Version Bump 3.3.0

CCP SSO Issues, Mitigations

See merge request allianceauth/allianceauth!1472

.editorconfig

@@ -0,0 +1,28 @@
+# http://editorconfig.org
+root = true
+
+[*]
+indent_style = space
+indent_size = 4
+tab_width = 4
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.{yaml,yml,less}]
+indent_size = 2
+
+[*.md]
+indent_size = 2
+
+# Makefiles always use tabs for indentation
+[Makefile]
+indent_style = tab
+
+[*.bat]
+indent_style = tab
+
+[{Dockerfile,*.dockerfile}]
+indent_style = space
+indent_size = 4

.gitignore

@@ -38,7 +38,6 @@ htmlcov/
 .tox/
 .coverage
 .cache
-nosetests.xml
 coverage.xml
 
 # Translations
@@ -77,3 +76,4 @@ celerybeat-schedule
 .flake8
 .pylintrc
 Makefile
+.isort.cfg

.gitlab-ci.yml

@@ -1,54 +1,255 @@
+.only-default: &only-default
+  only:
+    - master
+    - branches
+    - merge_requests
+
 stages:
-- test
+  - pre-commit
-- deploy
+  - gitlab
+  - test
+  - deploy
+  - docker
+
+include:
+  - template: Dependency-Scanning.gitlab-ci.yml
+  - template: Security/SAST.gitlab-ci.yml
+  - template: Security/Secret-Detection.gitlab-ci.yml
 
 before_script:
-- apt-get update && apt-get install redis-server -y
+  - apt-get update && apt-get install redis-server -y
-- redis-server --daemonize yes
+  - redis-server --daemonize yes
-- redis-cli ping
+  - python -V
-- python -V
+  - pip install wheel tox
-- pip install wheel tox
 
-test-3.6-core:
+pre-commit-check:
-  image: python:3.6-buster
+  <<: *only-default
-  script:  
+  stage: pre-commit
-  - tox -e py36-core
+  image: python:3.8-bullseye
+  variables:
+    PRE_COMMIT_HOME: ${CI_PROJECT_DIR}/.cache/pre-commit
+  cache:
+    paths:
+      - ${PRE_COMMIT_HOME}
+  script:
+    - pip install pre-commit
+    - pre-commit run --all-files
 
-test-3.7-core:
+sast:
-  image: python:3.7-buster
+  stage: gitlab
-  script:  
+  before_script: []
-  - tox -e py37-core
+
+dependency_scanning:
+  stage: gitlab
+  before_script:
+    - apt-get update && apt-get install redis-server libmariadb-dev -y
+    - redis-server --daemonize yes
+    - python -V
+    - pip install wheel tox
+
+secret_detection:
+  stage: gitlab
+  before_script: []
 
 test-3.8-core:
-  image: python:3.8-buster
+  <<: *only-default
-  script:  
+  image: python:3.8-bullseye
-  - tox -e py38-core
+  script:
+    - tox -e py38-core
+  artifacts:
+    when: always
+    reports:
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage.xml
 
-test-3.6-all:
+test-3.9-core:
-  image: python:3.6-buster
+  <<: *only-default
-  script:  
+  image: python:3.9-bullseye
-  - tox -e py36-all
+  script:
+    - tox -e py39-core
+  artifacts:
+    when: always
+    reports:
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage.xml
 
-test-3.7-all:
+test-3.10-core:
-  image: python:3.7-buster
+  <<: *only-default
-  script:  
+  image: python:3.10-bullseye
-  - tox -e py37-all
+  script:
+    - tox -e py310-core
+  artifacts:
+    when: always
+    reports:
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage.xml
+
+test-3.11-core:
+  <<: *only-default
+  image: python:3.11-rc-bullseye
+  script:
+    - tox -e py311-core
+  artifacts:
+    when: always
+    reports:
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage.xml
+  allow_failure: true
 
 test-3.8-all:
-  image: python:3.8-buster
+  <<: *only-default
-  script:  
+  image: python:3.8-bullseye
-  - tox -e py38-all
+  script:
+    - tox -e py38-all
+  artifacts:
+    when: always
+    reports:
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage.xml
+
+test-3.9-all:
+  <<: *only-default
+  image: python:3.9-bullseye
+  script:
+    - tox -e py39-all
+  artifacts:
+    when: always
+    reports:
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage.xml
+
+test-3.10-all:
+  <<: *only-default
+  image: python:3.10-bullseye
+  script:
+    - tox -e py310-all
+  artifacts:
+    when: always
+    reports:
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage.xml
+
+test-3.11-all:
+  <<: *only-default
+  image: python:3.11-rc-bullseye
+  script:
+    - tox -e py311-all
+  artifacts:
+    when: always
+    reports:
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage.xml
+  allow_failure: true
+
+build-test:
+  stage: test
+  image: python:3.10-bullseye
+
+  before_script:
+    - python -m pip install --upgrade pip
+    - python -m pip install --upgrade build
+    - python -m pip install --upgrade setuptools wheel
+
+  script:
+    - python -m build
+
+  artifacts:
+    when: always
+    name: "$CI_JOB_NAME-$CI_COMMIT_REF_SLUG"
+    paths:
+      - dist/*
+    expire_in: 1 year
+
+test-docs:
+  <<: *only-default
+  image: python:3.10-bullseye
+  script:
+  - tox -e docs
 
 deploy_production:
   stage: deploy
-  image: python:3.8-buster
+  image: python:3.10-bullseye
 
   before_script:
-    - pip install twine wheel
+    - python -m pip install --upgrade pip
+    - python -m pip install --upgrade build
+    - python -m pip install --upgrade setuptools wheel twine
 
   script:
-    - python setup.py sdist bdist_wheel
+    - python -m build
-    - twine upload dist/*
+    - python -m twine upload dist/*
 
   rules:
     - if: $CI_COMMIT_TAG
+
+build-image:
+  before_script: []
+  image: docker:20.10.10
+  stage: docker
+  services:
+    - docker:20.10.10-dind
+  script: |
+    CURRENT_DATE=$(echo $CI_COMMIT_TIMESTAMP | head -c 10 | tr -d -)
+    IMAGE_TAG=$CI_REGISTRY_IMAGE/auth:$CURRENT_DATE-$CI_COMMIT_SHORT_SHA
+    CURRENT_TAG=$CI_REGISTRY_IMAGE/auth:$CI_COMMIT_TAG
+    MINOR_TAG=$CI_REGISTRY_IMAGE/auth:$(echo $CI_COMMIT_TAG | cut -d '.' -f 1-2)
+    MAJOR_TAG=$CI_REGISTRY_IMAGE/auth:$(echo $CI_COMMIT_TAG | cut -d '.' -f 1)
+    LATEST_TAG=$CI_REGISTRY_IMAGE/auth:latest
+
+    docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+    docker build . -t $IMAGE_TAG -f docker/Dockerfile --build-arg AUTH_VERSION=$(echo $CI_COMMIT_TAG | cut -c 2-)
+    docker tag $IMAGE_TAG $CURRENT_TAG
+    docker tag $IMAGE_TAG $MINOR_TAG
+    docker tag $IMAGE_TAG $MAJOR_TAG
+    docker tag $IMAGE_TAG $LATEST_TAG
+    docker image push --all-tags $CI_REGISTRY_IMAGE/auth
+  rules:
+    - if: $CI_COMMIT_TAG
+      when: delayed
+      start_in: 10 minutes
+
+build-image-dev:
+  before_script: []
+  image: docker:20.10.10
+  stage: docker
+  services:
+    - docker:20.10.10-dind
+  script: |
+    CURRENT_DATE=$(echo $CI_COMMIT_TIMESTAMP | head -c 10 | tr -d -)
+    IMAGE_TAG=$CI_REGISTRY_IMAGE/auth:$CURRENT_DATE-$CI_COMMIT_BRANCH-$CI_COMMIT_SHORT_SHA
+
+    docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+    docker build . -t $IMAGE_TAG -f docker/Dockerfile --build-arg AUTH_PACKAGE=git+https://gitlab.com/allianceauth/allianceauth@$CI_COMMIT_BRANCH
+    docker push $IMAGE_TAG
+  rules:
+    - if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME == ""'
+      when: manual
+    - if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME != ""'
+      when: never
+
+build-image-mr:
+  before_script: []
+  image: docker:20.10.10
+  stage: docker
+  services:
+    - docker:20.10.10-dind
+  script: |
+    CURRENT_DATE=$(echo $CI_COMMIT_TIMESTAMP | head -c 10 | tr -d -)
+    IMAGE_TAG=$CI_REGISTRY_IMAGE/auth:$CURRENT_DATE-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME-$CI_COMMIT_SHORT_SHA
+
+    docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+    docker build . -t $IMAGE_TAG -f docker/Dockerfile --build-arg AUTH_PACKAGE=git+$CI_MERGE_REQUEST_SOURCE_PROJECT_URL@$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME
+    docker push $IMAGE_TAG
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+      when: manual
+    - if: '$CI_PIPELINE_SOURCE != "merge_request_event"'
+      when: never

.gitlab/issue_templates/Bug.md

@@ -1,8 +1,8 @@
 # Bug
 
 - I have searched [issues](https://gitlab.com/allianceauth/allianceauth/issues?scope=all&utf8=%E2%9C%93&state=all) (Y/N):
-- What Version of Alliance Auth: 
+- What Version of Alliance Auth:
-- What Operating System: 
+- What Operating System:
 - Version of other components relevant to issue eg. Service, Database:
 
 Please include a brief description of your issue here.
@@ -11,4 +11,4 @@ Please include steps to reproduce the issue
 
 Please include any tracebacks or logs
 
-Please include the results of the command `pip list`
+Please include the results of the command `pip list`

.gitlab/issue_templates/Feature Request.md

@@ -4,4 +4,4 @@
 
 - Is this a Service (external integration), a Module (Alliance Auth extension) or an enhancement to an existing service/module.
 
-- Describe why its useful to you or others.
+- Describe why its useful to you or others.

.pre-commit-config.yaml

@@ -0,0 +1,60 @@
+# Apply to all files without committing:
+#   pre-commit run --all-files
+# Update this file:
+#   pre-commit autoupdate
+
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.3.0
+    hooks:
+      - id: check-case-conflict
+      - id: check-json
+      - id: check-xml
+      - id: check-yaml
+      - id: fix-byte-order-marker
+      - id: trailing-whitespace
+        exclude: |
+          (?x)(
+            \.min\.css|
+            \.min\.js|
+            \.po|
+            \.mo|
+            swagger\.json
+          )
+      - id: end-of-file-fixer
+        exclude: |
+          (?x)(
+            \.min\.css|
+            \.min\.js|
+            \.po|
+            \.mo|
+            swagger\.json
+          )
+      - id: mixed-line-ending
+        args: [ '--fix=lf' ]
+      - id: fix-encoding-pragma
+        args: [ '--remove' ]
+
+  - repo: https://github.com/editorconfig-checker/editorconfig-checker.python
+    rev: 2.4.0
+    hooks:
+      - id: editorconfig-checker
+        exclude: |
+          (?x)(
+            LICENSE|
+            allianceauth\/static\/allianceauth\/css\/themes\/bootstrap-locals.less|
+            \.po|
+            \.mo|
+            swagger\.json
+          )
+
+  - repo: https://github.com/asottile/pyupgrade
+    rev: v2.34.0
+    hooks:
+      - id: pyupgrade
+        args: [ --py38-plus ]
+
+  - repo: https://github.com/asottile/setup-cfg-fmt
+    rev: v1.20.1
+    hooks:
+      - id: setup-cfg-fmt

.readthedocs.yml

@@ -5,19 +5,22 @@
 # Required
 version: 2
 
+# Set the version of Python and other tools you might need
+build:
+  os: ubuntu-20.04
+  apt_packages:
+    - redis
+  tools:
+    python: "3.8"
+
 # Build documentation in the docs/ directory with Sphinx
 sphinx:
   configuration: docs/conf.py
 
-# Build documentation with MkDocs
-#mkdocs:
-#  configuration: mkdocs.yml
-
 # Optionally build your docs in additional formats such as PDF and ePub
 formats: all
 
 # Optionally set the version of Python and requirements required to build your docs
 python:
-  version: 3.7
   install:
-    - requirements: docs/requirements.txt
+    - requirements: docs/requirements.txt

LICENSE

@@ -337,4 +337,3 @@ proprietary programs.  If your program is a subroutine library, you may
 consider it more useful to permit linking proprietary applications with the
 library.  If this is what you want to do, use the GNU Lesser General
 Public License instead of this License.
-

allianceauth/__init__.py

@@ -1,8 +1,7 @@
 # This will make sure the app is always imported when
 # Django starts so that shared_task will use this app.
 
-__version__ = '2.8.2'
+__version__ = '3.3.0'
 __title__ = 'Alliance Auth'
 __url__ = 'https://gitlab.com/allianceauth/allianceauth'
-NAME = '%s v%s' % (__title__, __version__)
+NAME = f'{__title__} v{__version__}'
-default_app_config = 'allianceauth.apps.AllianceAuthConfig'

allianceauth/analytics/admin.py

@@ -0,0 +1,21 @@
+from django.contrib import admin
+
+from .models import AnalyticsIdentifier, AnalyticsPath, AnalyticsTokens
+
+
+@admin.register(AnalyticsIdentifier)
+class AnalyticsIdentifierAdmin(admin.ModelAdmin):
+    search_fields = ['identifier', ]
+    list_display = ('identifier',)
+
+
+@admin.register(AnalyticsTokens)
+class AnalyticsTokensAdmin(admin.ModelAdmin):
+    search_fields = ['name', ]
+    list_display = ('name', 'type',)
+
+
+@admin.register(AnalyticsPath)
+class AnalyticsPathAdmin(admin.ModelAdmin):
+    search_fields = ['ignore_path', ]
+    list_display = ('ignore_path',)

allianceauth/analytics/apps.py

@@ -0,0 +1,9 @@
+from django.apps import AppConfig
+
+
+class AnalyticsConfig(AppConfig):
+    name = 'allianceauth.analytics'
+    label = 'analytics'
+
+    def ready(self):
+        import allianceauth.analytics.signals

allianceauth/analytics/fixtures/disable_analytics.json

@@ -0,0 +1,21 @@
+[
+    {
+    "model": "analytics.AnalyticsTokens",
+    "pk": 1,
+    "fields": {
+        "name": "AA Team Public Google Analytics (Universal)",
+        "type": "GA-V4",
+        "token": "UA-186249766-2",
+        "send_page_views": "False",
+        "send_celery_tasks": "False",
+        "send_stats": "False"
+        }
+    },
+    {
+        "model": "analytics.AnalyticsIdentifier",
+        "pk": 1,
+        "fields": {
+            "identifier": "ab33e241fbf042b6aa77c7655a768af7"
+        }
+    }
+]

allianceauth/analytics/middleware.py

@@ -0,0 +1,52 @@
+from bs4 import BeautifulSoup
+
+from django.conf import settings
+from django.utils.deprecation import MiddlewareMixin
+from .models import AnalyticsTokens, AnalyticsIdentifier
+from .tasks import send_ga_tracking_web_view
+
+import re
+
+
+class AnalyticsMiddleware(MiddlewareMixin):
+    def process_response(self, request, response):
+        """Django Middleware: Process Page Views and creates Analytics Celery Tasks"""
+        if getattr(settings, "ANALYTICS_DISABLED", False):
+            return response
+        analyticstokens = AnalyticsTokens.objects.all()
+        client_id = AnalyticsIdentifier.objects.get(id=1).identifier.hex
+        try:
+            title = BeautifulSoup(
+                response.content, "html.parser").html.head.title.text
+        except AttributeError:
+            title = ''
+        for token in analyticstokens:
+            # Check if Page View Sending is Disabled
+            if token.send_page_views is False:
+                continue
+            # Check Exclusions
+            ignore = False
+            for ignore_path in token.ignore_paths.values():
+                ignore_path_regex = re.compile(ignore_path["ignore_path"])
+                if re.search(ignore_path_regex, request.path) is not None:
+                    ignore = True
+
+            if ignore is True:
+                continue
+
+            tracking_id = token.token
+            locale = request.LANGUAGE_CODE
+            path = request.path
+            try:
+                useragent = request.headers["User-Agent"]
+            except KeyError:
+                useragent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"
+
+            send_ga_tracking_web_view.s(tracking_id=tracking_id,
+                                        client_id=client_id,
+                                        page=path,
+                                        title=title,
+                                        locale=locale,
+                                        useragent=useragent).\
+                apply_async(priority=9)
+        return response

allianceauth/analytics/migrations/0001_initial.py

@@ -0,0 +1,42 @@
+# Generated by Django 3.1.4 on 2020-12-30 13:11
+
+from django.db import migrations, models
+import uuid
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='AnalyticsIdentifier',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('identifier', models.UUIDField(default=uuid.uuid4, editable=False)),
+            ],
+        ),
+        migrations.CreateModel(
+            name='AnalyticsPath',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('ignore_path', models.CharField(default='/example/', max_length=254)),
+            ],
+        ),
+        migrations.CreateModel(
+            name='AnalyticsTokens',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=254)),
+                ('type', models.CharField(choices=[('GA-U', 'Google Analytics Universal'), ('GA-V4', 'Google Analytics V4')], max_length=254)),
+                ('token', models.CharField(max_length=254)),
+                ('send_page_views', models.BooleanField(default=False)),
+                ('send_celery_tasks', models.BooleanField(default=False)),
+                ('send_stats', models.BooleanField(default=False)),
+                ('ignore_paths', models.ManyToManyField(blank=True, to='analytics.AnalyticsPath')),
+            ],
+        ),
+    ]

allianceauth/analytics/migrations/0002_add_AA_Team_Token.py

@@ -0,0 +1,34 @@
+# Generated by Django 3.1.4 on 2020-12-30 08:53
+
+from django.db import migrations
+
+
+def add_aa_team_token(apps, schema_editor):
+    # We can't import the Person model directly as it may be a newer
+    # version than this migration expects. We use the historical version.
+    Tokens = apps.get_model('analytics', 'AnalyticsTokens')
+    token = Tokens()
+    token.type = 'GA-U'
+    token.token = 'UA-186249766-2'
+    token.send_page_views = True
+    token.send_celery_tasks = True
+    token.send_stats = True
+    token.name = 'AA Team Public Google Analytics (Universal)'
+    token.save()
+
+
+def remove_aa_team_token(apps, schema_editor):
+    # Have to define some code to remove this identifier
+    # In case of migration rollback?
+    Tokens = apps.get_model('analytics', 'AnalyticsTokens')
+    token = Tokens.objects.filter(token="UA-186249766-2").delete()
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('analytics', '0001_initial'),
+        ]
+
+    operations = [migrations.RunPython(add_aa_team_token, remove_aa_team_token)
+                    ]

allianceauth/analytics/migrations/0003_Generate_Identifier.py

@@ -0,0 +1,30 @@
+# Generated by Django 3.1.4 on 2020-12-30 08:53
+
+from uuid import uuid4
+from django.db import migrations
+
+
+def generate_identifier(apps, schema_editor):
+    # We can't import the Person model directly as it may be a newer
+    # version than this migration expects. We use the historical version.
+    Identifier = apps.get_model('analytics', 'AnalyticsIdentifier')
+    identifier = Identifier()
+    identifier.id = 1
+    identifier.save()
+
+
+def zero_identifier(apps, schema_editor):
+    # Have to define some code to remove this identifier
+    # In case of migration rollback?
+    Identifier = apps.get_model('analytics', 'AnalyticsIdentifier')
+    Identifier.objects.filter(id=1).delete()
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('analytics', '0002_add_AA_Team_Token'),
+    ]
+
+    operations = [migrations.RunPython(generate_identifier, zero_identifier)
+                    ]

allianceauth/analytics/migrations/0004_auto_20211015_0502.py

@@ -0,0 +1,42 @@
+# Generated by Django 3.1.13 on 2021-10-15 05:02
+
+from django.core.exceptions import ObjectDoesNotExist
+from django.db import migrations
+
+
+def modify_aa_team_token_add_page_ignore_paths(apps, schema_editor):
+    # Add /admin/ and /user_notifications_count/ path to ignore
+
+    AnalyticsPath = apps.get_model('analytics', 'AnalyticsPath')
+    admin = AnalyticsPath.objects.create(ignore_path=r"^\/admin\/.*")
+    user_notifications_count = AnalyticsPath.objects.create(ignore_path=r"^\/user_notifications_count\/.*")
+
+    Tokens = apps.get_model('analytics', 'AnalyticsTokens')
+    token = Tokens.objects.get(token="UA-186249766-2")
+    token.ignore_paths.add(admin, user_notifications_count)
+
+
+def undo_modify_aa_team_token_add_page_ignore_paths(apps, schema_editor):
+    #
+    AnalyticsPath = apps.get_model('analytics', 'AnalyticsPath')
+    Tokens = apps.get_model('analytics', 'AnalyticsTokens')
+
+    token = Tokens.objects.get(token="UA-186249766-2")
+    try:
+        admin = AnalyticsPath.objects.get(ignore_path=r"^\/admin\/.*", analyticstokens=token)
+        user_notifications_count = AnalyticsPath.objects.get(ignore_path=r"^\/user_notifications_count\/.*", analyticstokens=token)
+        admin.delete()
+        user_notifications_count.delete()
+    except ObjectDoesNotExist:
+        # Its fine if it doesnt exist, we just dont want them building up when re-migrating
+        pass
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('analytics', '0003_Generate_Identifier'),
+    ]
+
+    operations = [migrations.RunPython(modify_aa_team_token_add_page_ignore_paths, undo_modify_aa_team_token_add_page_ignore_paths)
+    ]

allianceauth/analytics/migrations/0005_alter_analyticspath_ignore_path.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2.8 on 2021-10-17 16:26
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('analytics', '0004_auto_20211015_0502'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='analyticspath',
+            name='ignore_path',
+            field=models.CharField(default='/example/', help_text='Regex Expression, If matched no Analytics Page View is sent', max_length=254),
+        ),
+    ]

allianceauth/analytics/migrations/0006_more_ignore_paths.py

@@ -0,0 +1,40 @@
+# Generated by Django 3.2.8 on 2021-10-19 01:47
+
+from django.core.exceptions import ObjectDoesNotExist
+from django.db import migrations
+
+
+def modify_aa_team_token_add_page_ignore_paths(apps, schema_editor):
+    # Add the /account/activate path to ignore
+
+    AnalyticsPath = apps.get_model('analytics', 'AnalyticsPath')
+    account_activate = AnalyticsPath.objects.create(ignore_path=r"^\/account\/activate\/.*")
+
+    Tokens = apps.get_model('analytics', 'AnalyticsTokens')
+    token = Tokens.objects.get(token="UA-186249766-2")
+    token.ignore_paths.add(account_activate)
+
+
+def undo_modify_aa_team_token_add_page_ignore_paths(apps, schema_editor):
+    #
+    AnalyticsPath = apps.get_model('analytics', 'AnalyticsPath')
+    Tokens = apps.get_model('analytics', 'AnalyticsTokens')
+
+    token = Tokens.objects.get(token="UA-186249766-2")
+
+    try:
+        account_activate = AnalyticsPath.objects.get(ignore_path=r"^\/account\/activate\/.*", analyticstokens=token)
+        account_activate.delete()
+    except ObjectDoesNotExist:
+        # Its fine if it doesnt exist, we just dont want them building up when re-migrating
+        pass
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('analytics', '0005_alter_analyticspath_ignore_path'),
+    ]
+
+    operations = [
+        migrations.RunPython(modify_aa_team_token_add_page_ignore_paths, undo_modify_aa_team_token_add_page_ignore_paths)
+    ]

allianceauth/analytics/models.py

@@ -0,0 +1,38 @@
+from django.db import models
+from django.core.exceptions import ValidationError
+from django.utils.translation import gettext_lazy as _
+
+from uuid import uuid4
+
+
+class AnalyticsIdentifier(models.Model):
+
+    identifier = models.UUIDField(default=uuid4,
+                                editable=False)
+
+    def save(self, *args, **kwargs):
+        if not self.pk and AnalyticsIdentifier.objects.exists():
+            # Force a single object
+            raise ValidationError('There is can be only one \
+                                    AnalyticsIdentifier instance')
+        self.pk = self.id = 1 # If this happens to be deleted and recreated, force it to be 1
+        return super().save(*args, **kwargs)
+
+
+class AnalyticsPath(models.Model):
+    ignore_path = models.CharField(max_length=254, default="/example/", help_text="Regex Expression, If matched no Analytics Page View is sent")
+
+
+class AnalyticsTokens(models.Model):
+
+    class Analytics_Type(models.TextChoices):
+        GA_U = 'GA-U', _('Google Analytics Universal')
+        GA_V4 = 'GA-V4', _('Google Analytics V4')
+
+    name = models.CharField(max_length=254)
+    type = models.CharField(max_length=254, choices=Analytics_Type.choices)
+    token = models.CharField(max_length=254, blank=False)
+    send_page_views = models.BooleanField(default=False)
+    send_celery_tasks = models.BooleanField(default=False)
+    send_stats = models.BooleanField(default=False)
+    ignore_paths = models.ManyToManyField(AnalyticsPath, blank=True)

allianceauth/analytics/signals.py

@@ -0,0 +1,55 @@
+import logging
+from celery.signals import task_failure, task_success
+from django.conf import settings
+from allianceauth.analytics.tasks import analytics_event
+
+logger = logging.getLogger(__name__)
+
+
+@task_failure.connect
+def process_failure_signal(
+                        exception, traceback,
+                        sender, task_id, signal,
+                        args, kwargs, einfo, **kw):
+    logger.debug("Celery task_failure signal %s" % sender.__class__.__name__)
+    if getattr(settings, "ANALYTICS_DISABLED", False):
+        return
+
+    category = sender.__module__
+
+    if 'allianceauth.analytics' not in category:
+        if category.endswith(".tasks"):
+            category = category[:-6]
+
+        action = sender.__name__
+
+        label = f"{exception.__class__.__name__}"
+
+        analytics_event(category=category,
+                        action=action,
+                        label=label)
+
+
+@task_success.connect
+def celery_success_signal(sender, result=None, **kw):
+    logger.debug("Celery task_success signal %s" % sender.__class__.__name__)
+    if getattr(settings, "ANALYTICS_DISABLED", False):
+        return
+
+    category = sender.__module__
+
+    if 'allianceauth.analytics' not in category:
+        if category.endswith(".tasks"):
+            category = category[:-6]
+
+        action = sender.__name__
+        label = "Success"
+
+        value = 0
+        if isinstance(result, int):
+            value = result
+
+        analytics_event(category=category,
+                        action=action,
+                        label=label,
+                        value=value)

allianceauth/analytics/tasks.py

@@ -0,0 +1,207 @@
+import requests
+import logging
+from django.conf import settings
+from django.apps import apps
+from celery import shared_task
+from allianceauth import __version__
+from .models import AnalyticsTokens, AnalyticsIdentifier
+from .utils import (
+    install_stat_addons,
+    install_stat_tokens,
+    install_stat_users)
+
+logger = logging.getLogger(__name__)
+
+BASE_URL = "https://www.google-analytics.com/"
+
+DEBUG_URL = f"{BASE_URL}debug/collect"
+COLLECTION_URL = f"{BASE_URL}collect"
+
+if getattr(settings, "ANALYTICS_ENABLE_DEBUG", False) and settings.DEBUG:
+    # Force sending of analytics data during in a debug/test environemt
+    # Usefull for developers working on this feature.
+    logger.warning(
+        "You have 'ANALYTICS_ENABLE_DEBUG' Enabled! "
+        "This debug instance will send analytics data!")
+    DEBUG_URL = COLLECTION_URL
+
+ANALYTICS_URL = COLLECTION_URL
+
+if settings.DEBUG is True:
+    ANALYTICS_URL = DEBUG_URL
+
+
+def analytics_event(category: str,
+                    action: str,
+                    label: str,
+                    value: int = 0,
+                    event_type: str = 'Celery'):
+    """
+    Send a Google Analytics Event for each token stored
+    Includes check for if its enabled/disabled
+
+    Args:
+        `category` (str): Celery Namespace
+        `action` (str): Task Name
+        `label` (str): Optional, Task Success/Exception
+        `value` (int): Optional, If bulk, Query size, can be a binary True/False
+        `event_type` (str): Optional, Celery or Stats only, Default to Celery
+    """
+    analyticstokens = AnalyticsTokens.objects.all()
+    client_id = AnalyticsIdentifier.objects.get(id=1).identifier.hex
+    for token in analyticstokens:
+        if event_type == 'Celery':
+            allowed = token.send_celery_tasks
+        elif event_type == 'Stats':
+            allowed = token.send_stats
+        else:
+            allowed = False
+
+        if allowed is True:
+            tracking_id = token.token
+            send_ga_tracking_celery_event.s(
+                tracking_id=tracking_id,
+                client_id=client_id,
+                category=category,
+                action=action,
+                label=label,
+                value=value).apply_async(priority=9)
+
+
+@shared_task()
+def analytics_daily_stats():
+    """Celery Task: Do not call directly
+
+    Gathers a series of daily statistics and sends analytics events containing them
+    """
+    users = install_stat_users()
+    tokens = install_stat_tokens()
+    addons = install_stat_addons()
+    logger.debug("Running Daily Analytics Upload")
+
+    analytics_event(category='allianceauth.analytics',
+                    action='send_install_stats',
+                    label='existence',
+                    value=1,
+                    event_type='Stats')
+    analytics_event(category='allianceauth.analytics',
+                    action='send_install_stats',
+                    label='users',
+                    value=users,
+                    event_type='Stats')
+    analytics_event(category='allianceauth.analytics',
+                    action='send_install_stats',
+                    label='tokens',
+                    value=tokens,
+                    event_type='Stats')
+    analytics_event(category='allianceauth.analytics',
+                    action='send_install_stats',
+                    label='addons',
+                    value=addons,
+                    event_type='Stats')
+
+    for appconfig in apps.get_app_configs():
+        analytics_event(category='allianceauth.analytics',
+                        action='send_extension_stats',
+                        label=appconfig.label,
+                        value=1,
+                        event_type='Stats')
+
+
+@shared_task()
+def send_ga_tracking_web_view(
+                            tracking_id: str,
+                            client_id: str,
+                            page: str,
+                            title: str,
+                            locale: str,
+                            useragent: str) -> requests.Response:
+
+    """Celery Task: Do not call directly
+
+    Sends Page View events to GA, Called only via analytics.middleware
+
+    Parameters
+    ----------
+    `tracking_id` (str): Unique Server Identifier
+    `client_id` (str): GA Token
+    `page` (str): Page Path
+    `title` (str): Page Title
+    `locale` (str): Browser Language
+    `useragent` (str): Browser UserAgent
+
+    Returns
+    -------
+    requests.Reponse Object
+    """
+    headers = {"User-Agent": useragent}
+
+    payload = {
+            'v': '1',
+            'tid': tracking_id,
+            'cid': client_id,
+            't': 'pageview',
+            'dp': page,
+            'dt': title,
+            'ul': locale,
+            'ua': useragent,
+            'aip': 1,
+            'an': "allianceauth",
+            'av': __version__
+            }
+
+    response = requests.post(
+                        ANALYTICS_URL, data=payload,
+                        timeout=5, headers=headers)
+    logger.debug(f"Analytics Page View HTTP{response.status_code}")
+    return response
+
+
+@shared_task()
+def send_ga_tracking_celery_event(
+                                tracking_id: str,
+                                client_id: str,
+                                category: str,
+                                action: str,
+                                label: str,
+                                value: int) -> requests.Response:
+    """Celery Task: Do not call directly
+
+    Sends Page View events to GA, Called only via analytics.middleware
+
+    Parameters
+    ----------
+    `tracking_id` (str): Unique Server Identifier
+    `client_id` (str): GA Token
+    `category` (str): Celery Namespace
+    `action` (str): Task Name
+    `label` (str): Optional, Task Success/Exception
+    `value` (int): Optional, If bulk, Query size, can be a binary True/False
+
+    Returns
+    -------
+    requests.Reponse Object
+    """
+
+    headers = {
+        "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"}
+
+    payload = {
+            'v': '1',
+            'tid': tracking_id,
+            'cid': client_id,
+            't': 'event',
+            'ec': category,
+            'ea': action,
+            'el': label,
+            'ev': value,
+            'aip': 1,
+            'an': "allianceauth",
+            'av': __version__
+            }
+
+    response = requests.post(
+                        ANALYTICS_URL, data=payload,
+                        timeout=5, headers=headers)
+    logger.debug(f"Analytics Celery/Stats Event HTTP{response.status_code}")
+    return response

allianceauth/analytics/tests/test_integration.py

@@ -0,0 +1,109 @@
+from unittest.mock import patch
+from urllib.parse import parse_qs
+
+import requests_mock
+
+from django.test import override_settings
+
+from allianceauth.analytics.tasks import ANALYTICS_URL
+from allianceauth.eveonline.tasks import update_character
+from allianceauth.tests.auth_utils import AuthUtils
+from allianceauth.utils.testing import NoSocketsTestCase
+
+
+@override_settings(CELERY_ALWAYS_EAGER=True)
+@requests_mock.mock()
+class TestAnalyticsForViews(NoSocketsTestCase):
+    @override_settings(ANALYTICS_DISABLED=False)
+    def test_should_run_analytics(self, requests_mocker):
+        # given
+        requests_mocker.post(ANALYTICS_URL)
+        user = AuthUtils.create_user("Bruce Wayne")
+        self.client.force_login(user)
+        # when
+        response = self.client.get("/dashboard/")
+        # then
+        self.assertEqual(response.status_code, 200)
+        self.assertTrue(requests_mocker.called)
+
+    @override_settings(ANALYTICS_DISABLED=True)
+    def test_should_not_run_analytics(self, requests_mocker):
+        # given
+        requests_mocker.post(ANALYTICS_URL)
+        user = AuthUtils.create_user("Bruce Wayne")
+        self.client.force_login(user)
+        # when
+        response = self.client.get("/dashboard/")
+        # then
+        self.assertEqual(response.status_code, 200)
+        self.assertFalse(requests_mocker.called)
+
+
+@override_settings(CELERY_ALWAYS_EAGER=True)
+@requests_mock.mock()
+class TestAnalyticsForTasks(NoSocketsTestCase):
+    @override_settings(ANALYTICS_DISABLED=False)
+    @patch("allianceauth.eveonline.models.EveCharacter.objects.update_character")
+    def test_should_run_analytics_for_successful_task(
+        self, requests_mocker, mock_update_character
+    ):
+        # given
+        requests_mocker.post(ANALYTICS_URL)
+        user = AuthUtils.create_user("Bruce Wayne")
+        character = AuthUtils.add_main_character_2(user, "Bruce Wayne", 1001)
+        # when
+        update_character.delay(character.character_id)
+        # then
+        self.assertTrue(mock_update_character.called)
+        self.assertTrue(requests_mocker.called)
+        payload = parse_qs(requests_mocker.last_request.text)
+        self.assertListEqual(payload["el"], ["Success"])
+
+    @override_settings(ANALYTICS_DISABLED=True)
+    @patch("allianceauth.eveonline.models.EveCharacter.objects.update_character")
+    def test_should_not_run_analytics_for_successful_task(
+        self, requests_mocker, mock_update_character
+    ):
+        # given
+        requests_mocker.post(ANALYTICS_URL)
+        user = AuthUtils.create_user("Bruce Wayne")
+        character = AuthUtils.add_main_character_2(user, "Bruce Wayne", 1001)
+        # when
+        update_character.delay(character.character_id)
+        # then
+        self.assertTrue(mock_update_character.called)
+        self.assertFalse(requests_mocker.called)
+
+    @override_settings(ANALYTICS_DISABLED=False)
+    @patch("allianceauth.eveonline.models.EveCharacter.objects.update_character")
+    def test_should_run_analytics_for_failed_task(
+        self, requests_mocker, mock_update_character
+    ):
+        # given
+        requests_mocker.post(ANALYTICS_URL)
+        mock_update_character.side_effect = RuntimeError
+        user = AuthUtils.create_user("Bruce Wayne")
+        character = AuthUtils.add_main_character_2(user, "Bruce Wayne", 1001)
+        # when
+        update_character.delay(character.character_id)
+        # then
+        self.assertTrue(mock_update_character.called)
+        self.assertTrue(requests_mocker.called)
+        payload = parse_qs(requests_mocker.last_request.text)
+        self.assertNotEqual(payload["el"], ["Success"])
+
+    @override_settings(ANALYTICS_DISABLED=True)
+    @patch("allianceauth.eveonline.models.EveCharacter.objects.update_character")
+    def test_should_not_run_analytics_for_failed_task(
+        self, requests_mocker, mock_update_character
+    ):
+        # given
+        requests_mocker.post(ANALYTICS_URL)
+        mock_update_character.side_effect = RuntimeError
+        user = AuthUtils.create_user("Bruce Wayne")
+        character = AuthUtils.add_main_character_2(user, "Bruce Wayne", 1001)
+        # when
+        update_character.delay(character.character_id)
+        # then
+        self.assertTrue(mock_update_character.called)
+        self.assertFalse(requests_mocker.called)

allianceauth/analytics/tests/test_middleware.py

@@ -0,0 +1,24 @@
+from allianceauth.analytics.middleware import AnalyticsMiddleware
+from unittest.mock import Mock
+from django.http import HttpResponse
+
+from django.test.testcases import TestCase
+
+
+class TestAnalyticsMiddleware(TestCase):
+
+    def setUp(self):
+        self.middleware = AnalyticsMiddleware(HttpResponse)
+        self.request = Mock()
+        self.request.headers = {
+                "User-Agent": "AUTOMATED TEST"
+            }
+        self.request.path = '/testURL/'
+        self.request.session = {}
+        self.request.LANGUAGE_CODE = 'en'
+        self.response = Mock()
+        self.response.content = 'hello world'
+
+    def test_middleware(self):
+        response = self.middleware.process_response(self.request, self.response)
+        self.assertEqual(self.response, response)

allianceauth/analytics/tests/test_models.py

@@ -0,0 +1,26 @@
+from allianceauth.analytics.models import AnalyticsIdentifier
+from django.core.exceptions import ValidationError
+
+from django.test.testcases import TestCase
+
+from uuid import UUID, uuid4
+
+
+# Identifiers
+uuid_1 = "ab33e241fbf042b6aa77c7655a768af7"
+uuid_2 = "7aa6bd70701f44729af5e3095ff4b55c"
+
+
+class TestAnalyticsIdentifier(TestCase):
+
+    def test_identifier_random(self):
+        self.assertNotEqual(AnalyticsIdentifier.objects.get(), uuid4)
+
+    def test_identifier_singular(self):
+        AnalyticsIdentifier.objects.all().delete()
+        AnalyticsIdentifier.objects.create(identifier=uuid_1)
+        # Yeah i have multiple asserts here, they all do the same thing
+        with self.assertRaises(ValidationError):
+            AnalyticsIdentifier.objects.create(identifier=uuid_2)
+        self.assertEqual(AnalyticsIdentifier.objects.count(), 1)
+        self.assertEqual(AnalyticsIdentifier.objects.get(pk=1).identifier, UUID(uuid_1))

allianceauth/analytics/tests/test_tasks.py

@@ -0,0 +1,212 @@
+import requests_mock
+
+from django.test.utils import override_settings
+
+from allianceauth.analytics.tasks import (
+    analytics_event,
+    send_ga_tracking_celery_event,
+    send_ga_tracking_web_view)
+from allianceauth.utils.testing import NoSocketsTestCase
+
+
+GOOGLE_ANALYTICS_DEBUG_URL = 'https://www.google-analytics.com/debug/collect'
+
+
+@override_settings(CELERY_ALWAYS_EAGER=True, CELERY_EAGER_PROPAGATES_EXCEPTIONS=True)
+@requests_mock.Mocker()
+class TestAnalyticsTasks(NoSocketsTestCase):
+    def test_analytics_event(self, requests_mocker):
+        requests_mocker.register_uri('POST', GOOGLE_ANALYTICS_DEBUG_URL)
+        analytics_event(
+                        category='allianceauth.analytics',
+                        action='send_tests',
+                        label='test',
+                        value=1,
+                        event_type='Stats')
+
+    def test_send_ga_tracking_web_view_sent(self, requests_mocker):
+        """This test sends if the event SENDS to google.
+        Not if it was successful.
+        """
+        # given
+        requests_mocker.register_uri('POST', GOOGLE_ANALYTICS_DEBUG_URL)
+        tracking_id = 'UA-186249766-2'
+        client_id = 'ab33e241fbf042b6aa77c7655a768af7'
+        page = '/index/'
+        title = 'Hello World'
+        locale = 'en'
+        useragent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"
+        # when
+        response = send_ga_tracking_web_view(
+                                            tracking_id,
+                                            client_id,
+                                            page,
+                                            title,
+                                            locale,
+                                            useragent)
+        # then
+        self.assertEqual(response.status_code, 200)
+
+    def test_send_ga_tracking_web_view_success(self, requests_mocker):
+        # given
+        requests_mocker.register_uri(
+            'POST',
+            GOOGLE_ANALYTICS_DEBUG_URL,
+            json={"hitParsingResult":[{'valid': True}]}
+        )
+        tracking_id = 'UA-186249766-2'
+        client_id = 'ab33e241fbf042b6aa77c7655a768af7'
+        page = '/index/'
+        title = 'Hello World'
+        locale = 'en'
+        useragent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"
+        # when
+        json_response = send_ga_tracking_web_view(
+                                                tracking_id,
+                                                client_id,
+                                                page,
+                                                title,
+                                                locale,
+                                                useragent).json()
+        # then
+        self.assertTrue(json_response["hitParsingResult"][0]["valid"])
+
+    def test_send_ga_tracking_web_view_invalid_token(self, requests_mocker):
+        # given
+        requests_mocker.register_uri(
+            'POST',
+            GOOGLE_ANALYTICS_DEBUG_URL,
+            json={
+                "hitParsingResult":[
+                    {
+                        'valid': False,
+                        'parserMessage': [
+                            {
+                                'messageType': 'INFO',
+                                'description': 'IP Address from this hit was anonymized to 1.132.110.0.',
+                                'messageCode': 'VALUE_MODIFIED'
+                            },
+                            {
+                                'messageType': 'ERROR',
+                                'description': "The value provided for parameter 'tid' is invalid. Please see http://goo.gl/a8d4RP#tid for details.",
+                                'messageCode': 'VALUE_INVALID', 'parameter': 'tid'
+                            }
+                        ],
+                        'hit': '/debug/collect?v=1&tid=UA-IntentionallyBadTrackingID-2&cid=ab33e241fbf042b6aa77c7655a768af7&t=pageview&dp=/index/&dt=Hello World&ul=en&ua=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36&aip=1&an=allianceauth&av=2.9.0a2'
+                    }
+                ]
+            }
+        )
+        tracking_id = 'UA-IntentionallyBadTrackingID-2'
+        client_id = 'ab33e241fbf042b6aa77c7655a768af7'
+        page = '/index/'
+        title = 'Hello World'
+        locale = 'en'
+        useragent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"
+        # when
+        json_response = send_ga_tracking_web_view(
+                                            tracking_id,
+                                            client_id,
+                                            page,
+                                            title,
+                                            locale,
+                                            useragent).json()
+        # then
+        self.assertFalse(json_response["hitParsingResult"][0]["valid"])
+        self.assertEqual(
+            json_response["hitParsingResult"][0]["parserMessage"][1]["description"],
+            "The value provided for parameter 'tid' is invalid. Please see http://goo.gl/a8d4RP#tid for details."
+        )
+
+        # [{'valid': False, 'parserMessage': [{'messageType': 'INFO', 'description': 'IP Address from this hit was anonymized to 1.132.110.0.', 'messageCode': 'VALUE_MODIFIED'}, {'messageType': 'ERROR', 'description': "The value provided for parameter 'tid' is invalid. Please see http://goo.gl/a8d4RP#tid for details.", 'messageCode': 'VALUE_INVALID', 'parameter': 'tid'}], 'hit': '/debug/collect?v=1&tid=UA-IntentionallyBadTrackingID-2&cid=ab33e241fbf042b6aa77c7655a768af7&t=pageview&dp=/index/&dt=Hello World&ul=en&ua=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36&aip=1&an=allianceauth&av=2.9.0a2'}]
+
+    def test_send_ga_tracking_celery_event_sent(self, requests_mocker):
+        # given
+        requests_mocker.register_uri('POST', GOOGLE_ANALYTICS_DEBUG_URL)
+        tracking_id = 'UA-186249766-2'
+        client_id = 'ab33e241fbf042b6aa77c7655a768af7'
+        category = 'test'
+        action = 'test'
+        label = 'test'
+        value = '1'
+        # when
+        response = send_ga_tracking_celery_event(
+                                                tracking_id,
+                                                client_id,
+                                                category,
+                                                action,
+                                                label,
+                                                value)
+        # then
+        self.assertEqual(response.status_code, 200)
+
+    def test_send_ga_tracking_celery_event_success(self, requests_mocker):
+        # given
+        requests_mocker.register_uri(
+            'POST',
+            GOOGLE_ANALYTICS_DEBUG_URL,
+            json={"hitParsingResult":[{'valid': True}]}
+        )
+        tracking_id = 'UA-186249766-2'
+        client_id = 'ab33e241fbf042b6aa77c7655a768af7'
+        category = 'test'
+        action = 'test'
+        label = 'test'
+        value = '1'
+        # when
+        json_response = send_ga_tracking_celery_event(
+                                                    tracking_id,
+                                                    client_id,
+                                                    category,
+                                                    action,
+                                                    label,
+                                                    value).json()
+        # then
+        self.assertTrue(json_response["hitParsingResult"][0]["valid"])
+
+    def test_send_ga_tracking_celery_event_invalid_token(self, requests_mocker):
+        # given
+        requests_mocker.register_uri(
+            'POST',
+            GOOGLE_ANALYTICS_DEBUG_URL,
+            json={
+                "hitParsingResult":[
+                    {
+                        'valid': False,
+                        'parserMessage': [
+                            {
+                                'messageType': 'INFO',
+                                'description': 'IP Address from this hit was anonymized to 1.132.110.0.',
+                                'messageCode': 'VALUE_MODIFIED'
+                            },
+                            {
+                                'messageType': 'ERROR',
+                                'description': "The value provided for parameter 'tid' is invalid. Please see http://goo.gl/a8d4RP#tid for details.",
+                                'messageCode': 'VALUE_INVALID', 'parameter': 'tid'
+                            }
+                        ],
+                        'hit': '/debug/collect?v=1&tid=UA-IntentionallyBadTrackingID-2&cid=ab33e241fbf042b6aa77c7655a768af7&t=pageview&dp=/index/&dt=Hello World&ul=en&ua=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36&aip=1&an=allianceauth&av=2.9.0a2'
+                    }
+                ]
+            }
+        )
+        tracking_id = 'UA-IntentionallyBadTrackingID-2'
+        client_id = 'ab33e241fbf042b6aa77c7655a768af7'
+        category = 'test'
+        action = 'test'
+        label = 'test'
+        value = '1'
+        # when
+        json_response = send_ga_tracking_celery_event(
+                                                    tracking_id,
+                                                    client_id,
+                                                    category,
+                                                    action,
+                                                    label,
+                                                    value).json()
+        # then
+        self.assertFalse(json_response["hitParsingResult"][0]["valid"])
+        self.assertEqual(
+            json_response["hitParsingResult"][0]["parserMessage"][1]["description"],
+            "The value provided for parameter 'tid' is invalid. Please see http://goo.gl/a8d4RP#tid for details."
+        )

allianceauth/analytics/tests/test_utils.py

@@ -0,0 +1,55 @@
+from django.apps import apps
+from allianceauth.authentication.models import User
+from esi.models import Token
+from allianceauth.analytics.utils import install_stat_users, install_stat_tokens, install_stat_addons
+
+from django.test.testcases import TestCase
+
+
+def create_testdata():
+    User.objects.all().delete()
+    User.objects.create_user(
+        'user_1'
+        'abc@example.com',
+        'password'
+    )
+    User.objects.create_user(
+        'user_2'
+        'abc@example.com',
+        'password'
+    )
+    #Token.objects.all().delete()
+    #Token.objects.create(
+    #            character_id=101,
+    #            character_name='character1',
+    #            access_token='my_access_token'
+    #)
+    #Token.objects.create(
+    #            character_id=102,
+    #            character_name='character2',
+    #            access_token='my_access_token'
+    #)
+
+
+class TestAnalyticsUtils(TestCase):
+
+    def test_install_stat_users(self):
+        create_testdata()
+        expected = 2
+
+        users = install_stat_users()
+        self.assertEqual(users, expected)
+
+    #def test_install_stat_tokens(self):
+    #    create_testdata()
+    #    expected = 2
+    #
+    #   tokens = install_stat_tokens()
+    #   self.assertEqual(tokens, expected)
+
+    def test_install_stat_addons(self):
+        # this test does what its testing...
+        # but helpful for existing as a sanity check
+        expected = len(list(apps.get_app_configs()))
+        addons = install_stat_addons()
+        self.assertEqual(addons, expected)

allianceauth/analytics/utils.py

@@ -0,0 +1,36 @@
+from django.apps import apps
+from allianceauth.authentication.models import User
+from esi.models import Token
+
+
+def install_stat_users() -> int:
+    """Count and Return the number of User accounts
+
+    Returns
+    -------
+    int
+        The Number of User objects"""
+    users = User.objects.count()
+    return users
+
+
+def install_stat_tokens() -> int:
+    """Count and Return the number of ESI Tokens Stored
+
+    Returns
+    -------
+    int
+        The Number of Token Objects"""
+    tokens = Token.objects.count()
+    return tokens
+
+
+def install_stat_addons() -> int:
+    """Count and Return the number of Django Applications Installed
+
+    Returns
+    -------
+    int
+        The Number of Installed Apps"""
+    addons = len(list(apps.get_app_configs()))
+    return addons

allianceauth/authentication/__init__.py

@@ -1 +0,0 @@
-default_app_config = 'allianceauth.authentication.apps.AuthenticationConfig'

allianceauth/authentication/admin.py

@@ -1,33 +1,44 @@
-from django.conf import settings
-
 from django.contrib import admin
 from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
-from django.contrib.auth.models import User as BaseUser, \
+from django.contrib.auth.models import Group
-    Permission as BasePermission, Group
+from django.contrib.auth.models import Permission as BasePermission
-from django.db.models import Q, F
+from django.contrib.auth.models import User as BaseUser
-from allianceauth.services.hooks import ServicesHook
+from django.db.models import Count, Q
-from django.db.models.signals import pre_save, post_save, pre_delete, \
-    post_delete, m2m_changed
 from django.db.models.functions import Lower
+from django.db.models.signals import (
+    m2m_changed,
+    post_delete,
+    post_save,
+    pre_delete,
+    pre_save
+)
 from django.dispatch import receiver
-from django.forms import ModelForm
-from django.utils.html import format_html
 from django.urls import reverse
+from django.utils.html import format_html
 from django.utils.text import slugify
 
-from allianceauth.authentication.models import State, get_guest_state,\
+from allianceauth.authentication.models import (
-    CharacterOwnership, UserProfile, OwnershipRecord
+    CharacterOwnership,
-from allianceauth.hooks import get_hooks
+    OwnershipRecord,
-from allianceauth.eveonline.models import EveCharacter, EveCorporationInfo,\
+    State,
-    EveAllianceInfo
+    UserProfile,
+    get_guest_state
+)
+from allianceauth.eveonline.models import (
+    EveAllianceInfo,
+    EveCharacter,
+    EveCorporationInfo,
+    EveFactionInfo
+)
 from allianceauth.eveonline.tasks import update_character
-from .app_settings import AUTHENTICATION_ADMIN_USERS_MAX_GROUPS, \
+from allianceauth.hooks import get_hooks
-    AUTHENTICATION_ADMIN_USERS_MAX_CHARS
+from allianceauth.services.hooks import ServicesHook
 
-if 'allianceauth.eveonline.autogroups' in settings.INSTALLED_APPS:
+from .app_settings import (
-    _has_auto_groups = True    
+    AUTHENTICATION_ADMIN_USERS_MAX_CHARS,
-else:
+    AUTHENTICATION_ADMIN_USERS_MAX_GROUPS
-    _has_auto_groups = False
+)
+from .forms import UserChangeForm, UserProfileForm
 
 
 def make_service_hooks_update_groups_action(service):
@@ -43,8 +54,8 @@ def make_service_hooks_update_groups_action(service):
             for user in queryset:  # queryset filtering doesn't work here?
                 service.update_groups(user)
 
-    update_service_groups.__name__ = str('update_{}_groups'.format(slugify(service.name)))
+    update_service_groups.__name__ = str(f'update_{slugify(service.name)}_groups')
-    update_service_groups.short_description = "Sync groups for selected {} accounts".format(service.title)
+    update_service_groups.short_description = f"Sync groups for selected {service.title} accounts"
     return update_service_groups
 
 
@@ -61,24 +72,15 @@ def make_service_hooks_sync_nickname_action(service):
             for user in queryset:  # queryset filtering doesn't work here?
                 service.sync_nickname(user)
 
-    sync_nickname.__name__ = str('sync_{}_nickname'.format(slugify(service.name)))
+    sync_nickname.__name__ = str(f'sync_{slugify(service.name)}_nickname')
-    sync_nickname.short_description = "Sync nicknames for selected {} accounts".format(service.title)
+    sync_nickname.short_description = f"Sync nicknames for selected {service.title} accounts"
     return sync_nickname
 
 
-class QuerysetModelForm(ModelForm):
-    # allows specifying FK querysets through kwarg
-    def __init__(self, querysets=None, *args, **kwargs):
-        querysets = querysets or {}
-        super().__init__(*args, **kwargs)
-        for field, qs in querysets.items():
-            self.fields[field].queryset = qs
-
-
 class UserProfileInline(admin.StackedInline):
     model = UserProfile
     readonly_fields = ('state',)
-    form = QuerysetModelForm
+    form = UserProfileForm
     verbose_name = ''
     verbose_name_plural = 'Profile'
 
@@ -92,7 +94,6 @@ class UserProfileInline(admin.StackedInline):
                 query |= Q(userprofile__isnull=True)
             else:
                 query |= Q(character_ownership__user=obj)
-        qs = EveCharacter.objects.filter(query)
         formset = super().get_formset(request, obj=obj, **kwargs)
 
         def get_kwargs(self, index):
@@ -107,6 +108,7 @@ class UserProfileInline(admin.StackedInline):
         return False
 
 
+@admin.display(description="")
 def user_profile_pic(obj):
     """profile pic column data for user objects
 
@@ -119,43 +121,42 @@ def user_profile_pic(obj):
             '<img src="{}" class="img-circle">',
             user_obj.profile.main_character.portrait_url(size=32)
         )
-    else:
+    return None
-        return None
-user_profile_pic.short_description = ''
 
 
+@admin.display(description="user / main", ordering="username")
 def user_username(obj):
     """user column data for user objects
 
     works for both User objects and objects with `user` as FK to User
     To be used for all user based admin lists
-    """    
+    """
     link = reverse(
         'admin:{}_{}_change'.format(
             obj._meta.app_label,
             type(obj).__name__.lower()
-        ), 
+        ),
         args=(obj.pk,)
     )
     user_obj = obj.user if hasattr(obj, 'user') else obj
     if user_obj.profile.main_character:
         return format_html(
             '<strong><a href="{}">{}</a></strong><br>{}',
-            link, 
+            link,
             user_obj.username,
             user_obj.profile.main_character.character_name
         )
-    else:
+    return format_html(
-        return format_html(
+        '<strong><a href="{}">{}</a></strong>',
-            '<strong><a href="{}">{}</a></strong>',
+        link,
-            link, 
+        user_obj.username,
-            user_obj.username,
+    )
-        )
-
-user_username.short_description = 'user / main'
-user_username.admin_order_field = 'username'
 
 
+@admin.display(
+    description="Corporation / Alliance (Main)",
+    ordering="profile__main_character__corporation_name"
+)
 def user_main_organization(obj):
     """main organization column data for user objects
 
@@ -164,21 +165,13 @@ def user_main_organization(obj):
     """
     user_obj = obj.user if hasattr(obj, 'user') else obj
     if not user_obj.profile.main_character:
-        result = None
+        return ''
-    else:        
+    result = user_obj.profile.main_character.corporation_name
-        corporation = user_obj.profile.main_character.corporation_name
+    if user_obj.profile.main_character.alliance_id:
-        if user_obj.profile.main_character.alliance_id:        
+        result += f'<br>{user_obj.profile.main_character.alliance_name}'
-            result = format_html('{}<br>{}',
+    elif user_obj.profile.main_character.faction_name:
-                corporation, 
+        result += f'<br>{user_obj.profile.main_character.faction_name}'
-                user_obj.profile.main_character.alliance_name
+    return format_html(result)
-            )
-        else:
-            result = corporation    
-    return result
-
-user_main_organization.short_description = 'Corporation / Alliance (Main)'
-user_main_organization.admin_order_field = \
-    'profile__main_character__corporation_name'
 
 
 class MainCorporationsFilter(admin.SimpleListFilter):
@@ -197,22 +190,20 @@ class MainCorporationsFilter(admin.SimpleListFilter):
             .distinct()\
             .order_by(Lower('corporation_name'))
         return tuple(
-            [(x['corporation_id'], x['corporation_name']) for x in qs]
+            (x['corporation_id'], x['corporation_name']) for x in qs
         )
 
     def queryset(self, request, qs):
         if self.value() is None:
             return qs.all()
-        else:    
+        if qs.model == User:
-            if qs.model == User:
+            return qs.filter(
-                return qs\
+                profile__main_character__corporation_id=self.value()
-                    .filter(profile__main_character__corporation_id=\
+            )
-                        self.value())
+        return qs.filter(
-            else:
+            user__profile__main_character__corporation_id=self.value()
-                return qs\
+        )
-                    .filter(user__profile__main_character__corporation_id=\
+
-                        self.value())
-            
 
 class MainAllianceFilter(admin.SimpleListFilter):
     """Custom filter to filter on alliances from mains only
@@ -224,30 +215,62 @@ class MainAllianceFilter(admin.SimpleListFilter):
     parameter_name = 'main_alliance_id__exact'
 
     def lookups(self, request, model_admin):
-        qs = EveCharacter.objects\
+        qs = (
-            .exclude(alliance_id=None)\
+            EveCharacter.objects
-            .exclude(userprofile=None)\
+            .exclude(alliance_id=None)
-            .values('alliance_id', 'alliance_name')\
+            .exclude(userprofile=None)
-            .distinct()\
+            .values('alliance_id', 'alliance_name')
+            .distinct()
             .order_by(Lower('alliance_name'))
+        )
         return tuple(
-            [(x['alliance_id'], x['alliance_name']) for x in qs]
+            (x['alliance_id'], x['alliance_name']) for x in qs
         )
 
     def queryset(self, request, qs):
         if self.value() is None:
             return qs.all()
-        else:    
+        if qs.model == User:
-            if qs.model == User:
+            return qs.filter(profile__main_character__alliance_id=self.value())
-                return qs\
+        return qs.filter(
-                    .filter(profile__main_character__alliance_id=self.value())                
+            user__profile__main_character__alliance_id=self.value()
-            else:
+        )
-                return qs\
-                    .filter(user__profile__main_character__alliance_id=\
-                        self.value())
-                
 
-def update_main_character_model(modeladmin, request, queryset):    
+
+class MainFactionFilter(admin.SimpleListFilter):
+    """Custom filter to filter on factions from mains only
+
+    works for both User objects and objects with `user` as FK to User
+    To be used for all user based admin lists
+    """
+    title = 'faction'
+    parameter_name = 'main_faction_id__exact'
+
+    def lookups(self, request, model_admin):
+        qs = (
+            EveCharacter.objects
+            .exclude(faction_id=None)
+            .exclude(userprofile=None)
+            .values('faction_id', 'faction_name')
+            .distinct()
+            .order_by(Lower('faction_name'))
+        )
+        return tuple(
+            (x['faction_id'], x['faction_name']) for x in qs
+        )
+
+    def queryset(self, request, qs):
+        if self.value() is None:
+            return qs.all()
+        if qs.model == User:
+            return qs.filter(profile__main_character__faction_id=self.value())
+        return qs.filter(
+            user__profile__main_character__faction_id=self.value()
+        )
+
+
+@admin.display(description="Update main character model from ESI")
+def update_main_character_model(modeladmin, request, queryset):
     tasks_count = 0
     for obj in queryset:
         if obj.profile.main_character:
@@ -255,51 +278,75 @@ def update_main_character_model(modeladmin, request, queryset):
             tasks_count += 1
 
     modeladmin.message_user(
-        request, 
+        request, f'Update from ESI started for {tasks_count} characters'
-        'Update from ESI started for {} characters'.format(tasks_count)
     )
 
-update_main_character_model.short_description = \
-    'Update main character model from ESI'
-
 
 class UserAdmin(BaseUserAdmin):
     """Extending Django's UserAdmin model
-    
-    Behavior of groups and characters columns can be configured via settings
 
+    Behavior of groups and characters columns can be configured via settings
     """
 
+    inlines = BaseUserAdmin.inlines + [UserProfileInline]
+    ordering = ('username', )
+    list_select_related = ('profile__state', 'profile__main_character')
+    show_full_result_count = True
+    list_display = (
+        user_profile_pic,
+        user_username,
+        '_state',
+        '_groups',
+        user_main_organization,
+        '_characters',
+        'is_active',
+        'date_joined',
+        '_role'
+    )
+    list_display_links = None
+    list_filter = (
+        'profile__state',
+        'groups',
+        MainCorporationsFilter,
+        MainAllianceFilter,
+        MainFactionFilter,
+        'is_active',
+        'date_joined',
+        'is_staff',
+        'is_superuser'
+    )
+    search_fields = ('username', 'character_ownerships__character__character_name')
+    readonly_fields = ('date_joined', 'last_login')
+    filter_horizontal = ('groups', 'user_permissions',)
+    form = UserChangeForm
+
     class Media:
         css = {
-            "all": ("authentication/css/admin.css",)
+            "all": ("allianceauth/authentication/css/admin.css",)
         }
-         
-    class RealGroupsFilter(admin.SimpleListFilter):
-        """Custom filter to get groups w/o Autogroups"""
-        title = 'group'
-        parameter_name = 'group_id__exact'
 
-        def lookups(self, request, model_admin):
+    def get_queryset(self, request):
-            qs = Group.objects.all().order_by(Lower('name'))
+        qs = super().get_queryset(request)
-            if _has_auto_groups:
+        return qs.prefetch_related("character_ownerships__character", "groups")
-                qs = qs\
-                    .filter(managedalliancegroup__isnull=True)\
-                    .filter(managedcorpgroup__isnull=True)                
-            return tuple([(x.pk, x.name) for x in qs])
 
-        def queryset(self, request, queryset):
+    def get_form(self, request, obj=None, **kwargs):
-            if self.value() is None:
+        """Inject current request into change form object."""
-                return queryset.all()
+
-            else:    
+        MyForm = super().get_form(request, obj, **kwargs)
-                return queryset.filter(groups__pk=self.value())
+        if obj:
+            class MyFormInjected(MyForm):
+                def __new__(cls, *args, **kwargs):
+                    kwargs['request'] = request
+                    return MyForm(*args, **kwargs)
+
+            return MyFormInjected
+        return MyForm
 
     def get_actions(self, request):
-        actions = super(BaseUserAdmin, self).get_actions(request)
+        actions = super().get_actions(request)
-
         actions[update_main_character_model.__name__] = (
-            update_main_character_model, 
+            update_main_character_model,
-            update_main_character_model.__name__, 
+            update_main_character_model.__name__,
             update_main_character_model.short_description
         )
 
@@ -309,21 +356,21 @@ class UserAdmin(BaseUserAdmin):
             if svc.update_groups.__module__ != ServicesHook.update_groups.__module__:
                 action = make_service_hooks_update_groups_action(svc)
                 actions[action.__name__] = (
-                    action, 
+                    action,
                     action.__name__,
                     action.short_description
                 )
-            
+
             # Create sync nickname action if service implements it
             if svc.sync_nickname.__module__ != ServicesHook.sync_nickname.__module__:
                 action = make_service_hooks_sync_nickname_action(svc)
                 actions[action.__name__] = (
-                    action, action.__name__, 
+                    action, action.__name__,
                     action.short_description
                 )
         return actions
 
-    def _list_2_html_w_tooltips(self, my_items: list, max_items: int) -> str:    
+    def _list_2_html_w_tooltips(self, my_items: list, max_items: int) -> str:
         """converts list of strings into HTML with cutoff and tooltip"""
         items_truncated_str = ', '.join(my_items[:max_items])
         if not my_items:
@@ -339,80 +386,24 @@ class UserAdmin(BaseUserAdmin):
                 items_truncated_str
             )
         return result
-    
-    inlines = BaseUserAdmin.inlines + [UserProfileInline]
 
-    ordering = ('username', )
-    list_select_related = True
-    show_full_result_count = True 
-    
-    list_display = (
-        user_profile_pic,
-        user_username, 
-        '_state', 
-        '_groups',
-        user_main_organization,
-        '_characters',
-        'is_active',
-        'date_joined',
-        '_role'
-    )    
-    list_display_links = None
-
-    list_filter = ( 
-        'profile__state',
-        RealGroupsFilter,        
-        MainCorporationsFilter,        
-        MainAllianceFilter,
-        'is_active',
-        'date_joined',
-        'is_staff',
-        'is_superuser'
-    )
-    search_fields = (
-        'username', 
-        'character_ownerships__character__character_name'
-    )
-    
     def _characters(self, obj):
-        my_characters = [
+        character_ownerships = list(obj.character_ownerships.all())
-            x.character.character_name 
+        characters = [obj.character.character_name for obj in character_ownerships]
-            for x in CharacterOwnership.objects\
-                .filter(user=obj)\
-                .order_by('character__character_name')\
-                .select_related()
-        ]
         return self._list_2_html_w_tooltips(
-            my_characters, 
+            sorted(characters),
             AUTHENTICATION_ADMIN_USERS_MAX_CHARS
         )
-          
-    _characters.short_description = 'characters'
-    
 
+    @admin.display(ordering="profile__state")
     def _state(self, obj):
         return obj.profile.state.name
-    
-    _state.short_description = 'state'
-    _state.admin_order_field = 'profile__state'
 
     def _groups(self, obj):
-        if not _has_auto_groups:
+        my_groups = sorted(group.name for group in list(obj.groups.all()))
-            my_groups = [x.name for x in obj.groups.order_by('name')]
-        else:
-            my_groups = [
-                x.name for x in obj.groups\
-                    .filter(managedalliancegroup__isnull=True)\
-                    .filter(managedcorpgroup__isnull=True)\
-                    .order_by('name')
-            ]
-        
         return self._list_2_html_w_tooltips(
-            my_groups, 
+            my_groups, AUTHENTICATION_ADMIN_USERS_MAX_GROUPS
-            AUTHENTICATION_ADMIN_USERS_MAX_GROUPS
         )
-       
-    _groups.short_description = 'groups'
 
     def _role(self, obj):
         if obj.is_superuser:
@@ -420,11 +411,9 @@ class UserAdmin(BaseUserAdmin):
         elif obj.is_staff:
             role = 'Staff'
         else:
-            role = 'User'        
+            role = 'User'
         return role
-    
+
-    _role.short_description = 'role'
-    
     def has_change_permission(self, request, obj=None):
         return request.user.has_perm('auth.change_user')
 
@@ -434,21 +423,41 @@ class UserAdmin(BaseUserAdmin):
     def has_delete_permission(self, request, obj=None):
         return request.user.has_perm('auth.delete_user')
 
+    def get_object(self, *args , **kwargs):
+        obj = super().get_object(*args , **kwargs)
+        self.obj = obj  # storing current object for use in formfield_for_manytomany
+        return obj
+
     def formfield_for_manytomany(self, db_field, request, **kwargs):
-        """overriding this formfield to have sorted lists in the form"""
         if db_field.name == "groups":
-            kwargs["queryset"] = Group.objects.all().order_by(Lower('name'))
+            groups_qs = Group.objects.filter(authgroup__states__isnull=True)
+            obj_state = self.obj.profile.state
+            if obj_state:
+                matching_groups_qs = Group.objects.filter(authgroup__states=obj_state)
+                groups_qs = groups_qs | matching_groups_qs
+            kwargs["queryset"] = groups_qs.order_by(Lower("name"))
         return super().formfield_for_manytomany(db_field, request, **kwargs)
 
+    def get_readonly_fields(self, request, obj=None):
+        if obj and not request.user.is_superuser:
+            return self.readonly_fields + (
+                "is_staff", "is_superuser", "user_permissions"
+            )
+        return self.readonly_fields
+
 
 @admin.register(State)
-class StateAdmin(admin.ModelAdmin):    
+class StateAdmin(admin.ModelAdmin):
     list_select_related = True
     list_display = ('name', 'priority', '_user_count')
-    
+
+    def get_queryset(self, request):
+        qs = super().get_queryset(request)
+        return qs.annotate(user_count=Count("userprofile__id"))
+
+    @admin.display(description="Users", ordering="user_count")
     def _user_count(self, obj):
-        return obj.userprofile_set.all().count()
+        return obj.user_count
-    _user_count.short_description = 'Users'
 
     fieldsets = (
         (None, {
@@ -456,17 +465,19 @@ class StateAdmin(admin.ModelAdmin):
         }),
         ('Membership', {
             'fields': (
-                'public', 
+                'public',
-                'member_characters', 
+                'member_characters',
-                'member_corporations', 
+                'member_corporations',
-                'member_alliances'
+                'member_alliances',
+                'member_factions'
             ),
         })
     )
     filter_horizontal = [
-        'member_characters', 
+        'member_characters',
-        'member_corporations', 
+        'member_corporations',
-        'member_alliances', 
+        'member_alliances',
+        'member_factions',
         'permissions'
     ]
 
@@ -481,12 +492,17 @@ class StateAdmin(admin.ModelAdmin):
         elif db_field.name == "member_alliances":
             kwargs["queryset"] = EveAllianceInfo.objects.all()\
                 .order_by(Lower('alliance_name'))
+        elif db_field.name == "member_factions":
+            kwargs["queryset"] = EveFactionInfo.objects.all()\
+                .order_by(Lower('faction_name'))
+        elif db_field.name == "permissions":
+            kwargs["queryset"] = Permission.objects.select_related("content_type").all()
         return super().formfield_for_manytomany(db_field, request, **kwargs)
 
     def has_delete_permission(self, request, obj=None):
         if obj == get_guest_state():
             return False
-        return super(StateAdmin, self).has_delete_permission(request, obj=obj)
+        return super().has_delete_permission(request, obj=obj)
 
     def get_fieldsets(self, request, obj=None):
         if obj == get_guest_state():
@@ -495,16 +511,17 @@ class StateAdmin(admin.ModelAdmin):
                     'fields': ('permissions', 'priority'),
                 }),
             )
-        return super(StateAdmin, self).get_fieldsets(request, obj=obj)
+        return super().get_fieldsets(request, obj=obj)
-    
+
+    def get_readonly_fields(self, request, obj=None):
+        if not request.user.is_superuser:
+            return self.readonly_fields + ("permissions",)
+        return self.readonly_fields
+
 
 class BaseOwnershipAdmin(admin.ModelAdmin):
-    class Media:
+    list_select_related = (
-        css = {
+        'user__profile__state', 'user__profile__main_character', 'character')
-            "all": ("authentication/css/admin.css",)
-        }
-     
-    list_select_related = True
     list_display = (
         user_profile_pic,
         user_username,
@@ -512,16 +529,22 @@ class BaseOwnershipAdmin(admin.ModelAdmin):
         'character',
     )
     search_fields = (
-        'user__username', 
+        'user__username',
-        'character__character_name', 
+        'character__character_name',
-        'character__corporation_name', 
+        'character__corporation_name',
-        'character__alliance_name'
+        'character__alliance_name',
+        'character__faction_name'
     )
-    list_filter = (                 
+    list_filter = (
-        MainCorporationsFilter,        
+        MainCorporationsFilter,
         MainAllianceFilter,
     )
 
+    class Media:
+        css = {
+            "all": ("allianceauth/authentication/css/admin.css",)
+        }
+
     def get_readonly_fields(self, request, obj=None):
         if obj and obj.pk:
             return 'owner_hash', 'character'
@@ -542,6 +565,7 @@ class CharacterOwnershipAdmin(BaseOwnershipAdmin):
 class PermissionAdmin(admin.ModelAdmin):
     actions = None
     readonly_fields = [field.name for field in BasePermission._meta.fields]
+    search_fields = ('codename', )
     list_display = ('admin_name', 'name', 'codename', 'content_type')
     list_filter = ('content_type__app_label',)
 

allianceauth/authentication/app_settings.py

@@ -2,14 +2,14 @@ from django.conf import settings
 
 
 def _clean_setting(
-    name: str,     
+    name: str,
-    default_value: object,         
+    default_value: object,
     min_value: int = None,
     max_value: int = None,
     required_type: type = None
 ):
     """cleans the input for a custom setting
-    
+
     Will use `default_value` if settings does not exit or has the wrong type
     or is outside define boundaries (for int only)
 
@@ -18,22 +18,22 @@ def _clean_setting(
     Will assume `min_value` of 0 for int (can be overriden)
 
     Returns cleaned value for setting
-    """                
+    """
     if default_value is None and not required_type:
         raise ValueError('You must specify a required_type for None defaults')
-    
+
     if not required_type:
         required_type = type(default_value)
 
     if min_value is None and required_type == int:
-        min_value = 0        
+        min_value = 0
-        
+
     if (hasattr(settings, name)
         and isinstance(getattr(settings, name), required_type)
         and (min_value is None or getattr(settings, name) >= min_value)
         and (max_value is None or getattr(settings, name) <= max_value)
-    ):        
+    ):
-        return getattr(settings, name)    
+        return getattr(settings, name)
     else:
         return default_value
 
@@ -43,4 +43,3 @@ AUTHENTICATION_ADMIN_USERS_MAX_GROUPS = \
 
 AUTHENTICATION_ADMIN_USERS_MAX_CHARS = \
     _clean_setting('AUTHENTICATION_ADMIN_USERS_MAX_CHARS', 5)
-

allianceauth/authentication/apps.py

@@ -3,10 +3,14 @@ from django.core.checks import register, Tags
 
 
 class AuthenticationConfig(AppConfig):
-    name = 'allianceauth.authentication'
+    name = "allianceauth.authentication"
-    label = 'authentication'
+    label = "authentication"
 
     def ready(self):
-        super(AuthenticationConfig, self).ready()
+        from allianceauth.authentication import checks, signals  # noqa: F401
-        from allianceauth.authentication import checks, signals
+        from allianceauth.authentication.task_statistics import (
+            signals as celery_signals,
+        )
+
         register(Tags.security)(checks.check_login_scopes_setting)
+        celery_signals.reset_counters()

allianceauth/authentication/backends.py

@@ -2,6 +2,7 @@ import logging
 
 from django.contrib.auth.backends import ModelBackend
 from django.contrib.auth.models import User, Permission
+from django.contrib import messages
 
 from .models import UserProfile, CharacterOwnership, OwnershipRecord
 
@@ -12,9 +13,9 @@ logger = logging.getLogger(__name__)
 class StateBackend(ModelBackend):
     @staticmethod
     def _get_state_permissions(user_obj):
-        """returns permissions for state of given user object"""        
+        """returns permissions for state of given user object"""
         if hasattr(user_obj, "profile") and user_obj.profile:
-            return Permission.objects.filter(state=user_obj.profile.state)            
+            return Permission.objects.filter(state=user_obj.profile.state)
         else:
             return Permission.objects.none()
 
@@ -36,17 +37,23 @@ class StateBackend(ModelBackend):
         try:
             ownership = CharacterOwnership.objects.get(character__character_id=token.character_id)
             if ownership.owner_hash == token.character_owner_hash:
-                logger.debug('Authenticating {0} by ownership of character {1}'.format(ownership.user, token.character_name))
+                logger.debug(f'Authenticating {ownership.user} by ownership of character {token.character_name}')
-                return ownership.user
+                if ownership.user.profile.main_character:
+                    if ownership.user.profile.main_character.character_id == token.character_id:
+                        return ownership.user
+                    else:  ## this is an alt, enforce main only.
+                        if request:
+                            messages.error("Unable to authenticate with this Character, Please log in with the main character associated with this account.")
+                        return None
             else:
-                logger.debug('{0} has changed ownership. Creating new user account.'.format(token.character_name))
+                logger.debug(f'{token.character_name} has changed ownership. Creating new user account.')
                 ownership.delete()
                 return self.create_user(token)
         except CharacterOwnership.DoesNotExist:
             try:
                 # insecure legacy main check for pre-sso registration auth installs
                 profile = UserProfile.objects.get(main_character__character_id=token.character_id)
-                logger.debug('Authenticating {0} by their main character {1} without active ownership.'.format(profile.user, profile.main_character))
+                logger.debug(f'Authenticating {profile.user} by their main character {profile.main_character} without active ownership.')
                 # attach an ownership
                 token.user = profile.user
                 CharacterOwnership.objects.create_by_token(token)
@@ -57,15 +64,22 @@ class StateBackend(ModelBackend):
                 if records.exists():
                     # we've seen this character owner before. Re-attach to their old user account
                     user = records[0].user
+                    if user.profile.main_character:
+                        if ownership.user.profile.main_character.character_id != token.character_id:
+                            ## this is an alt, enforce main only due to trust issues in SSO.
+                            if request:
+                                messages.error("Unable to authenticate with this Character, Please log in with the main character associated with this account. Then add this character from the dashboard.")
+                            return None
+
                     token.user = user
                     co = CharacterOwnership.objects.create_by_token(token)
-                    logger.debug('Authenticating {0} by matching owner hash record of character {1}'.format(user, co.character))
+                    logger.debug(f'Authenticating {user} by matching owner hash record of character {co.character}')
-                    if not user.profile.main_character:
+
-                        # set this as their main by default if they have none
+                    # set this as their main by default as they have none
-                        user.profile.main_character = co.character
+                    user.profile.main_character = co.character
-                        user.profile.save()
+                    user.profile.save()
                     return user
-            logger.debug('Unable to authenticate character {0}. Creating new user.'.format(token.character_name))
+            logger.debug(f'Unable to authenticate character {token.character_name}. Creating new user.')
             return self.create_user(token)
 
     def create_user(self, token):
@@ -77,7 +91,7 @@ class StateBackend(ModelBackend):
         co = CharacterOwnership.objects.create_by_token(token)  # assign ownership to this user
         user.profile.main_character = co.character  # assign main character as token character
         user.profile.save()
-        logger.debug('Created new user {0}'.format(user))
+        logger.debug(f'Created new user {user}')
         return user
 
     @staticmethod
@@ -87,10 +101,10 @@ class StateBackend(ModelBackend):
         if User.objects.filter(username__startswith=name).exists():
             u = User.objects.filter(username__startswith=name)
             num = len(u)
-            username = "%s_%s" % (name, num)
+            username = f"{name}_{num}"
             while u.filter(username=username).exists():
                 num += 1
-                username = "%s_%s" % (name, num)
+                username = f"{name}_{num}"
         else:
             username = name
         return username

allianceauth/authentication/forms.py

@@ -1,8 +1,66 @@
 from django import forms
-from django.utils.translation import ugettext_lazy as _
+from django.contrib.auth.forms import UserChangeForm as BaseUserChangeForm
+from django.contrib.auth.models import Group
+from django.core.exceptions import ValidationError
+from django.forms import ModelForm
+from django.utils.translation import gettext_lazy as _
+
 from allianceauth.authentication.models import User
+
+
 class RegistrationForm(forms.Form):
     email = forms.EmailField(label=_('Email'), max_length=254, required=True)
 
     class _meta:
         model = User
+
+
+class UserProfileForm(ModelForm):
+    """Allows specifying FK querysets through kwarg"""
+
+    def __init__(self, querysets=None, *args, **kwargs):
+        querysets = querysets or {}
+        super().__init__(*args, **kwargs)
+        for field, qs in querysets.items():
+            self.fields[field].queryset = qs
+
+
+class UserChangeForm(BaseUserChangeForm):
+    """Add custom cleaning to UserChangeForm"""
+
+    def __init__(self, *args, **kwargs):
+        self.request = kwargs.pop("request")  # Inject current request into form object
+        super().__init__(*args, **kwargs)
+
+    def clean(self):
+        cleaned_data = super().clean()
+        if not self.request.user.is_superuser:
+            if self.instance:
+                current_restricted = set(
+                    self.instance.groups.filter(
+                        authgroup__restricted=True
+                    ).values_list("pk", flat=True)
+                )
+            else:
+                current_restricted = set()
+            new_restricted = set(
+                cleaned_data["groups"].filter(
+                    authgroup__restricted=True
+                ).values_list("pk", flat=True)
+            )
+            if current_restricted != new_restricted:
+                restricted_removed = current_restricted - new_restricted
+                restricted_added = new_restricted - current_restricted
+                restricted_changed = restricted_removed | restricted_added
+                restricted_names_qs = Group.objects.filter(
+                    pk__in=restricted_changed
+                ).values_list("name", flat=True)
+                restricted_names = ",".join(list(restricted_names_qs))
+                raise ValidationError(
+                    {
+                        "groups": _(
+                            "You are not allowed to add or remove these "
+                            "restricted groups: %s" % restricted_names
+                        )
+                    }
+                )

allianceauth/authentication/hmac_urls.py

@@ -1,14 +1,16 @@
-from django.conf.urls import url, include
+from django.conf.urls import include
 
 from allianceauth.authentication import views
+from django.urls import re_path
+from django.urls import path
 
 urlpatterns = [
-    url(r'^activate/complete/$', views.activation_complete, name='registration_activation_complete'),
+    path('activate/complete/', views.activation_complete, name='registration_activation_complete'),
     # The activation key can make use of any character from the
     # URL-safe base64 alphabet, plus the colon as a separator.
-    url(r'^activate/(?P<activation_key>[-:\w]+)/$', views.ActivationView.as_view(), name='registration_activate'),
+    re_path(r'^activate/(?P<activation_key>[-:\w]+)/$', views.ActivationView.as_view(), name='registration_activate'),
-    url(r'^register/$', views.RegistrationView.as_view(), name='registration_register'),
+    path('register/', views.RegistrationView.as_view(), name='registration_register'),
-    url(r'^register/complete/$', views.registration_complete, name='registration_complete'),
+    path('register/complete/', views.registration_complete, name='registration_complete'),
-    url(r'^register/closed/$', views.registration_closed, name='registration_disallowed'),
+    path('register/closed/', views.registration_closed, name='registration_disallowed'),
-    url(r'', include('django.contrib.auth.urls')),
+    path('', include('django.contrib.auth.urls')),
-]
+]

allianceauth/authentication/management/commands/checkmains.py

@@ -11,10 +11,10 @@ class Command(BaseCommand):
         if profiles.exists():
             for profile in profiles:
                 self.stdout.write(self.style.ERROR(
-                    '{0} does not have an ownership. Resetting user {1} main character.'.format(profile.main_character,
+                    '{} does not have an ownership. Resetting user {} main character.'.format(profile.main_character,
                                                                                                 profile.user)))
                 profile.main_character = None
                 profile.save()
-            self.stdout.write(self.style.WARNING('Reset {0} main characters.'.format(profiles.count())))
+            self.stdout.write(self.style.WARNING(f'Reset {profiles.count()} main characters.'))
         else:
             self.stdout.write(self.style.SUCCESS('All main characters have active ownership.'))

allianceauth/authentication/managers.py

@@ -16,6 +16,8 @@ def available_states_query(character):
         query |= Q(member_corporations__corporation_id=character.corporation_id)
     if character.alliance_id:
         query |= Q(member_alliances__alliance_id=character.alliance_id)
+    if character.faction_id:
+        query |= Q(member_factions__faction_id=character.faction_id)
     return query
 
 
@@ -23,8 +25,7 @@ class CharacterOwnershipManager(Manager):
     def create_by_token(self, token):
         if not EveCharacter.objects.filter(character_id=token.character_id).exists():
             EveCharacter.objects.create_character(token.character_id)
-        return self.create(character=EveCharacter.objects.get(character_id=token.character_id), user=token.user,
+        return self.create(character=EveCharacter.objects.get(character_id=token.character_id), user=token.user, owner_hash=token.character_owner_hash)
-                           owner_hash=token.character_owner_hash)
 
 
 class StateQuerySet(QuerySet):
@@ -50,7 +51,7 @@ class StateQuerySet(QuerySet):
             for state in self:
                 for profile in state.userprofile_set.all():
                     profile.assign_state(state=self.model.objects.exclude(pk=state.pk).get_for_user(profile.user))
-        super(StateQuerySet, self).delete()
+        super().delete()
 
 
 class StateManager(Manager):

allianceauth/authentication/middleware.py

@@ -0,0 +1,45 @@
+from django.conf import settings
+from django.utils.deprecation import MiddlewareMixin
+
+import logging
+
+logger = logging.getLogger(__name__)
+
+
+class UserSettingsMiddleware(MiddlewareMixin):
+    def process_response(self, request, response):
+        """Django Middleware: User Settings."""
+
+        # Intercept the built in django /setlang/ view and also save it to Database.
+        # Note the annoymous user check, only logged in users will ever hit the DB here
+        if request.path == '/i18n/setlang/' and not request.user.is_anonymous:
+            try:
+                request.user.profile.language = request.POST['language']
+                request.user.profile.save()
+            except Exception as e:
+                logger.exception(e)
+
+        # Only act during the login flow, _after_ user is activated (step 2: post-sso)
+        elif request.path == '/sso/login' and not request.user.is_anonymous:
+            # Set the Language Cookie, if it doesnt match the DB
+            # Null = hasnt been set by the user ever, dont act.
+            try:
+                if request.user.profile.language != request.LANGUAGE_CODE and request.user.profile.language is not None:
+                    response.set_cookie(key=settings.LANGUAGE_COOKIE_NAME,
+                                        value=request.user.profile.language,
+                                        max_age=settings.LANGUAGE_COOKIE_AGE)
+            except Exception as e:
+                logger.exception(e)
+
+            # Set our Night mode flag from the DB
+            # Null = hasnt been set by the user ever, dont act.
+            #
+            # Night mode intercept is not needed in this middleware.
+            # is saved direct to DB in NightModeRedirectView
+            try:
+                if request.user.profile.night_mode is not None:
+                    request.session["NIGHT_MODE"] = request.user.profile.night_mode
+            except Exception as e:
+                logger.exception(e)
+
+        return response

allianceauth/authentication/migrations/0001_initial.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-09-05 21:38
-from __future__ import unicode_literals
 
 from django.conf import settings
 from django.db import migrations, models

allianceauth/authentication/migrations/0002_auto_20160907_1914.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-09-07 19:14
-from __future__ import unicode_literals
 
 from django.db import migrations
 

allianceauth/authentication/migrations/0003_authservicesinfo_state.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-09-09 20:29
-from __future__ import unicode_literals
 
 from django.db import migrations, models
 

allianceauth/authentication/migrations/0004_create_permissions.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-09-09 23:19
-from __future__ import unicode_literals
 
 from django.db import migrations
 

allianceauth/authentication/migrations/0005_delete_perms.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-09-09 23:11
-from __future__ import unicode_literals
 
 from django.db import migrations
 
@@ -17,7 +15,7 @@ def create_permissions(apps, schema_editor):
     Permission = apps.get_model('auth', 'Permission')
     ct = ContentType.objects.get_for_model(User)
     Permission.objects.get_or_create(codename="member", content_type=ct, name="member")
-    Permission.objects.get_or_create(codename="blue_member", content_type=ct, name="blue_member") 
+    Permission.objects.get_or_create(codename="blue_member", content_type=ct, name="blue_member")
 
 
 class Migration(migrations.Migration):

allianceauth/authentication/migrations/0006_auto_20160910_0542.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-09-10 05:42
-from __future__ import unicode_literals
 
 from django.db import migrations
 

allianceauth/authentication/migrations/0007_remove_authservicesinfo_is_blue.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-09-10 21:50
-from __future__ import unicode_literals
 
 from django.db import migrations
 

allianceauth/authentication/migrations/0008_set_state.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-09-12 13:04
-from __future__ import unicode_literals
 
 from django.db import migrations
 

allianceauth/authentication/migrations/0009_auto_20161021_0228.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.2 on 2016-10-21 02:28
-from __future__ import unicode_literals
 
 from django.db import migrations, models
 

allianceauth/authentication/migrations/0010_only_one_authservicesinfo.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2017-01-07 06:47
-from __future__ import unicode_literals
 
 from django.db import migrations
 
@@ -10,7 +8,7 @@ def count_completed_fields(model):
 def forward(apps, schema_editor):
     # this ensures only one model exists per user
     AuthServicesInfo = apps.get_model('authentication', 'AuthServicesInfo')
-    users = set([a.user for a in AuthServicesInfo.objects.all()])
+    users = {a.user for a in AuthServicesInfo.objects.all()}
     for u in users:
         auths = AuthServicesInfo.objects.filter(user=u)
         if auths.count() > 1:

allianceauth/authentication/migrations/0011_authservicesinfo_user_onetoonefield.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2017-01-07 07:11
-from __future__ import unicode_literals
 
 from django.conf import settings
 from django.db import migrations, models

allianceauth/authentication/migrations/0012_remove_add_delete_authservicesinfo_permissions.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.5 on 2017-01-12 00:59
-from __future__ import unicode_literals
 
 from django.db import migrations, models
 

allianceauth/authentication/migrations/0013_service_modules.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.2 on 2016-12-11 23:14
-from __future__ import unicode_literals
 
 from django.db import migrations
 

allianceauth/authentication/migrations/0014_fleetup_permission.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.1 on 2016-09-09 23:19
-from __future__ import unicode_literals
 
 from django.db import migrations
 

allianceauth/authentication/migrations/0015_user_profiles.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
 # Generated by Django 1.10.5 on 2017-03-22 23:09
-from __future__ import unicode_literals
 
 import allianceauth.authentication.models
 import django.db.models.deletion
@@ -107,8 +105,8 @@ def populate_ownerships(apps, schema_editor):
     EveCharacter = apps.get_model('eveonline', 'EveCharacter')
 
     unique_character_owners = [t['character_id'] for t in
-                               Token.objects.all().values('character_id').annotate(n=models.Count('user')) if
+                                Token.objects.all().values('character_id').annotate(n=models.Count('user')) if
-                               t['n'] == 1 and EveCharacter.objects.filter(character_id=t['character_id']).exists()]
+                                t['n'] == 1 and EveCharacter.objects.filter(character_id=t['character_id']).exists()]
 
     tokens = Token.objects.filter(character_id__in=unique_character_owners)
     for c_id in unique_character_owners:
@@ -171,8 +169,7 @@ def recreate_authservicesinfo(apps, schema_editor):
 
     # repopulate main characters
     for profile in UserProfile.objects.exclude(main_character__isnull=True).select_related('user', 'main_character'):
-        AuthServicesInfo.objects.update_or_create(user=profile.user,
+        AuthServicesInfo.objects.update_or_create(user=profile.user, defaults={'main_char_id': profile.main_character.character_id})
-                                                  defaults={'main_char_id': profile.main_character.character_id})
 
     # repopulate states we understand
     for profile in UserProfile.objects.exclude(state__name='Guest').filter(

allianceauth/authentication/migrations/0017_remove_fleetup_permission.py

@@ -1,6 +1,3 @@
-# -*- coding: utf-8 -*-
-from __future__ import unicode_literals
-
 from django.db import migrations
 
 

allianceauth/authentication/migrations/0018_alter_state_name_length.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2.8 on 2021-10-20 05:22
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('authentication', '0017_remove_fleetup_permission'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='state',
+            name='name',
+            field=models.CharField(max_length=32, unique=True),
+        ),
+    ]

allianceauth/authentication/migrations/0018_state_member_factions.py

@@ -0,0 +1,19 @@
+# Generated by Django 3.1.13 on 2021-10-12 20:21
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('eveonline', '0015_factions'),
+        ('authentication', '0017_remove_fleetup_permission'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='state',
+            name='member_factions',
+            field=models.ManyToManyField(blank=True, help_text='Factions to whose members this state is available.', to='eveonline.EveFactionInfo'),
+        ),
+    ]

allianceauth/authentication/migrations/0019_merge_20211026_0919.py

@@ -0,0 +1,14 @@
+# Generated by Django 3.2.8 on 2021-10-26 09:19
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('authentication', '0018_alter_state_name_length'),
+        ('authentication', '0018_state_member_factions'),
+    ]
+
+    operations = [
+    ]

allianceauth/authentication/migrations/0020_userprofile_language_userprofile_night_mode.py

@@ -0,0 +1,23 @@
+# Generated by Django 4.0.2 on 2022-02-26 03:45
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('authentication', '0019_merge_20211026_0919'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='userprofile',
+            name='language',
+            field=models.CharField(blank=True, choices=[('en', 'English'), ('de', 'German'), ('es', 'Spanish'), ('zh-hans', 'Chinese Simplified'), ('ru', 'Russian'), ('ko', 'Korean'), ('fr', 'French'), ('ja', 'Japanese'), ('it', 'Italian')], default='', max_length=10, verbose_name='Language'),
+        ),
+        migrations.AddField(
+            model_name='userprofile',
+            name='night_mode',
+            field=models.BooleanField(blank=True, null=True, verbose_name='Night Mode'),
+        ),
+    ]

allianceauth/authentication/models.py

@@ -2,9 +2,10 @@ import logging
 
 from django.contrib.auth.models import User, Permission
 from django.db import models, transaction
-from django.utils.translation import ugettext_lazy as _
+from django.utils.translation import gettext_lazy as _
-from allianceauth.eveonline.models import EveCharacter, EveCorporationInfo, EveAllianceInfo
+from allianceauth.eveonline.models import EveCharacter, EveCorporationInfo, EveAllianceInfo, EveFactionInfo
 from allianceauth.notifications import notify
+from django.conf import settings
 
 from .managers import CharacterOwnershipManager, StateManager
 
@@ -12,17 +13,18 @@ logger = logging.getLogger(__name__)
 
 
 class State(models.Model):
-    name = models.CharField(max_length=20, unique=True)
+    name = models.CharField(max_length=32, unique=True)
     permissions = models.ManyToManyField(Permission, blank=True)
-    priority = models.IntegerField(unique=True,
+    priority = models.IntegerField(unique=True, help_text="Users get assigned the state with the highest priority available to them.")
-                                   help_text="Users get assigned the state with the highest priority available to them.")
 
     member_characters = models.ManyToManyField(EveCharacter, blank=True,
-                                               help_text="Characters to which this state is available.")
+                                                help_text="Characters to which this state is available.")
     member_corporations = models.ManyToManyField(EveCorporationInfo, blank=True,
-                                                 help_text="Corporations to whose members this state is available.")
+                                                help_text="Corporations to whose members this state is available.")
     member_alliances = models.ManyToManyField(EveAllianceInfo, blank=True,
-                                              help_text="Alliances to whose members this state is available.")
+                                            help_text="Alliances to whose members this state is available.")
+    member_factions = models.ManyToManyField(EveFactionInfo, blank=True,
+                                            help_text="Factions to whose members this state is available.")
     public = models.BooleanField(default=False, help_text="Make this state available to any character.")
 
     objects = StateManager()
@@ -43,7 +45,7 @@ class State(models.Model):
         with transaction.atomic():
             for profile in self.userprofile_set.all():
                 profile.assign_state(state=State.objects.exclude(pk=self.pk).get_for_user(profile.user))
-        super(State, self).delete(**kwargs)
+        super().delete(**kwargs)
 
 
 def get_guest_state():
@@ -61,9 +63,39 @@ class UserProfile(models.Model):
     class Meta:
         default_permissions = ('change',)
 
-    user = models.OneToOneField(User, related_name='profile', on_delete=models.CASCADE)
+    user = models.OneToOneField(
-    main_character = models.OneToOneField(EveCharacter, blank=True, null=True, on_delete=models.SET_NULL)
+        User,
-    state = models.ForeignKey(State, on_delete=models.SET_DEFAULT, default=get_guest_state_pk)
+        related_name='profile',
+        on_delete=models.CASCADE)
+    main_character = models.OneToOneField(
+        EveCharacter,
+        blank=True,
+        null=True,
+        on_delete=models.SET_NULL)
+    state = models.ForeignKey(
+        State,
+        on_delete=models.SET_DEFAULT,
+        default=get_guest_state_pk)
+    LANGUAGE_CHOICES = [
+        ('en', _('English')),
+        ('de', _('German')),
+        ('es', _('Spanish')),
+        ('zh-hans', _('Chinese Simplified')),
+        ('ru', _('Russian')),
+        ('ko', _('Korean')),
+        ('fr', _('French')),
+        ('ja', _('Japanese')),
+        ('it', _('Italian')),
+    ]
+    language = models.CharField(
+        _("Language"), max_length=10,
+        choices=LANGUAGE_CHOICES,
+        blank=True,
+        default='')
+    night_mode = models.BooleanField(
+        _("Night Mode"),
+        blank=True,
+        null=True)
 
     def assign_state(self, state=None, commit=True):
         if not state:
@@ -71,24 +103,27 @@ class UserProfile(models.Model):
         if self.state != state:
             self.state = state
             if commit:
-                logger.info('Updating {} state to {}'.format(self.user, self.state))
+                logger.info(f'Updating {self.user} state to {self.state}')
                 self.save(update_fields=['state'])
                 notify(
-                    self.user, 
+                    self.user,
                     _('State changed to: %s' % state),
                     _('Your user\'s state is now: %(state)s')
                     % ({'state': state}),
                     'info'
                 )
                 from allianceauth.authentication.signals import state_changed
+
+                # We need to ensure we get up to date perms here as they will have just changed.
+                # Clear all attribute caches and reload the model that will get passed to the signals!
+                self.refresh_from_db()
+
                 state_changed.send(
                     sender=self.__class__, user=self.user, state=self.state
                 )
 
     def __str__(self):
         return str(self.user)
-
-
 class CharacterOwnership(models.Model):
     class Meta:
         default_permissions = ('change', 'delete')
@@ -101,7 +136,7 @@ class CharacterOwnership(models.Model):
     objects = CharacterOwnershipManager()
 
     def __str__(self):
-        return "%s: %s" % (self.user, self.character)
+        return f"{self.user}: {self.character}"
 
 
 class OwnershipRecord(models.Model):
@@ -114,4 +149,4 @@ class OwnershipRecord(models.Model):
         ordering = ['-created']
 
     def __str__(self):
-        return "%s: %s on %s" % (self.user, self.character, self.created)
+        return f"{self.user}: {self.character} on {self.created}"

allianceauth/authentication/signals.py

@@ -1,6 +1,11 @@
 import logging
 
-from .models import CharacterOwnership, UserProfile, get_guest_state, State, OwnershipRecord
+from .models import (
+    CharacterOwnership,
+    UserProfile,
+    get_guest_state,
+    State,
+    OwnershipRecord)
 from django.contrib.auth.models import User
 from django.db.models import Q
 from django.db.models.signals import pre_save, post_save, pre_delete, post_delete, m2m_changed
@@ -11,7 +16,7 @@ from allianceauth.eveonline.models import EveCharacter
 
 logger = logging.getLogger(__name__)
 
-state_changed = Signal(providing_args=['user', 'state'])
+state_changed = Signal()
 
 
 def trigger_state_check(state):
@@ -29,27 +34,32 @@ def trigger_state_check(state):
 @receiver(m2m_changed, sender=State.member_characters.through)
 def state_member_characters_changed(sender, instance, action, *args, **kwargs):
     if action.startswith('post_'):
-        logger.debug('State {} member characters changed. Re-evaluating membership.'.format(instance))
+        logger.debug(f'State {instance} member characters changed. Re-evaluating membership.')
         trigger_state_check(instance)
 
 
 @receiver(m2m_changed, sender=State.member_corporations.through)
 def state_member_corporations_changed(sender, instance, action, *args, **kwargs):
     if action.startswith('post_'):
-        logger.debug('State {} member corporations changed. Re-evaluating membership.'.format(instance))
+        logger.debug(f'State {instance} member corporations changed. Re-evaluating membership.')
         trigger_state_check(instance)
 
 
 @receiver(m2m_changed, sender=State.member_alliances.through)
 def state_member_alliances_changed(sender, instance, action, *args, **kwargs):
     if action.startswith('post_'):
-        logger.debug('State {} member alliances changed. Re-evaluating membership.'.format(instance))
+        logger.debug(f'State {instance} member alliances changed. Re-evaluating membership.')
         trigger_state_check(instance)
 
+@receiver(m2m_changed, sender=State.member_factions.through)
+def state_member_factions_changed(sender, instance, action, *args, **kwargs):
+    if action.startswith('post_'):
+        logger.debug(f'State {instance} member factions changed. Re-evaluating membership.')
+        trigger_state_check(instance)
 
 @receiver(post_save, sender=State)
 def state_saved(sender, instance, *args, **kwargs):
-    logger.debug('State {} saved. Re-evaluating membership.'.format(instance))
+    logger.debug(f'State {instance} saved. Re-evaluating membership.')
     trigger_state_check(instance)
 
 
@@ -60,23 +70,22 @@ def reassess_on_profile_save(sender, instance, created, *args, **kwargs):
     if not created:
         update_fields = kwargs.pop('update_fields', []) or []
         if 'state' not in update_fields:
-            logger.debug('Profile for {} saved without state change. Re-evaluating state.'.format(instance.user))
+            logger.debug(f'Profile for {instance.user} saved without state change. Re-evaluating state.')
             instance.assign_state()
 
 
 @receiver(post_save, sender=User)
 def create_required_models(sender, instance, created, *args, **kwargs):
-    # ensure all users have a model
+    # ensure all users have our Sub-Models
     if created:
-        logger.debug('User {} created. Creating default UserProfile.'.format(instance))
+        logger.debug(f'User {instance} created. Creating default UserProfile.')
         UserProfile.objects.get_or_create(user=instance)
 
 
 @receiver(post_save, sender=Token)
 def record_character_ownership(sender, instance, created, *args, **kwargs):
     if created:
-        logger.debug('New token for {0} character {1} saved. Evaluating ownership.'.format(instance.user,
+        logger.debug(f'New token for {instance.user} character {instance.character_name} saved. Evaluating ownership.')
-                                                                                           instance.character_name))
         if instance.user:
             query = Q(owner_hash=instance.character_owner_hash) & Q(user=instance.user)
         else:
@@ -85,25 +94,21 @@ def record_character_ownership(sender, instance, created, *args, **kwargs):
         CharacterOwnership.objects.filter(character__character_id=instance.character_id).exclude(query).delete()
         # create character if needed
         if EveCharacter.objects.filter(character_id=instance.character_id).exists() is False:
-            logger.debug('Token is for a new character. Creating model for {0} ({1})'.format(instance.character_name,
+            logger.debug(f'Token is for a new character. Creating model for {instance.character_name} ({instance.character_id})')
-                                                                                             instance.character_id))
             EveCharacter.objects.create_character(instance.character_id)
         char = EveCharacter.objects.get(character_id=instance.character_id)
         # check if we need to create ownership
         if instance.user and not CharacterOwnership.objects.filter(
                 character__character_id=instance.character_id).exists():
-            logger.debug("Character {0} is not yet owned. Assigning ownership to {1}".format(instance.character_name,
+            logger.debug(f"Character {instance.character_name} is not yet owned. Assigning ownership to {instance.user}")
-                                                                                             instance.user))
+            CharacterOwnership.objects.update_or_create(character=char, defaults={'owner_hash': instance.character_owner_hash, 'user': instance.user})
-            CharacterOwnership.objects.update_or_create(character=char,
-                                                        defaults={'owner_hash': instance.character_owner_hash,
-                                                                  'user': instance.user})
 
 
 @receiver(pre_delete, sender=CharacterOwnership)
 def validate_main_character(sender, instance, *args, **kwargs):
     try:
         if instance.user.profile.main_character == instance.character:
-            logger.info("Ownership of a main character {0} has been revoked. Resetting {1} main character.".format(
+            logger.info("Ownership of a main character {} has been revoked. Resetting {} main character.".format(
                 instance.character, instance.user))
             # clear main character as user no longer owns them
             instance.user.profile.main_character = None
@@ -116,7 +121,7 @@ def validate_main_character(sender, instance, *args, **kwargs):
 @receiver(post_delete, sender=Token)
 def validate_ownership(sender, instance, *args, **kwargs):
     if not Token.objects.filter(character_owner_hash=instance.character_owner_hash).filter(refresh_token__isnull=False).exists():
-        logger.info("No remaining tokens to validate ownership of character {0}. Revoking ownership.".format(instance.character_name))
+        logger.info(f"No remaining tokens to validate ownership of character {instance.character_name}. Revoking ownership.")
         CharacterOwnership.objects.filter(owner_hash=instance.character_owner_hash).delete()
 
 
@@ -127,11 +132,11 @@ def assign_state_on_active_change(sender, instance, *args, **kwargs):
         old_instance = User.objects.get(pk=instance.pk)
         if old_instance.is_active != instance.is_active:
             if instance.is_active:
-                logger.debug("User {0} has been activated. Assigning state.".format(instance))
+                logger.debug(f"User {instance} has been activated. Assigning state.")
                 instance.profile.assign_state()
             else:
                 logger.debug(
-                    "User {0} has been deactivated. Revoking state and assigning to guest state.".format(instance))
+                    f"User {instance} has been deactivated. Revoking state and assigning to guest state.")
                 instance.profile.state = get_guest_state()
                 instance.profile.save(update_fields=['state'])
 
@@ -140,10 +145,10 @@ def assign_state_on_active_change(sender, instance, *args, **kwargs):
 def check_state_on_character_update(sender, instance, *args, **kwargs):
     # if this is a main character updating, check that user's state
     try:
-        logger.debug("Character {0} has been saved. Assessing owner's state for changes.".format(instance))
+        logger.debug(f"Character {instance} has been saved. Assessing owner's state for changes.")
         instance.userprofile.assign_state()
     except UserProfile.DoesNotExist:
-        logger.debug("Character {0} is not a main character. No state assessment required.".format(instance))
+        logger.debug(f"Character {instance} is not a main character. No state assessment required.")
         pass
 
 
@@ -153,7 +158,7 @@ def ownership_record_creation(sender, instance, created, *args, **kwargs):
         records = OwnershipRecord.objects.filter(owner_hash=instance.owner_hash).filter(character=instance.character)
         if records.exists():
             if records[0].user == instance.user:  # most recent record is sorted first
-                logger.debug("Already have ownership record of {0} by user {1}".format(instance.character, instance.user))
+                logger.debug(f"Already have ownership record of {instance.character} by user {instance.user}")
                 return
-        logger.info("Character {0} has a new owner {1}. Creating ownership record.".format(instance.character, instance.user))
+        logger.info(f"Character {instance.character} has a new owner {instance.user}. Creating ownership record.")
-        OwnershipRecord.objects.create(user=instance.user, character=instance.character, owner_hash=instance.owner_hash)
+        OwnershipRecord.objects.create(user=instance.user, character=instance.character, owner_hash=instance.owner_hash)

allianceauth/authentication/static/allianceauth/authentication/css/admin.css

@@ -0,0 +1,31 @@
+/*
+CSS for allianceauth admin site
+*/
+
+/* styling for profile pic */
+.img-circle {
+    border-radius: 50%;
+}
+
+.column-user_profile_pic {
+    white-space: nowrap;
+    width: 1px;
+}
+
+/* tooltip */
+.tooltip {
+    position: relative;
+}
+
+.tooltip:hover::after {
+    background-color: rgb(255 255 204);
+    border: 1px rgb(128 128 128) solid;
+    color: rgb(0 0 0);
+    content: attr(data-tooltip);
+    left: 1em;
+    min-width: 200px;
+    padding: 8px;
+    position: absolute;
+    top: 1.1em;
+    z-index: 1;
+}

allianceauth/authentication/static/authentication/css/admin.css

@@ -1,29 +0,0 @@
-/* 
-CSS for allianceauth admin site 
-*/
-
-/* styling for profile pic */
-.img-circle { 
-    border-radius: 50%; 
-}
-.column-user_profile_pic {     
-    width: 1px;
-    white-space: nowrap;
-}
-
-/* tooltip */
-.tooltip {
-    position: relative ;
-}
-.tooltip:hover::after {
-    content: attr(data-tooltip) ;
-    position: absolute ;
-    top: 1.1em ;
-    left: 1em ;
-    min-width: 200px ;
-    border: 1px #808080 solid ;
-    padding: 8px ;
-    color: black ;
-    background-color: rgb(255, 255, 204) ;
-    z-index: 1 ;
-} 

allianceauth/authentication/task_statistics/counters.py

@@ -0,0 +1,40 @@
+from collections import namedtuple
+import datetime as dt
+
+from .event_series import EventSeries
+
+
+"""Global series for counting task events."""
+succeeded_tasks = EventSeries("SUCCEEDED_TASKS")
+retried_tasks = EventSeries("RETRIED_TASKS")
+failed_tasks = EventSeries("FAILED_TASKS")
+
+
+_TaskCounts = namedtuple(
+    "_TaskCounts", ["succeeded", "retried", "failed", "total", "earliest_task", "hours"]
+)
+
+
+def dashboard_results(hours: int) -> _TaskCounts:
+    """Counts of all task events within the given timeframe."""
+
+    def earliest_if_exists(events: EventSeries, earliest: dt.datetime) -> list:
+        my_earliest = events.first_event(earliest=earliest)
+        return [my_earliest] if my_earliest else []
+
+    earliest = dt.datetime.utcnow() - dt.timedelta(hours=hours)
+    earliest_events = list()
+    succeeded_count = succeeded_tasks.count(earliest=earliest)
+    earliest_events += earliest_if_exists(succeeded_tasks, earliest)
+    retried_count = retried_tasks.count(earliest=earliest)
+    earliest_events += earliest_if_exists(retried_tasks, earliest)
+    failed_count = failed_tasks.count(earliest=earliest)
+    earliest_events += earliest_if_exists(failed_tasks, earliest)
+    return _TaskCounts(
+        succeeded=succeeded_count,
+        retried=retried_count,
+        failed=failed_count,
+        total=succeeded_count + retried_count + failed_count,
+        earliest_task=min(earliest_events) if earliest_events else None,
+        hours=hours,
+    )

allianceauth/authentication/task_statistics/event_series.py

@@ -0,0 +1,130 @@
+import datetime as dt
+import logging
+from typing import List, Optional
+
+from pytz import utc
+from redis import Redis, RedisError
+
+from allianceauth.utils.cache import get_redis_client
+
+logger = logging.getLogger(__name__)
+
+
+class _RedisStub:
+    """Stub of a Redis client.
+
+    It's purpose is to prevent EventSeries objects from trying to access Redis
+    when it is not available. e.g. when the Sphinx docs are rendered by readthedocs.org.
+    """
+
+    def delete(self, *args, **kwargs):
+        pass
+
+    def incr(self, *args, **kwargs):
+        return 0
+
+    def zadd(self, *args, **kwargs):
+        pass
+
+    def zcount(self, *args, **kwargs):
+        pass
+
+    def zrangebyscore(self, *args, **kwargs):
+        pass
+
+
+class EventSeries:
+    """API for recording and analyzing a series of events."""
+
+    _ROOT_KEY = "ALLIANCEAUTH_EVENT_SERIES"
+
+    def __init__(self, key_id: str, redis: Redis = None) -> None:
+        self._redis = get_redis_client() if not redis else redis
+        try:
+            if not self._redis.ping():
+                raise RuntimeError()
+        except (AttributeError, RedisError, RuntimeError):
+            logger.exception(
+                "Failed to establish a connection with Redis. "
+                "This EventSeries object is disabled.",
+            )
+            self._redis = _RedisStub()
+        self._key_id = str(key_id)
+        self.clear()
+
+    @property
+    def is_disabled(self):
+        """True when this object is disabled, e.g. Redis was not available at startup."""
+        return isinstance(self._redis, _RedisStub)
+
+    @property
+    def _key_counter(self):
+        return f"{self._ROOT_KEY}_{self._key_id}_COUNTER"
+
+    @property
+    def _key_sorted_set(self):
+        return f"{self._ROOT_KEY}_{self._key_id}_SORTED_SET"
+
+    def add(self, event_time: dt.datetime = None) -> None:
+        """Add event.
+
+        Args:
+        - event_time: timestamp of event. Will use current time if not specified.
+        """
+        if not event_time:
+            event_time = dt.datetime.utcnow()
+        id = self._redis.incr(self._key_counter)
+        self._redis.zadd(self._key_sorted_set, {id: event_time.timestamp()})
+
+    def all(self) -> List[dt.datetime]:
+        """List of all known events."""
+        return [
+            event[1]
+            for event in self._redis.zrangebyscore(
+                self._key_sorted_set,
+                "-inf",
+                "+inf",
+                withscores=True,
+                score_cast_func=self._cast_scores_to_dt,
+            )
+        ]
+
+    def clear(self) -> None:
+        """Clear all events."""
+        self._redis.delete(self._key_sorted_set)
+        self._redis.delete(self._key_counter)
+
+    def count(self, earliest: dt.datetime = None, latest: dt.datetime = None) -> int:
+        """Count of events, can be restricted to given timeframe.
+
+        Args:
+        - earliest: Date of first events to count(inclusive), or -infinite if not specified
+        - latest: Date of last events to count(inclusive), or +infinite if not specified
+        """
+        min = "-inf" if not earliest else earliest.timestamp()
+        max = "+inf" if not latest else latest.timestamp()
+        return self._redis.zcount(self._key_sorted_set, min=min, max=max)
+
+    def first_event(self, earliest: dt.datetime = None) -> Optional[dt.datetime]:
+        """Date/Time of first event. Returns `None` if series has no events.
+
+        Args:
+        - earliest: Date of first events to count(inclusive), or any if not specified
+        """
+        min = "-inf" if not earliest else earliest.timestamp()
+        event = self._redis.zrangebyscore(
+            self._key_sorted_set,
+            min,
+            "+inf",
+            withscores=True,
+            start=0,
+            num=1,
+            score_cast_func=self._cast_scores_to_dt,
+        )
+        if not event:
+            return None
+        return event[0][1]
+
+    @staticmethod
+    def _cast_scores_to_dt(score) -> dt.datetime:
+        return dt.datetime.fromtimestamp(float(score), tz=utc)

allianceauth/authentication/task_statistics/signals.py

@@ -0,0 +1,54 @@
+from celery.signals import (
+    task_failure,
+    task_internal_error,
+    task_retry,
+    task_success,
+    worker_ready
+)
+
+from django.conf import settings
+
+from .counters import failed_tasks, retried_tasks, succeeded_tasks
+
+
+def reset_counters():
+    """Reset all counters for the celery status."""
+    succeeded_tasks.clear()
+    failed_tasks.clear()
+    retried_tasks.clear()
+
+
+def is_enabled() -> bool:
+    return not bool(
+        getattr(settings, "ALLIANCEAUTH_DASHBOARD_TASK_STATISTICS_DISABLED", False)
+    )
+
+
+@worker_ready.connect
+def reset_counters_when_celery_restarted(*args, **kwargs):
+    if is_enabled():
+        reset_counters()
+
+
+@task_success.connect
+def record_task_succeeded(*args, **kwargs):
+    if is_enabled():
+        succeeded_tasks.add()
+
+
+@task_retry.connect
+def record_task_retried(*args, **kwargs):
+    if is_enabled():
+        retried_tasks.add()
+
+
+@task_failure.connect
+def record_task_failed(*args, **kwargs):
+    if is_enabled():
+        failed_tasks.add()
+
+
+@task_internal_error.connect
+def record_task_internal_error(*args, **kwargs):
+    if is_enabled():
+        failed_tasks.add()

allianceauth/authentication/task_statistics/tests/test_counters.py

@@ -0,0 +1,51 @@
+import datetime as dt
+
+from django.test import TestCase
+from django.utils.timezone import now
+
+from allianceauth.authentication.task_statistics.counters import (
+    dashboard_results,
+    succeeded_tasks,
+    retried_tasks,
+    failed_tasks,
+)
+
+
+class TestDashboardResults(TestCase):
+    def test_should_return_counts_for_given_timeframe_only(self):
+        # given
+        earliest_task = now() - dt.timedelta(minutes=15)
+        succeeded_tasks.clear()
+        succeeded_tasks.add(now() - dt.timedelta(hours=1, seconds=1))
+        succeeded_tasks.add(earliest_task)
+        succeeded_tasks.add()
+        succeeded_tasks.add()
+        retried_tasks.clear()
+        retried_tasks.add(now() - dt.timedelta(hours=1, seconds=1))
+        retried_tasks.add(now() - dt.timedelta(seconds=30))
+        retried_tasks.add()
+        failed_tasks.clear()
+        failed_tasks.add(now() - dt.timedelta(hours=1, seconds=1))
+        failed_tasks.add()
+        # when
+        results = dashboard_results(hours=1)
+        # then
+        self.assertEqual(results.succeeded, 3)
+        self.assertEqual(results.retried, 2)
+        self.assertEqual(results.failed, 1)
+        self.assertEqual(results.total, 6)
+        self.assertEqual(results.earliest_task, earliest_task)
+
+    def test_should_work_with_no_data(self):
+        # given
+        succeeded_tasks.clear()
+        retried_tasks.clear()
+        failed_tasks.clear()
+        # when
+        results = dashboard_results(hours=1)
+        # then
+        self.assertEqual(results.succeeded, 0)
+        self.assertEqual(results.retried, 0)
+        self.assertEqual(results.failed, 0)
+        self.assertEqual(results.total, 0)
+        self.assertIsNone(results.earliest_task)

allianceauth/authentication/task_statistics/tests/test_event_series.py

@@ -0,0 +1,168 @@
+import datetime as dt
+from unittest.mock import patch
+
+from pytz import utc
+from redis import RedisError
+
+from django.test import TestCase
+from django.utils.timezone import now
+
+from allianceauth.authentication.task_statistics.event_series import (
+    EventSeries,
+    _RedisStub,
+)
+
+MODULE_PATH = "allianceauth.authentication.task_statistics.event_series"
+
+
+class TestEventSeries(TestCase):
+    def test_should_abort_without_redis_client(self):
+        # when
+        with patch(MODULE_PATH + ".get_redis_client") as mock:
+            mock.return_value = None
+            events = EventSeries("dummy")
+        # then
+        self.assertTrue(events._redis, _RedisStub)
+        self.assertTrue(events.is_disabled)
+
+    def test_should_disable_itself_if_redis_not_available_1(self):
+        # when
+        with patch(MODULE_PATH + ".get_redis_client") as mock_get_master_client:
+            mock_get_master_client.return_value.ping.side_effect = RedisError
+            events = EventSeries("dummy")
+        # then
+        self.assertIsInstance(events._redis, _RedisStub)
+        self.assertTrue(events.is_disabled)
+
+    def test_should_disable_itself_if_redis_not_available_2(self):
+        # when
+        with patch(MODULE_PATH + ".get_redis_client") as mock_get_master_client:
+            mock_get_master_client.return_value.ping.return_value = False
+            events = EventSeries("dummy")
+        # then
+        self.assertIsInstance(events._redis, _RedisStub)
+        self.assertTrue(events.is_disabled)
+
+    def test_should_add_event(self):
+        # given
+        events = EventSeries("dummy")
+        # when
+        events.add()
+        # then
+        result = events.all()
+        self.assertEqual(len(result), 1)
+        self.assertAlmostEqual(result[0], now(), delta=dt.timedelta(seconds=30))
+
+    def test_should_add_event_with_specified_time(self):
+        # given
+        events = EventSeries("dummy")
+        my_time = dt.datetime(2021, 11, 1, 12, 15, tzinfo=utc)
+        # when
+        events.add(my_time)
+        # then
+        result = events.all()
+        self.assertEqual(len(result), 1)
+        self.assertAlmostEqual(result[0], my_time, delta=dt.timedelta(seconds=30))
+
+    def test_should_count_events(self):
+        # given
+        events = EventSeries("dummy")
+        events.add()
+        events.add()
+        # when
+        result = events.count()
+        # then
+        self.assertEqual(result, 2)
+
+    def test_should_count_zero(self):
+        # given
+        events = EventSeries("dummy")
+        # when
+        result = events.count()
+        # then
+        self.assertEqual(result, 0)
+
+    def test_should_count_events_within_timeframe_1(self):
+        # given
+        events = EventSeries("dummy")
+        events.add(dt.datetime(2021, 12, 1, 12, 0, tzinfo=utc))
+        events.add(dt.datetime(2021, 12, 1, 12, 10, tzinfo=utc))
+        events.add(dt.datetime(2021, 12, 1, 12, 15, tzinfo=utc))
+        events.add(dt.datetime(2021, 12, 1, 12, 30, tzinfo=utc))
+        # when
+        result = events.count(
+            earliest=dt.datetime(2021, 12, 1, 12, 8, tzinfo=utc),
+            latest=dt.datetime(2021, 12, 1, 12, 17, tzinfo=utc),
+        )
+        # then
+        self.assertEqual(result, 2)
+
+    def test_should_count_events_within_timeframe_2(self):
+        # given
+        events = EventSeries("dummy")
+        events.add(dt.datetime(2021, 12, 1, 12, 0, tzinfo=utc))
+        events.add(dt.datetime(2021, 12, 1, 12, 10, tzinfo=utc))
+        events.add(dt.datetime(2021, 12, 1, 12, 15, tzinfo=utc))
+        events.add(dt.datetime(2021, 12, 1, 12, 30, tzinfo=utc))
+        # when
+        result = events.count(earliest=dt.datetime(2021, 12, 1, 12, 8))
+        # then
+        self.assertEqual(result, 3)
+
+    def test_should_count_events_within_timeframe_3(self):
+        # given
+        events = EventSeries("dummy")
+        events.add(dt.datetime(2021, 12, 1, 12, 0, tzinfo=utc))
+        events.add(dt.datetime(2021, 12, 1, 12, 10, tzinfo=utc))
+        events.add(dt.datetime(2021, 12, 1, 12, 15, tzinfo=utc))
+        events.add(dt.datetime(2021, 12, 1, 12, 30, tzinfo=utc))
+        # when
+        result = events.count(latest=dt.datetime(2021, 12, 1, 12, 12))
+        # then
+        self.assertEqual(result, 2)
+
+    def test_should_clear_events(self):
+        # given
+        events = EventSeries("dummy")
+        events.add()
+        events.add()
+        # when
+        events.clear()
+        # then
+        self.assertEqual(events.count(), 0)
+
+    def test_should_return_date_of_first_event(self):
+        # given
+        events = EventSeries("dummy")
+        events.add(dt.datetime(2021, 12, 1, 12, 0, tzinfo=utc))
+        events.add(dt.datetime(2021, 12, 1, 12, 10, tzinfo=utc))
+        events.add(dt.datetime(2021, 12, 1, 12, 15, tzinfo=utc))
+        events.add(dt.datetime(2021, 12, 1, 12, 30, tzinfo=utc))
+        # when
+        result = events.first_event()
+        # then
+        self.assertEqual(result, dt.datetime(2021, 12, 1, 12, 0, tzinfo=utc))
+
+    def test_should_return_date_of_first_event_with_range(self):
+        # given
+        events = EventSeries("dummy")
+        events.add(dt.datetime(2021, 12, 1, 12, 0, tzinfo=utc))
+        events.add(dt.datetime(2021, 12, 1, 12, 10, tzinfo=utc))
+        events.add(dt.datetime(2021, 12, 1, 12, 15, tzinfo=utc))
+        events.add(dt.datetime(2021, 12, 1, 12, 30, tzinfo=utc))
+        # when
+        result = events.first_event(
+            earliest=dt.datetime(2021, 12, 1, 12, 8, tzinfo=utc)
+        )
+        # then
+        self.assertEqual(result, dt.datetime(2021, 12, 1, 12, 10, tzinfo=utc))
+
+    def test_should_return_all_events(self):
+        # given
+        events = EventSeries("dummy")
+        events.add()
+        events.add()
+        # when
+        results = events.all()
+        # then
+        self.assertEqual(len(results), 2)

allianceauth/authentication/task_statistics/tests/test_signals.py

@@ -0,0 +1,93 @@
+from unittest.mock import patch
+
+from celery.exceptions import Retry
+
+from django.test import TestCase, override_settings
+
+from allianceauth.authentication.task_statistics.counters import (
+    failed_tasks,
+    retried_tasks,
+    succeeded_tasks,
+)
+from allianceauth.authentication.task_statistics.signals import (
+    reset_counters,
+    is_enabled,
+)
+from allianceauth.eveonline.tasks import update_character
+
+
+@override_settings(
+    CELERY_ALWAYS_EAGER=True,ALLIANCEAUTH_DASHBOARD_TASK_STATISTICS_DISABLED=False
+)
+class TestTaskSignals(TestCase):
+    fixtures = ["disable_analytics"]
+
+    def test_should_record_successful_task(self):
+        # given
+        succeeded_tasks.clear()
+        retried_tasks.clear()
+        failed_tasks.clear()
+        # when
+        with patch(
+            "allianceauth.eveonline.tasks.EveCharacter.objects.update_character"
+        ) as mock_update:
+            mock_update.return_value = None
+            update_character.delay(1)
+        # then
+        self.assertEqual(succeeded_tasks.count(), 1)
+        self.assertEqual(retried_tasks.count(), 0)
+        self.assertEqual(failed_tasks.count(), 0)
+
+    def test_should_record_retried_task(self):
+        # given
+        succeeded_tasks.clear()
+        retried_tasks.clear()
+        failed_tasks.clear()
+        # when
+        with patch(
+            "allianceauth.eveonline.tasks.EveCharacter.objects.update_character"
+        ) as mock_update:
+            mock_update.side_effect = Retry
+            update_character.delay(1)
+        # then
+        self.assertEqual(succeeded_tasks.count(), 0)
+        self.assertEqual(failed_tasks.count(), 0)
+        self.assertEqual(retried_tasks.count(), 1)
+
+    def test_should_record_failed_task(self):
+        # given
+        succeeded_tasks.clear()
+        retried_tasks.clear()
+        failed_tasks.clear()
+        # when
+        with patch(
+            "allianceauth.eveonline.tasks.EveCharacter.objects.update_character"
+        ) as mock_update:
+            mock_update.side_effect = RuntimeError
+            update_character.delay(1)
+        # then
+        self.assertEqual(succeeded_tasks.count(), 0)
+        self.assertEqual(retried_tasks.count(), 0)
+        self.assertEqual(failed_tasks.count(), 1)
+
+    def test_should_reset_counters(self):
+        # given
+        succeeded_tasks.add()
+        retried_tasks.add()
+        failed_tasks.add()
+        # when
+        reset_counters()
+        # then
+        self.assertEqual(succeeded_tasks.count(), 0)
+        self.assertEqual(retried_tasks.count(), 0)
+        self.assertEqual(failed_tasks.count(), 0)
+
+
+class TestIsEnabled(TestCase):
+    @override_settings(ALLIANCEAUTH_DASHBOARD_TASK_STATISTICS_DISABLED=False)
+    def test_enabled(self):
+        self.assertTrue(is_enabled())
+
+    @override_settings(ALLIANCEAUTH_DASHBOARD_TASK_STATISTICS_DISABLED=True)
+    def test_disabled(self):
+        self.assertFalse(is_enabled())

allianceauth/authentication/tasks.py

@@ -22,13 +22,13 @@ def check_character_ownership(owner_hash):
                 continue
             except (KeyError, IncompleteResponseError):
                 # We can't validate the hash hasn't changed but also can't assume it has. Abort for now.
-                logger.warning("Failed to validate owner hash of {0} due to problems contacting SSO servers.".format(
+                logger.warning("Failed to validate owner hash of {} due to problems contacting SSO servers.".format(
                     tokens[0].character_name))
                 break
 
             if not t.character_owner_hash == old_hash:
                 logger.info(
-                    'Character %s has changed ownership. Revoking %s tokens.' % (t.character_name, tokens.count()))
+                    f'Character {t.character_name} has changed ownership. Revoking {tokens.count()} tokens.')
                 tokens.delete()
             break
 

allianceauth/authentication/templates/authentication/dashboard.html

@@ -1,11 +1,10 @@
 {% extends "allianceauth/base.html" %}
-{% load static %}
 {% load i18n %}
 
-{% block page_title %}{% trans "Dashboard" %}{% endblock %}
+{% block page_title %}{% translate "Dashboard" %}{% endblock %}
 
 {% block content %}
-    <h1 class="page-header text-center">{% trans "Dashboard" %}</h1>
+    <h1 class="page-header text-center">{% translate "Dashboard" %}</h1>
     {% if user.is_staff %}
         {% include 'allianceauth/admin-status/include.html' %}
     {% endif %}
@@ -15,9 +14,9 @@
                 <div class="panel panel-primary" style="height:100%">
                     <div class="panel-heading">
                         <h3 class="panel-title">
-                            {% blocktrans with state=request.user.profile.state %}
+                            {% blocktranslate with state=request.user.profile.state %}
                                 Main Character (State: {{ state }})
-                            {% endblocktrans %}
+                            {% endblocktranslate %}
                         </h3>
                     </div>
                     <div class="panel-body">
@@ -28,7 +27,7 @@
                                         <table class="table">
                                             <tr>
                                                 <td class="text-center">
-                                                    <img class="ra-avatar"src="{{ main.portrait_url_128 }}">
+                                                    <img class="ra-avatar" src="{{ main.portrait_url_128 }}" alt="{{ main.character_name }}">
                                                 </td>
                                             </tr>
                                             <tr>
@@ -40,7 +39,7 @@
                                         <table class="table">
                                             <tr>
                                                 <td class="text-center">
-                                                    <img class="ra-avatar"src="{{ main.corporation_logo_url_128 }}">
+                                                    <img class="ra-avatar" src="{{ main.corporation_logo_url_128 }}" alt="{{ main.corporation_name }}">
                                                 </td>
                                             </tr>
                                             <tr>
@@ -53,43 +52,68 @@
                                             <table class="table">
                                                 <tr>
                                                     <td class="text-center">
-                                                        <img class="ra-avatar"src="{{ main.alliance_logo_url_128 }}">
+                                                        <img class="ra-avatar" src="{{ main.alliance_logo_url_128 }}" alt="{{ main.alliance_name }}">
                                                     </td>
                                                 </tr>
                                                 <tr>
                                                     <td class="text-center">{{ main.alliance_name }}</td>
                                                 <tr>
                                             </table>
+                                        {% elif main.faction_id %}
+                                            <table class="table">
+                                                <tr>
+                                                    <td class="text-center">
+                                                        <img class="ra-avatar" src="{{ main.faction_logo_url_128 }}" alt="{{ main.faction_name }}">
+                                                    </td>
+                                                </tr>
+                                                <tr>
+                                                    <td class="text-center">{{ main.faction_name }}</td>
+                                                <tr>
+                                            </table>
                                         {% endif %}
                                     </div>
                                 </div>
-                                <div class="table visible-xs-block">                        
+                                <div class="table visible-xs-block">
                                     <p>
-                                        <img class="ra-avatar" src="{{ main.portrait_url_64 }}">
+                                        <img class="ra-avatar" src="{{ main.portrait_url_64 }}" alt="{{ main.corporation_name }}">
-                                        <img class="ra-avatar" src="{{ main.corporation_logo_url_64 }}">
+                                        <img class="ra-avatar" src="{{ main.corporation_logo_url_64 }}" alt="{{ main.corporation_name }}">
-                                        <img class="ra-avatar" src="{{ main.alliance_logo_url_64 }}">
+                                        {% if main.alliance_id %}
+                                            <img class="ra-avatar" src="{{ main.alliance_logo_url_64 }}" alt="{{ main.alliance_name }}">
+                                        {% endif %}
+                                        {% if main.faction_id %}
+                                            <img class="ra-avatar" src="{{ main.faction_logo_url_64 }}" alt="{{ main.faction_name }}">
+                                        {% endif %}
                                     </p>
                                     <p>
                                         <strong>{{ main.character_name }}</strong><br>
                                         {{ main.corporation_name }}<br>
-                                        {{ main.alliance_name }}
+                                        {% if main.alliance_id %}
+                                            {{ main.alliance_name }}<br>
+                                        {% endif %}
+                                        {% if main.faction_id %}
+                                            {{ main.faction_name }}
+                                        {% endif %}
                                     </p>
-                                </div>                                
+                                </div>
                             {% endwith %}
                         {% else %}
                             <div class="alert alert-danger" role="alert">
-                                {% trans "No main character set." %}
+                                {% translate "No main character set." %}
                             </div>
                         {% endif %}
                         <div class="clearfix"></div>
                         <div class="row">
-                            <div class="col-sm-6 button-wrapper">
+                            <div class="col-sm-6">
-                                <a href="{% url 'authentication:add_character' %}" class="btn btn-block btn-info"
+                                <p>
-                                title="Add Character">{% trans 'Add Character' %}</a>
+                                    <a href="{% url 'authentication:add_character' %}" class="btn btn-block btn-info"
+                                    title="Add Character">{% translate 'Add Character' %}</a>
+                                </p>
                             </div>
-                            <div class="col-sm-6 button-wrapper">
+                            <div class="col-sm-6">
-                                <a href="{% url 'authentication:change_main_character' %}" class="btn btn-block btn-info"
+                                <p>
-                                title="Change Main Character">{% trans "Change Main" %}</a>
+                                    <a href="{% url 'authentication:change_main_character' %}" class="btn btn-block btn-info"
+                                    title="Change Main Character">{% translate "Change Main" %}</a>
+                                </p>
                             </div>
                         </div>
                     </div>
@@ -98,10 +122,10 @@
             <div class="col-sm-6 text-center">
                 <div class="panel panel-success" style="height:100%">
                     <div class="panel-heading">
-                        <h3 class="panel-title">{% trans "Group Memberships" %}</h3>
+                        <h3 class="panel-title">{% translate "Group Memberships" %}</h3>
                     </div>
                     <div class="panel-body">
-                        <div style="height: 240px;overflow:-moz-scrollbars-vertical;overflow-y:auto;">
+                        <div style="height: 240px;overflow-y:auto;">
                             <table class="table table-aa">
                                 {% for group in groups %}
                                     <tr>
@@ -118,43 +142,44 @@
         <div class="panel panel-default">
             <div class="panel-heading">
                 <h3 class="panel-title text-center" style="text-align: center">
-                    {% trans 'Characters' %}
+                    {% translate 'Characters' %}
                 </h3>
             </div>
-            <div class="panel-body">                
+            <div class="panel-body">
                 <table class="table table-aa hidden-xs">
                     <thead>
                         <tr>
                             <th class="text-center"></th>
-                            <th class="text-center">{% trans 'Name' %}</th>
+                            <th class="text-center">{% translate 'Name' %}</th>
-                            <th class="text-center">{% trans 'Corp' %}</th>
+                            <th class="text-center">{% translate 'Corp' %}</th>
-                            <th class="text-center">{% trans 'Alliance' %}</th>
+                            <th class="text-center">{% translate 'Alliance' %}</th>
                         </tr>
                     </thead>
                     <tbody>
-                        {% for char in characters %}                            
+                        {% for char in characters %}
                             <tr>
-                                <td class="text-center"><img class="ra-avatar img-circle" src="{{ char.portrait_url_32 }}">
+                                <td class="text-center">
+                                    <img class="ra-avatar img-circle" src="{{ char.portrait_url_32 }}" alt="{{ char.character_name }}">
                                 </td>
                                 <td class="text-center">{{ char.character_name }}</td>
                                 <td class="text-center">{{ char.corporation_name }}</td>
-                                <td class="text-center">{{ char.alliance_name }}</td>
+                                <td class="text-center">{{ char.alliance_name|default:"" }}</td>
-                            </tr>                        
+                            </tr>
                         {% endfor %}
                     </tbody>
                 </table>
                 <table class="table table-aa visible-xs-block" style="width: 100%">
                     <tbody>
-                        {% for char in characters %}                            
+                        {% for char in characters %}
                             <tr>
                                 <td class="text-center" style="vertical-align: middle">
-                                    <img class="ra-avatar img-circle" src="{{ char.portrait_url_32 }}">
+                                    <img class="ra-avatar img-circle" src="{{ char.portrait_url_32 }}" alt="{{ char.character_name }}">
                                 </td>
                                 <td class="text-center" style="vertical-align: middle; width: 100%">
                                     <strong>{{ char.character_name }}</strong><br>
                                     {{ char.corporation_name }}<br>
                                     {{ char.alliance_name|default:"" }}
-                                </td> 
+                                </td>
                             </tr>
                         {% endfor %}
                     </tbody>

allianceauth/authentication/templates/authentication/tokens.html

@@ -0,0 +1,62 @@
+{% extends "allianceauth/base.html" %}
+{% load i18n %}
+
+{% block page_title %}{% translate "Dashboard" %}{% endblock %}
+
+{% block content %}
+    <h1 class="page-header text-center">{% translate "Token Management" %}</h1>
+    <div class="col-sm-12">
+        <table class="table table-aa" id="table_tokens" style="width:100%">
+            <thead>
+                <tr>
+                    <th>{% translate "Scopes" %}</th>
+                    <th class="text-right">{% translate "Actions" %}</th>
+                    <th>{% translate "Character" %}</th>
+
+                </tr>
+            </thead>
+            <tbody>
+                {% for t in tokens %}
+                    <tr>
+                        <td styl="white-space:initial;">{% for s in t.scopes.all %}<span class="label label-default">{{s.name}}</span> {% endfor %}</td>
+                        <td nowrap class="text-right"><a href="{% url 'authentication:token_delete' t.id %}" class="btn btn-danger"><i class="fas fa-trash"></i></a> <a href="{% url 'authentication:token_refresh' t.id %}" class="btn btn-success"><i class="fas fa-sync-alt"></i></a></td>
+                        <td>{{t.character_name}}</td>
+                    </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+        {% translate "This page is a best attempt, but backups or database logs can still contain your tokens. Always revoke tokens on https://community.eveonline.com/support/third-party-applications/ where possible."|urlize %}
+    </div>
+{% endblock %}
+
+{% block extra_javascript %}
+    {% include 'bundles/datatables-js.html' %}
+{% endblock %}
+
+{% block extra_css %}
+    {% include 'bundles/datatables-css.html' %}
+{% endblock %}
+
+{% block extra_script %}
+    $(document).ready(function(){
+        let grp = 2;
+        var table = $('#table_tokens').DataTable({
+            "columnDefs": [{ orderable: false, targets: [0,1] },{ "visible": false, "targets": grp }],
+            "order": [[grp, 'asc']],
+            "drawCallback": function (settings) {
+                var api = this.api();
+                var rows = api.rows({ page: 'current' }).nodes();
+                var last = null;
+                api.column(grp, { page: 'current' })
+                    .data()
+                    .each(function (group, i) {
+                        if (last !== group) {
+                            $(rows).eq(i).before('<tr class="info"><td colspan="3">' + group + '</td></tr>');
+                            last = group;
+                        }
+                    });
+            },
+            "stateSave": true,
+        });
+    });
+{% endblock %}

allianceauth/authentication/templates/public/base.html

@@ -1,4 +1,5 @@
 {% load static %}
+<!DOCTYPE html>
 <html lang="en">
     <head>
         <meta charset="utf-8">
@@ -7,12 +8,12 @@
         <meta name="description" content="">
         <meta name="author" content="">
         <meta property="og:title" content="{{ SITE_NAME }}">
-        <meta property="og:image" content="{{ request.scheme }}://{{ request.get_host }}{% static 'icons/apple-touch-icon.png' %}">
+        <meta property="og:image" content="{{ SITE_URL }}{% static 'allianceauth/icons/apple-touch-icon.png' %}">
         <meta property="og:description" content="Alliance Auth - An auth system for EVE Online to help in-game organizations manage online service access.">
 
         {% include 'allianceauth/icons.html' %}
 
-        <title>{% block title %}{{ SITE_NAME }}{% endblock %}</title>
+        <title>{% block title %}{% block page_title %}{% endblock page_title %} - {{ SITE_NAME }}{% endblock title %}</title>
 
         {% include 'bundles/bootstrap-css.html' %}
         {% include 'bundles/fontawesome.html' %}
@@ -21,7 +22,7 @@
 
         <style>
             body {
-                background: url('{% static 'authentication/img/background.jpg' %}') no-repeat center center fixed;
+                background: url('{% static 'allianceauth/authentication/img/background.jpg' %}') no-repeat center center fixed;
                 -webkit-background-size: cover;
                 -moz-background-size: cover;
                 -o-background-size: cover;
@@ -31,6 +32,7 @@
             .panel-transparent {
                 background: rgba(48, 48, 48, 0.7);
                 color: #ffffff;
+                padding-bottom: 21px;
             }
 
             .panel-body {
@@ -47,7 +49,7 @@
         </style>
     </head>
     <body>
-        <div class="container" style="margin-top:150px">
+        <div class="container" style="margin-top:150px;">
             {% block content %}
             {% endblock %}
         </div>

allianceauth/authentication/templates/public/lang_select.html

@@ -6,7 +6,7 @@
             {% get_language_info_list for LANGUAGES as languages %}
             {% for language in languages %}
                 <option value="{{ language.code }}"{% if language.code == LANGUAGE_CODE %} selected="selected"{% endif %}>
-                    {{ language.name_local }} ({{ language.code }})
+                    {{ language.name_local|capfirst }} ({{ language.code }})
                 </option>
             {% endfor %}
         </select>

allianceauth/authentication/templates/public/login.html

@@ -1,8 +1,12 @@
 {% extends 'public/middle_box.html' %}
+
+{% load i18n %}
 {% load static %}
-{% block page_title %}Login{% endblock %}
+
-{% block middle_box_content %}    
+{% block page_title %}{% translate "Login" %}{% endblock %}
+
+{% block middle_box_content %}
     <a href="{% url 'auth_sso_login' %}{% if request.GET.next %}?next={{request.GET.next}}{%endif%}">
-        <img class="img-responsive center-block" src="{% static 'img/sso/EVE_SSO_Login_Buttons_Large_Black.png' %}" border=0>
+        <img class="img-responsive center-block" src="{% static 'allianceauth/authentication/img/sso/EVE_SSO_Login_Buttons_Large_Black.png' %}" alt="{% translate 'Login with Eve SSO' %}">
     </a>
-{% endblock %}
+{% endblock %}

allianceauth/authentication/templates/public/middle_box.html

@@ -1,6 +1,7 @@
 {% extends 'public/base.html' %}
-{% load static %}
+
-{% block title %}Login{% endblock %}
+{% load i18n %}
+
 {% block content %}
     <div class="col-md-4 col-md-offset-4">
         {% if messages %}
@@ -8,6 +9,7 @@
                 <div class="alert alert-{{ message.level_tag}}">{{ message }}</div>
             {% endfor %}
         {% endif %}
+
         <div class="panel panel-default panel-transparent">
             <div class="panel-body">
                 <div class="col-md-12">
@@ -15,10 +17,25 @@
                     {% endblock %}
                 </div>
             </div>
+
             {% include 'public/lang_select.html' %}
+
+            <p class="text-center" style="margin-top: 2rem;">
+                {% translate "For information on SSO, ESI and security read the CCP Dev Blog" %}<br>
+                <a href="https://www.eveonline.com/article/introducing-esi" target="_blank" rel="noopener noreferrer">
+                    {% translate "Introducing ESI - A New API For Eve Online" %}
+                </a>
+            </p>
+
+            <p class="text-center">
+                <a href="https://community.eveonline.com/support/third-party-applications/" target="_blank" rel="noopener noreferrer">
+                    {% translate "Manage ESI Applications" %}
+                </a>
+            </p>
         </div>
     </div>
 {% endblock %}
+
 {% block extra_include %}
     {% include 'bundles/bootstrap-js.html' %}
-{% endblock %}
+{% endblock %}

allianceauth/authentication/templates/public/register.html

@@ -1,13 +1,16 @@
 {% extends 'public/base.html' %}
-{% load static %}
+
 {% load bootstrap %}
 {% load i18n %}
-{% block page_title %}Registration{% endblock %}
+
+{% block page_title %}{% translate "Registration" %}{% endblock %}
+
 {% block extra_include %}
     {% include 'bundles/bootstrap-css.html' %}
     {% include 'bundles/fontawesome.html' %}
     {% include 'bundles/bootstrap-js.html' %}
 {% endblock %}
+
 {% block content %}
     <div class="col-md-4 col-md-offset-4">
         <div class="panel panel-default panel-transparent">
@@ -15,7 +18,7 @@
                 <form method="POST">
                     {% csrf_token %}
                     {{ form|bootstrap }}
-                    <button class="btn btn-lg btn-primary btn-block" type="submit">{% trans "Register" %}</button>
+                    <button class="btn btn-lg btn-primary btn-block" type="submit">{% translate "Register" %}</button>
                 </form>
             </div>
         </div>

allianceauth/authentication/templates/registration/activate.html

@@ -1,5 +1,5 @@
 {% extends 'public/middle_box.html' %}
 {% load i18n %}
 {% block middle_box_content %}
-    <div class="alert alert-danger">{% trans 'Invalid or expired activation link.' %}</div>
+    <div class="alert alert-danger">{% translate 'Invalid or expired activation link.' %}</div>
 {% endblock %}

allianceauth/authentication/templates/registration/activation_email.txt

@@ -2,12 +2,8 @@ You're receiving this email because someone has entered this email address while
 
 If this was you, please click on the link below to confirm your email address:
 
-<a href="{{ scheme }}://{{ url }}">Confirm email address</a>
-
-Link not working? Try copy/pasting this URL into your browser:
-
 {{ scheme }}://{{ url }}
 
 This link will expire in {{ expiration_days }} day(s).
 
-If this was not you, it is safe to ignore this email.
+If this was not you, it is safe to ignore this email.

allianceauth/authentication/templates/registration/activation_email_html.txt

@@ -0,0 +1,19 @@
+<p>
+    You're receiving this email because someone has entered this email address while registering for an account on {{ site.domain }}
+</p>
+
+<p>
+    If this was you, please click on the link below to confirm your email address:
+<p>
+
+<p>
+    <a href="{{ scheme }}://{{ url }}">Confirm email address</a>
+</p>
+
+<p>
+    This link will expire in {{ expiration_days }} day(s).
+</p>
+
+<p>
+    If this was not you, it is safe to ignore this email.
+</p>

allianceauth/authentication/templates/registration/activation_email_subject.txt

@@ -1 +1 @@
-Confirm your Alliance Auth account email address
+Confirm your Alliance Auth account email address

allianceauth/authentication/templates/registration/password_reset_email.html

@@ -1,15 +0,0 @@
-{% load i18n %}{% autoescape off %}
-    {% blocktrans trimmed %}You're receiving this email because you requested a password reset for your
-        user account.{% endblocktrans %}
-
-    {% trans "Please go to the following page and choose a new password:" %}
-    {% block reset_link %}
-        {{domain}}{% url 'password_reset_confirm' uidb64=uid token=token %}
-    {% endblock %}
-    {% trans "Your username, in case you've forgotten:" %} {{ user.get_username }}
-
-    {% trans "Thanks for using our site!" %}
-
-    {% blocktrans %}Your IT Team{% endblocktrans %}
-
-{% endautoescape %}

allianceauth/authentication/templates/registration/registration_form.html

@@ -1,14 +0,0 @@
-{% extends 'public/middle_box.html' %}
-{% load bootstrap %}
-{% load i18n %}
-{% load static %}
-{% block page_title %}Register{% endblock %}
-{% block middle_box_content %}
-    <form class="form-signin" role="form" action="" method="POST">
-        {% csrf_token %}
-        {{ form|bootstrap }}
-        <br/>
-        <button class="btn btn-lg btn-primary btn-block" type="submit">{% trans "Submit" %}</button>
-        <br/>
-    </form>
-{% endblock %}

allianceauth/authentication/tests/__init__.py

@@ -1,4 +1,17 @@
+from django.db.models.signals import (
+    m2m_changed,
+    post_save,
+    pre_delete,
+    pre_save
+)
 from django.urls import reverse
+from unittest import mock
+
+MODULE_PATH = 'allianceauth.authentication'
+
+
+def patch(target, *args, **kwargs):
+    return mock.patch(f'{MODULE_PATH}{target}', *args, **kwargs)
 
 
 def get_admin_change_view_url(obj: object) -> str:
@@ -10,9 +23,10 @@ def get_admin_change_view_url(obj: object) -> str:
         args=(obj.pk,)
     )
 
+
 def get_admin_search_url(ModelClass: type) -> str:
     """returns URL to search URL for model of given object"""
     return '{}{}/'.format(
         reverse('admin:app_list', args=(ModelClass._meta.app_label,)),
         ModelClass.__name__.lower()
-    )
+    )

allianceauth/authentication/tests/test_admin.py

@@ -1,17 +1,18 @@
+from bs4 import BeautifulSoup
 from urllib.parse import quote
 from unittest.mock import patch, MagicMock
 
-from django.conf import settings
+from django_webtest import WebTest
-from django.contrib import admin
+
 from django.contrib.admin.sites import AdminSite
-from django.contrib.auth.models import User as BaseUser, Group
+from django.contrib.auth.models import Group
 from django.test import TestCase, RequestFactory, Client
 
 from allianceauth.authentication.models import (
     CharacterOwnership, State, OwnershipRecord
 )
 from allianceauth.eveonline.models import (
-    EveCharacter, EveCorporationInfo, EveAllianceInfo
+    EveCharacter, EveCorporationInfo, EveAllianceInfo, EveFactionInfo
 )
 from allianceauth.services.hooks import ServicesHook
 from allianceauth.tests.auth_utils import AuthUtils
@@ -19,15 +20,15 @@ from allianceauth.tests.auth_utils import AuthUtils
 from ..admin import (
     BaseUserAdmin,
     CharacterOwnershipAdmin,
-    PermissionAdmin,
     StateAdmin,
     MainCorporationsFilter,
     MainAllianceFilter,
+    MainFactionFilter,
     OwnershipRecordAdmin,
     User,
-    UserAdmin,     
+    UserAdmin,
     user_main_organization,
-    user_profile_pic, 
+    user_profile_pic,
     user_username,
     update_main_character_model,
     make_service_hooks_update_groups_action,
@@ -35,19 +36,15 @@ from ..admin import (
 )
 from . import get_admin_change_view_url, get_admin_search_url
 
-if 'allianceauth.eveonline.autogroups' in settings.INSTALLED_APPS:
-    _has_auto_groups = True
-    from allianceauth.eveonline.autogroups.models import AutogroupsConfig
-else:
-    _has_auto_groups = False
 
 MODULE_PATH = 'allianceauth.authentication.admin'
 
 
-class MockRequest(object):    
+class MockRequest:
     def __init__(self, user=None):
         self.user = user
 
+
 class TestCaseWithTestData(TestCase):
 
     @classmethod
@@ -58,7 +55,7 @@ class TestCaseWithTestData(TestCase):
             EveAllianceInfo, EveCorporationInfo, EveCharacter, Group, User
         ]:
             MyModel.objects.all().delete()
-        
+
         # groups
         cls.group_1 = Group.objects.create(
             name='Group 1'
@@ -91,16 +88,16 @@ class TestCaseWithTestData(TestCase):
         alliance = EveAllianceInfo.objects.create(
             alliance_id=3001,
             alliance_name='Wayne Enterprises',
-            alliance_ticker='WE',            
+            alliance_ticker='WE',
             executor_corp_id=2001
         )
         EveCorporationInfo.objects.create(
             corporation_id=2001,
             corporation_name='Wayne Technologies',
-            corporation_ticker='WT',            
+            corporation_ticker='WT',
             member_count=42,
             alliance=alliance
-        )        
+        )
         cls.user_1 = User.objects.create_user(
             character_1.character_name.replace(' ', '_'),
             'abc@example.com',
@@ -118,7 +115,7 @@ class TestCaseWithTestData(TestCase):
         )
         cls.user_1.profile.main_character = character_1
         cls.user_1.profile.save()
-        cls.user_1.groups.add(cls.group_1)        
+        cls.user_1.groups.add(cls.group_1)
 
         # user 2 - corp only, staff
         character_2 = EveCharacter.objects.create(
@@ -132,7 +129,7 @@ class TestCaseWithTestData(TestCase):
         EveCorporationInfo.objects.create(
             corporation_id=2002,
             corporation_name='Daily Plane',
-            corporation_ticker='DP',            
+            corporation_ticker='DP',
             member_count=99,
             alliance=None
         )
@@ -151,7 +148,7 @@ class TestCaseWithTestData(TestCase):
         cls.user_2.groups.add(cls.group_2)
         cls.user_2.is_staff = True
         cls.user_2.save()
-        
+
         # user 3 - no main, no group, superuser
         character_3 = EveCharacter.objects.create(
             character_id=1101,
@@ -164,7 +161,7 @@ class TestCaseWithTestData(TestCase):
         EveCorporationInfo.objects.create(
             corporation_id=2101,
             corporation_name='Lex Corp',
-            corporation_ticker='LC',            
+            corporation_ticker='LC',
             member_count=666,
             alliance=None
         )
@@ -187,31 +184,57 @@ class TestCaseWithTestData(TestCase):
         cls.user_3.is_superuser = True
         cls.user_3.save()
 
+        # user 4 - corp and faction, no alliance
+        cls.character_4 = EveCharacter.objects.create(
+            character_id=4321,
+            character_name='Professor X',
+            corporation_id=5432,
+            corporation_name="Xavier's School for Gifted Youngsters",
+            corporation_ticker='MUTNT',
+            alliance_id=None,
+            faction_id=999,
+            faction_name='The X-Men',
+        )
+        cls.user_4 = User.objects.create_user(
+            cls.character_4.character_name.replace(' ', '_'),
+            'abc@example.com',
+            'password'
+        )
+        CharacterOwnership.objects.create(
+            character=cls.character_4,
+            owner_hash='x1' + cls.character_4.character_name,
+            user=cls.user_4
+        )
+        cls.user_4.profile.main_character = cls.character_4
+        cls.user_4.profile.save()
+        EveFactionInfo.objects.create(faction_id=999, faction_name='The X-Men')
+
 
 def make_generic_search_request(ModelClass: type, search_term: str):
     User.objects.create_superuser(
         username='superuser', password='secret', email='admin@example.com'
     )
     c = Client()
-    c.login(username='superuser', password='secret')    
+    c.login(username='superuser', password='secret')
     return c.get(
-        '%s?q=%s' % (get_admin_search_url(ModelClass), quote(search_term))
+        f'{get_admin_search_url(ModelClass)}?q={quote(search_term)}'
-    )    
+    )
 
 
 class TestCharacterOwnershipAdmin(TestCaseWithTestData):
-    
+    fixtures = ["disable_analytics"]
+
     def setUp(self):
         self.modeladmin = CharacterOwnershipAdmin(
             model=User, admin_site=AdminSite()
         )
 
-    def test_change_view_loads_normally(self):        
+    def test_change_view_loads_normally(self):
         User.objects.create_superuser(
             username='superuser', password='secret', email='admin@example.com'
         )
         c = Client()
-        c.login(username='superuser', password='secret')                
+        c.login(username='superuser', password='secret')
         ownership = self.user_1.character_ownerships.first()
         response = c.get(get_admin_change_view_url(ownership))
         self.assertEqual(response.status_code, 200)
@@ -226,18 +249,19 @@ class TestCharacterOwnershipAdmin(TestCaseWithTestData):
 
 
 class TestOwnershipRecordAdmin(TestCaseWithTestData):
-    
+    fixtures = ["disable_analytics"]
+
     def setUp(self):
         self.modeladmin = OwnershipRecordAdmin(
             model=User, admin_site=AdminSite()
         )
 
-    def test_change_view_loads_normally(self):        
+    def test_change_view_loads_normally(self):
         User.objects.create_superuser(
             username='superuser', password='secret', email='admin@example.com'
         )
         c = Client()
-        c.login(username='superuser', password='secret')                
+        c.login(username='superuser', password='secret')
         ownership_record = OwnershipRecord.objects\
             .filter(user=self.user_1)\
             .first()
@@ -252,23 +276,24 @@ class TestOwnershipRecordAdmin(TestCaseWithTestData):
 
 
 class TestStateAdmin(TestCaseWithTestData):
-        
+    fixtures = ["disable_analytics"]
-    def setUp(self):
-        self.modeladmin = StateAdmin(
-            model=User, admin_site=AdminSite()
-        )
 
-    def test_change_view_loads_normally(self):        
+    @classmethod
+    def setUpClass(cls) -> None:
+        super().setUpClass()
+        cls.modeladmin = StateAdmin(model=User, admin_site=AdminSite())
+
+    def test_change_view_loads_normally(self):
         User.objects.create_superuser(
             username='superuser', password='secret', email='admin@example.com'
         )
         c = Client()
-        c.login(username='superuser', password='secret')                
+        c.login(username='superuser', password='secret')
-        
+
         guest_state = AuthUtils.get_guest_state()
         response = c.get(get_admin_change_view_url(guest_state))
         self.assertEqual(response.status_code, 200)
-        
+
         member_state = AuthUtils.get_member_state()
         response = c.get(get_admin_change_view_url(member_state))
         self.assertEqual(response.status_code, 200)
@@ -279,7 +304,9 @@ class TestStateAdmin(TestCaseWithTestData):
         expected = 200
         self.assertEqual(response.status_code, expected)
 
+
 class TestUserAdmin(TestCaseWithTestData):
+    fixtures = ["disable_analytics"]
 
     def setUp(self):
         self.factory = RequestFactory()
@@ -288,23 +315,11 @@ class TestUserAdmin(TestCaseWithTestData):
         )
         self.character_1 = self.user_1.character_ownerships.first().character
 
-    def _create_autogroups(self):
-        """create autogroups for corps and alliances"""
-        if _has_auto_groups:
-            autogroups_config = AutogroupsConfig(
-                corp_groups = True,
-                alliance_groups = True
-            )
-            autogroups_config.save()
-            for state in State.objects.all():
-                autogroups_config.states.add(state)        
-            autogroups_config.update_corp_group_membership(self.user_1)        
-    
-    # column rendering
-
     def test_user_profile_pic_u1(self):
-        expected = ('<img src="https://images.evetech.net/characters/1001/'
+        expected = (
-            'portrait?size=32" class="img-circle">')        
+            '<img src="https://images.evetech.net/characters/1001/'
+            'portrait?size=32" class="img-circle">'
+        )
         self.assertEqual(user_profile_pic(self.user_1), expected)
 
     def test_user_profile_pic_u3(self):
@@ -333,9 +348,13 @@ class TestUserAdmin(TestCaseWithTestData):
         self.assertEqual(user_main_organization(self.user_2), expected)
 
     def test_user_main_organization_u3(self):
-        expected = None
+        expected = ''
         self.assertEqual(user_main_organization(self.user_3), expected)
 
+    def test_user_main_organization_u4(self):
+        expected = "Xavier's School for Gifted Youngsters<br>The X-Men"
+        self.assertEqual(user_main_organization(self.user_4), expected)
+
     def test_characters_u1(self):
         expected = 'Batman, Bruce Wayne'
         result = self.modeladmin._characters(self.user_1)
@@ -350,38 +369,18 @@ class TestUserAdmin(TestCaseWithTestData):
         expected = 'Lex Luthor'
         result = self.modeladmin._characters(self.user_3)
         self.assertEqual(result, expected)
-    
+
     def test_groups_u1(self):
-        self._create_autogroups()
         expected = 'Group 1'
         result = self.modeladmin._groups(self.user_1)
         self.assertEqual(result, expected)
 
     def test_groups_u2(self):
-        self._create_autogroups()
         expected = 'Group 2'
         result = self.modeladmin._groups(self.user_2)
         self.assertEqual(result, expected)
-    
-    def test_groups_u3(self):        
-        self._create_autogroups()
-        result = self.modeladmin._groups(self.user_3)
-        self.assertIsNone(result)
 
-    @patch(MODULE_PATH + '._has_auto_groups', False)
+    def test_groups_u3(self):
-    def test_groups_u1_no_autogroups(self):        
-        expected = 'Group 1'
-        result = self.modeladmin._groups(self.user_1)
-        self.assertEqual(result, expected)
-
-    @patch(MODULE_PATH + '._has_auto_groups', False)
-    def test_groups_u2_no_autogroups(self):        
-        expected = 'Group 2'
-        result = self.modeladmin._groups(self.user_2)
-        self.assertEqual(result, expected)
-    
-    @patch(MODULE_PATH + '._has_auto_groups', False)
-    def test_groups_u3_no_autogroups(self):                
         result = self.modeladmin._groups(self.user_3)
         self.assertIsNone(result)
 
@@ -413,8 +412,10 @@ class TestUserAdmin(TestCaseWithTestData):
 
     def test_list_2_html_w_tooltips_w_cutoff(self):
         items = ['one', 'two', 'three']
-        expected = ('<span data-tooltip="one, two, three" '
+        expected = (
-            'class="tooltip">one, two, (...)</span>')
+            '<span data-tooltip="one, two, three" '
+            'class="tooltip">one, two, (...)</span>'
+        )
         result = self.modeladmin._list_2_html_w_tooltips(items, 2)
         self.assertEqual(expected, result)
 
@@ -423,10 +424,10 @@ class TestUserAdmin(TestCaseWithTestData):
         expected = None
         result = self.modeladmin._list_2_html_w_tooltips(items, 5)
         self.assertEqual(expected, result)
-    
+
     # actions
 
-    @patch(MODULE_PATH + '.UserAdmin.message_user', auto_spec=True)
+    @patch(MODULE_PATH + '.UserAdmin.message_user', auto_spec=True, unsafe=True)
     @patch(MODULE_PATH + '.update_character')
     def test_action_update_main_character_model(
         self, mock_task, mock_message_user
@@ -437,70 +438,14 @@ class TestUserAdmin(TestCaseWithTestData):
         )
         self.assertEqual(mock_task.delay.call_count, 2)
         self.assertTrue(mock_message_user.called)
-    
+
     # filters
 
-    def test_filter_real_groups_with_autogroups(self):
-        
-        class UserAdminTest(BaseUserAdmin): 
-            list_filter = (UserAdmin.RealGroupsFilter,)
-                
-        self._create_autogroups()        
-        my_modeladmin = UserAdminTest(User, AdminSite())
-
-        # Make sure the lookups are correct
-        request = self.factory.get('/')
-        request.user = self.user_1
-        changelist = my_modeladmin.get_changelist_instance(request)
-        filters = changelist.get_filters(request)
-        filterspec = filters[0][0]
-        expected = [
-            (self.group_1.pk, self.group_1.name), 
-            (self.group_2.pk, self.group_2.name),
-        ]
-        self.assertEqual(filterspec.lookup_choices, expected)
-
-        # Make sure the correct queryset is returned
-        request = self.factory.get('/', {'group_id__exact': self.group_1.pk})
-        request.user = self.user_1                
-        changelist = my_modeladmin.get_changelist_instance(request)
-        queryset = changelist.get_queryset(request)
-        expected = User.objects.filter(groups__in=[self.group_1])
-        self.assertSetEqual(set(queryset), set(expected))
-
-    @patch(MODULE_PATH + '._has_auto_groups', False)
-    def test_filter_real_groups_no_autogroups(self):
-        
-        class UserAdminTest(BaseUserAdmin): 
-            list_filter = (UserAdmin.RealGroupsFilter,)
-                        
-        my_modeladmin = UserAdminTest(User, AdminSite())
-
-        # Make sure the lookups are correct
-        request = self.factory.get('/')
-        request.user = self.user_1
-        changelist = my_modeladmin.get_changelist_instance(request)
-        filters = changelist.get_filters(request)
-        filterspec = filters[0][0]
-        expected = [
-            (self.group_1.pk, self.group_1.name), 
-            (self.group_2.pk, self.group_2.name),
-        ]
-        self.assertEqual(filterspec.lookup_choices, expected)
-
-        # Make sure the correct queryset is returned
-        request = self.factory.get('/', {'group_id__exact': self.group_1.pk})
-        request.user = self.user_1                
-        changelist = my_modeladmin.get_changelist_instance(request)
-        queryset = changelist.get_queryset(request)
-        expected = User.objects.filter(groups__in=[self.group_1])
-        self.assertSetEqual(set(queryset), set(expected))
-
     def test_filter_main_corporations(self):
-        
+
-        class UserAdminTest(BaseUserAdmin): 
+        class UserAdminTest(BaseUserAdmin):
             list_filter = (MainCorporationsFilter,)
-                
+
         my_modeladmin = UserAdminTest(User, AdminSite())
 
         # Make sure the lookups are correct
@@ -509,28 +454,29 @@ class TestUserAdmin(TestCaseWithTestData):
         changelist = my_modeladmin.get_changelist_instance(request)
         filters = changelist.get_filters(request)
         filterspec = filters[0][0]
-        expected = [            
+        expected = [
             (2002, 'Daily Planet'),
             (2001, 'Wayne Technologies'),
+            (5432, "Xavier's School for Gifted Youngsters"),
         ]
         self.assertEqual(filterspec.lookup_choices, expected)
 
         # Make sure the correct queryset is returned
         request = self.factory.get(
-            '/', 
+            '/',
             {'main_corporation_id__exact': self.character_1.corporation_id}
         )
-        request.user = self.user_1                
+        request.user = self.user_1
         changelist = my_modeladmin.get_changelist_instance(request)
         queryset = changelist.get_queryset(request)
         expected = [self.user_1]
         self.assertSetEqual(set(queryset), set(expected))
 
     def test_filter_main_alliances(self):
-        
+
-        class UserAdminTest(BaseUserAdmin): 
+        class UserAdminTest(BaseUserAdmin):
             list_filter = (MainAllianceFilter,)
-                
+
         my_modeladmin = UserAdminTest(User, AdminSite())
 
         # Make sure the lookups are correct
@@ -539,28 +485,56 @@ class TestUserAdmin(TestCaseWithTestData):
         changelist = my_modeladmin.get_changelist_instance(request)
         filters = changelist.get_filters(request)
         filterspec = filters[0][0]
-        expected = [            
+        expected = [
-            (3001, 'Wayne Enterprises'),            
+            (3001, 'Wayne Enterprises'),
         ]
         self.assertEqual(filterspec.lookup_choices, expected)
 
         # Make sure the correct queryset is returned
         request = self.factory.get(
-            '/', 
+            '/',
             {'main_alliance_id__exact': self.character_1.alliance_id}
         )
-        request.user = self.user_1                
+        request.user = self.user_1
         changelist = my_modeladmin.get_changelist_instance(request)
         queryset = changelist.get_queryset(request)
         expected = [self.user_1]
         self.assertSetEqual(set(queryset), set(expected))
 
+    def test_filter_main_factions(self):
+        class UserAdminTest(BaseUserAdmin):
+            list_filter = (MainFactionFilter,)
+
+        my_modeladmin = UserAdminTest(User, AdminSite())
+
+        # Make sure the lookups are correct
+        request = self.factory.get('/')
+        request.user = self.user_4
+        changelist = my_modeladmin.get_changelist_instance(request)
+        filters = changelist.get_filters(request)
+        filterspec = filters[0][0]
+        expected = [
+            (999, 'The X-Men'),
+        ]
+        self.assertEqual(filterspec.lookup_choices, expected)
+
+        # Make sure the correct queryset is returned
+        request = self.factory.get(
+            '/',
+            {'main_faction_id__exact': self.character_4.faction_id}
+        )
+        request.user = self.user_4
+        changelist = my_modeladmin.get_changelist_instance(request)
+        queryset = changelist.get_queryset(request)
+        expected = [self.user_4]
+        self.assertSetEqual(set(queryset), set(expected))
+
     def test_change_view_loads_normally(self):
         User.objects.create_superuser(
             username='superuser', password='secret', email='admin@example.com'
         )
         c = Client()
-        c.login(username='superuser', password='secret')                
+        c.login(username='superuser', password='secret')
         response = c.get(get_admin_change_view_url(self.user_1))
         self.assertEqual(response.status_code, 200)
 
@@ -571,14 +545,237 @@ class TestUserAdmin(TestCaseWithTestData):
         self.assertEqual(response.status_code, expected)
 
 
+class TestStateAdminChangeFormSuperuserExclusiveEdits(WebTest):
+    @classmethod
+    def setUpClass(cls) -> None:
+        super().setUpClass()
+        cls.super_admin = User.objects.create_superuser("super_admin")
+        cls.staff_admin = User.objects.create_user("staff_admin")
+        cls.staff_admin.is_staff = True
+        cls.staff_admin.save()
+        cls.staff_admin = AuthUtils.add_permissions_to_user_by_name(
+            [
+                "authentication.add_state",
+                "authentication.change_state",
+                "authentication.view_state",
+            ],
+            cls.staff_admin
+        )
+        cls.superuser_exclusive_fields = ["permissions",]
+
+    def test_should_show_all_fields_to_superuser_for_add(self):
+        # given
+        self.app.set_user(self.super_admin)
+        page = self.app.get("/admin/authentication/state/add/")
+        # when
+        form = page.forms["state_form"]
+        # then
+        for field in self.superuser_exclusive_fields:
+            with self.subTest(field=field):
+                self.assertIn(field, form.fields)
+
+    def test_should_not_show_all_fields_to_staff_admins_for_add(self):
+        # given
+        self.app.set_user(self.staff_admin)
+        page = self.app.get("/admin/authentication/state/add/")
+        # when
+        form = page.forms["state_form"]
+        # then
+        for field in self.superuser_exclusive_fields:
+            with self.subTest(field=field):
+                self.assertNotIn(field, form.fields)
+
+    def test_should_show_all_fields_to_superuser_for_change(self):
+        # given
+        self.app.set_user(self.super_admin)
+        state = AuthUtils.get_member_state()
+        page = self.app.get(f"/admin/authentication/state/{state.pk}/change/")
+        # when
+        form = page.forms["state_form"]
+        # then
+        for field in self.superuser_exclusive_fields:
+            with self.subTest(field=field):
+                self.assertIn(field, form.fields)
+
+    def test_should_not_show_all_fields_to_staff_admin_for_change(self):
+        # given
+        self.app.set_user(self.staff_admin)
+        state = AuthUtils.get_member_state()
+        page = self.app.get(f"/admin/authentication/state/{state.pk}/change/")
+        # when
+        form = page.forms["state_form"]
+        # then
+        for field in self.superuser_exclusive_fields:
+            with self.subTest(field=field):
+                self.assertNotIn(field, form.fields)
+
+
+class TestUserAdminChangeForm(TestCase):
+    fixtures = ["disable_analytics"]
+
+    @classmethod
+    def setUpClass(cls) -> None:
+        super().setUpClass()
+        cls.modeladmin = UserAdmin(model=User, admin_site=AdminSite())
+
+    def test_should_show_groups_available_to_user_with_blue_state_only(self):
+        # given
+        superuser = User.objects.create_superuser("Super")
+        user = AuthUtils.create_user("bruce_wayne")
+        character = AuthUtils.add_main_character_2(
+            user,
+            name="Bruce Wayne",
+            character_id=1001,
+            corp_id=2001,
+            corp_name="Wayne Technologies"
+        )
+        blue_state = State.objects.get(name="Blue")
+        blue_state.member_characters.add(character)
+        member_state = AuthUtils.get_member_state()
+        group_1 = Group.objects.create(name="Group 1")
+        group_2 = Group.objects.create(name="Group 2")
+        group_2.authgroup.states.add(blue_state)
+        group_3 = Group.objects.create(name="Group 3")
+        group_3.authgroup.states.add(member_state)
+        self.client.force_login(superuser)
+        # when
+        response = self.client.get(f"/admin/authentication/user/{user.pk}/change/")
+        # then
+        self.assertEqual(response.status_code, 200)
+        soup = BeautifulSoup(response.rendered_content, features="html.parser")
+        groups_select = soup.find("select", {"id": "id_groups"}).find_all('option')
+        group_ids = {int(option["value"]) for option in groups_select}
+        self.assertSetEqual(group_ids, {group_1.pk, group_2.pk})
+
+
+class TestUserAdminChangeFormSuperuserExclusiveEdits(WebTest):
+    fixtures = ["disable_analytics"]
+
+    @classmethod
+    def setUpClass(cls) -> None:
+        super().setUpClass()
+        cls.super_admin = User.objects.create_superuser("super_admin")
+        cls.staff_admin = User.objects.create_user("staff_admin")
+        cls.staff_admin.is_staff = True
+        cls.staff_admin.save()
+        cls.staff_admin = AuthUtils.add_permissions_to_user_by_name(
+            [
+                "auth.change_user",
+                "auth.view_user",
+                "authentication.change_user",
+                "authentication.change_userprofile",
+                "authentication.view_user"
+            ],
+            cls.staff_admin
+        )
+        cls.superuser_exclusive_fields = [
+            "is_staff", "is_superuser", "user_permissions"
+        ]
+
+    def setUp(self) -> None:
+        self.user = AuthUtils.create_user("bruce_wayne")
+
+    def test_should_show_all_fields_to_superuser_for_change(self):
+        # given
+        self.app.set_user(self.super_admin)
+
+        page = self.app.get(f"/admin/authentication/user/{self.user.pk}/change/")
+        # when
+        form = page.forms["user_form"]
+        # then
+        for field in self.superuser_exclusive_fields:
+            with self.subTest(field=field):
+                self.assertIn(field, form.fields)
+
+    def test_should_not_show_all_fields_to_staff_admin_for_change(self):
+        # given
+        self.app.set_user(self.staff_admin)
+        page = self.app.get(f"/admin/authentication/user/{self.user.pk}/change/")
+        # when
+        form = page.forms["user_form"]
+        # then
+        for field in self.superuser_exclusive_fields:
+            with self.subTest(field=field):
+                self.assertNotIn(field, form.fields)
+
+    def test_should_allow_super_admin_to_add_restricted_group_to_user(self):
+        # given
+        self.app.set_user(self.super_admin)
+        group_restricted = Group.objects.create(name="restricted group")
+        group_restricted.authgroup.restricted = True
+        group_restricted.authgroup.save()
+        page = self.app.get(f"/admin/authentication/user/{self.user.pk}/change/")
+        form = page.forms["user_form"]
+        # when
+        form["groups"].select_multiple(texts=["restricted group"])
+        response = form.submit("save")
+        # then
+        self.assertEqual(response.status_code, 302)
+        self.user.refresh_from_db()
+        self.assertIn(
+            "restricted group", self.user.groups.values_list("name", flat=True)
+        )
+
+    def test_should_not_allow_staff_admin_to_add_restricted_group_to_user(self):
+        # given
+        self.app.set_user(self.staff_admin)
+        group_restricted = Group.objects.create(name="restricted group")
+        group_restricted.authgroup.restricted = True
+        group_restricted.authgroup.save()
+        page = self.app.get(f"/admin/authentication/user/{self.user.pk}/change/")
+        form = page.forms["user_form"]
+        # when
+        form["groups"].select_multiple(texts=["restricted group"])
+        response = form.submit("save")
+        # then
+        self.assertEqual(response.status_code, 200)
+        self.assertIn(
+            "You are not allowed to add or remove these restricted groups",
+            response.text
+        )
+
+    def test_should_not_allow_staff_admin_to_remove_restricted_group_from_user(self):
+        # given
+        self.app.set_user(self.staff_admin)
+        group_restricted = Group.objects.create(name="restricted group")
+        group_restricted.authgroup.restricted = True
+        group_restricted.authgroup.save()
+        self.user.groups.add(group_restricted)
+        page = self.app.get(f"/admin/authentication/user/{self.user.pk}/change/")
+        form = page.forms["user_form"]
+        # when
+        form["groups"].select_multiple(texts=[])
+        response = form.submit("save")
+        # then
+        self.assertEqual(response.status_code, 200)
+        self.assertIn(
+            "You are not allowed to add or remove these restricted groups",
+            response.text
+        )
+
+    def test_should_allow_staff_admin_to_add_normal_group_to_user(self):
+        # given
+        self.app.set_user(self.super_admin)
+        Group.objects.create(name="normal group")
+        page = self.app.get(f"/admin/authentication/user/{self.user.pk}/change/")
+        form = page.forms["user_form"]
+        # when
+        form["groups"].select_multiple(texts=["normal group"])
+        response = form.submit("save")
+        # then
+        self.assertEqual(response.status_code, 302)
+        self.user.refresh_from_db()
+        self.assertIn("normal group", self.user.groups.values_list("name", flat=True))
+
+
 class TestMakeServicesHooksActions(TestCaseWithTestData):
 
     class MyServicesHookTypeA(ServicesHook):
 
         def __init__(self):
             super().__init__()
-            self.name = 'My Service A'            
+            self.name = 'My Service A'
-        
+
         def update_groups(self, user):
             pass
 
@@ -590,7 +787,7 @@ class TestMakeServicesHooksActions(TestCaseWithTestData):
         def __init__(self):
             super().__init__()
             self.name = 'My Service B'
-        
+
         def update_groups(self, user):
             pass
 
@@ -602,33 +799,32 @@ class TestMakeServicesHooksActions(TestCaseWithTestData):
 
         def sync_nicknames_bulk(self, user):
             pass
-         
 
-    def test_service_has_update_groups_only(self):        
+    def test_service_has_update_groups_only(self):
         service = self.MyServicesHookTypeA()
-        mock_service = MagicMock(spec=service)      
+        mock_service = MagicMock(spec=service)
         action = make_service_hooks_update_groups_action(mock_service)
         action(MagicMock(), MagicMock(), [self.user_1])
         self.assertTrue(mock_service.update_groups.called)
 
-    def test_service_has_update_groups_bulk(self):        
+    def test_service_has_update_groups_bulk(self):
         service = self.MyServicesHookTypeB()
-        mock_service = MagicMock(spec=service)      
+        mock_service = MagicMock(spec=service)
         action = make_service_hooks_update_groups_action(mock_service)
         action(MagicMock(), MagicMock(), [self.user_1])
         self.assertFalse(mock_service.update_groups.called)
         self.assertTrue(mock_service.update_groups_bulk.called)
 
-    def test_service_has_sync_nickname_only(self):        
+    def test_service_has_sync_nickname_only(self):
         service = self.MyServicesHookTypeA()
-        mock_service = MagicMock(spec=service)      
+        mock_service = MagicMock(spec=service)
         action = make_service_hooks_sync_nickname_action(mock_service)
         action(MagicMock(), MagicMock(), [self.user_1])
         self.assertTrue(mock_service.sync_nickname.called)
 
-    def test_service_has_sync_nicknames_bulk(self):        
+    def test_service_has_sync_nicknames_bulk(self):
         service = self.MyServicesHookTypeB()
-        mock_service = MagicMock(spec=service)      
+        mock_service = MagicMock(spec=service)
         action = make_service_hooks_sync_nickname_action(mock_service)
         action(MagicMock(), MagicMock(), [self.user_1])
         self.assertFalse(mock_service.sync_nickname.called)

allianceauth/authentication/tests/test_app_settings.py

@@ -9,19 +9,19 @@ MODULE_PATH = 'allianceauth.authentication'
 class TestSetAppSetting(TestCase):
 
     @patch(MODULE_PATH + '.app_settings.settings')
-    def test_default_if_not_set(self, mock_settings):        
+    def test_default_if_not_set(self, mock_settings):
         mock_settings.TEST_SETTING_DUMMY = Mock(spec=None)
         result = app_settings._clean_setting(
-            'TEST_SETTING_DUMMY',             
+            'TEST_SETTING_DUMMY',
-            False,             
+            False,
         )
         self.assertEqual(result, False)
 
     @patch(MODULE_PATH + '.app_settings.settings')
-    def test_default_if_not_set_for_none(self, mock_settings):        
+    def test_default_if_not_set_for_none(self, mock_settings):
         mock_settings.TEST_SETTING_DUMMY = Mock(spec=None)
         result = app_settings._clean_setting(
-            'TEST_SETTING_DUMMY',             
+            'TEST_SETTING_DUMMY',
             None,
             required_type=int
         )
@@ -31,8 +31,8 @@ class TestSetAppSetting(TestCase):
     def test_true_stays_true(self, mock_settings):
         mock_settings.TEST_SETTING_DUMMY = True
         result = app_settings._clean_setting(
-            'TEST_SETTING_DUMMY',             
+            'TEST_SETTING_DUMMY',
-            False,         
+            False,
         )
         self.assertEqual(result, True)
 
@@ -40,7 +40,7 @@ class TestSetAppSetting(TestCase):
     def test_false_stays_false(self, mock_settings):
         mock_settings.TEST_SETTING_DUMMY = False
         result = app_settings._clean_setting(
-            'TEST_SETTING_DUMMY',             
+            'TEST_SETTING_DUMMY',
             False
         )
         self.assertEqual(result, False)
@@ -49,7 +49,7 @@ class TestSetAppSetting(TestCase):
     def test_default_for_invalid_type_bool(self, mock_settings):
         mock_settings.TEST_SETTING_DUMMY = 'invalid type'
         result = app_settings._clean_setting(
-            'TEST_SETTING_DUMMY',             
+            'TEST_SETTING_DUMMY',
             False
         )
         self.assertEqual(result, False)
@@ -58,7 +58,7 @@ class TestSetAppSetting(TestCase):
     def test_default_for_invalid_type_int(self, mock_settings):
         mock_settings.TEST_SETTING_DUMMY = 'invalid type'
         result = app_settings._clean_setting(
-            'TEST_SETTING_DUMMY',             
+            'TEST_SETTING_DUMMY',
             50
         )
         self.assertEqual(result, 50)
@@ -67,7 +67,7 @@ class TestSetAppSetting(TestCase):
     def test_default_if_below_minimum_1(self, mock_settings):
         mock_settings.TEST_SETTING_DUMMY = -5
         result = app_settings._clean_setting(
-            'TEST_SETTING_DUMMY',             
+            'TEST_SETTING_DUMMY',
             default_value=50
         )
         self.assertEqual(result, 50)
@@ -76,7 +76,7 @@ class TestSetAppSetting(TestCase):
     def test_default_if_below_minimum_2(self, mock_settings):
         mock_settings.TEST_SETTING_DUMMY = -50
         result = app_settings._clean_setting(
-            'TEST_SETTING_DUMMY',             
+            'TEST_SETTING_DUMMY',
             default_value=50,
             min_value=-10
         )
@@ -86,7 +86,7 @@ class TestSetAppSetting(TestCase):
     def test_default_for_invalid_type_int(self, mock_settings):
         mock_settings.TEST_SETTING_DUMMY = 1000
         result = app_settings._clean_setting(
-            'TEST_SETTING_DUMMY',             
+            'TEST_SETTING_DUMMY',
             default_value=50,
             max_value=100
         )
@@ -97,6 +97,6 @@ class TestSetAppSetting(TestCase):
         mock_settings.TEST_SETTING_DUMMY = 'invalid type'
         with self.assertRaises(ValueError):
             result = app_settings._clean_setting(
-                'TEST_SETTING_DUMMY',             
+                'TEST_SETTING_DUMMY',
                 default_value=None
             )

allianceauth/authentication/tests/test_backend.py

@@ -23,27 +23,27 @@ class TestStatePermissions(TestCase):
         self.permission_2 = AuthUtils.get_permission_by_name(PERMISSION_2)
 
         # group
-        self.group_1 = Group.objects.create(name="Group 1")        
+        self.group_1 = Group.objects.create(name="Group 1")
         self.group_2 = Group.objects.create(name="Group 2")
 
         # state
-        self.state_1 = AuthUtils.get_member_state()        
+        self.state_1 = AuthUtils.get_member_state()
         self.state_2 = AuthUtils.create_state("Other State", 75)
-        
+
         # user
         self.user = AuthUtils.create_user("Bruce Wayne")
         self.main = AuthUtils.add_main_character_2(self.user, self.user.username, 123)
 
     def test_user_has_user_permissions(self):
         self.user.user_permissions.add(self.permission_1)
-        
+
         user = User.objects.get(pk=self.user.pk)
         self.assertTrue(user.has_perm(PERMISSION_1))
 
-    def test_user_has_group_permissions(self):        
+    def test_user_has_group_permissions(self):
         self.group_1.permissions.add(self.permission_1)
         self.user.groups.add(self.group_1)
-        
+
         user = User.objects.get(pk=self.user.pk)
         self.assertTrue(user.has_perm(PERMISSION_1))
 
@@ -55,7 +55,7 @@ class TestStatePermissions(TestCase):
         self.assertTrue(user.has_perm(PERMISSION_1))
 
     def test_when_user_changes_state_perms_change_accordingly(self):
-        self.state_1.permissions.add(self.permission_1)        
+        self.state_1.permissions.add(self.permission_1)
         self.state_1.member_characters.add(self.main)
         user = User.objects.get(pk=self.user.pk)
         self.assertTrue(user.has_perm(PERMISSION_1))
@@ -68,16 +68,16 @@ class TestStatePermissions(TestCase):
         self.assertTrue(user.has_perm(PERMISSION_2))
 
     def test_state_permissions_are_returned_for_current_user_object(self):
-        # verify state permissions are returns for the current user object 
+        # verify state permissions are returns for the current user object
-        # and not for it's instance in the database, which might be outdated        
+        # and not for it's instance in the database, which might be outdated
         self.state_1.permissions.add(self.permission_1)
-        self.state_2.permissions.add(self.permission_2)        
+        self.state_2.permissions.add(self.permission_2)
         self.state_1.member_characters.add(self.main)
         user = User.objects.get(pk=self.user.pk)
         user.profile.state = self.state_2
         self.assertFalse(user.has_perm(PERMISSION_1))
         self.assertTrue(user.has_perm(PERMISSION_2))
-    
+
 
 class TestAuthenticate(TestCase):
     @classmethod
@@ -114,12 +114,19 @@ class TestAuthenticate(TestCase):
     def test_authenticate_main_character(self):
         t = Token(character_id=self.main_character.character_id, character_owner_hash='1')
         user = StateBackend().authenticate(token=t)
-        self.assertEquals(user, self.user)
+        self.assertEqual(user, self.user)
 
+    """ Alt Login disabled
     def test_authenticate_alt_character(self):
         t = Token(character_id=self.alt_character.character_id, character_owner_hash='2')
         user = StateBackend().authenticate(token=t)
-        self.assertEquals(user, self.user)
+        self.assertEqual(user, self.user)
+    """
+
+    def test_authenticate_alt_character_fail(self):
+        t = Token(character_id=self.alt_character.character_id, character_owner_hash='2')
+        user = StateBackend().authenticate(token=t)
+        self.assertEqual(user, None)
 
     def test_authenticate_unclaimed_character(self):
         t = Token(character_id=self.unclaimed_character.character_id, character_name=self.unclaimed_character.character_name, character_owner_hash='3')
@@ -128,6 +135,7 @@ class TestAuthenticate(TestCase):
         self.assertEqual(user.username, 'Unclaimed_Character')
         self.assertEqual(user.profile.main_character, self.unclaimed_character)
 
+    """ Alt Login disabled
     def test_authenticate_character_record(self):
         t = Token(character_id=self.unclaimed_character.character_id, character_name=self.unclaimed_character.character_name, character_owner_hash='4')
         OwnershipRecord.objects.create(user=self.old_user, character=self.unclaimed_character, owner_hash='4')
@@ -135,10 +143,19 @@ class TestAuthenticate(TestCase):
         self.assertEqual(user, self.old_user)
         self.assertTrue(CharacterOwnership.objects.filter(owner_hash='4', user=self.old_user).exists())
         self.assertTrue(user.profile.main_character)
+    """
+
+    def test_authenticate_character_record_fails(self):
+        t = Token(character_id=self.unclaimed_character.character_id, character_name=self.unclaimed_character.character_name, character_owner_hash='4')
+        OwnershipRecord.objects.create(user=self.old_user, character=self.unclaimed_character, owner_hash='4')
+        user = StateBackend().authenticate(token=t)
+        self.assertEqual(user, self.old_user)
+        self.assertTrue(CharacterOwnership.objects.filter(owner_hash='4', user=self.old_user).exists())
+        self.assertTrue(user.profile.main_character)
 
     def test_iterate_username(self):
         t = Token(character_id=self.unclaimed_character.character_id,
-                  character_name=self.unclaimed_character.character_name, character_owner_hash='3')
+                    character_name=self.unclaimed_character.character_name, character_owner_hash='3')
         username = StateBackend().authenticate(token=t).username
         t.character_owner_hash = '4'
         username_1 = StateBackend().authenticate(token=t).username

allianceauth/authentication/tests/test_middleware.py

@@ -0,0 +1,175 @@
+from unittest import mock
+from allianceauth.authentication.middleware import UserSettingsMiddleware
+from unittest.mock import Mock
+from django.http import HttpResponse
+
+from django.test.testcases import TestCase
+
+
+class TestUserSettingsMiddlewareSaveLang(TestCase):
+
+    def setUp(self):
+        self.middleware = UserSettingsMiddleware(HttpResponse)
+        self.request = Mock()
+        self.request.headers = {
+                "User-Agent": "AUTOMATED TEST"
+            }
+        self.request.path = '/i18n/setlang/'
+        self.request.POST = {
+            'language': 'fr'
+        }
+        self.request.user.profile.language = 'de'
+        self.request.user.is_anonymous = False
+        self.response = Mock()
+        self.response.content = 'hello world'
+
+    def test_middleware_passthrough(self):
+        """
+        Simply tests the middleware runs cleanly
+        """
+        response = self.middleware.process_response(
+            self.request,
+            self.response
+            )
+        self.assertEqual(self.response, response)
+
+    def test_middleware_save_language_false_anonymous(self):
+        """
+        Ensures the middleware wont change the usersettings
+        of a non-existent (anonymous) user
+        """
+        self.request.user.is_anonymous = True
+        response = self.middleware.process_response(
+            self.request,
+            self.response
+            )
+        self.assertEqual(self.request.user.profile.language, 'de')
+        self.assertFalse(self.request.user.profile.save.called)
+        self.assertEqual(self.request.user.profile.save.call_count, 0)
+
+    def test_middleware_save_language_new(self):
+        """
+        does the middleware change a language not set in the DB
+        """
+        self.request.user.profile.language = None
+        response = self.middleware.process_response(
+            self.request,
+            self.response
+            )
+        self.assertEqual(self.request.user.profile.language, 'fr')
+        self.assertTrue(self.request.user.profile.save.called)
+        self.assertEqual(self.request.user.profile.save.call_count, 1)
+
+    def test_middleware_save_language_changed(self):
+        """
+        Tests the middleware will change a language setting
+        """
+        response = self.middleware.process_response(
+            self.request,
+            self.response
+            )
+        self.assertEqual(self.request.user.profile.language, 'fr')
+        self.assertTrue(self.request.user.profile.save.called)
+        self.assertEqual(self.request.user.profile.save.call_count, 1)
+
+
+class TestUserSettingsMiddlewareLoginFlow(TestCase):
+
+    def setUp(self):
+        self.middleware = UserSettingsMiddleware(HttpResponse)
+        self.request = Mock()
+        self.request.headers = {
+                "User-Agent": "AUTOMATED TEST"
+            }
+        self.request.path = '/sso/login'
+        self.request.session = {
+            'NIGHT_MODE': False
+        }
+        self.request.LANGUAGE_CODE = 'en'
+        self.request.user.profile.language = 'de'
+        self.request.user.profile.night_mode = True
+        self.request.user.is_anonymous = False
+        self.response = Mock()
+        self.response.content = 'hello world'
+
+    def test_middleware_passthrough(self):
+        """
+        Simply tests the middleware runs cleanly
+        """
+        middleware_response = self.middleware.process_response(
+            self.request,
+            self.response
+            )
+        self.assertEqual(self.response, middleware_response)
+
+    def test_middleware_sets_language_cookie_true_no_cookie(self):
+        """
+        tests the middleware will set a cookie, while none is set
+        """
+        self.request.LANGUAGE_CODE = None
+        middleware_response = self.middleware.process_response(
+            self.request,
+            self.response
+            )
+        self.assertTrue(middleware_response.set_cookie.called)
+        self.assertEqual(middleware_response.set_cookie.call_count, 1)
+        args, kwargs = middleware_response.set_cookie.call_args
+        self.assertEqual(kwargs['value'], 'de')
+
+    def test_middleware_sets_language_cookie_true_wrong_cookie(self):
+        """
+        tests the middleware will set a cookie, while a different value is set
+        """
+        middleware_response = self.middleware.process_response(
+            self.request,
+            self.response
+            )
+        self.assertTrue(middleware_response.set_cookie.called)
+        self.assertEqual(middleware_response.set_cookie.call_count, 1)
+        args, kwargs = middleware_response.set_cookie.call_args
+        self.assertEqual(kwargs['value'], 'de')
+
+    def test_middleware_sets_language_cookie_false_anonymous(self):
+        """
+        ensures the middleware wont set a value for a non existent user (anonymous)
+        """
+        self.request.user.is_anonymous = True
+        middleware_response = self.middleware.process_response(
+            self.request,
+            self.response
+            )
+        self.assertFalse = middleware_response.set_cookie.called
+        self.assertEqual(middleware_response.set_cookie.call_count, 0)
+
+    def test_middleware_sets_language_cookie_false_already_set(self):
+        """
+        tests the middleware skips setting the cookie, if its already set correctly
+        """
+        self.request.user.profile.language = 'en'
+        middleware_response = self.middleware.process_response(
+            self.request,
+            self.response
+            )
+        self.assertFalse = middleware_response.set_cookie.called
+        self.assertEqual(middleware_response.set_cookie.call_count, 0)
+
+    def test_middleware_sets_night_mode_not_set(self):
+        """
+        tests the middleware will set night_mode if not set
+        """
+        self.request.session = {}
+        response = self.middleware.process_response(
+            self.request,
+            self.response
+            )
+        self.assertEqual(self.request.session["NIGHT_MODE"], True)
+
+    def test_middleware_sets_night_mode_set(self):
+        """
+        tests the middleware will set night_mode if set.
+        """
+        response = self.middleware.process_response(
+            self.request,
+            self.response
+            )
+        self.assertEqual(self.request.session["NIGHT_MODE"], True)

allianceauth/authentication/tests/test_models.py

@@ -4,7 +4,7 @@ from django.contrib.auth.models import User
 from django.test import TestCase
 
 from allianceauth.eveonline.models import EveCharacter, EveCorporationInfo,\
-    EveAllianceInfo
+    EveAllianceInfo, EveFactionInfo
 from allianceauth.tests.auth_utils import AuthUtils
 from esi.errors import IncompleteResponseError
 from esi.models import Token
@@ -36,8 +36,8 @@ class CharacterOwnershipTestCase(TestCase):
             character_owner_hash='1',
         )
         co = CharacterOwnership.objects.get(character=self.character)
-        self.assertEquals(co.user, self.user)
+        self.assertEqual(co.user, self.user)
-        self.assertEquals(co.owner_hash, '1')
+        self.assertEqual(co.owner_hash, '1')
 
     def test_transfer_ownership(self):
         Token.objects.create(
@@ -54,7 +54,7 @@ class CharacterOwnershipTestCase(TestCase):
         )
         co = CharacterOwnership.objects.get(character=self.character)
         self.assertNotEqual(self.user, co.user)
-        self.assertEquals(self.alt_user, co.user)
+        self.assertEqual(self.alt_user, co.user)
 
     def test_clear_main_character(self):
         Token.objects.create(
@@ -80,13 +80,15 @@ class StateTestCase(TestCase):
     def setUpTestData(cls):
         cls.user = AuthUtils.create_user('test_user', disconnect_signals=True)
         AuthUtils.add_main_character(cls.user, 'Test Character', '1', corp_id='1', alliance_id='1',
-                                     corp_name='Test Corp', alliance_name='Test Alliance')
+                                    corp_name='Test Corp', alliance_name='Test Alliance', faction_id=1337,
+                                    faction_name='Permabanned')
         cls.guest_state = get_guest_state()
         cls.test_character = EveCharacter.objects.get(character_id='1')
         cls.test_corporation = EveCorporationInfo.objects.create(corporation_id='1', corporation_name='Test Corp',
-                                                                  corporation_ticker='TEST', member_count=1)
+                                                                corporation_ticker='TEST', member_count=1)
         cls.test_alliance = EveAllianceInfo.objects.create(alliance_id='1', alliance_name='Test Alliance',
                                                             alliance_ticker='TEST', executor_corp_id='1')
+        cls.test_faction = EveFactionInfo.objects.create(faction_id=1337, faction_name='Permabanned')
         cls.member_state = State.objects.create(
             name='Test Member',
             priority=150,
@@ -98,29 +100,38 @@ class StateTestCase(TestCase):
     def test_state_assignment_on_character_change(self):
         self.member_state.member_characters.add(self.test_character)
         self._refresh_user()
-        self.assertEquals(self.user.profile.state, self.member_state)
+        self.assertEqual(self.user.profile.state, self.member_state)
 
         self.member_state.member_characters.remove(self.test_character)
         self._refresh_user()
-        self.assertEquals(self.user.profile.state, self.guest_state)
+        self.assertEqual(self.user.profile.state, self.guest_state)
 
     def test_state_assignment_on_corporation_change(self):
         self.member_state.member_corporations.add(self.test_corporation)
         self._refresh_user()
-        self.assertEquals(self.user.profile.state, self.member_state)
+        self.assertEqual(self.user.profile.state, self.member_state)
 
         self.member_state.member_corporations.remove(self.test_corporation)
         self._refresh_user()
-        self.assertEquals(self.user.profile.state, self.guest_state)
+        self.assertEqual(self.user.profile.state, self.guest_state)
 
     def test_state_assignment_on_alliance_addition(self):
         self.member_state.member_alliances.add(self.test_alliance)
         self._refresh_user()
-        self.assertEquals(self.user.profile.state, self.member_state)
+        self.assertEqual(self.user.profile.state, self.member_state)
 
         self.member_state.member_alliances.remove(self.test_alliance)
         self._refresh_user()
-        self.assertEquals(self.user.profile.state, self.guest_state)
+        self.assertEqual(self.user.profile.state, self.guest_state)
+
+    def test_state_assignment_on_faction_change(self):
+        self.member_state.member_factions.add(self.test_faction)
+        self._refresh_user()
+        self.assertEqual(self.user.profile.state, self.member_state)
+
+        self.member_state.member_factions.remove(self.test_faction)
+        self._refresh_user()
+        self.assertEqual(self.user.profile.state, self.guest_state)
 
     def test_state_assignment_on_higher_priority_state_creation(self):
         self.member_state.member_characters.add(self.test_character)
@@ -130,10 +141,10 @@ class StateTestCase(TestCase):
         )
         higher_state.member_characters.add(self.test_character)
         self._refresh_user()
-        self.assertEquals(higher_state, self.user.profile.state)
+        self.assertEqual(higher_state, self.user.profile.state)
         higher_state.member_characters.clear()
         self._refresh_user()
-        self.assertEquals(self.member_state, self.user.profile.state)
+        self.assertEqual(self.member_state, self.user.profile.state)
         self.member_state.member_characters.clear()
 
     def test_state_assignment_on_lower_priority_state_creation(self):
@@ -144,10 +155,10 @@ class StateTestCase(TestCase):
         )
         lower_state.member_characters.add(self.test_character)
         self._refresh_user()
-        self.assertEquals(self.member_state, self.user.profile.state)
+        self.assertEqual(self.member_state, self.user.profile.state)
         lower_state.member_characters.clear()
         self._refresh_user()
-        self.assertEquals(self.member_state, self.user.profile.state)
+        self.assertEqual(self.member_state, self.user.profile.state)
         self.member_state.member_characters.clear()
 
     def test_state_assignment_on_priority_change(self):
@@ -161,11 +172,11 @@ class StateTestCase(TestCase):
         lower_state.priority = 500
         lower_state.save()
         self._refresh_user()
-        self.assertEquals(lower_state, self.user.profile.state)
+        self.assertEqual(lower_state, self.user.profile.state)
         lower_state.priority = 125
         lower_state.save()
         self._refresh_user()
-        self.assertEquals(self.member_state, self.user.profile.state)
+        self.assertEqual(self.member_state, self.user.profile.state)
 
     def test_state_assignment_on_state_deletion(self):
         self.member_state.member_characters.add(self.test_character)
@@ -175,11 +186,11 @@ class StateTestCase(TestCase):
         )
         higher_state.member_characters.add(self.test_character)
         self._refresh_user()
-        self.assertEquals(higher_state, self.user.profile.state)
+        self.assertEqual(higher_state, self.user.profile.state)
         higher_state.delete()
         self.assertFalse(State.objects.filter(name='Higher State').count())
         self._refresh_user()
-        self.assertEquals(self.member_state, self.user.profile.state)
+        self.assertEqual(self.member_state, self.user.profile.state)
 
     def test_state_assignment_on_public_toggle(self):
         self.member_state.member_characters.add(self.test_character)
@@ -188,26 +199,26 @@ class StateTestCase(TestCase):
             priority=200,
         )
         self._refresh_user()
-        self.assertEquals(self.member_state, self.user.profile.state)
+        self.assertEqual(self.member_state, self.user.profile.state)
         higher_state.public = True
         higher_state.save()
         self._refresh_user()
-        self.assertEquals(higher_state, self.user.profile.state)
+        self.assertEqual(higher_state, self.user.profile.state)
         higher_state.public = False
         higher_state.save()
         self._refresh_user()
-        self.assertEquals(self.member_state, self.user.profile.state)
+        self.assertEqual(self.member_state, self.user.profile.state)
 
     def test_state_assignment_on_active_changed(self):
         self.member_state.member_characters.add(self.test_character)
         self.user.is_active = False
         self.user.save()
         self._refresh_user()
-        self.assertEquals(self.user.profile.state, self.guest_state)
+        self.assertEqual(self.user.profile.state, self.guest_state)
         self.user.is_active = True
         self.user.save()
         self._refresh_user()
-        self.assertEquals(self.user.profile.state, self.member_state)
+        self.assertEqual(self.user.profile.state, self.member_state)
 
 
 class CharacterOwnershipCheckTestCase(TestCase):
@@ -215,7 +226,7 @@ class CharacterOwnershipCheckTestCase(TestCase):
     def setUpTestData(cls):
         cls.user = AuthUtils.create_user('test_user', disconnect_signals=True)
         AuthUtils.add_main_character(cls.user, 'Test Character', '1', corp_id='1', alliance_id='1',
-                                     corp_name='Test Corp', alliance_name='Test Alliance')
+                                        corp_name='Test Corp', alliance_name='Test Alliance')
         cls.character = EveCharacter.objects.get(character_id=1)
         cls.token = Token.objects.create(
             user=cls.user,

allianceauth/authentication/tests/test_signals.py

@@ -0,0 +1,94 @@
+from allianceauth.authentication.models import User, UserProfile
+from allianceauth.eveonline.models import (
+    EveCharacter,
+    EveCorporationInfo,
+    EveAllianceInfo
+)
+from django.db.models.signals import (
+    pre_save,
+    post_save,
+    pre_delete,
+    m2m_changed
+)
+from allianceauth.tests.auth_utils import AuthUtils
+
+from django.test.testcases import TestCase
+from unittest.mock import Mock
+from . import patch
+
+
+class TestUserProfileSignals(TestCase):
+
+    def setUp(self):
+        state = AuthUtils.get_member_state()
+
+        self.char = EveCharacter.objects.create(
+            character_id='1234',
+            character_name='test character',
+            corporation_id='2345',
+            corporation_name='test corp',
+            corporation_ticker='tickr',
+            alliance_id='3456',
+            alliance_name='alliance name',
+        )
+
+        self.alliance = EveAllianceInfo.objects.create(
+            alliance_id='3456',
+            alliance_name='alliance name',
+            alliance_ticker='TIKR',
+            executor_corp_id='2345',
+        )
+
+        self.corp = EveCorporationInfo.objects.create(
+            corporation_id='2345',
+            corporation_name='corp name',
+            corporation_ticker='TIKK',
+            member_count=10,
+            alliance=self.alliance,
+        )
+
+        state.member_alliances.add(self.alliance)
+        state.member_corporations.add(self.corp)
+
+        self.member = AuthUtils.create_user('test user')
+        self.member.profile.main_character = self.char
+        self.member.profile.save()
+
+    @patch('.signals.create_required_models')
+    def test_create_required_models_triggered_true(
+            self, create_required_models):
+        """
+        Create a User object here,
+        to generate UserProfile models
+        """
+        post_save.connect(create_required_models, sender=User)
+        AuthUtils.create_user('test_create_required_models_triggered')
+        self.assertTrue = create_required_models.called
+        self.assertEqual(create_required_models.call_count, 1)
+
+        user = User.objects.get(username='test_create_required_models_triggered')
+        self.assertIsNot(UserProfile.objects.get(user=user), False)
+
+    @patch('.signals.create_required_models')
+    def test_create_required_models_triggered_false(
+            self, create_required_models):
+        """
+        Only call a User object Update here,
+        which does not need to generate UserProfile models
+        """
+        post_save.connect(create_required_models, sender=User)
+        char = EveCharacter.objects.create(
+            character_id='1266',
+            character_name='test character2',
+            corporation_id='2345',
+            corporation_name='test corp',
+            corporation_ticker='tickr',
+            alliance_id='3456',
+            alliance_name='alliance name',
+        )
+        self.member.profile.main_character = char
+        self.member.profile.save()
+
+        self.assertTrue = create_required_models.called
+        self.assertEqual(create_required_models.call_count, 0)
+        self.assertIsNot(UserProfile.objects.get(user=self.member), False)

allianceauth/authentication/tests/test_templatetags.py

@@ -1,19 +1,19 @@
 from math import ceil
 from unittest.mock import patch
 
-from requests import RequestException
+import requests
 import requests_mock
 from packaging.version import Version as Pep440Version
 
+from django.core.cache import cache
 from django.test import TestCase
 
 from allianceauth.templatetags.admin_status import (
     status_overview,
     _fetch_list_from_gitlab,
-    _current_notifications, 
+    _current_notifications,
-    _current_version_summary, 
+    _current_version_summary,
     _fetch_notification_issues_from_gitlab,
-    _fetch_tags_from_gitlab,
     _latests_versions
 )
 
@@ -55,17 +55,17 @@ TEST_VERSION = '2.6.5'
 
 
 class TestStatusOverviewTag(TestCase):
-
     @patch(MODULE_PATH + '.admin_status.__version__', TEST_VERSION)
     @patch(MODULE_PATH + '.admin_status._fetch_celery_queue_length')
     @patch(MODULE_PATH + '.admin_status._current_version_summary')
-    @patch(MODULE_PATH + '.admin_status._current_notifications')    
+    @patch(MODULE_PATH + '.admin_status._current_notifications')
     def test_status_overview(
-        self, 
+        self,
-        mock_current_notifications, 
+        mock_current_notifications,
         mock_current_version_info,
         mock_fetch_celery_queue_length
     ):
+        # given
         notifications = {
             'notifications': GITHUB_NOTIFICATION_ISSUES[:5]
         }
@@ -83,55 +83,69 @@ class TestStatusOverviewTag(TestCase):
         }
         mock_current_version_info.return_value = version_info
         mock_fetch_celery_queue_length.return_value = 3
-                
+        # when
         result = status_overview()
-        expected = {
+        # then
-            'notifications': GITHUB_NOTIFICATION_ISSUES[:5],
+        self.assertEqual(result["notifications"], GITHUB_NOTIFICATION_ISSUES[:5])
-            'latest_major': True,
+        self.assertTrue(result["latest_major"])
-            'latest_minor': True,
+        self.assertTrue(result["latest_minor"])
-            'latest_patch': True,
+        self.assertTrue(result["latest_patch"])
-            'latest_beta': False,
+        self.assertFalse(result["latest_beta"])
-            'current_version': TEST_VERSION,
+        self.assertEqual(result["current_version"], TEST_VERSION)
-            'latest_major_version': '2.4.5',
+        self.assertEqual(result["latest_major_version"], '2.4.5')
-            'latest_minor_version': '2.4.0',
+        self.assertEqual(result["latest_minor_version"], '2.4.0')
-            'latest_patch_version': '2.4.5',
+        self.assertEqual(result["latest_patch_version"], '2.4.5')
-            'latest_beta_version': '2.4.4a1',
+        self.assertEqual(result["latest_beta_version"], '2.4.4a1')
-            'task_queue_length': 3,
+        self.assertEqual(result["task_queue_length"], 3)
-        }
-        self.assertEqual(result, expected)
 
 
 class TestNotifications(TestCase):
 
+    def setUp(self) -> None:
+        cache.clear()
+
     @requests_mock.mock()
     def test_fetch_notification_issues_from_gitlab(self, requests_mocker):
+        # given
         url = (
             'https://gitlab.com/api/v4/projects/allianceauth%2Fallianceauth/issues'
             '?labels=announcement'
-        )        
+        )
         requests_mocker.get(url, json=GITHUB_NOTIFICATION_ISSUES)
+        # when
         result = _fetch_notification_issues_from_gitlab()
+        # then
         self.assertEqual(result, GITHUB_NOTIFICATION_ISSUES)
 
     @patch(MODULE_PATH + '.admin_status.cache')
     def test_current_notifications_normal(self, mock_cache):
+        # given
         mock_cache.get_or_set.return_value = GITHUB_NOTIFICATION_ISSUES
-
+        # when
         result = _current_notifications()
+        # then
         self.assertEqual(result['notifications'], GITHUB_NOTIFICATION_ISSUES[:5])
 
-    @patch(MODULE_PATH + '.admin_status.cache')
+    @requests_mock.mock()
-    def test_current_notifications_failed(self, mock_cache):
+    def test_current_notifications_failed(self, requests_mocker):
-        mock_cache.get_or_set.side_effect = RequestException
+        # given
-
+        url = (
+            'https://gitlab.com/api/v4/projects/allianceauth%2Fallianceauth/issues'
+            '?labels=announcement'
+        )
+        requests_mocker.get(url, status_code=404)
+        # when
         result = _current_notifications()
+        # then
         self.assertEqual(result['notifications'], list())
 
     @patch(MODULE_PATH + '.admin_status.cache')
     def test_current_notifications_is_none(self, mock_cache):
+        # given
         mock_cache.get_or_set.return_value = None
-
+        # when
         result = _current_notifications()
+        # then
         self.assertEqual(result['notifications'], list())
 
 
@@ -143,89 +157,93 @@ class TestCeleryQueueLength(TestCase):
 
 class TestVersionTags(TestCase):
 
+    def setUp(self) -> None:
+        cache.clear()
+
     @patch(MODULE_PATH + '.admin_status.__version__', TEST_VERSION)
     @patch(MODULE_PATH + '.admin_status.cache')
     def test_current_version_info_normal(self, mock_cache):
+        # given
         mock_cache.get_or_set.return_value = GITHUB_TAGS
-
+        # when
         result = _current_version_summary()
-        self.assertTrue(result['latest_major'])
+        # then
-        self.assertTrue(result['latest_minor'])
         self.assertTrue(result['latest_patch'])
-        self.assertEqual(result['latest_major_version'], '2.0.0')
-        self.assertEqual(result['latest_minor_version'], '2.4.0')
         self.assertEqual(result['latest_patch_version'], '2.4.5')
         self.assertEqual(result['latest_beta_version'], '2.4.6a1')
 
     @patch(MODULE_PATH + '.admin_status.__version__', TEST_VERSION)
-    @patch(MODULE_PATH + '.admin_status.cache')
-    def test_current_version_info_failed(self, mock_cache):
-        mock_cache.get_or_set.side_effect = RequestException
-        
-        expected = {}
-        result = _current_version_summary()
-        self.assertEqual(result, expected)
-
     @requests_mock.mock()
-    def test_fetch_tags_from_gitlab(self, requests_mocker):
+    def test_current_version_info_failed(self, requests_mocker):
+        # given
         url = (
             'https://gitlab.com/api/v4/projects/allianceauth%2Fallianceauth'
             '/repository/tags'
-        )        
+        )
+        requests_mocker.get(url, status_code=500)
+        # when
+        result = _current_version_summary()
+        # then
+        self.assertEqual(result, {})
+
+    @requests_mock.mock()
+    def test_fetch_tags_from_gitlab(self, requests_mocker):
+        # given
+        url = (
+            'https://gitlab.com/api/v4/projects/allianceauth%2Fallianceauth'
+            '/repository/tags'
+        )
         requests_mocker.get(url, json=GITHUB_TAGS)
-        result = _fetch_tags_from_gitlab()
+        # when
-        self.assertEqual(result, GITHUB_TAGS)
+        result = _current_version_summary()
+        # then
+        self.assertTrue(result)
 
     @patch(MODULE_PATH + '.admin_status.__version__', TEST_VERSION)
     @patch(MODULE_PATH + '.admin_status.cache')
     def test_current_version_info_return_no_data(self, mock_cache):
+        # given
         mock_cache.get_or_set.return_value = None
-        
+        # when
-        expected = {}
         result = _current_version_summary()
-        self.assertEqual(result, expected)
+        # then
+        self.assertEqual(result, {})
 
 
 class TestLatestsVersion(TestCase):
 
     def test_all_version_types_defined(self):
-        
+
         tags = create_tags_list(
             ['2.1.1', '2.1.0', '2.0.0', '2.1.1a1', '1.1.1', '1.1.0', '1.0.0']
         )
-        major, minor, patch, beta = _latests_versions(tags)
+        patch, beta = _latests_versions(tags)
-        self.assertEqual(major, Pep440Version('2.0.0'))
-        self.assertEqual(minor, Pep440Version('2.1.0'))
         self.assertEqual(patch, Pep440Version('2.1.1'))
         self.assertEqual(beta, Pep440Version('2.1.1a1'))
 
     def test_major_and_minor_not_defined_with_zero(self):
-        
+
         tags = create_tags_list(
             ['2.1.2', '2.1.1', '2.0.1', '2.1.1a1', '1.1.1', '1.1.0', '1.0.0']
         )
-        major, minor, patch, beta = _latests_versions(tags)
+        patch, beta = _latests_versions(tags)
-        self.assertEqual(major, Pep440Version('2.0.1'))
-        self.assertEqual(minor, Pep440Version('2.1.1'))
         self.assertEqual(patch, Pep440Version('2.1.2'))
         self.assertEqual(beta, Pep440Version('2.1.1a1'))
-        
+
     def test_can_ignore_invalid_versions(self):
-        
+
         tags = create_tags_list(
             ['2.1.1', '2.1.0', '2.0.0', '2.1.1a1', 'invalid']
         )
-        major, minor, patch, beta = _latests_versions(tags)
+        patch, beta = _latests_versions(tags)
-        self.assertEqual(major, Pep440Version('2.0.0'))
-        self.assertEqual(minor, Pep440Version('2.1.0'))
         self.assertEqual(patch, Pep440Version('2.1.1'))
         self.assertEqual(beta, Pep440Version('2.1.1a1'))
 
 
 class TestFetchListFromGitlab(TestCase):
-   
+
     page_size = 2
-    
+
     def setUp(self):
         self.url = (
             'https://gitlab.com/api/v4/projects/allianceauth%2Fallianceauth'
@@ -237,8 +255,8 @@ class TestFetchListFromGitlab(TestCase):
         page = int(request.qs['page'][0])
         start = (page - 1) * cls.page_size
         end = start + cls.page_size
-        return GITHUB_TAGS[start:end]        
+        return GITHUB_TAGS[start:end]
-    
+
     @requests_mock.mock()
     def test_can_fetch_one_page_with_header(self, requests_mocker):
         headers = {
@@ -250,7 +268,7 @@ class TestFetchListFromGitlab(TestCase):
         self.assertEqual(requests_mocker.call_count, 1)
 
     @requests_mock.mock()
-    def test_can_fetch_one_page_wo_header(self, requests_mocker):        
+    def test_can_fetch_one_page_wo_header(self, requests_mocker):
         requests_mocker.get(self.url, json=GITHUB_TAGS)
         result = _fetch_list_from_gitlab(self.url)
         self.assertEqual(result, GITHUB_TAGS)
@@ -267,7 +285,7 @@ class TestFetchListFromGitlab(TestCase):
         self.assertEqual(requests_mocker.call_count, 1)
 
     @requests_mock.mock()
-    def test_can_fetch_multiple_pages(self, requests_mocker):     
+    def test_can_fetch_multiple_pages(self, requests_mocker):
         total_pages = ceil(len(GITHUB_TAGS) / self.page_size)
         headers = {
             'x-total-pages': str(total_pages)
@@ -278,7 +296,7 @@ class TestFetchListFromGitlab(TestCase):
         self.assertEqual(requests_mocker.call_count, total_pages)
 
     @requests_mock.mock()
-    def test_can_fetch_given_number_of_pages_only(self, requests_mocker):     
+    def test_can_fetch_given_number_of_pages_only(self, requests_mocker):
         total_pages = ceil(len(GITHUB_TAGS) / self.page_size)
         headers = {
             'x-total-pages': str(total_pages)
@@ -288,3 +306,25 @@ class TestFetchListFromGitlab(TestCase):
         result = _fetch_list_from_gitlab(self.url, max_pages=max_pages)
         self.assertEqual(result, GITHUB_TAGS[:4])
         self.assertEqual(requests_mocker.call_count, max_pages)
+
+    @requests_mock.mock()
+    @patch(MODULE_PATH + '.admin_status.logger')
+    def test_should_not_raise_any_exception_from_github_request_but_log_as_warning(
+        self, requests_mocker, mock_logger
+    ):
+        for my_exception in [
+            requests.exceptions.ConnectionError,
+            requests.exceptions.HTTPError,
+            requests.exceptions.URLRequired,
+            requests.exceptions.TooManyRedirects,
+            requests.exceptions.ConnectTimeout,
+            requests.exceptions.Timeout,
+
+        ]:
+            requests_mocker.get(self.url, exc=my_exception)
+            try:
+                result = _fetch_list_from_gitlab(self.url)
+            except Exception as ex:
+                self.fail(f"Unexpected exception raised: {ex}")
+            self.assertTrue(mock_logger.warning.called)
+            self.assertListEqual(result, [])

allianceauth/authentication/urls.py

@@ -1,5 +1,4 @@
-from django.conf.urls import url
+from django.urls import path
-from django.contrib.auth.decorators import login_required
 from django.views.generic.base import TemplateView
 
 from . import views
@@ -7,21 +6,36 @@ from . import views
 app_name = 'authentication'
 
 urlpatterns = [
-    url(r'^$', views.index, name='index'),
+    path('', views.index, name='index'),
-    url(
+    path(
-        r'^account/login/$', 
+        'account/login/',
-        TemplateView.as_view(template_name='public/login.html'), 
+        TemplateView.as_view(template_name='public/login.html'),
         name='login'
     ),
-    url(
+    path(
-        r'^account/characters/main/$',
+        'account/characters/main/',
         views.main_character_change,
         name='change_main_character'
     ),
-    url(
+    path(
-        r'^account/characters/add/$', 
+        'account/characters/add/',
-        views.add_character, 
+        views.add_character,
         name='add_character'
-    ),   
+    ),
-    url(r'^dashboard/$', views.dashboard, name='dashboard'),
+    path(
+        'account/tokens/manage/',
+        views.token_management,
+        name='token_management'
+    ),
+    path(
+        'account/tokens/delete/<int:token_id>',
+        views.token_delete,
+        name='token_delete'
+    ),
+    path(
+        'account/tokens/refresh/<int:token_id>',
+        views.token_refresh,
+        name='token_refresh'
+    ),
+    path('dashboard/', views.dashboard, name='dashboard'),
 ]

allianceauth/authentication/views.py

@@ -6,8 +6,10 @@ from django.contrib.auth import login, authenticate
 from django.contrib.auth.decorators import login_required
 from django.contrib.auth.models import User
 from django.core import signing
+from django.core.mail import EmailMultiAlternatives
 from django.http import JsonResponse
 from django.shortcuts import redirect, render
+from django.template.loader import render_to_string
 from django.urls import reverse, reverse_lazy
 from django.utils.translation import gettext_lazy as _
 
@@ -16,8 +18,8 @@ from esi.decorators import token_required
 from esi.models import Token
 
 from django_registration.backends.activation.views import (
-    RegistrationView as BaseRegistrationView, 
+    RegistrationView as BaseRegistrationView,
-    ActivationView as BaseActivationView, 
+    ActivationView as BaseActivationView,
     REGISTRATION_SALT
 )
 from django_registration.signals import user_registered
@@ -52,18 +54,56 @@ def dashboard(request):
         .filter(character_ownership__user=request.user)\
         .select_related()\
         .order_by('character_name')
-        
+
     context = {
         'groups': groups,
         'characters': characters
     }
     return render(request, 'authentication/dashboard.html', context)
 
+@login_required
+def token_management(request):
+    tokens = request.user.token_set.all()
+
+    context = {
+        'tokens': tokens
+    }
+    return render(request, 'authentication/tokens.html', context)
+
+@login_required
+def token_delete(request, token_id=None):
+    try:
+        token = Token.objects.get(id=token_id)
+        if request.user == token.user:
+            token.delete()
+            messages.success(request, "Token Deleted.")
+        else:
+            messages.error(request, "This token does not belong to you.")
+    except Token.DoesNotExist:
+        messages.warning(request, "Token does not exist")
+    return redirect('authentication:token_management')
+
+@login_required
+def token_refresh(request, token_id=None):
+    try:
+        token = Token.objects.get(id=token_id)
+        if request.user == token.user:
+            try:
+                token.refresh()
+                messages.success(request, "Token refreshed.")
+            except Exception as e:
+                messages.warning(request, f"Failed to refresh token. {e}")
+        else:
+            messages.error(request, "This token does not belong to you.")
+    except Token.DoesNotExist:
+        messages.warning(request, "Token does not exist")
+    return redirect('authentication:token_management')
+
 
 @login_required
 @token_required(scopes=settings.LOGIN_TOKEN_SCOPES)
 def main_character_change(request, token):
-    logger.debug("main_character_change called by user %s for character %s" % (request.user, token.character_name))
+    logger.debug(f"main_character_change called by user {request.user} for character {token.character_name}")
     try:
         co = CharacterOwnership.objects.get(character__character_id=token.character_id, user=request.user)
     except CharacterOwnership.DoesNotExist:
@@ -71,7 +111,7 @@ def main_character_change(request, token):
             co = CharacterOwnership.objects.create_by_token(token)
         else:
             messages.error(
-                request, 
+                request,
                 _('Cannot change main character to %(char)s: character owned by a different account.') % ({'char': token.character_name})
             )
             co = None
@@ -137,8 +177,51 @@ class RegistrationView(BaseRegistrationView):
     form_class = RegistrationForm
     template_name = "public/register.html"
     email_body_template = "registration/activation_email.txt"
+    email_body_template_html = "registration/activation_email_html.txt"
     email_subject_template = "registration/activation_email_subject.txt"
-    success_url = reverse_lazy('registration_complete') 
+    success_url = reverse_lazy('registration_complete')
+
+    def send_activation_email(self, user):
+        """
+        Implement our own way to send a mail to make sure we
+        send a RFC conform multipart email
+        :param user:
+        :type user:
+        """
+
+        activation_key = self.get_activation_key(user)
+        context = self.get_email_context(activation_key)
+        context["user"] = user
+
+        # email subject
+        subject = render_to_string(
+            template_name=self.email_subject_template,
+            context=context,
+            request=self.request,
+        )
+        subject = "".join(subject.splitlines())
+
+        # plaintext email body part
+        message = render_to_string(
+            template_name=self.email_body_template,
+            context=context,
+            request=self.request,
+        )
+
+        # html email body part
+        message_html = render_to_string(
+            template_name=self.email_body_template_html,
+            context=context,
+            request=self.request,
+        )
+
+        # send it
+        user.email_user(
+            subject,
+            message,
+            settings.DEFAULT_FROM_EMAIL,
+            **{'html_message': message_html},
+        )
 
     def get_success_url(self, user):
         if not getattr(settings, 'REGISTRATION_VERIFY_EMAIL', True):
@@ -154,7 +237,7 @@ class RegistrationView(BaseRegistrationView):
         if not getattr(settings, 'REGISTRATION_VERIFY_EMAIL', True):
             # Keep the request so the user can be automagically logged in.
             setattr(self, 'request', request)
-        return super(RegistrationView, self).dispatch(request, *args, **kwargs)
+        return super().dispatch(request, *args, **kwargs)
 
     def register(self, form):
         user = User.objects.get(pk=self.request.session.get('registration_uid'))
@@ -173,7 +256,7 @@ class RegistrationView(BaseRegistrationView):
         return signing.dumps(obj=[getattr(user, User.USERNAME_FIELD), user.email], salt=REGISTRATION_SALT)
 
     def get_email_context(self, activation_key):
-        context = super(RegistrationView, self).get_email_context(activation_key)
+        context = super().get_email_context(activation_key)
         context['url'] = context['site'].domain + reverse('registration_activate', args=[activation_key])
         return context
 
@@ -181,12 +264,12 @@ class RegistrationView(BaseRegistrationView):
 # Step 3
 class ActivationView(BaseActivationView):
     template_name = "registration/activate.html"
-    success_url = reverse_lazy('registration_activation_complete')    
+    success_url = reverse_lazy('registration_activation_complete')
-    
+
     def validate_key(self, activation_key):
         try:
             dump = signing.loads(activation_key, salt=REGISTRATION_SALT,
-                                 max_age=settings.ACCOUNT_ACTIVATION_DAYS * 86400)
+                                max_age=settings.ACCOUNT_ACTIVATION_DAYS * 86400)
             return dump
         except signing.BadSignature:
             return None