Version Bump 3.6.0

`pre-commit` Update and File Permission Fixes (redone)

See merge request allianceauth/allianceauth!1523

.gitignore

@@ -69,11 +69,7 @@ celerybeat-schedule
 #gitlab configs
 .gitlab/
 
-#transifex
-.tx/
-
 #other
 .flake8
 .pylintrc
 Makefile
-.isort.cfg

.gitlab-ci.yml

@@ -5,16 +5,16 @@
     - merge_requests
 
 stages:
-- pre-commit
-- gitlab
-- test
-- deploy
-- docker
+  - pre-commit
+  - gitlab
+  - test
+  - deploy
+  - docker
 
 include:
-- template: Dependency-Scanning.gitlab-ci.yml
-- template: Security/SAST.gitlab-ci.yml
-- template: Security/Secret-Detection.gitlab-ci.yml
+  - template: Dependency-Scanning.gitlab-ci.yml
+  - template: Security/SAST.gitlab-ci.yml
+  - template: Security/Secret-Detection.gitlab-ci.yml
 
 before_script:
   - apt-get update && apt-get install redis-server -y
@@ -25,7 +25,7 @@ before_script:
 pre-commit-check:
   <<: *only-default
   stage: pre-commit
-  image: python:3.8-bullseye
+  image: python:3.10-bullseye
   variables:
     PRE_COMMIT_HOME: ${CI_PROJECT_DIR}/.cache/pre-commit
   cache:
@@ -42,103 +42,175 @@ sast:
 dependency_scanning:
   stage: gitlab
   before_script:
-  - apt-get update && apt-get install redis-server libmariadb-dev -y
-  - redis-server --daemonize yes
-  - python -V
-  - pip install wheel tox
+    - apt-get update && apt-get install redis-server libmariadb-dev -y
+    - redis-server --daemonize yes
+    - python -V
+    - pip install wheel tox
+
+secret_detection:
+  stage: gitlab
+  before_script: []
 
 test-3.8-core:
   <<: *only-default
   image: python:3.8-bullseye
   script:
-  - tox -e py38-core
+    - tox -e py38-core
   artifacts:
     when: always
     reports:
-      cobertura: coverage.xml
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage.xml
 
 test-3.9-core:
   <<: *only-default
   image: python:3.9-bullseye
   script:
-  - tox -e py39-core
+    - tox -e py39-core
   artifacts:
     when: always
     reports:
-      cobertura: coverage.xml
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage.xml
 
 test-3.10-core:
   <<: *only-default
   image: python:3.10-bullseye
   script:
-  - tox -e py310-core
+    - tox -e py310-core
   artifacts:
     when: always
     reports:
-      cobertura: coverage.xml
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage.xml
 
 test-3.11-core:
   <<: *only-default
-  image: python:3.11-rc-bullseye
+  image: python:3.11-bullseye
   script:
-  - tox -e py311-core
+    - tox -e py311-core
   artifacts:
     when: always
     reports:
-      cobertura: coverage.xml
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage.xml
+
+test-pvpy-core:
+  <<: *only-default
+  image: pypy:3.9-bullseye
+  script:
+    - tox -e pypy-all
+  artifacts:
+    when: always
+    reports:
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage.xml
   allow_failure: true
 
 test-3.8-all:
   <<: *only-default
   image: python:3.8-bullseye
   script:
-  - tox -e py38-all
+    - tox -e py38-all
   artifacts:
     when: always
     reports:
-      cobertura: coverage.xml
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage.xml
 
 test-3.9-all:
   <<: *only-default
   image: python:3.9-bullseye
   script:
-  - tox -e py39-all
+    - tox -e py39-all
   artifacts:
     when: always
     reports:
-      cobertura: coverage.xml
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage.xml
 
 test-3.10-all:
   <<: *only-default
   image: python:3.10-bullseye
   script:
-  - tox -e py310-all
+    - tox -e py310-all
   artifacts:
     when: always
     reports:
-      cobertura: coverage.xml
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage.xml
 
 test-3.11-all:
   <<: *only-default
-  image: python:3.11-rc-bullseye
+  image: python:3.11-bullseye
   script:
-  - tox -e py311-all
+    - tox -e py311-all
   artifacts:
     when: always
     reports:
-      cobertura: coverage.xml
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage.xml
+  coverage: '/(?i)total.*? (100(?:\.0+)?\%|[1-9]?\d(?:\.\d+)?\%)$/'
+
+test-pvpy-all:
+  <<: *only-default
+  image: pypy:3.9-bullseye
+  script:
+    - tox -e pypy-all
+  artifacts:
+    when: always
+    reports:
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage.xml
   allow_failure: true
 
+build-test:
+  stage: test
+  image: python:3.10-bullseye
+
+  before_script:
+    - python -m pip install --upgrade pip
+    - python -m pip install --upgrade build
+    - python -m pip install --upgrade setuptools wheel
+
+  script:
+    - python -m build
+
+  artifacts:
+    when: always
+    name: "$CI_JOB_NAME-$CI_COMMIT_REF_SLUG"
+    paths:
+      - dist/*
+    expire_in: 1 year
+
+test-docs:
+  <<: *only-default
+  image: python:3.10-bullseye
+  script:
+  - tox -e docs
+
 deploy_production:
   stage: deploy
   image: python:3.10-bullseye
 
   before_script:
-    - pip install twine wheel
+    - python -m pip install --upgrade pip
+    - python -m pip install --upgrade build
+    - python -m pip install --upgrade setuptools wheel twine
 
   script:
-    - python setup.py sdist bdist_wheel
-    - twine upload dist/*
+    - python -m build
+    - python -m twine upload dist/*
 
   rules:
     - if: $CI_COMMIT_TAG
@@ -166,6 +238,8 @@ build-image:
     docker image push --all-tags $CI_REGISTRY_IMAGE/auth
   rules:
     - if: $CI_COMMIT_TAG
+      when: delayed
+      start_in: 10 minutes
 
 build-image-dev:
   before_script: []

.pre-commit-config.yaml

@@ -5,30 +5,75 @@
 
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.1.0
+    rev: v4.4.0
     hooks:
-      - id: check-case-conflict
-      - id: check-json
-      - id: check-xml
+      # Identify invalid files
+      - id: check-ast
       - id: check-yaml
-      - id: fix-byte-order-marker
-      - id: trailing-whitespace
-        exclude: (\.min\.css|\.min\.js|\.mo|\.po|swagger\.json)$
-      - id: end-of-file-fixer
-        exclude: (\.min\.css|\.min\.js|\.mo|\.po|swagger\.json)$
-      - id: mixed-line-ending
-        args: [ '--fix=lf' ]
+      - id: check-json
+      - id: check-toml
+      - id: check-xml
+
+      # git checks
+      - id: check-merge-conflict
+      - id: check-added-large-files
+        args: [ --maxkb=1000 ]
+      - id: detect-private-key
+      - id: check-case-conflict
+
+      # Python checks
+#      - id: check-docstring-first
+      - id: debug-statements
+#      - id: requirements-txt-fixer
       - id: fix-encoding-pragma
-        args: [ '--remove' ]
+        args: [ --remove ]
+      - id: fix-byte-order-marker
+
+      # General quality checks
+      - id: mixed-line-ending
+        args: [ --fix=lf ]
+      - id: trailing-whitespace
+        args: [ --markdown-linebreak-ext=md ]
+        exclude: |
+          (?x)(
+            \.min\.css|
+            \.min\.js|
+            \.po|
+            \.mo|
+            swagger\.json
+          )
+      - id: check-executables-have-shebangs
+      - id: end-of-file-fixer
+        exclude: |
+          (?x)(
+            \.min\.css|
+            \.min\.js|
+            \.po|
+            \.mo|
+            swagger\.json
+          )
 
   - repo: https://github.com/editorconfig-checker/editorconfig-checker.python
-    rev: 2.4.0
+    rev: 2.7.2
     hooks:
       - id: editorconfig-checker
-        exclude: ^(LICENSE|allianceauth\/static\/css\/themes\/bootstrap-locals.less|allianceauth\/eveonline\/swagger.json|(.*.po)|(.*.mo))
+        exclude: |
+          (?x)(
+            LICENSE|
+            allianceauth\/static\/allianceauth\/css\/themes\/bootstrap-locals.less|
+            \.po|
+            \.mo|
+            swagger\.json
+          )
+
+  - repo: https://github.com/adamchainz/django-upgrade
+    rev: 1.14.0
+    hooks:
+      - id: django-upgrade
+        args: [ --target-version=4.0 ]
 
   - repo: https://github.com/asottile/pyupgrade
-    rev: v2.30.0
+    rev: v3.10.1
     hooks:
       - id: pyupgrade
         args: [ --py38-plus ]

.readthedocs.yml

@@ -5,19 +5,22 @@
 # Required
 version: 2
 
+# Set the version of Python and other tools you might need
+build:
+  os: ubuntu-20.04
+  apt_packages:
+    - redis
+  tools:
+    python: "3.8"
+
 # Build documentation in the docs/ directory with Sphinx
 sphinx:
   configuration: docs/conf.py
 
-# Build documentation with MkDocs
-#mkdocs:
-#  configuration: mkdocs.yml
-
 # Optionally build your docs in additional formats such as PDF and ePub
 formats: all
 
 # Optionally set the version of Python and requirements required to build your docs
 python:
-  version: 3.7
   install:
     - requirements: docs/requirements.txt

.tx/config

@@ -0,0 +1,10 @@
+[main]
+host     = https://www.transifex.com
+lang_map = zh-Hans: zh_Hans
+
+[o:alliance-auth:p:alliance-auth:r:django-po]
+file_filter  = allianceauth/locale/<lang>/LC_MESSAGES/django.po
+source_file  = allianceauth/locale/en/LC_MESSAGES/django.po
+source_lang  = en
+type         = PO
+minimum_perc = 0

.tx/config_20230406134150.bak

@@ -0,0 +1,10 @@
+[main]
+host = https://www.transifex.com
+lang_map = zh-Hans:zh_Hans
+
+[alliance-auth.django-po]
+file_filter = allianceauth/locale/<lang>/LC_MESSAGES/django.po
+minimum_perc = 0
+source_file = allianceauth/locale/en/LC_MESSAGES/django.po
+source_lang = en
+type = PO

MANIFEST.in

@@ -1,7 +0,0 @@
-include LICENSE
-include README.md
-include MANIFEST.in
-graft allianceauth
-
-global-exclude __pycache__
-global-exclude *.py[co]

README.md

@@ -36,7 +36,7 @@ Main features:
 
 - Can be easily extended with additional services and apps. Many are provided by the community and can be found here: [Community Creations](https://gitlab.com/allianceauth/community-creations)
 
-- English :flag_gb:, Chinese :flag_cn:, German :flag_de:, Spanish :flag_es:, Korean :flag_kr: and Russian :flag_ru: localization
+- English :flag_gb:, Chinese :flag_cn:, German :flag_de:, Spanish :flag_es:, Korean :flag_kr:, Russian :flag_ru:, Italian :flag_it:, French :flag_fr:, Japanese :flag_jp: and Ukrainian :flag_ua: Localization
 
 For further details about AA - including an installation guide and a full list of included services and plugin apps - please see the [official documentation](http://allianceauth.rtfd.io).
 
@@ -56,13 +56,15 @@ Here is an example of the Alliance Auth web site with some plug-ins apps and ser
 
 - [Aaron Kable](https://gitlab.com/aaronkable/)
 - [Ariel Rin](https://gitlab.com/soratidus999/)
-- [Basraah](https://gitlab.com/basraah/)
 - [Col Crunch](https://gitlab.com/colcrunch/)
 - [Erik Kalkoken](https://gitlab.com/ErikKalkoken/)
+- [Rounon Dax](https://gitlab.com/ppfeufer)
+- [snipereagle1](https://gitlab.com/mckernanin)
 
 ### Former Developers
 
 - [Adarnof](https://gitlab.com/adarnof/)
+- [Basraah](https://gitlab.com/basraah/)
 
 ### Beta Testers / Bug Fixers
 

allianceauth/__init__.py

@@ -1,8 +1,11 @@
+"""An auth system for EVE Online to help in-game organizations
+manage online service access.
+"""
+
 # This will make sure the app is always imported when
 # Django starts so that shared_task will use this app.
 
-__version__ = '3.0.0a1'
+__version__ = '3.6.0'
 __title__ = 'Alliance Auth'
 __url__ = 'https://gitlab.com/allianceauth/allianceauth'
 NAME = f'{__title__} v{__version__}'
-default_app_config = 'allianceauth.apps.AllianceAuthConfig'

allianceauth/analytics/__init__.py

@@ -1 +0,0 @@
-default_app_config = 'allianceauth.analytics.apps.AnalyticsConfig'

allianceauth/analytics/models.py

@@ -8,13 +8,13 @@ from uuid import uuid4
 class AnalyticsIdentifier(models.Model):
 
     identifier = models.UUIDField(default=uuid4,
-                                  editable=False)
+                                editable=False)
 
     def save(self, *args, **kwargs):
         if not self.pk and AnalyticsIdentifier.objects.exists():
             # Force a single object
             raise ValidationError('There is can be only one \
-                                   AnalyticsIdentifier instance')
+                                    AnalyticsIdentifier instance')
         self.pk = self.id = 1 # If this happens to be deleted and recreated, force it to be 1
         return super().save(*args, **kwargs)
 

allianceauth/analytics/tests/test_integration.py

@@ -3,16 +3,17 @@ from urllib.parse import parse_qs
 
 import requests_mock
 
-from django.test import TestCase, override_settings
+from django.test import override_settings
 
 from allianceauth.analytics.tasks import ANALYTICS_URL
 from allianceauth.eveonline.tasks import update_character
 from allianceauth.tests.auth_utils import AuthUtils
+from allianceauth.utils.testing import NoSocketsTestCase
 
 
 @override_settings(CELERY_ALWAYS_EAGER=True)
 @requests_mock.mock()
-class TestAnalyticsForViews(TestCase):
+class TestAnalyticsForViews(NoSocketsTestCase):
     @override_settings(ANALYTICS_DISABLED=False)
     def test_should_run_analytics(self, requests_mocker):
         # given
@@ -40,7 +41,7 @@ class TestAnalyticsForViews(TestCase):
 
 @override_settings(CELERY_ALWAYS_EAGER=True)
 @requests_mock.mock()
-class TestAnalyticsForTasks(TestCase):
+class TestAnalyticsForTasks(NoSocketsTestCase):
     @override_settings(ANALYTICS_DISABLED=False)
     @patch("allianceauth.eveonline.models.EveCharacter.objects.update_character")
     def test_should_run_analytics_for_successful_task(

allianceauth/analytics/tests/test_tasks.py

@@ -1,12 +1,22 @@
+import requests_mock
+
+from django.test.utils import override_settings
+
 from allianceauth.analytics.tasks import (
     analytics_event,
     send_ga_tracking_celery_event,
     send_ga_tracking_web_view)
-from django.test.testcases import TestCase
+from allianceauth.utils.testing import NoSocketsTestCase
 
 
-class TestAnalyticsTasks(TestCase):
-    def test_analytics_event(self):
+GOOGLE_ANALYTICS_DEBUG_URL = 'https://www.google-analytics.com/debug/collect'
+
+
+@override_settings(CELERY_ALWAYS_EAGER=True, CELERY_EAGER_PROPAGATES_EXCEPTIONS=True)
+@requests_mock.Mocker()
+class TestAnalyticsTasks(NoSocketsTestCase):
+    def test_analytics_event(self, requests_mocker):
+        requests_mocker.register_uri('POST', GOOGLE_ANALYTICS_DEBUG_URL)
         analytics_event(
                         category='allianceauth.analytics',
                         action='send_tests',
@@ -14,15 +24,19 @@ class TestAnalyticsTasks(TestCase):
                         value=1,
                         event_type='Stats')
 
-    def test_send_ga_tracking_web_view_sent(self):
-        # This test sends if the event SENDS to google
-        # Not if it was successful
+    def test_send_ga_tracking_web_view_sent(self, requests_mocker):
+        """This test sends if the event SENDS to google.
+        Not if it was successful.
+        """
+        # given
+        requests_mocker.register_uri('POST', GOOGLE_ANALYTICS_DEBUG_URL)
         tracking_id = 'UA-186249766-2'
         client_id = 'ab33e241fbf042b6aa77c7655a768af7'
         page = '/index/'
         title = 'Hello World'
         locale = 'en'
         useragent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"
+        # when
         response = send_ga_tracking_web_view(
                                             tracking_id,
                                             client_id,
@@ -30,15 +44,23 @@ class TestAnalyticsTasks(TestCase):
                                             title,
                                             locale,
                                             useragent)
+        # then
         self.assertEqual(response.status_code, 200)
 
-    def test_send_ga_tracking_web_view_success(self):
+    def test_send_ga_tracking_web_view_success(self, requests_mocker):
+        # given
+        requests_mocker.register_uri(
+            'POST',
+            GOOGLE_ANALYTICS_DEBUG_URL,
+            json={"hitParsingResult":[{'valid': True}]}
+        )
         tracking_id = 'UA-186249766-2'
         client_id = 'ab33e241fbf042b6aa77c7655a768af7'
         page = '/index/'
         title = 'Hello World'
         locale = 'en'
         useragent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"
+        # when
         json_response = send_ga_tracking_web_view(
                                                 tracking_id,
                                                 client_id,
@@ -46,15 +68,42 @@ class TestAnalyticsTasks(TestCase):
                                                 title,
                                                 locale,
                                                 useragent).json()
+        # then
         self.assertTrue(json_response["hitParsingResult"][0]["valid"])
 
-    def test_send_ga_tracking_web_view_invalid_token(self):
+    def test_send_ga_tracking_web_view_invalid_token(self, requests_mocker):
+        # given
+        requests_mocker.register_uri(
+            'POST',
+            GOOGLE_ANALYTICS_DEBUG_URL,
+            json={
+                "hitParsingResult":[
+                    {
+                        'valid': False,
+                        'parserMessage': [
+                            {
+                                'messageType': 'INFO',
+                                'description': 'IP Address from this hit was anonymized to 1.132.110.0.',
+                                'messageCode': 'VALUE_MODIFIED'
+                            },
+                            {
+                                'messageType': 'ERROR',
+                                'description': "The value provided for parameter 'tid' is invalid. Please see http://goo.gl/a8d4RP#tid for details.",
+                                'messageCode': 'VALUE_INVALID', 'parameter': 'tid'
+                            }
+                        ],
+                        'hit': '/debug/collect?v=1&tid=UA-IntentionallyBadTrackingID-2&cid=ab33e241fbf042b6aa77c7655a768af7&t=pageview&dp=/index/&dt=Hello World&ul=en&ua=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36&aip=1&an=allianceauth&av=2.9.0a2'
+                    }
+                ]
+            }
+        )
         tracking_id = 'UA-IntentionallyBadTrackingID-2'
         client_id = 'ab33e241fbf042b6aa77c7655a768af7'
         page = '/index/'
         title = 'Hello World'
         locale = 'en'
         useragent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"
+        # when
         json_response = send_ga_tracking_web_view(
                                             tracking_id,
                                             client_id,
@@ -62,18 +111,25 @@ class TestAnalyticsTasks(TestCase):
                                             title,
                                             locale,
                                             useragent).json()
+        # then
         self.assertFalse(json_response["hitParsingResult"][0]["valid"])
-        self.assertEqual(json_response["hitParsingResult"][0]["parserMessage"][1]["description"], "The value provided for parameter 'tid' is invalid. Please see http://goo.gl/a8d4RP#tid for details.")
+        self.assertEqual(
+            json_response["hitParsingResult"][0]["parserMessage"][1]["description"],
+            "The value provided for parameter 'tid' is invalid. Please see http://goo.gl/a8d4RP#tid for details."
+        )
 
         # [{'valid': False, 'parserMessage': [{'messageType': 'INFO', 'description': 'IP Address from this hit was anonymized to 1.132.110.0.', 'messageCode': 'VALUE_MODIFIED'}, {'messageType': 'ERROR', 'description': "The value provided for parameter 'tid' is invalid. Please see http://goo.gl/a8d4RP#tid for details.", 'messageCode': 'VALUE_INVALID', 'parameter': 'tid'}], 'hit': '/debug/collect?v=1&tid=UA-IntentionallyBadTrackingID-2&cid=ab33e241fbf042b6aa77c7655a768af7&t=pageview&dp=/index/&dt=Hello World&ul=en&ua=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36&aip=1&an=allianceauth&av=2.9.0a2'}]
 
-    def test_send_ga_tracking_celery_event_sent(self):
+    def test_send_ga_tracking_celery_event_sent(self, requests_mocker):
+        # given
+        requests_mocker.register_uri('POST', GOOGLE_ANALYTICS_DEBUG_URL)
         tracking_id = 'UA-186249766-2'
         client_id = 'ab33e241fbf042b6aa77c7655a768af7'
         category = 'test'
         action = 'test'
         label = 'test'
         value = '1'
+        # when
         response = send_ga_tracking_celery_event(
                                                 tracking_id,
                                                 client_id,
@@ -81,15 +137,23 @@ class TestAnalyticsTasks(TestCase):
                                                 action,
                                                 label,
                                                 value)
+        # then
         self.assertEqual(response.status_code, 200)
 
-    def test_send_ga_tracking_celery_event_success(self):
+    def test_send_ga_tracking_celery_event_success(self, requests_mocker):
+        # given
+        requests_mocker.register_uri(
+            'POST',
+            GOOGLE_ANALYTICS_DEBUG_URL,
+            json={"hitParsingResult":[{'valid': True}]}
+        )
         tracking_id = 'UA-186249766-2'
         client_id = 'ab33e241fbf042b6aa77c7655a768af7'
         category = 'test'
         action = 'test'
         label = 'test'
         value = '1'
+        # when
         json_response = send_ga_tracking_celery_event(
                                                     tracking_id,
                                                     client_id,
@@ -97,15 +161,42 @@ class TestAnalyticsTasks(TestCase):
                                                     action,
                                                     label,
                                                     value).json()
+        # then
         self.assertTrue(json_response["hitParsingResult"][0]["valid"])
 
-    def test_send_ga_tracking_celery_event_invalid_token(self):
+    def test_send_ga_tracking_celery_event_invalid_token(self, requests_mocker):
+        # given
+        requests_mocker.register_uri(
+            'POST',
+            GOOGLE_ANALYTICS_DEBUG_URL,
+            json={
+                "hitParsingResult":[
+                    {
+                        'valid': False,
+                        'parserMessage': [
+                            {
+                                'messageType': 'INFO',
+                                'description': 'IP Address from this hit was anonymized to 1.132.110.0.',
+                                'messageCode': 'VALUE_MODIFIED'
+                            },
+                            {
+                                'messageType': 'ERROR',
+                                'description': "The value provided for parameter 'tid' is invalid. Please see http://goo.gl/a8d4RP#tid for details.",
+                                'messageCode': 'VALUE_INVALID', 'parameter': 'tid'
+                            }
+                        ],
+                        'hit': '/debug/collect?v=1&tid=UA-IntentionallyBadTrackingID-2&cid=ab33e241fbf042b6aa77c7655a768af7&t=pageview&dp=/index/&dt=Hello World&ul=en&ua=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36&aip=1&an=allianceauth&av=2.9.0a2'
+                    }
+                ]
+            }
+        )
         tracking_id = 'UA-IntentionallyBadTrackingID-2'
         client_id = 'ab33e241fbf042b6aa77c7655a768af7'
         category = 'test'
         action = 'test'
         label = 'test'
         value = '1'
+        # when
         json_response = send_ga_tracking_celery_event(
                                                     tracking_id,
                                                     client_id,
@@ -113,7 +204,9 @@ class TestAnalyticsTasks(TestCase):
                                                     action,
                                                     label,
                                                     value).json()
+        # then
         self.assertFalse(json_response["hitParsingResult"][0]["valid"])
-        self.assertEqual(json_response["hitParsingResult"][0]["parserMessage"][1]["description"], "The value provided for parameter 'tid' is invalid. Please see http://goo.gl/a8d4RP#tid for details.")
-
-        # [{'valid': False, 'parserMessage': [{'messageType': 'INFO', 'description': 'IP Address from this hit was anonymized to 1.132.110.0.', 'messageCode': 'VALUE_MODIFIED'}, {'messageType': 'ERROR', 'description': "The value provided for parameter 'tid' is invalid. Please see http://goo.gl/a8d4RP#tid for details.", 'messageCode': 'VALUE_INVALID', 'parameter': 'tid'}], 'hit': '/debug/collect?v=1&tid=UA-IntentionallyBadTrackingID-2&cid=ab33e241fbf042b6aa77c7655a768af7&t=pageview&dp=/index/&dt=Hello World&ul=en&ua=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36&aip=1&an=allianceauth&av=2.9.0a2'}]
+        self.assertEqual(
+            json_response["hitParsingResult"][0]["parserMessage"][1]["description"],
+            "The value provided for parameter 'tid' is invalid. Please see http://goo.gl/a8d4RP#tid for details."
+        )

allianceauth/authentication/__init__.py

@@ -1 +0,0 @@
-default_app_config = 'allianceauth.authentication.apps.AuthenticationConfig'

allianceauth/authentication/admin.py

@@ -1,30 +1,44 @@
 from django.contrib import admin
 from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
-from django.contrib.auth.models import User as BaseUser, \
-    Permission as BasePermission, Group
+from django.contrib.auth.models import Group
+from django.contrib.auth.models import Permission as BasePermission
+from django.contrib.auth.models import User as BaseUser
 from django.db.models import Count, Q
-from allianceauth.services.hooks import ServicesHook
-from django.db.models.signals import pre_save, post_save, pre_delete, \
-    post_delete, m2m_changed
 from django.db.models.functions import Lower
+from django.db.models.signals import (
+    m2m_changed,
+    post_delete,
+    post_save,
+    pre_delete,
+    pre_save
+)
 from django.dispatch import receiver
-from django.forms import ModelForm
-from django.utils.html import format_html
 from django.urls import reverse
+from django.utils.html import format_html
 from django.utils.text import slugify
 
 from allianceauth.authentication.models import (
-    State,
-    get_guest_state,
     CharacterOwnership,
+    OwnershipRecord,
+    State,
     UserProfile,
-    OwnershipRecord)
-from allianceauth.hooks import get_hooks
-from allianceauth.eveonline.models import EveCharacter, EveCorporationInfo,\
-    EveAllianceInfo, EveFactionInfo
+    get_guest_state
+)
+from allianceauth.eveonline.models import (
+    EveAllianceInfo,
+    EveCharacter,
+    EveCorporationInfo,
+    EveFactionInfo
+)
 from allianceauth.eveonline.tasks import update_character
-from .app_settings import AUTHENTICATION_ADMIN_USERS_MAX_GROUPS, \
-    AUTHENTICATION_ADMIN_USERS_MAX_CHARS
+from allianceauth.hooks import get_hooks
+from allianceauth.services.hooks import ServicesHook
+
+from .app_settings import (
+    AUTHENTICATION_ADMIN_USERS_MAX_CHARS,
+    AUTHENTICATION_ADMIN_USERS_MAX_GROUPS
+)
+from .forms import UserChangeForm, UserProfileForm
 
 
 def make_service_hooks_update_groups_action(service):
@@ -63,19 +77,10 @@ def make_service_hooks_sync_nickname_action(service):
     return sync_nickname
 
 
-class QuerysetModelForm(ModelForm):
-    # allows specifying FK querysets through kwarg
-    def __init__(self, querysets=None, *args, **kwargs):
-        querysets = querysets or {}
-        super().__init__(*args, **kwargs)
-        for field, qs in querysets.items():
-            self.fields[field].queryset = qs
-
-
 class UserProfileInline(admin.StackedInline):
     model = UserProfile
     readonly_fields = ('state',)
-    form = QuerysetModelForm
+    form = UserProfileForm
     verbose_name = ''
     verbose_name_plural = 'Profile'
 
@@ -103,6 +108,7 @@ class UserProfileInline(admin.StackedInline):
         return False
 
 
+@admin.display(description="")
 def user_profile_pic(obj):
     """profile pic column data for user objects
 
@@ -115,13 +121,10 @@ def user_profile_pic(obj):
             '<img src="{}" class="img-circle">',
             user_obj.profile.main_character.portrait_url(size=32)
         )
-    else:
-        return None
-
-
-user_profile_pic.short_description = ''
+    return None
 
 
+@admin.display(description="user / main", ordering="username")
 def user_username(obj):
     """user column data for user objects
 
@@ -143,18 +146,17 @@ def user_username(obj):
             user_obj.username,
             user_obj.profile.main_character.character_name
         )
-    else:
-        return format_html(
-            '<strong><a href="{}">{}</a></strong>',
-            link,
-            user_obj.username,
-        )
-
-
-user_username.short_description = 'user / main'
-user_username.admin_order_field = 'username'
+    return format_html(
+        '<strong><a href="{}">{}</a></strong>',
+        link,
+        user_obj.username,
+    )
 
 
+@admin.display(
+    description="Corporation / Alliance (Main)",
+    ordering="profile__main_character__corporation_name"
+)
 def user_main_organization(obj):
     """main organization column data for user objects
 
@@ -163,21 +165,15 @@ def user_main_organization(obj):
     """
     user_obj = obj.user if hasattr(obj, 'user') else obj
     if not user_obj.profile.main_character:
-        result = ''
-    else:
-        result = user_obj.profile.main_character.corporation_name
-        if user_obj.profile.main_character.alliance_id:
-            result += f'<br>{user_obj.profile.main_character.alliance_name}'
-        elif user_obj.profile.main_character.faction_name:
-            result += f'<br>{user_obj.profile.main_character.faction_name}'
+        return ''
+    result = user_obj.profile.main_character.corporation_name
+    if user_obj.profile.main_character.alliance_id:
+        result += f'<br>{user_obj.profile.main_character.alliance_name}'
+    elif user_obj.profile.main_character.faction_name:
+        result += f'<br>{user_obj.profile.main_character.faction_name}'
     return format_html(result)
 
 
-user_main_organization.short_description = 'Corporation / Alliance (Main)'
-user_main_organization.admin_order_field = \
-    'profile__main_character__corporation_name'
-
-
 class MainCorporationsFilter(admin.SimpleListFilter):
     """Custom filter to filter on corporations from mains only
 
@@ -200,15 +196,13 @@ class MainCorporationsFilter(admin.SimpleListFilter):
     def queryset(self, request, qs):
         if self.value() is None:
             return qs.all()
-        else:
-            if qs.model == User:
-                return qs.filter(
-                    profile__main_character__corporation_id=self.value()
-                )
-            else:
-                return qs.filter(
-                    user__profile__main_character__corporation_id=self.value()
-                )
+        if qs.model == User:
+            return qs.filter(
+                profile__main_character__corporation_id=self.value()
+            )
+        return qs.filter(
+            user__profile__main_character__corporation_id=self.value()
+        )
 
 
 class MainAllianceFilter(admin.SimpleListFilter):
@@ -221,12 +215,14 @@ class MainAllianceFilter(admin.SimpleListFilter):
     parameter_name = 'main_alliance_id__exact'
 
     def lookups(self, request, model_admin):
-        qs = EveCharacter.objects\
-            .exclude(alliance_id=None)\
-            .exclude(userprofile=None)\
-            .values('alliance_id', 'alliance_name')\
-            .distinct()\
+        qs = (
+            EveCharacter.objects
+            .exclude(alliance_id=None)
+            .exclude(userprofile=None)
+            .values('alliance_id', 'alliance_name')
+            .distinct()
             .order_by(Lower('alliance_name'))
+        )
         return tuple(
             (x['alliance_id'], x['alliance_name']) for x in qs
         )
@@ -234,13 +230,11 @@ class MainAllianceFilter(admin.SimpleListFilter):
     def queryset(self, request, qs):
         if self.value() is None:
             return qs.all()
-        else:
-            if qs.model == User:
-                return qs.filter(profile__main_character__alliance_id=self.value())
-            else:
-                return qs.filter(
-                    user__profile__main_character__alliance_id=self.value()
-                )
+        if qs.model == User:
+            return qs.filter(profile__main_character__alliance_id=self.value())
+        return qs.filter(
+            user__profile__main_character__alliance_id=self.value()
+        )
 
 
 class MainFactionFilter(admin.SimpleListFilter):
@@ -253,12 +247,14 @@ class MainFactionFilter(admin.SimpleListFilter):
     parameter_name = 'main_faction_id__exact'
 
     def lookups(self, request, model_admin):
-        qs = EveCharacter.objects\
-            .exclude(faction_id=None)\
-            .exclude(userprofile=None)\
-            .values('faction_id', 'faction_name')\
-            .distinct()\
+        qs = (
+            EveCharacter.objects
+            .exclude(faction_id=None)
+            .exclude(userprofile=None)
+            .values('faction_id', 'faction_name')
+            .distinct()
             .order_by(Lower('faction_name'))
+        )
         return tuple(
             (x['faction_id'], x['faction_name']) for x in qs
         )
@@ -266,15 +262,14 @@ class MainFactionFilter(admin.SimpleListFilter):
     def queryset(self, request, qs):
         if self.value() is None:
             return qs.all()
-        else:
-            if qs.model == User:
-                return qs.filter(profile__main_character__faction_id=self.value())
-            else:
-                return qs.filter(
-                    user__profile__main_character__faction_id=self.value()
-                )
+        if qs.model == User:
+            return qs.filter(profile__main_character__faction_id=self.value())
+        return qs.filter(
+            user__profile__main_character__faction_id=self.value()
+        )
 
 
+@admin.display(description="Update main character model from ESI")
 def update_main_character_model(modeladmin, request, queryset):
     tasks_count = 0
     for obj in queryset:
@@ -283,33 +278,72 @@ def update_main_character_model(modeladmin, request, queryset):
             tasks_count += 1
 
     modeladmin.message_user(
-        request,
-        f'Update from ESI started for {tasks_count} characters'
+        request, f'Update from ESI started for {tasks_count} characters'
     )
 
 
-update_main_character_model.short_description = \
-    'Update main character model from ESI'
-
-
 class UserAdmin(BaseUserAdmin):
     """Extending Django's UserAdmin model
 
     Behavior of groups and characters columns can be configured via settings
     """
 
+    inlines = BaseUserAdmin.inlines + [UserProfileInline]
+    ordering = ('username', )
+    list_select_related = ('profile__state', 'profile__main_character')
+    show_full_result_count = True
+    list_display = (
+        user_profile_pic,
+        user_username,
+        '_state',
+        '_groups',
+        user_main_organization,
+        '_characters',
+        'is_active',
+        'date_joined',
+        '_role'
+    )
+    list_display_links = None
+    list_filter = (
+        'profile__state',
+        'groups',
+        MainCorporationsFilter,
+        MainAllianceFilter,
+        MainFactionFilter,
+        'is_active',
+        'date_joined',
+        'is_staff',
+        'is_superuser'
+    )
+    search_fields = ('username', 'character_ownerships__character__character_name')
+    readonly_fields = ('date_joined', 'last_login')
+    filter_horizontal = ('groups', 'user_permissions',)
+    form = UserChangeForm
+
     class Media:
         css = {
-            "all": ("authentication/css/admin.css",)
+            "all": ("allianceauth/authentication/css/admin.css",)
         }
 
     def get_queryset(self, request):
         qs = super().get_queryset(request)
         return qs.prefetch_related("character_ownerships__character", "groups")
 
-    def get_actions(self, request):
-        actions = super(BaseUserAdmin, self).get_actions(request)
+    def get_form(self, request, obj=None, **kwargs):
+        """Inject current request into change form object."""
 
+        MyForm = super().get_form(request, obj, **kwargs)
+        if obj:
+            class MyFormInjected(MyForm):
+                def __new__(cls, *args, **kwargs):
+                    kwargs['request'] = request
+                    return MyForm(*args, **kwargs)
+
+            return MyFormInjected
+        return MyForm
+
+    def get_actions(self, request):
+        actions = super().get_actions(request)
         actions[update_main_character_model.__name__] = (
             update_main_character_model,
             update_main_character_model.__name__,
@@ -353,39 +387,6 @@ class UserAdmin(BaseUserAdmin):
             )
         return result
 
-    inlines = BaseUserAdmin.inlines + [UserProfileInline]
-    ordering = ('username', )
-    list_select_related = ('profile__state', 'profile__main_character')
-    show_full_result_count = True
-    list_display = (
-        user_profile_pic,
-        user_username,
-        '_state',
-        '_groups',
-        user_main_organization,
-        '_characters',
-        'is_active',
-        'date_joined',
-        '_role'
-    )
-    list_display_links = None
-    list_filter = (
-        'profile__state',
-        'groups',
-        MainCorporationsFilter,
-        MainAllianceFilter,
-        MainFactionFilter,
-        'is_active',
-        'date_joined',
-        'is_staff',
-        'is_superuser'
-    )
-    search_fields = (
-        'username',
-        'character_ownerships__character__character_name'
-    )
-    readonly_fields = ('date_joined', 'last_login')
-
     def _characters(self, obj):
         character_ownerships = list(obj.character_ownerships.all())
         characters = [obj.character.character_name for obj in character_ownerships]
@@ -394,22 +395,16 @@ class UserAdmin(BaseUserAdmin):
             AUTHENTICATION_ADMIN_USERS_MAX_CHARS
         )
 
-    _characters.short_description = 'characters'
-
+    @admin.display(ordering="profile__state")
     def _state(self, obj):
         return obj.profile.state.name
 
-    _state.short_description = 'state'
-    _state.admin_order_field = 'profile__state'
-
     def _groups(self, obj):
         my_groups = sorted(group.name for group in list(obj.groups.all()))
         return self._list_2_html_w_tooltips(
             my_groups, AUTHENTICATION_ADMIN_USERS_MAX_GROUPS
         )
 
-    _groups.short_description = 'groups'
-
     def _role(self, obj):
         if obj.is_superuser:
             role = 'Superuser'
@@ -419,8 +414,6 @@ class UserAdmin(BaseUserAdmin):
             role = 'User'
         return role
 
-    _role.short_description = 'role'
-
     def has_change_permission(self, request, obj=None):
         return request.user.has_perm('auth.change_user')
 
@@ -442,9 +435,16 @@ class UserAdmin(BaseUserAdmin):
             if obj_state:
                 matching_groups_qs = Group.objects.filter(authgroup__states=obj_state)
                 groups_qs = groups_qs | matching_groups_qs
-            kwargs["queryset"] = groups_qs.order_by(Lower('name'))
+            kwargs["queryset"] = groups_qs.order_by(Lower("name"))
         return super().formfield_for_manytomany(db_field, request, **kwargs)
 
+    def get_readonly_fields(self, request, obj=None):
+        if obj and not request.user.is_superuser:
+            return self.readonly_fields + (
+                "is_staff", "is_superuser", "user_permissions"
+            )
+        return self.readonly_fields
+
 
 @admin.register(State)
 class StateAdmin(admin.ModelAdmin):
@@ -455,10 +455,9 @@ class StateAdmin(admin.ModelAdmin):
         qs = super().get_queryset(request)
         return qs.annotate(user_count=Count("userprofile__id"))
 
+    @admin.display(description="Users", ordering="user_count")
     def _user_count(self, obj):
         return obj.user_count
-    _user_count.short_description = 'Users'
-    _user_count.admin_order_field = 'user_count'
 
     fieldsets = (
         (None, {
@@ -514,13 +513,13 @@ class StateAdmin(admin.ModelAdmin):
             )
         return super().get_fieldsets(request, obj=obj)
 
+    def get_readonly_fields(self, request, obj=None):
+        if not request.user.is_superuser:
+            return self.readonly_fields + ("permissions",)
+        return self.readonly_fields
+
 
 class BaseOwnershipAdmin(admin.ModelAdmin):
-    class Media:
-        css = {
-            "all": ("authentication/css/admin.css",)
-        }
-
     list_select_related = (
         'user__profile__state', 'user__profile__main_character', 'character')
     list_display = (
@@ -541,6 +540,11 @@ class BaseOwnershipAdmin(admin.ModelAdmin):
         MainAllianceFilter,
     )
 
+    class Media:
+        css = {
+            "all": ("allianceauth/authentication/css/admin.css",)
+        }
+
     def get_readonly_fields(self, request, obj=None):
         if obj and obj.pk:
             return 'owner_hash', 'character'

allianceauth/authentication/backends.py

@@ -2,6 +2,7 @@ import logging
 
 from django.contrib.auth.backends import ModelBackend
 from django.contrib.auth.models import User, Permission
+from django.contrib import messages
 
 from .models import UserProfile, CharacterOwnership, OwnershipRecord
 
@@ -37,7 +38,13 @@ class StateBackend(ModelBackend):
             ownership = CharacterOwnership.objects.get(character__character_id=token.character_id)
             if ownership.owner_hash == token.character_owner_hash:
                 logger.debug(f'Authenticating {ownership.user} by ownership of character {token.character_name}')
-                return ownership.user
+                if ownership.user.profile.main_character:
+                    if ownership.user.profile.main_character.character_id == token.character_id:
+                        return ownership.user
+                    else:  ## this is an alt, enforce main only.
+                        if request:
+                            messages.error("Unable to authenticate with this Character, Please log in with the main character associated with this account.")
+                        return None
             else:
                 logger.debug(f'{token.character_name} has changed ownership. Creating new user account.')
                 ownership.delete()
@@ -57,13 +64,20 @@ class StateBackend(ModelBackend):
                 if records.exists():
                     # we've seen this character owner before. Re-attach to their old user account
                     user = records[0].user
+                    if user.profile.main_character:
+                        if ownership.user.profile.main_character.character_id != token.character_id:
+                            ## this is an alt, enforce main only due to trust issues in SSO.
+                            if request:
+                                messages.error("Unable to authenticate with this Character, Please log in with the main character associated with this account. Then add this character from the dashboard.")
+                            return None
+
                     token.user = user
                     co = CharacterOwnership.objects.create_by_token(token)
                     logger.debug(f'Authenticating {user} by matching owner hash record of character {co.character}')
-                    if not user.profile.main_character:
-                        # set this as their main by default if they have none
-                        user.profile.main_character = co.character
-                        user.profile.save()
+
+                    # set this as their main by default as they have none
+                    user.profile.main_character = co.character
+                    user.profile.save()
                     return user
             logger.debug(f'Unable to authenticate character {token.character_name}. Creating new user.')
             return self.create_user(token)

allianceauth/authentication/decorators.py

@@ -1,18 +1,28 @@
-from django.conf.urls import include
-from django.contrib.auth.decorators import user_passes_test
-from django.core.exceptions import PermissionDenied
 from functools import wraps
-from django.shortcuts import redirect
+from typing import Callable, Iterable, Optional
+
+from django.urls import include
 from django.contrib import messages
+from django.contrib.auth.decorators import login_required, user_passes_test
+from django.core.exceptions import PermissionDenied
+from django.shortcuts import redirect
 from django.utils.translation import gettext_lazy as _
-from django.contrib.auth.decorators import login_required
 
 
 def user_has_main_character(user):
     return bool(user.profile.main_character)
 
 
-def decorate_url_patterns(urls, decorator):
+def decorate_url_patterns(
+    urls, decorator: Callable, excluded_views: Optional[Iterable] = None
+):
+    """Decorate views given in url patterns except when they are explicitly excluded.
+
+    Args:
+        - urls: Django URL patterns
+        - decorator: Decorator to be added to each view
+        - exclude_views: Optional iterable of view names to be excluded
+    """
     url_list, app_name, namespace = include(urls)
 
     def process_patterns(url_patterns):
@@ -22,6 +32,8 @@ def decorate_url_patterns(urls, decorator):
                 process_patterns(pattern.url_patterns)
             else:
                 # this is a pattern
+                if excluded_views and pattern.lookup_str in excluded_views:
+                    return
                 pattern.callback = decorator(pattern.callback)
 
     process_patterns(url_list)

allianceauth/authentication/forms.py

@@ -1,8 +1,66 @@
 from django import forms
+from django.contrib.auth.forms import UserChangeForm as BaseUserChangeForm
+from django.contrib.auth.models import Group
+from django.core.exceptions import ValidationError
+from django.forms import ModelForm
 from django.utils.translation import gettext_lazy as _
+
 from allianceauth.authentication.models import User
+
+
 class RegistrationForm(forms.Form):
     email = forms.EmailField(label=_('Email'), max_length=254, required=True)
 
     class _meta:
         model = User
+
+
+class UserProfileForm(ModelForm):
+    """Allows specifying FK querysets through kwarg"""
+
+    def __init__(self, querysets=None, *args, **kwargs):
+        querysets = querysets or {}
+        super().__init__(*args, **kwargs)
+        for field, qs in querysets.items():
+            self.fields[field].queryset = qs
+
+
+class UserChangeForm(BaseUserChangeForm):
+    """Add custom cleaning to UserChangeForm"""
+
+    def __init__(self, *args, **kwargs):
+        self.request = kwargs.pop("request")  # Inject current request into form object
+        super().__init__(*args, **kwargs)
+
+    def clean(self):
+        cleaned_data = super().clean()
+        if not self.request.user.is_superuser:
+            if self.instance:
+                current_restricted = set(
+                    self.instance.groups.filter(
+                        authgroup__restricted=True
+                    ).values_list("pk", flat=True)
+                )
+            else:
+                current_restricted = set()
+            new_restricted = set(
+                cleaned_data["groups"].filter(
+                    authgroup__restricted=True
+                ).values_list("pk", flat=True)
+            )
+            if current_restricted != new_restricted:
+                restricted_removed = current_restricted - new_restricted
+                restricted_added = new_restricted - current_restricted
+                restricted_changed = restricted_removed | restricted_added
+                restricted_names_qs = Group.objects.filter(
+                    pk__in=restricted_changed
+                ).values_list("name", flat=True)
+                restricted_names = ",".join(list(restricted_names_qs))
+                raise ValidationError(
+                    {
+                        "groups": _(
+                            "You are not allowed to add or remove these "
+                            "restricted groups: %s" % restricted_names
+                        )
+                    }
+                )

allianceauth/authentication/hmac_urls.py

@@ -1,8 +1,5 @@
-from django.conf.urls import include
-
 from allianceauth.authentication import views
-from django.urls import re_path
-from django.urls import path
+from django.urls import include, re_path, path
 
 urlpatterns = [
     path('activate/complete/', views.activation_complete, name='registration_activation_complete'),

allianceauth/authentication/migrations/0021_alter_userprofile_language.py

@@ -0,0 +1,34 @@
+# Generated by Django 4.0.10 on 2023-05-28 15:36
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("authentication", "0020_userprofile_language_userprofile_night_mode"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="userprofile",
+            name="language",
+            field=models.CharField(
+                blank=True,
+                choices=[
+                    ("en", "English"),
+                    ("de", "German"),
+                    ("es", "Spanish"),
+                    ("zh-hans", "Chinese Simplified"),
+                    ("ru", "Russian"),
+                    ("ko", "Korean"),
+                    ("fr", "French"),
+                    ("ja", "Japanese"),
+                    ("it", "Italian"),
+                    ("uk", "Ukrainian"),
+                ],
+                default="",
+                max_length=10,
+                verbose_name="Language",
+            ),
+        ),
+    ]

allianceauth/authentication/models.py

@@ -18,13 +18,13 @@ class State(models.Model):
     priority = models.IntegerField(unique=True, help_text="Users get assigned the state with the highest priority available to them.")
 
     member_characters = models.ManyToManyField(EveCharacter, blank=True,
-                                               help_text="Characters to which this state is available.")
+                                                help_text="Characters to which this state is available.")
     member_corporations = models.ManyToManyField(EveCorporationInfo, blank=True,
-                                                 help_text="Corporations to whose members this state is available.")
+                                                help_text="Corporations to whose members this state is available.")
     member_alliances = models.ManyToManyField(EveAllianceInfo, blank=True,
-                                              help_text="Alliances to whose members this state is available.")
+                                            help_text="Alliances to whose members this state is available.")
     member_factions = models.ManyToManyField(EveFactionInfo, blank=True,
-                                             help_text="Factions to whose members this state is available.")
+                                            help_text="Factions to whose members this state is available.")
     public = models.BooleanField(default=False, help_text="Make this state available to any character.")
 
     objects = StateManager()
@@ -63,6 +63,22 @@ class UserProfile(models.Model):
     class Meta:
         default_permissions = ('change',)
 
+    class Language(models.TextChoices):
+        """
+        Choices for UserProfile.language
+        """
+
+        ENGLISH = 'en', _('English')
+        GERMAN = 'de', _('German')
+        SPANISH = 'es', _('Spanish')
+        CHINESE = 'zh-hans', _('Chinese Simplified')
+        RUSSIAN = 'ru', _('Russian')
+        KOREAN = 'ko', _('Korean')
+        FRENCH = 'fr', _('French')
+        JAPANESE = 'ja', _('Japanese')
+        ITALIAN = 'it', _('Italian')
+        UKRAINIAN = 'uk', _('Ukrainian')
+
     user = models.OneToOneField(
         User,
         related_name='profile',
@@ -76,20 +92,9 @@ class UserProfile(models.Model):
         State,
         on_delete=models.SET_DEFAULT,
         default=get_guest_state_pk)
-    LANGUAGE_CHOICES = [
-        ('en', _('English')),
-        ('de', _('German')),
-        ('es', _('Spanish')),
-        ('zh-hans', _('Chinese Simplified')),
-        ('ru', _('Russian')),
-        ('ko', _('Korean')),
-        ('fr', _('French')),
-        ('ja', _('Japanese')),
-        ('it', _('Italian')),
-    ]
     language = models.CharField(
         _("Language"), max_length=10,
-        choices=LANGUAGE_CHOICES,
+        choices=Language.choices,
         blank=True,
         default='')
     night_mode = models.BooleanField(

allianceauth/authentication/static/allianceauth/authentication/css/admin.css

@@ -0,0 +1,31 @@
+/*
+CSS for allianceauth admin site
+*/
+
+/* styling for profile pic */
+.img-circle {
+    border-radius: 50%;
+}
+
+.column-user_profile_pic {
+    white-space: nowrap;
+    width: 1px;
+}
+
+/* tooltip */
+.tooltip {
+    position: relative;
+}
+
+.tooltip:hover::after {
+    background-color: rgb(255 255 204);
+    border: 1px rgb(128 128 128) solid;
+    color: rgb(0 0 0);
+    content: attr(data-tooltip);
+    left: 1em;
+    min-width: 200px;
+    padding: 8px;
+    position: absolute;
+    top: 1.1em;
+    z-index: 1;
+}

allianceauth/authentication/static/authentication/css/admin.css

@@ -1,29 +0,0 @@
-/*
-CSS for allianceauth admin site
-*/
-
-/* styling for profile pic */
-.img-circle {
-    border-radius: 50%;
-}
-.column-user_profile_pic {
-    width: 1px;
-    white-space: nowrap;
-}
-
-/* tooltip */
-.tooltip {
-    position: relative ;
-}
-.tooltip:hover::after {
-    content: attr(data-tooltip) ;
-    position: absolute ;
-    top: 1.1em ;
-    left: 1em ;
-    min-width: 200px ;
-    border: 1px #808080 solid ;
-    padding: 8px ;
-    color: black ;
-    background-color: rgb(255, 255, 204) ;
-    z-index: 1 ;
-}

allianceauth/authentication/task_statistics/counters.py

@@ -0,0 +1,50 @@
+"""Counters for Task Statistics."""
+
+import datetime as dt
+from typing import NamedTuple, Optional
+
+from .event_series import EventSeries
+from .helpers import ItemCounter
+
+# Global series for counting task events.
+succeeded_tasks = EventSeries("SUCCEEDED_TASKS")
+retried_tasks = EventSeries("RETRIED_TASKS")
+failed_tasks = EventSeries("FAILED_TASKS")
+running_tasks = ItemCounter("running_tasks")
+
+
+class _TaskCounts(NamedTuple):
+    succeeded: int
+    retried: int
+    failed: int
+    total: int
+    earliest_task: Optional[dt.datetime]
+    hours: int
+    running: int
+
+
+def dashboard_results(hours: int) -> _TaskCounts:
+    """Counts of all task events within the given time frame."""
+
+    def earliest_if_exists(events: EventSeries, earliest: dt.datetime) -> list:
+        my_earliest = events.first_event(earliest=earliest)
+        return [my_earliest] if my_earliest else []
+
+    earliest = dt.datetime.utcnow() - dt.timedelta(hours=hours)
+    earliest_events = []
+    succeeded_count = succeeded_tasks.count(earliest=earliest)
+    earliest_events += earliest_if_exists(succeeded_tasks, earliest)
+    retried_count = retried_tasks.count(earliest=earliest)
+    earliest_events += earliest_if_exists(retried_tasks, earliest)
+    failed_count = failed_tasks.count(earliest=earliest)
+    earliest_events += earliest_if_exists(failed_tasks, earliest)
+    running_count = running_tasks.value()
+    return _TaskCounts(
+        succeeded=succeeded_count,
+        retried=retried_count,
+        failed=failed_count,
+        total=succeeded_count + retried_count + failed_count,
+        earliest_task=min(earliest_events) if earliest_events else None,
+        hours=hours,
+        running=running_count,
+    )

allianceauth/authentication/task_statistics/event_series.py

@@ -1,74 +1,71 @@
+"""Event series for Task Statistics."""
+
 import datetime as dt
-from collections import namedtuple
-from typing import Optional, List
+import logging
+from typing import List, Optional
 
-from redis import Redis
 from pytz import utc
+from redis import Redis, RedisError
 
-from django_redis import get_redis_connection
+from allianceauth.utils.cache import get_redis_client
 
-_TaskCounts = namedtuple(
-    "_TaskCounts", ["succeeded", "retried", "failed", "total", "earliest_task", "hours"]
-)
+logger = logging.getLogger(__name__)
 
 
-def dashboard_results(hours: int) -> _TaskCounts:
-    """Counts of all task events within the given timeframe."""
-    def earliest_if_exists(events: EventSeries, earliest: dt.datetime) -> list:
-        my_earliest = events.first_event(earliest=earliest)
-        return [my_earliest] if my_earliest else []
+class _RedisStub:
+    """Stub of a Redis client.
 
-    earliest = dt.datetime.utcnow() - dt.timedelta(hours=hours)
-    earliest_events = list()
-    succeeded = SucceededTaskSeries()
-    succeeded_count = succeeded.count(earliest=earliest)
-    earliest_events += earliest_if_exists(succeeded, earliest)
-    retried = RetriedTaskSeries()
-    retried_count = retried.count(earliest=earliest)
-    earliest_events += earliest_if_exists(retried, earliest)
-    failed = FailedTaskSeries()
-    failed_count = failed.count(earliest=earliest)
-    earliest_events += earliest_if_exists(failed, earliest)
-    return _TaskCounts(
-        succeeded=succeeded_count,
-        retried=retried_count,
-        failed=failed_count,
-        total=succeeded_count + retried_count + failed_count,
-        earliest_task=min(earliest_events) if earliest_events else None,
-        hours=hours,
-    )
+    It's purpose is to prevent EventSeries objects from trying to access Redis
+    when it is not available. e.g. when the Sphinx docs are rendered by readthedocs.org.
+    """
+
+    def delete(self, *args, **kwargs):
+        pass
+
+    def incr(self, *args, **kwargs):
+        return 0
+
+    def zadd(self, *args, **kwargs):
+        pass
+
+    def zcount(self, *args, **kwargs):
+        pass
+
+    def zrangebyscore(self, *args, **kwargs):
+        pass
 
 
 class EventSeries:
-    """Base class for recording and analysing a series of events.
+    """API for recording and analyzing a series of events."""
 
-    This class must be inherited from and the child class must define KEY_ID.
-    """
+    _ROOT_KEY = "ALLIANCEAUTH_EVENT_SERIES"
 
-    _ROOT_KEY = "ALLIANCEAUTH_TASK_SERIES"
-
-    def __init__(
-        self,
-        redis: Redis = None,
-    ) -> None:
-        if type(self) == EventSeries:
-            raise TypeError("Can not instantiate base class.")
-        if not hasattr(self, "KEY_ID"):
-            raise ValueError("KEY_ID not defined")
-        self._redis = get_redis_connection("default") if not redis else redis
-        if not isinstance(self._redis, Redis):
-            raise TypeError(
-                "This class requires a Redis client, but none was provided "
-                "and the default Django cache backend is not Redis either."
+    def __init__(self, key_id: str, redis: Redis = None) -> None:
+        self._redis = get_redis_client() if not redis else redis
+        try:
+            if not self._redis.ping():
+                raise RuntimeError()
+        except (AttributeError, RedisError, RuntimeError):
+            logger.exception(
+                "Failed to establish a connection with Redis. "
+                "This EventSeries object is disabled.",
             )
+            self._redis = _RedisStub()
+        self._key_id = str(key_id)
+        self.clear()
+
+    @property
+    def is_disabled(self):
+        """True when this object is disabled, e.g. Redis was not available at startup."""
+        return isinstance(self._redis, _RedisStub)
 
     @property
     def _key_counter(self):
-        return f"{self._ROOT_KEY}_{self.KEY_ID}_COUNTER"
+        return f"{self._ROOT_KEY}_{self._key_id}_COUNTER"
 
     @property
     def _key_sorted_set(self):
-        return f"{self._ROOT_KEY}_{self.KEY_ID}_SORTED_SET"
+        return f"{self._ROOT_KEY}_{self._key_id}_SORTED_SET"
 
     def add(self, event_time: dt.datetime = None) -> None:
         """Add event.
@@ -78,8 +75,8 @@ class EventSeries:
         """
         if not event_time:
             event_time = dt.datetime.utcnow()
-        id = self._redis.incr(self._key_counter)
-        self._redis.zadd(self._key_sorted_set, {id: event_time.timestamp()})
+        my_id = self._redis.incr(self._key_counter)
+        self._redis.zadd(self._key_sorted_set, {my_id: event_time.timestamp()})
 
     def all(self) -> List[dt.datetime]:
         """List of all known events."""
@@ -106,9 +103,9 @@ class EventSeries:
         - earliest: Date of first events to count(inclusive), or -infinite if not specified
         - latest: Date of last events to count(inclusive), or +infinite if not specified
         """
-        min = "-inf" if not earliest else earliest.timestamp()
-        max = "+inf" if not latest else latest.timestamp()
-        return self._redis.zcount(self._key_sorted_set, min=min, max=max)
+        minimum = "-inf" if not earliest else earliest.timestamp()
+        maximum = "+inf" if not latest else latest.timestamp()
+        return self._redis.zcount(self._key_sorted_set, min=minimum, max=maximum)
 
     def first_event(self, earliest: dt.datetime = None) -> Optional[dt.datetime]:
         """Date/Time of first event. Returns `None` if series has no events.
@@ -116,10 +113,10 @@ class EventSeries:
         Args:
         - earliest: Date of first events to count(inclusive), or any if not specified
         """
-        min = "-inf" if not earliest else earliest.timestamp()
+        minimum = "-inf" if not earliest else earliest.timestamp()
         event = self._redis.zrangebyscore(
             self._key_sorted_set,
-            min,
+            minimum,
             "+inf",
             withscores=True,
             start=0,
@@ -133,21 +130,3 @@ class EventSeries:
     @staticmethod
     def _cast_scores_to_dt(score) -> dt.datetime:
         return dt.datetime.fromtimestamp(float(score), tz=utc)
-
-
-class SucceededTaskSeries(EventSeries):
-    """A task has succeeded."""
-
-    KEY_ID = "SUCCEEDED"
-
-
-class RetriedTaskSeries(EventSeries):
-    """A task has been retried."""
-
-    KEY_ID = "RETRIED"
-
-
-class FailedTaskSeries(EventSeries):
-    """A task has failed."""
-
-    KEY_ID = "FAILED"

allianceauth/authentication/task_statistics/helpers.py

@@ -0,0 +1,44 @@
+"""Helpers for Task Statistics."""
+
+from typing import Optional
+
+from django.core.cache import cache
+
+
+class ItemCounter:
+    """A process safe item counter."""
+
+    CACHE_KEY_BASE = "allianceauth-item-counter"
+    DEFAULT_CACHE_TIMEOUT = 24 * 3600
+
+    def __init__(self, name: str) -> None:
+        if not name:
+            raise ValueError("Must define a name")
+
+        self._name = str(name)
+
+    @property
+    def _cache_key(self) -> str:
+        return f"{self.CACHE_KEY_BASE}-{self._name}"
+
+    def reset(self, init_value: int = 0):
+        """Reset counter to initial value."""
+        cache.set(self._cache_key, init_value, self.DEFAULT_CACHE_TIMEOUT)
+
+    def incr(self, delta: int = 1):
+        """Increment counter by delta."""
+        try:
+            cache.incr(self._cache_key, delta)
+        except ValueError:
+            pass
+
+    def decr(self, delta: int = 1):
+        """Decrement counter by delta."""
+        try:
+            cache.decr(self._cache_key, delta)
+        except ValueError:
+            pass
+
+    def value(self) -> Optional[int]:
+        """Return current value or None if not yet initialized."""
+        return cache.get(self._cache_key)

allianceauth/authentication/task_statistics/signals.py

@@ -1,18 +1,27 @@
-from celery.signals import task_failure, task_retry, task_success, worker_ready
+"""Signals for Task Statistics."""
+
+from celery.signals import (
+    task_failure, task_internal_error, task_postrun, task_prerun, task_retry,
+    task_success, worker_ready,
+)
 
 from django.conf import settings
 
-from .event_series import FailedTaskSeries, RetriedTaskSeries, SucceededTaskSeries
+from .counters import (
+    failed_tasks, retried_tasks, running_tasks, succeeded_tasks,
+)
 
 
 def reset_counters():
     """Reset all counters for the celery status."""
-    SucceededTaskSeries().clear()
-    FailedTaskSeries().clear()
-    RetriedTaskSeries().clear()
+    succeeded_tasks.clear()
+    failed_tasks.clear()
+    retried_tasks.clear()
+    running_tasks.reset()
 
 
 def is_enabled() -> bool:
+    """Return True if task statistics are enabled, else return False."""
     return not bool(
         getattr(settings, "ALLIANCEAUTH_DASHBOARD_TASK_STATISTICS_DISABLED", False)
     )
@@ -27,16 +36,34 @@ def reset_counters_when_celery_restarted(*args, **kwargs):
 @task_success.connect
 def record_task_succeeded(*args, **kwargs):
     if is_enabled():
-        SucceededTaskSeries().add()
+        succeeded_tasks.add()
 
 
 @task_retry.connect
 def record_task_retried(*args, **kwargs):
     if is_enabled():
-        RetriedTaskSeries().add()
+        retried_tasks.add()
 
 
 @task_failure.connect
 def record_task_failed(*args, **kwargs):
     if is_enabled():
-        FailedTaskSeries().add()
+        failed_tasks.add()
+
+
+@task_internal_error.connect
+def record_task_internal_error(*args, **kwargs):
+    if is_enabled():
+        failed_tasks.add()
+
+
+@task_prerun.connect
+def record_task_prerun(*args, **kwargs):
+    if is_enabled():
+        running_tasks.incr()
+
+
+@task_postrun.connect
+def record_task_postrun(*args, **kwargs):
+    if is_enabled():
+        running_tasks.decr()

allianceauth/authentication/task_statistics/tests/test_counters.py

@@ -0,0 +1,60 @@
+import datetime as dt
+
+from django.test import TestCase
+from django.utils.timezone import now
+
+from allianceauth.authentication.task_statistics.counters import (
+    dashboard_results,
+    succeeded_tasks,
+    retried_tasks,
+    failed_tasks,
+    running_tasks,
+)
+
+
+class TestDashboardResults(TestCase):
+    def test_should_return_counts_for_given_time_frame_only(self):
+        # given
+        earliest_task = now() - dt.timedelta(minutes=15)
+
+        succeeded_tasks.clear()
+        succeeded_tasks.add(now() - dt.timedelta(hours=1, seconds=1))
+        succeeded_tasks.add(earliest_task)
+        succeeded_tasks.add()
+        succeeded_tasks.add()
+
+        retried_tasks.clear()
+        retried_tasks.add(now() - dt.timedelta(hours=1, seconds=1))
+        retried_tasks.add(now() - dt.timedelta(seconds=30))
+        retried_tasks.add()
+
+        failed_tasks.clear()
+        failed_tasks.add(now() - dt.timedelta(hours=1, seconds=1))
+        failed_tasks.add()
+
+        running_tasks.reset(8)
+        # when
+        results = dashboard_results(hours=1)
+        # then
+        self.assertEqual(results.succeeded, 3)
+        self.assertEqual(results.retried, 2)
+        self.assertEqual(results.failed, 1)
+        self.assertEqual(results.total, 6)
+        self.assertEqual(results.earliest_task, earliest_task)
+        self.assertEqual(results.running, 8)
+
+    def test_should_work_with_no_data(self):
+        # given
+        succeeded_tasks.clear()
+        retried_tasks.clear()
+        failed_tasks.clear()
+        running_tasks.reset()
+        # when
+        results = dashboard_results(hours=1)
+        # then
+        self.assertEqual(results.succeeded, 0)
+        self.assertEqual(results.retried, 0)
+        self.assertEqual(results.failed, 0)
+        self.assertEqual(results.total, 0)
+        self.assertIsNone(results.earliest_task)
+        self.assertEqual(results.running, 0)

allianceauth/authentication/task_statistics/tests/test_event_series.py

@@ -1,49 +1,51 @@
 import datetime as dt
+from unittest.mock import patch
 
 from pytz import utc
+from redis import RedisError
+
 from django.test import TestCase
 from django.utils.timezone import now
 
 from allianceauth.authentication.task_statistics.event_series import (
     EventSeries,
-    FailedTaskSeries,
-    RetriedTaskSeries,
-    SucceededTaskSeries,
-    dashboard_results,
+    _RedisStub,
 )
 
+MODULE_PATH = "allianceauth.authentication.task_statistics.event_series"
+
 
 class TestEventSeries(TestCase):
-    """Testing EventSeries class."""
-
-    class IncompleteEvents(EventSeries):
-        """Child class without KEY ID"""
-
-    class MyEventSeries(EventSeries):
-        KEY_ID = "TEST"
-
-    def test_should_create_object(self):
+    def test_should_abort_without_redis_client(self):
         # when
-        events = self.MyEventSeries()
+        with patch(MODULE_PATH + ".get_redis_client") as mock:
+            mock.return_value = None
+            events = EventSeries("dummy")
         # then
-        self.assertIsInstance(events, self.MyEventSeries)
+        self.assertTrue(events._redis, _RedisStub)
+        self.assertTrue(events.is_disabled)
 
-    def test_should_abort_when_redis_client_invalid(self):
-        with self.assertRaises(TypeError):
-            self.MyEventSeries(redis="invalid")
+    def test_should_disable_itself_if_redis_not_available_1(self):
+        # when
+        with patch(MODULE_PATH + ".get_redis_client") as mock_get_master_client:
+            mock_get_master_client.return_value.ping.side_effect = RedisError
+            events = EventSeries("dummy")
+        # then
+        self.assertIsInstance(events._redis, _RedisStub)
+        self.assertTrue(events.is_disabled)
 
-    def test_should_not_allow_instantiation_of_base_class(self):
-        with self.assertRaises(TypeError):
-            EventSeries()
-
-    def test_should_not_allow_creating_child_class_without_key_id(self):
-        with self.assertRaises(ValueError):
-            self.IncompleteEvents()
+    def test_should_disable_itself_if_redis_not_available_2(self):
+        # when
+        with patch(MODULE_PATH + ".get_redis_client") as mock_get_master_client:
+            mock_get_master_client.return_value.ping.return_value = False
+            events = EventSeries("dummy")
+        # then
+        self.assertIsInstance(events._redis, _RedisStub)
+        self.assertTrue(events.is_disabled)
 
     def test_should_add_event(self):
         # given
-        events = self.MyEventSeries()
-        events.clear()
+        events = EventSeries("dummy")
         # when
         events.add()
         # then
@@ -53,8 +55,7 @@ class TestEventSeries(TestCase):
 
     def test_should_add_event_with_specified_time(self):
         # given
-        events = self.MyEventSeries()
-        events.clear()
+        events = EventSeries("dummy")
         my_time = dt.datetime(2021, 11, 1, 12, 15, tzinfo=utc)
         # when
         events.add(my_time)
@@ -65,8 +66,7 @@ class TestEventSeries(TestCase):
 
     def test_should_count_events(self):
         # given
-        events = self.MyEventSeries()
-        events.clear()
+        events = EventSeries("dummy")
         events.add()
         events.add()
         # when
@@ -76,8 +76,7 @@ class TestEventSeries(TestCase):
 
     def test_should_count_zero(self):
         # given
-        events = self.MyEventSeries()
-        events.clear()
+        events = EventSeries("dummy")
         # when
         result = events.count()
         # then
@@ -85,8 +84,7 @@ class TestEventSeries(TestCase):
 
     def test_should_count_events_within_timeframe_1(self):
         # given
-        events = self.MyEventSeries()
-        events.clear()
+        events = EventSeries("dummy")
         events.add(dt.datetime(2021, 12, 1, 12, 0, tzinfo=utc))
         events.add(dt.datetime(2021, 12, 1, 12, 10, tzinfo=utc))
         events.add(dt.datetime(2021, 12, 1, 12, 15, tzinfo=utc))
@@ -101,8 +99,7 @@ class TestEventSeries(TestCase):
 
     def test_should_count_events_within_timeframe_2(self):
         # given
-        events = self.MyEventSeries()
-        events.clear()
+        events = EventSeries("dummy")
         events.add(dt.datetime(2021, 12, 1, 12, 0, tzinfo=utc))
         events.add(dt.datetime(2021, 12, 1, 12, 10, tzinfo=utc))
         events.add(dt.datetime(2021, 12, 1, 12, 15, tzinfo=utc))
@@ -114,8 +111,7 @@ class TestEventSeries(TestCase):
 
     def test_should_count_events_within_timeframe_3(self):
         # given
-        events = self.MyEventSeries()
-        events.clear()
+        events = EventSeries("dummy")
         events.add(dt.datetime(2021, 12, 1, 12, 0, tzinfo=utc))
         events.add(dt.datetime(2021, 12, 1, 12, 10, tzinfo=utc))
         events.add(dt.datetime(2021, 12, 1, 12, 15, tzinfo=utc))
@@ -127,8 +123,7 @@ class TestEventSeries(TestCase):
 
     def test_should_clear_events(self):
         # given
-        events = self.MyEventSeries()
-        events.clear()
+        events = EventSeries("dummy")
         events.add()
         events.add()
         # when
@@ -138,8 +133,7 @@ class TestEventSeries(TestCase):
 
     def test_should_return_date_of_first_event(self):
         # given
-        events = self.MyEventSeries()
-        events.clear()
+        events = EventSeries("dummy")
         events.add(dt.datetime(2021, 12, 1, 12, 0, tzinfo=utc))
         events.add(dt.datetime(2021, 12, 1, 12, 10, tzinfo=utc))
         events.add(dt.datetime(2021, 12, 1, 12, 15, tzinfo=utc))
@@ -151,8 +145,7 @@ class TestEventSeries(TestCase):
 
     def test_should_return_date_of_first_event_with_range(self):
         # given
-        events = self.MyEventSeries()
-        events.clear()
+        events = EventSeries("dummy")
         events.add(dt.datetime(2021, 12, 1, 12, 0, tzinfo=utc))
         events.add(dt.datetime(2021, 12, 1, 12, 10, tzinfo=utc))
         events.add(dt.datetime(2021, 12, 1, 12, 15, tzinfo=utc))
@@ -166,57 +159,10 @@ class TestEventSeries(TestCase):
 
     def test_should_return_all_events(self):
         # given
-        events = self.MyEventSeries()
-        events.clear()
+        events = EventSeries("dummy")
         events.add()
         events.add()
         # when
         results = events.all()
         # then
         self.assertEqual(len(results), 2)
-
-
-class TestDashboardResults(TestCase):
-    def test_should_return_counts_for_given_timeframe_only(self):
-        # given
-        earliest_task = now() - dt.timedelta(minutes=15)
-        succeeded = SucceededTaskSeries()
-        succeeded.clear()
-        succeeded.add(now() - dt.timedelta(hours=1, seconds=1))
-        succeeded.add(earliest_task)
-        succeeded.add()
-        succeeded.add()
-        retried = RetriedTaskSeries()
-        retried.clear()
-        retried.add(now() - dt.timedelta(hours=1, seconds=1))
-        retried.add(now() - dt.timedelta(seconds=30))
-        retried.add()
-        failed = FailedTaskSeries()
-        failed.clear()
-        failed.add(now() - dt.timedelta(hours=1, seconds=1))
-        failed.add()
-        # when
-        results = dashboard_results(hours=1)
-        # then
-        self.assertEqual(results.succeeded, 3)
-        self.assertEqual(results.retried, 2)
-        self.assertEqual(results.failed, 1)
-        self.assertEqual(results.total, 6)
-        self.assertEqual(results.earliest_task, earliest_task)
-
-    def test_should_work_with_no_data(self):
-        # given
-        succeeded = SucceededTaskSeries()
-        succeeded.clear()
-        retried = RetriedTaskSeries()
-        retried.clear()
-        failed = FailedTaskSeries()
-        failed.clear()
-        # when
-        results = dashboard_results(hours=1)
-        # then
-        self.assertEqual(results.succeeded, 0)
-        self.assertEqual(results.retried, 0)
-        self.assertEqual(results.failed, 0)
-        self.assertEqual(results.total, 0)
-        self.assertIsNone(results.earliest_task)

allianceauth/authentication/task_statistics/tests/test_item_counter.py

@@ -0,0 +1,74 @@
+from unittest import TestCase
+
+from allianceauth.authentication.task_statistics.helpers import ItemCounter
+
+COUNTER_NAME = "test-counter"
+
+
+class TestItemCounter(TestCase):
+    def test_can_create_counter(self):
+        # when
+        counter = ItemCounter(COUNTER_NAME)
+        # then
+        self.assertIsInstance(counter, ItemCounter)
+
+    def test_can_reset_counter_to_default(self):
+        # given
+        counter = ItemCounter(COUNTER_NAME)
+        # when
+        counter.reset()
+        # then
+        self.assertEqual(counter.value(), 0)
+
+    def test_can_reset_counter_to_custom_value(self):
+        # given
+        counter = ItemCounter(COUNTER_NAME)
+        # when
+        counter.reset(42)
+        # then
+        self.assertEqual(counter.value(), 42)
+
+    def test_can_increment_counter_by_default(self):
+        # given
+        counter = ItemCounter(COUNTER_NAME)
+        counter.reset(0)
+        # when
+        counter.incr()
+        # then
+        self.assertEqual(counter.value(), 1)
+
+    def test_can_increment_counter_by_custom_value(self):
+        # given
+        counter = ItemCounter(COUNTER_NAME)
+        counter.reset(0)
+        # when
+        counter.incr(8)
+        # then
+        self.assertEqual(counter.value(), 8)
+
+    def test_can_decrement_counter_by_default(self):
+        # given
+        counter = ItemCounter(COUNTER_NAME)
+        counter.reset(9)
+        # when
+        counter.decr()
+        # then
+        self.assertEqual(counter.value(), 8)
+
+    def test_can_decrement_counter_by_custom_value(self):
+        # given
+        counter = ItemCounter(COUNTER_NAME)
+        counter.reset(9)
+        # when
+        counter.decr(8)
+        # then
+        self.assertEqual(counter.value(), 1)
+
+    def test_can_decrement_counter_below_zero(self):
+        # given
+        counter = ItemCounter(COUNTER_NAME)
+        counter.reset(0)
+        # when
+        counter.decr(1)
+        # then
+        self.assertEqual(counter.value(), -1)

allianceauth/authentication/task_statistics/tests/test_signals.py

@@ -4,10 +4,10 @@ from celery.exceptions import Retry
 
 from django.test import TestCase, override_settings
 
-from allianceauth.authentication.task_statistics.event_series import (
-    FailedTaskSeries,
-    RetriedTaskSeries,
-    SucceededTaskSeries,
+from allianceauth.authentication.task_statistics.counters import (
+    failed_tasks,
+    retried_tasks,
+    succeeded_tasks,
 )
 from allianceauth.authentication.task_statistics.signals import (
     reset_counters,
@@ -22,10 +22,12 @@ from allianceauth.eveonline.tasks import update_character
 class TestTaskSignals(TestCase):
     fixtures = ["disable_analytics"]
 
+    def setUp(self) -> None:
+        succeeded_tasks.clear()
+        retried_tasks.clear()
+        failed_tasks.clear()
+
     def test_should_record_successful_task(self):
-        # given
-        events = SucceededTaskSeries()
-        events.clear()
         # when
         with patch(
             "allianceauth.eveonline.tasks.EveCharacter.objects.update_character"
@@ -33,12 +35,11 @@ class TestTaskSignals(TestCase):
             mock_update.return_value = None
             update_character.delay(1)
         # then
-        self.assertEqual(events.count(), 1)
+        self.assertEqual(succeeded_tasks.count(), 1)
+        self.assertEqual(retried_tasks.count(), 0)
+        self.assertEqual(failed_tasks.count(), 0)
 
     def test_should_record_retried_task(self):
-        # given
-        events = RetriedTaskSeries()
-        events.clear()
         # when
         with patch(
             "allianceauth.eveonline.tasks.EveCharacter.objects.update_character"
@@ -46,12 +47,11 @@ class TestTaskSignals(TestCase):
             mock_update.side_effect = Retry
             update_character.delay(1)
         # then
-        self.assertEqual(events.count(), 1)
+        self.assertEqual(succeeded_tasks.count(), 0)
+        self.assertEqual(failed_tasks.count(), 0)
+        self.assertEqual(retried_tasks.count(), 1)
 
     def test_should_record_failed_task(self):
-        # given
-        events = FailedTaskSeries()
-        events.clear()
         # when
         with patch(
             "allianceauth.eveonline.tasks.EveCharacter.objects.update_character"
@@ -59,28 +59,21 @@ class TestTaskSignals(TestCase):
             mock_update.side_effect = RuntimeError
             update_character.delay(1)
         # then
-        self.assertEqual(events.count(), 1)
+        self.assertEqual(succeeded_tasks.count(), 0)
+        self.assertEqual(retried_tasks.count(), 0)
+        self.assertEqual(failed_tasks.count(), 1)
 
-
-@override_settings(ALLIANCEAUTH_DASHBOARD_TASK_STATISTICS_DISABLED=False)
-class TestResetCounters(TestCase):
     def test_should_reset_counters(self):
         # given
-        succeeded = SucceededTaskSeries()
-        succeeded.clear()
-        succeeded.add()
-        retried = RetriedTaskSeries()
-        retried.clear()
-        retried.add()
-        failed = FailedTaskSeries()
-        failed.clear()
-        failed.add()
+        succeeded_tasks.add()
+        retried_tasks.add()
+        failed_tasks.add()
         # when
         reset_counters()
         # then
-        self.assertEqual(succeeded.count(), 0)
-        self.assertEqual(retried.count(), 0)
-        self.assertEqual(failed.count(), 0)
+        self.assertEqual(succeeded_tasks.count(), 0)
+        self.assertEqual(retried_tasks.count(), 0)
+        self.assertEqual(failed_tasks.count(), 0)
 
 
 class TestIsEnabled(TestCase):

allianceauth/authentication/templates/authentication/dashboard.html

@@ -1,5 +1,4 @@
 {% extends "allianceauth/base.html" %}
-{% load static %}
 {% load i18n %}
 
 {% block page_title %}{% translate "Dashboard" %}{% endblock %}
@@ -15,9 +14,9 @@
                 <div class="panel panel-primary" style="height:100%">
                     <div class="panel-heading">
                         <h3 class="panel-title">
-                            {% blocktrans with state=request.user.profile.state %}
+                            {% blocktranslate with state=request.user.profile.state %}
                                 Main Character (State: {{ state }})
-                            {% endblocktrans %}
+                            {% endblocktranslate %}
                         </h3>
                     </div>
                     <div class="panel-body">
@@ -28,7 +27,7 @@
                                         <table class="table">
                                             <tr>
                                                 <td class="text-center">
-                                                    <img class="ra-avatar"src="{{ main.portrait_url_128 }}">
+                                                    <img class="ra-avatar" src="{{ main.portrait_url_128 }}" alt="{{ main.character_name }}">
                                                 </td>
                                             </tr>
                                             <tr>
@@ -40,7 +39,7 @@
                                         <table class="table">
                                             <tr>
                                                 <td class="text-center">
-                                                    <img class="ra-avatar"src="{{ main.corporation_logo_url_128 }}">
+                                                    <img class="ra-avatar" src="{{ main.corporation_logo_url_128 }}" alt="{{ main.corporation_name }}">
                                                 </td>
                                             </tr>
                                             <tr>
@@ -53,7 +52,7 @@
                                             <table class="table">
                                                 <tr>
                                                     <td class="text-center">
-                                                        <img class="ra-avatar"src="{{ main.alliance_logo_url_128 }}">
+                                                        <img class="ra-avatar" src="{{ main.alliance_logo_url_128 }}" alt="{{ main.alliance_name }}">
                                                     </td>
                                                 </tr>
                                                 <tr>
@@ -64,7 +63,7 @@
                                             <table class="table">
                                                 <tr>
                                                     <td class="text-center">
-                                                        <img class="ra-avatar"src="{{ main.faction_logo_url_128 }}">
+                                                        <img class="ra-avatar" src="{{ main.faction_logo_url_128 }}" alt="{{ main.faction_name }}">
                                                     </td>
                                                 </tr>
                                                 <tr>
@@ -76,13 +75,13 @@
                                 </div>
                                 <div class="table visible-xs-block">
                                     <p>
-                                        <img class="ra-avatar" src="{{ main.portrait_url_64 }}">
-                                        <img class="ra-avatar" src="{{ main.corporation_logo_url_64 }}">
+                                        <img class="ra-avatar" src="{{ main.portrait_url_64 }}" alt="{{ main.corporation_name }}">
+                                        <img class="ra-avatar" src="{{ main.corporation_logo_url_64 }}" alt="{{ main.corporation_name }}">
                                         {% if main.alliance_id %}
-                                            <img class="ra-avatar" src="{{ main.alliance_logo_url_64 }}">
+                                            <img class="ra-avatar" src="{{ main.alliance_logo_url_64 }}" alt="{{ main.alliance_name }}">
                                         {% endif %}
                                         {% if main.faction_id %}
-                                            <img class="ra-avatar" src="{{ main.faction_logo_url_64 }}">
+                                            <img class="ra-avatar" src="{{ main.faction_logo_url_64 }}" alt="{{ main.faction_name }}">
                                         {% endif %}
                                     </p>
                                     <p>
@@ -104,13 +103,17 @@
                         {% endif %}
                         <div class="clearfix"></div>
                         <div class="row">
-                            <div class="col-sm-6 button-wrapper">
-                                <a href="{% url 'authentication:add_character' %}" class="btn btn-block btn-info"
-                                title="Add Character">{% translate 'Add Character' %}</a>
+                            <div class="col-sm-6">
+                                <p>
+                                    <a href="{% url 'authentication:add_character' %}" class="btn btn-block btn-info"
+                                    title="Add Character">{% translate 'Add Character' %}</a>
+                                </p>
                             </div>
-                            <div class="col-sm-6 button-wrapper">
-                                <a href="{% url 'authentication:change_main_character' %}" class="btn btn-block btn-info"
-                                title="Change Main Character">{% translate "Change Main" %}</a>
+                            <div class="col-sm-6">
+                                <p>
+                                    <a href="{% url 'authentication:change_main_character' %}" class="btn btn-block btn-info"
+                                    title="Change Main Character">{% translate "Change Main" %}</a>
+                                </p>
                             </div>
                         </div>
                     </div>
@@ -122,7 +125,7 @@
                         <h3 class="panel-title">{% translate "Group Memberships" %}</h3>
                     </div>
                     <div class="panel-body">
-                        <div style="height: 240px;overflow:-moz-scrollbars-vertical;overflow-y:auto;">
+                        <div style="height: 240px;overflow-y:auto;">
                             <table class="table table-aa">
                                 {% for group in groups %}
                                     <tr>
@@ -155,11 +158,12 @@
                     <tbody>
                         {% for char in characters %}
                             <tr>
-                                <td class="text-center"><img class="ra-avatar img-circle" src="{{ char.portrait_url_32 }}">
+                                <td class="text-center">
+                                    <img class="ra-avatar img-circle" src="{{ char.portrait_url_32 }}" alt="{{ char.character_name }}">
                                 </td>
                                 <td class="text-center">{{ char.character_name }}</td>
                                 <td class="text-center">{{ char.corporation_name }}</td>
-                                <td class="text-center">{{ char.alliance_name }}</td>
+                                <td class="text-center">{{ char.alliance_name|default:"" }}</td>
                             </tr>
                         {% endfor %}
                     </tbody>
@@ -169,7 +173,7 @@
                         {% for char in characters %}
                             <tr>
                                 <td class="text-center" style="vertical-align: middle">
-                                    <img class="ra-avatar img-circle" src="{{ char.portrait_url_32 }}">
+                                    <img class="ra-avatar img-circle" src="{{ char.portrait_url_32 }}" alt="{{ char.character_name }}">
                                 </td>
                                 <td class="text-center" style="vertical-align: middle; width: 100%">
                                     <strong>{{ char.character_name }}</strong><br>

allianceauth/authentication/templates/authentication/tokens.html

@@ -0,0 +1,62 @@
+{% extends "allianceauth/base.html" %}
+{% load i18n %}
+
+{% block page_title %}{% translate "Dashboard" %}{% endblock %}
+
+{% block content %}
+    <h1 class="page-header text-center">{% translate "Token Management" %}</h1>
+    <div class="col-sm-12">
+        <table class="table table-aa" id="table_tokens" style="width:100%">
+            <thead>
+                <tr>
+                    <th>{% translate "Scopes" %}</th>
+                    <th class="text-right">{% translate "Actions" %}</th>
+                    <th>{% translate "Character" %}</th>
+
+                </tr>
+            </thead>
+            <tbody>
+                {% for t in tokens %}
+                    <tr>
+                        <td styl="white-space:initial;">{% for s in t.scopes.all %}<span class="label label-default">{{s.name}}</span> {% endfor %}</td>
+                        <td nowrap class="text-right"><a href="{% url 'authentication:token_delete' t.id %}" class="btn btn-danger"><i class="fas fa-trash"></i></a> <a href="{% url 'authentication:token_refresh' t.id %}" class="btn btn-success"><i class="fas fa-sync-alt"></i></a></td>
+                        <td>{{t.character_name}}</td>
+                    </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+        {% translate "This page is a best attempt, but backups or database logs can still contain your tokens. Always revoke tokens on https://community.eveonline.com/support/third-party-applications/ where possible."|urlize %}
+    </div>
+{% endblock %}
+
+{% block extra_javascript %}
+    {% include 'bundles/datatables-js.html' %}
+{% endblock %}
+
+{% block extra_css %}
+    {% include 'bundles/datatables-css.html' %}
+{% endblock %}
+
+{% block extra_script %}
+    $(document).ready(function(){
+        let grp = 2;
+        var table = $('#table_tokens').DataTable({
+            "columnDefs": [{ orderable: false, targets: [0,1] },{ "visible": false, "targets": grp }],
+            "order": [[grp, 'asc']],
+            "drawCallback": function (settings) {
+                var api = this.api();
+                var rows = api.rows({ page: 'current' }).nodes();
+                var last = null;
+                api.column(grp, { page: 'current' })
+                    .data()
+                    .each(function (group, i) {
+                        if (last !== group) {
+                            $(rows).eq(i).before('<tr class="info"><td colspan="3">' + group + '</td></tr>');
+                            last = group;
+                        }
+                    });
+            },
+            "stateSave": true,
+        });
+    });
+{% endblock %}

allianceauth/authentication/templates/public/base.html

@@ -1,4 +1,5 @@
 {% load static %}
+<!DOCTYPE html>
 <html lang="en">
     <head>
         <meta charset="utf-8">
@@ -7,7 +8,7 @@
         <meta name="description" content="">
         <meta name="author" content="">
         <meta property="og:title" content="{{ SITE_NAME }}">
-        <meta property="og:image" content="{{ request.scheme }}://{{ request.get_host }}{% static 'icons/apple-touch-icon.png' %}">
+        <meta property="og:image" content="{{ SITE_URL }}{% static 'allianceauth/icons/apple-touch-icon.png' %}">
         <meta property="og:description" content="Alliance Auth - An auth system for EVE Online to help in-game organizations manage online service access.">
 
         {% include 'allianceauth/icons.html' %}
@@ -21,7 +22,7 @@
 
         <style>
             body {
-                background: url('{% static 'authentication/img/background.jpg' %}') no-repeat center center fixed;
+                background: url('{% static 'allianceauth/authentication/img/background.jpg' %}') no-repeat center center fixed;
                 -webkit-background-size: cover;
                 -moz-background-size: cover;
                 -o-background-size: cover;
@@ -31,6 +32,7 @@
             .panel-transparent {
                 background: rgba(48, 48, 48, 0.7);
                 color: #ffffff;
+                padding-bottom: 21px;
             }
 
             .panel-body {
@@ -47,7 +49,7 @@
         </style>
     </head>
     <body>
-        <div class="container" style="margin-top:150px">
+        <div class="container" style="margin-top:150px;">
             {% block content %}
             {% endblock %}
         </div>

allianceauth/authentication/templates/public/lang_select.html

@@ -6,7 +6,7 @@
             {% get_language_info_list for LANGUAGES as languages %}
             {% for language in languages %}
                 <option value="{{ language.code }}"{% if language.code == LANGUAGE_CODE %} selected="selected"{% endif %}>
-                    {{ language.name_local }} ({{ language.code }})
+                    {{ language.name_local|capfirst }} ({{ language.code }})
                 </option>
             {% endfor %}
         </select>

allianceauth/authentication/templates/public/login.html

@@ -6,7 +6,7 @@
 {% block page_title %}{% translate "Login" %}{% endblock %}
 
 {% block middle_box_content %}
-    <a href="{% url 'auth_sso_login' %}{% if request.GET.next %}?next={{request.GET.next}}{%endif%}">
-        <img class="img-responsive center-block" src="{% static 'img/sso/EVE_SSO_Login_Buttons_Large_Black.png' %}" border=0>
+    <a href="{% url 'auth_sso_login' %}{% if request.GET.next %}?next={{request.GET.next | urlencode}}{%endif%}">
+        <img class="img-responsive center-block" src="{% static 'allianceauth/authentication/img/sso/EVE_SSO_Login_Buttons_Large_Black.png' %}" alt="{% translate 'Login with Eve SSO' %}">
     </a>
 {% endblock %}

allianceauth/authentication/templates/public/middle_box.html

@@ -1,5 +1,7 @@
 {% extends 'public/base.html' %}
-{% load static %}
+
+{% load i18n %}
+
 {% block content %}
     <div class="col-md-4 col-md-offset-4">
         {% if messages %}
@@ -7,6 +9,7 @@
                 <div class="alert alert-{{ message.level_tag}}">{{ message }}</div>
             {% endfor %}
         {% endif %}
+
         <div class="panel panel-default panel-transparent">
             <div class="panel-body">
                 <div class="col-md-12">
@@ -14,10 +17,25 @@
                     {% endblock %}
                 </div>
             </div>
+
             {% include 'public/lang_select.html' %}
+
+            <p class="text-center" style="margin-top: 2rem;">
+                {% translate "For information on SSO, ESI and security read the CCP Dev Blog" %}<br>
+                <a href="https://www.eveonline.com/article/introducing-esi" target="_blank" rel="noopener noreferrer">
+                    {% translate "Introducing ESI - A New API For Eve Online" %}
+                </a>
+            </p>
+
+            <p class="text-center">
+                <a href="https://community.eveonline.com/support/third-party-applications/" target="_blank" rel="noopener noreferrer">
+                    {% translate "Manage ESI Applications" %}
+                </a>
+            </p>
         </div>
     </div>
 {% endblock %}
+
 {% block extra_include %}
     {% include 'bundles/bootstrap-js.html' %}
 {% endblock %}

allianceauth/authentication/templates/public/register.html

@@ -1,6 +1,5 @@
 {% extends 'public/base.html' %}
 
-{% load static %}
 {% load bootstrap %}
 {% load i18n %}
 

allianceauth/authentication/templates/registration/password_reset_email.html

@@ -1,15 +0,0 @@
-{% load i18n %}{% autoescape off %}
-    {% blocktrans trimmed %}You're receiving this email because you requested a password reset for your
-        user account.{% endblocktrans %}
-
-    {% translate "Please go to the following page and choose a new password:" %}
-    {% block reset_link %}
-        {{domain}}{% url 'password_reset_confirm' uidb64=uid token=token %}
-    {% endblock %}
-    {% translate "Your username, in case you've forgotten:" %} {{ user.get_username }}
-
-    {% translate "Thanks for using our site!" %}
-
-    {% blocktrans %}Your IT Team{% endblocktrans %}
-
-{% endautoescape %}

allianceauth/authentication/templates/registration/registration_form.html

@@ -1,14 +0,0 @@
-{% extends 'public/middle_box.html' %}
-{% load bootstrap %}
-{% load i18n %}
-{% load static %}
-{% block page_title %}{% translate "Register" %}{% endblock %}
-{% block middle_box_content %}
-    <form class="form-signin" role="form" action="" method="POST">
-        {% csrf_token %}
-        {{ form|bootstrap }}
-        <br>
-        <button class="btn btn-lg btn-primary btn-block" type="submit">{% translate "Submit" %}</button>
-        <br>
-    </form>
-{% endblock %}

allianceauth/authentication/tests/test_admin.py

@@ -2,6 +2,8 @@ from bs4 import BeautifulSoup
 from urllib.parse import quote
 from unittest.mock import patch, MagicMock
 
+from django_webtest import WebTest
+
 from django.contrib.admin.sites import AdminSite
 from django.contrib.auth.models import Group
 from django.test import TestCase, RequestFactory, Client
@@ -276,10 +278,10 @@ class TestOwnershipRecordAdmin(TestCaseWithTestData):
 class TestStateAdmin(TestCaseWithTestData):
     fixtures = ["disable_analytics"]
 
-    def setUp(self):
-        self.modeladmin = StateAdmin(
-            model=User, admin_site=AdminSite()
-        )
+    @classmethod
+    def setUpClass(cls) -> None:
+        super().setUpClass()
+        cls.modeladmin = StateAdmin(model=User, admin_site=AdminSite())
 
     def test_change_view_loads_normally(self):
         User.objects.create_superuser(
@@ -543,7 +545,74 @@ class TestUserAdmin(TestCaseWithTestData):
         self.assertEqual(response.status_code, expected)
 
 
+class TestStateAdminChangeFormSuperuserExclusiveEdits(WebTest):
+    @classmethod
+    def setUpClass(cls) -> None:
+        super().setUpClass()
+        cls.super_admin = User.objects.create_superuser("super_admin")
+        cls.staff_admin = User.objects.create_user("staff_admin")
+        cls.staff_admin.is_staff = True
+        cls.staff_admin.save()
+        cls.staff_admin = AuthUtils.add_permissions_to_user_by_name(
+            [
+                "authentication.add_state",
+                "authentication.change_state",
+                "authentication.view_state",
+            ],
+            cls.staff_admin
+        )
+        cls.superuser_exclusive_fields = ["permissions",]
+
+    def test_should_show_all_fields_to_superuser_for_add(self):
+        # given
+        self.app.set_user(self.super_admin)
+        page = self.app.get("/admin/authentication/state/add/")
+        # when
+        form = page.forms["state_form"]
+        # then
+        for field in self.superuser_exclusive_fields:
+            with self.subTest(field=field):
+                self.assertIn(field, form.fields)
+
+    def test_should_not_show_all_fields_to_staff_admins_for_add(self):
+        # given
+        self.app.set_user(self.staff_admin)
+        page = self.app.get("/admin/authentication/state/add/")
+        # when
+        form = page.forms["state_form"]
+        # then
+        for field in self.superuser_exclusive_fields:
+            with self.subTest(field=field):
+                self.assertNotIn(field, form.fields)
+
+    def test_should_show_all_fields_to_superuser_for_change(self):
+        # given
+        self.app.set_user(self.super_admin)
+        state = AuthUtils.get_member_state()
+        page = self.app.get(f"/admin/authentication/state/{state.pk}/change/")
+        # when
+        form = page.forms["state_form"]
+        # then
+        for field in self.superuser_exclusive_fields:
+            with self.subTest(field=field):
+                self.assertIn(field, form.fields)
+
+    def test_should_not_show_all_fields_to_staff_admin_for_change(self):
+        # given
+        self.app.set_user(self.staff_admin)
+        state = AuthUtils.get_member_state()
+        page = self.app.get(f"/admin/authentication/state/{state.pk}/change/")
+        # when
+        form = page.forms["state_form"]
+        # then
+        for field in self.superuser_exclusive_fields:
+            with self.subTest(field=field):
+                self.assertNotIn(field, form.fields)
+
+
 class TestUserAdminChangeForm(TestCase):
+    fixtures = ["disable_analytics"]
+
     @classmethod
     def setUpClass(cls) -> None:
         super().setUpClass()
@@ -552,7 +621,7 @@ class TestUserAdminChangeForm(TestCase):
     def test_should_show_groups_available_to_user_with_blue_state_only(self):
         # given
         superuser = User.objects.create_superuser("Super")
-        user = AuthUtils.create_user("Bruce Wayne")
+        user = AuthUtils.create_user("bruce_wayne")
         character = AuthUtils.add_main_character_2(
             user,
             name="Bruce Wayne",
@@ -579,6 +648,126 @@ class TestUserAdminChangeForm(TestCase):
         self.assertSetEqual(group_ids, {group_1.pk, group_2.pk})
 
 
+class TestUserAdminChangeFormSuperuserExclusiveEdits(WebTest):
+    fixtures = ["disable_analytics"]
+
+    @classmethod
+    def setUpClass(cls) -> None:
+        super().setUpClass()
+        cls.super_admin = User.objects.create_superuser("super_admin")
+        cls.staff_admin = User.objects.create_user("staff_admin")
+        cls.staff_admin.is_staff = True
+        cls.staff_admin.save()
+        cls.staff_admin = AuthUtils.add_permissions_to_user_by_name(
+            [
+                "auth.change_user",
+                "auth.view_user",
+                "authentication.change_user",
+                "authentication.change_userprofile",
+                "authentication.view_user"
+            ],
+            cls.staff_admin
+        )
+        cls.superuser_exclusive_fields = [
+            "is_staff", "is_superuser", "user_permissions"
+        ]
+
+    def setUp(self) -> None:
+        self.user = AuthUtils.create_user("bruce_wayne")
+
+    def test_should_show_all_fields_to_superuser_for_change(self):
+        # given
+        self.app.set_user(self.super_admin)
+
+        page = self.app.get(f"/admin/authentication/user/{self.user.pk}/change/")
+        # when
+        form = page.forms["user_form"]
+        # then
+        for field in self.superuser_exclusive_fields:
+            with self.subTest(field=field):
+                self.assertIn(field, form.fields)
+
+    def test_should_not_show_all_fields_to_staff_admin_for_change(self):
+        # given
+        self.app.set_user(self.staff_admin)
+        page = self.app.get(f"/admin/authentication/user/{self.user.pk}/change/")
+        # when
+        form = page.forms["user_form"]
+        # then
+        for field in self.superuser_exclusive_fields:
+            with self.subTest(field=field):
+                self.assertNotIn(field, form.fields)
+
+    def test_should_allow_super_admin_to_add_restricted_group_to_user(self):
+        # given
+        self.app.set_user(self.super_admin)
+        group_restricted = Group.objects.create(name="restricted group")
+        group_restricted.authgroup.restricted = True
+        group_restricted.authgroup.save()
+        page = self.app.get(f"/admin/authentication/user/{self.user.pk}/change/")
+        form = page.forms["user_form"]
+        # when
+        form["groups"].select_multiple(texts=["restricted group"])
+        response = form.submit("save")
+        # then
+        self.assertEqual(response.status_code, 302)
+        self.user.refresh_from_db()
+        self.assertIn(
+            "restricted group", self.user.groups.values_list("name", flat=True)
+        )
+
+    def test_should_not_allow_staff_admin_to_add_restricted_group_to_user(self):
+        # given
+        self.app.set_user(self.staff_admin)
+        group_restricted = Group.objects.create(name="restricted group")
+        group_restricted.authgroup.restricted = True
+        group_restricted.authgroup.save()
+        page = self.app.get(f"/admin/authentication/user/{self.user.pk}/change/")
+        form = page.forms["user_form"]
+        # when
+        form["groups"].select_multiple(texts=["restricted group"])
+        response = form.submit("save")
+        # then
+        self.assertEqual(response.status_code, 200)
+        self.assertIn(
+            "You are not allowed to add or remove these restricted groups",
+            response.text
+        )
+
+    def test_should_not_allow_staff_admin_to_remove_restricted_group_from_user(self):
+        # given
+        self.app.set_user(self.staff_admin)
+        group_restricted = Group.objects.create(name="restricted group")
+        group_restricted.authgroup.restricted = True
+        group_restricted.authgroup.save()
+        self.user.groups.add(group_restricted)
+        page = self.app.get(f"/admin/authentication/user/{self.user.pk}/change/")
+        form = page.forms["user_form"]
+        # when
+        form["groups"].select_multiple(texts=[])
+        response = form.submit("save")
+        # then
+        self.assertEqual(response.status_code, 200)
+        self.assertIn(
+            "You are not allowed to add or remove these restricted groups",
+            response.text
+        )
+
+    def test_should_allow_staff_admin_to_add_normal_group_to_user(self):
+        # given
+        self.app.set_user(self.super_admin)
+        Group.objects.create(name="normal group")
+        page = self.app.get(f"/admin/authentication/user/{self.user.pk}/change/")
+        form = page.forms["user_form"]
+        # when
+        form["groups"].select_multiple(texts=["normal group"])
+        response = form.submit("save")
+        # then
+        self.assertEqual(response.status_code, 302)
+        self.user.refresh_from_db()
+        self.assertIn("normal group", self.user.groups.values_list("name", flat=True))
+
+
 class TestMakeServicesHooksActions(TestCaseWithTestData):
 
     class MyServicesHookTypeA(ServicesHook):

allianceauth/authentication/tests/test_backend.py

@@ -116,10 +116,17 @@ class TestAuthenticate(TestCase):
         user = StateBackend().authenticate(token=t)
         self.assertEqual(user, self.user)
 
+    """ Alt Login disabled
     def test_authenticate_alt_character(self):
         t = Token(character_id=self.alt_character.character_id, character_owner_hash='2')
         user = StateBackend().authenticate(token=t)
         self.assertEqual(user, self.user)
+    """
+
+    def test_authenticate_alt_character_fail(self):
+        t = Token(character_id=self.alt_character.character_id, character_owner_hash='2')
+        user = StateBackend().authenticate(token=t)
+        self.assertEqual(user, None)
 
     def test_authenticate_unclaimed_character(self):
         t = Token(character_id=self.unclaimed_character.character_id, character_name=self.unclaimed_character.character_name, character_owner_hash='3')
@@ -128,6 +135,7 @@ class TestAuthenticate(TestCase):
         self.assertEqual(user.username, 'Unclaimed_Character')
         self.assertEqual(user.profile.main_character, self.unclaimed_character)
 
+    """ Alt Login disabled
     def test_authenticate_character_record(self):
         t = Token(character_id=self.unclaimed_character.character_id, character_name=self.unclaimed_character.character_name, character_owner_hash='4')
         OwnershipRecord.objects.create(user=self.old_user, character=self.unclaimed_character, owner_hash='4')
@@ -135,6 +143,15 @@ class TestAuthenticate(TestCase):
         self.assertEqual(user, self.old_user)
         self.assertTrue(CharacterOwnership.objects.filter(owner_hash='4', user=self.old_user).exists())
         self.assertTrue(user.profile.main_character)
+    """
+
+    def test_authenticate_character_record_fails(self):
+        t = Token(character_id=self.unclaimed_character.character_id, character_name=self.unclaimed_character.character_name, character_owner_hash='4')
+        OwnershipRecord.objects.create(user=self.old_user, character=self.unclaimed_character, owner_hash='4')
+        user = StateBackend().authenticate(token=t)
+        self.assertEqual(user, self.old_user)
+        self.assertTrue(CharacterOwnership.objects.filter(owner_hash='4', user=self.old_user).exists())
+        self.assertTrue(user.profile.main_character)
 
     def test_iterate_username(self):
         t = Token(character_id=self.unclaimed_character.character_id,

allianceauth/authentication/tests/test_decorators.py

@@ -4,16 +4,16 @@ from urllib import parse
 from django.conf import settings
 from django.contrib.auth.models import AnonymousUser
 from django.http.response import HttpResponse
-from django.shortcuts import reverse
 from django.test import TestCase
 from django.test.client import RequestFactory
+from django.urls import reverse, URLPattern
 
 from allianceauth.eveonline.models import EveCharacter
 from allianceauth.tests.auth_utils import AuthUtils
 
-from ..decorators import main_character_required
-from ..models import CharacterOwnership
 
+from ..decorators import decorate_url_patterns, main_character_required
+from ..models import CharacterOwnership
 
 MODULE_PATH = 'allianceauth.authentication'
 
@@ -66,3 +66,33 @@ class DecoratorTestCase(TestCase):
         setattr(self.request, 'user', self.main_user)
         response = self.dummy_view(self.request)
         self.assertEqual(response.status_code, 200)
+
+
+class TestDecorateUrlPatterns(TestCase):
+    def test_should_add_decorator_by_default(self):
+        # given
+        decorator = mock.MagicMock(name="decorator")
+        view = mock.MagicMock(name="view")
+        path = mock.MagicMock(spec=URLPattern, name="path")
+        path.callback = view
+        path.lookup_str = "my_lookup_str"
+        urls = [path]
+        urlconf_module = urls
+        # when
+        decorate_url_patterns(urlconf_module, decorator)
+        # then
+        self.assertEqual(path.callback, decorator(view))
+
+    def test_should_not_add_decorator_when_excluded(self):
+        # given
+        decorator = mock.MagicMock(name="decorator")
+        view = mock.MagicMock(name="view")
+        path = mock.MagicMock(spec=URLPattern, name="path")
+        path.callback = view
+        path.lookup_str = "my_lookup_str"
+        urls = [path]
+        urlconf_module = urls
+        # when
+        decorate_url_patterns(urlconf_module, decorator, excluded_views=["my_lookup_str"])
+        # then
+        self.assertEqual(path.callback, view)

allianceauth/authentication/urls.py

@@ -22,5 +22,20 @@ urlpatterns = [
         views.add_character,
         name='add_character'
     ),
+    path(
+        'account/tokens/manage/',
+        views.token_management,
+        name='token_management'
+    ),
+    path(
+        'account/tokens/delete/<int:token_id>',
+        views.token_delete,
+        name='token_delete'
+    ),
+    path(
+        'account/tokens/refresh/<int:token_id>',
+        views.token_refresh,
+        name='token_refresh'
+    ),
     path('dashboard/', views.dashboard, name='dashboard'),
 ]

allianceauth/authentication/views.py

@@ -61,6 +61,44 @@ def dashboard(request):
     }
     return render(request, 'authentication/dashboard.html', context)
 
+@login_required
+def token_management(request):
+    tokens = request.user.token_set.all()
+
+    context = {
+        'tokens': tokens
+    }
+    return render(request, 'authentication/tokens.html', context)
+
+@login_required
+def token_delete(request, token_id=None):
+    try:
+        token = Token.objects.get(id=token_id)
+        if request.user == token.user:
+            token.delete()
+            messages.success(request, "Token Deleted.")
+        else:
+            messages.error(request, "This token does not belong to you.")
+    except Token.DoesNotExist:
+        messages.warning(request, "Token does not exist")
+    return redirect('authentication:token_management')
+
+@login_required
+def token_refresh(request, token_id=None):
+    try:
+        token = Token.objects.get(id=token_id)
+        if request.user == token.user:
+            try:
+                token.refresh()
+                messages.success(request, "Token refreshed.")
+            except Exception as e:
+                messages.warning(request, f"Failed to refresh token. {e}")
+        else:
+            messages.error(request, "This token does not belong to you.")
+    except Token.DoesNotExist:
+        messages.warning(request, "Token does not exist")
+    return redirect('authentication:token_management')
+
 
 @login_required
 @token_required(scopes=settings.LOGIN_TOKEN_SCOPES)

allianceauth/context_processors.py

@@ -5,5 +5,6 @@ from .views import NightModeRedirectView
 def auth_settings(request):
     return {
         'SITE_NAME': settings.SITE_NAME,
+        'SITE_URL': settings.SITE_URL,
         'NIGHT_MODE': NightModeRedirectView.night_mode_state(request),
     }

allianceauth/corputils/__init__.py

@@ -1 +0,0 @@
-default_app_config = 'allianceauth.corputils.apps.CorpUtilsConfig'

allianceauth/corputils/templates/corputils/corpstats.html

@@ -8,11 +8,11 @@
                 <table class="table">
                     <tr>
                         <td class="text-center col-lg-6{% if corpstats.corp.alliance %}{% else %}col-lg-offset-3{% endif %}">
-                                <img class="ra-avatar" src="{{ corpstats.corp.logo_url_64 }}">
+                                <img class="ra-avatar" src="{{ corpstats.corp.logo_url_64 }}" alt="{{ corpstats.corp.corporation_name }}">
                             </td>
                         {% if corpstats.corp.alliance %}
                             <td class="text-center col-lg-6">
-                                <img class="ra-avatar" src="{{ corpstats.corp.alliance.logo_url_64 }}">
+                                <img class="ra-avatar" src="{{ corpstats.corp.alliance.logo_url_64 }}" alt="{{ corpstats.corp.alliance.alliance_name }}">
                             </td>
                         {% endif %}
                     </tr>
@@ -59,7 +59,7 @@
                                                     <tr>
                                                         <td class="text-center" style="vertical-align:middle">
                                                             <div class="thumbnail" style="border: 0 none; box-shadow: none; background: transparent;">
-                                                                <img src="{{ main.main.portrait_url_64 }}" class="img-circle">
+                                                                <img src="{{ main.main.portrait_url_64 }}" class="img-circle" alt="{{ main.main }}">
                                                                 <div class="caption text-center">
                                                                     {{ main.main }}
                                                                 </div>
@@ -80,7 +80,7 @@
                                                                     <tr>
                                                                         <td class="text-center" style="width:5%">
                                                                             <div class="thumbnail" style="border: 0 none; box-shadow: none; background: transparent;">
-                                                                                <img src="{{ alt.portrait_url_32 }}" class="img-circle">
+                                                                                <img src="{{ alt.portrait_url_32 }}" class="img-circle" alt="{{ alt.character_name }}">
                                                                             </div>
                                                                         </td>
                                                                         <td class="text-center" style="width:30%">{{ alt.character_name }}</td>
@@ -119,7 +119,7 @@
                                             <tbody>
                                                 {% for member in members %}
                                                     <tr>
-                                                        <td><img src="{{ member.portrait_url }}" class="img-circle"></td>
+                                                        <td><img src="{{ member.portrait_url }}" class="img-circle" alt="{{ member }}"></td>
                                                         <td class="text-center">{{ member }}</td>
                                                         <td class="text-center">
                                                             <a href="https://zkillboard.com/character/{{ member.character_id }}/" class="label label-danger" target="_blank">{% translate "Killboard" %}</a>
@@ -131,7 +131,7 @@
                                                 {% endfor %}
                                                 {% for member in unregistered %}
                                                     <tr class="danger">
-                                                        <td><img src="{{ member.portrait_url }}" class="img-circle"></td>
+                                                        <td><img src="{{ member.portrait_url }}" class="img-circle" alt="{{ member.character_name }}"></td>
                                                         <td class="text-center">{{ member.character_name }}</td>
                                                         <td class="text-center">
                                                             <a href="https://zkillboard.com/character/{{ member.character_id }}/" class="label label-danger" target="_blank">{% translate "Killboard" %}</a>
@@ -160,7 +160,7 @@
                                             <tbody>
                                                 {% for member in unregistered %}
                                                     <tr class="danger">
-                                                        <td><img src="{{ member.portrait_url }}" class="img-circle"></td>
+                                                        <td><img src="{{ member.portrait_url }}" class="img-circle" alt="{{ member.character_name }}"></td>
                                                         <td class="text-center">{{ member.character_name }}</td>
                                                         <td class="text-center">
                                                             <a href="https://zkillboard.com/character/{{ member.character_id }}/" class="label label-danger" target="_blank">

allianceauth/corputils/templates/corputils/search.html

@@ -21,7 +21,7 @@
                 <tbody>
                     {% for result in results %}
                         <tr {% if not result.1.registered %}class="danger"{% endif %}>
-                            <td class="text-center"><img src="{{ result.1.portrait_url }}" class="img-circle"></td>
+                            <td class="text-center"><img src="{{ result.1.portrait_url }}" class="img-circle" alt="{{ result.1.character_name }}"></td>
                             <td class="text-center">{{ result.1.character_name }}</td>
                             <td class="text-center">{{ result.0.corp.corporation_name }}</td>
                             <td class="text-center"><a href="https://zkillboard.com/character/{{ result.1.character_id }}/" class="label label-danger" target="_blank">{% translate "Killboard" %}</a></td>

allianceauth/eveonline/__init__.py

@@ -1 +0,0 @@
-default_app_config = 'allianceauth.eveonline.apps.EveonlineConfig'

allianceauth/eveonline/autogroups/__init__.py

@@ -1 +0,0 @@
-default_app_config = 'allianceauth.eveonline.autogroups.apps.EveAutogroupsConfig'

allianceauth/eveonline/autogroups/admin.py

@@ -14,6 +14,7 @@ def sync_user_groups(modeladmin, request, queryset):
         agc.update_all_states_group_membership()
 
 
+@admin.register(AutogroupsConfig)
 class AutogroupsConfigAdmin(admin.ModelAdmin):
     formfield_overrides = {
         models.CharField: {'strip': False}
@@ -36,6 +37,5 @@ class AutogroupsConfigAdmin(admin.ModelAdmin):
         return actions
 
 
-admin.site.register(AutogroupsConfig, AutogroupsConfigAdmin)
 admin.site.register(ManagedCorpGroup)
 admin.site.register(ManagedAllianceGroup)

allianceauth/eveonline/migrations/0017_alliance_and_corp_names_are_not_unique.py

@@ -0,0 +1,23 @@
+# Generated by Django 4.0.7 on 2022-08-14 16:23
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('eveonline', '0016_character_names_are_not_unique'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='eveallianceinfo',
+            name='alliance_name',
+            field=models.CharField(max_length=254, db_index=True),
+        ),
+        migrations.AlterField(
+            model_name='evecorporationinfo',
+            name='corporation_name',
+            field=models.CharField(max_length=254, db_index=True),
+        ),
+    ]

allianceauth/eveonline/models.py

@@ -71,7 +71,7 @@ class EveAllianceInfo(models.Model):
     """An alliance in Eve Online."""
 
     alliance_id = models.PositiveIntegerField(unique=True)
-    alliance_name = models.CharField(max_length=254, unique=True)
+    alliance_name = models.CharField(max_length=254, db_index=True)
     alliance_ticker = models.CharField(max_length=254)
     executor_corp_id = models.PositiveIntegerField()
 
@@ -139,7 +139,7 @@ class EveCorporationInfo(models.Model):
     """A corporation in Eve Online."""
 
     corporation_id = models.PositiveIntegerField(unique=True)
-    corporation_name = models.CharField(max_length=254, unique=True)
+    corporation_name = models.CharField(max_length=254, db_index=True)
     corporation_ticker = models.CharField(max_length=254)
     member_count = models.IntegerField()
     ceo_id = models.PositiveIntegerField(blank=True, null=True, default=None)

allianceauth/eveonline/providers.py

@@ -8,6 +8,7 @@ from django.conf import settings
 from esi.clients import esi_client_factory
 
 from allianceauth import __version__
+from allianceauth.utils.django import StartupCommand
 
 
 SWAGGER_SPEC_PATH = os.path.join(os.path.dirname(
@@ -175,15 +176,16 @@ class EveProvider:
 
 class EveSwaggerProvider(EveProvider):
     def __init__(self, token=None, adapter=None):
-        if settings.DEBUG:
+        if settings.DEBUG or StartupCommand().is_management_command:
             self._client = None
-            logger.info(
-                'DEBUG mode detected: ESI client will be loaded on-demand.'
-            )
+            logger.info('ESI client will be loaded on-demand')
         else:
+            logger.info('Loading ESI client')
             try:
                 self._client = esi_client_factory(
-                    token=token, spec_file=SWAGGER_SPEC_PATH, app_info_text=("allianceauth v" + __version__)
+                    token=token,
+                    spec_file=SWAGGER_SPEC_PATH,
+                    app_info_text=f"allianceauth v{__version__}"
                 )
             except (HTTPError, RefResolutionError):
                 logger.exception(

allianceauth/fleetactivitytracking/__init__.py

@@ -1 +0,0 @@
-default_app_config = 'allianceauth.fleetactivitytracking.apps.FatConfig'

allianceauth/fleetactivitytracking/templates/fleetactivitytracking/characternotexisting.html

@@ -12,7 +12,7 @@
                     <div class="panel-heading">{{ character_name }}</div>
                     <div class="panel-body">
                         <div class="col-lg-2 col-sm-2">
-                            <img class="ra-avatar img-responsive" src="{{ character_portrait_url }}">
+                            <img class="ra-avatar img-responsive" src="{{ character_portrait_url }}" alt="{{ character_name }}">
                         </div>
                         <div class="col-lg-10 col-sm-2">
                             <div class="alert alert-danger" role="alert">{% translate "Character not registered!" %}</div>

allianceauth/fleetactivitytracking/templates/fleetactivitytracking/fatlinkformatter.html

@@ -1,6 +1,5 @@
 {% extends "allianceauth/base.html" %}
 {% load bootstrap %}
-{% load static %}
 {% load i18n %}
 
 {% block page_title %}{% translate "Create Fatlink" %}{% endblock page_title %}

allianceauth/fleetactivitytracking/templates/fleetactivitytracking/fatlinkmodify.html

@@ -1,6 +1,4 @@
 {% extends "allianceauth/base.html" %}
-{% load bootstrap %}
-{% load static %}
 {% load i18n %}
 {% block page_title %}{% translate "Fatlink view" %}{% endblock page_title %}
 
@@ -32,7 +30,7 @@
                             <td class="text-center">{{ fat.user }}</td>
                             <td class="text-center">{{ fat.character.character_name }}</td>
                             {%  if fat.station != "No Station" %}
-                                <td class="text-center">{% blocktrans %}Docked in {% endblocktrans %}{{ fat.system }}</td>
+                                <td class="text-center">{% blocktranslate %}Docked in {% endblocktranslate %}{{ fat.system }}</td>
                             {% else %}
                                 <td class="text-center">{{ fat.system }}</td>
                             {% endif %}

allianceauth/fleetactivitytracking/templates/fleetactivitytracking/fatlinkpersonalmonthlystatisticsview.html

@@ -1,13 +1,11 @@
 {% extends "allianceauth/base.html" %}
-{% load bootstrap %}
-{% load static %}
 {% load i18n %}
 
 {% block page_title %}{% translate "Personal fatlink statistics" %}{% endblock page_title %}
 
 {% block content %}
     <div class="col-lg-12">
-        <h1 class="page-header text-center">{% blocktrans %}Participation data statistics for {{ month }}, {{ year }}{% endblocktrans %}
+        <h1 class="page-header text-center">{% blocktranslate %}Participation data statistics for {{ month }}, {{ year }}{% endblocktranslate %}
             {% if char_id %}
             <div class="text-right">
                 <a href="{% url 'fatlink:user_statistics_month' char_id previous_month|date:'Y' previous_month|date:'m' %}" class="btn btn-info">{% translate "Previous month" %}</a>
@@ -16,11 +14,11 @@
             {% endif %}
         </h1>
         <h2>
-            {% blocktrans count links=n_fats trimmed %}
+            {% blocktranslate count links=n_fats trimmed %}
                 {{ user }} has collected one link this month.
             {% plural %}
                 {{ user }} has collected {{ links }} links this month.
-            {% endblocktrans %}
+            {% endblocktranslate %}
         </h2>
         <table class="table table-responsive">
             <tr>
@@ -36,11 +34,11 @@
         </table>
         {%  if created_fats %}
         <h2>
-            {% blocktrans count links=n_created_fats trimmed  %}
+            {% blocktranslate count links=n_created_fats trimmed  %}
                 {{ user }} has created one link this month.
             {% plural %}
                 {{ user }} has created {{ links }} links this month.
-            {% endblocktrans %}
+            {% endblocktranslate %}
         </h2>
         {% if created_fats %}
         <table class="table">

allianceauth/fleetactivitytracking/templates/fleetactivitytracking/fatlinkpersonalstatisticsview.html

@@ -1,13 +1,11 @@
 {% extends "allianceauth/base.html" %}
-{% load bootstrap %}
-{% load static %}
 {% load i18n %}
 
 {% block page_title %}{% translate "Personal fatlink statistics" %}{% endblock page_title %}
 
 {% block content %}
     <div class="col-lg-12">
-        <h1 class="page-header text-center">{% blocktrans %}Participation data statistics for {{ year }}{% endblocktrans %}
+        <h1 class="page-header text-center">{% blocktranslate %}Participation data statistics for {{ year }}{% endblocktranslate %}
             <div class="text-right">
                 <a href="{% url 'fatlink:personal_statistics_year' previous_year %}" class="btn btn-info">{% translate "Previous year" %}</a>
                 {%  if next_year %}

allianceauth/fleetactivitytracking/templates/fleetactivitytracking/fatlinkstatisticscorpview.html

@@ -1,13 +1,11 @@
 {% extends "allianceauth/base.html" %}
-{% load bootstrap %}
-{% load static %}
 {% load i18n %}
 
 {% block page_title %}{% translate "Fatlink Corp Statistics" %}{% endblock page_title %}
 
 {% block content %}
     <div class="col-lg-12">
-        <h1 class="page-header text-center">{% blocktrans %}Participation data statistics for {{ month }}, {{ year }}{% endblocktrans %}
+        <h1 class="page-header text-center">{% blocktranslate %}Participation data statistics for {{ month }}, {{ year }}{% endblocktranslate %}
             <div class="text-right">
                 <a href="{% url 'fatlink:statistics_corp_month' corpid previous_month|date:"Y" previous_month|date:"m" %}" class="btn btn-info">{% translate "Previous month" %}</a>
                 {%  if next_month %}
@@ -29,7 +27,7 @@
             {% for memberStat in fatStats %}
             <tr>
                 <td>
-                    <img src="{{ memberStat.mainchar.portrait_url_32 }}" class="ra-avatar img-responsive">
+                    <img src="{{ memberStat.mainchar.portrait_url_32 }}" class="ra-avatar img-responsive" alt="{{ memberStat.mainchar.character_name }}">
                 </td>
                 <td class="text-center">{{ memberStat.mainchar.character_name }}</td>
                 <td class="text-center">{{ memberStat.n_chars }}</td>

allianceauth/fleetactivitytracking/templates/fleetactivitytracking/fatlinkstatisticsview.html

@@ -1,13 +1,11 @@
 {% extends "allianceauth/base.html" %}
-{% load bootstrap %}
-{% load static %}
 {% load i18n %}
 
 {% block page_title %}{% translate "Fatlink statistics" %}{% endblock page_title %}
 
 {% block content %}
     <div class="col-lg-12">
-        <h1 class="page-header text-center">{% blocktrans %}Participation data statistics for {{ month }}, {{ year }}{% endblocktrans %}
+        <h1 class="page-header text-center">{% blocktranslate %}Participation data statistics for {{ month }}, {{ year }}{% endblocktranslate %}
             <div class="text-right">
                 <a href="{% url 'fatlink:statistics_month' previous_month|date:"Y" previous_month|date:"m"  %}" class="btn btn-info">{% translate "Previous month" %}</a>
                 {%  if next_month %}
@@ -30,9 +28,9 @@
             {% for corpStat in fatStats %}
             <tr>
                 <td>
-                    <img src="{{ corpStat.corp.logo_url_32 }}" class="ra-avatar img-responsive">
+                    <img src="{{ corpStat.corp.logo_url_32 }}" class="ra-avatar img-responsive" alt="{{ corpStat.corp.corporation_name }}">
                 </td>
-                <td class="text-center"><a href="{% url 'fatlink:statistics_corp' corpStat.corp.corporation_id %}">[{{ corpStat.corp.corporation_ticker }}]</td>
+                <td class="text-center"><a href="{% url 'fatlink:statistics_corp' corpStat.corp.corporation_id %}">[{{ corpStat.corp.corporation_ticker }}]</a></td>
                 <td class="text-center">{{ corpStat.corp.corporation_name }}</td>
                 <td class="text-center">{{ corpStat.corp.member_count }}</td>
                 <td class="text-center">{{ corpStat.n_fats }}</td>

allianceauth/fleetactivitytracking/templates/fleetactivitytracking/fatlinkview.html

@@ -1,6 +1,4 @@
 {% extends "allianceauth/base.html" %}
-{% load bootstrap %}
-{% load static %}
 {% load i18n %}
 
 {% block page_title %}{% translate "Fatlink view" %}{% endblock page_title %}
@@ -35,7 +33,7 @@
                 <td class="text-center">{{ fat.fatlink.fleet }}</td>
                 <td class="text-center">{{ fat.character.character_name }}</td>
                 {%  if fat.station != "No Station" %}
-                <td class="text-center">{% blocktrans %}Docked in {% endblocktrans %}{{ fat.system }}</td>
+                <td class="text-center">{% blocktranslate %}Docked in {% endblocktranslate %}{{ fat.system }}</td>
                 {% else %}
                 <td class="text-center">{{ fat.system }}</td>
                 {% endif %}

allianceauth/fleetactivitytracking/views.py

@@ -212,7 +212,14 @@ def fatlink_monthly_personal_statistics_view(request, year, month, char_id=None)
     start_of_previous_month = first_day_of_previous_month(year, month)
 
     if request.user.has_perm('auth.fleetactivitytracking_statistics') and char_id:
-        user = EveCharacter.objects.get(character_id=char_id).user
+        try:
+            user = EveCharacter.objects.get(character_id=char_id).character_ownership.user
+        except EveCharacter.DoesNotExist:
+            messages.error(request, _('Character does not exist'))
+            return redirect('fatlink:view')
+        except AttributeError:
+            messages.error(request, _('User does not exist'))
+            return redirect('fatlink:view')
     else:
         user = request.user
     logger.debug(f"Personal monthly statistics view for user {user} called by {request.user}")
@@ -241,59 +248,82 @@ def fatlink_monthly_personal_statistics_view(request, year, month, char_id=None)
 
 @login_required
 @token_required(
-    scopes=['esi-location.read_location.v1', 'esi-location.read_ship_type.v1', 'esi-universe.read_structures.v1'])
+    scopes=[
+        'esi-location.read_location.v1',
+        'esi-location.read_ship_type.v1',
+        'esi-universe.read_structures.v1',
+        'esi-location.read_online.v1',
+    ]
+)
 def click_fatlink_view(request, token, fat_hash=None):
-    fatlink = get_object_or_404(Fatlink, hash=fat_hash)
+    c = token.get_esi_client(spec_file=SWAGGER_SPEC_PATH)
+    character = EveCharacter.objects.get_character_by_id(token.character_id)
+    character_online = c.Location.get_characters_character_id_online(
+        character_id=token.character_id
+    ).result()
 
-    if (timezone.now() - fatlink.fatdatetime) < datetime.timedelta(seconds=(fatlink.duration * 60)):
+    if character_online["online"] is True:
+        fatlink = get_object_or_404(Fatlink, hash=fat_hash)
 
-        character = EveCharacter.objects.get_character_by_id(token.character_id)
+        if (timezone.now() - fatlink.fatdatetime) < datetime.timedelta(seconds=(fatlink.duration * 60)):
+            if character:
+                # get data
+                location = c.Location.get_characters_character_id_location(character_id=token.character_id).result()
+                ship = c.Location.get_characters_character_id_ship(character_id=token.character_id).result()
+                location['solar_system_name'] = \
+                    c.Universe.get_universe_systems_system_id(system_id=location['solar_system_id']).result()['name']
 
-        if character:
-            # get data
-            c = token.get_esi_client(spec_file=SWAGGER_SPEC_PATH)
-            location = c.Location.get_characters_character_id_location(character_id=token.character_id).result()
-            ship = c.Location.get_characters_character_id_ship(character_id=token.character_id).result()
-            location['solar_system_name'] = \
-                c.Universe.get_universe_systems_system_id(system_id=location['solar_system_id']).result()['name']
-            if location['station_id']:
-                location['station_name'] = \
-                    c.Universe.get_universe_stations_station_id(station_id=location['station_id']).result()['name']
-            elif location['structure_id']:
-                location['station_name'] = \
-                    c.Universe.get_universe_structures_structure_id(structure_id=location['structure_id']).result()[
-                        'name']
+                if location['station_id']:
+                    location['station_name'] = \
+                        c.Universe.get_universe_stations_station_id(station_id=location['station_id']).result()['name']
+                elif location['structure_id']:
+                    location['station_name'] = \
+                        c.Universe.get_universe_structures_structure_id(structure_id=location['structure_id']).result()[
+                            'name']
+                else:
+                    location['station_name'] = "No Station"
+
+                ship['ship_type_name'] = provider.get_itemtype(ship['ship_type_id']).name
+
+                fat = Fat()
+                fat.system = location['solar_system_name']
+                fat.station = location['station_name']
+                fat.shiptype = ship['ship_type_name']
+                fat.fatlink = fatlink
+                fat.character = character
+                fat.user = request.user
+
+                try:
+                    fat.full_clean()
+                    fat.save()
+                    messages.success(request, _('Fleet participation registered.'))
+                except ValidationError as e:
+                    err_messages = []
+
+                    for errorname, message in e.message_dict.items():
+                        err_messages.append(message[0])
+
+                    messages.error(request, ' '.join(err_messages))
             else:
-                location['station_name'] = "No Station"
-            ship['ship_type_name'] = provider.get_itemtype(ship['ship_type_id']).name
+                context = {
+                    'character_id': token.character_id,
+                    'character_name': token.character_name,
+                    'character_portrait_url': EveCharacter.generic_portrait_url(
+                        token.character_id, 128
+                    ),
+                }
 
-            fat = Fat()
-            fat.system = location['solar_system_name']
-            fat.station = location['station_name']
-            fat.shiptype = ship['ship_type_name']
-            fat.fatlink = fatlink
-            fat.character = character
-            fat.user = request.user
-            try:
-                fat.full_clean()
-                fat.save()
-                messages.success(request, _('Fleet participation registered.'))
-            except ValidationError as e:
-                err_messages = []
-                for errorname, message in e.message_dict.items():
-                    err_messages.append(message[0])
-                messages.error(request, ' '.join(err_messages))
+                return render(request, 'fleetactivitytracking/characternotexisting.html', context=context)
         else:
-            context = {
-                'character_id': token.character_id,
-                'character_name': token.character_name,
-                'character_portrait_url': EveCharacter.generic_portrait_url(
-                    token.character_id, 128
-                ),
-            }
-            return render(request, 'fleetactivitytracking/characternotexisting.html', context=context)
+            messages.error(request, _('FAT link has expired.'))
     else:
-        messages.error(request, _('FAT link has expired.'))
+        messages.warning(
+            request,
+            _(
+                f"Cannot register the fleet participation for {character.character_name}. The character needs to be online."
+            ),
+        )
+
     return redirect('fatlink:view')
 
 

allianceauth/groupmanagement/__init__.py

@@ -1 +0,0 @@
-default_app_config = 'allianceauth.groupmanagement.apps.GroupManagementConfig'

allianceauth/groupmanagement/admin.py

@@ -1,19 +1,21 @@
-from django import forms
 from django.apps import apps
-from django.contrib.auth.models import Permission
 from django.contrib import admin
-from django.contrib.auth.models import Group as BaseGroup, User
-from django.core.exceptions import ValidationError
-from django.db.models import Count
-from django.db.models.functions import Lower
-from django.db.models.signals import pre_save, post_save, pre_delete, \
-    post_delete, m2m_changed
-from django.dispatch import receiver
-from django.utils.timezone import now
-from django.utils.translation import gettext_lazy as _
 
-from .models import AuthGroup, ReservedGroupName
-from .models import GroupRequest
+from django.contrib.auth.models import Group as BaseGroup, Permission, User
+from django.db.models import Count, Exists, OuterRef
+from django.db.models.functions import Lower
+from django.db.models.signals import (
+    m2m_changed,
+    post_delete,
+    post_save,
+    pre_delete,
+    pre_save
+)
+from django.dispatch import receiver
+
+from .forms import GroupAdminForm, ReservedGroupNameAdminForm
+from .models import AuthGroup, GroupRequest, ReservedGroupName
+from .tasks import remove_users_not_matching_states_from_group
 
 if 'eve_autogroups' in apps.app_configs:
     _has_auto_groups = True
@@ -28,10 +30,12 @@ class AuthGroupInlineAdmin(admin.StackedInline):
         'description',
         'group_leaders',
         'group_leader_groups',
-        'states', 'internal',
+        'states',
+        'internal',
         'hidden',
         'open',
-        'public'
+        'public',
+        'restricted',
     )
     verbose_name_plural = 'Auth Settings'
     verbose_name = ''
@@ -50,6 +54,11 @@ class AuthGroupInlineAdmin(admin.StackedInline):
     def has_change_permission(self, request, obj=None):
         return request.user.has_perm('auth.change_group')
 
+    def get_readonly_fields(self, request, obj=None):
+        if not request.user.is_superuser:
+            return self.readonly_fields + ("restricted",)
+        return self.readonly_fields
+
 
 if _has_auto_groups:
     class IsAutoGroupFilter(admin.SimpleListFilter):
@@ -96,27 +105,15 @@ class HasLeaderFilter(admin.SimpleListFilter):
         return queryset
 
 
-class GroupAdminForm(forms.ModelForm):
-    def clean_name(self):
-        my_name = self.cleaned_data['name']
-        if ReservedGroupName.objects.filter(name__iexact=my_name).exists():
-            raise ValidationError(
-                _("This name has been reserved and can not be used for groups."),
-                code='reserved_name'
-            )
-        return my_name
-
-
 class GroupAdmin(admin.ModelAdmin):
     form = GroupAdminForm
-    list_select_related = ('authgroup',)
     ordering = ('name',)
     list_display = (
         'name',
         '_description',
         '_properties',
         '_member_count',
-        'has_leader'
+        'has_leader',
     )
     list_filter = [
         'authgroup__internal',
@@ -132,34 +129,51 @@ class GroupAdmin(admin.ModelAdmin):
 
     def get_queryset(self, request):
         qs = super().get_queryset(request)
-        if _has_auto_groups:
-            qs = qs.prefetch_related('managedalliancegroup_set', 'managedcorpgroup_set')
-        qs = qs.prefetch_related('authgroup__group_leaders').select_related('authgroup')
-        qs = qs.annotate(
-            member_count=Count('user', distinct=True),
+        has_leader_qs = (
+            AuthGroup.objects.filter(group=OuterRef('pk'), group_leaders__isnull=False)
         )
+        has_leader_groups_qs = (
+            AuthGroup.objects.filter(
+                group=OuterRef('pk'), group_leader_groups__isnull=False
+            )
+        )
+        qs = (
+            qs.select_related('authgroup')
+            .annotate(member_count=Count('user', distinct=True))
+            .annotate(has_leader=Exists(has_leader_qs))
+            .annotate(has_leader_groups=Exists(has_leader_groups_qs))
+        )
+        if _has_auto_groups:
+            is_autogroup_corp = (
+                Group.objects.filter(
+                    pk=OuterRef('pk'), managedcorpgroup__isnull=False
+                )
+            )
+            is_autogroup_alliance = (
+                Group.objects.filter(
+                    pk=OuterRef('pk'), managedalliancegroup__isnull=False
+                )
+            )
+            qs = (
+                qs.annotate(is_autogroup_corp=Exists(is_autogroup_corp))
+                .annotate(is_autogroup_alliance=Exists(is_autogroup_alliance))
+            )
         return qs
 
     def _description(self, obj):
         return obj.authgroup.description
 
+    @admin.display(description='Members', ordering='member_count')
     def _member_count(self, obj):
         return obj.member_count
 
-    _member_count.short_description = 'Members'
-    _member_count.admin_order_field = 'member_count'
-
+    @admin.display(boolean=True)
     def has_leader(self, obj):
-        return obj.authgroup.group_leaders.exists() or obj.authgroup.group_leader_groups.exists()
-
-    has_leader.boolean = True
+        return obj.has_leader or obj.has_leader_groups
 
     def _properties(self, obj):
         properties = list()
-        if _has_auto_groups and (
-            obj.managedalliancegroup_set.exists()
-            or obj.managedcorpgroup_set.exists()
-        ):
+        if _has_auto_groups and (obj.is_autogroup_corp or obj.is_autogroup_alliance):
             properties.append('Auto Group')
         elif obj.authgroup.internal:
             properties.append('Internal')
@@ -172,11 +186,10 @@ class GroupAdmin(admin.ModelAdmin):
                 properties.append('Public')
         if not properties:
             properties.append('Default')
-
+        if obj.authgroup.restricted:
+            properties.append('Restricted')
         return properties
 
-    _properties.short_description = "properties"
-
     filter_horizontal = ('permissions',)
     inlines = (AuthGroupInlineAdmin,)
 
@@ -190,8 +203,15 @@ class GroupAdmin(admin.ModelAdmin):
             ag_instance = inline_form.save(commit=False)
             ag_instance.group = form.instance
             ag_instance.save()
+            if ag_instance.states.exists():
+                remove_users_not_matching_states_from_group.delay(ag_instance.group.pk)
         formset.save()
 
+    def get_readonly_fields(self, request, obj=None):
+        if not request.user.is_superuser:
+            return self.readonly_fields + ("permissions",)
+        return self.readonly_fields
+
 
 class Group(BaseGroup):
     class Meta:
@@ -216,33 +236,10 @@ class GroupRequestAdmin(admin.ModelAdmin):
         'leave_request',
     )
 
+    @admin.display(boolean=True, description="is leave request")
     def _leave_request(self, obj) -> True:
         return obj.leave_request
 
-    _leave_request.short_description = 'is leave request'
-    _leave_request.boolean = True
-
-
-class ReservedGroupNameAdminForm(forms.ModelForm):
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        self.fields['created_by'].initial = self.current_user.username
-        self.fields['created_at'].initial = _("(auto)")
-
-    created_by = forms.CharField(disabled=True)
-    created_at = forms.CharField(disabled=True)
-
-    def clean_name(self):
-        my_name = self.cleaned_data['name'].lower()
-        if Group.objects.filter(name__iexact=my_name).exists():
-            raise ValidationError(
-                _("There already exists a group with that name."), code='already_exists'
-            )
-        return my_name
-
-    def clean_created_at(self):
-        return now()
-
 
 @admin.register(ReservedGroupName)
 class ReservedGroupNameAdmin(admin.ModelAdmin):

allianceauth/groupmanagement/forms.py

@@ -0,0 +1,39 @@
+from django import forms
+from django.contrib.auth.models import Group
+from django.core.exceptions import ValidationError
+from django.utils.timezone import now
+from django.utils.translation import gettext_lazy as _
+
+from .models import ReservedGroupName
+
+
+class GroupAdminForm(forms.ModelForm):
+    def clean_name(self):
+        my_name = self.cleaned_data['name']
+        if ReservedGroupName.objects.filter(name__iexact=my_name).exists():
+            raise ValidationError(
+                _("This name has been reserved and can not be used for groups."),
+                code='reserved_name'
+            )
+        return my_name
+
+
+class ReservedGroupNameAdminForm(forms.ModelForm):
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.fields['created_by'].initial = self.current_user.username
+        self.fields['created_at'].initial = _("(auto)")
+
+    created_by = forms.CharField(disabled=True)
+    created_at = forms.CharField(disabled=True)
+
+    def clean_name(self):
+        my_name = self.cleaned_data['name'].lower()
+        if Group.objects.filter(name__iexact=my_name).exists():
+            raise ValidationError(
+                _("There already exists a group with that name."), code='already_exists'
+            )
+        return my_name
+
+    def clean_created_at(self):
+        return now()

allianceauth/groupmanagement/migrations/0019_adding_restricted_to_groups.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2.10 on 2022-04-08 19:30
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('groupmanagement', '0018_reservedgroupname'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='authgroup',
+            name='restricted',
+            field=models.BooleanField(default=False, help_text='Group is restricted. This means that adding or removing users for this group requires a superuser admin.'),
+        ),
+    ]

allianceauth/groupmanagement/models.py

@@ -13,6 +13,7 @@ from allianceauth.notifications import notify
 
 class GroupRequest(models.Model):
     """Request from a user for joining or leaving a group."""
+
     leave_request = models.BooleanField(default=0)
     user = models.ForeignKey(User, on_delete=models.CASCADE)
     group = models.ForeignKey(Group, on_delete=models.CASCADE)
@@ -44,6 +45,7 @@ class GroupRequest(models.Model):
 
 class RequestLog(models.Model):
     """Log entry about who joined and left a group and who approved it."""
+
     request_type = models.BooleanField(null=True)
     group = models.ForeignKey(Group, on_delete=models.CASCADE)
     request_info = models.CharField(max_length=254)
@@ -95,6 +97,7 @@ class AuthGroup(models.Model):
         Open - Users are automatically accepted into the group
         Not Open - Users requests must be approved before they are added to the group
     """
+
     group = models.OneToOneField(Group, on_delete=models.CASCADE, primary_key=True)
     internal = models.BooleanField(
         default=True,
@@ -126,6 +129,13 @@ class AuthGroup(models.Model):
             "are no longer authenticated."
         )
     )
+    restricted = models.BooleanField(
+        default=False,
+        help_text=_(
+            "Group is restricted. This means that adding or removing users "
+            "for this group requires a superuser admin."
+        )
+    )
     group_leaders = models.ManyToManyField(
         User,
         related_name='leads_groups',
@@ -179,12 +189,22 @@ class AuthGroup(models.Model):
             | User.objects.filter(groups__in=list(self.group_leader_groups.all()))
         )
 
+    def remove_users_not_matching_states(self):
+        """Remove users not matching defined states from related group."""
+        states_qs = self.states.all()
+        if states_qs.exists():
+            states = list(states_qs)
+            non_compliant_users = self.group.user_set.exclude(profile__state__in=states)
+            for user in non_compliant_users:
+                self.group.user_set.remove(user)
+
 
 class ReservedGroupName(models.Model):
     """Name that can not be used for groups.
 
     This enables AA to ignore groups on other services (e.g. Discord) with that name.
     """
+
     name = models.CharField(
         _('name'),
         max_length=150,

allianceauth/groupmanagement/tasks.py

@@ -0,0 +1,10 @@
+from celery import shared_task
+
+from django.contrib.auth.models import Group
+
+
+@shared_task
+def remove_users_not_matching_states_from_group(group_pk: int) -> None:
+    """Remove users not matching defined states from related group."""
+    group = Group.objects.get(pk=group_pk)
+    group.authgroup.remove_users_not_matching_states()

allianceauth/groupmanagement/templates/groupmanagement/audit.html

@@ -1,5 +1,4 @@
 {% extends "allianceauth/base.html" %}
-{% load static %}
 {% load i18n %}
 
 {% block page_title %}{{ group }} {% translate "Audit Log" %}{% endblock page_title %}
@@ -25,13 +24,15 @@
                     <div class="table-responsive">
                         <table class="table table-striped" id="log-entries">
                             <thead>
-                                <th scope="col">{% translate "Date/Time" %}</th>
-                                <th scope="col">{% translate "Requestor" %}</th>
-                                <th scope="col">{% translate "Character" %}</th>
-                                <th scope="col">{% translate "Corporation" %}</th>
-                                <th scope="col">{% translate "Type" %}</th>
-                                <th scope="col">{% translate "Action" %}</th>
-                                <th scope="col">{% translate "Actor" %}</th>
+                                <tr>
+                                    <th scope="col">{% translate "Date/Time" %}</th>
+                                    <th scope="col">{% translate "Requestor" %}</th>
+                                    <th scope="col">{% translate "Character" %}</th>
+                                    <th scope="col">{% translate "Corporation" %}</th>
+                                    <th scope="col">{% translate "Type" %}</th>
+                                    <th scope="col">{% translate "Action" %}</th>
+                                    <th scope="col">{% translate "Actor" %}</th>
+                                </tr>
                             </thead>
 
                             <tbody>
@@ -74,7 +75,7 @@
 {% block extra_javascript %}
     {% include 'bundles/datatables-js.html' %}
     {% include 'bundles/moment-js.html' with locale=True %}
-    <script type="application/javascript" src="{% static 'js/filterDropDown/filterDropDown.min.js' %}"></script>
+    {% include 'bundles/filterdropdown-js.html' %}
 {% endblock %}
 
 {% block extra_css %}

allianceauth/groupmanagement/templates/groupmanagement/groupmembers.html

@@ -1,5 +1,4 @@
 {% extends "allianceauth/base.html" %}
-{% load static %}
 {% load i18n %}
 {% load evelinks %}
 
@@ -37,7 +36,7 @@
                                 {% for member in members %}
                                     <tr>
                                         <td>
-                                            <img src="{{ member.main_char|character_portrait_url:32 }}" class="img-circle" style="margin-right: 1rem;">
+                                            <img src="{{ member.main_char|character_portrait_url:32 }}" class="img-circle" style="margin-right: 1rem;" alt="{{ member.main_char.character_name }}">
                                             {% if member.main_char %}
                                                 <a href="{{ member.main_char|evewho_character_url }}" target="_blank">
                                                     {{ member.main_char.character_name }}

allianceauth/groupmanagement/templates/groupmanagement/groupmembership.html

@@ -1,5 +1,4 @@
 {% extends "allianceauth/base.html" %}
-{% load static %}
 {% load i18n %}
 
 {% block page_title %}{% translate "Groups Membership" %}{% endblock page_title %}
@@ -61,7 +60,7 @@
                                                 <i class="glyphicon glyphicon-list-alt"></i>
                                             </a>
 
-                                            <a id="clipboard-copy" data-clipboard-text="{{ request.scheme }}://{{request.get_host}}{% url 'groupmanagement:request_add' group.id %}" class="btn btn-warning" title="{% translate "Copy Direct Join Link" %}">
+                                            <a id="clipboard-copy" data-clipboard-text="{{ SITE_URL }}{% url 'groupmanagement:request_add' group.id %}" class="btn btn-warning" title="{% translate "Copy Direct Join Link" %}">
                                                 <i class="glyphicon glyphicon-copy"></i>
                                             </a>
                                         </td>

allianceauth/groupmanagement/templates/groupmanagement/groups.html

@@ -1,5 +1,4 @@
 {% extends "allianceauth/base.html" %}
-{% load static %}
 {% load i18n %}
 
 {% block page_title %}{% translate "Available Groups" %}{% endblock page_title %}

allianceauth/groupmanagement/templates/groupmanagement/index.html

@@ -1,5 +1,4 @@
 {% extends "allianceauth/base.html" %}
-{% load static %}
 {% load i18n %}
 {% load evelinks %}
 
@@ -64,7 +63,7 @@
                                         {% for acceptrequest in acceptrequests %}
                                             <tr>
                                                 <td>
-                                                    <img src="{{ acceptrequest.main_char|character_portrait_url:32 }}" class="img-circle" style="margin-right: 1rem;">
+                                                    <img src="{{ acceptrequest.main_char|character_portrait_url:32 }}" class="img-circle" style="margin-right: 1rem;" alt="{{ acceptrequest.main_char.character_name }}">
                                                     {% if acceptrequest.main_char %}
                                                         <a href="{{ acceptrequest.main_char|evewho_character_url }}" target="_blank">
                                                             {{ acceptrequest.main_char.character_name }}
@@ -121,7 +120,7 @@
                                             {% for leaverequest in leaverequests %}
                                                 <tr>
                                                     <td>
-                                                        <img src="{{ leaverequest.main_char|character_portrait_url:32 }}" class="img-circle" style="margin-right: 1rem;">
+                                                        <img src="{{ leaverequest.main_char|character_portrait_url:32 }}" class="img-circle" style="margin-right: 1rem;" alt="{{ leaverequest.main_char.character_name }}">
                                                         {% if leaverequest.main_char %}
                                                             <a href="{{ leaverequest.main_char|evewho_character_url }}" target="_blank">
                                                                 {{ leaverequest.main_char.character_name }}

allianceauth/groupmanagement/templates/groupmanagement/menu.html

@@ -1,4 +1,3 @@
-{% load static %}
 {% load i18n %}
 {% load navactive %}
 

allianceauth/groupmanagement/tests/test_admin.py

@@ -1,17 +1,21 @@
 from unittest.mock import patch
 
+from django_webtest import WebTest
+
 from django.conf import settings
 from django.contrib import admin
 from django.contrib.admin.sites import AdminSite
 from django.contrib.auth.models import User
-from django.test import TestCase, RequestFactory, Client
+from django.test import TestCase, RequestFactory, Client, override_settings
 
 from allianceauth.authentication.models import CharacterOwnership, State
 from allianceauth.eveonline.models import (
     EveCharacter, EveCorporationInfo, EveAllianceInfo
 )
-from ..admin import HasLeaderFilter, GroupAdmin, Group
+from allianceauth.tests.auth_utils import AuthUtils
+
 from . import get_admin_change_view_url
+from ..admin import HasLeaderFilter, GroupAdmin, Group
 from ..models import ReservedGroupName
 
 
@@ -33,7 +37,6 @@ class MockRequest:
 
 
 class TestGroupAdmin(TestCase):
-
     @classmethod
     def setUpClass(cls):
         super().setUpClass()
@@ -233,60 +236,104 @@ class TestGroupAdmin(TestCase):
         self.assertEqual(result, expected)
 
     def test_member_count(self):
-        expected = 1
-        obj = self.modeladmin.get_queryset(MockRequest(user=self.user_1))\
-            .get(pk=self.group_1.pk)
+        # given
+        request = MockRequest(user=self.user_1)
+        obj = self.modeladmin.get_queryset(request).get(pk=self.group_1.pk)
+        # when
         result = self.modeladmin._member_count(obj)
-        self.assertEqual(result, expected)
+        # then
+        self.assertEqual(result, 1)
 
     def test_has_leader_user(self):
-        result = self.modeladmin.has_leader(self.group_1)
+        # given
+        request = MockRequest(user=self.user_1)
+        obj = self.modeladmin.get_queryset(request).get(pk=self.group_1.pk)
+        # when
+        result = self.modeladmin.has_leader(obj)
+        # then
         self.assertTrue(result)
 
     def test_has_leader_group(self):
-        result = self.modeladmin.has_leader(self.group_2)
+        # given
+        request = MockRequest(user=self.user_1)
+        obj = self.modeladmin.get_queryset(request).get(pk=self.group_2.pk)
+        # when
+        result = self.modeladmin.has_leader(obj)
+        # then
         self.assertTrue(result)
 
     def test_properties_1(self):
-        expected = ['Default']
-        result = self.modeladmin._properties(self.group_1)
-        self.assertListEqual(result, expected)
+        # given
+        request = MockRequest(user=self.user_1)
+        obj = self.modeladmin.get_queryset(request).get(pk=self.group_1.pk)
+        # when
+        result = self.modeladmin._properties(obj)
+        self.assertListEqual(result, ['Default'])
 
     def test_properties_2(self):
-        expected = ['Internal']
-        result = self.modeladmin._properties(self.group_2)
-        self.assertListEqual(result, expected)
+        # given
+        request = MockRequest(user=self.user_1)
+        obj = self.modeladmin.get_queryset(request).get(pk=self.group_2.pk)
+        # when
+        result = self.modeladmin._properties(obj)
+        self.assertListEqual(result, ['Internal'])
 
     def test_properties_3(self):
-        expected = ['Hidden']
-        result = self.modeladmin._properties(self.group_3)
-        self.assertListEqual(result, expected)
+        # given
+        request = MockRequest(user=self.user_1)
+        obj = self.modeladmin.get_queryset(request).get(pk=self.group_3.pk)
+        # when
+        result = self.modeladmin._properties(obj)
+        self.assertListEqual(result, ['Hidden'])
 
     def test_properties_4(self):
-        expected = ['Open']
-        result = self.modeladmin._properties(self.group_4)
-        self.assertListEqual(result, expected)
+        # given
+        request = MockRequest(user=self.user_1)
+        obj = self.modeladmin.get_queryset(request).get(pk=self.group_4.pk)
+        # when
+        result = self.modeladmin._properties(obj)
+        self.assertListEqual(result, ['Open'])
 
     def test_properties_5(self):
-        expected = ['Public']
-        result = self.modeladmin._properties(self.group_5)
-        self.assertListEqual(result, expected)
+        # given
+        request = MockRequest(user=self.user_1)
+        obj = self.modeladmin.get_queryset(request).get(pk=self.group_5.pk)
+        # when
+        result = self.modeladmin._properties(obj)
+        self.assertListEqual(result, ['Public'])
 
     def test_properties_6(self):
-        expected = ['Hidden', 'Open', 'Public']
-        result = self.modeladmin._properties(self.group_6)
-        self.assertListEqual(result, expected)
+        # given
+        request = MockRequest(user=self.user_1)
+        obj = self.modeladmin.get_queryset(request).get(pk=self.group_6.pk)
+        # when
+        result = self.modeladmin._properties(obj)
+        self.assertListEqual(result, ['Hidden', 'Open', 'Public'])
 
     if _has_auto_groups:
         @patch(MODULE_PATH + '._has_auto_groups', True)
-        def test_properties_7(self):
+        def test_should_show_autogroup_for_corporation(self):
+            # given
             self._create_autogroups()
-            expected = ['Auto Group']
-            my_group = Group.objects\
-                .filter(managedcorpgroup__isnull=False)\
-                .first()
-            result = self.modeladmin._properties(my_group)
-            self.assertListEqual(result, expected)
+            request = MockRequest(user=self.user_1)
+            queryset = self.modeladmin.get_queryset(request)
+            obj = queryset.filter(managedcorpgroup__isnull=False).first()
+            # when
+            result = self.modeladmin._properties(obj)
+            # then
+            self.assertListEqual(result, ['Auto Group'])
+
+        @patch(MODULE_PATH + '._has_auto_groups', True)
+        def test_should_show_autogroup_for_alliance(self):
+            # given
+            self._create_autogroups()
+            request = MockRequest(user=self.user_1)
+            queryset = self.modeladmin.get_queryset(request)
+            obj = queryset.filter(managedalliancegroup__isnull=False).first()
+            # when
+            result = self.modeladmin._properties(obj)
+            # then
+            self.assertListEqual(result, ['Auto Group'])
 
     # actions
 
@@ -468,6 +515,136 @@ class TestGroupAdmin(TestCase):
         self.assertFalse(Group.objects.filter(name="new group").exists())
 
 
+class TestGroupAdminChangeFormSuperuserExclusiveEdits(WebTest):
+    @classmethod
+    def setUpClass(cls) -> None:
+        super().setUpClass()
+        cls.super_admin = User.objects.create_superuser("super_admin")
+        cls.staff_admin = User.objects.create_user("staff_admin")
+        cls.staff_admin.is_staff = True
+        cls.staff_admin.save()
+        cls.staff_admin = AuthUtils.add_permissions_to_user_by_name(
+            [
+                "auth.add_group",
+                "auth.change_group",
+                "auth.view_group",
+                "groupmanagement.add_group",
+                "groupmanagement.change_group",
+                "groupmanagement.view_group",
+            ],
+            cls.staff_admin
+        )
+        cls.superuser_exclusive_fields = ["permissions", "authgroup-0-restricted"]
+
+    def test_should_show_all_fields_to_superuser_for_add(self):
+        # given
+        self.app.set_user(self.super_admin)
+        page = self.app.get("/admin/groupmanagement/group/add/")
+        # when
+        form = page.forms["group_form"]
+        # then
+        for field in self.superuser_exclusive_fields:
+            with self.subTest(field=field):
+                self.assertIn(field, form.fields)
+
+    def test_should_not_show_all_fields_to_staff_admins_for_add(self):
+        # given
+        self.app.set_user(self.staff_admin)
+        page = self.app.get("/admin/groupmanagement/group/add/")
+        # when
+        form = page.forms["group_form"]
+        # then
+        for field in self.superuser_exclusive_fields:
+            with self.subTest(field=field):
+                self.assertNotIn(field, form.fields)
+
+    def test_should_show_all_fields_to_superuser_for_change(self):
+        # given
+        self.app.set_user(self.super_admin)
+        group = Group.objects.create(name="Dummy group")
+        page = self.app.get(f"/admin/groupmanagement/group/{group.pk}/change/")
+        # when
+        form = page.forms["group_form"]
+        # then
+        for field in self.superuser_exclusive_fields:
+            with self.subTest(field=field):
+                self.assertIn(field, form.fields)
+
+    def test_should_not_show_all_fields_to_staff_admin_for_change(self):
+        # given
+        self.app.set_user(self.staff_admin)
+        group = Group.objects.create(name="Dummy group")
+        page = self.app.get(f"/admin/groupmanagement/group/{group.pk}/change/")
+        # when
+        form = page.forms["group_form"]
+        # then
+        for field in self.superuser_exclusive_fields:
+            with self.subTest(field=field):
+                self.assertNotIn(field, form.fields)
+
+
+@override_settings(CELERY_ALWAYS_EAGER=True, CELERY_EAGER_PROPAGATES_EXCEPTIONS=True)
+class TestGroupAdmin2(TestCase):
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
+        cls.superuser = User.objects.create_superuser("super")
+
+    def test_should_remove_users_from_state_groups(self):
+        # given
+        user_member = AuthUtils.create_user("Bruce Wayne")
+        character_member = AuthUtils.add_main_character_2(
+            user_member,
+            name="Bruce Wayne",
+            character_id=1001,
+            corp_id=2001,
+            corp_name="Wayne Technologies",
+        )
+        user_guest = AuthUtils.create_user("Lex Luthor")
+        AuthUtils.add_main_character_2(
+            user_guest,
+            name="Lex Luthor",
+            character_id=1011,
+            corp_id=2011,
+            corp_name="Luthor Corp",
+        )
+        member_state = AuthUtils.get_member_state()
+        member_state.member_characters.add(character_member)
+        user_member.refresh_from_db()
+        user_guest.refresh_from_db()
+        group = Group.objects.create(name="dummy")
+        user_member.groups.add(group)
+        user_guest.groups.add(group)
+        group.authgroup.states.add(member_state)
+        self.client.force_login(self.superuser)
+        # when
+        response = self.client.post(
+            f"/admin/groupmanagement/group/{group.pk}/change/",
+            data={
+                "name": f"{group.name}",
+                "authgroup-TOTAL_FORMS": "1",
+                "authgroup-INITIAL_FORMS": "1",
+                "authgroup-MIN_NUM_FORMS": "0",
+                "authgroup-MAX_NUM_FORMS": "1",
+                "authgroup-0-description": "",
+                "authgroup-0-states": f"{member_state.pk}",
+                "authgroup-0-internal": "on",
+                "authgroup-0-hidden": "on",
+                "authgroup-0-group": f"{group.pk}",
+                "authgroup-__prefix__-description": "",
+                "authgroup-__prefix__-internal": "on",
+                "authgroup-__prefix__-hidden": "on",
+                "authgroup-__prefix__-group": f"{group.pk}",
+                "_save": "Save"
+            }
+        )
+        # then
+        self.assertEqual(response.status_code, 302)
+        self.assertEqual(response.url, "/admin/groupmanagement/group/")
+        self.assertIn(group, user_member.groups.all())
+        self.assertNotIn(group, user_guest.groups.all())
+
+
 class TestReservedGroupNameAdmin(TestCase):
     @classmethod
     def setUpClass(cls):

allianceauth/groupmanagement/tests/test_models.py

@@ -232,6 +232,38 @@ class TestAuthGroup(TestCase):
         expected = 'Superheros'
         self.assertEqual(str(group.authgroup), expected)
 
+    def test_should_remove_guests_from_group_when_restricted_to_members_only(self):
+        # given
+        user_member = AuthUtils.create_user("Bruce Wayne")
+        character_member = AuthUtils.add_main_character_2(
+            user_member,
+            name="Bruce Wayne",
+            character_id=1001,
+            corp_id=2001,
+            corp_name="Wayne Technologies",
+        )
+        user_guest = AuthUtils.create_user("Lex Luthor")
+        AuthUtils.add_main_character_2(
+            user_guest,
+            name="Lex Luthor",
+            character_id=1011,
+            corp_id=2011,
+            corp_name="Luthor Corp",
+        )
+        member_state = AuthUtils.get_member_state()
+        member_state.member_characters.add(character_member)
+        user_member.refresh_from_db()
+        user_guest.refresh_from_db()
+        group = Group.objects.create(name="dummy")
+        user_member.groups.add(group)
+        user_guest.groups.add(group)
+        group.authgroup.states.add(member_state)
+        # when
+        group.authgroup.remove_users_not_matching_states()
+        # then
+        self.assertIn(group, user_member.groups.all())
+        self.assertNotIn(group, user_guest.groups.all())
+
 
 class TestAuthGroupRequestApprovers(TestCase):
     def setUp(self) -> None:

allianceauth/groupmanagement/urls.py

@@ -5,7 +5,7 @@ app_name = "groupmanagement"
 
 urlpatterns = [
     # groups
-    path("groups", views.groups_view, name="groups"),
+    path("groups/", views.groups_view, name="groups"),
     path("group/request/join/<int:group_id>/", views.group_request_add, name="request_add"),
     path(
         "group/request/leave/<int:group_id>/", views.group_request_leave, name="request_leave"

allianceauth/hrapplications/__init__.py

@@ -1 +0,0 @@
-default_app_config = 'allianceauth.hrapplications.apps.HRApplicationsConfig'

allianceauth/hrapplications/admin.py

@@ -10,6 +10,7 @@ class ChoiceInline(admin.TabularInline):
     verbose_name_plural = 'Choices (optional)'
     verbose_name= 'Choice'
 
+@admin.register(ApplicationQuestion)
 class QuestionAdmin(admin.ModelAdmin):
     fieldsets = [
             (None,      {'fields': ['title', 'help_text', 'multi_select']}),
@@ -18,6 +19,5 @@ class QuestionAdmin(admin.ModelAdmin):
 
 admin.site.register(Application)
 admin.site.register(ApplicationComment)
-admin.site.register(ApplicationQuestion, QuestionAdmin)
 admin.site.register(ApplicationForm)
 admin.site.register(ApplicationResponse)

allianceauth/hrapplications/templates/hrapplications/corpchoice.html

@@ -1,5 +1,4 @@
 {% extends "allianceauth/base.html" %}
-{% load static %}
 {% load i18n %}
 
 {% block page_title %}{% translate "Choose a Corp" %}{% endblock page_title %}

allianceauth/hrapplications/templates/hrapplications/create.html

@@ -1,5 +1,4 @@
 {% extends "allianceauth/base.html" %}
-{% load static %}
 {% load i18n %}
 
 {% block page_title %}{% translate "Apply To" %} {{ corp.corporation_name }}{% endblock page_title %}
@@ -16,11 +15,11 @@
                             <label class="control-label" for="id_{{ question.pk }}">{{ question.title }}</label>
                             <div class=" ">
                             {% if question.help_text %}
-                                <div cass="text-center">{{ question.help_text }}</div>
+                                <div class="text-center">{{ question.help_text }}</div>
                             {% endif %}
                             {% for choice in question.choices.all %}
-                                <input type={% if question.multi_select == False %}"radio"{% else %}"checkbox"{% endif %} name="{{ question.pk }}" id="id_{{ question.pk }}" value="{{ choice.choice_text }}">
-                                <label for="choice{{ forloop.counter }}">{{ choice.choice_text }}</label><br>
+                                <input type={% if question.multi_select == False %}"radio"{% else %}"checkbox"{% endif %} name="{{ question.pk }}" id="id_{{ question.pk }}_choice_{{ forloop.counter }}" value="{{ choice.choice_text }}">
+                                <label for="id_{{ question.pk }}_choice_{{ forloop.counter }}">{{ choice.choice_text }}</label><br>
                             {% empty %}
                                 <textarea class="form-control" cols="30" id="id_{{ question.pk }}" name="{{ question.pk }}" rows="4"></textarea>
                             {% endfor %}

allianceauth/hrapplications/templates/hrapplications/management.html

@@ -1,6 +1,5 @@
 {% extends "allianceauth/base.html" %}
 {% load bootstrap %}
-{% load static %}
 {% load i18n %}
 
 {% block page_title %}{% translate "HR Application Management" %}{% endblock page_title %}
@@ -178,7 +177,7 @@
                         <h4 class="modal-title" id="myModalLabel">{% translate "Application Search" %}</h4>
                     </div>
                     <div class="modal-body">
-                        <form class="form-signin" role="form" action={% url 'hrapplications:search' %} method="POST">
+                        <form class="form-signin" role="form" action="{% url 'hrapplications:search' %}" method="POST">
                             {% csrf_token %}
                             {{ search_form|bootstrap }}
                             <br>

allianceauth/hrapplications/templates/hrapplications/searchview.html

@@ -1,6 +1,5 @@
 {% extends "allianceauth/base.html" %}
 {% load bootstrap %}
-{% load static %}
 {% load i18n %}
 
 {% block page_title %}{% translate "HR Application Management" %}{% endblock page_title %}
@@ -64,7 +63,7 @@
                         <h4 class="modal-title" id="myModalLabel">{% translate "Application Search" %}</h4>
                     </div>
                     <div class="modal-body">
-                        <form class="form-signin" role="form" action={% url 'hrapplications:search' %} method="POST">
+                        <form class="form-signin" role="form" action="{% url 'hrapplications:search' %}" method="POST">
                             {% csrf_token %}
                             {{ search_form|bootstrap }}
                             <br>

allianceauth/hrapplications/templates/hrapplications/view.html

@@ -1,5 +1,4 @@
 {% extends "allianceauth/base.html" %}
-{% load static %}
 {% load bootstrap %}
 {% load i18n %}
 
@@ -49,7 +48,7 @@
                             {% for char in app.characters %}
                                 <tr>
                                     <td class="text-center">
-                                        <img class="ra-avatar img-responsive img-circle" src="{{ char.portrait_url_32 }}">
+                                        <img class="ra-avatar img-responsive img-circle" src="{{ char.portrait_url_32 }}" alt="{{ char.character_name }}">
                                     </td>
                                     <td class="text-center">{{ char.character_name }}</td>
                                     <td class="text-center">{{ char.corporation_name }}</td>

allianceauth/hrapplications/views.py

@@ -57,7 +57,7 @@ def hr_application_create_view(request, form_id=None):
         app_form = get_object_or_404(ApplicationForm, id=form_id)
         if request.method == "POST":
             if Application.objects.filter(user=request.user).filter(form=app_form).exists():
-                logger.warn(f"User {request.user} attempting to duplicate application to {app_form.corp}")
+                logger.warning(f"User {request.user} attempting to duplicate application to {app_form.corp}")
             else:
                 application = Application(user=request.user, form=app_form)
                 application.save()
@@ -92,7 +92,7 @@ def hr_application_personal_view(request, app_id):
         }
         return render(request, 'hrapplications/view.html', context=context)
     else:
-        logger.warn(f"User {request.user} not authorized to view {app}")
+        logger.warning(f"User {request.user} not authorized to view {app}")
         return redirect('hrapplications:personal_view')
 
 
@@ -105,9 +105,9 @@ def hr_application_personal_removal(request, app_id):
             logger.info(f"User {request.user} deleting {app}")
             app.delete()
         else:
-            logger.warn(f"User {request.user} attempting to delete reviewed app {app}")
+            logger.warning(f"User {request.user} attempting to delete reviewed app {app}")
     else:
-        logger.warn(f"User {request.user} not authorized to delete {app}")
+        logger.warning(f"User {request.user} not authorized to delete {app}")
     return redirect('hrapplications:index')
 
 
@@ -132,7 +132,7 @@ def hr_application_view(request, app_id):
                 logger.info(f"Saved comment by user {request.user} to {app}")
                 return redirect('hrapplications:view', app_id)
         else:
-            logger.warn("User %s does not have permission to add ApplicationComments" % request.user)
+            logger.warning("User %s does not have permission to add ApplicationComments" % request.user)
             return redirect('hrapplications:view', app_id)
     else:
         logger.debug("Returning blank HRApplication comment form.")
@@ -171,7 +171,7 @@ def hr_application_approve(request, app_id):
         app.save()
         notify(app.user, "Application Accepted", message="Your application to %s has been approved." % app.form.corp, level="success")
     else:
-        logger.warn(f"User {request.user} not authorized to approve {app}")
+        logger.warning(f"User {request.user} not authorized to approve {app}")
     return redirect('hrapplications:index')
 
 
@@ -187,7 +187,7 @@ def hr_application_reject(request, app_id):
         app.save()
         notify(app.user, "Application Rejected", message="Your application to %s has been rejected." % app.form.corp, level="danger")
     else:
-        logger.warn(f"User {request.user} not authorized to reject {app}")
+        logger.warning(f"User {request.user} not authorized to reject {app}")
     return redirect('hrapplications:index')
 
 
@@ -208,7 +208,7 @@ def hr_application_search(request):
                     app_list = app_list.filter(
                         form__corp__corporation_id=request.user.profile.main_character.corporation_id)
                 except AttributeError:
-                    logger.warn(
+                    logger.warning(
                         "User %s missing main character model: unable to filter applications to search" % request.user)
 
             applications = app_list.filter(
@@ -219,7 +219,7 @@ def hr_application_search(request):
                 Q(user__character_ownerships__character__corporation_name__icontains=searchstring) |
                 Q(user__character_ownerships__character__alliance_name__icontains=searchstring) |
                 Q(user__username__icontains=searchstring)
-            )
+            ).distinct()
 
             context = {'applications': applications, 'search_form': HRApplicationSearchForm()}
 
@@ -246,6 +246,6 @@ def hr_application_mark_in_progress(request, app_id):
         app.save()
         notify(app.user, "Application In Progress", message=f"Your application to {app.form.corp} is being reviewed by {app.reviewer_str}")
     else:
-        logger.warn(
+        logger.warning(
             f"User {request.user} unable to mark {app} in progress: already being reviewed by {app.reviewer}")
     return redirect("hrapplications:view", app_id)