Version Bump 3.3.0

CCP SSO Issues, Mitigations

See merge request allianceauth/allianceauth!1472

.gitlab-ci.yml

@@ -5,16 +5,16 @@
     - merge_requests
 
 stages:
-- pre-commit
+  - pre-commit
-- gitlab
+  - gitlab
-- test
+  - test
-- deploy
+  - deploy
-- docker
+  - docker
 
 include:
-- template: Dependency-Scanning.gitlab-ci.yml
+  - template: Dependency-Scanning.gitlab-ci.yml
-- template: Security/SAST.gitlab-ci.yml
+  - template: Security/SAST.gitlab-ci.yml
-- template: Security/Secret-Detection.gitlab-ci.yml
+  - template: Security/Secret-Detection.gitlab-ci.yml
 
 before_script:
   - apt-get update && apt-get install redis-server -y
@@ -42,16 +42,20 @@ sast:
 dependency_scanning:
   stage: gitlab
   before_script:
-  - apt-get update && apt-get install redis-server libmariadb-dev -y
+    - apt-get update && apt-get install redis-server libmariadb-dev -y
-  - redis-server --daemonize yes
+    - redis-server --daemonize yes
-  - python -V
+    - python -V
-  - pip install wheel tox
+    - pip install wheel tox
+
+secret_detection:
+  stage: gitlab
+  before_script: []
 
 test-3.8-core:
   <<: *only-default
   image: python:3.8-bullseye
   script:
-  - tox -e py38-core
+    - tox -e py38-core
   artifacts:
     when: always
     reports:
@@ -63,7 +67,7 @@ test-3.9-core:
   <<: *only-default
   image: python:3.9-bullseye
   script:
-  - tox -e py39-core
+    - tox -e py39-core
   artifacts:
     when: always
     reports:
@@ -75,7 +79,7 @@ test-3.10-core:
   <<: *only-default
   image: python:3.10-bullseye
   script:
-  - tox -e py310-core
+    - tox -e py310-core
   artifacts:
     when: always
     reports:
@@ -87,7 +91,7 @@ test-3.11-core:
   <<: *only-default
   image: python:3.11-rc-bullseye
   script:
-  - tox -e py311-core
+    - tox -e py311-core
   artifacts:
     when: always
     reports:
@@ -100,7 +104,7 @@ test-3.8-all:
   <<: *only-default
   image: python:3.8-bullseye
   script:
-  - tox -e py38-all
+    - tox -e py38-all
   artifacts:
     when: always
     reports:
@@ -112,7 +116,7 @@ test-3.9-all:
   <<: *only-default
   image: python:3.9-bullseye
   script:
-  - tox -e py39-all
+    - tox -e py39-all
   artifacts:
     when: always
     reports:
@@ -124,7 +128,7 @@ test-3.10-all:
   <<: *only-default
   image: python:3.10-bullseye
   script:
-  - tox -e py310-all
+    - tox -e py310-all
   artifacts:
     when: always
     reports:
@@ -136,7 +140,7 @@ test-3.11-all:
   <<: *only-default
   image: python:3.11-rc-bullseye
   script:
-  - tox -e py311-all
+    - tox -e py311-all
   artifacts:
     when: always
     reports:
@@ -145,6 +149,31 @@ test-3.11-all:
         path: coverage.xml
   allow_failure: true
 
+build-test:
+  stage: test
+  image: python:3.10-bullseye
+
+  before_script:
+    - python -m pip install --upgrade pip
+    - python -m pip install --upgrade build
+    - python -m pip install --upgrade setuptools wheel
+
+  script:
+    - python -m build
+
+  artifacts:
+    when: always
+    name: "$CI_JOB_NAME-$CI_COMMIT_REF_SLUG"
+    paths:
+      - dist/*
+    expire_in: 1 year
+
+test-docs:
+  <<: *only-default
+  image: python:3.10-bullseye
+  script:
+  - tox -e docs
+
 deploy_production:
   stage: deploy
   image: python:3.10-bullseye
@@ -184,6 +213,8 @@ build-image:
     docker image push --all-tags $CI_REGISTRY_IMAGE/auth
   rules:
     - if: $CI_COMMIT_TAG
+      when: delayed
+      start_in: 10 minutes
 
 build-image-dev:
   before_script: []

.pre-commit-config.yaml

@@ -5,7 +5,7 @@
 
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.1.0
+    rev: v4.3.0
     hooks:
       - id: check-case-conflict
       - id: check-json
@@ -13,9 +13,23 @@ repos:
       - id: check-yaml
       - id: fix-byte-order-marker
       - id: trailing-whitespace
-        exclude: (\.min\.css|\.min\.js|\.mo|\.po|swagger\.json)$
+        exclude: |
+          (?x)(
+            \.min\.css|
+            \.min\.js|
+            \.po|
+            \.mo|
+            swagger\.json
+          )
       - id: end-of-file-fixer
-        exclude: (\.min\.css|\.min\.js|\.mo|\.po|swagger\.json)$
+        exclude: |
+          (?x)(
+            \.min\.css|
+            \.min\.js|
+            \.po|
+            \.mo|
+            swagger\.json
+          )
       - id: mixed-line-ending
         args: [ '--fix=lf' ]
       - id: fix-encoding-pragma
@@ -25,15 +39,22 @@ repos:
     rev: 2.4.0
     hooks:
       - id: editorconfig-checker
-        exclude: ^(LICENSE|allianceauth\/static\/css\/themes\/bootstrap-locals.less|allianceauth\/eveonline\/swagger.json|(.*.po)|(.*.mo))
+        exclude: |
+          (?x)(
+            LICENSE|
+            allianceauth\/static\/allianceauth\/css\/themes\/bootstrap-locals.less|
+            \.po|
+            \.mo|
+            swagger\.json
+          )
 
   - repo: https://github.com/asottile/pyupgrade
-    rev: v2.31.0
+    rev: v2.34.0
     hooks:
       - id: pyupgrade
         args: [ --py38-plus ]
 
   - repo: https://github.com/asottile/setup-cfg-fmt
-    rev: v1.20.0
+    rev: v1.20.1
     hooks:
       - id: setup-cfg-fmt

.readthedocs.yml

@@ -11,7 +11,7 @@ build:
   apt_packages:
     - redis
   tools:
-    python: "3.10"
+    python: "3.8"
 
 # Build documentation in the docs/ directory with Sphinx
 sphinx:

allianceauth/__init__.py

@@ -1,7 +1,7 @@
 # This will make sure the app is always imported when
 # Django starts so that shared_task will use this app.
 
-__version__ = '3.0.0a5'
+__version__ = '3.3.0'
 __title__ = 'Alliance Auth'
 __url__ = 'https://gitlab.com/allianceauth/allianceauth'
 NAME = f'{__title__} v{__version__}'

allianceauth/analytics/models.py

@@ -8,13 +8,13 @@ from uuid import uuid4
 class AnalyticsIdentifier(models.Model):
 
     identifier = models.UUIDField(default=uuid4,
-                                  editable=False)
+                                editable=False)
 
     def save(self, *args, **kwargs):
         if not self.pk and AnalyticsIdentifier.objects.exists():
             # Force a single object
             raise ValidationError('There is can be only one \
-                                   AnalyticsIdentifier instance')
+                                    AnalyticsIdentifier instance')
         self.pk = self.id = 1 # If this happens to be deleted and recreated, force it to be 1
         return super().save(*args, **kwargs)
 

allianceauth/analytics/tests/test_integration.py

@@ -3,16 +3,17 @@ from urllib.parse import parse_qs
 
 import requests_mock
 
-from django.test import TestCase, override_settings
+from django.test import override_settings
 
 from allianceauth.analytics.tasks import ANALYTICS_URL
 from allianceauth.eveonline.tasks import update_character
 from allianceauth.tests.auth_utils import AuthUtils
+from allianceauth.utils.testing import NoSocketsTestCase
 
 
 @override_settings(CELERY_ALWAYS_EAGER=True)
 @requests_mock.mock()
-class TestAnalyticsForViews(TestCase):
+class TestAnalyticsForViews(NoSocketsTestCase):
     @override_settings(ANALYTICS_DISABLED=False)
     def test_should_run_analytics(self, requests_mocker):
         # given
@@ -40,7 +41,7 @@ class TestAnalyticsForViews(TestCase):
 
 @override_settings(CELERY_ALWAYS_EAGER=True)
 @requests_mock.mock()
-class TestAnalyticsForTasks(TestCase):
+class TestAnalyticsForTasks(NoSocketsTestCase):
     @override_settings(ANALYTICS_DISABLED=False)
     @patch("allianceauth.eveonline.models.EveCharacter.objects.update_character")
     def test_should_run_analytics_for_successful_task(

allianceauth/analytics/tests/test_tasks.py

@@ -1,12 +1,22 @@
+import requests_mock
+
+from django.test.utils import override_settings
+
 from allianceauth.analytics.tasks import (
     analytics_event,
     send_ga_tracking_celery_event,
     send_ga_tracking_web_view)
-from django.test.testcases import TestCase
+from allianceauth.utils.testing import NoSocketsTestCase
 
 
-class TestAnalyticsTasks(TestCase):
+GOOGLE_ANALYTICS_DEBUG_URL = 'https://www.google-analytics.com/debug/collect'
-    def test_analytics_event(self):
+
+
+@override_settings(CELERY_ALWAYS_EAGER=True, CELERY_EAGER_PROPAGATES_EXCEPTIONS=True)
+@requests_mock.Mocker()
+class TestAnalyticsTasks(NoSocketsTestCase):
+    def test_analytics_event(self, requests_mocker):
+        requests_mocker.register_uri('POST', GOOGLE_ANALYTICS_DEBUG_URL)
         analytics_event(
                         category='allianceauth.analytics',
                         action='send_tests',
@@ -14,15 +24,19 @@ class TestAnalyticsTasks(TestCase):
                         value=1,
                         event_type='Stats')
 
-    def test_send_ga_tracking_web_view_sent(self):
+    def test_send_ga_tracking_web_view_sent(self, requests_mocker):
-        # This test sends if the event SENDS to google
+        """This test sends if the event SENDS to google.
-        # Not if it was successful
+        Not if it was successful.
+        """
+        # given
+        requests_mocker.register_uri('POST', GOOGLE_ANALYTICS_DEBUG_URL)
         tracking_id = 'UA-186249766-2'
         client_id = 'ab33e241fbf042b6aa77c7655a768af7'
         page = '/index/'
         title = 'Hello World'
         locale = 'en'
         useragent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"
+        # when
         response = send_ga_tracking_web_view(
                                             tracking_id,
                                             client_id,
@@ -30,15 +44,23 @@ class TestAnalyticsTasks(TestCase):
                                             title,
                                             locale,
                                             useragent)
+        # then
         self.assertEqual(response.status_code, 200)
 
-    def test_send_ga_tracking_web_view_success(self):
+    def test_send_ga_tracking_web_view_success(self, requests_mocker):
+        # given
+        requests_mocker.register_uri(
+            'POST',
+            GOOGLE_ANALYTICS_DEBUG_URL,
+            json={"hitParsingResult":[{'valid': True}]}
+        )
         tracking_id = 'UA-186249766-2'
         client_id = 'ab33e241fbf042b6aa77c7655a768af7'
         page = '/index/'
         title = 'Hello World'
         locale = 'en'
         useragent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"
+        # when
         json_response = send_ga_tracking_web_view(
                                                 tracking_id,
                                                 client_id,
@@ -46,15 +68,42 @@ class TestAnalyticsTasks(TestCase):
                                                 title,
                                                 locale,
                                                 useragent).json()
+        # then
         self.assertTrue(json_response["hitParsingResult"][0]["valid"])
 
-    def test_send_ga_tracking_web_view_invalid_token(self):
+    def test_send_ga_tracking_web_view_invalid_token(self, requests_mocker):
+        # given
+        requests_mocker.register_uri(
+            'POST',
+            GOOGLE_ANALYTICS_DEBUG_URL,
+            json={
+                "hitParsingResult":[
+                    {
+                        'valid': False,
+                        'parserMessage': [
+                            {
+                                'messageType': 'INFO',
+                                'description': 'IP Address from this hit was anonymized to 1.132.110.0.',
+                                'messageCode': 'VALUE_MODIFIED'
+                            },
+                            {
+                                'messageType': 'ERROR',
+                                'description': "The value provided for parameter 'tid' is invalid. Please see http://goo.gl/a8d4RP#tid for details.",
+                                'messageCode': 'VALUE_INVALID', 'parameter': 'tid'
+                            }
+                        ],
+                        'hit': '/debug/collect?v=1&tid=UA-IntentionallyBadTrackingID-2&cid=ab33e241fbf042b6aa77c7655a768af7&t=pageview&dp=/index/&dt=Hello World&ul=en&ua=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36&aip=1&an=allianceauth&av=2.9.0a2'
+                    }
+                ]
+            }
+        )
         tracking_id = 'UA-IntentionallyBadTrackingID-2'
         client_id = 'ab33e241fbf042b6aa77c7655a768af7'
         page = '/index/'
         title = 'Hello World'
         locale = 'en'
         useragent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"
+        # when
         json_response = send_ga_tracking_web_view(
                                             tracking_id,
                                             client_id,
@@ -62,18 +111,25 @@ class TestAnalyticsTasks(TestCase):
                                             title,
                                             locale,
                                             useragent).json()
+        # then
         self.assertFalse(json_response["hitParsingResult"][0]["valid"])
-        self.assertEqual(json_response["hitParsingResult"][0]["parserMessage"][1]["description"], "The value provided for parameter 'tid' is invalid. Please see http://goo.gl/a8d4RP#tid for details.")
+        self.assertEqual(
+            json_response["hitParsingResult"][0]["parserMessage"][1]["description"],
+            "The value provided for parameter 'tid' is invalid. Please see http://goo.gl/a8d4RP#tid for details."
+        )
 
         # [{'valid': False, 'parserMessage': [{'messageType': 'INFO', 'description': 'IP Address from this hit was anonymized to 1.132.110.0.', 'messageCode': 'VALUE_MODIFIED'}, {'messageType': 'ERROR', 'description': "The value provided for parameter 'tid' is invalid. Please see http://goo.gl/a8d4RP#tid for details.", 'messageCode': 'VALUE_INVALID', 'parameter': 'tid'}], 'hit': '/debug/collect?v=1&tid=UA-IntentionallyBadTrackingID-2&cid=ab33e241fbf042b6aa77c7655a768af7&t=pageview&dp=/index/&dt=Hello World&ul=en&ua=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36&aip=1&an=allianceauth&av=2.9.0a2'}]
 
-    def test_send_ga_tracking_celery_event_sent(self):
+    def test_send_ga_tracking_celery_event_sent(self, requests_mocker):
+        # given
+        requests_mocker.register_uri('POST', GOOGLE_ANALYTICS_DEBUG_URL)
         tracking_id = 'UA-186249766-2'
         client_id = 'ab33e241fbf042b6aa77c7655a768af7'
         category = 'test'
         action = 'test'
         label = 'test'
         value = '1'
+        # when
         response = send_ga_tracking_celery_event(
                                                 tracking_id,
                                                 client_id,
@@ -81,15 +137,23 @@ class TestAnalyticsTasks(TestCase):
                                                 action,
                                                 label,
                                                 value)
+        # then
         self.assertEqual(response.status_code, 200)
 
-    def test_send_ga_tracking_celery_event_success(self):
+    def test_send_ga_tracking_celery_event_success(self, requests_mocker):
+        # given
+        requests_mocker.register_uri(
+            'POST',
+            GOOGLE_ANALYTICS_DEBUG_URL,
+            json={"hitParsingResult":[{'valid': True}]}
+        )
         tracking_id = 'UA-186249766-2'
         client_id = 'ab33e241fbf042b6aa77c7655a768af7'
         category = 'test'
         action = 'test'
         label = 'test'
         value = '1'
+        # when
         json_response = send_ga_tracking_celery_event(
                                                     tracking_id,
                                                     client_id,
@@ -97,15 +161,42 @@ class TestAnalyticsTasks(TestCase):
                                                     action,
                                                     label,
                                                     value).json()
+        # then
         self.assertTrue(json_response["hitParsingResult"][0]["valid"])
 
-    def test_send_ga_tracking_celery_event_invalid_token(self):
+    def test_send_ga_tracking_celery_event_invalid_token(self, requests_mocker):
+        # given
+        requests_mocker.register_uri(
+            'POST',
+            GOOGLE_ANALYTICS_DEBUG_URL,
+            json={
+                "hitParsingResult":[
+                    {
+                        'valid': False,
+                        'parserMessage': [
+                            {
+                                'messageType': 'INFO',
+                                'description': 'IP Address from this hit was anonymized to 1.132.110.0.',
+                                'messageCode': 'VALUE_MODIFIED'
+                            },
+                            {
+                                'messageType': 'ERROR',
+                                'description': "The value provided for parameter 'tid' is invalid. Please see http://goo.gl/a8d4RP#tid for details.",
+                                'messageCode': 'VALUE_INVALID', 'parameter': 'tid'
+                            }
+                        ],
+                        'hit': '/debug/collect?v=1&tid=UA-IntentionallyBadTrackingID-2&cid=ab33e241fbf042b6aa77c7655a768af7&t=pageview&dp=/index/&dt=Hello World&ul=en&ua=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36&aip=1&an=allianceauth&av=2.9.0a2'
+                    }
+                ]
+            }
+        )
         tracking_id = 'UA-IntentionallyBadTrackingID-2'
         client_id = 'ab33e241fbf042b6aa77c7655a768af7'
         category = 'test'
         action = 'test'
         label = 'test'
         value = '1'
+        # when
         json_response = send_ga_tracking_celery_event(
                                                     tracking_id,
                                                     client_id,
@@ -113,7 +204,9 @@ class TestAnalyticsTasks(TestCase):
                                                     action,
                                                     label,
                                                     value).json()
+        # then
         self.assertFalse(json_response["hitParsingResult"][0]["valid"])
-        self.assertEqual(json_response["hitParsingResult"][0]["parserMessage"][1]["description"], "The value provided for parameter 'tid' is invalid. Please see http://goo.gl/a8d4RP#tid for details.")
+        self.assertEqual(
-
+            json_response["hitParsingResult"][0]["parserMessage"][1]["description"],
-        # [{'valid': False, 'parserMessage': [{'messageType': 'INFO', 'description': 'IP Address from this hit was anonymized to 1.132.110.0.', 'messageCode': 'VALUE_MODIFIED'}, {'messageType': 'ERROR', 'description': "The value provided for parameter 'tid' is invalid. Please see http://goo.gl/a8d4RP#tid for details.", 'messageCode': 'VALUE_INVALID', 'parameter': 'tid'}], 'hit': '/debug/collect?v=1&tid=UA-IntentionallyBadTrackingID-2&cid=ab33e241fbf042b6aa77c7655a768af7&t=pageview&dp=/index/&dt=Hello World&ul=en&ua=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36&aip=1&an=allianceauth&av=2.9.0a2'}]
+            "The value provided for parameter 'tid' is invalid. Please see http://goo.gl/a8d4RP#tid for details."
+        )

allianceauth/authentication/admin.py

@@ -322,7 +322,7 @@ class UserAdmin(BaseUserAdmin):
 
     class Media:
         css = {
-            "all": ("authentication/css/admin.css",)
+            "all": ("allianceauth/authentication/css/admin.css",)
         }
 
     def get_queryset(self, request):
@@ -542,7 +542,7 @@ class BaseOwnershipAdmin(admin.ModelAdmin):
 
     class Media:
         css = {
-            "all": ("authentication/css/admin.css",)
+            "all": ("allianceauth/authentication/css/admin.css",)
         }
 
     def get_readonly_fields(self, request, obj=None):

allianceauth/authentication/backends.py

@@ -2,6 +2,7 @@ import logging
 
 from django.contrib.auth.backends import ModelBackend
 from django.contrib.auth.models import User, Permission
+from django.contrib import messages
 
 from .models import UserProfile, CharacterOwnership, OwnershipRecord
 
@@ -37,7 +38,13 @@ class StateBackend(ModelBackend):
             ownership = CharacterOwnership.objects.get(character__character_id=token.character_id)
             if ownership.owner_hash == token.character_owner_hash:
                 logger.debug(f'Authenticating {ownership.user} by ownership of character {token.character_name}')
-                return ownership.user
+                if ownership.user.profile.main_character:
+                    if ownership.user.profile.main_character.character_id == token.character_id:
+                        return ownership.user
+                    else:  ## this is an alt, enforce main only.
+                        if request:
+                            messages.error("Unable to authenticate with this Character, Please log in with the main character associated with this account.")
+                        return None
             else:
                 logger.debug(f'{token.character_name} has changed ownership. Creating new user account.')
                 ownership.delete()
@@ -57,13 +64,20 @@ class StateBackend(ModelBackend):
                 if records.exists():
                     # we've seen this character owner before. Re-attach to their old user account
                     user = records[0].user
+                    if user.profile.main_character:
+                        if ownership.user.profile.main_character.character_id != token.character_id:
+                            ## this is an alt, enforce main only due to trust issues in SSO.
+                            if request:
+                                messages.error("Unable to authenticate with this Character, Please log in with the main character associated with this account. Then add this character from the dashboard.")
+                            return None
+
                     token.user = user
                     co = CharacterOwnership.objects.create_by_token(token)
                     logger.debug(f'Authenticating {user} by matching owner hash record of character {co.character}')
-                    if not user.profile.main_character:
+
-                        # set this as their main by default if they have none
+                    # set this as their main by default as they have none
-                        user.profile.main_character = co.character
+                    user.profile.main_character = co.character
-                        user.profile.save()
+                    user.profile.save()
                     return user
             logger.debug(f'Unable to authenticate character {token.character_name}. Creating new user.')
             return self.create_user(token)

allianceauth/authentication/models.py

@@ -18,13 +18,13 @@ class State(models.Model):
     priority = models.IntegerField(unique=True, help_text="Users get assigned the state with the highest priority available to them.")
 
     member_characters = models.ManyToManyField(EveCharacter, blank=True,
-                                               help_text="Characters to which this state is available.")
+                                                help_text="Characters to which this state is available.")
     member_corporations = models.ManyToManyField(EveCorporationInfo, blank=True,
-                                                 help_text="Corporations to whose members this state is available.")
+                                                help_text="Corporations to whose members this state is available.")
     member_alliances = models.ManyToManyField(EveAllianceInfo, blank=True,
-                                              help_text="Alliances to whose members this state is available.")
+                                            help_text="Alliances to whose members this state is available.")
     member_factions = models.ManyToManyField(EveFactionInfo, blank=True,
-                                             help_text="Factions to whose members this state is available.")
+                                            help_text="Factions to whose members this state is available.")
     public = models.BooleanField(default=False, help_text="Make this state available to any character.")
 
     objects = StateManager()

allianceauth/authentication/static/allianceauth/authentication/css/admin.css

@@ -0,0 +1,31 @@
+/*
+CSS for allianceauth admin site
+*/
+
+/* styling for profile pic */
+.img-circle {
+    border-radius: 50%;
+}
+
+.column-user_profile_pic {
+    white-space: nowrap;
+    width: 1px;
+}
+
+/* tooltip */
+.tooltip {
+    position: relative;
+}
+
+.tooltip:hover::after {
+    background-color: rgb(255 255 204);
+    border: 1px rgb(128 128 128) solid;
+    color: rgb(0 0 0);
+    content: attr(data-tooltip);
+    left: 1em;
+    min-width: 200px;
+    padding: 8px;
+    position: absolute;
+    top: 1.1em;
+    z-index: 1;
+}

allianceauth/authentication/static/authentication/css/admin.css

@@ -1,29 +0,0 @@
-/*
-CSS for allianceauth admin site
-*/
-
-/* styling for profile pic */
-.img-circle {
-    border-radius: 50%;
-}
-.column-user_profile_pic {
-    width: 1px;
-    white-space: nowrap;
-}
-
-/* tooltip */
-.tooltip {
-    position: relative ;
-}
-.tooltip:hover::after {
-    content: attr(data-tooltip) ;
-    position: absolute ;
-    top: 1.1em ;
-    left: 1em ;
-    min-width: 200px ;
-    border: 1px #808080 solid ;
-    padding: 8px ;
-    color: black ;
-    background-color: rgb(255, 255, 204) ;
-    z-index: 1 ;
-}

allianceauth/authentication/task_statistics/event_series.py

@@ -1,27 +1,62 @@
 import datetime as dt
-from typing import Optional, List
+import logging
+from typing import List, Optional
 
-from redis import Redis
 from pytz import utc
+from redis import Redis, RedisError
 
-from django_redis import get_redis_connection
+from allianceauth.utils.cache import get_redis_client
+
+logger = logging.getLogger(__name__)
+
+
+class _RedisStub:
+    """Stub of a Redis client.
+
+    It's purpose is to prevent EventSeries objects from trying to access Redis
+    when it is not available. e.g. when the Sphinx docs are rendered by readthedocs.org.
+    """
+
+    def delete(self, *args, **kwargs):
+        pass
+
+    def incr(self, *args, **kwargs):
+        return 0
+
+    def zadd(self, *args, **kwargs):
+        pass
+
+    def zcount(self, *args, **kwargs):
+        pass
+
+    def zrangebyscore(self, *args, **kwargs):
+        pass
 
 
 class EventSeries:
-    """API for recording and analysing a series of events."""
+    """API for recording and analyzing a series of events."""
 
     _ROOT_KEY = "ALLIANCEAUTH_EVENT_SERIES"
 
     def __init__(self, key_id: str, redis: Redis = None) -> None:
-        self._redis = get_redis_connection("default") if not redis else redis
+        self._redis = get_redis_client() if not redis else redis
-        if not isinstance(self._redis, Redis):
+        try:
-            raise TypeError(
+            if not self._redis.ping():
-                "This class requires a Redis client, but none was provided "
+                raise RuntimeError()
-                "and the default Django cache backend is not Redis either."
+        except (AttributeError, RedisError, RuntimeError):
+            logger.exception(
+                "Failed to establish a connection with Redis. "
+                "This EventSeries object is disabled.",
             )
+            self._redis = _RedisStub()
         self._key_id = str(key_id)
         self.clear()
 
+    @property
+    def is_disabled(self):
+        """True when this object is disabled, e.g. Redis was not available at startup."""
+        return isinstance(self._redis, _RedisStub)
+
     @property
     def _key_counter(self):
         return f"{self._ROOT_KEY}_{self._key_id}_COUNTER"

allianceauth/authentication/task_statistics/tests/test_event_series.py

@@ -1,13 +1,48 @@
 import datetime as dt
+from unittest.mock import patch
 
 from pytz import utc
+from redis import RedisError
+
 from django.test import TestCase
 from django.utils.timezone import now
 
-from allianceauth.authentication.task_statistics.event_series import EventSeries
+from allianceauth.authentication.task_statistics.event_series import (
+    EventSeries,
+    _RedisStub,
+)
+
+MODULE_PATH = "allianceauth.authentication.task_statistics.event_series"
 
 
 class TestEventSeries(TestCase):
+    def test_should_abort_without_redis_client(self):
+        # when
+        with patch(MODULE_PATH + ".get_redis_client") as mock:
+            mock.return_value = None
+            events = EventSeries("dummy")
+        # then
+        self.assertTrue(events._redis, _RedisStub)
+        self.assertTrue(events.is_disabled)
+
+    def test_should_disable_itself_if_redis_not_available_1(self):
+        # when
+        with patch(MODULE_PATH + ".get_redis_client") as mock_get_master_client:
+            mock_get_master_client.return_value.ping.side_effect = RedisError
+            events = EventSeries("dummy")
+        # then
+        self.assertIsInstance(events._redis, _RedisStub)
+        self.assertTrue(events.is_disabled)
+
+    def test_should_disable_itself_if_redis_not_available_2(self):
+        # when
+        with patch(MODULE_PATH + ".get_redis_client") as mock_get_master_client:
+            mock_get_master_client.return_value.ping.return_value = False
+            events = EventSeries("dummy")
+        # then
+        self.assertIsInstance(events._redis, _RedisStub)
+        self.assertTrue(events.is_disabled)
+
     def test_should_add_event(self):
         # given
         events = EventSeries("dummy")

allianceauth/authentication/templates/authentication/dashboard.html

@@ -1,5 +1,4 @@
 {% extends "allianceauth/base.html" %}
-{% load static %}
 {% load i18n %}
 
 {% block page_title %}{% translate "Dashboard" %}{% endblock %}
@@ -15,9 +14,9 @@
                 <div class="panel panel-primary" style="height:100%">
                     <div class="panel-heading">
                         <h3 class="panel-title">
-                            {% blocktrans with state=request.user.profile.state %}
+                            {% blocktranslate with state=request.user.profile.state %}
                                 Main Character (State: {{ state }})
-                            {% endblocktrans %}
+                            {% endblocktranslate %}
                         </h3>
                     </div>
                     <div class="panel-body">
@@ -28,7 +27,7 @@
                                         <table class="table">
                                             <tr>
                                                 <td class="text-center">
-                                                    <img class="ra-avatar"src="{{ main.portrait_url_128 }}">
+                                                    <img class="ra-avatar" src="{{ main.portrait_url_128 }}" alt="{{ main.character_name }}">
                                                 </td>
                                             </tr>
                                             <tr>
@@ -40,7 +39,7 @@
                                         <table class="table">
                                             <tr>
                                                 <td class="text-center">
-                                                    <img class="ra-avatar"src="{{ main.corporation_logo_url_128 }}">
+                                                    <img class="ra-avatar" src="{{ main.corporation_logo_url_128 }}" alt="{{ main.corporation_name }}">
                                                 </td>
                                             </tr>
                                             <tr>
@@ -53,7 +52,7 @@
                                             <table class="table">
                                                 <tr>
                                                     <td class="text-center">
-                                                        <img class="ra-avatar"src="{{ main.alliance_logo_url_128 }}">
+                                                        <img class="ra-avatar" src="{{ main.alliance_logo_url_128 }}" alt="{{ main.alliance_name }}">
                                                     </td>
                                                 </tr>
                                                 <tr>
@@ -64,7 +63,7 @@
                                             <table class="table">
                                                 <tr>
                                                     <td class="text-center">
-                                                        <img class="ra-avatar"src="{{ main.faction_logo_url_128 }}">
+                                                        <img class="ra-avatar" src="{{ main.faction_logo_url_128 }}" alt="{{ main.faction_name }}">
                                                     </td>
                                                 </tr>
                                                 <tr>
@@ -76,13 +75,13 @@
                                 </div>
                                 <div class="table visible-xs-block">
                                     <p>
-                                        <img class="ra-avatar" src="{{ main.portrait_url_64 }}">
+                                        <img class="ra-avatar" src="{{ main.portrait_url_64 }}" alt="{{ main.corporation_name }}">
-                                        <img class="ra-avatar" src="{{ main.corporation_logo_url_64 }}">
+                                        <img class="ra-avatar" src="{{ main.corporation_logo_url_64 }}" alt="{{ main.corporation_name }}">
                                         {% if main.alliance_id %}
-                                            <img class="ra-avatar" src="{{ main.alliance_logo_url_64 }}">
+                                            <img class="ra-avatar" src="{{ main.alliance_logo_url_64 }}" alt="{{ main.alliance_name }}">
                                         {% endif %}
                                         {% if main.faction_id %}
-                                            <img class="ra-avatar" src="{{ main.faction_logo_url_64 }}">
+                                            <img class="ra-avatar" src="{{ main.faction_logo_url_64 }}" alt="{{ main.faction_name }}">
                                         {% endif %}
                                     </p>
                                     <p>
@@ -104,13 +103,17 @@
                         {% endif %}
                         <div class="clearfix"></div>
                         <div class="row">
-                            <div class="col-sm-6 button-wrapper">
+                            <div class="col-sm-6">
-                                <a href="{% url 'authentication:add_character' %}" class="btn btn-block btn-info"
+                                <p>
-                                title="Add Character">{% translate 'Add Character' %}</a>
+                                    <a href="{% url 'authentication:add_character' %}" class="btn btn-block btn-info"
+                                    title="Add Character">{% translate 'Add Character' %}</a>
+                                </p>
                             </div>
-                            <div class="col-sm-6 button-wrapper">
+                            <div class="col-sm-6">
-                                <a href="{% url 'authentication:change_main_character' %}" class="btn btn-block btn-info"
+                                <p>
-                                title="Change Main Character">{% translate "Change Main" %}</a>
+                                    <a href="{% url 'authentication:change_main_character' %}" class="btn btn-block btn-info"
+                                    title="Change Main Character">{% translate "Change Main" %}</a>
+                                </p>
                             </div>
                         </div>
                     </div>
@@ -122,7 +125,7 @@
                         <h3 class="panel-title">{% translate "Group Memberships" %}</h3>
                     </div>
                     <div class="panel-body">
-                        <div style="height: 240px;overflow:-moz-scrollbars-vertical;overflow-y:auto;">
+                        <div style="height: 240px;overflow-y:auto;">
                             <table class="table table-aa">
                                 {% for group in groups %}
                                     <tr>
@@ -155,11 +158,12 @@
                     <tbody>
                         {% for char in characters %}
                             <tr>
-                                <td class="text-center"><img class="ra-avatar img-circle" src="{{ char.portrait_url_32 }}">
+                                <td class="text-center">
+                                    <img class="ra-avatar img-circle" src="{{ char.portrait_url_32 }}" alt="{{ char.character_name }}">
                                 </td>
                                 <td class="text-center">{{ char.character_name }}</td>
                                 <td class="text-center">{{ char.corporation_name }}</td>
-                                <td class="text-center">{{ char.alliance_name }}</td>
+                                <td class="text-center">{{ char.alliance_name|default:"" }}</td>
                             </tr>
                         {% endfor %}
                     </tbody>
@@ -169,7 +173,7 @@
                         {% for char in characters %}
                             <tr>
                                 <td class="text-center" style="vertical-align: middle">
-                                    <img class="ra-avatar img-circle" src="{{ char.portrait_url_32 }}">
+                                    <img class="ra-avatar img-circle" src="{{ char.portrait_url_32 }}" alt="{{ char.character_name }}">
                                 </td>
                                 <td class="text-center" style="vertical-align: middle; width: 100%">
                                     <strong>{{ char.character_name }}</strong><br>

allianceauth/authentication/templates/authentication/tokens.html

@@ -0,0 +1,62 @@
+{% extends "allianceauth/base.html" %}
+{% load i18n %}
+
+{% block page_title %}{% translate "Dashboard" %}{% endblock %}
+
+{% block content %}
+    <h1 class="page-header text-center">{% translate "Token Management" %}</h1>
+    <div class="col-sm-12">
+        <table class="table table-aa" id="table_tokens" style="width:100%">
+            <thead>
+                <tr>
+                    <th>{% translate "Scopes" %}</th>
+                    <th class="text-right">{% translate "Actions" %}</th>
+                    <th>{% translate "Character" %}</th>
+
+                </tr>
+            </thead>
+            <tbody>
+                {% for t in tokens %}
+                    <tr>
+                        <td styl="white-space:initial;">{% for s in t.scopes.all %}<span class="label label-default">{{s.name}}</span> {% endfor %}</td>
+                        <td nowrap class="text-right"><a href="{% url 'authentication:token_delete' t.id %}" class="btn btn-danger"><i class="fas fa-trash"></i></a> <a href="{% url 'authentication:token_refresh' t.id %}" class="btn btn-success"><i class="fas fa-sync-alt"></i></a></td>
+                        <td>{{t.character_name}}</td>
+                    </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+        {% translate "This page is a best attempt, but backups or database logs can still contain your tokens. Always revoke tokens on https://community.eveonline.com/support/third-party-applications/ where possible."|urlize %}
+    </div>
+{% endblock %}
+
+{% block extra_javascript %}
+    {% include 'bundles/datatables-js.html' %}
+{% endblock %}
+
+{% block extra_css %}
+    {% include 'bundles/datatables-css.html' %}
+{% endblock %}
+
+{% block extra_script %}
+    $(document).ready(function(){
+        let grp = 2;
+        var table = $('#table_tokens').DataTable({
+            "columnDefs": [{ orderable: false, targets: [0,1] },{ "visible": false, "targets": grp }],
+            "order": [[grp, 'asc']],
+            "drawCallback": function (settings) {
+                var api = this.api();
+                var rows = api.rows({ page: 'current' }).nodes();
+                var last = null;
+                api.column(grp, { page: 'current' })
+                    .data()
+                    .each(function (group, i) {
+                        if (last !== group) {
+                            $(rows).eq(i).before('<tr class="info"><td colspan="3">' + group + '</td></tr>');
+                            last = group;
+                        }
+                    });
+            },
+            "stateSave": true,
+        });
+    });
+{% endblock %}

allianceauth/authentication/templates/public/base.html

@@ -1,4 +1,5 @@
 {% load static %}
+<!DOCTYPE html>
 <html lang="en">
     <head>
         <meta charset="utf-8">
@@ -7,7 +8,7 @@
         <meta name="description" content="">
         <meta name="author" content="">
         <meta property="og:title" content="{{ SITE_NAME }}">
-        <meta property="og:image" content="{{ request.scheme }}://{{ request.get_host }}{% static 'icons/apple-touch-icon.png' %}">
+        <meta property="og:image" content="{{ SITE_URL }}{% static 'allianceauth/icons/apple-touch-icon.png' %}">
         <meta property="og:description" content="Alliance Auth - An auth system for EVE Online to help in-game organizations manage online service access.">
 
         {% include 'allianceauth/icons.html' %}
@@ -21,7 +22,7 @@
 
         <style>
             body {
-                background: url('{% static 'authentication/img/background.jpg' %}') no-repeat center center fixed;
+                background: url('{% static 'allianceauth/authentication/img/background.jpg' %}') no-repeat center center fixed;
                 -webkit-background-size: cover;
                 -moz-background-size: cover;
                 -o-background-size: cover;
@@ -31,6 +32,7 @@
             .panel-transparent {
                 background: rgba(48, 48, 48, 0.7);
                 color: #ffffff;
+                padding-bottom: 21px;
             }
 
             .panel-body {
@@ -47,7 +49,7 @@
         </style>
     </head>
     <body>
-        <div class="container" style="margin-top:150px">
+        <div class="container" style="margin-top:150px;">
             {% block content %}
             {% endblock %}
         </div>

allianceauth/authentication/templates/public/lang_select.html

@@ -6,7 +6,7 @@
             {% get_language_info_list for LANGUAGES as languages %}
             {% for language in languages %}
                 <option value="{{ language.code }}"{% if language.code == LANGUAGE_CODE %} selected="selected"{% endif %}>
-                    {{ language.name_local }} ({{ language.code }})
+                    {{ language.name_local|capfirst }} ({{ language.code }})
                 </option>
             {% endfor %}
         </select>

allianceauth/authentication/templates/public/login.html

@@ -7,6 +7,6 @@
 
 {% block middle_box_content %}
     <a href="{% url 'auth_sso_login' %}{% if request.GET.next %}?next={{request.GET.next}}{%endif%}">
-        <img class="img-responsive center-block" src="{% static 'img/sso/EVE_SSO_Login_Buttons_Large_Black.png' %}" border=0>
+        <img class="img-responsive center-block" src="{% static 'allianceauth/authentication/img/sso/EVE_SSO_Login_Buttons_Large_Black.png' %}" alt="{% translate 'Login with Eve SSO' %}">
     </a>
 {% endblock %}

allianceauth/authentication/templates/public/middle_box.html

@@ -1,5 +1,7 @@
 {% extends 'public/base.html' %}
-{% load static %}
+
+{% load i18n %}
+
 {% block content %}
     <div class="col-md-4 col-md-offset-4">
         {% if messages %}
@@ -7,6 +9,7 @@
                 <div class="alert alert-{{ message.level_tag}}">{{ message }}</div>
             {% endfor %}
         {% endif %}
+
         <div class="panel panel-default panel-transparent">
             <div class="panel-body">
                 <div class="col-md-12">
@@ -14,10 +17,25 @@
                     {% endblock %}
                 </div>
             </div>
+
             {% include 'public/lang_select.html' %}
+
+            <p class="text-center" style="margin-top: 2rem;">
+                {% translate "For information on SSO, ESI and security read the CCP Dev Blog" %}<br>
+                <a href="https://www.eveonline.com/article/introducing-esi" target="_blank" rel="noopener noreferrer">
+                    {% translate "Introducing ESI - A New API For Eve Online" %}
+                </a>
+            </p>
+
+            <p class="text-center">
+                <a href="https://community.eveonline.com/support/third-party-applications/" target="_blank" rel="noopener noreferrer">
+                    {% translate "Manage ESI Applications" %}
+                </a>
+            </p>
         </div>
     </div>
 {% endblock %}
+
 {% block extra_include %}
     {% include 'bundles/bootstrap-js.html' %}
 {% endblock %}

allianceauth/authentication/templates/public/register.html

@@ -1,6 +1,5 @@
 {% extends 'public/base.html' %}
 
-{% load static %}
 {% load bootstrap %}
 {% load i18n %}
 

allianceauth/authentication/templates/registration/password_reset_email.html

@@ -1,15 +0,0 @@
-{% load i18n %}{% autoescape off %}
-    {% blocktrans trimmed %}You're receiving this email because you requested a password reset for your
-        user account.{% endblocktrans %}
-
-    {% translate "Please go to the following page and choose a new password:" %}
-    {% block reset_link %}
-        {{domain}}{% url 'password_reset_confirm' uidb64=uid token=token %}
-    {% endblock %}
-    {% translate "Your username, in case you've forgotten:" %} {{ user.get_username }}
-
-    {% translate "Thanks for using our site!" %}
-
-    {% blocktrans %}Your IT Team{% endblocktrans %}
-
-{% endautoescape %}

allianceauth/authentication/templates/registration/registration_form.html

@@ -1,14 +0,0 @@
-{% extends 'public/middle_box.html' %}
-{% load bootstrap %}
-{% load i18n %}
-{% load static %}
-{% block page_title %}{% translate "Register" %}{% endblock %}
-{% block middle_box_content %}
-    <form class="form-signin" role="form" action="" method="POST">
-        {% csrf_token %}
-        {{ form|bootstrap }}
-        <br>
-        <button class="btn btn-lg btn-primary btn-block" type="submit">{% translate "Submit" %}</button>
-        <br>
-    </form>
-{% endblock %}

allianceauth/authentication/tests/test_backend.py

@@ -116,10 +116,17 @@ class TestAuthenticate(TestCase):
         user = StateBackend().authenticate(token=t)
         self.assertEqual(user, self.user)
 
+    """ Alt Login disabled
     def test_authenticate_alt_character(self):
         t = Token(character_id=self.alt_character.character_id, character_owner_hash='2')
         user = StateBackend().authenticate(token=t)
         self.assertEqual(user, self.user)
+    """
+
+    def test_authenticate_alt_character_fail(self):
+        t = Token(character_id=self.alt_character.character_id, character_owner_hash='2')
+        user = StateBackend().authenticate(token=t)
+        self.assertEqual(user, None)
 
     def test_authenticate_unclaimed_character(self):
         t = Token(character_id=self.unclaimed_character.character_id, character_name=self.unclaimed_character.character_name, character_owner_hash='3')
@@ -128,6 +135,7 @@ class TestAuthenticate(TestCase):
         self.assertEqual(user.username, 'Unclaimed_Character')
         self.assertEqual(user.profile.main_character, self.unclaimed_character)
 
+    """ Alt Login disabled
     def test_authenticate_character_record(self):
         t = Token(character_id=self.unclaimed_character.character_id, character_name=self.unclaimed_character.character_name, character_owner_hash='4')
         OwnershipRecord.objects.create(user=self.old_user, character=self.unclaimed_character, owner_hash='4')
@@ -135,6 +143,15 @@ class TestAuthenticate(TestCase):
         self.assertEqual(user, self.old_user)
         self.assertTrue(CharacterOwnership.objects.filter(owner_hash='4', user=self.old_user).exists())
         self.assertTrue(user.profile.main_character)
+    """
+
+    def test_authenticate_character_record_fails(self):
+        t = Token(character_id=self.unclaimed_character.character_id, character_name=self.unclaimed_character.character_name, character_owner_hash='4')
+        OwnershipRecord.objects.create(user=self.old_user, character=self.unclaimed_character, owner_hash='4')
+        user = StateBackend().authenticate(token=t)
+        self.assertEqual(user, self.old_user)
+        self.assertTrue(CharacterOwnership.objects.filter(owner_hash='4', user=self.old_user).exists())
+        self.assertTrue(user.profile.main_character)
 
     def test_iterate_username(self):
         t = Token(character_id=self.unclaimed_character.character_id,

allianceauth/authentication/urls.py

@@ -22,5 +22,20 @@ urlpatterns = [
         views.add_character,
         name='add_character'
     ),
+    path(
+        'account/tokens/manage/',
+        views.token_management,
+        name='token_management'
+    ),
+    path(
+        'account/tokens/delete/<int:token_id>',
+        views.token_delete,
+        name='token_delete'
+    ),
+    path(
+        'account/tokens/refresh/<int:token_id>',
+        views.token_refresh,
+        name='token_refresh'
+    ),
     path('dashboard/', views.dashboard, name='dashboard'),
 ]

allianceauth/authentication/views.py

@@ -61,6 +61,44 @@ def dashboard(request):
     }
     return render(request, 'authentication/dashboard.html', context)
 
+@login_required
+def token_management(request):
+    tokens = request.user.token_set.all()
+
+    context = {
+        'tokens': tokens
+    }
+    return render(request, 'authentication/tokens.html', context)
+
+@login_required
+def token_delete(request, token_id=None):
+    try:
+        token = Token.objects.get(id=token_id)
+        if request.user == token.user:
+            token.delete()
+            messages.success(request, "Token Deleted.")
+        else:
+            messages.error(request, "This token does not belong to you.")
+    except Token.DoesNotExist:
+        messages.warning(request, "Token does not exist")
+    return redirect('authentication:token_management')
+
+@login_required
+def token_refresh(request, token_id=None):
+    try:
+        token = Token.objects.get(id=token_id)
+        if request.user == token.user:
+            try:
+                token.refresh()
+                messages.success(request, "Token refreshed.")
+            except Exception as e:
+                messages.warning(request, f"Failed to refresh token. {e}")
+        else:
+            messages.error(request, "This token does not belong to you.")
+    except Token.DoesNotExist:
+        messages.warning(request, "Token does not exist")
+    return redirect('authentication:token_management')
+
 
 @login_required
 @token_required(scopes=settings.LOGIN_TOKEN_SCOPES)

allianceauth/context_processors.py

@@ -5,5 +5,6 @@ from .views import NightModeRedirectView
 def auth_settings(request):
     return {
         'SITE_NAME': settings.SITE_NAME,
+        'SITE_URL': settings.SITE_URL,
         'NIGHT_MODE': NightModeRedirectView.night_mode_state(request),
     }

allianceauth/corputils/templates/corputils/corpstats.html

@@ -8,11 +8,11 @@
                 <table class="table">
                     <tr>
                         <td class="text-center col-lg-6{% if corpstats.corp.alliance %}{% else %}col-lg-offset-3{% endif %}">
-                                <img class="ra-avatar" src="{{ corpstats.corp.logo_url_64 }}">
+                                <img class="ra-avatar" src="{{ corpstats.corp.logo_url_64 }}" alt="{{ corpstats.corp.corporation_name }}">
                             </td>
                         {% if corpstats.corp.alliance %}
                             <td class="text-center col-lg-6">
-                                <img class="ra-avatar" src="{{ corpstats.corp.alliance.logo_url_64 }}">
+                                <img class="ra-avatar" src="{{ corpstats.corp.alliance.logo_url_64 }}" alt="{{ corpstats.corp.alliance.alliance_name }}">
                             </td>
                         {% endif %}
                     </tr>
@@ -59,7 +59,7 @@
                                                     <tr>
                                                         <td class="text-center" style="vertical-align:middle">
                                                             <div class="thumbnail" style="border: 0 none; box-shadow: none; background: transparent;">
-                                                                <img src="{{ main.main.portrait_url_64 }}" class="img-circle">
+                                                                <img src="{{ main.main.portrait_url_64 }}" class="img-circle" alt="{{ main.main }}">
                                                                 <div class="caption text-center">
                                                                     {{ main.main }}
                                                                 </div>
@@ -80,7 +80,7 @@
                                                                     <tr>
                                                                         <td class="text-center" style="width:5%">
                                                                             <div class="thumbnail" style="border: 0 none; box-shadow: none; background: transparent;">
-                                                                                <img src="{{ alt.portrait_url_32 }}" class="img-circle">
+                                                                                <img src="{{ alt.portrait_url_32 }}" class="img-circle" alt="{{ alt.character_name }}">
                                                                             </div>
                                                                         </td>
                                                                         <td class="text-center" style="width:30%">{{ alt.character_name }}</td>
@@ -119,7 +119,7 @@
                                             <tbody>
                                                 {% for member in members %}
                                                     <tr>
-                                                        <td><img src="{{ member.portrait_url }}" class="img-circle"></td>
+                                                        <td><img src="{{ member.portrait_url }}" class="img-circle" alt="{{ member }}"></td>
                                                         <td class="text-center">{{ member }}</td>
                                                         <td class="text-center">
                                                             <a href="https://zkillboard.com/character/{{ member.character_id }}/" class="label label-danger" target="_blank">{% translate "Killboard" %}</a>
@@ -131,7 +131,7 @@
                                                 {% endfor %}
                                                 {% for member in unregistered %}
                                                     <tr class="danger">
-                                                        <td><img src="{{ member.portrait_url }}" class="img-circle"></td>
+                                                        <td><img src="{{ member.portrait_url }}" class="img-circle" alt="{{ member.character_name }}"></td>
                                                         <td class="text-center">{{ member.character_name }}</td>
                                                         <td class="text-center">
                                                             <a href="https://zkillboard.com/character/{{ member.character_id }}/" class="label label-danger" target="_blank">{% translate "Killboard" %}</a>
@@ -160,7 +160,7 @@
                                             <tbody>
                                                 {% for member in unregistered %}
                                                     <tr class="danger">
-                                                        <td><img src="{{ member.portrait_url }}" class="img-circle"></td>
+                                                        <td><img src="{{ member.portrait_url }}" class="img-circle" alt="{{ member.character_name }}"></td>
                                                         <td class="text-center">{{ member.character_name }}</td>
                                                         <td class="text-center">
                                                             <a href="https://zkillboard.com/character/{{ member.character_id }}/" class="label label-danger" target="_blank">

allianceauth/corputils/templates/corputils/search.html

@@ -21,7 +21,7 @@
                 <tbody>
                     {% for result in results %}
                         <tr {% if not result.1.registered %}class="danger"{% endif %}>
-                            <td class="text-center"><img src="{{ result.1.portrait_url }}" class="img-circle"></td>
+                            <td class="text-center"><img src="{{ result.1.portrait_url }}" class="img-circle" alt="{{ result.1.character_name }}"></td>
                             <td class="text-center">{{ result.1.character_name }}</td>
                             <td class="text-center">{{ result.0.corp.corporation_name }}</td>
                             <td class="text-center"><a href="https://zkillboard.com/character/{{ result.1.character_id }}/" class="label label-danger" target="_blank">{% translate "Killboard" %}</a></td>

allianceauth/eveonline/migrations/0017_alliance_and_corp_names_are_not_unique.py

@@ -0,0 +1,23 @@
+# Generated by Django 4.0.7 on 2022-08-14 16:23
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('eveonline', '0016_character_names_are_not_unique'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='eveallianceinfo',
+            name='alliance_name',
+            field=models.CharField(max_length=254, db_index=True),
+        ),
+        migrations.AlterField(
+            model_name='evecorporationinfo',
+            name='corporation_name',
+            field=models.CharField(max_length=254, db_index=True),
+        ),
+    ]

allianceauth/eveonline/models.py

@@ -71,7 +71,7 @@ class EveAllianceInfo(models.Model):
     """An alliance in Eve Online."""
 
     alliance_id = models.PositiveIntegerField(unique=True)
-    alliance_name = models.CharField(max_length=254, unique=True)
+    alliance_name = models.CharField(max_length=254, db_index=True)
     alliance_ticker = models.CharField(max_length=254)
     executor_corp_id = models.PositiveIntegerField()
 
@@ -139,7 +139,7 @@ class EveCorporationInfo(models.Model):
     """A corporation in Eve Online."""
 
     corporation_id = models.PositiveIntegerField(unique=True)
-    corporation_name = models.CharField(max_length=254, unique=True)
+    corporation_name = models.CharField(max_length=254, db_index=True)
     corporation_ticker = models.CharField(max_length=254)
     member_count = models.IntegerField()
     ceo_id = models.PositiveIntegerField(blank=True, null=True, default=None)

allianceauth/fleetactivitytracking/templates/fleetactivitytracking/characternotexisting.html

@@ -12,7 +12,7 @@
                     <div class="panel-heading">{{ character_name }}</div>
                     <div class="panel-body">
                         <div class="col-lg-2 col-sm-2">
-                            <img class="ra-avatar img-responsive" src="{{ character_portrait_url }}">
+                            <img class="ra-avatar img-responsive" src="{{ character_portrait_url }}" alt="{{ character_name }}">
                         </div>
                         <div class="col-lg-10 col-sm-2">
                             <div class="alert alert-danger" role="alert">{% translate "Character not registered!" %}</div>

allianceauth/fleetactivitytracking/templates/fleetactivitytracking/fatlinkformatter.html

@@ -1,6 +1,5 @@
 {% extends "allianceauth/base.html" %}
 {% load bootstrap %}
-{% load static %}
 {% load i18n %}
 
 {% block page_title %}{% translate "Create Fatlink" %}{% endblock page_title %}

allianceauth/fleetactivitytracking/templates/fleetactivitytracking/fatlinkmodify.html

@@ -1,6 +1,4 @@
 {% extends "allianceauth/base.html" %}
-{% load bootstrap %}
-{% load static %}
 {% load i18n %}
 {% block page_title %}{% translate "Fatlink view" %}{% endblock page_title %}
 
@@ -32,7 +30,7 @@
                             <td class="text-center">{{ fat.user }}</td>
                             <td class="text-center">{{ fat.character.character_name }}</td>
                             {%  if fat.station != "No Station" %}
-                                <td class="text-center">{% blocktrans %}Docked in {% endblocktrans %}{{ fat.system }}</td>
+                                <td class="text-center">{% blocktranslate %}Docked in {% endblocktranslate %}{{ fat.system }}</td>
                             {% else %}
                                 <td class="text-center">{{ fat.system }}</td>
                             {% endif %}

allianceauth/fleetactivitytracking/templates/fleetactivitytracking/fatlinkpersonalmonthlystatisticsview.html

@@ -1,13 +1,11 @@
 {% extends "allianceauth/base.html" %}
-{% load bootstrap %}
-{% load static %}
 {% load i18n %}
 
 {% block page_title %}{% translate "Personal fatlink statistics" %}{% endblock page_title %}
 
 {% block content %}
     <div class="col-lg-12">
-        <h1 class="page-header text-center">{% blocktrans %}Participation data statistics for {{ month }}, {{ year }}{% endblocktrans %}
+        <h1 class="page-header text-center">{% blocktranslate %}Participation data statistics for {{ month }}, {{ year }}{% endblocktranslate %}
             {% if char_id %}
             <div class="text-right">
                 <a href="{% url 'fatlink:user_statistics_month' char_id previous_month|date:'Y' previous_month|date:'m' %}" class="btn btn-info">{% translate "Previous month" %}</a>
@@ -16,11 +14,11 @@
             {% endif %}
         </h1>
         <h2>
-            {% blocktrans count links=n_fats trimmed %}
+            {% blocktranslate count links=n_fats trimmed %}
                 {{ user }} has collected one link this month.
             {% plural %}
                 {{ user }} has collected {{ links }} links this month.
-            {% endblocktrans %}
+            {% endblocktranslate %}
         </h2>
         <table class="table table-responsive">
             <tr>
@@ -36,11 +34,11 @@
         </table>
         {%  if created_fats %}
         <h2>
-            {% blocktrans count links=n_created_fats trimmed  %}
+            {% blocktranslate count links=n_created_fats trimmed  %}
                 {{ user }} has created one link this month.
             {% plural %}
                 {{ user }} has created {{ links }} links this month.
-            {% endblocktrans %}
+            {% endblocktranslate %}
         </h2>
         {% if created_fats %}
         <table class="table">

allianceauth/fleetactivitytracking/templates/fleetactivitytracking/fatlinkpersonalstatisticsview.html

@@ -1,13 +1,11 @@
 {% extends "allianceauth/base.html" %}
-{% load bootstrap %}
-{% load static %}
 {% load i18n %}
 
 {% block page_title %}{% translate "Personal fatlink statistics" %}{% endblock page_title %}
 
 {% block content %}
     <div class="col-lg-12">
-        <h1 class="page-header text-center">{% blocktrans %}Participation data statistics for {{ year }}{% endblocktrans %}
+        <h1 class="page-header text-center">{% blocktranslate %}Participation data statistics for {{ year }}{% endblocktranslate %}
             <div class="text-right">
                 <a href="{% url 'fatlink:personal_statistics_year' previous_year %}" class="btn btn-info">{% translate "Previous year" %}</a>
                 {%  if next_year %}

allianceauth/fleetactivitytracking/templates/fleetactivitytracking/fatlinkstatisticscorpview.html

@@ -1,13 +1,11 @@
 {% extends "allianceauth/base.html" %}
-{% load bootstrap %}
-{% load static %}
 {% load i18n %}
 
 {% block page_title %}{% translate "Fatlink Corp Statistics" %}{% endblock page_title %}
 
 {% block content %}
     <div class="col-lg-12">
-        <h1 class="page-header text-center">{% blocktrans %}Participation data statistics for {{ month }}, {{ year }}{% endblocktrans %}
+        <h1 class="page-header text-center">{% blocktranslate %}Participation data statistics for {{ month }}, {{ year }}{% endblocktranslate %}
             <div class="text-right">
                 <a href="{% url 'fatlink:statistics_corp_month' corpid previous_month|date:"Y" previous_month|date:"m" %}" class="btn btn-info">{% translate "Previous month" %}</a>
                 {%  if next_month %}
@@ -29,7 +27,7 @@
             {% for memberStat in fatStats %}
             <tr>
                 <td>
-                    <img src="{{ memberStat.mainchar.portrait_url_32 }}" class="ra-avatar img-responsive">
+                    <img src="{{ memberStat.mainchar.portrait_url_32 }}" class="ra-avatar img-responsive" alt="{{ memberStat.mainchar.character_name }}">
                 </td>
                 <td class="text-center">{{ memberStat.mainchar.character_name }}</td>
                 <td class="text-center">{{ memberStat.n_chars }}</td>

allianceauth/fleetactivitytracking/templates/fleetactivitytracking/fatlinkstatisticsview.html

@@ -1,13 +1,11 @@
 {% extends "allianceauth/base.html" %}
-{% load bootstrap %}
-{% load static %}
 {% load i18n %}
 
 {% block page_title %}{% translate "Fatlink statistics" %}{% endblock page_title %}
 
 {% block content %}
     <div class="col-lg-12">
-        <h1 class="page-header text-center">{% blocktrans %}Participation data statistics for {{ month }}, {{ year }}{% endblocktrans %}
+        <h1 class="page-header text-center">{% blocktranslate %}Participation data statistics for {{ month }}, {{ year }}{% endblocktranslate %}
             <div class="text-right">
                 <a href="{% url 'fatlink:statistics_month' previous_month|date:"Y" previous_month|date:"m"  %}" class="btn btn-info">{% translate "Previous month" %}</a>
                 {%  if next_month %}
@@ -30,9 +28,9 @@
             {% for corpStat in fatStats %}
             <tr>
                 <td>
-                    <img src="{{ corpStat.corp.logo_url_32 }}" class="ra-avatar img-responsive">
+                    <img src="{{ corpStat.corp.logo_url_32 }}" class="ra-avatar img-responsive" alt="{{ corpStat.corp.corporation_name }}">
                 </td>
-                <td class="text-center"><a href="{% url 'fatlink:statistics_corp' corpStat.corp.corporation_id %}">[{{ corpStat.corp.corporation_ticker }}]</td>
+                <td class="text-center"><a href="{% url 'fatlink:statistics_corp' corpStat.corp.corporation_id %}">[{{ corpStat.corp.corporation_ticker }}]</a></td>
                 <td class="text-center">{{ corpStat.corp.corporation_name }}</td>
                 <td class="text-center">{{ corpStat.corp.member_count }}</td>
                 <td class="text-center">{{ corpStat.n_fats }}</td>

allianceauth/fleetactivitytracking/templates/fleetactivitytracking/fatlinkview.html

@@ -1,6 +1,4 @@
 {% extends "allianceauth/base.html" %}
-{% load bootstrap %}
-{% load static %}
 {% load i18n %}
 
 {% block page_title %}{% translate "Fatlink view" %}{% endblock page_title %}
@@ -35,7 +33,7 @@
                 <td class="text-center">{{ fat.fatlink.fleet }}</td>
                 <td class="text-center">{{ fat.character.character_name }}</td>
                 {%  if fat.station != "No Station" %}
-                <td class="text-center">{% blocktrans %}Docked in {% endblocktrans %}{{ fat.system }}</td>
+                <td class="text-center">{% blocktranslate %}Docked in {% endblocktranslate %}{{ fat.system }}</td>
                 {% else %}
                 <td class="text-center">{{ fat.system }}</td>
                 {% endif %}

allianceauth/fleetactivitytracking/views.py

@@ -212,7 +212,14 @@ def fatlink_monthly_personal_statistics_view(request, year, month, char_id=None)
     start_of_previous_month = first_day_of_previous_month(year, month)
 
     if request.user.has_perm('auth.fleetactivitytracking_statistics') and char_id:
-        user = EveCharacter.objects.get(character_id=char_id).user
+        try:
+            user = EveCharacter.objects.get(character_id=char_id).character_ownership.user
+        except EveCharacter.DoesNotExist:
+            messages.error(request, _('Character does not exist'))
+            return redirect('fatlink:view')
+        except AttributeError:
+            messages.error(request, _('User does not exist'))
+            return redirect('fatlink:view')
     else:
         user = request.user
     logger.debug(f"Personal monthly statistics view for user {user} called by {request.user}")
@@ -241,59 +248,82 @@ def fatlink_monthly_personal_statistics_view(request, year, month, char_id=None)
 
 @login_required
 @token_required(
-    scopes=['esi-location.read_location.v1', 'esi-location.read_ship_type.v1', 'esi-universe.read_structures.v1'])
+    scopes=[
+        'esi-location.read_location.v1',
+        'esi-location.read_ship_type.v1',
+        'esi-universe.read_structures.v1',
+        'esi-location.read_online.v1',
+    ]
+)
 def click_fatlink_view(request, token, fat_hash=None):
-    fatlink = get_object_or_404(Fatlink, hash=fat_hash)
+    c = token.get_esi_client(spec_file=SWAGGER_SPEC_PATH)
+    character = EveCharacter.objects.get_character_by_id(token.character_id)
+    character_online = c.Location.get_characters_character_id_online(
+        character_id=token.character_id
+    ).result()
 
-    if (timezone.now() - fatlink.fatdatetime) < datetime.timedelta(seconds=(fatlink.duration * 60)):
+    if character_online["online"] is True:
+        fatlink = get_object_or_404(Fatlink, hash=fat_hash)
 
-        character = EveCharacter.objects.get_character_by_id(token.character_id)
+        if (timezone.now() - fatlink.fatdatetime) < datetime.timedelta(seconds=(fatlink.duration * 60)):
+            if character:
+                # get data
+                location = c.Location.get_characters_character_id_location(character_id=token.character_id).result()
+                ship = c.Location.get_characters_character_id_ship(character_id=token.character_id).result()
+                location['solar_system_name'] = \
+                    c.Universe.get_universe_systems_system_id(system_id=location['solar_system_id']).result()['name']
 
-        if character:
+                if location['station_id']:
-            # get data
+                    location['station_name'] = \
-            c = token.get_esi_client(spec_file=SWAGGER_SPEC_PATH)
+                        c.Universe.get_universe_stations_station_id(station_id=location['station_id']).result()['name']
-            location = c.Location.get_characters_character_id_location(character_id=token.character_id).result()
+                elif location['structure_id']:
-            ship = c.Location.get_characters_character_id_ship(character_id=token.character_id).result()
+                    location['station_name'] = \
-            location['solar_system_name'] = \
+                        c.Universe.get_universe_structures_structure_id(structure_id=location['structure_id']).result()[
-                c.Universe.get_universe_systems_system_id(system_id=location['solar_system_id']).result()['name']
+                            'name']
-            if location['station_id']:
+                else:
-                location['station_name'] = \
+                    location['station_name'] = "No Station"
-                    c.Universe.get_universe_stations_station_id(station_id=location['station_id']).result()['name']
+
-            elif location['structure_id']:
+                ship['ship_type_name'] = provider.get_itemtype(ship['ship_type_id']).name
-                location['station_name'] = \
+
-                    c.Universe.get_universe_structures_structure_id(structure_id=location['structure_id']).result()[
+                fat = Fat()
-                        'name']
+                fat.system = location['solar_system_name']
+                fat.station = location['station_name']
+                fat.shiptype = ship['ship_type_name']
+                fat.fatlink = fatlink
+                fat.character = character
+                fat.user = request.user
+
+                try:
+                    fat.full_clean()
+                    fat.save()
+                    messages.success(request, _('Fleet participation registered.'))
+                except ValidationError as e:
+                    err_messages = []
+
+                    for errorname, message in e.message_dict.items():
+                        err_messages.append(message[0])
+
+                    messages.error(request, ' '.join(err_messages))
             else:
-                location['station_name'] = "No Station"
+                context = {
-            ship['ship_type_name'] = provider.get_itemtype(ship['ship_type_id']).name
+                    'character_id': token.character_id,
+                    'character_name': token.character_name,
+                    'character_portrait_url': EveCharacter.generic_portrait_url(
+                        token.character_id, 128
+                    ),
+                }
 
-            fat = Fat()
+                return render(request, 'fleetactivitytracking/characternotexisting.html', context=context)
-            fat.system = location['solar_system_name']
-            fat.station = location['station_name']
-            fat.shiptype = ship['ship_type_name']
-            fat.fatlink = fatlink
-            fat.character = character
-            fat.user = request.user
-            try:
-                fat.full_clean()
-                fat.save()
-                messages.success(request, _('Fleet participation registered.'))
-            except ValidationError as e:
-                err_messages = []
-                for errorname, message in e.message_dict.items():
-                    err_messages.append(message[0])
-                messages.error(request, ' '.join(err_messages))
         else:
-            context = {
+            messages.error(request, _('FAT link has expired.'))
-                'character_id': token.character_id,
-                'character_name': token.character_name,
-                'character_portrait_url': EveCharacter.generic_portrait_url(
-                    token.character_id, 128
-                ),
-            }
-            return render(request, 'fleetactivitytracking/characternotexisting.html', context=context)
     else:
-        messages.error(request, _('FAT link has expired.'))
+        messages.warning(
+            request,
+            _(
+                f"Cannot register the fleet participation for {character.character_name}. The character needs to be online."
+            ),
+        )
+
     return redirect('fatlink:view')
 
 

allianceauth/groupmanagement/admin.py

@@ -1,8 +1,8 @@
 from django.apps import apps
 from django.contrib import admin
-from django.contrib.auth.models import Group as BaseGroup
+
-from django.contrib.auth.models import Permission, User
+from django.contrib.auth.models import Group as BaseGroup, Permission, User
-from django.db.models import Count
+from django.db.models import Count, Exists, OuterRef
 from django.db.models.functions import Lower
 from django.db.models.signals import (
     m2m_changed,
@@ -15,6 +15,7 @@ from django.dispatch import receiver
 
 from .forms import GroupAdminForm, ReservedGroupNameAdminForm
 from .models import AuthGroup, GroupRequest, ReservedGroupName
+from .tasks import remove_users_not_matching_states_from_group
 
 if 'eve_autogroups' in apps.app_configs:
     _has_auto_groups = True
@@ -106,14 +107,13 @@ class HasLeaderFilter(admin.SimpleListFilter):
 
 class GroupAdmin(admin.ModelAdmin):
     form = GroupAdminForm
-    list_select_related = ('authgroup',)
     ordering = ('name',)
     list_display = (
         'name',
         '_description',
         '_properties',
         '_member_count',
-        'has_leader'
+        'has_leader',
     )
     list_filter = [
         'authgroup__internal',
@@ -129,31 +129,51 @@ class GroupAdmin(admin.ModelAdmin):
 
     def get_queryset(self, request):
         qs = super().get_queryset(request)
-        if _has_auto_groups:
+        has_leader_qs = (
-            qs = qs.prefetch_related('managedalliancegroup_set', 'managedcorpgroup_set')
+            AuthGroup.objects.filter(group=OuterRef('pk'), group_leaders__isnull=False)
-        qs = qs.prefetch_related('authgroup__group_leaders').select_related('authgroup')
-        qs = qs.annotate(
-            member_count=Count('user', distinct=True),
         )
+        has_leader_groups_qs = (
+            AuthGroup.objects.filter(
+                group=OuterRef('pk'), group_leader_groups__isnull=False
+            )
+        )
+        qs = (
+            qs.select_related('authgroup')
+            .annotate(member_count=Count('user', distinct=True))
+            .annotate(has_leader=Exists(has_leader_qs))
+            .annotate(has_leader_groups=Exists(has_leader_groups_qs))
+        )
+        if _has_auto_groups:
+            is_autogroup_corp = (
+                Group.objects.filter(
+                    pk=OuterRef('pk'), managedcorpgroup__isnull=False
+                )
+            )
+            is_autogroup_alliance = (
+                Group.objects.filter(
+                    pk=OuterRef('pk'), managedalliancegroup__isnull=False
+                )
+            )
+            qs = (
+                qs.annotate(is_autogroup_corp=Exists(is_autogroup_corp))
+                .annotate(is_autogroup_alliance=Exists(is_autogroup_alliance))
+            )
         return qs
 
     def _description(self, obj):
         return obj.authgroup.description
 
-    @admin.display(description="Members", ordering="member_count")
+    @admin.display(description='Members', ordering='member_count')
     def _member_count(self, obj):
         return obj.member_count
 
     @admin.display(boolean=True)
     def has_leader(self, obj):
-        return obj.authgroup.group_leaders.exists() or obj.authgroup.group_leader_groups.exists()
+        return obj.has_leader or obj.has_leader_groups
 
     def _properties(self, obj):
         properties = list()
-        if _has_auto_groups and (
+        if _has_auto_groups and (obj.is_autogroup_corp or obj.is_autogroup_alliance):
-            obj.managedalliancegroup_set.exists()
-            or obj.managedcorpgroup_set.exists()
-        ):
             properties.append('Auto Group')
         elif obj.authgroup.internal:
             properties.append('Internal')
@@ -183,6 +203,8 @@ class GroupAdmin(admin.ModelAdmin):
             ag_instance = inline_form.save(commit=False)
             ag_instance.group = form.instance
             ag_instance.save()
+            if ag_instance.states.exists():
+                remove_users_not_matching_states_from_group.delay(ag_instance.group.pk)
         formset.save()
 
     def get_readonly_fields(self, request, obj=None):

allianceauth/groupmanagement/models.py

@@ -189,6 +189,15 @@ class AuthGroup(models.Model):
             | User.objects.filter(groups__in=list(self.group_leader_groups.all()))
         )
 
+    def remove_users_not_matching_states(self):
+        """Remove users not matching defined states from related group."""
+        states_qs = self.states.all()
+        if states_qs.exists():
+            states = list(states_qs)
+            non_compliant_users = self.group.user_set.exclude(profile__state__in=states)
+            for user in non_compliant_users:
+                self.group.user_set.remove(user)
+
 
 class ReservedGroupName(models.Model):
     """Name that can not be used for groups.

allianceauth/groupmanagement/tasks.py

@@ -0,0 +1,10 @@
+from celery import shared_task
+
+from django.contrib.auth.models import Group
+
+
+@shared_task
+def remove_users_not_matching_states_from_group(group_pk: int) -> None:
+    """Remove users not matching defined states from related group."""
+    group = Group.objects.get(pk=group_pk)
+    group.authgroup.remove_users_not_matching_states()

allianceauth/groupmanagement/templates/groupmanagement/audit.html

@@ -1,5 +1,4 @@
 {% extends "allianceauth/base.html" %}
-{% load static %}
 {% load i18n %}
 
 {% block page_title %}{{ group }} {% translate "Audit Log" %}{% endblock page_title %}
@@ -25,13 +24,15 @@
                     <div class="table-responsive">
                         <table class="table table-striped" id="log-entries">
                             <thead>
-                                <th scope="col">{% translate "Date/Time" %}</th>
+                                <tr>
-                                <th scope="col">{% translate "Requestor" %}</th>
+                                    <th scope="col">{% translate "Date/Time" %}</th>
-                                <th scope="col">{% translate "Character" %}</th>
+                                    <th scope="col">{% translate "Requestor" %}</th>
-                                <th scope="col">{% translate "Corporation" %}</th>
+                                    <th scope="col">{% translate "Character" %}</th>
-                                <th scope="col">{% translate "Type" %}</th>
+                                    <th scope="col">{% translate "Corporation" %}</th>
-                                <th scope="col">{% translate "Action" %}</th>
+                                    <th scope="col">{% translate "Type" %}</th>
-                                <th scope="col">{% translate "Actor" %}</th>
+                                    <th scope="col">{% translate "Action" %}</th>
+                                    <th scope="col">{% translate "Actor" %}</th>
+                                </tr>
                             </thead>
 
                             <tbody>
@@ -74,7 +75,7 @@
 {% block extra_javascript %}
     {% include 'bundles/datatables-js.html' %}
     {% include 'bundles/moment-js.html' with locale=True %}
-    <script type="application/javascript" src="{% static 'js/filterDropDown/filterDropDown.min.js' %}"></script>
+    {% include 'bundles/filterdropdown-js.html' %}
 {% endblock %}
 
 {% block extra_css %}

allianceauth/groupmanagement/templates/groupmanagement/groupmembers.html

@@ -1,5 +1,4 @@
 {% extends "allianceauth/base.html" %}
-{% load static %}
 {% load i18n %}
 {% load evelinks %}
 
@@ -37,7 +36,7 @@
                                 {% for member in members %}
                                     <tr>
                                         <td>
-                                            <img src="{{ member.main_char|character_portrait_url:32 }}" class="img-circle" style="margin-right: 1rem;">
+                                            <img src="{{ member.main_char|character_portrait_url:32 }}" class="img-circle" style="margin-right: 1rem;" alt="{{ member.main_char.character_name }}">
                                             {% if member.main_char %}
                                                 <a href="{{ member.main_char|evewho_character_url }}" target="_blank">
                                                     {{ member.main_char.character_name }}

allianceauth/groupmanagement/templates/groupmanagement/groupmembership.html

@@ -1,5 +1,4 @@
 {% extends "allianceauth/base.html" %}
-{% load static %}
 {% load i18n %}
 
 {% block page_title %}{% translate "Groups Membership" %}{% endblock page_title %}
@@ -61,7 +60,7 @@
                                                 <i class="glyphicon glyphicon-list-alt"></i>
                                             </a>
 
-                                            <a id="clipboard-copy" data-clipboard-text="{{ request.scheme }}://{{request.get_host}}{% url 'groupmanagement:request_add' group.id %}" class="btn btn-warning" title="{% translate "Copy Direct Join Link" %}">
+                                            <a id="clipboard-copy" data-clipboard-text="{{ SITE_URL }}{% url 'groupmanagement:request_add' group.id %}" class="btn btn-warning" title="{% translate "Copy Direct Join Link" %}">
                                                 <i class="glyphicon glyphicon-copy"></i>
                                             </a>
                                         </td>

allianceauth/groupmanagement/templates/groupmanagement/groups.html

@@ -1,5 +1,4 @@
 {% extends "allianceauth/base.html" %}
-{% load static %}
 {% load i18n %}
 
 {% block page_title %}{% translate "Available Groups" %}{% endblock page_title %}

allianceauth/groupmanagement/templates/groupmanagement/index.html

@@ -1,5 +1,4 @@
 {% extends "allianceauth/base.html" %}
-{% load static %}
 {% load i18n %}
 {% load evelinks %}
 
@@ -64,7 +63,7 @@
                                         {% for acceptrequest in acceptrequests %}
                                             <tr>
                                                 <td>
-                                                    <img src="{{ acceptrequest.main_char|character_portrait_url:32 }}" class="img-circle" style="margin-right: 1rem;">
+                                                    <img src="{{ acceptrequest.main_char|character_portrait_url:32 }}" class="img-circle" style="margin-right: 1rem;" alt="{{ acceptrequest.main_char.character_name }}">
                                                     {% if acceptrequest.main_char %}
                                                         <a href="{{ acceptrequest.main_char|evewho_character_url }}" target="_blank">
                                                             {{ acceptrequest.main_char.character_name }}
@@ -121,7 +120,7 @@
                                             {% for leaverequest in leaverequests %}
                                                 <tr>
                                                     <td>
-                                                        <img src="{{ leaverequest.main_char|character_portrait_url:32 }}" class="img-circle" style="margin-right: 1rem;">
+                                                        <img src="{{ leaverequest.main_char|character_portrait_url:32 }}" class="img-circle" style="margin-right: 1rem;" alt="{{ leaverequest.main_char.character_name }}">
                                                         {% if leaverequest.main_char %}
                                                             <a href="{{ leaverequest.main_char|evewho_character_url }}" target="_blank">
                                                                 {{ leaverequest.main_char.character_name }}

allianceauth/groupmanagement/templates/groupmanagement/menu.html

@@ -1,4 +1,3 @@
-{% load static %}
 {% load i18n %}
 {% load navactive %}
 

allianceauth/groupmanagement/tests/test_admin.py

@@ -6,7 +6,7 @@ from django.conf import settings
 from django.contrib import admin
 from django.contrib.admin.sites import AdminSite
 from django.contrib.auth.models import User
-from django.test import TestCase, RequestFactory, Client
+from django.test import TestCase, RequestFactory, Client, override_settings
 
 from allianceauth.authentication.models import CharacterOwnership, State
 from allianceauth.eveonline.models import (
@@ -236,60 +236,104 @@ class TestGroupAdmin(TestCase):
         self.assertEqual(result, expected)
 
     def test_member_count(self):
-        expected = 1
+        # given
-        obj = self.modeladmin.get_queryset(MockRequest(user=self.user_1))\
+        request = MockRequest(user=self.user_1)
-            .get(pk=self.group_1.pk)
+        obj = self.modeladmin.get_queryset(request).get(pk=self.group_1.pk)
+        # when
         result = self.modeladmin._member_count(obj)
-        self.assertEqual(result, expected)
+        # then
+        self.assertEqual(result, 1)
 
     def test_has_leader_user(self):
-        result = self.modeladmin.has_leader(self.group_1)
+        # given
+        request = MockRequest(user=self.user_1)
+        obj = self.modeladmin.get_queryset(request).get(pk=self.group_1.pk)
+        # when
+        result = self.modeladmin.has_leader(obj)
+        # then
         self.assertTrue(result)
 
     def test_has_leader_group(self):
-        result = self.modeladmin.has_leader(self.group_2)
+        # given
+        request = MockRequest(user=self.user_1)
+        obj = self.modeladmin.get_queryset(request).get(pk=self.group_2.pk)
+        # when
+        result = self.modeladmin.has_leader(obj)
+        # then
         self.assertTrue(result)
 
     def test_properties_1(self):
-        expected = ['Default']
+        # given
-        result = self.modeladmin._properties(self.group_1)
+        request = MockRequest(user=self.user_1)
-        self.assertListEqual(result, expected)
+        obj = self.modeladmin.get_queryset(request).get(pk=self.group_1.pk)
+        # when
+        result = self.modeladmin._properties(obj)
+        self.assertListEqual(result, ['Default'])
 
     def test_properties_2(self):
-        expected = ['Internal']
+        # given
-        result = self.modeladmin._properties(self.group_2)
+        request = MockRequest(user=self.user_1)
-        self.assertListEqual(result, expected)
+        obj = self.modeladmin.get_queryset(request).get(pk=self.group_2.pk)
+        # when
+        result = self.modeladmin._properties(obj)
+        self.assertListEqual(result, ['Internal'])
 
     def test_properties_3(self):
-        expected = ['Hidden']
+        # given
-        result = self.modeladmin._properties(self.group_3)
+        request = MockRequest(user=self.user_1)
-        self.assertListEqual(result, expected)
+        obj = self.modeladmin.get_queryset(request).get(pk=self.group_3.pk)
+        # when
+        result = self.modeladmin._properties(obj)
+        self.assertListEqual(result, ['Hidden'])
 
     def test_properties_4(self):
-        expected = ['Open']
+        # given
-        result = self.modeladmin._properties(self.group_4)
+        request = MockRequest(user=self.user_1)
-        self.assertListEqual(result, expected)
+        obj = self.modeladmin.get_queryset(request).get(pk=self.group_4.pk)
+        # when
+        result = self.modeladmin._properties(obj)
+        self.assertListEqual(result, ['Open'])
 
     def test_properties_5(self):
-        expected = ['Public']
+        # given
-        result = self.modeladmin._properties(self.group_5)
+        request = MockRequest(user=self.user_1)
-        self.assertListEqual(result, expected)
+        obj = self.modeladmin.get_queryset(request).get(pk=self.group_5.pk)
+        # when
+        result = self.modeladmin._properties(obj)
+        self.assertListEqual(result, ['Public'])
 
     def test_properties_6(self):
-        expected = ['Hidden', 'Open', 'Public']
+        # given
-        result = self.modeladmin._properties(self.group_6)
+        request = MockRequest(user=self.user_1)
-        self.assertListEqual(result, expected)
+        obj = self.modeladmin.get_queryset(request).get(pk=self.group_6.pk)
+        # when
+        result = self.modeladmin._properties(obj)
+        self.assertListEqual(result, ['Hidden', 'Open', 'Public'])
 
     if _has_auto_groups:
         @patch(MODULE_PATH + '._has_auto_groups', True)
-        def test_properties_7(self):
+        def test_should_show_autogroup_for_corporation(self):
+            # given
             self._create_autogroups()
-            expected = ['Auto Group']
+            request = MockRequest(user=self.user_1)
-            my_group = Group.objects\
+            queryset = self.modeladmin.get_queryset(request)
-                .filter(managedcorpgroup__isnull=False)\
+            obj = queryset.filter(managedcorpgroup__isnull=False).first()
-                .first()
+            # when
-            result = self.modeladmin._properties(my_group)
+            result = self.modeladmin._properties(obj)
-            self.assertListEqual(result, expected)
+            # then
+            self.assertListEqual(result, ['Auto Group'])
+
+        @patch(MODULE_PATH + '._has_auto_groups', True)
+        def test_should_show_autogroup_for_alliance(self):
+            # given
+            self._create_autogroups()
+            request = MockRequest(user=self.user_1)
+            queryset = self.modeladmin.get_queryset(request)
+            obj = queryset.filter(managedalliancegroup__isnull=False).first()
+            # when
+            result = self.modeladmin._properties(obj)
+            # then
+            self.assertListEqual(result, ['Auto Group'])
 
     # actions
 
@@ -539,6 +583,68 @@ class TestGroupAdminChangeFormSuperuserExclusiveEdits(WebTest):
                 self.assertNotIn(field, form.fields)
 
 
+@override_settings(CELERY_ALWAYS_EAGER=True, CELERY_EAGER_PROPAGATES_EXCEPTIONS=True)
+class TestGroupAdmin2(TestCase):
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
+        cls.superuser = User.objects.create_superuser("super")
+
+    def test_should_remove_users_from_state_groups(self):
+        # given
+        user_member = AuthUtils.create_user("Bruce Wayne")
+        character_member = AuthUtils.add_main_character_2(
+            user_member,
+            name="Bruce Wayne",
+            character_id=1001,
+            corp_id=2001,
+            corp_name="Wayne Technologies",
+        )
+        user_guest = AuthUtils.create_user("Lex Luthor")
+        AuthUtils.add_main_character_2(
+            user_guest,
+            name="Lex Luthor",
+            character_id=1011,
+            corp_id=2011,
+            corp_name="Luthor Corp",
+        )
+        member_state = AuthUtils.get_member_state()
+        member_state.member_characters.add(character_member)
+        user_member.refresh_from_db()
+        user_guest.refresh_from_db()
+        group = Group.objects.create(name="dummy")
+        user_member.groups.add(group)
+        user_guest.groups.add(group)
+        group.authgroup.states.add(member_state)
+        self.client.force_login(self.superuser)
+        # when
+        response = self.client.post(
+            f"/admin/groupmanagement/group/{group.pk}/change/",
+            data={
+                "name": f"{group.name}",
+                "authgroup-TOTAL_FORMS": "1",
+                "authgroup-INITIAL_FORMS": "1",
+                "authgroup-MIN_NUM_FORMS": "0",
+                "authgroup-MAX_NUM_FORMS": "1",
+                "authgroup-0-description": "",
+                "authgroup-0-states": f"{member_state.pk}",
+                "authgroup-0-internal": "on",
+                "authgroup-0-hidden": "on",
+                "authgroup-0-group": f"{group.pk}",
+                "authgroup-__prefix__-description": "",
+                "authgroup-__prefix__-internal": "on",
+                "authgroup-__prefix__-hidden": "on",
+                "authgroup-__prefix__-group": f"{group.pk}",
+                "_save": "Save"
+            }
+        )
+        # then
+        self.assertEqual(response.status_code, 302)
+        self.assertEqual(response.url, "/admin/groupmanagement/group/")
+        self.assertIn(group, user_member.groups.all())
+        self.assertNotIn(group, user_guest.groups.all())
+
+
 class TestReservedGroupNameAdmin(TestCase):
     @classmethod
     def setUpClass(cls):

allianceauth/groupmanagement/tests/test_models.py

@@ -232,6 +232,38 @@ class TestAuthGroup(TestCase):
         expected = 'Superheros'
         self.assertEqual(str(group.authgroup), expected)
 
+    def test_should_remove_guests_from_group_when_restricted_to_members_only(self):
+        # given
+        user_member = AuthUtils.create_user("Bruce Wayne")
+        character_member = AuthUtils.add_main_character_2(
+            user_member,
+            name="Bruce Wayne",
+            character_id=1001,
+            corp_id=2001,
+            corp_name="Wayne Technologies",
+        )
+        user_guest = AuthUtils.create_user("Lex Luthor")
+        AuthUtils.add_main_character_2(
+            user_guest,
+            name="Lex Luthor",
+            character_id=1011,
+            corp_id=2011,
+            corp_name="Luthor Corp",
+        )
+        member_state = AuthUtils.get_member_state()
+        member_state.member_characters.add(character_member)
+        user_member.refresh_from_db()
+        user_guest.refresh_from_db()
+        group = Group.objects.create(name="dummy")
+        user_member.groups.add(group)
+        user_guest.groups.add(group)
+        group.authgroup.states.add(member_state)
+        # when
+        group.authgroup.remove_users_not_matching_states()
+        # then
+        self.assertIn(group, user_member.groups.all())
+        self.assertNotIn(group, user_guest.groups.all())
+
 
 class TestAuthGroupRequestApprovers(TestCase):
     def setUp(self) -> None:

allianceauth/groupmanagement/urls.py

@@ -5,7 +5,7 @@ app_name = "groupmanagement"
 
 urlpatterns = [
     # groups
-    path("groups", views.groups_view, name="groups"),
+    path("groups/", views.groups_view, name="groups"),
     path("group/request/join/<int:group_id>/", views.group_request_add, name="request_add"),
     path(
         "group/request/leave/<int:group_id>/", views.group_request_leave, name="request_leave"

allianceauth/hrapplications/templates/hrapplications/corpchoice.html

@@ -1,5 +1,4 @@
 {% extends "allianceauth/base.html" %}
-{% load static %}
 {% load i18n %}
 
 {% block page_title %}{% translate "Choose a Corp" %}{% endblock page_title %}

allianceauth/hrapplications/templates/hrapplications/create.html

@@ -1,5 +1,4 @@
 {% extends "allianceauth/base.html" %}
-{% load static %}
 {% load i18n %}
 
 {% block page_title %}{% translate "Apply To" %} {{ corp.corporation_name }}{% endblock page_title %}
@@ -16,11 +15,11 @@
                             <label class="control-label" for="id_{{ question.pk }}">{{ question.title }}</label>
                             <div class=" ">
                             {% if question.help_text %}
-                                <div cass="text-center">{{ question.help_text }}</div>
+                                <div class="text-center">{{ question.help_text }}</div>
                             {% endif %}
                             {% for choice in question.choices.all %}
-                                <input type={% if question.multi_select == False %}"radio"{% else %}"checkbox"{% endif %} name="{{ question.pk }}" id="id_{{ question.pk }}" value="{{ choice.choice_text }}">
+                                <input type={% if question.multi_select == False %}"radio"{% else %}"checkbox"{% endif %} name="{{ question.pk }}" id="id_{{ question.pk }}_choice_{{ forloop.counter }}" value="{{ choice.choice_text }}">
-                                <label for="choice{{ forloop.counter }}">{{ choice.choice_text }}</label><br>
+                                <label for="id_{{ question.pk }}_choice_{{ forloop.counter }}">{{ choice.choice_text }}</label><br>
                             {% empty %}
                                 <textarea class="form-control" cols="30" id="id_{{ question.pk }}" name="{{ question.pk }}" rows="4"></textarea>
                             {% endfor %}

allianceauth/hrapplications/templates/hrapplications/management.html

@@ -1,6 +1,5 @@
 {% extends "allianceauth/base.html" %}
 {% load bootstrap %}
-{% load static %}
 {% load i18n %}
 
 {% block page_title %}{% translate "HR Application Management" %}{% endblock page_title %}
@@ -178,7 +177,7 @@
                         <h4 class="modal-title" id="myModalLabel">{% translate "Application Search" %}</h4>
                     </div>
                     <div class="modal-body">
-                        <form class="form-signin" role="form" action={% url 'hrapplications:search' %} method="POST">
+                        <form class="form-signin" role="form" action="{% url 'hrapplications:search' %}" method="POST">
                             {% csrf_token %}
                             {{ search_form|bootstrap }}
                             <br>

allianceauth/hrapplications/templates/hrapplications/searchview.html

@@ -1,6 +1,5 @@
 {% extends "allianceauth/base.html" %}
 {% load bootstrap %}
-{% load static %}
 {% load i18n %}
 
 {% block page_title %}{% translate "HR Application Management" %}{% endblock page_title %}
@@ -64,7 +63,7 @@
                         <h4 class="modal-title" id="myModalLabel">{% translate "Application Search" %}</h4>
                     </div>
                     <div class="modal-body">
-                        <form class="form-signin" role="form" action={% url 'hrapplications:search' %} method="POST">
+                        <form class="form-signin" role="form" action="{% url 'hrapplications:search' %}" method="POST">
                             {% csrf_token %}
                             {{ search_form|bootstrap }}
                             <br>

allianceauth/hrapplications/templates/hrapplications/view.html

@@ -1,5 +1,4 @@
 {% extends "allianceauth/base.html" %}
-{% load static %}
 {% load bootstrap %}
 {% load i18n %}
 
@@ -49,7 +48,7 @@
                             {% for char in app.characters %}
                                 <tr>
                                     <td class="text-center">
-                                        <img class="ra-avatar img-responsive img-circle" src="{{ char.portrait_url_32 }}">
+                                        <img class="ra-avatar img-responsive img-circle" src="{{ char.portrait_url_32 }}" alt="{{ char.character_name }}">
                                     </td>
                                     <td class="text-center">{{ char.character_name }}</td>
                                     <td class="text-center">{{ char.corporation_name }}</td>

allianceauth/hrapplications/views.py

@@ -219,7 +219,7 @@ def hr_application_search(request):
                 Q(user__character_ownerships__character__corporation_name__icontains=searchstring) |
                 Q(user__character_ownerships__character__alliance_name__icontains=searchstring) |
                 Q(user__username__icontains=searchstring)
-            )
+            ).distinct()
 
             context = {'applications': applications, 'search_form': HRApplicationSearchForm()}
 

allianceauth/notifications/templates/notifications/list.html

@@ -1,5 +1,4 @@
 {% extends "allianceauth/base.html" %}
-{% load static %}
 {% load i18n %}
 
 {% block page_title %}{% translate "Notifications" %}{% endblock %}
@@ -9,15 +8,15 @@
 
     <div class="panel panel-default">
 
-        <div class="panel-heading">
+        <div class="panel-heading clearfix">
-            <ul class="nav nav-pills">
+            <ul class="nav nav-pills navbar-left">
                 <li class="active"><a data-toggle="tab" href="#unread">{% translate "Unread" %}<b>({{ unread|length }})</b></a></li>
                 <li><a data-toggle="tab" href="#read">{% translate "Read" %} <b>({{ read|length }})</b></a></li>
-                <div class="pull-right">
-                    <a href="{% url 'notifications:mark_all_read' %}" class="btn btn-warning">{% translate "Mark All Read" %}</a>
-                    <a href="{% url 'notifications:delete_all_read' %}" class="btn btn-danger">{% translate "Delete All Read" %}</a>
-                </div>
             </ul>
+            <div class="nav navbar-nav navbar-right" style="margin-right: 0;">
+                <a href="{% url 'notifications:mark_all_read' %}" class="btn btn-warning">{% translate "Mark All Read" %}</a>
+                <a href="{% url 'notifications:delete_all_read' %}" class="btn btn-danger">{% translate "Delete All Read" %}</a>
+            </div>
         </div>
 
         <div class="panel-body">

allianceauth/notifications/templates/notifications/view.html

@@ -1,5 +1,4 @@
 {% extends "allianceauth/base.html" %}
-{% load static %}
 {% load i18n %}
 
 {% block page_title %}{% translate "View Notification" %}{% endblock page_title %}

allianceauth/optimer/models.py

@@ -34,7 +34,7 @@ class OpTimer(models.Model):
     fc = models.CharField(max_length=254, default="")
     post_time = models.DateTimeField(default=timezone.now)
     eve_character = models.ForeignKey(EveCharacter, null=True,
-                                      on_delete=models.SET_NULL)
+                                    on_delete=models.SET_NULL)
     description = models.TextField(blank=True, default="")
     type = models.ForeignKey(OpTimerType, null=True, on_delete=models.SET_NULL)
 

allianceauth/optimer/templates/optimer/add.html

@@ -1,6 +1,5 @@
 {% extends "allianceauth/base.html" %}
 {% load bootstrap %}
-{% load static %}
 {% load i18n %}
 {% get_current_language as LANGUAGE_CODE %}
 

allianceauth/optimer/templates/optimer/management.html

@@ -1,5 +1,4 @@
 {% extends "allianceauth/base.html" %}
-{% load static %}
 {% load i18n %}
 {% get_current_language as LANGUAGE_CODE %}
 
@@ -40,9 +39,9 @@
     </div>
 
     {% include 'bundles/moment-js.html' with locale=True %}
-    <script src="{% static 'js/timers.js' %}"></script>
+    {% include 'bundles/timers-js.html' %}
 
-    <script type="application/javascript">
+    <script>
         // Data
         let timers = [
         {% for op in optimer %}

allianceauth/optimer/templates/optimer/update.html

@@ -1,6 +1,5 @@
 {% extends "allianceauth/base.html" %}
 {% load bootstrap %}
-{% load static %}
 {% load i18n %}
 {% get_current_language as LANGUAGE_CODE %}
 

allianceauth/permissions_tool/templates/permissions_tool/audit.html

@@ -1,6 +1,4 @@
 {% extends "allianceauth/base.html" %}
-{% load bootstrap %}
-{% load static %}
 {% load i18n %}
 
 {% block page_title %}{{ permission.permission.codename }} - {% translate "Permissions Audit" %}{% endblock page_title %}
@@ -47,7 +45,7 @@
 
 {% block extra_javascript %}
     {% include 'bundles/datatables-js.html' %}
-    <script type="application/javascript" src="{% static 'js/filterDropDown/filterDropDown.min.js' %}"></script>
+    {% include 'bundles/filterdropdown-js.html' %}
 {% endblock %}
 
 {% block extra_css %}

allianceauth/permissions_tool/templates/permissions_tool/audit_row.html

@@ -5,7 +5,7 @@
         {{ type }}: {{ name }}
     </td>
     <td class="text-right">
-        <img src="{{ user.profile.main_character|character_portrait_url:32 }}" class="img-circle">
+        <img src="{{ user.profile.main_character|character_portrait_url:32 }}" class="img-circle" alt="{{ user.profile.main_character.character_name }}">
     </td>
     <td>
         <strong>{{ user }}<br></strong>

allianceauth/permissions_tool/templates/permissions_tool/overview.html

@@ -1,6 +1,4 @@
 {% extends "allianceauth/base.html" %}
-{% load bootstrap %}
-{% load static %}
 {% load i18n %}
 
 {% block page_title %}{% translate "Permissions Overview" %}{% endblock page_title %}
@@ -10,10 +8,10 @@
         <h1 class="page-header">{% translate "Permissions Overview" %}</h1>
         <p>
         {% if request.GET.all != 'yes' %}
-            {% blocktrans %}Showing only applied permissions{% endblocktrans %}
+            {% blocktranslate %}Showing only applied permissions{% endblocktranslate %}
             <a href="{% url 'permissions_tool:overview' %}?all=yes" class="btn btn-primary">{% translate "Show All" %}</a>
         {% else %}
-            {% blocktrans %}Showing all permissions{% endblocktrans %}
+            {% blocktranslate %}Showing all permissions{% endblocktranslate %}
             <a href="{% url 'permissions_tool:overview' %}?all=no" class="btn btn-primary">{% translate "Show Applied" %}</a>
         {% endif %}
         </p>
@@ -80,7 +78,7 @@
 
 {% block extra_javascript %}
     {% include 'bundles/datatables-js.html' %}
-    <script type="application/javascript" src="{% static 'js/filterDropDown/filterDropDown.min.js' %}"></script>
+    {% include 'bundles/filterdropdown-js.html' %}
 {% endblock %}
 
 {% block extra_css %}

allianceauth/project_template/project_name/settings/base.py

@@ -84,17 +84,16 @@ LOCALE_PATHS = (
     os.path.join(BASE_DIR, 'locale/'),
 )
 
-ugettext = lambda s: s
 LANGUAGES = (
-    ('en', ugettext('English')),
+    ("en", "English"),
-    ('de', ugettext('German')),
+    ("de", "German"),
-    ('es', ugettext('Spanish')),
+    ("es", "Spanish"),
-    ('zh-hans', ugettext('Chinese Simplified')),
+    ("zh-hans", "Chinese Simplified"),
-    ('ru', ugettext('Russian')),
+    ("ru", "Russian"),
-    ('ko', ugettext('Korean')),
+    ("ko", "Korean"),
-    ('fr', ugettext('French')),
+    ("fr", "French"),
-    ('ja', ugettext('Japanese')),
+    ("ja", "Japanese"),
-    ('it', ugettext('Italian')),
+    ("it", "Italian"),
 )
 
 TEMPLATES = [

allianceauth/project_template/project_name/settings/local.py

@@ -13,6 +13,13 @@ STATIC_ROOT = "/var/www/{{ project_name }}/static/"
 # in page titles and the site header.
 SITE_NAME = '{{ project_name }}'
 
+# This is your websites URL, set it accordingly
+# Make sure this URL is WITHOUT a trailing slash
+SITE_URL = "https://example.com"
+
+# Django security
+CSRF_TRUSTED_ORIGINS = [SITE_URL]
+
 # Change this to enable/disable debug mode, which displays
 # useful error messages but can leak sensitive data.
 DEBUG = False
@@ -39,15 +46,16 @@ DATABASES['default'] = {
 
 # Register an application at https://developers.eveonline.com for Authentication
 # & API Access and fill out these settings. Be sure to set the callback URL
-# to https://example.com/sso/callback substituting your domain for example.com
+# to https://example.com/sso/callback substituting your domain for example.com in
+# CCP's developer portal
 # Logging in to auth requires the publicData scope (can be overridden through the
 # LOGIN_TOKEN_SCOPES setting). Other apps may require more (see their docs).
 ESI_SSO_CLIENT_ID = ''
 ESI_SSO_CLIENT_SECRET = ''
-ESI_SSO_CALLBACK_URL = ''
+ESI_SSO_CALLBACK_URL = f"{SITE_URL}/sso/callback"
 ESI_USER_CONTACT_EMAIL = ''    # A server maintainer that CCP can contact in case of issues.
 
-# By default emails are validated before new users can log in.
+# By default, emails are validated before new users can log in.
 # It's recommended to use a free service like SparkPost or Elastic Email to send email.
 # https://www.sparkpost.com/docs/integrations/django/
 # https://elasticemail.com/resources/settings/smtp-api/

allianceauth/services/admin.py

@@ -3,11 +3,11 @@ from django.contrib import admin
 
 from allianceauth import hooks
 from allianceauth.authentication.admin import (
+    MainAllianceFilter,
+    MainCorporationsFilter,
+    user_main_organization,
     user_profile_pic,
     user_username,
-    user_main_organization,
-    MainCorporationsFilter,
-    MainAllianceFilter
 )
 
 from .models import NameFormatConfig
@@ -17,7 +17,7 @@ class ServicesUserAdmin(admin.ModelAdmin):
     """Parent class for UserAdmin classes for all services"""
     class Media:
         css = {
-            "all": ("services/admin.css",)
+            "all": ("allianceauth/services/admin.css",)
         }
 
     search_fields = ('user__username',)
@@ -36,19 +36,18 @@ class ServicesUserAdmin(admin.ModelAdmin):
         MainAllianceFilter,
         'user__date_joined',
     )
+    list_select_related = (
+        'user', 'user__profile__main_character', 'user__profile__state'
+    )
 
+    @admin.display(ordering='user__profile__state__name')
     def _state(self, obj):
         return obj.user.profile.state.name
 
-    _state.short_description = 'state'
+    @admin.display(ordering='user__date_joined')
-    _state.admin_order_field = 'user__profile__state__name'
-
     def _date_joined(self, obj):
         return obj.user.date_joined
 
-    _date_joined.short_description = 'date joined'
-    _date_joined.admin_order_field = 'user__date_joined'
-
 
 class NameFormatConfigForm(forms.ModelForm):
     def __init__(self, *args, **kwargs):
@@ -62,6 +61,7 @@ class NameFormatConfigForm(forms.ModelForm):
         self.fields['service_name'] = forms.ChoiceField(choices=SERVICE_CHOICES)
 
 
+@admin.register(NameFormatConfig)
 class NameFormatConfigAdmin(admin.ModelAdmin):
     form = NameFormatConfigForm
     list_display = ('service_name', 'get_state_display_string')
@@ -69,6 +69,3 @@ class NameFormatConfigAdmin(admin.ModelAdmin):
     def get_state_display_string(self, obj):
         return ', '.join([state.name for state in obj.states.all()])
     get_state_display_string.short_description = 'States'
-
-
-admin.site.register(NameFormatConfig, NameFormatConfigAdmin)

allianceauth/services/modules/discord/admin.py

@@ -2,12 +2,11 @@ import logging
 
 from django.contrib import admin
 
-from . import __title__
 from ...admin import ServicesUserAdmin
+from . import __title__
 from .models import DiscordUser
 from .utils import LoggerAddTag
 
-
 logger = LoggerAddTag(logging.getLogger(__name__), __title__)
 
 
@@ -18,21 +17,16 @@ class DiscordUserAdmin(ServicesUserAdmin):
     list_filter = ServicesUserAdmin.list_filter + ('activated',)
     ordering = ('-activated',)
 
-    def _uid(self, obj):
-        return obj.uid
-
-    _uid.short_description = 'Discord ID (UID)'
-    _uid.admin_order_field = 'uid'
-
-    def _username(self, obj):
-        if obj.username and obj.discriminator:
-            return f'{obj.username}#{obj.discriminator}'
-        else:
-            return ''
-
     def delete_queryset(self, request, queryset):
         for user in queryset:
             user.delete_user()
 
-    _username.short_description = 'Discord Username'
+    @admin.display(description='Discord ID (UID)', ordering='uid')
-    _username.admin_order_field = 'username'
+    def _uid(self, obj):
+        return obj.uid
+
+    @admin.display(description='Discord Username', ordering='username')
+    def _username(self, obj):
+        if obj.username and obj.discriminator:
+            return f'{obj.username}#{obj.discriminator}'
+        return ''

allianceauth/services/modules/discord/api.py

@@ -0,0 +1,37 @@
+"""Public interface for community apps who want to interact with the Discord server
+of the current Alliance Auth instance.
+
+Example
+=======
+
+Here is an example for using the api to fetch the current roles from the configured Discord server.
+
+.. code-block:: python
+
+    from allianceauth.services.modules.discord.api import create_bot_client, discord_guild_id
+
+    client = create_bot_client()  # create a new Discord client
+    guild_id = discord_guild_id()  # get the ID of the configured Discord server
+    roles = client.guild_roles(guild_id)  # fetch the roles from our Discord server
+
+.. seealso::
+    The docs for the client class can be found here: :py:class:`~allianceauth.services.modules.discord.discord_client.client.DiscordClient`
+"""
+
+from typing import Optional
+
+from .app_settings import DISCORD_GUILD_ID
+from .core import create_bot_client, group_to_role, server_name  # noqa
+from .discord_client.models import Role  # noqa
+from .models import DiscordUser  # noqa
+
+__all__ = ["create_bot_client", "group_to_role", "server_name", "DiscordUser", "Role"]
+
+
+def discord_guild_id() -> Optional[int]:
+    """Guild ID of configured Discord server.
+
+    Returns:
+        Guild ID or ``None`` if not configured
+    """
+    return int(DISCORD_GUILD_ID) if DISCORD_GUILD_ID else None

allianceauth/services/modules/discord/app_settings.py

@@ -2,16 +2,25 @@ from .utils import clean_setting
 
 
 DISCORD_APP_ID = clean_setting('DISCORD_APP_ID', '')
+"""App ID for the AA bot on Discord. Needs to be set."""
+
 DISCORD_APP_SECRET = clean_setting('DISCORD_APP_SECRET', '')
+"""App secret for the AA bot on Discord. Needs to be set."""
+
 DISCORD_BOT_TOKEN = clean_setting('DISCORD_BOT_TOKEN', '')
+"""Token used by the AA bot on Discord.  Needs to be set."""
+
 DISCORD_CALLBACK_URL = clean_setting('DISCORD_CALLBACK_URL', '')
+"""Callback URL for OAuth with Discord. Needs to be set."""
+
 DISCORD_GUILD_ID = clean_setting('DISCORD_GUILD_ID', '')
+"""ID of the Discord Server. Needs to be set."""
 
-# max retries of tasks after an error occurred
 DISCORD_TASKS_MAX_RETRIES = clean_setting('DISCORD_TASKS_MAX_RETRIES', 3)
+"""Max retries of tasks after an error occurred."""
 
-# Pause in seconds until next retry for tasks after the API returned an error
 DISCORD_TASKS_RETRY_PAUSE = clean_setting('DISCORD_TASKS_RETRY_PAUSE', 60)
+"""Pause in seconds until next retry for tasks after the API returned an error."""
 
-# automatically sync Discord users names to user's main character name when created
 DISCORD_SYNC_NAMES = clean_setting('DISCORD_SYNC_NAMES', False)
+"""Automatically sync Discord users names to user's main character name when created."""

allianceauth/services/modules/discord/auth_hooks.py

@@ -6,6 +6,7 @@ from django.template.loader import render_to_string
 from allianceauth import hooks
 from allianceauth.services.hooks import ServicesHook
 
+from .core import server_name, user_formatted_nick
 from .models import DiscordUser
 from .urls import urlpatterns
 from .utils import LoggerAddTag
@@ -53,7 +54,7 @@ class DiscordService(ServicesHook):
         return render_to_string(
             self.service_ctrl_template,
             {
-                'server_name': DiscordUser.objects.server_name(),
+                'server_name': server_name(),
                 'user_has_account': user_has_account,
                 'discord_username': discord_username
             },
@@ -73,7 +74,7 @@ class DiscordService(ServicesHook):
                     'user_pk': user.pk,
                     # since the new nickname is not yet in the DB we need to
                     # provide it manually to the task
-                    'nickname': DiscordUser.objects.user_formatted_nick(user)
+                    'nickname': user_formatted_nick(user)
                 },
                 priority=SINGLE_TASK_PRIORITY
             )

allianceauth/services/modules/discord/core.py

@@ -0,0 +1,129 @@
+"""Core functionality of the Discord service not directly related to models."""
+
+import logging
+from typing import List, Optional, Tuple
+
+from requests.exceptions import HTTPError
+
+from django.contrib.auth.models import Group, User
+
+from allianceauth.groupmanagement.models import ReservedGroupName
+from allianceauth.services.hooks import NameFormatter
+
+from . import __title__
+from .app_settings import DISCORD_BOT_TOKEN, DISCORD_GUILD_ID
+from .discord_client import DiscordClient, RolesSet, Role
+from .discord_client.exceptions import DiscordClientException
+from .utils import LoggerAddTag
+
+logger = LoggerAddTag(logging.getLogger(__name__), __title__)
+
+
+def create_bot_client(is_rate_limited: bool = True) -> DiscordClient:
+    """Create new bot client for accessing the configured Discord server.
+
+    Args:
+        is_rate_limited: Set to False to turn off rate limiting (use with care).
+
+    Return:
+        Discord client instance
+    """
+    return DiscordClient(DISCORD_BOT_TOKEN, is_rate_limited=is_rate_limited)
+
+
+def calculate_roles_for_user(
+    user: User,
+    client: DiscordClient,
+    discord_uid: int,
+    state_name: str = None,
+) -> Tuple[RolesSet, Optional[bool]]:
+    """Calculate current Discord roles for an Auth user.
+
+    Takes into account reserved groups and existing managed roles (e.g. nitro).
+
+    Returns:
+        - Discord roles, changed flag:
+            - True when roles have changed,
+            - False when they have not changed,
+            - None if user is not a member of the guild
+    """
+    roles_calculated = client.match_or_create_roles_from_names_2(
+        guild_id=DISCORD_GUILD_ID,
+        role_names=_user_group_names(user=user, state_name=state_name),
+    )
+    logger.debug("Calculated roles for user %s: %s", user, roles_calculated.ids())
+    roles_current = client.guild_member_roles(
+        guild_id=DISCORD_GUILD_ID, user_id=discord_uid
+    )
+    if roles_current is None:
+        logger.debug("User %s is not a member of the guild.", user)
+        return roles_calculated, None
+    logger.debug("Current roles user %s: %s", user, roles_current.ids())
+    reserved_role_names = ReservedGroupName.objects.values_list("name", flat=True)
+    roles_reserved = roles_current.subset(role_names=reserved_role_names)
+    roles_managed = roles_current.subset(managed_only=True)
+    roles_persistent = roles_managed.union(roles_reserved)
+    if roles_calculated == roles_current.difference(roles_persistent):
+        return roles_calculated, False
+    return roles_calculated.union(roles_persistent), True
+
+
+def _user_group_names(user: User, state_name: str = None) -> List[str]:
+    """Names of groups and state the given user is a member of."""
+    if not state_name:
+        state_name = user.profile.state.name
+    group_names = [group.name for group in user.groups.all()] + [state_name]
+    logger.debug("Group names for roles updates of user %s are: %s", user, group_names)
+    return group_names
+
+
+def user_formatted_nick(user: User) -> Optional[str]:
+    """Name of the given user's main character with name formatting applied.
+
+    Returns:
+        Name or ``None`` if user has no main.
+    """
+    from .auth_hooks import DiscordService
+
+    if user.profile.main_character:
+        return NameFormatter(DiscordService(), user).format_name()
+    return None
+
+
+def group_to_role(group: Group) -> Optional[Role]:
+    """Fetch the Discord role matching the given Django group by name.
+
+    Returns:
+        Discord role or None if no matching role exist
+    """
+    return default_bot_client.match_role_from_name(
+        guild_id=DISCORD_GUILD_ID, role_name=group.name
+    )
+
+
+def server_name(use_cache: bool = True) -> str:
+    """Fetches the name of the current Discord server.
+
+    Args:
+        use_cache: When set False will force an API call to get the server name
+
+    Returns:
+        Server name or an empty string if the name could not be retrieved
+    """
+    try:
+        server_name = default_bot_client.guild_name(
+            guild_id=DISCORD_GUILD_ID, use_cache=use_cache
+        )
+    except (HTTPError, DiscordClientException):
+        server_name = ""
+    except Exception:
+        logger.warning(
+            "Unexpected error when trying to retrieve the server name from Discord",
+            exc_info=True,
+        )
+        server_name = ""
+    return server_name
+
+
+# Default bot client to be used by modules of this package
+default_bot_client = create_bot_client()

allianceauth/services/modules/discord/discord_client/__init__.py

@@ -1,3 +1,10 @@
-from .client import DiscordClient   # noqa
+from .app_settings import DISCORD_OAUTH_BASE_URL, DISCORD_OAUTH_TOKEN_URL  # noqa
-from .exceptions import DiscordApiBackoff  # noqa
+from .client import DiscordClient  # noqa
-from .helpers import DiscordRoles  # noqa
+from .exceptions import (  # noqa
+    DiscordApiBackoff,
+    DiscordClientException,
+    DiscordRateLimitExhausted,
+    DiscordTooManyRequestsError,
+)
+from .helpers import RolesSet  # noqa
+from .models import Guild, GuildMember, Role, User  # noqa

allianceauth/services/modules/discord/discord_client/app_settings.py

@@ -1,45 +1,56 @@
+"""Settings for the Discord client.
+
+To overwrite a default set the variable in your local Django settings, e.g:
+
+.. code:: python
+
+    DISCORD_GUILD_NAME_CACHE_MAX_AGE = 7200
+"""
+
 from ..utils import clean_setting
 
 
-# Base URL for all API calls. Must end with /.
 DISCORD_API_BASE_URL = clean_setting(
     'DISCORD_API_BASE_URL', 'https://discord.com/api/'
 )
+"""Base URL for all API calls. Must end with /."""
 
-# Low level connecttimeout for requests to the Discord API in seconds
 DISCORD_API_TIMEOUT_CONNECT = clean_setting(
     'DISCORD_API_TIMEOUT', 5
 )
+"""Low level connect timeout for requests to the Discord API in seconds."""
 
-# Low level read timeout for requests to the Discord API in seconds
 DISCORD_API_TIMEOUT_READ = clean_setting(
     'DISCORD_API_TIMEOUT', 30
 )
+"""Low level read timeout for requests to the Discord API in seconds."""
 
-# Base authorization URL for Discord Oauth
 DISCORD_OAUTH_BASE_URL = clean_setting(
     'DISCORD_OAUTH_BASE_URL', 'https://discord.com/api/oauth2/authorize'
 )
+"""Base authorization URL for Discord Oauth."""
 
-# Base authorization URL for Discord Oauth
 DISCORD_OAUTH_TOKEN_URL = clean_setting(
     'DISCORD_OAUTH_TOKEN_URL', 'https://discord.com/api/oauth2/token'
 )
+"""Base authorization URL for Discord Oauth."""
 
-# How long the Discord guild names retrieved from the server are
-# caches locally in seconds.
 DISCORD_GUILD_NAME_CACHE_MAX_AGE = clean_setting(
     'DISCORD_GUILD_NAME_CACHE_MAX_AGE', 3600 * 24
 )
+"""How long the Discord guild names retrieved from the server
+are caches locally in seconds.
+"""
 
-# How long Discord roles retrieved from the server are caches locally in seconds.
 DISCORD_ROLES_CACHE_MAX_AGE = clean_setting(
     'DISCORD_ROLES_CACHE_MAX_AGE', 3600 * 1
 )
+"""How long Discord roles retrieved from the server are caches locally in seconds."""
 
-# Turns off creation of new roles. In case the rate limit for creating roles is
-# exhausted, this setting allows the Discord service to continue to function
-# and wait out the reset. Rate limit is about 250 per 48 hrs.
 DISCORD_DISABLE_ROLE_CREATION = clean_setting(
     'DISCORD_DISABLE_ROLE_CREATION', False
 )
+"""Turns off creation of new roles. In case the rate limit for creating roles is
+exhausted, this setting allows the Discord service to continue to function
+and wait out the reset. Rate limit is about 250 per 48 hrs.
+"""

allianceauth/services/modules/discord/discord_client/client.py

@@ -1,32 +1,37 @@
-from hashlib import md5
+"""Client for interacting with the Discord API."""
+
 import json
 import logging
+from enum import IntEnum
+from hashlib import md5
+from http import HTTPStatus
 from time import sleep
+from typing import Iterable, List, Optional, Set, Tuple
 from urllib.parse import urljoin
 from uuid import uuid1
 
-from redis import Redis
 import requests
+from requests.exceptions import HTTPError
+from redis import Redis
 
-from django_redis import get_redis_connection
+from allianceauth.utils.cache import get_redis_client
 
-from allianceauth import __title__ as AUTH_TITLE, __url__, __version__
+from allianceauth import __title__ as AUTH_TITLE
+from allianceauth import __url__, __version__
 
 from .. import __title__
+from ..utils import LoggerAddTag
 from .app_settings import (
     DISCORD_API_BASE_URL,
     DISCORD_API_TIMEOUT_CONNECT,
     DISCORD_API_TIMEOUT_READ,
     DISCORD_DISABLE_ROLE_CREATION,
     DISCORD_GUILD_NAME_CACHE_MAX_AGE,
-    DISCORD_OAUTH_BASE_URL,
-    DISCORD_OAUTH_TOKEN_URL,
     DISCORD_ROLES_CACHE_MAX_AGE,
 )
 from .exceptions import DiscordRateLimitExhausted, DiscordTooManyRequestsError
-from .helpers import DiscordRoles
+from .helpers import RolesSet
-from ..utils import LoggerAddTag
+from .models import Guild, GuildMember, Role, User
-
 
 logger = LoggerAddTag(logging.getLogger(__name__), __title__)
 
@@ -58,8 +63,13 @@ MINIMUM_BLOCKING_WAIT = 50
 RATE_LIMIT_RETRIES = 1000
 
 
+class DiscordApiStatusCode(IntEnum):
+    """Status code returned from the Discord API."""
+    UNKNOWN_MEMBER = 10007  #:
+
+
 class DiscordClient:
-    """This class provides a web client for interacting with the Discord API
+    """This class provides a web client for interacting with the Discord API.
 
     The client has rate limiting that supports concurrency.
     This means it is able to ensure the API rate limit is not violated,
@@ -67,24 +77,30 @@ class DiscordClient:
 
     In addition the client support proper API backoff.
 
-    Synchronization of rate limit infos accross multiple processes
+    Synchronization of rate limit infos across multiple processes
     is implemented with Redis and thus requires Redis as Django cache backend.
 
-    All durations are in milliseconds.
+    The cache is shared across all clients and processes (also using Redis).
-    """
-    OAUTH_BASE_URL = DISCORD_OAUTH_BASE_URL
-    OAUTH_TOKEN_URL = DISCORD_OAUTH_TOKEN_URL
 
+    All durations are in milliseconds.
+
+    Most errors from the API will raise a requests.HTTPError.
+
+    Args:
+        access_token: Discord access token used to authenticate all calls to the API
+        redis: Redis instance to be used.
+        is_rate_limited: Set to False to turn off rate limiting (use with care).
+            If not specified will try to use the Redis instance
+            from the default Django cache backend.
+
+    Raises:
+        ValueError: No access token provided
+    """
     _KEY_GLOBAL_BACKOFF_UNTIL = 'DISCORD_GLOBAL_BACKOFF_UNTIL'
     _KEY_GLOBAL_RATE_LIMIT_REMAINING = 'DISCORD_GLOBAL_RATE_LIMIT_REMAINING'
     _KEYPREFIX_GUILD_NAME = 'DISCORD_GUILD_NAME'
     _KEYPREFIX_GUILD_ROLES = 'DISCORD_GUILD_ROLES'
     _KEYPREFIX_ROLE_NAME = 'DISCORD_ROLE_NAME'
-    _NICK_MAX_CHARS = 32
-
-    _HTTP_STATUS_CODE_NOT_FOUND = 404
-    _HTTP_STATUS_CODE_RATE_LIMITED = 429
-    _DISCORD_STATUS_CODE_UNKNOWN_MEMBER = 10007
 
     def __init__(
         self,
@@ -92,18 +108,12 @@ class DiscordClient:
         redis: Redis = None,
         is_rate_limited: bool = True
     ) -> None:
-        """
+        if not access_token:
-        Params:
+            raise ValueError('You must provide an access token.')
-        - access_token: Discord access token used to authenticate all calls to the API
-        - redis: Redis instance to be used.
-        - is_rate_limited: Set to False to run of rate limiting (use with care)
-        If not specified will try to use the Redis instance
-        from the default Django cache backend.
-        """
         self._access_token = str(access_token)
         self._is_rate_limited = bool(is_rate_limited)
         if not redis:
-            self._redis = get_redis_connection("default")
+            self._redis = get_redis_client()
             if not isinstance(self._redis, Redis):
                 raise RuntimeError(
                     'This class requires a Redis client, but none was provided '
@@ -131,19 +141,20 @@ class DiscordClient:
         self.__redis_script_set_longer = self._redis.register_script(lua_2)
 
     @property
-    def access_token(self):
+    def access_token(self) -> str:
+        """Discord access token."""
         return self._access_token
 
     @property
-    def is_rate_limited(self):
+    def is_rate_limited(self) -> bool:
+        """Wether this instance is rate limited."""
         return self._is_rate_limited
 
     def __repr__(self):
         return f'{type(self).__name__}(access_token=...{self.access_token[-5:]})'
 
     def _redis_decr_or_set(self, name: str, value: str, px: int) -> bool:
-        """decreases the key value if it exists and returns the result
+        """Decrease the key value if it exists and returns the result else set the key.
-        else sets the key
 
         Implemented as Lua script to ensure atomicity.
         """
@@ -152,7 +163,7 @@ class DiscordClient:
         )
 
     def _redis_set_if_longer(self, name: str, value: str, px: int) -> bool:
-        """like set, but only goes through if either key doesn't exist
+        """Like set, but only goes through if either key doesn't exist
         or px would be extended.
 
         Implemented as Lua script to ensure atomicity.
@@ -163,111 +174,134 @@ class DiscordClient:
 
     # users
 
-    def current_user(self) -> dict:
+    def current_user(self) -> User:
-        """returns the user belonging to the current access_token"""
+        """Fetch user belonging to the current access_token."""
         authorization = f'Bearer {self.access_token}'
         r = self._api_request(
             method='get', route='users/@me', authorization=authorization
         )
-        return r.json()
+        return User.from_dict(r.json())
 
     # guild
 
-    def guild_infos(self, guild_id: int) -> dict:
+    def guild_infos(self, guild_id: int) -> Guild:
-        """Returns all basic infos about this guild"""
+        """Fetch all basic infos about this guild.
+
+        Args:
+            guild_id: Discord ID of the guild
+        """
         route = f"guilds/{guild_id}"
         r = self._api_request(method='get', route=route)
-        return r.json()
+        return Guild.from_dict(r.json())
 
     def guild_name(self, guild_id: int, use_cache: bool = True) -> str:
-        """returns the name of this guild (cached)
+        """Fetch the name of this guild (cached).
-        or an empty string if something went wrong
 
-        Params:
+        Args:
-        - guild_id: ID of current guild
+            guild_id: Discord ID of the guild
-        - use_cache: When set to False will force an API call to get the server name
+            use_cache: When set to False will force an API call to get the server name
+
+        Returns:
+            Name of the server or an empty string if something went wrong.
         """
         key_name = self._guild_name_cache_key(guild_id)
         if use_cache:
             guild_name = self._redis_decode(self._redis.get(key_name))
         else:
-            guild_name = None
+            guild_name = ""
         if not guild_name:
-            guild_infos = self.guild_infos(guild_id)
+            try:
-            if 'name' in guild_infos:
+                guild = self.guild_infos(guild_id)
-                guild_name = guild_infos['name']
+            except HTTPError:
-                self._redis.set(
+                guild_name = ""
-                    name=key_name,
-                    value=guild_name,
-                    ex=DISCORD_GUILD_NAME_CACHE_MAX_AGE
-                )
             else:
-                guild_name = ''
+                guild_name = guild.name
-
+                self._redis.set(
+                    name=key_name, value=guild_name, ex=DISCORD_GUILD_NAME_CACHE_MAX_AGE
+                )
         return guild_name
 
     @classmethod
     def _guild_name_cache_key(cls, guild_id: int) -> str:
-        """Returns key for accessing role given by name in the role cache"""
+        """Construct key for accessing role given by name in the role cache.
+
+        Args:
+            guild_id: Discord ID of the guild
+        """
         gen_key = DiscordClient._generate_hash(f'{guild_id}')
         return f'{cls._KEYPREFIX_GUILD_NAME}__{gen_key}'
 
     # guild roles
 
-    def guild_roles(self, guild_id: int, use_cache: bool = True) -> list:
+    def guild_roles(self, guild_id: int, use_cache: bool = True) -> Set[Role]:
-        """Returns the list of all roles for this guild
+        """Fetch all roles for this guild.
 
-        If use_cache is set to False it will always hit the API to retrieve
+        Args:
-        fresh data and update the cache
+            guild_id: Discord ID of the guild
+            use_cache: If is set to False it will always hit the API to retrieve
+                fresh data and update the cache.
+
+        Returns:
         """
         cache_key = self._guild_roles_cache_key(guild_id)
+        roles = None
         if use_cache:
             roles_raw = self._redis.get(name=cache_key)
             if roles_raw:
                 logger.debug('Returning roles for guild %s from cache', guild_id)
-                return json.loads(self._redis_decode(roles_raw))
+                roles = json.loads(self._redis_decode(roles_raw))
-            else:
+            logger.debug('No roles for guild %s in cache', guild_id)
-                logger.debug('No roles for guild %s in cache', guild_id)
+        if roles is None:
-
+            route = f"guilds/{guild_id}/roles"
-        route = f"guilds/{guild_id}/roles"
+            r = self._api_request(method='get', route=route)
-        r = self._api_request(method='get', route=route)
+            roles = r.json()
-        roles = r.json()
+            if not roles or not isinstance(roles, list):
-        if roles and isinstance(roles, list):
+                raise RuntimeError(
+                    f"Unexpected response when fetching roles from API: {roles}"
+                )
             self._redis.set(
                 name=cache_key,
                 value=json.dumps(roles),
                 ex=DISCORD_ROLES_CACHE_MAX_AGE
             )
-        return roles
+        return {Role.from_dict(role) for role in roles}
 
-    def create_guild_role(self, guild_id: int, role_name: str, **kwargs) -> dict:
+    def create_guild_role(
+        self, guild_id: int, role_name: str, **kwargs
+    ) -> Optional[Role]:
         """Create a new guild role with the given name.
+
         See official documentation for additional optional parameters.
 
         Note that Discord allows the creation of multiple roles with the same name,
         so to avoid duplicates it's important to check existing roles
         before creating new one
 
-        returns a new role dict on success
+        Args:
+            guild_id: Discord ID of the guild
+            role_name: Name of new role to create
+
+        Returns:
+            new role on success
         """
         route = f"guilds/{guild_id}/roles"
-        data = {'name': DiscordRoles.sanitize_role_name(role_name)}
+        data = {'name': Role.sanitize_name(role_name)}
         data.update(kwargs)
         r = self._api_request(method='post', route=route, data=data)
         role = r.json()
         if role:
             self._invalidate_guild_roles_cache(guild_id)
-        return role
+            return Role.from_dict(role)
+        return None
 
     def delete_guild_role(self, guild_id: int, role_id: int) -> bool:
-        """Deletes a guild role"""
+        """Delete a guild role."""
         route = f"guilds/{guild_id}/roles/{role_id}"
         r = self._api_request(method='delete', route=route)
         if r.status_code == 204:
             self._invalidate_guild_roles_cache(guild_id)
             return True
-        else:
+        return False
-            return False
 
     def _invalidate_guild_roles_cache(self, guild_id: int) -> None:
         cache_key = self._guild_roles_cache_key(guild_id)
@@ -276,67 +310,79 @@ class DiscordClient:
 
     @classmethod
     def _guild_roles_cache_key(cls, guild_id: int) -> str:
-        """Returns key for accessing cached roles for a guild"""
+        """Construct key for accessing cached roles for a guild.
+
+        Args:
+            guild_id: Discord ID of the guild
+        """
         gen_key = cls._generate_hash(f'{guild_id}')
         return f'{cls._KEYPREFIX_GUILD_ROLES}__{gen_key}'
 
-    def match_role_from_name(self, guild_id: int, role_name: str) -> dict:
+    def match_role_from_name(self, guild_id: int, role_name: str) -> Optional[Role]:
-        """returns Discord role matching the given name or an empty dict"""
+        """Fetch Discord role matching the given name (cached).
-        guild_roles = DiscordRoles(self.guild_roles(guild_id))
+
+        Args:
+            guild_id: Discord ID of the guild
+            role_name: Name of role
+
+        Returns:
+            Matching role or None if no match is found
+        """
+        guild_roles = RolesSet(self.guild_roles(guild_id))
         return guild_roles.role_by_name(role_name)
 
-    def match_or_create_roles_from_names(self, guild_id: int, role_names: list) -> list:
+    def match_or_create_roles_from_names(
-        """returns Discord roles matching the given names
+        self, guild_id: int, role_names: Iterable[str]
-
+    ) -> List[Tuple[Role, bool]]:
-        Returns as list of tuple of role and created flag
+        """Fetch or create Discord roles matching the given names (cached).
 
         Will try to match with existing roles names
         Non-existing roles will be created, then created flag will be True
 
-        Params:
+        Args:
-        - guild_id: ID of guild
+            guild_id: ID of guild
-        - role_names: list of name strings each defining a role
+            role_names: list of name strings each defining a role
+
+        Returns:
+            List of tuple of Role and created flag
         """
         roles = list()
-        guild_roles = DiscordRoles(self.guild_roles(guild_id))
+        guild_roles = RolesSet(self.guild_roles(guild_id))
-        role_names_cleaned = {
+        role_names_cleaned = {Role.sanitize_name(name) for name in role_names}
-            DiscordRoles.sanitize_role_name(name) for name in role_names
-        }
         for role_name in role_names_cleaned:
             role, created = self.match_or_create_role_from_name(
-                guild_id=guild_id,
+                guild_id=guild_id, role_name=role_name, guild_roles=guild_roles
-                role_name=DiscordRoles.sanitize_role_name(role_name),
-                guild_roles=guild_roles
             )
             if role:
                 roles.append((role, created))
             if created:
-                guild_roles = guild_roles.union(DiscordRoles([role]))
+                guild_roles = guild_roles.union(RolesSet([role]))
         return roles
 
     def match_or_create_role_from_name(
-        self, guild_id: int, role_name: str, guild_roles: DiscordRoles = None
+        self, guild_id: int, role_name: str, guild_roles: RolesSet = None
-    ) -> tuple:
+    ) -> Tuple[Role, bool]:
-        """returns Discord role matching the given name
+        """Fetch or create Discord role matching the given name.
-
-        Returns as tuple of role and created flag
 
         Will try to match with existing roles names
         Non-existing roles will be created, then created flag will be True
 
-        Params:
+        Args:
-        - guild_id: ID of guild
+            guild_id: ID of guild
-        - role_name: strings defining name of a role
+            role_name: strings defining name of a role
-        - guild_roles: All known guild roles as DiscordRoles object.
+            guild_roles: All known guild roles as RolesSet object.
-        Helps to void redundant lookups of guild roles
+                Helps to void redundant lookups of guild roles
-        when this method is used multiple times.
+                when this method is used multiple times.
+
+        Returns:
+            Tuple of Role and created flag
         """
         if not isinstance(role_name, str):
             raise TypeError('role_name must be of type string')
 
         created = False
         if guild_roles is None:
-            guild_roles = DiscordRoles(self.guild_roles(guild_id))
+            guild_roles = RolesSet(self.guild_roles(guild_id))
         role = guild_roles.role_by_name(role_name)
         if not role:
             if not DISCORD_DISABLE_ROLE_CREATION:
@@ -345,9 +391,24 @@ class DiscordClient:
                 created = True
             else:
                 role = None
-
         return role, created
 
+    def match_or_create_roles_from_names_2(
+        self, guild_id: int, role_names: Iterable[str]
+    ) -> RolesSet:
+        """Fetch or create Discord role matching the given name.
+
+        Wrapper for ``match_or_create_role_from_name()``
+
+        Returns:
+            Roles as RolesSet object.
+        """
+        return RolesSet.create_from_matched_roles(
+            self.match_or_create_roles_from_names(
+                guild_id=guild_id, role_names=role_names
+            )
+        )
+
     # guild members
 
     def add_guild_member(
@@ -357,13 +418,13 @@ class DiscordClient:
         access_token: str,
         role_ids: list = None,
         nick: str = None
-    ) -> bool:
+    ) -> Optional[bool]:
-        """Adds a user to the guilds.
+        """Adds a user to the guild.
 
         Returns:
-        - True when a new user was added
+            - True when a new user was added
-        - None if the user already existed
+            - None if the user already existed
-        - False when something went wrong or raises exception
+            - False when something went wrong or raises exception
         """
         route = f"guilds/{guild_id}/members/{user_id}"
         data = {
@@ -371,42 +432,49 @@ class DiscordClient:
         }
         if role_ids:
             data['roles'] = self._sanitize_role_ids(role_ids)
-
         if nick:
-            data['nick'] = str(nick)[:self._NICK_MAX_CHARS]
+            data['nick'] = GuildMember.sanitize_nick(nick)
-
         r = self._api_request(method='put', route=route, data=data)
         r.raise_for_status()
         if r.status_code == 201:
             return True
         elif r.status_code == 204:
             return None
-        else:
+        return False
-            return False
 
-    def guild_member(self, guild_id: int, user_id: int) -> dict:
+    def guild_member(self, guild_id: int, user_id: int) -> Optional[GuildMember]:
-        """returns the user info for a guild member
+        """Fetch info for a guild member.
 
-        or None if the user is not a member of the guild
+        Args:
+            guild_id: Discord ID of the guild
+            user_id: Discord ID of the user
+
+        Returns:
+            guild member or ``None`` if the user is not a member of the guild
         """
         route = f'guilds/{guild_id}/members/{user_id}'
         r = self._api_request(method='get', route=route, raise_for_status=False)
         if self._is_member_unknown_error(r):
             logger.warning("Discord user ID %s could not be found on server.", user_id)
             return None
-        else:
+        r.raise_for_status()
-            r.raise_for_status()
+        return GuildMember.from_dict(r.json())
-            return r.json()
 
     def modify_guild_member(
-        self, guild_id: int, user_id: int, role_ids: list = None, nick: str = None
+        self, guild_id: int, user_id: int, role_ids: List[int] = None, nick: str = None
-    ) -> bool:
+    ) -> Optional[bool]:
-        """Modify attributes of a guild member.
+        """Set properties of a guild member.
+
+        Args:
+            guild_id: Discord ID of the guild
+            user_id: Discord ID of the user
+            roles_id: New list of role IDs (if provided)
+            nick: New nickname (if provided)
 
         Returns
-        - True when successful
+            - True when successful
-        - None if user is not a member of this guild
+            - None if user is not a member of this guild
-        - False otherwise
+            - False otherwise
         """
         if not role_ids and not nick:
             raise ValueError('Must specify role_ids or nick')
@@ -419,7 +487,7 @@ class DiscordClient:
             data['roles'] = self._sanitize_role_ids(role_ids)
 
         if nick:
-            data['nick'] = self._sanitize_nick(nick)
+            data['nick'] = GuildMember.sanitize_nick(nick)
 
         route = f"guilds/{guild_id}/members/{user_id}"
         r = self._api_request(
@@ -428,21 +496,22 @@ class DiscordClient:
         if self._is_member_unknown_error(r):
             logger.warning('User ID %s is not a member of this guild', user_id)
             return None
-        else:
+        r.raise_for_status()
-            r.raise_for_status()
-
         if r.status_code == 204:
             return True
-        else:
+        return False
-            return False
 
-    def remove_guild_member(self, guild_id: int, user_id: int) -> bool:
+    def remove_guild_member(self, guild_id: int, user_id: int) -> Optional[bool]:
-        """Remove a member from a guild
+        """Remove a member from a guild.
+
+        Args:
+            guild_id: Discord ID of the guild
+            user_id: Discord ID of the user
 
         Returns:
-        - True when successful
+            - True when successful
-        - None if member does not exist
+            - None if member does not exist
-        - False otherwise
+            - False otherwise
         """
         route = f"guilds/{guild_id}/members/{user_id}"
         r = self._api_request(
@@ -451,19 +520,16 @@ class DiscordClient:
         if self._is_member_unknown_error(r):
             logger.warning('User ID %s is not a member of this guild', user_id)
             return None
-        else:
+        r.raise_for_status()
-            r.raise_for_status()
-
         if r.status_code == 204:
             return True
-        else:
+        return False
-            return False
 
     # Guild member roles
 
     def add_guild_member_role(
         self, guild_id: int, user_id: int, role_id: int
-    ) -> bool:
+    ) -> Optional[bool]:
         """Adds a role to a guild member
 
         Returns:
@@ -476,43 +542,69 @@ class DiscordClient:
         if self._is_member_unknown_error(r):
             logger.warning('User ID %s is not a member of this guild', user_id)
             return None
-        else:
+        r.raise_for_status()
-            r.raise_for_status()
-
         if r.status_code == 204:
             return True
-        else:
+        return False
-            return False
 
     def remove_guild_member_role(
         self, guild_id: int, user_id: int, role_id: int
-    ) -> bool:
+    ) -> Optional[bool]:
-        """Removes a role to a guild member
+        """Remove a role to a guild member
+
+        Args:
+            guild_id: Discord ID of the guild
+            user_id: Discord ID of the user
+            role_id: Discord ID of role to be removed
 
         Returns:
-        - True when successful
+            - True when successful
-        - None if member does not exist
+            - None if member does not exist
-        - False otherwise
+            - False otherwise
         """
         route = f"guilds/{guild_id}/members/{user_id}/roles/{role_id}"
         r = self._api_request(method='delete', route=route, raise_for_status=False)
         if self._is_member_unknown_error(r):
             logger.warning('User ID %s is not a member of this guild', user_id)
             return None
-        else:
+        r.raise_for_status()
-            r.raise_for_status()
-
         if r.status_code == 204:
             return True
-        else:
+        return False
-            return False
+
+    def guild_member_roles(self, guild_id: int, user_id: int) -> Optional[RolesSet]:
+        """Fetch the current guild roles of a guild member.
+
+        Args:
+        - guild_id: Discord guild ID
+        - user_id: Discord user ID
+
+        Returns:
+        - Member roles
+        - None if user is not a member of the guild
+        """
+        member_info = self.guild_member(guild_id=guild_id, user_id=user_id)
+        if member_info is None:
+            return None  # User is no longer a member
+        guild_roles = RolesSet(self.guild_roles(guild_id=guild_id))
+        logger.debug('Current guild roles: %s', guild_roles.ids())
+        if not guild_roles.has_roles(member_info.roles):
+            guild_roles = RolesSet(
+                self.guild_roles(guild_id=guild_id, use_cache=False)
+            )
+            if not guild_roles.has_roles(member_info.roles):
+                role_ids = set(member_info.roles).difference(guild_roles.ids())
+                raise RuntimeError(
+                    f'Discord user {user_id} has unknown roles: {role_ids}'
+                )
+        return guild_roles.subset(member_info.roles)
 
     @classmethod
     def _is_member_unknown_error(cls, r: requests.Response) -> bool:
         try:
             result = (
-                r.status_code == cls._HTTP_STATUS_CODE_NOT_FOUND
+                r.status_code == HTTPStatus.NOT_FOUND
-                and r.json()['code'] == cls._DISCORD_STATUS_CODE_UNKNOWN_MEMBER
+                and r.json()['code'] == DiscordApiStatusCode.UNKNOWN_MEMBER
             )
         except (ValueError, KeyError):
             result = False
@@ -529,7 +621,19 @@ class DiscordClient:
         authorization: str = None,
         raise_for_status: bool = True
     ) -> requests.Response:
-        """Core method for performing all API calls"""
+        """Core method for performing all API calls.
+
+        Args:
+            method: HTTP method of the request, e.g. "get"
+            route: Route in the Discord API, e.g. "users/@me"
+            data: Data to be send with the request
+            authorization: The authorization string to be used.
+                Will use the default bot token if not set.
+            raise_for_status: Whether a requests exception is to be raised when not ok
+
+        Returns:
+            The raw response from the API
+        """
         uid = uuid1().hex
 
         if not hasattr(requests, method):
@@ -577,7 +681,7 @@ class DiscordClient:
                 r.text
             )
 
-        if r.status_code == self._HTTP_STATUS_CODE_RATE_LIMITED:
+        if r.status_code == HTTPStatus.TOO_MANY_REQUESTS:
             self._handle_new_api_backoff(r, uid)
 
         self._report_rate_limit_from_api(r, uid)
@@ -588,9 +692,10 @@ class DiscordClient:
         return r
 
     def _handle_ongoing_api_backoff(self, uid: str) -> None:
-        """checks if api is currently on backoff
+        """Check if api is currently on backoff.
-        if on backoff: will do a blocking wait if it expires soon,
+
-        else raises exception
+        If on backoff: will do a blocking wait if it expires soon,
+        else raises exception.
         """
         global_backoff_duration = self._redis.pttl(self._KEY_GLOBAL_BACKOFF_UNTIL)
         if global_backoff_duration > 0:
@@ -610,8 +715,9 @@ class DiscordClient:
                 raise DiscordTooManyRequestsError(retry_after=global_backoff_duration)
 
     def _ensure_rate_limed_not_exhausted(self, uid: str) -> int:
-        """ensures that the rate limit is not exhausted
+        """Ensures that the rate limit is not exhausted.
-        if exhausted: will do a blocking wait if rate limit resets soon,
+
+        If exhausted: will do a blocking wait if rate limit resets soon,
         else raises exception
 
         returns requests remaining on success
@@ -654,10 +760,10 @@ class DiscordClient:
                 )
                 raise DiscordRateLimitExhausted(resets_in)
 
-        raise RuntimeError('Failed to handle rate limit after after too tries.')
+        raise RuntimeError('Failed to handle rate limit after after too many tries.')
 
     def _handle_new_api_backoff(self, r: requests.Response, uid: str) -> None:
-        """raises exception for new API backoff error"""
+        """Raise exception for new API backoff error."""
         response = r.json()
         if 'retry_after' in response:
             try:
@@ -679,8 +785,8 @@ class DiscordClient:
         )
         raise DiscordTooManyRequestsError(retry_after=retry_after)
 
-    def _report_rate_limit_from_api(self, r, uid):
+    def _report_rate_limit_from_api(self, r, uid) -> None:
-        """Tries to log the current rate limit reported from API"""
+        """Try to log the current rate limit reported from API."""
         if (
             logger.getEffectiveLevel() <= logging.DEBUG
             and 'x-ratelimit-limit' in r.headers
@@ -703,22 +809,17 @@ class DiscordClient:
 
     @staticmethod
     def _redis_decode(value: str) -> str:
-        """Decodes a string from Redis and passes through None and Booleans"""
+        """Decode a string from Redis and passes through None and Booleans."""
         if value is not None and not isinstance(value, bool):
             return value.decode('utf-8')
-        else:
+        return value
-            return value
 
     @staticmethod
     def _generate_hash(key: str) -> str:
+        """Generate hash key for given string."""
         return md5(key.encode('utf-8')).hexdigest()
 
     @staticmethod
-    def _sanitize_role_ids(role_ids: list) -> list:
+    def _sanitize_role_ids(role_ids: Iterable[int]) -> List[int]:
-        """make sure its a list of integers"""
+        """Sanitize a list of role IDs, i.e. make sure its a list of unique integers."""
-        return [int(role_id) for role_id in list(role_ids)]
+        return [int(role_id) for role_id in set(role_ids)]
-
-    @classmethod
-    def _sanitize_nick(cls, nick: str) -> str:
-        """shortens too long strings if necessary"""
-        return str(nick)[:cls._NICK_MAX_CHARS]

allianceauth/services/modules/discord/discord_client/exceptions.py

@@ -1,23 +1,26 @@
+"""Custom exceptions for the Discord Client package."""
+
 import math
 
 
 class DiscordClientException(Exception):
-    """Base Exception for the Discord client"""
+    """Base Exception for the Discord client."""
 
 
 class DiscordApiBackoff(DiscordClientException):
-    """Exception signaling we need to backoff from sending requests to the API for now
+    """Exception signaling we need to backoff from sending requests to the API for now.
+
+    Args:
+        retry_after: time to retry after in milliseconds
     """
 
     def __init__(self, retry_after: int):
-        """
-        :param retry_after: int time to retry after in milliseconds
-        """
         super().__init__()
         self.retry_after = int(retry_after)
 
     @property
     def retry_after_seconds(self):
+        """Time to retry after in seconds."""
         return math.ceil(self.retry_after / 1000)
 
 

allianceauth/services/modules/discord/discord_client/helpers.py

@@ -1,27 +1,37 @@
 from copy import copy
-from typing import Set, Iterable
+from typing import Iterable, List, Optional, Set, Tuple
+
+from .models import Role
 
 
-class DiscordRoles:
+class RolesSet:
-    """Container class that helps dealing with Discord roles.
+    """Container of Discord roles with added functionality.
 
     Objects of this class are immutable and work in many ways like sets.
 
     Ideally objects are initialized from raw API responses,
-    e.g. from DiscordClient.guild.roles()
+    e.g. from DiscordClient.guild.roles().
-    """
-    _ROLE_NAME_MAX_CHARS = 100
 
-    def __init__(self, roles_lst: list) -> None:
+    Args:
-        """roles_lst must be a list of dict, each defining a role"""
+        roles_lst: List of dicts, each defining a role
+    """
+    def __init__(self, roles_lst: Iterable[Role]) -> None:
         if not isinstance(roles_lst, (list, set, tuple)):
             raise TypeError('roles_lst must be of type list, set or tuple')
         self._roles = dict()
         self._roles_by_name = dict()
         for role in list(roles_lst):
-            self._assert_valid_role(role)
+            if not isinstance(role, Role):
-            self._roles[int(role['id'])] = role
+                raise TypeError('Roles must be of type Role: %s' % role)
-            self._roles_by_name[self.sanitize_role_name(role['name'])] = role
+            self._roles[role.id] = role
+            self._roles_by_name[role.name] = role
+
+    def __repr__(self) -> str:
+        if self._roles_by_name:
+            roles = '"' + '", "'.join(sorted(list(self._roles_by_name.keys()))) + '"'
+        else:
+            roles = ""
+        return f'{self.__class__.__name__}([{roles}])'
 
     def __eq__(self, other):
         if isinstance(other, type(self)):
@@ -41,15 +51,15 @@ class DiscordRoles:
         return len(self._roles.keys())
 
     def has_roles(self, role_ids: Set[int]) -> bool:
-        """returns true if this objects contains all roles defined by given role_ids
+        """True if this objects contains all roles defined by given role_ids
-        incl. managed roles
+        incl. managed roles.
         """
         role_ids = {int(id) for id in role_ids}
         all_role_ids = self._roles.keys()
         return role_ids.issubset(all_role_ids)
 
     def ids(self) -> Set[int]:
-        """return a set of all role IDs"""
+        """Set of all role IDs."""
         return set(self._roles.keys())
 
     def subset(
@@ -57,13 +67,13 @@ class DiscordRoles:
         role_ids: Iterable[int] = None,
         managed_only: bool = False,
         role_names: Iterable[str] = None
-    ) -> "DiscordRoles":
+    ) -> "RolesSet":
-        """returns a new object containing the subset of roles
+        """Create instance containing the subset of roles
 
         Args:
-        - role_ids: role ids must be in the provided list
+            role_ids: role ids must be in the provided list
-        - managed_only: roles must be managed
+            managed_only: roles must be managed
-        - role_names: role names must match provided list (not case sensitive)
+            role_names: role names must match provided list (not case sensitive)
         """
         if role_ids is not None:
             role_ids = {int(id) for id in role_ids}
@@ -75,72 +85,50 @@ class DiscordRoles:
 
         elif role_ids is None and managed_only:
             return type(self)([
-                role for _, role in self._roles.items() if role['managed']
+                role for _, role in self._roles.items() if role.managed
             ])
 
         elif role_ids is not None and managed_only:
             return type(self)([
                 role for role_id, role in self._roles.items()
-                if role_id in role_ids and role['managed']
+                if role_id in role_ids and role.managed
             ])
 
         elif role_ids is None and managed_only is False and role_names is not None:
-            role_names = {self.sanitize_role_name(name).lower() for name in role_names}
+            role_names = {Role.sanitize_name(name).lower() for name in role_names}
             return type(self)([
                 role for role in self._roles.values()
-                if role["name"].lower() in role_names
+                if role.name.lower() in role_names
             ])
 
         return copy(self)
 
-    def union(self, other: object) -> "DiscordRoles":
+    def union(self, other: object) -> "RolesSet":
-        """returns a new roles object that is the union of this roles object
+        """Create instance that is the union of this roles object with other."""
-        with other"""
         return type(self)(list(self) + list(other))
 
-    def difference(self, other: object) -> "DiscordRoles":
+    def difference(self, other: object) -> "RolesSet":
-        """returns a new roles object that only contains the roles
+        """Create instance that only contains the roles
-        that exist in the current objects, but not in other
+        that exist in the current objects, but not in other.
         """
         new_ids = self.ids().difference(other.ids())
         return self.subset(role_ids=new_ids)
 
-    def role_by_name(self, role_name: str) -> dict:
+    def role_by_name(self, role_name: str) -> Optional[Role]:
-        """returns role if one with matching name is found else an empty dict"""
+        """Role if one with matching name is found else None."""
-        role_name = self.sanitize_role_name(role_name)
+        role_name = Role.sanitize_name(role_name)
         if role_name in self._roles_by_name:
             return self._roles_by_name[role_name]
-        return dict()
+        return None
 
     @classmethod
-    def create_from_matched_roles(cls, matched_roles: list) -> "DiscordRoles":
+    def create_from_matched_roles(
-        """returns a new object created from the given list of matches roles
+        cls, matched_roles: List[Tuple[Role, bool]]
+    ) -> "RolesSet":
+        """Create new instance from the given list of matches roles.
 
-        matches_roles must be a list of tuples in the form: (role, created)
+        Args:
+            matches_roles: list of matches roles
         """
         raw_roles = [x[0] for x in matched_roles]
         return cls(raw_roles)
-
-    @staticmethod
-    def _assert_valid_role(role: dict) -> None:
-        if not isinstance(role, dict):
-            raise TypeError('Roles must be of type dict: %s' % role)
-
-        if 'id' not in role or 'name' not in role or 'managed' not in role:
-            raise ValueError('This role is not valid: %s' % role)
-
-    @classmethod
-    def sanitize_role_name(cls, role_name: str) -> str:
-        """shortens too long strings if necessary"""
-        return str(role_name)[:cls._ROLE_NAME_MAX_CHARS]
-
-
-def match_or_create_roles_from_names(
-    client: object, guild_id: int, role_names: list
-) -> DiscordRoles:
-    """Shortcut for getting the result of matching role names as DiscordRoles object"""
-    return DiscordRoles.create_from_matched_roles(
-        client.match_or_create_roles_from_names(
-            guild_id=guild_id, role_names=role_names
-        )
-    )