Customizable API auditing URLs via template filter (#652)

Closes #636

docs/installation/auth/cloudflare.md

@@ -10,21 +10,21 @@ Along the top bar, select `Add Site`
 
 Enter your domain name. It will scan records and let you know you can add the site. Continue setup.
 
-On the next page you should see an A record for yourdomain.com pointing at your server IP. If not, manually add one:
+On the next page you should see an A record for example.com pointing at your server IP. If not, manually add one:
 
-    A    yourdomain.com     my.server.ip.address     Automatic TTL
+    A    example.com     my.server.ip.address     Automatic TTL
 
 Add the record and ensure the cloud under Status is orange. If not, click it. This ensures traffic gets screened by CloudFlare.
 
 If you want forums or kb on a subdomain, and want these to be protected by CloudFlare, add an additional record for for each subdomain in the following format, ensuring the cloud is orange:
 
-    CNAME     subdomain         yourdomain.com       Automatic TTL
+    CNAME     subdomain         example.com       Automatic TTL
 
 CloudFlare blocks ports outside 80 and 443 on hosts it protects. This means, if the cloud is orange, only web traffic will get through. We need to reconfigure AllianceAuth to provide services under a subdomain. Configure these subdomains as above, but ensure the cloud is not orange (arrow should go around a grey cloud).
 
 ## Redirect to HTTPS
 
-Now we need to configure the https redirect to force all traffic to https. Along the top bar of CloudFlare, select `Page Rules`. Add a new rule, Pattern is yourdomain.com, toggle the `Always use https` to ON, and save. It’ll take a few minutes to propagate. 
+Now we need to configure the https redirect to force all traffic to https. Along the top bar of CloudFlare, select `Page Rules`. Add a new rule, Pattern is example.com, toggle the `Always use https` to ON, and save. It’ll take a few minutes to propagate. 
 
 ![infographic](http://i.stack.imgur.com/VUBvo.jpg)
 

docs/installation/auth/settings.md

@@ -19,145 +19,150 @@ When changing these booleans, edit the setting within the brackets (eg `('AA_MEM
 # Fields to Modify
 
 ## Required
- - [SECRET_KEY](#secret_key)
+ - [SECRET_KEY](#secret-key)
    - Use [this tool](http://www.miniwebtool.com/django-secret-key-generator/) to generate a key on initial install
  - [DEBUG](#debug)
    - If issues are encountered, set this to `True` to view a more detailed error report, otherwise set `False`
- - [ALLOWED_HOSTS](#allowed_hosts)
+ - [ALLOWED_HOSTS](#allowed-hosts)
    - This restricts web addresses auth will answer to. Separate with commas. 
-   - Should include localhost `127.0.0.1` and `yourdomain.com`
+   - Should include localhost `127.0.0.1` and `example.com`
    - To allow from all, include `'*'`
  - [DATABASES](#databases)
    - Fill out the database name and user credentials to manage the auth database.
  - [DOMAIN](#domain)
    - Set to the domain name AllianceAuth will be accessible under
- - [EMAIL_HOST_USER](#email_host_user)
+ - [EMAIL_HOST_USER](#email-host-user)
    - Username to send emails from. If gmail account, the full gmail address.
- - [EMAIL_HOST_PASSWORD](#email_host_password)
+ - [EMAIL_HOST_PASSWORD](#email-host-password)
    - Password for the email user.
- - [CORP_IDS](#corp_ids)
+ - [CORP_IDS](#corp-ids)
    - List of corp IDs who are members. Exclude if their alliance is in `ALLIANCE_IDS`
- - [ALLIANCE_IDS](#alliance_ids)
+ - [ALLIANCE_IDS](#alliance-ids)
    - List of alliance IDs who are members.
- - [ESI_SSO_CLIENT_ID](#esi_sso_client_id)
-   - EVE application ID from the developers site. See the [SSO Configuration Instruction](#ESI_SSO_CLIENT_ID)
- - [ESI_SSO_CLIENT_SECRET](#esi_sso_client_secret)
+ - [ESI_SSO_CLIENT_ID](#esi-sso-client_id)
+   - EVE application ID from the developers site. See the [SSO Configuration Instruction](#sso-settings)
+ - [ESI_SSO_CLIENT_SECRET](#esi-sso-client-secret)
    - EVE application secret from the developers site.
- - [ESI_SSO_CALLBACK_URL](#esi_sso_callback_url)
+ - [ESI_SSO_CALLBACK_URL](#esi-sso-callback-url)
    - OAuth callback URL. Should be `https://mydomain.com/sso/callback`
 
 ## Services
 ### Member Services
 After installing services, enable specific services for members by setting the following to `True`
-- [ENABLE_AUTH_FORUM](#enable_auth_forum)
-- [ENABLE_AUTH_JABBER](#enable_auth_jabber)
-- [ENABLE_AUTH_MUMBLE](#enable_auth_mumble)
-- [ENABLE_AUTH_IPBOARD](#enable_auth_ipboard)
-- [ENABLE_AUTH_TEAMSPEAK3](#enable_auth_teamspeak3)
-- [ENABLE_AUTH_DISCORD](#enable_auth_discord)
-- [ENABLE_AUTH_DISCOURSE](#enable_auth_discourse)
-- [ENABLE_AUTH_IPS4](#enable_auth_ips4)
-- [ENABLE_AUTH_SMF](#enable_auth_smf)
-- [ENABLE_AUTH_MARKET](#enable_auth_market)
-- [ENABLE_AUTH_XENFORO](#enable_auth_xenforo)
+- [ENABLE_AUTH_FORUM](#enable-auth-forum)
+- [ENABLE_AUTH_JABBER](#enable-auth-jabber)
+- [ENABLE_AUTH_MUMBLE](#enable-auth-mumble)
+- [ENABLE_AUTH_IPBOARD](#enable-auth-ipboard)
+- [ENABLE_AUTH_TEAMSPEAK3](#enable-auth-teamspeak3)
+- [ENABLE_AUTH_DISCORD](#enable-auth-discord)
+- [ENABLE_AUTH_DISCOURSE](#enable-auth-discourse)
+- [ENABLE_AUTH_IPS4](#enable-auth-ips4)
+- [ENABLE_AUTH_SMF](#enable-auth-smf)
+- [ENABLE_AUTH_MARKET](#enable-auth-market)
+- [ENABLE_AUTH_XENFORO](#enable-auth-xenforo)
 
 ### Blue Services
 After installing services, enable specific services for blues by setting the following to `True`
-- [ENABLE_BLUE_FORUM](#enable_blue_forum)
-- [ENABLE_BLUE_JABBER](#enable_blue_jabber)
-- [ENABLE_BLUE_MUMBLE](#enable_blue_mumble)
-- [ENABLE_BLUE_IPBOARD](#enable_blue_ipboard)
-- [ENABLE_BLUE_TEAMSPEAK3](#enable_blue_teamspeak3)
-- [ENABLE_BLUE_DISCORD](#enable_blue_discord)
-- [ENABLE_BLUE_DISCOURSE](#enable_blue_discourse)
-- [ENABLE_BLUE_IPS4](#enable_blue_ips4)
-- [ENABLE_BLUE_SMF](#enable_blue_smf)
-- [ENABLE_BLUE_MARKET](#enable_blue_market)
-- [ENABLE_BLUE_XENFORO](#enable_blue_xenforo)
+- [ENABLE_BLUE_FORUM](#enable-blue-forum)
+- [ENABLE_BLUE_JABBER](#enable-blue-jabber)
+- [ENABLE_BLUE_MUMBLE](#enable-blue-mumble)
+- [ENABLE_BLUE_IPBOARD](#enable-blue-ipboard)
+- [ENABLE_BLUE_TEAMSPEAK3](#enable-blue-teamspeak3)
+- [ENABLE_BLUE_DISCORD](#enable-blue-discord)
+- [ENABLE_BLUE_DISCOURSE](#enable-blue-discourse)
+- [ENABLE_BLUE_IPS4](#enable-blue-ips4)
+- [ENABLE_BLUE_SMF](#enable-blue-smf)
+- [ENABLE_BLUE_MARKET](#enable-blue-market)
+- [ENABLE_BLUE_XENFORO](#enable-blue-xenforo)
 
 ### IPBoard
-If using IPBoard, the following need to be set
- - [IPBOARD_ENDPOINT](#ipboard_endpoint)
- - [IPBOARD_APIKEY](#ipboard_apikey)
- - [IPBOARD_APIMODULE](#ipboard_apimodule)
+If using IPBoard, the following need to be set in accordance with the [install instructions](../services/ipboard3.md)
+ - [IPBOARD_ENDPOINT](#ipboard-endpoint)
+ - [IPBOARD_APIKEY](#ipboard-apikey)
+ - [IPBOARD_APIMODULE](#ipboard-apimodule)
 
 ### XenForo
-If using XenForo, the following need to be set
- - [XENFORO_ENDPOINT](#xenforo_endpoint)
- - [XENFORO_APIKEY](#xenforo_apikey)
+If using XenForo, the following need to be set in accordance with the [install instructions](../services/xenforo.md)
+ - [XENFORO_ENDPOINT](#xenforo-endpoint)
+ - [XENFORO_APIKEY](#xenforo-apikey)
 
 ### Openfire
-If using Openfire, the following need to be set
- - [JABBER_URL](#jabber_url)
- - [JABBER_PORT](#jabber_port)
- - [JABBER_SERVER](#jabber_server)
- - [OPENFIRE_ADDRESS](#openfire_address)
- - [OPENFIRE_SECRET_KEY](#openfire_secret_key)
- - [BROADCAST_USER](#broadcast_user)
- - [BROADCAST_USER_PASSWORD](#broadcast_user_password)
- - [BROADCAST_SERVICE_NAME](#broadcast_service_name)
+If using Openfire, the following need to be set in accordance with the [install instructions](../services/openfire.md)
+ - [JABBER_URL](#jabber-url)
+ - [JABBER_PORT](#jabber-port)
+ - [JABBER_SERVER](#jabber-server)
+ - [OPENFIRE_ADDRESS](#openfire-address)
+ - [OPENFIRE_SECRET_KEY](#openfire-secret-key)
+ - [BROADCAST_USER](#broadcast-user)
+ - [BROADCAST_USER_PASSWORD](#broadcast-user-password)
+ - [BROADCAST_SERVICE_NAME](#broadcast-service-name)
 
 ### Mumble
-If using Mumble, the following need to be set
- - [MUMBLE_URL](#mumble_url)
+If using Mumble, the following needs to be set to the address of the mumble server:
+ - [MUMBLE_URL](#mumble-url)
 
 ### PHPBB3
 If using phpBB3, the database needs to be defined.
 
 ### Teamspeak3
-If using Teamspeak3, the following need to be set
- - [TEAMSPEAK3_SERVER_IP](#teamspeak3_server_ip)
- - [TEAMSPEAK3_SERVER_PORT](#teamspeak3_server_port)
- - [TEAMSPEAK3_SERVERQUERY_USER](#teamspeak3_serverquery_user)
- - [TEAMSPEAK3_SERVERQUERY_PASSWORD](#teamspeak3_serverquery_password)
- - [TEAMSPEAK3_VIRTUAL_SERVER](#teamspeak3_virtual_server)
- - [TEAMSPEAK3_PUBLIC_URL](#teamspeak3_public_url)
+If using Teamspeak3, the following need to be set in accordance with the [install instrictions](../services/teamspeak3.md)
+ - [TEAMSPEAK3_SERVER_IP](#teamspeak3-server-ip)
+ - [TEAMSPEAK3_SERVER_PORT](#teamspeak3-server-port)
+ - [TEAMSPEAK3_SERVERQUERY_USER](#teamspeak3-serverquery-user)
+ - [TEAMSPEAK3_SERVERQUERY_PASSWORD](#teamspeak3-serverquery-password)
+ - [TEAMSPEAK3_VIRTUAL_SERVER](#teamspeak3-virtual-server)
+ - [TEAMSPEAK3_PUBLIC_URL](#teamspeak3-public-url)
 
 ### Discord
-If connecting to a Discord server, set the following
- - [DISCORD_SERVER_ID](#discord_server_id)
- - [DISCORD_USER_EMAIL](#discord_user_email)
- - [DISCORD_USER_PASSWORD](#discord_user_password)
+If connecting to a Discord server, set the following in accordance with the [install instructions](../services/discord.md)
+ - [DISCORD_GUILD_ID](#discord-guild-id)
+ - [DISCORD_BOT_TOKEN](#discord-bot-token)
+ - [DISCORD_INVITE_CODE](#discord-invite-code)
+ - [DISCORD_APP_ID](#discord-app-id)
+ - [DISCORD_APP_SECRET](#discord-app-secret)
+ - [DISCORD_CALLBACK_URL](#discord-callback-url)
+ - [DISCORD_SYNC_NAMES](#discord-sync-names)
 
 ### Discourse
-If connecting to Discourse, set the following
- - [DISCOURSE_URL](#discourse_url)
- - [DISCOURSE_API_USERNAME](#discourse_api_username)
- - [DISCOURSE_API_KEY](#discourse_api_key)
- - [DISCOURSE_SSO_SECRET](#discourse_sso_secret)
+If connecting to Discourse, set the following in accordance with the [install instructions](../services/discourse.md)
+ - [DISCOURSE_URL](#discourse-url)
+ - [DISCOURSE_API_USERNAME](#discourse-api-username)
+ - [DISCOURSE_API_KEY](#discourse-api-key)
+ - [DISCOURSE_SSO_SECRET](#discourse-sso-secret)
 
 ### IPSuite4
 If using IPSuite4 (aka IPBoard4) the following are required:
- - [IPS4_URL](#ips4_url)
+ - [IPS4_URL](#ips4-url)
  - the database needs to be defined
 
 ### SMF
 If using SMF the following are required:
- - [SMF_URL](#smf_url)
+ - [SMF_URL](#smf-url)
  - the database needs to be defined
 
 ## Optional
 ### Standings
 To allow access to blues, a corp API key is required to pull standings from. Corp does not need to be owning corp or in owning alliance. Required mask is 16 (Communications/ContactList)
- - [CORP_API_ID](#corp_api_id)
- - [CORP_API_VCODE](#corp_api_vcode)
+ - [CORP_API_ID](#corp-api-id)
+ - [CORP_API_VCODE](#corp-api-vcode)
 
-### Jacknife
-To view APIs on a different Jacknife install, set [JACK_KNIFE_URL](#jack_knife_url)
+### API Key Audit URL
+To define what happens when an API is clicked, set according to [these instructions](#hr-configuration)
+ - [API_KEY_AUDIT_URL](#api-key-audit-url)
 
 ### Auto Groups
 Groups can be automatically assigned based on a user's corp or alliance. Set the following to `True` to enable this feature.
- - [MEMBER_CORP_GROUPS](#member_corp_groups)
- - [MEMBER_ALLIANCE_GROUPS](#member_alliance_groups)
- - [BLUE_CORP_GROUPS](#blue_corp_groups)
- - [BLUE_ALLIANCE_GROUPS](#blue_alliance_groups)
+ - [MEMBER_CORP_GROUPS](#member-corp-groups)
+ - [MEMBER_ALLIANCE_GROUPS](#member-alliance-groups)
+ - [BLUE_CORP_GROUPS](#blue-corp-groups)
+ - [BLUE_ALLIANCE_GROUPS](#blue-alliance-groups)
 
 ### Fleet-Up
 Fittings and operations can be imported from Fleet-Up. Define the following to do so.
- - [FLEETUP_APP_KEY](#fleetup_app_key)
- - [FLEETUP_USER_ID](#fleetup_user_id)
- - [FLEETUP_API_ID](#fleetup_api_id)
- - [FLEETUP_GROUP_ID](#fleetup_group_id)
+ - [FLEETUP_APP_KEY](#fleetup-app-key)
+ - [FLEETUP_USER_ID](#fleetup-user-id)
+ - [FLEETUP_API_ID](#fleetup-api-id)
+ - [FLEETUP_GROUP_ID](#fleetup-group-id)
 
 # Description of Settings
 ## Django
@@ -166,7 +171,7 @@ A random string used in cryptographic functions, such as password hashing. Chang
 ### DEBUG
 Replaces the generic `SERVER ERROR (500)` page when an error is encountered with a page containing a traceback and variables. May expose sensitive information so not recommended for production.
 ### ALLOWED_HOSTS
-A list of addresses used to validate headers: AllianceAuth will block connection coming from any other address unless `DEBUG` is `True`. This should be a list of URLs and IPs to allow. For instance, include 'mydomain.com', 'www.mydomain.com', and the server's IP address to ensure connections will be accepted.
+A list of addresses used to validate headers: AllianceAuth will block connection coming from any other address. This should be a list of URLs and IPs to allow. In most cases, just adding `'example.com'` is sufficient. This also accepts the `'*'` wildcard for testing purposes.
 ### DATABASES
 List of databases available. Contains the Django database, and may include service ones if enabled. Service databases are defined in their individual sections and appended as needed automatically.
 ### LANGUAGE_CODE
@@ -178,7 +183,7 @@ Absolute URL to serve static files from.
 ### STATIC_ROOT
 Root folder to store static files in.
 ### SUPERUSER_STATE_BYPASS
-Overrides superuser account states to always return True on membership tests. If issues are encountered, or you want to test access to certain portions of the site, set to False to disable.
+Overrides superuser account states to always return True on membership tests. If issues are encountered, or you want to test access to certain portions of the site, set to False to respect true states of superusers.
 ## EMAIL SETTINGS
 ### DOMAIN
 The URL to which emails will link.
@@ -208,7 +213,7 @@ The application cliend ID generated from the [developers site.](https://develope
 ### ESI_SSO_CLIENT_SECRET
 The application secret key generated from the [developers site.](https://developers.eveonline.com)
 ### ESI_SSO_CALLBACK_URL
-The callback URL for authentication handshake. Should be `https://mydomain.com/sso/callback`.
+The callback URL for authentication handshake. Should be `https://example.com/sso/callback`.
 ## Default Group Settings
 ### DEFAULT_AUTH_GROUP
 Name of the group members of the owning corp or alliance are put in.
@@ -318,8 +323,14 @@ The web address to access the Evernus Alliance Market application.
 ### MARKET_DB
 The Evernus Alliance Market database connection information.
 ## HR Configuration
-### JACK_KNIFE_URL
-Link to an install of [eve-jackknife](https://code.google.com/archive/p/eve-jackknife/)
+### API_KEY_AUDIT_URL
+This setting defines what happens when someone clicks on an API key (such as in corpstats or an application).
+
+Default behaviour is to show the verification code in a popup, but this can be set to link out to a website.
+
+The URL set here uses python string formatting notation. Variable names are enclosed in `{}` brackets. Three variable names are available: `api_id`, `vcode`, and `pk` (which is the primary key of the API in the database - only useful on the admin site).
+
+Example URL structures are provided. Jacknife can be installed on your server following [its setup guide.](../services/jacknife.md)
 ## IPBoard3 Configuration
 ### IPBOARD_ENDPOINT
 URL to the `index.php` file of a IPBoard install's API server.
@@ -329,20 +340,20 @@ API key for accessing an IPBoard install's API
 Module to access while using the API
 ## XenForo Configuration
 ### XENFORO_ENDPOINT
-The address of the XenForo API. Should look like `https://mydomain.com/forum/api.php`
+The address of the XenForo API. Should look like `https://example.com/forum/api.php`
 ### XENFORO_DEFAULT_GROUP
 The group ID of the group to assign to member. Default is 0.
 ### XENFORO_APIKEY
 The API key generated from XenForo to allow API access.
 ## Jabber Configuration
 ### JABBER_URL
-Address to instruct members to connect their jabber clients to, in order to reach an Openfire install. Usually just `mydomain.com`
+Address to instruct members to connect their jabber clients to, in order to reach an Openfire install. Usually just `example.com`
 ### JABBER_PORT
 Port to instruct members to connect their jabber clients to, in order to reach an Openfire install. Usually 5223.
 ### JABBER_SERVER
-Server name of an Openfire install. Usually `mydomain.com`
+Server name of an Openfire install. Usually `example.com`
 ### OPENFIRE_ADDRESS
-URL of the admin web interface for an Openfire install. Usually `http://mydomain.com:9090`. If HTTPS is desired, change port to 9091: `https://mydomain.com:9091`
+URL of the admin web interface for an Openfire install. Usually `http://example.com:9090`. If HTTPS is desired, change port to 9091: `https://example.com:9091`
 ### OPENFIRE_SECRET_KEY
 Secret key used to authenticate with an Openfire admin interface.
 ### BROADCAST_USER
@@ -368,7 +379,7 @@ Password to use when authenticating as the `TEAMSPEAK3_SERVERQUERY_USER`. Provid
 ### TEAMSPEAK3_VIRTUAL_SERVER
 ID of the server on which to manage users. Usually `1`.
 ### TEAMSPEAK3_PUBLIC_URL
-Address to instruct members to connect their Teamspeak3 clients to. Usually `mydomain.com`
+Address to instruct members to connect their Teamspeak3 clients to. Usually `example.com`
 ## Discord Configuration
 ### DISCORD_GUILD_ID
 The ID of a Discord server on which to manage users.
@@ -381,7 +392,7 @@ The application ID obtained from defining an application on the [Discord develop
 ### DISCORD_APP_SECRET
 The application secret key obtained from defining an application on the [Discord developers site.](https://discordapp.com/developers/applications/me)
 ### DISCORD_CALLBACK_URL
-The callback URL used for authenticaiton flow. Should be `https://mydomain.com/discord_callback`. Must match exactly the one used when defining the application.
+The callback URL used for authenticaiton flow. Should be `https://example.com/discord_callback`. Must match exactly the one used when defining the application.
 ### DISCORD_SYNC_NAMES
 Override usernames on the server to match the user's main character.
 ## Discourse Configuration
@@ -419,4 +430,5 @@ This section is used to manage how logging messages are processed.
 
 To turn off logging notifications, change the `handlers` `notifications` `class` to `logging.NullHandler`
 
-## Everything below logging is magic. Do Not Touch
+## Danger Zone
+Everything below logging is magic. **Do not touch.**