Version Bump 4.8.0

Updates for project Alliance Auth

See merge request allianceauth/allianceauth!1732

.coveragerc

@@ -0,0 +1,24 @@
+[run]
+branch = True
+source =
+    allianceauth
+
+omit =
+    */migrations/*
+    */example/*
+    */project_template/*
+    */bin/*
+    */tests/*
+    */tests.py
+
+[report]
+exclude_lines =
+    if self.debug:
+    pragma: no cover
+    raise NotImplementedError
+    if __name__ == .__main__.:
+    def __repr__
+    raise AssertionError
+    if TYPE_CHECKING:
+
+ignore_errors = True

.editorconfig

@@ -0,0 +1,28 @@
+# http://editorconfig.org
+root = true
+
+[*]
+indent_style = space
+indent_size = 4
+tab_width = 4
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.{yaml,yml,less}]
+indent_size = 2
+
+[*.md]
+indent_size = 2
+
+# Makefiles always use tabs for indentation
+[Makefile]
+indent_style = tab
+
+[*.bat]
+indent_style = tab
+
+[{Dockerfile,*.dockerfile}]
+indent_style = space
+indent_size = 4

.gitattributes

@@ -1 +0,0 @@
-*/*.py.example linguist-language=Python

.gitignore

@@ -8,6 +8,7 @@ __pycache__/
 # Distribution / packaging
 .Python
 env/
+venv/
 build/
 develop-eggs/
 dist/
@@ -37,11 +38,9 @@ htmlcov/
 .tox/
 .coverage
 .cache
-nosetests.xml
 coverage.xml
 
 # Translations
-*.mo
 *.pot
 
 # Django stuff:
@@ -53,17 +52,25 @@ docs/_build/
 # PyBuilder
 target/
 
-.vagrant/
-alliance_auth/settings.py
 *Thumbs.db
 nginx_config.txt
 
-# custom staticfiles
-static/*
-
 #celerybeat
 *.pid
 celerybeat-schedule
 
 #pycharm
 .idea/*
+/nbproject/
+
+#VSCode
+.vscode/
+
+#gitlab configs
+.gitlab/
+
+#other
+.flake8
+.pylintrc
+Makefile
+alliance_auth.sqlite3

.gitlab-ci.yml

@@ -0,0 +1,280 @@
+.only-default: &only-default
+  only:
+    - master
+    - branches
+    - merge_requests
+
+stages:
+  - pre-commit
+  - gitlab
+  - test
+  - deploy
+  - docker
+
+include:
+  - template: Dependency-Scanning.gitlab-ci.yml
+  - template: Security/SAST.gitlab-ci.yml
+  - template: Security/Secret-Detection.gitlab-ci.yml
+
+before_script:
+  - apt-get update && apt-get install redis-server -y
+  - redis-server --daemonize yes
+  - python -V
+  - pip install wheel tox
+
+pre-commit-check:
+  <<: *only-default
+  stage: pre-commit
+  image: python:3.11-bookworm
+  # variables:
+  #   PRE_COMMIT_HOME: ${CI_PROJECT_DIR}/.cache/pre-commit
+  # cache:
+  #   paths:
+  #     - ${PRE_COMMIT_HOME}
+  script:
+    - pip install pre-commit
+    - pre-commit run --all-files
+
+sast:
+  stage: gitlab
+  before_script: []
+
+dependency_scanning:
+  stage: gitlab
+  before_script:
+    - apt-get update && apt-get install redis-server libmariadb-dev -y
+    - redis-server --daemonize yes
+    - python -V
+    - pip install wheel tox
+
+secret_detection:
+  stage: gitlab
+  before_script: []
+
+test-3.8-core:
+  <<: *only-default
+  image: python:3.8-bookworm
+  script:
+    - tox -e py38-core
+  artifacts:
+    when: always
+    reports:
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage.xml
+
+test-3.9-core:
+  <<: *only-default
+  image: python:3.9-bookworm
+  script:
+    - tox -e py39-core
+  artifacts:
+    when: always
+    reports:
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage.xml
+
+test-3.10-core:
+  <<: *only-default
+  image: python:3.10-bookworm
+  script:
+    - tox -e py310-core
+  artifacts:
+    when: always
+    reports:
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage.xml
+
+test-3.11-core:
+  <<: *only-default
+  image: python:3.11-bookworm
+  script:
+    - tox -e py311-core
+  artifacts:
+    when: always
+    reports:
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage.xml
+
+test-3.12-core:
+  <<: *only-default
+  image: python:3.12-bookworm
+  script:
+    - tox -e py312-core
+  artifacts:
+    when: always
+    reports:
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage.xml
+
+test-3.8-all:
+  <<: *only-default
+  image: python:3.8-bookworm
+  script:
+    - tox -e py38-all
+  artifacts:
+    when: always
+    reports:
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage.xml
+
+test-3.9-all:
+  <<: *only-default
+  image: python:3.9-bookworm
+  script:
+    - tox -e py39-all
+  artifacts:
+    when: always
+    reports:
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage.xml
+
+test-3.10-all:
+  <<: *only-default
+  image: python:3.10-bookworm
+  script:
+    - tox -e py310-all
+  artifacts:
+    when: always
+    reports:
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage.xml
+
+test-3.11-all:
+  <<: *only-default
+  image: python:3.11-bookworm
+  script:
+    - tox -e py311-all
+  artifacts:
+    when: always
+    reports:
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage.xml
+  coverage: '/(?i)total.*? (100(?:\.0+)?\%|[1-9]?\d(?:\.\d+)?\%)$/'
+
+test-3.12-all:
+  <<: *only-default
+  image: python:3.12-bookworm
+  script:
+    - tox -e py312-all
+  artifacts:
+    when: always
+    reports:
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage.xml
+
+build-test:
+  stage: test
+  image: python:3.11-bookworm
+
+  before_script:
+    - python -m pip install --upgrade pip
+    - python -m pip install --upgrade build
+    - python -m pip install --upgrade setuptools wheel
+
+  script:
+    - python -m build
+
+  artifacts:
+    when: always
+    name: "$CI_JOB_NAME-$CI_COMMIT_REF_SLUG"
+    paths:
+      - dist/*
+    expire_in: 1 year
+
+test-docs:
+  <<: *only-default
+  image: python:3.11-bookworm
+  script:
+    - tox -e docs
+
+deploy_production:
+  stage: deploy
+  image: python:3.11-bookworm
+
+  before_script:
+    - python -m pip install --upgrade pip
+    - python -m pip install --upgrade build
+    - python -m pip install --upgrade setuptools wheel twine
+
+  script:
+    - python -m build
+    - python -m twine upload dist/*
+
+  rules:
+    - if: $CI_COMMIT_TAG
+
+build-image:
+  before_script: []
+  image: docker:24.0
+  stage: docker
+  services:
+    - docker:24.0-dind
+  script: |
+    CURRENT_DATE=$(echo $CI_COMMIT_TIMESTAMP | head -c 10 | tr -d -)
+    IMAGE_TAG=$CI_REGISTRY_IMAGE/auth:$CURRENT_DATE-$CI_COMMIT_SHORT_SHA
+    CURRENT_TAG=$CI_REGISTRY_IMAGE/auth:$CI_COMMIT_TAG
+    MINOR_TAG=$CI_REGISTRY_IMAGE/auth:$(echo $CI_COMMIT_TAG | cut -d '.' -f 1-2)
+    MAJOR_TAG=$CI_REGISTRY_IMAGE/auth:$(echo $CI_COMMIT_TAG | cut -d '.' -f 1)
+    LATEST_TAG=$CI_REGISTRY_IMAGE/auth:latest
+
+    docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+    docker run --privileged --rm tonistiigi/binfmt --uninstall qemu-*
+    docker run --privileged --rm tonistiigi/binfmt --install all
+    docker buildx create --use --name new-builder
+    docker buildx build . --tag $IMAGE_TAG --tag $CURRENT_TAG --tag $MINOR_TAG --tag $MAJOR_TAG --tag $LATEST_TAG --file docker/Dockerfile --platform linux/amd64,linux/arm64 --push --build-arg AUTH_VERSION=$(echo $CI_COMMIT_TAG | cut -c 2-)
+  rules:
+    - if: $CI_COMMIT_TAG
+      when: delayed
+      start_in: 10 minutes
+
+build-image-dev:
+  before_script: []
+  image: docker:24.0
+  stage: docker
+  services:
+    - docker:24.0-dind
+  script: |
+    CURRENT_DATE=$(echo $CI_COMMIT_TIMESTAMP | head -c 10 | tr -d -)
+    IMAGE_TAG=$CI_REGISTRY_IMAGE/auth:$CURRENT_DATE-$CI_COMMIT_BRANCH-$CI_COMMIT_SHORT_SHA
+
+    docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+    docker run --privileged --rm tonistiigi/binfmt --uninstall qemu-*
+    docker run --privileged --rm tonistiigi/binfmt --install all
+    docker buildx create --use --name new-builder
+    docker buildx build . --tag $IMAGE_TAG --file docker/Dockerfile --platform linux/amd64,linux/arm64 --push --build-arg AUTH_PACKAGE=git+https://gitlab.com/allianceauth/allianceauth@$CI_COMMIT_BRANCH
+  rules:
+    - if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME == ""'
+      when: manual
+    - if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME != ""'
+      when: never
+
+build-image-mr:
+  before_script: []
+  image: docker:24.0
+  stage: docker
+  services:
+    - docker:24.0-dind
+  script: |
+    CURRENT_DATE=$(echo $CI_COMMIT_TIMESTAMP | head -c 10 | tr -d -)
+    IMAGE_TAG=$CI_REGISTRY_IMAGE/auth:$CURRENT_DATE-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME-$CI_COMMIT_SHORT_SHA
+
+    docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+    docker run --privileged --rm tonistiigi/binfmt --uninstall qemu-*
+    docker run --privileged --rm tonistiigi/binfmt --install all
+    docker buildx create --use --name new-builder
+    docker buildx build . --tag $IMAGE_TAG --file docker/Dockerfile --platform linux/amd64,linux/arm64 --push --build-arg AUTH_PACKAGE=git+$CI_MERGE_REQUEST_SOURCE_PROJECT_URL@$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+      when: manual
+    - if: '$CI_PIPELINE_SOURCE != "merge_request_event"'
+      when: never

.gitlab/issue_templates/Bug.md

@@ -0,0 +1,14 @@
+# Bug
+
+- I have searched [issues](https://gitlab.com/allianceauth/allianceauth/issues?scope=all&utf8=%E2%9C%93&state=all) (Y/N):
+- What Version of Alliance Auth:
+- What Operating System:
+- Version of other components relevant to issue eg. Service, Database:
+
+Please include a brief description of your issue here.
+
+Please include steps to reproduce the issue
+
+Please include any tracebacks or logs
+
+Please include the results of the command `pip list`

.gitlab/issue_templates/Feature Request.md

@@ -0,0 +1,7 @@
+# Feature Request
+
+- Describe the feature are you requesting.
+
+- Is this a Service (external integration), a Module (Alliance Auth extension) or an enhancement to an existing service/module.
+
+- Describe why its useful to you or others.

.idea/allianceauth.iml

@@ -1,22 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<module type="PYTHON_MODULE" version="4">
-  <component name="FacetManager">
-    <facet type="django" name="Django">
-      <configuration>
-        <option name="rootFolder" value="$MODULE_DIR$" />
-        <option name="settingsModule" value="alliance_auth/settings.py.example" />
-        <option name="manageScript" value="manage.py" />
-        <option name="environment" value="&lt;map/&gt;" />
-        <option name="commandsToSkip" value="" />
-      </configuration>
-    </facet>
-  </component>
-  <component name="NewModuleRootManager">
-    <content url="file://$MODULE_DIR$" />
-    <orderEntry type="jdk" jdkName="Python 2.7.11 virtualenv at ~/1.6" jdkType="Python SDK" />
-    <orderEntry type="sourceFolder" forTests="false" />
-  </component>
-  <component name="TemplatesService">
-    <option name="TEMPLATE_CONFIGURATION" value="Django" />
-  </component>
-</module>

.idea/dataSources.ids

@@ -1,12 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<component name="dataSourceStorage">
-  <data-source source="LOCAL" name="Django default" uuid="3eb61453-647a-4832-8320-f3561f039abc">
-    <database-info product="" version="" jdbc-version="" driver-name="" driver-version=""/>
-  </data-source>
-  <data-source source="LOCAL" name="Django phpbb3" uuid="2de247c2-1951-4e74-8276-6a1c89c396fa">
-    <database-info product="" version="" jdbc-version="" driver-name="" driver-version=""/>
-  </data-source>
-  <data-source source="LOCAL" name="Django mumble" uuid="9963e5ca-7f2f-4dd3-9175-bc7102dfd48c">
-    <database-info product="" version="" jdbc-version="" driver-name="" driver-version=""/>
-  </data-source>
-</component>

.idea/dataSources.xml

@@ -1,20 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="DataSourceManagerImpl" format="xml" multifile-model="true">
-    <data-source source="LOCAL" name="Django default" uuid="3eb61453-647a-4832-8320-f3561f039abc">
-      <driver-ref>mysql</driver-ref>
-      <jdbc-driver>com.mysql.jdbc.Driver</jdbc-driver>
-      <jdbc-url>jdbc:mysql://127.0.0.1:3306/alliance_auth</jdbc-url>
-    </data-source>
-    <data-source source="LOCAL" name="Django phpbb3" uuid="2de247c2-1951-4e74-8276-6a1c89c396fa">
-      <driver-ref>mysql</driver-ref>
-      <jdbc-driver>com.mysql.jdbc.Driver</jdbc-driver>
-      <jdbc-url>jdbc:mysql://127.0.0.1:3306/alliance_forum</jdbc-url>
-    </data-source>
-    <data-source source="LOCAL" name="Django mumble" uuid="9963e5ca-7f2f-4dd3-9175-bc7102dfd48c">
-      <driver-ref>mysql</driver-ref>
-      <jdbc-driver>com.mysql.jdbc.Driver</jdbc-driver>
-      <jdbc-url>jdbc:mysql://127.0.0.1:3306/alliance_mumble</jdbc-url>
-    </data-source>
-  </component>
-</project>

.idea/encodings.xml

@@ -1,5 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="Encoding" useUTFGuessing="true" native2AsciiForPropertiesFiles="false" />
-</project>
-

.idea/inspectionProfiles/Project_Default.xml

@@ -1,11 +0,0 @@
-<component name="InspectionProjectProfileManager">
-  <profile version="1.0" is_locked="false">
-    <option name="myName" value="Project Default" />
-    <option name="myLocal" value="false" />
-    <inspection_tool class="SpellCheckingInspection" enabled="false" level="TYPO" enabled_by_default="false">
-      <option name="processCode" value="true" />
-      <option name="processLiterals" value="true" />
-      <option name="processComments" value="true" />
-    </inspection_tool>
-  </profile>
-</component>

.idea/inspectionProfiles/profiles_settings.xml

@@ -1,7 +0,0 @@
-<component name="InspectionProjectProfileManager">
-  <settings>
-    <option name="PROJECT_PROFILE" />
-    <option name="USE_PROJECT_PROFILE" value="false" />
-    <version value="1.0" />
-  </settings>
-</component>

.idea/misc.xml

@@ -1,7 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="ProjectRootManager" version="2" project-jdk-name="Python 2.7.11 virtualenv at ~/1.6" project-jdk-type="Python SDK" />
-  <component name="PythonCompatibilityInspectionAdvertiser">
-    <option name="version" value="1" />
-  </component>
-</project>

.idea/modules.xml

@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="ProjectModuleManager">
-    <modules>
-      <module fileurl="file://$PROJECT_DIR$/.idea/allianceauth.iml" filepath="$PROJECT_DIR$/.idea/allianceauth.iml" />
-    </modules>
-  </component>
-</project>
-

.idea/scopes/scope_settings.xml

@@ -1,5 +0,0 @@
-<component name="DependencyValidationManager">
-  <state>
-    <option name="SKIP_IMPORT_STATEMENTS" value="false" />
-  </state>
-</component>

.idea/vcs.xml

@@ -1,7 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="VcsDirectoryMappings">
-    <mapping directory="$PROJECT_DIR$" vcs="Git" />
-  </component>
-</project>
-

.pre-commit-config.yaml

@@ -0,0 +1,95 @@
+# Apply to all files without committing:
+#   pre-commit run --all-files
+# Update this file:
+#   pre-commit autoupdate
+
+# Set the default language versions for the hooks
+default_language_version:
+  python: python3  # Force all Python hooks to use Python 3
+  node: 22.12.0  # Force all Node hooks to use Node 22.12.0
+
+# Globally exclude files
+# https://pre-commit.com/#top_level-exclude
+exclude: |
+  (?x)(
+    LICENSE|
+    allianceauth\/static\/allianceauth\/css\/themes\/bootstrap-locals.less|
+    \.min\.css|
+    \.min\.js|
+    \.po|
+    \.mo|
+    swagger\.json|
+    static/(.*)/libs/
+  )
+
+repos:
+  # Code Upgrades
+  - repo: https://github.com/asottile/pyupgrade
+    rev: v3.20.0
+    hooks:
+      - id: pyupgrade
+        args: [--py38-plus]
+  - repo: https://github.com/adamchainz/django-upgrade
+    rev: 1.25.0
+    hooks:
+      - id: django-upgrade
+        args: [--target-version=4.2]
+
+  # Formatting
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      # Identify invalid files
+      - id: check-ast
+      - id: check-yaml
+      - id: check-json
+      - id: check-toml
+      - id: check-xml
+      # git checks
+      - id: check-merge-conflict
+      - id: check-added-large-files
+        args: [--maxkb=1000]
+      - id: detect-private-key
+      - id: check-case-conflict
+      # Python checks
+#      - id: check-docstring-first
+      - id: debug-statements
+#      - id: requirements-txt-fixer
+      - id: fix-encoding-pragma
+        args: [--remove]
+      - id: fix-byte-order-marker
+      # General quality checks
+      - id: mixed-line-ending
+        args: [--fix=lf]
+      - id: trailing-whitespace
+        args: [--markdown-linebreak-ext=md]
+      - id: check-executables-have-shebangs
+      - id: end-of-file-fixer
+  - repo: https://github.com/editorconfig-checker/editorconfig-checker.python
+    rev: 3.2.1
+    hooks:
+      - id: editorconfig-checker
+  - repo: https://github.com/igorshubovych/markdownlint-cli
+    rev: v0.45.0
+    hooks:
+      - id: markdownlint
+        language: node
+        args:
+          - --disable=MD013
+  # Infrastructure
+  - repo: https://github.com/tox-dev/pyproject-fmt
+    rev: v2.6.0
+    hooks:
+      - id: pyproject-fmt
+        name: pyproject.toml formatter
+        description: "Format the pyproject.toml file."
+        args:
+          - --indent=4
+        additional_dependencies:
+          - tox==4.24.1 # https://github.com/tox-dev/tox/releases/latest
+  - repo: https://github.com/abravalheri/validate-pyproject
+    rev: v0.24.1
+    hooks:
+      - id: validate-pyproject
+        name: Validate pyproject.toml
+        description: "Validate the pyproject.toml file."

.readthedocs.yml

@@ -0,0 +1,32 @@
+# .readthedocs.yml
+# Read the Docs configuration file
+# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details
+
+# Required
+version: 2
+
+# Set the version of Python and other tools you might need
+build:
+  os: ubuntu-22.04
+  apt_packages:
+    - redis
+  tools:
+    python: "3.11"
+  jobs:
+    post_system_dependencies:
+      - redis-server --daemonize yes
+
+# Build documentation in the docs/ directory with Sphinx
+sphinx:
+  configuration: docs/conf.py
+
+# Optionally build your docs in additional formats such as PDF and ePub
+formats: all
+
+# Python requirements required to build your docs
+python:
+  install:
+    - method: pip
+      path: .
+      extra_requirements:
+        - docs

.tx/transifex.yml

@@ -0,0 +1,10 @@
+filters:
+  - filter_type: file
+    file_format: PO
+    source_file: allianceauth/locale/en/LC_MESSAGES/django.po
+    source_language: en
+    translation_files_expression: allianceauth/locale/<lang>/LC_MESSAGES/django.po
+
+settings:
+  language_mapping:
+    zh-Hans: zh_Hans

LICENSE

@@ -337,4 +337,3 @@ proprietary programs.  If your program is a subroutine library, you may
 consider it more useful to permit linking proprietary applications with the
 library.  If this is what you want to do, use the GNU Lesser General
 Public License instead of this License.
-

README.md

@@ -1,50 +1,94 @@
-Alliance Auth
+# Alliance Auth
-============
 
-[![Join the chat at https://gitter.im/R4stl1n/allianceauth](https://badges.gitter.im/R4stl1n/allianceauth.svg)](https://gitter.im/R4stl1n/allianceauth?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
+[![License](https://img.shields.io/badge/license-GPLv2-green)](https://pypi.org/project/allianceauth/)
-[![Documentation Status](https://readthedocs.org/projects/allianceauth/badge/?version=latest)](http://allianceauth.readthedocs.io/en/latest/?badge=latest)
+[![Python Versions](https://img.shields.io/pypi/pyversions/allianceauth)](https://pypi.org/project/allianceauth/)
+[![Django Versions](https://img.shields.io/pypi/djversions/allianceauth?label=django)](https://pypi.org/project/allianceauth/)
+[![Stable AA Version](https://img.shields.io/pypi/v/allianceauth?label=release)](https://pypi.org/project/allianceauth/)
+[![Pipeline Status](https://gitlab.com/allianceauth/allianceauth/badges/master/pipeline.svg)](https://gitlab.com/allianceauth/allianceauth/commits/master)
+[![Documentation Status](https://readthedocs.org/projects/allianceauth/badge/?version=latest)](https://allianceauth.readthedocs.io/?badge=latest)
+[![Test Coverage Report](https://gitlab.com/allianceauth/allianceauth/badges/master/coverage.svg)](https://gitlab.com/allianceauth/allianceauth/commits/master)
+[![Chat on Discord](https://img.shields.io/discord/399006117012832262.svg)](https://discord.gg/fjnHAmk)
 
-EVE service auth to help corps, alliances, and coalitions manage services.
+A flexible authentication platform for EVE Online to help in-game organizations manage access to applications and services. AA provides both, a stable core, and a robust framework for community development and custom applications.
-Built for "The 99 Percent" open for anyone to use.
 
-Special Permissions In Admin:
+## Content
 
-    auth | user | group_management ( Access to add members to groups within the alliance )
+- [Overview](#overview)
-    auth | user | jabber_broadcast ( Access to broadcast a message over jabber to own groups )
+- [Documentation](https://allianceauth.rtfd.io)
-    auth | user | jabber_broadcast_all ( Can choose from all groups and the 'all' option when broadcasting )
+- [Support](#support)
-    auth | user | corp_apis ( View APIs, and jackKnife, of all members in user's corp. )
+- [Release Notes](https://gitlab.com/allianceauth/allianceauth/-/releases)
-    auth | user | alliance_apis ( View APIs, and jackKnife, of all member in user's alliance member corps. )
+- [Developer Team](#development-team)
-    auth | user | timer_management ( Access to create and remove timers )
+- [Contributing](#contributing)
-    auth | user | timer_view ( Access to timerboard to view timers )
-    auth | user | srp_management ( Allows for an individual to create and remove srp fleets and fleet data )
-    auth | user | sigtracker_management ( Allows for an individual to create and remove signitures )
-    auth | user | sigtracker_view ( Allows for an individual view signitures )
-    auth | user | optimer_management ( Allows for an individual to create and remove fleet operations )
-    auth | user | optimer_view ( Allows for an individual view fleet operations )
-    auth | user | logging_notifications ( Generate notifications from logging )
 
-    auth | user | human_resources ( View applications to user's corp )
+## Overview
-    hrapplications | application | delete_application ( Can delete applications )
-    hrapplications | application | accept_application ( Can accept applications )
-    hrapplications | application | reject_application ( Can reject applications )
-    hrapplications | application | view_apis ( Can see applicant's API keys )
-    hrapplications | applicationcomment | add_applicationcomment ( Can comment on applications )
 
-Vagrant Instructions:
+Alliance Auth (AA) is a platform that helps Eve Online organizations efficiently manage access to applications and services.
 
-    Copy the scripts to the root directory before running
+Main features:
 
-Active Developers:
+- Automatically grants or revokes user access to external services (e.g.: Discord, Mumble) based on the user's current membership to [a variety of EVE Online affiliation](https://allianceauth.readthedocs.io/en/latest/features/core/states/) and [groups](https://allianceauth.readthedocs.io/en/latest/features/core/groups/)
 
-    Adarnof
+- Provides a central web site where users can directly access web apps (e.g. SRP requests, Fleet Schedule) and manage their access to external services and groups.
-    basraah
 
-Beta Testers/ Bug Fixers:
+- Includes a set of connectors (called ["Services"](https://allianceauth.readthedocs.io/en/latest/features/services/)) for integrating access management with many popular external applications / services like Discord, Mumble, Teamspeak 3, SMF and others
 
-    TrentBartlem ( Testing and Bug Fixes )
+- Includes a set of web [Apps](https://allianceauth.readthedocs.io/en/latest/features/apps/) which add many useful functions, e.g.: fleet schedule, timer board, SRP request management, fleet activity tracker
-    IskFiend ( Bug Fixes and Server Configuration )
-    Mr McClain (Bug Fixes and server configuration )
 
-Special Thanks:
+- Can be easily extended with additional services and apps. Many are provided by the community and can be found here: [Community Creations](https://gitlab.com/allianceauth/community-creations)
 
-    Thanks to Nikdoof, without his old auth implementation this project wouldn't be as far as it is now.
+- English :flag_gb:, Chinese :flag_cn:, German :flag_de:, Spanish :flag_es:, Korean :flag_kr:, Russian :flag_ru:, Italian :flag_it:, French :flag_fr:, Japanese :flag_jp: and Ukrainian :flag_ua: Localization
+
+For further details about AA - including an installation guide and a full list of included services and plugin apps - please see the [official documentation](https://allianceauth.rtfd.io).
+
+## Screenshot
+
+Here is an example of the Alliance Auth web site with a mixture of Services, Apps and Community Creations enabled:
+
+### Flatly Theme
+
+![Flatly Theme](docs/_static/images/promotion/SampleInstallation-Flatly.png)
+
+### Darkly Theme
+
+![Darkly Theme](docs/_static/images/promotion/SampleInstallation-Darkly.png)
+
+## Support
+
+[Get help on Discord](https://discord.gg/fjnHAmk) or submit an [issue](https://gitlab.com/allianceauth/allianceauth/issues).
+
+## Development Team
+
+### Active Developers
+
+- [Aaron Kable](https://gitlab.com/aaronkable/)
+- [Ariel Rin](https://gitlab.com/soratidus999/)
+- [Col Crunch](https://gitlab.com/colcrunch/)
+- [Erik Kalkoken](https://gitlab.com/ErikKalkoken/)
+- [Rounon Dax](https://gitlab.com/ppfeufer)
+- [snipereagle1](https://gitlab.com/mckernanin)
+
+### Former Developers
+
+- [Adarnof](https://gitlab.com/adarnof/)
+- [Basraah](https://gitlab.com/basraah/)
+
+### Beta Testers / Bug Fixers
+
+- [ghoti](https://gitlab.com/ChainsawMcGinny/)
+- [kaezon](https://github.com/kaezon/)
+- [mmolitor87](https://gitlab.com/mmolitor87/)
+- [orbitroom](https://github.com/orbitroom/)
+- [TargetZ3R0](https://github.com/TargetZ3R0)
+- [tehfiend](https://github.com/tehfiend/)
+
+Special thanks to [Nikdoof](https://github.com/nikdoof/), as his [auth](https://github.com/nikdoof/test-auth) was the foundation for the original work on this project.
+
+## Contributing
+
+Alliance Auth is maintained and developed by the community and we welcome every contribution!
+
+To see what needs to be worked on please review our issue list or chat with our active developers on Discord.
+
+Also, please make sure you have signed the [License Agreement](https://developers.eveonline.com/resource/license-agreement) by logging in at [https://developers.eveonline.com](https://developers.eveonline.com) before submitting any pull requests.
+
+In addition to the core AA system we also very much welcome contributions to our growing list of 3rd party services and plugin apps. Please see [AA Community Creations](https://gitlab.com/allianceauth/community-creations) for details.

alliance_auth/.gitignore

@@ -1,2 +0,0 @@
-/settings.py
-!/*.example

alliance_auth/__init__.py

@@ -1,4 +0,0 @@
-from __future__ import unicode_literals
-
-__version__ = '1.14.1'
-NAME = 'Alliance Auth v%s' % __version__

alliance_auth/settings.py.example

@@ -1,662 +0,0 @@
-"""
-Django settings for alliance_auth project.
-
-Generated by 'django-admin startproject' using Django 1.10.1.
-
-For more information on this file, see
-https://docs.djangoproject.com/en/1.10/topics/settings/
-
-For the full list of settings and their values, see
-https://docs.djangoproject.com/en/1.10/ref/settings/
-"""
-
-import os
-
-import djcelery
-
-from django.contrib import messages
-
-djcelery.setup_loader()
-
-# Celery configuration
-BROKER_URL = 'redis://localhost:6379/0'
-CELERYBEAT_SCHEDULER = "djcelery.schedulers.DatabaseScheduler"
-
-# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
-BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
-
-
-# Quick-start development settings - unsuitable for production
-# See https://docs.djangoproject.com/en/1.10/howto/deployment/checklist/
-
-# SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = ''
-
-# SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = 'True' == os.environ.get('AA_DEBUG','True')
-
-ALLOWED_HOSTS = []
-
-
-# Application definition
-
-INSTALLED_APPS = [
-    'django.contrib.admin',
-    'django.contrib.auth',
-    'django.contrib.contenttypes',
-    'django.contrib.sessions',
-    'django.contrib.messages',
-    'django.contrib.staticfiles',
-    'django.contrib.humanize',
-    'djcelery',
-    'bootstrapform',
-    'authentication',
-    'services',
-    'eveonline',
-    'groupmanagement',
-    'hrapplications',
-    'timerboard',
-    'srp',
-    'optimer',
-    'corputils',
-    'fleetactivitytracking',
-    'notifications',
-    'esi',
-    'geelweb.django.navhelper',
-    'bootstrap_pagination',
-]
-
-MIDDLEWARE = [
-    'django.middleware.security.SecurityMiddleware',
-    'django.contrib.sessions.middleware.SessionMiddleware',
-    'django.middleware.common.CommonMiddleware',
-    'django.middleware.csrf.CsrfViewMiddleware',
-    'django.contrib.auth.middleware.AuthenticationMiddleware',
-    'django.contrib.messages.middleware.MessageMiddleware',
-    'django.middleware.clickjacking.XFrameOptionsMiddleware',
-    'django.middleware.locale.LocaleMiddleware',
-]
-
-ROOT_URLCONF = 'alliance_auth.urls'
-
-LOCALE_PATHS = (
-    os.path.join(BASE_DIR, 'locale/'),
-)
-
-ugettext = lambda s: s
-LANGUAGES = (
-    ('en', ugettext('English')),
-    ('de', ugettext('German')),
-)
-
-TEMPLATES = [
-    {
-        'BACKEND': 'django.template.backends.django.DjangoTemplates',
-        'DIRS': [
-            os.path.join(BASE_DIR, 'customization/templates'),
-            os.path.join(BASE_DIR, 'stock/templates'),
-        ],
-        'APP_DIRS': True,
-        'OPTIONS': {
-            'context_processors': [
-                'django.template.context_processors.debug',
-                'django.template.context_processors.request',
-                'django.contrib.auth.context_processors.auth',
-                'django.contrib.messages.context_processors.messages',
-                'django.template.context_processors.i18n',
-                'django.template.context_processors.media',
-                'django.template.context_processors.static',
-                'django.template.context_processors.tz',
-                'services.context_processors.auth_settings',
-                'notifications.context_processors.user_notification_count',
-                'authentication.context_processors.states',
-                'authentication.context_processors.membership_state',
-                'groupmanagement.context_processors.can_manage_groups',
-            ],
-        },
-    },
-]
-
-WSGI_APPLICATION = 'alliance_auth.wsgi.application'
-
-
-# Database
-# https://docs.djangoproject.com/en/1.10/ref/settings/#databases
-
-DATABASES = {
-    'default': {
-        'ENGINE': 'django.db.backends.mysql',
-        'NAME': 'alliance_auth',
-        'USER': os.environ.get('AA_DB_DEFAULT_USER', 'allianceserver'),
-        'PASSWORD': os.environ.get('AA_DB_DEFAULT_PASSWORD', 'password'),
-        'HOST': os.environ.get('AA_DB_DEFAULT_HOST', '127.0.0.1'),
-        'PORT': os.environ.get('AA_DB_DEFAULT_PORT', '3306'),
-    },
-}
-
-# Password validation
-# https://docs.djangoproject.com/en/1.10/ref/settings/#auth-password-validators
-
-AUTH_PASSWORD_VALIDATORS = [
-    {
-        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
-    },
-    {
-        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
-    },
-    {
-        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
-    },
-    {
-        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
-    },
-]
-
-LOGIN_URL = 'auth_login_user'
-
-SUPERUSER_STATE_BYPASS = 'True' == os.environ.get('AA_SUPERUSER_STATE_BYPASS', 'True')
-
-# Internationalization
-# https://docs.djangoproject.com/en/1.10/topics/i18n/
-
-LANGUAGE_CODE = os.environ.get('AA_LANGUAGE_CODE', 'en-us')
-
-TIME_ZONE = os.environ.get('AA_TIME_ZONE', 'UTC')
-
-USE_I18N = True
-
-USE_L10N = True
-
-USE_TZ = True
-
-
-# Static files (CSS, JavaScript, Images)
-# https://docs.djangoproject.com/en/1.10/howto/static-files/
-
-STATIC_URL = '/static/'
-STATIC_ROOT = os.path.join(BASE_DIR, "static")
-STATICFILES_DIRS = (
-    os.path.join(BASE_DIR, "customization/static"),
-    os.path.join(BASE_DIR, "stock/static"),
-)
-
-# Bootstrap messaging css workaround
-MESSAGE_TAGS = {
-    messages.ERROR: 'danger'
-}
-
-#####################################################
-##
-## Auth configuration starts here
-##
-#####################################################
-
-#################
-# EMAIL SETTINGS
-#################
-# DOMAIN - The alliance auth domain_url
-# EMAIL_HOST - SMTP Server URL
-# EMAIL_PORT - SMTP Server PORT
-# EMAIL_HOST_USER - Email Username (for gmail, the entire address)
-# EMAIL_HOST_PASSWORD - Email Password
-# EMAIL_USE_TLS - Set to use TLS encryption
-#################
-DOMAIN = os.environ.get('AA_DOMAIN', 'https://yourdomain.com')
-EMAIL_HOST = os.environ.get('AA_EMAIL_HOST', 'smtp.gmail.com')
-EMAIL_PORT = int(os.environ.get('AA_EMAIL_PORT', '587'))
-EMAIL_HOST_USER = os.environ.get('AA_EMAIL_HOST_USER', '')
-EMAIL_HOST_PASSWORD = os.environ.get('AA_EMAIL_HOST_PASSWORD', '')
-EMAIL_USE_TLS = 'True' == os.environ.get('AA_EMAIL_USE_TLS', 'True')
-
-####################
-# Front Page Links
-####################
-# KILLBOARD_URL - URL for your killboard. Blank to hide link
-# MEDIA_URL - URL for your media page (youtube etc). Blank to hide link
-# FORUM_URL - URL for your forums. Blank to hide link
-# SITE_NAME - Name of the auth site.
-####################
-KILLBOARD_URL = os.environ.get('AA_KILLBOARD_URL', '')
-EXTERNAL_MEDIA_URL = os.environ.get('AA_EXTERNAL_MEDIA_URL', '')
-FORUM_URL = os.environ.get('AA_FORUM_URL', '')
-SITE_NAME = os.environ.get('AA_SITE_NAME', 'Alliance Auth')
-
-###################
-# SSO Settings
-###################
-# Get client ID and client secret from registering an app at
-# https://developers.eveonline.com/
-# Callback URL should be https://mydomain.com/sso/callback
-###################
-ESI_SSO_CLIENT_ID = os.environ.get('AA_ESI_SSO_CLIENT_ID', '')
-ESI_SSO_CLIENT_SECRET = os.environ.get('AA_ESI_SSO_CLIENT_SECRET', '')
-ESI_SSO_CALLBACK_URL = os.environ.get('AA_ESI_SSO_CALLBACK_URL', '')
-
-#########################
-# Default Group Settings
-#########################
-# DEFAULT_AUTH_GROUP - Default group members are put in
-# DEFAULT_BLUE_GROUP - Default group for blue members
-# MEMBER_CORP_GROUPS - Assign members to a group representing their main corp
-# BLUE_CORP_GROUPS - Assign blues to a group representing their main corp
-#########################
-DEFAULT_AUTH_GROUP = os.environ.get('AA_DEFAULT_ALLIANCE_GROUP', 'Member')
-DEFAULT_BLUE_GROUP = os.environ.get('AA_DEFAULT_BLUE_GROUP', 'Blue')
-MEMBER_CORP_GROUPS = 'True' == os.environ.get('AA_MEMBER_CORP_GROUPS', 'True')
-MEMBER_ALLIANCE_GROUPS = 'True' == os.environ.get('AA_MEMBER_ALLIANCE_GROUPS', 'False')
-BLUE_CORP_GROUPS = 'True' == os.environ.get('AA_BLUE_CORP_GROUPS', 'False')
-BLUE_ALLIANCE_GROUPS = 'True' == os.environ.get('AA_BLUE_ALLIANCE_GROUPS', 'False')
-
-#########################
-# Alliance Service Setup
-#########################
-# ENABLE_AUTH_FORUM - Enable forum support in the auth for auth'd members
-# ENABLE_AUTH_JABBER - Enable jabber support in the auth for auth'd members
-# ENABLE_AUTH_MUMBLE - Enable mumble support in the auth for auth'd members
-# ENABLE_AUTH_IPBOARD - Enable IPBoard forum support in the auth for auth'd members
-# ENABLE_AUTH_DISCORD - Enable Discord support in the auth for auth'd members
-# ENABLE_AUTH_DISCOURSE - Enable Discourse support in the auth for auth'd members
-# ENABLE_AUTH_IPS4 - Enable IPS4 support in the auth for auth'd members
-# ENABLE_AUTH_SMF - Enable SMF forum support in the auth for auth'd members
-# ENABLE_AUTH_MARKET = Enable Alliance Market support in auth for auth'd members
-# ENABLE_AUTH_PATHFINDER = Enable Alliance Pathfinder suppor in auth for auth'd members
-# ENABLE_AUTH_XENFORO = Enable XenForo forums support in the auth for auth'd members
-#########################
-ENABLE_AUTH_FORUM = 'True' == os.environ.get('AA_ENABLE_AUTH_FORUM', 'False')
-ENABLE_AUTH_JABBER = 'True' == os.environ.get('AA_ENABLE_AUTH_JABBER', 'False')
-ENABLE_AUTH_MUMBLE = 'True' == os.environ.get('AA_ENABLE_AUTH_MUMBLE', 'False')
-ENABLE_AUTH_IPBOARD = 'True' == os.environ.get('AA_ENABLE_AUTH_IPBOARD', 'False')
-ENABLE_AUTH_TEAMSPEAK3 = 'True' == os.environ.get('AA_ENABLE_AUTH_TEAMSPEAK3', 'False')
-ENABLE_AUTH_DISCORD = 'True' == os.environ.get('AA_ENABLE_AUTH_DISCORD', 'False')
-ENABLE_AUTH_DISCOURSE = 'True' == os.environ.get('AA_ENABLE_AUTH_DISCOURSE', 'False')
-ENABLE_AUTH_IPS4 = 'True' == os.environ.get('AA_ENABLE_AUTH_IPS4', 'False')
-ENABLE_AUTH_SMF = 'True' == os.environ.get('AA_ENABLE_AUTH_SMF', 'False')
-ENABLE_AUTH_MARKET = 'True' == os.environ.get('AA_ENABLE_AUTH_MARKET', 'False')
-ENABLE_AUTH_XENFORO = 'True' == os.environ.get('AA_ENABLE_AUTH_XENFORO', 'False')
-
-#####################
-# Blue service Setup
-#####################
-# ENABLE_BLUE_FORUM - Enable forum support in the auth for blues
-# ENABLE_BLUE_JABBER - Enable jabber support in the auth for blues
-# ENABLE_BLUE_MUMBLE - Enable mumble support in the auth for blues
-# ENABLE_BLUE_IPBOARD - Enable IPBoard forum support in the auth for blues
-# ENABLE_BLUE_DISCORD - Enable Discord support in the auth for blues
-# ENABLE_BLUE_DISCOURSE - Enable Discord support in the auth for blues
-# ENABLE_BLUE_IPS4 - Enable IPS4 forum support in the auth for blues
-# ENABLE_BLUE_SMF - Enable SMF forum support in the auth for blues
-# ENABLE_BLUE_MARKET - Enable Alliance Market in the auth for blues
-# ENABLE_BLUE_PATHFINDER = Enable Pathfinder support in the auth for blues
-# ENABLE_BLUE_XENFORO = Enable XenForo forum support in the auth for blue 
-#####################
-ENABLE_BLUE_FORUM = 'True' == os.environ.get('AA_ENABLE_BLUE_FORUM', 'False')
-ENABLE_BLUE_JABBER = 'True' == os.environ.get('AA_ENABLE_BLUE_JABBER', 'False')
-ENABLE_BLUE_MUMBLE = 'True' == os.environ.get('AA_ENABLE_BLUE_MUMBLE', 'False')
-ENABLE_BLUE_IPBOARD = 'True' == os.environ.get('AA_ENABLE_BLUE_IPBOARD', 'False')
-ENABLE_BLUE_TEAMSPEAK3 = 'True' == os.environ.get('AA_ENABLE_BLUE_TEAMSPEAK3', 'False')
-ENABLE_BLUE_DISCORD = 'True' == os.environ.get('AA_ENABLE_BLUE_DISCORD', 'False')
-ENABLE_BLUE_DISCOURSE = 'True' == os.environ.get('AA_ENABLE_BLUE_DISCOURSE', 'False')
-ENABLE_BLUE_IPS4 = 'True' == os.environ.get('AA_ENABLE_BLUE_IPS4', 'False')
-ENABLE_BLUE_SMF = 'True' == os.environ.get('AA_ENABLE_BLUE_SMF', 'False')
-ENABLE_BLUE_MARKET = 'True' == os.environ.get('AA_ENABLE_BLUE_MARKET', 'False')
-ENABLE_BLUE_XENFORO = 'True' == os.environ.get('AA_ENABLE_BLUE_XENFORO', 'False')
-
-#########################
-# Tenant Configuration
-#########################
-# CORP_IDS - A list of corporation IDs to treat as members.
-# ALLIANCE_IDS - A list of alliance IDs to treat as members.
-# Any corps in a specified alliance will be treated as members, so do not include them in CORP_IDS
-#########################
-CORP_IDS = []
-ALLIANCE_IDS = []
-
-#########################
-# Standings Configuration
-#########################
-# Add a corp API key to add blue standings to grant access.
-# CORP_API_ID - Set this to the api id for the corp API key
-# CORP_API_VCODE - Set this to the api vcode for the corp API key
-# BLUE_STANDING - The lowest standings value to consider blue
-# STANDING_LEVEL - The level of standings to query. Accepted values are 'corp' and 'alliance'.
-########################
-CORP_API_ID = os.environ.get('AA_CORP_API_ID', '')
-CORP_API_VCODE = os.environ.get('AA_CORP_API_VCODE', '')
-BLUE_STANDING = float(os.environ.get('AA_BLUE_STANDING', '5.0'))
-STANDING_LEVEL = os.environ.get('AA_STANDING_LEVEL', 'corp')
-
-########################
-# API Configuration
-########################
-# MEMBER_API_MASK - Numeric value of minimum API mask required for members
-# MEMBER_API_ACCOUNT - Require API to be for Account and not character restricted
-# BLUE_API_MASK - Numeric value of minimum API mask required for blues
-# BLUE_API_ACCOUNT - Require API to be for Account and not character restricted
-# REJECT_OLD_APIS - Require each submitted API be newer than the latest submitted API
-# REJECT_OLD_APIS_MARGIN - Margin from latest submitted API ID within which a newly submitted API is still accepted
-# API_SSO_VALIDATION - Require users to prove ownership of newly entered API keys via SSO
-#                      Requires SSO to be configured.
-#######################
-MEMBER_API_MASK = os.environ.get('AA_MEMBER_API_MASK', 268435455)
-MEMBER_API_ACCOUNT = 'True' == os.environ.get('AA_MEMBER_API_ACCOUNT', 'True')
-BLUE_API_MASK = os.environ.get('AA_BLUE_API_MASK', 8388608)
-BLUE_API_ACCOUNT = 'True' == os.environ.get('AA_BLUE_API_ACCOUNT', 'False')
-REJECT_OLD_APIS = 'True' == os.environ.get('AA_REJECT_OLD_APIS', 'False')
-REJECT_OLD_APIS_MARGIN = os.environ.get('AA_REJECT_OLD_APIS_MARGIN', 50)
-API_SSO_VALIDATION = 'True' == os.environ.get('AA_API_SSO_VALIDATION', 'False')
-
-#######################
-# EVE Provider Settings
-#######################
-# EVEONLINE_CHARACTER_PROVIDER - Name of default data source for getting eve character data
-# EVEONLINE_CORP_PROVIDER - Name of default data source for getting eve corporation data
-# EVEONLINE_ALLIANCE_PROVIDER - Name of default data source for getting eve alliance data
-#
-# Available soruces are 'esi' and 'xml'
-#######################
-EVEONLINE_CHARACTER_PROVIDER = os.environ.get('AA_EVEONLINE_CHARACTER_PROVIDER', 'esi')
-EVEONLINE_CORP_PROVIDER = os.environ.get('AA_EVEONLINE_CORP_PROVIDER', 'esi')
-EVEONLINE_ALLIANCE_PROVIDER = os.environ.get('AA_EVEONLINE_ALLIANCE_PROVIDER', 'esi')
-
-#####################
-# Alliance Market
-#####################
-MARKET_URL = os.environ.get('AA_MARKET_URL', 'http://yourdomain.com/market')
-MARKET_DB = {
-    'ENGINE': 'django.db.backends.mysql',
-    'NAME': 'alliance_market',
-    'USER': os.environ.get('AA_DB_MARKET_USER', 'allianceserver'),
-    'PASSWORD': os.environ.get('AA_DB_MARKET_PASSWORD', 'password'),
-    'HOST': os.environ.get('AA_DB_MARKET_HOST', '127.0.0.1'),
-    'PORT': os.environ.get('AA_DB_MARKET_PORT', '3306'),
-}
-
-#####################
-# HR Configuration
-#####################
-# JACK_KNIFE_URL - Url for the audit page of API Jack knife
-#                  Should seriously replace with your own.
-#####################
-JACK_KNIFE_URL = os.environ.get('AA_JACK_KNIFE_URL', 'http://ridetheclown.com/eveapi/audit.php')
-
-#####################
-# Forum Configuration
-#####################
-# IPBOARD_ENDPOINT - Api endpoint if using ipboard
-# IPBOARD_APIKEY - Api key to interact with ipboard
-# IPBOARD_APIMODULE - Module for alliance auth *leave alone*
-#####################
-IPBOARD_ENDPOINT = os.environ.get('AA_IPBOARD_ENDPOINT', 'yourdomain.com/interface/board/index.php')
-IPBOARD_APIKEY = os.environ.get('AA_IPBOARD_APIKEY', 'somekeyhere')
-IPBOARD_APIMODULE = 'aa'
-
-########################
-# XenForo Configuration
-########################
-XENFORO_ENDPOINT = os.environ.get('AA_XENFORO_ENDPOINT', 'yourdomain.com/api.php')
-XENFORO_DEFAULT_GROUP = os.environ.get('AA_XENFORO_DEFAULT_GROUP', 0)
-XENFORO_APIKEY   = os.environ.get('AA_XENFORO_APIKEY', 'yourapikey')
-#####################
-
-######################
-# Jabber Configuration
-######################
-# JABBER_URL - Jabber address url
-# JABBER_PORT - Jabber service portal
-# JABBER_SERVER - Jabber server url
-# OPENFIRE_ADDRESS - Address of the openfire admin console including port
-#                    Please use http with 9090 or https with 9091
-# OPENFIRE_SECRET_KEY - Openfire REST API secret key
-# BROADCAST_USER - Broadcast user JID
-# BROADCAST_USER_PASSWORD - Broadcast user password
-######################
-JABBER_URL = os.environ.get('AA_JABBER_URL', "yourdomain.com")
-JABBER_PORT = int(os.environ.get('AA_JABBER_PORT', '5223'))
-JABBER_SERVER = os.environ.get('AA_JABBER_SERVER', "yourdomain.com")
-OPENFIRE_ADDRESS = os.environ.get('AA_OPENFIRE_ADDRESS', "http://yourdomain.com:9090")
-OPENFIRE_SECRET_KEY = os.environ.get('AA_OPENFIRE_SECRET_KEY', "somekey")
-BROADCAST_USER = os.environ.get('AA_BROADCAST_USER', "broadcast@") + JABBER_URL
-BROADCAST_USER_PASSWORD = os.environ.get('AA_BROADCAST_USER_PASSWORD', "somepassword")
-BROADCAST_SERVICE_NAME = os.environ.get('AA_BROADCAST_SERVICE_NAME', "broadcast")
-
-######################################
-# Mumble Configuration
-######################################
-# MUMBLE_URL - Mumble server url
-# MUMBLE_SERVER_ID - Mumble server id
-######################################
-MUMBLE_URL = os.environ.get('AA_MUMBLE_URL', "yourdomain.com")
-MUMBLE_SERVER_ID = int(os.environ.get('AA_MUMBLE_SERVER_ID', '1'))
-
-######################################
-# PHPBB3 Configuration
-######################################
-PHPBB3_DB = {
-    'ENGINE': 'django.db.backends.mysql',
-    'NAME': 'alliance_forum',
-    'USER': os.environ.get('AA_DB_PHPBB3_USER', 'allianceserver'),
-    'PASSWORD': os.environ.get('AA_DB_PHPBB3_PASSWORD', 'password'),
-    'HOST': os.environ.get('AA_DB_PHPBB3_HOST', '127.0.0.1'),
-    'PORT': os.environ.get('AA_DB_PHPBB3_PORT', '3306'),
-}
-
-######################################
-# Teamspeak3 Configuration
-######################################
-# TEAMSPEAK3_SERVER_IP - Teamspeak3 server ip
-# TEAMSPEAK3_SERVER_PORT - Teamspeak3 server port
-# TEAMSPEAK3_SERVERQUERY_USER - Teamspeak3 serverquery username
-# TEAMSPEAK3_SERVERQUERY_PASSWORD - Teamspeak3 serverquery password
-# TEAMSPEAK3_VIRTUAL_SERVER - Virtual server id
-# TEAMSPEAK3_AUTHED_GROUP_ID - Default authed group id
-# TEAMSPEAK3_PUBLIC_URL - teamspeak3 public url used for link creation
-######################################
-TEAMSPEAK3_SERVER_IP = os.environ.get('AA_TEAMSPEAK3_SERVER_IP', '127.0.0.1')
-TEAMSPEAK3_SERVER_PORT = int(os.environ.get('AA_TEAMSPEAK3_SERVER_PORT', '10011'))
-TEAMSPEAK3_SERVERQUERY_USER = os.environ.get('AA_TEAMSPEAK3_SERVERQUERY_USER', 'serveradmin')
-TEAMSPEAK3_SERVERQUERY_PASSWORD = os.environ.get('AA_TEAMSPEAK3_SERVERQUERY_PASSWORD', 'passwordhere')
-TEAMSPEAK3_VIRTUAL_SERVER = int(os.environ.get('AA_TEAMSPEAK3_VIRTUAL_SERVER', '1'))
-TEAMSPEAK3_PUBLIC_URL = os.environ.get('AA_TEAMSPEAK3_PUBLIC_URL', 'yourdomain.com')
-
-######################################
-# Discord Configuration
-######################################
-# DISCORD_GUILD_ID - ID of the guild to manage
-# DISCORD_BOT_TOKEN - oauth token of the app bot user
-# DISCORD_INVITE_CODE - invite code to the server
-# DISCORD_APP_ID - oauth app client ID
-# DISCORD_APP_SECRET - oauth app secret
-# DISCORD_CALLBACK_URL - oauth callback url
-# DISCORD_SYNC_NAMES - enable to force discord nicknames to be set to eve char name (bot needs Manage Nicknames permission)
-######################################
-DISCORD_GUILD_ID = os.environ.get('AA_DISCORD_GUILD_ID', '')
-DISCORD_BOT_TOKEN = os.environ.get('AA_DISCORD_BOT_TOKEN', '')
-DISCORD_INVITE_CODE = os.environ.get('AA_DISCORD_INVITE_CODE', '')
-DISCORD_APP_ID = os.environ.get('AA_DISCORD_APP_ID', '')
-DISCORD_APP_SECRET = os.environ.get('AA_DISCORD_APP_SECRET', '')
-DISCORD_CALLBACK_URL = os.environ.get('AA_DISCORD_CALLBACK_URL', 'http://mydomain.com/discord_callback')
-DISCORD_SYNC_NAMES = 'True' == os.environ.get('AA_DISCORD_SYNC_NAMES', 'False')
-
-######################################
-# Discourse Configuration
-######################################
-# DISCOURSE_URL - Web address of the forums (no trailing slash)
-# DISCOURSE_API_USERNAME - API account username
-# DISCOURSE_API_KEY - API Key
-# DISCOURSE_SSO_SECRET - SSO secret key
-######################################
-DISCOURSE_URL = os.environ.get('AA_DISCOURSE_URL', '')
-DISCOURSE_API_USERNAME = os.environ.get('AA_DISCOURSE_API_USERNAME', '')
-DISCOURSE_API_KEY = os.environ.get('AA_DISCOURSE_API_KEY', '')
-DISCOURSE_SSO_SECRET = os.environ.get('AA_DISCOURSE_SSO_SECRET', '')
-
-#####################################
-# IPS4 Configuration
-#####################################
-# IPS4_URL - base url of the IPS4 install (no trailing slash)
-# IPS4_API_KEY - API key provided by IPS4
-#####################################
-IPS4_URL = os.environ.get('AA_IPS4_URL', 'http://yourdomain.com/ips4')
-IPS4_API_KEY = os.environ.get('AA_IPS4_API_KEY', '')
-IPS4_DB = {
-    'ENGINE': 'django.db.backends.mysql',
-    'NAME': 'alliance_ips4',
-    'USER': os.environ.get('AA_DB_IPS4_USER', 'allianceserver'),
-    'PASSWORD': os.environ.get('AA_DB_IPS4_PASSWORD', 'password'),
-    'HOST': os.environ.get('AA_DB_IPS4_HOST', '127.0.0.1'),
-    'PORT': os.environ.get('AA_DB_IPS4_PORT', '3306'),
-}
-
-
-######################################
-# SMF Configuration
-######################################
-SMF_URL = os.environ.get('AA_SMF_URL', '')
-SMF_DB = {
-    'ENGINE': 'django.db.backends.mysql',
-    'NAME': 'alliance_smf',
-    'USER': os.environ.get('AA_DB_SMF_USER', 'allianceserver'),
-    'PASSWORD': os.environ.get('AA_DB_SMF_PASSWORD', 'password'),
-    'HOST': os.environ.get('AA_DB_SMF_HOST', '127.0.0.1'),
-    'PORT': os.environ.get('AA_DB_SMF_PORT', '3306'),
-}
-
-######################################
-# Fleet-Up Configuration
-######################################
-# FLEETUP_APP_KEY - The app key from http://fleet-up.com/Api/MyApps
-# FLEETUP_USER_ID - The user id from http://fleet-up.com/Api/MyKeys
-# FLEETUP_API_ID - The API id from http://fleet-up.com/Api/MyKeys
-# FLEETUP_GROUP_ID - The id of the group you want to pull data from, see http://fleet-up.com/Api/Endpoints#groups_mygroupmemberships
-######################################
-FLEETUP_APP_KEY = os.environ.get('AA_FLEETUP_APP_KEY', '')
-FLEETUP_USER_ID = os.environ.get('AA_FLEETUP_USER_ID', '')
-FLEETUP_API_ID = os.environ.get('AA_FLEETUP_API_ID', '')
-FLEETUP_GROUP_ID = os.environ.get('AA_FLEETUP_GROUP_ID', '')
-
-#####################################
-# Logging Configuration
-#####################################
-# Set log_file and console level to desired state:
-# DEBUG - basically stack trace, explains every step
-# INFO - model creation, deletion, updates, etc
-# WARN - unexpected function outcomes that do not impact user
-# ERROR - unexcpeted function outcomes which prevent user from achieving desired outcome
-# EXCEPTION - something critical went wrong, unhandled
-#####################################
-# Recommended level for log_file is INFO, console is DEBUG
-# Change log level of individual apps below to narrow your debugging
-#####################################
-LOGGING = {
-    'version': 1,
-    'disable_existing_loggers': False,
-    'formatters': {
-        'verbose': {
-            'format' : "[%(asctime)s] %(levelname)s [%(name)s:%(lineno)s] %(message)s",
-            'datefmt' : "%d/%b/%Y %H:%M:%S"
-        },
-        'simple': {
-            'format': '%(levelname)s %(message)s'
-        },
-    },
-    'handlers': {
-        'log_file': {
-            'level': 'INFO',         # edit this line to change logging level to file
-            'class': 'logging.handlers.RotatingFileHandler',
-            'filename': os.path.join(BASE_DIR,'log/allianceauth.log'),
-            'formatter': 'verbose',
-            'maxBytes': 1024*1024*5, # edit this line to change max log file size
-            'backupCount': 5,        # edit this line to change number of log backups
-        },
-        'console': {
-            'level': 'DEBUG',        # edit this line to change logging level to console
-            'class': 'logging.StreamHandler',
-            'formatter': 'verbose',
-        },
-        'notifications': {           # creates notifications for users with logging_notifications permission
-            'level': 'ERROR',        # edit this line to change logging level to notifications
-            'class': 'notifications.handlers.NotificationHandler',
-            'formatter': 'verbose',
-        },
-    },
-    'loggers': {
-        'authentication': {
-            'handlers': ['log_file', 'console', 'notifications'],
-            'level': 'DEBUG',
-        },
-        'celerytask': {
-            'handlers': ['log_file', 'console', 'notifications'],
-            'level': 'DEBUG',
-        },
-        'eveonline': {
-            'handlers': ['log_file', 'console', 'notifications'],
-            'level': 'DEBUG',
-        },
-        'groupmanagement': {
-            'handlers': ['log_file', 'console', 'notifications'],
-            'level': 'DEBUG',
-        },
-        'hrapplications': {
-            'handlers': ['log_file', 'console', 'notifications'],
-            'level': 'DEBUG',
-        },
-        'portal': {
-            'handlers': ['log_file', 'console', 'notifications'],
-            'level': 'DEBUG',
-        },
-        'registration': {
-            'handlers': ['log_file', 'console', 'notifications'],
-            'level': 'DEBUG',
-        },
-        'services': {
-            'handlers': ['log_file', 'console', 'notifications'],
-            'level': 'DEBUG',
-        },
-        'srp': {
-            'handlers': ['log_file', 'console', 'notifications'],
-            'level': 'DEBUG',
-        },
-        'timerboard': {
-            'handlers': ['log_file', 'console', 'notifications'],
-            'level': 'DEBUG',
-        },
-        'sigtracker': {
-            'handlers': ['log_file', 'console', 'notifications'],
-            'level': 'DEBUG',
-        },
-        'optimer': {
-            'handlers': ['log_file', 'console', 'notifications'],
-            'level': 'DEBUG',
-        },
-        'corputils': {
-            'handlers': ['log_file', 'console', 'notifications'],
-            'level': 'DEBUG',
-        },
-        'fleetactivitytracking': {
-            'handlers': ['log_file', 'console', 'notifications'],
-            'level': 'ERROR',
-        },
-        'util': {
-            'handlers': ['log_file', 'console', 'notifications'],
-            'level': 'DEBUG',
-        },
-        'django': {
-            'handlers': ['log_file', 'console', 'notifications'],
-            'level': 'ERROR',
-        },
-    }
-}
-
-# Conditionally add databases only if configured
-if ENABLE_AUTH_FORUM or ENABLE_BLUE_FORUM:
-    DATABASES['phpbb3'] = PHPBB3_DB
-if ENABLE_AUTH_SMF or ENABLE_BLUE_SMF:
-    DATABASES['smf'] = SMF_DB
-if ENABLE_AUTH_MARKET or ENABLE_BLUE_MARKET:
-    DATABASES['market'] = MARKET_DB
-if ENABLE_AUTH_IPS4 or ENABLE_BLUE_IPS4:
-    DATABASES['ips4'] = IPS4_DB
-
-# Ensure corp/alliance IDs are expected types
-STR_CORP_IDS = [str(id) for id in CORP_IDS]
-STR_ALLIANCE_IDS = [str(id) for id in ALLIANCE_IDS]

alliance_auth/urls.py

@@ -1,299 +0,0 @@
-from django.conf.urls import include, url
-
-from django.conf.urls.i18n import i18n_patterns
-from django.utils.translation import ugettext_lazy as _
-from django.contrib import admin
-import django.contrib.auth.views
-import authentication.views
-import eveonline.views
-import services.views
-import groupmanagement.views
-import optimer.views
-import timerboard.views
-import fleetactivitytracking.views
-import fleetup.views
-import srp.views
-import notifications.views
-import hrapplications.views
-import corputils.urls
-import esi.urls
-from alliance_auth import NAME
-
-admin.site.site_header = NAME
-
-# Functional/Untranslated URL's
-urlpatterns = [
-    # Locale
-    url(r'^i18n/', include('django.conf.urls.i18n')),
-
-    # Admin urls
-    url(r'^admin/', include(admin.site.urls)),
-
-    # SSO
-    url(r'^sso/', include(esi.urls, namespace='esi')),
-    url(r'^sso/login$', authentication.views.sso_login, name='auth_sso_login'),
-
-    # Corputils
-    url(r'^corpstats/', include(corputils.urls, namespace='corputils')),
-
-    # Index
-    url(_(r'^$'), authentication.views.index_view, name='auth_index'),
-
-    # Authentication
-    url(r'^logout_user/', authentication.views.logout_user, name='auth_logout_user'),
-
-    # Eve Online
-    url(r'^main_character_change/(\w+)/$', eveonline.views.main_character_change,
-        name='auth_main_character_change'),
-    url(r'^api_verify_owner/(\w+)/$', eveonline.views.api_sso_validate, name='auth_api_sso'),
-
-    # Forum Service Control
-    url(r'^activate_forum/$', services.views.activate_forum, name='auth_activate_forum'),
-    url(r'^deactivate_forum/$', services.views.deactivate_forum, name='auth_deactivate_forum'),
-    url(r'^reset_forum_password/$', services.views.reset_forum_password,
-        name='auth_reset_forum_password'),
-    url(r'^set_forum_password/$', services.views.set_forum_password, name='auth_set_forum_password'),
-
-    # Jabber Service Control
-    url(r'^activate_jabber/$', services.views.activate_jabber, name='auth_activate_jabber'),
-    url(r'^deactivate_jabber/$', services.views.deactivate_jabber, name='auth_deactivate_jabber'),
-    url(r'^reset_jabber_password/$', services.views.reset_jabber_password,
-        name='auth_reset_jabber_password'),
-
-    # Mumble service control
-    url(r'^activate_mumble/$', services.views.activate_mumble, name='auth_activate_mumble'),
-    url(r'^deactivate_mumble/$', services.views.deactivate_mumble, name='auth_deactivate_mumble'),
-    url(r'^reset_mumble_password/$', services.views.reset_mumble_password,
-        name='auth_reset_mumble_password'),
-    url(r'^set_mumble_password/$', services.views.set_mumble_password, name='auth_set_mumble_password'),
-
-    # Ipboard service control
-    url(r'^activate_ipboard/$', services.views.activate_ipboard_forum,
-        name='auth_activate_ipboard'),
-    url(r'^deactivate_ipboard/$', services.views.deactivate_ipboard_forum,
-        name='auth_deactivate_ipboard'),
-    url(r'^reset_ipboard_password/$', services.views.reset_ipboard_password,
-        name='auth_reset_ipboard_password'),
-    url(r'^set_ipboard_password/$', services.views.set_ipboard_password, name='auth_set_ipboard_password'),
-
-    # XenForo service control
-    url(r'^activate_xenforo/$', services.views.activate_xenforo_forum,
-        name='auth_activate_xenforo'),
-    url(r'^deactivate_xenforo/$', services.views.deactivate_xenforo_forum,
-        name='auth_deactivate_xenforo'),
-    url(r'^reset_xenforo_password/$', services.views.reset_xenforo_password,
-        name='auth_reset_xenforo_password'),
-    url(r'^set_xenforo_password/$', services.views.set_xenforo_password, name='auth_set_xenforo_password'),
-
-    # Teamspeak3 service control
-    url(r'^activate_teamspeak3/$', services.views.activate_teamspeak3,
-        name='auth_activate_teamspeak3'),
-    url(r'^deactivate_teamspeak3/$', services.views.deactivate_teamspeak3,
-        name='auth_deactivate_teamspeak3'),
-    url(r'reset_teamspeak3_perm/$', services.views.reset_teamspeak3_perm,
-        name='auth_reset_teamspeak3_perm'),
-
-    # Discord Service Control
-    url(r'^activate_discord/$', services.views.activate_discord, name='auth_activate_discord'),
-    url(r'^deactivate_discord/$', services.views.deactivate_discord, name='auth_deactivate_discord'),
-    url(r'^reset_discord/$', services.views.reset_discord, name='auth_reset_discord'),
-    url(r'^discord_callback/$', services.views.discord_callback, name='auth_discord_callback'),
-    url(r'^discord_add_bot/$', services.views.discord_add_bot, name='auth_discord_add_bot'),
-
-    # Discourse Service Control
-    url(r'^discourse_sso$', services.views.discourse_sso, name='auth_discourse_sso'),
-
-    # IPS4 Service Control
-    url(r'^activate_ips4/$', services.views.activate_ips4,
-        name='auth_activate_ips4'),
-    url(r'^deactivate_ips4/$', services.views.deactivate_ips4,
-        name='auth_deactivate_ips4'),
-    url(r'^reset_ips4_password/$', services.views.reset_ips4_password,
-        name='auth_reset_ips4_password'),
-    url(r'^set_ips4_password/$', services.views.set_ips4_password, name='auth_set_ips4_password'),
-
-    # SMF Service Control
-    url(r'^activate_smf/$', services.views.activate_smf, name='auth_activate_smf'),
-    url(r'^deactivate_smf/$', services.views.deactivate_smf, name='auth_deactivate_smf'),
-    url(r'^reset_smf_password/$', services.views.reset_smf_password,
-        name='auth_reset_smf_password'),
-    url(r'^set_smf_password/$', services.views.set_smf_password, name='auth_set_smf_password'),
-
-    # Alliance Market Control
-    url(r'^activate_market/$', services.views.activate_market, name='auth_activate_market'),
-    url(r'^deactivate_market/$', services.views.deactivate_market, name='auth_deactivate_market'),
-    url(r'^reset_market_password/$', services.views.reset_market_password,
-        name='auth_reset_market_password'),
-    url(r'^set_market_password/$', services.views.set_market_password, name='auth_set_market_password'),
-
-    # SRP URLS
-    url(r'^srp_fleet_remove/(\w+)$', srp.views.srp_fleet_remove, name='auth_srp_fleet_remove'),
-    url(r'^srp_fleet_disable/(\w+)$', srp.views.srp_fleet_disable, name='auth_srp_fleet_disable'),
-    url(r'^srp_fleet_enable/(\w+)$', srp.views.srp_fleet_enable, name='auth_srp_fleet_enable'),
-    url(r'^srp_fleet_mark_completed/(\w+)', srp.views.srp_fleet_mark_completed,
-        name='auth_srp_fleet_mark_completed'),
-    url(r'^srp_fleet_mark_uncompleted/(\w+)', srp.views.srp_fleet_mark_uncompleted,
-        name='auth_srp_fleet_mark_uncompleted'),
-    url(r'^srp_request_remove/(\w+)', srp.views.srp_request_remove,
-        name="auth_srp_request_remove"),
-    url(r'srp_request_approve/(\w+)', srp.views.srp_request_approve,
-        name='auth_srp_request_approve'),
-    url(r'srp_request_reject/(\w+)', srp.views.srp_request_reject, name='auth_srp_request_reject'),
-
-    # Notifications
-    url(r'^remove_notifications/(\w+)/$', notifications.views.remove_notification, name='auth_remove_notification'),
-    url(r'^notifications/mark_all_read/$', notifications.views.mark_all_read, name='auth_mark_all_notifications_read'),
-    url(r'^notifications/delete_all_read/$', notifications.views.delete_all_read,
-        name='auth_delete_all_read_notifications'),
-]
-
-# User viewed/translated URLS
-urlpatterns += i18n_patterns(
-
-    # Fleetup
-    url(r'^fleetup/$', fleetup.views.fleetup_view, name='auth_fleetup_view'),
-    url(r'^fleetup/fittings/$', fleetup.views.fleetup_fittings, name='auth_fleetup_fittings'),
-    url(r'^fleetup/fittings/(?P<fittingnumber>[0-9]+)/$', fleetup.views.fleetup_fitting, name='auth_fleetup_fitting'),
-    url(r'^fleetup/doctrines/$', fleetup.views.fleetup_doctrines, name='auth_fleetup_doctrines'),
-    url(r'^fleetup/characters/$', fleetup.views.fleetup_characters, name='auth_fleetup_characters'),
-    url(r'^fleetup/doctrines/(?P<doctrinenumber>[0-9]+)/$', fleetup.views.fleetup_doctrine, name='auth_fleetup_doctrine'),
-
-    # Authentication
-    url(_(r'^login_user/'), authentication.views.login_user, name='auth_login_user'),
-    url(_(r'^register_user/'), authentication.views.register_user_view, name='auth_register_user'),
-
-    url(_(r'^user/password/$'), django.contrib.auth.views.password_change, name='password_change'),
-    url(_(r'^user/password/done/$'), django.contrib.auth.views.password_change_done,
-        name='password_change_done'),
-    url(_(r'^user/password/reset/$'), django.contrib.auth.views.password_reset,
-        name='password_reset'),
-    url(_(r'^user/password/password/reset/done/$'), django.contrib.auth.views.password_reset_done,
-        name='password_reset_done'),
-    url(_(r'^user/password/reset/complete/$'), django.contrib.auth.views.password_reset_complete,
-        name='password_reset_complete'),
-    url(_(r'^user/password/reset/confirm/(?P<uidb64>[0-9A-Za-z_\-]+)/(?P<token>.+)/$'),
-        django.contrib.auth.views.password_reset_confirm, name='password_reset_confirm'),
-
-    # Portal Urls
-    url(_(r'^dashboard/$'), eveonline.views.dashboard_view, name='auth_dashboard'),
-    url(_(r'^help/$'), authentication.views.help_view, name='auth_help'),
-
-    # Eveonline Urls
-    url(_(r'^add_api_key/'), eveonline.views.add_api_key, name='auth_add_api_key'),
-    url(_(r'^refresh_api_pair/([0-9]+)/$'), eveonline.views.user_refresh_api, name='auth_user_refresh_api'),
-    url(_(r'^delete_api_pair/(\w+)/$'), eveonline.views.api_key_removal, name='auth_api_key_removal'),
-    url(_(r'^characters/'), eveonline.views.characters_view, name='auth_characters'),
-
-    # Group management
-    url(_(r'^groups/'), groupmanagement.views.groups_view, name='auth_groups'),
-    url(_(r'^group/management/'), groupmanagement.views.group_management,
-        name='auth_group_management'),
-    url(_(r'^group/membership/$'), groupmanagement.views.group_membership,
-        name='auth_group_membership'),
-    url(_(r'^group/membership/(\w+)/$'), groupmanagement.views.group_membership_list,
-        name='auth_group_membership_list'),
-    url(_(r'^group/membership/(\w+)/remove/(\w+)/$'), groupmanagement.views.group_membership_remove,
-        name='auth_group_membership_remove'),
-    url(_(r'^group/request_add/(\w+)'), groupmanagement.views.group_request_add,
-        name='auth_group_request_add'),
-    url(_(r'^group/request/accept/(\w+)'), groupmanagement.views.group_accept_request,
-        name='auth_group_accept_request'),
-    url(_(r'^group/request/reject/(\w+)'), groupmanagement.views.group_reject_request,
-        name='auth_group_reject_request'),
-
-    url(_(r'^group/request_leave/(\w+)'), groupmanagement.views.group_request_leave,
-        name='auth_group_request_leave'),
-    url(_(r'group/leave_request/accept/(\w+)'), groupmanagement.views.group_leave_accept_request,
-        name='auth_group_leave_accept_request'),
-    url(_(r'^group/leave_request/reject/(\w+)'), groupmanagement.views.group_leave_reject_request,
-        name='auth_group_leave_reject_request'),
-
-    # HR Application Management
-    url(_(r'^hr_application_management/'), hrapplications.views.hr_application_management_view,
-        name="auth_hrapplications_view"),
-    url(_(r'^hr_application_create/$'), hrapplications.views.hr_application_create_view,
-        name="auth_hrapplication_create_view"),
-    url(_(r'^hr_application_create/(\d+)'), hrapplications.views.hr_application_create_view,
-        name="auth_hrapplication_create_view"),
-    url(_(r'^hr_application_remove/(\w+)'), hrapplications.views.hr_application_remove,
-        name="auth_hrapplication_remove"),
-    url(_(r'hr_application_view/(\w+)'), hrapplications.views.hr_application_view,
-        name="auth_hrapplication_view"),
-    url(_(r'hr_application_personal_view/(\w+)'), hrapplications.views.hr_application_personal_view,
-        name="auth_hrapplication_personal_view"),
-    url(_(r'hr_application_personal_removal/(\w+)'),
-        hrapplications.views.hr_application_personal_removal,
-        name="auth_hrapplication_personal_removal"),
-    url(_(r'hr_application_approve/(\w+)'), hrapplications.views.hr_application_approve,
-        name="auth_hrapplication_approve"),
-    url(_(r'hr_application_reject/(\w+)'), hrapplications.views.hr_application_reject,
-        name="auth_hrapplication_reject"),
-    url(_(r'hr_application_search/'), hrapplications.views.hr_application_search,
-        name="auth_hrapplication_search"),
-    url(_(r'hr_mark_in_progress/(\w+)'), hrapplications.views.hr_application_mark_in_progress,
-        name="auth_hrapplication_mark_in_progress"),
-
-    # Fleet Operations Timers
-    url(_(r'^optimer/$'), optimer.views.optimer_view, name='auth_optimer_view'),
-    url(_(r'^add_optimer/$'), optimer.views.add_optimer_view, name='auth_add_optimer_view'),
-    url(_(r'^remove_optimer/(\w+)'), optimer.views.remove_optimer, name='auth_remove_optimer'),
-    url(_(r'^edit_optimer/(\w+)$'), optimer.views.edit_optimer, name='auth_edit_optimer'),
-
-    # Service Urls
-    url(_(r'^services/$'), services.views.services_view, name='auth_services'),
-    url(_(r'^services/jabber_broadcast/$'), services.views.jabber_broadcast_view,
-        name='auth_jabber_broadcast_view'),
-
-    # Teamspeak Urls
-    url(r'verify_teamspeak3/$', services.views.verify_teamspeak3, name='auth_verify_teamspeak3'),
-
-    # Timer URLS
-    url(_(r'^timers/$'), timerboard.views.timer_view, name='auth_timer_view'),
-    url(_(r'^add_timer/$'), timerboard.views.add_timer_view, name='auth_add_timer_view'),
-    url(_(r'^remove_timer/(\w+)'), timerboard.views.remove_timer, name='auth_remove_timer'),
-    url(_(r'^edit_timer/(\w+)$'), timerboard.views.edit_timer, name='auth_edit_timer'),
-
-    # SRP URLS
-    url(_(r'^srp/$'), srp.views.srp_management, name='auth_srp_management_view'),
-    url(_(r'^srp_all/$'), srp.views.srp_management_all, name='auth_srp_management_all_view'),
-    url(_(r'^srp_fleet_view/(\w+)$'), srp.views.srp_fleet_view, name='auth_srp_fleet_view'),
-    url(_(r'^srp_fleet_add_view/$'), srp.views.srp_fleet_add_view, name='auth_srp_fleet_add_view'),
-    url(_(r'^srp_fleet_edit/(\w+)$'), srp.views.srp_fleet_edit_view, name='auth_srp_fleet_edit_view'),
-    url(_(r'^srp_request/(\w+)'), srp.views.srp_request_view, name='auth_srp_request_view'),
-    url(_(r'srp_request_amount_update/(\w+)'), srp.views.srp_request_update_amount_view,
-        name="auth_srp_request_update_amount_view"),
-
-    # Tools
-    url(_(r'^tool/fleet_formatter_tool/$'), services.views.fleet_formatter_view,
-        name='auth_fleet_format_tool_view'),
-
-    # Notifications
-    url(_(r'^notifications/$'), notifications.views.notification_list, name='auth_notification_list'),
-    url(_(r'^notifications/(\w+)/$'), notifications.views.notification_view, name='auth_notification_view'),
-
-    # Jabber
-    url(_(r'^set_jabber_password/$'), services.views.set_jabber_password, name='auth_set_jabber_password'),
-
-    # FleetActivityTracking (FAT)
-    url(r'^fat/$', fleetactivitytracking.views.fatlink_view, name='auth_fatlink_view'),
-    url(r'^fat/statistics/$', fleetactivitytracking.views.fatlink_statistics_view, name='auth_fatlink_view_statistics'),
-    url(r'^fat/statistics/(?P<year>[0-9]+)/(?P<month>[0-9]+)/$', fleetactivitytracking.views.fatlink_statistics_view,
-        name='auth_fatlink_view_statistics_month'),
-    url(r'^fat/user/statistics/$', fleetactivitytracking.views.fatlink_personal_statistics_view,
-        name='auth_fatlink_view_personal_statistics'),
-    url(r'^fat/user/statistics/(?P<year>[0-9]+)/$', fleetactivitytracking.views.fatlink_personal_statistics_view,
-        name='auth_fatlink_view_personal_statistics_year'),
-    url(r'^fat/user/statistics/(?P<year>[0-9]+)/(?P<month>[0-9]+)/$',
-        fleetactivitytracking.views.fatlink_monthly_personal_statistics_view,
-        name='auth_fatlink_view_personal_statistics_month'),
-    url(r'^fat/user/(?P<char_id>[0-9]+)/statistics/(?P<year>[0-9]+)/(?P<month>[0-9]+)/$',
-        fleetactivitytracking.views.fatlink_monthly_personal_statistics_view,
-        name='auth_fatlink_view_user_statistics_month'),
-    url(r'^fat/create/$', fleetactivitytracking.views.create_fatlink_view, name='auth_create_fatlink_view'),
-    url(r'^fat/modify/$', fleetactivitytracking.views.modify_fatlink_view, name='auth_modify_fatlink_view'),
-    url(r'^fat/modify/(?P<hash>[a-zA-Z0-9_-]+)/([a-z0-9_-]+)$',
-        fleetactivitytracking.views.modify_fatlink_view),
-    url(r'^fat/link/$', fleetactivitytracking.views.fatlink_view, name='auth_click_fatlink_view'),
-    url(r'^fat/link/(?P<hash>[a-zA-Z0-9]+)/(?P<fatname>[a-z0-9_-]+)/$',
-        fleetactivitytracking.views.click_fatlink_view),
-)

alliance_auth/wsgi.py

@@ -1,20 +0,0 @@
-"""
-WSGI config for alliance_auth project.
-
-It exposes the WSGI callable as a module-level variable named ``application``.
-
-For more information on this file, see
-https://docs.djangoproject.com/en/1.6/howto/deployment/wsgi/
-"""
-
-import os
-from django.core.wsgi import get_wsgi_application
-
-os.environ.setdefault("DJANGO_SETTINGS_MODULE", "alliance_auth.settings")
-
-# virtualenv wrapper, uncomment below to activate
-# activate_env=os.path.join(os.path.dirname(os.path.abspath(__file__)), 'env/bin/activate_this.py')
-# execfile(activate_env, dict(__file__=activate_env))
-
-
-application = get_wsgi_application()

allianceauth/__init__.py

@@ -0,0 +1,11 @@
+"""An auth system for EVE Online to help in-game organizations
+manage online service access.
+"""
+
+# This will make sure the app is always imported when
+# Django starts so that shared_task will use this app.
+
+__version__ = '4.8.0'
+__title__ = 'Alliance Auth'
+__url__ = 'https://gitlab.com/allianceauth/allianceauth'
+NAME = f'{__title__} v{__version__}'

allianceauth/analytics/admin.py

@@ -0,0 +1,16 @@
+from django.contrib import admin
+
+from .models import AnalyticsIdentifier, AnalyticsTokens
+from solo.admin import SingletonModelAdmin
+
+
+@admin.register(AnalyticsIdentifier)
+class AnalyticsIdentifierAdmin(SingletonModelAdmin):
+    search_fields = ['identifier', ]
+    list_display = ['identifier', ]
+
+
+@admin.register(AnalyticsTokens)
+class AnalyticsTokensAdmin(admin.ModelAdmin):
+    search_fields = ['name', ]
+    list_display = ['name', 'type', ]

allianceauth/analytics/apps.py

@@ -0,0 +1,8 @@
+from django.apps import AppConfig
+from django.utils.translation import gettext_lazy as _
+
+
+class AnalyticsConfig(AppConfig):
+    name = 'allianceauth.analytics'
+    label = 'analytics'
+    verbose_name = _('Analytics')

allianceauth/analytics/fixtures/disable_analytics.json

@@ -0,0 +1,20 @@
+[
+    {
+    "model": "analytics.AnalyticsTokens",
+    "pk": 1,
+    "fields": {
+        "name": "AA Team Public Google Analytics (V4)",
+        "type": "GA-V4",
+        "token": "G-6LYSMYK8DE",
+        "secret": "KLlpjLZ-SRGozS5f5wb_kw",
+        "send_stats": "False"
+        }
+    },
+    {
+        "model": "analytics.AnalyticsIdentifier",
+        "pk": 1,
+        "fields": {
+            "identifier": "ab33e241fbf042b6aa77c7655a768af7"
+        }
+    }
+]

allianceauth/analytics/migrations/0001_initial.py

@@ -0,0 +1,42 @@
+# Generated by Django 3.1.4 on 2020-12-30 13:11
+
+from django.db import migrations, models
+import uuid
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='AnalyticsIdentifier',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('identifier', models.UUIDField(default=uuid.uuid4, editable=False)),
+            ],
+        ),
+        migrations.CreateModel(
+            name='AnalyticsPath',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('ignore_path', models.CharField(default='/example/', max_length=254)),
+            ],
+        ),
+        migrations.CreateModel(
+            name='AnalyticsTokens',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=254)),
+                ('type', models.CharField(choices=[('GA-U', 'Google Analytics Universal'), ('GA-V4', 'Google Analytics V4')], max_length=254)),
+                ('token', models.CharField(max_length=254)),
+                ('send_page_views', models.BooleanField(default=False)),
+                ('send_celery_tasks', models.BooleanField(default=False)),
+                ('send_stats', models.BooleanField(default=False)),
+                ('ignore_paths', models.ManyToManyField(blank=True, to='analytics.AnalyticsPath')),
+            ],
+        ),
+    ]

allianceauth/analytics/migrations/0002_add_AA_Team_Token.py

@@ -0,0 +1,34 @@
+# Generated by Django 3.1.4 on 2020-12-30 08:53
+
+from django.db import migrations
+
+
+def add_aa_team_token(apps, schema_editor):
+    # We can't import the Person model directly as it may be a newer
+    # version than this migration expects. We use the historical version.
+    Tokens = apps.get_model('analytics', 'AnalyticsTokens')
+    token = Tokens()
+    token.type = 'GA-U'
+    token.token = 'UA-186249766-2'
+    token.send_page_views = True
+    token.send_celery_tasks = True
+    token.send_stats = True
+    token.name = 'AA Team Public Google Analytics (Universal)'
+    token.save()
+
+
+def remove_aa_team_token(apps, schema_editor):
+    # Have to define some code to remove this identifier
+    # In case of migration rollback?
+    Tokens = apps.get_model('analytics', 'AnalyticsTokens')
+    token = Tokens.objects.filter(token="UA-186249766-2").delete()
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('analytics', '0001_initial'),
+        ]
+
+    operations = [migrations.RunPython(add_aa_team_token, remove_aa_team_token)
+                    ]

allianceauth/analytics/migrations/0003_Generate_Identifier.py

@@ -0,0 +1,30 @@
+# Generated by Django 3.1.4 on 2020-12-30 08:53
+
+from uuid import uuid4
+from django.db import migrations
+
+
+def generate_identifier(apps, schema_editor):
+    # We can't import the Person model directly as it may be a newer
+    # version than this migration expects. We use the historical version.
+    Identifier = apps.get_model('analytics', 'AnalyticsIdentifier')
+    identifier = Identifier()
+    identifier.id = 1
+    identifier.save()
+
+
+def zero_identifier(apps, schema_editor):
+    # Have to define some code to remove this identifier
+    # In case of migration rollback?
+    Identifier = apps.get_model('analytics', 'AnalyticsIdentifier')
+    Identifier.objects.filter(id=1).delete()
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('analytics', '0002_add_AA_Team_Token'),
+    ]
+
+    operations = [migrations.RunPython(generate_identifier, zero_identifier)
+                    ]

allianceauth/analytics/migrations/0004_auto_20211015_0502.py

@@ -0,0 +1,42 @@
+# Generated by Django 3.1.13 on 2021-10-15 05:02
+
+from django.core.exceptions import ObjectDoesNotExist
+from django.db import migrations
+
+
+def modify_aa_team_token_add_page_ignore_paths(apps, schema_editor):
+    # Add /admin/ and /user_notifications_count/ path to ignore
+
+    AnalyticsPath = apps.get_model('analytics', 'AnalyticsPath')
+    admin = AnalyticsPath.objects.create(ignore_path=r"^\/admin\/.*")
+    user_notifications_count = AnalyticsPath.objects.create(ignore_path=r"^\/user_notifications_count\/.*")
+
+    Tokens = apps.get_model('analytics', 'AnalyticsTokens')
+    token = Tokens.objects.get(token="UA-186249766-2")
+    token.ignore_paths.add(admin, user_notifications_count)
+
+
+def undo_modify_aa_team_token_add_page_ignore_paths(apps, schema_editor):
+    #
+    AnalyticsPath = apps.get_model('analytics', 'AnalyticsPath')
+    Tokens = apps.get_model('analytics', 'AnalyticsTokens')
+
+    token = Tokens.objects.get(token="UA-186249766-2")
+    try:
+        admin = AnalyticsPath.objects.get(ignore_path=r"^\/admin\/.*", analyticstokens=token)
+        user_notifications_count = AnalyticsPath.objects.get(ignore_path=r"^\/user_notifications_count\/.*", analyticstokens=token)
+        admin.delete()
+        user_notifications_count.delete()
+    except ObjectDoesNotExist:
+        # Its fine if it doesnt exist, we just dont want them building up when re-migrating
+        pass
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('analytics', '0003_Generate_Identifier'),
+    ]
+
+    operations = [migrations.RunPython(modify_aa_team_token_add_page_ignore_paths, undo_modify_aa_team_token_add_page_ignore_paths)
+    ]

allianceauth/analytics/migrations/0005_alter_analyticspath_ignore_path.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2.8 on 2021-10-17 16:26
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('analytics', '0004_auto_20211015_0502'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='analyticspath',
+            name='ignore_path',
+            field=models.CharField(default='/example/', help_text='Regex Expression, If matched no Analytics Page View is sent', max_length=254),
+        ),
+    ]

allianceauth/analytics/migrations/0006_more_ignore_paths.py

@@ -0,0 +1,40 @@
+# Generated by Django 3.2.8 on 2021-10-19 01:47
+
+from django.core.exceptions import ObjectDoesNotExist
+from django.db import migrations
+
+
+def modify_aa_team_token_add_page_ignore_paths(apps, schema_editor):
+    # Add the /account/activate path to ignore
+
+    AnalyticsPath = apps.get_model('analytics', 'AnalyticsPath')
+    account_activate = AnalyticsPath.objects.create(ignore_path=r"^\/account\/activate\/.*")
+
+    Tokens = apps.get_model('analytics', 'AnalyticsTokens')
+    token = Tokens.objects.get(token="UA-186249766-2")
+    token.ignore_paths.add(account_activate)
+
+
+def undo_modify_aa_team_token_add_page_ignore_paths(apps, schema_editor):
+    #
+    AnalyticsPath = apps.get_model('analytics', 'AnalyticsPath')
+    Tokens = apps.get_model('analytics', 'AnalyticsTokens')
+
+    token = Tokens.objects.get(token="UA-186249766-2")
+
+    try:
+        account_activate = AnalyticsPath.objects.get(ignore_path=r"^\/account\/activate\/.*", analyticstokens=token)
+        account_activate.delete()
+    except ObjectDoesNotExist:
+        # Its fine if it doesnt exist, we just dont want them building up when re-migrating
+        pass
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('analytics', '0005_alter_analyticspath_ignore_path'),
+    ]
+
+    operations = [
+        migrations.RunPython(modify_aa_team_token_add_page_ignore_paths, undo_modify_aa_team_token_add_page_ignore_paths)
+    ]

allianceauth/analytics/migrations/0007_analyticstokens_secret.py

@@ -0,0 +1,18 @@
+# Generated by Django 4.0.6 on 2022-08-30 05:47
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('analytics', '0006_more_ignore_paths'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='analyticstokens',
+            name='secret',
+            field=models.CharField(blank=True, max_length=254),
+        ),
+    ]

allianceauth/analytics/migrations/0008_add_AA_GA-4_Team_Token .py

@@ -0,0 +1,64 @@
+# Generated by Django 3.1.4 on 2020-12-30 08:53
+
+from django.db import migrations
+from django.core.exceptions import ObjectDoesNotExist
+
+
+def add_aa_team_token(apps, schema_editor):
+    # We can't import the Person model directly as it may be a newer
+    # version than this migration expects. We use the historical version.
+    Tokens = apps.get_model('analytics', 'AnalyticsTokens')
+    AnalyticsPath = apps.get_model('analytics', 'AnalyticsPath')
+    token = Tokens()
+    try:
+        ua_token = Tokens.objects.get(token="UA-186249766-2")
+        original_send_page_views = ua_token.send_page_views
+        original_send_celery_tasks = ua_token.send_celery_tasks
+        original_send_stats = ua_token.send_stats
+    except ObjectDoesNotExist:
+        original_send_page_views = True
+        original_send_celery_tasks = True
+        original_send_stats = True
+
+    try:
+        user_notifications_count = AnalyticsPath.objects.get(ignore_path=r"^\/user_notifications_count\/.*",)
+    except ObjectDoesNotExist:
+        user_notifications_count = AnalyticsPath.objects.create(ignore_path=r"^\/user_notifications_count\/.*")
+
+    try:
+        admin = AnalyticsPath.objects.get(ignore_path=r"^\/admin\/.*")
+    except ObjectDoesNotExist:
+        admin = AnalyticsPath.objects.create(ignore_path=r"^\/admin\/.*")
+
+    try:
+        account_activate = AnalyticsPath.objects.get(ignore_path=r"^\/account\/activate\/.*")
+    except ObjectDoesNotExist:
+        account_activate = AnalyticsPath.objects.create(ignore_path=r"^\/account\/activate\/.*")
+
+    token.type = 'GA-V4'
+    token.token = 'G-6LYSMYK8DE'
+    token.secret = 'KLlpjLZ-SRGozS5f5wb_kw'
+    token.send_page_views = original_send_page_views
+    token.send_celery_tasks = original_send_celery_tasks
+    token.send_stats = original_send_stats
+    token.name = 'AA Team Public Google Analytics (V4)'
+    token.save()
+    token.ignore_paths.add(admin, user_notifications_count, account_activate)
+    token.save()
+
+
+def remove_aa_team_token(apps, schema_editor):
+    # Have to define some code to remove this identifier
+    # In case of migration rollback?
+    Tokens = apps.get_model('analytics', 'AnalyticsTokens')
+    token = Tokens.objects.filter(token="G-6LYSMYK8DE").delete()
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('analytics', '0007_analyticstokens_secret'),
+    ]
+
+    operations = [migrations.RunPython(
+        add_aa_team_token, remove_aa_team_token)]

allianceauth/analytics/migrations/0009_remove_analyticstokens_ignore_paths_and_more.py

@@ -0,0 +1,28 @@
+# Generated by Django 4.0.10 on 2023-05-08 05:24
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('analytics', '0008_add_AA_GA-4_Team_Token '),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='analyticstokens',
+            name='ignore_paths',
+        ),
+        migrations.RemoveField(
+            model_name='analyticstokens',
+            name='send_celery_tasks',
+        ),
+        migrations.RemoveField(
+            model_name='analyticstokens',
+            name='send_page_views',
+        ),
+        migrations.DeleteModel(
+            name='AnalyticsPath',
+        ),
+    ]

allianceauth/analytics/migrations/0010_alter_analyticsidentifier_options.py

@@ -0,0 +1,17 @@
+# Generated by Django 4.2.16 on 2024-12-11 02:17
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('analytics', '0009_remove_analyticstokens_ignore_paths_and_more'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='analyticsidentifier',
+            options={'verbose_name': 'Analytics Identifier'},
+        ),
+    ]

allianceauth/analytics/models.py

@@ -0,0 +1,29 @@
+from typing import Literal
+from django.db import models
+from django.utils.translation import gettext_lazy as _
+from solo.models import SingletonModel
+from uuid import uuid4
+
+
+class AnalyticsIdentifier(SingletonModel):
+
+    identifier = models.UUIDField(default=uuid4, editable=False)
+
+    def __str__(self) -> Literal['Analytics Identifier']:
+        return "Analytics Identifier"
+
+    class Meta:
+        verbose_name = "Analytics Identifier"
+
+
+class AnalyticsTokens(models.Model):
+
+    class Analytics_Type(models.TextChoices):
+        GA_U = 'GA-U', _('Google Analytics Universal')
+        GA_V4 = 'GA-V4', _('Google Analytics V4')
+
+    name = models.CharField(max_length=254)
+    type = models.CharField(max_length=254, choices=Analytics_Type.choices)
+    token = models.CharField(max_length=254, blank=False)
+    secret = models.CharField(max_length=254, blank=True)
+    send_stats = models.BooleanField(default=False)

allianceauth/analytics/tasks.py

@@ -0,0 +1,207 @@
+import requests
+import logging
+from django.conf import settings
+from django.apps import apps
+from celery import shared_task
+from .models import AnalyticsTokens, AnalyticsIdentifier
+from .utils import (
+    existence_baremetal_or_docker,
+    install_stat_addons,
+    install_stat_tokens,
+    install_stat_users)
+
+from allianceauth import __version__
+
+logger = logging.getLogger(__name__)
+
+BASE_URL = "https://www.google-analytics.com"
+
+DEBUG_URL = f"{BASE_URL}/debug/mp/collect"
+COLLECTION_URL = f"{BASE_URL}/mp/collect"
+
+if getattr(settings, "ANALYTICS_ENABLE_DEBUG", False) and settings.DEBUG:
+    # Force sending of analytics data during in a debug/test environment
+    # Useful for developers working on this feature.
+    logger.warning(
+        "You have 'ANALYTICS_ENABLE_DEBUG' Enabled! "
+        "This debug instance will send analytics data!")
+    DEBUG_URL = COLLECTION_URL
+
+ANALYTICS_URL = COLLECTION_URL
+
+if settings.DEBUG is True:
+    ANALYTICS_URL = DEBUG_URL
+
+
+def analytics_event(namespace: str,
+                    task: str,
+                    label: str = "",
+                    result: str = "",
+                    value: int = 1,
+                    event_type: str = 'Celery'):
+    """
+    Send a Google Analytics Event for each token stored
+    Includes check for if its enabled/disabled
+
+    Args:
+        `namespace` (str): Celery Namespace
+        `task` (str): Task Name
+        `label` (str): Optional, additional task label
+        `result` (str): Optional, Task Success/Exception
+        `value` (int): Optional, If bulk, Query size, can be a Boolean
+        `event_type` (str): Optional, Celery or Stats only, Default to Celery
+    """
+    for token in AnalyticsTokens.objects.filter(type='GA-V4'):
+        if event_type == 'Stats':
+            allowed = token.send_stats
+        else:
+            allowed = False
+
+        if allowed is True:
+            send_ga_tracking_celery_event.s(
+                measurement_id=token.token,
+                secret=token.secret,
+                namespace=namespace,
+                task=task,
+                label=label,
+                result=result,
+                value=value).apply_async(priority=9)
+
+
+@shared_task
+def analytics_daily_stats() -> None:
+    """Celery Task: Do not call directly
+
+    Gathers a series of daily statistics
+    Sends analytics events containing them
+    """
+    users = install_stat_users()
+    tokens = install_stat_tokens()
+    addons = install_stat_addons()
+    existence_type = existence_baremetal_or_docker()
+    logger.debug("Running Daily Analytics Upload")
+
+    analytics_event(namespace='allianceauth.analytics',
+                    task='send_install_stats',
+                    label='existence',
+                    value=1,
+                    event_type='Stats')
+    analytics_event(namespace='allianceauth.analytics',
+                    task='send_install_stats',
+                    label=existence_type,
+                    value=1,
+                    event_type='Stats')
+    analytics_event(namespace='allianceauth.analytics',
+                    task='send_install_stats',
+                    label='users',
+                    value=users,
+                    event_type='Stats')
+    analytics_event(namespace='allianceauth.analytics',
+                    task='send_install_stats',
+                    label='tokens',
+                    value=tokens,
+                    event_type='Stats')
+    analytics_event(namespace='allianceauth.analytics',
+                    task='send_install_stats',
+                    label='addons',
+                    value=addons,
+                    event_type='Stats')
+    for appconfig in apps.get_app_configs():
+        if appconfig.label in [
+            "django_celery_beat",
+            "bootstrapform",
+            "messages",
+            "sessions",
+            "auth",
+            "staticfiles",
+            "users",
+            "addons",
+            "admin",
+            "humanize",
+            "contenttypes",
+            "sortedm2m",
+            "django_bootstrap5",
+            "tokens",
+            "authentication",
+            "services",
+            "framework",
+            "notifications"
+            "eveonline",
+            "navhelper",
+            "analytics",
+            "menu",
+            "theme"
+        ]:
+            pass
+        else:
+            analytics_event(namespace='allianceauth.analytics',
+                            task='send_extension_stats',
+                            label=appconfig.label,
+                            value=1,
+                            event_type='Stats')
+
+
+@shared_task
+def send_ga_tracking_celery_event(
+        measurement_id: str,
+        secret: str,
+        namespace: str,
+        task: str,
+        label: str = "",
+        result: str = "",
+        value: int = 1):
+    """Celery Task: Do not call directly
+
+    Sends an events to GA
+
+    Parameters
+    ----------
+    `measurement_id` (str): GA Token
+    `secret` (str): GA Authentication Secret
+    `namespace` (str): Celery Namespace
+    `task` (str): Task Name
+    `label` (str): Optional, additional task label
+    `result` (str): Optional, Task Success/Exception
+    `value` (int): Optional, If bulk, Query size, can be a binary True/False
+    """
+
+    parameters = {
+        'measurement_id': measurement_id,
+        'api_secret': secret
+    }
+
+    payload = {
+        'client_id': AnalyticsIdentifier.get_solo().identifier.hex,
+        "user_properties": {
+            "allianceauth_version": {
+                "value": __version__
+            }
+        },
+        'non_personalized_ads': True,
+        "events": [{
+            "name": "celery_event",
+            "params": {
+                    "namespace": namespace,
+                    "task": task,
+                    'result': result,
+                    'label': label,
+                    "value": value
+            }
+        }]
+    }
+    try:
+        response = requests.post(
+            ANALYTICS_URL,
+            params=parameters,
+            json=payload,
+            timeout=10)
+        response.raise_for_status()
+        logger.debug(
+            f"Analytics Celery/Stats Event HTTP{response.status_code}")
+        return response.status_code
+    except requests.exceptions.HTTPError as e:
+        logger.debug(e)
+        return response.status_code
+    except requests.exceptions.ConnectionError as e:
+        logger.debug(e)
+        return "Failed"

allianceauth/analytics/tests/test_models.py

@@ -0,0 +1,16 @@
+from allianceauth.analytics.models import AnalyticsIdentifier
+
+from django.test.testcases import TestCase
+
+from uuid import uuid4
+
+
+# Identifiers
+uuid_1 = "ab33e241fbf042b6aa77c7655a768af7"
+uuid_2 = "7aa6bd70701f44729af5e3095ff4b55c"
+
+
+class TestAnalyticsIdentifier(TestCase):
+
+    def test_identifier_random(self):
+        self.assertNotEqual(AnalyticsIdentifier.get_solo(), uuid4)

allianceauth/analytics/tests/test_tasks.py

@@ -0,0 +1,69 @@
+import requests_mock
+
+from django.test.utils import override_settings
+
+from allianceauth.analytics.tasks import (
+    analytics_event,
+    send_ga_tracking_celery_event)
+from allianceauth.utils.testing import NoSocketsTestCase
+
+
+GOOGLE_ANALYTICS_DEBUG_URL = 'https://www.google-analytics.com/debug/mp/collect'
+
+
+@override_settings(CELERY_ALWAYS_EAGER=True, CELERY_EAGER_PROPAGATES_EXCEPTIONS=True)
+@requests_mock.Mocker()
+class TestAnalyticsTasks(NoSocketsTestCase):
+    def test_analytics_event(self, requests_mocker):
+        requests_mocker.register_uri('POST', GOOGLE_ANALYTICS_DEBUG_URL)
+        analytics_event(
+            namespace='allianceauth.analytics',
+            task='send_tests',
+            label='test',
+            value=1,
+            result="Success",
+            event_type='Stats')
+
+    def test_send_ga_tracking_celery_event_sent(self, requests_mocker):
+        # given
+        requests_mocker.register_uri('POST', GOOGLE_ANALYTICS_DEBUG_URL)
+        token = 'G-6LYSMYK8DE'
+        secret = 'KLlpjLZ-SRGozS5f5wb_kw',
+        category = 'test'
+        action = 'test'
+        label = 'test'
+        value = '1'
+        # when
+        task = send_ga_tracking_celery_event(
+            token,
+            secret,
+            category,
+            action,
+            label,
+            value)
+        # then
+        self.assertEqual(task, 200)
+
+    def test_send_ga_tracking_celery_event_success(self, requests_mocker):
+        # given
+        requests_mocker.register_uri(
+            'POST',
+            GOOGLE_ANALYTICS_DEBUG_URL,
+            json={"validationMessages": []}
+        )
+        token = 'G-6LYSMYK8DE'
+        secret = 'KLlpjLZ-SRGozS5f5wb_kw',
+        category = 'test'
+        action = 'test'
+        label = 'test'
+        value = '1'
+        # when
+        task = send_ga_tracking_celery_event(
+            token,
+            secret,
+            category,
+            action,
+            label,
+            value)
+        # then
+        self.assertTrue(task, 200)

allianceauth/analytics/tests/test_utils.py

@@ -0,0 +1,55 @@
+from django.apps import apps
+from allianceauth.authentication.models import User
+from esi.models import Token
+from allianceauth.analytics.utils import install_stat_users, install_stat_tokens, install_stat_addons
+
+from django.test.testcases import TestCase
+
+
+def create_testdata():
+    User.objects.all().delete()
+    User.objects.create_user(
+        'user_1'
+        'abc@example.com',
+        'password'
+    )
+    User.objects.create_user(
+        'user_2'
+        'abc@example.com',
+        'password'
+    )
+    # Token.objects.all().delete()
+    # Token.objects.create(
+    #            character_id=101,
+    #            character_name='character1',
+    #            access_token='my_access_token'
+    # )
+    # Token.objects.create(
+    #            character_id=102,
+    #            character_name='character2',
+    #            access_token='my_access_token'
+    # )
+
+
+class TestAnalyticsUtils(TestCase):
+
+    def test_install_stat_users(self):
+        create_testdata()
+        expected = 2
+
+        users = install_stat_users()
+        self.assertEqual(users, expected)
+
+    # def test_install_stat_tokens(self):
+    #    create_testdata()
+    #    expected = 2
+    #
+    #   tokens = install_stat_tokens()
+    #   self.assertEqual(tokens, expected)
+
+    def test_install_stat_addons(self):
+        # this test does what its testing...
+        # but helpful for existing as a sanity check
+        expected = len(list(apps.get_app_configs()))
+        addons = install_stat_addons()
+        self.assertEqual(addons, expected)

allianceauth/analytics/utils.py

@@ -0,0 +1,50 @@
+import os
+from django.apps import apps
+from allianceauth.authentication.models import User
+from esi.models import Token
+
+
+def install_stat_users() -> int:
+    """Count and Return the number of User accounts
+
+    Returns
+    -------
+    int
+        The Number of User objects"""
+    users = User.objects.count()
+    return users
+
+
+def install_stat_tokens() -> int:
+    """Count and Return the number of ESI Tokens Stored
+
+    Returns
+    -------
+    int
+        The Number of Token Objects"""
+    tokens = Token.objects.count()
+    return tokens
+
+
+def install_stat_addons() -> int:
+    """Count and Return the number of Django Applications Installed
+
+    Returns
+    -------
+    int
+        The Number of Installed Apps"""
+    addons = len(list(apps.get_app_configs()))
+    return addons
+
+
+def existence_baremetal_or_docker() -> str:
+    """Checks the Installation Type of an install
+
+    Returns
+    -------
+    str
+        existence_baremetal or existence_docker"""
+    docker_tag = os.getenv('AA_DOCKER_TAG')
+    if docker_tag:
+        return "existence_docker"
+    return "existence_baremetal"

allianceauth/apps.py

@@ -0,0 +1,8 @@
+from django.apps import AppConfig
+
+
+class AllianceAuthConfig(AppConfig):
+    name = 'allianceauth'
+
+    def ready(self) -> None:
+        import allianceauth.checks # noqa

allianceauth/authentication/admin.py

@@ -0,0 +1,639 @@
+from django.contrib import admin
+from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
+from django.contrib.auth.models import Group
+from django.contrib.auth.models import Permission as BasePermission
+from django.contrib.auth.models import User as BaseUser
+from django.db.models import Count, Q
+from django.db.models.functions import Lower
+from django.db.models.signals import (
+    m2m_changed,
+    post_delete,
+    post_save,
+    pre_delete,
+    pre_save
+)
+from django.dispatch import receiver
+from django.urls import reverse
+from django.utils.html import format_html
+from django.utils.text import slugify
+
+from allianceauth.authentication.models import (
+    CharacterOwnership,
+    OwnershipRecord,
+    State,
+    UserProfile,
+    get_guest_state
+)
+from allianceauth.eveonline.models import (
+    EveAllianceInfo,
+    EveCharacter,
+    EveCorporationInfo,
+    EveFactionInfo
+)
+from allianceauth.eveonline.tasks import update_character
+from allianceauth.hooks import get_hooks
+from allianceauth.services.hooks import ServicesHook
+
+from .app_settings import (
+    AUTHENTICATION_ADMIN_USERS_MAX_CHARS,
+    AUTHENTICATION_ADMIN_USERS_MAX_GROUPS
+)
+from .forms import UserChangeForm, UserProfileForm
+
+
+def make_service_hooks_update_groups_action(service):
+    """
+    Make a admin action for the given service
+    :param service: services.hooks.ServicesHook
+    :return: fn to update services groups for the selected users
+    """
+    def update_service_groups(modeladmin, request, queryset):
+        if hasattr(service, 'update_groups_bulk'):
+            service.update_groups_bulk(queryset)
+        else:
+            for user in queryset:  # queryset filtering doesn't work here?
+                service.update_groups(user)
+
+    update_service_groups.__name__ = str(f'update_{slugify(service.name)}_groups')
+    update_service_groups.short_description = f"Sync groups for selected {service.title} accounts"
+    return update_service_groups
+
+
+def make_service_hooks_sync_nickname_action(service):
+    """
+    Make a sync_nickname admin action for the given service
+    :param service: services.hooks.ServicesHook
+    :return: fn to sync nickname for the selected users
+    """
+    def sync_nickname(modeladmin, request, queryset):
+        if hasattr(service, 'sync_nicknames_bulk'):
+            service.sync_nicknames_bulk(queryset)
+        else:
+            for user in queryset:  # queryset filtering doesn't work here?
+                service.sync_nickname(user)
+
+    sync_nickname.__name__ = str(f'sync_{slugify(service.name)}_nickname')
+    sync_nickname.short_description = f"Sync nicknames for selected {service.title} accounts"
+    return sync_nickname
+
+
+class UserProfileInline(admin.StackedInline):
+    model = UserProfile
+    readonly_fields = ('state',)
+    form = UserProfileForm
+    verbose_name = ''
+    verbose_name_plural = 'Profile'
+
+    def get_formset(self, request, obj=None, **kwargs):
+        # main_character field can only show current value or unclaimed alts
+        # if superuser, allow selecting from any unclaimed main
+        query = Q()
+        if obj and obj.profile.main_character:
+            query |= Q(pk=obj.profile.main_character_id)
+            if request.user.is_superuser:
+                query |= Q(userprofile__isnull=True)
+            else:
+                query |= Q(character_ownership__user=obj)
+        formset = super().get_formset(request, obj=obj, **kwargs)
+
+        def get_kwargs(self, index):
+            return {'querysets': {'main_character': EveCharacter.objects.filter(query)}}
+        formset.get_form_kwargs = get_kwargs
+        return formset
+
+    def has_add_permission(self, request, obj=None):
+        return False
+
+    def has_delete_permission(self, request, obj=None):
+        return False
+
+
+@admin.display(description="")
+def user_profile_pic(obj):
+    """profile pic column data for user objects
+
+    works for both User objects and objects with `user` as FK to User
+    To be used for all user based admin lists (requires CSS)
+    """
+    user_obj = obj.user if hasattr(obj, 'user') else obj
+    if user_obj.profile.main_character:
+        return format_html(
+            '<img src="{}" class="img-circle">',
+            user_obj.profile.main_character.portrait_url(size=32)
+        )
+    return None
+
+
+@admin.display(description="user / main", ordering="username")
+def user_username(obj):
+    """user column data for user objects
+
+    works for both User objects and objects with `user` as FK to User
+    To be used for all user based admin lists
+    """
+    link = reverse(
+        'admin:{}_{}_change'.format(
+            obj._meta.app_label,
+            type(obj).__name__.lower()
+        ),
+        args=(obj.pk,)
+    )
+    user_obj = obj.user if hasattr(obj, 'user') else obj
+    if user_obj.profile.main_character:
+        return format_html(
+            '<strong><a href="{}">{}</a></strong><br>{}',
+            link,
+            user_obj.username,
+            user_obj.profile.main_character.character_name
+        )
+    return format_html(
+        '<strong><a href="{}">{}</a></strong>',
+        link,
+        user_obj.username,
+    )
+
+
+@admin.display(
+    description="Corporation / Alliance (Main)",
+    ordering="profile__main_character__corporation_name"
+)
+def user_main_organization(obj):
+    """main organization column data for user objects
+
+    works for both User objects and objects with `user` as FK to User
+    To be used for all user based admin lists
+    """
+    user_obj = obj.user if hasattr(obj, 'user') else obj
+    if not user_obj.profile.main_character:
+        return ''
+    result = user_obj.profile.main_character.corporation_name
+    if user_obj.profile.main_character.alliance_id:
+        result += f'<br>{user_obj.profile.main_character.alliance_name}'
+    elif user_obj.profile.main_character.faction_name:
+        result += f'<br>{user_obj.profile.main_character.faction_name}'
+    return format_html(result)
+
+
+class MainCorporationsFilter(admin.SimpleListFilter):
+    """Custom filter to filter on corporations from mains only
+
+    works for both User objects and objects with `user` as FK to User
+    To be used for all user based admin lists
+    """
+    title = 'corporation'
+    parameter_name = 'main_corporation_id__exact'
+
+    def lookups(self, request, model_admin):
+        qs = EveCharacter.objects\
+            .exclude(userprofile=None)\
+            .values('corporation_id', 'corporation_name')\
+            .distinct()\
+            .order_by(Lower('corporation_name'))
+        return tuple(
+            (x['corporation_id'], x['corporation_name']) for x in qs
+        )
+
+    def queryset(self, request, qs):
+        if self.value() is None:
+            return qs.all()
+        if qs.model == User:
+            return qs.filter(
+                profile__main_character__corporation_id=self.value()
+            )
+        return qs.filter(
+            user__profile__main_character__corporation_id=self.value()
+        )
+
+
+class MainAllianceFilter(admin.SimpleListFilter):
+    """Custom filter to filter on alliances from mains only
+
+    works for both User objects and objects with `user` as FK to User
+    To be used for all user based admin lists
+    """
+    title = 'alliance'
+    parameter_name = 'main_alliance_id__exact'
+
+    def lookups(self, request, model_admin):
+        qs = (
+            EveCharacter.objects
+            .exclude(alliance_id=None)
+            .exclude(userprofile=None)
+            .values('alliance_id', 'alliance_name')
+            .distinct()
+            .order_by(Lower('alliance_name'))
+        )
+        return tuple(
+            (x['alliance_id'], x['alliance_name']) for x in qs
+        )
+
+    def queryset(self, request, qs):
+        if self.value() is None:
+            return qs.all()
+        if qs.model == User:
+            return qs.filter(profile__main_character__alliance_id=self.value())
+        return qs.filter(
+            user__profile__main_character__alliance_id=self.value()
+        )
+
+
+class MainFactionFilter(admin.SimpleListFilter):
+    """Custom filter to filter on factions from mains only
+
+    works for both User objects and objects with `user` as FK to User
+    To be used for all user based admin lists
+    """
+    title = 'faction'
+    parameter_name = 'main_faction_id__exact'
+
+    def lookups(self, request, model_admin):
+        qs = (
+            EveCharacter.objects
+            .exclude(faction_id=None)
+            .exclude(userprofile=None)
+            .values('faction_id', 'faction_name')
+            .distinct()
+            .order_by(Lower('faction_name'))
+        )
+        return tuple(
+            (x['faction_id'], x['faction_name']) for x in qs
+        )
+
+    def queryset(self, request, qs):
+        if self.value() is None:
+            return qs.all()
+        if qs.model == User:
+            return qs.filter(profile__main_character__faction_id=self.value())
+        return qs.filter(
+            user__profile__main_character__faction_id=self.value()
+        )
+
+
+@admin.display(description="Update main character model from ESI")
+def update_main_character_model(modeladmin, request, queryset):
+    tasks_count = 0
+    for obj in queryset:
+        if obj.profile.main_character:
+            update_character.delay(obj.profile.main_character.character_id)
+            tasks_count += 1
+
+    modeladmin.message_user(
+        request, f'Update from ESI started for {tasks_count} characters'
+    )
+
+
+class UserAdmin(BaseUserAdmin):
+    """Extending Django's UserAdmin model
+
+    Behavior of groups and characters columns can be configured via settings
+    """
+
+    inlines = [UserProfileInline]
+    ordering = ('username', )
+    list_select_related = ('profile__state', 'profile__main_character')
+    show_full_result_count = True
+    list_display = (
+        user_profile_pic,
+        user_username,
+        '_state',
+        '_groups',
+        user_main_organization,
+        '_characters',
+        'is_active',
+        'date_joined',
+        '_role'
+    )
+    list_display_links = None
+    list_filter = (
+        'profile__state',
+        'groups',
+        MainCorporationsFilter,
+        MainAllianceFilter,
+        MainFactionFilter,
+        'is_active',
+        'date_joined',
+        'is_staff',
+        'is_superuser'
+    )
+    search_fields = ('username', 'character_ownerships__character__character_name')
+    readonly_fields = ('date_joined', 'last_login')
+    filter_horizontal = ('groups', 'user_permissions',)
+    form = UserChangeForm
+
+    class Media:
+        css = {
+            "all": ("allianceauth/authentication/css/admin.css",)
+        }
+
+    def get_queryset(self, request):
+        qs = super().get_queryset(request)
+        return qs.prefetch_related("character_ownerships__character", "groups")
+
+    def get_form(self, request, obj=None, **kwargs):
+        """Inject current request into change form object."""
+
+        MyForm = super().get_form(request, obj, **kwargs)
+        if obj:
+            class MyFormInjected(MyForm):
+                def __new__(cls, *args, **kwargs):
+                    kwargs['request'] = request
+                    return MyForm(*args, **kwargs)
+
+            return MyFormInjected
+        return MyForm
+
+    def get_actions(self, request):
+        actions = super().get_actions(request)
+        actions[update_main_character_model.__name__] = (
+            update_main_character_model,
+            update_main_character_model.__name__,
+            update_main_character_model.short_description
+        )
+
+        for hook in get_hooks('services_hook'):
+            svc = hook()
+            # Check update_groups is redefined/overloaded
+            if svc.update_groups.__module__ != ServicesHook.update_groups.__module__:
+                action = make_service_hooks_update_groups_action(svc)
+                actions[action.__name__] = (
+                    action,
+                    action.__name__,
+                    action.short_description
+                )
+
+            # Create sync nickname action if service implements it
+            if svc.sync_nickname.__module__ != ServicesHook.sync_nickname.__module__:
+                action = make_service_hooks_sync_nickname_action(svc)
+                actions[action.__name__] = (
+                    action, action.__name__,
+                    action.short_description
+                )
+        return actions
+
+    def _list_2_html_w_tooltips(self, my_items: list, max_items: int) -> str:
+        """converts list of strings into HTML with cutoff and tooltip"""
+        items_truncated_str = ', '.join(my_items[:max_items])
+        if not my_items:
+            result = None
+        elif len(my_items) <= max_items:
+            result = items_truncated_str
+        else:
+            items_truncated_str += ', (...)'
+            items_all_str = ', '.join(my_items)
+            result = format_html(
+                '<span data-tooltip="{}" class="tooltip">{}</span>',
+                items_all_str,
+                items_truncated_str
+            )
+        return result
+
+    def _characters(self, obj):
+        character_ownerships = list(obj.character_ownerships.all())
+        characters = [obj.character.character_name for obj in character_ownerships]
+        return self._list_2_html_w_tooltips(
+            sorted(characters),
+            AUTHENTICATION_ADMIN_USERS_MAX_CHARS
+        )
+
+    @admin.display(ordering="profile__state")
+    def _state(self, obj):
+        return obj.profile.state.name
+
+    def _groups(self, obj):
+        my_groups = sorted(group.name for group in list(obj.groups.all()))
+        return self._list_2_html_w_tooltips(
+            my_groups, AUTHENTICATION_ADMIN_USERS_MAX_GROUPS
+        )
+
+    def _role(self, obj):
+        if obj.is_superuser:
+            role = 'Superuser'
+        elif obj.is_staff:
+            role = 'Staff'
+        else:
+            role = 'User'
+        return role
+
+    def has_change_permission(self, request, obj=None):
+        return request.user.has_perm('auth.change_user')
+
+    def has_add_permission(self, request, obj=None):
+        return request.user.has_perm('auth.add_user')
+
+    def has_delete_permission(self, request, obj=None):
+        return request.user.has_perm('auth.delete_user')
+
+    def get_object(self, *args , **kwargs):
+        obj = super().get_object(*args , **kwargs)
+        self.obj = obj  # storing current object for use in formfield_for_manytomany
+        return obj
+
+    def formfield_for_manytomany(self, db_field, request, **kwargs):
+        if db_field.name == "groups":
+            groups_qs = Group.objects.filter(authgroup__states__isnull=True)
+            obj_state = self.obj.profile.state
+            if obj_state:
+                matching_groups_qs = Group.objects.filter(authgroup__states=obj_state)
+                groups_qs = groups_qs | matching_groups_qs
+            kwargs["queryset"] = groups_qs.order_by(Lower("name"))
+        return super().formfield_for_manytomany(db_field, request, **kwargs)
+
+    def get_readonly_fields(self, request, obj=None):
+        if obj and not request.user.is_superuser:
+            return self.readonly_fields + (
+                "is_staff", "is_superuser", "user_permissions"
+            )
+        return self.readonly_fields
+
+
+@admin.register(State)
+class StateAdmin(admin.ModelAdmin):
+    list_select_related = True
+    list_display = ('name', 'priority', '_user_count')
+
+    def get_queryset(self, request):
+        qs = super().get_queryset(request)
+        return qs.annotate(user_count=Count("userprofile__id"))
+
+    @admin.display(description="Users", ordering="user_count")
+    def _user_count(self, obj):
+        return obj.user_count
+
+    fieldsets = (
+        (None, {
+            'fields': ('name', 'permissions', 'priority'),
+        }),
+        ('Membership', {
+            'fields': (
+                'public',
+                'member_characters',
+                'member_corporations',
+                'member_alliances',
+                'member_factions'
+            ),
+        })
+    )
+    filter_horizontal = [
+        'member_characters',
+        'member_corporations',
+        'member_alliances',
+        'member_factions',
+        'permissions'
+    ]
+
+    def formfield_for_manytomany(self, db_field, request, **kwargs):
+        """overriding this formfield to have sorted lists in the form"""
+        if db_field.name == "member_characters":
+            kwargs["queryset"] = EveCharacter.objects.all()\
+                .order_by(Lower('character_name'))
+        elif db_field.name == "member_corporations":
+            kwargs["queryset"] = EveCorporationInfo.objects.all()\
+                .order_by(Lower('corporation_name'))
+        elif db_field.name == "member_alliances":
+            kwargs["queryset"] = EveAllianceInfo.objects.all()\
+                .order_by(Lower('alliance_name'))
+        elif db_field.name == "member_factions":
+            kwargs["queryset"] = EveFactionInfo.objects.all()\
+                .order_by(Lower('faction_name'))
+        elif db_field.name == "permissions":
+            kwargs["queryset"] = Permission.objects.select_related("content_type").all()
+        return super().formfield_for_manytomany(db_field, request, **kwargs)
+
+    def has_delete_permission(self, request, obj=None):
+        if obj == get_guest_state():
+            return False
+        return super().has_delete_permission(request, obj=obj)
+
+    def get_fieldsets(self, request, obj=None):
+        if obj == get_guest_state():
+            return (
+                (None, {
+                    'fields': ('permissions', 'priority'),
+                }),
+            )
+        return super().get_fieldsets(request, obj=obj)
+
+    def get_readonly_fields(self, request, obj=None):
+        if not request.user.is_superuser:
+            return self.readonly_fields + ("permissions",)
+        return self.readonly_fields
+
+
+class BaseOwnershipAdmin(admin.ModelAdmin):
+    list_select_related = (
+        'user__profile__state', 'user__profile__main_character', 'character')
+    list_display = (
+        user_profile_pic,
+        user_username,
+        user_main_organization,
+        'character',
+    )
+    search_fields = (
+        'user__username',
+        'character__character_name',
+        'character__corporation_name',
+        'character__alliance_name',
+        'character__faction_name'
+    )
+    list_filter = (
+        MainCorporationsFilter,
+        MainAllianceFilter,
+    )
+
+    class Media:
+        css = {
+            "all": ("allianceauth/authentication/css/admin.css",)
+        }
+
+    def get_readonly_fields(self, request, obj=None):
+        if obj and obj.pk:
+            return 'owner_hash', 'character'
+        return tuple()
+
+
+@admin.register(OwnershipRecord)
+class OwnershipRecordAdmin(BaseOwnershipAdmin):
+    list_display = BaseOwnershipAdmin.list_display + ('created',)
+
+
+@admin.register(CharacterOwnership)
+class CharacterOwnershipAdmin(BaseOwnershipAdmin):
+    def has_add_permission(self, request):
+        return False
+
+
+class PermissionAdmin(admin.ModelAdmin):
+    actions = None
+    readonly_fields = [field.name for field in BasePermission._meta.fields]
+    search_fields = ('codename', )
+    list_display = ('admin_name', 'name', 'codename', 'content_type')
+    list_filter = ('content_type__app_label',)
+
+    @staticmethod
+    def admin_name(obj):
+        return str(obj)
+
+    def has_add_permission(self, request, obj=None):
+        return False
+
+    def has_delete_permission(self, request, obj=None):
+        return False
+
+    def has_module_permission(self, request):
+        return True
+
+    def has_change_permission(self, request, obj=None):
+        # can see list but not edit it
+        return not obj
+
+
+# Hack to allow registration of django.contrib.auth models in our authentication app
+class User(BaseUser):
+    class Meta:
+        proxy = True
+        verbose_name = BaseUser._meta.verbose_name
+        verbose_name_plural = BaseUser._meta.verbose_name_plural
+
+
+class Permission(BasePermission):
+    class Meta:
+        proxy = True
+        verbose_name = BasePermission._meta.verbose_name
+        verbose_name_plural = BasePermission._meta.verbose_name_plural
+
+
+try:
+    admin.site.unregister(BaseUser)
+finally:
+    admin.site.register(User, UserAdmin)
+    admin.site.register(Permission, PermissionAdmin)
+
+
+@receiver(pre_save, sender=User)
+def redirect_pre_save(sender, signal=None, *args, **kwargs):
+    pre_save.send(BaseUser, *args, **kwargs)
+
+
+@receiver(post_save, sender=User)
+def redirect_post_save(sender, signal=None, *args, **kwargs):
+    post_save.send(BaseUser, *args, **kwargs)
+
+
+@receiver(pre_delete, sender=User)
+def redirect_pre_delete(sender, signal=None, *args, **kwargs):
+    pre_delete.send(BaseUser, *args, **kwargs)
+
+
+@receiver(post_delete, sender=User)
+def redirect_post_delete(sender, signal=None, *args, **kwargs):
+    post_delete.send(BaseUser, *args, **kwargs)
+
+
+@receiver(m2m_changed, sender=User.groups.through)
+def redirect_m2m_changed_groups(sender, signal=None, *args, **kwargs):
+    m2m_changed.send(BaseUser, *args, **kwargs)
+
+
+@receiver(m2m_changed, sender=User.user_permissions.through)
+def redirect_m2m_changed_permissions(sender, signal=None, *args, **kwargs):
+    m2m_changed.send(BaseUser, *args, **kwargs)

allianceauth/authentication/app_settings.py

@@ -0,0 +1,45 @@
+from django.conf import settings
+
+
+def _clean_setting(
+    name: str,
+    default_value: object,
+    min_value: int = None,
+    max_value: int = None,
+    required_type: type = None
+):
+    """cleans the input for a custom setting
+
+    Will use `default_value` if settings does not exit or has the wrong type
+    or is outside define boundaries (for int only)
+
+    Need to define `required_type` if `default_value` is `None`
+
+    Will assume `min_value` of 0 for int (can be overriden)
+
+    Returns cleaned value for setting
+    """
+    if default_value is None and not required_type:
+        raise ValueError('You must specify a required_type for None defaults')
+
+    if not required_type:
+        required_type = type(default_value)
+
+    if min_value is None and required_type == int:
+        min_value = 0
+
+    if (hasattr(settings, name)
+        and isinstance(getattr(settings, name), required_type)
+        and (min_value is None or getattr(settings, name) >= min_value)
+        and (max_value is None or getattr(settings, name) <= max_value)
+    ):
+        return getattr(settings, name)
+    else:
+        return default_value
+
+
+AUTHENTICATION_ADMIN_USERS_MAX_GROUPS = \
+    _clean_setting('AUTHENTICATION_ADMIN_USERS_MAX_GROUPS', 10)
+
+AUTHENTICATION_ADMIN_USERS_MAX_CHARS = \
+    _clean_setting('AUTHENTICATION_ADMIN_USERS_MAX_CHARS', 5)

allianceauth/authentication/apps.py

@@ -0,0 +1,18 @@
+from django.apps import AppConfig
+from django.core.checks import register, Tags
+from django.utils.translation import gettext_lazy as _
+
+
+class AuthenticationConfig(AppConfig):
+    name = "allianceauth.authentication"
+    label = "authentication"
+    verbose_name = _("Authentication")
+
+    def ready(self):
+        from allianceauth.authentication import checks, signals  # noqa: F401
+        from allianceauth.authentication.task_statistics import (
+            signals as celery_signals,
+        )
+
+        register(Tags.security)(checks.check_login_scopes_setting)
+        celery_signals.reset_counters()

allianceauth/authentication/auth_hooks.py

@@ -0,0 +1,59 @@
+from allianceauth.hooks import DashboardItemHook
+from allianceauth import hooks
+from .views import dashboard_characters, dashboard_esi_check, dashboard_groups, dashboard_admin
+
+
+class UserCharactersHook(DashboardItemHook):
+    def __init__(self):
+        DashboardItemHook.__init__(
+            self,
+            dashboard_characters,
+            5
+        )
+
+
+class UserGroupsHook(DashboardItemHook):
+    def __init__(self):
+        DashboardItemHook.__init__(
+            self,
+            dashboard_groups,
+            5
+        )
+
+
+class AdminHook(DashboardItemHook):
+    def __init__(self):
+        DashboardItemHook.__init__(
+            self,
+            dashboard_admin,
+            1
+        )
+
+
+class ESICheckHook(DashboardItemHook):
+    def __init__(self):
+        DashboardItemHook.__init__(
+            self,
+            dashboard_esi_check,
+            0
+        )
+
+
+@hooks.register('dashboard_hook')
+def register_character_hook():
+    return UserCharactersHook()
+
+
+@hooks.register('dashboard_hook')
+def register_groups_hook():
+    return UserGroupsHook()
+
+
+@hooks.register('dashboard_hook')
+def register_admin_hook():
+    return AdminHook()
+
+
+@hooks.register('dashboard_hook')
+def register_esi_hook():
+    return ESICheckHook()

allianceauth/authentication/backends.py

@@ -0,0 +1,105 @@
+import logging
+
+from django.contrib.auth.backends import ModelBackend
+from django.contrib.auth.models import User, Permission
+
+from .models import UserProfile, CharacterOwnership, OwnershipRecord
+
+
+logger = logging.getLogger(__name__)
+
+
+class StateBackend(ModelBackend):
+    @staticmethod
+    def _get_state_permissions(user_obj):
+        """returns permissions for state of given user object"""
+        if hasattr(user_obj, "profile") and user_obj.profile:
+            return Permission.objects.filter(state=user_obj.profile.state)
+        else:
+            return Permission.objects.none()
+
+    def get_state_permissions(self, user_obj, obj=None):
+        return self._get_permissions(user_obj, obj, 'state')
+
+    def get_all_permissions(self, user_obj, obj=None):
+        if not user_obj.is_active or user_obj.is_anonymous or obj is not None:
+            return set()
+        if not hasattr(user_obj, '_perm_cache'):
+            user_obj._perm_cache = self.get_user_permissions(user_obj)
+            user_obj._perm_cache.update(self.get_group_permissions(user_obj))
+            user_obj._perm_cache.update(self.get_state_permissions(user_obj))
+        return user_obj._perm_cache
+
+    def authenticate(self, request=None, token=None, **credentials):
+        if not token:
+            return None
+        try:
+            ownership = CharacterOwnership.objects.get(character__character_id=token.character_id)
+            if ownership.owner_hash == token.character_owner_hash:
+                logger.debug(f'Authenticating {ownership.user} by ownership of character {token.character_name}')
+                if ownership.user.profile.main_character:
+                    if ownership.user.profile.main_character.character_id == token.character_id:
+                        return ownership.user
+                    else:  # this is an alt, enforce main only.
+                        return None
+            else:
+                logger.debug(f'{token.character_name} has changed ownership. Creating new user account.')
+                ownership.delete()
+                return self.create_user(token)
+        except CharacterOwnership.DoesNotExist:
+            try:
+                # insecure legacy main check for pre-sso registration auth installs
+                profile = UserProfile.objects.get(main_character__character_id=token.character_id)
+                logger.debug(f'Authenticating {profile.user} by their main character {profile.main_character} without active ownership.')
+                # attach an ownership
+                token.user = profile.user
+                CharacterOwnership.objects.create_by_token(token)
+                return profile.user
+            except UserProfile.DoesNotExist:
+                # now we check historical records to see if this is a returning user
+                records = OwnershipRecord.objects.filter(owner_hash=token.character_owner_hash).filter(character__character_id=token.character_id)
+                if records.exists():
+                    # we've seen this character owner before. Re-attach to their old user account
+                    user = records[0].user
+                    if user.profile.main_character:
+                        if user.profile.main_character.character_id != token.character_id:
+                            # this is an alt, enforce main only due to trust issues in SSO.
+                            return None
+
+                    token.user = user
+                    co = CharacterOwnership.objects.create_by_token(token)
+                    logger.debug(f'Authenticating {user} by matching owner hash record of character {co.character}')
+
+                    # set this as their main by default as they have none
+                    user.profile.main_character = co.character
+                    user.profile.save()
+                    return user
+            logger.debug(f'Unable to authenticate character {token.character_name}. Creating new user.')
+            return self.create_user(token)
+
+    def create_user(self, token):
+        username = self.iterate_username(token.character_name)  # build unique username off character name
+        user = User.objects.create_user(username, is_active=False)  # prevent login until email set
+        user.set_unusable_password()  # prevent login via password
+        user.save()
+        token.user = user
+        co = CharacterOwnership.objects.create_by_token(token)  # assign ownership to this user
+        user.profile.main_character = co.character  # assign main character as token character
+        user.profile.save()
+        logger.debug(f'Created new user {user}')
+        return user
+
+    @staticmethod
+    def iterate_username(name):
+        name = str.replace(name, "'", "")
+        name = str.replace(name, ' ', '_')
+        if User.objects.filter(username__startswith=name).exists():
+            u = User.objects.filter(username__startswith=name)
+            num = len(u)
+            username = f"{name}_{num}"
+            while u.filter(username=username).exists():
+                num += 1
+                username = f"{name}_{num}"
+        else:
+            username = name
+        return username

allianceauth/authentication/checks.py

@@ -0,0 +1,12 @@
+from django.core.checks import Error
+from django.conf import settings
+
+
+def check_login_scopes_setting(*args, **kwargs):
+    errors = []
+    try:
+        assert settings.LOGIN_TOKEN_SCOPES
+    except (AssertionError, AttributeError):
+        errors.append(Error('LOGIN_TOKEN_SCOPES setting cannot be blank.',
+                            hint='SSO tokens used for logging in must require scopes to be refreshable.'))
+    return errors

allianceauth/authentication/constants.py

@@ -0,0 +1,12 @@
+from django.utils.translation import gettext_lazy as _
+
+# Overide ESI messages in the dashboard widget
+# when the returned messages are not helpful or out of date
+ESI_ERROR_MESSAGE_OVERRIDES = {
+    420: _("This software has exceeded the error limit for ESI. "
+            "If you are a user, please contact the maintainer of this software."
+            " If you are a developer/maintainer, please make a greater "
+            "effort in the future to receive valid responses. For tips on how, "
+            "come have a chat with us in ##3rd-party-dev-and-esi on the EVE "
+            "Online Discord. https://www.eveonline.com/discord")
+}

allianceauth/authentication/core/celery_workers.py

@@ -0,0 +1,48 @@
+"""API for interacting with celery workers."""
+
+import itertools
+import logging
+from typing import Optional
+
+from amqp.exceptions import ChannelError
+from celery import current_app
+
+from django.conf import settings
+
+logger = logging.getLogger(__name__)
+
+
+def active_tasks_count() -> Optional[int]:
+    """Return count of currently active tasks
+    or None if celery workers are not online.
+    """
+    inspect = current_app.control.inspect()
+    return _tasks_count(inspect.active())
+
+
+def _tasks_count(data: dict) -> Optional[int]:
+    """Return count of tasks in data from celery inspect API."""
+    try:
+        tasks = itertools.chain(*data.values())
+    except AttributeError:
+        return None
+    return len(list(tasks))
+
+
+def queued_tasks_count() -> Optional[int]:
+    """Return count of queued tasks. Return None if there was an error."""
+    try:
+        with current_app.connection_or_acquire() as conn:
+            result = conn.default_channel.queue_declare(
+                queue=getattr(settings, "CELERY_DEFAULT_QUEUE", "celery"), passive=True
+            )
+            return result.message_count
+
+    except ChannelError:
+        # Queue doesn't exist, probably empty
+        return 0
+
+    except Exception:
+        logger.exception("Failed to get celery queue length")
+
+    return None

allianceauth/authentication/decorators.py

@@ -0,0 +1,83 @@
+from django.urls import include
+from django.contrib.auth.decorators import user_passes_test
+from django.core.exceptions import PermissionDenied
+from functools import wraps
+from typing import Callable, Iterable, Optional
+
+from django.urls import include
+from django.contrib import messages
+from django.contrib.auth.decorators import login_required, user_passes_test
+from django.core.exceptions import PermissionDenied
+from django.shortcuts import redirect
+from django.utils.translation import gettext_lazy as _
+
+
+def user_has_main_character(user):
+    return bool(user.profile.main_character)
+
+
+def decorate_url_patterns(
+    urls, decorator: Callable, excluded_views: Optional[Iterable] = None
+):
+    """Decorate views given in url patterns except when they are explicitly excluded.
+
+    Args:
+        - urls: Django URL patterns
+        - decorator: Decorator to be added to each view
+        - exclude_views: Optional iterable of view names to be excluded
+    """
+    url_list, app_name, namespace = include(urls)
+
+    def process_patterns(url_patterns):
+        for pattern in url_patterns:
+            if hasattr(pattern, 'url_patterns'):
+                # this is an include - apply to all nested patterns
+                process_patterns(pattern.url_patterns)
+            else:
+                # this is a pattern
+                if excluded_views and pattern.lookup_str in excluded_views:
+                    return
+                pattern.callback = decorator(pattern.callback)
+
+    process_patterns(url_list)
+    return url_list, app_name, namespace
+
+
+def main_character_required(view_func):
+    @wraps(view_func)
+    def _wrapped_view(request, *args, **kwargs):
+        if user_has_main_character(request.user):
+            return view_func(request, *args, **kwargs)
+
+        messages.error(request, _('A main character is required to perform that action. Add one below.'))
+        return redirect('authentication:dashboard')
+    return login_required(_wrapped_view)
+
+
+def permissions_required(perm, login_url=None, raise_exception=False):
+    """
+    Decorator for views that checks whether a user has a particular permission
+    enabled, redirecting to the log-in page if necessary.
+    If the raise_exception parameter is given the PermissionDenied exception
+    is raised.
+
+    This decorator is identical to the django permission_required except it
+    allows for passing a tuple/list of perms that will return true if any one
+    of them is present.
+    """
+    def check_perms(user):
+        if isinstance(perm, str):
+            perms = (perm,)
+        else:
+            perms = perm
+        # First check if the user has the permission (even anon users)
+        for perm_ in perms:
+            perm_ = (perm_,)
+            if user.has_perms(perm_):
+                return True
+        # In case the 403 handler should be called raise the exception
+        if raise_exception:
+            raise PermissionDenied
+        # As the last resort, show the login form
+        return False
+    return user_passes_test(check_perms, login_url=login_url)

allianceauth/authentication/forms.py

@@ -0,0 +1,66 @@
+from django import forms
+from django.contrib.auth.forms import UserChangeForm as BaseUserChangeForm
+from django.contrib.auth.models import Group
+from django.core.exceptions import ValidationError
+from django.forms import ModelForm
+from django.utils.translation import gettext_lazy as _
+
+from allianceauth.authentication.models import User
+
+
+class RegistrationForm(forms.Form):
+    email = forms.EmailField(label=_('Email'), max_length=254, required=True)
+
+    class _meta:
+        model = User
+
+
+class UserProfileForm(ModelForm):
+    """Allows specifying FK querysets through kwarg"""
+
+    def __init__(self, querysets=None, *args, **kwargs):
+        querysets = querysets or {}
+        super().__init__(*args, **kwargs)
+        for field, qs in querysets.items():
+            self.fields[field].queryset = qs
+
+
+class UserChangeForm(BaseUserChangeForm):
+    """Add custom cleaning to UserChangeForm"""
+
+    def __init__(self, *args, **kwargs):
+        self.request = kwargs.pop("request")  # Inject current request into form object
+        super().__init__(*args, **kwargs)
+
+    def clean(self):
+        cleaned_data = super().clean()
+        if not self.request.user.is_superuser:
+            if self.instance:
+                current_restricted = set(
+                    self.instance.groups.filter(
+                        authgroup__restricted=True
+                    ).values_list("pk", flat=True)
+                )
+            else:
+                current_restricted = set()
+            new_restricted = set(
+                cleaned_data["groups"].filter(
+                    authgroup__restricted=True
+                ).values_list("pk", flat=True)
+            )
+            if current_restricted != new_restricted:
+                restricted_removed = current_restricted - new_restricted
+                restricted_added = new_restricted - current_restricted
+                restricted_changed = restricted_removed | restricted_added
+                restricted_names_qs = Group.objects.filter(
+                    pk__in=restricted_changed
+                ).values_list("name", flat=True)
+                restricted_names = ",".join(list(restricted_names_qs))
+                raise ValidationError(
+                    {
+                        "groups": _(
+                            "You are not allowed to add or remove these "
+                            "restricted groups: %s" % restricted_names
+                        )
+                    }
+                )

allianceauth/authentication/hmac_urls.py

@@ -0,0 +1,13 @@
+from allianceauth.authentication import views
+from django.urls import include, re_path, path
+
+urlpatterns = [
+    path('activate/complete/', views.activation_complete, name='registration_activation_complete'),
+    # The activation key can make use of any character from the
+    # URL-safe base64 alphabet, plus the colon as a separator.
+    re_path(r'^activate/(?P<activation_key>[-:\w]+)/$', views.ActivationView.as_view(), name='registration_activate'),
+    path('register/', views.RegistrationView.as_view(), name='registration_register'),
+    path('register/complete/', views.registration_complete, name='registration_complete'),
+    path('register/closed/', views.registration_closed, name='registration_disallowed'),
+    path('', include('django.contrib.auth.urls')),
+]

allianceauth/authentication/management/commands/checkmains.py

@@ -0,0 +1,20 @@
+from django.core.management.base import BaseCommand
+from allianceauth.authentication.models import UserProfile
+
+
+class Command(BaseCommand):
+    help = 'Ensures all main characters have an active ownership'
+
+    def handle(self, *args, **options):
+        profiles = UserProfile.objects.filter(main_character__isnull=False).filter(
+            main_character__character_ownership__isnull=True)
+        if profiles.exists():
+            for profile in profiles:
+                self.stdout.write(self.style.ERROR(
+                    '{} does not have an ownership. Resetting user {} main character.'.format(profile.main_character,
+                                                                                                profile.user)))
+                profile.main_character = None
+                profile.save()
+            self.stdout.write(self.style.WARNING(f'Reset {profiles.count()} main characters.'))
+        else:
+            self.stdout.write(self.style.SUCCESS('All main characters have active ownership.'))

allianceauth/authentication/managers.py

@@ -0,0 +1,76 @@
+import logging
+
+from django.db import transaction
+from django.db.models import Manager, QuerySet, Q
+
+from allianceauth.eveonline.models import EveCharacter
+
+logger = logging.getLogger(__name__)
+
+
+def available_states_query(character):
+    query = Q(public=True)
+    if character.character_id:
+        query |= Q(member_characters__character_id=character.character_id)
+    if character.corporation_id:
+        query |= Q(member_corporations__corporation_id=character.corporation_id)
+    if character.alliance_id:
+        query |= Q(member_alliances__alliance_id=character.alliance_id)
+    if character.faction_id:
+        query |= Q(member_factions__faction_id=character.faction_id)
+    return query
+
+
+class CharacterOwnershipManager(Manager):
+    def create_by_token(self, token):
+        if not EveCharacter.objects.filter(character_id=token.character_id).exists():
+            EveCharacter.objects.create_character(token.character_id)
+        return self.create(character=EveCharacter.objects.get(character_id=token.character_id), user=token.user, owner_hash=token.character_owner_hash)
+
+
+class StateQuerySet(QuerySet):
+    def available_to_character(self, character):
+        return self.filter(available_states_query(character))
+
+    def available_to_user(self, user):
+        if user.profile.main_character:
+            return self.available_to_character(user.profile.main_character)
+        else:
+            return self.none()
+
+    def get_for_user(self, user):
+        states = self.available_to_user(user)
+        if states.exists():
+            return states[0]
+        else:
+            from allianceauth.authentication.models import get_guest_state
+            return get_guest_state()
+
+    def delete(self):
+        with transaction.atomic():
+            for state in self:
+                for profile in state.userprofile_set.all():
+                    profile.assign_state(state=self.model.objects.exclude(pk=state.pk).get_for_user(profile.user))
+        super().delete()
+
+
+class StateManager(Manager):
+    def get_queryset(self):
+        return StateQuerySet(self.model, using=self._db)
+
+    def available_to_character(self, character):
+        return self.get_queryset().available_to_character(character)
+
+    def available_to_user(self, user):
+        return self.get_queryset().available_to_user(user)
+
+    def get_for_character(self, character):
+        states = self.get_queryset().available_to_character(character)
+        if states.exists():
+            return states[0]
+        else:
+            from allianceauth.authentication.models import get_guest_state
+            return get_guest_state()
+
+    def get_for_user(self, user):
+        return self.get_queryset().get_for_user(user)

allianceauth/authentication/middleware.py

@@ -0,0 +1,55 @@
+from django.conf import settings
+from django.utils.deprecation import MiddlewareMixin
+
+import logging
+
+logger = logging.getLogger(__name__)
+
+
+class UserSettingsMiddleware(MiddlewareMixin):
+    def process_response(self, request, response):
+        """Django Middleware: User Settings."""
+
+        # Intercept the built in django /setlang/ view and also save it to Database.
+        # Note the annoymous user check, only logged in users will ever hit the DB here
+        if request.path == '/i18n/setlang/' and not request.user.is_anonymous:
+            try:
+                request.user.profile.language = request.POST['language']
+                request.user.profile.save()
+            except Exception as e:
+                logger.exception(e)
+
+        # Only act during the login flow, _after_ user is activated (step 2: post-sso)
+        elif request.path == '/sso/login' and not request.user.is_anonymous:
+            # Set the Language Cookie, if it doesnt match the DB
+            # Null = hasnt been set by the user ever, dont act.
+            try:
+                if request.user.profile.language != request.LANGUAGE_CODE and request.user.profile.language is not None:
+                    response.set_cookie(key=settings.LANGUAGE_COOKIE_NAME,
+                                        value=request.user.profile.language,
+                                        max_age=settings.LANGUAGE_COOKIE_AGE)
+            except Exception as e:
+                logger.exception(e)
+
+            # AA v3 NIGHT_MODE
+            # Set our Night mode flag from the DB
+            # Null = hasnt been set by the user ever, dont act.
+            #
+            # Night mode intercept is not needed in this middleware.
+            # is saved direct to DB in NightModeRedirectView
+            try:
+                if request.user.profile.night_mode is not None:
+                    request.session["NIGHT_MODE"] = request.user.profile.night_mode
+            except Exception as e:
+                logger.exception(e)
+
+            # AA v4 Themes
+            # Null = has not been set by the user ever, dont act
+            # DEFAULT_THEME or DEFAULT_THEME_DARK will be used in get_theme()
+            try:
+                if request.user.profile.theme is not None:
+                    request.session["THEME"] = request.user.profile.theme
+            except Exception as e:
+                logger.exception(e)
+
+        return response

allianceauth/authentication/migrations/0001_initial.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-09-05 21:38
-from __future__ import unicode_literals
 
 from django.conf import settings
 from django.db import migrations, models

allianceauth/authentication/migrations/0002_auto_20160907_1914.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-09-07 19:14
-from __future__ import unicode_literals
 
 from django.db import migrations
 

allianceauth/authentication/migrations/0003_authservicesinfo_state.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-09-09 20:29
-from __future__ import unicode_literals
 
 from django.db import migrations, models
 

allianceauth/authentication/migrations/0004_create_permissions.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-09-09 23:19
-from __future__ import unicode_literals
 
 from django.db import migrations
 

allianceauth/authentication/migrations/0005_delete_perms.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-09-09 23:11
-from __future__ import unicode_literals
 
 from django.db import migrations
 

allianceauth/authentication/migrations/0006_auto_20160910_0542.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-09-10 05:42
-from __future__ import unicode_literals
 
 from django.db import migrations
 

allianceauth/authentication/migrations/0007_remove_authservicesinfo_is_blue.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-09-10 21:50
-from __future__ import unicode_literals
 
 from django.db import migrations
 

allianceauth/authentication/migrations/0008_set_state.py

@@ -0,0 +1,15 @@
+# Generated by Django 1.10.1 on 2016-09-12 13:04
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('authentication', '0007_remove_authservicesinfo_is_blue'),
+        ('eveonline', '0001_initial'),
+        ('auth', '0001_initial'),
+    ]
+
+    operations = [
+    ]

allianceauth/authentication/migrations/0009_auto_20161021_0228.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.2 on 2016-10-21 02:28
-from __future__ import unicode_literals
 
 from django.db import migrations, models
 

allianceauth/authentication/migrations/0010_only_one_authservicesinfo.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2017-01-07 06:47
-from __future__ import unicode_literals
 
 from django.db import migrations
 
@@ -10,7 +8,7 @@ def count_completed_fields(model):
 def forward(apps, schema_editor):
     # this ensures only one model exists per user
     AuthServicesInfo = apps.get_model('authentication', 'AuthServicesInfo')
-    users = set([a.user for a in AuthServicesInfo.objects.all()])
+    users = {a.user for a in AuthServicesInfo.objects.all()}
     for u in users:
         auths = AuthServicesInfo.objects.filter(user=u)
         if auths.count() > 1:

allianceauth/authentication/migrations/0011_authservicesinfo_user_onetoonefield.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2017-01-07 07:11
-from __future__ import unicode_literals
 
 from django.conf import settings
 from django.db import migrations, models

allianceauth/authentication/migrations/0012_remove_add_delete_authservicesinfo_permissions.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.5 on 2017-01-12 00:59
-from __future__ import unicode_literals
 
 from django.db import migrations, models
 

allianceauth/authentication/migrations/0013_service_modules.py

@@ -0,0 +1,70 @@
+# Generated by Django 1.10.2 on 2016-12-11 23:14
+
+from django.db import migrations
+
+import logging
+
+logger = logging.getLogger(__name__)
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('authentication', '0012_remove_add_delete_authservicesinfo_permissions'),
+    ]
+
+    operations = [
+        # Remove fields
+        migrations.RemoveField(
+            model_name='authservicesinfo',
+            name='discord_uid',
+        ),
+        migrations.RemoveField(
+            model_name='authservicesinfo',
+            name='discourse_enabled',
+        ),
+        migrations.RemoveField(
+            model_name='authservicesinfo',
+            name='forum_username',
+        ),
+        migrations.RemoveField(
+            model_name='authservicesinfo',
+            name='ipboard_username',
+        ),
+        migrations.RemoveField(
+            model_name='authservicesinfo',
+            name='ips4_id',
+        ),
+        migrations.RemoveField(
+            model_name='authservicesinfo',
+            name='ips4_username',
+        ),
+        migrations.RemoveField(
+            model_name='authservicesinfo',
+            name='jabber_username',
+        ),
+        migrations.RemoveField(
+            model_name='authservicesinfo',
+            name='market_username',
+        ),
+        migrations.RemoveField(
+            model_name='authservicesinfo',
+            name='mumble_username',
+        ),
+        migrations.RemoveField(
+            model_name='authservicesinfo',
+            name='smf_username',
+        ),
+        migrations.RemoveField(
+            model_name='authservicesinfo',
+            name='teamspeak3_perm_key',
+        ),
+        migrations.RemoveField(
+            model_name='authservicesinfo',
+            name='teamspeak3_uid',
+        ),
+        migrations.RemoveField(
+            model_name='authservicesinfo',
+            name='xenforo_username',
+        ),
+    ]

allianceauth/authentication/migrations/0014_fleetup_permission.py

@@ -0,0 +1,22 @@
+# Generated by Django 1.10.1 on 2016-09-09 23:19
+
+from django.db import migrations
+
+
+def create_permission(apps, schema_editor):
+    User = apps.get_model('auth', 'User')
+    ContentType = apps.get_model('contenttypes', 'ContentType')
+    Permission = apps.get_model('auth', 'Permission')
+    ct = ContentType.objects.get_for_model(User)
+    Permission.objects.get_or_create(codename="view_fleetup", content_type=ct, name="view_fleetup")
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('authentication', '0013_service_modules'),
+    ]
+
+    operations = [
+        migrations.RunPython(create_permission, migrations.RunPython.noop)
+    ]

allianceauth/authentication/migrations/0015_user_profiles.py

@@ -0,0 +1,282 @@
+# Generated by Django 1.10.5 on 2017-03-22 23:09
+
+import allianceauth.authentication.models
+import django.db.models.deletion
+from django.conf import settings
+from django.contrib.auth.hashers import make_password
+from django.db import migrations, models
+
+
+def create_guest_state(apps, schema_editor):
+    State = apps.get_model('authentication', 'State')
+    State.objects.update_or_create(name='Guest', defaults={'priority': 0, 'public': True})
+
+
+def create_member_state(apps, schema_editor):
+    Group = apps.get_model('auth', 'Group')
+    State = apps.get_model('authentication', 'State')
+    EveAllianceInfo = apps.get_model('eveonline', 'EveAllianceInfo')
+    EveCorporationInfo = apps.get_model('eveonline', 'EveCorporationInfo')
+
+    member_state_name = getattr(settings, 'DEFAULT_AUTH_GROUP', 'Member')
+    s = State.objects.update_or_create(name=member_state_name, defaults={'priority': 100, 'public': False})[0]
+    try:
+        # move group permissions to state
+        g = Group.objects.get(name=member_state_name)
+        [s.permissions.add(p.pk) for p in g.permissions.all()]
+        g.delete()
+    except Group.DoesNotExist:
+        pass
+
+    # auto-populate member IDs
+    CORP_IDS = getattr(settings, 'CORP_IDS', [])
+    ALLIANCE_IDS = getattr(settings, 'ALLIANCE_IDS', [])
+    [s.member_corporations.add(c.pk) for c in EveCorporationInfo.objects.filter(corporation_id__in=CORP_IDS)]
+    [s.member_alliances.add(a.pk) for a in EveAllianceInfo.objects.filter(alliance_id__in=ALLIANCE_IDS)]
+
+
+def create_member_group(apps, schema_editor):
+    Group = apps.get_model('auth', 'Group')
+    State = apps.get_model('authentication', 'State')
+    member_state_name = getattr(settings, 'DEFAULT_AUTH_GROUP', 'Member')
+
+    try:
+        g, _ = Group.objects.get_or_create(name=member_state_name)
+        # move permissions back
+        state = State.objects.get(name=member_state_name)
+        [g.permissions.add(p.pk) for p in state.permissions.all()]
+
+        # move users back
+        for profile in state.userprofile_set.all().select_related('user'):
+            profile.user.groups.add(g.pk)
+    except State.DoesNotExist:
+        pass
+
+
+def create_blue_state(apps, schema_editor):
+    Group = apps.get_model('auth', 'Group')
+    State = apps.get_model('authentication', 'State')
+    EveAllianceInfo = apps.get_model('eveonline', 'EveAllianceInfo')
+    EveCorporationInfo = apps.get_model('eveonline', 'EveCorporationInfo')
+    blue_state_name = getattr(settings, 'DEFAULT_BLUE_GROUP', 'Blue')
+
+    s = State.objects.update_or_create(name=blue_state_name, defaults={'priority': 50, 'public': False})[0]
+    try:
+        # move group permissions to state
+        g = Group.objects.get(name=blue_state_name)
+        [s.permissions.add(p.pk) for p in g.permissions.all()]
+        g.delete()
+    except Group.DoesNotExist:
+        pass
+
+    # auto-populate blue member IDs
+    BLUE_CORP_IDS = getattr(settings, 'BLUE_CORP_IDS', [])
+    BLUE_ALLIANCE_IDS = getattr(settings, 'BLUE_ALLIANCE_IDS', [])
+    [s.member_corporations.add(c.pk) for c in EveCorporationInfo.objects.filter(corporation_id__in=BLUE_CORP_IDS)]
+    [s.member_alliances.add(a.pk) for a in EveAllianceInfo.objects.filter(alliance_id__in=BLUE_ALLIANCE_IDS)]
+
+
+def create_blue_group(apps, schema_editor):
+    Group = apps.get_model('auth', 'Group')
+    State = apps.get_model('authentication', 'State')
+    blue_state_name = getattr(settings, 'DEFAULT_BLUE_GROUP', 'Blue')
+
+    try:
+        g, _ = Group.objects.get_or_create(name=blue_state_name)
+        # move permissions back
+        state = State.objects.get(name=blue_state_name)
+        [g.permissions.add(p.pk) for p in state.permissions.all()]
+
+        # move users back
+        for profile in state.userprofile_set.all().select_related('user'):
+            profile.user.groups.add(g.pk)
+    except State.DoesNotExist:
+        pass
+
+
+def purge_tokens(apps, schema_editor):
+    Token = apps.get_model('esi', 'Token')
+    Token.objects.filter(refresh_token__isnull=True).delete()
+
+
+def populate_ownerships(apps, schema_editor):
+    Token = apps.get_model('esi', 'Token')
+    CharacterOwnership = apps.get_model('authentication', 'CharacterOwnership')
+    EveCharacter = apps.get_model('eveonline', 'EveCharacter')
+
+    unique_character_owners = [t['character_id'] for t in
+                                Token.objects.all().values('character_id').annotate(n=models.Count('user')) if
+                                t['n'] == 1 and EveCharacter.objects.filter(character_id=t['character_id']).exists()]
+
+    tokens = Token.objects.filter(character_id__in=unique_character_owners)
+    for c_id in unique_character_owners:
+        # find newest refreshable token and use it as basis for CharacterOwnership
+        ts = tokens.filter(character_id=c_id).exclude(refresh_token__isnull=True).order_by('created')
+        if ts.exists():
+            token = ts[0]
+            char = EveCharacter.objects.get(character_id=token.character_id)
+            CharacterOwnership.objects.create(user_id=token.user_id, character_id=char.id, owner_hash=token.character_owner_hash)
+
+
+def create_profiles(apps, schema_editor):
+    AuthServicesInfo = apps.get_model('authentication', 'AuthServicesInfo')
+    State = apps.get_model('authentication', 'State')
+    UserProfile = apps.get_model('authentication', 'UserProfile')
+    EveCharacter = apps.get_model('eveonline', 'EveCharacter')
+
+    # grab AuthServicesInfo if they have a unique main_char_id and the EveCharacter exists
+    unique_mains = [auth['main_char_id'] for auth in
+                    AuthServicesInfo.objects.exclude(main_char_id='').values('main_char_id').annotate(
+                        n=models.Count('main_char_id')) if
+                    auth['n'] == 1 and EveCharacter.objects.filter(character_id=auth['main_char_id']).exists()]
+
+    auths = AuthServicesInfo.objects.filter(main_char_id__in=unique_mains).select_related('user')
+
+    blue_state_name = getattr(settings, 'DEFAULT_BLUE_GROUP', 'Blue')
+    member_state_name = getattr(settings, 'DEFAULT_AUTH_GROUP', 'Member')
+
+    states = {
+        'Member': State.objects.get(name=member_state_name),
+        'Blue': State.objects.get(name=blue_state_name),
+    }
+    guest_state = State.objects.get(name='Guest')
+
+    for auth in auths:
+        # carry states and mains forward
+        state = states.get(auth.state, guest_state)
+        char = EveCharacter.objects.get(character_id=auth.main_char_id)
+        UserProfile.objects.create(user=auth.user, state=state, main_character=char)
+    for auth in AuthServicesInfo.objects.exclude(main_char_id__in=unique_mains).select_related('user'):
+        # prepare empty profiles
+        UserProfile.objects.create(user=auth.user, state=guest_state)
+
+
+def recreate_authservicesinfo(apps, schema_editor):
+    AuthServicesInfo = apps.get_model('authentication', 'AuthServicesInfo')
+    UserProfile = apps.get_model('authentication', 'UserProfile')
+    User = apps.get_model('auth', 'User')
+
+    blue_state_name = getattr(settings, 'DEFAULT_BLUE_GROUP', 'Blue')
+    member_state_name = getattr(settings, 'DEFAULT_AUTH_GROUP', 'Member')
+
+    states = {
+        member_state_name: 'Member',
+        blue_state_name: 'Blue',
+    }
+
+    # recreate all missing AuthServicesInfo models
+    AuthServicesInfo.objects.bulk_create([AuthServicesInfo(user_id=u.pk) for u in User.objects.all()])
+
+    # repopulate main characters
+    for profile in UserProfile.objects.exclude(main_character__isnull=True).select_related('user', 'main_character'):
+        AuthServicesInfo.objects.update_or_create(user=profile.user, defaults={'main_char_id': profile.main_character.character_id})
+
+    # repopulate states we understand
+    for profile in UserProfile.objects.exclude(state__name='Guest').filter(
+            state__name__in=[member_state_name, blue_state_name]).select_related('user', 'state'):
+        AuthServicesInfo.objects.update_or_create(user=profile.user, defaults={'state': states[profile.state.name]})
+
+
+def disable_passwords(apps, schema_editor):
+    User = apps.get_model('auth', 'User')
+    for u in User.objects.exclude(is_staff=True):
+        # remove passwords for non-staff users to prevent password-based authentication
+        # set_unusable_password is unavailable in migrations because :reasons:
+        u.password = make_password(None)
+        u.save()
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ('auth', '0008_alter_user_username_max_length'),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('eveonline', '0008_remove_apikeys'),
+        ('authentication', '0014_fleetup_permission'),
+        ('esi', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='CharacterOwnership',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('owner_hash', models.CharField(max_length=28, unique=True)),
+                ('character', models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, related_name='character_ownership', to='eveonline.EveCharacter')),
+                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='character_ownerships', to=settings.AUTH_USER_MODEL)),
+            ],
+            options={
+                'default_permissions': ('change', 'delete'),
+                'ordering': ['user', 'character__character_name'],
+            },
+        ),
+        migrations.CreateModel(
+            name='State',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=20, unique=True)),
+                ('priority', models.IntegerField(help_text='Users get assigned the state with the highest priority available to them.', unique=True)),
+                ('public', models.BooleanField(default=False, help_text='Make this state available to any character.')),
+                ('member_alliances', models.ManyToManyField(blank=True, help_text='Alliances to whose members this state is available.', to='eveonline.EveAllianceInfo')),
+                ('member_characters', models.ManyToManyField(blank=True, help_text='Characters to which this state is available.', to='eveonline.EveCharacter')),
+                ('member_corporations', models.ManyToManyField(blank=True, help_text='Corporations to whose members this state is available.', to='eveonline.EveCorporationInfo')),
+                ('permissions', models.ManyToManyField(blank=True, to='auth.Permission')),
+            ],
+            options={
+                'ordering': ['-priority'],
+            },
+        ),
+        migrations.CreateModel(
+            name='UserProfile',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('main_character', models.OneToOneField(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, to='eveonline.EveCharacter')),
+                ('state', models.ForeignKey(default=allianceauth.authentication.models.get_guest_state_pk, on_delete=django.db.models.deletion.SET_DEFAULT, to='authentication.State')),
+                ('user', models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, related_name='profile', to=settings.AUTH_USER_MODEL)),
+            ],
+            options={
+                'default_permissions': ('change',),
+            },
+        ),
+        migrations.RunPython(create_guest_state, migrations.RunPython.noop),
+        migrations.RunPython(create_member_state, create_member_group),
+        migrations.RunPython(create_blue_state, create_blue_group),
+        migrations.RunPython(purge_tokens, migrations.RunPython.noop),
+        migrations.RunPython(populate_ownerships, migrations.RunPython.noop),
+        migrations.RunPython(create_profiles, recreate_authservicesinfo),
+        migrations.RemoveField(
+            model_name='authservicesinfo',
+            name='user',
+        ),
+        migrations.DeleteModel(
+            name='AuthServicesInfo',
+        ),
+        migrations.RunPython(disable_passwords, migrations.RunPython.noop),
+        migrations.CreateModel(
+            name='Permission',
+            fields=[
+            ],
+            options={
+                'proxy': True,
+                'verbose_name': 'permission',
+                'verbose_name_plural': 'permissions',
+            },
+            bases=('auth.permission',),
+            managers=[
+                ('objects', django.contrib.auth.models.PermissionManager()),
+            ],
+        ),
+        migrations.CreateModel(
+            name='User',
+            fields=[
+            ],
+            options={
+                'proxy': True,
+                'verbose_name': 'user',
+                'verbose_name_plural': 'users',
+            },
+            bases=('auth.user',),
+            managers=[
+                ('objects', django.contrib.auth.models.UserManager()),
+            ],
+        ),
+    ]

allianceauth/authentication/migrations/0016_ownershiprecord.py

@@ -0,0 +1,40 @@
+# Generated by Django 2.0.4 on 2018-04-14 18:28
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+def create_initial_records(apps, schema_editor):
+    OwnershipRecord = apps.get_model('authentication', 'OwnershipRecord')
+    CharacterOwnership = apps.get_model('authentication', 'CharacterOwnership')
+
+    OwnershipRecord.objects.bulk_create([
+        OwnershipRecord(user=o.user, character=o.character, owner_hash=o.owner_hash) for o in CharacterOwnership.objects.all()
+    ])
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('eveonline', '0009_on_delete'),
+        ('authentication', '0015_user_profiles'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='OwnershipRecord',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('owner_hash', models.CharField(db_index=True, max_length=28)),
+                ('created', models.DateTimeField(auto_now=True)),
+                ('character', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='ownership_records', to='eveonline.EveCharacter')),
+                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='ownership_records', to=settings.AUTH_USER_MODEL)),
+            ],
+            options={
+                'ordering': ['-created'],
+            },
+        ),
+        migrations.RunPython(create_initial_records, migrations.RunPython.noop)
+    ]

allianceauth/authentication/migrations/0017_remove_fleetup_permission.py

@@ -0,0 +1,20 @@
+from django.db import migrations
+
+
+def remove_permission(apps, schema_editor):
+    User = apps.get_model('auth', 'User')
+    ContentType = apps.get_model('contenttypes', 'ContentType')
+    Permission = apps.get_model('auth', 'Permission')
+    ct = ContentType.objects.get_for_model(User)
+    Permission.objects.filter(codename="view_fleetup", content_type=ct, name="view_fleetup").delete()
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('authentication', '0016_ownershiprecord'),
+    ]
+
+    operations = [
+        migrations.RunPython(remove_permission, migrations.RunPython.noop)
+    ]

allianceauth/authentication/migrations/0018_alter_state_name_length.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2.8 on 2021-10-20 05:22
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('authentication', '0017_remove_fleetup_permission'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='state',
+            name='name',
+            field=models.CharField(max_length=32, unique=True),
+        ),
+    ]

allianceauth/authentication/migrations/0018_state_member_factions.py

@@ -0,0 +1,19 @@
+# Generated by Django 3.1.13 on 2021-10-12 20:21
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('eveonline', '0015_factions'),
+        ('authentication', '0017_remove_fleetup_permission'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='state',
+            name='member_factions',
+            field=models.ManyToManyField(blank=True, help_text='Factions to whose members this state is available.', to='eveonline.EveFactionInfo'),
+        ),
+    ]

allianceauth/authentication/migrations/0019_merge_20211026_0919.py

@@ -0,0 +1,14 @@
+# Generated by Django 3.2.8 on 2021-10-26 09:19
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('authentication', '0018_alter_state_name_length'),
+        ('authentication', '0018_state_member_factions'),
+    ]
+
+    operations = [
+    ]

allianceauth/authentication/migrations/0020_userprofile_language_userprofile_night_mode.py

@@ -0,0 +1,23 @@
+# Generated by Django 4.0.2 on 2022-02-26 03:45
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('authentication', '0019_merge_20211026_0919'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='userprofile',
+            name='language',
+            field=models.CharField(blank=True, choices=[('en', 'English'), ('de', 'German'), ('es', 'Spanish'), ('zh-hans', 'Chinese Simplified'), ('ru', 'Russian'), ('ko', 'Korean'), ('fr', 'French'), ('ja', 'Japanese'), ('it', 'Italian')], default='', max_length=10, verbose_name='Language'),
+        ),
+        migrations.AddField(
+            model_name='userprofile',
+            name='night_mode',
+            field=models.BooleanField(blank=True, null=True, verbose_name='Night Mode'),
+        ),
+    ]

allianceauth/authentication/migrations/0021_alter_userprofile_language.py

@@ -0,0 +1,34 @@
+# Generated by Django 4.0.10 on 2023-05-28 15:36
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("authentication", "0020_userprofile_language_userprofile_night_mode"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="userprofile",
+            name="language",
+            field=models.CharField(
+                blank=True,
+                choices=[
+                    ("en", "English"),
+                    ("de", "German"),
+                    ("es", "Spanish"),
+                    ("zh-hans", "Chinese Simplified"),
+                    ("ru", "Russian"),
+                    ("ko", "Korean"),
+                    ("fr", "French"),
+                    ("ja", "Japanese"),
+                    ("it", "Italian"),
+                    ("uk", "Ukrainian"),
+                ],
+                default="",
+                max_length=10,
+                verbose_name="Language",
+            ),
+        ),
+    ]

allianceauth/authentication/migrations/0022_userprofile_theme.py

@@ -0,0 +1,18 @@
+# Generated by Django 4.0.10 on 2023-10-07 07:59
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('authentication', '0021_alter_userprofile_language'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='userprofile',
+            name='theme',
+            field=models.CharField(blank=True, help_text='Bootstrap 5 Themes from https://bootswatch.com/ or Community Apps', max_length=200, null=True, verbose_name='Theme'),
+        ),
+    ]

allianceauth/authentication/migrations/0023_alter_userprofile_language.py

@@ -0,0 +1,18 @@
+# Generated by Django 4.2.13 on 2024-05-12 09:44
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('authentication', '0022_userprofile_theme'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='userprofile',
+            name='language',
+            field=models.CharField(blank=True, choices=[('en', 'English'), ('de', 'German'), ('es', 'Spanish'), ('zh-hans', 'Chinese Simplified'), ('ru', 'Russian'), ('ko', 'Korean'), ('fr', 'French'), ('ja', 'Japanese'), ('it', 'Italian'), ('uk', 'Ukrainian'), ('pl', 'Polish')], default='', max_length=10, verbose_name='Language'),
+        ),
+    ]

allianceauth/authentication/migrations/0024_alter_userprofile_language.py

@@ -0,0 +1,18 @@
+# Generated by Django 4.2 on 2024-09-13 09:46
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('authentication', '0023_alter_userprofile_language'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='userprofile',
+            name='language',
+            field=models.CharField(blank=True, choices=[('en', 'English'), ('cs-cz', 'Czech'), ('de', 'German'), ('es', 'Spanish'), ('it-it', 'Italian'), ('ja', 'Japanese'), ('ko-kr', 'Korean'), ('fr-fr', 'French'), ('ru', 'Russian'), ('nl-nl', 'Dutch'), ('pl-pl', 'Polish'), ('uk', 'Ukrainian'), ('zh-hans', 'Simplified Chinese')], default='', max_length=10, verbose_name='Language'),
+        ),
+    ]

allianceauth/authentication/models.py

@@ -0,0 +1,170 @@
+import logging
+from typing import ClassVar
+
+from django.contrib.auth.models import User, Permission
+from django.db import models, transaction
+from django.utils.translation import gettext_lazy as _
+from allianceauth.eveonline.models import EveCharacter, EveCorporationInfo, EveAllianceInfo, EveFactionInfo
+from allianceauth.notifications import notify
+from django.conf import settings
+
+from .managers import CharacterOwnershipManager, StateManager
+
+logger = logging.getLogger(__name__)
+
+
+class State(models.Model):
+    name = models.CharField(max_length=32, unique=True)
+    permissions = models.ManyToManyField(Permission, blank=True)
+    priority = models.IntegerField(unique=True, help_text="Users get assigned the state with the highest priority available to them.")
+
+    member_characters = models.ManyToManyField(EveCharacter, blank=True,
+                                                help_text="Characters to which this state is available.")
+    member_corporations = models.ManyToManyField(EveCorporationInfo, blank=True,
+                                                help_text="Corporations to whose members this state is available.")
+    member_alliances = models.ManyToManyField(EveAllianceInfo, blank=True,
+                                            help_text="Alliances to whose members this state is available.")
+    member_factions = models.ManyToManyField(EveFactionInfo, blank=True,
+                                            help_text="Factions to whose members this state is available.")
+    public = models.BooleanField(default=False, help_text="Make this state available to any character.")
+
+    objects: ClassVar[StateManager] = StateManager()
+
+    class Meta:
+        ordering = ['-priority']
+
+    def __str__(self):
+        return self.name
+
+    def available_to_character(self, character):
+        return self in State.objects.available_to_character(character)
+
+    def available_to_user(self, user):
+        return self in State.objects.available_to_user(user)
+
+    def delete(self, **kwargs):
+        with transaction.atomic():
+            for profile in self.userprofile_set.all():
+                profile.assign_state(state=State.objects.exclude(pk=self.pk).get_for_user(profile.user))
+        super().delete(**kwargs)
+
+
+def get_guest_state():
+    try:
+        return State.objects.get(name='Guest')
+    except State.DoesNotExist:
+        return State.objects.create(name='Guest', priority=0, public=True)
+
+
+def get_guest_state_pk():
+    return get_guest_state().pk
+
+
+class UserProfile(models.Model):
+    class Meta:
+        default_permissions = ('change',)
+
+    class Language(models.TextChoices):
+        """
+        Choices for UserProfile.language
+        """
+        # Sorted by Language Code alphabetical order + English at top
+        ENGLISH = 'en', _('English')
+        CZECH = 'cs-cz', _("Czech")  # Not yet at 50% translated
+        GERMAN = 'de', _('German')
+        SPANISH = 'es', _('Spanish')
+        ITALIAN = 'it-it', _('Italian')
+        JAPANESE = 'ja', _('Japanese')
+        KOREAN = 'ko-kr', _('Korean')
+        FRENCH = 'fr-fr', _('French')
+        RUSSIAN = 'ru', _('Russian')
+        DUTCH = 'nl-nl', _("Dutch")
+        POLISH = 'pl-pl', _("Polish")
+        UKRAINIAN = 'uk', _('Ukrainian')
+        CHINESE = 'zh-hans', _('Simplified Chinese')
+
+    user = models.OneToOneField(
+        User,
+        related_name='profile',
+        on_delete=models.CASCADE)
+    main_character = models.OneToOneField(
+        EveCharacter,
+        blank=True,
+        null=True,
+        on_delete=models.SET_NULL)
+    state = models.ForeignKey(
+        State,
+        on_delete=models.SET_DEFAULT,
+        default=get_guest_state_pk)
+    language = models.CharField(
+        _("Language"), max_length=10,
+        choices=Language.choices,
+        blank=True,
+        default='')
+    night_mode = models.BooleanField(
+        _("Night Mode"),
+        blank=True,
+        null=True)
+    theme = models.CharField(
+        _("Theme"),
+        max_length=200,
+        blank=True,
+        null=True,
+        help_text="Bootstrap 5 Themes from https://bootswatch.com/ or Community Apps"
+    )
+
+    def assign_state(self, state=None, commit=True):
+        if not state:
+            state = State.objects.get_for_user(self.user)
+        if self.state != state:
+            self.state = state
+            if commit:
+                logger.info(f'Updating {self.user} state to {self.state}')
+                self.save(update_fields=['state'])
+                notify(
+                    self.user,
+                    _('State changed to: %s' % state),
+                    _('Your user\'s state is now: %(state)s')
+                    % ({'state': state}),
+                    'info'
+                )
+                from allianceauth.authentication.signals import state_changed
+
+                # We need to ensure we get up to date perms here as they will have just changed.
+                # Clear all attribute caches and reload the model that will get passed to the signals!
+                self.refresh_from_db()
+
+                state_changed.send(
+                    sender=self.__class__, user=self.user, state=self.state
+                )
+
+    def __str__(self) -> str:
+        return str(self.user)
+
+
+class CharacterOwnership(models.Model):
+    class Meta:
+        default_permissions = ('change', 'delete')
+        ordering = ['user', 'character__character_name']
+
+    character = models.OneToOneField(EveCharacter, on_delete=models.CASCADE, related_name='character_ownership')
+    owner_hash = models.CharField(max_length=28, unique=True)
+    user = models.ForeignKey(User, on_delete=models.CASCADE, related_name='character_ownerships')
+
+    objects: ClassVar[CharacterOwnershipManager] = CharacterOwnershipManager()
+
+    def __str__(self):
+        return f"{self.user}: {self.character}"
+
+
+class OwnershipRecord(models.Model):
+    character = models.ForeignKey(EveCharacter, on_delete=models.CASCADE, related_name='ownership_records')
+    owner_hash = models.CharField(max_length=28, db_index=True)
+    user = models.ForeignKey(User, on_delete=models.CASCADE, related_name='ownership_records')
+    created = models.DateTimeField(auto_now=True)
+
+    class Meta:
+        ordering = ['-created']
+
+    def __str__(self):
+        return f"{self.user}: {self.character} on {self.created}"

allianceauth/authentication/signals.py

@@ -0,0 +1,164 @@
+import logging
+
+from .models import (
+    CharacterOwnership,
+    UserProfile,
+    get_guest_state,
+    State,
+    OwnershipRecord)
+from django.contrib.auth.models import User
+from django.db.models import Q
+from django.db.models.signals import pre_save, post_save, pre_delete, post_delete, m2m_changed
+from django.dispatch import receiver, Signal
+from esi.models import Token
+
+from allianceauth.eveonline.models import EveCharacter
+
+logger = logging.getLogger(__name__)
+
+state_changed = Signal()
+
+
+def trigger_state_check(state):
+    # evaluate all current members to ensure they still have access
+    for profile in state.userprofile_set.all():
+        profile.assign_state()
+
+    # we may now be available to others with lower states
+    check_states = State.objects.filter(priority__lt=state.priority)
+    for profile in UserProfile.objects.filter(state__in=check_states):
+        if state.available_to_user(profile.user):
+            profile.assign_state(state)
+
+
+@receiver(m2m_changed, sender=State.member_characters.through)
+def state_member_characters_changed(sender, instance, action, *args, **kwargs):
+    if action.startswith('post_'):
+        logger.debug(f'State {instance} member characters changed. Re-evaluating membership.')
+        trigger_state_check(instance)
+
+
+@receiver(m2m_changed, sender=State.member_corporations.through)
+def state_member_corporations_changed(sender, instance, action, *args, **kwargs):
+    if action.startswith('post_'):
+        logger.debug(f'State {instance} member corporations changed. Re-evaluating membership.')
+        trigger_state_check(instance)
+
+
+@receiver(m2m_changed, sender=State.member_alliances.through)
+def state_member_alliances_changed(sender, instance, action, *args, **kwargs):
+    if action.startswith('post_'):
+        logger.debug(f'State {instance} member alliances changed. Re-evaluating membership.')
+        trigger_state_check(instance)
+
+@receiver(m2m_changed, sender=State.member_factions.through)
+def state_member_factions_changed(sender, instance, action, *args, **kwargs):
+    if action.startswith('post_'):
+        logger.debug(f'State {instance} member factions changed. Re-evaluating membership.')
+        trigger_state_check(instance)
+
+@receiver(post_save, sender=State)
+def state_saved(sender, instance, *args, **kwargs):
+    logger.debug(f'State {instance} saved. Re-evaluating membership.')
+    trigger_state_check(instance)
+
+
+# Is there a smarter way to intercept pre_save with a diff main_character or state?
+@receiver(post_save, sender=UserProfile)
+def reassess_on_profile_save(sender, instance, created, *args, **kwargs):
+    # catches post_save from profiles to trigger necessary service and state checks
+    if not created:
+        update_fields = kwargs.pop('update_fields', []) or []
+        if 'state' not in update_fields:
+            logger.debug(f'Profile for {instance.user} saved without state change. Re-evaluating state.')
+            instance.assign_state()
+
+
+@receiver(post_save, sender=User)
+def create_required_models(sender, instance, created, *args, **kwargs):
+    # ensure all users have our Sub-Models
+    if created:
+        logger.debug(f'User {instance} created. Creating default UserProfile.')
+        UserProfile.objects.get_or_create(user=instance)
+
+
+@receiver(post_save, sender=Token)
+def record_character_ownership(sender, instance, created, *args, **kwargs):
+    if created:
+        logger.debug(f'New token for {instance.user} character {instance.character_name} saved. Evaluating ownership.')
+        if instance.user:
+            query = Q(owner_hash=instance.character_owner_hash) & Q(user=instance.user)
+        else:
+            query = Q(owner_hash=instance.character_owner_hash)
+        # purge ownership records if the hash or auth user account has changed
+        CharacterOwnership.objects.filter(character__character_id=instance.character_id).exclude(query).delete()
+        # create character if needed
+        if EveCharacter.objects.filter(character_id=instance.character_id).exists() is False:
+            logger.debug(f'Token is for a new character. Creating model for {instance.character_name} ({instance.character_id})')
+            EveCharacter.objects.create_character(instance.character_id)
+        char = EveCharacter.objects.get(character_id=instance.character_id)
+        # check if we need to create ownership
+        if instance.user and not CharacterOwnership.objects.filter(
+                character__character_id=instance.character_id).exists():
+            logger.debug(f"Character {instance.character_name} is not yet owned. Assigning ownership to {instance.user}")
+            CharacterOwnership.objects.update_or_create(character=char, defaults={'owner_hash': instance.character_owner_hash, 'user': instance.user})
+
+
+@receiver(pre_delete, sender=CharacterOwnership)
+def validate_main_character(sender, instance, *args, **kwargs):
+    try:
+        if instance.user.profile.main_character == instance.character:
+            logger.info("Ownership of a main character {} has been revoked. Resetting {} main character.".format(
+                instance.character, instance.user))
+            # clear main character as user no longer owns them
+            instance.user.profile.main_character = None
+            instance.user.profile.save()
+    except UserProfile.DoesNotExist:
+        # a user is being deleted
+        pass
+
+
+@receiver(post_delete, sender=Token)
+def validate_ownership(sender, instance, *args, **kwargs):
+    if not Token.objects.filter(character_owner_hash=instance.character_owner_hash).filter(refresh_token__isnull=False).exists():
+        logger.info(f"No remaining tokens to validate ownership of character {instance.character_name}. Revoking ownership.")
+        CharacterOwnership.objects.filter(owner_hash=instance.character_owner_hash).delete()
+
+
+@receiver(pre_save, sender=User)
+def assign_state_on_active_change(sender, instance, *args, **kwargs):
+    # set to guest state if inactive, assign proper state if reactivated
+    if instance.pk:
+        old_instance = User.objects.get(pk=instance.pk)
+        if old_instance.is_active != instance.is_active:
+            if instance.is_active:
+                logger.debug(f"User {instance} has been activated. Assigning state.")
+                instance.profile.assign_state()
+            else:
+                logger.debug(
+                    f"User {instance} has been deactivated. Revoking state and assigning to guest state.")
+                instance.profile.state = get_guest_state()
+                instance.profile.save(update_fields=['state'])
+
+
+@receiver(post_save, sender=EveCharacter)
+def check_state_on_character_update(sender, instance, *args, **kwargs):
+    # if this is a main character updating, check that user's state
+    try:
+        logger.debug(f"Character {instance} has been saved. Assessing owner's state for changes.")
+        instance.userprofile.assign_state()
+    except UserProfile.DoesNotExist:
+        logger.debug(f"Character {instance} is not a main character. No state assessment required.")
+        pass
+
+
+@receiver(post_save, sender=CharacterOwnership)
+def ownership_record_creation(sender, instance, created, *args, **kwargs):
+    if created:
+        records = OwnershipRecord.objects.filter(owner_hash=instance.owner_hash).filter(character=instance.character)
+        if records.exists():
+            if records[0].user == instance.user:  # most recent record is sorted first
+                logger.debug(f"Already have ownership record of {instance.character} by user {instance.user}")
+                return
+        logger.info(f"Character {instance.character} has a new owner {instance.user}. Creating ownership record.")
+        OwnershipRecord.objects.create(user=instance.user, character=instance.character, owner_hash=instance.owner_hash)

allianceauth/authentication/static/allianceauth/authentication/css/admin.css

@@ -0,0 +1,31 @@
+/*
+CSS for allianceauth admin site
+*/
+
+/* styling for profile pic */
+.img-circle {
+    border-radius: 50%;
+}
+
+.column-user_profile_pic {
+    white-space: nowrap;
+    width: 1px;
+}
+
+/* tooltip */
+.tooltip {
+    position: relative;
+}
+
+.tooltip:hover::after {
+    background-color: rgb(255 255 204);
+    border: 1px rgb(128 128 128) solid;
+    color: rgb(0 0 0);
+    content: attr(data-tooltip);
+    left: 1em;
+    min-width: 200px;
+    padding: 8px;
+    position: absolute;
+    top: 1.1em;
+    z-index: 1;
+}