Just an empty Tag Commit, because 2.11.2 bump went wonky

Merge branch 'master' of https://gitlab.com/allianceauth/allianceauth into v2.11.x
Version Bump v2.11.2
2026-02-04 14:16:21 +01:00 · 2022-03-29 14:48:39 +10:00 · 2022-03-29 14:47:40 +10:00 · 2022-03-29 14:46:59 +10:00 · 2022-03-29 14:40:30 +10:00 · 2022-03-20 14:42:39 +10:00
1050 changed files with 69791 additions and 38828 deletions
--- a/.coveragerc
+++ b/.coveragerc
@@ -0,0 +1,23 @@
+[run]
+branch = True
+source =
+    allianceauth
+
+omit =
+    */migrations/*
+    */example/*
+    */project_template/*
+    */bin/*
+    */tests/*
+    */tests.py
+
+[report]
+exclude_lines =
+    if self.debug:
+    pragma: no cover
+    raise NotImplementedError
+    if __name__ == .__main__.:
+    def __repr__
+    raise AssertionError
+
+ignore_errors = True
--- a/.editorconfig
+++ b/.editorconfig
@@ -0,0 +1,28 @@
+# http://editorconfig.org
+root = true
+
+[*]
+indent_style = space
+indent_size = 4
+tab_width = 4
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.{yaml,yml,less}]
+indent_size = 2
+
+[*.md]
+indent_size = 2
+
+# Makefiles always use tabs for indentation
+[Makefile]
+indent_style = tab
+
+[*.bat]
+indent_style = tab
+
+[{Dockerfile,*.dockerfile}]
+indent_style = space
+indent_size = 4
--- a/.gitattributes
+++ b/.gitattributes
@@ -1 +0,0 @@
-*/*.py.example linguist-language=Python
--- a/.gitignore
+++ b/.gitignore
@@ -8,6 +8,7 @@ __pycache__/
 # Distribution / packaging
 .Python
 env/
+venv/
 build/
 develop-eggs/
 dist/
@@ -37,11 +38,9 @@ htmlcov/
 .tox/
 .coverage
 .cache
-nosetests.xml
 coverage.xml

 # Translations
-*.mo
 *.pot

 # Django stuff:
@@ -53,17 +52,28 @@ docs/_build/
 # PyBuilder
 target/

-.vagrant/
-alliance_auth/settings.py
 *Thumbs.db
 nginx_config.txt

-# custom staticfiles
-static/*
-
 #celerybeat
 *.pid
 celerybeat-schedule

 #pycharm
-.idea/*
+.idea/*
+/nbproject/
+
+#VSCode
+.vscode/
+
+#gitlab configs
+.gitlab/
+
+#transifex
+.tx/
+
+#other
+.flake8
+.pylintrc
+Makefile
+.isort.cfg
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -0,0 +1,225 @@
+.only-default: &only-default
+  only:
+    - master
+    - branches
+    - merge_requests
+
+stages:
+- pre-commit
+- gitlab
+- test
+- deploy
+- docker
+
+include:
+- template: Dependency-Scanning.gitlab-ci.yml
+- template: Security/SAST.gitlab-ci.yml
+
+before_script:
+  - apt-get update && apt-get install redis-server -y
+  - redis-server --daemonize yes
+  - python -V
+  - pip install wheel tox
+
+pre-commit-check:
+  <<: *only-default
+  stage: pre-commit
+  image: python:3.6-buster
+  variables:
+    PRE_COMMIT_HOME: ${CI_PROJECT_DIR}/.cache/pre-commit
+  cache:
+    paths:
+      - ${PRE_COMMIT_HOME}
+  script:
+    - pip install pre-commit
+    - pre-commit run --all-files
+
+sast:
+  stage: gitlab
+  before_script: []
+
+dependency_scanning:
+  stage: gitlab
+  before_script:
+  - apt-get update && apt-get install redis-server libmariadb-dev -y
+  - redis-server --daemonize yes
+  - python -V
+  - pip install wheel tox
+
+test-3.7-core:
+  <<: *only-default
+  image: python:3.7-bullseye
+  script:
+  - tox -e py37-core
+  artifacts:
+    when: always
+    reports:
+      cobertura: coverage.xml
+
+test-3.8-core:
+  <<: *only-default
+  image: python:3.8-bullseye
+  script:
+  - tox -e py38-core
+  artifacts:
+    when: always
+    reports:
+      cobertura: coverage.xml
+
+test-3.9-core:
+  <<: *only-default
+  image: python:3.9-bullseye
+  script:
+  - tox -e py39-core
+  artifacts:
+    when: always
+    reports:
+      cobertura: coverage.xml
+
+test-3.10-core:
+  <<: *only-default
+  image: python:3.10-bullseye
+  script:
+  - tox -e py310-core
+  artifacts:
+    when: always
+    reports:
+      cobertura: coverage.xml
+
+test-3.11-core:
+  <<: *only-default
+  image: python:3.11-rc-bullseye
+  script:
+  - tox -e py311-core
+  artifacts:
+    when: always
+    reports:
+      cobertura: coverage.xml
+  allow_failure: true
+
+test-3.7-all:
+  <<: *only-default
+  image: python:3.7-bullseye
+  script:
+  - tox -e py37-all
+  artifacts:
+    when: always
+    reports:
+      cobertura: coverage.xml
+
+test-3.8-all:
+  <<: *only-default
+  image: python:3.8-bullseye
+  script:
+  - tox -e py38-all
+  artifacts:
+    when: always
+    reports:
+      cobertura: coverage.xml
+
+test-3.9-all:
+  <<: *only-default
+  image: python:3.9-bullseye
+  script:
+  - tox -e py39-all
+  artifacts:
+    when: always
+    reports:
+      cobertura: coverage.xml
+
+test-3.10-all:
+  <<: *only-default
+  image: python:3.10-bullseye
+  script:
+  - tox -e py310-all
+  artifacts:
+    when: always
+    reports:
+      cobertura: coverage.xml
+
+test-3.11-all:
+  <<: *only-default
+  image: python:3.11-rc-bullseye
+  script:
+  - tox -e py311-all
+  artifacts:
+    when: always
+    reports:
+      cobertura: coverage.xml
+  allow_failure: true
+
+deploy_production:
+  stage: deploy
+  image: python:3.10-bullseye
+
+  before_script:
+    - pip install twine wheel
+
+  script:
+    - python setup.py sdist bdist_wheel
+    - twine upload dist/*
+
+  rules:
+    - if: $CI_COMMIT_TAG
+
+build-image:
+  before_script: []
+  image: docker:20.10.10
+  stage: docker
+  services:
+    - docker:20.10.10-dind
+  script: |
+    CURRENT_DATE=$(echo $CI_COMMIT_TIMESTAMP | head -c 10 | tr -d -)
+    IMAGE_TAG=$CI_REGISTRY_IMAGE/auth:$CURRENT_DATE-$CI_COMMIT_SHORT_SHA
+    CURRENT_TAG=$CI_REGISTRY_IMAGE/auth:$CI_COMMIT_TAG
+    MINOR_TAG=$CI_REGISTRY_IMAGE/auth:$(echo $CI_COMMIT_TAG | cut -d '.' -f 1-2)
+    MAJOR_TAG=$CI_REGISTRY_IMAGE/auth:$(echo $CI_COMMIT_TAG | cut -d '.' -f 1)
+    LATEST_TAG=$CI_REGISTRY_IMAGE/auth:latest
+
+    docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+    docker build . -t $IMAGE_TAG -f docker/Dockerfile --build-arg AUTH_VERSION=$(echo $CI_COMMIT_TAG | cut -c 2-)
+    docker tag $IMAGE_TAG $CURRENT_TAG
+    docker tag $IMAGE_TAG $MINOR_TAG
+    docker tag $IMAGE_TAG $MAJOR_TAG
+    docker tag $IMAGE_TAG $LATEST_TAG
+    docker image push --all-tags $CI_REGISTRY_IMAGE/auth
+  rules:
+    - if: $CI_COMMIT_TAG
+
+build-image-dev:
+  before_script: []
+  image: docker:20.10.10
+  stage: docker
+  services:
+    - docker:20.10.10-dind
+  script: |
+    CURRENT_DATE=$(echo $CI_COMMIT_TIMESTAMP | head -c 10 | tr -d -)
+    IMAGE_TAG=$CI_REGISTRY_IMAGE/auth:$CURRENT_DATE-$CI_COMMIT_BRANCH-$CI_COMMIT_SHORT_SHA
+
+    docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+    docker build . -t $IMAGE_TAG -f docker/Dockerfile --build-arg AUTH_PACKAGE=git+https://gitlab.com/allianceauth/allianceauth@$CI_COMMIT_BRANCH
+    docker push $IMAGE_TAG
+  rules:
+    - if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME == ""'
+      when: manual
+    - if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME != ""'
+      when: never
+
+build-image-mr:
+  before_script: []
+  image: docker:20.10.10
+  stage: docker
+  services:
+    - docker:20.10.10-dind
+  script: |
+    CURRENT_DATE=$(echo $CI_COMMIT_TIMESTAMP | head -c 10 | tr -d -)
+    IMAGE_TAG=$CI_REGISTRY_IMAGE/auth:$CURRENT_DATE-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME-$CI_COMMIT_SHORT_SHA
+
+    docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+    docker build . -t $IMAGE_TAG -f docker/Dockerfile --build-arg AUTH_PACKAGE=git+$CI_MERGE_REQUEST_SOURCE_PROJECT_URL@$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME
+    docker push $IMAGE_TAG
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+      when: manual
+    - if: '$CI_PIPELINE_SOURCE != "merge_request_event"'
+      when: never
--- a/.gitlab/issue_templates/Bug.md
+++ b/.gitlab/issue_templates/Bug.md
@@ -0,0 +1,14 @@
+# Bug
+
+- I have searched [issues](https://gitlab.com/allianceauth/allianceauth/issues?scope=all&utf8=%E2%9C%93&state=all) (Y/N):
+- What Version of Alliance Auth:
+- What Operating System:
+- Version of other components relevant to issue eg. Service, Database:
+
+Please include a brief description of your issue here.
+
+Please include steps to reproduce the issue
+
+Please include any tracebacks or logs
+
+Please include the results of the command `pip list`
--- a/.gitlab/issue_templates/Feature
+++ b/.gitlab/issue_templates/Feature
@@ -0,0 +1,7 @@
+# Feature Request
+
+- Describe the feature are you requesting.
+
+- Is this a Service (external integration), a Module (Alliance Auth extension) or an enhancement to an existing service/module.
+
+- Describe why its useful to you or others.
--- a/.idea/allianceauth.iml
+++ b/.idea/allianceauth.iml
@@ -1,22 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<module type="PYTHON_MODULE" version="4">
-  <component name="FacetManager">
-    <facet type="django" name="Django">
-      <configuration>
-        <option name="rootFolder" value="$MODULE_DIR$" />
-        <option name="settingsModule" value="alliance_auth/settings.py.example" />
-        <option name="manageScript" value="manage.py" />
-        <option name="environment" value="&lt;map/&gt;" />
-        <option name="commandsToSkip" value="" />
-      </configuration>
-    </facet>
-  </component>
-  <component name="NewModuleRootManager">
-    <content url="file://$MODULE_DIR$" />
-    <orderEntry type="jdk" jdkName="Python 2.7.11 virtualenv at ~/1.6" jdkType="Python SDK" />
-    <orderEntry type="sourceFolder" forTests="false" />
-  </component>
-  <component name="TemplatesService">
-    <option name="TEMPLATE_CONFIGURATION" value="Django" />
-  </component>
-</module>
--- a/.idea/dataSources.ids
+++ b/.idea/dataSources.ids
@@ -1,12 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<component name="dataSourceStorage">
-  <data-source source="LOCAL" name="Django default" uuid="3eb61453-647a-4832-8320-f3561f039abc">
-    <database-info product="" version="" jdbc-version="" driver-name="" driver-version=""/>
-  </data-source>
-  <data-source source="LOCAL" name="Django phpbb3" uuid="2de247c2-1951-4e74-8276-6a1c89c396fa">
-    <database-info product="" version="" jdbc-version="" driver-name="" driver-version=""/>
-  </data-source>
-  <data-source source="LOCAL" name="Django mumble" uuid="9963e5ca-7f2f-4dd3-9175-bc7102dfd48c">
-    <database-info product="" version="" jdbc-version="" driver-name="" driver-version=""/>
-  </data-source>
-</component>
--- a/.idea/dataSources.xml
+++ b/.idea/dataSources.xml
@@ -1,20 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="DataSourceManagerImpl" format="xml" multifile-model="true">
-    <data-source source="LOCAL" name="Django default" uuid="3eb61453-647a-4832-8320-f3561f039abc">
-      <driver-ref>mysql</driver-ref>
-      <jdbc-driver>com.mysql.jdbc.Driver</jdbc-driver>
-      <jdbc-url>jdbc:mysql://127.0.0.1:3306/alliance_auth</jdbc-url>
-    </data-source>
-    <data-source source="LOCAL" name="Django phpbb3" uuid="2de247c2-1951-4e74-8276-6a1c89c396fa">
-      <driver-ref>mysql</driver-ref>
-      <jdbc-driver>com.mysql.jdbc.Driver</jdbc-driver>
-      <jdbc-url>jdbc:mysql://127.0.0.1:3306/alliance_forum</jdbc-url>
-    </data-source>
-    <data-source source="LOCAL" name="Django mumble" uuid="9963e5ca-7f2f-4dd3-9175-bc7102dfd48c">
-      <driver-ref>mysql</driver-ref>
-      <jdbc-driver>com.mysql.jdbc.Driver</jdbc-driver>
-      <jdbc-url>jdbc:mysql://127.0.0.1:3306/alliance_mumble</jdbc-url>
-    </data-source>
-  </component>
-</project>
--- a/.idea/encodings.xml
+++ b/.idea/encodings.xml
@@ -1,5 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="Encoding" useUTFGuessing="true" native2AsciiForPropertiesFiles="false" />
-</project>
-
--- a/.idea/inspectionProfiles/Project_Default.xml
+++ b/.idea/inspectionProfiles/Project_Default.xml
@@ -1,11 +0,0 @@
-<component name="InspectionProjectProfileManager">
-  <profile version="1.0" is_locked="false">
-    <option name="myName" value="Project Default" />
-    <option name="myLocal" value="false" />
-    <inspection_tool class="SpellCheckingInspection" enabled="false" level="TYPO" enabled_by_default="false">
-      <option name="processCode" value="true" />
-      <option name="processLiterals" value="true" />
-      <option name="processComments" value="true" />
-    </inspection_tool>
-  </profile>
-</component>
--- a/.idea/inspectionProfiles/profiles_settings.xml
+++ b/.idea/inspectionProfiles/profiles_settings.xml
@@ -1,7 +0,0 @@
-<component name="InspectionProjectProfileManager">
-  <settings>
-    <option name="PROJECT_PROFILE" />
-    <option name="USE_PROJECT_PROFILE" value="false" />
-    <version value="1.0" />
-  </settings>
-</component>
--- a/.idea/misc.xml
+++ b/.idea/misc.xml
@@ -1,7 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="ProjectRootManager" version="2" project-jdk-name="Python 2.7.11 virtualenv at ~/1.6" project-jdk-type="Python SDK" />
-  <component name="PythonCompatibilityInspectionAdvertiser">
-    <option name="version" value="1" />
-  </component>
-</project>
--- a/.idea/modules.xml
+++ b/.idea/modules.xml
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="ProjectModuleManager">
-    <modules>
-      <module fileurl="file://$PROJECT_DIR$/.idea/allianceauth.iml" filepath="$PROJECT_DIR$/.idea/allianceauth.iml" />
-    </modules>
-  </component>
-</project>
-
--- a/.idea/scopes/scope_settings.xml
+++ b/.idea/scopes/scope_settings.xml
@@ -1,5 +0,0 @@
-<component name="DependencyValidationManager">
-  <state>
-    <option name="SKIP_IMPORT_STATEMENTS" value="false" />
-  </state>
-</component>
--- a/.idea/vcs.xml
+++ b/.idea/vcs.xml
@@ -1,7 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="VcsDirectoryMappings">
-    <mapping directory="$PROJECT_DIR$" vcs="Git" />
-  </component>
-</project>
-
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,34 @@
+# Apply to all files without committing:
+#   pre-commit run --all-files
+# Update this file:
+#   pre-commit autoupdate
+
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.0.1
+    hooks:
+      - id: check-case-conflict
+      - id: check-json
+      - id: check-xml
+      - id: check-yaml
+      - id: fix-byte-order-marker
+      - id: trailing-whitespace
+        exclude: (\.min\.css|\.min\.js|\.mo|\.po|swagger\.json)$
+      - id: end-of-file-fixer
+        exclude: (\.min\.css|\.min\.js|\.mo|\.po|swagger\.json)$
+      - id: mixed-line-ending
+        args: [ '--fix=lf' ]
+      - id: fix-encoding-pragma
+        args: [ '--remove' ]
+
+  - repo: https://github.com/editorconfig-checker/editorconfig-checker.python
+    rev: 2.3.54
+    hooks:
+      - id: editorconfig-checker
+        exclude: ^(LICENSE|allianceauth\/static\/css\/themes\/bootstrap-locals.less|allianceauth\/eveonline\/swagger.json|(.*.po)|(.*.mo))
+
+  - repo: https://github.com/asottile/pyupgrade
+    rev: v2.29.0
+    hooks:
+      - id: pyupgrade
+        args: [ --py37-plus ]
--- a/.readthedocs.yml
+++ b/.readthedocs.yml
@@ -0,0 +1,23 @@
+# .readthedocs.yml
+# Read the Docs configuration file
+# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details
+
+# Required
+version: 2
+
+# Build documentation in the docs/ directory with Sphinx
+sphinx:
+  configuration: docs/conf.py
+
+# Build documentation with MkDocs
+#mkdocs:
+#  configuration: mkdocs.yml
+
+# Optionally build your docs in additional formats such as PDF and ePub
+formats: all
+
+# Optionally set the version of Python and requirements required to build your docs
+python:
+  version: 3.7
+  install:
+    - requirements: docs/requirements.txt
--- a/1
+++ b/1
@@ -337,4 +337,3 @@ proprietary programs.  If your program is a subroutine library, you may
 consider it more useful to permit linking proprietary applications with the
 library.  If this is what you want to do, use the GNU Lesser General
 Public License instead of this License.
-
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -0,0 +1,7 @@
+include LICENSE
+include README.md
+include MANIFEST.in
+graft allianceauth
+
+global-exclude __pycache__
+global-exclude *.py[co]
--- a/README.md
+++ b/README.md
@@ -1,50 +1,86 @@
-Alliance Auth
-============
+# Alliance Auth

-[![Join the chat at https://gitter.im/R4stl1n/allianceauth](https://badges.gitter.im/R4stl1n/allianceauth.svg)](https://gitter.im/R4stl1n/allianceauth?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
-[![Documentation Status](https://readthedocs.org/projects/allianceauth/badge/?version=latest)](http://allianceauth.readthedocs.io/en/latest/?badge=latest)
+[![license](https://img.shields.io/badge/license-GPLv2-green)](https://pypi.org/project/allianceauth/)
+[![python](https://img.shields.io/pypi/pyversions/allianceauth)](https://pypi.org/project/allianceauth/)
+[![django](https://img.shields.io/pypi/djversions/allianceauth?label=django)](https://pypi.org/project/allianceauth/)
+[![version](https://img.shields.io/pypi/v/allianceauth?label=release)](https://pypi.org/project/allianceauth/)
+[![pipeline status](https://gitlab.com/allianceauth/allianceauth/badges/master/pipeline.svg)](https://gitlab.com/allianceauth/allianceauth/commits/master)
+[![Documentation Status](https://readthedocs.org/projects/allianceauth/badge/?version=latest)](http://allianceauth.readthedocs.io/?badge=latest)
+[![coverage report](https://gitlab.com/allianceauth/allianceauth/badges/master/coverage.svg)](https://gitlab.com/allianceauth/allianceauth/commits/master)
+[![Chat on Discord](https://img.shields.io/discord/399006117012832262.svg)](https://discord.gg/fjnHAmk)

-EVE service auth to help corps, alliances, and coalitions manage services.
-Built for "The 99 Percent" open for anyone to use.
+An auth system for EVE Online to help in-game organizations manage online service access.

-Special Permissions In Admin:
+## Content

-    auth | user | group_management ( Access to add members to groups within the alliance )
-    auth | user | jabber_broadcast ( Access to broadcast a message over jabber to own groups )
-    auth | user | jabber_broadcast_all ( Can choose from all groups and the 'all' option when broadcasting )
-    auth | user | corp_apis ( View APIs, and jackKnife, of all members in user's corp. )
-    auth | user | alliance_apis ( View APIs, and jackKnife, of all member in user's alliance member corps. )
-    auth | user | timer_management ( Access to create and remove timers )
-    auth | user | timer_view ( Access to timerboard to view timers )
-    auth | user | srp_management ( Allows for an individual to create and remove srp fleets and fleet data )
-    auth | user | sigtracker_management ( Allows for an individual to create and remove signitures )
-    auth | user | sigtracker_view ( Allows for an individual view signitures )
-    auth | user | optimer_management ( Allows for an individual to create and remove fleet operations )
-    auth | user | optimer_view ( Allows for an individual view fleet operations )
-    auth | user | logging_notifications ( Generate notifications from logging )
+- [Overview](#overview)
+- [Documentation](http://allianceauth.rtfd.io)
+- [Support](#support)
+- [Release Notes](https://gitlab.com/allianceauth/allianceauth/-/releases)
+- [Developer Team](#developer-team)
+- [Contributing](#contributing)

-    auth | user | human_resources ( View applications to user's corp )
-    hrapplications | application | delete_application ( Can delete applications )
-    hrapplications | application | accept_application ( Can accept applications )
-    hrapplications | application | reject_application ( Can reject applications )
-    hrapplications | application | view_apis ( Can see applicant's API keys )
-    hrapplications | applicationcomment | add_applicationcomment ( Can comment on applications )
+## Overview

-Vagrant Instructions:
+Alliance Auth (AA) is a web site that helps Eve Online organizations efficiently manage access to applications and services.

-    Copy the scripts to the root directory before running
+Main features:

-Active Developers:
+- Automatically grants or revokes user access to external services (e.g. Discord, Mumble) and web apps (e.g. SRP requests) based on the user's current membership to [in-game organizations](https://allianceauth.readthedocs.io/en/latest/features/core/states/) and [groups](https://allianceauth.readthedocs.io/en/latest/features/core/groups/)

-    Adarnof
-    basraah
+- Provides a central web site where users can directly access web apps (e.g. SRP requests, Fleet Schedule) and manage their access to external services and groups.

-Beta Testers/ Bug Fixers:
+- Includes a set of connectors (called ["services"](https://allianceauth.readthedocs.io/en/latest/features/services/)) for integrating access management with many popular external applications / services like Discord, Mumble, Teamspeak 3, SMF and others

-    TrentBartlem ( Testing and Bug Fixes )
-    IskFiend ( Bug Fixes and Server Configuration )
-    Mr McClain (Bug Fixes and server configuration )
+- Includes a set of web [apps](https://allianceauth.readthedocs.io/en/latest/features/apps/) which add many useful functions, e.g.: fleet schedule, timer board, SRP request management, fleet activity tracker

-Special Thanks:
+- Can be easily extended with additional services and apps. Many are provided by the community and can be found here: [Community Creations](https://gitlab.com/allianceauth/community-creations)

-    Thanks to Nikdoof, without his old auth implementation this project wouldn't be as far as it is now.
+- English :flag_gb:, Chinese :flag_cn:, German :flag_de:, Spanish :flag_es:, Korean :flag_kr: and Russian :flag_ru: localization
+
+For further details about AA - including an installation guide and a full list of included services and plugin apps - please see the [official documentation](http://allianceauth.rtfd.io).
+
+## Screenshot
+
+Here is an example of the Alliance Auth web site with some plug-ins apps and services enabled:
+
+![screenshot](https://i.imgur.com/2tnX9kD.png)
+
+## Support
+
+[Get help on Discord](https://discord.gg/fjnHAmk) or submit an [issue](https://gitlab.com/allianceauth/allianceauth/issues).
+
+## Development Team
+
+### Active Developers
+
+- [Aaron Kable](https://gitlab.com/aaronkable/)
+- [Ariel Rin](https://gitlab.com/soratidus999/)
+- [Basraah](https://gitlab.com/basraah/)
+- [Col Crunch](https://gitlab.com/colcrunch/)
+- [Erik Kalkoken](https://gitlab.com/ErikKalkoken/)
+
+### Former Developers
+
+- [Adarnof](https://gitlab.com/adarnof/)
+
+### Beta Testers / Bug Fixers
+
+- [ghoti](https://gitlab.com/ChainsawMcGinny/)
+- [kaezon](https://github.com/kaezon/)
+- [mmolitor87](https://gitlab.com/mmolitor87/)
+- [orbitroom](https://github.com/orbitroom/)
+- [TargetZ3R0](https://github.com/TargetZ3R0)
+- [tehfiend](https://github.com/tehfiend/)
+
+Special thanks to [Nikdoof](https://github.com/nikdoof/), as his [auth](https://github.com/nikdoof/test-auth) was the foundation for the original work on this project.
+
+## Contributing
+
+Alliance Auth is maintained and developed by the community and we welcome every contribution!
+
+To see what needs to be worked on please review our issue list or chat with our active developers on Discord.
+
+Also, please make sure you have signed the [License Agreement](https://developers.eveonline.com/resource/license-agreement) by logging in at [https://developers.eveonline.com](https://developers.eveonline.com) before submitting any pull requests.
+
+In addition to the core AA system we also very much welcome contributions to our growing list of 3rd party services and plugin apps. Please see [AA Community Creations](https://gitlab.com/allianceauth/community-creations) for details.
--- a/alliance_auth/.gitignore
+++ b/alliance_auth/.gitignore
@@ -1,2 +0,0 @@
-/settings.py
-!/*.example
--- a/alliance_auth/init.py
+++ b/alliance_auth/init.py
@@ -1,4 +0,0 @@
-from __future__ import unicode_literals
-
-__version__ = '1.14.1'
-NAME = 'Alliance Auth v%s' % __version__
--- a/alliance_auth/settings.py.example
+++ b/alliance_auth/settings.py.example
@@ -1,662 +0,0 @@
-"""
-Django settings for alliance_auth project.
-
-Generated by 'django-admin startproject' using Django 1.10.1.
-
-For more information on this file, see
-https://docs.djangoproject.com/en/1.10/topics/settings/
-
-For the full list of settings and their values, see
-https://docs.djangoproject.com/en/1.10/ref/settings/
-"""
-
-import os
-
-import djcelery
-
-from django.contrib import messages
-
-djcelery.setup_loader()
-
-# Celery configuration
-BROKER_URL = 'redis://localhost:6379/0'
-CELERYBEAT_SCHEDULER = "djcelery.schedulers.DatabaseScheduler"
-
-# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
-BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
-
-
-# Quick-start development settings - unsuitable for production
-# See https://docs.djangoproject.com/en/1.10/howto/deployment/checklist/
-
-# SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = ''
-
-# SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = 'True' == os.environ.get('AA_DEBUG','True')
-
-ALLOWED_HOSTS = []
-
-
-# Application definition
-
-INSTALLED_APPS = [
-    'django.contrib.admin',
-    'django.contrib.auth',
-    'django.contrib.contenttypes',
-    'django.contrib.sessions',
-    'django.contrib.messages',
-    'django.contrib.staticfiles',
-    'django.contrib.humanize',
-    'djcelery',
-    'bootstrapform',
-    'authentication',
-    'services',
-    'eveonline',
-    'groupmanagement',
-    'hrapplications',
-    'timerboard',
-    'srp',
-    'optimer',
-    'corputils',
-    'fleetactivitytracking',
-    'notifications',
-    'esi',
-    'geelweb.django.navhelper',
-    'bootstrap_pagination',
-]
-
-MIDDLEWARE = [
-    'django.middleware.security.SecurityMiddleware',
-    'django.contrib.sessions.middleware.SessionMiddleware',
-    'django.middleware.common.CommonMiddleware',
-    'django.middleware.csrf.CsrfViewMiddleware',
-    'django.contrib.auth.middleware.AuthenticationMiddleware',
-    'django.contrib.messages.middleware.MessageMiddleware',
-    'django.middleware.clickjacking.XFrameOptionsMiddleware',
-    'django.middleware.locale.LocaleMiddleware',
-]
-
-ROOT_URLCONF = 'alliance_auth.urls'
-
-LOCALE_PATHS = (
-    os.path.join(BASE_DIR, 'locale/'),
-)
-
-ugettext = lambda s: s
-LANGUAGES = (
-    ('en', ugettext('English')),
-    ('de', ugettext('German')),
-)
-
-TEMPLATES = [
-    {
-        'BACKEND': 'django.template.backends.django.DjangoTemplates',
-        'DIRS': [
-            os.path.join(BASE_DIR, 'customization/templates'),
-            os.path.join(BASE_DIR, 'stock/templates'),
-        ],
-        'APP_DIRS': True,
-        'OPTIONS': {
-            'context_processors': [
-                'django.template.context_processors.debug',
-                'django.template.context_processors.request',
-                'django.contrib.auth.context_processors.auth',
-                'django.contrib.messages.context_processors.messages',
-                'django.template.context_processors.i18n',
-                'django.template.context_processors.media',
-                'django.template.context_processors.static',
-                'django.template.context_processors.tz',
-                'services.context_processors.auth_settings',
-                'notifications.context_processors.user_notification_count',
-                'authentication.context_processors.states',
-                'authentication.context_processors.membership_state',
-                'groupmanagement.context_processors.can_manage_groups',
-            ],
-        },
-    },
-]
-
-WSGI_APPLICATION = 'alliance_auth.wsgi.application'
-
-
-# Database
-# https://docs.djangoproject.com/en/1.10/ref/settings/#databases
-
-DATABASES = {
-    'default': {
-        'ENGINE': 'django.db.backends.mysql',
-        'NAME': 'alliance_auth',
-        'USER': os.environ.get('AA_DB_DEFAULT_USER', 'allianceserver'),
-        'PASSWORD': os.environ.get('AA_DB_DEFAULT_PASSWORD', 'password'),
-        'HOST': os.environ.get('AA_DB_DEFAULT_HOST', '127.0.0.1'),
-        'PORT': os.environ.get('AA_DB_DEFAULT_PORT', '3306'),
-    },
-}
-
-# Password validation
-# https://docs.djangoproject.com/en/1.10/ref/settings/#auth-password-validators
-
-AUTH_PASSWORD_VALIDATORS = [
-    {
-        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
-    },
-    {
-        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
-    },
-    {
-        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
-    },
-    {
-        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
-    },
-]
-
-LOGIN_URL = 'auth_login_user'
-
-SUPERUSER_STATE_BYPASS = 'True' == os.environ.get('AA_SUPERUSER_STATE_BYPASS', 'True')
-
-# Internationalization
-# https://docs.djangoproject.com/en/1.10/topics/i18n/
-
-LANGUAGE_CODE = os.environ.get('AA_LANGUAGE_CODE', 'en-us')
-
-TIME_ZONE = os.environ.get('AA_TIME_ZONE', 'UTC')
-
-USE_I18N = True
-
-USE_L10N = True
-
-USE_TZ = True
-
-
-# Static files (CSS, JavaScript, Images)
-# https://docs.djangoproject.com/en/1.10/howto/static-files/
-
-STATIC_URL = '/static/'
-STATIC_ROOT = os.path.join(BASE_DIR, "static")
-STATICFILES_DIRS = (
-    os.path.join(BASE_DIR, "customization/static"),
-    os.path.join(BASE_DIR, "stock/static"),
-)
-
-# Bootstrap messaging css workaround
-MESSAGE_TAGS = {
-    messages.ERROR: 'danger'
-}
-
-#####################################################
-##
-## Auth configuration starts here
-##
-#####################################################
-
-#################
-# EMAIL SETTINGS
-#################
-# DOMAIN - The alliance auth domain_url
-# EMAIL_HOST - SMTP Server URL
-# EMAIL_PORT - SMTP Server PORT
-# EMAIL_HOST_USER - Email Username (for gmail, the entire address)
-# EMAIL_HOST_PASSWORD - Email Password
-# EMAIL_USE_TLS - Set to use TLS encryption
-#################
-DOMAIN = os.environ.get('AA_DOMAIN', 'https://yourdomain.com')
-EMAIL_HOST = os.environ.get('AA_EMAIL_HOST', 'smtp.gmail.com')
-EMAIL_PORT = int(os.environ.get('AA_EMAIL_PORT', '587'))
-EMAIL_HOST_USER = os.environ.get('AA_EMAIL_HOST_USER', '')
-EMAIL_HOST_PASSWORD = os.environ.get('AA_EMAIL_HOST_PASSWORD', '')
-EMAIL_USE_TLS = 'True' == os.environ.get('AA_EMAIL_USE_TLS', 'True')
-
-####################
-# Front Page Links
-####################
-# KILLBOARD_URL - URL for your killboard. Blank to hide link
-# MEDIA_URL - URL for your media page (youtube etc). Blank to hide link
-# FORUM_URL - URL for your forums. Blank to hide link
-# SITE_NAME - Name of the auth site.
-####################
-KILLBOARD_URL = os.environ.get('AA_KILLBOARD_URL', '')
-EXTERNAL_MEDIA_URL = os.environ.get('AA_EXTERNAL_MEDIA_URL', '')
-FORUM_URL = os.environ.get('AA_FORUM_URL', '')
-SITE_NAME = os.environ.get('AA_SITE_NAME', 'Alliance Auth')
-
-###################
-# SSO Settings
-###################
-# Get client ID and client secret from registering an app at
-# https://developers.eveonline.com/
-# Callback URL should be https://mydomain.com/sso/callback
-###################
-ESI_SSO_CLIENT_ID = os.environ.get('AA_ESI_SSO_CLIENT_ID', '')
-ESI_SSO_CLIENT_SECRET = os.environ.get('AA_ESI_SSO_CLIENT_SECRET', '')
-ESI_SSO_CALLBACK_URL = os.environ.get('AA_ESI_SSO_CALLBACK_URL', '')
-
-#########################
-# Default Group Settings
-#########################
-# DEFAULT_AUTH_GROUP - Default group members are put in
-# DEFAULT_BLUE_GROUP - Default group for blue members
-# MEMBER_CORP_GROUPS - Assign members to a group representing their main corp
-# BLUE_CORP_GROUPS - Assign blues to a group representing their main corp
-#########################
-DEFAULT_AUTH_GROUP = os.environ.get('AA_DEFAULT_ALLIANCE_GROUP', 'Member')
-DEFAULT_BLUE_GROUP = os.environ.get('AA_DEFAULT_BLUE_GROUP', 'Blue')
-MEMBER_CORP_GROUPS = 'True' == os.environ.get('AA_MEMBER_CORP_GROUPS', 'True')
-MEMBER_ALLIANCE_GROUPS = 'True' == os.environ.get('AA_MEMBER_ALLIANCE_GROUPS', 'False')
-BLUE_CORP_GROUPS = 'True' == os.environ.get('AA_BLUE_CORP_GROUPS', 'False')
-BLUE_ALLIANCE_GROUPS = 'True' == os.environ.get('AA_BLUE_ALLIANCE_GROUPS', 'False')
-
-#########################
-# Alliance Service Setup
-#########################
-# ENABLE_AUTH_FORUM - Enable forum support in the auth for auth'd members
-# ENABLE_AUTH_JABBER - Enable jabber support in the auth for auth'd members
-# ENABLE_AUTH_MUMBLE - Enable mumble support in the auth for auth'd members
-# ENABLE_AUTH_IPBOARD - Enable IPBoard forum support in the auth for auth'd members
-# ENABLE_AUTH_DISCORD - Enable Discord support in the auth for auth'd members
-# ENABLE_AUTH_DISCOURSE - Enable Discourse support in the auth for auth'd members
-# ENABLE_AUTH_IPS4 - Enable IPS4 support in the auth for auth'd members
-# ENABLE_AUTH_SMF - Enable SMF forum support in the auth for auth'd members
-# ENABLE_AUTH_MARKET = Enable Alliance Market support in auth for auth'd members
-# ENABLE_AUTH_PATHFINDER = Enable Alliance Pathfinder suppor in auth for auth'd members
-# ENABLE_AUTH_XENFORO = Enable XenForo forums support in the auth for auth'd members
-#########################
-ENABLE_AUTH_FORUM = 'True' == os.environ.get('AA_ENABLE_AUTH_FORUM', 'False')
-ENABLE_AUTH_JABBER = 'True' == os.environ.get('AA_ENABLE_AUTH_JABBER', 'False')
-ENABLE_AUTH_MUMBLE = 'True' == os.environ.get('AA_ENABLE_AUTH_MUMBLE', 'False')
-ENABLE_AUTH_IPBOARD = 'True' == os.environ.get('AA_ENABLE_AUTH_IPBOARD', 'False')
-ENABLE_AUTH_TEAMSPEAK3 = 'True' == os.environ.get('AA_ENABLE_AUTH_TEAMSPEAK3', 'False')
-ENABLE_AUTH_DISCORD = 'True' == os.environ.get('AA_ENABLE_AUTH_DISCORD', 'False')
-ENABLE_AUTH_DISCOURSE = 'True' == os.environ.get('AA_ENABLE_AUTH_DISCOURSE', 'False')
-ENABLE_AUTH_IPS4 = 'True' == os.environ.get('AA_ENABLE_AUTH_IPS4', 'False')
-ENABLE_AUTH_SMF = 'True' == os.environ.get('AA_ENABLE_AUTH_SMF', 'False')
-ENABLE_AUTH_MARKET = 'True' == os.environ.get('AA_ENABLE_AUTH_MARKET', 'False')
-ENABLE_AUTH_XENFORO = 'True' == os.environ.get('AA_ENABLE_AUTH_XENFORO', 'False')
-
-#####################
-# Blue service Setup
-#####################
-# ENABLE_BLUE_FORUM - Enable forum support in the auth for blues
-# ENABLE_BLUE_JABBER - Enable jabber support in the auth for blues
-# ENABLE_BLUE_MUMBLE - Enable mumble support in the auth for blues
-# ENABLE_BLUE_IPBOARD - Enable IPBoard forum support in the auth for blues
-# ENABLE_BLUE_DISCORD - Enable Discord support in the auth for blues
-# ENABLE_BLUE_DISCOURSE - Enable Discord support in the auth for blues
-# ENABLE_BLUE_IPS4 - Enable IPS4 forum support in the auth for blues
-# ENABLE_BLUE_SMF - Enable SMF forum support in the auth for blues
-# ENABLE_BLUE_MARKET - Enable Alliance Market in the auth for blues
-# ENABLE_BLUE_PATHFINDER = Enable Pathfinder support in the auth for blues
-# ENABLE_BLUE_XENFORO = Enable XenForo forum support in the auth for blue 
-#####################
-ENABLE_BLUE_FORUM = 'True' == os.environ.get('AA_ENABLE_BLUE_FORUM', 'False')
-ENABLE_BLUE_JABBER = 'True' == os.environ.get('AA_ENABLE_BLUE_JABBER', 'False')
-ENABLE_BLUE_MUMBLE = 'True' == os.environ.get('AA_ENABLE_BLUE_MUMBLE', 'False')
-ENABLE_BLUE_IPBOARD = 'True' == os.environ.get('AA_ENABLE_BLUE_IPBOARD', 'False')
-ENABLE_BLUE_TEAMSPEAK3 = 'True' == os.environ.get('AA_ENABLE_BLUE_TEAMSPEAK3', 'False')
-ENABLE_BLUE_DISCORD = 'True' == os.environ.get('AA_ENABLE_BLUE_DISCORD', 'False')
-ENABLE_BLUE_DISCOURSE = 'True' == os.environ.get('AA_ENABLE_BLUE_DISCOURSE', 'False')
-ENABLE_BLUE_IPS4 = 'True' == os.environ.get('AA_ENABLE_BLUE_IPS4', 'False')
-ENABLE_BLUE_SMF = 'True' == os.environ.get('AA_ENABLE_BLUE_SMF', 'False')
-ENABLE_BLUE_MARKET = 'True' == os.environ.get('AA_ENABLE_BLUE_MARKET', 'False')
-ENABLE_BLUE_XENFORO = 'True' == os.environ.get('AA_ENABLE_BLUE_XENFORO', 'False')
-
-#########################
-# Tenant Configuration
-#########################
-# CORP_IDS - A list of corporation IDs to treat as members.
-# ALLIANCE_IDS - A list of alliance IDs to treat as members.
-# Any corps in a specified alliance will be treated as members, so do not include them in CORP_IDS
-#########################
-CORP_IDS = []
-ALLIANCE_IDS = []
-
-#########################
-# Standings Configuration
-#########################
-# Add a corp API key to add blue standings to grant access.
-# CORP_API_ID - Set this to the api id for the corp API key
-# CORP_API_VCODE - Set this to the api vcode for the corp API key
-# BLUE_STANDING - The lowest standings value to consider blue
-# STANDING_LEVEL - The level of standings to query. Accepted values are 'corp' and 'alliance'.
-########################
-CORP_API_ID = os.environ.get('AA_CORP_API_ID', '')
-CORP_API_VCODE = os.environ.get('AA_CORP_API_VCODE', '')
-BLUE_STANDING = float(os.environ.get('AA_BLUE_STANDING', '5.0'))
-STANDING_LEVEL = os.environ.get('AA_STANDING_LEVEL', 'corp')
-
-########################
-# API Configuration
-########################
-# MEMBER_API_MASK - Numeric value of minimum API mask required for members
-# MEMBER_API_ACCOUNT - Require API to be for Account and not character restricted
-# BLUE_API_MASK - Numeric value of minimum API mask required for blues
-# BLUE_API_ACCOUNT - Require API to be for Account and not character restricted
-# REJECT_OLD_APIS - Require each submitted API be newer than the latest submitted API
-# REJECT_OLD_APIS_MARGIN - Margin from latest submitted API ID within which a newly submitted API is still accepted
-# API_SSO_VALIDATION - Require users to prove ownership of newly entered API keys via SSO
-#                      Requires SSO to be configured.
-#######################
-MEMBER_API_MASK = os.environ.get('AA_MEMBER_API_MASK', 268435455)
-MEMBER_API_ACCOUNT = 'True' == os.environ.get('AA_MEMBER_API_ACCOUNT', 'True')
-BLUE_API_MASK = os.environ.get('AA_BLUE_API_MASK', 8388608)
-BLUE_API_ACCOUNT = 'True' == os.environ.get('AA_BLUE_API_ACCOUNT', 'False')
-REJECT_OLD_APIS = 'True' == os.environ.get('AA_REJECT_OLD_APIS', 'False')
-REJECT_OLD_APIS_MARGIN = os.environ.get('AA_REJECT_OLD_APIS_MARGIN', 50)
-API_SSO_VALIDATION = 'True' == os.environ.get('AA_API_SSO_VALIDATION', 'False')
-
-#######################
-# EVE Provider Settings
-#######################
-# EVEONLINE_CHARACTER_PROVIDER - Name of default data source for getting eve character data
-# EVEONLINE_CORP_PROVIDER - Name of default data source for getting eve corporation data
-# EVEONLINE_ALLIANCE_PROVIDER - Name of default data source for getting eve alliance data
-#
-# Available soruces are 'esi' and 'xml'
-#######################
-EVEONLINE_CHARACTER_PROVIDER = os.environ.get('AA_EVEONLINE_CHARACTER_PROVIDER', 'esi')
-EVEONLINE_CORP_PROVIDER = os.environ.get('AA_EVEONLINE_CORP_PROVIDER', 'esi')
-EVEONLINE_ALLIANCE_PROVIDER = os.environ.get('AA_EVEONLINE_ALLIANCE_PROVIDER', 'esi')
-
-#####################
-# Alliance Market
-#####################
-MARKET_URL = os.environ.get('AA_MARKET_URL', 'http://yourdomain.com/market')
-MARKET_DB = {
-    'ENGINE': 'django.db.backends.mysql',
-    'NAME': 'alliance_market',
-    'USER': os.environ.get('AA_DB_MARKET_USER', 'allianceserver'),
-    'PASSWORD': os.environ.get('AA_DB_MARKET_PASSWORD', 'password'),
-    'HOST': os.environ.get('AA_DB_MARKET_HOST', '127.0.0.1'),
-    'PORT': os.environ.get('AA_DB_MARKET_PORT', '3306'),
-}
-
-#####################
-# HR Configuration
-#####################
-# JACK_KNIFE_URL - Url for the audit page of API Jack knife
-#                  Should seriously replace with your own.
-#####################
-JACK_KNIFE_URL = os.environ.get('AA_JACK_KNIFE_URL', 'http://ridetheclown.com/eveapi/audit.php')
-
-#####################
-# Forum Configuration
-#####################
-# IPBOARD_ENDPOINT - Api endpoint if using ipboard
-# IPBOARD_APIKEY - Api key to interact with ipboard
-# IPBOARD_APIMODULE - Module for alliance auth *leave alone*
-#####################
-IPBOARD_ENDPOINT = os.environ.get('AA_IPBOARD_ENDPOINT', 'yourdomain.com/interface/board/index.php')
-IPBOARD_APIKEY = os.environ.get('AA_IPBOARD_APIKEY', 'somekeyhere')
-IPBOARD_APIMODULE = 'aa'
-
-########################
-# XenForo Configuration
-########################
-XENFORO_ENDPOINT = os.environ.get('AA_XENFORO_ENDPOINT', 'yourdomain.com/api.php')
-XENFORO_DEFAULT_GROUP = os.environ.get('AA_XENFORO_DEFAULT_GROUP', 0)
-XENFORO_APIKEY   = os.environ.get('AA_XENFORO_APIKEY', 'yourapikey')
-#####################
-
-######################
-# Jabber Configuration
-######################
-# JABBER_URL - Jabber address url
-# JABBER_PORT - Jabber service portal
-# JABBER_SERVER - Jabber server url
-# OPENFIRE_ADDRESS - Address of the openfire admin console including port
-#                    Please use http with 9090 or https with 9091
-# OPENFIRE_SECRET_KEY - Openfire REST API secret key
-# BROADCAST_USER - Broadcast user JID
-# BROADCAST_USER_PASSWORD - Broadcast user password
-######################
-JABBER_URL = os.environ.get('AA_JABBER_URL', "yourdomain.com")
-JABBER_PORT = int(os.environ.get('AA_JABBER_PORT', '5223'))
-JABBER_SERVER = os.environ.get('AA_JABBER_SERVER', "yourdomain.com")
-OPENFIRE_ADDRESS = os.environ.get('AA_OPENFIRE_ADDRESS', "http://yourdomain.com:9090")
-OPENFIRE_SECRET_KEY = os.environ.get('AA_OPENFIRE_SECRET_KEY', "somekey")
-BROADCAST_USER = os.environ.get('AA_BROADCAST_USER', "broadcast@") + JABBER_URL
-BROADCAST_USER_PASSWORD = os.environ.get('AA_BROADCAST_USER_PASSWORD', "somepassword")
-BROADCAST_SERVICE_NAME = os.environ.get('AA_BROADCAST_SERVICE_NAME', "broadcast")
-
-######################################
-# Mumble Configuration
-######################################
-# MUMBLE_URL - Mumble server url
-# MUMBLE_SERVER_ID - Mumble server id
-######################################
-MUMBLE_URL = os.environ.get('AA_MUMBLE_URL', "yourdomain.com")
-MUMBLE_SERVER_ID = int(os.environ.get('AA_MUMBLE_SERVER_ID', '1'))
-
-######################################
-# PHPBB3 Configuration
-######################################
-PHPBB3_DB = {
-    'ENGINE': 'django.db.backends.mysql',
-    'NAME': 'alliance_forum',
-    'USER': os.environ.get('AA_DB_PHPBB3_USER', 'allianceserver'),
-    'PASSWORD': os.environ.get('AA_DB_PHPBB3_PASSWORD', 'password'),
-    'HOST': os.environ.get('AA_DB_PHPBB3_HOST', '127.0.0.1'),
-    'PORT': os.environ.get('AA_DB_PHPBB3_PORT', '3306'),
-}
-
-######################################
-# Teamspeak3 Configuration
-######################################
-# TEAMSPEAK3_SERVER_IP - Teamspeak3 server ip
-# TEAMSPEAK3_SERVER_PORT - Teamspeak3 server port
-# TEAMSPEAK3_SERVERQUERY_USER - Teamspeak3 serverquery username
-# TEAMSPEAK3_SERVERQUERY_PASSWORD - Teamspeak3 serverquery password
-# TEAMSPEAK3_VIRTUAL_SERVER - Virtual server id
-# TEAMSPEAK3_AUTHED_GROUP_ID - Default authed group id
-# TEAMSPEAK3_PUBLIC_URL - teamspeak3 public url used for link creation
-######################################
-TEAMSPEAK3_SERVER_IP = os.environ.get('AA_TEAMSPEAK3_SERVER_IP', '127.0.0.1')
-TEAMSPEAK3_SERVER_PORT = int(os.environ.get('AA_TEAMSPEAK3_SERVER_PORT', '10011'))
-TEAMSPEAK3_SERVERQUERY_USER = os.environ.get('AA_TEAMSPEAK3_SERVERQUERY_USER', 'serveradmin')
-TEAMSPEAK3_SERVERQUERY_PASSWORD = os.environ.get('AA_TEAMSPEAK3_SERVERQUERY_PASSWORD', 'passwordhere')
-TEAMSPEAK3_VIRTUAL_SERVER = int(os.environ.get('AA_TEAMSPEAK3_VIRTUAL_SERVER', '1'))
-TEAMSPEAK3_PUBLIC_URL = os.environ.get('AA_TEAMSPEAK3_PUBLIC_URL', 'yourdomain.com')
-
-######################################
-# Discord Configuration
-######################################
-# DISCORD_GUILD_ID - ID of the guild to manage
-# DISCORD_BOT_TOKEN - oauth token of the app bot user
-# DISCORD_INVITE_CODE - invite code to the server
-# DISCORD_APP_ID - oauth app client ID
-# DISCORD_APP_SECRET - oauth app secret
-# DISCORD_CALLBACK_URL - oauth callback url
-# DISCORD_SYNC_NAMES - enable to force discord nicknames to be set to eve char name (bot needs Manage Nicknames permission)
-######################################
-DISCORD_GUILD_ID = os.environ.get('AA_DISCORD_GUILD_ID', '')
-DISCORD_BOT_TOKEN = os.environ.get('AA_DISCORD_BOT_TOKEN', '')
-DISCORD_INVITE_CODE = os.environ.get('AA_DISCORD_INVITE_CODE', '')
-DISCORD_APP_ID = os.environ.get('AA_DISCORD_APP_ID', '')
-DISCORD_APP_SECRET = os.environ.get('AA_DISCORD_APP_SECRET', '')
-DISCORD_CALLBACK_URL = os.environ.get('AA_DISCORD_CALLBACK_URL', 'http://mydomain.com/discord_callback')
-DISCORD_SYNC_NAMES = 'True' == os.environ.get('AA_DISCORD_SYNC_NAMES', 'False')
-
-######################################
-# Discourse Configuration
-######################################
-# DISCOURSE_URL - Web address of the forums (no trailing slash)
-# DISCOURSE_API_USERNAME - API account username
-# DISCOURSE_API_KEY - API Key
-# DISCOURSE_SSO_SECRET - SSO secret key
-######################################
-DISCOURSE_URL = os.environ.get('AA_DISCOURSE_URL', '')
-DISCOURSE_API_USERNAME = os.environ.get('AA_DISCOURSE_API_USERNAME', '')
-DISCOURSE_API_KEY = os.environ.get('AA_DISCOURSE_API_KEY', '')
-DISCOURSE_SSO_SECRET = os.environ.get('AA_DISCOURSE_SSO_SECRET', '')
-
-#####################################
-# IPS4 Configuration
-#####################################
-# IPS4_URL - base url of the IPS4 install (no trailing slash)
-# IPS4_API_KEY - API key provided by IPS4
-#####################################
-IPS4_URL = os.environ.get('AA_IPS4_URL', 'http://yourdomain.com/ips4')
-IPS4_API_KEY = os.environ.get('AA_IPS4_API_KEY', '')
-IPS4_DB = {
-    'ENGINE': 'django.db.backends.mysql',
-    'NAME': 'alliance_ips4',
-    'USER': os.environ.get('AA_DB_IPS4_USER', 'allianceserver'),
-    'PASSWORD': os.environ.get('AA_DB_IPS4_PASSWORD', 'password'),
-    'HOST': os.environ.get('AA_DB_IPS4_HOST', '127.0.0.1'),
-    'PORT': os.environ.get('AA_DB_IPS4_PORT', '3306'),
-}
-
-
-######################################
-# SMF Configuration
-######################################
-SMF_URL = os.environ.get('AA_SMF_URL', '')
-SMF_DB = {
-    'ENGINE': 'django.db.backends.mysql',
-    'NAME': 'alliance_smf',
-    'USER': os.environ.get('AA_DB_SMF_USER', 'allianceserver'),
-    'PASSWORD': os.environ.get('AA_DB_SMF_PASSWORD', 'password'),
-    'HOST': os.environ.get('AA_DB_SMF_HOST', '127.0.0.1'),
-    'PORT': os.environ.get('AA_DB_SMF_PORT', '3306'),
-}
-
-######################################
-# Fleet-Up Configuration
-######################################
-# FLEETUP_APP_KEY - The app key from http://fleet-up.com/Api/MyApps
-# FLEETUP_USER_ID - The user id from http://fleet-up.com/Api/MyKeys
-# FLEETUP_API_ID - The API id from http://fleet-up.com/Api/MyKeys
-# FLEETUP_GROUP_ID - The id of the group you want to pull data from, see http://fleet-up.com/Api/Endpoints#groups_mygroupmemberships
-######################################
-FLEETUP_APP_KEY = os.environ.get('AA_FLEETUP_APP_KEY', '')
-FLEETUP_USER_ID = os.environ.get('AA_FLEETUP_USER_ID', '')
-FLEETUP_API_ID = os.environ.get('AA_FLEETUP_API_ID', '')
-FLEETUP_GROUP_ID = os.environ.get('AA_FLEETUP_GROUP_ID', '')
-
-#####################################
-# Logging Configuration
-#####################################
-# Set log_file and console level to desired state:
-# DEBUG - basically stack trace, explains every step
-# INFO - model creation, deletion, updates, etc
-# WARN - unexpected function outcomes that do not impact user
-# ERROR - unexcpeted function outcomes which prevent user from achieving desired outcome
-# EXCEPTION - something critical went wrong, unhandled
-#####################################
-# Recommended level for log_file is INFO, console is DEBUG
-# Change log level of individual apps below to narrow your debugging
-#####################################
-LOGGING = {
-    'version': 1,
-    'disable_existing_loggers': False,
-    'formatters': {
-        'verbose': {
-            'format' : "[%(asctime)s] %(levelname)s [%(name)s:%(lineno)s] %(message)s",
-            'datefmt' : "%d/%b/%Y %H:%M:%S"
-        },
-        'simple': {
-            'format': '%(levelname)s %(message)s'
-        },
-    },
-    'handlers': {
-        'log_file': {
-            'level': 'INFO',         # edit this line to change logging level to file
-            'class': 'logging.handlers.RotatingFileHandler',
-            'filename': os.path.join(BASE_DIR,'log/allianceauth.log'),
-            'formatter': 'verbose',
-            'maxBytes': 1024*1024*5, # edit this line to change max log file size
-            'backupCount': 5,        # edit this line to change number of log backups
-        },
-        'console': {
-            'level': 'DEBUG',        # edit this line to change logging level to console
-            'class': 'logging.StreamHandler',
-            'formatter': 'verbose',
-        },
-        'notifications': {           # creates notifications for users with logging_notifications permission
-            'level': 'ERROR',        # edit this line to change logging level to notifications
-            'class': 'notifications.handlers.NotificationHandler',
-            'formatter': 'verbose',
-        },
-    },
-    'loggers': {
-        'authentication': {
-            'handlers': ['log_file', 'console', 'notifications'],
-            'level': 'DEBUG',
-        },
-        'celerytask': {
-            'handlers': ['log_file', 'console', 'notifications'],
-            'level': 'DEBUG',
-        },
-        'eveonline': {
-            'handlers': ['log_file', 'console', 'notifications'],
-            'level': 'DEBUG',
-        },
-        'groupmanagement': {
-            'handlers': ['log_file', 'console', 'notifications'],
-            'level': 'DEBUG',
-        },
-        'hrapplications': {
-            'handlers': ['log_file', 'console', 'notifications'],
-            'level': 'DEBUG',
-        },
-        'portal': {
-            'handlers': ['log_file', 'console', 'notifications'],
-            'level': 'DEBUG',
-        },
-        'registration': {
-            'handlers': ['log_file', 'console', 'notifications'],
-            'level': 'DEBUG',
-        },
-        'services': {
-            'handlers': ['log_file', 'console', 'notifications'],
-            'level': 'DEBUG',
-        },
-        'srp': {
-            'handlers': ['log_file', 'console', 'notifications'],
-            'level': 'DEBUG',
-        },
-        'timerboard': {
-            'handlers': ['log_file', 'console', 'notifications'],
-            'level': 'DEBUG',
-        },
-        'sigtracker': {
-            'handlers': ['log_file', 'console', 'notifications'],
-            'level': 'DEBUG',
-        },
-        'optimer': {
-            'handlers': ['log_file', 'console', 'notifications'],
-            'level': 'DEBUG',
-        },
-        'corputils': {
-            'handlers': ['log_file', 'console', 'notifications'],
-            'level': 'DEBUG',
-        },
-        'fleetactivitytracking': {
-            'handlers': ['log_file', 'console', 'notifications'],
-            'level': 'ERROR',
-        },
-        'util': {
-            'handlers': ['log_file', 'console', 'notifications'],
-            'level': 'DEBUG',
-        },
-        'django': {
-            'handlers': ['log_file', 'console', 'notifications'],
-            'level': 'ERROR',
-        },
-    }
-}
-
-# Conditionally add databases only if configured
-if ENABLE_AUTH_FORUM or ENABLE_BLUE_FORUM:
-    DATABASES['phpbb3'] = PHPBB3_DB
-if ENABLE_AUTH_SMF or ENABLE_BLUE_SMF:
-    DATABASES['smf'] = SMF_DB
-if ENABLE_AUTH_MARKET or ENABLE_BLUE_MARKET:
-    DATABASES['market'] = MARKET_DB
-if ENABLE_AUTH_IPS4 or ENABLE_BLUE_IPS4:
-    DATABASES['ips4'] = IPS4_DB
-
-# Ensure corp/alliance IDs are expected types
-STR_CORP_IDS = [str(id) for id in CORP_IDS]
-STR_ALLIANCE_IDS = [str(id) for id in ALLIANCE_IDS]
--- a/alliance_auth/urls.py
+++ b/alliance_auth/urls.py
@@ -1,299 +0,0 @@
-from django.conf.urls import include, url
-
-from django.conf.urls.i18n import i18n_patterns
-from django.utils.translation import ugettext_lazy as _
-from django.contrib import admin
-import django.contrib.auth.views
-import authentication.views
-import eveonline.views
-import services.views
-import groupmanagement.views
-import optimer.views
-import timerboard.views
-import fleetactivitytracking.views
-import fleetup.views
-import srp.views
-import notifications.views
-import hrapplications.views
-import corputils.urls
-import esi.urls
-from alliance_auth import NAME
-
-admin.site.site_header = NAME
-
-# Functional/Untranslated URL's
-urlpatterns = [
-    # Locale
-    url(r'^i18n/', include('django.conf.urls.i18n')),
-
-    # Admin urls
-    url(r'^admin/', include(admin.site.urls)),
-
-    # SSO
-    url(r'^sso/', include(esi.urls, namespace='esi')),
-    url(r'^sso/login$', authentication.views.sso_login, name='auth_sso_login'),
-
-    # Corputils
-    url(r'^corpstats/', include(corputils.urls, namespace='corputils')),
-
-    # Index
-    url(_(r'^$'), authentication.views.index_view, name='auth_index'),
-
-    # Authentication
-    url(r'^logout_user/', authentication.views.logout_user, name='auth_logout_user'),
-
-    # Eve Online
-    url(r'^main_character_change/(\w+)/$', eveonline.views.main_character_change,
-        name='auth_main_character_change'),
-    url(r'^api_verify_owner/(\w+)/$', eveonline.views.api_sso_validate, name='auth_api_sso'),
-
-    # Forum Service Control
-    url(r'^activate_forum/$', services.views.activate_forum, name='auth_activate_forum'),
-    url(r'^deactivate_forum/$', services.views.deactivate_forum, name='auth_deactivate_forum'),
-    url(r'^reset_forum_password/$', services.views.reset_forum_password,
-        name='auth_reset_forum_password'),
-    url(r'^set_forum_password/$', services.views.set_forum_password, name='auth_set_forum_password'),
-
-    # Jabber Service Control
-    url(r'^activate_jabber/$', services.views.activate_jabber, name='auth_activate_jabber'),
-    url(r'^deactivate_jabber/$', services.views.deactivate_jabber, name='auth_deactivate_jabber'),
-    url(r'^reset_jabber_password/$', services.views.reset_jabber_password,
-        name='auth_reset_jabber_password'),
-
-    # Mumble service control
-    url(r'^activate_mumble/$', services.views.activate_mumble, name='auth_activate_mumble'),
-    url(r'^deactivate_mumble/$', services.views.deactivate_mumble, name='auth_deactivate_mumble'),
-    url(r'^reset_mumble_password/$', services.views.reset_mumble_password,
-        name='auth_reset_mumble_password'),
-    url(r'^set_mumble_password/$', services.views.set_mumble_password, name='auth_set_mumble_password'),
-
-    # Ipboard service control
-    url(r'^activate_ipboard/$', services.views.activate_ipboard_forum,
-        name='auth_activate_ipboard'),
-    url(r'^deactivate_ipboard/$', services.views.deactivate_ipboard_forum,
-        name='auth_deactivate_ipboard'),
-    url(r'^reset_ipboard_password/$', services.views.reset_ipboard_password,
-        name='auth_reset_ipboard_password'),
-    url(r'^set_ipboard_password/$', services.views.set_ipboard_password, name='auth_set_ipboard_password'),
-
-    # XenForo service control
-    url(r'^activate_xenforo/$', services.views.activate_xenforo_forum,
-        name='auth_activate_xenforo'),
-    url(r'^deactivate_xenforo/$', services.views.deactivate_xenforo_forum,
-        name='auth_deactivate_xenforo'),
-    url(r'^reset_xenforo_password/$', services.views.reset_xenforo_password,
-        name='auth_reset_xenforo_password'),
-    url(r'^set_xenforo_password/$', services.views.set_xenforo_password, name='auth_set_xenforo_password'),
-
-    # Teamspeak3 service control
-    url(r'^activate_teamspeak3/$', services.views.activate_teamspeak3,
-        name='auth_activate_teamspeak3'),
-    url(r'^deactivate_teamspeak3/$', services.views.deactivate_teamspeak3,
-        name='auth_deactivate_teamspeak3'),
-    url(r'reset_teamspeak3_perm/$', services.views.reset_teamspeak3_perm,
-        name='auth_reset_teamspeak3_perm'),
-
-    # Discord Service Control
-    url(r'^activate_discord/$', services.views.activate_discord, name='auth_activate_discord'),
-    url(r'^deactivate_discord/$', services.views.deactivate_discord, name='auth_deactivate_discord'),
-    url(r'^reset_discord/$', services.views.reset_discord, name='auth_reset_discord'),
-    url(r'^discord_callback/$', services.views.discord_callback, name='auth_discord_callback'),
-    url(r'^discord_add_bot/$', services.views.discord_add_bot, name='auth_discord_add_bot'),
-
-    # Discourse Service Control
-    url(r'^discourse_sso$', services.views.discourse_sso, name='auth_discourse_sso'),
-
-    # IPS4 Service Control
-    url(r'^activate_ips4/$', services.views.activate_ips4,
-        name='auth_activate_ips4'),
-    url(r'^deactivate_ips4/$', services.views.deactivate_ips4,
-        name='auth_deactivate_ips4'),
-    url(r'^reset_ips4_password/$', services.views.reset_ips4_password,
-        name='auth_reset_ips4_password'),
-    url(r'^set_ips4_password/$', services.views.set_ips4_password, name='auth_set_ips4_password'),
-
-    # SMF Service Control
-    url(r'^activate_smf/$', services.views.activate_smf, name='auth_activate_smf'),
-    url(r'^deactivate_smf/$', services.views.deactivate_smf, name='auth_deactivate_smf'),
-    url(r'^reset_smf_password/$', services.views.reset_smf_password,
-        name='auth_reset_smf_password'),
-    url(r'^set_smf_password/$', services.views.set_smf_password, name='auth_set_smf_password'),
-
-    # Alliance Market Control
-    url(r'^activate_market/$', services.views.activate_market, name='auth_activate_market'),
-    url(r'^deactivate_market/$', services.views.deactivate_market, name='auth_deactivate_market'),
-    url(r'^reset_market_password/$', services.views.reset_market_password,
-        name='auth_reset_market_password'),
-    url(r'^set_market_password/$', services.views.set_market_password, name='auth_set_market_password'),
-
-    # SRP URLS
-    url(r'^srp_fleet_remove/(\w+)$', srp.views.srp_fleet_remove, name='auth_srp_fleet_remove'),
-    url(r'^srp_fleet_disable/(\w+)$', srp.views.srp_fleet_disable, name='auth_srp_fleet_disable'),
-    url(r'^srp_fleet_enable/(\w+)$', srp.views.srp_fleet_enable, name='auth_srp_fleet_enable'),
-    url(r'^srp_fleet_mark_completed/(\w+)', srp.views.srp_fleet_mark_completed,
-        name='auth_srp_fleet_mark_completed'),
-    url(r'^srp_fleet_mark_uncompleted/(\w+)', srp.views.srp_fleet_mark_uncompleted,
-        name='auth_srp_fleet_mark_uncompleted'),
-    url(r'^srp_request_remove/(\w+)', srp.views.srp_request_remove,
-        name="auth_srp_request_remove"),
-    url(r'srp_request_approve/(\w+)', srp.views.srp_request_approve,
-        name='auth_srp_request_approve'),
-    url(r'srp_request_reject/(\w+)', srp.views.srp_request_reject, name='auth_srp_request_reject'),
-
-    # Notifications
-    url(r'^remove_notifications/(\w+)/$', notifications.views.remove_notification, name='auth_remove_notification'),
-    url(r'^notifications/mark_all_read/$', notifications.views.mark_all_read, name='auth_mark_all_notifications_read'),
-    url(r'^notifications/delete_all_read/$', notifications.views.delete_all_read,
-        name='auth_delete_all_read_notifications'),
-]
-
-# User viewed/translated URLS
-urlpatterns += i18n_patterns(
-
-    # Fleetup
-    url(r'^fleetup/$', fleetup.views.fleetup_view, name='auth_fleetup_view'),
-    url(r'^fleetup/fittings/$', fleetup.views.fleetup_fittings, name='auth_fleetup_fittings'),
-    url(r'^fleetup/fittings/(?P<fittingnumber>[0-9]+)/$', fleetup.views.fleetup_fitting, name='auth_fleetup_fitting'),
-    url(r'^fleetup/doctrines/$', fleetup.views.fleetup_doctrines, name='auth_fleetup_doctrines'),
-    url(r'^fleetup/characters/$', fleetup.views.fleetup_characters, name='auth_fleetup_characters'),
-    url(r'^fleetup/doctrines/(?P<doctrinenumber>[0-9]+)/$', fleetup.views.fleetup_doctrine, name='auth_fleetup_doctrine'),
-
-    # Authentication
-    url(_(r'^login_user/'), authentication.views.login_user, name='auth_login_user'),
-    url(_(r'^register_user/'), authentication.views.register_user_view, name='auth_register_user'),
-
-    url(_(r'^user/password/$'), django.contrib.auth.views.password_change, name='password_change'),
-    url(_(r'^user/password/done/$'), django.contrib.auth.views.password_change_done,
-        name='password_change_done'),
-    url(_(r'^user/password/reset/$'), django.contrib.auth.views.password_reset,
-        name='password_reset'),
-    url(_(r'^user/password/password/reset/done/$'), django.contrib.auth.views.password_reset_done,
-        name='password_reset_done'),
-    url(_(r'^user/password/reset/complete/$'), django.contrib.auth.views.password_reset_complete,
-        name='password_reset_complete'),
-    url(_(r'^user/password/reset/confirm/(?P<uidb64>[0-9A-Za-z_\-]+)/(?P<token>.+)/$'),
-        django.contrib.auth.views.password_reset_confirm, name='password_reset_confirm'),
-
-    # Portal Urls
-    url(_(r'^dashboard/$'), eveonline.views.dashboard_view, name='auth_dashboard'),
-    url(_(r'^help/$'), authentication.views.help_view, name='auth_help'),
-
-    # Eveonline Urls
-    url(_(r'^add_api_key/'), eveonline.views.add_api_key, name='auth_add_api_key'),
-    url(_(r'^refresh_api_pair/([0-9]+)/$'), eveonline.views.user_refresh_api, name='auth_user_refresh_api'),
-    url(_(r'^delete_api_pair/(\w+)/$'), eveonline.views.api_key_removal, name='auth_api_key_removal'),
-    url(_(r'^characters/'), eveonline.views.characters_view, name='auth_characters'),
-
-    # Group management
-    url(_(r'^groups/'), groupmanagement.views.groups_view, name='auth_groups'),
-    url(_(r'^group/management/'), groupmanagement.views.group_management,
-        name='auth_group_management'),
-    url(_(r'^group/membership/$'), groupmanagement.views.group_membership,
-        name='auth_group_membership'),
-    url(_(r'^group/membership/(\w+)/$'), groupmanagement.views.group_membership_list,
-        name='auth_group_membership_list'),
-    url(_(r'^group/membership/(\w+)/remove/(\w+)/$'), groupmanagement.views.group_membership_remove,
-        name='auth_group_membership_remove'),
-    url(_(r'^group/request_add/(\w+)'), groupmanagement.views.group_request_add,
-        name='auth_group_request_add'),
-    url(_(r'^group/request/accept/(\w+)'), groupmanagement.views.group_accept_request,
-        name='auth_group_accept_request'),
-    url(_(r'^group/request/reject/(\w+)'), groupmanagement.views.group_reject_request,
-        name='auth_group_reject_request'),
-
-    url(_(r'^group/request_leave/(\w+)'), groupmanagement.views.group_request_leave,
-        name='auth_group_request_leave'),
-    url(_(r'group/leave_request/accept/(\w+)'), groupmanagement.views.group_leave_accept_request,
-        name='auth_group_leave_accept_request'),
-    url(_(r'^group/leave_request/reject/(\w+)'), groupmanagement.views.group_leave_reject_request,
-        name='auth_group_leave_reject_request'),
-
-    # HR Application Management
-    url(_(r'^hr_application_management/'), hrapplications.views.hr_application_management_view,
-        name="auth_hrapplications_view"),
-    url(_(r'^hr_application_create/$'), hrapplications.views.hr_application_create_view,
-        name="auth_hrapplication_create_view"),
-    url(_(r'^hr_application_create/(\d+)'), hrapplications.views.hr_application_create_view,
-        name="auth_hrapplication_create_view"),
-    url(_(r'^hr_application_remove/(\w+)'), hrapplications.views.hr_application_remove,
-        name="auth_hrapplication_remove"),
-    url(_(r'hr_application_view/(\w+)'), hrapplications.views.hr_application_view,
-        name="auth_hrapplication_view"),
-    url(_(r'hr_application_personal_view/(\w+)'), hrapplications.views.hr_application_personal_view,
-        name="auth_hrapplication_personal_view"),
-    url(_(r'hr_application_personal_removal/(\w+)'),
-        hrapplications.views.hr_application_personal_removal,
-        name="auth_hrapplication_personal_removal"),
-    url(_(r'hr_application_approve/(\w+)'), hrapplications.views.hr_application_approve,
-        name="auth_hrapplication_approve"),
-    url(_(r'hr_application_reject/(\w+)'), hrapplications.views.hr_application_reject,
-        name="auth_hrapplication_reject"),
-    url(_(r'hr_application_search/'), hrapplications.views.hr_application_search,
-        name="auth_hrapplication_search"),
-    url(_(r'hr_mark_in_progress/(\w+)'), hrapplications.views.hr_application_mark_in_progress,
-        name="auth_hrapplication_mark_in_progress"),
-
-    # Fleet Operations Timers
-    url(_(r'^optimer/$'), optimer.views.optimer_view, name='auth_optimer_view'),
-    url(_(r'^add_optimer/$'), optimer.views.add_optimer_view, name='auth_add_optimer_view'),
-    url(_(r'^remove_optimer/(\w+)'), optimer.views.remove_optimer, name='auth_remove_optimer'),
-    url(_(r'^edit_optimer/(\w+)$'), optimer.views.edit_optimer, name='auth_edit_optimer'),
-
-    # Service Urls
-    url(_(r'^services/$'), services.views.services_view, name='auth_services'),
-    url(_(r'^services/jabber_broadcast/$'), services.views.jabber_broadcast_view,
-        name='auth_jabber_broadcast_view'),
-
-    # Teamspeak Urls
-    url(r'verify_teamspeak3/$', services.views.verify_teamspeak3, name='auth_verify_teamspeak3'),
-
-    # Timer URLS
-    url(_(r'^timers/$'), timerboard.views.timer_view, name='auth_timer_view'),
-    url(_(r'^add_timer/$'), timerboard.views.add_timer_view, name='auth_add_timer_view'),
-    url(_(r'^remove_timer/(\w+)'), timerboard.views.remove_timer, name='auth_remove_timer'),
-    url(_(r'^edit_timer/(\w+)$'), timerboard.views.edit_timer, name='auth_edit_timer'),
-
-    # SRP URLS
-    url(_(r'^srp/$'), srp.views.srp_management, name='auth_srp_management_view'),
-    url(_(r'^srp_all/$'), srp.views.srp_management_all, name='auth_srp_management_all_view'),
-    url(_(r'^srp_fleet_view/(\w+)$'), srp.views.srp_fleet_view, name='auth_srp_fleet_view'),
-    url(_(r'^srp_fleet_add_view/$'), srp.views.srp_fleet_add_view, name='auth_srp_fleet_add_view'),
-    url(_(r'^srp_fleet_edit/(\w+)$'), srp.views.srp_fleet_edit_view, name='auth_srp_fleet_edit_view'),
-    url(_(r'^srp_request/(\w+)'), srp.views.srp_request_view, name='auth_srp_request_view'),
-    url(_(r'srp_request_amount_update/(\w+)'), srp.views.srp_request_update_amount_view,
-        name="auth_srp_request_update_amount_view"),
-
-    # Tools
-    url(_(r'^tool/fleet_formatter_tool/$'), services.views.fleet_formatter_view,
-        name='auth_fleet_format_tool_view'),
-
-    # Notifications
-    url(_(r'^notifications/$'), notifications.views.notification_list, name='auth_notification_list'),
-    url(_(r'^notifications/(\w+)/$'), notifications.views.notification_view, name='auth_notification_view'),
-
-    # Jabber
-    url(_(r'^set_jabber_password/$'), services.views.set_jabber_password, name='auth_set_jabber_password'),
-
-    # FleetActivityTracking (FAT)
-    url(r'^fat/$', fleetactivitytracking.views.fatlink_view, name='auth_fatlink_view'),
-    url(r'^fat/statistics/$', fleetactivitytracking.views.fatlink_statistics_view, name='auth_fatlink_view_statistics'),
-    url(r'^fat/statistics/(?P<year>[0-9]+)/(?P<month>[0-9]+)/$', fleetactivitytracking.views.fatlink_statistics_view,
-        name='auth_fatlink_view_statistics_month'),
-    url(r'^fat/user/statistics/$', fleetactivitytracking.views.fatlink_personal_statistics_view,
-        name='auth_fatlink_view_personal_statistics'),
-    url(r'^fat/user/statistics/(?P<year>[0-9]+)/$', fleetactivitytracking.views.fatlink_personal_statistics_view,
-        name='auth_fatlink_view_personal_statistics_year'),
-    url(r'^fat/user/statistics/(?P<year>[0-9]+)/(?P<month>[0-9]+)/$',
-        fleetactivitytracking.views.fatlink_monthly_personal_statistics_view,
-        name='auth_fatlink_view_personal_statistics_month'),
-    url(r'^fat/user/(?P<char_id>[0-9]+)/statistics/(?P<year>[0-9]+)/(?P<month>[0-9]+)/$',
-        fleetactivitytracking.views.fatlink_monthly_personal_statistics_view,
-        name='auth_fatlink_view_user_statistics_month'),
-    url(r'^fat/create/$', fleetactivitytracking.views.create_fatlink_view, name='auth_create_fatlink_view'),
-    url(r'^fat/modify/$', fleetactivitytracking.views.modify_fatlink_view, name='auth_modify_fatlink_view'),
-    url(r'^fat/modify/(?P<hash>[a-zA-Z0-9_-]+)/([a-z0-9_-]+)$',
-        fleetactivitytracking.views.modify_fatlink_view),
-    url(r'^fat/link/$', fleetactivitytracking.views.fatlink_view, name='auth_click_fatlink_view'),
-    url(r'^fat/link/(?P<hash>[a-zA-Z0-9]+)/(?P<fatname>[a-z0-9_-]+)/$',
-        fleetactivitytracking.views.click_fatlink_view),
-)
--- a/alliance_auth/wsgi.py
+++ b/alliance_auth/wsgi.py
@@ -1,20 +0,0 @@
-"""
-WSGI config for alliance_auth project.
-
-It exposes the WSGI callable as a module-level variable named ``application``.
-
-For more information on this file, see
-https://docs.djangoproject.com/en/1.6/howto/deployment/wsgi/
-"""
-
-import os
-from django.core.wsgi import get_wsgi_application
-
-os.environ.setdefault("DJANGO_SETTINGS_MODULE", "alliance_auth.settings")
-
-# virtualenv wrapper, uncomment below to activate
-# activate_env=os.path.join(os.path.dirname(os.path.abspath(__file__)), 'env/bin/activate_this.py')
-# execfile(activate_env, dict(__file__=activate_env))
-
-
-application = get_wsgi_application()
--- a/allianceauth/init.py
+++ b/allianceauth/init.py
@@ -0,0 +1,8 @@
+# This will make sure the app is always imported when
+# Django starts so that shared_task will use this app.
+
+__version__ = '2.11.2'
+__title__ = 'Alliance Auth'
+__url__ = 'https://gitlab.com/allianceauth/allianceauth'
+NAME = f'{__title__} v{__version__}'
+default_app_config = 'allianceauth.apps.AllianceAuthConfig'
--- a/allianceauth/analytics/init.py
+++ b/allianceauth/analytics/init.py
@@ -0,0 +1 @@
+default_app_config = 'allianceauth.analytics.apps.AnalyticsConfig'
--- a/allianceauth/analytics/admin.py
+++ b/allianceauth/analytics/admin.py
@@ -0,0 +1,21 @@
+from django.contrib import admin
+
+from .models import AnalyticsIdentifier, AnalyticsPath, AnalyticsTokens
+
+
+@admin.register(AnalyticsIdentifier)
+class AnalyticsIdentifierAdmin(admin.ModelAdmin):
+    search_fields = ['identifier', ]
+    list_display = ('identifier',)
+
+
+@admin.register(AnalyticsTokens)
+class AnalyticsTokensAdmin(admin.ModelAdmin):
+    search_fields = ['name', ]
+    list_display = ('name', 'type',)
+
+
+@admin.register(AnalyticsPath)
+class AnalyticsPathAdmin(admin.ModelAdmin):
+    search_fields = ['ignore_path', ]
+    list_display = ('ignore_path',)
--- a/allianceauth/analytics/apps.py
+++ b/allianceauth/analytics/apps.py
@@ -0,0 +1,9 @@
+from django.apps import AppConfig
+
+
+class AnalyticsConfig(AppConfig):
+    name = 'allianceauth.analytics'
+    label = 'analytics'
+
+    def ready(self):
+        import allianceauth.analytics.signals
--- a/allianceauth/analytics/fixtures/disable_analytics.json
+++ b/allianceauth/analytics/fixtures/disable_analytics.json
@@ -0,0 +1,21 @@
+[
+    {
+    "model": "analytics.AnalyticsTokens",
+    "pk": 1,
+    "fields": {
+        "name": "AA Team Public Google Analytics (Universal)",
+        "type": "GA-V4",
+        "token": "UA-186249766-2",
+        "send_page_views": "False",
+        "send_celery_tasks": "False",
+        "send_stats": "False"
+        }
+    },
+    {
+        "model": "analytics.AnalyticsIdentifier",
+        "pk": 1,
+        "fields": {
+            "identifier": "ab33e241fbf042b6aa77c7655a768af7"
+        }
+    }
+]
--- a/allianceauth/analytics/middleware.py
+++ b/allianceauth/analytics/middleware.py
@@ -0,0 +1,52 @@
+from bs4 import BeautifulSoup
+
+from django.conf import settings
+from django.utils.deprecation import MiddlewareMixin
+from .models import AnalyticsTokens, AnalyticsIdentifier
+from .tasks import send_ga_tracking_web_view
+
+import re
+
+
+class AnalyticsMiddleware(MiddlewareMixin):
+    def process_response(self, request, response):
+        """Django Middleware: Process Page Views and creates Analytics Celery Tasks"""
+        if getattr(settings, "ANALYTICS_DISABLED", False):
+            return response
+        analyticstokens = AnalyticsTokens.objects.all()
+        client_id = AnalyticsIdentifier.objects.get(id=1).identifier.hex
+        try:
+            title = BeautifulSoup(
+                response.content, "html.parser").html.head.title.text
+        except AttributeError:
+            title = ''
+        for token in analyticstokens:
+            # Check if Page View Sending is Disabled
+            if token.send_page_views is False:
+                continue
+            # Check Exclusions
+            ignore = False
+            for ignore_path in token.ignore_paths.values():
+                ignore_path_regex = re.compile(ignore_path["ignore_path"])
+                if re.search(ignore_path_regex, request.path) is not None:
+                    ignore = True
+
+            if ignore is True:
+                continue
+
+            tracking_id = token.token
+            locale = request.LANGUAGE_CODE
+            path = request.path
+            try:
+                useragent = request.headers["User-Agent"]
+            except KeyError:
+                useragent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"
+
+            send_ga_tracking_web_view.s(tracking_id=tracking_id,
+                                        client_id=client_id,
+                                        page=path,
+                                        title=title,
+                                        locale=locale,
+                                        useragent=useragent).\
+                apply_async(priority=9)
+        return response
--- a/allianceauth/analytics/migrations/0001_initial.py
+++ b/allianceauth/analytics/migrations/0001_initial.py
@@ -0,0 +1,42 @@
+# Generated by Django 3.1.4 on 2020-12-30 13:11
+
+from django.db import migrations, models
+import uuid
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='AnalyticsIdentifier',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('identifier', models.UUIDField(default=uuid.uuid4, editable=False)),
+            ],
+        ),
+        migrations.CreateModel(
+            name='AnalyticsPath',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('ignore_path', models.CharField(default='/example/', max_length=254)),
+            ],
+        ),
+        migrations.CreateModel(
+            name='AnalyticsTokens',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=254)),
+                ('type', models.CharField(choices=[('GA-U', 'Google Analytics Universal'), ('GA-V4', 'Google Analytics V4')], max_length=254)),
+                ('token', models.CharField(max_length=254)),
+                ('send_page_views', models.BooleanField(default=False)),
+                ('send_celery_tasks', models.BooleanField(default=False)),
+                ('send_stats', models.BooleanField(default=False)),
+                ('ignore_paths', models.ManyToManyField(blank=True, to='analytics.AnalyticsPath')),
+            ],
+        ),
+    ]
--- a/allianceauth/analytics/migrations/0002_add_AA_Team_Token.py
+++ b/allianceauth/analytics/migrations/0002_add_AA_Team_Token.py
@@ -0,0 +1,34 @@
+# Generated by Django 3.1.4 on 2020-12-30 08:53
+
+from django.db import migrations
+
+
+def add_aa_team_token(apps, schema_editor):
+    # We can't import the Person model directly as it may be a newer
+    # version than this migration expects. We use the historical version.
+    Tokens = apps.get_model('analytics', 'AnalyticsTokens')
+    token = Tokens()
+    token.type = 'GA-U'
+    token.token = 'UA-186249766-2'
+    token.send_page_views = True
+    token.send_celery_tasks = True
+    token.send_stats = True
+    token.name = 'AA Team Public Google Analytics (Universal)'
+    token.save()
+
+
+def remove_aa_team_token(apps, schema_editor):
+    # Have to define some code to remove this identifier
+    # In case of migration rollback?
+    Tokens = apps.get_model('analytics', 'AnalyticsTokens')
+    token = Tokens.objects.filter(token="UA-186249766-2").delete()
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('analytics', '0001_initial'),
+        ]
+
+    operations = [migrations.RunPython(add_aa_team_token, remove_aa_team_token)
+                    ]
--- a/allianceauth/analytics/migrations/0003_Generate_Identifier.py
+++ b/allianceauth/analytics/migrations/0003_Generate_Identifier.py
@@ -0,0 +1,30 @@
+# Generated by Django 3.1.4 on 2020-12-30 08:53
+
+from uuid import uuid4
+from django.db import migrations
+
+
+def generate_identifier(apps, schema_editor):
+    # We can't import the Person model directly as it may be a newer
+    # version than this migration expects. We use the historical version.
+    Identifier = apps.get_model('analytics', 'AnalyticsIdentifier')
+    identifier = Identifier()
+    identifier.id = 1
+    identifier.save()
+
+
+def zero_identifier(apps, schema_editor):
+    # Have to define some code to remove this identifier
+    # In case of migration rollback?
+    Identifier = apps.get_model('analytics', 'AnalyticsIdentifier')
+    Identifier.objects.filter(id=1).delete()
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('analytics', '0002_add_AA_Team_Token'),
+    ]
+
+    operations = [migrations.RunPython(generate_identifier, zero_identifier)
+                    ]
--- a/allianceauth/analytics/migrations/0004_auto_20211015_0502.py
+++ b/allianceauth/analytics/migrations/0004_auto_20211015_0502.py
@@ -0,0 +1,42 @@
+# Generated by Django 3.1.13 on 2021-10-15 05:02
+
+from django.core.exceptions import ObjectDoesNotExist
+from django.db import migrations
+
+
+def modify_aa_team_token_add_page_ignore_paths(apps, schema_editor):
+    # Add /admin/ and /user_notifications_count/ path to ignore
+
+    AnalyticsPath = apps.get_model('analytics', 'AnalyticsPath')
+    admin = AnalyticsPath.objects.create(ignore_path=r"^\/admin\/.*")
+    user_notifications_count = AnalyticsPath.objects.create(ignore_path=r"^\/user_notifications_count\/.*")
+
+    Tokens = apps.get_model('analytics', 'AnalyticsTokens')
+    token = Tokens.objects.get(token="UA-186249766-2")
+    token.ignore_paths.add(admin, user_notifications_count)
+
+
+def undo_modify_aa_team_token_add_page_ignore_paths(apps, schema_editor):
+    #
+    AnalyticsPath = apps.get_model('analytics', 'AnalyticsPath')
+    Tokens = apps.get_model('analytics', 'AnalyticsTokens')
+
+    token = Tokens.objects.get(token="UA-186249766-2")
+    try:
+        admin = AnalyticsPath.objects.get(ignore_path=r"^\/admin\/.*", analyticstokens=token)
+        user_notifications_count = AnalyticsPath.objects.get(ignore_path=r"^\/user_notifications_count\/.*", analyticstokens=token)
+        admin.delete()
+        user_notifications_count.delete()
+    except ObjectDoesNotExist:
+        # Its fine if it doesnt exist, we just dont want them building up when re-migrating
+        pass
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('analytics', '0003_Generate_Identifier'),
+    ]
+
+    operations = [migrations.RunPython(modify_aa_team_token_add_page_ignore_paths, undo_modify_aa_team_token_add_page_ignore_paths)
+    ]
--- a/allianceauth/analytics/migrations/0005_alter_analyticspath_ignore_path.py
+++ b/allianceauth/analytics/migrations/0005_alter_analyticspath_ignore_path.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.2.8 on 2021-10-17 16:26
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('analytics', '0004_auto_20211015_0502'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='analyticspath',
+            name='ignore_path',
+            field=models.CharField(default='/example/', help_text='Regex Expression, If matched no Analytics Page View is sent', max_length=254),
+        ),
+    ]
--- a/allianceauth/analytics/migrations/0006_more_ignore_paths.py
+++ b/allianceauth/analytics/migrations/0006_more_ignore_paths.py
@@ -0,0 +1,40 @@
+# Generated by Django 3.2.8 on 2021-10-19 01:47
+
+from django.core.exceptions import ObjectDoesNotExist
+from django.db import migrations
+
+
+def modify_aa_team_token_add_page_ignore_paths(apps, schema_editor):
+    # Add the /account/activate path to ignore
+
+    AnalyticsPath = apps.get_model('analytics', 'AnalyticsPath')
+    account_activate = AnalyticsPath.objects.create(ignore_path=r"^\/account\/activate\/.*")
+
+    Tokens = apps.get_model('analytics', 'AnalyticsTokens')
+    token = Tokens.objects.get(token="UA-186249766-2")
+    token.ignore_paths.add(account_activate)
+
+
+def undo_modify_aa_team_token_add_page_ignore_paths(apps, schema_editor):
+    #
+    AnalyticsPath = apps.get_model('analytics', 'AnalyticsPath')
+    Tokens = apps.get_model('analytics', 'AnalyticsTokens')
+
+    token = Tokens.objects.get(token="UA-186249766-2")
+
+    try:
+        account_activate = AnalyticsPath.objects.get(ignore_path=r"^\/account\/activate\/.*", analyticstokens=token)
+        account_activate.delete()
+    except ObjectDoesNotExist:
+        # Its fine if it doesnt exist, we just dont want them building up when re-migrating
+        pass
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('analytics', '0005_alter_analyticspath_ignore_path'),
+    ]
+
+    operations = [
+        migrations.RunPython(modify_aa_team_token_add_page_ignore_paths, undo_modify_aa_team_token_add_page_ignore_paths)
+    ]
--- a/allianceauth/analytics/migrations/init.py
+++ b/allianceauth/analytics/migrations/init.py
--- a/allianceauth/analytics/models.py
+++ b/allianceauth/analytics/models.py
@@ -0,0 +1,38 @@
+from django.db import models
+from django.core.exceptions import ValidationError
+from django.utils.translation import gettext_lazy as _
+
+from uuid import uuid4
+
+
+class AnalyticsIdentifier(models.Model):
+
+    identifier = models.UUIDField(default=uuid4,
+                                  editable=False)
+
+    def save(self, *args, **kwargs):
+        if not self.pk and AnalyticsIdentifier.objects.exists():
+            # Force a single object
+            raise ValidationError('There is can be only one \
+                                   AnalyticsIdentifier instance')
+        self.pk = self.id = 1 # If this happens to be deleted and recreated, force it to be 1
+        return super().save(*args, **kwargs)
+
+
+class AnalyticsPath(models.Model):
+    ignore_path = models.CharField(max_length=254, default="/example/", help_text="Regex Expression, If matched no Analytics Page View is sent")
+
+
+class AnalyticsTokens(models.Model):
+
+    class Analytics_Type(models.TextChoices):
+        GA_U = 'GA-U', _('Google Analytics Universal')
+        GA_V4 = 'GA-V4', _('Google Analytics V4')
+
+    name = models.CharField(max_length=254)
+    type = models.CharField(max_length=254, choices=Analytics_Type.choices)
+    token = models.CharField(max_length=254, blank=False)
+    send_page_views = models.BooleanField(default=False)
+    send_celery_tasks = models.BooleanField(default=False)
+    send_stats = models.BooleanField(default=False)
+    ignore_paths = models.ManyToManyField(AnalyticsPath, blank=True)
--- a/allianceauth/analytics/signals.py
+++ b/allianceauth/analytics/signals.py
@@ -0,0 +1,55 @@
+import logging
+from celery.signals import task_failure, task_success
+from django.conf import settings
+from allianceauth.analytics.tasks import analytics_event
+
+logger = logging.getLogger(__name__)
+
+
+@task_failure.connect
+def process_failure_signal(
+                        exception, traceback,
+                        sender, task_id, signal,
+                        args, kwargs, einfo, **kw):
+    logger.debug("Celery task_failure signal %s" % sender.__class__.__name__)
+    if getattr(settings, "ANALYTICS_DISABLED", False):
+        return
+
+    category = sender.__module__
+
+    if 'allianceauth.analytics' not in category:
+        if category.endswith(".tasks"):
+            category = category[:-6]
+
+        action = sender.__name__
+
+        label = f"{exception.__class__.__name__}"
+
+        analytics_event(category=category,
+                        action=action,
+                        label=label)
+
+
+@task_success.connect
+def celery_success_signal(sender, result=None, **kw):
+    logger.debug("Celery task_success signal %s" % sender.__class__.__name__)
+    if getattr(settings, "ANALYTICS_DISABLED", False):
+        return
+
+    category = sender.__module__
+
+    if 'allianceauth.analytics' not in category:
+        if category.endswith(".tasks"):
+            category = category[:-6]
+
+        action = sender.__name__
+        label = "Success"
+
+        value = 0
+        if isinstance(result, int):
+            value = result
+
+        analytics_event(category=category,
+                        action=action,
+                        label=label,
+                        value=value)
--- a/allianceauth/analytics/tasks.py
+++ b/allianceauth/analytics/tasks.py
@@ -0,0 +1,207 @@
+import requests
+import logging
+from django.conf import settings
+from django.apps import apps
+from celery import shared_task
+from allianceauth import __version__
+from .models import AnalyticsTokens, AnalyticsIdentifier
+from .utils import (
+    install_stat_addons,
+    install_stat_tokens,
+    install_stat_users)
+
+logger = logging.getLogger(__name__)
+
+BASE_URL = "https://www.google-analytics.com/"
+
+DEBUG_URL = f"{BASE_URL}debug/collect"
+COLLECTION_URL = f"{BASE_URL}collect"
+
+if getattr(settings, "ANALYTICS_ENABLE_DEBUG", False) and settings.DEBUG:
+    # Force sending of analytics data during in a debug/test environemt
+    # Usefull for developers working on this feature.
+    logger.warning(
+        "You have 'ANALYTICS_ENABLE_DEBUG' Enabled! "
+        "This debug instance will send analytics data!")
+    DEBUG_URL = COLLECTION_URL
+
+ANALYTICS_URL = COLLECTION_URL
+
+if settings.DEBUG is True:
+    ANALYTICS_URL = DEBUG_URL
+
+
+def analytics_event(category: str,
+                    action: str,
+                    label: str,
+                    value: int = 0,
+                    event_type: str = 'Celery'):
+    """
+    Send a Google Analytics Event for each token stored
+    Includes check for if its enabled/disabled
+
+    Args:
+        `category` (str): Celery Namespace
+        `action` (str): Task Name
+        `label` (str): Optional, Task Success/Exception
+        `value` (int): Optional, If bulk, Query size, can be a binary True/False
+        `event_type` (str): Optional, Celery or Stats only, Default to Celery
+    """
+    analyticstokens = AnalyticsTokens.objects.all()
+    client_id = AnalyticsIdentifier.objects.get(id=1).identifier.hex
+    for token in analyticstokens:
+        if event_type == 'Celery':
+            allowed = token.send_celery_tasks
+        elif event_type == 'Stats':
+            allowed = token.send_stats
+        else:
+            allowed = False
+
+        if allowed is True:
+            tracking_id = token.token
+            send_ga_tracking_celery_event.s(
+                tracking_id=tracking_id,
+                client_id=client_id,
+                category=category,
+                action=action,
+                label=label,
+                value=value).apply_async(priority=9)
+
+
+@shared_task()
+def analytics_daily_stats():
+    """Celery Task: Do not call directly
+
+    Gathers a series of daily statistics and sends analytics events containing them
+    """
+    users = install_stat_users()
+    tokens = install_stat_tokens()
+    addons = install_stat_addons()
+    logger.debug("Running Daily Analytics Upload")
+
+    analytics_event(category='allianceauth.analytics',
+                    action='send_install_stats',
+                    label='existence',
+                    value=1,
+                    event_type='Stats')
+    analytics_event(category='allianceauth.analytics',
+                    action='send_install_stats',
+                    label='users',
+                    value=users,
+                    event_type='Stats')
+    analytics_event(category='allianceauth.analytics',
+                    action='send_install_stats',
+                    label='tokens',
+                    value=tokens,
+                    event_type='Stats')
+    analytics_event(category='allianceauth.analytics',
+                    action='send_install_stats',
+                    label='addons',
+                    value=addons,
+                    event_type='Stats')
+
+    for appconfig in apps.get_app_configs():
+        analytics_event(category='allianceauth.analytics',
+                        action='send_extension_stats',
+                        label=appconfig.label,
+                        value=1,
+                        event_type='Stats')
+
+
+@shared_task()
+def send_ga_tracking_web_view(
+                            tracking_id: str,
+                            client_id: str,
+                            page: str,
+                            title: str,
+                            locale: str,
+                            useragent: str) -> requests.Response:
+
+    """Celery Task: Do not call directly
+
+    Sends Page View events to GA, Called only via analytics.middleware
+
+    Parameters
+    ----------
+    `tracking_id` (str): Unique Server Identifier
+    `client_id` (str): GA Token
+    `page` (str): Page Path
+    `title` (str): Page Title
+    `locale` (str): Browser Language
+    `useragent` (str): Browser UserAgent
+
+    Returns
+    -------
+    requests.Reponse Object
+    """
+    headers = {"User-Agent": useragent}
+
+    payload = {
+            'v': '1',
+            'tid': tracking_id,
+            'cid': client_id,
+            't': 'pageview',
+            'dp': page,
+            'dt': title,
+            'ul': locale,
+            'ua': useragent,
+            'aip': 1,
+            'an': "allianceauth",
+            'av': __version__
+            }
+
+    response = requests.post(
+                        ANALYTICS_URL, data=payload,
+                        timeout=5, headers=headers)
+    logger.debug(f"Analytics Page View HTTP{response.status_code}")
+    return response
+
+
+@shared_task()
+def send_ga_tracking_celery_event(
+                                tracking_id: str,
+                                client_id: str,
+                                category: str,
+                                action: str,
+                                label: str,
+                                value: int) -> requests.Response:
+    """Celery Task: Do not call directly
+
+    Sends Page View events to GA, Called only via analytics.middleware
+
+    Parameters
+    ----------
+    `tracking_id` (str): Unique Server Identifier
+    `client_id` (str): GA Token
+    `category` (str): Celery Namespace
+    `action` (str): Task Name
+    `label` (str): Optional, Task Success/Exception
+    `value` (int): Optional, If bulk, Query size, can be a binary True/False
+
+    Returns
+    -------
+    requests.Reponse Object
+    """
+
+    headers = {
+        "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"}
+
+    payload = {
+            'v': '1',
+            'tid': tracking_id,
+            'cid': client_id,
+            't': 'event',
+            'ec': category,
+            'ea': action,
+            'el': label,
+            'ev': value,
+            'aip': 1,
+            'an': "allianceauth",
+            'av': __version__
+            }
+
+    response = requests.post(
+                        ANALYTICS_URL, data=payload,
+                        timeout=5, headers=headers)
+    logger.debug(f"Analytics Celery/Stats Event HTTP{response.status_code}")
+    return response
--- a/allianceauth/analytics/tests/init.py
+++ b/allianceauth/analytics/tests/init.py
--- a/allianceauth/analytics/tests/test_integration.py
+++ b/allianceauth/analytics/tests/test_integration.py
@@ -0,0 +1,108 @@
+from unittest.mock import patch
+from urllib.parse import parse_qs
+
+import requests_mock
+
+from django.test import TestCase, override_settings
+
+from allianceauth.analytics.tasks import ANALYTICS_URL
+from allianceauth.eveonline.tasks import update_character
+from allianceauth.tests.auth_utils import AuthUtils
+
+
+@override_settings(CELERY_ALWAYS_EAGER=True)
+@requests_mock.mock()
+class TestAnalyticsForViews(TestCase):
+    @override_settings(ANALYTICS_DISABLED=False)
+    def test_should_run_analytics(self, requests_mocker):
+        # given
+        requests_mocker.post(ANALYTICS_URL)
+        user = AuthUtils.create_user("Bruce Wayne")
+        self.client.force_login(user)
+        # when
+        response = self.client.get("/dashboard/")
+        # then
+        self.assertEqual(response.status_code, 200)
+        self.assertTrue(requests_mocker.called)
+
+    @override_settings(ANALYTICS_DISABLED=True)
+    def test_should_not_run_analytics(self, requests_mocker):
+        # given
+        requests_mocker.post(ANALYTICS_URL)
+        user = AuthUtils.create_user("Bruce Wayne")
+        self.client.force_login(user)
+        # when
+        response = self.client.get("/dashboard/")
+        # then
+        self.assertEqual(response.status_code, 200)
+        self.assertFalse(requests_mocker.called)
+
+
+@override_settings(CELERY_ALWAYS_EAGER=True)
+@requests_mock.mock()
+class TestAnalyticsForTasks(TestCase):
+    @override_settings(ANALYTICS_DISABLED=False)
+    @patch("allianceauth.eveonline.models.EveCharacter.objects.update_character")
+    def test_should_run_analytics_for_successful_task(
+        self, requests_mocker, mock_update_character
+    ):
+        # given
+        requests_mocker.post(ANALYTICS_URL)
+        user = AuthUtils.create_user("Bruce Wayne")
+        character = AuthUtils.add_main_character_2(user, "Bruce Wayne", 1001)
+        # when
+        update_character.delay(character.character_id)
+        # then
+        self.assertTrue(mock_update_character.called)
+        self.assertTrue(requests_mocker.called)
+        payload = parse_qs(requests_mocker.last_request.text)
+        self.assertListEqual(payload["el"], ["Success"])
+
+    @override_settings(ANALYTICS_DISABLED=True)
+    @patch("allianceauth.eveonline.models.EveCharacter.objects.update_character")
+    def test_should_not_run_analytics_for_successful_task(
+        self, requests_mocker, mock_update_character
+    ):
+        # given
+        requests_mocker.post(ANALYTICS_URL)
+        user = AuthUtils.create_user("Bruce Wayne")
+        character = AuthUtils.add_main_character_2(user, "Bruce Wayne", 1001)
+        # when
+        update_character.delay(character.character_id)
+        # then
+        self.assertTrue(mock_update_character.called)
+        self.assertFalse(requests_mocker.called)
+
+    @override_settings(ANALYTICS_DISABLED=False)
+    @patch("allianceauth.eveonline.models.EveCharacter.objects.update_character")
+    def test_should_run_analytics_for_failed_task(
+        self, requests_mocker, mock_update_character
+    ):
+        # given
+        requests_mocker.post(ANALYTICS_URL)
+        mock_update_character.side_effect = RuntimeError
+        user = AuthUtils.create_user("Bruce Wayne")
+        character = AuthUtils.add_main_character_2(user, "Bruce Wayne", 1001)
+        # when
+        update_character.delay(character.character_id)
+        # then
+        self.assertTrue(mock_update_character.called)
+        self.assertTrue(requests_mocker.called)
+        payload = parse_qs(requests_mocker.last_request.text)
+        self.assertNotEqual(payload["el"], ["Success"])
+
+    @override_settings(ANALYTICS_DISABLED=True)
+    @patch("allianceauth.eveonline.models.EveCharacter.objects.update_character")
+    def test_should_not_run_analytics_for_failed_task(
+        self, requests_mocker, mock_update_character
+    ):
+        # given
+        requests_mocker.post(ANALYTICS_URL)
+        mock_update_character.side_effect = RuntimeError
+        user = AuthUtils.create_user("Bruce Wayne")
+        character = AuthUtils.add_main_character_2(user, "Bruce Wayne", 1001)
+        # when
+        update_character.delay(character.character_id)
+        # then
+        self.assertTrue(mock_update_character.called)
+        self.assertFalse(requests_mocker.called)
--- a/allianceauth/analytics/tests/test_middleware.py
+++ b/allianceauth/analytics/tests/test_middleware.py
@@ -0,0 +1,23 @@
+from allianceauth.analytics.middleware import AnalyticsMiddleware
+from unittest.mock import Mock
+
+from django.test.testcases import TestCase
+
+
+class TestAnalyticsMiddleware(TestCase):
+
+    def setUp(self):
+        self.middleware = AnalyticsMiddleware()
+        self.request = Mock()
+        self.request.headers = {
+                "User-Agent": "AUTOMATED TEST"
+            }
+        self.request.path = '/testURL/'
+        self.request.session = {}
+        self.request.LANGUAGE_CODE = 'en'
+        self.response = Mock()
+        self.response.content = 'hello world'
+
+    def test_middleware(self):
+        response = self.middleware.process_response(self.request, self.response)
+        self.assertEqual(self.response, response)
--- a/allianceauth/analytics/tests/test_models.py
+++ b/allianceauth/analytics/tests/test_models.py
@@ -0,0 +1,26 @@
+from allianceauth.analytics.models import AnalyticsIdentifier
+from django.core.exceptions import ValidationError
+
+from django.test.testcases import TestCase
+
+from uuid import UUID, uuid4
+
+
+# Identifiers
+uuid_1 = "ab33e241fbf042b6aa77c7655a768af7"
+uuid_2 = "7aa6bd70701f44729af5e3095ff4b55c"
+
+
+class TestAnalyticsIdentifier(TestCase):
+
+    def test_identifier_random(self):
+        self.assertNotEqual(AnalyticsIdentifier.objects.get(), uuid4)
+
+    def test_identifier_singular(self):
+        AnalyticsIdentifier.objects.all().delete()
+        AnalyticsIdentifier.objects.create(identifier=uuid_1)
+        # Yeah i have multiple asserts here, they all do the same thing
+        with self.assertRaises(ValidationError):
+            AnalyticsIdentifier.objects.create(identifier=uuid_2)
+        self.assertEqual(AnalyticsIdentifier.objects.count(), 1)
+        self.assertEqual(AnalyticsIdentifier.objects.get(pk=1).identifier, UUID(uuid_1))
--- a/allianceauth/analytics/tests/test_tasks.py
+++ b/allianceauth/analytics/tests/test_tasks.py
@@ -0,0 +1,119 @@
+from allianceauth.analytics.tasks import (
+    analytics_event,
+    send_ga_tracking_celery_event,
+    send_ga_tracking_web_view)
+from django.test.testcases import TestCase
+
+
+class TestAnalyticsTasks(TestCase):
+    def test_analytics_event(self):
+        analytics_event(
+                        category='allianceauth.analytics',
+                        action='send_tests',
+                        label='test',
+                        value=1,
+                        event_type='Stats')
+
+    def test_send_ga_tracking_web_view_sent(self):
+        # This test sends if the event SENDS to google
+        # Not if it was successful
+        tracking_id = 'UA-186249766-2'
+        client_id = 'ab33e241fbf042b6aa77c7655a768af7'
+        page = '/index/'
+        title = 'Hello World'
+        locale = 'en'
+        useragent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"
+        response = send_ga_tracking_web_view(
+                                            tracking_id,
+                                            client_id,
+                                            page,
+                                            title,
+                                            locale,
+                                            useragent)
+        self.assertEqual(response.status_code, 200)
+
+    def test_send_ga_tracking_web_view_success(self):
+        tracking_id = 'UA-186249766-2'
+        client_id = 'ab33e241fbf042b6aa77c7655a768af7'
+        page = '/index/'
+        title = 'Hello World'
+        locale = 'en'
+        useragent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"
+        json_response = send_ga_tracking_web_view(
+                                                tracking_id,
+                                                client_id,
+                                                page,
+                                                title,
+                                                locale,
+                                                useragent).json()
+        self.assertTrue(json_response["hitParsingResult"][0]["valid"])
+
+    def test_send_ga_tracking_web_view_invalid_token(self):
+        tracking_id = 'UA-IntentionallyBadTrackingID-2'
+        client_id = 'ab33e241fbf042b6aa77c7655a768af7'
+        page = '/index/'
+        title = 'Hello World'
+        locale = 'en'
+        useragent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"
+        json_response = send_ga_tracking_web_view(
+                                            tracking_id,
+                                            client_id,
+                                            page,
+                                            title,
+                                            locale,
+                                            useragent).json()
+        self.assertFalse(json_response["hitParsingResult"][0]["valid"])
+        self.assertEqual(json_response["hitParsingResult"][0]["parserMessage"][1]["description"], "The value provided for parameter 'tid' is invalid. Please see http://goo.gl/a8d4RP#tid for details.")
+
+        # [{'valid': False, 'parserMessage': [{'messageType': 'INFO', 'description': 'IP Address from this hit was anonymized to 1.132.110.0.', 'messageCode': 'VALUE_MODIFIED'}, {'messageType': 'ERROR', 'description': "The value provided for parameter 'tid' is invalid. Please see http://goo.gl/a8d4RP#tid for details.", 'messageCode': 'VALUE_INVALID', 'parameter': 'tid'}], 'hit': '/debug/collect?v=1&tid=UA-IntentionallyBadTrackingID-2&cid=ab33e241fbf042b6aa77c7655a768af7&t=pageview&dp=/index/&dt=Hello World&ul=en&ua=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36&aip=1&an=allianceauth&av=2.9.0a2'}]
+
+    def test_send_ga_tracking_celery_event_sent(self):
+        tracking_id = 'UA-186249766-2'
+        client_id = 'ab33e241fbf042b6aa77c7655a768af7'
+        category = 'test'
+        action = 'test'
+        label = 'test'
+        value = '1'
+        response = send_ga_tracking_celery_event(
+                                                tracking_id,
+                                                client_id,
+                                                category,
+                                                action,
+                                                label,
+                                                value)
+        self.assertEqual(response.status_code, 200)
+
+    def test_send_ga_tracking_celery_event_success(self):
+        tracking_id = 'UA-186249766-2'
+        client_id = 'ab33e241fbf042b6aa77c7655a768af7'
+        category = 'test'
+        action = 'test'
+        label = 'test'
+        value = '1'
+        json_response = send_ga_tracking_celery_event(
+                                                    tracking_id,
+                                                    client_id,
+                                                    category,
+                                                    action,
+                                                    label,
+                                                    value).json()
+        self.assertTrue(json_response["hitParsingResult"][0]["valid"])
+
+    def test_send_ga_tracking_celery_event_invalid_token(self):
+        tracking_id = 'UA-IntentionallyBadTrackingID-2'
+        client_id = 'ab33e241fbf042b6aa77c7655a768af7'
+        category = 'test'
+        action = 'test'
+        label = 'test'
+        value = '1'
+        json_response = send_ga_tracking_celery_event(
+                                                    tracking_id,
+                                                    client_id,
+                                                    category,
+                                                    action,
+                                                    label,
+                                                    value).json()
+        self.assertFalse(json_response["hitParsingResult"][0]["valid"])
+        self.assertEqual(json_response["hitParsingResult"][0]["parserMessage"][1]["description"], "The value provided for parameter 'tid' is invalid. Please see http://goo.gl/a8d4RP#tid for details.")
+
+        # [{'valid': False, 'parserMessage': [{'messageType': 'INFO', 'description': 'IP Address from this hit was anonymized to 1.132.110.0.', 'messageCode': 'VALUE_MODIFIED'}, {'messageType': 'ERROR', 'description': "The value provided for parameter 'tid' is invalid. Please see http://goo.gl/a8d4RP#tid for details.", 'messageCode': 'VALUE_INVALID', 'parameter': 'tid'}], 'hit': '/debug/collect?v=1&tid=UA-IntentionallyBadTrackingID-2&cid=ab33e241fbf042b6aa77c7655a768af7&t=pageview&dp=/index/&dt=Hello World&ul=en&ua=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36&aip=1&an=allianceauth&av=2.9.0a2'}]
--- a/allianceauth/analytics/tests/test_utils.py
+++ b/allianceauth/analytics/tests/test_utils.py
@@ -0,0 +1,55 @@
+from django.apps import apps
+from allianceauth.authentication.models import User
+from esi.models import Token
+from allianceauth.analytics.utils import install_stat_users, install_stat_tokens, install_stat_addons
+
+from django.test.testcases import TestCase
+
+
+def create_testdata():
+    User.objects.all().delete()
+    User.objects.create_user(
+        'user_1'
+        'abc@example.com',
+        'password'
+    )
+    User.objects.create_user(
+        'user_2'
+        'abc@example.com',
+        'password'
+    )
+    #Token.objects.all().delete()
+    #Token.objects.create(
+    #            character_id=101,
+    #            character_name='character1',
+    #            access_token='my_access_token'
+    #)
+    #Token.objects.create(
+    #            character_id=102,
+    #            character_name='character2',
+    #            access_token='my_access_token'
+    #)
+
+
+class TestAnalyticsUtils(TestCase):
+
+    def test_install_stat_users(self):
+        create_testdata()
+        expected = 2
+
+        users = install_stat_users()
+        self.assertEqual(users, expected)
+
+    #def test_install_stat_tokens(self):
+    #    create_testdata()
+    #    expected = 2
+    #
+    #   tokens = install_stat_tokens()
+    #   self.assertEqual(tokens, expected)
+
+    def test_install_stat_addons(self):
+        # this test does what its testing...
+        # but helpful for existing as a sanity check
+        expected = len(list(apps.get_app_configs()))
+        addons = install_stat_addons()
+        self.assertEqual(addons, expected)
--- a/allianceauth/analytics/utils.py
+++ b/allianceauth/analytics/utils.py
@@ -0,0 +1,36 @@
+from django.apps import apps
+from allianceauth.authentication.models import User
+from esi.models import Token
+
+
+def install_stat_users() -> int:
+    """Count and Return the number of User accounts
+
+    Returns
+    -------
+    int
+        The Number of User objects"""
+    users = User.objects.count()
+    return users
+
+
+def install_stat_tokens() -> int:
+    """Count and Return the number of ESI Tokens Stored
+
+    Returns
+    -------
+    int
+        The Number of Token Objects"""
+    tokens = Token.objects.count()
+    return tokens
+
+
+def install_stat_addons() -> int:
+    """Count and Return the number of Django Applications Installed
+
+    Returns
+    -------
+    int
+        The Number of Installed Apps"""
+    addons = len(list(apps.get_app_configs()))
+    return addons
--- a/allianceauth/apps.py
+++ b/allianceauth/apps.py
@@ -0,0 +1,5 @@
+from django.apps import AppConfig
+
+
+class AllianceAuthConfig(AppConfig):
+    name = 'allianceauth'
--- a/allianceauth/authentication/init.py
+++ b/allianceauth/authentication/init.py
@@ -0,0 +1 @@
+default_app_config = 'allianceauth.authentication.apps.AuthenticationConfig'
--- a/allianceauth/authentication/admin.py
+++ b/allianceauth/authentication/admin.py
@@ -0,0 +1,631 @@
+from django.contrib import admin
+from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
+from django.contrib.auth.models import User as BaseUser, \
+    Permission as BasePermission, Group
+from django.db.models import Count, Q
+from allianceauth.services.hooks import ServicesHook
+from django.db.models.signals import pre_save, post_save, pre_delete, \
+    post_delete, m2m_changed
+from django.db.models.functions import Lower
+from django.dispatch import receiver
+from django.forms import ModelForm
+from django.utils.html import format_html
+from django.urls import reverse
+from django.utils.text import slugify
+
+from allianceauth.authentication.models import State, get_guest_state,\
+    CharacterOwnership, UserProfile, OwnershipRecord
+from allianceauth.hooks import get_hooks
+from allianceauth.eveonline.models import EveCharacter, EveCorporationInfo,\
+    EveAllianceInfo, EveFactionInfo
+from allianceauth.eveonline.tasks import update_character
+from .app_settings import AUTHENTICATION_ADMIN_USERS_MAX_GROUPS, \
+    AUTHENTICATION_ADMIN_USERS_MAX_CHARS
+
+
+def make_service_hooks_update_groups_action(service):
+    """
+    Make a admin action for the given service
+    :param service: services.hooks.ServicesHook
+    :return: fn to update services groups for the selected users
+    """
+    def update_service_groups(modeladmin, request, queryset):
+        if hasattr(service, 'update_groups_bulk'):
+            service.update_groups_bulk(queryset)
+        else:
+            for user in queryset:  # queryset filtering doesn't work here?
+                service.update_groups(user)
+
+    update_service_groups.__name__ = str(f'update_{slugify(service.name)}_groups')
+    update_service_groups.short_description = f"Sync groups for selected {service.title} accounts"
+    return update_service_groups
+
+
+def make_service_hooks_sync_nickname_action(service):
+    """
+    Make a sync_nickname admin action for the given service
+    :param service: services.hooks.ServicesHook
+    :return: fn to sync nickname for the selected users
+    """
+    def sync_nickname(modeladmin, request, queryset):
+        if hasattr(service, 'sync_nicknames_bulk'):
+            service.sync_nicknames_bulk(queryset)
+        else:
+            for user in queryset:  # queryset filtering doesn't work here?
+                service.sync_nickname(user)
+
+    sync_nickname.__name__ = str(f'sync_{slugify(service.name)}_nickname')
+    sync_nickname.short_description = f"Sync nicknames for selected {service.title} accounts"
+    return sync_nickname
+
+
+class QuerysetModelForm(ModelForm):
+    # allows specifying FK querysets through kwarg
+    def __init__(self, querysets=None, *args, **kwargs):
+        querysets = querysets or {}
+        super().__init__(*args, **kwargs)
+        for field, qs in querysets.items():
+            self.fields[field].queryset = qs
+
+
+class UserProfileInline(admin.StackedInline):
+    model = UserProfile
+    readonly_fields = ('state',)
+    form = QuerysetModelForm
+    verbose_name = ''
+    verbose_name_plural = 'Profile'
+
+    def get_formset(self, request, obj=None, **kwargs):
+        # main_character field can only show current value or unclaimed alts
+        # if superuser, allow selecting from any unclaimed main
+        query = Q()
+        if obj and obj.profile.main_character:
+            query |= Q(pk=obj.profile.main_character_id)
+            if request.user.is_superuser:
+                query |= Q(userprofile__isnull=True)
+            else:
+                query |= Q(character_ownership__user=obj)
+        formset = super().get_formset(request, obj=obj, **kwargs)
+
+        def get_kwargs(self, index):
+            return {'querysets': {'main_character': EveCharacter.objects.filter(query)}}
+        formset.get_form_kwargs = get_kwargs
+        return formset
+
+    def has_add_permission(self, request, obj=None):
+        return False
+
+    def has_delete_permission(self, request, obj=None):
+        return False
+
+
+def user_profile_pic(obj):
+    """profile pic column data for user objects
+
+    works for both User objects and objects with `user` as FK to User
+    To be used for all user based admin lists (requires CSS)
+    """
+    user_obj = obj.user if hasattr(obj, 'user') else obj
+    if user_obj.profile.main_character:
+        return format_html(
+            '<img src="{}" class="img-circle">',
+            user_obj.profile.main_character.portrait_url(size=32)
+        )
+    else:
+        return None
+
+
+user_profile_pic.short_description = ''
+
+
+def user_username(obj):
+    """user column data for user objects
+
+    works for both User objects and objects with `user` as FK to User
+    To be used for all user based admin lists
+    """
+    link = reverse(
+        'admin:{}_{}_change'.format(
+            obj._meta.app_label,
+            type(obj).__name__.lower()
+        ),
+        args=(obj.pk,)
+    )
+    user_obj = obj.user if hasattr(obj, 'user') else obj
+    if user_obj.profile.main_character:
+        return format_html(
+            '<strong><a href="{}">{}</a></strong><br>{}',
+            link,
+            user_obj.username,
+            user_obj.profile.main_character.character_name
+        )
+    else:
+        return format_html(
+            '<strong><a href="{}">{}</a></strong>',
+            link,
+            user_obj.username,
+        )
+
+
+user_username.short_description = 'user / main'
+user_username.admin_order_field = 'username'
+
+
+def user_main_organization(obj):
+    """main organization column data for user objects
+
+    works for both User objects and objects with `user` as FK to User
+    To be used for all user based admin lists
+    """
+    user_obj = obj.user if hasattr(obj, 'user') else obj
+    if not user_obj.profile.main_character:
+        result = ''
+    else:
+        result = user_obj.profile.main_character.corporation_name
+        if user_obj.profile.main_character.alliance_id:
+            result += f'<br>{user_obj.profile.main_character.alliance_name}'
+        elif user_obj.profile.main_character.faction_name:
+            result += f'<br>{user_obj.profile.main_character.faction_name}'
+    return format_html(result)
+
+
+user_main_organization.short_description = 'Corporation / Alliance (Main)'
+user_main_organization.admin_order_field = \
+    'profile__main_character__corporation_name'
+
+
+class MainCorporationsFilter(admin.SimpleListFilter):
+    """Custom filter to filter on corporations from mains only
+
+    works for both User objects and objects with `user` as FK to User
+    To be used for all user based admin lists
+    """
+    title = 'corporation'
+    parameter_name = 'main_corporation_id__exact'
+
+    def lookups(self, request, model_admin):
+        qs = EveCharacter.objects\
+            .exclude(userprofile=None)\
+            .values('corporation_id', 'corporation_name')\
+            .distinct()\
+            .order_by(Lower('corporation_name'))
+        return tuple(
+            (x['corporation_id'], x['corporation_name']) for x in qs
+        )
+
+    def queryset(self, request, qs):
+        if self.value() is None:
+            return qs.all()
+        else:
+            if qs.model == User:
+                return qs.filter(
+                    profile__main_character__corporation_id=self.value()
+                )
+            else:
+                return qs.filter(
+                    user__profile__main_character__corporation_id=self.value()
+                )
+
+
+class MainAllianceFilter(admin.SimpleListFilter):
+    """Custom filter to filter on alliances from mains only
+
+    works for both User objects and objects with `user` as FK to User
+    To be used for all user based admin lists
+    """
+    title = 'alliance'
+    parameter_name = 'main_alliance_id__exact'
+
+    def lookups(self, request, model_admin):
+        qs = EveCharacter.objects\
+            .exclude(alliance_id=None)\
+            .exclude(userprofile=None)\
+            .values('alliance_id', 'alliance_name')\
+            .distinct()\
+            .order_by(Lower('alliance_name'))
+        return tuple(
+            (x['alliance_id'], x['alliance_name']) for x in qs
+        )
+
+    def queryset(self, request, qs):
+        if self.value() is None:
+            return qs.all()
+        else:
+            if qs.model == User:
+                return qs.filter(profile__main_character__alliance_id=self.value())
+            else:
+                return qs.filter(
+                    user__profile__main_character__alliance_id=self.value()
+                )
+
+
+class MainFactionFilter(admin.SimpleListFilter):
+    """Custom filter to filter on factions from mains only
+
+    works for both User objects and objects with `user` as FK to User
+    To be used for all user based admin lists
+    """
+    title = 'faction'
+    parameter_name = 'main_faction_id__exact'
+
+    def lookups(self, request, model_admin):
+        qs = EveCharacter.objects\
+            .exclude(faction_id=None)\
+            .exclude(userprofile=None)\
+            .values('faction_id', 'faction_name')\
+            .distinct()\
+            .order_by(Lower('faction_name'))
+        return tuple(
+            (x['faction_id'], x['faction_name']) for x in qs
+        )
+
+    def queryset(self, request, qs):
+        if self.value() is None:
+            return qs.all()
+        else:
+            if qs.model == User:
+                return qs.filter(profile__main_character__faction_id=self.value())
+            else:
+                return qs.filter(
+                    user__profile__main_character__faction_id=self.value()
+                )
+
+
+def update_main_character_model(modeladmin, request, queryset):
+    tasks_count = 0
+    for obj in queryset:
+        if obj.profile.main_character:
+            update_character.delay(obj.profile.main_character.character_id)
+            tasks_count += 1
+
+    modeladmin.message_user(
+        request,
+        f'Update from ESI started for {tasks_count} characters'
+    )
+
+
+update_main_character_model.short_description = \
+    'Update main character model from ESI'
+
+
+class UserAdmin(BaseUserAdmin):
+    """Extending Django's UserAdmin model
+
+    Behavior of groups and characters columns can be configured via settings
+    """
+
+    class Media:
+        css = {
+            "all": ("authentication/css/admin.css",)
+        }
+
+    def get_queryset(self, request):
+        qs = super().get_queryset(request)
+        return qs.prefetch_related("character_ownerships__character", "groups")
+
+    def get_actions(self, request):
+        actions = super(BaseUserAdmin, self).get_actions(request)
+
+        actions[update_main_character_model.__name__] = (
+            update_main_character_model,
+            update_main_character_model.__name__,
+            update_main_character_model.short_description
+        )
+
+        for hook in get_hooks('services_hook'):
+            svc = hook()
+            # Check update_groups is redefined/overloaded
+            if svc.update_groups.__module__ != ServicesHook.update_groups.__module__:
+                action = make_service_hooks_update_groups_action(svc)
+                actions[action.__name__] = (
+                    action,
+                    action.__name__,
+                    action.short_description
+                )
+
+            # Create sync nickname action if service implements it
+            if svc.sync_nickname.__module__ != ServicesHook.sync_nickname.__module__:
+                action = make_service_hooks_sync_nickname_action(svc)
+                actions[action.__name__] = (
+                    action, action.__name__,
+                    action.short_description
+                )
+        return actions
+
+    def _list_2_html_w_tooltips(self, my_items: list, max_items: int) -> str:
+        """converts list of strings into HTML with cutoff and tooltip"""
+        items_truncated_str = ', '.join(my_items[:max_items])
+        if not my_items:
+            result = None
+        elif len(my_items) <= max_items:
+            result = items_truncated_str
+        else:
+            items_truncated_str += ', (...)'
+            items_all_str = ', '.join(my_items)
+            result = format_html(
+                '<span data-tooltip="{}" class="tooltip">{}</span>',
+                items_all_str,
+                items_truncated_str
+            )
+        return result
+
+    inlines = BaseUserAdmin.inlines + [UserProfileInline]
+    ordering = ('username', )
+    list_select_related = ('profile__state', 'profile__main_character')
+    show_full_result_count = True
+    list_display = (
+        user_profile_pic,
+        user_username,
+        '_state',
+        '_groups',
+        user_main_organization,
+        '_characters',
+        'is_active',
+        'date_joined',
+        '_role'
+    )
+    list_display_links = None
+    list_filter = (
+        'profile__state',
+        'groups',
+        MainCorporationsFilter,
+        MainAllianceFilter,
+        MainFactionFilter,
+        'is_active',
+        'date_joined',
+        'is_staff',
+        'is_superuser'
+    )
+    search_fields = (
+        'username',
+        'character_ownerships__character__character_name'
+    )
+    readonly_fields = ('date_joined', 'last_login')
+
+    def _characters(self, obj):
+        character_ownerships = list(obj.character_ownerships.all())
+        characters = [obj.character.character_name for obj in character_ownerships]
+        return self._list_2_html_w_tooltips(
+            sorted(characters),
+            AUTHENTICATION_ADMIN_USERS_MAX_CHARS
+        )
+
+    _characters.short_description = 'characters'
+
+    def _state(self, obj):
+        return obj.profile.state.name
+
+    _state.short_description = 'state'
+    _state.admin_order_field = 'profile__state'
+
+    def _groups(self, obj):
+        my_groups = sorted(group.name for group in list(obj.groups.all()))
+        return self._list_2_html_w_tooltips(
+            my_groups, AUTHENTICATION_ADMIN_USERS_MAX_GROUPS
+        )
+
+    _groups.short_description = 'groups'
+
+    def _role(self, obj):
+        if obj.is_superuser:
+            role = 'Superuser'
+        elif obj.is_staff:
+            role = 'Staff'
+        else:
+            role = 'User'
+        return role
+
+    _role.short_description = 'role'
+
+    def has_change_permission(self, request, obj=None):
+        return request.user.has_perm('auth.change_user')
+
+    def has_add_permission(self, request, obj=None):
+        return request.user.has_perm('auth.add_user')
+
+    def has_delete_permission(self, request, obj=None):
+        return request.user.has_perm('auth.delete_user')
+
+    def get_object(self, *args , **kwargs):
+        obj = super().get_object(*args , **kwargs)
+        self.obj = obj  # storing current object for use in formfield_for_manytomany
+        return obj
+
+    def formfield_for_manytomany(self, db_field, request, **kwargs):
+        if db_field.name == "groups":
+            groups_qs = Group.objects.filter(authgroup__states__isnull=True)
+            obj_state = self.obj.profile.state
+            if obj_state:
+                matching_groups_qs = Group.objects.filter(authgroup__states=obj_state)
+                groups_qs = groups_qs | matching_groups_qs
+            kwargs["queryset"] = groups_qs.order_by(Lower('name'))
+        return super().formfield_for_manytomany(db_field, request, **kwargs)
+
+
+@admin.register(State)
+class StateAdmin(admin.ModelAdmin):
+    list_select_related = True
+    list_display = ('name', 'priority', '_user_count')
+
+    def get_queryset(self, request):
+        qs = super().get_queryset(request)
+        return qs.annotate(user_count=Count("userprofile__id"))
+
+    def _user_count(self, obj):
+        return obj.user_count
+    _user_count.short_description = 'Users'
+    _user_count.admin_order_field = 'user_count'
+
+    fieldsets = (
+        (None, {
+            'fields': ('name', 'permissions', 'priority'),
+        }),
+        ('Membership', {
+            'fields': (
+                'public',
+                'member_characters',
+                'member_corporations',
+                'member_alliances',
+                'member_factions'
+            ),
+        })
+    )
+    filter_horizontal = [
+        'member_characters',
+        'member_corporations',
+        'member_alliances',
+        'member_factions',
+        'permissions'
+    ]
+
+    def formfield_for_manytomany(self, db_field, request, **kwargs):
+        """overriding this formfield to have sorted lists in the form"""
+        if db_field.name == "member_characters":
+            kwargs["queryset"] = EveCharacter.objects.all()\
+                .order_by(Lower('character_name'))
+        elif db_field.name == "member_corporations":
+            kwargs["queryset"] = EveCorporationInfo.objects.all()\
+                .order_by(Lower('corporation_name'))
+        elif db_field.name == "member_alliances":
+            kwargs["queryset"] = EveAllianceInfo.objects.all()\
+                .order_by(Lower('alliance_name'))
+        elif db_field.name == "member_factions":
+            kwargs["queryset"] = EveFactionInfo.objects.all()\
+                .order_by(Lower('faction_name'))
+        elif db_field.name == "permissions":
+            kwargs["queryset"] = Permission.objects.select_related("content_type").all()
+        return super().formfield_for_manytomany(db_field, request, **kwargs)
+
+    def has_delete_permission(self, request, obj=None):
+        if obj == get_guest_state():
+            return False
+        return super().has_delete_permission(request, obj=obj)
+
+    def get_fieldsets(self, request, obj=None):
+        if obj == get_guest_state():
+            return (
+                (None, {
+                    'fields': ('permissions', 'priority'),
+                }),
+            )
+        return super().get_fieldsets(request, obj=obj)
+
+
+class BaseOwnershipAdmin(admin.ModelAdmin):
+    class Media:
+        css = {
+            "all": ("authentication/css/admin.css",)
+        }
+
+    list_select_related = (
+        'user__profile__state', 'user__profile__main_character', 'character')
+    list_display = (
+        user_profile_pic,
+        user_username,
+        user_main_organization,
+        'character',
+    )
+    search_fields = (
+        'user__username',
+        'character__character_name',
+        'character__corporation_name',
+        'character__alliance_name',
+        'character__faction_name'
+    )
+    list_filter = (
+        MainCorporationsFilter,
+        MainAllianceFilter,
+    )
+
+    def get_readonly_fields(self, request, obj=None):
+        if obj and obj.pk:
+            return 'owner_hash', 'character'
+        return tuple()
+
+
+@admin.register(OwnershipRecord)
+class OwnershipRecordAdmin(BaseOwnershipAdmin):
+    list_display = BaseOwnershipAdmin.list_display + ('created',)
+
+
+@admin.register(CharacterOwnership)
+class CharacterOwnershipAdmin(BaseOwnershipAdmin):
+    def has_add_permission(self, request):
+        return False
+
+
+class PermissionAdmin(admin.ModelAdmin):
+    actions = None
+    readonly_fields = [field.name for field in BasePermission._meta.fields]
+    search_fields = ('codename', )
+    list_display = ('admin_name', 'name', 'codename', 'content_type')
+    list_filter = ('content_type__app_label',)
+
+    @staticmethod
+    def admin_name(obj):
+        return str(obj)
+
+    def has_add_permission(self, request, obj=None):
+        return False
+
+    def has_delete_permission(self, request, obj=None):
+        return False
+
+    def has_module_permission(self, request):
+        return True
+
+    def has_change_permission(self, request, obj=None):
+        # can see list but not edit it
+        return not obj
+
+
+# Hack to allow registration of django.contrib.auth models in our authentication app
+class User(BaseUser):
+    class Meta:
+        proxy = True
+        verbose_name = BaseUser._meta.verbose_name
+        verbose_name_plural = BaseUser._meta.verbose_name_plural
+
+
+class Permission(BasePermission):
+    class Meta:
+        proxy = True
+        verbose_name = BasePermission._meta.verbose_name
+        verbose_name_plural = BasePermission._meta.verbose_name_plural
+
+
+try:
+    admin.site.unregister(BaseUser)
+finally:
+    admin.site.register(User, UserAdmin)
+    admin.site.register(Permission, PermissionAdmin)
+
+
+@receiver(pre_save, sender=User)
+def redirect_pre_save(sender, signal=None, *args, **kwargs):
+    pre_save.send(BaseUser, *args, **kwargs)
+
+
+@receiver(post_save, sender=User)
+def redirect_post_save(sender, signal=None, *args, **kwargs):
+    post_save.send(BaseUser, *args, **kwargs)
+
+
+@receiver(pre_delete, sender=User)
+def redirect_pre_delete(sender, signal=None, *args, **kwargs):
+    pre_delete.send(BaseUser, *args, **kwargs)
+
+
+@receiver(post_delete, sender=User)
+def redirect_post_delete(sender, signal=None, *args, **kwargs):
+    post_delete.send(BaseUser, *args, **kwargs)
+
+
+@receiver(m2m_changed, sender=User.groups.through)
+def redirect_m2m_changed_groups(sender, signal=None, *args, **kwargs):
+    m2m_changed.send(BaseUser, *args, **kwargs)
+
+
+@receiver(m2m_changed, sender=User.user_permissions.through)
+def redirect_m2m_changed_permissions(sender, signal=None, *args, **kwargs):
+    m2m_changed.send(BaseUser, *args, **kwargs)
--- a/allianceauth/authentication/app_settings.py
+++ b/allianceauth/authentication/app_settings.py
@@ -0,0 +1,45 @@
+from django.conf import settings
+
+
+def _clean_setting(
+    name: str,
+    default_value: object,
+    min_value: int = None,
+    max_value: int = None,
+    required_type: type = None
+):
+    """cleans the input for a custom setting
+
+    Will use `default_value` if settings does not exit or has the wrong type
+    or is outside define boundaries (for int only)
+
+    Need to define `required_type` if `default_value` is `None`
+
+    Will assume `min_value` of 0 for int (can be overriden)
+
+    Returns cleaned value for setting
+    """
+    if default_value is None and not required_type:
+        raise ValueError('You must specify a required_type for None defaults')
+
+    if not required_type:
+        required_type = type(default_value)
+
+    if min_value is None and required_type == int:
+        min_value = 0
+
+    if (hasattr(settings, name)
+        and isinstance(getattr(settings, name), required_type)
+        and (min_value is None or getattr(settings, name) >= min_value)
+        and (max_value is None or getattr(settings, name) <= max_value)
+    ):
+        return getattr(settings, name)
+    else:
+        return default_value
+
+
+AUTHENTICATION_ADMIN_USERS_MAX_GROUPS = \
+    _clean_setting('AUTHENTICATION_ADMIN_USERS_MAX_GROUPS', 10)
+
+AUTHENTICATION_ADMIN_USERS_MAX_CHARS = \
+    _clean_setting('AUTHENTICATION_ADMIN_USERS_MAX_CHARS', 5)
--- a/allianceauth/authentication/apps.py
+++ b/allianceauth/authentication/apps.py
@@ -0,0 +1,16 @@
+from django.apps import AppConfig
+from django.core.checks import register, Tags
+
+
+class AuthenticationConfig(AppConfig):
+    name = "allianceauth.authentication"
+    label = "authentication"
+
+    def ready(self):
+        from allianceauth.authentication import checks, signals  # noqa: F401
+        from allianceauth.authentication.task_statistics import (
+            signals as celery_signals,
+        )
+
+        register(Tags.security)(checks.check_login_scopes_setting)
+        celery_signals.reset_counters()
--- a/allianceauth/authentication/backends.py
+++ b/allianceauth/authentication/backends.py
@@ -0,0 +1,96 @@
+import logging
+
+from django.contrib.auth.backends import ModelBackend
+from django.contrib.auth.models import User, Permission
+
+from .models import UserProfile, CharacterOwnership, OwnershipRecord
+
+
+logger = logging.getLogger(__name__)
+
+
+class StateBackend(ModelBackend):
+    @staticmethod
+    def _get_state_permissions(user_obj):
+        """returns permissions for state of given user object"""
+        if hasattr(user_obj, "profile") and user_obj.profile:
+            return Permission.objects.filter(state=user_obj.profile.state)
+        else:
+            return Permission.objects.none()
+
+    def get_state_permissions(self, user_obj, obj=None):
+        return self._get_permissions(user_obj, obj, 'state')
+
+    def get_all_permissions(self, user_obj, obj=None):
+        if not user_obj.is_active or user_obj.is_anonymous or obj is not None:
+            return set()
+        if not hasattr(user_obj, '_perm_cache'):
+            user_obj._perm_cache = self.get_user_permissions(user_obj)
+            user_obj._perm_cache.update(self.get_group_permissions(user_obj))
+            user_obj._perm_cache.update(self.get_state_permissions(user_obj))
+        return user_obj._perm_cache
+
+    def authenticate(self, request=None, token=None, **credentials):
+        if not token:
+            return None
+        try:
+            ownership = CharacterOwnership.objects.get(character__character_id=token.character_id)
+            if ownership.owner_hash == token.character_owner_hash:
+                logger.debug(f'Authenticating {ownership.user} by ownership of character {token.character_name}')
+                return ownership.user
+            else:
+                logger.debug(f'{token.character_name} has changed ownership. Creating new user account.')
+                ownership.delete()
+                return self.create_user(token)
+        except CharacterOwnership.DoesNotExist:
+            try:
+                # insecure legacy main check for pre-sso registration auth installs
+                profile = UserProfile.objects.get(main_character__character_id=token.character_id)
+                logger.debug(f'Authenticating {profile.user} by their main character {profile.main_character} without active ownership.')
+                # attach an ownership
+                token.user = profile.user
+                CharacterOwnership.objects.create_by_token(token)
+                return profile.user
+            except UserProfile.DoesNotExist:
+                # now we check historical records to see if this is a returning user
+                records = OwnershipRecord.objects.filter(owner_hash=token.character_owner_hash).filter(character__character_id=token.character_id)
+                if records.exists():
+                    # we've seen this character owner before. Re-attach to their old user account
+                    user = records[0].user
+                    token.user = user
+                    co = CharacterOwnership.objects.create_by_token(token)
+                    logger.debug(f'Authenticating {user} by matching owner hash record of character {co.character}')
+                    if not user.profile.main_character:
+                        # set this as their main by default if they have none
+                        user.profile.main_character = co.character
+                        user.profile.save()
+                    return user
+            logger.debug(f'Unable to authenticate character {token.character_name}. Creating new user.')
+            return self.create_user(token)
+
+    def create_user(self, token):
+        username = self.iterate_username(token.character_name)  # build unique username off character name
+        user = User.objects.create_user(username, is_active=False)  # prevent login until email set
+        user.set_unusable_password()  # prevent login via password
+        user.save()
+        token.user = user
+        co = CharacterOwnership.objects.create_by_token(token)  # assign ownership to this user
+        user.profile.main_character = co.character  # assign main character as token character
+        user.profile.save()
+        logger.debug(f'Created new user {user}')
+        return user
+
+    @staticmethod
+    def iterate_username(name):
+        name = str.replace(name, "'", "")
+        name = str.replace(name, ' ', '_')
+        if User.objects.filter(username__startswith=name).exists():
+            u = User.objects.filter(username__startswith=name)
+            num = len(u)
+            username = f"{name}_{num}"
+            while u.filter(username=username).exists():
+                num += 1
+                username = f"{name}_{num}"
+        else:
+            username = name
+        return username
--- a/allianceauth/authentication/checks.py
+++ b/allianceauth/authentication/checks.py
@@ -0,0 +1,12 @@
+from django.core.checks import Error
+from django.conf import settings
+
+
+def check_login_scopes_setting(*args, **kwargs):
+    errors = []
+    try:
+        assert settings.LOGIN_TOKEN_SCOPES
+    except (AssertionError, AttributeError):
+        errors.append(Error('LOGIN_TOKEN_SCOPES setting cannot be blank.',
+                            hint='SSO tokens used for logging in must require scopes to be refreshable.'))
+    return errors
--- a/allianceauth/authentication/decorators.py
+++ b/allianceauth/authentication/decorators.py
@@ -0,0 +1,68 @@
+from django.conf.urls import include
+from django.contrib.auth.decorators import user_passes_test
+from django.core.exceptions import PermissionDenied
+from functools import wraps
+from django.shortcuts import redirect
+from django.contrib import messages
+from django.utils.translation import gettext_lazy as _
+from django.contrib.auth.decorators import login_required
+
+
+def user_has_main_character(user):
+    return bool(user.profile.main_character)
+
+
+def decorate_url_patterns(urls, decorator):
+    url_list, app_name, namespace = include(urls)
+
+    def process_patterns(url_patterns):
+        for pattern in url_patterns:
+            if hasattr(pattern, 'url_patterns'):
+                # this is an include - apply to all nested patterns
+                process_patterns(pattern.url_patterns)
+            else:
+                # this is a pattern
+                pattern.callback = decorator(pattern.callback)
+
+    process_patterns(url_list)
+    return url_list, app_name, namespace
+
+
+def main_character_required(view_func):
+    @wraps(view_func)
+    def _wrapped_view(request, *args, **kwargs):
+        if user_has_main_character(request.user):
+            return view_func(request, *args, **kwargs)
+
+        messages.error(request, _('A main character is required to perform that action. Add one below.'))
+        return redirect('authentication:dashboard')
+    return login_required(_wrapped_view)
+
+
+def permissions_required(perm, login_url=None, raise_exception=False):
+    """
+    Decorator for views that checks whether a user has a particular permission
+    enabled, redirecting to the log-in page if necessary.
+    If the raise_exception parameter is given the PermissionDenied exception
+    is raised.
+
+    This decorator is identical to the django permission_required except it
+    allows for passing a tuple/list of perms that will return true if any one
+    of them is present.
+    """
+    def check_perms(user):
+        if isinstance(perm, str):
+            perms = (perm,)
+        else:
+            perms = perm
+        # First check if the user has the permission (even anon users)
+        for perm_ in perms:
+            perm_ = (perm_,)
+            if user.has_perms(perm_):
+                return True
+        # In case the 403 handler should be called raise the exception
+        if raise_exception:
+            raise PermissionDenied
+        # As the last resort, show the login form
+        return False
+    return user_passes_test(check_perms, login_url=login_url)
--- a/allianceauth/authentication/forms.py
+++ b/allianceauth/authentication/forms.py
@@ -0,0 +1,8 @@
+from django import forms
+from django.utils.translation import ugettext_lazy as _
+from allianceauth.authentication.models import User
+class RegistrationForm(forms.Form):
+    email = forms.EmailField(label=_('Email'), max_length=254, required=True)
+
+    class _meta:
+        model = User
--- a/allianceauth/authentication/hmac_urls.py
+++ b/allianceauth/authentication/hmac_urls.py
@@ -0,0 +1,14 @@
+from django.conf.urls import url, include
+
+from allianceauth.authentication import views
+
+urlpatterns = [
+    url(r'^activate/complete/$', views.activation_complete, name='registration_activation_complete'),
+    # The activation key can make use of any character from the
+    # URL-safe base64 alphabet, plus the colon as a separator.
+    url(r'^activate/(?P<activation_key>[-:\w]+)/$', views.ActivationView.as_view(), name='registration_activate'),
+    url(r'^register/$', views.RegistrationView.as_view(), name='registration_register'),
+    url(r'^register/complete/$', views.registration_complete, name='registration_complete'),
+    url(r'^register/closed/$', views.registration_closed, name='registration_disallowed'),
+    url(r'', include('django.contrib.auth.urls')),
+]
--- a/allianceauth/authentication/management/init.py
+++ b/allianceauth/authentication/management/init.py
--- a/allianceauth/authentication/management/commands/init.py
+++ b/allianceauth/authentication/management/commands/init.py
--- a/allianceauth/authentication/management/commands/checkmains.py
+++ b/allianceauth/authentication/management/commands/checkmains.py
@@ -0,0 +1,20 @@
+from django.core.management.base import BaseCommand
+from allianceauth.authentication.models import UserProfile
+
+
+class Command(BaseCommand):
+    help = 'Ensures all main characters have an active ownership'
+
+    def handle(self, *args, **options):
+        profiles = UserProfile.objects.filter(main_character__isnull=False).filter(
+            main_character__character_ownership__isnull=True)
+        if profiles.exists():
+            for profile in profiles:
+                self.stdout.write(self.style.ERROR(
+                    '{} does not have an ownership. Resetting user {} main character.'.format(profile.main_character,
+                                                                                                profile.user)))
+                profile.main_character = None
+                profile.save()
+            self.stdout.write(self.style.WARNING(f'Reset {profiles.count()} main characters.'))
+        else:
+            self.stdout.write(self.style.SUCCESS('All main characters have active ownership.'))
--- a/allianceauth/authentication/managers.py
+++ b/allianceauth/authentication/managers.py
@@ -0,0 +1,76 @@
+import logging
+
+from django.db import transaction
+from django.db.models import Manager, QuerySet, Q
+
+from allianceauth.eveonline.models import EveCharacter
+
+logger = logging.getLogger(__name__)
+
+
+def available_states_query(character):
+    query = Q(public=True)
+    if character.character_id:
+        query |= Q(member_characters__character_id=character.character_id)
+    if character.corporation_id:
+        query |= Q(member_corporations__corporation_id=character.corporation_id)
+    if character.alliance_id:
+        query |= Q(member_alliances__alliance_id=character.alliance_id)
+    if character.faction_id:
+        query |= Q(member_factions__faction_id=character.faction_id)
+    return query
+
+
+class CharacterOwnershipManager(Manager):
+    def create_by_token(self, token):
+        if not EveCharacter.objects.filter(character_id=token.character_id).exists():
+            EveCharacter.objects.create_character(token.character_id)
+        return self.create(character=EveCharacter.objects.get(character_id=token.character_id), user=token.user, owner_hash=token.character_owner_hash)
+
+
+class StateQuerySet(QuerySet):
+    def available_to_character(self, character):
+        return self.filter(available_states_query(character))
+
+    def available_to_user(self, user):
+        if user.profile.main_character:
+            return self.available_to_character(user.profile.main_character)
+        else:
+            return self.none()
+
+    def get_for_user(self, user):
+        states = self.available_to_user(user)
+        if states.exists():
+            return states[0]
+        else:
+            from allianceauth.authentication.models import get_guest_state
+            return get_guest_state()
+
+    def delete(self):
+        with transaction.atomic():
+            for state in self:
+                for profile in state.userprofile_set.all():
+                    profile.assign_state(state=self.model.objects.exclude(pk=state.pk).get_for_user(profile.user))
+        super().delete()
+
+
+class StateManager(Manager):
+    def get_queryset(self):
+        return StateQuerySet(self.model, using=self._db)
+
+    def available_to_character(self, character):
+        return self.get_queryset().available_to_character(character)
+
+    def available_to_user(self, user):
+        return self.get_queryset().available_to_user(user)
+
+    def get_for_character(self, character):
+        states = self.get_queryset().available_to_character(character)
+        if states.exists():
+            return states[0]
+        else:
+            from allianceauth.authentication.models import get_guest_state
+            return get_guest_state()
+
+    def get_for_user(self, user):
+        return self.get_queryset().get_for_user(user)
--- a/allianceauth/authentication/migrations/0001_initial.py
+++ b/allianceauth/authentication/migrations/0001_initial.py
@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-09-05 21:38
-from __future__ import unicode_literals

 from django.conf import settings
 from django.db import migrations, models
--- a/allianceauth/authentication/migrations/0002_auto_20160907_1914.py
+++ b/allianceauth/authentication/migrations/0002_auto_20160907_1914.py
@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-09-07 19:14
-from __future__ import unicode_literals

 from django.db import migrations

--- a/allianceauth/authentication/migrations/0003_authservicesinfo_state.py
+++ b/allianceauth/authentication/migrations/0003_authservicesinfo_state.py
@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-09-09 20:29
-from __future__ import unicode_literals

 from django.db import migrations, models

--- a/allianceauth/authentication/migrations/0004_create_permissions.py
+++ b/allianceauth/authentication/migrations/0004_create_permissions.py
@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-09-09 23:19
-from __future__ import unicode_literals

 from django.db import migrations

--- a/allianceauth/authentication/migrations/0005_delete_perms.py
+++ b/allianceauth/authentication/migrations/0005_delete_perms.py
@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-09-09 23:11
-from __future__ import unicode_literals

 from django.db import migrations

@@ -17,7 +15,7 @@ def create_permissions(apps, schema_editor):
    Permission = apps.get_model('auth', 'Permission')
    ct = ContentType.objects.get_for_model(User)
    Permission.objects.get_or_create(codename="member", content_type=ct, name="member")
-    Permission.objects.get_or_create(codename="blue_member", content_type=ct, name="blue_member") 
+    Permission.objects.get_or_create(codename="blue_member", content_type=ct, name="blue_member")


 class Migration(migrations.Migration):
--- a/allianceauth/authentication/migrations/0006_auto_20160910_0542.py
+++ b/allianceauth/authentication/migrations/0006_auto_20160910_0542.py
@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-09-10 05:42
-from __future__ import unicode_literals

 from django.db import migrations

--- a/allianceauth/authentication/migrations/0007_remove_authservicesinfo_is_blue.py
+++ b/allianceauth/authentication/migrations/0007_remove_authservicesinfo_is_blue.py
@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-09-10 21:50
-from __future__ import unicode_literals

 from django.db import migrations

--- a/allianceauth/authentication/migrations/0008_set_state.py
+++ b/allianceauth/authentication/migrations/0008_set_state.py
@@ -0,0 +1,15 @@
+# Generated by Django 1.10.1 on 2016-09-12 13:04
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('authentication', '0007_remove_authservicesinfo_is_blue'),
+        ('eveonline', '0001_initial'),
+        ('auth', '0001_initial'),
+    ]
+
+    operations = [
+    ]
--- a/allianceauth/authentication/migrations/0009_auto_20161021_0228.py
+++ b/allianceauth/authentication/migrations/0009_auto_20161021_0228.py
@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.2 on 2016-10-21 02:28
-from __future__ import unicode_literals

 from django.db import migrations, models

--- a/allianceauth/authentication/migrations/0010_only_one_authservicesinfo.py
+++ b/allianceauth/authentication/migrations/0010_only_one_authservicesinfo.py
@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2017-01-07 06:47
-from __future__ import unicode_literals

 from django.db import migrations

@@ -10,7 +8,7 @@ def count_completed_fields(model):
 def forward(apps, schema_editor):
    # this ensures only one model exists per user
    AuthServicesInfo = apps.get_model('authentication', 'AuthServicesInfo')
-    users = set([a.user for a in AuthServicesInfo.objects.all()])
+    users = {a.user for a in AuthServicesInfo.objects.all()}
    for u in users:
        auths = AuthServicesInfo.objects.filter(user=u)
        if auths.count() > 1:
--- a/allianceauth/authentication/migrations/0011_authservicesinfo_user_onetoonefield.py
+++ b/allianceauth/authentication/migrations/0011_authservicesinfo_user_onetoonefield.py
@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2017-01-07 07:11
-from __future__ import unicode_literals

 from django.conf import settings
 from django.db import migrations, models
--- a/allianceauth/authentication/migrations/0012_remove_add_delete_authservicesinfo_permissions.py
+++ b/allianceauth/authentication/migrations/0012_remove_add_delete_authservicesinfo_permissions.py
@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.5 on 2017-01-12 00:59
-from __future__ import unicode_literals

 from django.db import migrations, models

--- a/allianceauth/authentication/migrations/0013_service_modules.py
+++ b/allianceauth/authentication/migrations/0013_service_modules.py
@@ -0,0 +1,70 @@
+# Generated by Django 1.10.2 on 2016-12-11 23:14
+
+from django.db import migrations
+
+import logging
+
+logger = logging.getLogger(__name__)
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('authentication', '0012_remove_add_delete_authservicesinfo_permissions'),
+    ]
+
+    operations = [
+        # Remove fields
+        migrations.RemoveField(
+            model_name='authservicesinfo',
+            name='discord_uid',
+        ),
+        migrations.RemoveField(
+            model_name='authservicesinfo',
+            name='discourse_enabled',
+        ),
+        migrations.RemoveField(
+            model_name='authservicesinfo',
+            name='forum_username',
+        ),
+        migrations.RemoveField(
+            model_name='authservicesinfo',
+            name='ipboard_username',
+        ),
+        migrations.RemoveField(
+            model_name='authservicesinfo',
+            name='ips4_id',
+        ),
+        migrations.RemoveField(
+            model_name='authservicesinfo',
+            name='ips4_username',
+        ),
+        migrations.RemoveField(
+            model_name='authservicesinfo',
+            name='jabber_username',
+        ),
+        migrations.RemoveField(
+            model_name='authservicesinfo',
+            name='market_username',
+        ),
+        migrations.RemoveField(
+            model_name='authservicesinfo',
+            name='mumble_username',
+        ),
+        migrations.RemoveField(
+            model_name='authservicesinfo',
+            name='smf_username',
+        ),
+        migrations.RemoveField(
+            model_name='authservicesinfo',
+            name='teamspeak3_perm_key',
+        ),
+        migrations.RemoveField(
+            model_name='authservicesinfo',
+            name='teamspeak3_uid',
+        ),
+        migrations.RemoveField(
+            model_name='authservicesinfo',
+            name='xenforo_username',
+        ),
+    ]
--- a/allianceauth/authentication/migrations/0014_fleetup_permission.py
+++ b/allianceauth/authentication/migrations/0014_fleetup_permission.py
@@ -0,0 +1,22 @@
+# Generated by Django 1.10.1 on 2016-09-09 23:19
+
+from django.db import migrations
+
+
+def create_permission(apps, schema_editor):
+    User = apps.get_model('auth', 'User')
+    ContentType = apps.get_model('contenttypes', 'ContentType')
+    Permission = apps.get_model('auth', 'Permission')
+    ct = ContentType.objects.get_for_model(User)
+    Permission.objects.get_or_create(codename="view_fleetup", content_type=ct, name="view_fleetup")
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('authentication', '0013_service_modules'),
+    ]
+
+    operations = [
+        migrations.RunPython(create_permission, migrations.RunPython.noop)
+    ]
--- a/allianceauth/authentication/migrations/0015_user_profiles.py
+++ b/allianceauth/authentication/migrations/0015_user_profiles.py
@@ -0,0 +1,282 @@
+# Generated by Django 1.10.5 on 2017-03-22 23:09
+
+import allianceauth.authentication.models
+import django.db.models.deletion
+from django.conf import settings
+from django.contrib.auth.hashers import make_password
+from django.db import migrations, models
+
+
+def create_guest_state(apps, schema_editor):
+    State = apps.get_model('authentication', 'State')
+    State.objects.update_or_create(name='Guest', defaults={'priority': 0, 'public': True})
+
+
+def create_member_state(apps, schema_editor):
+    Group = apps.get_model('auth', 'Group')
+    State = apps.get_model('authentication', 'State')
+    EveAllianceInfo = apps.get_model('eveonline', 'EveAllianceInfo')
+    EveCorporationInfo = apps.get_model('eveonline', 'EveCorporationInfo')
+
+    member_state_name = getattr(settings, 'DEFAULT_AUTH_GROUP', 'Member')
+    s = State.objects.update_or_create(name=member_state_name, defaults={'priority': 100, 'public': False})[0]
+    try:
+        # move group permissions to state
+        g = Group.objects.get(name=member_state_name)
+        [s.permissions.add(p.pk) for p in g.permissions.all()]
+        g.delete()
+    except Group.DoesNotExist:
+        pass
+
+    # auto-populate member IDs
+    CORP_IDS = getattr(settings, 'CORP_IDS', [])
+    ALLIANCE_IDS = getattr(settings, 'ALLIANCE_IDS', [])
+    [s.member_corporations.add(c.pk) for c in EveCorporationInfo.objects.filter(corporation_id__in=CORP_IDS)]
+    [s.member_alliances.add(a.pk) for a in EveAllianceInfo.objects.filter(alliance_id__in=ALLIANCE_IDS)]
+
+
+def create_member_group(apps, schema_editor):
+    Group = apps.get_model('auth', 'Group')
+    State = apps.get_model('authentication', 'State')
+    member_state_name = getattr(settings, 'DEFAULT_AUTH_GROUP', 'Member')
+
+    try:
+        g, _ = Group.objects.get_or_create(name=member_state_name)
+        # move permissions back
+        state = State.objects.get(name=member_state_name)
+        [g.permissions.add(p.pk) for p in state.permissions.all()]
+
+        # move users back
+        for profile in state.userprofile_set.all().select_related('user'):
+            profile.user.groups.add(g.pk)
+    except State.DoesNotExist:
+        pass
+
+
+def create_blue_state(apps, schema_editor):
+    Group = apps.get_model('auth', 'Group')
+    State = apps.get_model('authentication', 'State')
+    EveAllianceInfo = apps.get_model('eveonline', 'EveAllianceInfo')
+    EveCorporationInfo = apps.get_model('eveonline', 'EveCorporationInfo')
+    blue_state_name = getattr(settings, 'DEFAULT_BLUE_GROUP', 'Blue')
+
+    s = State.objects.update_or_create(name=blue_state_name, defaults={'priority': 50, 'public': False})[0]
+    try:
+        # move group permissions to state
+        g = Group.objects.get(name=blue_state_name)
+        [s.permissions.add(p.pk) for p in g.permissions.all()]
+        g.delete()
+    except Group.DoesNotExist:
+        pass
+
+    # auto-populate blue member IDs
+    BLUE_CORP_IDS = getattr(settings, 'BLUE_CORP_IDS', [])
+    BLUE_ALLIANCE_IDS = getattr(settings, 'BLUE_ALLIANCE_IDS', [])
+    [s.member_corporations.add(c.pk) for c in EveCorporationInfo.objects.filter(corporation_id__in=BLUE_CORP_IDS)]
+    [s.member_alliances.add(a.pk) for a in EveAllianceInfo.objects.filter(alliance_id__in=BLUE_ALLIANCE_IDS)]
+
+
+def create_blue_group(apps, schema_editor):
+    Group = apps.get_model('auth', 'Group')
+    State = apps.get_model('authentication', 'State')
+    blue_state_name = getattr(settings, 'DEFAULT_BLUE_GROUP', 'Blue')
+
+    try:
+        g, _ = Group.objects.get_or_create(name=blue_state_name)
+        # move permissions back
+        state = State.objects.get(name=blue_state_name)
+        [g.permissions.add(p.pk) for p in state.permissions.all()]
+
+        # move users back
+        for profile in state.userprofile_set.all().select_related('user'):
+            profile.user.groups.add(g.pk)
+    except State.DoesNotExist:
+        pass
+
+
+def purge_tokens(apps, schema_editor):
+    Token = apps.get_model('esi', 'Token')
+    Token.objects.filter(refresh_token__isnull=True).delete()
+
+
+def populate_ownerships(apps, schema_editor):
+    Token = apps.get_model('esi', 'Token')
+    CharacterOwnership = apps.get_model('authentication', 'CharacterOwnership')
+    EveCharacter = apps.get_model('eveonline', 'EveCharacter')
+
+    unique_character_owners = [t['character_id'] for t in
+                                Token.objects.all().values('character_id').annotate(n=models.Count('user')) if
+                                t['n'] == 1 and EveCharacter.objects.filter(character_id=t['character_id']).exists()]
+
+    tokens = Token.objects.filter(character_id__in=unique_character_owners)
+    for c_id in unique_character_owners:
+        # find newest refreshable token and use it as basis for CharacterOwnership
+        ts = tokens.filter(character_id=c_id).exclude(refresh_token__isnull=True).order_by('created')
+        if ts.exists():
+            token = ts[0]
+            char = EveCharacter.objects.get(character_id=token.character_id)
+            CharacterOwnership.objects.create(user_id=token.user_id, character_id=char.id, owner_hash=token.character_owner_hash)
+
+
+def create_profiles(apps, schema_editor):
+    AuthServicesInfo = apps.get_model('authentication', 'AuthServicesInfo')
+    State = apps.get_model('authentication', 'State')
+    UserProfile = apps.get_model('authentication', 'UserProfile')
+    EveCharacter = apps.get_model('eveonline', 'EveCharacter')
+
+    # grab AuthServicesInfo if they have a unique main_char_id and the EveCharacter exists
+    unique_mains = [auth['main_char_id'] for auth in
+                    AuthServicesInfo.objects.exclude(main_char_id='').values('main_char_id').annotate(
+                        n=models.Count('main_char_id')) if
+                    auth['n'] == 1 and EveCharacter.objects.filter(character_id=auth['main_char_id']).exists()]
+
+    auths = AuthServicesInfo.objects.filter(main_char_id__in=unique_mains).select_related('user')
+
+    blue_state_name = getattr(settings, 'DEFAULT_BLUE_GROUP', 'Blue')
+    member_state_name = getattr(settings, 'DEFAULT_AUTH_GROUP', 'Member')
+
+    states = {
+        'Member': State.objects.get(name=member_state_name),
+        'Blue': State.objects.get(name=blue_state_name),
+    }
+    guest_state = State.objects.get(name='Guest')
+
+    for auth in auths:
+        # carry states and mains forward
+        state = states.get(auth.state, guest_state)
+        char = EveCharacter.objects.get(character_id=auth.main_char_id)
+        UserProfile.objects.create(user=auth.user, state=state, main_character=char)
+    for auth in AuthServicesInfo.objects.exclude(main_char_id__in=unique_mains).select_related('user'):
+        # prepare empty profiles
+        UserProfile.objects.create(user=auth.user, state=guest_state)
+
+
+def recreate_authservicesinfo(apps, schema_editor):
+    AuthServicesInfo = apps.get_model('authentication', 'AuthServicesInfo')
+    UserProfile = apps.get_model('authentication', 'UserProfile')
+    User = apps.get_model('auth', 'User')
+
+    blue_state_name = getattr(settings, 'DEFAULT_BLUE_GROUP', 'Blue')
+    member_state_name = getattr(settings, 'DEFAULT_AUTH_GROUP', 'Member')
+
+    states = {
+        member_state_name: 'Member',
+        blue_state_name: 'Blue',
+    }
+
+    # recreate all missing AuthServicesInfo models
+    AuthServicesInfo.objects.bulk_create([AuthServicesInfo(user_id=u.pk) for u in User.objects.all()])
+
+    # repopulate main characters
+    for profile in UserProfile.objects.exclude(main_character__isnull=True).select_related('user', 'main_character'):
+        AuthServicesInfo.objects.update_or_create(user=profile.user, defaults={'main_char_id': profile.main_character.character_id})
+
+    # repopulate states we understand
+    for profile in UserProfile.objects.exclude(state__name='Guest').filter(
+            state__name__in=[member_state_name, blue_state_name]).select_related('user', 'state'):
+        AuthServicesInfo.objects.update_or_create(user=profile.user, defaults={'state': states[profile.state.name]})
+
+
+def disable_passwords(apps, schema_editor):
+    User = apps.get_model('auth', 'User')
+    for u in User.objects.exclude(is_staff=True):
+        # remove passwords for non-staff users to prevent password-based authentication
+        # set_unusable_password is unavailable in migrations because :reasons:
+        u.password = make_password(None)
+        u.save()
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ('auth', '0008_alter_user_username_max_length'),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('eveonline', '0008_remove_apikeys'),
+        ('authentication', '0014_fleetup_permission'),
+        ('esi', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='CharacterOwnership',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('owner_hash', models.CharField(max_length=28, unique=True)),
+                ('character', models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, related_name='character_ownership', to='eveonline.EveCharacter')),
+                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='character_ownerships', to=settings.AUTH_USER_MODEL)),
+            ],
+            options={
+                'default_permissions': ('change', 'delete'),
+                'ordering': ['user', 'character__character_name'],
+            },
+        ),
+        migrations.CreateModel(
+            name='State',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=20, unique=True)),
+                ('priority', models.IntegerField(help_text='Users get assigned the state with the highest priority available to them.', unique=True)),
+                ('public', models.BooleanField(default=False, help_text='Make this state available to any character.')),
+                ('member_alliances', models.ManyToManyField(blank=True, help_text='Alliances to whose members this state is available.', to='eveonline.EveAllianceInfo')),
+                ('member_characters', models.ManyToManyField(blank=True, help_text='Characters to which this state is available.', to='eveonline.EveCharacter')),
+                ('member_corporations', models.ManyToManyField(blank=True, help_text='Corporations to whose members this state is available.', to='eveonline.EveCorporationInfo')),
+                ('permissions', models.ManyToManyField(blank=True, to='auth.Permission')),
+            ],
+            options={
+                'ordering': ['-priority'],
+            },
+        ),
+        migrations.CreateModel(
+            name='UserProfile',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('main_character', models.OneToOneField(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, to='eveonline.EveCharacter')),
+                ('state', models.ForeignKey(default=allianceauth.authentication.models.get_guest_state_pk, on_delete=django.db.models.deletion.SET_DEFAULT, to='authentication.State')),
+                ('user', models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, related_name='profile', to=settings.AUTH_USER_MODEL)),
+            ],
+            options={
+                'default_permissions': ('change',),
+            },
+        ),
+        migrations.RunPython(create_guest_state, migrations.RunPython.noop),
+        migrations.RunPython(create_member_state, create_member_group),
+        migrations.RunPython(create_blue_state, create_blue_group),
+        migrations.RunPython(purge_tokens, migrations.RunPython.noop),
+        migrations.RunPython(populate_ownerships, migrations.RunPython.noop),
+        migrations.RunPython(create_profiles, recreate_authservicesinfo),
+        migrations.RemoveField(
+            model_name='authservicesinfo',
+            name='user',
+        ),
+        migrations.DeleteModel(
+            name='AuthServicesInfo',
+        ),
+        migrations.RunPython(disable_passwords, migrations.RunPython.noop),
+        migrations.CreateModel(
+            name='Permission',
+            fields=[
+            ],
+            options={
+                'proxy': True,
+                'verbose_name': 'permission',
+                'verbose_name_plural': 'permissions',
+            },
+            bases=('auth.permission',),
+            managers=[
+                ('objects', django.contrib.auth.models.PermissionManager()),
+            ],
+        ),
+        migrations.CreateModel(
+            name='User',
+            fields=[
+            ],
+            options={
+                'proxy': True,
+                'verbose_name': 'user',
+                'verbose_name_plural': 'users',
+            },
+            bases=('auth.user',),
+            managers=[
+                ('objects', django.contrib.auth.models.UserManager()),
+            ],
+        ),
+    ]
--- a/allianceauth/authentication/migrations/0016_ownershiprecord.py
+++ b/allianceauth/authentication/migrations/0016_ownershiprecord.py
@@ -0,0 +1,40 @@
+# Generated by Django 2.0.4 on 2018-04-14 18:28
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+def create_initial_records(apps, schema_editor):
+    OwnershipRecord = apps.get_model('authentication', 'OwnershipRecord')
+    CharacterOwnership = apps.get_model('authentication', 'CharacterOwnership')
+
+    OwnershipRecord.objects.bulk_create([
+        OwnershipRecord(user=o.user, character=o.character, owner_hash=o.owner_hash) for o in CharacterOwnership.objects.all()
+    ])
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('eveonline', '0009_on_delete'),
+        ('authentication', '0015_user_profiles'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='OwnershipRecord',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('owner_hash', models.CharField(db_index=True, max_length=28)),
+                ('created', models.DateTimeField(auto_now=True)),
+                ('character', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='ownership_records', to='eveonline.EveCharacter')),
+                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='ownership_records', to=settings.AUTH_USER_MODEL)),
+            ],
+            options={
+                'ordering': ['-created'],
+            },
+        ),
+        migrations.RunPython(create_initial_records, migrations.RunPython.noop)
+    ]
--- a/allianceauth/authentication/migrations/0017_remove_fleetup_permission.py
+++ b/allianceauth/authentication/migrations/0017_remove_fleetup_permission.py
@@ -0,0 +1,20 @@
+from django.db import migrations
+
+
+def remove_permission(apps, schema_editor):
+    User = apps.get_model('auth', 'User')
+    ContentType = apps.get_model('contenttypes', 'ContentType')
+    Permission = apps.get_model('auth', 'Permission')
+    ct = ContentType.objects.get_for_model(User)
+    Permission.objects.filter(codename="view_fleetup", content_type=ct, name="view_fleetup").delete()
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('authentication', '0016_ownershiprecord'),
+    ]
+
+    operations = [
+        migrations.RunPython(remove_permission, migrations.RunPython.noop)
+    ]
--- a/allianceauth/authentication/migrations/0018_alter_state_name_length.py
+++ b/allianceauth/authentication/migrations/0018_alter_state_name_length.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.2.8 on 2021-10-20 05:22
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('authentication', '0017_remove_fleetup_permission'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='state',
+            name='name',
+            field=models.CharField(max_length=32, unique=True),
+        ),
+    ]
--- a/allianceauth/authentication/migrations/0018_state_member_factions.py
+++ b/allianceauth/authentication/migrations/0018_state_member_factions.py
@@ -0,0 +1,19 @@
+# Generated by Django 3.1.13 on 2021-10-12 20:21
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('eveonline', '0015_factions'),
+        ('authentication', '0017_remove_fleetup_permission'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='state',
+            name='member_factions',
+            field=models.ManyToManyField(blank=True, help_text='Factions to whose members this state is available.', to='eveonline.EveFactionInfo'),
+        ),
+    ]
--- a/allianceauth/authentication/migrations/0019_merge_20211026_0919.py
+++ b/allianceauth/authentication/migrations/0019_merge_20211026_0919.py
@@ -0,0 +1,14 @@
+# Generated by Django 3.2.8 on 2021-10-26 09:19
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('authentication', '0018_alter_state_name_length'),
+        ('authentication', '0018_state_member_factions'),
+    ]
+
+    operations = [
+    ]
--- a/allianceauth/authentication/migrations/init.py
+++ b/allianceauth/authentication/migrations/init.py
--- a/allianceauth/authentication/models.py
+++ b/allianceauth/authentication/models.py
@@ -0,0 +1,123 @@
+import logging
+
+from django.contrib.auth.models import User, Permission
+from django.db import models, transaction
+from django.utils.translation import ugettext_lazy as _
+from allianceauth.eveonline.models import EveCharacter, EveCorporationInfo, EveAllianceInfo, EveFactionInfo
+from allianceauth.notifications import notify
+
+from .managers import CharacterOwnershipManager, StateManager
+
+logger = logging.getLogger(__name__)
+
+
+class State(models.Model):
+    name = models.CharField(max_length=32, unique=True)
+    permissions = models.ManyToManyField(Permission, blank=True)
+    priority = models.IntegerField(unique=True, help_text="Users get assigned the state with the highest priority available to them.")
+
+    member_characters = models.ManyToManyField(EveCharacter, blank=True,
+                                               help_text="Characters to which this state is available.")
+    member_corporations = models.ManyToManyField(EveCorporationInfo, blank=True,
+                                                 help_text="Corporations to whose members this state is available.")
+    member_alliances = models.ManyToManyField(EveAllianceInfo, blank=True,
+                                              help_text="Alliances to whose members this state is available.")
+    member_factions = models.ManyToManyField(EveFactionInfo, blank=True,
+                                             help_text="Factions to whose members this state is available.")
+    public = models.BooleanField(default=False, help_text="Make this state available to any character.")
+
+    objects = StateManager()
+
+    class Meta:
+        ordering = ['-priority']
+
+    def __str__(self):
+        return self.name
+
+    def available_to_character(self, character):
+        return self in State.objects.available_to_character(character)
+
+    def available_to_user(self, user):
+        return self in State.objects.available_to_user(user)
+
+    def delete(self, **kwargs):
+        with transaction.atomic():
+            for profile in self.userprofile_set.all():
+                profile.assign_state(state=State.objects.exclude(pk=self.pk).get_for_user(profile.user))
+        super().delete(**kwargs)
+
+
+def get_guest_state():
+    try:
+        return State.objects.get(name='Guest')
+    except State.DoesNotExist:
+        return State.objects.create(name='Guest', priority=0, public=True)
+
+
+def get_guest_state_pk():
+    return get_guest_state().pk
+
+
+class UserProfile(models.Model):
+    class Meta:
+        default_permissions = ('change',)
+
+    user = models.OneToOneField(User, related_name='profile', on_delete=models.CASCADE)
+    main_character = models.OneToOneField(EveCharacter, blank=True, null=True, on_delete=models.SET_NULL)
+    state = models.ForeignKey(State, on_delete=models.SET_DEFAULT, default=get_guest_state_pk)
+
+    def assign_state(self, state=None, commit=True):
+        if not state:
+            state = State.objects.get_for_user(self.user)
+        if self.state != state:
+            self.state = state
+            if commit:
+                logger.info(f'Updating {self.user} state to {self.state}')
+                self.save(update_fields=['state'])
+                notify(
+                    self.user,
+                    _('State changed to: %s' % state),
+                    _('Your user\'s state is now: %(state)s')
+                    % ({'state': state}),
+                    'info'
+                )
+                from allianceauth.authentication.signals import state_changed
+
+                # We need to ensure we get up to date perms here as they will have just changed.
+                # Clear all attribute caches and reload the model that will get passed to the signals!
+                self.refresh_from_db()
+
+                state_changed.send(
+                    sender=self.__class__, user=self.user, state=self.state
+                )
+
+    def __str__(self):
+        return str(self.user)
+
+
+class CharacterOwnership(models.Model):
+    class Meta:
+        default_permissions = ('change', 'delete')
+        ordering = ['user', 'character__character_name']
+
+    character = models.OneToOneField(EveCharacter, on_delete=models.CASCADE, related_name='character_ownership')
+    owner_hash = models.CharField(max_length=28, unique=True)
+    user = models.ForeignKey(User, on_delete=models.CASCADE, related_name='character_ownerships')
+
+    objects = CharacterOwnershipManager()
+
+    def __str__(self):
+        return f"{self.user}: {self.character}"
+
+
+class OwnershipRecord(models.Model):
+    character = models.ForeignKey(EveCharacter, on_delete=models.CASCADE, related_name='ownership_records')
+    owner_hash = models.CharField(max_length=28, db_index=True)
+    user = models.ForeignKey(User, on_delete=models.CASCADE, related_name='ownership_records')
+    created = models.DateTimeField(auto_now=True)
+
+    class Meta:
+        ordering = ['-created']
+
+    def __str__(self):
+        return f"{self.user}: {self.character} on {self.created}"
--- a/allianceauth/authentication/signals.py
+++ b/allianceauth/authentication/signals.py
@@ -0,0 +1,159 @@
+import logging
+
+from .models import CharacterOwnership, UserProfile, get_guest_state, State, OwnershipRecord
+from django.contrib.auth.models import User
+from django.db.models import Q
+from django.db.models.signals import pre_save, post_save, pre_delete, post_delete, m2m_changed
+from django.dispatch import receiver, Signal
+from esi.models import Token
+
+from allianceauth.eveonline.models import EveCharacter
+
+logger = logging.getLogger(__name__)
+
+state_changed = Signal(providing_args=['user', 'state'])
+
+
+def trigger_state_check(state):
+    # evaluate all current members to ensure they still have access
+    for profile in state.userprofile_set.all():
+        profile.assign_state()
+
+    # we may now be available to others with lower states
+    check_states = State.objects.filter(priority__lt=state.priority)
+    for profile in UserProfile.objects.filter(state__in=check_states):
+        if state.available_to_user(profile.user):
+            profile.assign_state(state)
+
+
+@receiver(m2m_changed, sender=State.member_characters.through)
+def state_member_characters_changed(sender, instance, action, *args, **kwargs):
+    if action.startswith('post_'):
+        logger.debug(f'State {instance} member characters changed. Re-evaluating membership.')
+        trigger_state_check(instance)
+
+
+@receiver(m2m_changed, sender=State.member_corporations.through)
+def state_member_corporations_changed(sender, instance, action, *args, **kwargs):
+    if action.startswith('post_'):
+        logger.debug(f'State {instance} member corporations changed. Re-evaluating membership.')
+        trigger_state_check(instance)
+
+
+@receiver(m2m_changed, sender=State.member_alliances.through)
+def state_member_alliances_changed(sender, instance, action, *args, **kwargs):
+    if action.startswith('post_'):
+        logger.debug(f'State {instance} member alliances changed. Re-evaluating membership.')
+        trigger_state_check(instance)
+
+@receiver(m2m_changed, sender=State.member_factions.through)
+def state_member_factions_changed(sender, instance, action, *args, **kwargs):
+    if action.startswith('post_'):
+        logger.debug(f'State {instance} member factions changed. Re-evaluating membership.')
+        trigger_state_check(instance)
+
+@receiver(post_save, sender=State)
+def state_saved(sender, instance, *args, **kwargs):
+    logger.debug(f'State {instance} saved. Re-evaluating membership.')
+    trigger_state_check(instance)
+
+
+# Is there a smarter way to intercept pre_save with a diff main_character or state?
+@receiver(post_save, sender=UserProfile)
+def reassess_on_profile_save(sender, instance, created, *args, **kwargs):
+    # catches post_save from profiles to trigger necessary service and state checks
+    if not created:
+        update_fields = kwargs.pop('update_fields', []) or []
+        if 'state' not in update_fields:
+            logger.debug(f'Profile for {instance.user} saved without state change. Re-evaluating state.')
+            instance.assign_state()
+
+
+@receiver(post_save, sender=User)
+def create_required_models(sender, instance, created, *args, **kwargs):
+    # ensure all users have a model
+    if created:
+        logger.debug(f'User {instance} created. Creating default UserProfile.')
+        UserProfile.objects.get_or_create(user=instance)
+
+
+@receiver(post_save, sender=Token)
+def record_character_ownership(sender, instance, created, *args, **kwargs):
+    if created:
+        logger.debug(f'New token for {instance.user} character {instance.character_name} saved. Evaluating ownership.')
+        if instance.user:
+            query = Q(owner_hash=instance.character_owner_hash) & Q(user=instance.user)
+        else:
+            query = Q(owner_hash=instance.character_owner_hash)
+        # purge ownership records if the hash or auth user account has changed
+        CharacterOwnership.objects.filter(character__character_id=instance.character_id).exclude(query).delete()
+        # create character if needed
+        if EveCharacter.objects.filter(character_id=instance.character_id).exists() is False:
+            logger.debug(f'Token is for a new character. Creating model for {instance.character_name} ({instance.character_id})')
+            EveCharacter.objects.create_character(instance.character_id)
+        char = EveCharacter.objects.get(character_id=instance.character_id)
+        # check if we need to create ownership
+        if instance.user and not CharacterOwnership.objects.filter(
+                character__character_id=instance.character_id).exists():
+            logger.debug(f"Character {instance.character_name} is not yet owned. Assigning ownership to {instance.user}")
+            CharacterOwnership.objects.update_or_create(character=char, defaults={'owner_hash': instance.character_owner_hash, 'user': instance.user})
+
+
+@receiver(pre_delete, sender=CharacterOwnership)
+def validate_main_character(sender, instance, *args, **kwargs):
+    try:
+        if instance.user.profile.main_character == instance.character:
+            logger.info("Ownership of a main character {} has been revoked. Resetting {} main character.".format(
+                instance.character, instance.user))
+            # clear main character as user no longer owns them
+            instance.user.profile.main_character = None
+            instance.user.profile.save()
+    except UserProfile.DoesNotExist:
+        # a user is being deleted
+        pass
+
+
+@receiver(post_delete, sender=Token)
+def validate_ownership(sender, instance, *args, **kwargs):
+    if not Token.objects.filter(character_owner_hash=instance.character_owner_hash).filter(refresh_token__isnull=False).exists():
+        logger.info(f"No remaining tokens to validate ownership of character {instance.character_name}. Revoking ownership.")
+        CharacterOwnership.objects.filter(owner_hash=instance.character_owner_hash).delete()
+
+
+@receiver(pre_save, sender=User)
+def assign_state_on_active_change(sender, instance, *args, **kwargs):
+    # set to guest state if inactive, assign proper state if reactivated
+    if instance.pk:
+        old_instance = User.objects.get(pk=instance.pk)
+        if old_instance.is_active != instance.is_active:
+            if instance.is_active:
+                logger.debug(f"User {instance} has been activated. Assigning state.")
+                instance.profile.assign_state()
+            else:
+                logger.debug(
+                    f"User {instance} has been deactivated. Revoking state and assigning to guest state.")
+                instance.profile.state = get_guest_state()
+                instance.profile.save(update_fields=['state'])
+
+
+@receiver(post_save, sender=EveCharacter)
+def check_state_on_character_update(sender, instance, *args, **kwargs):
+    # if this is a main character updating, check that user's state
+    try:
+        logger.debug(f"Character {instance} has been saved. Assessing owner's state for changes.")
+        instance.userprofile.assign_state()
+    except UserProfile.DoesNotExist:
+        logger.debug(f"Character {instance} is not a main character. No state assessment required.")
+        pass
+
+
+@receiver(post_save, sender=CharacterOwnership)
+def ownership_record_creation(sender, instance, created, *args, **kwargs):
+    if created:
+        records = OwnershipRecord.objects.filter(owner_hash=instance.owner_hash).filter(character=instance.character)
+        if records.exists():
+            if records[0].user == instance.user:  # most recent record is sorted first
+                logger.debug(f"Already have ownership record of {instance.character} by user {instance.user}")
+                return
+        logger.info(f"Character {instance.character} has a new owner {instance.user}. Creating ownership record.")
+        OwnershipRecord.objects.create(user=instance.user, character=instance.character, owner_hash=instance.owner_hash)
--- a/allianceauth/authentication/static/authentication/css/admin.css
+++ b/allianceauth/authentication/static/authentication/css/admin.css
@@ -0,0 +1,29 @@
+/*
+CSS for allianceauth admin site
+*/
+
+/* styling for profile pic */
+.img-circle {
+    border-radius: 50%;
+}
+.column-user_profile_pic {
+    width: 1px;
+    white-space: nowrap;
+}
+
+/* tooltip */
+.tooltip {
+    position: relative ;
+}
+.tooltip:hover::after {
+    content: attr(data-tooltip) ;
+    position: absolute ;
+    top: 1.1em ;
+    left: 1em ;
+    min-width: 200px ;
+    border: 1px #808080 solid ;
+    padding: 8px ;
+    color: black ;
+    background-color: rgb(255, 255, 204) ;
+    z-index: 1 ;
+}
--- a/allianceauth/authentication/static/authentication/img/background.jpg
+++ b/allianceauth/authentication/static/authentication/img/background.jpg
--- a/allianceauth/authentication/static/img/sso/EVE_SSO_Login_Buttons_Large_Black.png
+++ b/allianceauth/authentication/static/img/sso/EVE_SSO_Login_Buttons_Large_Black.png
--- a/allianceauth/authentication/static/img/sso/EVE_SSO_Login_Buttons_Large_White.png
+++ b/allianceauth/authentication/static/img/sso/EVE_SSO_Login_Buttons_Large_White.png
--- a/allianceauth/authentication/task_statistics/init.py
+++ b/allianceauth/authentication/task_statistics/init.py
--- a/allianceauth/authentication/task_statistics/counters.py
+++ b/allianceauth/authentication/task_statistics/counters.py
@@ -0,0 +1,40 @@
+from collections import namedtuple
+import datetime as dt
+
+from .event_series import EventSeries
+
+
+"""Global series for counting task events."""
+succeeded_tasks = EventSeries("SUCCEEDED_TASKS")
+retried_tasks = EventSeries("RETRIED_TASKS")
+failed_tasks = EventSeries("FAILED_TASKS")
+
+
+_TaskCounts = namedtuple(
+    "_TaskCounts", ["succeeded", "retried", "failed", "total", "earliest_task", "hours"]
+)
+
+
+def dashboard_results(hours: int) -> _TaskCounts:
+    """Counts of all task events within the given timeframe."""
+
+    def earliest_if_exists(events: EventSeries, earliest: dt.datetime) -> list:
+        my_earliest = events.first_event(earliest=earliest)
+        return [my_earliest] if my_earliest else []
+
+    earliest = dt.datetime.utcnow() - dt.timedelta(hours=hours)
+    earliest_events = list()
+    succeeded_count = succeeded_tasks.count(earliest=earliest)
+    earliest_events += earliest_if_exists(succeeded_tasks, earliest)
+    retried_count = retried_tasks.count(earliest=earliest)
+    earliest_events += earliest_if_exists(retried_tasks, earliest)
+    failed_count = failed_tasks.count(earliest=earliest)
+    earliest_events += earliest_if_exists(failed_tasks, earliest)
+    return _TaskCounts(
+        succeeded=succeeded_count,
+        retried=retried_count,
+        failed=failed_count,
+        total=succeeded_count + retried_count + failed_count,
+        earliest_task=min(earliest_events) if earliest_events else None,
+        hours=hours,
+    )
--- a/allianceauth/authentication/task_statistics/event_series.py
+++ b/allianceauth/authentication/task_statistics/event_series.py
@@ -0,0 +1,95 @@
+import datetime as dt
+from typing import Optional, List
+
+from redis import Redis
+from pytz import utc
+
+from django.core.cache import cache
+
+
+class EventSeries:
+    """API for recording and analysing a series of events."""
+
+    _ROOT_KEY = "ALLIANCEAUTH_EVENT_SERIES"
+
+    def __init__(self, key_id: str, redis: Redis = None) -> None:
+        self._redis = cache.get_master_client() if not redis else redis
+        if not isinstance(self._redis, Redis):
+            raise TypeError(
+                "This class requires a Redis client, but none was provided "
+                "and the default Django cache backend is not Redis either."
+            )
+        self._key_id = str(key_id)
+        self.clear()
+
+    @property
+    def _key_counter(self):
+        return f"{self._ROOT_KEY}_{self._key_id}_COUNTER"
+
+    @property
+    def _key_sorted_set(self):
+        return f"{self._ROOT_KEY}_{self._key_id}_SORTED_SET"
+
+    def add(self, event_time: dt.datetime = None) -> None:
+        """Add event.
+
+        Args:
+        - event_time: timestamp of event. Will use current time if not specified.
+        """
+        if not event_time:
+            event_time = dt.datetime.utcnow()
+        id = self._redis.incr(self._key_counter)
+        self._redis.zadd(self._key_sorted_set, {id: event_time.timestamp()})
+
+    def all(self) -> List[dt.datetime]:
+        """List of all known events."""
+        return [
+            event[1]
+            for event in self._redis.zrangebyscore(
+                self._key_sorted_set,
+                "-inf",
+                "+inf",
+                withscores=True,
+                score_cast_func=self._cast_scores_to_dt,
+            )
+        ]
+
+    def clear(self) -> None:
+        """Clear all events."""
+        self._redis.delete(self._key_sorted_set)
+        self._redis.delete(self._key_counter)
+
+    def count(self, earliest: dt.datetime = None, latest: dt.datetime = None) -> int:
+        """Count of events, can be restricted to given timeframe.
+
+        Args:
+        - earliest: Date of first events to count(inclusive), or -infinite if not specified
+        - latest: Date of last events to count(inclusive), or +infinite if not specified
+        """
+        min = "-inf" if not earliest else earliest.timestamp()
+        max = "+inf" if not latest else latest.timestamp()
+        return self._redis.zcount(self._key_sorted_set, min=min, max=max)
+
+    def first_event(self, earliest: dt.datetime = None) -> Optional[dt.datetime]:
+        """Date/Time of first event. Returns `None` if series has no events.
+
+        Args:
+        - earliest: Date of first events to count(inclusive), or any if not specified
+        """
+        min = "-inf" if not earliest else earliest.timestamp()
+        event = self._redis.zrangebyscore(
+            self._key_sorted_set,
+            min,
+            "+inf",
+            withscores=True,
+            start=0,
+            num=1,
+            score_cast_func=self._cast_scores_to_dt,
+        )
+        if not event:
+            return None
+        return event[0][1]
+
+    @staticmethod
+    def _cast_scores_to_dt(score) -> dt.datetime:
+        return dt.datetime.fromtimestamp(float(score), tz=utc)
--- a/allianceauth/authentication/task_statistics/signals.py
+++ b/allianceauth/authentication/task_statistics/signals.py
@@ -0,0 +1,54 @@
+from celery.signals import (
+    task_failure,
+    task_internal_error,
+    task_retry,
+    task_success,
+    worker_ready
+)
+
+from django.conf import settings
+
+from .counters import failed_tasks, retried_tasks, succeeded_tasks
+
+
+def reset_counters():
+    """Reset all counters for the celery status."""
+    succeeded_tasks.clear()
+    failed_tasks.clear()
+    retried_tasks.clear()
+
+
+def is_enabled() -> bool:
+    return not bool(
+        getattr(settings, "ALLIANCEAUTH_DASHBOARD_TASK_STATISTICS_DISABLED", False)
+    )
+
+
+@worker_ready.connect
+def reset_counters_when_celery_restarted(*args, **kwargs):
+    if is_enabled():
+        reset_counters()
+
+
+@task_success.connect
+def record_task_succeeded(*args, **kwargs):
+    if is_enabled():
+        succeeded_tasks.add()
+
+
+@task_retry.connect
+def record_task_retried(*args, **kwargs):
+    if is_enabled():
+        retried_tasks.add()
+
+
+@task_failure.connect
+def record_task_failed(*args, **kwargs):
+    if is_enabled():
+        failed_tasks.add()
+
+
+@task_internal_error.connect
+def record_task_internal_error(*args, **kwargs):
+    if is_enabled():
+        failed_tasks.add()
--- a/allianceauth/authentication/task_statistics/tests/init.py
+++ b/allianceauth/authentication/task_statistics/tests/init.py
--- a/allianceauth/authentication/task_statistics/tests/test_counters.py
+++ b/allianceauth/authentication/task_statistics/tests/test_counters.py
@@ -0,0 +1,51 @@
+import datetime as dt
+
+from django.test import TestCase
+from django.utils.timezone import now
+
+from allianceauth.authentication.task_statistics.counters import (
+    dashboard_results,
+    succeeded_tasks,
+    retried_tasks,
+    failed_tasks,
+)
+
+
+class TestDashboardResults(TestCase):
+    def test_should_return_counts_for_given_timeframe_only(self):
+        # given
+        earliest_task = now() - dt.timedelta(minutes=15)
+        succeeded_tasks.clear()
+        succeeded_tasks.add(now() - dt.timedelta(hours=1, seconds=1))
+        succeeded_tasks.add(earliest_task)
+        succeeded_tasks.add()
+        succeeded_tasks.add()
+        retried_tasks.clear()
+        retried_tasks.add(now() - dt.timedelta(hours=1, seconds=1))
+        retried_tasks.add(now() - dt.timedelta(seconds=30))
+        retried_tasks.add()
+        failed_tasks.clear()
+        failed_tasks.add(now() - dt.timedelta(hours=1, seconds=1))
+        failed_tasks.add()
+        # when
+        results = dashboard_results(hours=1)
+        # then
+        self.assertEqual(results.succeeded, 3)
+        self.assertEqual(results.retried, 2)
+        self.assertEqual(results.failed, 1)
+        self.assertEqual(results.total, 6)
+        self.assertEqual(results.earliest_task, earliest_task)
+
+    def test_should_work_with_no_data(self):
+        # given
+        succeeded_tasks.clear()
+        retried_tasks.clear()
+        failed_tasks.clear()
+        # when
+        results = dashboard_results(hours=1)
+        # then
+        self.assertEqual(results.succeeded, 0)
+        self.assertEqual(results.retried, 0)
+        self.assertEqual(results.failed, 0)
+        self.assertEqual(results.total, 0)
+        self.assertIsNone(results.earliest_task)
--- a/allianceauth/authentication/task_statistics/tests/test_event_series.py
+++ b/allianceauth/authentication/task_statistics/tests/test_event_series.py
@@ -0,0 +1,133 @@
+import datetime as dt
+
+from pytz import utc
+from django.test import TestCase
+from django.utils.timezone import now
+
+from allianceauth.authentication.task_statistics.event_series import EventSeries
+
+
+class TestEventSeries(TestCase):
+    def test_should_add_event(self):
+        # given
+        events = EventSeries("dummy")
+        # when
+        events.add()
+        # then
+        result = events.all()
+        self.assertEqual(len(result), 1)
+        self.assertAlmostEqual(result[0], now(), delta=dt.timedelta(seconds=30))
+
+    def test_should_add_event_with_specified_time(self):
+        # given
+        events = EventSeries("dummy")
+        my_time = dt.datetime(2021, 11, 1, 12, 15, tzinfo=utc)
+        # when
+        events.add(my_time)
+        # then
+        result = events.all()
+        self.assertEqual(len(result), 1)
+        self.assertAlmostEqual(result[0], my_time, delta=dt.timedelta(seconds=30))
+
+    def test_should_count_events(self):
+        # given
+        events = EventSeries("dummy")
+        events.add()
+        events.add()
+        # when
+        result = events.count()
+        # then
+        self.assertEqual(result, 2)
+
+    def test_should_count_zero(self):
+        # given
+        events = EventSeries("dummy")
+        # when
+        result = events.count()
+        # then
+        self.assertEqual(result, 0)
+
+    def test_should_count_events_within_timeframe_1(self):
+        # given
+        events = EventSeries("dummy")
+        events.add(dt.datetime(2021, 12, 1, 12, 0, tzinfo=utc))
+        events.add(dt.datetime(2021, 12, 1, 12, 10, tzinfo=utc))
+        events.add(dt.datetime(2021, 12, 1, 12, 15, tzinfo=utc))
+        events.add(dt.datetime(2021, 12, 1, 12, 30, tzinfo=utc))
+        # when
+        result = events.count(
+            earliest=dt.datetime(2021, 12, 1, 12, 8, tzinfo=utc),
+            latest=dt.datetime(2021, 12, 1, 12, 17, tzinfo=utc),
+        )
+        # then
+        self.assertEqual(result, 2)
+
+    def test_should_count_events_within_timeframe_2(self):
+        # given
+        events = EventSeries("dummy")
+        events.add(dt.datetime(2021, 12, 1, 12, 0, tzinfo=utc))
+        events.add(dt.datetime(2021, 12, 1, 12, 10, tzinfo=utc))
+        events.add(dt.datetime(2021, 12, 1, 12, 15, tzinfo=utc))
+        events.add(dt.datetime(2021, 12, 1, 12, 30, tzinfo=utc))
+        # when
+        result = events.count(earliest=dt.datetime(2021, 12, 1, 12, 8))
+        # then
+        self.assertEqual(result, 3)
+
+    def test_should_count_events_within_timeframe_3(self):
+        # given
+        events = EventSeries("dummy")
+        events.add(dt.datetime(2021, 12, 1, 12, 0, tzinfo=utc))
+        events.add(dt.datetime(2021, 12, 1, 12, 10, tzinfo=utc))
+        events.add(dt.datetime(2021, 12, 1, 12, 15, tzinfo=utc))
+        events.add(dt.datetime(2021, 12, 1, 12, 30, tzinfo=utc))
+        # when
+        result = events.count(latest=dt.datetime(2021, 12, 1, 12, 12))
+        # then
+        self.assertEqual(result, 2)
+
+    def test_should_clear_events(self):
+        # given
+        events = EventSeries("dummy")
+        events.add()
+        events.add()
+        # when
+        events.clear()
+        # then
+        self.assertEqual(events.count(), 0)
+
+    def test_should_return_date_of_first_event(self):
+        # given
+        events = EventSeries("dummy")
+        events.add(dt.datetime(2021, 12, 1, 12, 0, tzinfo=utc))
+        events.add(dt.datetime(2021, 12, 1, 12, 10, tzinfo=utc))
+        events.add(dt.datetime(2021, 12, 1, 12, 15, tzinfo=utc))
+        events.add(dt.datetime(2021, 12, 1, 12, 30, tzinfo=utc))
+        # when
+        result = events.first_event()
+        # then
+        self.assertEqual(result, dt.datetime(2021, 12, 1, 12, 0, tzinfo=utc))
+
+    def test_should_return_date_of_first_event_with_range(self):
+        # given
+        events = EventSeries("dummy")
+        events.add(dt.datetime(2021, 12, 1, 12, 0, tzinfo=utc))
+        events.add(dt.datetime(2021, 12, 1, 12, 10, tzinfo=utc))
+        events.add(dt.datetime(2021, 12, 1, 12, 15, tzinfo=utc))
+        events.add(dt.datetime(2021, 12, 1, 12, 30, tzinfo=utc))
+        # when
+        result = events.first_event(
+            earliest=dt.datetime(2021, 12, 1, 12, 8, tzinfo=utc)
+        )
+        # then
+        self.assertEqual(result, dt.datetime(2021, 12, 1, 12, 10, tzinfo=utc))
+
+    def test_should_return_all_events(self):
+        # given
+        events = EventSeries("dummy")
+        events.add()
+        events.add()
+        # when
+        results = events.all()
+        # then
+        self.assertEqual(len(results), 2)
--- a/allianceauth/authentication/task_statistics/tests/test_signals.py
+++ b/allianceauth/authentication/task_statistics/tests/test_signals.py
@@ -0,0 +1,93 @@
+from unittest.mock import patch
+
+from celery.exceptions import Retry
+
+from django.test import TestCase, override_settings
+
+from allianceauth.authentication.task_statistics.counters import (
+    failed_tasks,
+    retried_tasks,
+    succeeded_tasks,
+)
+from allianceauth.authentication.task_statistics.signals import (
+    reset_counters,
+    is_enabled,
+)
+from allianceauth.eveonline.tasks import update_character
+
+
+@override_settings(
+    CELERY_ALWAYS_EAGER=True,ALLIANCEAUTH_DASHBOARD_TASK_STATISTICS_DISABLED=False
+)
+class TestTaskSignals(TestCase):
+    fixtures = ["disable_analytics"]
+
+    def test_should_record_successful_task(self):
+        # given
+        succeeded_tasks.clear()
+        retried_tasks.clear()
+        failed_tasks.clear()
+        # when
+        with patch(
+            "allianceauth.eveonline.tasks.EveCharacter.objects.update_character"
+        ) as mock_update:
+            mock_update.return_value = None
+            update_character.delay(1)
+        # then
+        self.assertEqual(succeeded_tasks.count(), 1)
+        self.assertEqual(retried_tasks.count(), 0)
+        self.assertEqual(failed_tasks.count(), 0)
+
+    def test_should_record_retried_task(self):
+        # given
+        succeeded_tasks.clear()
+        retried_tasks.clear()
+        failed_tasks.clear()
+        # when
+        with patch(
+            "allianceauth.eveonline.tasks.EveCharacter.objects.update_character"
+        ) as mock_update:
+            mock_update.side_effect = Retry
+            update_character.delay(1)
+        # then
+        self.assertEqual(succeeded_tasks.count(), 0)
+        self.assertEqual(failed_tasks.count(), 0)
+        self.assertEqual(retried_tasks.count(), 1)
+
+    def test_should_record_failed_task(self):
+        # given
+        succeeded_tasks.clear()
+        retried_tasks.clear()
+        failed_tasks.clear()
+        # when
+        with patch(
+            "allianceauth.eveonline.tasks.EveCharacter.objects.update_character"
+        ) as mock_update:
+            mock_update.side_effect = RuntimeError
+            update_character.delay(1)
+        # then
+        self.assertEqual(succeeded_tasks.count(), 0)
+        self.assertEqual(retried_tasks.count(), 0)
+        self.assertEqual(failed_tasks.count(), 1)
+
+    def test_should_reset_counters(self):
+        # given
+        succeeded_tasks.add()
+        retried_tasks.add()
+        failed_tasks.add()
+        # when
+        reset_counters()
+        # then
+        self.assertEqual(succeeded_tasks.count(), 0)
+        self.assertEqual(retried_tasks.count(), 0)
+        self.assertEqual(failed_tasks.count(), 0)
+
+
+class TestIsEnabled(TestCase):
+    @override_settings(ALLIANCEAUTH_DASHBOARD_TASK_STATISTICS_DISABLED=False)
+    def test_enabled(self):
+        self.assertTrue(is_enabled())
+
+    @override_settings(ALLIANCEAUTH_DASHBOARD_TASK_STATISTICS_DISABLED=True)
+    def test_disabled(self):
+        self.assertFalse(is_enabled())
--- a/allianceauth/authentication/tasks.py
+++ b/allianceauth/authentication/tasks.py
@@ -0,0 +1,43 @@
+import logging
+
+from esi.errors import TokenExpiredError, TokenInvalidError, IncompleteResponseError
+from esi.models import Token
+from celery import shared_task
+
+from allianceauth.authentication.models import CharacterOwnership
+
+logger = logging.getLogger(__name__)
+
+
+@shared_task
+def check_character_ownership(owner_hash):
+    tokens = Token.objects.filter(character_owner_hash=owner_hash)
+    if tokens:
+        for t in tokens:
+            old_hash = t.character_owner_hash
+            try:
+                t.update_token_data(commit=False)
+            except (TokenExpiredError, TokenInvalidError):
+                t.delete()
+                continue
+            except (KeyError, IncompleteResponseError):
+                # We can't validate the hash hasn't changed but also can't assume it has. Abort for now.
+                logger.warning("Failed to validate owner hash of {} due to problems contacting SSO servers.".format(
+                    tokens[0].character_name))
+                break
+
+            if not t.character_owner_hash == old_hash:
+                logger.info(
+                    f'Character {t.character_name} has changed ownership. Revoking {tokens.count()} tokens.')
+                tokens.delete()
+            break
+
+    if not Token.objects.filter(character_owner_hash=owner_hash).exists():
+        logger.info('No tokens found with owner hash %s. Revoking ownership.' % owner_hash)
+        CharacterOwnership.objects.filter(owner_hash=owner_hash).delete()
+
+
+@shared_task
+def check_all_character_ownership():
+    for c in CharacterOwnership.objects.all().only('owner_hash'):
+        check_character_ownership.delay(c.owner_hash)
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				`default_app_config = 'allianceauth.analytics.apps.AnalyticsConfig'`
				`@@ -0,0 +1 @@`
				`default_app_config = 'allianceauth.authentication.apps.AuthenticationConfig'`