raw.githubusercontent.com/helm/helm/master/scripts/get | bash
  script:
    - helm init --client-only
    - helm dependency update helm/passbook
    - helm package helm/passbook
  artifacts:
    paths:
      - passbook-*.tgz
    expire_in: 1 week
  only:
    - tags
    - /^version/.*$/
 notify-sentry:
  image: getsentry/sentry-cli
  stage: post-release
  variables:
    SENTRY_URL: https://sentry.beryju.org
    SENTRY_ORG: beryjuorg
    SENTRY_PROJECT: passbook
  before_script:
    - apk add curl
  script:
    - sentry-cli releases new passbook@0.7.2-beta
    - sentry-cli releases set-commits --auto passbook@0.7.2-beta
  only:
    - tags
    - /^version/.*$/
--- a/.pylintrc
+++ b/.pylintrc
@ -1,6 +1,6 @@
 [MASTER]
-disable=redefined-outer-name,arguments-differ,no-self-use,cyclic-import,fixme,locally-disabled,unpacking-non-sequence,too-many-ancestors,too-many-branches,too-few-public-methods
+disable=redefined-outer-name,arguments-differ,no-self-use,cyclic-import,fixme,locally-disabled,unpacking-non-sequence,too-many-ancestors,too-many-branches,too-few-public-methods,import-outside-toplevel,bad-continuation
 load-plugins=pylint_django,pylint.extensions.bad_builtin
 extension-pkg-whitelist=lxml
 const-rgx=[a-zA-Z0-9_]{1,40}$
--- a/24
+++ b/24
@ -1,4 +1,26 @@
-FROM docker.beryju.org/passbook/base:latest
+FROM python:3.8-slim-buster as locker
 COPY ./Pipfile /app/
 COPY ./Pipfile.lock /app/
 WORKDIR /app/
 RUN pip install pipenv && \
    pipenv lock -r > requirements.txt && \
    pipenv lock -rd > requirements-dev.txt
 FROM python:3.8-slim-buster
 COPY --from=locker /app/requirements.txt /app/
 COPY --from=locker /app/requirements-dev.txt /app/
 WORKDIR /app/
 RUN apt-get update && \
    apt-get install -y --no-install-recommends postgresql-client-11 && \
    rm -rf /var/lib/apt/ && \
    pip install -r requirements.txt  --no-cache-dir && \
    adduser --system --no-create-home --uid 1000 --group --home /app passbook
 COPY ./passbook/ /app/passbook
 COPY ./manage.py /app/
--- a/14
+++ b/14
@ -12,7 +12,6 @@ django-cors-middleware = "*"
 django-dbbackup = "*"
 django-filter = "*"
 django-guardian = "*"
 django-ipware = "*"
 django-model-utils = "*"
 django-oauth-toolkit = "*"
 django-oidc-provider = "*"
@ -24,7 +23,7 @@ django-rest-framework = "*"
 django-storages = "*"
 djangorestframework-guardian = "*"
 drf-yasg = "*"
-kombu = "==4.5.0"
+kombu = "*"
 ldap3 = "*"
 lxml = "*"
 oauthlib = "*"
@ -41,9 +40,10 @@ signxml = "*"
 structlog = "*"
 swagger-spec-validator = "*"
 urllib3 = {extras = ["secure"],version = "*"}
 jinja2 = "*"
 [requires]
-python_version = "3.7"
+python_version = "3.8"
 [dev-packages]
 autopep8 = "*"
@ -52,8 +52,10 @@ bumpversion = "*"
 colorama = "*"
 coverage = "*"
 django-debug-toolbar = "*"
-isort = "*"
+pylint = "*"
 prospector = "*"
 pylint = "==2.3.1"
 pylint-django = "*"
 unittest-xml-reporting = "*"
 black = "*"
 [pipenv]
 allow_prereleases = true
--- a/Pipfile.lock
+++ b/Pipfile.lock
--- a/README.md
+++ b/README.md
@ -1,9 +1,13 @@
 # passbook
 ![](https://github.com/BeryJu/passbook/workflows/passbook-ci/badge.svg)
 ## Quick instance
 ```
 export PASSBOOK_DOMAIN=domain.tld
 # Optionally enable Error-reporting
 # export PASSBOOK_ERROR_REPORTING=true
 docker-compose pull
 docker-compose up -d
 docker-compose exec server ./manage.py migrate
--- a/base.Dockerfile
+++ b/base.Dockerfile
@ -1,23 +0,0 @@
 FROM python:3.7-slim-buster as locker
 COPY ./Pipfile /app/
 COPY ./Pipfile.lock /app/
 WORKDIR /app/
 RUN pip install pipenv && \
    pipenv lock -r > requirements.txt && \
    pipenv lock -rd > requirements-dev.txt
 FROM python:3.7-slim-buster
 COPY --from=locker /app/requirements.txt /app/
 COPY --from=locker /app/requirements-dev.txt /app/
 WORKDIR /app/
 RUN apt-get update && \
    apt-get install -y --no-install-recommends postgresql-client-11 && \
    rm -rf /var/lib/apt/ && \
    pip install -r requirements.txt  --no-cache-dir && \
    adduser --system --no-create-home --uid 1000 --group --home /app passbook
--- a/dev.Dockerfile
+++ b/dev.Dockerfile
@ -1,3 +0,0 @@
 FROM docker.beryju.org/passbook/base:latest
 RUN pip install -r /app/requirements-dev.txt  --no-cache-dir
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -21,15 +21,14 @@ services:
    labels:
      - traefik.enable=false
  server:
-    build:
+    image: beryju/passbook:${SERVER_TAG:-latest}
      context: .
    image: docker.beryju.org/passbook/server:${SERVER_TAG:-latest}
    command:
      - uwsgi
      - uwsgi.ini
    environment:
      - PASSBOOK_DOMAIN=${PASSBOOK_DOMAIN}
      - PASSBOOK_REDIS__HOST=redis
      - PASSBOOK_ERROR_REPORTING=${PASSBOOK_ERROR_REPORTING:-false}
      - PASSBOOK_POSTGRESQL__HOST=postgresql
      - PASSBOOK_POSTGRESQL__PASSWORD=${PG_PASS:-thisisnotagoodpassword}
    ports:
@ -41,7 +40,7 @@ services:
      - traefik.docker.network=internal
      - traefik.frontend.rule=PathPrefix:/
  worker:
-    image: docker.beryju.org/passbook/server:${SERVER_TAG:-latest}
+    image: beryju/passbook:${SERVER_TAG:-latest}
    command:
      - celery
      - worker
@ -57,18 +56,16 @@ services:
    environment:
      - PASSBOOK_DOMAIN=${PASSBOOK_DOMAIN}
      - PASSBOOK_REDIS__HOST=redis
      - PASSBOOK_ERROR_REPORTING=${PASSBOOK_ERROR_REPORTING:-false}
      - PASSBOOK_POSTGRESQL__HOST=postgresql
      - PASSBOOK_POSTGRESQL__PASSWORD=${PG_PASS:-thisisnotagoodpassword}
  static:
-    build:
+    image: beryju/passbook-static:latest
      context: .
      dockerfile: static.Dockerfile
    image: docker.beryju.org/passbook/static:latest
    networks:
      - internal
    labels:
      - traefik.frontend.rule=PathPrefix:/static, /robots.txt
-      - traefik.port=80
+      - traefik.port=8080
      - traefik.docker.network=internal
  traefik:
    image: traefik:1.7
--- a/docker/nginx.conf
+++ b/docker/nginx.conf
@ -1,66 +0,0 @@
 user  nginx;
 worker_processes  1;
 error_log  stderr warn;
 pid        /var/run/nginx.pid;
 events {
    worker_connections  1024;
 }
 http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    log_format json_combined escape=json
        '{'
            '"time_local":"$time_local",'
            '"remote_addr":"$remote_addr",'
            '"remote_user":"$remote_user",'
            '"request":"$request",'
            '"status": "$status",'
            '"body_bytes_sent":"$body_bytes_sent",'
            '"request_time":"$request_time",'
            '"http_referrer":"$http_referer",'
            '"http_user_agent":"$http_user_agent"'
        '}';
    access_log /dev/stdout json_combined;
    sendfile        on;
    tcp_nopush     on;
    keepalive_timeout  65;
    server {
        server_name _;
        gzip on;
        gzip_types application/javascript image/* text/css;
        gunzip on;
        add_header X-passbook-Version 0.7.2-beta;
        add_header Vary X-passbook-Version;
        root /data/;
        location /_/healthz {
            return 204;
        }
        location ~* \.(jpg|jpeg|png|gif|ico)$ {
            expires 30d;
        }
        location ~* \.(css|js)$ {
            expires 7d;
        }
    }
    server {
        listen 8080;
        location = /stub_status {
            stub_status;
        }
    }
 }
--- a/docker/uwsgi.ini
+++ b/docker/uwsgi.ini
@ -7,4 +7,4 @@ threads = 2
 enable-threads = true
 uid = passbook
 gid = passbook
-disable-logging=True
+disable-logging = True
--- a/docs/Dockerfile
+++ b/docs/Dockerfile
@ -0,0 +1,14 @@
 FROM python:3.8-slim-buster as builder
 WORKDIR /mkdocs
 RUN pip install mkdocs mkdocs-material
 COPY docs/ docs
 COPY mkdocs.yml .
 RUN mkdocs build
 FROM nginx
 COPY --from=builder /mkdocs/site /usr/share/nginx/html
--- a/docs/factors.md
+++ b/docs/factors.md
@ -0,0 +1,23 @@
 # Factors
 A factor represents a single authenticating factor for a user. Common examples of this would be a password or an OTP. These factors can be combined in any order, and can be dynamically enabled using policies.
 ## Password Factor
 This is the standard Password Factor. It allows you to select which Backend the password is checked with. here you can also specify which Policies are used to check the password. You can also specify which Factors a User has to pass to recover their account.
 ## Dummy Factor
 This factor waits a random amount of time. Mostly used for debugging.
 ## E-Mail Factor
 This factor is mostly for recovery, and used in conjunction with the Password Factor.
 ## OTP Factor
 This is your typical One-Time Password implementation, compatible with Authy and Google Authenticator. You can enfore this Factor so that every user has to configure it, or leave it optional.
 ## Captcha Factor
 While this factor doesn't really authenticate a user, it is part of the Authentication Flow. passbook uses Google's reCaptcha implementation.
--- a/docs/images/logo.svg
+++ b/docs/images/logo.svg
@ -0,0 +1,55 @@
 <?xml version="1.0" encoding="iso-8859-1"?>
 <!-- Generator: Adobe Illustrator 19.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
 <svg version="1.1" id="Capa_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
 	 viewBox="0 0 512 512" style="enable-background:new 0 0 512 512;" xml:space="preserve">
 <path style="fill:#57565C;" d="M407,512H105C47.103,512,0,464.897,0,407V105C0,47.103,47.103,0,105,0h302
 	c57.897,0,105,47.103,105,105v302C512,464.897,464.897,512,407,512z"/>
 <path style="fill:#3E3D42;" d="M407,0H256v512h151c57.897,0,105-47.103,105-105V105C512,47.103,464.897,0,407,0z"/>
 <rect x="91" y="141" style="fill:#00C3FF;" width="330" height="44"/>
 <rect x="256" y="141" style="fill:#00AAF0;" width="165" height="44"/>
 <rect x="91" y="176" style="fill:#FFDC40;" width="330" height="44"/>
 <rect x="256" y="176" style="fill:#FFAB15;" width="165" height="44"/>
 <rect x="91" y="206" style="fill:#87E694;" width="330" height="44"/>
 <rect x="256" y="206" style="fill:#66CC70;" width="165" height="44"/>
 <path style="fill:#F2F2F2;" d="M421,381c0,8.284-6.716,15-15,15H106c-8.284,0-15-6.716-15-15v-85h89.997
 	c9.31,0,17.688,4.938,21.868,12.888C213.277,328.695,233.638,341,256,341s42.723-12.305,53.135-32.111
 	c4.18-7.95,12.559-12.889,21.868-12.889H421V381z"/>
 <path style="fill:#FF6849;" d="M421,266h-89.997c-20.487,0-39.041,11.085-48.423,28.929C277.369,304.842,267.185,311,256,311
 	s-21.369-6.158-26.58-16.071C220.038,277.085,201.484,266,180.997,266H91v-30h330V266z"/>
 <path style="fill:#F2F2F2;" d="M421,146H91v-15c0-8.284,6.716-15,15-15h300c8.284,0,15,6.716,15,15V146z"/>
 <path style="fill:#E5E5E5;" d="M331.003,296c-9.31,0-17.688,4.938-21.868,12.889C298.723,328.695,278.362,341,256,341v55h150
 	c8.284,0,15-6.716,15-15v-85H331.003z"/>
 <path style="fill:#FD4B2D;" d="M256,236v75c11.185,0,21.369-6.158,26.58-16.071C291.962,277.085,310.516,266,331.003,266H421v-30
 	H256z"/>
 <path style="fill:#E5E5E5;" d="M406,116H256v30h165v-15C421,122.716,414.284,116,406,116z"/>
 <g>
 </g>
 <g>
 </g>
 <g>
 </g>
 <g>
 </g>
 <g>
 </g>
 <g>
 </g>
 <g>
 </g>
 <g>
 </g>
 <g>
 </g>
 <g>
 </g>
 <g>
 </g>
 <g>
 </g>
 <g>
 </g>
 <g>
 </g>
 <g>
 </g>
 </svg>
--- a/docs/index.md
+++ b/docs/index.md
@ -0,0 +1,31 @@
 # Welcome
 Welcome to the passbook Documentation. passbook is an open-source Identity Provider and Usermanagement software. It can be used as a central directory for users or customers and it can integrate with your existing Directory.
 passbook can also be used as part of an Application to facilitate User Enrollment, Password recovery and Social Login.
 passbook uses the following Terminology:
 ### Policy
 A Policy is at a base level a yes/no gate. It will either evaluate to True or False depending on the Policy Kind and settings. For example, a "Group Membership Policy" evaluates to True if the User is member of the specified Group and False if not. This can be used to conditionally apply Factors and grant/deny access.
 ### Provider
 A Provider is a way for other Applications to authenticate against passbook. Common Providers are OpenID Connect (OIDC) and SAML.
 ### Source
 Sources are ways to get users into passbook. This might be an LDAP Connection to import Users from Active Directory, or an OAuth2 Connection to allow Social Logins.
 ### Application
 An application links together Policies with a Provider, allowing you to control access. It also holds Information like UI Name, Icon and more.
 ### Factors
 Factors represent Authentication Factors, like a Password or OTP. These Factors can be dynamically enabled using policies. This allows you to, for example, force users from a certain IP ranges to complete a Captcha to authenticate.
 ### Property Mappings
 Property Mappings allow you to make Information available for external Applications. For example, if you want to login to AWS with passbook, you'd use Property Mappings to set the User's Roles based on their Groups.
--- a/docs/installation/docker-compose.md
+++ b/docs/installation/docker-compose.md
@ -0,0 +1,26 @@
 # docker-compose
 This installation Method is for test-setups and small-scale productive setups.
 ## Prerequisites
 -   docker
 -   docker-compose
 ## Install
 Download the latest `docker-compose.yml` from [here](https://raw.githubusercontent.com/BeryJu/passbook/master/docker-compose.yml). Place it in a directory of your choice.
 passbook needs to know it's primary URL to create links in E-Mails and set cookies, so you have to run the following command:
 ```
 export PASSBOOK_DOMAIN=domain.tld # this can be any domain or IP, it just needs to point to passbook.
 ```
 The compose file references the current latest version, which can be overridden with the `SERVER_TAG` Environment variable.
 If you plan to use this setup for production, it is also advised to change the PostgreSQL Password by setting `PG_PASS` to a password of your choice.
 Now you can pull the Docker images needed by running `docker-compose pull`. After this has finished, run `docker-compose up -d` to start passbook.
 passbook will then be reachable on Port 80. You can optionally configure the packaged traefik to use Let's Encrypt for TLS Encryption.
--- a/docs/installation/install.md
+++ b/docs/installation/install.md
@ -0,0 +1,6 @@
 # Installation
 There are two supported ways to install passbook:
 -   [docker-compose](docker-compose.md) for test- or small productive setups
 -   [Kubernetes](./kubernetes.md) for larger Productive setups
--- a/docs/installation/kubernetes.md
+++ b/docs/installation/kubernetes.md
@ -0,0 +1,3 @@
 # Kubernetes
 For a mid to high-load Installation, Kubernetes is recommended. passbook is installed using a helm-chart.
--- a/docs/integrations/services/gitlab/index.md
+++ b/docs/integrations/services/gitlab/index.md
@ -0,0 +1,59 @@
 # GitLab Integration
 ## What is GitLab
 From https://about.gitlab.com/what-is-gitlab/
 ```
 GitLab is a complete DevOps platform, delivered as a single application. This makes GitLab unique and makes Concurrent DevOps possible, unlocking your organization from the constraints of a pieced together toolchain. Join us for a live Q&A to learn how GitLab can give you unmatched visibility and higher levels of efficiency in a single application across the DevOps lifecycle.
 ```
 ## Preparation
 The following placeholders will be used:
 -   `gitlab.company` is the FQDN of the GitLab Install
 -   `passbook.company` is the FQDN of the passbook Install
 Create an application in passbook and note the slug, as this will be used later. Create a SAML Provider with the following Parameters:
 -   ACS URL: `https://gitlab.company/users/auth/saml/callback`
 -   Audience: `https://gitlab.company`
 -   Issuer: `https://gitlab.company`
 You can of course use a custom Signing Certificate, and adjust the Assertion Length. To get the value for `idp_cert_fingerprint`, you can use a tool like [this](https://www.samltool.com/fingerprint.php).
 ## GitLab Configuration
 Paste the following block in your `gitlab.rb` file, after replacing the placeholder values from above. The file is located in `/etc/gitlab`.
 ```ruby
 gitlab_rails['omniauth_enabled'] = true
 gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
 gitlab_rails['omniauth_sync_email_from_provider'] = 'saml'
 gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']
 gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
 gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
 gitlab_rails['omniauth_block_auto_created_users'] = false
 gitlab_rails['omniauth_auto_link_saml_user'] = true
 gitlab_rails['omniauth_providers'] = [
  {
    name: 'saml',
    args: {
      assertion_consumer_service_url: 'https://gitlab.company/users/auth/saml/callback',
      idp_cert_fingerprint: '4E:1E:CD:67:4A:67:5A:E9:6A:D0:3C:E6:DD:7A:F2:44:2E:76:00:6A',
      idp_sso_target_url: 'https://passbook.company/application/saml/<passbook application slug>/login/',
      issuer: 'https://gitlab.company',
      name_identifier_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
      attribute_statements: {
        email: ['urn:oid:1.3.6.1.4.1.5923.1.1.1.6'],
        first_name: ['urn:oid:2.5.4.3'],
        nickname: ['urn:oid:2.16.840.1.113730.3.1.241']
      }
    },
    label: 'passbook'
  }
 ]
 ```
 Afterwards, either run `gitlab-ctl reconfigure` if you're running GitLab Omnibus, or restart the container if you're using the container.
--- a/docs/integrations/services/harbor/harbor.png
+++ b/docs/integrations/services/harbor/harbor.png
--- a/docs/integrations/services/harbor/index.md
+++ b/docs/integrations/services/harbor/index.md
@ -0,0 +1,28 @@
 # Harbor Integration
 ## What is Harbor
 From https://goharbor.io
 ```
 Harbor is an open source container image registry that secures images with role-based access control, scans images for vulnerabilities, and signs images as trusted. A CNCF Incubating project, Harbor delivers compliance, performance, and interoperability to help you consistently and securely manage images across cloud native compute platforms like Kubernetes and Docker.
 ```
 ## Preparation
 The following placeholders will be used:
 -   `harbor.company` is the FQDN of the Harbor Install
 -   `passbook.company` is the FQDN of the passbook Install
 Create an application in passbook. Create an OpenID Provider with the following Parameters:
 -   Client Type: `Confidential`
 -   Response types: `code (Authorization Code Flow)`
 -   JWT Algorithm: `RS256`
 -   Redirect URIs: `https://harbor.company/c/oidc/callback`
 -   Scopes: `openid`
 ## Harbor
 ![](./harbor.png)
--- a/docs/integrations/services/rancher/index.md
+++ b/docs/integrations/services/rancher/index.md
@ -0,0 +1,29 @@
 # Rancher Integration
 ## What is Rancher
 From https://rancher.com/products/rancher
 ```
 An Enterprise Platform for Managing Kubernetes Everywhere
 Rancher is a platform built to address the needs of the DevOps teams deploying applications with Kubernetes, and the IT staff responsible for delivering an enterprise-critical service.
 ```
 ## Preparation
 The following placeholders will be used:
 -   `rancher.company` is the FQDN of the Rancher Install
 -   `passbook.company` is the FQDN of the passbook Install
 Create an application in passbook and note the slug, as this will be used later. Create a SAML Provider with the following Parameters:
 -   ACS URL: `https://rancher.company/v1-saml/adfs/saml/acs`
 -   Audience: `https://rancher.company/v1-saml/adfs/saml/metadata`
 -   Issuer: `passbook`
 You can of course use a custom Signing Certificate, and adjust the Assertion Length.
 ## Rancher
 ![](./rancher.png)
--- a/docs/integrations/services/rancher/rancher.png
+++ b/docs/integrations/services/rancher/rancher.png
--- a/docs/integrations/services/sentry/index.md
+++ b/docs/integrations/services/sentry/index.md
@ -0,0 +1,42 @@
 # Sentry Integration
 ## What is Sentry
 From https://sentry.io
 ```
 Sentry provides self-hosted and cloud-based error monitoring that helps all software
 teams discover, triage, and prioritize errors in real-time.
 One million developers at over fifty thousand companies already ship
 better software faster with Sentry. Won’t you join them?
 ```
 ## Preparation
 The following placeholders will be used:
 -   `sentry.company` is the FQDN of the Sentry Install
 -   `passbook.company` is the FQDN of the passbook Install
 Create an application in passbook. Create an OpenID Provider with the following Parameters:
 -   Client Type: `Confidential`
 -   Response types: `code (Authorization Code Flow)`
 -   JWT Algorithm: `RS256`
 -   Redirect URIs: `https://sentry.company/auth/sso/`
 -   Scopes: `openid email`
 ## Sentry
 **This guide assumes you've installed Sentry using [getsentry/onpremise](https://github.com/getsentry/onpremise)**
 - Add `sentry-auth-oidc` to `onpremise/sentry/requirements.txt` (Create the file if it doesn't exist yet)
 - Add the following block to your `onpremise/sentry/sentry.conf.py`:
 ```
 OIDC_ISSUER = "passbook"
 OIDC_CLIENT_ID = "<Client ID from passbook>"
 OIDC_CLIENT_SECRET = "<Client Secret from passbook>"
 OIDC_SCOPE = "openid email"
 OIDC_DOMAIN = "https://passbook.company/application/oidc/"
 ```
--- a/docs/k8s/deployment.yml
+++ b/docs/k8s/deployment.yml
@ -0,0 +1,33 @@
 ---
 apiVersion: apps/v1beta2
 kind: Deployment
 metadata:
  name: passbook-docs
  namespace: prod-passbook-docs
  labels:
    app.kubernetes.io/name: passbook-docs
    app.kubernetes.io/managed-by: passbook-docs
 spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: passbook-docs
  template:
    metadata:
      labels:
        app.kubernetes.io/name: passbook-docs
    spec:
      containers:
        - name: passbook-docs
          image: "beryju/passbook-docs:latest"
          ports:
            - name: http
              containerPort: 80
              protocol: TCP
          resources:
            limits:
              cpu: 10m
              memory: 20Mi
            requests:
              cpu: 10m
              memory: 20Mi
--- a/docs/k8s/ingress.yml
+++ b/docs/k8s/ingress.yml
@ -0,0 +1,21 @@
 ---
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
  labels:
    app.kubernetes.io/name: passbook-docs
  name: passbook-docs
  namespace: prod-passbook-docs
 spec:
  rules:
    - host: docs.passbook.beryju.org
      http:
        paths:
          - backend:
              serviceName: passbook-docs-http
              servicePort: http
            path: /
  tls:
    - hosts:
        - docs.passbook.beryju.org
      secretName: passbook-docs-acme
--- a/docs/k8s/service.yml
+++ b/docs/k8s/service.yml
@ -0,0 +1,17 @@
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: passbook-docs-http
  namespace: prod-passbook-docs
  labels:
    app.kubernetes.io/name: passbook-docs
 spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: http
      protocol: TCP
      name: http
  selector:
    app.kubernetes.io/name: passbook-docs
--- a/docs/policies.md
+++ b/docs/policies.md
@ -0,0 +1,68 @@
 # Policies
 ## Kinds
 There are two different Kind of policies, a Standard Policy and a Password Policy. Normal Policies just evaluate to True or False, and can be used everywhere. Password Policies apply when a Password is set (during User enrollment, Recovery or anywhere else). These policies can be used to apply Password Rules like length, etc. The can also be used to expire passwords after a certain amount of time.
 ## Standard Policies
 ---
 ### Group-Membership Policy
 This policy evaluates to True if the current user is a Member of the selected group.
 ### Reputation Policy
 passbook keeps track of failed login attempts by Source IP and Attempted Username. These values are saved as scores. Each failed login decreases the Score for the Client IP as well as the targeted Username by one.
 This policy can be used to for example prompt Clients with a low score to pass a Captcha before they can continue.
 ### Field matcher Policy
 This policy allows you to evaluate arbitrary comparisons against the User instance. Currently supported fields are:
 -   Username
 -   E-Mail
 -   Name
 -   Is_active
 -   Date joined
 Any of the following operations are supported:
 -   Starts with
 -   Ends with
 -   Contains
 -   Regexp (standard Python engine)
 -   Exact
 ### SSO Policy
 This policy evaluates to True if the current Authentication Flow has been initiated through an external Source, like OAuth and SAML.
 ### Webhook Policy
 This policy allows you to send an arbitrary HTTP Request to any URL. You can then use JSONPath to extract the result you need.
 ## Password Policies
 ---
 ### Password Policy
 This Policy allows you to specify Password rules, like Length and required Characters.
 The following rules can be set:
 -   Minimum amount of Uppercase Characters
 -   Minimum amount of Lowercase Characters
 -   Minimum amount of Symbols Characters
 -   Minimum Length
 -   Symbol charset (define which characters are counted as symbols)
 ### Have I Been Pwned Policy
 This Policy checks the hashed Password against the [Have I Been Pwned](https://haveibeenpwned.com/) API. This only sends the first 5 characters of the hashed password. The remaining comparison is done within passbook.
 ### Password-Expiry Policy
 This policy can enforce regular password rotation by expiring set Passwords after a finite amount of time. This forces users to set a new password.
--- a/docs/property-mappings.md
+++ b/docs/property-mappings.md
@ -0,0 +1,21 @@
 # Property Mappings
 Property Mappings allow you to pass information to external Applications. For example, pass the current user's Groups as a SAML Parameter. Property Mappings are also used to map Source fields to passbook fields, for example when using LDAP.
 ## SAML Property Mapping
 SAML Property Mappings allow you embed Information into the SAML AuthN Request. THis Information can then be used by the Application to assign permissions for example.
 You can find examples [here](integrations/)
 ## LDAP Property Mapping
 LDAP Property Mappings are used when you define a LDAP Source. These Mappings define which LDAP Property maps to which passbook Property. By default, these mappings are created:
 -   Autogenerated LDAP Mapping: givenName -> first_name
 -   Autogenerated LDAP Mapping: mail -> email
 -   Autogenerated LDAP Mapping: name -> name
 -   Autogenerated LDAP Mapping: sAMAccountName -> username
 -   Autogenerated LDAP Mapping: sn -> last_name
 These are configured for the most common LDAP Setups.
--- a/docs/providers.md
+++ b/docs/providers.md
@ -0,0 +1,23 @@
 # Providers
 Providers allow external Applications to authenticate against passbook and use its User Information.
 ## OpenID Provider
 This provider uses the commonly used OpenID Connect variation of OAuth2.
 ## OAuth2 Provider
 This provider is slightly different than the OpenID Provider. While it uses the same basic OAuth2 Protocol, it provides a GitHub-compatible Endpoint. This allows you to integrate Applications, which don't support Custom OpenID Providers.
 The API exposes Username, E-Mail, Name and Groups in a GitHub-compatible format.
 ## SAML Provider
 This provider allows you to integrate Enterprise Software using the SAML2 Protocol. It supports signed Requests. This Provider also has [Property Mappings](property-mappings.md#saml-property-mapping), which allows you to expose Vendor-specific Fields.
 Default fields are:
 -   `eduPersonPrincipalName`: User's E-Mail
 -   `cn`: User's Full Name
 -   `mail`: User's E-Mail
 -   `displayName`: User's Username
 -   `uid`: User Unique Identifier
--- a/docs/reference/property-mappings/user-object.md
+++ b/docs/reference/property-mappings/user-object.md
@ -0,0 +1,20 @@
 # Passbook User Object
 The User object has the following attributes:
 - `username`: User's Username
 - `email` User's E-Mail
 - `name` User's Display Name
 - `is_staff` Boolean field if user is staff
 - `is_active` Boolean field if user is active
 - `date_joined` Date User joined/was created
 - `password_change_date` Date Password was last changed
 - `attributes` Dynamic Attributes
 ## Examples
 List all the User's Group Names
 ```jinja2
 [{% for group in user.groups.all() %}'{{ group.name }}',{% endfor %}]
 ```
--- a/docs/sources.md
+++ b/docs/sources.md
@ -0,0 +1,39 @@
 # Sources
 Sources allow you to connect passbook to an existing User directory. They can also be used for Social-Login, using external Providers like Facebook, Twitter, etc.
 ## Generic OAuth Source
 **All Integration-specific Sources are documented in the Integrations Section**
 This source allows users to enroll themselves with an External OAuth-based Identity Provider. The Generic Provider expects the Endpoint to return OpenID-Connect compatible Information. Vendor specific Implementations have their own OAuth Source.
 -   Policies: Allow/Forbid Users from linking their Accounts with this Provider
 -   Request Token URL: This field is used for OAuth v1 Implementations and will be provided by the Provider.
 -   Authorization URL: This value will be provided by the Provider.
 -   Access Token URL: This value will be provided by the Provider.
 -   Profile URL: This URL is called by passbook to retrieve User information upon successful authentication.
 -   Consumer key/Consumer secret: These values will be provided by the Provider.
 ## SAML Source
 This source allows passbook to act as a SAML Service Provider. Just like the SAML Provider, it supports signed Requests. Vendor specific documentation can be found in the Integrations Section
 ## LDAP Source
 This source allows you to import Users and Groups from an LDAP Server
 -   Server URI: URI to your LDAP Server/Domain Controller
 -   Bind CN: CN to bind as, this can also be a UPN in the format of `user@domain.tld`
 -   Bind password: Password used during the bind process
 -   Enable Start TLS: Enables StartTLS functionality. To use SSL instead, use port `636`
 -   Base DN: Base DN used for all LDAP queries
 -   Addition User DN: Prepended to Base DN for User-queries.
 -   Addition Group DN: Prepended to Base DN for Group-queries.
 -   User object filter: Consider Objects matching this filter to be Users.
 -   Group object filter: Consider Objects matching this filter to be Groups.
 -   User group membership field: Field which contains Groups of user.
 -   Object uniqueness field: Field which contains a unique Identifier.
 -   Sync groups: Enable/disable Group synchronization. Groups are synced in the background every 5 minutes.
 -   Sync parent group: Optionally set this Group as parent Group for all synced Groups (allows you to, for example, import AD Groups under a root `imported-from-ad` group.)
 -   Property mappings: Define which LDAP Properties map to which passbook Properties. The default set of Property Mappings is generated for Active Directory. See also [LDAP Property Mappings](property-mappings.md#ldap-property-mapping)
--- a/gatekeeper/Dockerfile
+++ b/gatekeeper/Dockerfile
@ -0,0 +1,8 @@
 FROM quay.io/pusher/oauth2_proxy
 COPY templates /templates
 ENV OAUTH2_PROXY_EMAIL_DOMAINS=*
 ENV OAUTH2_PROXY_PROVIDER=oidc
 ENV OAUTH2_PROXY_CUSTOM_TEMPLATES_DIR=/templates
 ENV OAUTH2_PROXY_HTTP_ADDRESS=:4180
--- a/gatekeeper/templates/error.html
+++ b/gatekeeper/templates/error.html
@ -0,0 +1,18 @@
 {{define "error.html"}}
 <!DOCTYPE html>
 <html lang="en" charset="utf-8">
 <head>
    <title>{{.Title}}</title>
    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
 </head>
 <body>
    <h2>{{.Title}}</h2>
    <p>{{.Message}}</p>
    <hr>
    <p><a href="{{.ProxyPrefix}}/sign_in">Sign In</a></p>
 </body>
 </html>
 {{end}}
--- a/gatekeeper/templates/sign_in.html
+++ b/gatekeeper/templates/sign_in.html
@ -0,0 +1,119 @@
 {{define "sign_in.html"}}
 <!DOCTYPE html>
 <html lang="en" charset="utf-8">
 <head>
    <title>Sign In with passbook</title>
    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
    <style>
        body {
            font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
            font-size: 14px;
            line-height: 1.42857143;
            color: #333;
            background: #f0f0f0;
        }
        .signin {
            display: block;
            margin: 20px auto;
            max-width: 400px;
            background: #fff;
            border: 1px solid #ccc;
            border-radius: 10px;
            padding: 20px;
        }
        .center {
            text-align: center;
        }
        .btn {
            color: #fff;
            background-color: #428bca;
            border: 1px solid #357ebd;
            -webkit-border-radius: 4;
            -moz-border-radius: 4;
            border-radius: 4px;
            font-size: 14px;
            padding: 6px 12px;
            text-decoration: none;
            cursor: pointer;
        }
        .btn:hover {
            background-color: #3071a9;
            border-color: #285e8e;
            text-decoration: none;
        }
        label {
            display: inline-block;
            max-width: 100%;
            margin-bottom: 5px;
            font-weight: 700;
        }
        input {
            display: block;
            width: 100%;
            height: 34px;
            padding: 6px 12px;
            font-size: 14px;
            line-height: 1.42857143;
            color: #555;
            background-color: #fff;
            background-image: none;
            border: 1px solid #ccc;
            border-radius: 4px;
            -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, .075);
            box-shadow: inset 0 1px 1px rgba(0, 0, 0, .075);
            -webkit-transition: border-color ease-in-out .15s, -webkit-box-shadow ease-in-out .15s;
            -o-transition: border-color ease-in-out .15s, box-shadow ease-in-out .15s;
            transition: border-color ease-in-out .15s, box-shadow ease-in-out .15s;
            margin: 0;
            box-sizing: border-box;
        }
        footer {
            display: block;
            font-size: 10px;
            color: #aaa;
            text-align: center;
            margin-bottom: 10px;
        }
        footer a {
            display: inline-block;
            height: 25px;
            line-height: 25px;
            color: #aaa;
            text-decoration: underline;
        }
        footer a:hover {
            color: #aaa;
        }
    </style>
 </head>
 <body>
    <div class="signin center">
        <form method="GET" action="{{.ProxyPrefix}}/start">
            <input type="hidden" name="rd" value="{{.Redirect}}">
            <button type="submit" class="btn">Sign in with passbook</button><br />
        </form>
    </div>
    <script>
        if (window.location.hash) {
            (function () {
                var inputs = document.getElementsByName('rd');
                for (var i = 0; i < inputs.length; i++) {
                    inputs[i].value += window.location.hash;
                }
            })();
        }
    </script>
 </body>
 </html>
 {{end}}
--- a/helm/passbook/.helmignore
+++ b/helm/passbook/.helmignore
--- a/helm/passbook/Chart.lock
+++ b/helm/passbook/Chart.lock
@ -6,4 +6,4 @@ dependencies:
  repository: https://kubernetes-charts.storage.googleapis.com/
  version: 9.5.1
 digest: sha256:f18b5dc8d0be13d584407405c60d10b6b84d25f7fa8aaa3dd0e5385c38f5c516
-generated: "2019-11-07T10:23:07.259176+01:00"
+generated: "2019-12-14T13:33:48.4341939Z"
--- a/helm/passbook/Chart.yaml
+++ b/helm/passbook/Chart.yaml
@ -1,6 +1,6 @@
 apiVersion: v1
-appVersion: "0.7.2-beta"
+appVersion: "0.7.15-beta"
 description: A Helm chart for passbook.
 name: passbook
-version: "0.7.2-beta"
+version: "0.7.15-beta"
 icon: https://git.beryju.org/uploads/-/system/project/avatar/108/logo.png
--- a/helm/passbook/requirements.lock
+++ b/helm/passbook/requirements.lock
--- a/helm/passbook/requirements.yaml
+++ b/helm/passbook/requirements.yaml
--- a/helm/passbook/templates/NOTES.txt
+++ b/helm/passbook/templates/NOTES.txt
--- a/helm/passbook/templates/_helpers.tpl
+++ b/helm/passbook/templates/_helpers.tpl
--- a/helm/passbook/templates/configmap.yaml
+++ b/helm/passbook/templates/configmap.yaml
@ -12,5 +12,5 @@ data:
      host: "{{ .Release.Name }}-redis-master"
      cache_db: 0
      message_queue_db: 1
-    error_report_enabled: {{ .Values.config.error_reporting }}
+    error_reporting: {{ .Values.config.error_reporting }}
    domain: ".{{ index .Values.ingress.hosts 0 }}"
--- a/helm/passbook/templates/ingress.yaml
+++ b/helm/passbook/templates/ingress.yaml
--- a/helm/passbook/templates/prom-rules.yaml
+++ b/helm/passbook/templates/prom-rules.yaml
@ -118,7 +118,4 @@ spec:
        for: 1m
        labels:
          severity: testing
        annotations:
          summary: "Unapplied django migrations on {{$labels.connection}}"
          description: "Django detected {{$value}} unapplied migrations on database {{$labels.connection}}"
 {{- end }}
--- a/helm/passbook/templates/secret.yaml
+++ b/helm/passbook/templates/secret.yaml
@ -4,7 +4,7 @@ type: Opaque
 metadata:
  name: {{ include "passbook.fullname" . }}-secret-key
 data:
-  monitoring_username: monitor
+  monitoring_username: bW9uaXRvcg== # monitor in base64
  {{- if .Values.config.secret_key }}
  secret_key: {{ .Values.config.secret_key | b64enc | quote }}
  {{- else }}
--- a/helm/passbook/templates/static-deployment.yaml
+++ b/helm/passbook/templates/static-deployment.yaml
@ -21,23 +21,23 @@ spec:
    spec:
      containers:
        - name: {{ .Chart.Name }}-static
-          image: "docker.beryju.org/passbook/static:{{ .Values.image.tag }}"
+          image: "beryju/passbook-static:{{ .Values.image.tag }}"
          imagePullPolicy: IfNotPresent
          ports:
            - name: http
-              containerPort: 80
+              containerPort: 8080
              protocol: TCP
          livenessProbe:
            initialDelaySeconds: 10
            timeoutSeconds: 5
            httpGet:
-              path: /_/healthz
+              path: /-/ping
              port: http
          readinessProbe:
            initialDelaySeconds: 10
            timeoutSeconds: 5
            httpGet:
-              path: /_/healthz
+              path: /-/ping
              port: http
          resources:
            requests:
@ -46,6 +46,3 @@ spec:
            limits:
              cpu: 20m
              memory: 20M
        - name: {{ .Chart.Name }}-static-prometheus
          image: nginx/nginx-prometheus-exporter:0.4.1
          imagePullPolicy: IfNotPresent
--- a/helm/passbook/templates/static-service.yaml
+++ b/helm/passbook/templates/static-service.yaml
@ -11,7 +11,7 @@ metadata:
 spec:
  type: ClusterIP
  ports:
-    - port: 80
+    - port: 8080
      targetPort: http
      protocol: TCP
      name: http
--- a/helm/passbook/templates/static-sm.yaml
+++ b/helm/passbook/templates/static-sm.yaml
--- a/helm/passbook/templates/web-deployment.yaml
+++ b/helm/passbook/templates/web-deployment.yaml
@ -26,7 +26,7 @@ spec:
            name: {{ include "passbook.fullname" . }}-config
      initContainers:
        - name: passbook-database-migrations
-          image: "docker.beryju.org/passbook/server:{{ .Values.image.tag }}"
+          image: "beryju/passbook:{{ .Values.image.tag }}"
          command:
            - ./manage.py
          args:
@ -56,7 +56,7 @@ spec:
                  key: postgresql-password
      containers:
        - name: {{ .Chart.Name }}
-          image: "docker.beryju.org/passbook/server:{{ .Values.image.tag }}"
+          image: "beryju/passbook:{{ .Values.image.tag }}"
          imagePullPolicy: IfNotPresent
          command:
            - uwsgi
--- a/helm/passbook/templates/web-service.yaml
+++ b/helm/passbook/templates/web-service.yaml
--- a/helm/passbook/templates/web-sm.yaml
+++ b/helm/passbook/templates/web-sm.yaml
@ -18,6 +18,7 @@ spec:
        name: {{ include "passbook.fullname" . }}-secret-key
        key: monitoring_username
    port: http
    path: /metrics/
    interval: 10s
  selector:
    matchLabels:
--- a/helm/passbook/templates/worker-deployment.yaml
+++ b/helm/passbook/templates/worker-deployment.yaml
@ -26,7 +26,7 @@ spec:
            name: {{ include "passbook.fullname" . }}-config
      containers:
        - name: {{ .Chart.Name }}
-          image: "docker.beryju.org/passbook/server:{{ .Values.image.tag }}"
+          image: "beryju/passbook:{{ .Values.image.tag }}"
          imagePullPolicy: IfNotPresent
          command:
            - celery
--- a/helm/passbook/values.yaml
+++ b/helm/passbook/values.yaml
@ -2,7 +2,7 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 image:
-  tag: 0.7.2-beta
+  tag: 0.7.15-beta
 nameOverride: ""
@ -10,7 +10,7 @@ config:
  # Optionally specify fixed secret_key, otherwise generated automatically
  # secret_key: _k*@6h2u2@q-dku57hhgzb7tnx*ba9wodcb^s9g0j59@=y(@_o
  # Enable error reporting
-  error_reporting: true
+  error_reporting: false
  email:
    host: localhost
--- a/mkdocs.yml
+++ b/mkdocs.yml
@ -0,0 +1,34 @@
 site_name: passbook Docs
 site_url: https://beryju.github.io/passbook
 copyright: "Copyright &copy; 2019 - 2020 BeryJu.org"
 nav:
  - Home: index.md
  - Installation:
      - Installation: installation/install.md
      - docker-compose: installation/docker-compose.md
      - Kubernetes: installation/kubernetes.md
  - Sources: sources.md
  - Providers: providers.md
  - Property Mappings: property-mappings.md
  - Factors: factors.md
  - Policies: policies.md
  - Integrations:
      - as Provider:
          - GitLab: integrations/services/gitlab/index.md
          - Rancher: integrations/services/rancher/index.md
          - Harbor: integrations/services/harbor/index.md
          - Sentry: integrations/services/sentry/index.md
  - Reference:
      - Property Mappings:
          - User Object: reference/property-mappings/user-object.md
 repo_name: "BeryJu.org/passbook"
 repo_url: https://github.com/BeryJu/passbook
 theme:
  name: "material"
  logo: "images/logo.svg"
 markdown_extensions:
  - toc:
      permalink: "¶"
--- a/passbook/init.py
+++ b/passbook/init.py
@ -1,2 +1,2 @@
 """passbook"""
-__version__ = '0.7.2-beta'
+__version__ = "0.7.15-beta"
--- a/passbook/admin/apps.py
+++ b/passbook/admin/apps.py
@ -5,7 +5,7 @@ from django.apps import AppConfig
 class PassbookAdminConfig(AppConfig):
    """passbook admin app config"""
-    name = 'passbook.admin'
+    name = "passbook.admin"
-    label = 'passbook_admin'
+    label = "passbook_admin"
-    mountpoint = 'administration/'
+    mountpoint = "administration/"
-    verbose_name = 'passbook Admin'
+    verbose_name = "passbook Admin"
--- a/passbook/admin/fields.py
+++ b/passbook/admin/fields.py
@ -16,7 +16,7 @@ class YAMLField(forms.CharField):
    """Django's JSON Field converted to YAML"""
    default_error_messages = {
-        'invalid': _("'%(value)s' value must be valid YAML."),
+        "invalid": _("'%(value)s' value must be valid YAML."),
    }
    widget = forms.Textarea
@ -31,9 +31,7 @@ class YAMLField(forms.CharField):
            converted = yaml.safe_load(value)
        except yaml.YAMLError:
            raise forms.ValidationError(
-                self.error_messages['invalid'],
+                self.error_messages["invalid"], code="invalid", params={"value": value},
                code='invalid',
                params={'value': value},
            )
        if isinstance(converted, str):
            return YAMLString(converted)
--- a/passbook/admin/forms/base.py
+++ b/passbook/admin/forms/base.py
@ -1,4 +1,4 @@
-"""p2 form helpers"""
+"""passbook form helpers"""
 from django import forms
 from passbook.admin.fields import YAMLField
@ -9,29 +9,32 @@ class TagModelForm(forms.ModelForm):
    def __init__(self, *args, **kwargs):
        # Check if we have an instance, load tags otherwise use an empty dict
-        instance = kwargs.get('instance', None)
+        instance = kwargs.get("instance", None)
        tags = instance.tags if instance else {}
        # Make sure all predefined tags exist in tags, and set default if they don't
-        predefined_tags = self._meta.model().get_predefined_tags()  # pylint: disable=no-member
+        predefined_tags = (
            self._meta.model().get_predefined_tags()  # pylint: disable=no-member
        )
        for key, value in predefined_tags.items():
            if key not in tags:
                tags[key] = value
        # Format JSON
-        kwargs['initial']['tags'] = tags
+        kwargs["initial"]["tags"] = tags
        super().__init__(*args, **kwargs)
    def clean_tags(self):
        """Make sure all required tags are set"""
-        if hasattr(self.instance, 'get_required_keys') and hasattr(self.instance, 'tags'):
+        if hasattr(self.instance, "get_required_keys") and hasattr(
            self.instance, "tags"
        ):
            for key in self.instance.get_required_keys():
-                if key not in self.cleaned_data.get('tags'):
+                if key not in self.cleaned_data.get("tags"):
                    raise forms.ValidationError("Tag %s missing." % key)
-        return self.cleaned_data.get('tags')
+        return self.cleaned_data.get("tags")
 # pylint: disable=too-few-public-methods
 class TagModelFormMeta:
    """Base Meta class that uses the YAMLField"""
-    field_classes = {
+    field_classes = {"tags": YAMLField}
        'tags': YAMLField
    }
--- a/passbook/admin/forms/source.py
+++ b/passbook/admin/forms/source.py
@ -1,7 +1,7 @@
 """passbook core source form fields"""
 # from django import forms
-SOURCE_FORM_FIELDS = ['name', 'slug', 'enabled', 'policies']
+SOURCE_FORM_FIELDS = ["name", "slug", "enabled", "policies"]
-SOURCE_SERIALIZER_FIELDS = ['pk', 'name', 'slug', 'enabled', 'policies']
+SOURCE_SERIALIZER_FIELDS = ["pk", "name", "slug", "enabled", "policies"]
 # class SourceForm(forms.Form)
--- a/passbook/admin/forms/users.py
+++ b/passbook/admin/forms/users.py
@ -12,10 +12,10 @@ class UserForm(forms.ModelForm):
    class Meta:
        model = User
-        fields = ['username', 'name', 'email', 'is_staff', 'is_active', 'attributes']
+        fields = ["username", "name", "email", "is_staff", "is_active", "attributes"]
        widgets = {
-            'name': forms.TextInput,
+            "name": forms.TextInput,
        }
        field_classes = {
-            'attributes': YAMLField,
+            "attributes": YAMLField,
        }
--- a/passbook/admin/middleware.py
+++ b/passbook/admin/middleware.py
@ -11,15 +11,16 @@ def impersonate(get_response):
        # User is superuser and has __impersonate ID set
        if request.user.is_superuser and "__impersonate" in request.GET:
-            request.session['impersonate_id'] = request.GET["__impersonate"]
+            request.session["impersonate_id"] = request.GET["__impersonate"]
        # user wants to stop impersonation
-        elif "__unimpersonate" in request.GET and 'impersonate_id' in request.session:
+        elif "__unimpersonate" in request.GET and "impersonate_id" in request.session:
-            del request.session['impersonate_id']
+            del request.session["impersonate_id"]
        # Actually impersonate user
-        if request.user.is_superuser and 'impersonate_id' in request.session:
+        if request.user.is_superuser and "impersonate_id" in request.session:
-            request.user = User.objects.get(pk=request.session['impersonate_id'])
+            request.user = User.objects.get(pk=request.session["impersonate_id"])
        response = get_response(request)
        return response
    return middleware
--- a/passbook/admin/settings.py
+++ b/passbook/admin/settings.py
@ -1,5 +1,5 @@
 """passbook admin settings"""
 MIDDLEWARE = [
-    'passbook.admin.middleware.impersonate',
+    "passbook.admin.middleware.impersonate",
 ]
--- a/passbook/admin/templates/generic/create.html
+++ b/passbook/admin/templates/generic/create.html
@ -1,4 +1,4 @@
-{% extends "generic/form.html" %}
+{% extends base_template|default:"generic/form.html" %}
 {% load utils %}
 {% load i18n %}
--- a/passbook/admin/templates/generic/form.html
+++ b/passbook/admin/templates/generic/form.html
@ -20,6 +20,7 @@
 <link rel="stylesheet" href="{% static 'codemirror/lib/codemirror.css' %}">
 <link rel="stylesheet" href="{% static 'codemirror/theme/monokai.css' %}">
 <script src="{% static 'codemirror/mode/yaml/yaml.js' %}"></script>
 <script src="{% static 'codemirror/mode/jinja2/jinja2.js' %}"></script>
 {% endblock %}
 {% block content %}
@ -29,21 +30,33 @@
  <div class="">
    <form action="" method="post" class="form-horizontal">
      {% include 'partials/form.html' with form=form %}
      {% block beneath_form %}
      {% endblock %}
      <a class="btn btn-default" href="{% back %}">{% trans "Cancel" %}</a>
      <input type="submit" class="btn btn-primary" value="{% block action %}{% endblock %}" />
    </form>
  </div>
  {% block beneath_form %}
  {% endblock %}
  <script>
-    let attributes = document.getElementsByName('attributes');
+    const attributes = document.getElementsByName('attributes');
    if (attributes.length > 0) {
-      let myCodeMirror = CodeMirror.fromTextArea(attributes[0], {
+      // https://github.com/codemirror/CodeMirror/issues/5092
      attributes[0].removeAttribute("required");
      const attributesCM = CodeMirror.fromTextArea(attributes[0], {
        mode: 'yaml',
        theme: 'monokai',
        lineNumbers: true,
      });
    }
    const templates = document.getElementsByName('template');
    if (templates.length > 0) {
      // https://github.com/codemirror/CodeMirror/issues/5092
      templates[0].removeAttribute("required");
      const templateCM = CodeMirror.fromTextArea(templates[0], {
        mode: 'jinja2',
        theme: 'monokai',
        lineNumbers: true,
      });
    }
  </script>
 </div>
 {% endblock %}
--- a/passbook/admin/templates/generic/update.html
+++ b/passbook/admin/templates/generic/update.html
@ -1,4 +1,4 @@
-{% extends "generic/form.html" %}
+{% extends base_template|default:"generic/form.html" %}
 {% load utils %}
 {% load i18n %}
--- a/passbook/admin/templatetags/admin_reflection.py
+++ b/passbook/admin/templatetags/admin_reflection.py
@ -10,10 +10,11 @@ from passbook.lib.utils.template import render_to_string
 register = template.Library()
 LOGGER = get_logger()
@register.simple_tag()
 def get_links(model_instance):
    """Find all link_ methods on an object instance, run them and return as dict"""
-    prefix = 'link_'
+    prefix = "link_"
    links = {}
    if not isinstance(model_instance, Model):
@ -21,9 +22,11 @@ def get_links(model_instance):
        return links
    try:
-        for name, method in inspect.getmembers(model_instance, predicate=inspect.ismethod):
+        for name, method in inspect.getmembers(
            model_instance, predicate=inspect.ismethod
        ):
            if name.startswith(prefix):
-                human_name = name.replace(prefix, '').replace('_', ' ').capitalize()
+                human_name = name.replace(prefix, "").replace("_", " ").capitalize()
                link = method()
                if link:
                    links[human_name] = link
@ -36,7 +39,7 @@ def get_links(model_instance):
@register.simple_tag(takes_context=True)
 def get_htmls(context, model_instance):
    """Find all html_ methods on an object instance, run them and return as dict"""
-    prefix = 'html_'
+    prefix = "html_"
    htmls = []
    if not isinstance(model_instance, Model):
@ -44,9 +47,11 @@ def get_htmls(context, model_instance):
        return htmls
    try:
-        for name, method in inspect.getmembers(model_instance, predicate=inspect.ismethod):
+        for name, method in inspect.getmembers(
            model_instance, predicate=inspect.ismethod
        ):
            if name.startswith(prefix):
-                template, _context = method(context.get('request'))
+                template, _context = method(context.get("request"))
                htmls.append(render_to_string(template, _context))
    except NotImplementedError:
        pass
--- a/passbook/admin/urls.py
+++ b/passbook/admin/urls.py
@ -1,82 +1,157 @@
 """passbook URL Configuration"""
 from django.urls import path
-from passbook.admin.views import (applications, audit, debug, factors, groups,
+from passbook.admin.views import (
-                                  invitations, overview, policy,
+    applications,
-                                  property_mapping, providers, sources, users)
+    audit,
    debug,
    factors,
    groups,
    invitations,
    overview,
    policy,
    property_mapping,
    providers,
    sources,
    users,
 )
 urlpatterns = [
-    path('', overview.AdministrationOverviewView.as_view(), name='overview'),
+    path("", overview.AdministrationOverviewView.as_view(), name="overview"),
    # Applications
-    path('applications/', applications.ApplicationListView.as_view(),
+    path(
-         name='applications'),
+        "applications/", applications.ApplicationListView.as_view(), name="applications"
-    path('applications/create/', applications.ApplicationCreateView.as_view(),
+    ),
-         name='application-create'),
+    path(
-    path('applications/<uuid:pk>/update/',
+        "applications/create/",
-         applications.ApplicationUpdateView.as_view(), name='application-update'),
+        applications.ApplicationCreateView.as_view(),
-    path('applications/<uuid:pk>/delete/',
+        name="application-create",
-         applications.ApplicationDeleteView.as_view(), name='application-delete'),
+    ),
    path(
        "applications/<uuid:pk>/update/",
        applications.ApplicationUpdateView.as_view(),
        name="application-update",
    ),
    path(
        "applications/<uuid:pk>/delete/",
        applications.ApplicationDeleteView.as_view(),
        name="application-delete",
    ),
    # Sources
-    path('sources/', sources.SourceListView.as_view(), name='sources'),
+    path("sources/", sources.SourceListView.as_view(), name="sources"),
-    path('sources/create/', sources.SourceCreateView.as_view(), name='source-create'),
+    path("sources/create/", sources.SourceCreateView.as_view(), name="source-create"),
-    path('sources/<uuid:pk>/update/', sources.SourceUpdateView.as_view(), name='source-update'),
+    path(
-    path('sources/<uuid:pk>/delete/', sources.SourceDeleteView.as_view(), name='source-delete'),
+        "sources/<uuid:pk>/update/",
        sources.SourceUpdateView.as_view(),
        name="source-update",
    ),
    path(
        "sources/<uuid:pk>/delete/",
        sources.SourceDeleteView.as_view(),
        name="source-delete",
    ),
    # Policies
-    path('policies/', policy.PolicyListView.as_view(), name='policies'),
+    path("policies/", policy.PolicyListView.as_view(), name="policies"),
-    path('policies/create/', policy.PolicyCreateView.as_view(), name='policy-create'),
+    path("policies/create/", policy.PolicyCreateView.as_view(), name="policy-create"),
-    path('policies/<uuid:pk>/update/', policy.PolicyUpdateView.as_view(), name='policy-update'),
+    path(
-    path('policies/<uuid:pk>/delete/', policy.PolicyDeleteView.as_view(), name='policy-delete'),
+        "policies/<uuid:pk>/update/",
-    path('policies/<uuid:pk>/test/', policy.PolicyTestView.as_view(), name='policy-test'),
+        policy.PolicyUpdateView.as_view(),
        name="policy-update",
    ),
    path(
        "policies/<uuid:pk>/delete/",
        policy.PolicyDeleteView.as_view(),
        name="policy-delete",
    ),
    path(
        "policies/<uuid:pk>/test/", policy.PolicyTestView.as_view(), name="policy-test"
    ),
    # Providers
-    path('providers/', providers.ProviderListView.as_view(), name='providers'),
+    path("providers/", providers.ProviderListView.as_view(), name="providers"),
-    path('providers/create/',
+    path(
-         providers.ProviderCreateView.as_view(), name='provider-create'),
+        "providers/create/",
-    path('providers/<int:pk>/update/',
+        providers.ProviderCreateView.as_view(),
-         providers.ProviderUpdateView.as_view(), name='provider-update'),
+        name="provider-create",
-    path('providers/<int:pk>/delete/',
+    ),
-         providers.ProviderDeleteView.as_view(), name='provider-delete'),
+    path(
        "providers/<int:pk>/update/",
        providers.ProviderUpdateView.as_view(),
        name="provider-update",
    ),
    path(
        "providers/<int:pk>/delete/",
        providers.ProviderDeleteView.as_view(),
        name="provider-delete",
    ),
    # Factors
-    path('factors/', factors.FactorListView.as_view(), name='factors'),
+    path("factors/", factors.FactorListView.as_view(), name="factors"),
-    path('factors/create/',
+    path("factors/create/", factors.FactorCreateView.as_view(), name="factor-create"),
-         factors.FactorCreateView.as_view(), name='factor-create'),
+    path(
-    path('factors/<uuid:pk>/update/',
+        "factors/<uuid:pk>/update/",
-         factors.FactorUpdateView.as_view(), name='factor-update'),
+        factors.FactorUpdateView.as_view(),
-    path('factors/<uuid:pk>/delete/',
+        name="factor-update",
-         factors.FactorDeleteView.as_view(), name='factor-delete'),
+    ),
    path(
        "factors/<uuid:pk>/delete/",
        factors.FactorDeleteView.as_view(),
        name="factor-delete",
    ),
    # Factors
-    path('property-mappings/', property_mapping.PropertyMappingListView.as_view(),
+    path(
-         name='property-mappings'),
+        "property-mappings/",
-    path('property-mappings/create/',
+        property_mapping.PropertyMappingListView.as_view(),
-         property_mapping.PropertyMappingCreateView.as_view(), name='property-mapping-create'),
+        name="property-mappings",
-    path('property-mappings/<uuid:pk>/update/',
+    ),
-         property_mapping.PropertyMappingUpdateView.as_view(), name='property-mapping-update'),
+    path(
-    path('property-mappings/<uuid:pk>/delete/',
+        "property-mappings/create/",
-         property_mapping.PropertyMappingDeleteView.as_view(), name='property-mapping-delete'),
+        property_mapping.PropertyMappingCreateView.as_view(),
        name="property-mapping-create",
    ),
    path(
        "property-mappings/<uuid:pk>/update/",
        property_mapping.PropertyMappingUpdateView.as_view(),
        name="property-mapping-update",
    ),
    path(
        "property-mappings/<uuid:pk>/delete/",
        property_mapping.PropertyMappingDeleteView.as_view(),
        name="property-mapping-delete",
    ),
    # Invitations
-    path('invitations/', invitations.InvitationListView.as_view(), name='invitations'),
+    path("invitations/", invitations.InvitationListView.as_view(), name="invitations"),
-    path('invitations/create/',
+    path(
-         invitations.InvitationCreateView.as_view(), name='invitation-create'),
+        "invitations/create/",
-    path('invitations/<uuid:pk>/delete/',
+        invitations.InvitationCreateView.as_view(),
-         invitations.InvitationDeleteView.as_view(), name='invitation-delete'),
+        name="invitation-create",
    ),
    path(
        "invitations/<uuid:pk>/delete/",
        invitations.InvitationDeleteView.as_view(),
        name="invitation-delete",
    ),
    # Users
-    path('users/', users.UserListView.as_view(),
+    path("users/", users.UserListView.as_view(), name="users"),
-         name='users'),
+    path("users/create/", users.UserCreateView.as_view(), name="user-create"),
-    path('users/create/', users.UserCreateView.as_view(), name='user-create'),
+    path("users/<int:pk>/update/", users.UserUpdateView.as_view(), name="user-update"),
-    path('users/<int:pk>/update/',
+    path("users/<int:pk>/delete/", users.UserDeleteView.as_view(), name="user-delete"),
-         users.UserUpdateView.as_view(), name='user-update'),
+    path(
-    path('users/<int:pk>/delete/',
+        "users/<int:pk>/reset/",
-         users.UserDeleteView.as_view(), name='user-delete'),
+        users.UserPasswordResetView.as_view(),
-    path('users/<int:pk>/reset/',
+        name="user-password-reset",
-         users.UserPasswordResetView.as_view(), name='user-password-reset'),
+    ),
    # Groups
-    path('group/', groups.GroupListView.as_view(), name='group'),
+    path("group/", groups.GroupListView.as_view(), name="group"),
-    path('group/create/', groups.GroupCreateView.as_view(), name='group-create'),
+    path("group/create/", groups.GroupCreateView.as_view(), name="group-create"),
-    path('group/<uuid:pk>/update/', groups.GroupUpdateView.as_view(), name='group-update'),
+    path(
-    path('group/<uuid:pk>/delete/', groups.GroupDeleteView.as_view(), name='group-delete'),
+        "group/<uuid:pk>/update/", groups.GroupUpdateView.as_view(), name="group-update"
    ),
    path(
        "group/<uuid:pk>/delete/", groups.GroupDeleteView.as_view(), name="group-delete"
    ),
    # Audit Log
-    path('audit/', audit.EventListView.as_view(), name='audit-log'),
+    path("audit/", audit.EventListView.as_view(), name="audit-log"),
    # Groups
-    path('groups/', groups.GroupListView.as_view(), name='groups'),
+    path("groups/", groups.GroupListView.as_view(), name="groups"),
    # Debug
-    path('debug/request/', debug.DebugRequestView.as_view(), name='debug-request'),
+    path("debug/request/", debug.DebugRequestView.as_view(), name="debug-request"),
 ]
--- a/passbook/admin/views/applications.py
+++ b/passbook/admin/views/applications.py
@ -1,8 +1,9 @@
 """passbook Application administration"""
 from django.contrib import messages
 from django.contrib.auth.mixins import LoginRequiredMixin
-from django.contrib.auth.mixins import \
+from django.contrib.auth.mixins import (
-    PermissionRequiredMixin as DjangoPermissionRequiredMixin
+    PermissionRequiredMixin as DjangoPermissionRequiredMixin,
 )
 from django.contrib.messages.views import SuccessMessageMixin
 from django.urls import reverse_lazy
 from django.utils.translation import ugettext as _
@ -18,55 +19,61 @@ class ApplicationListView(LoginRequiredMixin, PermissionListMixin, ListView):
    """Show list of all applications"""
    model = Application
-    permission_required = 'passbook_core.view_application'
+    permission_required = "passbook_core.view_application"
-    ordering = 'name'
+    ordering = "name"
    paginate_by = 40
-    template_name = 'administration/application/list.html'
+    template_name = "administration/application/list.html"
    def get_queryset(self):
        return super().get_queryset().select_subclasses()
-class ApplicationCreateView(SuccessMessageMixin, LoginRequiredMixin,
+class ApplicationCreateView(
-                            DjangoPermissionRequiredMixin, CreateAssignPermView):
+    SuccessMessageMixin,
    LoginRequiredMixin,
    DjangoPermissionRequiredMixin,
    CreateAssignPermView,
 ):
    """Create new Application"""
    model = Application
    form_class = ApplicationForm
-    permission_required = 'passbook_core.add_application'
+    permission_required = "passbook_core.add_application"
-    template_name = 'generic/create.html'
+    template_name = "generic/create.html"
-    success_url = reverse_lazy('passbook_admin:applications')
+    success_url = reverse_lazy("passbook_admin:applications")
-    success_message = _('Successfully created Application')
+    success_message = _("Successfully created Application")
    def get_context_data(self, **kwargs):
-        kwargs['type'] = 'Application'
+        kwargs["type"] = "Application"
        return super().get_context_data(**kwargs)
-class ApplicationUpdateView(SuccessMessageMixin, LoginRequiredMixin,
+class ApplicationUpdateView(
-                            PermissionRequiredMixin, UpdateView):
+    SuccessMessageMixin, LoginRequiredMixin, PermissionRequiredMixin, UpdateView
 ):
    """Update application"""
    model = Application
    form_class = ApplicationForm
-    permission_required = 'passbook_core.change_application'
+    permission_required = "passbook_core.change_application"
-    template_name = 'generic/update.html'
+    template_name = "generic/update.html"
-    success_url = reverse_lazy('passbook_admin:applications')
+    success_url = reverse_lazy("passbook_admin:applications")
-    success_message = _('Successfully updated Application')
+    success_message = _("Successfully updated Application")
-class ApplicationDeleteView(SuccessMessageMixin, LoginRequiredMixin,
+class ApplicationDeleteView(
-                            PermissionRequiredMixin, DeleteView):
+    SuccessMessageMixin, LoginRequiredMixin, PermissionRequiredMixin, DeleteView
 ):
    """Delete application"""
    model = Application
-    permission_required = 'passbook_core.delete_application'
+    permission_required = "passbook_core.delete_application"
-    template_name = 'generic/delete.html'
+    template_name = "generic/delete.html"
-    success_url = reverse_lazy('passbook_admin:applications')
+    success_url = reverse_lazy("passbook_admin:applications")
-    success_message = _('Successfully deleted Application')
+    success_message = _("Successfully deleted Application")
    def delete(self, request, *args, **kwargs):
        messages.success(self.request, self.success_message)
--- a/passbook/admin/views/audit.py
+++ b/passbook/admin/views/audit.py
@ -9,10 +9,10 @@ class EventListView(PermissionListMixin, ListView):
    """Show list of all invitations"""
    model = Event
-    template_name = 'administration/audit/list.html'
+    template_name = "administration/audit/list.html"
-    permission_required = 'passbook_audit.view_event'
+    permission_required = "passbook_audit.view_event"
-    ordering = '-created'
+    ordering = "-created"
    paginate_by = 10
    def get_queryset(self):
-        return Event.objects.all().order_by('-created')
+        return Event.objects.all().order_by("-created")
--- a/passbook/admin/views/debug.py
+++ b/passbook/admin/views/debug.py
@ -6,10 +6,10 @@ from django.views.generic import TemplateView
 class DebugRequestView(LoginRequiredMixin, TemplateView):
    """Show debug info about request"""
-    template_name = 'administration/debug/request.html'
+    template_name = "administration/debug/request.html"
    def get_context_data(self, **kwargs):
-        kwargs['request_dict'] = {}
+        kwargs["request_dict"] = {}
        for key in dir(self.request):
-            kwargs['request_dict'][key] = getattr(self.request, key)
+            kwargs["request_dict"][key] = getattr(self.request, key)
        return super().get_context_data(**kwargs)
--- a/passbook/admin/views/factors.py
+++ b/passbook/admin/views/factors.py
@ -1,8 +1,9 @@
 """passbook Factor administration"""
 from django.contrib import messages
 from django.contrib.auth.mixins import LoginRequiredMixin
-from django.contrib.auth.mixins import \
+from django.contrib.auth.mixins import (
-    PermissionRequiredMixin as DjangoPermissionRequiredMixin
+    PermissionRequiredMixin as DjangoPermissionRequiredMixin,
 )
 from django.contrib.messages.views import SuccessMessageMixin
 from django.http import Http404
 from django.urls import reverse_lazy
@ -18,62 +19,69 @@ from passbook.lib.views import CreateAssignPermView
 def all_subclasses(cls):
    """Recursively return all subclassess of cls"""
    return set(cls.__subclasses__()).union(
-        [s for c in cls.__subclasses__() for s in all_subclasses(c)])
+        [s for c in cls.__subclasses__() for s in all_subclasses(c)]
    )
 class FactorListView(LoginRequiredMixin, PermissionListMixin, ListView):
    """Show list of all factors"""
    model = Factor
-    template_name = 'administration/factor/list.html'
+    template_name = "administration/factor/list.html"
-    permission_required = 'passbook_core.view_factor'
+    permission_required = "passbook_core.view_factor"
-    ordering = 'order'
+    ordering = "order"
    paginate_by = 40
    def get_context_data(self, **kwargs):
-        kwargs['types'] = {
+        kwargs["types"] = {
-            x.__name__: x._meta.verbose_name for x in all_subclasses(Factor)}
+            x.__name__: x._meta.verbose_name for x in all_subclasses(Factor)
        }
        return super().get_context_data(**kwargs)
    def get_queryset(self):
        return super().get_queryset().select_subclasses()
-class FactorCreateView(SuccessMessageMixin, LoginRequiredMixin,
+class FactorCreateView(
-                       DjangoPermissionRequiredMixin, CreateAssignPermView):
+    SuccessMessageMixin,
    LoginRequiredMixin,
    DjangoPermissionRequiredMixin,
    CreateAssignPermView,
 ):
    """Create new Factor"""
    model = Factor
-    template_name = 'generic/create.html'
+    template_name = "generic/create.html"
-    permission_required = 'passbook_core.add_factor'
+    permission_required = "passbook_core.add_factor"
-    success_url = reverse_lazy('passbook_admin:factors')
+    success_url = reverse_lazy("passbook_admin:factors")
-    success_message = _('Successfully created Factor')
+    success_message = _("Successfully created Factor")
    def get_context_data(self, **kwargs):
        kwargs = super().get_context_data(**kwargs)
-        factor_type = self.request.GET.get('type')
+        factor_type = self.request.GET.get("type")
        model = next(x for x in all_subclasses(Factor) if x.__name__ == factor_type)
-        kwargs['type'] = model._meta.verbose_name
+        kwargs["type"] = model._meta.verbose_name
        return kwargs
    def get_form_class(self):
-        factor_type = self.request.GET.get('type')
+        factor_type = self.request.GET.get("type")
        model = next(x for x in all_subclasses(Factor) if x.__name__ == factor_type)
        if not model:
            raise Http404
        return path_to_class(model.form)
-class FactorUpdateView(SuccessMessageMixin, LoginRequiredMixin,
+class FactorUpdateView(
-                       PermissionRequiredMixin, UpdateView):
+    SuccessMessageMixin, LoginRequiredMixin, PermissionRequiredMixin, UpdateView
 ):
    """Update factor"""
    model = Factor
-    permission_required = 'passbook_core.update_application'
+    permission_required = "passbook_core.update_application"
-    template_name = 'generic/update.html'
+    template_name = "generic/update.html"
-    success_url = reverse_lazy('passbook_admin:factors')
+    success_url = reverse_lazy("passbook_admin:factors")
-    success_message = _('Successfully updated Factor')
+    success_message = _("Successfully updated Factor")
    def get_form_class(self):
        form_class_path = self.get_object().form
@ -81,21 +89,26 @@ class FactorUpdateView(SuccessMessageMixin, LoginRequiredMixin,
        return form_class
    def get_object(self, queryset=None):
-        return Factor.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
+        return (
            Factor.objects.filter(pk=self.kwargs.get("pk")).select_subclasses().first()
        )
-class FactorDeleteView(SuccessMessageMixin, LoginRequiredMixin,
+class FactorDeleteView(
-                       PermissionRequiredMixin, DeleteView):
+    SuccessMessageMixin, LoginRequiredMixin, PermissionRequiredMixin, DeleteView
 ):
    """Delete factor"""
    model = Factor
-    template_name = 'generic/delete.html'
+    template_name = "generic/delete.html"
-    permission_required = 'passbook_core.delete_factor'
+    permission_required = "passbook_core.delete_factor"
-    success_url = reverse_lazy('passbook_admin:factors')
+    success_url = reverse_lazy("passbook_admin:factors")
-    success_message = _('Successfully deleted Factor')
+    success_message = _("Successfully deleted Factor")
    def get_object(self, queryset=None):
-        return Factor.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
+        return (
            Factor.objects.filter(pk=self.kwargs.get("pk")).select_subclasses().first()
        )
    def delete(self, request, *args, **kwargs):
        messages.success(self.request, self.success_message)
--- a/passbook/admin/views/groups.py
+++ b/passbook/admin/views/groups.py
@ -1,8 +1,9 @@
 """passbook Group administration"""
 from django.contrib import messages
 from django.contrib.auth.mixins import LoginRequiredMixin
-from django.contrib.auth.mixins import \
+from django.contrib.auth.mixins import (
-    PermissionRequiredMixin as DjangoPermissionRequiredMixin
+    PermissionRequiredMixin as DjangoPermissionRequiredMixin,
 )
 from django.contrib.messages.views import SuccessMessageMixin
 from django.urls import reverse_lazy
 from django.utils.translation import ugettext as _
@ -18,40 +19,45 @@ class GroupListView(LoginRequiredMixin, PermissionListMixin, ListView):
    """Show list of all groups"""
    model = Group
-    permission_required = 'passbook_core.view_group'
+    permission_required = "passbook_core.view_group"
-    ordering = 'name'
+    ordering = "name"
    paginate_by = 40
-    template_name = 'administration/group/list.html'
+    template_name = "administration/group/list.html"
-class GroupCreateView(SuccessMessageMixin, LoginRequiredMixin,
+class GroupCreateView(
-                      DjangoPermissionRequiredMixin, CreateAssignPermView):
+    SuccessMessageMixin,
    LoginRequiredMixin,
    DjangoPermissionRequiredMixin,
    CreateAssignPermView,
 ):
    """Create new Group"""
    model = Group
    form_class = GroupForm
-    permission_required = 'passbook_core.add_group'
+    permission_required = "passbook_core.add_group"
-    template_name = 'generic/create.html'
+    template_name = "generic/create.html"
-    success_url = reverse_lazy('passbook_admin:groups')
+    success_url = reverse_lazy("passbook_admin:groups")
-    success_message = _('Successfully created Group')
+    success_message = _("Successfully created Group")
    def get_context_data(self, **kwargs):
-        kwargs['type'] = 'Group'
+        kwargs["type"] = "Group"
        return super().get_context_data(**kwargs)
-class GroupUpdateView(SuccessMessageMixin, LoginRequiredMixin,
+class GroupUpdateView(
-                      PermissionRequiredMixin, UpdateView):
+    SuccessMessageMixin, LoginRequiredMixin, PermissionRequiredMixin, UpdateView
 ):
    """Update group"""
    model = Group
    form_class = GroupForm
-    permission_required = 'passbook_core.change_group'
+    permission_required = "passbook_core.change_group"
-    template_name = 'generic/update.html'
+    template_name = "generic/update.html"
-    success_url = reverse_lazy('passbook_admin:groups')
+    success_url = reverse_lazy("passbook_admin:groups")
-    success_message = _('Successfully updated Group')
+    success_message = _("Successfully updated Group")
 class GroupDeleteView(SuccessMessageMixin, LoginRequiredMixin, DeleteView):
@ -59,9 +65,9 @@ class GroupDeleteView(SuccessMessageMixin, LoginRequiredMixin, DeleteView):
    model = Group
-    template_name = 'generic/delete.html'
+    template_name = "generic/delete.html"
-    success_url = reverse_lazy('passbook_admin:groups')
+    success_url = reverse_lazy("passbook_admin:groups")
-    success_message = _('Successfully deleted Group')
+    success_message = _("Successfully deleted Group")
    def delete(self, request, *args, **kwargs):
        messages.success(self.request, self.success_message)
--- a/passbook/admin/views/invitations.py
+++ b/passbook/admin/views/invitations.py
@ -1,8 +1,9 @@
 """passbook Invitation administration"""
 from django.contrib import messages
 from django.contrib.auth.mixins import LoginRequiredMixin
-from django.contrib.auth.mixins import \
+from django.contrib.auth.mixins import (
-    PermissionRequiredMixin as DjangoPermissionRequiredMixin
+    PermissionRequiredMixin as DjangoPermissionRequiredMixin,
 )
 from django.contrib.messages.views import SuccessMessageMixin
 from django.http import HttpResponseRedirect
 from django.urls import reverse_lazy
@ -20,47 +21,49 @@ class InvitationListView(LoginRequiredMixin, PermissionListMixin, ListView):
    """Show list of all invitations"""
    model = Invitation
-    permission_required = 'passbook_core.view_invitation'
+    permission_required = "passbook_core.view_invitation"
-    template_name = 'administration/invitation/list.html'
+    template_name = "administration/invitation/list.html"
-class InvitationCreateView(SuccessMessageMixin, LoginRequiredMixin,
+class InvitationCreateView(
-                           DjangoPermissionRequiredMixin, CreateAssignPermView):
+    SuccessMessageMixin,
    LoginRequiredMixin,
    DjangoPermissionRequiredMixin,
    CreateAssignPermView,
 ):
    """Create new Invitation"""
    model = Invitation
    form_class = InvitationForm
-    permission_required = 'passbook_core.add_invitation'
+    permission_required = "passbook_core.add_invitation"
-    template_name = 'generic/create.html'
+    template_name = "generic/create.html"
-    success_url = reverse_lazy('passbook_admin:invitations')
+    success_url = reverse_lazy("passbook_admin:invitations")
-    success_message = _('Successfully created Invitation')
+    success_message = _("Successfully created Invitation")
    def get_context_data(self, **kwargs):
-        kwargs['type'] = 'Invitation'
+        kwargs["type"] = "Invitation"
        return super().get_context_data(**kwargs)
    def form_valid(self, form):
        obj = form.save(commit=False)
        obj.created_by = self.request.user
        obj.save()
-        invitation_created.send(
+        invitation_created.send(sender=self, request=self.request, invitation=obj)
            sender=self,
            request=self.request,
            invitation=obj)
        return HttpResponseRedirect(self.success_url)
-class InvitationDeleteView(SuccessMessageMixin, LoginRequiredMixin,
+class InvitationDeleteView(
-                           PermissionRequiredMixin, DeleteView):
+    SuccessMessageMixin, LoginRequiredMixin, PermissionRequiredMixin, DeleteView
 ):
    """Delete invitation"""
    model = Invitation
-    permission_required = 'passbook_core.delete_invitation'
+    permission_required = "passbook_core.delete_invitation"
-    template_name = 'generic/delete.html'
+    template_name = "generic/delete.html"
-    success_url = reverse_lazy('passbook_admin:invitations')
+    success_url = reverse_lazy("passbook_admin:invitations")
-    success_message = _('Successfully deleted Invitation')
+    success_message = _("Successfully deleted Invitation")
    def delete(self, request, *args, **kwargs):
        messages.success(self.request, self.success_message)
--- a/passbook/admin/views/overview.py
+++ b/passbook/admin/views/overview.py
@ -5,34 +5,45 @@ from django.views.generic import TemplateView
 from passbook import __version__
 from passbook.admin.mixins import AdminRequiredMixin
-from passbook.core.models import (Application, Factor, Invitation, Policy,
+from passbook.core.models import (
-                                  Provider, Source, User)
+    Application,
    Factor,
    Invitation,
    Policy,
    Provider,
    Source,
    User,
 )
 from passbook.root.celery import CELERY_APP
 class AdministrationOverviewView(AdminRequiredMixin, TemplateView):
    """Overview View"""
-    template_name = 'administration/overview.html'
+    template_name = "administration/overview.html"
    def post(self, *args, **kwargs):
        """Handle post (clear cache from modal)"""
-        if 'clear' in self.request.POST:
+        if "clear" in self.request.POST:
            cache.clear()
-            return redirect(reverse('passbook_core:auth-login'))
+            return redirect(reverse("passbook_core:auth-login"))
        return self.get(*args, **kwargs)
    def get_context_data(self, **kwargs):
-        kwargs['application_count'] = len(Application.objects.all())
+        kwargs["application_count"] = len(Application.objects.all())
-        kwargs['policy_count'] = len(Policy.objects.all())
+        kwargs["policy_count"] = len(Policy.objects.all())
-        kwargs['user_count'] = len(User.objects.all())
+        kwargs["user_count"] = len(User.objects.all())
-        kwargs['provider_count'] = len(Provider.objects.all())
+        kwargs["provider_count"] = len(Provider.objects.all())
-        kwargs['source_count'] = len(Source.objects.all())
+        kwargs["source_count"] = len(Source.objects.all())
-        kwargs['factor_count'] = len(Factor.objects.all())
+        kwargs["factor_count"] = len(Factor.objects.all())
-        kwargs['invitation_count'] = len(Invitation.objects.all())
+        kwargs["invitation_count"] = len(Invitation.objects.all())
-        kwargs['version'] = __version__
+        kwargs["version"] = __version__
-        kwargs['worker_count'] = len(CELERY_APP.control.ping(timeout=0.5))
+        kwargs["worker_count"] = len(CELERY_APP.control.ping(timeout=0.5))
-        kwargs['providers_without_application'] = Provider.objects.filter(application=None)
+        kwargs["providers_without_application"] = Provider.objects.filter(
-        kwargs['policies_without_attachment'] = len(Policy.objects.filter(policymodel__isnull=True))
+            application=None
-        kwargs['cached_policies'] = len(cache.keys('policy_*'))
+        )
        kwargs["policies_without_attachment"] = len(
            Policy.objects.filter(policymodel__isnull=True)
        )
        kwargs["cached_policies"] = len(cache.keys("policy_*"))
        return super().get_context_data(**kwargs)
--- a/passbook/admin/views/policy.py
+++ b/passbook/admin/views/policy.py
@ -1,8 +1,9 @@
 """passbook Policy administration"""
 from django.contrib import messages
 from django.contrib.auth.mixins import LoginRequiredMixin
-from django.contrib.auth.mixins import \
+from django.contrib.auth.mixins import (
-    PermissionRequiredMixin as DjangoPermissionRequiredMixin
+    PermissionRequiredMixin as DjangoPermissionRequiredMixin,
 )
 from django.contrib.messages.views import SuccessMessageMixin
 from django.http import Http404
 from django.urls import reverse_lazy
@ -22,49 +23,54 @@ class PolicyListView(LoginRequiredMixin, PermissionListMixin, ListView):
    """Show list of all policies"""
    model = Policy
-    permission_required = 'passbook_core.view_policy'
+    permission_required = "passbook_core.view_policy"
-    template_name = 'administration/policy/list.html'
+    template_name = "administration/policy/list.html"
    def get_context_data(self, **kwargs):
-        kwargs['types'] = {
+        kwargs["types"] = {
-            x.__name__: x._meta.verbose_name for x in Policy.__subclasses__()}
+            x.__name__: x._meta.verbose_name for x in Policy.__subclasses__()
        }
        return super().get_context_data(**kwargs)
    def get_queryset(self):
-        return super().get_queryset().order_by('order').select_subclasses()
+        return super().get_queryset().order_by("order").select_subclasses()
-class PolicyCreateView(SuccessMessageMixin, LoginRequiredMixin,
+class PolicyCreateView(
-                       DjangoPermissionRequiredMixin, CreateAssignPermView):
+    SuccessMessageMixin,
    LoginRequiredMixin,
    DjangoPermissionRequiredMixin,
    CreateAssignPermView,
 ):
    """Create new Policy"""
    model = Policy
-    permission_required = 'passbook_core.add_policy'
+    permission_required = "passbook_core.add_policy"
-    template_name = 'generic/create.html'
+    template_name = "generic/create.html"
-    success_url = reverse_lazy('passbook_admin:policies')
+    success_url = reverse_lazy("passbook_admin:policies")
-    success_message = _('Successfully created Policy')
+    success_message = _("Successfully created Policy")
    def get_form_class(self):
-        policy_type = self.request.GET.get('type')
+        policy_type = self.request.GET.get("type")
-        model = next(x for x in Policy.__subclasses__()
+        model = next(x for x in Policy.__subclasses__() if x.__name__ == policy_type)
                     if x.__name__ == policy_type)
        if not model:
            raise Http404
        return path_to_class(model.form)
-class PolicyUpdateView(SuccessMessageMixin, LoginRequiredMixin,
+class PolicyUpdateView(
-                       PermissionRequiredMixin, UpdateView):
+    SuccessMessageMixin, LoginRequiredMixin, PermissionRequiredMixin, UpdateView
 ):
    """Update policy"""
    model = Policy
-    permission_required = 'passbook_core.change_policy'
+    permission_required = "passbook_core.change_policy"
-    template_name = 'generic/update.html'
+    template_name = "generic/update.html"
-    success_url = reverse_lazy('passbook_admin:policies')
+    success_url = reverse_lazy("passbook_admin:policies")
-    success_message = _('Successfully updated Policy')
+    success_message = _("Successfully updated Policy")
    def get_form_class(self):
        form_class_path = self.get_object().form
@ -72,22 +78,27 @@ class PolicyUpdateView(SuccessMessageMixin, LoginRequiredMixin,
        return form_class
    def get_object(self, queryset=None):
-        return Policy.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
+        return (
            Policy.objects.filter(pk=self.kwargs.get("pk")).select_subclasses().first()
        )
-class PolicyDeleteView(SuccessMessageMixin, LoginRequiredMixin,
+class PolicyDeleteView(
-                       PermissionRequiredMixin, DeleteView):
+    SuccessMessageMixin, LoginRequiredMixin, PermissionRequiredMixin, DeleteView
 ):
    """Delete policy"""
    model = Policy
-    permission_required = 'passbook_core.delete_policy'
+    permission_required = "passbook_core.delete_policy"
-    template_name = 'generic/delete.html'
+    template_name = "generic/delete.html"
-    success_url = reverse_lazy('passbook_admin:policies')
+    success_url = reverse_lazy("passbook_admin:policies")
-    success_message = _('Successfully deleted Policy')
+    success_message = _("Successfully deleted Policy")
    def get_object(self, queryset=None):
-        return Policy.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
+        return (
            Policy.objects.filter(pk=self.kwargs.get("pk")).select_subclasses().first()
        )
    def delete(self, request, *args, **kwargs):
        messages.success(self.request, self.success_message)
@ -99,15 +110,17 @@ class PolicyTestView(LoginRequiredMixin, DetailView, PermissionRequiredMixin, Fo
    model = Policy
    form_class = PolicyTestForm
-    permission_required = 'passbook_core.view_policy'
+    permission_required = "passbook_core.view_policy"
-    template_name = 'administration/policy/test.html'
+    template_name = "administration/policy/test.html"
    object = None
    def get_object(self, queryset=None):
-        return Policy.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
+        return (
            Policy.objects.filter(pk=self.kwargs.get("pk")).select_subclasses().first()
        )
    def get_context_data(self, **kwargs):
-        kwargs['policy'] = self.get_object()
+        kwargs["policy"] = self.get_object()
        return super().get_context_data(**kwargs)
    def post(self, *args, **kwargs):
@ -116,13 +129,13 @@ class PolicyTestView(LoginRequiredMixin, DetailView, PermissionRequiredMixin, Fo
    def form_valid(self, form):
        policy = self.get_object()
-        user = form.cleaned_data.get('user')
+        user = form.cleaned_data.get("user")
        policy_engine = PolicyEngine([policy], user, self.request)
        policy_engine.use_cache = False
        policy_engine.build()
        result = policy_engine.passing
        if result:
-            messages.success(self.request, _('User successfully passed policy.'))
+            messages.success(self.request, _("User successfully passed policy."))
        else:
            messages.error(self.request, _("User didn't pass policy."))
        return self.render_to_response(self.get_context_data(form=form, result=result))
--- a/passbook/admin/views/property_mapping.py
+++ b/passbook/admin/views/property_mapping.py
@ -1,8 +1,9 @@
 """passbook PropertyMapping administration"""
 from django.contrib import messages
 from django.contrib.auth.mixins import LoginRequiredMixin
-from django.contrib.auth.mixins import \
+from django.contrib.auth.mixins import (
-    PermissionRequiredMixin as DjangoPermissionRequiredMixin
+    PermissionRequiredMixin as DjangoPermissionRequiredMixin,
 )
 from django.contrib.messages.views import SuccessMessageMixin
 from django.http import Http404
 from django.urls import reverse_lazy
@ -18,65 +19,87 @@ from passbook.lib.views import CreateAssignPermView
 def all_subclasses(cls):
    """Recursively return all subclassess of cls"""
    return set(cls.__subclasses__()).union(
-        [s for c in cls.__subclasses__() for s in all_subclasses(c)])
+        [s for c in cls.__subclasses__() for s in all_subclasses(c)]
    )
 class PropertyMappingListView(LoginRequiredMixin, PermissionListMixin, ListView):
    """Show list of all property_mappings"""
    model = PropertyMapping
-    permission_required = 'passbook_core.view_propertymapping'
+    permission_required = "passbook_core.view_propertymapping"
-    template_name = 'administration/property_mapping/list.html'
+    template_name = "administration/property_mapping/list.html"
-    ordering = 'name'
+    ordering = "name"
    paginate_by = 40
    def get_context_data(self, **kwargs):
-        kwargs['types'] = {
+        kwargs["types"] = {
-            x.__name__: x._meta.verbose_name for x in all_subclasses(PropertyMapping)}
+            x.__name__: x._meta.verbose_name for x in all_subclasses(PropertyMapping)
        }
        return super().get_context_data(**kwargs)
    def get_queryset(self):
        return super().get_queryset().select_subclasses()
-class PropertyMappingCreateView(SuccessMessageMixin, LoginRequiredMixin,
+class PropertyMappingCreateView(
-                                DjangoPermissionRequiredMixin, CreateAssignPermView):
+    SuccessMessageMixin,
    LoginRequiredMixin,
    DjangoPermissionRequiredMixin,
    CreateAssignPermView,
 ):
    """Create new PropertyMapping"""
    model = PropertyMapping
-    permission_required = 'passbook_core.add_propertymapping'
+    permission_required = "passbook_core.add_propertymapping"
-    template_name = 'generic/create.html'
+    template_name = "generic/create.html"
-    success_url = reverse_lazy('passbook_admin:property-mappings')
+    success_url = reverse_lazy("passbook_admin:property-mappings")
-    success_message = _('Successfully created Property Mapping')
+    success_message = _("Successfully created Property Mapping")
    def get_context_data(self, **kwargs):
        kwargs = super().get_context_data(**kwargs)
-        property_mapping_type = self.request.GET.get('type')
+        property_mapping_type = self.request.GET.get("type")
-        model = next(x for x in all_subclasses(PropertyMapping)
+        model = next(
-                     if x.__name__ == property_mapping_type)
+            x
-        kwargs['type'] = model._meta.verbose_name
+            for x in all_subclasses(PropertyMapping)
            if x.__name__ == property_mapping_type
        )
        kwargs["type"] = model._meta.verbose_name
        form_cls = self.get_form_class()
        if hasattr(form_cls, "template_name"):
            kwargs["base_template"] = form_cls.template_name
        return kwargs
    def get_form_class(self):
-        property_mapping_type = self.request.GET.get('type')
+        property_mapping_type = self.request.GET.get("type")
-        model = next(x for x in all_subclasses(PropertyMapping)
+        model = next(
-                     if x.__name__ == property_mapping_type)
+            x
            for x in all_subclasses(PropertyMapping)
            if x.__name__ == property_mapping_type
        )
        if not model:
            raise Http404
        return path_to_class(model.form)
-class PropertyMappingUpdateView(SuccessMessageMixin, LoginRequiredMixin,
+class PropertyMappingUpdateView(
-                                PermissionRequiredMixin, UpdateView):
+    SuccessMessageMixin, LoginRequiredMixin, PermissionRequiredMixin, UpdateView
 ):
    """Update property_mapping"""
    model = PropertyMapping
-    permission_required = 'passbook_core.change_propertymapping'
+    permission_required = "passbook_core.change_propertymapping"
-    template_name = 'generic/update.html'
+    template_name = "generic/update.html"
-    success_url = reverse_lazy('passbook_admin:property-mappings')
+    success_url = reverse_lazy("passbook_admin:property-mappings")
-    success_message = _('Successfully updated Property Mapping')
+    success_message = _("Successfully updated Property Mapping")
    def get_context_data(self, **kwargs):
        form_cls = self.get_form_class()
        if hasattr(form_cls, "template_name"):
            kwargs["base_template"] = form_cls.template_name
        return kwargs
    def get_form_class(self):
        form_class_path = self.get_object().form
@ -84,22 +107,31 @@ class PropertyMappingUpdateView(SuccessMessageMixin, LoginRequiredMixin,
        return form_class
    def get_object(self, queryset=None):
-        return PropertyMapping.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
+        return (
            PropertyMapping.objects.filter(pk=self.kwargs.get("pk"))
            .select_subclasses()
            .first()
        )
-class PropertyMappingDeleteView(SuccessMessageMixin, LoginRequiredMixin,
+class PropertyMappingDeleteView(
-                                PermissionRequiredMixin, DeleteView):
+    SuccessMessageMixin, LoginRequiredMixin, PermissionRequiredMixin, DeleteView
 ):
    """Delete property_mapping"""
    model = PropertyMapping
-    permission_required = 'passbook_core.delete_propertymapping'
+    permission_required = "passbook_core.delete_propertymapping"
-    template_name = 'generic/delete.html'
+    template_name = "generic/delete.html"
-    success_url = reverse_lazy('passbook_admin:property-mappings')
+    success_url = reverse_lazy("passbook_admin:property-mappings")
-    success_message = _('Successfully deleted Property Mapping')
+    success_message = _("Successfully deleted Property Mapping")
    def get_object(self, queryset=None):
-        return PropertyMapping.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
+        return (
            PropertyMapping.objects.filter(pk=self.kwargs.get("pk"))
            .select_subclasses()
            .first()
        )
    def delete(self, request, *args, **kwargs):
        messages.success(self.request, self.success_message)
--- a/passbook/admin/views/providers.py
+++ b/passbook/admin/views/providers.py
@ -1,8 +1,9 @@
 """passbook Provider administration"""
 from django.contrib import messages
 from django.contrib.auth.mixins import LoginRequiredMixin
-from django.contrib.auth.mixins import \
+from django.contrib.auth.mixins import (
-    PermissionRequiredMixin as DjangoPermissionRequiredMixin
+    PermissionRequiredMixin as DjangoPermissionRequiredMixin,
 )
 from django.contrib.messages.views import SuccessMessageMixin
 from django.http import Http404
 from django.urls import reverse_lazy
@ -19,48 +20,55 @@ class ProviderListView(LoginRequiredMixin, PermissionListMixin, ListView):
    """Show list of all providers"""
    model = Provider
-    permission_required = 'passbook_core.add_provider'
+    permission_required = "passbook_core.add_provider"
-    template_name = 'administration/provider/list.html'
+    template_name = "administration/provider/list.html"
    def get_context_data(self, **kwargs):
-        kwargs['types'] = {
+        kwargs["types"] = {
-            x.__name__: x._meta.verbose_name for x in Provider.__subclasses__()}
+            x.__name__: x._meta.verbose_name for x in Provider.__subclasses__()
        }
        return super().get_context_data(**kwargs)
    def get_queryset(self):
        return super().get_queryset().select_subclasses()
-class ProviderCreateView(SuccessMessageMixin, LoginRequiredMixin,
+class ProviderCreateView(
-                         DjangoPermissionRequiredMixin, CreateAssignPermView):
+    SuccessMessageMixin,
    LoginRequiredMixin,
    DjangoPermissionRequiredMixin,
    CreateAssignPermView,
 ):
    """Create new Provider"""
    model = Provider
-    permission_required = 'passbook_core.add_provider'
+    permission_required = "passbook_core.add_provider"
-    template_name = 'generic/create.html'
+    template_name = "generic/create.html"
-    success_url = reverse_lazy('passbook_admin:providers')
+    success_url = reverse_lazy("passbook_admin:providers")
-    success_message = _('Successfully created Provider')
+    success_message = _("Successfully created Provider")
    def get_form_class(self):
-        provider_type = self.request.GET.get('type')
+        provider_type = self.request.GET.get("type")
-        model = next(x for x in Provider.__subclasses__()
+        model = next(
-                     if x.__name__ == provider_type)
+            x for x in Provider.__subclasses__() if x.__name__ == provider_type
        )
        if not model:
            raise Http404
        return path_to_class(model.form)
-class ProviderUpdateView(SuccessMessageMixin, LoginRequiredMixin,
+class ProviderUpdateView(
-                         PermissionRequiredMixin, UpdateView):
+    SuccessMessageMixin, LoginRequiredMixin, PermissionRequiredMixin, UpdateView
 ):
    """Update provider"""
    model = Provider
-    permission_required = 'passbook_core.change_provider'
+    permission_required = "passbook_core.change_provider"
-    template_name = 'generic/update.html'
+    template_name = "generic/update.html"
-    success_url = reverse_lazy('passbook_admin:providers')
+    success_url = reverse_lazy("passbook_admin:providers")
-    success_message = _('Successfully updated Provider')
+    success_message = _("Successfully updated Provider")
    def get_form_class(self):
        form_class_path = self.get_object().form
@ -68,22 +76,31 @@ class ProviderUpdateView(SuccessMessageMixin, LoginRequiredMixin,
        return form_class
    def get_object(self, queryset=None):
-        return Provider.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
+        return (
            Provider.objects.filter(pk=self.kwargs.get("pk"))
            .select_subclasses()
            .first()
        )
-class ProviderDeleteView(SuccessMessageMixin, LoginRequiredMixin,
+class ProviderDeleteView(
-                         PermissionRequiredMixin, DeleteView):
+    SuccessMessageMixin, LoginRequiredMixin, PermissionRequiredMixin, DeleteView
 ):
    """Delete provider"""
    model = Provider
-    permission_required = 'passbook_core.delete_provider'
+    permission_required = "passbook_core.delete_provider"
-    template_name = 'generic/delete.html'
+    template_name = "generic/delete.html"
-    success_url = reverse_lazy('passbook_admin:providers')
+    success_url = reverse_lazy("passbook_admin:providers")
-    success_message = _('Successfully deleted Provider')
+    success_message = _("Successfully deleted Provider")
    def get_object(self, queryset=None):
-        return Provider.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
+        return (
            Provider.objects.filter(pk=self.kwargs.get("pk"))
            .select_subclasses()
            .first()
        )
    def delete(self, request, *args, **kwargs):
        messages.success(self.request, self.success_message)
--- a/passbook/admin/views/sources.py
+++ b/passbook/admin/views/sources.py
@ -1,8 +1,9 @@
 """passbook Source administration"""
 from django.contrib import messages
 from django.contrib.auth.mixins import LoginRequiredMixin
-from django.contrib.auth.mixins import \
+from django.contrib.auth.mixins import (
-    PermissionRequiredMixin as DjangoPermissionRequiredMixin
+    PermissionRequiredMixin as DjangoPermissionRequiredMixin,
 )
 from django.contrib.messages.views import SuccessMessageMixin
 from django.http import Http404
 from django.urls import reverse_lazy
@ -18,55 +19,63 @@ from passbook.lib.views import CreateAssignPermView
 def all_subclasses(cls):
    """Recursively return all subclassess of cls"""
    return set(cls.__subclasses__()).union(
-        [s for c in cls.__subclasses__() for s in all_subclasses(c)])
+        [s for c in cls.__subclasses__() for s in all_subclasses(c)]
    )
 class SourceListView(LoginRequiredMixin, PermissionListMixin, ListView):
    """Show list of all sources"""
    model = Source
-    permission_required = 'passbook_core.view_source'
+    permission_required = "passbook_core.view_source"
-    ordering = 'name'
+    ordering = "name"
    paginate_by = 40
-    template_name = 'administration/source/list.html'
+    template_name = "administration/source/list.html"
    def get_context_data(self, **kwargs):
-        kwargs['types'] = {
+        kwargs["types"] = {
-            x.__name__: x._meta.verbose_name for x in all_subclasses(Source)}
+            x.__name__: x._meta.verbose_name for x in all_subclasses(Source)
        }
        return super().get_context_data(**kwargs)
    def get_queryset(self):
        return super().get_queryset().select_subclasses()
-class SourceCreateView(SuccessMessageMixin, LoginRequiredMixin,
+class SourceCreateView(
-                       DjangoPermissionRequiredMixin, CreateAssignPermView):
+    SuccessMessageMixin,
    LoginRequiredMixin,
    DjangoPermissionRequiredMixin,
    CreateAssignPermView,
 ):
    """Create new Source"""
    model = Source
-    permission_required = 'passbook_core.add_source'
+    permission_required = "passbook_core.add_source"
-    template_name = 'generic/create.html'
+    template_name = "generic/create.html"
-    success_url = reverse_lazy('passbook_admin:sources')
+    success_url = reverse_lazy("passbook_admin:sources")
-    success_message = _('Successfully created Source')
+    success_message = _("Successfully created Source")
    def get_form_class(self):
-        source_type = self.request.GET.get('type')
+        source_type = self.request.GET.get("type")
        model = next(x for x in all_subclasses(Source) if x.__name__ == source_type)
        if not model:
            raise Http404
        return path_to_class(model.form)
-class SourceUpdateView(SuccessMessageMixin, LoginRequiredMixin,
+class SourceUpdateView(
-                       PermissionRequiredMixin, UpdateView):
+    SuccessMessageMixin, LoginRequiredMixin, PermissionRequiredMixin, UpdateView
 ):
    """Update source"""
    model = Source
-    permission_required = 'passbook_core.change_source'
+    permission_required = "passbook_core.change_source"
-    template_name = 'generic/update.html'
+    template_name = "generic/update.html"
-    success_url = reverse_lazy('passbook_admin:sources')
+    success_url = reverse_lazy("passbook_admin:sources")
-    success_message = _('Successfully updated Source')
+    success_message = _("Successfully updated Source")
    def get_form_class(self):
        form_class_path = self.get_object().form
@ -74,22 +83,27 @@ class SourceUpdateView(SuccessMessageMixin, LoginRequiredMixin,
        return form_class
    def get_object(self, queryset=None):
-        return Source.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
+        return (
            Source.objects.filter(pk=self.kwargs.get("pk")).select_subclasses().first()
        )
-class SourceDeleteView(SuccessMessageMixin, LoginRequiredMixin,
+class SourceDeleteView(
-                       PermissionRequiredMixin, DeleteView):
+    SuccessMessageMixin, LoginRequiredMixin, PermissionRequiredMixin, DeleteView
 ):
    """Delete source"""
    model = Source
-    permission_required = 'passbook_core.delete_source'
+    permission_required = "passbook_core.delete_source"
-    template_name = 'generic/delete.html'
+    template_name = "generic/delete.html"
-    success_url = reverse_lazy('passbook_admin:sources')
+    success_url = reverse_lazy("passbook_admin:sources")
-    success_message = _('Successfully deleted Source')
+    success_message = _("Successfully deleted Source")
    def get_object(self, queryset=None):
-        return Source.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
+        return (
            Source.objects.filter(pk=self.kwargs.get("pk")).select_subclasses().first()
        )
    def delete(self, request, *args, **kwargs):
        messages.success(self.request, self.success_message)
--- a/passbook/admin/views/users.py
+++ b/passbook/admin/views/users.py
@ -1,8 +1,9 @@
 """passbook User administration"""
 from django.contrib import messages
 from django.contrib.auth.mixins import LoginRequiredMixin
-from django.contrib.auth.mixins import \
+from django.contrib.auth.mixins import (
-    PermissionRequiredMixin as DjangoPermissionRequiredMixin
+    PermissionRequiredMixin as DjangoPermissionRequiredMixin,
 )
 from django.contrib.messages.views import SuccessMessageMixin
 from django.shortcuts import redirect
 from django.urls import reverse, reverse_lazy
@ -19,50 +20,56 @@ class UserListView(LoginRequiredMixin, PermissionListMixin, ListView):
    """Show list of all users"""
    model = User
-    permission_required = 'passbook_core.view_user'
+    permission_required = "passbook_core.view_user"
-    ordering = 'username'
+    ordering = "username"
    paginate_by = 40
-    template_name = 'administration/user/list.html'
+    template_name = "administration/user/list.html"
-class UserCreateView(SuccessMessageMixin, LoginRequiredMixin,
+class UserCreateView(
-                     DjangoPermissionRequiredMixin, CreateAssignPermView):
+    SuccessMessageMixin,
    LoginRequiredMixin,
    DjangoPermissionRequiredMixin,
    CreateAssignPermView,
 ):
    """Create user"""
    model = User
    form_class = UserForm
-    permission_required = 'passbook_core.add_user'
+    permission_required = "passbook_core.add_user"
-    template_name = 'generic/create.html'
+    template_name = "generic/create.html"
-    success_url = reverse_lazy('passbook_admin:users')
+    success_url = reverse_lazy("passbook_admin:users")
-    success_message = _('Successfully created User')
+    success_message = _("Successfully created User")
-class UserUpdateView(SuccessMessageMixin, LoginRequiredMixin,
+class UserUpdateView(
-                     PermissionRequiredMixin, UpdateView):
+    SuccessMessageMixin, LoginRequiredMixin, PermissionRequiredMixin, UpdateView
 ):
    """Update user"""
    model = User
    form_class = UserForm
-    permission_required = 'passbook_core.change_user'
+    permission_required = "passbook_core.change_user"
-    context_object_name = 'object' # By default the object's name
+    # By default the object's name is user which is used by other checks
-                                   # is user which is used by other checks
+    context_object_name = "object"
-    template_name = 'generic/update.html'
+    template_name = "generic/update.html"
-    success_url = reverse_lazy('passbook_admin:users')
+    success_url = reverse_lazy("passbook_admin:users")
-    success_message = _('Successfully updated User')
+    success_message = _("Successfully updated User")
-class UserDeleteView(SuccessMessageMixin, LoginRequiredMixin,
+class UserDeleteView(
-                     PermissionRequiredMixin, DeleteView):
+    SuccessMessageMixin, LoginRequiredMixin, PermissionRequiredMixin, DeleteView
 ):
    """Delete user"""
    model = User
-    permission_required = 'passbook_core.delete_user'
+    permission_required = "passbook_core.delete_user"
-    template_name = 'generic/delete.html'
+    template_name = "generic/delete.html"
-    success_url = reverse_lazy('passbook_admin:users')
+    success_url = reverse_lazy("passbook_admin:users")
-    success_message = _('Successfully deleted User')
+    success_message = _("Successfully deleted User")
    def delete(self, request, *args, **kwargs):
        messages.success(self.request, self.success_message)
@ -73,13 +80,16 @@ class UserPasswordResetView(LoginRequiredMixin, PermissionRequiredMixin, DetailV
    """Get Password reset link for user"""
    model = User
-    permission_required = 'passbook_core.reset_user_password'
+    permission_required = "passbook_core.reset_user_password"
    def get(self, request, *args, **kwargs):
        """Create nonce for user and return link"""
        super().get(request, *args, **kwargs)
        nonce = Nonce.objects.create(user=self.object)
-        link = request.build_absolute_uri(reverse(
+        link = request.build_absolute_uri(
-            'passbook_core:auth-password-reset', kwargs={'nonce': nonce.uuid}))
+            reverse("passbook_core:auth-password-reset", kwargs={"nonce": nonce.uuid})
-        messages.success(request, _('Password reset link: <pre>%(link)s</pre>' % {'link': link}))
+        )
-        return redirect('passbook_admin:users')
+        messages.success(
            request, _("Password reset link: <pre>%(link)s</pre>" % {"link": link})
        )
        return redirect("passbook_admin:users")
--- a/passbook/api/apps.py
+++ b/passbook/api/apps.py
@ -6,7 +6,7 @@ from django.apps import AppConfig
 class PassbookAPIConfig(AppConfig):
    """passbook API Config"""
-    name = 'passbook.api'
+    name = "passbook.api"
-    label = 'passbook_api'
+    label = "passbook_api"
-    mountpoint = 'api/'
+    mountpoint = "api/"
-    verbose_name = 'passbook API'
+    verbose_name = "passbook API"
--- a/passbook/api/permissions.py
+++ b/passbook/api/permissions.py
@ -9,13 +9,13 @@ class CustomObjectPermissions(DjangoObjectPermissions):
    """Similar to `DjangoObjectPermissions`, but adding 'view' permissions."""
    perms_map = {
-        'GET': ['%(app_label)s.view_%(model_name)s'],
+        "GET": ["%(app_label)s.view_%(model_name)s"],
-        'OPTIONS': ['%(app_label)s.view_%(model_name)s'],
+        "OPTIONS": ["%(app_label)s.view_%(model_name)s"],
-        'HEAD': ['%(app_label)s.view_%(model_name)s'],
+        "HEAD": ["%(app_label)s.view_%(model_name)s"],
-        'POST': ['%(app_label)s.add_%(model_name)s'],
+        "POST": ["%(app_label)s.add_%(model_name)s"],
-        'PUT': ['%(app_label)s.change_%(model_name)s'],
+        "PUT": ["%(app_label)s.change_%(model_name)s"],
-        'PATCH': ['%(app_label)s.change_%(model_name)s'],
+        "PATCH": ["%(app_label)s.change_%(model_name)s"],
-        'DELETE': ['%(app_label)s.delete_%(model_name)s'],
+        "DELETE": ["%(app_label)s.delete_%(model_name)s"],
    }
--- a/passbook/api/urls.py
+++ b/passbook/api/urls.py
@ -5,6 +5,6 @@ from passbook.api.v1.urls import urlpatterns as v1_urls
 from passbook.api.v2.urls import urlpatterns as v2_urls
 urlpatterns = [
-    path('v1/', include(v1_urls)),
+    path("v1/", include(v1_urls)),
-    path('v2/', include(v2_urls)),
+    path("v2/", include(v2_urls)),
 ]
--- a/passbook/api/v1/openid.py
+++ b/passbook/api/v1/openid.py
@ -7,16 +7,16 @@ from oauth2_provider.views.mixins import ScopedResourceMixin
 class OpenIDUserInfoView(ScopedResourceMixin, View):
    """Passbook v1 OpenID API"""
-    required_scopes = ['openid:userinfo']
+    required_scopes = ["openid:userinfo"]
-    def get(self, request, *args, **kwargs):
+    def get(self, request, *_, **__):
        """Passbook v1 OpenID API"""
        payload = {
-            'sub': request.user.uuid.int,
+            "sub": request.user.uuid.int,
-            'name': request.user.get_full_name(),
+            "name": request.user.get_full_name(),
-            'given_name': request.user.name,
+            "given_name": request.user.name,
-            'family_name': '',
+            "family_name": "",
-            'preferred_username': request.user.username,
+            "preferred_username": request.user.username,
-            'email': request.user.email,
+            "email": request.user.email,
        }
        return JsonResponse(payload)
--- a/passbook/api/v1/urls.py
+++ b/passbook/api/v1/urls.py
@ -3,6 +3,4 @@ from django.urls import path
 from passbook.api.v1.openid import OpenIDUserInfoView
-urlpatterns = [
+urlpatterns = [path("openid/", OpenIDUserInfoView.as_view(), name="openid")]
    path('openid/', OpenIDUserInfoView.as_view(), name='openid')
 ]
--- a/passbook/api/v2/urls.py
+++ b/passbook/api/v2/urls.py
@ -34,70 +34,73 @@ from passbook.policies.webhook.api import WebhookPolicyViewSet
 from passbook.providers.app_gw.api import ApplicationGatewayProviderViewSet
 from passbook.providers.oauth.api import OAuth2ProviderViewSet
 from passbook.providers.oidc.api import OpenIDProviderViewSet
-from passbook.providers.saml.api import (SAMLPropertyMappingViewSet,
+from passbook.providers.saml.api import SAMLPropertyMappingViewSet, SAMLProviderViewSet
-                                         SAMLProviderViewSet)
+from passbook.sources.ldap.api import LDAPPropertyMappingViewSet, LDAPSourceViewSet
 from passbook.sources.ldap.api import (LDAPPropertyMappingViewSet,
                                       LDAPSourceViewSet)
 from passbook.sources.oauth.api import OAuthSourceViewSet
 LOGGER = get_logger()
 router = routers.DefaultRouter()
 for _passbook_app in get_apps():
-    if hasattr(_passbook_app, 'api_mountpoint'):
+    if hasattr(_passbook_app, "api_mountpoint"):
        for prefix, viewset in _passbook_app.api_mountpoint:
            router.register(prefix, viewset)
        LOGGER.debug("Mounted API URLs", app_name=_passbook_app.name)
-router.register('core/applications', ApplicationViewSet)
+router.register("core/applications", ApplicationViewSet)
-router.register('core/invitations', InvitationViewSet)
+router.register("core/invitations", InvitationViewSet)
-router.register('core/groups', GroupViewSet)
+router.register("core/groups", GroupViewSet)
-router.register('core/users', UserViewSet)
+router.register("core/users", UserViewSet)
-router.register('audit/events', EventViewSet)
+router.register("audit/events", EventViewSet)
-router.register('sources/all', SourceViewSet)
+router.register("sources/all", SourceViewSet)
-router.register('sources/ldap', LDAPSourceViewSet)
+router.register("sources/ldap", LDAPSourceViewSet)
-router.register('sources/oauth', OAuthSourceViewSet)
+router.register("sources/oauth", OAuthSourceViewSet)
-router.register('policies/all', PolicyViewSet)
+router.register("policies/all", PolicyViewSet)
-router.register('policies/passwordexpiry', PasswordExpiryPolicyViewSet)
+router.register("policies/passwordexpiry", PasswordExpiryPolicyViewSet)
-router.register('policies/groupmembership', GroupMembershipPolicyViewSet)
+router.register("policies/groupmembership", GroupMembershipPolicyViewSet)
-router.register('policies/haveibeenpwned', HaveIBeenPwendPolicyViewSet)
+router.register("policies/haveibeenpwned", HaveIBeenPwendPolicyViewSet)
-router.register('policies/fieldmatcher', FieldMatcherPolicyViewSet)
+router.register("policies/fieldmatcher", FieldMatcherPolicyViewSet)
-router.register('policies/password', PasswordPolicyViewSet)
+router.register("policies/password", PasswordPolicyViewSet)
-router.register('policies/reputation', ReputationPolicyViewSet)
+router.register("policies/reputation", ReputationPolicyViewSet)
-router.register('policies/ssologin', SSOLoginPolicyViewSet)
+router.register("policies/ssologin", SSOLoginPolicyViewSet)
-router.register('policies/webhook', WebhookPolicyViewSet)
+router.register("policies/webhook", WebhookPolicyViewSet)
-router.register('providers/all', ProviderViewSet)
+router.register("providers/all", ProviderViewSet)
-router.register('providers/applicationgateway', ApplicationGatewayProviderViewSet)
+router.register("providers/applicationgateway", ApplicationGatewayProviderViewSet)
-router.register('providers/oauth', OAuth2ProviderViewSet)
+router.register("providers/oauth", OAuth2ProviderViewSet)
-router.register('providers/openid', OpenIDProviderViewSet)
+router.register("providers/openid", OpenIDProviderViewSet)
-router.register('providers/saml', SAMLProviderViewSet)
+router.register("providers/saml", SAMLProviderViewSet)
-router.register('propertymappings/all', PropertyMappingViewSet)
+router.register("propertymappings/all", PropertyMappingViewSet)
-router.register('propertymappings/ldap', LDAPPropertyMappingViewSet)
+router.register("propertymappings/ldap", LDAPPropertyMappingViewSet)
-router.register('propertymappings/saml', SAMLPropertyMappingViewSet)
+router.register("propertymappings/saml", SAMLPropertyMappingViewSet)
-router.register('factors/all', FactorViewSet)
+router.register("factors/all", FactorViewSet)
-router.register('factors/captcha', CaptchaFactorViewSet)
+router.register("factors/captcha", CaptchaFactorViewSet)
-router.register('factors/dummy', DummyFactorViewSet)
+router.register("factors/dummy", DummyFactorViewSet)
-router.register('factors/email', EmailFactorViewSet)
+router.register("factors/email", EmailFactorViewSet)
-router.register('factors/otp', OTPFactorViewSet)
+router.register("factors/otp", OTPFactorViewSet)
-router.register('factors/password', PasswordFactorViewSet)
+router.register("factors/password", PasswordFactorViewSet)
 info = openapi.Info(
    title="passbook API",
-    default_version='v2',
+    default_version="v2",
    # description="Test description",
    # terms_of_service="https://www.google.com/policies/terms/",
    contact=openapi.Contact(email="hello@beryju.org"),
    license=openapi.License(name="MIT License"),
 )
 SchemaView = get_schema_view(
-    info,
+    info, public=True, permission_classes=(CustomObjectPermissions,),
    public=True,
    permission_classes=(CustomObjectPermissions,),
 )
 urlpatterns = [
-    url(r'^swagger(?P<format>\.json|\.yaml)$',
+    url(
-        SchemaView.without_ui(cache_timeout=0), name='schema-json'),
+        r"^swagger(?P<format>\.json|\.yaml)$",
-    path('swagger/', SchemaView.with_ui('swagger', cache_timeout=0), name='schema-swagger-ui'),
+        SchemaView.without_ui(cache_timeout=0),
-    path('redoc/', SchemaView.with_ui('redoc', cache_timeout=0), name='schema-redoc'),
+        name="schema-json",
    ),
    path(
        "swagger/",
        SchemaView.with_ui("swagger", cache_timeout=0),
        name="schema-swagger-ui",
    ),
    path("redoc/", SchemaView.with_ui("redoc", cache_timeout=0), name="schema-redoc"),
 ] + router.urls
--- a/passbook/audit/admin.py
+++ b/passbook/audit/admin.py
@ -2,4 +2,4 @@
 from passbook.lib.admin import admin_autoregister
-admin_autoregister('passbook_audit')
+admin_autoregister("passbook_audit")
--- a/passbook/audit/api/events.py
+++ b/passbook/audit/api/events.py
@ -11,7 +11,16 @@ class EventSerializer(ModelSerializer):
    class Meta:
        model = Event
-        fields = ['pk', 'user', 'action', 'date', 'app', 'context', 'request_ip', 'created', ]
+        fields = [
            "pk",
            "user",
            "action",
            "date",
            "app",
            "context",
            "request_ip",
            "created",
        ]
 class EventViewSet(ReadOnlyModelViewSet):
--- a/passbook/audit/apps.py
+++ b/passbook/audit/apps.py
@ -7,10 +7,10 @@ from django.apps import AppConfig
 class PassbookAuditConfig(AppConfig):
    """passbook audit app"""
-    name = 'passbook.audit'
+    name = "passbook.audit"
-    label = 'passbook_audit'
+    label = "passbook_audit"
-    verbose_name = 'passbook Audit'
+    verbose_name = "passbook Audit"
-    mountpoint = 'audit/'
+    mountpoint = "audit/"
    def ready(self):
-        import_module('passbook.audit.signals')
+        import_module("passbook.audit.signals")
--- a/passbook/audit/migrations/0001_initial.py
+++ b/passbook/audit/migrations/0001_initial.py
@ -18,20 +18,55 @@ class Migration(migrations.Migration):
    operations = [
        migrations.CreateModel(
-            name='AuditEntry',
+            name="AuditEntry",
            fields=[
-                ('uuid', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False)),
+                (
-                ('action', models.TextField(choices=[('login', 'login'), ('login_failed', 'login_failed'), ('logout', 'logout'), ('authorize_application', 'authorize_application'), ('suspicious_request', 'suspicious_request'), ('sign_up', 'sign_up'), ('password_reset', 'password_reset'), ('invitation_created', 'invitation_created'), ('invitation_used', 'invitation_used')])),
+                    "uuid",
-                ('date', models.DateTimeField(auto_now_add=True)),
+                    models.UUIDField(
-                ('app', models.TextField()),
+                        default=uuid.uuid4,
-                ('context', django.contrib.postgres.fields.jsonb.JSONField(blank=True, default=dict)),
+                        editable=False,
-                ('request_ip', models.GenericIPAddressField()),
+                        primary_key=True,
-                ('created', models.DateTimeField(auto_now_add=True)),
+                        serialize=False,
-                ('user', models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, to=settings.AUTH_USER_MODEL)),
+                    ),
                ),
                (
                    "action",
                    models.TextField(
                        choices=[
                            ("login", "login"),
                            ("login_failed", "login_failed"),
                            ("logout", "logout"),
                            ("authorize_application", "authorize_application"),
                            ("suspicious_request", "suspicious_request"),
                            ("sign_up", "sign_up"),
                            ("password_reset", "password_reset"),
                            ("invitation_created", "invitation_created"),
                            ("invitation_used", "invitation_used"),
                        ]
                    ),
                ),
                ("date", models.DateTimeField(auto_now_add=True)),
                ("app", models.TextField()),
                (
                    "context",
                    django.contrib.postgres.fields.jsonb.JSONField(
                        blank=True, default=dict
                    ),
                ),
                ("request_ip", models.GenericIPAddressField()),
                ("created", models.DateTimeField(auto_now_add=True)),
                (
                    "user",
                    models.ForeignKey(
                        null=True,
                        on_delete=django.db.models.deletion.SET_NULL,
                        to=settings.AUTH_USER_MODEL,
                    ),
                ),
            ],
            options={
-                'verbose_name': 'Audit Entry',
+                "verbose_name": "Audit Entry",
-                'verbose_name_plural': 'Audit Entries',
+                "verbose_name_plural": "Audit Entries",
            },
        ),
    ]
--- a/passbook/audit/migrations/0002_auto_20191028_0829.py
+++ b/passbook/audit/migrations/0002_auto_20191028_0829.py
@ -8,12 +8,9 @@ class Migration(migrations.Migration):
    dependencies = [
        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
-        ('passbook_audit', '0001_initial'),
+        ("passbook_audit", "0001_initial"),
    ]
    operations = [
-        migrations.RenameModel(
+        migrations.RenameModel(old_name="AuditEntry", new_name="Event",),
            old_name='AuditEntry',
            new_name='Event',
        ),
    ]
--- a/passbook/audit/migrations/0003_auto_20191205_1407.py
+++ b/passbook/audit/migrations/0003_auto_20191205_1407.py
@ -0,0 +1,40 @@
 # Generated by Django 2.2.8 on 2019-12-05 14:07
 from django.db import migrations, models
 import passbook.audit.models
 class Migration(migrations.Migration):
    dependencies = [
        ("passbook_audit", "0002_auto_20191028_0829"),
    ]
    operations = [
        migrations.AlterModelOptions(
            name="event",
            options={
                "verbose_name": "Audit Event",
                "verbose_name_plural": "Audit Events",
            },
        ),
        migrations.AlterField(
            model_name="event",
            name="action",
            field=models.TextField(
                choices=[
                    ("LOGIN", "login"),
                    ("LOGIN_FAILED", "login_failed"),
                    ("LOGOUT", "logout"),
                    ("AUTHORIZE_APPLICATION", "authorize_application"),
                    ("SUSPICIOUS_REQUEST", "suspicious_request"),
                    ("SIGN_UP", "sign_up"),
                    ("PASSWORD_RESET", "password_reset"),
                    ("INVITE_CREATED", "invitation_created"),
                    ("INVITE_USED", "invitation_used"),
                    ("CUSTOM", "custom"),
                ]
            ),
        ),
    ]
--- a/passbook/audit/migrations/0004_auto_20191205_1502.py
+++ b/passbook/audit/migrations/0004_auto_20191205_1502.py
@ -0,0 +1,19 @@
 # Generated by Django 2.2.8 on 2019-12-05 15:02
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ("passbook_audit", "0003_auto_20191205_1407"),
    ]
    operations = [
        migrations.RemoveField(model_name="event", name="request_ip",),
        migrations.AddField(
            model_name="event",
            name="client_ip",
            field=models.GenericIPAddressField(null=True),
        ),
    ]
--- a/passbook/audit/models.py
+++ b/passbook/audit/models.py
@ -1,75 +1,137 @@
 """passbook audit models"""
 from enum import Enum
 from inspect import getmodule, stack
 from typing import Any, Dict, Optional
 from uuid import UUID
 from django.conf import settings
 from django.contrib.auth.models import AnonymousUser
 from django.contrib.contenttypes.models import ContentType
 from django.contrib.postgres.fields import JSONField
 from django.core.exceptions import ValidationError
 from django.db import models
 from django.http import HttpRequest
 from django.utils.translation import gettext as _
-from ipware import get_client_ip
+from guardian.shortcuts import get_anonymous_user
 from structlog import get_logger
 from passbook.lib.models import UUIDModel
 from passbook.lib.utils.http import get_client_ip
 LOGGER = get_logger()
 def sanitize_dict(source: Dict[Any, Any]) -> Dict[Any, Any]:
    """clean source of all Models that would interfere with the JSONField.
    Models are replaced with a dictionary of {
        app: str,
        name: str,
        pk: Any
    }"""
    for key, value in source.items():
        if isinstance(value, dict):
            source[key] = sanitize_dict(value)
        elif isinstance(value, models.Model):
            model_content_type = ContentType.objects.get_for_model(value)
            source[key] = sanitize_dict(
                {
                    "app": model_content_type.app_label,
                    "name": model_content_type.model,
                    "pk": value.pk,
                }
            )
        elif isinstance(value, UUID):
            source[key] = value.hex
    return source
 class EventAction(Enum):
    """All possible actions to save into the audit log"""
    LOGIN = "login"
    LOGIN_FAILED = "login_failed"
    LOGOUT = "logout"
    AUTHORIZE_APPLICATION = "authorize_application"
    SUSPICIOUS_REQUEST = "suspicious_request"
    SIGN_UP = "sign_up"
    PASSWORD_RESET = "password_reset"  # noqa # nosec
    INVITE_CREATED = "invitation_created"
    INVITE_USED = "invitation_used"
    CUSTOM = "custom"
    @staticmethod
    def as_choices():
        """Generate choices of actions used for database"""
        return tuple((x, y.value) for x, y in EventAction.__members__.items())
 class Event(UUIDModel):
    """An individual audit log event"""
-    ACTION_LOGIN = 'login'
+    user = models.ForeignKey(
-    ACTION_LOGIN_FAILED = 'login_failed'
+        settings.AUTH_USER_MODEL, null=True, on_delete=models.SET_NULL
    ACTION_LOGOUT = 'logout'
    ACTION_AUTHORIZE_APPLICATION = 'authorize_application'
    ACTION_SUSPICIOUS_REQUEST = 'suspicious_request'
    ACTION_SIGN_UP = 'sign_up'
    ACTION_PASSWORD_RESET = 'password_reset' # noqa # nosec
    ACTION_INVITE_CREATED = 'invitation_created'
    ACTION_INVITE_USED = 'invitation_used'
    ACTIONS = (
        (ACTION_LOGIN, ACTION_LOGIN),
        (ACTION_LOGIN_FAILED, ACTION_LOGIN_FAILED),
        (ACTION_LOGOUT, ACTION_LOGOUT),
        (ACTION_AUTHORIZE_APPLICATION, ACTION_AUTHORIZE_APPLICATION),
        (ACTION_SUSPICIOUS_REQUEST, ACTION_SUSPICIOUS_REQUEST),
        (ACTION_SIGN_UP, ACTION_SIGN_UP),
        (ACTION_PASSWORD_RESET, ACTION_PASSWORD_RESET),
        (ACTION_INVITE_CREATED, ACTION_INVITE_CREATED),
        (ACTION_INVITE_USED, ACTION_INVITE_USED),
    )
-
+    action = models.TextField(choices=EventAction.as_choices())
    user = models.ForeignKey(settings.AUTH_USER_MODEL, null=True, on_delete=models.SET_NULL)
    action = models.TextField(choices=ACTIONS)
    date = models.DateTimeField(auto_now_add=True)
    app = models.TextField()
    context = JSONField(default=dict, blank=True)
-    request_ip = models.GenericIPAddressField()
+    client_ip = models.GenericIPAddressField(null=True)
    created = models.DateTimeField(auto_now_add=True)
    @staticmethod
-    def create(action, request, **kwargs):
+    def _get_app_from_request(request: HttpRequest) -> str:
-        """Create Event from arguments"""
+        if not isinstance(request, HttpRequest):
-        client_ip, _ = get_client_ip(request)
+            return ""
-        if not hasattr(request, 'user'):
+        return request.resolver_match.app_name
-            user = None
+
-        else:
+    @staticmethod
-            user = request.user
+    def new(
-        if isinstance(user, AnonymousUser):
+        action: EventAction,
-            user = kwargs.get('user', None)
+        app: Optional[str] = None,
-        entry = Event.objects.create(
+        _inspect_offset: int = 1,
-            action=action,
+        **kwargs,
-            user=user,
+    ) -> "Event":
-            # User 255.255.255.255 as fallback if IP cannot be determined
+        """Create new Event instance from arguments. Instance is NOT saved."""
-            request_ip=client_ip or '255.255.255.255',
+        if not isinstance(action, EventAction):
-            context=kwargs)
+            raise ValueError(
-        LOGGER.debug("Created Audit entry", action=action,
+                f"action must be EventAction instance but was {type(action)}"
-                     user=user, from_ip=client_ip, context=kwargs)
+            )
-        return entry
+        if not app:
            app = getmodule(stack()[_inspect_offset][0]).__name__
        cleaned_kwargs = sanitize_dict(kwargs)
        event = Event(action=action.value, app=app, context=cleaned_kwargs)
        LOGGER.debug("Created Audit event", action=action, context=cleaned_kwargs)
        return event
    def from_http(
        self, request: HttpRequest, user: Optional[settings.AUTH_USER_MODEL] = None
    ) -> "Event":
        """Add data from a Django-HttpRequest, allowing the creation of
        Events independently from requests.
        `user` arguments optionally overrides user from requests."""
        if hasattr(request, "user"):
            if isinstance(request.user, AnonymousUser):
                self.user = get_anonymous_user()
            else:
                self.user = request.user
        if user:
            self.user = user
        # User 255.255.255.255 as fallback if IP cannot be determined
        self.client_ip = get_client_ip(request) or "255.255.255.255"
        # If there's no app set, we get it from the requests too
        if not self.app:
            self.app = Event._get_app_from_request(request)
        self.save()
        return self
    def save(self, *args, **kwargs):
        if not self._state.adding:
-            raise ValidationError("you may not edit an existing %s" % self._meta.model_name)
+            raise ValidationError(
-        super().save(*args, **kwargs)
+                "you may not edit an existing %s" % self._meta.model_name
            )
        return super().save(*args, **kwargs)
    class Meta:
-        verbose_name = _('Audit Entry')
+        verbose_name = _("Audit Event")
-        verbose_name_plural = _('Audit Entries')
+        verbose_name_plural = _("Audit Events")
--- a/passbook/audit/signals.py
+++ b/passbook/audit/signals.py
@ -2,34 +2,44 @@
 from django.contrib.auth.signals import user_logged_in, user_logged_out
 from django.dispatch import receiver
-from passbook.audit.models import Event
+from passbook.audit.models import Event, EventAction
-from passbook.core.signals import (invitation_created, invitation_used,
+from passbook.core.signals import invitation_created, invitation_used, user_signed_up
                                   user_signed_up)
@receiver(user_logged_in)
-def on_user_logged_in(sender, request, user, **kwargs):
+# pylint: disable=unused-argument
 def on_user_logged_in(sender, request, user, **_):
    """Log successful login"""
-    Event.create(Event.ACTION_LOGIN, request)
+    Event.new(EventAction.LOGIN).from_http(request)
@receiver(user_logged_out)
-def on_user_logged_out(sender, request, user, **kwargs):
+# pylint: disable=unused-argument
 def on_user_logged_out(sender, request, user, **_):
    """Log successfully logout"""
-    Event.create(Event.ACTION_LOGOUT, request)
+    Event.new(EventAction.LOGOUT).from_http(request)
@receiver(user_signed_up)
-def on_user_signed_up(sender, request, user, **kwargs):
+# pylint: disable=unused-argument
 def on_user_signed_up(sender, request, user, **_):
    """Log successfully signed up"""
-    Event.create(Event.ACTION_SIGN_UP, request)
+    Event.new(EventAction.SIGN_UP).from_http(request)
@receiver(invitation_created)
-def on_invitation_created(sender, request, invitation, **kwargs):
+# pylint: disable=unused-argument
 def on_invitation_created(sender, request, invitation, **_):
    """Log Invitation creation"""
-    Event.create(Event.ACTION_INVITE_CREATED, request,
+    Event.new(
-                 invitation_uuid=invitation.uuid.hex)
+        EventAction.INVITE_CREATED, invitation_uuid=invitation.uuid.hex
    ).from_http(request)
@receiver(invitation_used)
-def on_invitation_used(sender, request, invitation, **kwargs):
+# pylint: disable=unused-argument
 def on_invitation_used(sender, request, invitation, **_):
    """Log Invitation usage"""
-    Event.create(Event.ACTION_INVITE_USED, request,
+    Event.new(EventAction.INVITE_USED, invitation_uuid=invitation.uuid.hex).from_http(
-                 invitation_uuid=invitation.uuid.hex)
+        request
    )
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Jens Langhammer	7a98e6d92b	new release: 0.7.15-beta	2020-02-17 20:45:56 +01:00
Jens L	49e915f98b	Merge pull request #4 from BeryJu/propertymapping-jinja PropertyMappings using Jinja	2020-02-17 20:45:04 +01:00
Jens Langhammer	3aa2f1e892	*: propertymapping template -> expression	2020-02-17 20:38:14 +01:00
Jens Langhammer	bc4b7ef44d	providers/saml: add custom help text for templates, add docs for User Object reference	2020-02-17 20:30:14 +01:00
Jens Langhammer	9400b01a55	admin: parameterise generic from's base template	2020-02-17 20:29:41 +01:00
Jens Langhammer	e57da71dcf	sources/ldap: update LDAP source to use new property mappings	2020-02-17 17:55:48 +01:00
Jens Langhammer	7268afaaf9	providers/saml: update to new PropertyMappings	2020-02-17 17:50:11 +01:00
Jens Langhammer	205183445c	admin: add support for template field and Jinja2 highlighting	2020-02-17 17:48:53 +01:00
Jens Langhammer	a08bdfdbcd	root: remove prospector from Pipfile as it causes lock issues, install in CI	2020-02-17 17:48:18 +01:00
Jens Langhammer	e6c47fee26	core: add template field to PropertyMapping	2020-02-17 17:47:51 +01:00
Jens Langhammer	a5629c5155	providers/saml: add changeable signature and digest algorithm	2020-02-17 16:28:18 +01:00
Jens Langhammer	41689fe3ce	sources/* add missing migrations	2020-02-17 16:27:35 +01:00
Jens Langhammer	8e84208e2c	new release: 0.7.14-beta	2020-02-17 15:42:14 +01:00
Jens Langhammer	32a48fa07a	providers/saml: more typehints	2020-02-17 15:40:49 +01:00
Jens Langhammer	773a9c0692	policies/engine: fix cached policy results being ignored	2020-02-17 15:37:51 +01:00
Jens Langhammer	8808e3afe0	policies/engine: set mp start method to fork to fix issues under macOS	2020-02-17 15:20:30 +01:00
Jens Langhammer	ecea85f8ca	lib/config: remove autoreload handler as this API is gone in django 3	2020-02-17 15:20:11 +01:00
Jens Langhammer	5dfa141e35	root/wsgi: log requests with event name of request	2020-02-16 14:36:31 +01:00
Jens Langhammer	447e81d0b8	providers/saml: handle uncompressed SAML AuthNRequest	2020-02-16 14:08:35 +01:00
Jens Langhammer	e138076e1d	sources/saml: move labels from forms to models	2020-02-16 12:34:46 +01:00
Jens Langhammer	721d133dc3	sources/oauth: move labels from form to models	2020-02-16 12:34:33 +01:00
Jens Langhammer	75b687ecbe	sources/ldap: move labels from form to models	2020-02-16 12:30:45 +01:00
Jens Langhammer	bdd1863177	providers/saml: move field labels from Form into models	2020-02-16 12:30:26 +01:00
Jens Langhammer	e5b85e8e6a	providers/saml: move default saml properties to DB	2020-02-16 12:29:53 +01:00
Jens Langhammer	d7481c9de7	new release: 0.7.13-beta	2020-02-14 15:35:05 +01:00
Jens Langhammer	571373866e	providers/saml: some more cleanup, fix get_time_string when called without argument	2020-02-14 15:34:24 +01:00
Jens Langhammer	e36d7928e4	providers/saml: big cleanup, simplify base processor add New fields for - assertion_valid_not_before - assertion_valid_not_on_or_after - session_valid_not_on_or_after allow flexible time durations for these fields fall back to Provider's ACS if none is specified in AuthNRequest	2020-02-14 15:19:48 +01:00
Jens Langhammer	2be026dd44	global: fix import order	2020-02-14 15:17:40 +01:00
Jens L	d5b9de3569	Merge pull request #3 from BeryJu/dependabot/pip/django-2.2.10 build(deps): bump django from 2.2.9 to 2.2.10	2020-02-12 09:31:13 +01:00
dependabot[bot]	e22620b0ec	build(deps): bump django from 2.2.9 to 2.2.10 Bumps [django](https://github.com/django/django) from 2.2.9 to 2.2.10. - [Release notes](https://github.com/django/django/releases) - [Commits](https://github.com/django/django/compare/2.2.9...2.2.10) Signed-off-by: dependabot[bot] <support@github.com>	2020-02-12 03:20:09 +00:00
Jens Langhammer	ba74a3213d	*: upgrade python 3.7 to 3.8	2020-01-19 21:03:01 +01:00
Jens Langhammer	d9ecb7070d	core: add more prometheus metrics	2020-01-19 21:01:26 +01:00
Jens Langhammer	fc4a46bd9c	root: fix credential variables overwriting each other	2020-01-17 11:16:23 +01:00
Jens Langhammer	78301b7bab	docs: fix site_url	2020-01-17 10:55:20 +01:00
Jens Langhammer	7bf7bde856	root: fix prometheus path in ServiceMonitor, return WWW-Authenticate header so basic auth is sent	2020-01-17 10:55:11 +01:00
Jens Langhammer	9bdff14403	providers/app_gw: fix wrong UPSTREAM parameter	2020-01-03 09:15:07 +01:00
Jens Langhammer	f124314eab	new release: 0.7.12-beta	2020-01-02 20:22:44 +01:00
Jens Langhammer	684e4ffdcf	providers/app_gw: fix formatting	2020-01-02 20:22:36 +01:00
Jens Langhammer	d9ff5c69c8	providers/app_gw: fix assignment of response_types	2020-01-02 20:20:10 +01:00
Jens Langhammer	8142e3df45	providers/oidc: fix application property of wrong object being used	2020-01-02 20:19:53 +01:00
Jens Langhammer	73920899de	static: use current pixie image	2020-01-02 20:09:30 +01:00
Jens Langhammer	13666965a7	actions: fix build over gatekeeper	2020-01-02 16:55:30 +01:00
Jens Langhammer	86f16e2781	providers/oidc: fix incorrectly sorted imports	2020-01-02 16:42:52 +01:00
Jens Langhammer	2ed8e72c62	new release: 0.7.11-beta	2020-01-02 16:38:11 +01:00
Jens Langhammer	edeed18ae8	providers/oidc: fix error when using with app_gw	2020-01-02 16:38:01 +01:00
Jens Langhammer	d24133d8a2	core: fix _redirect_with_qs appending an array to the URL	2020-01-02 16:14:56 +01:00
Jens Langhammer	b9733e56aa	providers/app_gw: fix passbook domain being empty	2020-01-02 16:09:17 +01:00
Jens Langhammer	cd34413914	providers/app_gw: separate host field into external_ and internal_	2020-01-02 16:09:04 +01:00
Jens Langhammer	c3a4a76d43	providers/app_gw: fix Client's response_type not being set	2020-01-02 16:06:32 +01:00
Jens Langhammer	a59a29b256	actions: also build gatekeeper on release	2020-01-02 15:55:39 +01:00
Jens Langhammer	dce1edbe53	new release: 0.7.10-beta	2020-01-02 14:54:52 +01:00
Jens Langhammer	264d43827a	actions: create release based on version number, not tag name	2020-01-02 14:46:44 +01:00
Jens Langhammer	6207226bdf	new release: 0.7.9-beta	2020-01-02 14:09:58 +01:00
Jens Langhammer	ebf33f39c9	actions: fix missing backslash for dockerbuild	2020-01-02 14:09:42 +01:00
Jens Langhammer	696cd1f247	new release: 0.7.8-beta	2020-01-02 14:03:36 +01:00
Jens Langhammer	b7b3abc462	actions: automatically create release when version/* tag is created, run tests before creating release	2020-01-02 13:49:24 +01:00
Jens Langhammer	575739d07c	ci: add bandit for static security checks	2020-01-02 13:41:49 +01:00
Jens Langhammer	2d7e70eebf	audit: fix import order	2020-01-02 13:20:41 +01:00
Jens Langhammer	387f3c981f	audit: fix error when trying to save models with UUID as PK	2020-01-02 13:12:23 +01:00
Jens Langhammer	865435fb25	actions: fix path to helm chart	2020-01-02 11:38:54 +01:00
Jens Langhammer	b10c5306b9	actions: ensure release gets only executed on release creation	2020-01-02 11:37:46 +01:00
Jens Langhammer	7c706369cd	new release: 0.7.7-beta	2020-01-02 11:22:08 +01:00
Jens Langhammer	20dd6355c1	actions: run unittests in final docker images after build	2020-01-02 11:20:32 +01:00
Jens Langhammer	ba8d5d6e27	actions: push both versioned and :latest tags	2020-01-02 11:19:55 +01:00
Jens Langhammer	c448f87027	new release: 0.7.6-beta	2020-01-02 10:34:34 +01:00
Jens Langhammer	2b8c70a61f	actions: separate actions files for ci and release	2020-01-02 10:33:04 +01:00
Jens Langhammer	9d7ed9a0ed	new release: 0.7.7-beta	2019-12-31 14:02:01 +01:00
Jens Langhammer	ff69b4affe	actions: fix build not running correctly	2019-12-31 14:01:58 +01:00
Jens Langhammer	d77afd1ded	new release: 0.7.6-beta	2019-12-31 13:47:39 +01:00
Jens Langhammer	c3909f9196	actions: run build only on release	2019-12-31 13:44:27 +01:00
Jens Langhammer	fa55ba5ef0	actions: since actions has no easy way to get tags, hardcode version in ci and bump with bumpversion	2019-12-31 13:40:24 +01:00
Jens Langhammer	766518ee0e	audit: sanitize kwargs when creating audit event	2019-12-31 13:33:07 +01:00
Jens Langhammer	74b2b26a20	ci: disable pylint's bad-continuation to please black	2019-12-31 13:17:35 +01:00
Jens Langhammer	4ebbc6f065	gh-actions: fix dependencies on isort	2019-12-31 12:52:15 +01:00
Jens Langhammer	3bd1eadd51	all: implement black as code formatter	2019-12-31 12:51:16 +01:00
Jens Langhammer	8eb3f0f708	ci: upgrade pylint to latest version core: also upgrade kombu as https://github.com/celery/kombu/issues/1101 is fixed now	2019-12-31 12:45:29 +01:00
Jens Langhammer	31ea2e7139	audit: fix internal server error from passing models	2019-12-31 11:40:03 +01:00
Jens Langhammer	323b4b4a5d	actions: fix helm using wrong path for chart	2019-12-30 10:42:46 +01:00
Jens Langhammer	7b8e1bea92	docker: fix old dockerfiles being used, remove all gitlab references	2019-12-30 10:34:31 +01:00
Jens Langhammer	f986dc89ad	all: migrate to github	2019-12-30 10:25:35 +01:00
Jens Langhammer	b21fd10093	new release: 0.7.5-beta	2019-12-16 22:05:22 +01:00
Jens Langhammer	6f9c19b142	misc: update bumpversion config	2019-12-16 22:05:16 +01:00
Jens Langhammer	f45643ca87	Merge branch '45-helm-3' into 'master' Resolve "Upgrade to helm 3 for packaging" Closes #45 See merge request BeryJu.org/passbook!35	2019-12-16 20:49:34 +00:00
Jens Langhammer	85f8bea784	ci: replace helm with helm3	2019-12-14 14:34:34 +01:00
Jens Langhammer	b428ec5237	providers/oidc: remove duplicate fields	2019-12-14 14:28:36 +01:00
Jens Langhammer	92428529ad	docs: add sentry	2019-12-14 14:28:14 +01:00
Jens Langhammer	f6761b5b0b	docs: fix harbor site not being included	2019-12-13 15:45:50 +01:00
Jens Langhammer	307b04f4ca	docs: add harbor integration, cleanup	2019-12-13 15:36:09 +01:00
Jens Langhammer	6a520a5697	docs: add rancher integration	2019-12-13 13:53:30 +01:00
Jens Langhammer	f22dbba931	providers/saml: add UID field	2019-12-13 13:45:10 +01:00
Jens Langhammer	82cf482fba	Merge branch 'docs' into 'master' Docs See merge request BeryJu.org/passbook!33	2019-12-12 22:06:20 +00:00
Jens Langhammer	a6afb99edd	docs: build docs on new version	2019-12-12 18:13:38 +01:00
Jens Langhammer	ac5f8465b9	docs: add GitLab integration docs	2019-12-12 18:12:14 +01:00
Jens Langhammer	218acb9e38	docs: add providers and sources	2019-12-12 18:00:23 +01:00
Jens Langhammer	927c718fdd	docs: add some more info to mkdocs	2019-12-12 09:55:10 +01:00
Jens Langhammer	b7a6d6e739	docs: add docs for property mappings, switch to material theme	2019-12-10 11:25:34 +01:00
Jens Langhammer	0946d6a25d	docs: add initial structure, add docs for policies and factors	2019-12-09 21:00:45 +01:00
Jens Langhammer	c1e98e2f0c	Merge branch 'master' into docs	2019-12-09 16:49:05 +01:00
Jens Langhammer	807cbbeaaf	audit: rewrite to be independent of django http requests, allow custom actions	2019-12-05 16:14:08 +01:00
Jens Langhammer	6c358c4e0a	misc: run coverage before other tasks to find bugs easier	2019-12-05 16:03:31 +01:00
Jens Langhammer	74cd0bc08f	all(minor): remove old, unused code	2019-12-05 15:07:37 +01:00
Jens Langhammer	b08ec0477e	all(minor): replace django-ipware with custom implementation	2019-12-05 14:33:55 +01:00
Jens Langhammer	328c999cb9	ci(minor): reenable prospector	2019-12-05 14:31:51 +01:00
Jens Langhammer	c37e382c15	root(minor): fix incorrect user IP being shown	2019-12-02 18:05:06 +01:00
Jens Langhammer	784dd0fdd6	root(minor): fix unnecessary redirect for prometheus	2019-12-02 18:04:55 +01:00
Jens Langhammer	e6256cb9c8	root(minor): add script to run coverage	2019-12-02 16:43:50 +01:00
Langhammer, Jens	4520e3f8b8	deploy(minor): fix wrong health-check for static deployment	2019-11-20 15:55:39 +01:00
Langhammer, Jens	23146de2bf	new release: 0.7.4-beta	2019-11-20 13:15:46 +01:00
Langhammer, Jens	e24f4fe3a8	compose(minor): add error_reporting flag	2019-11-20 13:13:10 +01:00
Langhammer, Jens	8e6b69f96f	ci(minor): disable gatekeeper build due to quay issue	2019-11-20 13:12:51 +01:00
Langhammer, Jens	979bea17ed	root(minor): disable error reporting by default	2019-11-20 13:12:37 +01:00
Langhammer, Jens	30dba285d9	root(minor): remove build stanza from docker-compose as it causes issues	2019-11-20 13:08:32 +01:00
Langhammer, Jens	99fadf2e55	new release: 0.7.3-beta	2019-11-19 18:14:06 +01:00
Langhammer, Jens	b606e3d0cb	static(minor): remove nginx config from bumpversion	2019-11-19 18:14:03 +01:00
Langhammer, Jens	be642bc874	root(major): fix dbbackup not working with prometheus	2019-11-19 18:08:25 +01:00
Langhammer, Jens	49a347b32f	static(major): switch to pixie for static files	2019-11-19 18:00:29 +01:00
Langhammer, Jens	089b48aad1	Merge branch 'agw'	2019-11-11 18:14:03 +01:00
Langhammer, Jens	2997cb83b1	providers/appgw(major): rewrite to use oauth2_proxy	2019-11-11 18:13:46 +01:00
Langhammer, Jens	08f0aca894	provider/oidc(minor): include claims in id_token	2019-11-11 13:19:54 +01:00
Langhammer, Jens	80ea7c40b7	helm(minor): fix monitoring username not being in b64	2019-11-08 15:00:08 +01:00
		`@ -1,3 +0,0 @@`
			`FROM docker.beryju.org/passbook/base:latest`

			`RUN pip install -r /app/requirements-dev.txt --no-cache-dir`
		`@ -0,0 +1,3 @@`
							`# Kubernetes`

							`For a mid to high-load Installation, Kubernetes is recommended. passbook is installed using a helm-chart.`
`@ -1,2 +1,2 @@`
	`"""passbook"""`	`"""passbook"""`
	`__version__ = '0.7.2-beta'`	`__version__ = "0.7.15-beta"`
`@ -2,4 +2,4 @@`

	`from passbook.lib.admin import admin_autoregister`	`from passbook.lib.admin import admin_autoregister`

	`admin_autoregister('passbook_audit')`	`admin_autoregister("passbook_audit")`