Version bump to v2.1.1

Merge branch 'flex-structures' into 'master'
Add Flex Structures to timerboard See merge request allianceauth/allianceauth!1112
2026-02-04 14:16:21 +01:00 · 2018-12-20 22:17:04 +00:00 · 2018-12-20 22:06:01 +00:00 · 2018-12-20 22:04:39 +00:00 · 2018-12-20 22:04:39 +00:00 · 2018-12-20 22:02:25 +00:00
201 changed files with 5673 additions and 2551 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -8,6 +8,7 @@ __pycache__/
 # Distribution / packaging
 .Python
 env/
+venv/
 build/
 develop-eggs/
 dist/
@@ -41,7 +42,6 @@ nosetests.xml
 coverage.xml

 # Translations
-*.mo
 *.pot

 # Django stuff:
@@ -62,3 +62,5 @@ celerybeat-schedule

 #pycharm
 .idea/*
+
+/nbproject/
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -0,0 +1,41 @@
+# Official language image. Look for the different tagged releases at:
+# https://hub.docker.com/r/library/python/tags/
+
+.job_template: &job_definition
+  # Change pip's cache directory to be inside the project directory since we can
+  # only cache local items.
+  variables:
+    PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache"
+  
+  # Pip's cache doesn't store the python packages
+  # https://pip.pypa.io/en/stable/reference/pip_install/#caching
+  #
+  # If you want to also cache the installed packages, you have to install
+  # them in a virtualenv and cache it as well.
+  cache:
+    paths:
+      - .cache/pip
+      - venv/
+  
+  before_script:
+    - python -V                  # Print out python version for debugging
+    - pip install virtualenv tox
+    - virtualenv venv
+    - source venv/bin/activate
+    
+  coverage: '/TOTAL.+ ([0-9]{1,3}%)/'
+
+
+py36-dj111:
+  <<: *job_definition
+  image: python:3.6-stretch
+  script:
+  - export TOXENV=py36-dj111
+  - tox
+
+py36-dj20:
+  <<: *job_definition
+  image: python:3.6-stretch
+  script:
+  - export TOXENV=py36-dj20
+  - tox
--- a/README.md
+++ b/README.md
@@ -1,37 +1,35 @@
 Alliance Auth
 ============

-[![Join the chat at https://gitter.im/R4stl1n/allianceauth](https://badges.gitter.im/R4stl1n/allianceauth.svg)](https://gitter.im/R4stl1n/allianceauth?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
+[![Chat on Discord](https://img.shields.io/discord/399006117012832262.svg)](https://discord.gg/fjnHAmk)
 [![Documentation Status](https://readthedocs.org/projects/allianceauth/badge/?version=latest)](http://allianceauth.readthedocs.io/?badge=latest)
-[![Build Status](https://travis-ci.org/allianceauth/allianceauth.svg?branch=master)](https://travis-ci.org/allianceauth/allianceauth)
-[![Coverage Status](https://coveralls.io/repos/github/allianceauth/allianceauth/badge.svg?branch=master)](https://coveralls.io/github/allianceauth/allianceauth?branch=master)
+[![pipeline status](https://gitlab.com/allianceauth/allianceauth/badges/master/pipeline.svg)](https://gitlab.com/allianceauth/allianceauth/commits/master)
+[![coverage report](https://gitlab.com/allianceauth/allianceauth/badges/master/coverage.svg)](https://gitlab.com/allianceauth/allianceauth/commits/master)


-EVE service auth to help corps, alliances, and coalitions manage services.
-Built for "The 99 Percent" open for anyone to use.
+
+An auth system for EVE Online to help in-game organizations manage online service access.

 [Read the docs here.](http://allianceauth.rtfd.io)

-[Get help on gitter](https://gitter.im/R4stl1n/allianceauth) or submit an Issue.
+[Get help on Discord](https://discord.gg/fjnHAmk) or submit an Issue.


 Active Developers:

- - [Adarnof](https://github.com/Adarnof)
- - [Basraah](https://github.com/basraah)
-
+ - [Adarnof](https://gitlab.com/adarnof/)
+ - [Basraah](https://gitlab.com/basraah/)

 Beta Testers / Bug Fixers:

- - [ghoti](https://github.com/ghoti)
+ - [ghoti](https://gitlab.com/ChainsawMcGinny/)
+ - [mmolitor87](https://gitlab.com/mmolitor87/)
+ - [TargetZ3R0](https://github.com/TargetZ3R0)
+ - [kaezon](https://github.com/kaezon/)
+ - [orbitroom](https://github.com/orbitroom/)
+ - [tehfiend](https://github.com/tehfiend/)

+Special thanks to [Nikdoof](https://github.com/nikdoof/), as his [auth](https://github.com/nikdoof/test-auth) was the foundation for the original work on this project.

-Past Beta Testers / Bug Fixers:
-
- TrentBartlem (Testing and Bug Fixes)
- IskFiend (Bug Fixes and Server Configuration)
- Mr McClain (Bug Fixes and server configuration)
-
-Special Thanks:
-
- Thanks to Nikdoof, without his old auth implementation this project wouldn't be as far as it is now.
+### Contributing
+Make sure you have signed the [License Agreement](https://developers.eveonline.com/resource/license-agreement) by logging in at [https://developers.eveonline.com](https://developers.eveonline.com) before submitting any pull requests.
--- a/allianceauth/init.py
+++ b/allianceauth/init.py
@@ -1,7 +1,6 @@
 # This will make sure the app is always imported when
 # Django starts so that shared_task will use this app.

-__version__ = '2.0-dev'
+__version__ = '2.1.1'
 NAME = 'Alliance Auth v%s' % __version__
 default_app_config = 'allianceauth.apps.AllianceAuthConfig'
-
--- a/allianceauth/authentication/admin.py
+++ b/allianceauth/authentication/admin.py
@@ -1,11 +1,15 @@
 from django.contrib import admin
 from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
-from django.contrib.auth.models import User, Permission
+from django.contrib.auth.models import User as BaseUser, Permission as BasePermission
 from django.utils.text import slugify
+from django.db.models import Q
 from allianceauth.services.hooks import ServicesHook
-
-from allianceauth.authentication.models import State, get_guest_state, CharacterOwnership, UserProfile
+from django.db.models.signals import pre_save, post_save, pre_delete, post_delete, m2m_changed
+from django.dispatch import receiver
+from allianceauth.authentication.models import State, get_guest_state, CharacterOwnership, UserProfile, OwnershipRecord
 from allianceauth.hooks import get_hooks
+from allianceauth.eveonline.models import EveCharacter
+from django.forms import ModelForm


 def make_service_hooks_update_groups_action(service):
@@ -38,6 +42,47 @@ def make_service_hooks_sync_nickname_action(service):
    return sync_nickname


+class QuerysetModelForm(ModelForm):
+    # allows specifying FK querysets through kwarg
+    def __init__(self, querysets=None, *args, **kwargs):
+        querysets = querysets or {}
+        super().__init__(*args, **kwargs)
+        for field, qs in querysets.items():
+            self.fields[field].queryset = qs
+
+
+class UserProfileInline(admin.StackedInline):
+    model = UserProfile
+    readonly_fields = ('state',)
+    form = QuerysetModelForm
+    verbose_name = ''
+    verbose_name_plural = 'Profile'
+
+    def get_formset(self, request, obj=None, **kwargs):
+        # main_character field can only show current value or unclaimed alts
+        # if superuser, allow selecting from any unclaimed main
+        query = Q()
+        if obj and obj.profile.main_character:
+            query |= Q(pk=obj.profile.main_character_id)
+            if request.user.is_superuser:
+                query |= Q(userprofile__isnull=True)
+            else:
+                query |= Q(character_ownership__user=obj)
+        qs = EveCharacter.objects.filter(query)
+        formset = super().get_formset(request, obj=obj, **kwargs)
+
+        def get_kwargs(self, index):
+            return {'querysets': {'main_character': EveCharacter.objects.filter(query)}}
+        formset.get_form_kwargs = get_kwargs
+        return formset
+
+    def has_add_permission(self, request):
+        return False
+
+    def has_delete_permission(self, request, obj=None):
+        return False
+
+
 class UserAdmin(BaseUserAdmin):
    """
    Extending Django's UserAdmin model
@@ -62,6 +107,25 @@ class UserAdmin(BaseUserAdmin):

        return actions
    list_filter = BaseUserAdmin.list_filter + ('profile__state',)
+    inlines = BaseUserAdmin.inlines + [UserProfileInline]
+    list_display = ('username', 'email', 'get_main_character', 'get_state', 'is_active')
+
+    def get_main_character(self, obj):
+        return obj.profile.main_character
+    get_main_character.short_description = "Main Character"
+
+    def get_state(self, obj):
+        return obj.profile.state
+    get_state.short_description = "State"
+
+    def has_change_permission(self, request, obj=None):
+        return request.user.has_perm('auth.change_user')
+
+    def has_add_permission(self, request, obj=None):
+        return request.user.has_perm('auth.add_user')
+
+    def has_delete_permission(self, request, obj=None):
+        return request.user.has_perm('auth.delete_user')


@admin.register(State)
@@ -96,31 +160,30 @@ class StateAdmin(admin.ModelAdmin):
        return obj.userprofile_set.all().count()


-@admin.register(UserProfile)
-class UserProfileAdmin(admin.ModelAdmin):
-    readonly_fields = ('user', 'state')
-    search_fields = ('user__username', 'main_character__character_name')
-    list_filter = ('state',)
-    list_display = ('user', 'main_character')
-    actions = None
+class BaseOwnershipAdmin(admin.ModelAdmin):
+    list_display = ('user', 'character')
+    search_fields = ('user__username', 'character__character_name', 'character__corporation_name', 'character__alliance_name')

-    def has_add_permission(self, request):
-        return False
+    def get_readonly_fields(self, request, obj=None):
+        if obj and obj.pk:
+            return 'owner_hash', 'character'
+        return tuple()

-    def has_delete_permission(self, request, obj=None):
-        return False
+
+@admin.register(OwnershipRecord)
+class OwnershipRecordAdmin(BaseOwnershipAdmin):
+    list_display = BaseOwnershipAdmin.list_display + ('created',)


@admin.register(CharacterOwnership)
-class CharacterOwnershipAdmin(admin.ModelAdmin):
-    list_display = ('user', 'character')
-    search_fields = ('user__username', 'character__character_name', 'character__corporation_name', 'character__alliance_name')
-    readonly_fields = ('owner_hash', 'character')
+class CharacterOwnershipAdmin(BaseOwnershipAdmin):
+    def has_add_permission(self, request):
+        return False


 class PermissionAdmin(admin.ModelAdmin):
    actions = None
-    readonly_fields = [field.name for field in Permission._meta.fields]
+    readonly_fields = [field.name for field in BasePermission._meta.fields]
    list_display = ('admin_name', 'name', 'codename', 'content_type')
    list_filter = ('content_type__app_label',)

@@ -134,23 +197,61 @@ class PermissionAdmin(admin.ModelAdmin):
    def has_delete_permission(self, request, obj=None):
        return False

+    def has_module_permission(self, request):
+        return True
+
+    def has_change_permission(self, request, obj=None):
+        # can see list but not edit it
+        return not obj
+

 # Hack to allow registration of django.contrib.auth models in our authentication app
-class ProxyUser(User):
+class User(BaseUser):
    class Meta:
        proxy = True
-        verbose_name = User._meta.verbose_name
-        verbose_name_plural = User._meta.verbose_name_plural
+        verbose_name = BaseUser._meta.verbose_name
+        verbose_name_plural = BaseUser._meta.verbose_name_plural


-class ProxyPermission(Permission):
+class Permission(BasePermission):
    class Meta:
        proxy = True
-        verbose_name = Permission._meta.verbose_name
-        verbose_name_plural = Permission._meta.verbose_name_plural
+        verbose_name = BasePermission._meta.verbose_name
+        verbose_name_plural = BasePermission._meta.verbose_name_plural
+

 try:
-    admin.site.unregister(User)
+    admin.site.unregister(BaseUser)
 finally:
-    admin.site.register(ProxyUser, UserAdmin)
-    admin.site.register(ProxyPermission, PermissionAdmin)
+    admin.site.register(User, UserAdmin)
+    admin.site.register(Permission, PermissionAdmin)
+
+
+@receiver(pre_save, sender=User)
+def redirect_pre_save(sender, signal=None, *args, **kwargs):
+    pre_save.send(BaseUser, *args, **kwargs)
+
+
+@receiver(post_save, sender=User)
+def redirect_post_save(sender, signal=None, *args, **kwargs):
+    post_save.send(BaseUser, *args, **kwargs)
+
+
+@receiver(pre_delete, sender=User)
+def redirect_pre_delete(sender, signal=None, *args, **kwargs):
+    pre_delete.send(BaseUser, *args, **kwargs)
+
+
+@receiver(post_delete, sender=User)
+def redirect_post_delete(sender, signal=None, *args, **kwargs):
+    post_delete.send(BaseUser, *args, **kwargs)
+
+
+@receiver(m2m_changed, sender=User.groups.through)
+def redirect_m2m_changed_groups(sender, signal=None, *args, **kwargs):
+    m2m_changed.send(BaseUser, *args, **kwargs)
+
+
+@receiver(m2m_changed, sender=User.user_permissions.through)
+def redirect_m2m_changed_permissions(sender, signal=None, *args, **kwargs):
+    m2m_changed.send(BaseUser, *args, **kwargs)
--- a/allianceauth/authentication/backends.py
+++ b/allianceauth/authentication/backends.py
@@ -1,8 +1,11 @@
 from django.contrib.auth.backends import ModelBackend
 from django.contrib.auth.models import Permission
 from django.contrib.auth.models import User
+import logging
+from .models import UserProfile, CharacterOwnership, OwnershipRecord

-from .models import UserProfile, CharacterOwnership
+
+logger = logging.getLogger(__name__)


 class StateBackend(ModelBackend):
@@ -30,31 +33,48 @@ class StateBackend(ModelBackend):
        try:
            ownership = CharacterOwnership.objects.get(character__character_id=token.character_id)
            if ownership.owner_hash == token.character_owner_hash:
+                logger.debug('Authenticating {0} by ownership of character {1}'.format(ownership.user, token.character_name))
                return ownership.user
            else:
+                logger.debug('{0} has changed ownership. Creating new user account.'.format(token.character_name))
                ownership.delete()
                return self.create_user(token)
        except CharacterOwnership.DoesNotExist:
            try:
                # insecure legacy main check for pre-sso registration auth installs
                profile = UserProfile.objects.get(main_character__character_id=token.character_id)
+                logger.debug('Authenticating {0} by their main character {1} without active ownership.'.format(profile.user, profile.main_character))
                # attach an ownership
+                token.user = profile.user
                CharacterOwnership.objects.create_by_token(token)
                return profile.user
            except UserProfile.DoesNotExist:
-                pass
+                # now we check historical records to see if this is a returning user
+                records = OwnershipRecord.objects.filter(owner_hash=token.character_owner_hash).filter(character__character_id=token.character_id)
+                if records.exists():
+                    # we've seen this character owner before. Re-attach to their old user account
+                    user = records[0].user
+                    token.user = user
+                    co = CharacterOwnership.objects.create_by_token(token)
+                    logger.debug('Authenticating {0} by matching owner hash record of character {1}'.format(user, co.character))
+                    if not user.profile.main_character:
+                        # set this as their main by default if they have none
+                        user.profile.main_character = co.character
+                        user.profile.save()
+                    return user
+            logger.debug('Unable to authenticate character {0}. Creating new user.'.format(token.character_name))
            return self.create_user(token)

    def create_user(self, token):
        username = self.iterate_username(token.character_name)  # build unique username off character name
-        user = User.objects.create_user(username)
+        user = User.objects.create_user(username, is_active=False)  # prevent login until email set
        user.set_unusable_password()  # prevent login via password
-        user.is_active = False  # prevent login until email set
        user.save()
        token.user = user
        co = CharacterOwnership.objects.create_by_token(token)  # assign ownership to this user
        user.profile.main_character = co.character  # assign main character as token character
        user.profile.save()
+        logger.debug('Created new user {0}'.format(user))
        return user

    @staticmethod
--- a/allianceauth/authentication/decorators.py
+++ b/allianceauth/authentication/decorators.py
@@ -0,0 +1,68 @@
+from django.conf.urls import include
+from django.contrib.auth.decorators import user_passes_test
+from django.core.exceptions import PermissionDenied
+from functools import wraps
+from django.shortcuts import redirect
+from django.contrib import messages
+from django.utils.translation import gettext_lazy as _
+from django.contrib.auth.decorators import login_required
+
+
+def user_has_main_character(user):
+    return bool(user.profile.main_character)
+
+
+def decorate_url_patterns(urls, decorator):
+    url_list, app_name, namespace = include(urls)
+
+    def process_patterns(url_patterns):
+        for pattern in url_patterns:
+            if hasattr(pattern, 'url_patterns'):
+                # this is an include - apply to all nested patterns
+                process_patterns(pattern.url_patterns)
+            else:
+                # this is a pattern
+                pattern.callback = decorator(pattern.callback)
+
+    process_patterns(url_list)
+    return url_list, app_name, namespace
+
+
+def main_character_required(view_func):
+    @wraps(view_func)
+    def _wrapped_view(request, *args, **kwargs):
+        if user_has_main_character(request.user):
+            return view_func(request, *args, **kwargs)
+
+        messages.error(request, _('A main character is required to perform that action. Add one below.'))
+        return redirect('authentication:dashboard')
+    return login_required(_wrapped_view)
+
+
+def permissions_required(perm, login_url=None, raise_exception=False):
+    """
+    Decorator for views that checks whether a user has a particular permission
+    enabled, redirecting to the log-in page if necessary.
+    If the raise_exception parameter is given the PermissionDenied exception
+    is raised.
+
+    This decorator is identical to the django permission_required except it
+    allows for passing a tuple/list of perms that will return true if any one
+    of them is present.
+    """
+    def check_perms(user):
+        if isinstance(perm, str):
+            perms = (perm,)
+        else:
+            perms = perm
+        # First check if the user has the permission (even anon users)
+        for perm_ in perms:
+            perm_ = (perm_,)
+            if user.has_perms(perm_):
+                return True
+        # In case the 403 handler should be called raise the exception
+        if raise_exception:
+            raise PermissionDenied
+        # As the last resort, show the login form
+        return False
+    return user_passes_test(check_perms, login_url=login_url)
--- a/allianceauth/authentication/management/init.py
+++ b/allianceauth/authentication/management/init.py
--- a/allianceauth/authentication/management/commands/init.py
+++ b/allianceauth/authentication/management/commands/init.py
--- a/allianceauth/authentication/management/commands/checkmains.py
+++ b/allianceauth/authentication/management/commands/checkmains.py
@@ -0,0 +1,20 @@
+from django.core.management.base import BaseCommand
+from allianceauth.authentication.models import UserProfile
+
+
+class Command(BaseCommand):
+    help = 'Ensures all main characters have an active ownership'
+
+    def handle(self, *args, **options):
+        profiles = UserProfile.objects.filter(main_character__isnull=False).filter(
+            main_character__character_ownership__isnull=True)
+        if profiles.exists():
+            for profile in profiles:
+                self.stdout.write(self.style.ERROR(
+                    '{0} does not have an ownership. Resetting user {1} main character.'.format(profile.main_character,
+                                                                                                profile.user)))
+                profile.main_character = None
+                profile.save()
+            self.stdout.write(self.style.WARNING('Reset {0} main characters.'.format(profiles.count())))
+        else:
+            self.stdout.write(self.style.SUCCESS('All main characters have active ownership.'))
--- a/allianceauth/authentication/migrations/0015_user_profiles.py
+++ b/allianceauth/authentication/migrations/0015_user_profiles.py
@@ -43,7 +43,7 @@ def create_member_group(apps, schema_editor):
    member_state_name = getattr(settings, 'DEFAULT_AUTH_GROUP', 'Member')

    try:
-        g = Group.objects.get(name=member_state_name)
+        g, _ = Group.objects.get_or_create(name=member_state_name)
        # move permissions back
        state = State.objects.get(name=member_state_name)
        [g.permissions.add(p.pk) for p in state.permissions.all()]
@@ -51,7 +51,7 @@ def create_member_group(apps, schema_editor):
        # move users back
        for profile in state.userprofile_set.all().select_related('user'):
            profile.user.groups.add(g.pk)
-    except (Group.DoesNotExist, State.DoesNotExist):
+    except State.DoesNotExist:
        pass


@@ -67,7 +67,7 @@ def create_blue_state(apps, schema_editor):
        # move group permissions to state
        g = Group.objects.get(name=blue_state_name)
        [s.permissions.add(p.pk) for p in g.permissions.all()]
-        g.permissions.clear()
+        g.delete()
    except Group.DoesNotExist:
        pass

@@ -84,7 +84,7 @@ def create_blue_group(apps, schema_editor):
    blue_state_name = getattr(settings, 'DEFAULT_BLUE_GROUP', 'Blue')

    try:
-        g = Group.objects.get(name=blue_state_name)
+        g, _ = Group.objects.get_or_create(name=blue_state_name)
        # move permissions back
        state = State.objects.get(name=blue_state_name)
        [g.permissions.add(p.pk) for p in state.permissions.all()]
@@ -92,10 +92,15 @@ def create_blue_group(apps, schema_editor):
        # move users back
        for profile in state.userprofile_set.all().select_related('user'):
            profile.user.groups.add(g.pk)
-    except (Group.DoesNotExist, State.DoesNotExist):
+    except State.DoesNotExist:
        pass


+def purge_tokens(apps, schema_editor):
+    Token = apps.get_model('esi', 'Token')
+    Token.objects.filter(refresh_token__isnull=True).delete()
+
+
 def populate_ownerships(apps, schema_editor):
    Token = apps.get_model('esi', 'Token')
    CharacterOwnership = apps.get_model('authentication', 'CharacterOwnership')
@@ -103,16 +108,16 @@ def populate_ownerships(apps, schema_editor):

    unique_character_owners = [t['character_id'] for t in
                               Token.objects.all().values('character_id').annotate(n=models.Count('user')) if
-                               t['n'] == 1 and EveCharacter.objects.filter(character_id=t['character_id'].exists())]
+                               t['n'] == 1 and EveCharacter.objects.filter(character_id=t['character_id']).exists()]

    tokens = Token.objects.filter(character_id__in=unique_character_owners)
    for c_id in unique_character_owners:
-        ts = tokens.filter(character_id=c_id).order_by('created')
-        for t in ts:
-            if t.can_refresh:
-                # find newest refreshable token and use it as basis for CharacterOwnership
-                CharacterOwnership.objecs.create_by_token(t)
-                break
+        # find newest refreshable token and use it as basis for CharacterOwnership
+        ts = tokens.filter(character_id=c_id).exclude(refresh_token__isnull=True).order_by('created')
+        if ts.exists():
+            token = ts[0]
+            char = EveCharacter.objects.get(character_id=token.character_id)
+            CharacterOwnership.objects.create(user_id=token.user_id, character_id=char.id, owner_hash=token.character_owner_hash)


 def create_profiles(apps, schema_editor):
@@ -128,15 +133,24 @@ def create_profiles(apps, schema_editor):
                    auth['n'] == 1 and EveCharacter.objects.filter(character_id=auth['main_char_id']).exists()]

    auths = AuthServicesInfo.objects.filter(main_char_id__in=unique_mains).select_related('user')
+
+    blue_state_name = getattr(settings, 'DEFAULT_BLUE_GROUP', 'Blue')
+    member_state_name = getattr(settings, 'DEFAULT_AUTH_GROUP', 'Member')
+
+    states = {
+        'Member': State.objects.get(name=member_state_name),
+        'Blue': State.objects.get(name=blue_state_name),
+    }
+    guest_state = State.objects.get(name='Guest')
+
    for auth in auths:
        # carry states and mains forward
-        state = State.objects.get(name=auth.state if auth.state else 'Guest')
+        state = states.get(auth.state, guest_state)
        char = EveCharacter.objects.get(character_id=auth.main_char_id)
        UserProfile.objects.create(user=auth.user, state=state, main_character=char)
    for auth in AuthServicesInfo.objects.exclude(main_char_id__in=unique_mains).select_related('user'):
        # prepare empty profiles
-        state = State.objects.get(name='Guest')
-        UserProfile.objects.create(user=auth.user, state=state)
+        UserProfile.objects.create(user=auth.user, state=guest_state)


 def recreate_authservicesinfo(apps, schema_editor):
@@ -144,8 +158,16 @@ def recreate_authservicesinfo(apps, schema_editor):
    UserProfile = apps.get_model('authentication', 'UserProfile')
    User = apps.get_model('auth', 'User')

+    blue_state_name = getattr(settings, 'DEFAULT_BLUE_GROUP', 'Blue')
+    member_state_name = getattr(settings, 'DEFAULT_AUTH_GROUP', 'Member')
+
+    states = {
+        member_state_name: 'Member',
+        blue_state_name: 'Blue',
+    }
+
    # recreate all missing AuthServicesInfo models
-    AuthServicesInfo.objects.bulk_create([AuthServicesInfo(user=u.pk) for u in User.objects.all()])
+    AuthServicesInfo.objects.bulk_create([AuthServicesInfo(user_id=u.pk) for u in User.objects.all()])

    # repopulate main characters
    for profile in UserProfile.objects.exclude(main_character__isnull=True).select_related('user', 'main_character'):
@@ -154,8 +176,8 @@ def recreate_authservicesinfo(apps, schema_editor):

    # repopulate states we understand
    for profile in UserProfile.objects.exclude(state__name='Guest').filter(
-            state__name__in=['Member', 'Blue']).select_related('user', 'state'):
-        AuthServicesInfo.objects.update_or_create(user=profile.user, defaults={'state': profile.state.name})
+            state__name__in=[member_state_name, blue_state_name]).select_related('user', 'state'):
+        AuthServicesInfo.objects.update_or_create(user=profile.user, defaults={'state': states[profile.state.name]})


 def disable_passwords(apps, schema_editor):
@@ -203,7 +225,6 @@ class Migration(migrations.Migration):
                ('permissions', models.ManyToManyField(blank=True, to='auth.Permission')),
            ],
            options={
-                'default_permissions': ('change',),
                'ordering': ['-priority'],
            },
        ),
@@ -222,6 +243,7 @@ class Migration(migrations.Migration):
        migrations.RunPython(create_guest_state, migrations.RunPython.noop),
        migrations.RunPython(create_member_state, create_member_group),
        migrations.RunPython(create_blue_state, create_blue_group),
+        migrations.RunPython(purge_tokens, migrations.RunPython.noop),
        migrations.RunPython(populate_ownerships, migrations.RunPython.noop),
        migrations.RunPython(create_profiles, recreate_authservicesinfo),
        migrations.RemoveField(
@@ -233,7 +255,7 @@ class Migration(migrations.Migration):
        ),
        migrations.RunPython(disable_passwords, migrations.RunPython.noop),
        migrations.CreateModel(
-            name='ProxyPermission',
+            name='Permission',
            fields=[
            ],
            options={
@@ -247,7 +269,7 @@ class Migration(migrations.Migration):
            ],
        ),
        migrations.CreateModel(
-            name='ProxyUser',
+            name='User',
            fields=[
            ],
            options={
--- a/allianceauth/authentication/migrations/0016_ownershiprecord.py
+++ b/allianceauth/authentication/migrations/0016_ownershiprecord.py
@@ -0,0 +1,40 @@
+# Generated by Django 2.0.4 on 2018-04-14 18:28
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+def create_initial_records(apps, schema_editor):
+    OwnershipRecord = apps.get_model('authentication', 'OwnershipRecord')
+    CharacterOwnership = apps.get_model('authentication', 'CharacterOwnership')
+
+    OwnershipRecord.objects.bulk_create([
+        OwnershipRecord(user=o.user, character=o.character, owner_hash=o.owner_hash) for o in CharacterOwnership.objects.all()
+    ])
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('eveonline', '0009_on_delete'),
+        ('authentication', '0015_user_profiles'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='OwnershipRecord',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('owner_hash', models.CharField(db_index=True, max_length=28)),
+                ('created', models.DateTimeField(auto_now=True)),
+                ('character', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='ownership_records', to='eveonline.EveCharacter')),
+                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='ownership_records', to=settings.AUTH_USER_MODEL)),
+            ],
+            options={
+                'ordering': ['-created'],
+            },
+        ),
+        migrations.RunPython(create_initial_records, migrations.RunPython.noop)
+    ]
--- a/allianceauth/authentication/models.py
+++ b/allianceauth/authentication/models.py
@@ -96,3 +96,16 @@ class CharacterOwnership(models.Model):

    def __str__(self):
        return "%s: %s" % (self.user, self.character)
+
+
+class OwnershipRecord(models.Model):
+    character = models.ForeignKey(EveCharacter, on_delete=models.CASCADE, related_name='ownership_records')
+    owner_hash = models.CharField(max_length=28, db_index=True)
+    user = models.ForeignKey(User, on_delete=models.CASCADE, related_name='ownership_records')
+    created = models.DateTimeField(auto_now=True)
+
+    class Meta:
+        ordering = ['-created']
+
+    def __str__(self):
+        return "%s: %s on %s" % (self.user, self.character, self.created)
--- a/allianceauth/authentication/signals.py
+++ b/allianceauth/authentication/signals.py
@@ -1,9 +1,9 @@
 import logging

-from .models import CharacterOwnership, UserProfile, get_guest_state, State
+from .models import CharacterOwnership, UserProfile, get_guest_state, State, OwnershipRecord
 from django.contrib.auth.models import User
 from django.db.models import Q
-from django.db.models.signals import post_save, pre_delete, m2m_changed, pre_save
+from django.db.models.signals import pre_save, post_save, pre_delete, post_delete, m2m_changed
 from django.dispatch import receiver, Signal
 from esi.models import Token

@@ -11,7 +11,6 @@ from allianceauth.eveonline.models import EveCharacter

 logger = logging.getLogger(__name__)

-
 state_changed = Signal(providing_args=['user', 'state'])


@@ -32,23 +31,27 @@ def trigger_state_check(state):
@receiver(m2m_changed, sender=State.member_characters.through)
 def state_member_characters_changed(sender, instance, action, *args, **kwargs):
    if action.startswith('post_'):
+        logger.debug('State {} member characters changed. Re-evaluating membership.'.format(instance))
        trigger_state_check(instance)


@receiver(m2m_changed, sender=State.member_corporations.through)
 def state_member_corporations_changed(sender, instance, action, *args, **kwargs):
    if action.startswith('post_'):
+        logger.debug('State {} member corporations changed. Re-evaluating membership.'.format(instance))
        trigger_state_check(instance)


@receiver(m2m_changed, sender=State.member_alliances.through)
 def state_member_alliances_changed(sender, instance, action, *args, **kwargs):
    if action.startswith('post_'):
+        logger.debug('State {} member alliances changed. Re-evaluating membership.'.format(instance))
        trigger_state_check(instance)


@receiver(post_save, sender=State)
 def state_saved(sender, instance, *args, **kwargs):
+    logger.debug('State {} saved. Re-evaluating membership.'.format(instance))
    trigger_state_check(instance)


@@ -59,6 +62,7 @@ def reassess_on_profile_save(sender, instance, created, *args, **kwargs):
    if not created:
        update_fields = kwargs.pop('update_fields', []) or []
        if 'state' not in update_fields:
+            logger.debug('Profile for {} saved without state change. Re-evaluating state.'.format(instance.user))
            instance.assign_state()


@@ -66,12 +70,15 @@ def reassess_on_profile_save(sender, instance, created, *args, **kwargs):
 def create_required_models(sender, instance, created, *args, **kwargs):
    # ensure all users have a model
    if created:
+        logger.debug('User {} created. Creating default UserProfile.'.format(instance))
        UserProfile.objects.get_or_create(user=instance)


@receiver(post_save, sender=Token)
 def record_character_ownership(sender, instance, created, *args, **kwargs):
    if created:
+        logger.debug('New token for {0} character {1} saved. Evaluating ownership.'.format(instance.user,
+                                                                                           instance.character_name))
        if instance.user:
            query = Q(owner_hash=instance.character_owner_hash) & Q(user=instance.user)
        else:
@@ -80,10 +87,15 @@ def record_character_ownership(sender, instance, created, *args, **kwargs):
        CharacterOwnership.objects.filter(character__character_id=instance.character_id).exclude(query).delete()
        # create character if needed
        if EveCharacter.objects.filter(character_id=instance.character_id).exists() is False:
+            logger.debug('Token is for a new character. Creating model for {0} ({1})'.format(instance.character_name,
+                                                                                             instance.character_id))
            EveCharacter.objects.create_character(instance.character_id)
        char = EveCharacter.objects.get(character_id=instance.character_id)
        # check if we need to create ownership
-        if instance.user and not CharacterOwnership.objects.filter(character__character_id=instance.character_id).exists():
+        if instance.user and not CharacterOwnership.objects.filter(
+                character__character_id=instance.character_id).exists():
+            logger.debug("Character {0} is not yet owned. Assigning ownership to {1}".format(instance.character_name,
+                                                                                             instance.user))
            CharacterOwnership.objects.update_or_create(character=char,
                                                        defaults={'owner_hash': instance.character_owner_hash,
                                                                  'user': instance.user})
@@ -91,20 +103,23 @@ def record_character_ownership(sender, instance, created, *args, **kwargs):

@receiver(pre_delete, sender=CharacterOwnership)
 def validate_main_character(sender, instance, *args, **kwargs):
-    if instance.user.profile.main_character == instance.character:
-        # clear main character as user no longer owns them
-        instance.user.profile.main_character = None
-        instance.user.profile.save()
+    try:
+        if instance.user.profile.main_character == instance.character:
+            logger.info("Ownership of a main character {0} has been revoked. Resetting {1} main character.".format(
+                instance.character, instance.user))
+            # clear main character as user no longer owns them
+            instance.user.profile.main_character = None
+            instance.user.profile.save()
+    except UserProfile.DoesNotExist:
+        # a user is being deleted
+        pass


-@receiver(pre_delete, sender=Token)
-def validate_main_character_token(sender, instance, *args, **kwargs):
-    if UserProfile.objects.filter(main_character__character_id=instance.character_id).exists():
-        profile = UserProfile.objects.get(main_character__character_id=instance.character_id)
-        if not Token.objects.filter(character_id=instance.character_id).filter(user=profile.user).exclude(pk=instance.pk).exists():
-            # clear main character as we can no longer verify ownership
-            profile.main_character = None
-            profile.save()
+@receiver(post_delete, sender=Token)
+def validate_ownership(sender, instance, *args, **kwargs):
+    if not Token.objects.filter(character_owner_hash=instance.character_owner_hash).filter(refresh_token__isnull=False).exists():
+        logger.info("No remaining tokens to validate ownership of character {0}. Revoking ownership.".format(instance.character_name))
+        CharacterOwnership.objects.filter(owner_hash=instance.character_owner_hash).delete()


@receiver(pre_save, sender=User)
@@ -114,8 +129,11 @@ def assign_state_on_active_change(sender, instance, *args, **kwargs):
        old_instance = User.objects.get(pk=instance.pk)
        if old_instance.is_active != instance.is_active:
            if instance.is_active:
+                logger.debug("User {0} has been activated. Assigning state.".format(instance))
                instance.profile.assign_state()
            else:
+                logger.debug(
+                    "User {0} has been deactivated. Revoking state and assigning to guest state.".format(instance))
                instance.profile.state = get_guest_state()
                instance.profile.save(update_fields=['state'])

@@ -124,6 +142,20 @@ def assign_state_on_active_change(sender, instance, *args, **kwargs):
 def check_state_on_character_update(sender, instance, *args, **kwargs):
    # if this is a main character updating, check that user's state
    try:
+        logger.debug("Character {0} has been saved. Assessing owner's state for changes.".format(instance))
        instance.userprofile.assign_state()
    except UserProfile.DoesNotExist:
+        logger.debug("Character {0} is not a main character. No state assessment required.".format(instance))
        pass
+
+
+@receiver(post_save, sender=CharacterOwnership)
+def ownership_record_creation(sender, instance, created, *args, **kwargs):
+    if created:
+        records = OwnershipRecord.objects.filter(owner_hash=instance.owner_hash).filter(character=instance.character)
+        if records.exists():
+            if records[0].user == instance.user:  # most recent record is sorted first
+                logger.debug("Already have ownership record of {0} by user {1}".format(instance.character, instance.user))
+                return
+        logger.info("Character {0} has a new owner {1}. Creating ownership record.".format(instance.character, instance.user))
+        OwnershipRecord.objects.create(user=instance.user, character=instance.character, owner_hash=instance.owner_hash)
--- a/allianceauth/authentication/tasks.py
+++ b/allianceauth/authentication/tasks.py
@@ -1,6 +1,6 @@
 import logging

-from esi.errors import TokenExpiredError, TokenInvalidError
+from esi.errors import TokenExpiredError, TokenInvalidError, IncompleteResponseError
 from esi.models import Token
 from celery import shared_task

@@ -20,13 +20,19 @@ def check_character_ownership(owner_hash):
            except (TokenExpiredError, TokenInvalidError):
                t.delete()
                continue
-
-            if t.character_owner_hash == old_hash:
+            except (KeyError, IncompleteResponseError):
+                # We can't validate the hash hasn't changed but also can't assume it has. Abort for now.
+                logger.warning("Failed to validate owner hash of {0} due to problems contacting SSO servers.".format(
+                    tokens[0].character_name))
                break
-            else:
-                logger.info('Character %s has changed ownership. Revoking %s tokens.' % (t.character_name, tokens.count()))
+
+            if not t.character_owner_hash == old_hash:
+                logger.info(
+                    'Character %s has changed ownership. Revoking %s tokens.' % (t.character_name, tokens.count()))
                tokens.delete()
-    else:
+            break
+
+    if not Token.objects.filter(character_owner_hash=owner_hash).exists():
        logger.info('No tokens found with owner hash %s. Revoking ownership.' % owner_hash)
        CharacterOwnership.objects.filter(owner_hash=owner_hash).delete()

--- a/allianceauth/authentication/templates/authentication/dashboard.html
+++ b/allianceauth/authentication/templates/authentication/dashboard.html
@@ -21,7 +21,7 @@
                            <table class="table">
                                <tr>
                                    <td class="text-center"><img class="ra-avatar"
-                                                                 src="https://image.eveonline.com/Character/{{ main.character_id }}_128.jpg">
+                                                                 src="{{ main.portrait_url_128 }}">
                                    </td>
                                </tr>
                                <tr>
@@ -57,7 +57,7 @@
                        </div>
                        {% endwith %}
                        {% else %}
-                        <div class="alert alert-danger" role="alert">{% trans "Missing main character model." %}</div>
+                        <div class="alert alert-danger" role="alert">{% trans "No main character set." %}</div>
                        {% endif %}
                        <div class="clearfix"></div>
                        <div class="col-xs-6">
@@ -102,8 +102,7 @@
                    {% for ownership in request.user.character_ownerships.all %}
                    {% with ownership.character as char %}
                    <tr>
-                        <td class="text-center"><img class="ra-avatar img-circle"
-                                                     src="https://image.eveonline.com/Character/{{ char.character_id }}_32.jpg">
+                        <td class="text-center"><img class="ra-avatar img-circle" src="{{ char.portrait_url_32 }}">
                        </td>
                        <td class="text-center">{{ char.character_name }}</td>
                        <td class="text-center">{{ char.corporation_name }}</td>
--- a/allianceauth/authentication/templates/public/base.html
+++ b/allianceauth/authentication/templates/public/base.html
@@ -17,7 +17,7 @@

        <style>
            body {
-                background: url('{% static 'authentication/img/background.jpg' %}') no-repeat scroll;
+                background: url('{% static 'authentication/img/background.jpg' %}') no-repeat center center fixed;
                -webkit-background-size: cover;
                -moz-background-size: cover;
                -o-background-size: cover;
@@ -48,4 +48,4 @@
            {% endblock %}
        </div>
    </body>
-</html>
+</html>
--- a/allianceauth/authentication/templates/public/lang_select.html
+++ b/allianceauth/authentication/templates/public/lang_select.html
@@ -2,7 +2,6 @@
 <div class="dropdown">
    <form action="{% url 'set_language' %}" method="post">
        {% csrf_token %}
-        <input name="next" type="hidden" value="{{ request.get_full_path|slice:'3:' }}" />
        <select onchange="this.form.submit()" class="form-control" id="lang-select" name="language">
            {% get_language_info_list for LANGUAGES as languages %}
            {% for language in languages %}
@@ -12,4 +11,4 @@
            {% endfor %}
        </select>
    </form>
-</div>
+</div>
--- a/allianceauth/authentication/templates/registration/activation_email.txt
+++ b/allianceauth/authentication/templates/registration/activation_email.txt
@@ -2,7 +2,7 @@ You're receiving this email because someone has entered this email address while

 If this was you, please go to the following URL to confirm your email address:

-{{ url }}
+{{ scheme }}://{{ url }}

 This link will expire in {{ expiration_days }} day(s).

--- a/allianceauth/authentication/tests.py
+++ b/allianceauth/authentication/tests.py
@@ -1,13 +1,70 @@
 from unittest import mock
-
+from io import StringIO
 from django.test import TestCase
 from django.contrib.auth.models import User
 from allianceauth.tests.auth_utils import AuthUtils
-from .models import CharacterOwnership, UserProfile, State, get_guest_state
+from .models import CharacterOwnership, UserProfile, State, get_guest_state, OwnershipRecord
 from .backends import StateBackend
 from .tasks import check_character_ownership
 from allianceauth.eveonline.models import EveCharacter, EveCorporationInfo, EveAllianceInfo
 from esi.models import Token
+from esi.errors import IncompleteResponseError
+from allianceauth.authentication.decorators import main_character_required
+from django.test.client import RequestFactory
+from django.http.response import HttpResponse
+from django.contrib.auth.models import AnonymousUser
+from django.conf import settings
+from django.shortcuts import reverse
+from django.core.management import call_command
+from urllib import parse
+
+MODULE_PATH = 'allianceauth.authentication'
+
+
+class DecoratorTestCase(TestCase):
+    @staticmethod
+    @main_character_required
+    def dummy_view(*args, **kwargs):
+        return HttpResponse(status=200)
+
+    @classmethod
+    def setUpTestData(cls):
+        cls.main_user = AuthUtils.create_user('main_user', disconnect_signals=True)
+        cls.no_main_user = AuthUtils.create_user('no_main_user', disconnect_signals=True)
+        main_character = EveCharacter.objects.create(
+            character_id=1,
+            character_name='Main Character',
+            corporation_id=1,
+            corporation_name='Corp',
+            corporation_ticker='CORP',
+        )
+        CharacterOwnership.objects.create(user=cls.main_user, character=main_character, owner_hash='1')
+        cls.main_user.profile.main_character = main_character
+
+    def setUp(self):
+        self.request = RequestFactory().get('/test/')
+
+    @mock.patch(MODULE_PATH + '.decorators.messages')
+    def test_login_redirect(self, m):
+        setattr(self.request, 'user', AnonymousUser())
+        response = self.dummy_view(self.request)
+        self.assertEqual(response.status_code, 302)
+        url = getattr(response, 'url', None)
+        self.assertEqual(parse.urlparse(url).path,  reverse(settings.LOGIN_URL))
+
+    @mock.patch(MODULE_PATH + '.decorators.messages')
+    def test_main_character_redirect(self, m):
+        setattr(self.request, 'user', self.no_main_user)
+        response = self.dummy_view(self.request)
+        self.assertEqual(response.status_code, 302)
+        url = getattr(response, 'url', None)
+        self.assertEqual(url, reverse('authentication:dashboard'))
+
+    @mock.patch(MODULE_PATH + '.decorators.messages')
+    def test_successful_request(self, m):
+        setattr(self.request, 'user', self.main_user)
+        response = self.dummy_view(self.request)
+        self.assertEqual(response.status_code, 200)


 class BackendTestCase(TestCase):
@@ -35,6 +92,7 @@ class BackendTestCase(TestCase):
            corporation_ticker='CORP',
        )
        cls.user = AuthUtils.create_user('test_user', disconnect_signals=True)
+        cls.old_user = AuthUtils.create_user('old_user', disconnect_signals=True)
        AuthUtils.disconnect_signals()
        CharacterOwnership.objects.create(user=cls.user, character=cls.main_character, owner_hash='1')
        CharacterOwnership.objects.create(user=cls.user, character=cls.alt_character, owner_hash='2')
@@ -58,6 +116,14 @@ class BackendTestCase(TestCase):
        self.assertEqual(user.username, 'Unclaimed_Character')
        self.assertEqual(user.profile.main_character, self.unclaimed_character)

+    def test_authenticate_character_record(self):
+        t = Token(character_id=self.unclaimed_character.character_id, character_name=self.unclaimed_character.character_name, character_owner_hash='4')
+        record = OwnershipRecord.objects.create(user=self.old_user, character=self.unclaimed_character, owner_hash='4')
+        user = StateBackend().authenticate(t)
+        self.assertEqual(user, self.old_user)
+        self.assertTrue(CharacterOwnership.objects.filter(owner_hash='4', user=self.old_user).exists())
+        self.assertTrue(user.profile.main_character)
+
    def test_iterate_username(self):
        t = Token(character_id=self.unclaimed_character.character_id,
                  character_name=self.unclaimed_character.character_name, character_owner_hash='3')
@@ -130,28 +196,6 @@ class CharacterOwnershipTestCase(TestCase):
        self.user = User.objects.get(pk=self.user.pk)
        self.assertIsNone(self.user.profile.main_character)

-    @mock.patch('esi.models.Token.update_token_data')
-    def test_character_ownership_check(self, update_token_data):
-        t = Token.objects.create(
-            user=self.user,
-            character_id=self.character.character_id,
-            character_name=self.character.character_name,
-            character_owner_hash='1',
-        )
-        co = CharacterOwnership.objects.get(owner_hash='1')
-        check_character_ownership(co.owner_hash)
-        self.assertTrue(CharacterOwnership.objects.filter(owner_hash='1').exists())
-
-        t.character_owner_hash = '2'
-        t.save()
-        check_character_ownership(co.owner_hash)
-        self.assertFalse(CharacterOwnership.objects.filter(owner_hash='1').exists())
-
-        t.delete()
-        co = CharacterOwnership.objects.create(user=self.user, character=self.character, owner_hash='3')
-        check_character_ownership(co.owner_hash)
-        self.assertFalse(CharacterOwnership.objects.filter(owner_hash='3').exists())
-

 class StateTestCase(TestCase):
    @classmethod
@@ -286,3 +330,73 @@ class StateTestCase(TestCase):
        self.user.save()
        self._refresh_user()
        self.assertEquals(self.user.profile.state, self.member_state)
+
+
+class CharacterOwnershipCheckTestCase(TestCase):
+    @classmethod
+    def setUpTestData(cls):
+        cls.user = AuthUtils.create_user('test_user', disconnect_signals=True)
+        AuthUtils.add_main_character(cls.user, 'Test Character', '1', corp_id='1', alliance_id='1',
+                                     corp_name='Test Corp', alliance_name='Test Alliance')
+        cls.character = EveCharacter.objects.get(character_id='1')
+        cls.token = Token.objects.create(
+            user=cls.user,
+            character_id='1',
+            character_name='Test',
+            character_owner_hash='1',
+        )
+        cls.ownership = CharacterOwnership.objects.get(character=cls.character)
+
+    @mock.patch(MODULE_PATH + '.tasks.Token.update_token_data')
+    def test_no_change_owner_hash(self, update_token_data):
+        # makes sure the ownership isn't delete if owner hash hasn't changed
+        check_character_ownership(self.ownership)
+        self.assertTrue(CharacterOwnership.objects.filter(user=self.user).filter(character=self.character).exists())
+
+    @mock.patch(MODULE_PATH + '.tasks.Token.update_token_data')
+    def test_unable_to_update_token_data(self, update_token_data):
+        # makes sure ownerships and tokens aren't hellpurged when there's problems with the SSO servers
+        update_token_data.side_effect = IncompleteResponseError()
+        check_character_ownership(self.ownership)
+        self.assertTrue(CharacterOwnership.objects.filter(user=self.user).filter(character=self.character).exists())
+
+        update_token_data.side_effect = KeyError()
+        check_character_ownership(self.ownership)
+        self.assertTrue(CharacterOwnership.objects.filter(user=self.user).filter(character=self.character).exists())
+
+    @mock.patch(MODULE_PATH + '.tasks.Token.update_token_data')
+    @mock.patch(MODULE_PATH + '.tasks.Token.delete')
+    @mock.patch(MODULE_PATH + '.tasks.Token.objects.exists')
+    @mock.patch(MODULE_PATH + '.tasks.CharacterOwnership.objects.filter')
+    def test_owner_hash_changed(self, filter, exists, delete, update_token_data):
+        # makes sure the ownership is revoked when owner hash changes
+        filter.return_value.exists.return_value = False
+        check_character_ownership(self.ownership)
+        self.assertTrue(filter.return_value.delete.called)
+
+
+class ManagementCommandTestCase(TestCase):
+    @classmethod
+    def setUpTestData(cls):
+        cls.user = AuthUtils.create_user('test user', disconnect_signals=True)
+        AuthUtils.add_main_character(cls.user, 'test character', '1', '2', 'test corp', 'test')
+        character = UserProfile.objects.get(user=cls.user).main_character
+        CharacterOwnership.objects.create(user=cls.user, character=character, owner_hash='test')
+
+    def setUp(self):
+        self.stdout = StringIO()
+
+    def test_ownership(self):
+        call_command('checkmains', stdout=self.stdout)
+        self.assertFalse(UserProfile.objects.filter(main_character__isnull=True).count())
+        self.assertNotIn(self.user.username, self.stdout.getvalue())
+        self.assertIn('All main characters', self.stdout.getvalue())
+
+    def test_no_ownership(self):
+        user = AuthUtils.create_user('v1 user', disconnect_signals=True)
+        AuthUtils.add_main_character(user, 'v1 character', '10', '20', 'test corp', 'test')
+        self.assertFalse(UserProfile.objects.filter(main_character__isnull=True).count())
+
+        call_command('checkmains', stdout=self.stdout)
+        self.assertEqual(UserProfile.objects.filter(main_character__isnull=True).count(), 1)
+        self.assertIn(user.username, self.stdout.getvalue())
--- a/allianceauth/authentication/views.py
+++ b/allianceauth/authentication/views.py
@@ -10,6 +10,7 @@ from django.urls import reverse
 from django.shortcuts import redirect
 from django.utils.translation import ugettext_lazy as _
 from esi.decorators import token_required
+from esi.models import Token
 from registration.backends.hmac.views import RegistrationView as BaseRegistrationView, \
    ActivationView as BaseActivationView, REGISTRATION_SALT
 from registration.signals import user_registered
@@ -71,17 +72,22 @@ have the email address embedded much like the username. Key creation and decodin
@token_required(new=True, scopes=settings.LOGIN_TOKEN_SCOPES)
 def sso_login(request, token):
    user = authenticate(token=token)
-    if user and user.is_active:
-        login(request, user)
-        return redirect(request.POST.get('next', request.GET.get('next', 'authentication:dashboard')))
-    elif user and not user.email:
-        # Store the new user PK in the session to enable us to identify the registering user in Step 2
-        request.session['registration_uid'] = user.pk
-        # Go to Step 2
-        return redirect('registration_register')
-    else:
-        messages.error(request, _('Unable to authenticate as the selected character.'))
-        return redirect(settings.LOGIN_URL)
+    if user:
+        token.user = user
+        if Token.objects.exclude(pk=token.pk).equivalent_to(token).require_valid().exists():
+            token.delete()
+        else:
+            token.save()
+        if user.is_active:
+            login(request, user)
+            return redirect(request.POST.get('next', request.GET.get('next', 'authentication:dashboard')))
+        elif not user.email:
+            # Store the new user PK in the session to enable us to identify the registering user in Step 2
+            request.session['registration_uid'] = user.pk
+            # Go to Step 2
+            return redirect('registration_register')
+    messages.error(request, _('Unable to authenticate as the selected character.'))
+    return redirect(settings.LOGIN_URL)


 # Step 2
@@ -89,20 +95,33 @@ class RegistrationView(BaseRegistrationView):
    form_class = RegistrationForm
    success_url = 'authentication:dashboard'

-    def dispatch(self, *args, **kwargs):
+    def get_success_url(self, user):
+        if not getattr(settings, 'REGISTRATION_VERIFY_EMAIL', True):
+            return 'authentication:dashboard', (), {}
+        return super().get_success_url(user)
+
+    def dispatch(self, request, *args, **kwargs):
        # We're storing a key in the session to pass user information from OAuth response. Make sure it's there.
        if not self.request.session.get('registration_uid', None) or not User.objects.filter(
                pk=self.request.session.get('registration_uid')).exists():
            messages.error(self.request, _('Registration token has expired.'))
            return redirect(settings.LOGIN_URL)
-        return super(RegistrationView, self).dispatch(*args, **kwargs)
+        if not getattr(settings, 'REGISTRATION_VERIFY_EMAIL', True):
+            # Keep the request so the user can be automagically logged in.
+            setattr(self, 'request', request)
+        return super(RegistrationView, self).dispatch(request, *args, **kwargs)

    def register(self, form):
        user = User.objects.get(pk=self.request.session.get('registration_uid'))
        user.email = form.cleaned_data['email']
        user_registered.send(self.__class__, user=user, request=self.request)
-        # Go to Step 3
-        self.send_activation_email(user)
+        if getattr(settings, 'REGISTRATION_VERIFY_EMAIL', True):
+            # Go to Step 3
+            self.send_activation_email(user)
+        else:
+            user.is_active = True
+            user.save()
+            login(self.request, user, 'allianceauth.authentication.backends.StateBackend')
        return user

    def get_activation_key(self, user):
--- a/allianceauth/corputils/auth_hooks.py
+++ b/allianceauth/corputils/auth_hooks.py
@@ -1,5 +1,5 @@
 from allianceauth.services.hooks import MenuItemHook, UrlHook
-
+from django.utils.translation import ugettext_lazy as _
 from allianceauth import hooks
 from allianceauth.corputils import urls

@@ -7,7 +7,7 @@ from allianceauth.corputils import urls
 class CorpStats(MenuItemHook):
    def __init__(self):
        MenuItemHook.__init__(self,
-                              'Corporation Stats',
+                              _('Corporation Stats'),
                              'fa fa-share-alt fa-fw',
                              'corputils:view',
                              navactive=['corputils:'])
--- a/allianceauth/corputils/managers.py
+++ b/allianceauth/corputils/managers.py
@@ -16,10 +16,16 @@ class CorpStatsQuerySet(models.QuerySet):
            assert char
            # build all accepted queries
            queries = [models.Q(token__user=user)]
-            if user.has_perm('corputils.view_corp_corpstats'):
-                queries.append(models.Q(corp__corporation_id=char.corporation_id))
            if user.has_perm('corputils.view_alliance_corpstats'):
-                queries.append(models.Q(corp__alliance__alliance_id=char.alliance_id))
+                if char.alliance_id is not None:
+                    queries.append(models.Q(corp__alliance__alliance_id=char.alliance_id))
+                else:
+                    queries.append(models.Q(corp__corporation_id=char.corporation_id))
+            if user.has_perm('corputils.view_corp_corpstats'):
+                if user.has_perm('corputils.view_alliance_corpstats'):
+                    pass
+                else:
+                    queries.append(models.Q(corp__corporation_id=char.corporation_id))
            if user.has_perm('corputils.view_state_corpstats'):
                queries.append(models.Q(corp__in=user.profile.state.member_corporations.all()))
                queries.append(models.Q(corp__alliance__in=user.profile.state.member_alliances.all()))
--- a/allianceauth/corputils/models.py
+++ b/allianceauth/corputils/models.py
@@ -12,6 +12,16 @@ from allianceauth.notifications import notify
 from allianceauth.corputils.managers import CorpStatsManager

 SWAGGER_SPEC_PATH = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'swagger.json')
+"""
+Swagger spec operations:
+
+Character
+get_characters_character_id
+get_corporations_corporation_id_members
+Universe
+post_universe_names
+"""
+

 logger = logging.getLogger(__name__)

@@ -40,19 +50,18 @@ class CorpStats(models.Model):
            c = self.token.get_esi_client(spec_file=SWAGGER_SPEC_PATH)
            assert c.Character.get_characters_character_id(character_id=self.token.character_id).result()[
                       'corporation_id'] == int(self.corp.corporation_id)
-            members = c.Corporation.get_corporations_corporation_id_members(
+            member_ids = c.Corporation.get_corporations_corporation_id_members(
                corporation_id=self.corp.corporation_id).result()
-            member_ids = [m['character_id'] for m in members]

            # requesting too many ids per call results in a HTTP400
            # the swagger spec doesn't have a maxItems count
            # manual testing says we can do over 350, but let's not risk it
            member_id_chunks = [member_ids[i:i + 255] for i in range(0, len(member_ids), 255)]
-            member_name_chunks = [c.Character.get_characters_names(character_ids=id_chunk).result() for id_chunk in
+            member_name_chunks = [c.Universe.post_universe_names(ids=id_chunk).result() for id_chunk in
                                  member_id_chunks]
            member_list = {}
            for name_chunk in member_name_chunks:
-                member_list.update({m['character_id']: m['character_name'] for m in name_chunk})
+                member_list.update({m['id']: m['name'] for m in name_chunk})

            # bulk create new member models
            missing_members = [m_id for m_id in member_ids if
@@ -121,8 +130,11 @@ class CorpStats(models.Model):
                                           m.main_character and int(m.main_character.character_id) == int(
                                               m.character_id)])

+    def visible_to(self, user):
+        return CorpStats.objects.filter(pk=self.pk).visible_to(user).exists()
+
    def can_update(self, user):
-        return user.is_superuser or user == self.token.user
+        return self.token.user == user or self.visible_to(user)

    def corp_logo(self, size=128):
        return "https://image.eveonline.com/Corporation/%s_%s.png" % (self.corp.corporation_id, size)
@@ -179,4 +191,4 @@ class CorpMember(models.Model):
        if item.startswith('portrait_url_'):
            size = item.strip('portrait_url_')
            return self.portrait_url(size)
-        return super(CorpMember, self).__getattr__(item)
+        return self.__getattribute__(item)
--- a/allianceauth/corputils/swagger.json
+++ b/allianceauth/corputils/swagger.json
--- a/allianceauth/corputils/tasks.py
+++ b/allianceauth/corputils/tasks.py
@@ -1,5 +1,5 @@
 from celery import shared_task
-from allianceauth.corputils import CorpStats
+from allianceauth.corputils.models import CorpStats


@shared_task
--- a/allianceauth/corputils/templates/corputils/corpstats.html
+++ b/allianceauth/corputils/templates/corputils/corpstats.html
@@ -9,9 +9,9 @@
                    <tr>
                        <td class="text-center col-lg-6
                                {% if corpstats.corp.alliance %}{% else %}col-lg-offset-3{% endif %}"><img
-                                class="ra-avatar" src="{{ corpstats.corp_logo }}"></td>
+                                class="ra-avatar" src="{{ corpstats.corp.logo_url_128 }}"></td>
                        {% if corpstats.corp.alliance %}
-                            <td class="text-center col-lg-6"><img class="ra-avatar" src="{{ corpstats.alliance_logo }}">
+                            <td class="text-center col-lg-6"><img class="ra-avatar" src="{{ corpstats.corp.alliance.logo_url_128 }}">
                            </td>
                        {% endif %}
                    </tr>
@@ -70,6 +70,7 @@
                                                                {% for alt in main.alts %}
                                                                    {% if forloop.first %}
                                                                        <tr>
+                                                                            <th></th>
                                                                            <th class="text-center">{% trans "Character" %}</th>
                                                                            <th class="text-center">{% trans "Corporation" %}</th>
                                                                            <th class="text-center">{% trans "Alliance" %}</th>
@@ -77,10 +78,15 @@
                                                                        </tr>
                                                                    {% endif %}
                                                                    <tr>
-                                                                        <td class="text-center">{{ alt.character_name }}</td>
-                                                                        <td class="text-center">{{ alt.corporation_name }}</td>
-                                                                        <td class="text-center">{{ alt.alliance_name }}</td>
-                                                                        <td class="text-center">
+                                                                        <td class="text-center" style="width:5%">
+                                                                            <div class="thumbnail" style="border: 0 none; box-shadow: none; background: transparent;">
+                                                                                <img src="https://image.eveonline.com/Character/{{ alt.character_id }}_32.jpg" class="img-circle">
+                                                                            </div>
+                                                                        </td>
+                                                                        <td class="text-center" style="width:30%">{{ alt.character_name }}</td>
+                                                                        <td class="text-center" style="width:30%">{{ alt.corporation_name }}</td>
+                                                                        <td class="text-center" style="width:30%">{{ alt.alliance_name }}</td>
+                                                                        <td class="text-center" style="width:5%">
                                                                            <a href="https://zkillboard.com/character/{{ alt.character_id }}/"
                                                                               class="label label-danger" target="_blank">
                                                                                {% trans "Killboard" %}
@@ -175,9 +181,25 @@
 {% endblock %}
 {% block extra_script %}
    $(document).ready(function(){
-        $('#table-mains').DataTable();
-        $('#table-members').DataTable();
-        $('#table-unregistered').DataTable();
+        $('#table-mains').DataTable({
+            "columnDefs": [
+                { "sortable": false, "targets": [1] },
+            ],
+        });
+        $('#table-members').DataTable({
+            "columnDefs": [
+                { "searchable": false, "targets": [0, 2] },
+                { "sortable": false, "targets": [0, 2] },
+            ],
+            "order": [[ 1, "asc" ]],
+        });
+        $('#table-unregistered').DataTable({
+            "columnDefs": [
+                { "searchable": false, "targets": [0, 2] },
+                { "sortable": false, "targets": [0, 2] },
+            ],
+            "order": [[ 1, "asc" ]],
+        });

    });
-{% endblock %}
+{% endblock %}
--- a/allianceauth/corputils/tests.py
+++ b/allianceauth/corputils/tests.py
@@ -85,8 +85,8 @@ class CorpStatsUpdateTestCase(TestCase):
    @mock.patch('esi.clients.SwaggerClient')
    def test_update_add_member(self, SwaggerClient):
        SwaggerClient.from_spec.return_value.Character.get_characters_character_id.return_value.result.return_value = {'corporation_id': 2}
-        SwaggerClient.from_spec.return_value.Corporation.get_corporations_corporation_id_members.return_value.result.return_value = [{'character_id': 1}]
-        SwaggerClient.from_spec.return_value.Character.get_characters_names.return_value.result.return_value = [{'character_id': 1, 'character_name': 'test character'}]
+        SwaggerClient.from_spec.return_value.Corporation.get_corporations_corporation_id_members.return_value.result.return_value = [1]
+        SwaggerClient.from_spec.return_value.Universe.post_universe_names.return_value.result.return_value = [{'id': 1, 'name': 'test character'}]
        self.corpstats.update()
        self.assertTrue(CorpMember.objects.filter(character_id='1', character_name='test character', corpstats=self.corpstats).exists())

@@ -94,8 +94,8 @@ class CorpStatsUpdateTestCase(TestCase):
    def test_update_remove_member(self, SwaggerClient):
        CorpMember.objects.create(character_id='2', character_name='old test character', corpstats=self.corpstats)
        SwaggerClient.from_spec.return_value.Character.get_characters_character_id.return_value.result.return_value = {'corporation_id': 2}
-        SwaggerClient.from_spec.return_value.Corporation.get_corporations_corporation_id_members.return_value.result.return_value = [{'character_id': 1}]
-        SwaggerClient.from_spec.return_value.Character.get_characters_names.return_value.result.return_value = [{'character_id': 1, 'character_name': 'test character'}]
+        SwaggerClient.from_spec.return_value.Corporation.get_corporations_corporation_id_members.return_value.result.return_value = [1]
+        SwaggerClient.from_spec.return_value.Universe.post_universe_names.return_value.result.return_value = [{'id': 1, 'name': 'test character'}]
        self.corpstats.update()
        self.assertFalse(CorpMember.objects.filter(character_id='2', corpstats=self.corpstats).exists())

--- a/allianceauth/corputils/views.py
+++ b/allianceauth/corputils/views.py
@@ -13,11 +13,17 @@ from allianceauth.eveonline.models import EveCharacter, EveCorporationInfo
 from .models import CorpStats

 SWAGGER_SPEC_PATH = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'swagger.json')
+"""
+Swagger spec operations:
+
+get_characters_character_id
+"""


 def access_corpstats_test(user):
    return user.has_perm('corputils.view_corp_corpstats') or user.has_perm(
-        'corputils.view_alliance_corpstats') or user.has_perm('corputils.view_state_corpstats')
+        'corputils.view_alliance_corpstats') or user.has_perm('corputils.view_state_corpstats') or user.has_perm(
+        'corputils.add_corpstats')


@login_required
@@ -62,7 +68,7 @@ def corpstats_view(request, corp_id=None):
        corpstats = get_object_or_404(CorpStats, corp=corp)

    # get available models
-    available = CorpStats.objects.visible_to(request.user)
+    available = CorpStats.objects.visible_to(request.user).order_by('corp__corporation_name')

    # ensure we can see the requested model
    if corpstats and corpstats not in available:
--- a/allianceauth/eveonline/autogroups/apps.py
+++ b/allianceauth/eveonline/autogroups/apps.py
@@ -4,3 +4,6 @@ from django.apps import AppConfig
 class EveAutogroupsConfig(AppConfig):
    name = 'allianceauth.eveonline.autogroups'
    label = 'eve_autogroups'
+
+    def ready(self):
+        import allianceauth.eveonline.autogroups.signals
--- a/allianceauth/eveonline/autogroups/migrations/0001_initial.py
+++ b/allianceauth/eveonline/autogroups/migrations/0001_initial.py
@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-# Generated by Django 1.11.5 on 2017-09-29 14:44
+# Generated by Django 1.11.6 on 2017-12-23 04:30
 from __future__ import unicode_literals

 from django.db import migrations, models
@@ -29,40 +29,31 @@ class Migration(migrations.Migration):
                ('alliance_name_source', models.CharField(choices=[('ticker', 'Ticker'), ('name', 'Full name')], default='name', max_length=20)),
                ('replace_spaces', models.BooleanField(default=False)),
                ('replace_spaces_with', models.CharField(blank=True, default='', help_text='Any spaces in the group name will be replaced with this.', max_length=10)),
-                ('states', models.ManyToManyField(related_name='autogroups', to='authentication.State')),
-            ],
-        ),
-        migrations.CreateModel(
-            name='ManagedGroup',
-            fields=[
-                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
            ],
        ),
        migrations.CreateModel(
            name='ManagedAllianceGroup',
            fields=[
-                ('managedgroup_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='eve_autogroups.ManagedGroup')),
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
                ('alliance', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='eveonline.EveAllianceInfo')),
+                ('config', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='eve_autogroups.AutogroupsConfig')),
+                ('group', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='auth.Group')),
            ],
-            bases=('eve_autogroups.managedgroup',),
+            options={
+                'abstract': False,
+            },
        ),
        migrations.CreateModel(
            name='ManagedCorpGroup',
            fields=[
-                ('managedgroup_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='eve_autogroups.ManagedGroup')),
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('config', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='eve_autogroups.AutogroupsConfig')),
                ('corp', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='eveonline.EveCorporationInfo')),
+                ('group', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='auth.Group')),
            ],
-            bases=('eve_autogroups.managedgroup',),
-        ),
-        migrations.AddField(
-            model_name='managedgroup',
-            name='config',
-            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='eve_autogroups.AutogroupsConfig'),
-        ),
-        migrations.AddField(
-            model_name='managedgroup',
-            name='group',
-            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='auth.Group'),
+            options={
+                'abstract': False,
+            },
        ),
        migrations.AddField(
            model_name='autogroupsconfig',
@@ -74,4 +65,9 @@ class Migration(migrations.Migration):
            name='corp_managed_groups',
            field=models.ManyToManyField(help_text="A list of corporation groups created and maintained by this AutogroupConfig. You should not edit this list unless you know what you're doing.", related_name='corp_managed_config', through='eve_autogroups.ManagedCorpGroup', to='auth.Group'),
        ),
+        migrations.AddField(
+            model_name='autogroupsconfig',
+            name='states',
+            field=models.ManyToManyField(related_name='autogroups', to='authentication.State'),
+        ),
    ]
--- a/allianceauth/eveonline/autogroups/models.py
+++ b/allianceauth/eveonline/autogroups/models.py
@@ -11,7 +11,7 @@ logger = logging.getLogger(__name__)

 def get_users_for_state(state: State):
    return User.objects.select_related('profile').prefetch_related('profile__main_character')\
-            .filter(profile__state__pk=state.pk)
+            .filter(profile__state_id=state.pk)


 class AutogroupsConfigManager(models.Manager):
@@ -39,7 +39,12 @@ class AutogroupsConfigManager(models.Manager):
        if state is None:
            state = user.profile.state
        for config in self.filter(states=state):
-                config.update_group_membership_for_user(user)
+            # grant user new groups for their state
+            config.update_group_membership_for_user(user)
+        for config in self.exclude(states=state):
+            # ensure user does not have groups from previous state
+            config.remove_user_from_alliance_groups(user)
+            config.remove_user_from_corp_groups(user)


 class AutogroupsConfig(models.Model):
@@ -110,21 +115,24 @@ class AutogroupsConfig(models.Model):
        group = None
        try:
            if not self.alliance_groups or not self.user_entitled_to_groups(user):
-                logger.debug('User {} does not have required state'.format(user))
+                logger.debug('User {} does not have required state for alliance group membership'.format(user))
                return
            else:
                alliance = user.profile.main_character.alliance
                if alliance is None:
+                    logger.debug('User {} alliance is None, cannot update group membership'.format(user))
                    return
                group = self.get_alliance_group(alliance)
        except EveAllianceInfo.DoesNotExist:
-            logger.warning('User {} main characters alliance does not exist in the database.'
-                           ' Group membership not updated'.format(user))
+            logger.debug('User {} main characters alliance does not exist in the database. Creating.'.format(user))
+            alliance = EveAllianceInfo.objects.create_alliance(user.profile.main_character.alliance_id)
+            group = self.get_alliance_group(alliance)
        except AttributeError:
            logger.warning('User {} does not have a main character. Group membership not updated'.format(user))
        finally:
-            self.remove_user_from_corp_groups(user, except_group=group)
+            self.remove_user_from_alliance_groups(user, except_group=group)
            if group is not None:
+                logger.debug('Adding user {} to alliance group {}'.format(user, group))
                user.groups.add(group)

    @transaction.atomic
@@ -132,18 +140,20 @@ class AutogroupsConfig(models.Model):
        group = None
        try:
            if not self.corp_groups or not self.user_entitled_to_groups(user):
-                logger.debug('User {} does not have required state'.format(user))
+                logger.debug('User {} does not have required state for corp group membership'.format(user))
            else:
                corp = user.profile.main_character.corporation
                group = self.get_corp_group(corp)
        except EveCorporationInfo.DoesNotExist:
-            logger.warning('User {} main characters corporation does not exist in the database.'
-                           ' Group membership not updated'.format(user))
+            logger.debug('User {} main characters corporation does not exist in the database. Creating.'.format(user))
+            corp = EveCorporationInfo.objects.create_corporation(user.profile.main_character.corporation_id)
+            group = self.get_corp_group(corp)
        except AttributeError:
            logger.warning('User {} does not have a main character. Group membership not updated'.format(user))
        finally:
            self.remove_user_from_corp_groups(user, except_group=group)
            if group is not None:
+                logger.debug('Adding user {} to corp group {}'.format(user, group))
                user.groups.add(group)

    @transaction.atomic
@@ -184,13 +194,15 @@ class AutogroupsConfig(models.Model):
        """
        Deletes ALL managed alliance groups
        """
-        self.alliance_managed_groups.all().delete()
+        for g in self.alliance_managed_groups.all():
+            g.delete()

    def delete_corp_managed_groups(self):
        """
        Deletes ALL managed corp groups
        """
-        self.corp_managed_groups.all().delete()
+        for g in self.corp_managed_groups.all():
+            g.delete()

    def get_alliance_group_name(self, alliance: EveAllianceInfo) -> str:
        if self.alliance_name_source == self.OPT_TICKER:
@@ -225,6 +237,9 @@ class ManagedGroup(models.Model):
    group = models.ForeignKey(Group, on_delete=models.CASCADE)
    config = models.ForeignKey(AutogroupsConfig, on_delete=models.CASCADE)

+    class Meta:
+        abstract = True
+

 class ManagedCorpGroup(ManagedGroup):
    corp = models.ForeignKey(EveCorporationInfo, on_delete=models.CASCADE)
--- a/allianceauth/eveonline/autogroups/signals.py
+++ b/allianceauth/eveonline/autogroups/signals.py
@@ -2,6 +2,7 @@ import logging
 from django.dispatch import receiver
 from django.db.models.signals import pre_save, post_save, pre_delete, m2m_changed
 from allianceauth.authentication.models import UserProfile, State
+from allianceauth.eveonline.models import EveCharacter

 from .models import AutogroupsConfig

@@ -45,9 +46,7 @@ def check_groups_on_profile_update(sender, instance, created, *args, **kwargs):
    """
    Trigger check when main character or state changes.
    """
-    update_fields = kwargs.pop('update_fields', []) or []
-    if 'main_character' in update_fields or 'state' in update_fields:
-        AutogroupsConfig.objects.update_groups_for_user(instance.user)
+    AutogroupsConfig.objects.update_groups_for_user(instance.user)


@receiver(m2m_changed, sender=AutogroupsConfig.states.through)
@@ -64,3 +63,13 @@ def autogroups_states_changed(sender, instance, action, reverse, model, pk_set,
            except State.DoesNotExist:
                # Deleted States handled by the profile state change
                pass
+
+
+@receiver(post_save, sender=EveCharacter)
+def check_groups_on_character_update(sender, instance, created, *args, **kwargs):
+    if not created:
+        try:
+            profile = UserProfile.objects.prefetch_related('user').get(main_character_id=instance.pk)
+            AutogroupsConfig.objects.update_groups_for_user(profile.user)
+        except UserProfile.DoesNotExist:
+            pass
--- a/allianceauth/eveonline/autogroups/tests/init.py
+++ b/allianceauth/eveonline/autogroups/tests/init.py
@@ -1,8 +1,7 @@
 from unittest import mock
 from django.db.models.signals import pre_save, post_save, pre_delete, m2m_changed
 from allianceauth.authentication.models import UserProfile
-from allianceauth.authentication.signals import state_changed
-from allianceauth.eveonline.models import EveCharacter
+from allianceauth.authentication.signals import reassess_on_profile_save
 from .. import signals
 from ..models import AutogroupsConfig

@@ -14,6 +13,7 @@ def patch(target, *args, **kwargs):


 def connect_signals():
+    post_save.connect(receiver=reassess_on_profile_save, sender=UserProfile)
    pre_save.connect(receiver=signals.pre_save_config, sender=AutogroupsConfig)
    pre_delete.connect(receiver=signals.pre_delete_config, sender=AutogroupsConfig)
    post_save.connect(receiver=signals.check_groups_on_profile_update, sender=UserProfile)
@@ -21,6 +21,7 @@ def connect_signals():


 def disconnect_signals():
+    post_save.disconnect(receiver=reassess_on_profile_save, sender=UserProfile)
    pre_save.disconnect(receiver=signals.pre_save_config, sender=AutogroupsConfig)
    pre_delete.disconnect(receiver=signals.pre_delete_config, sender=AutogroupsConfig)
    post_save.disconnect(receiver=signals.check_groups_on_profile_update, sender=UserProfile)
--- a/allianceauth/eveonline/autogroups/tests/test_managers.py
+++ b/allianceauth/eveonline/autogroups/tests/test_managers.py
@@ -7,7 +7,7 @@ from . import patch

 class AutogroupsConfigManagerTestCase(TestCase):

-    def test_update_groups_for_state(self, ):
+    def test_update_groups_for_state(self):
        member = AuthUtils.create_member('test member')
        obj = AutogroupsConfig.objects.create()
        obj.states.add(member.profile.state)
@@ -32,3 +32,23 @@ class AutogroupsConfigManagerTestCase(TestCase):
            self.assertEqual(update_group_membership_for_user.call_count, 1)
            args, kwargs = update_group_membership_for_user.call_args
            self.assertEqual(args[0], member)
+
+    @patch('.models.AutogroupsConfig.update_group_membership_for_user')
+    @patch('.models.AutogroupsConfig.remove_user_from_alliance_groups')
+    @patch('.models.AutogroupsConfig.remove_user_from_corp_groups')
+    def test_update_groups_no_config(self, remove_corp, remove_alliance, update_groups):
+        member = AuthUtils.create_member('test member')
+        obj = AutogroupsConfig.objects.create()
+
+        # Corp and alliance groups should be removed from users if their state has no config
+        AutogroupsConfig.objects.update_groups_for_user(member)
+
+        self.assertFalse(update_groups.called)
+        self.assertTrue(remove_alliance.called)
+        self.assertTrue(remove_corp.called)
+
+        # The normal group assignment should occur if there state has a config
+        obj.states.add(member.profile.state)
+        AutogroupsConfig.objects.update_groups_for_user(member)
+
+        self.assertTrue(update_groups.called)
--- a/allianceauth/eveonline/autogroups/tests/test_models.py
+++ b/allianceauth/eveonline/autogroups/tests/test_models.py
@@ -16,8 +16,6 @@ class AutogroupsConfigTestCase(TestCase):
        # Disconnect signals
        disconnect_signals()

-        self.member = AuthUtils.create_member('test user')
-
        state = AuthUtils.get_member_state()

        self.alliance = EveAllianceInfo.objects.create(
@@ -38,6 +36,8 @@ class AutogroupsConfigTestCase(TestCase):
        state.member_alliances.add(self.alliance)
        state.member_corporations.add(self.corp)

+        self.member = AuthUtils.create_member('test user')
+
    def tearDown(self):
        # Reconnect signals
        connect_signals()
@@ -82,6 +82,7 @@ class AutogroupsConfigTestCase(TestCase):

        # Act
        obj.update_alliance_group_membership(self.member)
+        obj.update_corp_group_membership(self.member)  # check for no side effects

        group = obj.create_alliance_group(self.alliance)
        group_qs = Group.objects.filter(pk=group.pk)
--- a/allianceauth/eveonline/autogroups/tests/test_signals.py
+++ b/allianceauth/eveonline/autogroups/tests/test_signals.py
@@ -1,11 +1,11 @@
 from django.test import TestCase
-from django.contrib.auth.models import Group, User
+from django.contrib.auth.models import User

 from allianceauth.tests.auth_utils import AuthUtils

 from allianceauth.eveonline.models import EveCharacter, EveCorporationInfo, EveAllianceInfo

-from ..models import AutogroupsConfig, ManagedAllianceGroup
+from ..models import AutogroupsConfig

 from . import patch, disconnect_signals, connect_signals

@@ -13,8 +13,6 @@ from . import patch, disconnect_signals, connect_signals
 class SignalsTestCase(TestCase):
    def setUp(self):
        disconnect_signals()
-        self.member = AuthUtils.create_member('test user')
-
        state = AuthUtils.get_member_state()

        self.char = EveCharacter.objects.create(
@@ -27,9 +25,6 @@ class SignalsTestCase(TestCase):
            alliance_name='alliance name',
        )

-        self.member.profile.main_character = self.char
-        self.member.profile.save()
-
        self.alliance = EveAllianceInfo.objects.create(
            alliance_id='3456',
            alliance_name='alliance name',
@@ -47,13 +42,17 @@ class SignalsTestCase(TestCase):

        state.member_alliances.add(self.alliance)
        state.member_corporations.add(self.corp)
+
+        self.member = AuthUtils.create_member('test user')
+        self.member.profile.main_character = self.char
+        self.member.profile.save()
+
        connect_signals()

    @patch('.models.AutogroupsConfigManager.update_groups_for_user')
    def test_check_groups_on_profile_update_state(self, update_groups_for_user):
        # Trigger signal
-        self.member.profile.state = AuthUtils.get_guest_state()
-        self.member.profile.save()
+        self.member.profile.assign_state(state=AuthUtils.get_guest_state())

        self.assertTrue(update_groups_for_user.called)
        self.assertEqual(update_groups_for_user.call_count, 1)
@@ -71,10 +70,10 @@ class SignalsTestCase(TestCase):
            alliance_id='3456',
            alliance_name='alliance name',
        )
+
        # Trigger signal
        self.member.profile.main_character = char
        self.member.profile.save()
-
        self.assertTrue(update_groups_for_user.called)
        self.assertEqual(update_groups_for_user.call_count, 1)
        args, kwargs = update_groups_for_user.call_args
--- a/allianceauth/eveonline/managers.py
+++ b/allianceauth/eveonline/managers.py
@@ -26,6 +26,7 @@ class EveCharacterManager(models.Manager):
            corporation_ticker=character.corp.ticker,
            alliance_id=character.alliance.id,
            alliance_name=character.alliance.name,
+            alliance_ticker=getattr(character.alliance, 'ticker', None),
        )

    def update_character(self, character_id):
--- a/allianceauth/eveonline/migrations/0010_alliance_ticker.py
+++ b/allianceauth/eveonline/migrations/0010_alliance_ticker.py
@@ -0,0 +1,23 @@
+# Generated by Django 2.0.4 on 2018-04-17 20:07
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('eveonline', '0009_on_delete'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='evecharacter',
+            name='alliance_ticker',
+            field=models.CharField(blank=True, default='', max_length=5, null=True),
+        ),
+        migrations.AlterField(
+            model_name='evecharacter',
+            name='corporation_ticker',
+            field=models.CharField(max_length=5),
+        ),
+    ]
--- a/allianceauth/eveonline/models.py
+++ b/allianceauth/eveonline/models.py
@@ -35,6 +35,15 @@ class EveAllianceInfo(models.Model):
    def __str__(self):
        return self.alliance_name

+    def logo_url(self, size=32):
+        return "https://image.eveonline.com/Alliance/%s_%s.png" % (self.alliance_id, size)
+
+    def __getattr__(self, item):
+        if item.startswith('logo_url_'):
+            size = item.strip('logo_url_')
+            return self.logo_url(size)
+        return self.__getattribute__(item)
+

 class EveCorporationInfo(models.Model):
    corporation_id = models.CharField(max_length=254, unique=True)
@@ -60,15 +69,25 @@ class EveCorporationInfo(models.Model):
    def __str__(self):
        return self.corporation_name

+    def logo_url(self, size=32):
+        return "https://image.eveonline.com/Corporation/%s_%s.png" % (self.corporation_id, size)
+
+    def __getattr__(self, item):
+        if item.startswith('logo_url_'):
+            size = item.strip('logo_url_')
+            return self.logo_url(size)
+        return self.__getattribute__(item)
+

 class EveCharacter(models.Model):
    character_id = models.CharField(max_length=254, unique=True)
    character_name = models.CharField(max_length=254, unique=True)
    corporation_id = models.CharField(max_length=254)
    corporation_name = models.CharField(max_length=254)
-    corporation_ticker = models.CharField(max_length=254)
+    corporation_ticker = models.CharField(max_length=5)
    alliance_id = models.CharField(max_length=254, blank=True, null=True, default='')
    alliance_name = models.CharField(max_length=254, blank=True, null=True, default='')
+    alliance_ticker = models.CharField(max_length=5, blank=True, null=True, default='')

    objects = EveCharacterManager()
    provider = EveCharacterProviderManager()
@@ -102,8 +121,18 @@ class EveCharacter(models.Model):
        self.corporation_ticker = character.corp.ticker
        self.alliance_id = character.alliance.id
        self.alliance_name = character.alliance.name
+        self.alliance_ticker = getattr(character.alliance, 'ticker', None)
        self.save()
        return self

    def __str__(self):
        return self.character_name
+
+    def portrait_url(self, size=32):
+        return "https://image.eveonline.com/Character/%s_%s.jpg" % (self.character_id, size)
+
+    def __getattr__(self, item):
+        if item.startswith('portrait_url_'):
+            size = item.strip('portrait_url_')
+            return self.portrait_url(size)
+        return self.__getattribute__(item)
--- a/allianceauth/eveonline/providers.py
+++ b/allianceauth/eveonline/providers.py
@@ -4,6 +4,16 @@ import logging
 import os

 SWAGGER_SPEC_PATH = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'swagger.json')
+"""
+Swagger spec operations:
+
+get_alliances_alliance_id
+get_alliances_alliance_id_corporations
+get_corporations_corporation_id
+get_characters_character_id
+get_universe_types_type_id
+"""
+

 logger = logging.getLogger(__name__)

@@ -81,7 +91,9 @@ class Alliance(Entity):

    @property
    def executor_corp(self):
-        return self.corp(self.executor_corp_id)
+        if self.executor_corp_id:
+            return self.corp(self.executor_corp_id)
+        return Entity(None, None)


 class Character(Entity):
@@ -150,10 +162,10 @@ class EveSwaggerProvider(EveProvider):
            corps = self.client.Alliance.get_alliances_alliance_id_corporations(alliance_id=alliance_id).result()
            model = Alliance(
                id=alliance_id,
-                name=data['alliance_name'],
+                name=data['name'],
                ticker=data['ticker'],
                corp_ids=corps,
-                executor_corp_id=data['executor_corp'],
+                executor_corp_id=data['executor_corporation_id'] if 'executor_corporation_id' in data else None,
            )
            return model
        except HTTPNotFound:
@@ -164,7 +176,7 @@ class EveSwaggerProvider(EveProvider):
            data = self.client.Corporation.get_corporations_corporation_id(corporation_id=corp_id).result()
            model = Corporation(
                id=corp_id,
-                name=data['corporation_name'],
+                name=data['name'],
                ticker=data['ticker'],
                ceo_id=data['ceo_id'],
                members=data['member_count'],
@@ -177,12 +189,11 @@ class EveSwaggerProvider(EveProvider):
    def get_character(self, character_id):
        try:
            data = self.client.Character.get_characters_character_id(character_id=character_id).result()
-            alliance_id = self.adapter.get_corp(data['corporation_id']).alliance_id
            model = Character(
                id=character_id,
                name=data['name'],
                corp_id=data['corporation_id'],
-                alliance_id=alliance_id,
+                alliance_id=data['alliance_id'] if 'alliance_id' in data else None,
            )
            return model
        except (HTTPNotFound, HTTPUnprocessableEntity):
--- a/allianceauth/eveonline/swagger.json
+++ b/allianceauth/eveonline/swagger.json
--- a/allianceauth/fleetactivitytracking/auth_hooks.py
+++ b/allianceauth/fleetactivitytracking/auth_hooks.py
@@ -1,12 +1,12 @@
 from . import urls
-
+from django.utils.translation import ugettext_lazy as _
 from allianceauth import hooks
 from allianceauth.services.hooks import MenuItemHook, UrlHook


@hooks.register('menu_item_hook')
 def register_menu():
-    return MenuItemHook('Fleet Activity Tracking', 'fa fa-users fa-lightbulb-o fa-fw', 'fatlink:view',
+    return MenuItemHook(_('Fleet Activity Tracking'), 'fa fa-users fa-lightbulb-o fa-fw', 'fatlink:view',
                        navactive=['fatlink:'])


--- a/allianceauth/fleetactivitytracking/forms.py
+++ b/allianceauth/fleetactivitytracking/forms.py
@@ -2,11 +2,9 @@
 from django import forms
 from django.utils.translation import ugettext_lazy as _

-from allianceauth.optimer.models import OpTimer
-

 class FatlinkForm(forms.Form):
-    fatname = forms.CharField(label=_('Name of fat-link'), required=True)
+    fleet = forms.CharField(label=_("Fleet Name"), max_length=50)
    duration = forms.IntegerField(label=_("Duration of fat-link"), required=True, initial=30, min_value=1,
-                                  max_value=2147483647)
-    fleet = forms.ModelChoiceField(label=_("Fleet"), queryset=OpTimer.objects.all().order_by('operation_name'))
+                                  max_value=2147483647, help_text=_('minutes'))
+
--- a/allianceauth/fleetactivitytracking/migrations/0001_initial.py
+++ b/allianceauth/fleetactivitytracking/migrations/0001_initial.py
@@ -2,12 +2,10 @@
 # Generated by Django 1.10.1 on 2016-09-05 21:39
 from __future__ import unicode_literals

-import datetime
-
 import django.db.models.deletion
 from django.conf import settings
 from django.db import migrations, models
-from django.utils.timezone import utc
+from django.utils import timezone

 import allianceauth.fleetactivitytracking.models

@@ -36,9 +34,9 @@ class Migration(migrations.Migration):
            name='Fatlink',
            fields=[
                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
-                ('fatdatetime', models.DateTimeField(default=datetime.datetime(2016, 9, 5, 21, 39, 17, 307954, tzinfo=utc))),
+                ('fatdatetime', models.DateTimeField(default=timezone.now)),
                ('duration', models.PositiveIntegerField()),
-                ('fleet', models.CharField(default=b'', max_length=254)),
+                ('fleet', models.CharField(default='', max_length=254)),
                ('name', models.CharField(max_length=254)),
                ('hash', models.CharField(max_length=254, unique=True)),
                ('creator', models.ForeignKey(on_delete=models.SET(
--- a/allianceauth/fleetactivitytracking/migrations/0005_remove_fat_name.py
+++ b/allianceauth/fleetactivitytracking/migrations/0005_remove_fat_name.py
@@ -0,0 +1,22 @@
+# Generated by Django 2.0.2 on 2018-02-28 18:00
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('fleetactivitytracking', '0004_make_strings_more_stringy'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='fatlink',
+            name='name',
+        ),
+        migrations.AlterField(
+            model_name='fatlink',
+            name='fleet',
+            field=models.CharField(max_length=254),
+        ),
+    ]
--- a/allianceauth/fleetactivitytracking/migrations/0006_auto_20180803_0430.py
+++ b/allianceauth/fleetactivitytracking/migrations/0006_auto_20180803_0430.py
@@ -0,0 +1,18 @@
+# Generated by Django 2.0.6 on 2018-08-03 04:30
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('fleetactivitytracking', '0005_remove_fat_name'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='fat',
+            name='shiptype',
+            field=models.CharField(max_length=100),
+        ),
+    ]
--- a/allianceauth/fleetactivitytracking/models.py
+++ b/allianceauth/fleetactivitytracking/models.py
@@ -12,20 +12,19 @@ def get_sentinel_user():
 class Fatlink(models.Model):
    fatdatetime = models.DateTimeField(default=timezone.now)
    duration = models.PositiveIntegerField()
-    fleet = models.CharField(max_length=254, default="")
-    name = models.CharField(max_length=254)
+    fleet = models.CharField(max_length=254)
    hash = models.CharField(max_length=254, unique=True)
    creator = models.ForeignKey(User, on_delete=models.SET(get_sentinel_user))

    def __str__(self):
-        return self.name
+        return self.fleet


 class Fat(models.Model):
    character = models.ForeignKey(EveCharacter, on_delete=models.CASCADE)
    fatlink = models.ForeignKey(Fatlink, on_delete=models.CASCADE)
    system = models.CharField(max_length=30)
-    shiptype = models.CharField(max_length=30)
+    shiptype = models.CharField(max_length=100)
    station = models.CharField(max_length=125)
    user = models.ForeignKey(User, on_delete=models.CASCADE)

--- a/allianceauth/fleetactivitytracking/swagger.json
+++ b/allianceauth/fleetactivitytracking/swagger.json
--- a/allianceauth/fleetactivitytracking/templates/fleetactivitytracking/characternotexisting.html
+++ b/allianceauth/fleetactivitytracking/templates/fleetactivitytracking/characternotexisting.html
@@ -16,7 +16,7 @@
                        </div>
                        <div class="col-lg-10 col-sm-2">
                            <div class="alert alert-danger" role="alert">{% trans "Character not registered!" %}</div>
-                            {% trans "This character is not part of any registered API-key. You must go to" %} <a href=" {% url 'auth_api_key_management' %}">{% trans "API key management</a> and add an API with the character on before being able to click fleet attendance links." %}
+                            {% trans "This character is not associated with an auth account." %} <a href=" {% url 'authentication:add_character' %}">{% trans "Add it here" %}</a> {% trans "before attempting to click fleet attendance links." %}
                        </div>
                    </div>
                </div>
--- a/allianceauth/fleetactivitytracking/templates/fleetactivitytracking/fatlinkpersonalmonthlystatisticsview.html
+++ b/allianceauth/fleetactivitytracking/templates/fleetactivitytracking/fatlinkpersonalmonthlystatisticsview.html
@@ -10,12 +10,12 @@
        <h1 class="page-header text-center">{% blocktrans %}Participation data statistics for {{ month }}, {{ year }}{% endblocktrans %}
            {% if char_id %}
            <div class="text-right">
-                <a href="{% url 'fatlink:user_statistics_month' char_id previous_month|date:"Y" previous_month|date:"m" %}" class="btn btn-info">{% trans "Previous month" %}</a>
-                <a href="{% url 'fatlink:user_statistics_month' char_id next_month|date:"Y" next_month|date:"m"  %}" class="btn btn-info">{% trans "Next month" %}</a>
+                <a href="{% url 'fatlink:user_statistics_month' char_id previous_month|date:'Y' previous_month|date:'m' %}" class="btn btn-info">{% trans "Previous month" %}</a>
+                <a href="{% url 'fatlink:user_statistics_month' char_id next_month|date:'Y' next_month|date:'m'  %}" class="btn btn-info">{% trans "Next month" %}</a>
            </div>
            {% endif %}
        </h1>
-        <h2>{% blocktrans %}{{ user }} has collected {{ n_fats }} links this month.{% endblocktrans %}</h2>
+        <h2>{% blocktrans %}{{ user }} has collected {{ n_fats }} link{{ n_fats|pluralize }} this month.{% endblocktrans %}</h2>
        <table class="table table-responsive">
            <tr>
                <th class="col-md-2 text-center">{% trans "Ship" %}</th>
@@ -29,26 +29,24 @@
            {% endfor %}
        </table>
        {%  if created_fats %}
-         <h2>{% blocktrans %}{{ user }} has created {{ n_created_fats }} links this month.{% endblocktrans %}</h2>
+         <h2>{% blocktrans %}{{ user }} has created {{ n_created_fats }} link{{ n_created_fats|pluralize }} this month.{% endblocktrans %}</h2>
        {% if created_fats %}
        <table class="table">
            <tr>
-                <th class="text-center">{% trans "Name" %}</th>
-                <th class="text-center">{% trans "Creator" %}</th>
                <th class="text-center">{% trans "Fleet" %}</th>
+                <th class="text-center">{% trans "Creator" %}</th>
                <th class="text-center">{% trans "Eve Time" %}</th>
                <th class="text-center">{% trans "Duration" %}</th>
                <th class="text-center">{% trans "Edit" %}</th>
            </tr>
            {% for link in created_fats %}
            <tr>
-                <td class="text-center"><a href="{%  url 'auth_click_fatlink_view' %}{{ link.hash }}/{{ link.name }}">{{ link.name }}</a></td>
+                <td class="text-center"><a href="{%  url 'fatlink:click' link.hash %}" class="label label-primary">{{ link.fleet }}</a></td>
                <td class="text-center">{{ link.creator.username }}</td>
-                <td class="text-center">{{ link.fleet }}</td>
                <td class="text-center">{{ link.fatdatetime }}</td>
                <td class="text-center">{{ link.duration }}</td>
                <td class="text-center">
-                    <a href="{%  url 'auth_modify_fatlink_view' %}{{ link.hash }}/{{ link.name }}">
+                    <a href="{%  url 'fatlink:modify' link.hash %}">
                        <button type="button" class="btn btn-info"><span
                                class="glyphicon glyphicon-edit"></span></button>
                    </a>
--- a/allianceauth/fleetactivitytracking/templates/fleetactivitytracking/fatlinkview.html
+++ b/allianceauth/fleetactivitytracking/templates/fleetactivitytracking/fatlinkview.html
@@ -24,7 +24,7 @@
        {% if fats %}
        <table class="table table-responsive">
            <tr>
-                <th class="text-center">{% trans "fatname" %}</th>
+                <th class="text-center">{% trans "Fleet" %}</th>
                <th class="text-center">{% trans "Character" %}</th>
                <th class="text-center">{% trans "System" %}</th>
                <th class="text-center">{% trans "Ship" %}</th>
@@ -32,7 +32,7 @@
            </tr>
            {% for fat in fats %}
            <tr>
-                <td class="text-center">{{ fat.fatlink.name }}</td>
+                <td class="text-center">{{ fat.fatlink.fleet }}</td>
                <td class="text-center">{{ fat.character.character_name }}</td>
                {%  if fat.station != "No Station" %}
                <td class="text-center">{% blocktrans %}Docked in {% endblocktrans %}{{ fat.system }}</td>
@@ -79,13 +79,13 @@
            </tr>
            {% for link in fatlinks %}
            <tr>
-                <td class="text-center"><a href="{%  url 'fatlink:click_fatlink' %}{{ link.hash }}/{{ link.name }}">{{ link.name }}</a></td>
+                <td class="text-center"><a href="{%  url 'fatlink:click' link.hash %}" class="label label-primary">{{ link.fleet }}</a></td>
                <td class="text-center">{{ link.creator.username }}</td>
                <td class="text-center">{{ link.fleet }}</td>
                <td class="text-center">{{ link.fatdatetime }}</td>
                <td class="text-center">{{ link.duration }}</td>
                <td class="text-center">
-                    <a href="{%  url 'fatlink:modify' %}{{ link.hash }}/{{ link.name }}" class="btn btn-info">
+                    <a href="{%  url 'fatlink:modify' link.hash %}" class="btn btn-info">
                        <span class="glyphicon glyphicon-edit"></span>
                    </a>
                </td>
--- a/allianceauth/fleetactivitytracking/urls.py
+++ b/allianceauth/fleetactivitytracking/urls.py
@@ -25,10 +25,6 @@ urlpatterns = [
        views.fatlink_monthly_personal_statistics_view,
        name='user_statistics_month'),
    url(r'^create/$', views.create_fatlink_view, name='create'),
-    url(r'^modify/$', views.modify_fatlink_view, name='modify'),
-    url(r'^modify/(?P<hash>[a-zA-Z0-9_-]+)/([a-z0-9_-]+)$',
-        views.modify_fatlink_view),
-    url(r'^link/$', views.fatlink_view, name='click_fatlink'),
-    url(r'^link/(?P<hash>[a-zA-Z0-9]+)/(?P<fatname>[a-z0-9_-]+)/$',
-        views.click_fatlink_view),
+    url(r'^modify/(?P<fat_hash>[a-zA-Z0-9_-]+)/$', views.modify_fatlink_view, name='modify'),
+    url(r'^link/(?P<fat_hash>[a-zA-Z0-9]+)/$', views.click_fatlink_view, name='click'),
 ]
--- a/allianceauth/fleetactivitytracking/views.py
+++ b/allianceauth/fleetactivitytracking/views.py
@@ -1,8 +1,6 @@
 import datetime
 import logging
 import os
-import random
-import string

 from allianceauth.authentication.models import CharacterOwnership
 from django.contrib import messages
@@ -17,13 +15,23 @@ from esi.decorators import token_required
 from allianceauth.eveonline.providers import provider
 from .forms import FatlinkForm
 from .models import Fatlink, Fat
-from slugify import slugify
+from django.utils.crypto import get_random_string

 from allianceauth.eveonline.models import EveAllianceInfo
 from allianceauth.eveonline.models import EveCharacter
 from allianceauth.eveonline.models import EveCorporationInfo

 SWAGGER_SPEC_PATH = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'swagger.json')
+"""
+Swagger spec operations:
+
+get_characters_character_id_location
+get_characters_character_id_ship
+get_universe_systems_system_id
+get_universe_stations_station_id
+get_universe_structures_structure_id
+"""
+

 logger = logging.getLogger(__name__)

@@ -114,7 +122,7 @@ def fatlink_statistics_corp_view(request, corpid, year=None, month=None):
    start_of_next_month = first_day_of_next_month(year, month)
    start_of_previous_month = first_day_of_previous_month(year, month)
    fat_stats = {}
-    corp_members = CharacterOwnership.objects.filter(character__corporation_id=corpid).values('user_id').distinct()
+    corp_members = CharacterOwnership.objects.filter(character__corporation_id=corpid).order_by('user_id').values('user_id').distinct()

    for member in corp_members:
        try:
@@ -181,7 +189,7 @@ def fatlink_personal_statistics_view(request, year=datetime.date.today().year):

    personal_fats = Fat.objects.select_related('fatlink').filter(user=user).order_by('id')

-    monthlystats = [0 for month in range(1, 13)]
+    monthlystats = [0 for i in range(1, 13)]

    for fat in personal_fats:
        fatdate = fat.fatlink.fatdatetime
@@ -236,8 +244,8 @@ def fatlink_monthly_personal_statistics_view(request, year, month, char_id=None)
@login_required
@token_required(
    scopes=['esi-location.read_location.v1', 'esi-location.read_ship_type.v1', 'esi-universe.read_structures.v1'])
-def click_fatlink_view(request, token, hash, fatname):
-    fatlink = get_object_or_404(Fatlink, hash=hash, name=fatname)
+def click_fatlink_view(request, token, fat_hash=None):
+    fatlink = get_object_or_404(Fatlink, hash=fat_hash)

    if (timezone.now() - fatlink.fatdatetime) < datetime.timedelta(seconds=(fatlink.duration * 60)):

@@ -298,12 +306,11 @@ def create_fatlink_view(request):
            logger.debug("Submitting fleetactivitytracking by user %s" % request.user)
            if form.is_valid():
                fatlink = Fatlink()
-                fatlink.name = slugify(form.cleaned_data["fatname"])
                fatlink.fleet = form.cleaned_data["fleet"]
                fatlink.duration = form.cleaned_data["duration"]
                fatlink.fatdatetime = timezone.now()
                fatlink.creator = request.user
-                fatlink.hash = ''.join(random.choice(string.ascii_letters + string.digits) for i in range(10))
+                fatlink.hash = get_random_string(length=15)
                try:
                    fatlink.full_clean()
                    fatlink.save()
@@ -331,25 +338,19 @@ def create_fatlink_view(request):

@login_required
@permission_required('auth.fleetactivitytracking')
-def modify_fatlink_view(request, hash=""):
+def modify_fatlink_view(request, fat_hash=None):
    logger.debug("modify_fatlink_view called by user %s" % request.user)
-    if not hash:
-        return redirect('fatlink:view')
-
-    try:
-        fatlink = Fatlink.objects.get(hash=hash)
-    except Fatlink.DoesNotExist:
-        raise Http404
+    fatlink = get_object_or_404(Fatlink, hash=fat_hash)

    if request.GET.get('removechar', None):
        character_id = request.GET.get('removechar')
        character = EveCharacter.objects.get(character_id=character_id)
-        logger.debug("Removing character %s from fleetactivitytracking  %s" % (character.character_name, fatlink.name))
+        logger.debug("Removing character %s from fleetactivitytracking  %s" % (character.character_name, fatlink))

        Fat.objects.filter(fatlink=fatlink).filter(character=character).delete()

    if request.GET.get('deletefat', None):
-        logger.debug("Removing fleetactivitytracking  %s" % fatlink.name)
+        logger.debug("Removing fleetactivitytracking  %s" % fatlink)
        fatlink.delete()
        return redirect('fatlink:view')

--- a/allianceauth/fleetup/templates/fleetup/characters.html
+++ b/allianceauth/fleetup/templates/fleetup/characters.html
@@ -15,7 +15,7 @@
        </div>
            <div class="panel-body">
                <div class="col-lg-6">
-                    <div class="table-responsive">   
+                    <div class="table-responsive">
                    <table class="table table-condensed table-hover table-striped">
                        <tr>
                            <th class="col-md-1"></th>
@@ -26,7 +26,7 @@
                        {% for char_name, user_id in member_list %}
                        <tr>
                            <td>
-                                <img src="http://image.eveonline.com/Character/{{ user_id.char_id }}_32.jpg" class="img-circle">
+                                <img src="https://imageserver.eveonline.com/Character/{{ user_id.char_id }}_32.jpg" class="img-circle">
                            </td>
                            <td>
                                <p>{{ user_id.char_name }}</p>
--- a/allianceauth/fleetup/templates/fleetup/doctrine.html
+++ b/allianceauth/fleetup/templates/fleetup/doctrine.html
@@ -8,12 +8,12 @@
 {% block content %}
 <div class="col-lg-12">
    {% include "fleetup/menu.html" %}
-    <div class="panel">
+    <div>
        {% for a, j in doctrine.items %}
        {% regroup j.Data|dictsort:"Role" by Role as role_list %}

            {% for Role in role_list %}
-            
+
            <div class="panel panel-default">
                        <div class="panel-heading">
                            <h3 class="panel-title"><b>{{ Role.grouper }}</b></h3>
@@ -50,7 +50,7 @@
                                        {% load humanize %}{{ item.EstPrice|intword }}
                                    </td>
                                    <td>
-                                        {% for categories in item.Categories %} 
+                                        {% for categories in item.Categories %}
                                        {{ categories }},
                                        {% endfor %}
                                    </td>
--- a/allianceauth/fleetup/templates/fleetup/doctrinesview.html
+++ b/allianceauth/fleetup/templates/fleetup/doctrinesview.html
@@ -8,12 +8,12 @@
 {% block content %}
 <div class="col-lg-12">
    {% include "fleetup/menu.html" %}
-    <div class="panel">
+    <div>
        {% if doctrines_list %}
        {% for a, j in doctrines_list.items %}
        {% regroup j|dictsort:"FolderName" by FolderName as folder_list %}
            {% for FolderName in folder_list %}
-            <div class="col-lg-8">
+            <div>
            <div class="panel panel-default">
                        <div class="panel-heading">
                            <h3 class="panel-title"><b>{{ FolderName.grouper }}</b></h3>
@@ -29,11 +29,11 @@
                                    <th class="col-lg-2">Note</th>-->
                                </tr>
                                {% for item in FolderName.list %}
-                
+
                                <tr>
                                    <td>
                                    <a href="{% url 'fleetup:doctrine' item.DoctrineId %}"><img src="https://image.eveonline.com/InventoryType/{{ item.IconId }}_32.png"></a>
-                                    </td> 
+                                    </td>
                                    <td>
                                    {{ item.Name }}
                                    </td>
--- a/allianceauth/fleetup/templates/fleetup/fitting.html
+++ b/allianceauth/fleetup/templates/fleetup/fitting.html
@@ -8,9 +8,9 @@
 {% block content %}
 <div class="col-lg-12">
    {% include "fleetup/menu.html" %}
-    <div class="tab-content">
+    <div class="tab-content row">
        <div id="fit" class="tab-pane fade in active">
-            <div class="col-lg-3">
+            <div class="col-lg-4">
                {% for x, y in fitting_data.items %}
                <div class="panel panel-default">
                    <div class="panel-heading">
@@ -18,22 +18,24 @@
                    </div>
                    <div class="panel-body">
                        {% for doctrin in y.Doctrines %}
-                        <h4>{{ doctrin.Name }}</h4>
-                        <div class="col-lg-12">
-                            <p>{% trans "Role in doctrine:" %} {{ doctrin.Role }}</p>
-                        </div>
-                        <div class="col-lg-4">
-                            <p>{% trans "Priority:" %}</p>
-                        </div>
-                        <div class="col-lg-8">
-                            <div class="progress">
-                                <div class="progress-bar progress-bar-striped" role="progressbar" aria-valuenow="{{ doctrin.Priority }}" aria-valuemin="0" aria-valuemax="5" style="width: {% widthratio doctrin.Priority 5 100 %}%;">
-                                    {{ doctrin.Priority }}/5
+                        <div class="clearfix">
+                            <h4>{{ doctrin.Name }}</h4>
+                            <div class="col-lg-12">
+                                <p>{% trans "Role in doctrine:" %} {{ doctrin.Role }}</p>
+                            </div>
+                            <div class="col-lg-4">
+                                <p>{% trans "Priority:" %}</p>
+                            </div>
+                            <div class="col-lg-8">
+                                <div class="progress">
+                                    <div class="progress-bar progress-bar-striped" role="progressbar" aria-valuenow="{{ doctrin.Priority }}" aria-valuemin="0" aria-valuemax="5" style="width: {% widthratio doctrin.Priority 5 100 %}%;">
+                                        {{ doctrin.Priority }}/5
+                                    </div>
                                </div>
                            </div>
-                        </div>
-                        <div class="pull-right">
-                            <a class="btn btn-primary" href="{% url 'fleetup:doctrine' doctrin.DoctrineId %}">{% trans "See doctrine" %}</a>
+                            <div class="pull-right">
+                                <a class="btn btn-primary" href="{% url 'fleetup:doctrine' doctrin.DoctrineId %}">{% trans "See doctrine" %}</a>
+                            </div>
                        </div>
                        {% endfor %}
                    </div>
@@ -56,10 +58,10 @@
                        <div class="panel-body">
                            <div class="list-group">
                            {% for arbit, orbit in doctrines_list.items %}
-                              
+
                                {% for fitting in orbit.Data %}
                                <a href="{% url 'fleetup:fitting' fitting.FittingId %}" class="list-group-item">
-                                
+
                                <h4 class="list-group-item-heading">{{ fitting.Name }}<span class="pull-right"><img src="https://image.eveonline.com/InventoryType/{{ fitting.EveTypeId }}_32.png" class="img-circle"></span></h4>
                                <p class="list-group-item-heading">{{ fitting.Role }} - {{ fitting.ShipType }}</p>
                                </a>
@@ -107,8 +109,8 @@
                        {% endfor %}
                </div>
            </div>
-            
-            <div class="col-lg-3">
+
+            <div class="col-lg-4">
                <div class="panel panel-default">
                    <div class="panel-heading">
                        <h3 class="panel-title">{% trans "EFT/Export" %}</h3>
--- a/allianceauth/fleetup/templates/fleetup/fittingsview.html
+++ b/allianceauth/fleetup/templates/fleetup/fittingsview.html
@@ -20,11 +20,11 @@
                <th class="col-md-2">{% trans "Categories" %}</th>
            </tr>
        {% for id, fittings in fitting_list %}
-            
+
            <tr>
                <td>
                    <a href="{% url 'fleetup:fitting' fittings.fitting_id %}"><img src="https://image.eveonline.com/InventoryType/{{ fittings.icon_id }}_32.png"></a>
-                </td> 
+                </td>
                <td>
                    {{ fittings.name }}
                </td>
@@ -38,12 +38,12 @@
                     {% load humanize %}{{ fittings.estimated|intword }}
                </td>
                <td>
-                {% for categories in fittings.categories %} 
+                {% for categories in fittings.categories %}
                    {{ categories }},
                {% endfor %}
                </td>
            </tr>
-         
+
        {% endfor %}
        </table>
        {% else %}
--- a/allianceauth/fleetup/templates/fleetup/index.html
+++ b/allianceauth/fleetup/templates/fleetup/index.html
@@ -1,256 +1,254 @@
-{% extends "allianceauth/base.html" %}
-{% load bootstrap %}
-{% load staticfiles %}
-{% load i18n %}
-
-{% block page_title %}FleetUp{% endblock page_title %}
-
-{% block content %}
-<div class="col-lg-12">
-{% include "fleetup/menu.html" %}
-<div class="panel">
-    <ul class="nav nav-tabs">
-        <li class="active"><a data-toggle="tab" href="#operations">{% trans "Operations" %}</a></li>
-        <li><a data-toggle="tab" href="#timers">{% trans "Timers" %}</a></li>
-    </ul>
-
-    <div class="tab-content">
-        <div id="operations" class="tab-pane fade in active">
-            <div class="col-lg-7">
-                {% if operations_list %}
-                {% for subject, start in operations_list %}
-                    <div class="panel panel-default">
-                        <div class="panel-heading">
-                            <h3 class="panel-title"><b>{{ start.subject }}</b></h3>
-                        </div>
-                        <div class="panel-body">
-                            <table class="table table-condensed">
-                                <tr>
-                                    <th class="col-md-6">{% trans "Start" %}</th>
-                                    <th class="col-md-6">{% trans "End" %}</th>
-                                </tr>
-                                <tr>
-                                    <td class="col-md-6">{{ start.start|date:"l d M H:i" }} <span class="label label-success">{% trans "Eve Time" %}</span></td>
-                                    
-                                    <td class="col-md-6">{{ start.end|date:"l d M H:i" }} <span class="label label-success">{% trans "Eve Time" %}</span></td>
-                                </tr>
-                                <tr>
-                                    <td class="col-md-6">
-                                        <span id="localtime{{ start.operation_id }}"></span>&nbsp;<span class='label label-success'>Local time</span><br>
-                                        <div id="countdown{{ start.operation_id }}"></div>
-                                    </td>
-                                    
-                                    <td class="col-md-6"></td>
-                                </tr>
-                            </table> 
-                            <p>{{ start.details }}</p>
-                            
-                            <div class="col-lg-12">
-                            <table class="table table-condensed table-striped">
-                                <tr>
-                                    <th class="col-md-4">{% trans "Location" %}</th>
-                                    <th class="col-md-4">{% trans "Doctrine" %}</th>
-                                    <th class="col-md-2">{% trans "Organizer" %}</th>
-                                    <th class="col-md-2">{% trans "URL" %}</th>
-                                </tr>
-                                <tr>
-                                    <td>
-                                        {{ start.location }} - {{ start.location_info }} <a href="http://evemaps.dotlan.net/system/{{ start.location }}" target="_blank" class="label label-success">Dotlan</a>
-                                    </td>
-                                    <td>
-                                        {% if start.doctrine %}
-                                        {% for doctrine in start.doctrine %}
-                                            
-                                            <a href="{% url 'fleetup:doctrine' doctrine.Id %}" class="label label-success">{{ doctrine.Name }}</a>
-                                            
-                                        {% endfor %}
-                                            
-                                        {% else %}
-                                        <span class="label label-danger">{% trans "TBA" %}</span>
-                                        {% endif %}
-                                    </td>
-                                    <td>
-                                        {{ start.organizer }}
-                                    </td>
-                                    <td>
-                                        {% ifequal start.url "" %}
-                                        <div class="label label-danger">{% trans "No link" %}</div>
-                                        {% else %}
-                                        <a href="{{ start.url }}" target="_blank" class="label label-success">{% trans "External link" %}</a>
-                                        {% endifequal %}
-                                    </td>
-                                </tr>
-                            </table>
-                            </div>
-                        </div>
-                    </div>
-                {% endfor %}
-                {% else %}
-            <h3>{% trans "There seems to be no Operations in the near future." %}</h3>
-            {% endif %}
-            </div>
-            <div class="col-lg-3">
-                <div class="panel panel-default">
-                    <div class="panel-heading">
-                        <h2 class="panel-title">{% trans "Current Eve Time:" %}</h2>
-                    </div>
-                    <div class="panel-body">
-                        <div id="current-time"></div>
-                    </div>
-                </div>
-                {% if timers_list %}
-                <div class="panel panel-default">
-                    <div class="panel-heading">
-                        <h2 class="panel-title">{% trans "Timers" %}</h2>
-                    </div>
-                    <div class="panel-body">
-                        <table class="table table-condensed table-hover table-striped">
-                        {% for notes, type in timers_list %}
-                        <tr>
-                        <td>
-                            {{ type.solarsystem }}
-                        </td>
-                            <td>
-                            {{ type.expires|date:"l d M H:i" }}
-                            </td>
-                        </tr>
-                        {% endfor %}
-                        </table>
-                    </div>
-                </div>
-                {% endif %}
-            </div>
-        </div>
-        <div id="timers" class="tab-pane fade in">
-            <div class="col-lg-12">
-                {% if timers_list %}
-                <div class="panel panel-default">
-                    <div class="panel-heading">
-                        <h2 class="panel-title">{% trans "Timers" %}</h2>
-                    </div>
-                    <div class="panel-body">
-                        <div class="col-lg-12">
-                        <table class="table table-condensed table-hover table-striped">
-                        <tr>
-                            <th class="col-lg-1">{% trans "Type" %}</th>
-                            <th class="col-lg-1">{% trans "Structure" %}</th>
-                            <th class="col-lg-2">{% trans "Location" %}</th>
-                            <th class="col-lg-2">{% trans "Expires(EVE-time)" %}</th>
-                            <th class="col-lg-1">{% trans "Owner" %}</th>
-                            <th class="col-lg-2">{% trans "Note" %}</th>
-                        </tr>
-                        {% for notes, type in timers_list %}
-                        <tr>
-                        <td>
-                            {% ifequal type.type "Final" %}
-                                        <span class="label label-danger">
-                            {{ type.type }}</span>{% else %}{{ type.type }}{% endifequal %}
-                        </td>
-                        <td>
-                            {{ type.timer_type }}
-                        </td>
-                        <td>
-                            {{ type.solarsystem }} - Planet:{{ type.planet }} Moon:{{ type.moon }}
-                        </td>
-                        <td>
-                            {{ type.expires|date:"l d M H:i" }}
-                        </td>
-                        <td>
-                            {{ type.owner }}
-                        </td>
-                        <td>            
-                            {{ type.notes }}
-                        </td>
-                        </tr>
-                        {% endfor %}
-                        </table>
-                        </div>
-                    </div>
-                </div>
-                {% else %}
-            <h3>{% trans "There seems to be no Timers in the near future." %}</h3>
-            {% endif %}
-            </div>
-        </div>
-    </div>
-
-</div>
-</div>
-{% include 'bundles/moment-js.html' with locale=True %}
-<script src="{% static 'js/timers.js' %}"></script>
-<script type="text/javascript">
-    // Data
-    var timers = [
-    {% for start, op in operations_list %}
-        {
-            'id': {{ op.operation_id }},
-            'start': moment("{{ op.start | date:"c" }}"),
-            'end': moment("{{ op.end | date:"c" }}"),
-            'expired': false
-        },
-    {% endfor %}
-    ]
-</script>
-<script type="text/javascript">
-
-    timedUpdate();
-    setAllLocalTimes();
-
-    // Start timed updates
-    setInterval(timedUpdate, 1000);
-
-    function timedUpdate() {
-        updateClock();
-        updateAllTimers();
-    }
-
-    function updateAllTimers () {
-        var l = timers.length;
-        for (var i=0; i < l; ++i) {
-            if (timers[i].expired) continue;
-            updateTimer(timers[i]);
-        }
-    }
-
-    /**
-     * Update a timer
-     * @param timer Timer information
-     * @param timer.start Date of the timer
-     * @param timer.id Id number of the timer
-     * @param timer.expired
-     */
-    function updateTimer(timer) {
-        if (timer.start.isAfter(Date.now())) {
-            var duration = moment.duration(timer.start - moment(), 'milliseconds');
-            document.getElementById("countdown" + timer.id).innerHTML = getDurationString(duration);
-        } else {
-            timer.expired = true;
-            document.getElementById("countdown" + timer.id).innerHTML = "";
-        }
-    }
-
-    /**
-     * Set all local time fields
-     */
-    function setAllLocalTimes() {
-        var l = timers.length;
-        for (var i=0; i < l; ++i) {
-            setLocalTime(timers[i]);
-        }
-    }
-
-    /**
-     * Set the local time info for the timer
-     * @param timer Timer information
-     * @param timer.start Date of the timer
-     * @param timer.id Id number of the timer
-     */
-    function setLocalTime(timer) {
-        document.getElementById("localtime" + timer.id).innerHTML = timer.start.format("ddd @ LT");
-    }
-
-    function updateClock() {
-        document.getElementById("current-time").innerHTML = "<b>" + moment.utc().format('ddd, ll HH:mm:ss z') + "</b>";
-    }
-</script>
-{% endblock content %}
+{% extends "allianceauth/base.html" %}
+{% load bootstrap %}
+{% load staticfiles %}
+{% load i18n %}
+
+{% block page_title %}FleetUp{% endblock page_title %}
+
+{% block content %}
+<div class="col-lg-12">
+{% include "fleetup/menu.html" %}
+<div>
+    <ul class="nav nav-tabs">
+        <li class="active"><a data-toggle="tab" href="#operations">{% trans "Operations" %}</a></li>
+        <li><a data-toggle="tab" href="#timers">{% trans "Timers" %}</a></li>
+    </ul>
+
+    <div class="tab-content row">
+        <div id="operations" class="tab-pane fade in active">
+            <div class="col-lg-8">
+                {% if operations_list %}
+                {% for subject, start in operations_list %}
+                    <div class="panel panel-default">
+                        <div class="panel-heading">
+                            <h3 class="panel-title"><b>{{ start.subject }}</b></h3>
+                        </div>
+                        <div class="panel-body">
+                            <table class="table table-condensed">
+                                <tr>
+                                    <th class="col-md-6">{% trans "Start" %}</th>
+                                    <th class="col-md-6">{% trans "End" %}</th>
+                                </tr>
+                                <tr>
+                                    <td class="col-md-6">{{ start.start|date:"l d M H:i" }} <span class="label label-success">{% trans "Eve Time" %}</span></td>
+
+                                    <td class="col-md-6">{{ start.end|date:"l d M H:i" }} <span class="label label-success">{% trans "Eve Time" %}</span></td>
+                                </tr>
+                                <tr>
+                                    <td class="col-md-6">
+                                        <span id="localtime{{ start.operation_id }}"></span>&nbsp;<span class='label label-success'>Local time</span><br>
+                                        <div id="countdown{{ start.operation_id }}"></div>
+                                    </td>
+
+                                    <td class="col-md-6"></td>
+                                </tr>
+                            </table>
+                            {{ start.details|linebreaks }}
+
+                            <table class="table table-condensed table-striped">
+                                <tr>
+                                    <th class="col-md-4">{% trans "Location" %}</th>
+                                    <th class="col-md-4">{% trans "Doctrine" %}</th>
+                                    <th class="col-md-2">{% trans "Organizer" %}</th>
+                                    <th class="col-md-2">{% trans "URL" %}</th>
+                                </tr>
+                                <tr>
+                                    <td>
+                                        {{ start.location }} - {{ start.location_info }} <a href="http://evemaps.dotlan.net/system/{{ start.location }}" target="_blank" class="label label-success">Dotlan</a>
+                                    </td>
+                                    <td>
+                                        {% if start.doctrine %}
+                                        {% for doctrine in start.doctrine %}
+
+                                            <a href="{% url 'fleetup:doctrine' doctrine.Id %}" class="label label-success">{{ doctrine.Name }}</a>
+
+                                        {% endfor %}
+
+                                        {% else %}
+                                        <span class="label label-danger">{% trans "TBA" %}</span>
+                                        {% endif %}
+                                    </td>
+                                    <td>
+                                        {{ start.organizer }}
+                                    </td>
+                                    <td>
+                                        {% ifequal start.url "" %}
+                                        <div class="label label-danger">{% trans "No link" %}</div>
+                                        {% else %}
+                                        <a href="{{ start.url }}" target="_blank" class="label label-success">{% trans "External link" %}</a>
+                                        {% endifequal %}
+                                    </td>
+                                </tr>
+                            </table>
+                        </div>
+                    </div>
+                {% endfor %}
+                {% else %}
+            <h3>{% trans "There seems to be no Operations in the near future." %}</h3>
+            {% endif %}
+            </div>
+            <div class="col-lg-4">
+                <div class="panel panel-default">
+                    <div class="panel-heading">
+                        <h2 class="panel-title">{% trans "Current Eve Time:" %}</h2>
+                    </div>
+                    <div class="panel-body">
+                        <div id="current-time"></div>
+                    </div>
+                </div>
+                {% if timers_list %}
+                <div class="panel panel-default">
+                    <div class="panel-heading">
+                        <h2 class="panel-title">{% trans "Timers" %}</h2>
+                    </div>
+                    <div class="panel-body">
+                        <table class="table table-condensed table-hover table-striped">
+                        {% for notes, type in timers_list %}
+                        <tr>
+                        <td>
+                            {{ type.solarsystem }}
+                        </td>
+                            <td>
+                            {{ type.expires|date:"l d M H:i" }}
+                            </td>
+                        </tr>
+                        {% endfor %}
+                        </table>
+                    </div>
+                </div>
+                {% endif %}
+            </div>
+        </div>
+        <div id="timers" class="tab-pane fade in">
+            <div class="col-lg-12">
+                {% if timers_list %}
+                <div class="panel panel-default">
+                    <div class="panel-heading">
+                        <h2 class="panel-title">{% trans "Timers" %}</h2>
+                    </div>
+                    <div class="panel-body">
+                        <div class="col-lg-12">
+                        <table class="table table-condensed table-hover table-striped">
+                        <tr>
+                            <th class="col-lg-1">{% trans "Type" %}</th>
+                            <th class="col-lg-1">{% trans "Structure" %}</th>
+                            <th class="col-lg-2">{% trans "Location" %}</th>
+                            <th class="col-lg-2">{% trans "Expires(EVE-time)" %}</th>
+                            <th class="col-lg-1">{% trans "Owner" %}</th>
+                            <th class="col-lg-2">{% trans "Note" %}</th>
+                        </tr>
+                        {% for notes, type in timers_list %}
+                        <tr>
+                        <td>
+                            {% ifequal type.type "Final" %}
+                                        <span class="label label-danger">
+                            {{ type.type }}</span>{% else %}{{ type.type }}{% endifequal %}
+                        </td>
+                        <td>
+                            {{ type.timer_type }}
+                        </td>
+                        <td>
+                            {{ type.solarsystem }} - Planet:{{ type.planet }} Moon:{{ type.moon }}
+                        </td>
+                        <td>
+                            {{ type.expires|date:"l d M H:i" }}
+                        </td>
+                        <td>
+                            {{ type.owner }}
+                        </td>
+                        <td>
+                            {{ type.notes }}
+                        </td>
+                        </tr>
+                        {% endfor %}
+                        </table>
+                        </div>
+                    </div>
+                </div>
+                {% else %}
+            <h3>{% trans "There seems to be no Timers in the near future." %}</h3>
+            {% endif %}
+            </div>
+        </div>
+    </div>
+
+</div>
+</div>
+{% include 'bundles/moment-js.html' with locale=True %}
+<script src="{% static 'js/timers.js' %}"></script>
+<script type="text/javascript">
+    // Data
+    var timers = [
+    {% for start, op in operations_list %}
+        {
+            'id': {{ op.operation_id }},
+            'start': moment("{{ op.start | date:"c" }}"),
+            'end': moment("{{ op.end | date:"c" }}"),
+            'expired': false
+        },
+    {% endfor %}
+    ]
+</script>
+<script type="text/javascript">
+
+    timedUpdate();
+    setAllLocalTimes();
+
+    // Start timed updates
+    setInterval(timedUpdate, 1000);
+
+    function timedUpdate() {
+        updateClock();
+        updateAllTimers();
+    }
+
+    function updateAllTimers () {
+        var l = timers.length;
+        for (var i=0; i < l; ++i) {
+            if (timers[i].expired) continue;
+            updateTimer(timers[i]);
+        }
+    }
+
+    /**
+     * Update a timer
+     * @param timer Timer information
+     * @param timer.start Date of the timer
+     * @param timer.id Id number of the timer
+     * @param timer.expired
+     */
+    function updateTimer(timer) {
+        if (timer.start.isAfter(Date.now())) {
+            var duration = moment.duration(timer.start - moment(), 'milliseconds');
+            document.getElementById("countdown" + timer.id).innerHTML = getDurationString(duration);
+        } else {
+            timer.expired = true;
+            document.getElementById("countdown" + timer.id).innerHTML = "";
+        }
+    }
+
+    /**
+     * Set all local time fields
+     */
+    function setAllLocalTimes() {
+        var l = timers.length;
+        for (var i=0; i < l; ++i) {
+            setLocalTime(timers[i]);
+        }
+    }
+
+    /**
+     * Set the local time info for the timer
+     * @param timer Timer information
+     * @param timer.start Date of the timer
+     * @param timer.id Id number of the timer
+     */
+    function setLocalTime(timer) {
+        document.getElementById("localtime" + timer.id).innerHTML = timer.start.format("ddd @ LT");
+    }
+
+    function updateClock() {
+        document.getElementById("current-time").innerHTML = "<b>" + moment.utc().format('ddd, ll HH:mm:ss z') + "</b>";
+    }
+</script>
+{% endblock content %}
--- a/allianceauth/groupmanagement/admin.py
+++ b/allianceauth/groupmanagement/admin.py
@@ -1,28 +1,68 @@
 from django.contrib import admin
-from django.contrib.auth.models import Group
-
+from django.contrib.auth.models import Group as BaseGroup
+from django.db.models.signals import pre_save, post_save, pre_delete, post_delete, m2m_changed
+from django.dispatch import receiver
 from .models import AuthGroup
 from .models import GroupRequest


-class AuthGroupAdmin(admin.ModelAdmin):
-    """
-    Admin model for AuthGroup
-    """
-    filter_horizontal = ('group_leaders',)
+class AuthGroupInlineAdmin(admin.StackedInline):
+    model = AuthGroup
+    filter_horizontal = ('group_leaders', 'states',)
+    fields = ('description', 'group_leaders', 'states', 'internal', 'hidden', 'open', 'public')
+    verbose_name_plural = 'Auth Settings'
+    verbose_name = ''
+
+    def has_add_permission(self, request):
+        return False
+
+    def has_delete_permission(self, request, obj=None):
+        return False
+
+    def has_change_permission(self, request, obj=None):
+        return request.user.has_perm('auth.change_group')


-class ProxyGroup(Group):
+class GroupAdmin(admin.ModelAdmin):
+    filter_horizontal = ('permissions',)
+    inlines = (AuthGroupInlineAdmin,)
+
+
+class Group(BaseGroup):
    class Meta:
        proxy = True
-        verbose_name = Group._meta.verbose_name
-        verbose_name_plural = Group._meta.verbose_name_plural
+        verbose_name = BaseGroup._meta.verbose_name
+        verbose_name_plural = BaseGroup._meta.verbose_name_plural

 try:
-    admin.site.unregister(Group)
+    admin.site.unregister(BaseGroup)
 finally:
-    admin.site.register(ProxyGroup)
+    admin.site.register(Group, GroupAdmin)


 admin.site.register(GroupRequest)
-admin.site.register(AuthGroup, AuthGroupAdmin)
+
+
+@receiver(pre_save, sender=Group)
+def redirect_pre_save(sender, signal=None, *args, **kwargs):
+    pre_save.send(BaseGroup, *args, **kwargs)
+
+
+@receiver(post_save, sender=Group)
+def redirect_post_save(sender, signal=None, *args, **kwargs):
+    post_save.send(BaseGroup, *args, **kwargs)
+
+
+@receiver(pre_delete, sender=Group)
+def redirect_pre_delete(sender, signal=None, *args, **kwargs):
+    pre_delete.send(BaseGroup, *args, **kwargs)
+
+
+@receiver(post_delete, sender=Group)
+def redirect_post_delete(sender, signal=None, *args, **kwargs):
+    post_delete.send(BaseGroup, *args, **kwargs)
+
+
+@receiver(m2m_changed, sender=Group.permissions.through)
+def redirect_m2m_changed_permissions(sender, signal=None, *args, **kwargs):
+    m2m_changed.send(BaseGroup, *args, **kwargs)
--- a/allianceauth/groupmanagement/apps.py
+++ b/allianceauth/groupmanagement/apps.py
@@ -4,3 +4,4 @@ from django.apps import AppConfig
 class GroupManagementConfig(AppConfig):
    name = 'allianceauth.groupmanagement'
    label = 'groupmanagement'
+    verbose_name = 'Group Management'
--- a/allianceauth/groupmanagement/managers.py
+++ b/allianceauth/groupmanagement/managers.py
@@ -1,4 +1,5 @@
 from django.contrib.auth.models import Group
+from django.db.models import Q


 class GroupManager:
@@ -6,7 +7,12 @@ class GroupManager:
        pass

    @staticmethod
-    def get_joinable_groups():
+    def get_joinable_groups(state):
+        return Group.objects.select_related('authgroup').exclude(authgroup__internal=True)\
+            .filter(Q(authgroup__states=state) | Q(authgroup__states=None))
+
+    @staticmethod
+    def get_all_non_internal_groups():
        return Group.objects.select_related('authgroup').exclude(authgroup__internal=True)

    @staticmethod
@@ -14,13 +20,35 @@ class GroupManager:
        return Group.objects.select_related('authgroup').filter(authgroup__group_leaders__in=[user])

    @staticmethod
-    def joinable_group(group):
+    def joinable_group(group, state):
        """
-        Check if a group is a user joinable group, i.e.
-        not an internal group for Corp, Alliance, Members etc
+        Check if a group is a user/state joinable group, i.e.
+        not an internal group for Corp, Alliance, Members etc,
+        or restricted from the user's current state.
        :param group: django.contrib.auth.models.Group object
+        :param state: allianceauth.authentication.State object
        :return: bool True if its joinable, False otherwise
        """
+        if len(group.authgroup.states.all()) != 0 and state not in group.authgroup.states.all():
+            return False
+        return not group.authgroup.internal
+
+    @staticmethod
+    def check_internal_group(group):
+        """
+        Check if a group is auditable, i.e not an internal group
+        :param group: django.contrib.auth.models.Group object
+        :return: bool True if it is auditable, false otherwise
+        """
+        return not group.authgroup.internal
+
+    @staticmethod
+    def check_internal_group(group):
+        """
+        Check if a group is auditable, i.e not an internal group
+        :param group: django.contrib.auth.models.Group object
+        :return: bool True if it is auditable, false otherwise
+        """
        return not group.authgroup.internal

    @staticmethod
--- a/allianceauth/groupmanagement/migrations/0007_on_delete.py
+++ b/allianceauth/groupmanagement/migrations/0007_on_delete.py
@@ -15,7 +15,7 @@ class Migration(migrations.Migration):

    operations = [
        migrations.CreateModel(
-            name='ProxyGroup',
+            name='Group',
            fields=[
            ],
            options={
--- a/allianceauth/groupmanagement/migrations/0008_remove_authgroup_permissions.py
+++ b/allianceauth/groupmanagement/migrations/0008_remove_authgroup_permissions.py
@@ -0,0 +1,38 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11.10 on 2018-02-23 23:09
+from __future__ import unicode_literals
+
+from django.db import migrations
+
+
+def delete_permissions(apps, schema_editor):
+    AuthGroup = apps.get_model('groupmanagement', 'AuthGroup')
+    ContentType = apps.get_model('contenttypes', 'ContentType')
+    Permission = apps.get_model('auth', 'Permission')
+    ct = ContentType.objects.get_for_model(AuthGroup)
+    Permission.objects.filter(content_type=ct).delete()
+
+
+def recreate_permissions(apps, schema_editor):
+    AuthGroup = apps.get_model('groupmanagement', 'AuthGroup')
+    ContentType = apps.get_model('contenttypes', 'ContentType')
+    Permission = apps.get_model('auth', 'Permission')
+    ct = ContentType.objects.get_for_model(AuthGroup)
+    Permission.objects.create(content_type=ct, name='Can add auth group', codename='add_authgroup')
+    Permission.objects.create(content_type=ct, name='Can delete auth group', codename='delete_authgroup')
+    Permission.objects.create(content_type=ct, name='Can change auth group', codename='change_authgroup')
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('groupmanagement', '0007_on_delete'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='authgroup',
+            options={'default_permissions': (), 'permissions': (('request_groups', 'Can request non-public groups'),)},
+        ),
+        migrations.RunPython(delete_permissions, recreate_permissions)
+    ]
--- a/allianceauth/groupmanagement/migrations/0009_requestlog.py
+++ b/allianceauth/groupmanagement/migrations/0009_requestlog.py
@@ -0,0 +1,28 @@
+# Generated by Django 2.0.6 on 2018-06-04 02:45
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('auth', '0008_alter_user_username_max_length'),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('groupmanagement', '0008_remove_authgroup_permissions'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='RequestLog',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('request_type', models.NullBooleanField(default=0)),
+                ('request_info', models.CharField(max_length=254)),
+                ('action', models.BooleanField(default=0)),
+                ('group', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='auth.Group')),
+                ('request_actor', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
+            ],
+        ),
+    ]
--- a/allianceauth/groupmanagement/migrations/0010_authgroup_states.py
+++ b/allianceauth/groupmanagement/migrations/0010_authgroup_states.py
@@ -0,0 +1,19 @@
+# Generated by Django 2.0.6 on 2018-07-11 00:17
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('authentication', '0016_ownershiprecord'),
+        ('groupmanagement', '0009_requestlog'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='authgroup',
+            name='states',
+            field=models.ManyToManyField(blank=True, help_text='States listed here will have the ability to join this group provided they have the proper permissions.', related_name='valid_states', to='authentication.State'),
+        ),
+    ]
--- a/allianceauth/groupmanagement/models.py
+++ b/allianceauth/groupmanagement/models.py
@@ -3,8 +3,7 @@ from django.contrib.auth.models import User
 from django.db import models
 from django.db.models.signals import post_save
 from django.dispatch import receiver
-
-from allianceauth.eveonline.models import EveCharacter
+from allianceauth.authentication.models import State


 class GroupRequest(models.Model):
@@ -25,6 +24,37 @@ class GroupRequest(models.Model):
        return self.user.username + ":" + self.group.name


+class RequestLog(models.Model):
+    request_type = models.NullBooleanField(default=0)
+    group = models.ForeignKey(Group, on_delete=models.CASCADE)
+    request_info = models.CharField(max_length=254)
+    action = models.BooleanField(default=0)
+    request_actor = models.ForeignKey(User, on_delete=models.CASCADE)
+
+    def requestor(self):
+        return self.request_info.split(":")[0]
+
+    def type_to_str(self):
+        if self.request_type is None:
+            return "Removed"
+        elif self.request_type is True:
+            return "Leave"
+        elif self.request_type is False:
+            return "Join"
+
+    def action_to_str(self):
+        if self.action is True:
+            return "Accept"
+        elif self.action is False:
+            return "Reject"
+
+    def req_char(self):
+        usr = self.requestor()
+        user = User.objects.get(username=usr)
+        return user.profile.main_character
+
+
+
 class AuthGroup(models.Model):
    """
    Extends Django Group model with a one-to-one field
@@ -67,6 +97,10 @@ class AuthGroup(models.Model):
                                                     "specifically. Use the auth.group_management permission to allow "
                                                     "a user to manage all groups.")

+    states = models.ManyToManyField(State, related_name='valid_states', blank=True,
+                                    help_text="States listed here will have the ability to join this group provided "
+                                              "they have the proper permissions.")
+
    description = models.CharField(max_length=512, blank=True, help_text="Description of the group shown to users.")

    def __str__(self):
@@ -76,6 +110,7 @@ class AuthGroup(models.Model):
        permissions = (
            ("request_groups", u"Can request non-public groups"),
        )
+        default_permissions = tuple()


@receiver(post_save, sender=Group)
--- a/allianceauth/groupmanagement/templates/groupmanagement/audit.html
+++ b/allianceauth/groupmanagement/templates/groupmanagement/audit.html
@@ -0,0 +1,40 @@
+{% extends "allianceauth/base.html" %}
+{% load staticfiles %}
+{% load i18n %}
+
+{% block page_title %}{{ group }} {% trans "Audit Log" %}{% endblock page_title %}
+{% block extra_css %}{% endblock extra_css %}
+
+{% block content %}
+    <div class="col-lg-12">
+        <br>
+        {% include 'groupmanagement/menu.html' %}
+        <div>
+            {% if entries %}
+            <h3>{{ group }} Audit Log</h3>
+            <table class="table">
+                <tr>
+                    <th class="text-center">{% trans "Requestor" %}</th>
+                    <th class="text-center">{% trans "Main Character" %}</th>
+                    <th class="text-center">{% trans "Group" %}</th>
+                    <th class="text-center">{% trans "Type" %}</th>
+                    <th class="text-center">{% trans "Action" %}</th>
+                    <th class="text-center">{% trans "Actor" %}</th>
+                </tr>
+                {% for entry in entries %}
+                    <tr>
+                        <td class="text-center">{{ entry.requestor }}</td>
+                        <td class="text-center">{{ entry.req_char }}</td>
+                        <td class="text-center">{{ entry.group }}</td>
+                        <td class="text-center">{{ entry.type_to_str }}</td>
+                        <td class="text-center">{{ entry.action_to_str }}</td>
+                        <td class="text-center">{{ entry.request_actor }}</td>
+                    </tr>
+                {% endfor %}
+            </table>
+            {% else %}
+                <div class="alert alert-warning text-center">{% trans "No entries found." %}</div>
+            {% endif %}
+        </div>
+    </div>
+{% endblock content %}
--- a/allianceauth/groupmanagement/templates/groupmanagement/groupmembership.html
+++ b/allianceauth/groupmanagement/templates/groupmanagement/groupmembership.html
@@ -41,6 +41,9 @@
                                title="{% trans "View Members" %}">
                                    <i class="glyphicon glyphicon-eye-open"></i>
                            </a>
+                            <a href="{% url "groupmanagement:audit_log" group.id %}" class="btn btn-info" title="{% trans "Audit Members" %}">
+                                <i class="glyphicon glyphicon-list-alt"></i>
+                            </a>
                        </td>
                    </tr>
                {% endfor %}
--- a/allianceauth/groupmanagement/urls.py
+++ b/allianceauth/groupmanagement/urls.py
@@ -12,6 +12,7 @@ urlpatterns = [
            name='membership'),
        url(r'^membership/(\w+)/$', views.group_membership_list,
            name='membership_list'),
+        url(r'^membership/(\w+)/audit/', views.group_membership_audit, name="audit_log"),
        url(r'^membership/(\w+)/remove/(\w+)/$', views.group_membership_remove,
            name='membership_remove'),
        url(r'^request_add/(\w+)', views.group_request_add,
--- a/allianceauth/groupmanagement/views.py
+++ b/allianceauth/groupmanagement/views.py
@@ -10,10 +10,12 @@ from django.http import Http404
 from django.shortcuts import render, redirect, get_object_or_404
 from django.utils.translation import ugettext_lazy as _
 from .managers import GroupManager
-from .models import GroupRequest
+from .models import GroupRequest, RequestLog

 from allianceauth.notifications import notify

+from django.conf import settings
+
 logger = logging.getLogger(__name__)


@@ -53,7 +55,7 @@ def group_membership(request):
    # Get all open and closed groups
    if GroupManager.has_management_permission(request.user):
        # Full access
-        groups = GroupManager.get_joinable_groups()
+        groups = GroupManager.get_all_non_internal_groups()
    else:
        # Group leader specific
        groups = GroupManager.get_group_leaders_groups(request.user)
@@ -65,6 +67,32 @@ def group_membership(request):
    return render(request, 'groupmanagement/groupmembership.html', context=render_items)


+@login_required
+@user_passes_test(GroupManager.can_manage_groups)
+def group_membership_audit(request, group_id):
+    logger.debug("group_management_audit called by user %s" % request.user)
+    group = get_object_or_404(Group, id=group_id)
+    try:
+
+        # Check its a joinable group i.e. not corp or internal
+        # And the user has permission to manage it
+        if not GroupManager.check_internal_group(group) or not GroupManager.can_manage_group(request.user, group):
+            logger.warning("User %s attempted to view the membership of group %s but permission was denied" %
+                           (request.user, group_id))
+            raise PermissionDenied
+
+    except ObjectDoesNotExist:
+        raise Http404("Group does not exist")
+
+    entries = RequestLog.objects.filter(group=group)
+
+    render_items = {'entries': entries, 'group': group.name}
+
+    return render(request, 'groupmanagement/audit.html', context=render_items)
+
+
+
+
@login_required
@user_passes_test(GroupManager.can_manage_groups)
 def group_membership_list(request, group_id):
@@ -74,7 +102,7 @@ def group_membership_list(request, group_id):

        # Check its a joinable group i.e. not corp or internal
        # And the user has permission to manage it
-        if not GroupManager.joinable_group(group) or not GroupManager.can_manage_group(request.user, group):
+        if not GroupManager.check_internal_group(group) or not GroupManager.can_manage_group(request.user, group):
            logger.warning("User %s attempted to view the membership of group %s but permission was denied" %
                           (request.user, group_id))
            raise PermissionDenied
@@ -105,13 +133,16 @@ def group_membership_remove(request, group_id, user_id):
    try:
        # Check its a joinable group i.e. not corp or internal
        # And the user has permission to manage it
-        if not GroupManager.joinable_group(group) or not GroupManager.can_manage_group(request.user, group):
+        if not GroupManager.check_internal_group(group) or not GroupManager.can_manage_group(request.user, group):
            logger.warning("User %s attempted to remove a user from group %s but permission was denied" % (request.user,
                                                                                                           group_id))
            raise PermissionDenied

        try:
            user = group.user_set.get(id=user_id)
+            request_info = user.username + ":" + group.name
+            log = RequestLog(request_type=None,group=group,request_info=request_info,action=1,request_actor=request.user)
+            log.save()
            # Remove group from user
            user.groups.remove(group)
            logger.info("User %s removed user %s from group %s" % (request.user, user, group))
@@ -133,12 +164,14 @@ def group_accept_request(request, group_request_id):
    try:
        group, created = Group.objects.get_or_create(name=group_request.group.name)

-        if not GroupManager.joinable_group(group_request.group) or \
+        if not GroupManager.joinable_group(group_request.group, group_request.user.profile.state) or \
                not GroupManager.can_manage_group(request.user, group_request.group):
            raise PermissionDenied

        group_request.user.groups.add(group)
        group_request.user.save()
+        log = RequestLog(request_type=group_request.leave_request,group=group,request_info=group_request.__str__(),action=1,request_actor=request.user)
+        log.save()
        group_request.delete()
        logger.info("User %s accepted group request from user %s to group %s" % (
            request.user, group_request.user, group_request.group.name))
@@ -172,6 +205,8 @@ def group_reject_request(request, group_request_id):
        if group_request:
            logger.info("User %s rejected group request from user %s to group %s" % (
                request.user, group_request.user, group_request.group.name))
+            log = RequestLog(request_type=group_request.leave_request,group=group_request.group,request_info=group_request.__str__(),action=0,request_actor=request.user)
+            log.save()
            group_request.delete()
            notify(group_request.user, "Group Application Rejected", level="danger",
                   message="Your application to %s has been rejected." % group_request.group)
@@ -204,6 +239,8 @@ def group_leave_accept_request(request, group_request_id):
        group, created = Group.objects.get_or_create(name=group_request.group.name)
        group_request.user.groups.remove(group)
        group_request.user.save()
+        log = RequestLog(request_type=group_request.leave_request,group=group_request.group,request_info=group_request.__str__(),action=1,request_actor=request.user)
+        log.save()
        group_request.delete()
        logger.info("User %s accepted group leave request from user %s to group %s" % (
            request.user, group_request.user, group_request.group.name))
@@ -236,6 +273,8 @@ def group_leave_reject_request(request, group_request_id):
            raise PermissionDenied

        if group_request:
+            log = RequestLog(request_type=group_request.leave_request,group=group_request.group,request_info=group_request.__str__(),action=0,request_actor=request.user)
+            log.save()
            group_request.delete()
            logger.info("User %s rejected group leave request from user %s for group %s" % (
                request.user, group_request.user, group_request.group.name))
@@ -262,7 +301,7 @@ def groups_view(request):
    logger.debug("groups_view called by user %s" % request.user)
    groups = []

-    group_query = GroupManager.get_joinable_groups()
+    group_query = GroupManager.get_joinable_groups(request.user.profile.state)

    if not request.user.has_perm('groupmanagement.request_groups'):
        # Filter down to public groups only for non-members
@@ -284,11 +323,18 @@ def groups_view(request):
 def group_request_add(request, group_id):
    logger.debug("group_request_add called by user %s for group id %s" % (request.user, group_id))
    group = Group.objects.get(id=group_id)
-    if not GroupManager.joinable_group(group):
+    state = request.user.profile.state
+    if not GroupManager.joinable_group(group, state):
        logger.warning("User %s attempted to join group id %s but it is not a joinable group" %
                       (request.user, group_id))
        messages.warning(request, _("You cannot join that group"))
        return redirect('groupmanagement:groups')
+    if group in request.user.groups.all():
+        # User is already a member of this group.
+        logger.warning("User %s attempted to join group id %s but they are already a member." %
+                       (request.user, group_id))
+        messages.warning(request, "You are already a member of that group.")
+        return redirect('groupmanagement:groups')
    if not request.user.has_perm('groupmanagement.request_groups') and not group.authgroup.public:
        # Does not have the required permission, trying to join a non-public group
        logger.warning("User %s attempted to join group id %s but it is not a public group" %
@@ -299,11 +345,15 @@ def group_request_add(request, group_id):
        logger.info("%s joining %s as is an open group" % (request.user, group))
        request.user.groups.add(group)
        return redirect("groupmanagement:groups")
+    req = GroupRequest.objects.filter(user=request.user, group=group)
+    if len(req) > 0:
+        logger.info("%s attempted to join %s but already has an open application" % (request.user, group))
+        messages.warning(request, "You already have a pending application for that group.")
+        return redirect("groupmanagement:groups")
    grouprequest = GroupRequest()
    grouprequest.status = _('Pending')
    grouprequest.group = group
    grouprequest.user = request.user
-    grouprequest.main_char = request.user.profile.main_character
    grouprequest.leave_request = False
    grouprequest.save()
    logger.info("Created group request for user %s to group %s" % (request.user, Group.objects.get(id=group_id)))
@@ -315,7 +365,7 @@ def group_request_add(request, group_id):
 def group_request_leave(request, group_id):
    logger.debug("group_request_leave called by user %s for group id %s" % (request.user, group_id))
    group = Group.objects.get(id=group_id)
-    if not GroupManager.joinable_group(group):
+    if not GroupManager.check_internal_group(group):
        logger.warning("User %s attempted to leave group id %s but it is not a joinable group" %
                       (request.user, group_id))
        messages.warning(request, _("You cannot leave that group"))
@@ -329,11 +379,19 @@ def group_request_leave(request, group_id):
        logger.info("%s leaving %s as is an open group" % (request.user, group))
        request.user.groups.remove(group)
        return redirect("groupmanagement:groups")
+    req = GroupRequest.objects.filter(user=request.user, group=group)
+    if len(req) > 0:
+        logger.info("%s attempted to leave %s but already has an pending leave request." % (request.user, group))
+        messages.warning(request, "You already have a pending leave request for that group.")
+        return redirect("groupmanagement:groups")
+    if getattr(settings, 'AUTO_LEAVE', False):
+        logger.info("%s leaving joinable group %s due to auto_leave" % (request.user, group))
+        request.user.groups.remove(group)
+        return redirect('groupmanagement:groups')
    grouprequest = GroupRequest()
    grouprequest.status = _('Pending')
    grouprequest.group = group
    grouprequest.user = request.user
-    grouprequest.main_char = request.user.profile.main_character
    grouprequest.leave_request = True
    grouprequest.save()
    logger.info("Created group leave request for user %s to group %s" % (request.user, Group.objects.get(id=group_id)))
--- a/allianceauth/hrapplications/auth_hooks.py
+++ b/allianceauth/hrapplications/auth_hooks.py
@@ -1,5 +1,5 @@
 from allianceauth.services.hooks import MenuItemHook, UrlHook
-
+from django.utils.translation import ugettext_lazy as _
 from allianceauth import hooks
 from allianceauth.hrapplications import urls

@@ -7,7 +7,7 @@ from allianceauth.hrapplications import urls
 class ApplicationsMenu(MenuItemHook):
    def __init__(self):
        MenuItemHook.__init__(self,
-                              'Applications',
+                              _('Applications'),
                              'fa fa-file-o fa-fw',
                              'hrapplications:index',
                              navactive=['hrapplications:'])
--- a/allianceauth/hrapplications/templates/hrapplications/management.html
+++ b/allianceauth/hrapplications/templates/hrapplications/management.html
@@ -154,6 +154,12 @@
                                               class="btn btn-primary">
                                                <span class="glyphicon glyphicon-eye-open"></span>
                                            </a>
+                                            {% if perms.hrapplications.delete_application %}
+                                                <a href="{% url 'hrapplications:remove' app.id %}"
+                                                    class="btn btn-danger">
+                                                    <span class="glyphicon glyphicon-remove"></span>
+                                                </a>
+                                            {% endif %}
                                        </td>
                                    </tr>
                                {% endfor %}
--- a/allianceauth/hrapplications/urls.py
+++ b/allianceauth/hrapplications/urls.py
@@ -13,19 +13,19 @@ urlpatterns = [
        name="create_view"),
    url(r'^remove/(\w+)', views.hr_application_remove,
        name="remove"),
-    url(r'view/(\w+)', views.hr_application_view,
+    url(r'^view/(\w+)', views.hr_application_view,
        name="view"),
-    url(r'personal/view/(\w+)', views.hr_application_personal_view,
+    url(r'^personal/view/(\w+)', views.hr_application_personal_view,
        name="personal_view"),
-    url(r'personal/removal/(\w+)',
+    url(r'^personal/removal/(\w+)',
        views.hr_application_personal_removal,
        name="personal_removal"),
-    url(r'approve/(\w+)', views.hr_application_approve,
+    url(r'^approve/(\w+)', views.hr_application_approve,
        name="approve"),
-    url(r'reject/(\w+)', views.hr_application_reject,
+    url(r'^reject/(\w+)', views.hr_application_reject,
        name="reject"),
-    url(r'search/', views.hr_application_search,
+    url(r'^search/', views.hr_application_search,
        name="search"),
-    url(r'mark_in_progress/(\w+)', views.hr_application_mark_in_progress,
+    url(r'^mark_in_progress/(\w+)', views.hr_application_mark_in_progress,
        name="mark_in_progress"),
    ]
--- a/allianceauth/hrapplications/views.py
+++ b/allianceauth/hrapplications/views.py
@@ -67,7 +67,7 @@ def hr_application_create_view(request, form_id=None):
                                                       ""))
                    response.save()
                logger.info("%s created %s" % (request.user, application))
-            return redirect('hrapplications:view')
+            return redirect('hrapplications:personal_view', application.id)
        else:
            questions = app_form.questions.all()
            return render(request, 'hrapplications/create.html',
@@ -95,7 +95,7 @@ def hr_application_personal_view(request, app_id):
        return render(request, 'hrapplications/view.html', context=context)
    else:
        logger.warn("User %s not authorized to view %s" % (request.user, app))
-        return redirect('hrapplications:view')
+        return redirect('hrapplications:personal_view')


@login_required
@@ -110,7 +110,7 @@ def hr_application_personal_removal(request, app_id):
            logger.warn("User %s attempting to delete reviewed app %s" % (request.user, app))
    else:
        logger.warn("User %s not authorized to delete %s" % (request.user, app))
-    return redirect('hrapplications:view')
+    return redirect('hrapplications:index')


@login_required
@@ -158,7 +158,7 @@ def hr_application_remove(request, app_id):
    logger.info("User %s deleting %s" % (request.user, app))
    app.delete()
    notify(app.user, "Application Deleted", message="Your application to %s was deleted." % app.form.corp)
-    return redirect('hrapplications:view')
+    return redirect('hrapplications:index')


@login_required
@@ -175,7 +175,7 @@ def hr_application_approve(request, app_id):
               level="success")
    else:
        logger.warn("User %s not authorized to approve %s" % (request.user, app))
-    return redirect('hrapplications:view')
+    return redirect('hrapplications:index')


@login_required
@@ -192,7 +192,7 @@ def hr_application_reject(request, app_id):
               level="danger")
    else:
        logger.warn("User %s not authorized to reject %s" % (request.user, app))
-    return redirect('hrapplications:view')
+    return redirect('hrapplications:index')


@login_required
--- a/allianceauth/locale/de/LC_MESSAGES/django.mo
+++ b/allianceauth/locale/de/LC_MESSAGES/django.mo
--- a/allianceauth/locale/de/LC_MESSAGES/django.po
+++ b/allianceauth/locale/de/LC_MESSAGES/django.po
--- a/allianceauth/locale/es/LC_MESSAGES/django.mo
+++ b/allianceauth/locale/es/LC_MESSAGES/django.mo
--- a/allianceauth/locale/es/LC_MESSAGES/django.po
+++ b/allianceauth/locale/es/LC_MESSAGES/django.po
--- a/allianceauth/optimer/auth_hooks.py
+++ b/allianceauth/optimer/auth_hooks.py
@@ -1,12 +1,12 @@
 from allianceauth.services.hooks import MenuItemHook, UrlHook
-
+from django.utils.translation import ugettext_lazy as _
 from allianceauth import hooks
 from . import urls


 class OpTimerboardMenu(MenuItemHook):
    def __init__(self):
-        MenuItemHook.__init__(self, 'Fleet Operations',
+        MenuItemHook.__init__(self, _('Fleet Operations'),
                              'fa fa-exclamation  fa-fw',
                              'optimer:view',
                              navactive=['optimer:'])
--- a/allianceauth/optimer/templates/optimer/management.html
+++ b/allianceauth/optimer/templates/optimer/management.html
@@ -19,7 +19,8 @@
        <div class="col-lg-12 text-center row">
            <div class="label label-info text-left">
                <b>{% trans "Current Eve Time:" %} </b>
-            </div><div class="label label-info text-left" id="current-time"></div>
+            </div>
+            <strong class="label label-info text-left" id="current-time"></strong>
            <br  />
        </div>

@@ -111,7 +112,7 @@
        }

        function updateClock() {
-            document.getElementById("current-time").innerHTML = "<b>" + moment.utc().format('LLLL') + "</b>";
+            document.getElementById("current-time").innerHTML = getCurrentEveTimeString();
        }
    </script>
 {% endblock content %}
--- a/allianceauth/permissions_tool/tests.py
+++ b/allianceauth/permissions_tool/tests.py
@@ -8,6 +8,7 @@ from allianceauth.tests.auth_utils import AuthUtils
 class PermissionsToolViewsTestCase(WebTest):
    def setUp(self):
        self.member = AuthUtils.create_member('auth_member')
+        AuthUtils.add_main_character(self.member, 'test character', '1234', '2345', 'test corp', 'testc')
        self.member.email = 'auth_member@example.com'
        self.member.save()
        self.none_user = AuthUtils.create_user('none_user', disconnect_signals=True)
--- a/allianceauth/project_template/categories.json
+++ b/allianceauth/project_template/categories.json
--- a/allianceauth/project_template/confusables.json
+++ b/allianceauth/project_template/confusables.json
--- a/allianceauth/project_template/project_name/init.py
+++ b/allianceauth/project_template/project_name/init.py
@@ -0,0 +1 @@
+from .celery import app as celery_app
--- a/allianceauth/project_template/project_name/celery.py
+++ b/allianceauth/project_template/project_name/celery.py
@@ -11,6 +11,10 @@ app = Celery('{{ project_name }}')
 # Using a string here means the worker don't have to serialize
 # the configuration object to child processes.
 app.config_from_object('django.conf:settings')
+app.conf.ONCE = {
+    'backend': 'allianceauth.services.tasks.DjangoBackend',
+    'settings': {}
+}

 # Load task modules from all registered Django app configs.
 app.autodiscover_tasks(lambda: settings.INSTALLED_APPS)
--- a/allianceauth/project_template/project_name/settings/base.py
+++ b/allianceauth/project_template/project_name/settings/base.py
@@ -1,14 +1,10 @@
 # -*- coding: UTF-8 -*-
 """
-Django settings for alliance_auth project.
+DO NOT EDIT THIS FILE

-Generated by 'django-admin startproject' using Django 1.10.1.
-
-For more information on this file, see
-https://docs.djangoproject.com/en/1.10/topics/settings/
-
-For the full list of settings and their values, see
-https://docs.djangoproject.com/en/1.10/ref/settings/
+This settings file contains everything needed for Alliance Auth projects to function.
+It gets overwritten by the 'allianceauth update' command.
+If you wish to make changes, overload the setting in your project's settings file (local.py).
 """

 import os
@@ -17,7 +13,6 @@ from django.contrib import messages
 from celery.schedules import crontab

 INSTALLED_APPS = [
-    # Core apps - required to function
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
@@ -38,17 +33,19 @@ INSTALLED_APPS = [
    'allianceauth.thirdparty.navhelper',
 ]

+SECRET_KEY = "wow I'm a really bad default secret key"
+
 # Celery configuration
 BROKER_URL = 'redis://localhost:6379/0'
 CELERYBEAT_SCHEDULER = "django_celery_beat.schedulers.DatabaseScheduler"
 CELERYBEAT_SCHEDULE = {
    'esi_cleanup_callbackredirect': {
        'task': 'esi.tasks.cleanup_callbackredirect',
-        'schedule': crontab(hour='*/4'),
+        'schedule': crontab(minute=0, hour='*/4'),
    },
    'esi_cleanup_token': {
        'task': 'esi.tasks.cleanup_token',
-        'schedule': crontab(day_of_month='*/1'),
+        'schedule': crontab(minute=0, hour=0),
    },
    'run_model_update': {
        'task': 'allianceauth.eveonline.tasks.run_model_update',
@@ -56,7 +53,7 @@ CELERYBEAT_SCHEDULE = {
    },
    'check_all_character_ownership': {
        'task': 'allianceauth.authentication.tasks.check_all_character_ownership',
-        'schedule': crontab(hour='*/4'),
+        'schedule': crontab(minute=0, hour='*/4'),
    }
 }

@@ -85,12 +82,13 @@ ugettext = lambda s: s
 LANGUAGES = (
    ('en', ugettext('English')),
    ('de', ugettext('German')),
+    ('es', ugettext('Spanish')),
 )

 TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
-        'DIRS': [],
+        'DIRS': [os.path.join(PROJECT_DIR, 'templates')],
        'APP_DIRS': True,
        'OPTIONS': {
            'context_processors': [
@@ -148,8 +146,11 @@ USE_TZ = True

 # Static files (CSS, JavaScript, Images)
 # https://docs.djangoproject.com/en/1.10/howto/static-files/
-
 STATIC_URL = '/static/'
+STATICFILES_DIRS = [
+    os.path.join(PROJECT_DIR, 'static'),
+]
+STATIC_ROOT = os.path.join(BASE_DIR, 'static')

 # Bootstrap messaging css workaround
 MESSAGE_TAGS = {
@@ -166,7 +167,6 @@ CACHES = {
    }
 }

-SECRET_KEY = 'this is a very bad secret key you should change'
 DEBUG = True
 ALLOWED_HOSTS = ['*']
 DATABASES = {
@@ -178,40 +178,24 @@ DATABASES = {

 SITE_NAME = 'Alliance Auth'

-#################
-# Login Settings
-#################
-# LOGIN_REDIRECT_URL - default destination when logging in if no redirect specified
-# LOGOUT_REDIRECT_URL - destination after logging out
+LOGIN_URL = 'auth_login_user'  # view that handles login logic
+
+LOGIN_REDIRECT_URL = 'authentication:dashboard'  # default destination when logging in if no redirect specified
+LOGOUT_REDIRECT_URL = 'authentication:dashboard'  # destination after logging out
 # Both of these redirects accept values as per the django redirect shortcut
 # https://docs.djangoproject.com/en/1.11/topics/http/shortcuts/#redirect
 # - url names eg 'authentication:dashboard'
 # - relative urls eg '/dashboard'
 # - absolute urls eg 'http://example.com/dashboard'
-# LOGIN_TOKEN_SCOPES - scopes required on new tokens when logging in. Cannot be blank.
-# ACCOUNT_ACTIVATION_DAYS - number of days email verification tokens are valid for
-##################
-LOGIN_URL = 'auth_login_user'
-LOGIN_REDIRECT_URL = 'authentication:dashboard'
-LOGOUT_REDIRECT_URL = 'authentication:dashboard'
-LOGIN_TOKEN_SCOPES = ['esi-characters.read_opportunities.v1']
+
+# scopes required on new tokens when logging in. Cannot be blank.
+LOGIN_TOKEN_SCOPES = ['publicData']
+
+# number of days email verification links are valid for
 ACCOUNT_ACTIVATION_DAYS = 1

-#####################################################
-##
-## Logging Configuration
-##
-#####################################################
-# Set log_file and console level to desired state:
-# DEBUG - basically stack trace, explains every step
-# INFO - model creation, deletion, updates, etc
-# WARN - unexpected function outcomes that do not impact user
-# ERROR - unexcpeted function outcomes which prevent user from achieving desired outcome
-# EXCEPTION - something critical went wrong, unhandled
-#####################################
-# Recommended level for log_file is INFO, console is DEBUG
-# Change log level of individual apps below to narrow your debugging
-#####################################
+ESI_API_URL = 'https://esi.evetech.net/'
+
 LOGGING = {
    'version': 1,
    'disable_existing_loggers': False,
@@ -253,5 +237,9 @@ LOGGING = {
            'handlers': ['log_file', 'console'],
            'level': 'ERROR',
        },
+        'esi': {
+            'handlers': ['log_file', 'console'],
+            'level': 'DEBUG',
+        },
    }
 }
--- a/allianceauth/project_template/project_name/settings/local.py
+++ b/allianceauth/project_template/project_name/settings/local.py
@@ -1,68 +1,60 @@
+# Every setting in base.py can be overloaded by redefining it here.
 from .base import *

-# These are required for Django to function properly
+# These are required for Django to function properly. Don't touch.
 ROOT_URLCONF = '{{ project_name }}.urls'
 WSGI_APPLICATION = '{{ project_name }}.wsgi.application'
-STATICFILES_DIRS = [
-    os.path.join(PROJECT_DIR, 'static'),
-]
-STATIC_ROOT = "/var/www/{{ project_name }}/static/"
-TEMPLATES[0]['DIRS'] += [os.path.join(PROJECT_DIR, 'templates')]
 SECRET_KEY = '{{ secret_key }}'

-# Change this to change the name of the auth site
+# This is where css/images will be placed for your webserver to read
+STATIC_ROOT = "/var/www/{{ project_name }}/static/"
+
+# Change this to change the name of the auth site displayed
+# in page titles and the site header.
 SITE_NAME = '{{ project_name }}'

-# Change this to enable/disable debug mode
+# Change this to enable/disable debug mode, which displays
+# useful error messages but can leak sensitive data.
 DEBUG = False

-#######################################
-#         Database Settings           #
-#######################################
-# Uncomment and change the database name
-# and credentials to use MySQL/MariaDB.
-# Leave commented to use sqlite3
-#######################################
-"""
+# Add any additional apps to this list.
+INSTALLED_APPS += [
+    
+]
+
+# Enter credentials to use MySQL/MariaDB. Comment out to use sqlite3
 DATABASES['default'] = {
    'ENGINE': 'django.db.backends.mysql',
    'NAME': 'alliance_auth',
-    'USER': os.environ.get('AA_DB_DEFAULT_USER', ''),
-    'PASSWORD': os.environ.get('AA_DB_DEFAULT_PASSWORD', ''),
-    'HOST': os.environ.get('AA_DB_DEFAULT_HOST', '127.0.0.1'),
-    'PORT': os.environ.get('AA_DB_DEFAULT_PORT', '3306'),
+    'USER': '',
+    'PASSWORD': '',
+    'HOST': '127.0.0.1',
+    'PORT': '3306',
 }
-"""

-######################################
-#            SSO Settings            #
-######################################
-# Register an application at
-# https://developers.eveonline.com
-# and fill out these settings.
-# Be sure to set the callback URL to
-# https://example.com/sso/callback
-# substituting your domain for example.com
-######################################
+# Register an application at https://developers.eveonline.com for Authentication
+# & API Access and fill out these settings. Be sure to set the callback URL
+# to https://example.com/sso/callback substituting your domain for example.com
+# Logging in to auth requires the publicData scope (can be overridden through the
+# LOGIN_TOKEN_SCOPES setting). Other apps may require more (see their docs).
 ESI_SSO_CLIENT_ID = ''
 ESI_SSO_CLIENT_SECRET = ''
 ESI_SSO_CALLBACK_URL = ''

-######################################
-#           Email Settings           #
-######################################
-# Alliance Auth validates emails before
-# new users can log in.
-# It's recommended to use a free service
-# like SparkPost or Mailgun to send email.
+# By default emails are validated before new users can log in.
+# It's recommended to use a free service like SparkPost or Elastic Email to send email.
 # https://www.sparkpost.com/docs/integrations/django/
-#################
+# https://elasticemail.com/resources/settings/smtp-api/
+# Set the default from email to something like 'noreply@example.com'
+# Email validation can be turned off by uncommenting the line below. This can break some services.
+# REGISTRATION_VERIFY_EMAIL = False
 EMAIL_HOST = ''
 EMAIL_PORT = 587
 EMAIL_HOST_USER = ''
 EMAIL_HOST_PASSWORD = ''
 EMAIL_USE_TLS = True
+DEFAULT_FROM_EMAIL = ''

-######################################
-# Add any custom settings below here #
-######################################
+#######################################
+# Add any custom settings below here. #
+#######################################
--- a/allianceauth/services/admin.py
+++ b/allianceauth/services/admin.py
@@ -9,12 +9,19 @@ class NameFormatConfigForm(forms.ModelForm):
        super(NameFormatConfigForm, self).__init__(*args, **kwargs)
        SERVICE_CHOICES = [(s.name, s.name) for h in hooks.get_hooks('services_hook') for s in [h()]]
        if self.instance.id:
-            SERVICE_CHOICES.append((self.instance.field, self.instance.field))
+            current_choice = (self.instance.service_name, self.instance.service_name)
+            if current_choice not in SERVICE_CHOICES:
+                SERVICE_CHOICES.append(current_choice)
        self.fields['service_name'] = forms.ChoiceField(choices=SERVICE_CHOICES)


 class NameFormatConfigAdmin(admin.ModelAdmin):
    form = NameFormatConfigForm
+    list_display = ('service_name', 'get_state_display_string')
+
+    def get_state_display_string(self, obj):
+        return ', '.join([state.name for state in obj.states.all()])
+    get_state_display_string.short_description = 'States'


 admin.site.register(NameFormatConfig, NameFormatConfigAdmin)
--- a/allianceauth/services/apps.py
+++ b/allianceauth/services/apps.py
@@ -6,4 +6,4 @@ class ServicesConfig(AppConfig):
    label = 'services'

    def ready(self):
-        pass
+        from . import signals
--- a/allianceauth/services/hooks.py
+++ b/allianceauth/services/hooks.py
@@ -1,7 +1,6 @@
 from django.conf.urls import include, url
 from django.template.loader import render_to_string
 from django.utils.functional import cached_property
-from django.core.exceptions import ObjectDoesNotExist
 from django.conf import settings
 from string import Formatter

@@ -160,15 +159,12 @@ class NameFormatter:
            'corp_id': getattr(main_char, 'corporation_id', None),
            'alliance_name': getattr(main_char, 'alliance_name', None),
            'alliance_id': getattr(main_char, 'alliance_id', None),
+            'alliance_ticker': getattr(main_char, 'alliance_ticker', None),
            'username': self.user.username,
        }

-        if main_char is not None and 'alliance_ticker' in self.string_formatter:
-            # Reduces db lookups
-            try:
-                format_data['alliance_ticker'] = getattr(getattr(main_char, 'alliance', None), 'alliance_ticker', None)
-            except ObjectDoesNotExist:
-                format_data['alliance_ticker'] = None
+        format_data['alliance_or_corp_name'] = format_data['alliance_name'] or format_data['corp_name']
+        format_data['alliance_or_corp_ticker'] = format_data['alliance_ticker'] or format_data['corp_ticker']
        return format_data

    @cached_property
--- a/allianceauth/services/management/commands/verify_service_accounts.py
+++ b/allianceauth/services/management/commands/verify_service_accounts.py
@@ -9,5 +9,5 @@ class Command(BaseCommand):

    def handle(self, *args, **options):
        for u in User.objects.all():
-            validate_services(u)
+            validate_services(u.pk)
        self.stdout.write(self.style.SUCCESS('Verified all user service accounts.'))
--- a/allianceauth/services/migrations/0002_nameformatter.py
+++ b/allianceauth/services/migrations/0002_nameformatter.py
@@ -11,6 +11,7 @@ class Migration(migrations.Migration):

    dependencies = [
        ('services', '0001_squashed_0003_delete_groupcache'),
+        ('authentication', '0015_user_profiles'),
    ]

    operations = [
--- a/allianceauth/services/modules/discord/manager.py
+++ b/allianceauth/services/modules/discord/manager.py
@@ -1,6 +1,4 @@
 import requests
-import json
-import re
 import math
 from django.conf import settings
 from requests_oauthlib import OAuth2Session
@@ -24,8 +22,8 @@ Previously all we asked for was permission to kick members, manage roles, and ma
 Users have reported weird unauthorized errors we don't understand. So now we ask for full server admin.
 It's almost fixed the problem.
 """
-# kick members, manage roles, manage nicknames
-# BOT_PERMISSIONS = 0x00000002 + 0x10000000 + 0x08000000
+# kick members, manage roles, manage nicknames, create instant invite
+# BOT_PERMISSIONS = 0x00000002 + 0x10000000 + 0x08000000 + 0x00000001
 BOT_PERMISSIONS = 0x00000008

 # get user ID, accept invite
@@ -34,7 +32,7 @@ SCOPES = [
    'guilds.join',
 ]

-GROUP_CACHE_MAX_AGE = int(getattr(settings, 'DISCORD_GROUP_CACHE_MAX_AGE', 2 * 60 * 60))  # 2 hours default
+GROUP_CACHE_MAX_AGE = getattr(settings, 'DISCORD_GROUP_CACHE_MAX_AGE', 2 * 60 * 60)  # 2 hours default


 class DiscordApiException(Exception):
@@ -109,7 +107,7 @@ def api_backoff(func):
                        backoff_timer = datetime.datetime.strptime(existing_backoff, cache_time_format)
                        if backoff_timer > datetime.datetime.utcnow():
                            backoff_seconds = (backoff_timer - datetime.datetime.utcnow()).total_seconds()
-                            logger.debug("Still under backoff for {} seconds, backing off" % backoff_seconds)
+                            logger.debug("Still under backoff for %s seconds, backing off" % backoff_seconds)
                            # Still under backoff
                            raise PerformBackoff(
                                retry_after=backoff_seconds,
@@ -117,8 +115,7 @@ def api_backoff(func):
                                global_ratelimit=bool(existing_global_backoff)
                            )
                    logger.debug("Calling API calling function")
-                    func(*args, **kwargs)
-                    break
+                    return func(*args, **kwargs)
                except requests.HTTPError as e:
                    if e.response.status_code == 429:
                        try:
@@ -163,12 +160,11 @@ class DiscordOAuthManager:

    @staticmethod
    def _sanitize_name(name):
-        return re.sub('[^\w.-]', '', name)[:32]
+        return name[:32]

    @staticmethod
-    def _sanitize_groupname(name):
-        name = name.strip(' _')
-        return DiscordOAuthManager._sanitize_name(name)
+    def _sanitize_group_name(name):
+        return name[:100]

    @staticmethod
    def generate_bot_add_url():
@@ -187,23 +183,33 @@ class DiscordOAuthManager:
        return token

    @staticmethod
-    def add_user(code):
+    def add_user(code, groups, nickname=None):
        try:
            token = DiscordOAuthManager._process_callback_code(code)['access_token']
            logger.debug("Received token from OAuth")

            custom_headers = {'accept': 'application/json', 'authorization': 'Bearer ' + token}
-            path = DISCORD_URL + "/invites/" + str(settings.DISCORD_INVITE_CODE)
-            r = requests.post(path, headers=custom_headers)
-            logger.debug("Got status code %s after accepting Discord invite" % r.status_code)
-            r.raise_for_status()
-
            path = DISCORD_URL + "/users/@me"
            r = requests.get(path, headers=custom_headers)
            logger.debug("Got status code %s after retrieving Discord profile" % r.status_code)
            r.raise_for_status()

            user_id = r.json()['id']
+
+            path = DISCORD_URL + "/guilds/" + str(settings.DISCORD_GUILD_ID) + "/members/" + str(user_id)
+            group_ids = [DiscordOAuthManager._group_name_to_id(DiscordOAuthManager._sanitize_group_name(g)) for g in
+                         groups]
+            data = {
+                'roles': group_ids,
+                'access_token': token,
+            }
+            if nickname:
+                data['nick'] = DiscordOAuthManager._sanitize_name(nickname)
+            custom_headers['authorization'] = 'Bot ' + settings.DISCORD_BOT_TOKEN
+            r = requests.put(path, headers=custom_headers, json=data)
+            logger.debug("Got status code %s after joining Discord server" % r.status_code)
+            r.raise_for_status()
+
            logger.info("Added Discord user ID %s to server." % user_id)
            return user_id
        except:
@@ -211,23 +217,20 @@ class DiscordOAuthManager:
            return None

    @staticmethod
+    @api_backoff
    def update_nickname(user_id, nickname):
-        try:
-            nickname = DiscordOAuthManager._sanitize_name(nickname)
-            custom_headers = {'content-type': 'application/json', 'authorization': 'Bot ' + settings.DISCORD_BOT_TOKEN}
-            data = {'nick': nickname}
-            path = DISCORD_URL + "/guilds/" + str(settings.DISCORD_GUILD_ID) + "/members/" + str(user_id)
-            r = requests.patch(path, headers=custom_headers, json=data)
-            logger.debug("Got status code %s after setting nickname for Discord user ID %s (%s)" % (
-                r.status_code, user_id, nickname))
-            if r.status_code == 404:
-                logger.warn("Discord user ID %s could not be found in server." % user_id)
-                return True
-            r.raise_for_status()
+        nickname = DiscordOAuthManager._sanitize_name(nickname)
+        custom_headers = {'content-type': 'application/json', 'authorization': 'Bot ' + settings.DISCORD_BOT_TOKEN}
+        data = {'nick': nickname}
+        path = DISCORD_URL + "/guilds/" + str(settings.DISCORD_GUILD_ID) + "/members/" + str(user_id)
+        r = requests.patch(path, headers=custom_headers, json=data)
+        logger.debug("Got status code %s after setting nickname for Discord user ID %s (%s)" % (
+            r.status_code, user_id, nickname))
+        if r.status_code == 404:
+            logger.warn("Discord user ID %s could not be found in server." % user_id)
            return True
-        except:
-            logger.exception("Failed to set nickname for Discord user ID %s (%s)" % (user_id, nickname))
-            return False
+        r.raise_for_status()
+        return True

    @staticmethod
    def delete_user(user_id):
@@ -260,7 +263,7 @@ class DiscordOAuthManager:

    @staticmethod
    def _group_name_to_id(name):
-        name = DiscordOAuthManager._sanitize_groupname(name)
+        name = DiscordOAuthManager._sanitize_group_name(name)

        def get_or_make_role():
            groups = DiscordOAuthManager._get_groups()
@@ -271,42 +274,61 @@ class DiscordOAuthManager:
        return cache.get_or_set(DiscordOAuthManager._generate_cache_role_key(name), get_or_make_role, GROUP_CACHE_MAX_AGE)

    @staticmethod
-    def __generate_role():
+    def __generate_role(name, **kwargs):
        custom_headers = {'accept': 'application/json', 'authorization': 'Bot ' + settings.DISCORD_BOT_TOKEN}
        path = DISCORD_URL + "/guilds/" + str(settings.DISCORD_GUILD_ID) + "/roles"
-        r = requests.post(path, headers=custom_headers)
+        data = {'name': name}
+        data.update(kwargs)
+        r = requests.post(path, headers=custom_headers, json=data)
        logger.debug("Received status code %s after generating new role." % r.status_code)
        r.raise_for_status()
        return r.json()

    @staticmethod
-    def __edit_role(role_id, name, color=0, hoist=True, permissions=36785152):
+    def __edit_role(role_id, **kwargs):
        custom_headers = {'content-type': 'application/json', 'authorization': 'Bot ' + settings.DISCORD_BOT_TOKEN}
-        data = {
-            'color': color,
-            'hoist': hoist,
-            'name': name,
-            'permissions': permissions,
-        }
        path = DISCORD_URL + "/guilds/" + str(settings.DISCORD_GUILD_ID) + "/roles/" + str(role_id)
-        r = requests.patch(path, headers=custom_headers, data=json.dumps(data))
+        r = requests.patch(path, headers=custom_headers, json=kwargs)
        logger.debug("Received status code %s after editing role id %s" % (r.status_code, role_id))
        r.raise_for_status()
        return r.json()

    @staticmethod
    def _create_group(name):
-        role = DiscordOAuthManager.__generate_role()
-        return DiscordOAuthManager.__edit_role(role['id'], name)
+        return DiscordOAuthManager.__generate_role(name)
+
+    @staticmethod
+    def _get_user(user_id):
+        custom_headers = {'content-type': 'application/json', 'authorization': 'Bot ' + settings.DISCORD_BOT_TOKEN}
+        path = DISCORD_URL + "/guilds/" + str(settings.DISCORD_GUILD_ID) + "/members/" + str(user_id)
+        r = requests.get(path, headers=custom_headers)
+        r.raise_for_status()
+        return r.json()
+
+    @staticmethod
+    def _get_user_roles(user_id):
+        user = DiscordOAuthManager._get_user(user_id)
+        return user['roles']
+
+    @staticmethod
+    def _modify_user_role(user_id, role_id, method):
+        custom_headers = {'content-type': 'application/json', 'authorization': 'Bot ' + settings.DISCORD_BOT_TOKEN}
+        path = DISCORD_URL + "/guilds/" + str(settings.DISCORD_GUILD_ID) + "/members/" + str(user_id) + "/roles/" + str(
+            role_id)
+        r = getattr(requests, method)(path, headers=custom_headers)
+        r.raise_for_status()
+        logger.debug("%s role %s for user %s" % (method, role_id, user_id))

    @staticmethod
    @api_backoff
    def update_groups(user_id, groups):
-        custom_headers = {'content-type': 'application/json', 'authorization': 'Bot ' + settings.DISCORD_BOT_TOKEN}
-        group_ids = [DiscordOAuthManager._group_name_to_id(DiscordOAuthManager._sanitize_groupname(g)) for g in groups]
-        path = DISCORD_URL + "/guilds/" + str(settings.DISCORD_GUILD_ID) + "/members/" + str(user_id)
-        data = {'roles': group_ids}
-        r = requests.patch(path, headers=custom_headers, json=data)
-        logger.debug("Received status code %s after setting user roles" % r.status_code)
-        r.raise_for_status()
-
+        group_ids = [DiscordOAuthManager._group_name_to_id(DiscordOAuthManager._sanitize_group_name(g)) for g in groups]
+        user_group_ids = DiscordOAuthManager._get_user_roles(user_id)
+        for g in group_ids:
+            if g not in user_group_ids:
+                DiscordOAuthManager._modify_user_role(user_id, g, 'put')
+                time.sleep(1)  # we're gonna be hammering the API here
+        for g in user_group_ids:
+            if g not in group_ids:
+                DiscordOAuthManager._modify_user_role(user_id, g, 'delete')
+                time.sleep(1)
--- a/allianceauth/services/modules/discord/migrations/0002_service_permissions.py
+++ b/allianceauth/services/modules/discord/migrations/0002_service_permissions.py
@@ -57,5 +57,5 @@ class Migration(migrations.Migration):
            name='discorduser',
            options={'permissions': (('access_discord', 'Can access the Discord service'),)},
        ),
-        migrations.RunPython(migrate_service_enabled),
+        migrations.RunPython(migrate_service_enabled, migrations.RunPython.noop),
    ]
--- a/allianceauth/services/modules/discord/tasks.py
+++ b/allianceauth/services/modules/discord/tasks.py
@@ -5,10 +5,11 @@ from django.contrib.auth.models import User
 from django.core.exceptions import ObjectDoesNotExist
 from allianceauth.notifications import notify
 from celery import shared_task
-
+from requests.exceptions import HTTPError
 from allianceauth.services.hooks import NameFormatter
 from .manager import DiscordOAuthManager, DiscordApiBackoff
 from .models import DiscordUser
+from allianceauth.services.tasks import QueueOnce

 logger = logging.getLogger(__name__)

@@ -19,15 +20,16 @@ class DiscordTasks:

    @classmethod
    def add_user(cls, user, code):
-        user_id = DiscordOAuthManager.add_user(code)
+        groups = DiscordTasks.get_groups(user)
+        nickname = None
+        if settings.DISCORD_SYNC_NAMES:
+            nickname = DiscordTasks.get_nickname(user)
+        user_id = DiscordOAuthManager.add_user(code, groups, nickname=nickname)
        if user_id:
            discord_user = DiscordUser()
            discord_user.user = user
            discord_user.uid = user_id
            discord_user.save()
-            if settings.DISCORD_SYNC_NAMES:
-                cls.update_nickname.delay(user.pk)
-            cls.update_groups.delay(user.pk)
            return True
        return False

@@ -57,28 +59,32 @@ class DiscordTasks:
            return True

    @staticmethod
-    @shared_task(bind=True, name='discord.update_groups')
-    def update_groups(task_self, pk):
+    @shared_task(bind=True, name='discord.update_groups', base=QueueOnce)
+    def update_groups(self, pk):
        user = User.objects.get(pk=pk)
        logger.debug("Updating discord groups for user %s" % user)
        if DiscordTasks.has_account(user):
-            groups = []
-            for group in user.groups.all():
-                groups.append(str(group.name))
-            if len(groups) == 0:
-                logger.debug("No syncgroups found for user. Adding empty group.")
-                groups.append('empty')
+            groups = DiscordTasks.get_groups(user)
            logger.debug("Updating user %s discord groups to %s" % (user, groups))
            try:
                DiscordOAuthManager.update_groups(user.discord.uid, groups)
            except DiscordApiBackoff as bo:
                logger.info("Discord group sync API back off for %s, "
                            "retrying in %s seconds" % (user, bo.retry_after_seconds))
-                raise task_self.retry(countdown=bo.retry_after_seconds)
+                raise self.retry(countdown=bo.retry_after_seconds)
+            except HTTPError as e:
+                if e.response.status_code == 404:
+                    try:
+                        if e.response.json()['code'] == 10007:
+                            # user has left the server
+                            DiscordTasks.delete_user(user)
+                            return
+                    finally:
+                        raise e
            except Exception as e:
-                if task_self:
+                if self:
                    logger.exception("Discord group sync failed for %s, retrying in 10 mins" % user)
-                    raise task_self.retry(countdown=60 * 10)
+                    raise self.retry(countdown=60 * 10)
                else:
                    # Rethrow
                    raise e
@@ -94,7 +100,7 @@ class DiscordTasks:
            DiscordTasks.update_groups.delay(discord_user.user.pk)

    @staticmethod
-    @shared_task(bind=True, name='discord.update_nickname')
+    @shared_task(bind=True, name='discord.update_nickname', base=QueueOnce)
    def update_nickname(self, pk):
        user = User.objects.get(pk=pk)
        logger.debug("Updating discord nickname for user %s" % user)
@@ -104,6 +110,10 @@ class DiscordTasks:
                logger.debug("Updating user %s discord nickname to %s" % (user, character.character_name))
                try:
                    DiscordOAuthManager.update_nickname(user.discord.uid, DiscordTasks.get_nickname(user))
+                except DiscordApiBackoff as bo:
+                    logger.info("Discord nickname update API back off for %s, "
+                                "retrying in %s seconds" % (user, bo.retry_after_seconds))
+                    raise self.retry(countdown=bo.retry_after_seconds)
                except Exception as e:
                    if self:
                        logger.exception("Discord nickname sync failed for %s, retrying in 10 mins" % user)
@@ -132,3 +142,7 @@ class DiscordTasks:
    def get_nickname(user):
        from .auth_hooks import DiscordService
        return NameFormatter(DiscordService(), user).format_name()
+
+    @staticmethod
+    def get_groups(user):
+        return [g.name for g in user.groups.all()] + [user.profile.state.name]
--- a/allianceauth/services/modules/discord/tests.py
+++ b/allianceauth/services/modules/discord/tests.py
@@ -145,6 +145,7 @@ class DiscordHooksTestCase(TestCase):
 class DiscordViewsTestCase(WebTest):
    def setUp(self):
        self.member = AuthUtils.create_member('auth_member')
+        AuthUtils.add_main_character(self.member, 'test character', '1234', '2345', 'test corp', 'testc')
        add_permissions()

    def login(self):
@@ -198,11 +199,11 @@ class DiscordManagerTestCase(TestCase):
    def setUp(self):
        pass

-    def test__sanitize_groupname(self):
-        test_group_name = ' Group Name_Test_'
-        group_name = DiscordOAuthManager._sanitize_groupname(test_group_name)
+    def test__sanitize_group_name(self):
+        test_group_name = str(10**103)
+        group_name = DiscordOAuthManager._sanitize_group_name(test_group_name)

-        self.assertEqual(group_name, 'GroupName_Test')
+        self.assertEqual(group_name, test_group_name[:100])

    def test_generate_Bot_add_url(self):
        bot_add_url = DiscordOAuthManager.generate_bot_add_url()
@@ -245,18 +246,20 @@ class DiscordManagerTestCase(TestCase):

        headers = {'accept': 'application/json', 'authorization': 'Bearer accesstoken'}

-        m.register_uri('POST',
-                       manager.DISCORD_URL + '/invites/' + str(settings.DISCORD_INVITE_CODE),
-                       request_headers=headers,
-                       text='{}')
-
        m.register_uri('GET',
                       manager.DISCORD_URL + "/users/@me",
                       request_headers=headers,
                       text=json.dumps({'id': "123456"}))

+        headers = {'accept': 'application/json', 'authorization': 'Bot ' + settings.DISCORD_BOT_TOKEN}
+
+        m.register_uri('PUT',
+                       manager.DISCORD_URL + '/guilds/' + str(settings.DISCORD_GUILD_ID) + '/members/123456',
+                       request_headers=headers,
+                       text='{}')
+
        # Act
-        return_value = DiscordOAuthManager.add_user('abcdef')
+        return_value = DiscordOAuthManager.add_user('abcdef', [])

        # Assert
        self.assertEqual(return_value, '123456')
@@ -324,54 +327,54 @@ class DiscordManagerTestCase(TestCase):
        # Assert
        self.assertTrue(result)

+    @mock.patch(MODULE_PATH + '.manager.DiscordOAuthManager._get_user_roles')
    @mock.patch(MODULE_PATH + '.manager.DiscordOAuthManager._get_groups')
    @requests_mock.Mocker()
-    def test_update_groups(self, group_cache, m):
+    def test_update_groups(self, group_cache, user_roles, m):
        # Arrange
-        groups = ['Member', 'Blue', 'Special Group']
+        groups = ['Member', 'Blue', 'SpecialGroup']

-        group_cache.return_value = [{'id': 111, 'name': 'Member'},
-                                    {'id': 222, 'name': 'Blue'},
-                                    {'id': 333, 'name': 'SpecialGroup'},
-                                    {'id': 444, 'name': 'NotYourGroup'}]
+        group_cache.return_value = [{'id': '111', 'name': 'Member'},
+                                    {'id': '222', 'name': 'Blue'},
+                                    {'id': '333', 'name': 'SpecialGroup'},
+                                    {'id': '444', 'name': 'NotYourGroup'}]
+        user_roles.return_value = ['444']

        headers = {'content-type': 'application/json', 'authorization': 'Bot ' + settings.DISCORD_BOT_TOKEN}
        user_id = 12345
-        request_url = '{}/guilds/{}/members/{}'.format(manager.DISCORD_URL, settings.DISCORD_GUILD_ID, user_id)
+        user_request_url = '{}/guilds/{}/members/{}'.format(manager.DISCORD_URL, settings.DISCORD_GUILD_ID, user_id)
+        group_request_urls = ['{}/guilds/{}/members/{}/roles/{}'.format(manager.DISCORD_URL, settings.DISCORD_GUILD_ID, user_id, g['id']) for g in group_cache.return_value]

-        m.patch(request_url,
-                request_headers=headers)
+        m.patch(user_request_url, request_headers=headers)
+        [m.put(url, request_headers=headers) for url in group_request_urls[:-1]]
+        m.delete(group_request_urls[-1], request_headers=headers)

        # Act
        DiscordOAuthManager.update_groups(user_id, groups)

        # Assert
-        self.assertEqual(len(m.request_history), 1, 'Must be one HTTP call made')
-        history = json.loads(m.request_history[0].text)
-        self.assertIn('roles', history, "'The request must send JSON object with the 'roles' key")
-        self.assertIn(111, history['roles'], 'The group id 111 must be added to the request')
-        self.assertIn(222, history['roles'], 'The group id 222 must be added to the request')
-        self.assertIn(333, history['roles'], 'The group id 333 must be added to the request')
-        self.assertNotIn(444, history['roles'], 'The group id 444 must NOT be added to the request')
+        self.assertEqual(len(m.request_history), 4, 'Must be 4 HTTP calls made')

    @mock.patch(MODULE_PATH + '.manager.cache')
-    @mock.patch(MODULE_PATH + '.manager.DiscordOAuthManager._get_groups')
+    @mock.patch(MODULE_PATH + '.manager.DiscordOAuthManager._get_user_roles')
+    @mock.patch(MODULE_PATH + '.manager.DiscordOAuthManager._group_name_to_id')
    @requests_mock.Mocker()
-    def test_update_groups_backoff(self, group_cache, djcache, m):
+    def test_update_groups_backoff(self, name_to_id, user_groups, djcache, m):
        # Arrange
        groups = ['Member']
-        group_cache.return_value = [{'id': 111, 'name': 'Member'}]
+        user_groups.return_value = []
+        name_to_id.return_value = '111'

        headers = {'content-type': 'application/json', 'authorization': 'Bot ' + settings.DISCORD_BOT_TOKEN}
        user_id = 12345
-        request_url = '{}/guilds/{}/members/{}'.format(manager.DISCORD_URL, settings.DISCORD_GUILD_ID, user_id)
+        request_url = '{}/guilds/{}/members/{}/roles/{}'.format(manager.DISCORD_URL, settings.DISCORD_GUILD_ID, user_id, name_to_id.return_value)

        djcache.get.return_value = None  # No existing backoffs in cache

-        m.patch(request_url,
-                request_headers=headers,
-                headers={'Retry-After': '200000'},
-                status_code=429)
+        m.put(request_url,
+              request_headers=headers,
+              headers={'Retry-After': '200000'},
+              status_code=429)

        # Act & Assert
        with self.assertRaises(manager.DiscordApiBackoff) as bo:
@@ -388,23 +391,25 @@ class DiscordManagerTestCase(TestCase):
        self.assertTrue(datetime.datetime.strptime(args[1], manager.cache_time_format) > datetime.datetime.now())

    @mock.patch(MODULE_PATH + '.manager.cache')
-    @mock.patch(MODULE_PATH + '.manager.DiscordOAuthManager._get_groups')
+    @mock.patch(MODULE_PATH + '.manager.DiscordOAuthManager._get_user_roles')
+    @mock.patch(MODULE_PATH + '.manager.DiscordOAuthManager._group_name_to_id')
    @requests_mock.Mocker()
-    def test_update_groups_global_backoff(self, group_cache, djcache, m):
+    def test_update_groups_global_backoff(self, name_to_id, user_groups, djcache, m):
        # Arrange
        groups = ['Member']
-        group_cache.return_value = [{'id': 111, 'name': 'Member'}]
+        user_groups.return_value = []
+        name_to_id.return_value = '111'

        headers = {'content-type': 'application/json', 'authorization': 'Bot ' + settings.DISCORD_BOT_TOKEN}
        user_id = 12345
-        request_url = '{}/guilds/{}/members/{}'.format(manager.DISCORD_URL, settings.DISCORD_GUILD_ID, user_id)
+        request_url = '{}/guilds/{}/members/{}/roles/{}'.format(manager.DISCORD_URL, settings.DISCORD_GUILD_ID, user_id, name_to_id.return_value)

        djcache.get.return_value = None  # No existing backoffs in cache

-        m.patch(request_url,
-                request_headers=headers,
-                headers={'Retry-After': '200000', 'X-RateLimit-Global': 'true'},
-                status_code=429)
+        m.put(request_url,
+              request_headers=headers,
+              headers={'Retry-After': '200000', 'X-RateLimit-Global': 'true'},
+              status_code=429)

        # Act & Assert
        with self.assertRaises(manager.DiscordApiBackoff) as bo:
--- a/allianceauth/services/modules/discourse/manager.py
+++ b/allianceauth/services/modules/discourse/manager.py
@@ -7,7 +7,7 @@ from hashlib import md5

 logger = logging.getLogger(__name__)

-GROUP_CACHE_MAX_AGE = int(getattr(settings, 'DISCOURSE_GROUP_CACHE_MAX_AGE', 2 * 60 * 60))  # default 2 hours
+GROUP_CACHE_MAX_AGE = getattr(settings, 'DISCOURSE_GROUP_CACHE_MAX_AGE', 2 * 60 * 60)  # default 2 hours


 class DiscourseError(Exception):
@@ -23,7 +23,7 @@ class DiscourseError(Exception):
 ENDPOINTS = {
    'groups': {
        'list': {
-            'path': "/admin/groups.json",
+            'path': "/groups/search.json",
            'method': 'get',
            'args': {
                'required': [],
@@ -345,7 +345,7 @@ class DiscourseManager:

    @staticmethod
    def update_groups(user):
-        groups = []
+        groups = [DiscourseManager._sanitize_groupname(user.profile.state.name)]
        for g in user.groups.all():
            groups.append(DiscourseManager._sanitize_groupname(str(g)))
        logger.debug("Updating discourse user %s groups to %s" % (user, groups))
@@ -355,11 +355,14 @@ class DiscourseManager:
        user_groups = DiscourseManager.__get_user_groups(username)
        add_groups = [group_dict[x] for x in group_dict if not group_dict[x] in user_groups]
        rem_groups = [x for x in user_groups if x not in inv_group_dict]
-        if add_groups or rem_groups:
+        if add_groups:
            logger.info(
-                "Updating discourse user %s groups: adding %s, removing %s" % (username, add_groups, rem_groups))
+                "Updating discourse user %s groups: adding %s" % (username, add_groups))
            for g in add_groups:
                DiscourseManager.__add_user_to_group(g, username)
+        if rem_groups:
+            logger.info(
+                "Updating discourse user %s groups: removing %s" % (username, rem_groups))
            for g in rem_groups:
                DiscourseManager.__remove_user_from_group(g, username)

--- a/allianceauth/services/modules/discourse/migrations/0002_service_permissions.py
+++ b/allianceauth/services/modules/discourse/migrations/0002_service_permissions.py
@@ -58,5 +58,5 @@ class Migration(migrations.Migration):
            name='discourseuser',
            options={'permissions': (('access_discourse', 'Can access the Discourse service'),)},
        ),
-        migrations.RunPython(migrate_service_enabled),
+        migrations.RunPython(migrate_service_enabled, migrations.RunPython.noop),
    ]
--- a/Show More
+++ b/Show More