Version Bump v2.9.4

Missing jQuery-UI Images

See merge request allianceauth/allianceauth!1391

.coveragerc

@@ -8,6 +8,8 @@ omit =
     */example/*
     */project_template/*
     */bin/*
+    */tests/*
+    */tests.py
 
 [report]
 exclude_lines =

.editorconfig

@@ -0,0 +1,28 @@
+# http://editorconfig.org
+root = true
+
+[*]
+indent_style = space
+indent_size = 4
+tab_width = 4
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.{yaml,yml,less}]
+indent_size = 2
+
+[*.md]
+indent_size = 2
+
+# Makefiles always use tabs for indentation
+[Makefile]
+indent_style = tab
+
+[*.bat]
+indent_style = tab
+
+[{Dockerfile,*.dockerfile}]
+indent_style = space
+indent_size = 4

.gitignore

@@ -8,6 +8,7 @@ __pycache__/
 # Distribution / packaging
 .Python
 env/
+venv/
 build/
 develop-eggs/
 dist/
@@ -37,11 +38,9 @@ htmlcov/
 .tox/
 .coverage
 .cache
-nosetests.xml
 coverage.xml
 
 # Translations
-*.mo
 *.pot
 
 # Django stuff:
@@ -62,3 +61,18 @@ celerybeat-schedule
 
 #pycharm
 .idea/*
+/nbproject/
+
+#VSCode
+.vscode/
+
+#gitlab configs
+.gitlab/
+
+#transifex
+.tx/
+
+#other
+.flake8
+.pylintrc
+Makefile

.gitlab-ci.yml

@@ -0,0 +1,225 @@
+.only-default: &only-default
+  only:
+    - master
+    - branches
+    - merge_requests
+
+stages:
+- pre-commit
+- gitlab
+- test
+- deploy
+- docker
+
+include:
+- template: Dependency-Scanning.gitlab-ci.yml
+- template: Security/SAST.gitlab-ci.yml
+
+before_script:
+  - apt-get update && apt-get install redis-server -y
+  - redis-server --daemonize yes
+  - python -V
+  - pip install wheel tox
+
+pre-commit-check:
+  <<: *only-default
+  stage: pre-commit
+  image: python:3.6-buster
+  variables:
+    PRE_COMMIT_HOME: ${CI_PROJECT_DIR}/.cache/pre-commit
+  cache:
+    paths:
+      - ${PRE_COMMIT_HOME}
+  script:
+    - pip install pre-commit
+    - pre-commit run --all-files
+
+sast:
+  stage: gitlab
+  before_script: []
+
+dependency_scanning:
+  stage: gitlab
+  before_script:
+  - apt-get update && apt-get install redis-server libmariadb-dev -y
+  - redis-server --daemonize yes
+  - python -V
+  - pip install wheel tox
+
+test-3.7-core:
+  <<: *only-default
+  image: python:3.7-bullseye
+  script:
+  - tox -e py37-core
+  artifacts:
+    when: always
+    reports:
+      cobertura: coverage.xml
+
+test-3.8-core:
+  <<: *only-default
+  image: python:3.8-bullseye
+  script:
+  - tox -e py38-core
+  artifacts:
+    when: always
+    reports:
+      cobertura: coverage.xml
+
+test-3.9-core:
+  <<: *only-default
+  image: python:3.9-bullseye
+  script:
+  - tox -e py39-core
+  artifacts:
+    when: always
+    reports:
+      cobertura: coverage.xml
+
+test-3.10-core:
+  <<: *only-default
+  image: python:3.10-bullseye
+  script:
+  - tox -e py310-core
+  artifacts:
+    when: always
+    reports:
+      cobertura: coverage.xml
+
+test-3.11-core:
+  <<: *only-default
+  image: python:3.11-rc-bullseye
+  script:
+  - tox -e py311-core
+  artifacts:
+    when: always
+    reports:
+      cobertura: coverage.xml
+  allow_failure: true
+
+test-3.7-all:
+  <<: *only-default
+  image: python:3.7-bullseye
+  script:
+  - tox -e py37-all
+  artifacts:
+    when: always
+    reports:
+      cobertura: coverage.xml
+
+test-3.8-all:
+  <<: *only-default
+  image: python:3.8-bullseye
+  script:
+  - tox -e py38-all
+  artifacts:
+    when: always
+    reports:
+      cobertura: coverage.xml
+
+test-3.9-all:
+  <<: *only-default
+  image: python:3.9-bullseye
+  script:
+  - tox -e py39-all
+  artifacts:
+    when: always
+    reports:
+      cobertura: coverage.xml
+
+test-3.10-all:
+  <<: *only-default
+  image: python:3.10-bullseye
+  script:
+  - tox -e py310-all
+  artifacts:
+    when: always
+    reports:
+      cobertura: coverage.xml
+
+test-3.11-all:
+  <<: *only-default
+  image: python:3.11-rc-bullseye
+  script:
+  - tox -e py311-all
+  artifacts:
+    when: always
+    reports:
+      cobertura: coverage.xml
+  allow_failure: true
+
+deploy_production:
+  stage: deploy
+  image: python:3.10-bullseye
+
+  before_script:
+    - pip install twine wheel
+
+  script:
+    - python setup.py sdist bdist_wheel
+    - twine upload dist/*
+
+  rules:
+    - if: $CI_COMMIT_TAG
+
+build-image:
+  before_script: []
+  image: docker:20.10.10
+  stage: docker
+  services:
+    - docker:20.10.10-dind
+  script: |
+    CURRENT_DATE=$(echo $CI_COMMIT_TIMESTAMP | head -c 10 | tr -d -)
+    IMAGE_TAG=$CI_REGISTRY_IMAGE/auth:$CURRENT_DATE-$CI_COMMIT_SHORT_SHA
+    CURRENT_TAG=$CI_REGISTRY_IMAGE/auth:$CI_COMMIT_TAG
+    MINOR_TAG=$CI_REGISTRY_IMAGE/auth:$(echo $CI_COMMIT_TAG | cut -d '.' -f 1-2)
+    MAJOR_TAG=$CI_REGISTRY_IMAGE/auth:$(echo $CI_COMMIT_TAG | cut -d '.' -f 1)
+    LATEST_TAG=$CI_REGISTRY_IMAGE/auth:latest
+
+    docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+    docker build . -t $IMAGE_TAG -f docker/Dockerfile --build-arg AUTH_VERSION=$(echo $CI_COMMIT_TAG | cut -c 2-)
+    docker tag $IMAGE_TAG $CURRENT_TAG
+    docker tag $IMAGE_TAG $MINOR_TAG
+    docker tag $IMAGE_TAG $MAJOR_TAG
+    docker tag $IMAGE_TAG $LATEST_TAG
+    docker image push --all-tags $CI_REGISTRY_IMAGE/auth
+  rules:
+    - if: $CI_COMMIT_TAG
+
+build-image-dev:
+  before_script: []
+  image: docker:20.10.10
+  stage: docker
+  services:
+    - docker:20.10.10-dind
+  script: |
+    CURRENT_DATE=$(echo $CI_COMMIT_TIMESTAMP | head -c 10 | tr -d -)
+    IMAGE_TAG=$CI_REGISTRY_IMAGE/auth:$CURRENT_DATE-$CI_COMMIT_BRANCH-$CI_COMMIT_SHORT_SHA
+
+    docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+    docker build . -t $IMAGE_TAG -f docker/Dockerfile --build-arg AUTH_PACKAGE=git+https://gitlab.com/allianceauth/allianceauth@$CI_COMMIT_BRANCH
+    docker push $IMAGE_TAG
+  rules:
+    - if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME == ""'
+      when: manual
+    - if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME != ""'
+      when: never
+
+build-image-mr:
+  before_script: []
+  image: docker:20.10.10
+  stage: docker
+  services:
+    - docker:20.10.10-dind
+  script: |
+    CURRENT_DATE=$(echo $CI_COMMIT_TIMESTAMP | head -c 10 | tr -d -)
+    IMAGE_TAG=$CI_REGISTRY_IMAGE/auth:$CURRENT_DATE-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME-$CI_COMMIT_SHORT_SHA
+
+    docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+    docker build . -t $IMAGE_TAG -f docker/Dockerfile --build-arg AUTH_PACKAGE=git+$CI_MERGE_REQUEST_SOURCE_PROJECT_URL@$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME
+    docker push $IMAGE_TAG
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+      when: manual
+    - if: '$CI_PIPELINE_SOURCE != "merge_request_event"'
+      when: never

.gitlab/issue_templates/Bug.md

@@ -0,0 +1,14 @@
+# Bug
+
+- I have searched [issues](https://gitlab.com/allianceauth/allianceauth/issues?scope=all&utf8=%E2%9C%93&state=all) (Y/N):
+- What Version of Alliance Auth:
+- What Operating System:
+- Version of other components relevant to issue eg. Service, Database:
+
+Please include a brief description of your issue here.
+
+Please include steps to reproduce the issue
+
+Please include any tracebacks or logs
+
+Please include the results of the command `pip list`

.gitlab/issue_templates/Feature Request.md

@@ -0,0 +1,7 @@
+# Feature Request
+
+- Describe the feature are you requesting.
+
+- Is this a Service (external integration), a Module (Alliance Auth extension) or an enhancement to an existing service/module.
+
+- Describe why its useful to you or others.

.pre-commit-config.yaml

@@ -0,0 +1,34 @@
+# Apply to all files without committing:
+#   pre-commit run --all-files
+# Update this file:
+#   pre-commit autoupdate
+
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.0.1
+    hooks:
+      - id: check-case-conflict
+      - id: check-json
+      - id: check-xml
+      - id: check-yaml
+      - id: fix-byte-order-marker
+      - id: trailing-whitespace
+        exclude: (\.min\.css|\.min\.js|\.mo|\.po|swagger\.json)$
+      - id: end-of-file-fixer
+        exclude: (\.min\.css|\.min\.js|\.mo|\.po|swagger\.json)$
+      - id: mixed-line-ending
+        args: [ '--fix=lf' ]
+      - id: fix-encoding-pragma
+        args: [ '--remove' ]
+
+  - repo: https://github.com/editorconfig-checker/editorconfig-checker.python
+    rev: 2.3.54
+    hooks:
+      - id: editorconfig-checker
+        exclude: ^(LICENSE|allianceauth\/static\/css\/themes\/bootstrap-locals.less|allianceauth\/eveonline\/swagger.json|(.*.po)|(.*.mo))
+
+  - repo: https://github.com/asottile/pyupgrade
+    rev: v2.29.0
+    hooks:
+      - id: pyupgrade
+        args: [ --py37-plus ]

.readthedocs.yml

@@ -0,0 +1,23 @@
+# .readthedocs.yml
+# Read the Docs configuration file
+# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details
+
+# Required
+version: 2
+
+# Build documentation in the docs/ directory with Sphinx
+sphinx:
+  configuration: docs/conf.py
+
+# Build documentation with MkDocs
+#mkdocs:
+#  configuration: mkdocs.yml
+
+# Optionally build your docs in additional formats such as PDF and ePub
+formats: all
+
+# Optionally set the version of Python and requirements required to build your docs
+python:
+  version: 3.7
+  install:
+    - requirements: docs/requirements.txt

.travis.yml

@@ -1,25 +0,0 @@
-language: python
-sudo: false
-cache: pip
-dist: trusty
-install:
-  - pip install coveralls>=1.1 tox
-# command to run tests
-script:
-  - tox
-after_success:
-  coveralls
-matrix:
-  include:
-   - env: TOXENV=py35-dj111
-     python: '3.5'
-   - env: TOXENV=py36-dj111
-     python: '3.6'
-   - env: TOXENV=py35-dj20
-     python: '3.5'
-   - env: TOXENV=py36-dj20
-     python: '3.6'
-   - env: TOXENV=py37-dj20
-     python: '3.7-dev'
-  allow_failures:
-  - env: TOXENV=py37-dj20

LICENSE

@@ -337,4 +337,3 @@ proprietary programs.  If your program is a subroutine library, you may
 consider it more useful to permit linking proprietary applications with the
 library.  If this is what you want to do, use the GNU Lesser General
 Public License instead of this License.
-

README.md

@@ -1,38 +1,86 @@
-Alliance Auth
-============
+# Alliance Auth
 
-[![Join the chat at https://gitter.im/R4stl1n/allianceauth](https://badges.gitter.im/R4stl1n/allianceauth.svg)](https://gitter.im/R4stl1n/allianceauth?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
+[![license](https://img.shields.io/badge/license-GPLv2-green)](https://pypi.org/project/allianceauth/)
+[![python](https://img.shields.io/pypi/pyversions/allianceauth)](https://pypi.org/project/allianceauth/)
+[![django](https://img.shields.io/pypi/djversions/allianceauth?label=django)](https://pypi.org/project/allianceauth/)
+[![version](https://img.shields.io/pypi/v/allianceauth?label=release)](https://pypi.org/project/allianceauth/)
+[![pipeline status](https://gitlab.com/allianceauth/allianceauth/badges/master/pipeline.svg)](https://gitlab.com/allianceauth/allianceauth/commits/master)
 [![Documentation Status](https://readthedocs.org/projects/allianceauth/badge/?version=latest)](http://allianceauth.readthedocs.io/?badge=latest)
-[![Build Status](https://travis-ci.org/allianceauth/allianceauth.svg?branch=master)](https://travis-ci.org/allianceauth/allianceauth)
-[![Coverage Status](https://coveralls.io/repos/github/allianceauth/allianceauth/badge.svg?branch=master)](https://coveralls.io/github/allianceauth/allianceauth?branch=master)
+[![coverage report](https://gitlab.com/allianceauth/allianceauth/badges/master/coverage.svg)](https://gitlab.com/allianceauth/allianceauth/commits/master)
+[![Chat on Discord](https://img.shields.io/discord/399006117012832262.svg)](https://discord.gg/fjnHAmk)
 
+An auth system for EVE Online to help in-game organizations manage online service access.
 
-EVE service auth to help corps, alliances, and coalitions manage services.
-Built for "The 99 Percent" open for anyone to use.
+## Content
 
-[Read the docs here.](http://allianceauth.rtfd.io)
+- [Overview](#overview)
+- [Documentation](http://allianceauth.rtfd.io)
+- [Support](#support)
+- [Release Notes](https://gitlab.com/allianceauth/allianceauth/-/releases)
+- [Developer Team](#developer-team)
+- [Contributing](#contributing)
 
-[Get help on gitter](https://gitter.im/R4stl1n/allianceauth) or submit an Issue.
+## Overview
 
+Alliance Auth (AA) is a web site that helps Eve Online organizations efficiently manage access to applications and services.
 
-Active Developers:
+Main features:
 
- - [Adarnof](https://github.com/Adarnof)
- - [Basraah](https://github.com/basraah)
+- Automatically grants or revokes user access to external services (e.g. Discord, Mumble) and web apps (e.g. SRP requests) based on the user's current membership to [in-game organizations](https://allianceauth.readthedocs.io/en/latest/features/core/states/) and [groups](https://allianceauth.readthedocs.io/en/latest/features/core/groups/)
 
+- Provides a central web site where users can directly access web apps (e.g. SRP requests, Fleet Schedule) and manage their access to external services and groups.
 
-Beta Testers / Bug Fixers:
+- Includes a set of connectors (called ["services"](https://allianceauth.readthedocs.io/en/latest/features/services/)) for integrating access management with many popular external applications / services like Discord, Mumble, Teamspeak 3, SMF and others
 
- - [ghoti](https://github.com/ghoti)
- - [mmolitor87](https://github.com/mmolitor87)
+- Includes a set of web [apps](https://allianceauth.readthedocs.io/en/latest/features/apps/) which add many useful functions, e.g.: fleet schedule, timer board, SRP request management, fleet activity tracker
 
+- Can be easily extended with additional services and apps. Many are provided by the community and can be found here: [Community Creations](https://gitlab.com/allianceauth/community-creations)
 
-Past Beta Testers / Bug Fixers:
+- English :flag_gb:, Chinese :flag_cn:, German :flag_de:, Spanish :flag_es:, Korean :flag_kr: and Russian :flag_ru: localization
 
-- TrentBartlem (Testing and Bug Fixes)
-- IskFiend (Bug Fixes and Server Configuration)
-- Mr McClain (Bug Fixes and server configuration)
+For further details about AA - including an installation guide and a full list of included services and plugin apps - please see the [official documentation](http://allianceauth.rtfd.io).
 
-Special Thanks:
+## Screenshot
 
-- Thanks to Nikdoof, without his old auth implementation this project wouldn't be as far as it is now.
+Here is an example of the Alliance Auth web site with some plug-ins apps and services enabled:
+
+![screenshot](https://i.imgur.com/2tnX9kD.png)
+
+## Support
+
+[Get help on Discord](https://discord.gg/fjnHAmk) or submit an [issue](https://gitlab.com/allianceauth/allianceauth/issues).
+
+## Development Team
+
+### Active Developers
+
+- [Aaron Kable](https://gitlab.com/aaronkable/)
+- [Ariel Rin](https://gitlab.com/soratidus999/)
+- [Basraah](https://gitlab.com/basraah/)
+- [Col Crunch](https://gitlab.com/colcrunch/)
+- [Erik Kalkoken](https://gitlab.com/ErikKalkoken/)
+
+### Former Developers
+
+- [Adarnof](https://gitlab.com/adarnof/)
+
+### Beta Testers / Bug Fixers
+
+- [ghoti](https://gitlab.com/ChainsawMcGinny/)
+- [kaezon](https://github.com/kaezon/)
+- [mmolitor87](https://gitlab.com/mmolitor87/)
+- [orbitroom](https://github.com/orbitroom/)
+- [TargetZ3R0](https://github.com/TargetZ3R0)
+- [tehfiend](https://github.com/tehfiend/)
+
+Special thanks to [Nikdoof](https://github.com/nikdoof/), as his [auth](https://github.com/nikdoof/test-auth) was the foundation for the original work on this project.
+
+## Contributing
+
+Alliance Auth is maintained and developed by the community and we welcome every contribution!
+
+To see what needs to be worked on please review our issue list or chat with our active developers on Discord.
+
+Also, please make sure you have signed the [License Agreement](https://developers.eveonline.com/resource/license-agreement) by logging in at [https://developers.eveonline.com](https://developers.eveonline.com) before submitting any pull requests.
+
+In addition to the core AA system we also very much welcome contributions to our growing list of 3rd party services and plugin apps. Please see [AA Community Creations](https://gitlab.com/allianceauth/community-creations) for details.

allianceauth/__init__.py

@@ -1,7 +1,8 @@
 # This will make sure the app is always imported when
 # Django starts so that shared_task will use this app.
 
-__version__ = '2.0b2'
-NAME = 'Alliance Auth v%s' % __version__
+__version__ = '2.9.4'
+__title__ = 'Alliance Auth'
+__url__ = 'https://gitlab.com/allianceauth/allianceauth'
+NAME = f'{__title__} v{__version__}'
 default_app_config = 'allianceauth.apps.AllianceAuthConfig'
-

allianceauth/analytics/__init__.py

@@ -0,0 +1 @@
+default_app_config = 'allianceauth.analytics.apps.AnalyticsConfig'

allianceauth/analytics/admin.py

@@ -0,0 +1,21 @@
+from django.contrib import admin
+
+from .models import AnalyticsIdentifier, AnalyticsPath, AnalyticsTokens
+
+
+@admin.register(AnalyticsIdentifier)
+class AnalyticsIdentifierAdmin(admin.ModelAdmin):
+    search_fields = ['identifier', ]
+    list_display = ('identifier',)
+
+
+@admin.register(AnalyticsTokens)
+class AnalyticsTokensAdmin(admin.ModelAdmin):
+    search_fields = ['name', ]
+    list_display = ('name', 'type',)
+
+
+@admin.register(AnalyticsPath)
+class AnalyticsPathAdmin(admin.ModelAdmin):
+    search_fields = ['ignore_path', ]
+    list_display = ('ignore_path',)

allianceauth/analytics/apps.py

@@ -0,0 +1,9 @@
+from django.apps import AppConfig
+
+
+class AnalyticsConfig(AppConfig):
+    name = 'allianceauth.analytics'
+    label = 'analytics'
+
+    def ready(self):
+        import allianceauth.analytics.signals

allianceauth/analytics/fixtures/disable_analytics.json

@@ -0,0 +1,21 @@
+[
+    {
+    "model": "analytics.AnalyticsTokens",
+    "pk": 1,
+    "fields": {
+        "name": "AA Team Public Google Analytics (Universal)",
+        "type": "GA-V4",
+        "token": "UA-186249766-2",
+        "send_page_views": "False",
+        "send_celery_tasks": "False",
+        "send_stats": "False"
+        }
+    },
+    {
+        "model": "analytics.AnalyticsIdentifier",
+        "pk": 1,
+        "fields": {
+            "identifier": "ab33e241fbf042b6aa77c7655a768af7"
+        }
+    }
+]

allianceauth/analytics/middleware.py

@@ -0,0 +1,49 @@
+from bs4 import BeautifulSoup
+
+from django.utils.deprecation import MiddlewareMixin
+from .models import AnalyticsTokens, AnalyticsIdentifier
+from .tasks import send_ga_tracking_web_view
+
+import re
+
+
+class AnalyticsMiddleware(MiddlewareMixin):
+    def process_response(self, request, response):
+        """Django Middleware: Process Page Views and creates Analytics Celery Tasks"""
+        analyticstokens = AnalyticsTokens.objects.all()
+        client_id = AnalyticsIdentifier.objects.get(id=1).identifier.hex
+        try:
+            title = BeautifulSoup(
+                response.content, "html.parser").html.head.title.text
+        except AttributeError:
+            title = ''
+        for token in analyticstokens:
+            # Check if Page View Sending is Disabled
+            if token.send_page_views is False:
+                continue
+            # Check Exclusions
+            ignore = False
+            for ignore_path in token.ignore_paths.values():
+                ignore_path_regex = re.compile(ignore_path["ignore_path"])
+                if re.search(ignore_path_regex, request.path) is not None:
+                    ignore = True
+
+            if ignore is True:
+                continue
+
+            tracking_id = token.token
+            locale = request.LANGUAGE_CODE
+            path = request.path
+            try:
+                useragent = request.headers["User-Agent"]
+            except KeyError:
+                useragent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"
+
+            send_ga_tracking_web_view.s(tracking_id=tracking_id,
+                                        client_id=client_id,
+                                        page=path,
+                                        title=title,
+                                        locale=locale,
+                                        useragent=useragent).\
+                apply_async(priority=9)
+        return response

allianceauth/analytics/migrations/0001_initial.py

@@ -0,0 +1,42 @@
+# Generated by Django 3.1.4 on 2020-12-30 13:11
+
+from django.db import migrations, models
+import uuid
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='AnalyticsIdentifier',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('identifier', models.UUIDField(default=uuid.uuid4, editable=False)),
+            ],
+        ),
+        migrations.CreateModel(
+            name='AnalyticsPath',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('ignore_path', models.CharField(default='/example/', max_length=254)),
+            ],
+        ),
+        migrations.CreateModel(
+            name='AnalyticsTokens',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=254)),
+                ('type', models.CharField(choices=[('GA-U', 'Google Analytics Universal'), ('GA-V4', 'Google Analytics V4')], max_length=254)),
+                ('token', models.CharField(max_length=254)),
+                ('send_page_views', models.BooleanField(default=False)),
+                ('send_celery_tasks', models.BooleanField(default=False)),
+                ('send_stats', models.BooleanField(default=False)),
+                ('ignore_paths', models.ManyToManyField(blank=True, to='analytics.AnalyticsPath')),
+            ],
+        ),
+    ]

allianceauth/analytics/migrations/0002_add_AA_Team_Token.py

@@ -0,0 +1,34 @@
+# Generated by Django 3.1.4 on 2020-12-30 08:53
+
+from django.db import migrations
+
+
+def add_aa_team_token(apps, schema_editor):
+    # We can't import the Person model directly as it may be a newer
+    # version than this migration expects. We use the historical version.
+    Tokens = apps.get_model('analytics', 'AnalyticsTokens')
+    token = Tokens()
+    token.type = 'GA-U'
+    token.token = 'UA-186249766-2'
+    token.send_page_views = True
+    token.send_celery_tasks = True
+    token.send_stats = True
+    token.name = 'AA Team Public Google Analytics (Universal)'
+    token.save()
+
+
+def remove_aa_team_token(apps, schema_editor):
+    # Have to define some code to remove this identifier
+    # In case of migration rollback?
+    Tokens = apps.get_model('analytics', 'AnalyticsTokens')
+    token = Tokens.objects.filter(token="UA-186249766-2").delete()
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('analytics', '0001_initial'),
+        ]
+
+    operations = [migrations.RunPython(add_aa_team_token, remove_aa_team_token)
+                    ]

allianceauth/analytics/migrations/0003_Generate_Identifier.py

@@ -0,0 +1,30 @@
+# Generated by Django 3.1.4 on 2020-12-30 08:53
+
+from uuid import uuid4
+from django.db import migrations
+
+
+def generate_identifier(apps, schema_editor):
+    # We can't import the Person model directly as it may be a newer
+    # version than this migration expects. We use the historical version.
+    Identifier = apps.get_model('analytics', 'AnalyticsIdentifier')
+    identifier = Identifier()
+    identifier.id = 1
+    identifier.save()
+
+
+def zero_identifier(apps, schema_editor):
+    # Have to define some code to remove this identifier
+    # In case of migration rollback?
+    Identifier = apps.get_model('analytics', 'AnalyticsIdentifier')
+    Identifier.objects.filter(id=1).delete()
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('analytics', '0002_add_AA_Team_Token'),
+    ]
+
+    operations = [migrations.RunPython(generate_identifier, zero_identifier)
+                    ]

allianceauth/analytics/migrations/0004_auto_20211015_0502.py

@@ -0,0 +1,31 @@
+# Generated by Django 3.1.13 on 2021-10-15 05:02
+
+from django.db import migrations
+
+
+def modify_aa_team_token_add_page_ignore_paths(apps, schema_editor):
+    # We can't import the Person model directly as it may be a newer
+    # version than this migration expects. We use the historical version.
+
+    AnalyticsPath = apps.get_model('analytics', 'AnalyticsPath')
+    admin = AnalyticsPath.objects.create(ignore_path=r"^\/admin\/.*")
+    user_notifications_count = AnalyticsPath.objects.create(ignore_path=r"^\/user_notifications_count\/.*")
+
+    Tokens = apps.get_model('analytics', 'AnalyticsTokens')
+    token = Tokens.objects.get(token="UA-186249766-2")
+    token.ignore_paths.add(admin, user_notifications_count)
+
+
+def undo_modify_aa_team_token_add_page_ignore_paths(apps, schema_editor):
+    # nothing should need to migrate away here?
+    return True
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('analytics', '0003_Generate_Identifier'),
+    ]
+
+    operations = [migrations.RunPython(modify_aa_team_token_add_page_ignore_paths, undo_modify_aa_team_token_add_page_ignore_paths)
+    ]

allianceauth/analytics/migrations/0005_alter_analyticspath_ignore_path.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2.8 on 2021-10-17 16:26
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('analytics', '0004_auto_20211015_0502'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='analyticspath',
+            name='ignore_path',
+            field=models.CharField(default='/example/', help_text='Regex Expression, If matched no Analytics Page View is sent', max_length=254),
+        ),
+    ]

allianceauth/analytics/models.py

@@ -0,0 +1,38 @@
+from django.db import models
+from django.core.exceptions import ValidationError
+from django.utils.translation import gettext_lazy as _
+
+from uuid import uuid4
+
+
+class AnalyticsIdentifier(models.Model):
+
+    identifier = models.UUIDField(default=uuid4,
+                                  editable=False)
+
+    def save(self, *args, **kwargs):
+        if not self.pk and AnalyticsIdentifier.objects.exists():
+            # Force a single object
+            raise ValidationError('There is can be only one \
+                                   AnalyticsIdentifier instance')
+        self.pk = self.id = 1 # If this happens to be deleted and recreated, force it to be 1
+        return super().save(*args, **kwargs)
+
+
+class AnalyticsPath(models.Model):
+    ignore_path = models.CharField(max_length=254, default="/example/", help_text="Regex Expression, If matched no Analytics Page View is sent")
+
+
+class AnalyticsTokens(models.Model):
+
+    class Analytics_Type(models.TextChoices):
+        GA_U = 'GA-U', _('Google Analytics Universal')
+        GA_V4 = 'GA-V4', _('Google Analytics V4')
+
+    name = models.CharField(max_length=254)
+    type = models.CharField(max_length=254, choices=Analytics_Type.choices)
+    token = models.CharField(max_length=254, blank=False)
+    send_page_views = models.BooleanField(default=False)
+    send_celery_tasks = models.BooleanField(default=False)
+    send_stats = models.BooleanField(default=False)
+    ignore_paths = models.ManyToManyField(AnalyticsPath, blank=True)

allianceauth/analytics/signals.py

@@ -0,0 +1,50 @@
+from allianceauth.analytics.tasks import analytics_event
+from celery.signals import task_failure, task_success
+
+import logging
+logger = logging.getLogger(__name__)
+
+
+@task_failure.connect
+def process_failure_signal(
+                        exception, traceback,
+                        sender, task_id, signal,
+                        args, kwargs, einfo, **kw):
+    logger.debug("Celery task_failure signal %s" % sender.__class__.__name__)
+
+    category = sender.__module__
+
+    if 'allianceauth.analytics' not in category:
+        if category.endswith(".tasks"):
+            category = category[:-6]
+
+        action = sender.__name__
+
+        label = f"{exception.__class__.__name__}"
+
+        analytics_event(category=category,
+                        action=action,
+                        label=label)
+
+
+@task_success.connect
+def celery_success_signal(sender, result=None, **kw):
+    logger.debug("Celery task_success signal %s" % sender.__class__.__name__)
+
+    category = sender.__module__
+
+    if 'allianceauth.analytics' not in category:
+        if category.endswith(".tasks"):
+            category = category[:-6]
+
+        action = sender.__name__
+        label = "Success"
+
+        value = 0
+        if isinstance(result, int):
+            value = result
+
+        analytics_event(category=category,
+                        action=action,
+                        label=label,
+                        value=value)

allianceauth/analytics/tasks.py

@@ -0,0 +1,207 @@
+import requests
+import logging
+from django.conf import settings
+from django.apps import apps
+from celery import shared_task
+from allianceauth import __version__
+from .models import AnalyticsTokens, AnalyticsIdentifier
+from .utils import (
+    install_stat_addons,
+    install_stat_tokens,
+    install_stat_users)
+
+logger = logging.getLogger(__name__)
+
+BASE_URL = "https://www.google-analytics.com/"
+
+DEBUG_URL = f"{BASE_URL}debug/collect"
+COLLECTION_URL = f"{BASE_URL}collect"
+
+if getattr(settings, "ANALYTICS_ENABLE_DEBUG", False) and settings.DEBUG:
+    # Force sending of analytics data during in a debug/test environemt
+    # Usefull for developers working on this feature.
+    logger.warning(
+                "You have 'ANALYTICS_ENABLE_DEBUG' Enabled! "
+                "This debug instance will send analytics data!")
+    DEBUG_URL = COLLECTION_URL
+
+ANALYTICS_URL = COLLECTION_URL
+
+if settings.DEBUG is True:
+    ANALYTICS_URL = DEBUG_URL
+
+
+def analytics_event(category: str,
+                    action: str,
+                    label: str,
+                    value: int = 0,
+                    event_type: str = 'Celery'):
+    """
+    Send a Google Analytics Event for each token stored
+    Includes check for if its enabled/disabled
+
+    Parameters
+    -------
+    `category` (str): Celery Namespace
+    `action` (str): Task Name
+    `label` (str): Optional, Task Success/Exception
+    `value` (int): Optional, If bulk, Query size, can be a binary True/False
+    `event_type` (str): Optional, Celery or Stats only, Default to Celery
+    """
+    analyticstokens = AnalyticsTokens.objects.all()
+    client_id = AnalyticsIdentifier.objects.get(id=1).identifier.hex
+    for token in analyticstokens:
+        if event_type == 'Celery':
+            allowed = token.send_celery_tasks
+        elif event_type == 'Stats':
+            allowed = token.send_stats
+        else:
+            allowed = False
+
+        if allowed is True:
+            tracking_id = token.token
+            send_ga_tracking_celery_event.s(tracking_id=tracking_id,
+                                            client_id=client_id,
+                                            category=category,
+                                            action=action,
+                                            label=label,
+                                            value=value).\
+                apply_async(priority=9)
+
+
+@shared_task()
+def analytics_daily_stats():
+    """Celery Task: Do not call directly
+
+    Gathers a series of daily statistics and sends analytics events containing them"""
+    users = install_stat_users()
+    tokens = install_stat_tokens()
+    addons = install_stat_addons()
+    logger.debug("Running Daily Analytics Upload")
+
+    analytics_event(category='allianceauth.analytics',
+                    action='send_install_stats',
+                    label='existence',
+                    value=1,
+                    event_type='Stats')
+    analytics_event(category='allianceauth.analytics',
+                    action='send_install_stats',
+                    label='users',
+                    value=users,
+                    event_type='Stats')
+    analytics_event(category='allianceauth.analytics',
+                    action='send_install_stats',
+                    label='tokens',
+                    value=tokens,
+                    event_type='Stats')
+    analytics_event(category='allianceauth.analytics',
+                    action='send_install_stats',
+                    label='addons',
+                    value=addons,
+                    event_type='Stats')
+
+    for appconfig in apps.get_app_configs():
+        analytics_event(category='allianceauth.analytics',
+                        action='send_extension_stats',
+                        label=appconfig.label,
+                        value=1,
+                        event_type='Stats')
+
+
+@shared_task()
+def send_ga_tracking_web_view(
+                            tracking_id: str,
+                            client_id: str,
+                            page: str,
+                            title: str,
+                            locale: str,
+                            useragent: str) -> requests.Response:
+
+    """Celery Task: Do not call directly
+
+    Sends Page View events to GA, Called only via analytics.middleware
+
+    Parameters
+    ----------
+    `tracking_id` (str): Unique Server Identifier
+    `client_id` (str): GA Token
+    `page` (str): Page Path
+    `title` (str): Page Title
+    `locale` (str): Browser Language
+    `useragent` (str): Browser UserAgent
+
+    Returns
+    -------
+    requests.Reponse Object
+    """
+    headers = {"User-Agent": useragent}
+
+    payload = {
+            'v': '1',
+            'tid': tracking_id,
+            'cid': client_id,
+            't': 'pageview',
+            'dp': page,
+            'dt': title,
+            'ul': locale,
+            'ua': useragent,
+            'aip': 1,
+            'an': "allianceauth",
+            'av': __version__
+            }
+
+    response = requests.post(
+                        ANALYTICS_URL, data=payload,
+                        timeout=5, headers=headers)
+    logger.debug(f"Analytics Page View HTTP{response.status_code}")
+    return response
+
+
+@shared_task()
+def send_ga_tracking_celery_event(
+                                tracking_id: str,
+                                client_id: str,
+                                category: str,
+                                action: str,
+                                label: str,
+                                value: int) -> requests.Response:
+    """Celery Task: Do not call directly
+
+    Sends Page View events to GA, Called only via analytics.middleware
+
+    Parameters
+    ----------
+    `tracking_id` (str): Unique Server Identifier
+    `client_id` (str): GA Token
+    `category` (str): Celery Namespace
+    `action` (str): Task Name
+    `label` (str): Optional, Task Success/Exception
+    `value` (int): Optional, If bulk, Query size, can be a binary True/False
+
+    Returns
+    -------
+    requests.Reponse Object
+    """
+
+    headers = {
+        "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"}
+
+    payload = {
+            'v': '1',
+            'tid': tracking_id,
+            'cid': client_id,
+            't': 'event',
+            'ec': category,
+            'ea': action,
+            'el': label,
+            'ev': value,
+            'aip': 1,
+            'an': "allianceauth",
+            'av': __version__
+            }
+
+    response = requests.post(
+                        ANALYTICS_URL, data=payload,
+                        timeout=5, headers=headers)
+    logger.debug(f"Analytics Celery/Stats Event HTTP{response.status_code}")
+    return response

allianceauth/analytics/tests/test_middleware.py

@@ -0,0 +1,23 @@
+from allianceauth.analytics.middleware import AnalyticsMiddleware
+from unittest.mock import Mock
+
+from django.test.testcases import TestCase
+
+
+class TestAnalyticsMiddleware(TestCase):
+
+    def setUp(self):
+        self.middleware = AnalyticsMiddleware()
+        self.request = Mock()
+        self.request.headers = {
+                "User-Agent": "AUTOMATED TEST"
+            }
+        self.request.path = '/testURL/'
+        self.request.session = {}
+        self.request.LANGUAGE_CODE = 'en'
+        self.response = Mock()
+        self.response.content = 'hello world'
+
+    def test_middleware(self):
+        response = self.middleware.process_response(self.request, self.response)
+        self.assertEqual(self.response, response)

allianceauth/analytics/tests/test_models.py

@@ -0,0 +1,26 @@
+from allianceauth.analytics.models import AnalyticsIdentifier
+from django.core.exceptions import ValidationError
+
+from django.test.testcases import TestCase
+
+from uuid import UUID, uuid4
+
+
+# Identifiers
+uuid_1 = "ab33e241fbf042b6aa77c7655a768af7"
+uuid_2 = "7aa6bd70701f44729af5e3095ff4b55c"
+
+
+class TestAnalyticsIdentifier(TestCase):
+
+    def test_identifier_random(self):
+        self.assertNotEqual(AnalyticsIdentifier.objects.get(), uuid4)
+
+    def test_identifier_singular(self):
+        AnalyticsIdentifier.objects.all().delete()
+        AnalyticsIdentifier.objects.create(identifier=uuid_1)
+        # Yeah i have multiple asserts here, they all do the same thing
+        with self.assertRaises(ValidationError):
+            AnalyticsIdentifier.objects.create(identifier=uuid_2)
+        self.assertEqual(AnalyticsIdentifier.objects.count(), 1)
+        self.assertEqual(AnalyticsIdentifier.objects.get(pk=1).identifier, UUID(uuid_1))

allianceauth/analytics/tests/test_tasks.py

@@ -0,0 +1,119 @@
+from allianceauth.analytics.tasks import (
+    analytics_event,
+    send_ga_tracking_celery_event,
+    send_ga_tracking_web_view)
+from django.test.testcases import TestCase
+
+
+class TestAnalyticsTasks(TestCase):
+    def test_analytics_event(self):
+        analytics_event(
+                        category='allianceauth.analytics',
+                        action='send_tests',
+                        label='test',
+                        value=1,
+                        event_type='Stats')
+
+    def test_send_ga_tracking_web_view_sent(self):
+        # This test sends if the event SENDS to google
+        # Not if it was successful
+        tracking_id = 'UA-186249766-2'
+        client_id = 'ab33e241fbf042b6aa77c7655a768af7'
+        page = '/index/'
+        title = 'Hello World'
+        locale = 'en'
+        useragent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"
+        response = send_ga_tracking_web_view(
+                                            tracking_id,
+                                            client_id,
+                                            page,
+                                            title,
+                                            locale,
+                                            useragent)
+        self.assertEqual(response.status_code, 200)
+
+    def test_send_ga_tracking_web_view_success(self):
+        tracking_id = 'UA-186249766-2'
+        client_id = 'ab33e241fbf042b6aa77c7655a768af7'
+        page = '/index/'
+        title = 'Hello World'
+        locale = 'en'
+        useragent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"
+        json_response = send_ga_tracking_web_view(
+                                                tracking_id,
+                                                client_id,
+                                                page,
+                                                title,
+                                                locale,
+                                                useragent).json()
+        self.assertTrue(json_response["hitParsingResult"][0]["valid"])
+
+    def test_send_ga_tracking_web_view_invalid_token(self):
+        tracking_id = 'UA-IntentionallyBadTrackingID-2'
+        client_id = 'ab33e241fbf042b6aa77c7655a768af7'
+        page = '/index/'
+        title = 'Hello World'
+        locale = 'en'
+        useragent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"
+        json_response = send_ga_tracking_web_view(
+                                            tracking_id,
+                                            client_id,
+                                            page,
+                                            title,
+                                            locale,
+                                            useragent).json()
+        self.assertFalse(json_response["hitParsingResult"][0]["valid"])
+        self.assertEqual(json_response["hitParsingResult"][0]["parserMessage"][1]["description"], "The value provided for parameter 'tid' is invalid. Please see http://goo.gl/a8d4RP#tid for details.")
+
+        # [{'valid': False, 'parserMessage': [{'messageType': 'INFO', 'description': 'IP Address from this hit was anonymized to 1.132.110.0.', 'messageCode': 'VALUE_MODIFIED'}, {'messageType': 'ERROR', 'description': "The value provided for parameter 'tid' is invalid. Please see http://goo.gl/a8d4RP#tid for details.", 'messageCode': 'VALUE_INVALID', 'parameter': 'tid'}], 'hit': '/debug/collect?v=1&tid=UA-IntentionallyBadTrackingID-2&cid=ab33e241fbf042b6aa77c7655a768af7&t=pageview&dp=/index/&dt=Hello World&ul=en&ua=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36&aip=1&an=allianceauth&av=2.9.0a2'}]
+
+    def test_send_ga_tracking_celery_event_sent(self):
+        tracking_id = 'UA-186249766-2'
+        client_id = 'ab33e241fbf042b6aa77c7655a768af7'
+        category = 'test'
+        action = 'test'
+        label = 'test'
+        value = '1'
+        response = send_ga_tracking_celery_event(
+                                                tracking_id,
+                                                client_id,
+                                                category,
+                                                action,
+                                                label,
+                                                value)
+        self.assertEqual(response.status_code, 200)
+
+    def test_send_ga_tracking_celery_event_success(self):
+        tracking_id = 'UA-186249766-2'
+        client_id = 'ab33e241fbf042b6aa77c7655a768af7'
+        category = 'test'
+        action = 'test'
+        label = 'test'
+        value = '1'
+        json_response = send_ga_tracking_celery_event(
+                                                    tracking_id,
+                                                    client_id,
+                                                    category,
+                                                    action,
+                                                    label,
+                                                    value).json()
+        self.assertTrue(json_response["hitParsingResult"][0]["valid"])
+
+    def test_send_ga_tracking_celery_event_invalid_token(self):
+        tracking_id = 'UA-IntentionallyBadTrackingID-2'
+        client_id = 'ab33e241fbf042b6aa77c7655a768af7'
+        category = 'test'
+        action = 'test'
+        label = 'test'
+        value = '1'
+        json_response = send_ga_tracking_celery_event(
+                                                    tracking_id,
+                                                    client_id,
+                                                    category,
+                                                    action,
+                                                    label,
+                                                    value).json()
+        self.assertFalse(json_response["hitParsingResult"][0]["valid"])
+        self.assertEqual(json_response["hitParsingResult"][0]["parserMessage"][1]["description"], "The value provided for parameter 'tid' is invalid. Please see http://goo.gl/a8d4RP#tid for details.")
+
+        # [{'valid': False, 'parserMessage': [{'messageType': 'INFO', 'description': 'IP Address from this hit was anonymized to 1.132.110.0.', 'messageCode': 'VALUE_MODIFIED'}, {'messageType': 'ERROR', 'description': "The value provided for parameter 'tid' is invalid. Please see http://goo.gl/a8d4RP#tid for details.", 'messageCode': 'VALUE_INVALID', 'parameter': 'tid'}], 'hit': '/debug/collect?v=1&tid=UA-IntentionallyBadTrackingID-2&cid=ab33e241fbf042b6aa77c7655a768af7&t=pageview&dp=/index/&dt=Hello World&ul=en&ua=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36&aip=1&an=allianceauth&av=2.9.0a2'}]

allianceauth/analytics/tests/test_utils.py

@@ -0,0 +1,55 @@
+from django.apps import apps
+from allianceauth.authentication.models import User
+from esi.models import Token
+from allianceauth.analytics.utils import install_stat_users, install_stat_tokens, install_stat_addons
+
+from django.test.testcases import TestCase
+
+
+def create_testdata():
+    User.objects.all().delete()
+    User.objects.create_user(
+        'user_1'
+        'abc@example.com',
+        'password'
+    )
+    User.objects.create_user(
+        'user_2'
+        'abc@example.com',
+        'password'
+    )
+    #Token.objects.all().delete()
+    #Token.objects.create(
+    #            character_id=101,
+    #            character_name='character1',
+    #            access_token='my_access_token'
+    #)
+    #Token.objects.create(
+    #            character_id=102,
+    #            character_name='character2',
+    #            access_token='my_access_token'
+    #)
+
+
+class TestAnalyticsUtils(TestCase):
+
+    def test_install_stat_users(self):
+        create_testdata()
+        expected = 2
+
+        users = install_stat_users()
+        self.assertEqual(users, expected)
+
+    #def test_install_stat_tokens(self):
+    #    create_testdata()
+    #    expected = 2
+    #
+    #   tokens = install_stat_tokens()
+    #   self.assertEqual(tokens, expected)
+
+    def test_install_stat_addons(self):
+        # this test does what its testing...
+        # but helpful for existing as a sanity check
+        expected = len(list(apps.get_app_configs()))
+        addons = install_stat_addons()
+        self.assertEqual(addons, expected)

allianceauth/analytics/utils.py

@@ -0,0 +1,36 @@
+from django.apps import apps
+from allianceauth.authentication.models import User
+from esi.models import Token
+
+
+def install_stat_users() -> int:
+    """Count and Return the number of User accounts
+
+    Returns
+    -------
+    int
+        The Number of User objects"""
+    users = User.objects.count()
+    return users
+
+
+def install_stat_tokens() -> int:
+    """Count and Return the number of ESI Tokens Stored
+
+    Returns
+    -------
+    int
+        The Number of Token Objects"""
+    tokens = Token.objects.count()
+    return tokens
+
+
+def install_stat_addons() -> int:
+    """Count and Return the number of Django Applications Installed
+
+    Returns
+    -------
+    int
+        The Number of Installed Apps"""
+    addons = len(list(apps.get_app_configs()))
+    return addons

allianceauth/authentication/admin.py

@@ -1,11 +1,26 @@
 from django.contrib import admin
 from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
-from django.contrib.auth.models import User, Permission
-from django.utils.text import slugify
+from django.contrib.auth.models import User as BaseUser, \
+    Permission as BasePermission, Group
+from django.db.models import Count, Q
 from allianceauth.services.hooks import ServicesHook
+from django.db.models.signals import pre_save, post_save, pre_delete, \
+    post_delete, m2m_changed
+from django.db.models.functions import Lower
+from django.dispatch import receiver
+from django.forms import ModelForm
+from django.utils.html import format_html
+from django.urls import reverse
+from django.utils.text import slugify
 
-from allianceauth.authentication.models import State, get_guest_state, CharacterOwnership, UserProfile
+from allianceauth.authentication.models import State, get_guest_state,\
+    CharacterOwnership, UserProfile, OwnershipRecord
 from allianceauth.hooks import get_hooks
+from allianceauth.eveonline.models import EveCharacter, EveCorporationInfo,\
+    EveAllianceInfo, EveFactionInfo
+from allianceauth.eveonline.tasks import update_character
+from .app_settings import AUTHENTICATION_ADMIN_USERS_MAX_GROUPS, \
+    AUTHENTICATION_ADMIN_USERS_MAX_CHARS
 
 
 def make_service_hooks_update_groups_action(service):
@@ -15,11 +30,14 @@ def make_service_hooks_update_groups_action(service):
     :return: fn to update services groups for the selected users
     """
     def update_service_groups(modeladmin, request, queryset):
-        for user in queryset:  # queryset filtering doesn't work here?
-            service.update_groups(user)
+        if hasattr(service, 'update_groups_bulk'):
+            service.update_groups_bulk(queryset)
+        else:
+            for user in queryset:  # queryset filtering doesn't work here?
+                service.update_groups(user)
 
-    update_service_groups.__name__ = str('update_{}_groups'.format(slugify(service.name)))
-    update_service_groups.short_description = "Sync groups for selected {} accounts".format(service.title)
+    update_service_groups.__name__ = str(f'update_{slugify(service.name)}_groups')
+    update_service_groups.short_description = f"Sync groups for selected {service.title} accounts"
     return update_service_groups
 
 
@@ -30,57 +48,448 @@ def make_service_hooks_sync_nickname_action(service):
     :return: fn to sync nickname for the selected users
     """
     def sync_nickname(modeladmin, request, queryset):
-        for user in queryset:  # queryset filtering doesn't work here?
-            service.sync_nickname(user)
+        if hasattr(service, 'sync_nicknames_bulk'):
+            service.sync_nicknames_bulk(queryset)
+        else:
+            for user in queryset:  # queryset filtering doesn't work here?
+                service.sync_nickname(user)
 
-    sync_nickname.__name__ = str('sync_{}_nickname'.format(slugify(service.name)))
-    sync_nickname.short_description = "Sync nicknames for selected {} accounts".format(service.title)
+    sync_nickname.__name__ = str(f'sync_{slugify(service.name)}_nickname')
+    sync_nickname.short_description = f"Sync nicknames for selected {service.title} accounts"
     return sync_nickname
 
 
+class QuerysetModelForm(ModelForm):
+    # allows specifying FK querysets through kwarg
+    def __init__(self, querysets=None, *args, **kwargs):
+        querysets = querysets or {}
+        super().__init__(*args, **kwargs)
+        for field, qs in querysets.items():
+            self.fields[field].queryset = qs
+
+
+class UserProfileInline(admin.StackedInline):
+    model = UserProfile
+    readonly_fields = ('state',)
+    form = QuerysetModelForm
+    verbose_name = ''
+    verbose_name_plural = 'Profile'
+
+    def get_formset(self, request, obj=None, **kwargs):
+        # main_character field can only show current value or unclaimed alts
+        # if superuser, allow selecting from any unclaimed main
+        query = Q()
+        if obj and obj.profile.main_character:
+            query |= Q(pk=obj.profile.main_character_id)
+            if request.user.is_superuser:
+                query |= Q(userprofile__isnull=True)
+            else:
+                query |= Q(character_ownership__user=obj)
+        formset = super().get_formset(request, obj=obj, **kwargs)
+
+        def get_kwargs(self, index):
+            return {'querysets': {'main_character': EveCharacter.objects.filter(query)}}
+        formset.get_form_kwargs = get_kwargs
+        return formset
+
+    def has_add_permission(self, request, obj=None):
+        return False
+
+    def has_delete_permission(self, request, obj=None):
+        return False
+
+
+def user_profile_pic(obj):
+    """profile pic column data for user objects
+
+    works for both User objects and objects with `user` as FK to User
+    To be used for all user based admin lists (requires CSS)
+    """
+    user_obj = obj.user if hasattr(obj, 'user') else obj
+    if user_obj.profile.main_character:
+        return format_html(
+            '<img src="{}" class="img-circle">',
+            user_obj.profile.main_character.portrait_url(size=32)
+        )
+    else:
+        return None
+
+
+user_profile_pic.short_description = ''
+
+
+def user_username(obj):
+    """user column data for user objects
+
+    works for both User objects and objects with `user` as FK to User
+    To be used for all user based admin lists
+    """
+    link = reverse(
+        'admin:{}_{}_change'.format(
+            obj._meta.app_label,
+            type(obj).__name__.lower()
+        ),
+        args=(obj.pk,)
+    )
+    user_obj = obj.user if hasattr(obj, 'user') else obj
+    if user_obj.profile.main_character:
+        return format_html(
+            '<strong><a href="{}">{}</a></strong><br>{}',
+            link,
+            user_obj.username,
+            user_obj.profile.main_character.character_name
+        )
+    else:
+        return format_html(
+            '<strong><a href="{}">{}</a></strong>',
+            link,
+            user_obj.username,
+        )
+
+
+user_username.short_description = 'user / main'
+user_username.admin_order_field = 'username'
+
+
+def user_main_organization(obj):
+    """main organization column data for user objects
+
+    works for both User objects and objects with `user` as FK to User
+    To be used for all user based admin lists
+    """
+    user_obj = obj.user if hasattr(obj, 'user') else obj
+    if not user_obj.profile.main_character:
+        result = ''
+    else:
+        result = user_obj.profile.main_character.corporation_name
+        if user_obj.profile.main_character.alliance_id:
+            result += f'<br>{user_obj.profile.main_character.alliance_name}'
+        elif user_obj.profile.main_character.faction_name:
+            result += f'<br>{user_obj.profile.main_character.faction_name}'
+    return format_html(result)
+
+
+user_main_organization.short_description = 'Corporation / Alliance (Main)'
+user_main_organization.admin_order_field = \
+    'profile__main_character__corporation_name'
+
+
+class MainCorporationsFilter(admin.SimpleListFilter):
+    """Custom filter to filter on corporations from mains only
+
+    works for both User objects and objects with `user` as FK to User
+    To be used for all user based admin lists
+    """
+    title = 'corporation'
+    parameter_name = 'main_corporation_id__exact'
+
+    def lookups(self, request, model_admin):
+        qs = EveCharacter.objects\
+            .exclude(userprofile=None)\
+            .values('corporation_id', 'corporation_name')\
+            .distinct()\
+            .order_by(Lower('corporation_name'))
+        return tuple(
+            (x['corporation_id'], x['corporation_name']) for x in qs
+        )
+
+    def queryset(self, request, qs):
+        if self.value() is None:
+            return qs.all()
+        else:
+            if qs.model == User:
+                return qs.filter(
+                    profile__main_character__corporation_id=self.value()
+                )
+            else:
+                return qs.filter(
+                    user__profile__main_character__corporation_id=self.value()
+                )
+
+
+class MainAllianceFilter(admin.SimpleListFilter):
+    """Custom filter to filter on alliances from mains only
+
+    works for both User objects and objects with `user` as FK to User
+    To be used for all user based admin lists
+    """
+    title = 'alliance'
+    parameter_name = 'main_alliance_id__exact'
+
+    def lookups(self, request, model_admin):
+        qs = EveCharacter.objects\
+            .exclude(alliance_id=None)\
+            .exclude(userprofile=None)\
+            .values('alliance_id', 'alliance_name')\
+            .distinct()\
+            .order_by(Lower('alliance_name'))
+        return tuple(
+            (x['alliance_id'], x['alliance_name']) for x in qs
+        )
+
+    def queryset(self, request, qs):
+        if self.value() is None:
+            return qs.all()
+        else:
+            if qs.model == User:
+                return qs.filter(profile__main_character__alliance_id=self.value())
+            else:
+                return qs.filter(
+                    user__profile__main_character__alliance_id=self.value()
+                )
+
+
+class MainFactionFilter(admin.SimpleListFilter):
+    """Custom filter to filter on factions from mains only
+
+    works for both User objects and objects with `user` as FK to User
+    To be used for all user based admin lists
+    """
+    title = 'faction'
+    parameter_name = 'main_faction_id__exact'
+
+    def lookups(self, request, model_admin):
+        qs = EveCharacter.objects\
+            .exclude(faction_id=None)\
+            .exclude(userprofile=None)\
+            .values('faction_id', 'faction_name')\
+            .distinct()\
+            .order_by(Lower('faction_name'))
+        return tuple(
+            (x['faction_id'], x['faction_name']) for x in qs
+        )
+
+    def queryset(self, request, qs):
+        if self.value() is None:
+            return qs.all()
+        else:
+            if qs.model == User:
+                return qs.filter(profile__main_character__faction_id=self.value())
+            else:
+                return qs.filter(
+                    user__profile__main_character__faction_id=self.value()
+                )
+
+
+def update_main_character_model(modeladmin, request, queryset):
+    tasks_count = 0
+    for obj in queryset:
+        if obj.profile.main_character:
+            update_character.delay(obj.profile.main_character.character_id)
+            tasks_count += 1
+
+    modeladmin.message_user(
+        request,
+        f'Update from ESI started for {tasks_count} characters'
+    )
+
+
+update_main_character_model.short_description = \
+    'Update main character model from ESI'
+
+
 class UserAdmin(BaseUserAdmin):
+    """Extending Django's UserAdmin model
+
+    Behavior of groups and characters columns can be configured via settings
     """
-    Extending Django's UserAdmin model
-    """
+
+    class Media:
+        css = {
+            "all": ("authentication/css/admin.css",)
+        }
+
+    def get_queryset(self, request):
+        qs = super().get_queryset(request)
+        return qs.prefetch_related("character_ownerships__character", "groups")
+
     def get_actions(self, request):
         actions = super(BaseUserAdmin, self).get_actions(request)
 
+        actions[update_main_character_model.__name__] = (
+            update_main_character_model,
+            update_main_character_model.__name__,
+            update_main_character_model.short_description
+        )
+
         for hook in get_hooks('services_hook'):
             svc = hook()
             # Check update_groups is redefined/overloaded
             if svc.update_groups.__module__ != ServicesHook.update_groups.__module__:
                 action = make_service_hooks_update_groups_action(svc)
-                actions[action.__name__] = (action,
-                                            action.__name__,
-                                            action.short_description)
+                actions[action.__name__] = (
+                    action,
+                    action.__name__,
+                    action.short_description
+                )
+
             # Create sync nickname action if service implements it
             if svc.sync_nickname.__module__ != ServicesHook.sync_nickname.__module__:
                 action = make_service_hooks_sync_nickname_action(svc)
-                actions[action.__name__] = (action,
-                                            action.__name__,
-                                            action.short_description)
-
+                actions[action.__name__] = (
+                    action, action.__name__,
+                    action.short_description
+                )
         return actions
-    list_filter = BaseUserAdmin.list_filter + ('profile__state',)
+
+    def _list_2_html_w_tooltips(self, my_items: list, max_items: int) -> str:
+        """converts list of strings into HTML with cutoff and tooltip"""
+        items_truncated_str = ', '.join(my_items[:max_items])
+        if not my_items:
+            result = None
+        elif len(my_items) <= max_items:
+            result = items_truncated_str
+        else:
+            items_truncated_str += ', (...)'
+            items_all_str = ', '.join(my_items)
+            result = format_html(
+                '<span data-tooltip="{}" class="tooltip">{}</span>',
+                items_all_str,
+                items_truncated_str
+            )
+        return result
+
+    inlines = BaseUserAdmin.inlines + [UserProfileInline]
+    ordering = ('username', )
+    list_select_related = ('profile__state', 'profile__main_character')
+    show_full_result_count = True
+    list_display = (
+        user_profile_pic,
+        user_username,
+        '_state',
+        '_groups',
+        user_main_organization,
+        '_characters',
+        'is_active',
+        'date_joined',
+        '_role'
+    )
+    list_display_links = None
+    list_filter = (
+        'profile__state',
+        'groups',
+        MainCorporationsFilter,
+        MainAllianceFilter,
+        MainFactionFilter,
+        'is_active',
+        'date_joined',
+        'is_staff',
+        'is_superuser'
+    )
+    search_fields = (
+        'username',
+        'character_ownerships__character__character_name'
+    )
+
+    def _characters(self, obj):
+        character_ownerships = list(obj.character_ownerships.all())
+        characters = [obj.character.character_name for obj in character_ownerships]
+        return self._list_2_html_w_tooltips(
+            sorted(characters),
+            AUTHENTICATION_ADMIN_USERS_MAX_CHARS
+        )
+
+    _characters.short_description = 'characters'
+
+    def _state(self, obj):
+        return obj.profile.state.name
+
+    _state.short_description = 'state'
+    _state.admin_order_field = 'profile__state'
+
+    def _groups(self, obj):
+        my_groups = sorted(group.name for group in list(obj.groups.all()))
+        return self._list_2_html_w_tooltips(
+            my_groups, AUTHENTICATION_ADMIN_USERS_MAX_GROUPS
+        )
+
+    _groups.short_description = 'groups'
+
+    def _role(self, obj):
+        if obj.is_superuser:
+            role = 'Superuser'
+        elif obj.is_staff:
+            role = 'Staff'
+        else:
+            role = 'User'
+        return role
+
+    _role.short_description = 'role'
+
+    def has_change_permission(self, request, obj=None):
+        return request.user.has_perm('auth.change_user')
+
+    def has_add_permission(self, request, obj=None):
+        return request.user.has_perm('auth.add_user')
+
+    def has_delete_permission(self, request, obj=None):
+        return request.user.has_perm('auth.delete_user')
+
+    def formfield_for_manytomany(self, db_field, request, **kwargs):
+        """overriding this formfield to have sorted lists in the form"""
+        if db_field.name == "groups":
+            kwargs["queryset"] = Group.objects.all().order_by(Lower('name'))
+        return super().formfield_for_manytomany(db_field, request, **kwargs)
 
 
 @admin.register(State)
 class StateAdmin(admin.ModelAdmin):
+    list_select_related = True
+    list_display = ('name', 'priority', '_user_count')
+
+    def get_queryset(self, request):
+        qs = super().get_queryset(request)
+        return qs.annotate(user_count=Count("userprofile__id"))
+
+    def _user_count(self, obj):
+        return obj.user_count
+    _user_count.short_description = 'Users'
+    _user_count.admin_order_field = 'user_count'
+
     fieldsets = (
         (None, {
             'fields': ('name', 'permissions', 'priority'),
         }),
         ('Membership', {
-            'fields': ('public', 'member_characters', 'member_corporations', 'member_alliances'),
+            'fields': (
+                'public',
+                'member_characters',
+                'member_corporations',
+                'member_alliances',
+                'member_factions'
+            ),
         })
     )
-    filter_horizontal = ['member_characters', 'member_corporations', 'member_alliances', 'permissions']
-    list_display = ('name', 'priority', 'user_count')
+    filter_horizontal = [
+        'member_characters',
+        'member_corporations',
+        'member_alliances',
+        'member_factions',
+        'permissions'
+    ]
+
+    def formfield_for_manytomany(self, db_field, request, **kwargs):
+        """overriding this formfield to have sorted lists in the form"""
+        if db_field.name == "member_characters":
+            kwargs["queryset"] = EveCharacter.objects.all()\
+                .order_by(Lower('character_name'))
+        elif db_field.name == "member_corporations":
+            kwargs["queryset"] = EveCorporationInfo.objects.all()\
+                .order_by(Lower('corporation_name'))
+        elif db_field.name == "member_alliances":
+            kwargs["queryset"] = EveAllianceInfo.objects.all()\
+                .order_by(Lower('alliance_name'))
+        elif db_field.name == "member_factions":
+            kwargs["queryset"] = EveFactionInfo.objects.all()\
+                .order_by(Lower('faction_name'))
+        elif db_field.name == "permissions":
+            kwargs["queryset"] = Permission.objects.select_related("content_type").all()
+        return super().formfield_for_manytomany(db_field, request, **kwargs)
 
     def has_delete_permission(self, request, obj=None):
         if obj == get_guest_state():
             return False
-        return super(StateAdmin, self).has_delete_permission(request, obj=obj)
+        return super().has_delete_permission(request, obj=obj)
 
     def get_fieldsets(self, request, obj=None):
         if obj == get_guest_state():
@@ -89,38 +498,56 @@ class StateAdmin(admin.ModelAdmin):
                     'fields': ('permissions', 'priority'),
                 }),
             )
-        return super(StateAdmin, self).get_fieldsets(request, obj=obj)
-
-    @staticmethod
-    def user_count(obj):
-        return obj.userprofile_set.all().count()
+        return super().get_fieldsets(request, obj=obj)
 
 
-@admin.register(UserProfile)
-class UserProfileAdmin(admin.ModelAdmin):
-    readonly_fields = ('user', 'state')
-    search_fields = ('user__username', 'main_character__character_name')
-    list_filter = ('state',)
-    list_display = ('user', 'main_character')
-    actions = None
+class BaseOwnershipAdmin(admin.ModelAdmin):
+    class Media:
+        css = {
+            "all": ("authentication/css/admin.css",)
+        }
 
-    def has_add_permission(self, request):
-        return False
+    list_select_related = (
+        'user__profile__state', 'user__profile__main_character', 'character')
+    list_display = (
+        user_profile_pic,
+        user_username,
+        user_main_organization,
+        'character',
+    )
+    search_fields = (
+        'user__username',
+        'character__character_name',
+        'character__corporation_name',
+        'character__alliance_name',
+        'character__faction_name'
+    )
+    list_filter = (
+        MainCorporationsFilter,
+        MainAllianceFilter,
+    )
 
-    def has_delete_permission(self, request, obj=None):
-        return False
+    def get_readonly_fields(self, request, obj=None):
+        if obj and obj.pk:
+            return 'owner_hash', 'character'
+        return tuple()
+
+
+@admin.register(OwnershipRecord)
+class OwnershipRecordAdmin(BaseOwnershipAdmin):
+    list_display = BaseOwnershipAdmin.list_display + ('created',)
 
 
 @admin.register(CharacterOwnership)
-class CharacterOwnershipAdmin(admin.ModelAdmin):
-    list_display = ('user', 'character')
-    search_fields = ('user__username', 'character__character_name', 'character__corporation_name', 'character__alliance_name')
-    readonly_fields = ('owner_hash', 'character')
+class CharacterOwnershipAdmin(BaseOwnershipAdmin):
+    def has_add_permission(self, request):
+        return False
 
 
 class PermissionAdmin(admin.ModelAdmin):
     actions = None
-    readonly_fields = [field.name for field in Permission._meta.fields]
+    readonly_fields = [field.name for field in BasePermission._meta.fields]
+    search_fields = ('codename', )
     list_display = ('admin_name', 'name', 'codename', 'content_type')
     list_filter = ('content_type__app_label',)
 
@@ -128,29 +555,67 @@ class PermissionAdmin(admin.ModelAdmin):
     def admin_name(obj):
         return str(obj)
 
-    def has_add_permission(self, request):
+    def has_add_permission(self, request, obj=None):
         return False
 
     def has_delete_permission(self, request, obj=None):
         return False
 
+    def has_module_permission(self, request):
+        return True
+
+    def has_change_permission(self, request, obj=None):
+        # can see list but not edit it
+        return not obj
+
 
 # Hack to allow registration of django.contrib.auth models in our authentication app
-class ProxyUser(User):
+class User(BaseUser):
     class Meta:
         proxy = True
-        verbose_name = User._meta.verbose_name
-        verbose_name_plural = User._meta.verbose_name_plural
+        verbose_name = BaseUser._meta.verbose_name
+        verbose_name_plural = BaseUser._meta.verbose_name_plural
 
 
-class ProxyPermission(Permission):
+class Permission(BasePermission):
     class Meta:
         proxy = True
-        verbose_name = Permission._meta.verbose_name
-        verbose_name_plural = Permission._meta.verbose_name_plural
+        verbose_name = BasePermission._meta.verbose_name
+        verbose_name_plural = BasePermission._meta.verbose_name_plural
+
 
 try:
-    admin.site.unregister(User)
+    admin.site.unregister(BaseUser)
 finally:
-    admin.site.register(ProxyUser, UserAdmin)
-    admin.site.register(ProxyPermission, PermissionAdmin)
+    admin.site.register(User, UserAdmin)
+    admin.site.register(Permission, PermissionAdmin)
+
+
+@receiver(pre_save, sender=User)
+def redirect_pre_save(sender, signal=None, *args, **kwargs):
+    pre_save.send(BaseUser, *args, **kwargs)
+
+
+@receiver(post_save, sender=User)
+def redirect_post_save(sender, signal=None, *args, **kwargs):
+    post_save.send(BaseUser, *args, **kwargs)
+
+
+@receiver(pre_delete, sender=User)
+def redirect_pre_delete(sender, signal=None, *args, **kwargs):
+    pre_delete.send(BaseUser, *args, **kwargs)
+
+
+@receiver(post_delete, sender=User)
+def redirect_post_delete(sender, signal=None, *args, **kwargs):
+    post_delete.send(BaseUser, *args, **kwargs)
+
+
+@receiver(m2m_changed, sender=User.groups.through)
+def redirect_m2m_changed_groups(sender, signal=None, *args, **kwargs):
+    m2m_changed.send(BaseUser, *args, **kwargs)
+
+
+@receiver(m2m_changed, sender=User.user_permissions.through)
+def redirect_m2m_changed_permissions(sender, signal=None, *args, **kwargs):
+    m2m_changed.send(BaseUser, *args, **kwargs)

allianceauth/authentication/app_settings.py

@@ -0,0 +1,45 @@
+from django.conf import settings
+
+
+def _clean_setting(
+    name: str,
+    default_value: object,
+    min_value: int = None,
+    max_value: int = None,
+    required_type: type = None
+):
+    """cleans the input for a custom setting
+
+    Will use `default_value` if settings does not exit or has the wrong type
+    or is outside define boundaries (for int only)
+
+    Need to define `required_type` if `default_value` is `None`
+
+    Will assume `min_value` of 0 for int (can be overriden)
+
+    Returns cleaned value for setting
+    """
+    if default_value is None and not required_type:
+        raise ValueError('You must specify a required_type for None defaults')
+
+    if not required_type:
+        required_type = type(default_value)
+
+    if min_value is None and required_type == int:
+        min_value = 0
+
+    if (hasattr(settings, name)
+        and isinstance(getattr(settings, name), required_type)
+        and (min_value is None or getattr(settings, name) >= min_value)
+        and (max_value is None or getattr(settings, name) <= max_value)
+    ):
+        return getattr(settings, name)
+    else:
+        return default_value
+
+
+AUTHENTICATION_ADMIN_USERS_MAX_GROUPS = \
+    _clean_setting('AUTHENTICATION_ADMIN_USERS_MAX_GROUPS', 10)
+
+AUTHENTICATION_ADMIN_USERS_MAX_CHARS = \
+    _clean_setting('AUTHENTICATION_ADMIN_USERS_MAX_CHARS', 5)

allianceauth/authentication/apps.py

@@ -7,6 +7,6 @@ class AuthenticationConfig(AppConfig):
     label = 'authentication'
 
     def ready(self):
-        super(AuthenticationConfig, self).ready()
+        super().ready()
         from allianceauth.authentication import checks, signals
         register(Tags.security)(checks.check_login_scopes_setting)

allianceauth/authentication/backends.py

@@ -1,16 +1,22 @@
-from django.contrib.auth.backends import ModelBackend
-from django.contrib.auth.models import Permission
-from django.contrib.auth.models import User
+import logging
 
-from .models import UserProfile, CharacterOwnership
+from django.contrib.auth.backends import ModelBackend
+from django.contrib.auth.models import User, Permission
+
+from .models import UserProfile, CharacterOwnership, OwnershipRecord
+
+
+logger = logging.getLogger(__name__)
 
 
 class StateBackend(ModelBackend):
     @staticmethod
     def _get_state_permissions(user_obj):
-        profile_state_field = UserProfile._meta.get_field('state')
-        user_state_query = 'state__%s__user' % profile_state_field.related_query_name()
-        return Permission.objects.filter(**{user_state_query: user_obj})
+        """returns permissions for state of given user object"""
+        if hasattr(user_obj, "profile") and user_obj.profile:
+            return Permission.objects.filter(state=user_obj.profile.state)
+        else:
+            return Permission.objects.none()
 
     def get_state_permissions(self, user_obj, obj=None):
         return self._get_permissions(user_obj, obj, 'state')
@@ -24,38 +30,54 @@ class StateBackend(ModelBackend):
             user_obj._perm_cache.update(self.get_state_permissions(user_obj))
         return user_obj._perm_cache
 
-    def authenticate(self, token=None):
+    def authenticate(self, request=None, token=None, **credentials):
         if not token:
             return None
         try:
             ownership = CharacterOwnership.objects.get(character__character_id=token.character_id)
             if ownership.owner_hash == token.character_owner_hash:
+                logger.debug(f'Authenticating {ownership.user} by ownership of character {token.character_name}')
                 return ownership.user
             else:
+                logger.debug(f'{token.character_name} has changed ownership. Creating new user account.')
                 ownership.delete()
                 return self.create_user(token)
         except CharacterOwnership.DoesNotExist:
             try:
                 # insecure legacy main check for pre-sso registration auth installs
                 profile = UserProfile.objects.get(main_character__character_id=token.character_id)
+                logger.debug(f'Authenticating {profile.user} by their main character {profile.main_character} without active ownership.')
                 # attach an ownership
                 token.user = profile.user
                 CharacterOwnership.objects.create_by_token(token)
                 return profile.user
             except UserProfile.DoesNotExist:
-                pass
+                # now we check historical records to see if this is a returning user
+                records = OwnershipRecord.objects.filter(owner_hash=token.character_owner_hash).filter(character__character_id=token.character_id)
+                if records.exists():
+                    # we've seen this character owner before. Re-attach to their old user account
+                    user = records[0].user
+                    token.user = user
+                    co = CharacterOwnership.objects.create_by_token(token)
+                    logger.debug(f'Authenticating {user} by matching owner hash record of character {co.character}')
+                    if not user.profile.main_character:
+                        # set this as their main by default if they have none
+                        user.profile.main_character = co.character
+                        user.profile.save()
+                    return user
+            logger.debug(f'Unable to authenticate character {token.character_name}. Creating new user.')
             return self.create_user(token)
 
     def create_user(self, token):
         username = self.iterate_username(token.character_name)  # build unique username off character name
-        user = User.objects.create_user(username)
+        user = User.objects.create_user(username, is_active=False)  # prevent login until email set
         user.set_unusable_password()  # prevent login via password
-        user.is_active = False  # prevent login until email set
         user.save()
         token.user = user
         co = CharacterOwnership.objects.create_by_token(token)  # assign ownership to this user
         user.profile.main_character = co.character  # assign main character as token character
         user.profile.save()
+        logger.debug(f'Created new user {user}')
         return user
 
     @staticmethod
@@ -65,10 +87,10 @@ class StateBackend(ModelBackend):
         if User.objects.filter(username__startswith=name).exists():
             u = User.objects.filter(username__startswith=name)
             num = len(u)
-            username = "%s_%s" % (name, num)
+            username = f"{name}_{num}"
             while u.filter(username=username).exists():
                 num += 1
-                username = "%s_%s" % (name, num)
+                username = f"{name}_{num}"
         else:
             username = name
         return username

allianceauth/authentication/decorators.py

@@ -0,0 +1,68 @@
+from django.conf.urls import include
+from django.contrib.auth.decorators import user_passes_test
+from django.core.exceptions import PermissionDenied
+from functools import wraps
+from django.shortcuts import redirect
+from django.contrib import messages
+from django.utils.translation import gettext_lazy as _
+from django.contrib.auth.decorators import login_required
+
+
+def user_has_main_character(user):
+    return bool(user.profile.main_character)
+
+
+def decorate_url_patterns(urls, decorator):
+    url_list, app_name, namespace = include(urls)
+
+    def process_patterns(url_patterns):
+        for pattern in url_patterns:
+            if hasattr(pattern, 'url_patterns'):
+                # this is an include - apply to all nested patterns
+                process_patterns(pattern.url_patterns)
+            else:
+                # this is a pattern
+                pattern.callback = decorator(pattern.callback)
+
+    process_patterns(url_list)
+    return url_list, app_name, namespace
+
+
+def main_character_required(view_func):
+    @wraps(view_func)
+    def _wrapped_view(request, *args, **kwargs):
+        if user_has_main_character(request.user):
+            return view_func(request, *args, **kwargs)
+
+        messages.error(request, _('A main character is required to perform that action. Add one below.'))
+        return redirect('authentication:dashboard')
+    return login_required(_wrapped_view)
+
+
+def permissions_required(perm, login_url=None, raise_exception=False):
+    """
+    Decorator for views that checks whether a user has a particular permission
+    enabled, redirecting to the log-in page if necessary.
+    If the raise_exception parameter is given the PermissionDenied exception
+    is raised.
+
+    This decorator is identical to the django permission_required except it
+    allows for passing a tuple/list of perms that will return true if any one
+    of them is present.
+    """
+    def check_perms(user):
+        if isinstance(perm, str):
+            perms = (perm,)
+        else:
+            perms = perm
+        # First check if the user has the permission (even anon users)
+        for perm_ in perms:
+            perm_ = (perm_,)
+            if user.has_perms(perm_):
+                return True
+        # In case the 403 handler should be called raise the exception
+        if raise_exception:
+            raise PermissionDenied
+        # As the last resort, show the login form
+        return False
+    return user_passes_test(check_perms, login_url=login_url)

allianceauth/authentication/forms.py

@@ -1,6 +1,8 @@
 from django import forms
 from django.utils.translation import ugettext_lazy as _
-
-
+from allianceauth.authentication.models import User
 class RegistrationForm(forms.Form):
     email = forms.EmailField(label=_('Email'), max_length=254, required=True)
+
+    class _meta:
+        model = User

allianceauth/authentication/hmac_urls.py

@@ -10,5 +10,5 @@ urlpatterns = [
     url(r'^register/$', views.RegistrationView.as_view(), name='registration_register'),
     url(r'^register/complete/$', views.registration_complete, name='registration_complete'),
     url(r'^register/closed/$', views.registration_closed, name='registration_disallowed'),
-    url(r'', include('registration.auth_urls')),
-]
+    url(r'', include('django.contrib.auth.urls')),
+]

allianceauth/authentication/management/commands/checkmains.py

@@ -0,0 +1,20 @@
+from django.core.management.base import BaseCommand
+from allianceauth.authentication.models import UserProfile
+
+
+class Command(BaseCommand):
+    help = 'Ensures all main characters have an active ownership'
+
+    def handle(self, *args, **options):
+        profiles = UserProfile.objects.filter(main_character__isnull=False).filter(
+            main_character__character_ownership__isnull=True)
+        if profiles.exists():
+            for profile in profiles:
+                self.stdout.write(self.style.ERROR(
+                    '{} does not have an ownership. Resetting user {} main character.'.format(profile.main_character,
+                                                                                                profile.user)))
+                profile.main_character = None
+                profile.save()
+            self.stdout.write(self.style.WARNING(f'Reset {profiles.count()} main characters.'))
+        else:
+            self.stdout.write(self.style.SUCCESS('All main characters have active ownership.'))

allianceauth/authentication/managers.py

@@ -16,6 +16,8 @@ def available_states_query(character):
         query |= Q(member_corporations__corporation_id=character.corporation_id)
     if character.alliance_id:
         query |= Q(member_alliances__alliance_id=character.alliance_id)
+    if character.faction_id:
+        query |= Q(member_factions__faction_id=character.faction_id)
     return query
 
 
@@ -23,8 +25,7 @@ class CharacterOwnershipManager(Manager):
     def create_by_token(self, token):
         if not EveCharacter.objects.filter(character_id=token.character_id).exists():
             EveCharacter.objects.create_character(token.character_id)
-        return self.create(character=EveCharacter.objects.get(character_id=token.character_id), user=token.user,
-                           owner_hash=token.character_owner_hash)
+        return self.create(character=EveCharacter.objects.get(character_id=token.character_id), user=token.user, owner_hash=token.character_owner_hash)
 
 
 class StateQuerySet(QuerySet):
@@ -50,7 +51,7 @@ class StateQuerySet(QuerySet):
             for state in self:
                 for profile in state.userprofile_set.all():
                     profile.assign_state(state=self.model.objects.exclude(pk=state.pk).get_for_user(profile.user))
-        super(StateQuerySet, self).delete()
+        super().delete()
 
 
 class StateManager(Manager):

allianceauth/authentication/migrations/0001_initial.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-09-05 21:38
-from __future__ import unicode_literals
 
 from django.conf import settings
 from django.db import migrations, models

allianceauth/authentication/migrations/0002_auto_20160907_1914.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-09-07 19:14
-from __future__ import unicode_literals
 
 from django.db import migrations
 

allianceauth/authentication/migrations/0003_authservicesinfo_state.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-09-09 20:29
-from __future__ import unicode_literals
 
 from django.db import migrations, models
 

allianceauth/authentication/migrations/0004_create_permissions.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-09-09 23:19
-from __future__ import unicode_literals
 
 from django.db import migrations
 

allianceauth/authentication/migrations/0005_delete_perms.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-09-09 23:11
-from __future__ import unicode_literals
 
 from django.db import migrations
 
@@ -17,7 +15,7 @@ def create_permissions(apps, schema_editor):
     Permission = apps.get_model('auth', 'Permission')
     ct = ContentType.objects.get_for_model(User)
     Permission.objects.get_or_create(codename="member", content_type=ct, name="member")
-    Permission.objects.get_or_create(codename="blue_member", content_type=ct, name="blue_member") 
+    Permission.objects.get_or_create(codename="blue_member", content_type=ct, name="blue_member")
 
 
 class Migration(migrations.Migration):

allianceauth/authentication/migrations/0006_auto_20160910_0542.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-09-10 05:42
-from __future__ import unicode_literals
 
 from django.db import migrations
 

allianceauth/authentication/migrations/0007_remove_authservicesinfo_is_blue.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-09-10 21:50
-from __future__ import unicode_literals
 
 from django.db import migrations
 

allianceauth/authentication/migrations/0008_set_state.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-09-12 13:04
-from __future__ import unicode_literals
 
 from django.db import migrations
 

allianceauth/authentication/migrations/0009_auto_20161021_0228.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.2 on 2016-10-21 02:28
-from __future__ import unicode_literals
 
 from django.db import migrations, models
 

allianceauth/authentication/migrations/0010_only_one_authservicesinfo.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2017-01-07 06:47
-from __future__ import unicode_literals
 
 from django.db import migrations
 
@@ -10,7 +8,7 @@ def count_completed_fields(model):
 def forward(apps, schema_editor):
     # this ensures only one model exists per user
     AuthServicesInfo = apps.get_model('authentication', 'AuthServicesInfo')
-    users = set([a.user for a in AuthServicesInfo.objects.all()])
+    users = {a.user for a in AuthServicesInfo.objects.all()}
     for u in users:
         auths = AuthServicesInfo.objects.filter(user=u)
         if auths.count() > 1:

allianceauth/authentication/migrations/0011_authservicesinfo_user_onetoonefield.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2017-01-07 07:11
-from __future__ import unicode_literals
 
 from django.conf import settings
 from django.db import migrations, models

allianceauth/authentication/migrations/0012_remove_add_delete_authservicesinfo_permissions.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.5 on 2017-01-12 00:59
-from __future__ import unicode_literals
 
 from django.db import migrations, models
 

allianceauth/authentication/migrations/0013_service_modules.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.2 on 2016-12-11 23:14
-from __future__ import unicode_literals
 
 from django.db import migrations
 

allianceauth/authentication/migrations/0014_fleetup_permission.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-09-09 23:19
-from __future__ import unicode_literals
 
 from django.db import migrations
 

allianceauth/authentication/migrations/0015_user_profiles.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.5 on 2017-03-22 23:09
-from __future__ import unicode_literals
 
 import allianceauth.authentication.models
 import django.db.models.deletion
@@ -43,7 +41,7 @@ def create_member_group(apps, schema_editor):
     member_state_name = getattr(settings, 'DEFAULT_AUTH_GROUP', 'Member')
 
     try:
-        g = Group.objects.get(name=member_state_name)
+        g, _ = Group.objects.get_or_create(name=member_state_name)
         # move permissions back
         state = State.objects.get(name=member_state_name)
         [g.permissions.add(p.pk) for p in state.permissions.all()]
@@ -51,7 +49,7 @@ def create_member_group(apps, schema_editor):
         # move users back
         for profile in state.userprofile_set.all().select_related('user'):
             profile.user.groups.add(g.pk)
-    except (Group.DoesNotExist, State.DoesNotExist):
+    except State.DoesNotExist:
         pass
 
 
@@ -67,7 +65,7 @@ def create_blue_state(apps, schema_editor):
         # move group permissions to state
         g = Group.objects.get(name=blue_state_name)
         [s.permissions.add(p.pk) for p in g.permissions.all()]
-        g.permissions.clear()
+        g.delete()
     except Group.DoesNotExist:
         pass
 
@@ -84,7 +82,7 @@ def create_blue_group(apps, schema_editor):
     blue_state_name = getattr(settings, 'DEFAULT_BLUE_GROUP', 'Blue')
 
     try:
-        g = Group.objects.get(name=blue_state_name)
+        g, _ = Group.objects.get_or_create(name=blue_state_name)
         # move permissions back
         state = State.objects.get(name=blue_state_name)
         [g.permissions.add(p.pk) for p in state.permissions.all()]
@@ -92,18 +90,23 @@ def create_blue_group(apps, schema_editor):
         # move users back
         for profile in state.userprofile_set.all().select_related('user'):
             profile.user.groups.add(g.pk)
-    except (Group.DoesNotExist, State.DoesNotExist):
+    except State.DoesNotExist:
         pass
 
 
+def purge_tokens(apps, schema_editor):
+    Token = apps.get_model('esi', 'Token')
+    Token.objects.filter(refresh_token__isnull=True).delete()
+
+
 def populate_ownerships(apps, schema_editor):
     Token = apps.get_model('esi', 'Token')
     CharacterOwnership = apps.get_model('authentication', 'CharacterOwnership')
     EveCharacter = apps.get_model('eveonline', 'EveCharacter')
 
     unique_character_owners = [t['character_id'] for t in
-                               Token.objects.all().values('character_id').annotate(n=models.Count('user')) if
-                               t['n'] == 1 and EveCharacter.objects.filter(character_id=t['character_id']).exists()]
+                                Token.objects.all().values('character_id').annotate(n=models.Count('user')) if
+                                t['n'] == 1 and EveCharacter.objects.filter(character_id=t['character_id']).exists()]
 
     tokens = Token.objects.filter(character_id__in=unique_character_owners)
     for c_id in unique_character_owners:
@@ -128,15 +131,24 @@ def create_profiles(apps, schema_editor):
                     auth['n'] == 1 and EveCharacter.objects.filter(character_id=auth['main_char_id']).exists()]
 
     auths = AuthServicesInfo.objects.filter(main_char_id__in=unique_mains).select_related('user')
+
+    blue_state_name = getattr(settings, 'DEFAULT_BLUE_GROUP', 'Blue')
+    member_state_name = getattr(settings, 'DEFAULT_AUTH_GROUP', 'Member')
+
+    states = {
+        'Member': State.objects.get(name=member_state_name),
+        'Blue': State.objects.get(name=blue_state_name),
+    }
+    guest_state = State.objects.get(name='Guest')
+
     for auth in auths:
         # carry states and mains forward
-        state = State.objects.get(name=auth.state if auth.state else 'Guest')
+        state = states.get(auth.state, guest_state)
         char = EveCharacter.objects.get(character_id=auth.main_char_id)
         UserProfile.objects.create(user=auth.user, state=state, main_character=char)
     for auth in AuthServicesInfo.objects.exclude(main_char_id__in=unique_mains).select_related('user'):
         # prepare empty profiles
-        state = State.objects.get(name='Guest')
-        UserProfile.objects.create(user=auth.user, state=state)
+        UserProfile.objects.create(user=auth.user, state=guest_state)
 
 
 def recreate_authservicesinfo(apps, schema_editor):
@@ -144,18 +156,25 @@ def recreate_authservicesinfo(apps, schema_editor):
     UserProfile = apps.get_model('authentication', 'UserProfile')
     User = apps.get_model('auth', 'User')
 
+    blue_state_name = getattr(settings, 'DEFAULT_BLUE_GROUP', 'Blue')
+    member_state_name = getattr(settings, 'DEFAULT_AUTH_GROUP', 'Member')
+
+    states = {
+        member_state_name: 'Member',
+        blue_state_name: 'Blue',
+    }
+
     # recreate all missing AuthServicesInfo models
-    AuthServicesInfo.objects.bulk_create([AuthServicesInfo(user=u.pk) for u in User.objects.all()])
+    AuthServicesInfo.objects.bulk_create([AuthServicesInfo(user_id=u.pk) for u in User.objects.all()])
 
     # repopulate main characters
     for profile in UserProfile.objects.exclude(main_character__isnull=True).select_related('user', 'main_character'):
-        AuthServicesInfo.objects.update_or_create(user=profile.user,
-                                                  defaults={'main_char_id': profile.main_character.character_id})
+        AuthServicesInfo.objects.update_or_create(user=profile.user, defaults={'main_char_id': profile.main_character.character_id})
 
     # repopulate states we understand
     for profile in UserProfile.objects.exclude(state__name='Guest').filter(
-            state__name__in=['Member', 'Blue']).select_related('user', 'state'):
-        AuthServicesInfo.objects.update_or_create(user=profile.user, defaults={'state': profile.state.name})
+            state__name__in=[member_state_name, blue_state_name]).select_related('user', 'state'):
+        AuthServicesInfo.objects.update_or_create(user=profile.user, defaults={'state': states[profile.state.name]})
 
 
 def disable_passwords(apps, schema_editor):
@@ -203,7 +222,6 @@ class Migration(migrations.Migration):
                 ('permissions', models.ManyToManyField(blank=True, to='auth.Permission')),
             ],
             options={
-                'default_permissions': ('change',),
                 'ordering': ['-priority'],
             },
         ),
@@ -222,6 +240,7 @@ class Migration(migrations.Migration):
         migrations.RunPython(create_guest_state, migrations.RunPython.noop),
         migrations.RunPython(create_member_state, create_member_group),
         migrations.RunPython(create_blue_state, create_blue_group),
+        migrations.RunPython(purge_tokens, migrations.RunPython.noop),
         migrations.RunPython(populate_ownerships, migrations.RunPython.noop),
         migrations.RunPython(create_profiles, recreate_authservicesinfo),
         migrations.RemoveField(
@@ -233,7 +252,7 @@ class Migration(migrations.Migration):
         ),
         migrations.RunPython(disable_passwords, migrations.RunPython.noop),
         migrations.CreateModel(
-            name='ProxyPermission',
+            name='Permission',
             fields=[
             ],
             options={
@@ -247,7 +266,7 @@ class Migration(migrations.Migration):
             ],
         ),
         migrations.CreateModel(
-            name='ProxyUser',
+            name='User',
             fields=[
             ],
             options={

allianceauth/authentication/migrations/0016_ownershiprecord.py

@@ -0,0 +1,40 @@
+# Generated by Django 2.0.4 on 2018-04-14 18:28
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+def create_initial_records(apps, schema_editor):
+    OwnershipRecord = apps.get_model('authentication', 'OwnershipRecord')
+    CharacterOwnership = apps.get_model('authentication', 'CharacterOwnership')
+
+    OwnershipRecord.objects.bulk_create([
+        OwnershipRecord(user=o.user, character=o.character, owner_hash=o.owner_hash) for o in CharacterOwnership.objects.all()
+    ])
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('eveonline', '0009_on_delete'),
+        ('authentication', '0015_user_profiles'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='OwnershipRecord',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('owner_hash', models.CharField(db_index=True, max_length=28)),
+                ('created', models.DateTimeField(auto_now=True)),
+                ('character', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='ownership_records', to='eveonline.EveCharacter')),
+                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='ownership_records', to=settings.AUTH_USER_MODEL)),
+            ],
+            options={
+                'ordering': ['-created'],
+            },
+        ),
+        migrations.RunPython(create_initial_records, migrations.RunPython.noop)
+    ]

allianceauth/authentication/migrations/0017_remove_fleetup_permission.py

@@ -0,0 +1,20 @@
+from django.db import migrations
+
+
+def remove_permission(apps, schema_editor):
+    User = apps.get_model('auth', 'User')
+    ContentType = apps.get_model('contenttypes', 'ContentType')
+    Permission = apps.get_model('auth', 'Permission')
+    ct = ContentType.objects.get_for_model(User)
+    Permission.objects.filter(codename="view_fleetup", content_type=ct, name="view_fleetup").delete()
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('authentication', '0016_ownershiprecord'),
+    ]
+
+    operations = [
+        migrations.RunPython(remove_permission, migrations.RunPython.noop)
+    ]

allianceauth/authentication/migrations/0018_alter_state_name_length.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2.8 on 2021-10-20 05:22
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('authentication', '0017_remove_fleetup_permission'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='state',
+            name='name',
+            field=models.CharField(max_length=32, unique=True),
+        ),
+    ]

allianceauth/authentication/migrations/0018_state_member_factions.py

@@ -0,0 +1,19 @@
+# Generated by Django 3.1.13 on 2021-10-12 20:21
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('eveonline', '0015_factions'),
+        ('authentication', '0017_remove_fleetup_permission'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='state',
+            name='member_factions',
+            field=models.ManyToManyField(blank=True, help_text='Factions to whose members this state is available.', to='eveonline.EveFactionInfo'),
+        ),
+    ]

allianceauth/authentication/migrations/0019_merge_20211026_0919.py

@@ -0,0 +1,14 @@
+# Generated by Django 3.2.8 on 2021-10-26 09:19
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('authentication', '0018_alter_state_name_length'),
+        ('authentication', '0018_state_member_factions'),
+    ]
+
+    operations = [
+    ]

allianceauth/authentication/models.py

@@ -3,7 +3,7 @@ import logging
 from django.contrib.auth.models import User, Permission
 from django.db import models, transaction
 from django.utils.translation import ugettext_lazy as _
-from allianceauth.eveonline.models import EveCharacter, EveCorporationInfo, EveAllianceInfo
+from allianceauth.eveonline.models import EveCharacter, EveCorporationInfo, EveAllianceInfo, EveFactionInfo
 from allianceauth.notifications import notify
 
 from .managers import CharacterOwnershipManager, StateManager
@@ -12,10 +12,9 @@ logger = logging.getLogger(__name__)
 
 
 class State(models.Model):
-    name = models.CharField(max_length=20, unique=True)
+    name = models.CharField(max_length=32, unique=True)
     permissions = models.ManyToManyField(Permission, blank=True)
-    priority = models.IntegerField(unique=True,
-                                   help_text="Users get assigned the state with the highest priority available to them.")
+    priority = models.IntegerField(unique=True, help_text="Users get assigned the state with the highest priority available to them.")
 
     member_characters = models.ManyToManyField(EveCharacter, blank=True,
                                                help_text="Characters to which this state is available.")
@@ -23,6 +22,8 @@ class State(models.Model):
                                                  help_text="Corporations to whose members this state is available.")
     member_alliances = models.ManyToManyField(EveAllianceInfo, blank=True,
                                               help_text="Alliances to whose members this state is available.")
+    member_factions = models.ManyToManyField(EveFactionInfo, blank=True,
+                                             help_text="Factions to whose members this state is available.")
     public = models.BooleanField(default=False, help_text="Make this state available to any character.")
 
     objects = StateManager()
@@ -43,7 +44,7 @@ class State(models.Model):
         with transaction.atomic():
             for profile in self.userprofile_set.all():
                 profile.assign_state(state=State.objects.exclude(pk=self.pk).get_for_user(profile.user))
-        super(State, self).delete(**kwargs)
+        super().delete(**kwargs)
 
 
 def get_guest_state():
@@ -71,13 +72,24 @@ class UserProfile(models.Model):
         if self.state != state:
             self.state = state
             if commit:
-                logger.info('Updating {} state to {}'.format(self.user, self.state))
+                logger.info(f'Updating {self.user} state to {self.state}')
                 self.save(update_fields=['state'])
-                notify(self.user, _('State Changed'),
-                       _('Your user state has been changed to %(state)s') % ({'state': state}),
-                       'info')
+                notify(
+                    self.user,
+                    _('State changed to: %s' % state),
+                    _('Your user\'s state is now: %(state)s')
+                    % ({'state': state}),
+                    'info'
+                )
                 from allianceauth.authentication.signals import state_changed
-                state_changed.send(sender=self.__class__, user=self.user, state=self.state)
+
+                # We need to ensure we get up to date perms here as they will have just changed.
+                # Clear all attribute caches and reload the model that will get passed to the signals!
+                self.refresh_from_db()
+
+                state_changed.send(
+                    sender=self.__class__, user=self.user, state=self.state
+                )
 
     def __str__(self):
         return str(self.user)
@@ -95,4 +107,17 @@ class CharacterOwnership(models.Model):
     objects = CharacterOwnershipManager()
 
     def __str__(self):
-        return "%s: %s" % (self.user, self.character)
+        return f"{self.user}: {self.character}"
+
+
+class OwnershipRecord(models.Model):
+    character = models.ForeignKey(EveCharacter, on_delete=models.CASCADE, related_name='ownership_records')
+    owner_hash = models.CharField(max_length=28, db_index=True)
+    user = models.ForeignKey(User, on_delete=models.CASCADE, related_name='ownership_records')
+    created = models.DateTimeField(auto_now=True)
+
+    class Meta:
+        ordering = ['-created']
+
+    def __str__(self):
+        return f"{self.user}: {self.character} on {self.created}"

allianceauth/authentication/signals.py

@@ -1,9 +1,9 @@
 import logging
 
-from .models import CharacterOwnership, UserProfile, get_guest_state, State
+from .models import CharacterOwnership, UserProfile, get_guest_state, State, OwnershipRecord
 from django.contrib.auth.models import User
 from django.db.models import Q
-from django.db.models.signals import post_save, pre_delete, m2m_changed, pre_save
+from django.db.models.signals import pre_save, post_save, pre_delete, post_delete, m2m_changed
 from django.dispatch import receiver, Signal
 from esi.models import Token
 
@@ -11,7 +11,6 @@ from allianceauth.eveonline.models import EveCharacter
 
 logger = logging.getLogger(__name__)
 
-
 state_changed = Signal(providing_args=['user', 'state'])
 
 
@@ -24,31 +23,38 @@ def trigger_state_check(state):
     check_states = State.objects.filter(priority__lt=state.priority)
     for profile in UserProfile.objects.filter(state__in=check_states):
         if state.available_to_user(profile.user):
-            profile.state = state
-            profile.save(update_fields=['state'])
-            state_changed.send(sender=state.__class__, user=profile.user, state=state)
+            profile.assign_state(state)
 
 
 @receiver(m2m_changed, sender=State.member_characters.through)
 def state_member_characters_changed(sender, instance, action, *args, **kwargs):
     if action.startswith('post_'):
+        logger.debug(f'State {instance} member characters changed. Re-evaluating membership.')
         trigger_state_check(instance)
 
 
 @receiver(m2m_changed, sender=State.member_corporations.through)
 def state_member_corporations_changed(sender, instance, action, *args, **kwargs):
     if action.startswith('post_'):
+        logger.debug(f'State {instance} member corporations changed. Re-evaluating membership.')
         trigger_state_check(instance)
 
 
 @receiver(m2m_changed, sender=State.member_alliances.through)
 def state_member_alliances_changed(sender, instance, action, *args, **kwargs):
     if action.startswith('post_'):
+        logger.debug(f'State {instance} member alliances changed. Re-evaluating membership.')
         trigger_state_check(instance)
 
+@receiver(m2m_changed, sender=State.member_factions.through)
+def state_member_factions_changed(sender, instance, action, *args, **kwargs):
+    if action.startswith('post_'):
+        logger.debug(f'State {instance} member factions changed. Re-evaluating membership.')
+        trigger_state_check(instance)
 
 @receiver(post_save, sender=State)
 def state_saved(sender, instance, *args, **kwargs):
+    logger.debug(f'State {instance} saved. Re-evaluating membership.')
     trigger_state_check(instance)
 
 
@@ -59,6 +65,7 @@ def reassess_on_profile_save(sender, instance, created, *args, **kwargs):
     if not created:
         update_fields = kwargs.pop('update_fields', []) or []
         if 'state' not in update_fields:
+            logger.debug(f'Profile for {instance.user} saved without state change. Re-evaluating state.')
             instance.assign_state()
 
 
@@ -66,12 +73,14 @@ def reassess_on_profile_save(sender, instance, created, *args, **kwargs):
 def create_required_models(sender, instance, created, *args, **kwargs):
     # ensure all users have a model
     if created:
+        logger.debug(f'User {instance} created. Creating default UserProfile.')
         UserProfile.objects.get_or_create(user=instance)
 
 
 @receiver(post_save, sender=Token)
 def record_character_ownership(sender, instance, created, *args, **kwargs):
     if created:
+        logger.debug(f'New token for {instance.user} character {instance.character_name} saved. Evaluating ownership.')
         if instance.user:
             query = Q(owner_hash=instance.character_owner_hash) & Q(user=instance.user)
         else:
@@ -80,31 +89,35 @@ def record_character_ownership(sender, instance, created, *args, **kwargs):
         CharacterOwnership.objects.filter(character__character_id=instance.character_id).exclude(query).delete()
         # create character if needed
         if EveCharacter.objects.filter(character_id=instance.character_id).exists() is False:
+            logger.debug(f'Token is for a new character. Creating model for {instance.character_name} ({instance.character_id})')
             EveCharacter.objects.create_character(instance.character_id)
         char = EveCharacter.objects.get(character_id=instance.character_id)
         # check if we need to create ownership
-        if instance.user and not CharacterOwnership.objects.filter(character__character_id=instance.character_id).exists():
-            CharacterOwnership.objects.update_or_create(character=char,
-                                                        defaults={'owner_hash': instance.character_owner_hash,
-                                                                  'user': instance.user})
+        if instance.user and not CharacterOwnership.objects.filter(
+                character__character_id=instance.character_id).exists():
+            logger.debug(f"Character {instance.character_name} is not yet owned. Assigning ownership to {instance.user}")
+            CharacterOwnership.objects.update_or_create(character=char, defaults={'owner_hash': instance.character_owner_hash, 'user': instance.user})
 
 
 @receiver(pre_delete, sender=CharacterOwnership)
 def validate_main_character(sender, instance, *args, **kwargs):
-    if instance.user.profile.main_character == instance.character:
-        # clear main character as user no longer owns them
-        instance.user.profile.main_character = None
-        instance.user.profile.save()
+    try:
+        if instance.user.profile.main_character == instance.character:
+            logger.info("Ownership of a main character {} has been revoked. Resetting {} main character.".format(
+                instance.character, instance.user))
+            # clear main character as user no longer owns them
+            instance.user.profile.main_character = None
+            instance.user.profile.save()
+    except UserProfile.DoesNotExist:
+        # a user is being deleted
+        pass
 
 
-@receiver(pre_delete, sender=Token)
-def validate_main_character_token(sender, instance, *args, **kwargs):
-    if UserProfile.objects.filter(main_character__character_id=instance.character_id).exists():
-        profile = UserProfile.objects.get(main_character__character_id=instance.character_id)
-        if not Token.objects.filter(character_id=instance.character_id).filter(user=profile.user).exclude(pk=instance.pk).exists():
-            # clear main character as we can no longer verify ownership
-            profile.main_character = None
-            profile.save()
+@receiver(post_delete, sender=Token)
+def validate_ownership(sender, instance, *args, **kwargs):
+    if not Token.objects.filter(character_owner_hash=instance.character_owner_hash).filter(refresh_token__isnull=False).exists():
+        logger.info(f"No remaining tokens to validate ownership of character {instance.character_name}. Revoking ownership.")
+        CharacterOwnership.objects.filter(owner_hash=instance.character_owner_hash).delete()
 
 
 @receiver(pre_save, sender=User)
@@ -114,8 +127,11 @@ def assign_state_on_active_change(sender, instance, *args, **kwargs):
         old_instance = User.objects.get(pk=instance.pk)
         if old_instance.is_active != instance.is_active:
             if instance.is_active:
+                logger.debug(f"User {instance} has been activated. Assigning state.")
                 instance.profile.assign_state()
             else:
+                logger.debug(
+                    f"User {instance} has been deactivated. Revoking state and assigning to guest state.")
                 instance.profile.state = get_guest_state()
                 instance.profile.save(update_fields=['state'])
 
@@ -124,6 +140,20 @@ def assign_state_on_active_change(sender, instance, *args, **kwargs):
 def check_state_on_character_update(sender, instance, *args, **kwargs):
     # if this is a main character updating, check that user's state
     try:
+        logger.debug(f"Character {instance} has been saved. Assessing owner's state for changes.")
         instance.userprofile.assign_state()
     except UserProfile.DoesNotExist:
+        logger.debug(f"Character {instance} is not a main character. No state assessment required.")
         pass
+
+
+@receiver(post_save, sender=CharacterOwnership)
+def ownership_record_creation(sender, instance, created, *args, **kwargs):
+    if created:
+        records = OwnershipRecord.objects.filter(owner_hash=instance.owner_hash).filter(character=instance.character)
+        if records.exists():
+            if records[0].user == instance.user:  # most recent record is sorted first
+                logger.debug(f"Already have ownership record of {instance.character} by user {instance.user}")
+                return
+        logger.info(f"Character {instance.character} has a new owner {instance.user}. Creating ownership record.")
+        OwnershipRecord.objects.create(user=instance.user, character=instance.character, owner_hash=instance.owner_hash)

allianceauth/authentication/static/authentication/css/admin.css

@@ -0,0 +1,29 @@
+/*
+CSS for allianceauth admin site
+*/
+
+/* styling for profile pic */
+.img-circle {
+    border-radius: 50%;
+}
+.column-user_profile_pic {
+    width: 1px;
+    white-space: nowrap;
+}
+
+/* tooltip */
+.tooltip {
+    position: relative ;
+}
+.tooltip:hover::after {
+    content: attr(data-tooltip) ;
+    position: absolute ;
+    top: 1.1em ;
+    left: 1em ;
+    min-width: 200px ;
+    border: 1px #808080 solid ;
+    padding: 8px ;
+    color: black ;
+    background-color: rgb(255, 255, 204) ;
+    z-index: 1 ;
+}

allianceauth/authentication/tasks.py

@@ -1,6 +1,6 @@
 import logging
 
-from esi.errors import TokenExpiredError, TokenInvalidError
+from esi.errors import TokenExpiredError, TokenInvalidError, IncompleteResponseError
 from esi.models import Token
 from celery import shared_task
 
@@ -20,13 +20,19 @@ def check_character_ownership(owner_hash):
             except (TokenExpiredError, TokenInvalidError):
                 t.delete()
                 continue
-
-            if t.character_owner_hash == old_hash:
+            except (KeyError, IncompleteResponseError):
+                # We can't validate the hash hasn't changed but also can't assume it has. Abort for now.
+                logger.warning("Failed to validate owner hash of {} due to problems contacting SSO servers.".format(
+                    tokens[0].character_name))
                 break
-            else:
-                logger.info('Character %s has changed ownership. Revoking %s tokens.' % (t.character_name, tokens.count()))
+
+            if not t.character_owner_hash == old_hash:
+                logger.info(
+                    f'Character {t.character_name} has changed ownership. Revoking {tokens.count()} tokens.')
                 tokens.delete()
-    else:
+            break
+
+    if not Token.objects.filter(character_owner_hash=owner_hash).exists():
         logger.info('No tokens found with owner hash %s. Revoking ownership.' % owner_hash)
         CharacterOwnership.objects.filter(owner_hash=owner_hash).delete()
 

allianceauth/authentication/templates/authentication/dashboard.html

@@ -1,86 +1,133 @@
 {% extends "allianceauth/base.html" %}
-{% load staticfiles %}
+{% load static %}
 {% load i18n %}
 
-{% block page_title %}{% trans "Dashboard" %}{% endblock %}
+{% block page_title %}{% translate "Dashboard" %}{% endblock %}
 
 {% block content %}
-    <h1 class="page-header text-center">{% trans "Dashboard" %}</h1>
+    <h1 class="page-header text-center">{% translate "Dashboard" %}</h1>
     {% if user.is_staff %}
         {% include 'allianceauth/admin-status/include.html' %}
     {% endif %}
     <div class="col-sm-12">
-        <div class="row vertical-flexbox-row">
+        <div class="row vertical-flexbox-row2">
             <div class="col-sm-6 text-center">
                 <div class="panel panel-primary" style="height:100%">
-                    <div class="panel-heading"><h3 class="panel-title">{% trans "Main Character" %}</h3></div>
+                    <div class="panel-heading">
+                        <h3 class="panel-title">
+                            {% blocktrans with state=request.user.profile.state %}
+                                Main Character (State: {{ state }})
+                            {% endblocktrans %}
+                        </h3>
+                    </div>
                     <div class="panel-body">
                         {% if request.user.profile.main_character %}
-                        {% with request.user.profile.main_character as main %}
-                        <div class="col-lg-4 col-sm-2">
-                            <table class="table">
-                                <tr>
-                                    <td class="text-center"><img class="ra-avatar"
-                                                                 src="https://image.eveonline.com/Character/{{ main.character_id }}_128.jpg">
-                                    </td>
-                                </tr>
-                                <tr>
-                                    <td class="text-center">{{ main.character_name }}</td>
-                                </tr>
-                            </table>
-                        </div>
-                        <div class="col-lg-4 col-sm-2">
-                            <table class="table">
-                                <tr>
-                                    <td class="text-center"><img class="ra-avatar"
-                                                                 src="https://image.eveonline.com/Corporation/{{ main.corporation_id }}_128.png">
-                                    </td>
-                                </tr>
-                                <tr>
-                                    <td class="text-center">{{ main.corporation_name }}</td>
-                                </tr>
-                            </table>
-                        </div>
-                        <div class="col-lg-4 col-sm-2">
-                            {% if main.alliance_id %}
-                            <table class="table">
-                                <tr>
-                                    <td class="text-center"><img class="ra-avatar"
-                                                                 src="https://image.eveonline.com/Alliance/{{ main.alliance_id }}_128.png">
-                                    </td>
-                                </tr>
-                                <tr>
-                                    <td class="text-center">{{ main.alliance_name }}</td>
-                                <tr>
-                            </table>
-                            {% endif %}
-                        </div>
-                        {% endwith %}
+                            {% with request.user.profile.main_character as main %}
+                                <div class="hidden-xs">
+                                    <div class="col-lg-4 col-sm-2">
+                                        <table class="table">
+                                            <tr>
+                                                <td class="text-center">
+                                                    <img class="ra-avatar"src="{{ main.portrait_url_128 }}">
+                                                </td>
+                                            </tr>
+                                            <tr>
+                                                <td class="text-center">{{ main.character_name }}</td>
+                                            </tr>
+                                        </table>
+                                    </div>
+                                    <div class="col-lg-4 col-sm-2">
+                                        <table class="table">
+                                            <tr>
+                                                <td class="text-center">
+                                                    <img class="ra-avatar"src="{{ main.corporation_logo_url_128 }}">
+                                                </td>
+                                            </tr>
+                                            <tr>
+                                                <td class="text-center">{{ main.corporation_name }}</td>
+                                            </tr>
+                                        </table>
+                                    </div>
+                                    <div class="col-lg-4 col-sm-2">
+                                        {% if main.alliance_id %}
+                                            <table class="table">
+                                                <tr>
+                                                    <td class="text-center">
+                                                        <img class="ra-avatar"src="{{ main.alliance_logo_url_128 }}">
+                                                    </td>
+                                                </tr>
+                                                <tr>
+                                                    <td class="text-center">{{ main.alliance_name }}</td>
+                                                <tr>
+                                            </table>
+                                        {% elif main.faction_id %}
+                                            <table class="table">
+                                                <tr>
+                                                    <td class="text-center">
+                                                        <img class="ra-avatar"src="{{ main.faction_logo_url_128 }}">
+                                                    </td>
+                                                </tr>
+                                                <tr>
+                                                    <td class="text-center">{{ main.faction_name }}</td>
+                                                <tr>
+                                            </table>
+                                        {% endif %}
+                                    </div>
+                                </div>
+                                <div class="table visible-xs-block">
+                                    <p>
+                                        <img class="ra-avatar" src="{{ main.portrait_url_64 }}">
+                                        <img class="ra-avatar" src="{{ main.corporation_logo_url_64 }}">
+                                        {% if main.alliance_id %}
+                                            <img class="ra-avatar" src="{{ main.alliance_logo_url_64 }}">
+                                        {% endif %}
+                                        {% if main.faction_id %}
+                                            <img class="ra-avatar" src="{{ main.faction_logo_url_64 }}">
+                                        {% endif %}
+                                    </p>
+                                    <p>
+                                        <strong>{{ main.character_name }}</strong><br>
+                                        {{ main.corporation_name }}<br>
+                                        {% if main.alliance_id %}
+                                            {{ main.alliance_name }}<br>
+                                        {% endif %}
+                                        {% if main.faction_id %}
+                                            {{ main.faction_name }}
+                                        {% endif %}
+                                    </p>
+                                </div>
+                            {% endwith %}
                         {% else %}
-                        <div class="alert alert-danger" role="alert">{% trans "Missing main character model." %}</div>
+                            <div class="alert alert-danger" role="alert">
+                                {% translate "No main character set." %}
+                            </div>
                         {% endif %}
                         <div class="clearfix"></div>
-                        <div class="col-xs-6">
-                            <a href="{% url 'authentication:add_character' %}" class="btn btn-block btn-info"
-                               title="Add Character">{% trans 'Add Character' %}</a>
-                        </div>
-                        <div class="col-xs-6">
-                            <a href="{% url 'authentication:change_main_character' %}" class="btn btn-block btn-info"
-                               title="Change Main Character">{% trans "Change Main" %}</a>
+                        <div class="row">
+                            <div class="col-sm-6 button-wrapper">
+                                <a href="{% url 'authentication:add_character' %}" class="btn btn-block btn-info"
+                                title="Add Character">{% translate 'Add Character' %}</a>
+                            </div>
+                            <div class="col-sm-6 button-wrapper">
+                                <a href="{% url 'authentication:change_main_character' %}" class="btn btn-block btn-info"
+                                title="Change Main Character">{% translate "Change Main" %}</a>
+                            </div>
                         </div>
                     </div>
                 </div>
             </div>
             <div class="col-sm-6 text-center">
                 <div class="panel panel-success" style="height:100%">
-                    <div class="panel-heading"><h3 class="panel-title">{% trans "Groups" %}</h3></div>
+                    <div class="panel-heading">
+                        <h3 class="panel-title">{% translate "Group Memberships" %}</h3>
+                    </div>
                     <div class="panel-body">
                         <div style="height: 240px;overflow:-moz-scrollbars-vertical;overflow-y:auto;">
-                            <table class="table table-striped">
-                                {% for group in user.groups.all %}
-                                <tr>
-                                    <td>{{ group.name }}</td>
-                                </tr>
+                            <table class="table table-aa">
+                                {% for group in groups %}
+                                    <tr>
+                                        <td>{{ group.name }}</td>
+                                    </tr>
                                 {% endfor %}
                             </table>
                         </div>
@@ -90,27 +137,48 @@
         </div>
         <div class="clearfix"></div>
         <div class="panel panel-default">
-            <div class="panel-heading" style="display:flex;"><h3 class="panel-title">{% trans 'Characters' %}</h3></div>
+            <div class="panel-heading">
+                <h3 class="panel-title text-center" style="text-align: center">
+                    {% translate 'Characters' %}
+                </h3>
+            </div>
             <div class="panel-body">
-                <table class="table table-hover">
-                    <tr>
-                        <th class="text-center"></th>
-                        <th class="text-center">{% trans 'Name' %}</th>
-                        <th class="text-center">{% trans 'Corp' %}</th>
-                        <th class="text-center">{% trans 'Alliance' %}</th>
-                    </tr>
-                    {% for ownership in request.user.character_ownerships.all %}
-                    {% with ownership.character as char %}
-                    <tr>
-                        <td class="text-center"><img class="ra-avatar img-circle"
-                                                     src="https://image.eveonline.com/Character/{{ char.character_id }}_32.jpg">
-                        </td>
-                        <td class="text-center">{{ char.character_name }}</td>
-                        <td class="text-center">{{ char.corporation_name }}</td>
-                        <td class="text-center">{{ char.alliance_name }}</td>
-                    </tr>
-                    {% endwith %}
-                    {% endfor %}
+                <table class="table table-aa hidden-xs">
+                    <thead>
+                        <tr>
+                            <th class="text-center"></th>
+                            <th class="text-center">{% translate 'Name' %}</th>
+                            <th class="text-center">{% translate 'Corp' %}</th>
+                            <th class="text-center">{% translate 'Alliance' %}</th>
+                        </tr>
+                    </thead>
+                    <tbody>
+                        {% for char in characters %}
+                            <tr>
+                                <td class="text-center"><img class="ra-avatar img-circle" src="{{ char.portrait_url_32 }}">
+                                </td>
+                                <td class="text-center">{{ char.character_name }}</td>
+                                <td class="text-center">{{ char.corporation_name }}</td>
+                                <td class="text-center">{{ char.alliance_name }}</td>
+                            </tr>
+                        {% endfor %}
+                    </tbody>
+                </table>
+                <table class="table table-aa visible-xs-block" style="width: 100%">
+                    <tbody>
+                        {% for char in characters %}
+                            <tr>
+                                <td class="text-center" style="vertical-align: middle">
+                                    <img class="ra-avatar img-circle" src="{{ char.portrait_url_32 }}">
+                                </td>
+                                <td class="text-center" style="vertical-align: middle; width: 100%">
+                                    <strong>{{ char.character_name }}</strong><br>
+                                    {{ char.corporation_name }}<br>
+                                    {{ char.alliance_name|default:"" }}
+                                </td>
+                            </tr>
+                        {% endfor %}
+                    </tbody>
                 </table>
             </div>
         </div>

allianceauth/authentication/templates/public/base.html

@@ -6,9 +6,13 @@
         <meta name="viewport" content="width=device-width, initial-scale=1">
         <meta name="description" content="">
         <meta name="author" content="">
+        <meta property="og:title" content="{{ SITE_NAME }}">
+        <meta property="og:image" content="{{ request.scheme }}://{{ request.get_host }}{% static 'icons/apple-touch-icon.png' %}">
+        <meta property="og:description" content="Alliance Auth - An auth system for EVE Online to help in-game organizations manage online service access.">
+
         {% include 'allianceauth/icons.html' %}
 
-        <title>{% block title %}{{ SITE_NAME }}{% endblock %}</title>
+        <title>{% block title %}{% block page_title %}{% endblock page_title %} - {{ SITE_NAME }}{% endblock title %}</title>
 
         {% include 'bundles/bootstrap-css.html' %}
         {% include 'bundles/fontawesome.html' %}
@@ -17,7 +21,7 @@
 
         <style>
             body {
-                background: url('{% static 'authentication/img/background.jpg' %}') no-repeat scroll;
+                background: url('{% static 'authentication/img/background.jpg' %}') no-repeat center center fixed;
                 -webkit-background-size: cover;
                 -moz-background-size: cover;
                 -o-background-size: cover;
@@ -48,4 +52,4 @@
             {% endblock %}
         </div>
     </body>
-</html>
+</html>

allianceauth/authentication/templates/public/lang_select.html

@@ -2,7 +2,6 @@
 <div class="dropdown">
     <form action="{% url 'set_language' %}" method="post">
         {% csrf_token %}
-        <input name="next" type="hidden" value="{{ request.get_full_path|slice:'3:' }}" />
         <select onchange="this.form.submit()" class="form-control" id="lang-select" name="language">
             {% get_language_info_list for LANGUAGES as languages %}
             {% for language in languages %}
@@ -12,4 +11,4 @@
             {% endfor %}
         </select>
     </form>
-</div>
+</div>

allianceauth/authentication/templates/public/login.html

@@ -1,10 +1,12 @@
 {% extends 'public/middle_box.html' %}
+
+{% load i18n %}
 {% load static %}
-{% block page_title %}Login{% endblock %}
+
+{% block page_title %}{% translate "Login" %}{% endblock %}
+
 {% block middle_box_content %}
-    <p style="text-align:center">
-        <a href="{% url 'auth_sso_login' %}">
-            <img src="{% static 'img/sso/EVE_SSO_Login_Buttons_Large_Black.png' %}" border=0>
-        </a>
-    </p>
-{% endblock %}
+    <a href="{% url 'auth_sso_login' %}{% if request.GET.next %}?next={{request.GET.next}}{%endif%}">
+        <img class="img-responsive center-block" src="{% static 'img/sso/EVE_SSO_Login_Buttons_Large_Black.png' %}" border=0>
+    </a>
+{% endblock %}

allianceauth/authentication/templates/public/middle_box.html

@@ -1,6 +1,5 @@
 {% extends 'public/base.html' %}
 {% load static %}
-{% block title %}Login{% endblock %}
 {% block content %}
     <div class="col-md-4 col-md-offset-4">
         {% if messages %}
@@ -21,4 +20,4 @@
 {% endblock %}
 {% block extra_include %}
     {% include 'bundles/bootstrap-js.html' %}
-{% endblock %}
+{% endblock %}

allianceauth/authentication/templates/public/register.html

@@ -1,13 +1,17 @@
-{% load staticfiles %}
+{% extends 'public/base.html' %}
+
+{% load static %}
 {% load bootstrap %}
 {% load i18n %}
-{% extends 'public/base.html' %}
-{% block page_title %}Registration{% endblock %}
+
+{% block page_title %}{% translate "Registration" %}{% endblock %}
+
 {% block extra_include %}
     {% include 'bundles/bootstrap-css.html' %}
     {% include 'bundles/fontawesome.html' %}
     {% include 'bundles/bootstrap-js.html' %}
 {% endblock %}
+
 {% block content %}
     <div class="col-md-4 col-md-offset-4">
         <div class="panel panel-default panel-transparent">
@@ -15,7 +19,7 @@
                 <form method="POST">
                     {% csrf_token %}
                     {{ form|bootstrap }}
-                    <button class="btn btn-lg btn-primary btn-block" type="submit">{% trans "Register" %}</button>
+                    <button class="btn btn-lg btn-primary btn-block" type="submit">{% translate "Register" %}</button>
                 </form>
             </div>
         </div>

allianceauth/authentication/templates/registration/activate.html

@@ -1,5 +1,5 @@
 {% extends 'public/middle_box.html' %}
 {% load i18n %}
 {% block middle_box_content %}
-    <div class="alert alert-danger">{% trans 'Invalid or expired activation link.' %}</div>
+    <div class="alert alert-danger">{% translate 'Invalid or expired activation link.' %}</div>
 {% endblock %}

allianceauth/authentication/templates/registration/activation_email.txt

@@ -1,9 +1,9 @@
 You're receiving this email because someone has entered this email address while registering for an account on {{ site.domain }}
 
-If this was you, please go to the following URL to confirm your email address:
+If this was you, please click on the link below to confirm your email address:
 
-{{ url }}
+{{ scheme }}://{{ url }}
 
 This link will expire in {{ expiration_days }} day(s).
 
-If this was not you, it is safe to ignore this email.
+If this was not you, it is safe to ignore this email.

allianceauth/authentication/templates/registration/activation_email_html.txt

@@ -0,0 +1,19 @@
+<p>
+    You're receiving this email because someone has entered this email address while registering for an account on {{ site.domain }}
+</p>
+
+<p>
+    If this was you, please click on the link below to confirm your email address:
+<p>
+
+<p>
+    <a href="{{ scheme }}://{{ url }}">Confirm email address</a>
+</p>
+
+<p>
+    This link will expire in {{ expiration_days }} day(s).
+</p>
+
+<p>
+    If this was not you, it is safe to ignore this email.
+</p>

allianceauth/authentication/templates/registration/activation_email_subject.txt

@@ -1 +1 @@
-Confirm your Alliance Auth account email address
+Confirm your Alliance Auth account email address

allianceauth/authentication/templates/registration/password_reset_email.html

@@ -1,14 +1,14 @@
 {% load i18n %}{% autoescape off %}
-    {% blocktrans %}You're receiving this email because you requested a password reset for your
+    {% blocktrans trimmed %}You're receiving this email because you requested a password reset for your
         user account.{% endblocktrans %}
 
-    {% trans "Please go to the following page and choose a new password:" %}
+    {% translate "Please go to the following page and choose a new password:" %}
     {% block reset_link %}
         {{domain}}{% url 'password_reset_confirm' uidb64=uid token=token %}
     {% endblock %}
-    {% trans "Your username, in case you've forgotten:" %} {{ user.get_username }}
+    {% translate "Your username, in case you've forgotten:" %} {{ user.get_username }}
 
-    {% trans "Thanks for using our site!" %}
+    {% translate "Thanks for using our site!" %}
 
     {% blocktrans %}Your IT Team{% endblocktrans %}
 

allianceauth/authentication/templates/registration/registration_form.html

@@ -2,13 +2,13 @@
 {% load bootstrap %}
 {% load i18n %}
 {% load static %}
-{% block page_title %}Register{% endblock %}
+{% block page_title %}{% translate "Register" %}{% endblock %}
 {% block middle_box_content %}
     <form class="form-signin" role="form" action="" method="POST">
         {% csrf_token %}
         {{ form|bootstrap }}
         <br/>
-        <button class="btn btn-lg btn-primary btn-block" type="submit">{% trans "Submit" %}</button>
+        <button class="btn btn-lg btn-primary btn-block" type="submit">{% translate "Submit" %}</button>
         <br/>
     </form>
 {% endblock %}

allianceauth/authentication/tests/__init__.py

@@ -0,0 +1,19 @@
+from django.urls import reverse
+
+
+def get_admin_change_view_url(obj: object) -> str:
+    """returns URL to admin change view for given object"""
+    return reverse(
+        'admin:{}_{}_change'.format(
+            obj._meta.app_label, type(obj).__name__.lower()
+        ),
+        args=(obj.pk,)
+    )
+
+
+def get_admin_search_url(ModelClass: type) -> str:
+    """returns URL to search URL for model of given object"""
+    return '{}{}/'.format(
+        reverse('admin:app_list', args=(ModelClass._meta.app_label,)),
+        ModelClass.__name__.lower()
+    )

allianceauth/authentication/tests/test_admin.py

@@ -0,0 +1,600 @@
+from urllib.parse import quote
+from unittest.mock import patch, MagicMock
+
+from django.contrib.admin.sites import AdminSite
+from django.contrib.auth.models import Group
+from django.test import TestCase, RequestFactory, Client
+
+from allianceauth.authentication.models import (
+    CharacterOwnership, State, OwnershipRecord
+)
+from allianceauth.eveonline.models import (
+    EveCharacter, EveCorporationInfo, EveAllianceInfo, EveFactionInfo
+)
+from allianceauth.services.hooks import ServicesHook
+from allianceauth.tests.auth_utils import AuthUtils
+
+from ..admin import (
+    BaseUserAdmin,
+    CharacterOwnershipAdmin,
+    StateAdmin,
+    MainCorporationsFilter,
+    MainAllianceFilter,
+    MainFactionFilter,
+    OwnershipRecordAdmin,
+    User,
+    UserAdmin,
+    user_main_organization,
+    user_profile_pic,
+    user_username,
+    update_main_character_model,
+    make_service_hooks_update_groups_action,
+    make_service_hooks_sync_nickname_action
+)
+from . import get_admin_change_view_url, get_admin_search_url
+
+
+MODULE_PATH = 'allianceauth.authentication.admin'
+
+
+class MockRequest:
+    def __init__(self, user=None):
+        self.user = user
+
+
+class TestCaseWithTestData(TestCase):
+
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
+
+        for MyModel in [
+            EveAllianceInfo, EveCorporationInfo, EveCharacter, Group, User
+        ]:
+            MyModel.objects.all().delete()
+
+        # groups
+        cls.group_1 = Group.objects.create(
+            name='Group 1'
+        )
+        cls.group_2 = Group.objects.create(
+            name='Group 2'
+        )
+
+        # user 1 - corp and alliance, normal user
+        character_1 = EveCharacter.objects.create(
+            character_id=1001,
+            character_name='Bruce Wayne',
+            corporation_id=2001,
+            corporation_name='Wayne Technologies',
+            corporation_ticker='WT',
+            alliance_id=3001,
+            alliance_name='Wayne Enterprises',
+            alliance_ticker='WE',
+        )
+        character_1a = EveCharacter.objects.create(
+            character_id=1002,
+            character_name='Batman',
+            corporation_id=2001,
+            corporation_name='Wayne Technologies',
+            corporation_ticker='WT',
+            alliance_id=3001,
+            alliance_name='Wayne Enterprises',
+            alliance_ticker='WE',
+        )
+        alliance = EveAllianceInfo.objects.create(
+            alliance_id=3001,
+            alliance_name='Wayne Enterprises',
+            alliance_ticker='WE',
+            executor_corp_id=2001
+        )
+        EveCorporationInfo.objects.create(
+            corporation_id=2001,
+            corporation_name='Wayne Technologies',
+            corporation_ticker='WT',
+            member_count=42,
+            alliance=alliance
+        )
+        cls.user_1 = User.objects.create_user(
+            character_1.character_name.replace(' ', '_'),
+            'abc@example.com',
+            'password'
+        )
+        CharacterOwnership.objects.create(
+            character=character_1,
+            owner_hash='x1' + character_1.character_name,
+            user=cls.user_1
+        )
+        CharacterOwnership.objects.create(
+            character=character_1a,
+            owner_hash='x1' + character_1a.character_name,
+            user=cls.user_1
+        )
+        cls.user_1.profile.main_character = character_1
+        cls.user_1.profile.save()
+        cls.user_1.groups.add(cls.group_1)
+
+        # user 2 - corp only, staff
+        character_2 = EveCharacter.objects.create(
+            character_id=1003,
+            character_name='Clark Kent',
+            corporation_id=2002,
+            corporation_name='Daily Planet',
+            corporation_ticker='DP',
+            alliance_id=None
+        )
+        EveCorporationInfo.objects.create(
+            corporation_id=2002,
+            corporation_name='Daily Plane',
+            corporation_ticker='DP',
+            member_count=99,
+            alliance=None
+        )
+        cls.user_2 = User.objects.create_user(
+            character_2.character_name.replace(' ', '_'),
+            'abc@example.com',
+            'password'
+        )
+        CharacterOwnership.objects.create(
+            character=character_2,
+            owner_hash='x1' + character_2.character_name,
+            user=cls.user_2
+        )
+        cls.user_2.profile.main_character = character_2
+        cls.user_2.profile.save()
+        cls.user_2.groups.add(cls.group_2)
+        cls.user_2.is_staff = True
+        cls.user_2.save()
+
+        # user 3 - no main, no group, superuser
+        character_3 = EveCharacter.objects.create(
+            character_id=1101,
+            character_name='Lex Luthor',
+            corporation_id=2101,
+            corporation_name='Lex Corp',
+            corporation_ticker='LC',
+            alliance_id=None
+        )
+        EveCorporationInfo.objects.create(
+            corporation_id=2101,
+            corporation_name='Lex Corp',
+            corporation_ticker='LC',
+            member_count=666,
+            alliance=None
+        )
+        EveAllianceInfo.objects.create(
+            alliance_id=3101,
+            alliance_name='Lex World Domination',
+            alliance_ticker='LWD',
+            executor_corp_id=2101
+        )
+        cls.user_3 = User.objects.create_user(
+            character_3.character_name.replace(' ', '_'),
+            'abc@example.com',
+            'password'
+        )
+        CharacterOwnership.objects.create(
+            character=character_3,
+            owner_hash='x1' + character_3.character_name,
+            user=cls.user_3
+        )
+        cls.user_3.is_superuser = True
+        cls.user_3.save()
+
+        # user 4 - corp and faction, no alliance
+        cls.character_4 = EveCharacter.objects.create(
+            character_id=4321,
+            character_name='Professor X',
+            corporation_id=5432,
+            corporation_name="Xavier's School for Gifted Youngsters",
+            corporation_ticker='MUTNT',
+            alliance_id = None,
+            faction_id=999,
+            faction_name='The X-Men',
+        )
+        cls.user_4 = User.objects.create_user(
+            cls.character_4.character_name.replace(' ', '_'),
+            'abc@example.com',
+            'password'
+        )
+        CharacterOwnership.objects.create(
+            character=cls.character_4,
+            owner_hash='x1' + cls.character_4.character_name,
+            user=cls.user_4
+        )
+        cls.user_4.profile.main_character = cls.character_4
+        cls.user_4.profile.save()
+        EveFactionInfo.objects.create(faction_id=999, faction_name='The X-Men')
+
+def make_generic_search_request(ModelClass: type, search_term: str):
+    User.objects.create_superuser(
+        username='superuser', password='secret', email='admin@example.com'
+    )
+    c = Client()
+    c.login(username='superuser', password='secret')
+    return c.get(
+        f'{get_admin_search_url(ModelClass)}?q={quote(search_term)}'
+    )
+
+
+class TestCharacterOwnershipAdmin(TestCaseWithTestData):
+
+    def setUp(self):
+        self.modeladmin = CharacterOwnershipAdmin(
+            model=User, admin_site=AdminSite()
+        )
+
+    def test_change_view_loads_normally(self):
+        User.objects.create_superuser(
+            username='superuser', password='secret', email='admin@example.com'
+        )
+        c = Client()
+        c.login(username='superuser', password='secret')
+        ownership = self.user_1.character_ownerships.first()
+        response = c.get(get_admin_change_view_url(ownership))
+        self.assertEqual(response.status_code, 200)
+
+    def test_search_works(self):
+        obj = CharacterOwnership.objects\
+            .filter(user=self.user_1)\
+            .first()
+        response = make_generic_search_request(type(obj), obj.user.username)
+        expected = 200
+        self.assertEqual(response.status_code, expected)
+
+
+class TestOwnershipRecordAdmin(TestCaseWithTestData):
+
+    def setUp(self):
+        self.modeladmin = OwnershipRecordAdmin(
+            model=User, admin_site=AdminSite()
+        )
+
+    def test_change_view_loads_normally(self):
+        User.objects.create_superuser(
+            username='superuser', password='secret', email='admin@example.com'
+        )
+        c = Client()
+        c.login(username='superuser', password='secret')
+        ownership_record = OwnershipRecord.objects\
+            .filter(user=self.user_1)\
+            .first()
+        response = c.get(get_admin_change_view_url(ownership_record))
+        self.assertEqual(response.status_code, 200)
+
+    def test_search_works(self):
+        obj = OwnershipRecord.objects.first()
+        response = make_generic_search_request(type(obj), obj.user.username)
+        expected = 200
+        self.assertEqual(response.status_code, expected)
+
+
+class TestStateAdmin(TestCaseWithTestData):
+
+    def setUp(self):
+        self.modeladmin = StateAdmin(
+            model=User, admin_site=AdminSite()
+        )
+
+    def test_change_view_loads_normally(self):
+        User.objects.create_superuser(
+            username='superuser', password='secret', email='admin@example.com'
+        )
+        c = Client()
+        c.login(username='superuser', password='secret')
+
+        guest_state = AuthUtils.get_guest_state()
+        response = c.get(get_admin_change_view_url(guest_state))
+        self.assertEqual(response.status_code, 200)
+
+        member_state = AuthUtils.get_member_state()
+        response = c.get(get_admin_change_view_url(member_state))
+        self.assertEqual(response.status_code, 200)
+
+    def test_search_works(self):
+        obj = State.objects.first()
+        response = make_generic_search_request(type(obj), obj.name)
+        expected = 200
+        self.assertEqual(response.status_code, expected)
+
+
+class TestUserAdmin(TestCaseWithTestData):
+
+    def setUp(self):
+        self.factory = RequestFactory()
+        self.modeladmin = UserAdmin(
+            model=User, admin_site=AdminSite()
+        )
+        self.character_1 = self.user_1.character_ownerships.first().character
+
+    def test_user_profile_pic_u1(self):
+        expected = (
+            '<img src="https://images.evetech.net/characters/1001/'
+            'portrait?size=32" class="img-circle">'
+        )
+        self.assertEqual(user_profile_pic(self.user_1), expected)
+
+    def test_user_profile_pic_u3(self):
+        self.assertIsNone(user_profile_pic(self.user_3))
+
+    def test_user_username_u1(self):
+        expected = (
+            '<strong><a href="/admin/authentication/user/{}/change/">'
+            'Bruce_Wayne</a></strong><br>Bruce Wayne'.format(self.user_1.pk)
+        )
+        self.assertEqual(user_username(self.user_1), expected)
+
+    def test_user_username_u3(self):
+        expected = (
+            '<strong><a href="/admin/authentication/user/{}/change/">'
+            'Lex_Luthor</a></strong>'.format(self.user_3.pk)
+        )
+        self.assertEqual(user_username(self.user_3), expected)
+
+    def test_user_main_organization_u1(self):
+        expected = 'Wayne Technologies<br>Wayne Enterprises'
+        self.assertEqual(user_main_organization(self.user_1), expected)
+
+    def test_user_main_organization_u2(self):
+        expected = 'Daily Planet'
+        self.assertEqual(user_main_organization(self.user_2), expected)
+
+    def test_user_main_organization_u3(self):
+        expected = ''
+        self.assertEqual(user_main_organization(self.user_3), expected)
+
+    def test_user_main_organization_u4(self):
+        expected="Xavier's School for Gifted Youngsters<br>The X-Men"
+        self.assertEqual(user_main_organization(self.user_4), expected)
+
+    def test_characters_u1(self):
+        expected = 'Batman, Bruce Wayne'
+        result = self.modeladmin._characters(self.user_1)
+        self.assertEqual(result, expected)
+
+    def test_characters_u2(self):
+        expected = 'Clark Kent'
+        result = self.modeladmin._characters(self.user_2)
+        self.assertEqual(result, expected)
+
+    def test_characters_u3(self):
+        expected = 'Lex Luthor'
+        result = self.modeladmin._characters(self.user_3)
+        self.assertEqual(result, expected)
+
+    def test_groups_u1(self):
+        expected = 'Group 1'
+        result = self.modeladmin._groups(self.user_1)
+        self.assertEqual(result, expected)
+
+    def test_groups_u2(self):
+        expected = 'Group 2'
+        result = self.modeladmin._groups(self.user_2)
+        self.assertEqual(result, expected)
+
+    def test_groups_u3(self):
+        result = self.modeladmin._groups(self.user_3)
+        self.assertIsNone(result)
+
+    def test_state(self):
+        expected = 'Guest'
+        result = self.modeladmin._state(self.user_1)
+        self.assertEqual(result, expected)
+
+    def test_role_u1(self):
+        expected = 'User'
+        result = self.modeladmin._role(self.user_1)
+        self.assertEqual(result, expected)
+
+    def test_role_u2(self):
+        expected = 'Staff'
+        result = self.modeladmin._role(self.user_2)
+        self.assertEqual(result, expected)
+
+    def test_role_u3(self):
+        expected = 'Superuser'
+        result = self.modeladmin._role(self.user_3)
+        self.assertEqual(result, expected)
+
+    def test_list_2_html_w_tooltips_no_cutoff(self):
+        items = ['one', 'two', 'three']
+        expected = 'one, two, three'
+        result = self.modeladmin._list_2_html_w_tooltips(items, 5)
+        self.assertEqual(expected, result)
+
+    def test_list_2_html_w_tooltips_w_cutoff(self):
+        items = ['one', 'two', 'three']
+        expected = (
+            '<span data-tooltip="one, two, three" '
+            'class="tooltip">one, two, (...)</span>'
+        )
+        result = self.modeladmin._list_2_html_w_tooltips(items, 2)
+        self.assertEqual(expected, result)
+
+    def test_list_2_html_w_tooltips_empty_list(self):
+        items = []
+        expected = None
+        result = self.modeladmin._list_2_html_w_tooltips(items, 5)
+        self.assertEqual(expected, result)
+
+    # actions
+
+    @patch(MODULE_PATH + '.UserAdmin.message_user', auto_spec=True, unsafe=True)
+    @patch(MODULE_PATH + '.update_character')
+    def test_action_update_main_character_model(
+        self, mock_task, mock_message_user
+    ):
+        users_qs = User.objects.filter(pk__in=[self.user_1.pk, self.user_2.pk])
+        update_main_character_model(
+            self.modeladmin, MockRequest(self.user_1), users_qs
+        )
+        self.assertEqual(mock_task.delay.call_count, 2)
+        self.assertTrue(mock_message_user.called)
+
+    # filters
+
+    def test_filter_main_corporations(self):
+
+        class UserAdminTest(BaseUserAdmin):
+            list_filter = (MainCorporationsFilter,)
+
+        my_modeladmin = UserAdminTest(User, AdminSite())
+
+        # Make sure the lookups are correct
+        request = self.factory.get('/')
+        request.user = self.user_1
+        changelist = my_modeladmin.get_changelist_instance(request)
+        filters = changelist.get_filters(request)
+        filterspec = filters[0][0]
+        expected = [
+            (2002, 'Daily Planet'),
+            (2001, 'Wayne Technologies'),
+            (5432, "Xavier's School for Gifted Youngsters"),
+        ]
+        self.assertEqual(filterspec.lookup_choices, expected)
+
+        # Make sure the correct queryset is returned
+        request = self.factory.get(
+            '/',
+            {'main_corporation_id__exact': self.character_1.corporation_id}
+        )
+        request.user = self.user_1
+        changelist = my_modeladmin.get_changelist_instance(request)
+        queryset = changelist.get_queryset(request)
+        expected = [self.user_1]
+        self.assertSetEqual(set(queryset), set(expected))
+
+    def test_filter_main_alliances(self):
+
+        class UserAdminTest(BaseUserAdmin):
+            list_filter = (MainAllianceFilter,)
+
+        my_modeladmin = UserAdminTest(User, AdminSite())
+
+        # Make sure the lookups are correct
+        request = self.factory.get('/')
+        request.user = self.user_1
+        changelist = my_modeladmin.get_changelist_instance(request)
+        filters = changelist.get_filters(request)
+        filterspec = filters[0][0]
+        expected = [
+            (3001, 'Wayne Enterprises'),
+        ]
+        self.assertEqual(filterspec.lookup_choices, expected)
+
+        # Make sure the correct queryset is returned
+        request = self.factory.get(
+            '/',
+            {'main_alliance_id__exact': self.character_1.alliance_id}
+        )
+        request.user = self.user_1
+        changelist = my_modeladmin.get_changelist_instance(request)
+        queryset = changelist.get_queryset(request)
+        expected = [self.user_1]
+        self.assertSetEqual(set(queryset), set(expected))
+
+    def test_filter_main_factions(self):
+        class UserAdminTest(BaseUserAdmin):
+            list_filter = (MainFactionFilter,)
+
+        my_modeladmin = UserAdminTest(User, AdminSite())
+
+        # Make sure the lookups are correct
+        request = self.factory.get('/')
+        request.user = self.user_4
+        changelist = my_modeladmin.get_changelist_instance(request)
+        filters = changelist.get_filters(request)
+        filterspec = filters[0][0]
+        expected = [
+            (999, 'The X-Men'),
+        ]
+        self.assertEqual(filterspec.lookup_choices, expected)
+
+        # Make sure the correct queryset is returned
+        request = self.factory.get(
+            '/',
+            {'main_faction_id__exact': self.character_4.faction_id}
+        )
+        request.user = self.user_4
+        changelist = my_modeladmin.get_changelist_instance(request)
+        queryset = changelist.get_queryset(request)
+        expected = [self.user_4]
+        self.assertSetEqual(set(queryset), set(expected))
+
+    def test_change_view_loads_normally(self):
+        User.objects.create_superuser(
+            username='superuser', password='secret', email='admin@example.com'
+        )
+        c = Client()
+        c.login(username='superuser', password='secret')
+        response = c.get(get_admin_change_view_url(self.user_1))
+        self.assertEqual(response.status_code, 200)
+
+    def test_search_works(self):
+        obj = User.objects.first()
+        response = make_generic_search_request(type(obj), obj.username)
+        expected = 200
+        self.assertEqual(response.status_code, expected)
+
+
+class TestMakeServicesHooksActions(TestCaseWithTestData):
+
+    class MyServicesHookTypeA(ServicesHook):
+
+        def __init__(self):
+            super().__init__()
+            self.name = 'My Service A'
+
+        def update_groups(self, user):
+            pass
+
+        def sync_nicknames(self, user):
+            pass
+
+    class MyServicesHookTypeB(ServicesHook):
+
+        def __init__(self):
+            super().__init__()
+            self.name = 'My Service B'
+
+        def update_groups(self, user):
+            pass
+
+        def update_groups_bulk(self, user):
+            pass
+
+        def sync_nicknames(self, user):
+            pass
+
+        def sync_nicknames_bulk(self, user):
+            pass
+
+    def test_service_has_update_groups_only(self):
+        service = self.MyServicesHookTypeA()
+        mock_service = MagicMock(spec=service)
+        action = make_service_hooks_update_groups_action(mock_service)
+        action(MagicMock(), MagicMock(), [self.user_1])
+        self.assertTrue(mock_service.update_groups.called)
+
+    def test_service_has_update_groups_bulk(self):
+        service = self.MyServicesHookTypeB()
+        mock_service = MagicMock(spec=service)
+        action = make_service_hooks_update_groups_action(mock_service)
+        action(MagicMock(), MagicMock(), [self.user_1])
+        self.assertFalse(mock_service.update_groups.called)
+        self.assertTrue(mock_service.update_groups_bulk.called)
+
+    def test_service_has_sync_nickname_only(self):
+        service = self.MyServicesHookTypeA()
+        mock_service = MagicMock(spec=service)
+        action = make_service_hooks_sync_nickname_action(mock_service)
+        action(MagicMock(), MagicMock(), [self.user_1])
+        self.assertTrue(mock_service.sync_nickname.called)
+
+    def test_service_has_sync_nicknames_bulk(self):
+        service = self.MyServicesHookTypeB()
+        mock_service = MagicMock(spec=service)
+        action = make_service_hooks_sync_nickname_action(mock_service)
+        action(MagicMock(), MagicMock(), [self.user_1])
+        self.assertFalse(mock_service.sync_nickname.called)
+        self.assertTrue(mock_service.sync_nicknames_bulk.called)

allianceauth/authentication/tests/test_app_settings.py

@@ -0,0 +1,102 @@
+from unittest.mock import Mock, patch
+from django.test import TestCase
+
+from .. import app_settings
+
+MODULE_PATH = 'allianceauth.authentication'
+
+
+class TestSetAppSetting(TestCase):
+
+    @patch(MODULE_PATH + '.app_settings.settings')
+    def test_default_if_not_set(self, mock_settings):
+        mock_settings.TEST_SETTING_DUMMY = Mock(spec=None)
+        result = app_settings._clean_setting(
+            'TEST_SETTING_DUMMY',
+            False,
+        )
+        self.assertEqual(result, False)
+
+    @patch(MODULE_PATH + '.app_settings.settings')
+    def test_default_if_not_set_for_none(self, mock_settings):
+        mock_settings.TEST_SETTING_DUMMY = Mock(spec=None)
+        result = app_settings._clean_setting(
+            'TEST_SETTING_DUMMY',
+            None,
+            required_type=int
+        )
+        self.assertEqual(result, None)
+
+    @patch(MODULE_PATH + '.app_settings.settings')
+    def test_true_stays_true(self, mock_settings):
+        mock_settings.TEST_SETTING_DUMMY = True
+        result = app_settings._clean_setting(
+            'TEST_SETTING_DUMMY',
+            False,
+        )
+        self.assertEqual(result, True)
+
+    @patch(MODULE_PATH + '.app_settings.settings')
+    def test_false_stays_false(self, mock_settings):
+        mock_settings.TEST_SETTING_DUMMY = False
+        result = app_settings._clean_setting(
+            'TEST_SETTING_DUMMY',
+            False
+        )
+        self.assertEqual(result, False)
+
+    @patch(MODULE_PATH + '.app_settings.settings')
+    def test_default_for_invalid_type_bool(self, mock_settings):
+        mock_settings.TEST_SETTING_DUMMY = 'invalid type'
+        result = app_settings._clean_setting(
+            'TEST_SETTING_DUMMY',
+            False
+        )
+        self.assertEqual(result, False)
+
+    @patch(MODULE_PATH + '.app_settings.settings')
+    def test_default_for_invalid_type_int(self, mock_settings):
+        mock_settings.TEST_SETTING_DUMMY = 'invalid type'
+        result = app_settings._clean_setting(
+            'TEST_SETTING_DUMMY',
+            50
+        )
+        self.assertEqual(result, 50)
+
+    @patch(MODULE_PATH + '.app_settings.settings')
+    def test_default_if_below_minimum_1(self, mock_settings):
+        mock_settings.TEST_SETTING_DUMMY = -5
+        result = app_settings._clean_setting(
+            'TEST_SETTING_DUMMY',
+            default_value=50
+        )
+        self.assertEqual(result, 50)
+
+    @patch(MODULE_PATH + '.app_settings.settings')
+    def test_default_if_below_minimum_2(self, mock_settings):
+        mock_settings.TEST_SETTING_DUMMY = -50
+        result = app_settings._clean_setting(
+            'TEST_SETTING_DUMMY',
+            default_value=50,
+            min_value=-10
+        )
+        self.assertEqual(result, 50)
+
+    @patch(MODULE_PATH + '.app_settings.settings')
+    def test_default_for_invalid_type_int(self, mock_settings):
+        mock_settings.TEST_SETTING_DUMMY = 1000
+        result = app_settings._clean_setting(
+            'TEST_SETTING_DUMMY',
+            default_value=50,
+            max_value=100
+        )
+        self.assertEqual(result, 50)
+
+    @patch(MODULE_PATH + '.app_settings.settings')
+    def test_default_is_none_needs_required_type(self, mock_settings):
+        mock_settings.TEST_SETTING_DUMMY = 'invalid type'
+        with self.assertRaises(ValueError):
+            result = app_settings._clean_setting(
+                'TEST_SETTING_DUMMY',
+                default_value=None
+            )

allianceauth/authentication/tests/test_backend.py

@@ -0,0 +1,149 @@
+from django.contrib.auth.models import User, Group
+from django.test import TestCase
+
+from allianceauth.eveonline.models import EveCharacter
+from allianceauth.tests.auth_utils import AuthUtils
+
+from esi.models import Token
+
+from ..backends import StateBackend
+from ..models import CharacterOwnership, UserProfile, OwnershipRecord
+
+MODULE_PATH = 'allianceauth.authentication'
+
+PERMISSION_1 = "authentication.add_user"
+PERMISSION_2 = "authentication.change_user"
+
+
+class TestStatePermissions(TestCase):
+
+    def setUp(self):
+        # permissions
+        self.permission_1 = AuthUtils.get_permission_by_name(PERMISSION_1)
+        self.permission_2 = AuthUtils.get_permission_by_name(PERMISSION_2)
+
+        # group
+        self.group_1 = Group.objects.create(name="Group 1")
+        self.group_2 = Group.objects.create(name="Group 2")
+
+        # state
+        self.state_1 = AuthUtils.get_member_state()
+        self.state_2 = AuthUtils.create_state("Other State", 75)
+
+        # user
+        self.user = AuthUtils.create_user("Bruce Wayne")
+        self.main = AuthUtils.add_main_character_2(self.user, self.user.username, 123)
+
+    def test_user_has_user_permissions(self):
+        self.user.user_permissions.add(self.permission_1)
+
+        user = User.objects.get(pk=self.user.pk)
+        self.assertTrue(user.has_perm(PERMISSION_1))
+
+    def test_user_has_group_permissions(self):
+        self.group_1.permissions.add(self.permission_1)
+        self.user.groups.add(self.group_1)
+
+        user = User.objects.get(pk=self.user.pk)
+        self.assertTrue(user.has_perm(PERMISSION_1))
+
+    def test_user_has_state_permissions(self):
+        self.state_1.permissions.add(self.permission_1)
+        self.state_1.member_characters.add(self.main)
+        user = User.objects.get(pk=self.user.pk)
+
+        self.assertTrue(user.has_perm(PERMISSION_1))
+
+    def test_when_user_changes_state_perms_change_accordingly(self):
+        self.state_1.permissions.add(self.permission_1)
+        self.state_1.member_characters.add(self.main)
+        user = User.objects.get(pk=self.user.pk)
+        self.assertTrue(user.has_perm(PERMISSION_1))
+
+        self.state_2.permissions.add(self.permission_2)
+        self.state_2.member_characters.add(self.main)
+        self.state_1.member_characters.remove(self.main)
+        user = User.objects.get(pk=self.user.pk)
+        self.assertFalse(user.has_perm(PERMISSION_1))
+        self.assertTrue(user.has_perm(PERMISSION_2))
+
+    def test_state_permissions_are_returned_for_current_user_object(self):
+        # verify state permissions are returns for the current user object
+        # and not for it's instance in the database, which might be outdated
+        self.state_1.permissions.add(self.permission_1)
+        self.state_2.permissions.add(self.permission_2)
+        self.state_1.member_characters.add(self.main)
+        user = User.objects.get(pk=self.user.pk)
+        user.profile.state = self.state_2
+        self.assertFalse(user.has_perm(PERMISSION_1))
+        self.assertTrue(user.has_perm(PERMISSION_2))
+
+
+class TestAuthenticate(TestCase):
+    @classmethod
+    def setUpTestData(cls):
+        cls.main_character = EveCharacter.objects.create(
+            character_id=1,
+            character_name='Main Character',
+            corporation_id=1,
+            corporation_name='Corp',
+            corporation_ticker='CORP',
+        )
+        cls.alt_character = EveCharacter.objects.create(
+            character_id=2,
+            character_name='Alt Character',
+            corporation_id=1,
+            corporation_name='Corp',
+            corporation_ticker='CORP',
+        )
+        cls.unclaimed_character = EveCharacter.objects.create(
+            character_id=3,
+            character_name='Unclaimed Character',
+            corporation_id=1,
+            corporation_name='Corp',
+            corporation_ticker='CORP',
+        )
+        cls.user = AuthUtils.create_user('test_user', disconnect_signals=True)
+        cls.old_user = AuthUtils.create_user('old_user', disconnect_signals=True)
+        AuthUtils.disconnect_signals()
+        CharacterOwnership.objects.create(user=cls.user, character=cls.main_character, owner_hash='1')
+        CharacterOwnership.objects.create(user=cls.user, character=cls.alt_character, owner_hash='2')
+        UserProfile.objects.update_or_create(user=cls.user, defaults={'main_character': cls.main_character})
+        AuthUtils.connect_signals()
+
+    def test_authenticate_main_character(self):
+        t = Token(character_id=self.main_character.character_id, character_owner_hash='1')
+        user = StateBackend().authenticate(token=t)
+        self.assertEqual(user, self.user)
+
+    def test_authenticate_alt_character(self):
+        t = Token(character_id=self.alt_character.character_id, character_owner_hash='2')
+        user = StateBackend().authenticate(token=t)
+        self.assertEqual(user, self.user)
+
+    def test_authenticate_unclaimed_character(self):
+        t = Token(character_id=self.unclaimed_character.character_id, character_name=self.unclaimed_character.character_name, character_owner_hash='3')
+        user = StateBackend().authenticate(token=t)
+        self.assertNotEqual(user, self.user)
+        self.assertEqual(user.username, 'Unclaimed_Character')
+        self.assertEqual(user.profile.main_character, self.unclaimed_character)
+
+    def test_authenticate_character_record(self):
+        t = Token(character_id=self.unclaimed_character.character_id, character_name=self.unclaimed_character.character_name, character_owner_hash='4')
+        OwnershipRecord.objects.create(user=self.old_user, character=self.unclaimed_character, owner_hash='4')
+        user = StateBackend().authenticate(token=t)
+        self.assertEqual(user, self.old_user)
+        self.assertTrue(CharacterOwnership.objects.filter(owner_hash='4', user=self.old_user).exists())
+        self.assertTrue(user.profile.main_character)
+
+    def test_iterate_username(self):
+        t = Token(character_id=self.unclaimed_character.character_id,
+                    character_name=self.unclaimed_character.character_name, character_owner_hash='3')
+        username = StateBackend().authenticate(token=t).username
+        t.character_owner_hash = '4'
+        username_1 = StateBackend().authenticate(token=t).username
+        t.character_owner_hash = '5'
+        username_2 = StateBackend().authenticate(token=t).username
+        self.assertNotEqual(username, username_1, username_2)
+        self.assertTrue(username_1.endswith('_1'))
+        self.assertTrue(username_2.endswith('_2'))

allianceauth/authentication/tests/test_commands.py

@@ -0,0 +1,35 @@
+from io import StringIO
+
+from django.core.management import call_command
+from django.test import TestCase
+
+from allianceauth.tests.auth_utils import AuthUtils
+
+from ..models import CharacterOwnership, UserProfile
+
+
+class ManagementCommandTestCase(TestCase):
+    @classmethod
+    def setUpTestData(cls):
+        cls.user = AuthUtils.create_user('test user', disconnect_signals=True)
+        AuthUtils.add_main_character(cls.user, 'test character', '1', '2', 'test corp', 'test')
+        character = UserProfile.objects.get(user=cls.user).main_character
+        CharacterOwnership.objects.create(user=cls.user, character=character, owner_hash='test')
+
+    def setUp(self):
+        self.stdout = StringIO()
+
+    def test_ownership(self):
+        call_command('checkmains', stdout=self.stdout)
+        self.assertFalse(UserProfile.objects.filter(main_character__isnull=True).count())
+        self.assertNotIn(self.user.username, self.stdout.getvalue())
+        self.assertIn('All main characters', self.stdout.getvalue())
+
+    def test_no_ownership(self):
+        user = AuthUtils.create_user('v1 user', disconnect_signals=True)
+        AuthUtils.add_main_character(user, 'v1 character', '10', '20', 'test corp', 'test')
+        self.assertFalse(UserProfile.objects.filter(main_character__isnull=True).count())
+
+        call_command('checkmains', stdout=self.stdout)
+        self.assertEqual(UserProfile.objects.filter(main_character__isnull=True).count(), 1)
+        self.assertIn(user.username, self.stdout.getvalue())

allianceauth/authentication/tests/test_decorators.py

@@ -0,0 +1,68 @@
+from unittest import mock
+from urllib import parse
+
+from django.conf import settings
+from django.contrib.auth.models import AnonymousUser
+from django.http.response import HttpResponse
+from django.shortcuts import reverse
+from django.test import TestCase
+from django.test.client import RequestFactory
+
+from allianceauth.eveonline.models import EveCharacter
+from allianceauth.tests.auth_utils import AuthUtils
+
+from ..decorators import main_character_required
+from ..models import CharacterOwnership
+
+
+MODULE_PATH = 'allianceauth.authentication'
+
+
+class DecoratorTestCase(TestCase):
+    @staticmethod
+    @main_character_required
+    def dummy_view(*args, **kwargs):
+        return HttpResponse(status=200)
+
+    @classmethod
+    def setUpTestData(cls):
+        cls.main_user = AuthUtils.create_user('main_user', disconnect_signals=True)
+        cls.no_main_user = AuthUtils.create_user(
+            'no_main_user', disconnect_signals=True
+        )
+        main_character = EveCharacter.objects.create(
+            character_id=1,
+            character_name='Main Character',
+            corporation_id=1,
+            corporation_name='Corp',
+            corporation_ticker='CORP',
+        )
+        CharacterOwnership.objects.create(
+            user=cls.main_user, character=main_character, owner_hash='1'
+        )
+        cls.main_user.profile.main_character = main_character
+
+    def setUp(self):
+        self.request = RequestFactory().get('/test/')
+
+    @mock.patch(MODULE_PATH + '.decorators.messages')
+    def test_login_redirect(self, m):
+        setattr(self.request, 'user', AnonymousUser())
+        response = self.dummy_view(self.request)
+        self.assertEqual(response.status_code, 302)
+        url = getattr(response, 'url', None)
+        self.assertEqual(parse.urlparse(url).path, reverse(settings.LOGIN_URL))
+
+    @mock.patch(MODULE_PATH + '.decorators.messages')
+    def test_main_character_redirect(self, m):
+        setattr(self.request, 'user', self.no_main_user)
+        response = self.dummy_view(self.request)
+        self.assertEqual(response.status_code, 302)
+        url = getattr(response, 'url', None)
+        self.assertEqual(url, reverse('authentication:dashboard'))
+
+    @mock.patch(MODULE_PATH + '.decorators.messages')
+    def test_successful_request(self, m):
+        setattr(self.request, 'user', self.main_user)
+        response = self.dummy_view(self.request)
+        self.assertEqual(response.status_code, 200)

allianceauth/authentication/tests/test_models.py

@@ -1,74 +1,18 @@
 from unittest import mock
 
-from django.test import TestCase
 from django.contrib.auth.models import User
+from django.test import TestCase
+
+from allianceauth.eveonline.models import EveCharacter, EveCorporationInfo,\
+    EveAllianceInfo, EveFactionInfo
 from allianceauth.tests.auth_utils import AuthUtils
-from .models import CharacterOwnership, UserProfile, State, get_guest_state
-from .backends import StateBackend
-from .tasks import check_character_ownership
-from allianceauth.eveonline.models import EveCharacter, EveCorporationInfo, EveAllianceInfo
+from esi.errors import IncompleteResponseError
 from esi.models import Token
 
+from ..models import CharacterOwnership, State, get_guest_state
+from ..tasks import check_character_ownership
 
-class BackendTestCase(TestCase):
-    @classmethod
-    def setUpTestData(cls):
-        cls.main_character = EveCharacter.objects.create(
-            character_id=1,
-            character_name='Main Character',
-            corporation_id=1,
-            corporation_name='Corp',
-            corporation_ticker='CORP',
-        )
-        cls.alt_character = EveCharacter.objects.create(
-            character_id=2,
-            character_name='Alt Character',
-            corporation_id=1,
-            corporation_name='Corp',
-            corporation_ticker='CORP',
-        )
-        cls.unclaimed_character = EveCharacter.objects.create(
-            character_id=3,
-            character_name='Unclaimed Character',
-            corporation_id=1,
-            corporation_name='Corp',
-            corporation_ticker='CORP',
-        )
-        cls.user = AuthUtils.create_user('test_user', disconnect_signals=True)
-        AuthUtils.disconnect_signals()
-        CharacterOwnership.objects.create(user=cls.user, character=cls.main_character, owner_hash='1')
-        CharacterOwnership.objects.create(user=cls.user, character=cls.alt_character, owner_hash='2')
-        UserProfile.objects.update_or_create(user=cls.user, defaults={'main_character': cls.main_character})
-        AuthUtils.connect_signals()
-
-    def test_authenticate_main_character(self):
-        t = Token(character_id=self.main_character.character_id, character_owner_hash='1')
-        user = StateBackend().authenticate(token=t)
-        self.assertEquals(user, self.user)
-
-    def test_authenticate_alt_character(self):
-        t = Token(character_id=self.alt_character.character_id, character_owner_hash='2')
-        user = StateBackend().authenticate(token=t)
-        self.assertEquals(user, self.user)
-
-    def test_authenticate_unclaimed_character(self):
-        t = Token(character_id=self.unclaimed_character.character_id, character_name=self.unclaimed_character.character_name, character_owner_hash='3')
-        user = StateBackend().authenticate(token=t)
-        self.assertNotEqual(user, self.user)
-        self.assertEqual(user.username, 'Unclaimed_Character')
-        self.assertEqual(user.profile.main_character, self.unclaimed_character)
-
-    def test_iterate_username(self):
-        t = Token(character_id=self.unclaimed_character.character_id,
-                  character_name=self.unclaimed_character.character_name, character_owner_hash='3')
-        username = StateBackend().authenticate(token=t).username
-        t.character_owner_hash = '4'
-        username_1 = StateBackend().authenticate(token=t).username
-        t.character_owner_hash = '5'
-        username_2 = StateBackend().authenticate(token=t).username
-        self.assertNotEqual(username, username_1, username_2)
-        self.assertTrue(username_1.endswith('_1'))
-        self.assertTrue(username_2.endswith('_2'))
+MODULE_PATH = 'allianceauth.authentication'
 
 
 class CharacterOwnershipTestCase(TestCase):
@@ -92,8 +36,8 @@ class CharacterOwnershipTestCase(TestCase):
             character_owner_hash='1',
         )
         co = CharacterOwnership.objects.get(character=self.character)
-        self.assertEquals(co.user, self.user)
-        self.assertEquals(co.owner_hash, '1')
+        self.assertEqual(co.user, self.user)
+        self.assertEqual(co.owner_hash, '1')
 
     def test_transfer_ownership(self):
         Token.objects.create(
@@ -110,7 +54,7 @@ class CharacterOwnershipTestCase(TestCase):
         )
         co = CharacterOwnership.objects.get(character=self.character)
         self.assertNotEqual(self.user, co.user)
-        self.assertEquals(self.alt_user, co.user)
+        self.assertEqual(self.alt_user, co.user)
 
     def test_clear_main_character(self):
         Token.objects.create(
@@ -130,41 +74,21 @@ class CharacterOwnershipTestCase(TestCase):
         self.user = User.objects.get(pk=self.user.pk)
         self.assertIsNone(self.user.profile.main_character)
 
-    @mock.patch('esi.models.Token.update_token_data')
-    def test_character_ownership_check(self, update_token_data):
-        t = Token.objects.create(
-            user=self.user,
-            character_id=self.character.character_id,
-            character_name=self.character.character_name,
-            character_owner_hash='1',
-        )
-        co = CharacterOwnership.objects.get(owner_hash='1')
-        check_character_ownership(co.owner_hash)
-        self.assertTrue(CharacterOwnership.objects.filter(owner_hash='1').exists())
-
-        t.character_owner_hash = '2'
-        t.save()
-        check_character_ownership(co.owner_hash)
-        self.assertFalse(CharacterOwnership.objects.filter(owner_hash='1').exists())
-
-        t.delete()
-        co = CharacterOwnership.objects.create(user=self.user, character=self.character, owner_hash='3')
-        check_character_ownership(co.owner_hash)
-        self.assertFalse(CharacterOwnership.objects.filter(owner_hash='3').exists())
-
 
 class StateTestCase(TestCase):
     @classmethod
     def setUpTestData(cls):
         cls.user = AuthUtils.create_user('test_user', disconnect_signals=True)
         AuthUtils.add_main_character(cls.user, 'Test Character', '1', corp_id='1', alliance_id='1',
-                                     corp_name='Test Corp', alliance_name='Test Alliance')
+                                    corp_name='Test Corp', alliance_name='Test Alliance', faction_id=1337,
+                                    faction_name='Permabanned')
         cls.guest_state = get_guest_state()
         cls.test_character = EveCharacter.objects.get(character_id='1')
         cls.test_corporation = EveCorporationInfo.objects.create(corporation_id='1', corporation_name='Test Corp',
-                                                                  corporation_ticker='TEST', member_count=1)
+                                                                corporation_ticker='TEST', member_count=1)
         cls.test_alliance = EveAllianceInfo.objects.create(alliance_id='1', alliance_name='Test Alliance',
                                                             alliance_ticker='TEST', executor_corp_id='1')
+        cls.test_faction = EveFactionInfo.objects.create(faction_id=1337, faction_name='Permabanned')
         cls.member_state = State.objects.create(
             name='Test Member',
             priority=150,
@@ -176,29 +100,38 @@ class StateTestCase(TestCase):
     def test_state_assignment_on_character_change(self):
         self.member_state.member_characters.add(self.test_character)
         self._refresh_user()
-        self.assertEquals(self.user.profile.state, self.member_state)
+        self.assertEqual(self.user.profile.state, self.member_state)
 
         self.member_state.member_characters.remove(self.test_character)
         self._refresh_user()
-        self.assertEquals(self.user.profile.state, self.guest_state)
+        self.assertEqual(self.user.profile.state, self.guest_state)
 
     def test_state_assignment_on_corporation_change(self):
         self.member_state.member_corporations.add(self.test_corporation)
         self._refresh_user()
-        self.assertEquals(self.user.profile.state, self.member_state)
+        self.assertEqual(self.user.profile.state, self.member_state)
 
         self.member_state.member_corporations.remove(self.test_corporation)
         self._refresh_user()
-        self.assertEquals(self.user.profile.state, self.guest_state)
+        self.assertEqual(self.user.profile.state, self.guest_state)
 
     def test_state_assignment_on_alliance_addition(self):
         self.member_state.member_alliances.add(self.test_alliance)
         self._refresh_user()
-        self.assertEquals(self.user.profile.state, self.member_state)
+        self.assertEqual(self.user.profile.state, self.member_state)
 
         self.member_state.member_alliances.remove(self.test_alliance)
         self._refresh_user()
-        self.assertEquals(self.user.profile.state, self.guest_state)
+        self.assertEqual(self.user.profile.state, self.guest_state)
+
+    def test_state_assignment_on_faction_change(self):
+        self.member_state.member_factions.add(self.test_faction)
+        self._refresh_user()
+        self.assertEqual(self.user.profile.state, self.member_state)
+
+        self.member_state.member_factions.remove(self.test_faction)
+        self._refresh_user()
+        self.assertEqual(self.user.profile.state, self.guest_state)
 
     def test_state_assignment_on_higher_priority_state_creation(self):
         self.member_state.member_characters.add(self.test_character)
@@ -208,10 +141,10 @@ class StateTestCase(TestCase):
         )
         higher_state.member_characters.add(self.test_character)
         self._refresh_user()
-        self.assertEquals(higher_state, self.user.profile.state)
+        self.assertEqual(higher_state, self.user.profile.state)
         higher_state.member_characters.clear()
         self._refresh_user()
-        self.assertEquals(self.member_state, self.user.profile.state)
+        self.assertEqual(self.member_state, self.user.profile.state)
         self.member_state.member_characters.clear()
 
     def test_state_assignment_on_lower_priority_state_creation(self):
@@ -222,10 +155,10 @@ class StateTestCase(TestCase):
         )
         lower_state.member_characters.add(self.test_character)
         self._refresh_user()
-        self.assertEquals(self.member_state, self.user.profile.state)
+        self.assertEqual(self.member_state, self.user.profile.state)
         lower_state.member_characters.clear()
         self._refresh_user()
-        self.assertEquals(self.member_state, self.user.profile.state)
+        self.assertEqual(self.member_state, self.user.profile.state)
         self.member_state.member_characters.clear()
 
     def test_state_assignment_on_priority_change(self):
@@ -239,11 +172,11 @@ class StateTestCase(TestCase):
         lower_state.priority = 500
         lower_state.save()
         self._refresh_user()
-        self.assertEquals(lower_state, self.user.profile.state)
+        self.assertEqual(lower_state, self.user.profile.state)
         lower_state.priority = 125
         lower_state.save()
         self._refresh_user()
-        self.assertEquals(self.member_state, self.user.profile.state)
+        self.assertEqual(self.member_state, self.user.profile.state)
 
     def test_state_assignment_on_state_deletion(self):
         self.member_state.member_characters.add(self.test_character)
@@ -253,11 +186,11 @@ class StateTestCase(TestCase):
         )
         higher_state.member_characters.add(self.test_character)
         self._refresh_user()
-        self.assertEquals(higher_state, self.user.profile.state)
+        self.assertEqual(higher_state, self.user.profile.state)
         higher_state.delete()
         self.assertFalse(State.objects.filter(name='Higher State').count())
         self._refresh_user()
-        self.assertEquals(self.member_state, self.user.profile.state)
+        self.assertEqual(self.member_state, self.user.profile.state)
 
     def test_state_assignment_on_public_toggle(self):
         self.member_state.member_characters.add(self.test_character)
@@ -266,23 +199,66 @@ class StateTestCase(TestCase):
             priority=200,
         )
         self._refresh_user()
-        self.assertEquals(self.member_state, self.user.profile.state)
+        self.assertEqual(self.member_state, self.user.profile.state)
         higher_state.public = True
         higher_state.save()
         self._refresh_user()
-        self.assertEquals(higher_state, self.user.profile.state)
+        self.assertEqual(higher_state, self.user.profile.state)
         higher_state.public = False
         higher_state.save()
         self._refresh_user()
-        self.assertEquals(self.member_state, self.user.profile.state)
+        self.assertEqual(self.member_state, self.user.profile.state)
 
     def test_state_assignment_on_active_changed(self):
         self.member_state.member_characters.add(self.test_character)
         self.user.is_active = False
         self.user.save()
         self._refresh_user()
-        self.assertEquals(self.user.profile.state, self.guest_state)
+        self.assertEqual(self.user.profile.state, self.guest_state)
         self.user.is_active = True
         self.user.save()
         self._refresh_user()
-        self.assertEquals(self.user.profile.state, self.member_state)
+        self.assertEqual(self.user.profile.state, self.member_state)
+
+
+class CharacterOwnershipCheckTestCase(TestCase):
+    @classmethod
+    def setUpTestData(cls):
+        cls.user = AuthUtils.create_user('test_user', disconnect_signals=True)
+        AuthUtils.add_main_character(cls.user, 'Test Character', '1', corp_id='1', alliance_id='1',
+                                        corp_name='Test Corp', alliance_name='Test Alliance')
+        cls.character = EveCharacter.objects.get(character_id=1)
+        cls.token = Token.objects.create(
+            user=cls.user,
+            character_id=1,
+            character_name='Test',
+            character_owner_hash='1',
+        )
+        cls.ownership = CharacterOwnership.objects.get(character=cls.character)
+
+    @mock.patch(MODULE_PATH + '.tasks.Token.update_token_data')
+    def test_no_change_owner_hash(self, update_token_data):
+        # makes sure the ownership isn't delete if owner hash hasn't changed
+        check_character_ownership(self.ownership)
+        self.assertTrue(CharacterOwnership.objects.filter(user=self.user).filter(character=self.character).exists())
+
+    @mock.patch(MODULE_PATH + '.tasks.Token.update_token_data')
+    def test_unable_to_update_token_data(self, update_token_data):
+        # makes sure ownerships and tokens aren't hellpurged when there's problems with the SSO servers
+        update_token_data.side_effect = IncompleteResponseError()
+        check_character_ownership(self.ownership)
+        self.assertTrue(CharacterOwnership.objects.filter(user=self.user).filter(character=self.character).exists())
+
+        update_token_data.side_effect = KeyError()
+        check_character_ownership(self.ownership)
+        self.assertTrue(CharacterOwnership.objects.filter(user=self.user).filter(character=self.character).exists())
+
+    @mock.patch(MODULE_PATH + '.tasks.Token.update_token_data')
+    @mock.patch(MODULE_PATH + '.tasks.Token.delete')
+    @mock.patch(MODULE_PATH + '.tasks.Token.objects.exists')
+    @mock.patch(MODULE_PATH + '.tasks.CharacterOwnership.objects.filter')
+    def test_owner_hash_changed(self, filter, exists, delete, update_token_data):
+        # makes sure the ownership is revoked when owner hash changes
+        filter.return_value.exists.return_value = False
+        check_character_ownership(self.ownership)
+        self.assertTrue(filter.return_value.delete.called)

allianceauth/authentication/tests/test_templatetags.py

@@ -0,0 +1,332 @@
+from math import ceil
+from unittest.mock import patch
+
+import requests
+import requests_mock
+from packaging.version import Version as Pep440Version
+
+from django.core.cache import cache
+from django.test import TestCase
+
+from allianceauth.templatetags.admin_status import (
+    status_overview,
+    _fetch_list_from_gitlab,
+    _current_notifications,
+    _current_version_summary,
+    _fetch_notification_issues_from_gitlab,
+    _latests_versions
+)
+
+MODULE_PATH = 'allianceauth.templatetags'
+
+
+def create_tags_list(tag_names: list):
+    return [{'name': str(tag_name)} for tag_name in tag_names]
+
+
+GITHUB_TAGS = create_tags_list(['v2.4.6a1', 'v2.4.5', 'v2.4.0', 'v2.0.0', 'v1.1.1'])
+GITHUB_NOTIFICATION_ISSUES = [
+    {
+        'id': 1,
+        'title': 'first issue'
+    },
+    {
+        'id': 2,
+        'title': 'second issue'
+    },
+    {
+        'id': 3,
+        'title': 'third issue'
+    },
+    {
+        'id': 4,
+        'title': 'forth issue'
+    },
+    {
+        'id': 5,
+        'title': 'fifth issue'
+    },
+    {
+        'id': 6,
+        'title': 'sixth issue'
+    },
+]
+TEST_VERSION = '2.6.5'
+
+
+class TestStatusOverviewTag(TestCase):
+
+    @patch(MODULE_PATH + '.admin_status.__version__', TEST_VERSION)
+    @patch(MODULE_PATH + '.admin_status._fetch_celery_queue_length')
+    @patch(MODULE_PATH + '.admin_status._current_version_summary')
+    @patch(MODULE_PATH + '.admin_status._current_notifications')
+    def test_status_overview(
+        self,
+        mock_current_notifications,
+        mock_current_version_info,
+        mock_fetch_celery_queue_length
+    ):
+        notifications = {
+            'notifications': GITHUB_NOTIFICATION_ISSUES[:5]
+        }
+        mock_current_notifications.return_value = notifications
+        version_info = {
+            'latest_major': True,
+            'latest_minor': True,
+            'latest_patch': True,
+            'latest_beta': False,
+            'current_version': TEST_VERSION,
+            'latest_major_version': '2.4.5',
+            'latest_minor_version': '2.4.0',
+            'latest_patch_version': '2.4.5',
+            'latest_beta_version': '2.4.4a1',
+        }
+        mock_current_version_info.return_value = version_info
+        mock_fetch_celery_queue_length.return_value = 3
+
+        result = status_overview()
+        expected = {
+            'notifications': GITHUB_NOTIFICATION_ISSUES[:5],
+            'latest_major': True,
+            'latest_minor': True,
+            'latest_patch': True,
+            'latest_beta': False,
+            'current_version': TEST_VERSION,
+            'latest_major_version': '2.4.5',
+            'latest_minor_version': '2.4.0',
+            'latest_patch_version': '2.4.5',
+            'latest_beta_version': '2.4.4a1',
+            'task_queue_length': 3,
+        }
+        self.assertEqual(result, expected)
+
+
+class TestNotifications(TestCase):
+
+    def setUp(self) -> None:
+        cache.clear()
+
+    @requests_mock.mock()
+    def test_fetch_notification_issues_from_gitlab(self, requests_mocker):
+        # given
+        url = (
+            'https://gitlab.com/api/v4/projects/allianceauth%2Fallianceauth/issues'
+            '?labels=announcement'
+        )
+        requests_mocker.get(url, json=GITHUB_NOTIFICATION_ISSUES)
+        # when
+        result = _fetch_notification_issues_from_gitlab()
+        # then
+        self.assertEqual(result, GITHUB_NOTIFICATION_ISSUES)
+
+    @patch(MODULE_PATH + '.admin_status.cache')
+    def test_current_notifications_normal(self, mock_cache):
+        # given
+        mock_cache.get_or_set.return_value = GITHUB_NOTIFICATION_ISSUES
+        # when
+        result = _current_notifications()
+        # then
+        self.assertEqual(result['notifications'], GITHUB_NOTIFICATION_ISSUES[:5])
+
+    @requests_mock.mock()
+    def test_current_notifications_failed(self, requests_mocker):
+        # given
+        url = (
+            'https://gitlab.com/api/v4/projects/allianceauth%2Fallianceauth/issues'
+            '?labels=announcement'
+        )
+        requests_mocker.get(url, status_code=404)
+        # when
+        result = _current_notifications()
+        # then
+        self.assertEqual(result['notifications'], list())
+
+    @patch(MODULE_PATH + '.admin_status.cache')
+    def test_current_notifications_is_none(self, mock_cache):
+        # given
+        mock_cache.get_or_set.return_value = None
+        # when
+        result = _current_notifications()
+        # then
+        self.assertEqual(result['notifications'], list())
+
+
+class TestCeleryQueueLength(TestCase):
+
+    def test_get_celery_queue_length(self):
+        pass
+
+
+class TestVersionTags(TestCase):
+
+    def setUp(self) -> None:
+        cache.clear()
+
+    @patch(MODULE_PATH + '.admin_status.__version__', TEST_VERSION)
+    @patch(MODULE_PATH + '.admin_status.cache')
+    def test_current_version_info_normal(self, mock_cache):
+        # given
+        mock_cache.get_or_set.return_value = GITHUB_TAGS
+        # when
+        result = _current_version_summary()
+        # then
+        self.assertTrue(result['latest_patch'])
+        self.assertEqual(result['latest_patch_version'], '2.4.5')
+        self.assertEqual(result['latest_beta_version'], '2.4.6a1')
+
+    @patch(MODULE_PATH + '.admin_status.__version__', TEST_VERSION)
+    @requests_mock.mock()
+    def test_current_version_info_failed(self, requests_mocker):
+        # given
+        url = (
+            'https://gitlab.com/api/v4/projects/allianceauth%2Fallianceauth'
+            '/repository/tags'
+        )
+        requests_mocker.get(url, status_code=500)
+        # when
+        result = _current_version_summary()
+        # then
+        self.assertEqual(result, {})
+
+    @requests_mock.mock()
+    def test_fetch_tags_from_gitlab(self, requests_mocker):
+        # given
+        url = (
+            'https://gitlab.com/api/v4/projects/allianceauth%2Fallianceauth'
+            '/repository/tags'
+        )
+        requests_mocker.get(url, json=GITHUB_TAGS)
+        # when
+        result = _current_version_summary()
+        # then
+        self.assertTrue(result)
+
+    @patch(MODULE_PATH + '.admin_status.__version__', TEST_VERSION)
+    @patch(MODULE_PATH + '.admin_status.cache')
+    def test_current_version_info_return_no_data(self, mock_cache):
+        # given
+        mock_cache.get_or_set.return_value = None
+        # when
+        result = _current_version_summary()
+        # then
+        self.assertEqual(result, {})
+
+
+class TestLatestsVersion(TestCase):
+
+    def test_all_version_types_defined(self):
+
+        tags = create_tags_list(
+            ['2.1.1', '2.1.0', '2.0.0', '2.1.1a1', '1.1.1', '1.1.0', '1.0.0']
+        )
+        patch, beta = _latests_versions(tags)
+        self.assertEqual(patch, Pep440Version('2.1.1'))
+        self.assertEqual(beta, Pep440Version('2.1.1a1'))
+
+    def test_major_and_minor_not_defined_with_zero(self):
+
+        tags = create_tags_list(
+            ['2.1.2', '2.1.1', '2.0.1', '2.1.1a1', '1.1.1', '1.1.0', '1.0.0']
+        )
+        patch, beta = _latests_versions(tags)
+        self.assertEqual(patch, Pep440Version('2.1.2'))
+        self.assertEqual(beta, Pep440Version('2.1.1a1'))
+
+    def test_can_ignore_invalid_versions(self):
+
+        tags = create_tags_list(
+            ['2.1.1', '2.1.0', '2.0.0', '2.1.1a1', 'invalid']
+        )
+        patch, beta = _latests_versions(tags)
+        self.assertEqual(patch, Pep440Version('2.1.1'))
+        self.assertEqual(beta, Pep440Version('2.1.1a1'))
+
+
+class TestFetchListFromGitlab(TestCase):
+
+    page_size = 2
+
+    def setUp(self):
+        self.url = (
+            'https://gitlab.com/api/v4/projects/allianceauth%2Fallianceauth'
+            '/repository/tags'
+        )
+
+    @classmethod
+    def my_callback(cls, request, context):
+        page = int(request.qs['page'][0])
+        start = (page - 1) * cls.page_size
+        end = start + cls.page_size
+        return GITHUB_TAGS[start:end]
+
+    @requests_mock.mock()
+    def test_can_fetch_one_page_with_header(self, requests_mocker):
+        headers = {
+            'x-total-pages': '1'
+        }
+        requests_mocker.get(self.url, json=GITHUB_TAGS, headers=headers)
+        result = _fetch_list_from_gitlab(self.url)
+        self.assertEqual(result, GITHUB_TAGS)
+        self.assertEqual(requests_mocker.call_count, 1)
+
+    @requests_mock.mock()
+    def test_can_fetch_one_page_wo_header(self, requests_mocker):
+        requests_mocker.get(self.url, json=GITHUB_TAGS)
+        result = _fetch_list_from_gitlab(self.url)
+        self.assertEqual(result, GITHUB_TAGS)
+        self.assertEqual(requests_mocker.call_count, 1)
+
+    @requests_mock.mock()
+    def test_can_fetch_one_page_and_ignore_invalid_header(self, requests_mocker):
+        headers = {
+            'x-total-pages': 'invalid'
+        }
+        requests_mocker.get(self.url, json=GITHUB_TAGS, headers=headers)
+        result = _fetch_list_from_gitlab(self.url)
+        self.assertEqual(result, GITHUB_TAGS)
+        self.assertEqual(requests_mocker.call_count, 1)
+
+    @requests_mock.mock()
+    def test_can_fetch_multiple_pages(self, requests_mocker):
+        total_pages = ceil(len(GITHUB_TAGS) / self.page_size)
+        headers = {
+            'x-total-pages': str(total_pages)
+        }
+        requests_mocker.get(self.url, json=self.my_callback, headers=headers)
+        result = _fetch_list_from_gitlab(self.url)
+        self.assertEqual(result, GITHUB_TAGS)
+        self.assertEqual(requests_mocker.call_count, total_pages)
+
+    @requests_mock.mock()
+    def test_can_fetch_given_number_of_pages_only(self, requests_mocker):
+        total_pages = ceil(len(GITHUB_TAGS) / self.page_size)
+        headers = {
+            'x-total-pages': str(total_pages)
+        }
+        requests_mocker.get(self.url, json=self.my_callback, headers=headers)
+        max_pages = 2
+        result = _fetch_list_from_gitlab(self.url, max_pages=max_pages)
+        self.assertEqual(result, GITHUB_TAGS[:4])
+        self.assertEqual(requests_mocker.call_count, max_pages)
+
+    @requests_mock.mock()
+    @patch(MODULE_PATH + '.admin_status.logger')
+    def test_should_not_raise_any_exception_from_github_request_but_log_as_warning(
+        self, requests_mocker, mock_logger
+    ):
+        for my_exception in [
+            requests.exceptions.ConnectionError,
+            requests.exceptions.HTTPError,
+            requests.exceptions.URLRequired,
+            requests.exceptions.TooManyRedirects,
+            requests.exceptions.ConnectTimeout,
+            requests.exceptions.Timeout,
+
+        ]:
+            requests_mocker.get(self.url, exc=my_exception)
+            try:
+                result = _fetch_list_from_gitlab(self.url)
+            except Exception as ex:
+                self.fail(f"Unexpected exception raised: {ex}")
+            self.assertTrue(mock_logger.warning.called)
+            self.assertListEqual(result, [])

allianceauth/authentication/urls.py

@@ -7,11 +7,21 @@ from . import views
 app_name = 'authentication'
 
 urlpatterns = [
-    url(r'^$', login_required(TemplateView.as_view(template_name='authentication/dashboard.html')),),
-    url(r'^account/login/$', TemplateView.as_view(template_name='public/login.html'), name='login'),
-    url(r'^account/characters/main/$', views.main_character_change, name='change_main_character'),
-    url(r'^account/characters/add/$', views.add_character, name='add_character'),
-    url(r'^help/$', login_required(TemplateView.as_view(template_name='allianceauth/help.html')), name='help'),
-    url(r'^dashboard/$',
-        login_required(TemplateView.as_view(template_name='authentication/dashboard.html')), name='dashboard'),
+    url(r'^$', views.index, name='index'),
+    url(
+        r'^account/login/$',
+        TemplateView.as_view(template_name='public/login.html'),
+        name='login'
+    ),
+    url(
+        r'^account/characters/main/$',
+        views.main_character_change,
+        name='change_main_character'
+    ),
+    url(
+        r'^account/characters/add/$',
+        views.add_character,
+        name='add_character'
+    ),
+    url(r'^dashboard/$', views.dashboard, name='dashboard'),
 ]

allianceauth/authentication/views.py

@@ -6,31 +6,76 @@ from django.contrib.auth import login, authenticate
 from django.contrib.auth.decorators import login_required
 from django.contrib.auth.models import User
 from django.core import signing
-from django.urls import reverse
-from django.shortcuts import redirect
-from django.utils.translation import ugettext_lazy as _
+from django.core.mail import EmailMultiAlternatives
+from django.http import JsonResponse
+from django.shortcuts import redirect, render
+from django.template.loader import render_to_string
+from django.urls import reverse, reverse_lazy
+from django.utils.translation import gettext_lazy as _
+
+from allianceauth.eveonline.models import EveCharacter
 from esi.decorators import token_required
-from registration.backends.hmac.views import RegistrationView as BaseRegistrationView, \
-    ActivationView as BaseActivationView, REGISTRATION_SALT
-from registration.signals import user_registered
+from esi.models import Token
+
+from django_registration.backends.activation.views import (
+    RegistrationView as BaseRegistrationView,
+    ActivationView as BaseActivationView,
+    REGISTRATION_SALT
+)
+from django_registration.signals import user_registered
 
 from .models import CharacterOwnership
 from .forms import RegistrationForm
 
+if 'allianceauth.eveonline.autogroups' in settings.INSTALLED_APPS:
+    _has_auto_groups = True
+    from allianceauth.eveonline.autogroups.models import *
+else:
+    _has_auto_groups = False
+
+
 logger = logging.getLogger(__name__)
 
 
+@login_required
+def index(request):
+    return redirect('authentication:dashboard')
+
+
+@login_required
+def dashboard(request):
+    groups = request.user.groups.all()
+    if _has_auto_groups:
+        groups = groups\
+            .filter(managedalliancegroup__isnull=True)\
+            .filter(managedcorpgroup__isnull=True)
+    groups = groups.order_by('name')
+    characters = EveCharacter.objects\
+        .filter(character_ownership__user=request.user)\
+        .select_related()\
+        .order_by('character_name')
+
+    context = {
+        'groups': groups,
+        'characters': characters
+    }
+    return render(request, 'authentication/dashboard.html', context)
+
+
 @login_required
 @token_required(scopes=settings.LOGIN_TOKEN_SCOPES)
 def main_character_change(request, token):
-    logger.debug("main_character_change called by user %s for character %s" % (request.user, token.character_name))
+    logger.debug(f"main_character_change called by user {request.user} for character {token.character_name}")
     try:
         co = CharacterOwnership.objects.get(character__character_id=token.character_id, user=request.user)
     except CharacterOwnership.DoesNotExist:
         if not CharacterOwnership.objects.filter(character__character_id=token.character_id).exists():
             co = CharacterOwnership.objects.create_by_token(token)
         else:
-            messages.error(request, 'Cannot change main character to %(char)s: character owned by a different account.' % ({'char': token.character_name}))
+            messages.error(
+                request,
+                _('Cannot change main character to %(char)s: character owned by a different account.') % ({'char': token.character_name})
+            )
             co = None
     if co:
         request.user.profile.main_character = co.character
@@ -71,55 +116,122 @@ have the email address embedded much like the username. Key creation and decodin
 @token_required(new=True, scopes=settings.LOGIN_TOKEN_SCOPES)
 def sso_login(request, token):
     user = authenticate(token=token)
-    if user and user.is_active:
-        login(request, user)
-        return redirect(request.POST.get('next', request.GET.get('next', 'authentication:dashboard')))
-    elif user and not user.email:
-        # Store the new user PK in the session to enable us to identify the registering user in Step 2
-        request.session['registration_uid'] = user.pk
-        # Go to Step 2
-        return redirect('registration_register')
-    else:
-        messages.error(request, _('Unable to authenticate as the selected character.'))
-        return redirect(settings.LOGIN_URL)
+    if user:
+        token.user = user
+        if Token.objects.exclude(pk=token.pk).equivalent_to(token).require_valid().exists():
+            token.delete()
+        else:
+            token.save()
+        if user.is_active:
+            login(request, user)
+            return redirect(request.POST.get('next', request.GET.get('next', 'authentication:dashboard')))
+        elif not user.email:
+            # Store the new user PK in the session to enable us to identify the registering user in Step 2
+            request.session['registration_uid'] = user.pk
+            # Go to Step 2
+            return redirect('registration_register')
+    messages.error(request, _('Unable to authenticate as the selected character.'))
+    return redirect(settings.LOGIN_URL)
 
 
 # Step 2
 class RegistrationView(BaseRegistrationView):
     form_class = RegistrationForm
-    success_url = 'authentication:dashboard'
+    template_name = "public/register.html"
+    email_body_template = "registration/activation_email.txt"
+    email_body_template_html = "registration/activation_email_html.txt"
+    email_subject_template = "registration/activation_email_subject.txt"
+    success_url = reverse_lazy('registration_complete')
 
-    def dispatch(self, *args, **kwargs):
+    def send_activation_email(self, user):
+        """
+        Implement our own way to send a mail to make sure we
+        send a RFC conform multipart email
+        :param user:
+        :type user:
+        """
+
+        activation_key = self.get_activation_key(user)
+        context = self.get_email_context(activation_key)
+        context["user"] = user
+
+        # email subject
+        subject = render_to_string(
+            template_name=self.email_subject_template,
+            context=context,
+            request=self.request,
+        )
+        subject = "".join(subject.splitlines())
+
+        # plaintext email body part
+        message = render_to_string(
+            template_name=self.email_body_template,
+            context=context,
+            request=self.request,
+        )
+
+        # html email body part
+        message_html = render_to_string(
+            template_name=self.email_body_template_html,
+            context=context,
+            request=self.request,
+        )
+
+        # send it
+        user.email_user(
+            subject,
+            message,
+            settings.DEFAULT_FROM_EMAIL,
+            **{'html_message': message_html},
+        )
+
+    def get_success_url(self, user):
+        if not getattr(settings, 'REGISTRATION_VERIFY_EMAIL', True):
+            return reverse_lazy('authentication:dashboard')
+        return super().get_success_url(user)
+
+    def dispatch(self, request, *args, **kwargs):
         # We're storing a key in the session to pass user information from OAuth response. Make sure it's there.
         if not self.request.session.get('registration_uid', None) or not User.objects.filter(
                 pk=self.request.session.get('registration_uid')).exists():
             messages.error(self.request, _('Registration token has expired.'))
             return redirect(settings.LOGIN_URL)
-        return super(RegistrationView, self).dispatch(*args, **kwargs)
+        if not getattr(settings, 'REGISTRATION_VERIFY_EMAIL', True):
+            # Keep the request so the user can be automagically logged in.
+            setattr(self, 'request', request)
+        return super().dispatch(request, *args, **kwargs)
 
     def register(self, form):
         user = User.objects.get(pk=self.request.session.get('registration_uid'))
         user.email = form.cleaned_data['email']
         user_registered.send(self.__class__, user=user, request=self.request)
-        # Go to Step 3
-        self.send_activation_email(user)
+        if getattr(settings, 'REGISTRATION_VERIFY_EMAIL', True):
+            # Go to Step 3
+            self.send_activation_email(user)
+        else:
+            user.is_active = True
+            user.save()
+            login(self.request, user, 'allianceauth.authentication.backends.StateBackend')
         return user
 
     def get_activation_key(self, user):
         return signing.dumps(obj=[getattr(user, User.USERNAME_FIELD), user.email], salt=REGISTRATION_SALT)
 
     def get_email_context(self, activation_key):
-        context = super(RegistrationView, self).get_email_context(activation_key)
+        context = super().get_email_context(activation_key)
         context['url'] = context['site'].domain + reverse('registration_activate', args=[activation_key])
         return context
 
 
 # Step 3
 class ActivationView(BaseActivationView):
+    template_name = "registration/activate.html"
+    success_url = reverse_lazy('registration_activation_complete')
+
     def validate_key(self, activation_key):
         try:
             dump = signing.loads(activation_key, salt=REGISTRATION_SALT,
-                                 max_age=settings.ACCOUNT_ACTIVATION_DAYS * 86400)
+                                max_age=settings.ACCOUNT_ACTIVATION_DAYS * 86400)
             return dump
         except signing.BadSignature:
             return None
@@ -147,5 +259,5 @@ def activation_complete(request):
 
 
 def registration_closed(request):
-    messages.error(request, _('Registraion of new accounts it not allowed at this time.'))
+    messages.error(request, _('Registration of new accounts is not allowed at this time.'))
     return redirect('authentication:login')

allianceauth/bin/allianceauth.py

@@ -41,7 +41,7 @@ def create_project(parser, options, args):
     # Call the command with extra context
     call_command(StartProject(), *args, **command_options)
 
-    print("Success! %(project_name)s has been created." % {'project_name': args[0]})  # noqa
+    print(f"Success! {args[0]} has been created.")  # noqa
 
 
 def update_settings(parser, options, args):
@@ -69,10 +69,10 @@ def update_settings(parser, options, args):
     template_settings_path = os.path.join(template_path, 'project_name/settings/base.py')
 
     # overwrite the local project's base settings
-    with open(template_settings_path, 'r') as template, open(settings_path, 'w') as target:
+    with open(template_settings_path) as template, open(settings_path, 'w') as target:
         target.write(template.read())
 
-    print("Successfully updated %(project_name)s settings." % {'project_name': project_name})
+    print(f"Successfully updated {project_name} settings.")
 
 
 COMMANDS = {

allianceauth/corputils/admin.py

@@ -3,4 +3,4 @@ from django.contrib import admin
 from .models import CorpStats, CorpMember
 
 admin.site.register(CorpStats)
-admin.site.register(CorpMember)
+admin.site.register(CorpMember)

allianceauth/corputils/auth_hooks.py

@@ -1,16 +1,18 @@
 from allianceauth.services.hooks import MenuItemHook, UrlHook
-
+from django.utils.translation import ugettext_lazy as _
 from allianceauth import hooks
 from allianceauth.corputils import urls
 
 
 class CorpStats(MenuItemHook):
     def __init__(self):
-        MenuItemHook.__init__(self,
-                              'Corporation Stats',
-                              'fa fa-share-alt fa-fw',
-                              'corputils:view',
-                              navactive=['corputils:'])
+        MenuItemHook.__init__(
+            self,
+            _('Corporation Stats'),
+            'fas fa-share-alt fa-fw',
+            'corputils:view',
+            navactive=['corputils:']
+        )
 
     def render(self, request):
         if request.user.has_perm('corputils.view_corp_corpstats') or request.user.has_perm(

allianceauth/corputils/managers.py

@@ -16,14 +16,20 @@ class CorpStatsQuerySet(models.QuerySet):
             assert char
             # build all accepted queries
             queries = [models.Q(token__user=user)]
-            if user.has_perm('corputils.view_corp_corpstats'):
-                queries.append(models.Q(corp__corporation_id=char.corporation_id))
             if user.has_perm('corputils.view_alliance_corpstats'):
-                queries.append(models.Q(corp__alliance__alliance_id=char.alliance_id))
+                if char.alliance_id is not None:
+                    queries.append(models.Q(corp__alliance__alliance_id=char.alliance_id))
+                else:
+                    queries.append(models.Q(corp__corporation_id=char.corporation_id))
+            if user.has_perm('corputils.view_corp_corpstats'):
+                if user.has_perm('corputils.view_alliance_corpstats'):
+                    pass
+                else:
+                    queries.append(models.Q(corp__corporation_id=char.corporation_id))
             if user.has_perm('corputils.view_state_corpstats'):
                 queries.append(models.Q(corp__in=user.profile.state.member_corporations.all()))
                 queries.append(models.Q(corp__alliance__in=user.profile.state.member_alliances.all()))
-            logger.debug('%s queries for user %s visible corpstats.' % (len(queries), user))
+            logger.debug(f'{len(queries)} queries for user {user} visible corpstats.')
             # filter based on queries
             query = queries.pop()
             for q in queries:
@@ -31,7 +37,7 @@ class CorpStatsQuerySet(models.QuerySet):
             return self.filter(query)
         except AssertionError:
             logger.debug('User %s has no main character. No corpstats visible.' % user)
-            return self.none()        
+            return self.none()
 
 
 class CorpStatsManager(models.Manager):

allianceauth/corputils/migrations/0001_initial.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-12-14 21:36
-from __future__ import unicode_literals
 
 from django.db import migrations, models
 import django.db.models.deletion

allianceauth/corputils/migrations/0002_migrate_permissions.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-12-14 21:48
-from __future__ import unicode_literals
 
 from django.db import migrations
 

allianceauth/corputils/migrations/0003_granular_permissions.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.5 on 2017-03-22 23:35
-from __future__ import unicode_literals
 
 from django.db import migrations
 

allianceauth/corputils/migrations/0004_member_models.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.5 on 2017-03-26 20:13
-from __future__ import unicode_literals
 
 from django.db import migrations, models
 import django.db.models.deletion
@@ -13,8 +11,7 @@ def convert_json_to_members(apps, schema_editor):
     for cs in CorpStats.objects.all():
         members = json.loads(cs._members)
         CorpMember.objects.bulk_create(
-            [CorpMember(corpstats=cs, character_id=member_id, character_name=member_name) for member_id, member_name in
-             members.items()]
+            [CorpMember(corpstats=cs, character_id=member_id, character_name=member_name) for member_id, member_name in members.items()]
         )
 
 
@@ -50,7 +47,7 @@ class Migration(migrations.Migration):
         ),
         migrations.AlterUniqueTogether(
             name='corpmember',
-            unique_together=set([('corpstats', 'character_id')]),
+            unique_together={('corpstats', 'character_id')},
         ),
         migrations.RunPython(convert_json_to_members, convert_members_to_json),
         migrations.RemoveField(

allianceauth/corputils/migrations/0005_cleanup_permissions.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.11.2 on 2017-06-10 15:34
-from __future__ import unicode_literals
 
 from django.db import migrations
 

allianceauth/corputils/models.py

@@ -6,12 +6,22 @@ from bravado.exception import HTTPForbidden
 from django.db import models
 from esi.errors import TokenError
 from esi.models import Token
-from allianceauth.eveonline.models import EveCorporationInfo, EveCharacter
+from allianceauth.eveonline.models import EveCorporationInfo, EveCharacter, EveAllianceInfo
 from allianceauth.notifications import notify
 
 from allianceauth.corputils.managers import CorpStatsManager
 
 SWAGGER_SPEC_PATH = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'swagger.json')
+"""
+Swagger spec operations:
+
+Character
+get_characters_character_id
+get_corporations_corporation_id_members
+Universe
+post_universe_names
+"""
+
 
 logger = logging.getLogger(__name__)
 
@@ -33,33 +43,28 @@ class CorpStats(models.Model):
     objects = CorpStatsManager()
 
     def __str__(self):
-        return "%s for %s" % (self.__class__.__name__, self.corp)
+        return f"{self.__class__.__name__} for {self.corp}"
 
     def update(self):
         try:
             c = self.token.get_esi_client(spec_file=SWAGGER_SPEC_PATH)
-            assert c.Character.get_characters_character_id(character_id=self.token.character_id).result()[
-                       'corporation_id'] == int(self.corp.corporation_id)
-            members = c.Corporation.get_corporations_corporation_id_members(
+            assert c.Character.get_characters_character_id(character_id=self.token.character_id).result()['corporation_id'] == int(self.corp.corporation_id)
+            member_ids = c.Corporation.get_corporations_corporation_id_members(
                 corporation_id=self.corp.corporation_id).result()
-            member_ids = [m['character_id'] for m in members]
 
             # requesting too many ids per call results in a HTTP400
             # the swagger spec doesn't have a maxItems count
             # manual testing says we can do over 350, but let's not risk it
             member_id_chunks = [member_ids[i:i + 255] for i in range(0, len(member_ids), 255)]
-            member_name_chunks = [c.Character.get_characters_names(character_ids=id_chunk).result() for id_chunk in
-                                  member_id_chunks]
+            member_name_chunks = [c.Universe.post_universe_names(ids=id_chunk).result() for id_chunk in member_id_chunks]
             member_list = {}
             for name_chunk in member_name_chunks:
-                member_list.update({m['character_id']: m['character_name'] for m in name_chunk})
+                member_list.update({m['id']: m['name'] for m in name_chunk})
 
             # bulk create new member models
-            missing_members = [m_id for m_id in member_ids if
-                               not CorpMember.objects.filter(corpstats=self, character_id=m_id).exists()]
+            missing_members = [m_id for m_id in member_ids if not CorpMember.objects.filter(corpstats=self, character_id=m_id).exists()]
             CorpMember.objects.bulk_create(
-                [CorpMember(character_id=m_id, character_name=member_list[m_id], corpstats=self) for m_id in
-                 missing_members])
+                [CorpMember(character_id=m_id, character_name=member_list[m_id], corpstats=self) for m_id in missing_members])
 
             # purge old members
             self.members.exclude(character_id__in=member_ids).delete()
@@ -68,23 +73,24 @@ class CorpStats(models.Model):
             self.save()
 
         except TokenError as e:
-            logger.warning("%s failed to update: %s" % (self, e))
+            logger.warning(f"{self} failed to update: {e}")
             if self.token.user:
-                notify(self.token.user, "%s failed to update with your ESI token." % self,
-                       message="Your token has expired or is no longer valid. Please add a new one to create a new CorpStats.",
-                       level="error")
+                notify(
+                    self.token.user, "%s failed to update with your ESI token." % self,
+                    message="Your token has expired or is no longer valid. Please add a new one to create a new CorpStats.",
+                    level="error")
             self.delete()
         except HTTPForbidden as e:
-            logger.warning("%s failed to update: %s" % (self, e))
+            logger.warning(f"{self} failed to update: {e}")
             if self.token.user:
-                notify(self.token.user, "%s failed to update with your ESI token." % self,
-                       message="%s: %s" % (e.status_code, e.message), level="error")
+                notify(self.token.user, "%s failed to update with your ESI token." % self, message=f"{e.status_code}: {e.message}", level="error")
             self.delete()
         except AssertionError:
             logger.warning("%s token character no longer in corp." % self)
             if self.token.user:
-                notify(self.token.user, "%s cannot update with your ESI token." % self,
-                       message="%s cannot update with your ESI token as you have left corp." % self, level="error")
+                notify(
+                    self.token.user, "%s cannot update with your ESI token." % self,
+                    message="%s cannot update with your ESI token as you have left corp." % self, level="error")
             self.delete()
 
     @property
@@ -93,7 +99,7 @@ class CorpStats(models.Model):
 
     @property
     def user_count(self):
-        return len(set([m.main_character for m in self.members.all() if m.main_character]))
+        return len({m.main_character for m in self.members.all() if m.main_character})
 
     @property
     def registered_member_count(self):
@@ -117,21 +123,22 @@ class CorpStats(models.Model):
 
     @property
     def mains(self):
-        return self.members.filter(pk__in=[m.pk for m in self.members.all() if
-                                           m.main_character and int(m.main_character.character_id) == int(
-                                               m.character_id)])
+        return self.members.filter(pk__in=[m.pk for m in self.members.all() if m.main_character and int(m.main_character.character_id) == int(m.character_id)])
+
+    def visible_to(self, user):
+        return CorpStats.objects.filter(pk=self.pk).visible_to(user).exists()
 
     def can_update(self, user):
-        return user.is_superuser or user == self.token.user
+        return self.token.user == user or self.visible_to(user)
 
     def corp_logo(self, size=128):
-        return "https://image.eveonline.com/Corporation/%s_%s.png" % (self.corp.corporation_id, size)
+        return self.corp.logo_url(size)
 
     def alliance_logo(self, size=128):
         if self.corp.alliance:
-            return "https://image.eveonline.com/Alliance/%s_%s.png" % (self.corp.alliance.alliance_id, size)
+            return self.corp.alliance.logo_url(size)
         else:
-            return "https://image.eveonline.com/Alliance/1_%s.png" % size
+            return EveAllianceInfo.generic_logo_url(1, size)
 
 
 class CorpMember(models.Model):
@@ -173,10 +180,16 @@ class CorpMember(models.Model):
         return CharacterOwnership.objects.filter(character__character_id=self.character_id).exists()
 
     def portrait_url(self, size=32):
-        return "https://image.eveonline.com/Character/%s_%s.jpg" % (self.character_id, size)
+        return EveCharacter.generic_portrait_url(self.character_id, size)
 
-    def __getattr__(self, item):
-        if item.startswith('portrait_url_'):
-            size = item.strip('portrait_url_')
-            return self.portrait_url(size)
-        return super(CorpMember, self).__getattr__(item)
+    @property
+    def portrait_url_32(self):
+        return self.portrait_url(32)
+
+    @property
+    def portrait_url_64(self):
+        return self.portrait_url(64)
+
+    @property
+    def portrait_url_128(self):
+        return self.portrait_url(128)