Added discourse profile pictures. Will fallback to gravatar if not linked to forum account

Commented registration test - since registration is now disabled
Fixed penguins of death due to infinite loop of SSO login redirects
2026-03-06 03:58:23 +00:00 · 2016-11-03 01:55:27 +00:00 · 2016-11-03 00:09:09 +00:00 · 2016-11-02 23:50:49 +00:00 · 2016-11-02 21:27:04 +00:00 · 2016-11-02 21:01:40 +00:00
61 changed files with 3232 additions and 529 deletions
--- a/.codeclimate.yml
+++ b/.codeclimate.yml
@@ -0,0 +1,32 @@
+---
+engines:
+  csslint:
+    enabled: true
+  duplication:
+    enabled: true
+    config:
+      languages:
+      - ruby
+      - javascript
+      - python
+      - php
+  eslint:
+    enabled: true
+  fixme:
+    enabled: true
+  radon:
+    enabled: true
+  rubocop:
+    enabled: true
+ratings:
+  paths:
+  - "**.css"
+  - "**.inc"
+  - "**.js"
+  - "**.jsx"
+  - "**.module"
+  - "**.php"
+  - "**.py"
+  - "**.rb"
+exclude_paths:
+- config/
--- a/.coveragerc
+++ b/.coveragerc
@@ -0,0 +1,6 @@
+[run]
+source =
+    ./
+
+omit =
+    */migrations/*
--- a/.csslintrc
+++ b/.csslintrc
@@ -0,0 +1,2 @@
+--exclude-exts=.min.css
+--ignore=adjoining-classes,box-model,ids,order-alphabetical,unqualified-attributes
--- a/.eslintignore
+++ b/.eslintignore
@@ -0,0 +1 @@
+**/*{.,-}min.js
--- a/.eslintrc
+++ b/.eslintrc
@@ -0,0 +1,213 @@
+ecmaFeatures:
+  modules: true
+  jsx: true
+
+env:
+  amd: true
+  browser: true
+  es6: true
+  jquery: true
+  node: true
+
+# http://eslint.org/docs/rules/
+rules:
+  # Possible Errors
+  comma-dangle: [2, never]
+  no-cond-assign: 2
+  no-console: 0
+  no-constant-condition: 2
+  no-control-regex: 2
+  no-debugger: 2
+  no-dupe-args: 2
+  no-dupe-keys: 2
+  no-duplicate-case: 2
+  no-empty: 2
+  no-empty-character-class: 2
+  no-ex-assign: 2
+  no-extra-boolean-cast: 2
+  no-extra-parens: 0
+  no-extra-semi: 2
+  no-func-assign: 2
+  no-inner-declarations: [2, functions]
+  no-invalid-regexp: 2
+  no-irregular-whitespace: 2
+  no-negated-in-lhs: 2
+  no-obj-calls: 2
+  no-regex-spaces: 2
+  no-sparse-arrays: 2
+  no-unexpected-multiline: 2
+  no-unreachable: 2
+  use-isnan: 2
+  valid-jsdoc: 0
+  valid-typeof: 2
+
+  # Best Practices
+  accessor-pairs: 2
+  block-scoped-var: 0
+  complexity: [2, 6]
+  consistent-return: 0
+  curly: 0
+  default-case: 0
+  dot-location: 0
+  dot-notation: 0
+  eqeqeq: 2
+  guard-for-in: 2
+  no-alert: 2
+  no-caller: 2
+  no-case-declarations: 2
+  no-div-regex: 2
+  no-else-return: 0
+  no-empty-label: 2
+  no-empty-pattern: 2
+  no-eq-null: 2
+  no-eval: 2
+  no-extend-native: 2
+  no-extra-bind: 2
+  no-fallthrough: 2
+  no-floating-decimal: 0
+  no-implicit-coercion: 0
+  no-implied-eval: 2
+  no-invalid-this: 0
+  no-iterator: 2
+  no-labels: 0
+  no-lone-blocks: 2
+  no-loop-func: 2
+  no-magic-number: 0
+  no-multi-spaces: 0
+  no-multi-str: 0
+  no-native-reassign: 2
+  no-new-func: 2
+  no-new-wrappers: 2
+  no-new: 2
+  no-octal-escape: 2
+  no-octal: 2
+  no-proto: 2
+  no-redeclare: 2
+  no-return-assign: 2
+  no-script-url: 2
+  no-self-compare: 2
+  no-sequences: 0
+  no-throw-literal: 0
+  no-unused-expressions: 2
+  no-useless-call: 2
+  no-useless-concat: 2
+  no-void: 2
+  no-warning-comments: 0
+  no-with: 2
+  radix: 2
+  vars-on-top: 0
+  wrap-iife: 2
+  yoda: 0
+
+  # Strict
+  strict: 0
+
+  # Variables
+  init-declarations: 0
+  no-catch-shadow: 2
+  no-delete-var: 2
+  no-label-var: 2
+  no-shadow-restricted-names: 2
+  no-shadow: 0
+  no-undef-init: 2
+  no-undef: 0
+  no-undefined: 0
+  no-unused-vars: 0
+  no-use-before-define: 0
+
+  # Node.js and CommonJS
+  callback-return: 2
+  global-require: 2
+  handle-callback-err: 2
+  no-mixed-requires: 0
+  no-new-require: 0
+  no-path-concat: 2
+  no-process-exit: 2
+  no-restricted-modules: 0
+  no-sync: 0
+
+  # Stylistic Issues
+  array-bracket-spacing: 0
+  block-spacing: 0
+  brace-style: 0
+  camelcase: 0
+  comma-spacing: 0
+  comma-style: 0
+  computed-property-spacing: 0
+  consistent-this: 0
+  eol-last: 0
+  func-names: 0
+  func-style: 0
+  id-length: 0
+  id-match: 0
+  indent: 0
+  jsx-quotes: 0
+  key-spacing: 0
+  linebreak-style: 0
+  lines-around-comment: 0
+  max-depth: 0
+  max-len: 0
+  max-nested-callbacks: 0
+  max-params: 0
+  max-statements: [2, 30]
+  new-cap: 0
+  new-parens: 0
+  newline-after-var: 0
+  no-array-constructor: 0
+  no-bitwise: 0
+  no-continue: 0
+  no-inline-comments: 0
+  no-lonely-if: 0
+  no-mixed-spaces-and-tabs: 0
+  no-multiple-empty-lines: 0
+  no-negated-condition: 0
+  no-nested-ternary: 0
+  no-new-object: 0
+  no-plusplus: 0
+  no-restricted-syntax: 0
+  no-spaced-func: 0
+  no-ternary: 0
+  no-trailing-spaces: 0
+  no-underscore-dangle: 0
+  no-unneeded-ternary: 0
+  object-curly-spacing: 0
+  one-var: 0
+  operator-assignment: 0
+  operator-linebreak: 0
+  padded-blocks: 0
+  quote-props: 0
+  quotes: 0
+  require-jsdoc: 0
+  semi-spacing: 0
+  semi: 0
+  sort-vars: 0
+  space-after-keywords: 0
+  space-before-blocks: 0
+  space-before-function-paren: 0
+  space-before-keywords: 0
+  space-in-parens: 0
+  space-infix-ops: 0
+  space-return-throw-case: 0
+  space-unary-ops: 0
+  spaced-comment: 0
+  wrap-regex: 0
+
+  # ECMAScript 6
+  arrow-body-style: 0
+  arrow-parens: 0
+  arrow-spacing: 0
+  constructor-super: 0
+  generator-star-spacing: 0
+  no-arrow-condition: 0
+  no-class-assign: 0
+  no-const-assign: 0
+  no-dupe-class-members: 0
+  no-this-before-super: 0
+  no-var: 0
+  object-shorthand: 0
+  prefer-arrow-callback: 0
+  prefer-const: 0
+  prefer-reflect: 0
+  prefer-spread: 0
+  prefer-template: 0
+  require-yield: 0
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,6 @@
+tmp/
+db.sqlite3
+
 # Byte-compiled / optimized / DLL files
 __pycache__/
 *.py[cod]
@@ -25,9 +28,6 @@ var/

 # Continer extras
 .vagrant
-_builds
-_steps
-_projects

 # PyInstaller
 #  Usually these files are written by a python script from a template
--- a/.rubocop.yml
+++ b/.rubocop.yml
--- a/.travis.yml
+++ b/.travis.yml
@@ -0,0 +1,21 @@
+language: python
+python:
+  "2.7"
+
+before_install:
+  - "export DISPLAY=:99.0"
+  - "/sbin/start-stop-daemon --start --quiet --pidfile /tmp/custom_xvfb_99.pid --make-pidfile --background --exec /usr/bin/Xvfb -- :99 -ac -screen 0 1280x1024x16"
+
+install:
+  - pip install -r requirements.txt
+  - pip install coveralls codeclimate-test-reporter
+
+before_script:
+  - python manage.py collectstatic --noinput
+
+script:
+  - coverage run manage.py test RIGS
+
+after_success:
+  - coveralls
+  - codeclimate-test-reporter
--- a/PyRIGS/decorators.py
+++ b/PyRIGS/decorators.py
@@ -2,22 +2,36 @@ from django.contrib.auth import REDIRECT_FIELD_NAME
 from django.shortcuts import render_to_response
 from django.template import RequestContext
 from django.http import HttpResponseRedirect
+from django.core.urlresolvers import reverse

-def user_passes_test_with_403(test_func, login_url=None):
+from RIGS import models
+
+
+def user_passes_test_with_403(test_func, login_url=None, oembed_view=None):
    """
    Decorator for views that checks that the user passes the given test.
-    
    Anonymous users will be redirected to login_url, while users that fail
    the test will be given a 403 error.
+    If embed_view is set, then a JS redirect will be used, and a application/json+oembed
+    meta tag set with the url of oembed_view
+    (oembed_view will be passed the kwargs from the main function)
    """
    if not login_url:
        from django.conf import settings
        login_url = settings.LOGIN_URL
+
    def _dec(view_func):
        def _checklogin(request, *args, **kwargs):
            if test_func(request.user):
                return view_func(request, *args, **kwargs)
            elif not request.user.is_authenticated():
+                if oembed_view is not None:
+                    extra_context = {}
+                    extra_context['oembed_url'] = "{0}://{1}{2}".format(request.scheme, request.META['HTTP_HOST'], reverse(oembed_view, kwargs=kwargs))
+                    extra_context['login_url'] = "{0}?{1}={2}".format(login_url, REDIRECT_FIELD_NAME, request.get_full_path())
+                    resp = render_to_response('login_redirect.html', extra_context, context_instance=RequestContext(request))
+                    return resp
+                else:
                    return HttpResponseRedirect('%s?%s=%s' % (login_url, REDIRECT_FIELD_NAME, request.get_full_path()))
            else:
                resp = render_to_response('403.html', context_instance=RequestContext(request))
@@ -28,14 +42,14 @@ def user_passes_test_with_403(test_func, login_url=None):
        return _checklogin
    return _dec

-def permission_required_with_403(perm, login_url=None):
+
+def permission_required_with_403(perm, login_url=None, oembed_view=None):
    """
    Decorator for views that checks whether a user has a particular permission
    enabled, redirecting to the log-in page or rendering a 403 as necessary.
    """
-    return user_passes_test_with_403(lambda u: u.has_perm(perm), login_url=login_url)
+    return user_passes_test_with_403(lambda u: u.has_perm(perm), login_url=login_url, oembed_view=oembed_view)

-from RIGS import models

 def api_key_required(function):
    """
@@ -58,7 +72,7 @@ def api_key_required(function):

        try:
            user_object = models.Profile.objects.get(pk=userid)
-        except Profile.DoesNotExist:
+        except models.Profile.DoesNotExist:
            return error_resp

        if user_object.api_key != key:
--- a/PyRIGS/settings.py
+++ b/PyRIGS/settings.py
@@ -12,8 +12,6 @@ https://docs.djangoproject.com/en/1.7/ref/settings/
 import os
 BASE_DIR = os.path.dirname(os.path.dirname(__file__))

-SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
-
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/

@@ -23,10 +21,19 @@ SECRET_KEY = os.environ.get('SECRET_KEY') if os.environ.get('SECRET_KEY') else '
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = bool(int(os.environ.get('DEBUG'))) if os.environ.get('DEBUG') else True

+STAGING = bool(int(os.environ.get('STAGING'))) if os.environ.get('STAGING') else False
+
 TEMPLATE_DEBUG = True

 ALLOWED_HOSTS = ['pyrigs.nottinghamtec.co.uk', 'rigs.nottinghamtec.co.uk', 'pyrigs.herokuapp.com']

+if STAGING:
+    ALLOWED_HOSTS.append('.herokuapp.com')
+
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+if not DEBUG:
+    SECURE_SSL_REDIRECT = True # Redirect all http requests to https
+
 INTERNAL_IPS = ['127.0.0.1']

 ADMINS = (
@@ -51,10 +58,12 @@ INSTALLED_APPS = (
    'captcha',
    'widget_tweaks',
    'raven.contrib.django.raven_compat',
+    'social.apps.django_app.default',
 )

 MIDDLEWARE_CLASSES = (
    'raven.contrib.django.raven_compat.middleware.SentryResponseErrorIdMiddleware',
+    'django.middleware.security.SecurityMiddleware',
    'reversion.middleware.RevisionMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
@@ -65,6 +74,31 @@ MIDDLEWARE_CLASSES = (
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
 )

+AUTHENTICATION_BACKENDS = (
+    'RIGS.discourse.discourse.DiscourseAuth',
+    'django.contrib.auth.backends.ModelBackend',
+)
+
+SOCIAL_AUTH_PIPELINE = (
+    'social.pipeline.social_auth.social_details',  # Load remote details
+    'social.pipeline.social_auth.social_uid',  # Load remote ID
+    'social.pipeline.social_auth.auth_allowed',  # Check not blacklisted
+    'social.pipeline.social_auth.social_user',  # If already associated, login
+    'RIGS.discourse.pipeline.new_connection',  # Choose a user account, much UI
+    'social.pipeline.social_auth.associate_user',  # Associate the social auth with the user
+    'social.pipeline.social_auth.load_extra_data',  # Save all the social info we have on this user
+    'RIGS.discourse.pipeline.update_avatar',  # Load the avatar URL from the API, and save to user model
+    'social.pipeline.user.user_details',  # Save any details that changed
+)
+
+DISCOURSE_HOST = os.environ.get('DISCOURSE_HOST') if os.environ.get('DISCOURSE_HOST') else 'http://localhost:4000'
+DISCOURSE_SSO_SECRET = os.environ.get('DISCOURSE_SSO_SECRET') if os.environ.get('DISCOURSE_SSO_SECRET') else 'ABCDEFGHIJKLMNOP'
+
+DISCOURSE_API_KEY = os.environ.get('DISCOURSE_API_KEY') if os.environ.get('DISCOURSE_HOST') else None
+DISCOURSE_API_USER = os.environ.get('DISCOURSE_API_USER') if os.environ.get('DISCOURSE_HOST') else 'system'
+
+REGISTRATION_OPEN = False  # Disable built-in django registration - must register using forum
+
 ROOT_URLCONF = 'PyRIGS.urls'

 WSGI_APPLICATION = 'PyRIGS.wsgi.application'
@@ -194,6 +228,8 @@ TEMPLATE_CONTEXT_PROCESSORS = (
    "django.core.context_processors.tz",
    "django.core.context_processors.request",
    "django.contrib.messages.context_processors.messages",
+    'social.apps.django_app.context_processors.backends',
+    'social.apps.django_app.context_processors.login_redirect',
 )


--- a/PyRIGS/urls.py
+++ b/PyRIGS/urls.py
@@ -18,6 +18,7 @@ urlpatterns = patterns('',
    url('^user/', include('registration.backends.default.urls')),

    url(r'^admin/', include(admin.site.urls)),
+    url('', include('social.apps.django_app.urls', namespace='social'))
 )

 if settings.DEBUG:
--- a/README.md
+++ b/README.md
@@ -1,5 +1,6 @@
 # TEC PA & Lighting - PyRIGS #
-[![wercker status](https://app.wercker.com/status/2dbe0517c3d83859c985ffc5a55a2802/m/master "wercker status")](https://app.wercker.com/project/bykey/2dbe0517c3d83859c985ffc5a55a2802)
+[![Build Status](https://travis-ci.org/nottinghamtec/PyRIGS.svg?branch=develop)](https://travis-ci.org/nottinghamtec/PyRIGS)
+[![Coverage Status](https://coveralls.io/repos/github/nottinghamtec/PyRIGS/badge.svg?branch=develop)](https://coveralls.io/github/nottinghamtec/PyRIGS?branch=develop)

 Welcome to TEC PA & Lightings PyRIGS program. This is a reimplementation of the existing Rig Information Gathering System (RIGS) that was developed using Ruby on Rails.

@@ -74,5 +75,23 @@ python manage.py runserver
 ```
 Please refer to Django documentation for a full list of options available here.

+### Sample Data ###
+Sample data is available to aid local development and user acceptance testing. To load this data into your local database, first ensure the database is empty:
+```
+python manage.py flush
+```
+Then load the sample data using the command:
+```
+python manage.py generateSampleData
+```
+4 user accounts are created for convenience:
+
+|Username |Password |
+|---------|---------|
+|superuser|superuser|
+|finance  |finance  |
+|keyholder|keyholder|
+|basic    |basic    |
+
 ### Committing, pushing and testing ###
 Feel free to commit as you wish, on your own branch. On my branch (master for development) do not commit code that you either know doesn't work or don't know works. If you must commit this code, please make sure you say in the commit message that it isn't working, and if you can why it isn't working. If and only if you absolutely must push, then please don't leave it as the HEAD for too long, it's not much to ask but when you are done just make sure you haven't broken the HEAD for the next person.
--- a/RIGS/discourse/init.py
+++ b/RIGS/discourse/init.py
--- a/RIGS/discourse/discourse.py
+++ b/RIGS/discourse/discourse.py
@@ -0,0 +1,91 @@
+from __future__ import unicode_literals
+from social.backends.base import BaseAuth
+from django.conf import settings
+
+from .sso import DiscourseSSO
+
+
+class DiscourseAssociation(object):
+    """ Use Association model to save the nonce by force. """
+
+    def __init__(self, handle, secret='', issued=0, lifetime=0, assoc_type=''):
+        self.handle = handle  # as nonce
+        self.secret = secret.encode()  # not use
+        self.issued = issued  # not use
+        self.lifetime = lifetime  # not use
+        self.assoc_type = assoc_type  # as state
+
+
+class DiscourseAuth(BaseAuth):
+    """Discourse authentication backend"""
+    name = 'discourse'
+    secret = settings.DISCOURSE_SSO_SECRET
+    host = settings.DISCOURSE_HOST
+
+    EXTRA_DATA = [
+        ('username', 'username'),
+        ('email', 'email'),
+        ('external_id', 'external_id')
+    ]
+
+    sso = DiscourseSSO(secret)
+
+    def get_and_store_nonce(self, url):
+        # Create a nonce
+        nonce = self.strategy.random_string(64)
+        # Store the nonce
+        association = DiscourseAssociation(nonce)
+        self.strategy.storage.association.store(url, association)
+        return nonce
+
+    def get_nonce(self, nonce):
+        try:
+            return self.strategy.storage.association.get(
+                server_url=self.host,
+                handle=nonce
+            )[0]
+        except IndexError:
+            pass
+
+    def remove_nonce(self, nonce_id):
+        self.strategy.storage.association.remove([nonce_id])
+
+    def get_user_id(self, details, response):
+        """Return current user id."""
+
+        return int(response['external_id'])
+
+    def get_user_details(self, response):
+        """Return user basic information (id and email only)."""
+
+        return {'username': response['username'],
+                'email': response['email'],
+                'fullname': response['name'].replace('+', ' ') if 'name' in response else '',
+                'first_name': '',
+                'last_name': ''}
+
+    def auth_url(self):
+        """Build and return complete URL."""
+        nonce = self.get_and_store_nonce(self.host)
+
+        return self.host + self.sso.build_login_URL(nonce, self.redirect_uri)
+
+    def auth_complete(self, *args, **kwargs):
+        """Completes login process, must return user instance."""
+
+        try:
+            if not self.sso.validate(self.data['sso'], self.data['sig']):
+                raise Exception("Someone wants to hack us!")
+        except KeyError:
+            raise Exception("SSO Error, please try again")
+
+        nonce = self.sso.get_nonce(self.data['sso'])
+        nonce_obj = self.get_nonce(nonce)
+        if nonce_obj:
+            self.remove_nonce(nonce_obj.id)
+        else:
+            raise Exception("Nonce does not match!")
+
+        kwargs.update({'response': self.sso.get_data(
+            self.data['sso']), 'backend': self})
+        return self.strategy.authenticate(*args, **kwargs)
--- a/RIGS/discourse/pipeline.py
+++ b/RIGS/discourse/pipeline.py
@@ -0,0 +1,88 @@
+from django.core.urlresolvers import reverse
+from django.contrib.auth import REDIRECT_FIELD_NAME
+from django.shortcuts import render_to_response
+from django.core.exceptions import ValidationError
+from django.conf import settings
+
+import json
+import requests
+
+from social.pipeline.partial import partial
+
+from RIGS.models import Profile
+from RIGS import forms
+
+
+class SocialRegisterForm(forms.ProfileRegistrationFormUniqueEmail):
+    def __init__(self, *args, **kwargs):
+        super(SocialRegisterForm, self).__init__(*args, **kwargs)
+        self.fields.pop('password1')
+        self.fields.pop('password2')
+        self.fields.pop('captcha')
+
+        self.fields['email'].widget.attrs['readonly'] = True
+
+    def clean_email(self):
+        initial = getattr(self, 'initial', None)
+        if(initial['email'] != self.cleaned_data['email']):
+            raise ValidationError("You cannot change the email")
+
+        return initial['email']
+
+
+@partial
+def new_connection(backend, details, response, user=None, is_new=False, social=None, request=None, *args, **kwargs):
+    if social is not None:
+        return
+
+    data = backend.strategy.request_data()
+
+    if data.get('UseCurrentAccount') is not None:
+        return
+
+    alreadyLoggedIn = user is not None
+
+    context = {
+        'details': details,
+        'alreadyLoggedIn': alreadyLoggedIn,
+        'loggedInUser': user,
+    }
+
+    if not alreadyLoggedIn:
+        completeUrl = reverse('social:complete', kwargs={'backend': backend.name})
+        context['login_url'] = "{0}?{1}={2}".format(reverse('login'), REDIRECT_FIELD_NAME, completeUrl)
+
+        if data.get('username') is None:
+            form = SocialRegisterForm(initial=details)
+        else:
+            form = SocialRegisterForm(data, initial=details)
+
+        if form.is_valid():
+            new_user = Profile.objects.create_user(**form.cleaned_data)
+            return {'user': new_user}
+
+        context['form'] = form
+
+    return render_to_response('RIGS/social-associate.html', context)
+
+
+def update_avatar(backend, details, response, user=None, social=None, *args, **kwargs):
+    host = settings.DISCOURSE_HOST
+    api_key = settings.DISCOURSE_API_KEY
+    api_user = settings.DISCOURSE_API_USER
+    if social is not None:
+        url = "{}/users/{}.json".format(host, details['username'])
+        params = {
+            'api_key': api_key,
+            'api_username': api_user
+        }
+        resp = requests.get(url=url, params=params)
+        extraData = json.loads(resp.text)
+
+        avatar_template = extraData['user']['avatar_template']
+
+        if avatar_template and user.avatar_template != avatar_template:
+            user.avatar_template = avatar_template
+            user.save()
+
+    return
--- a/RIGS/discourse/sso.py
+++ b/RIGS/discourse/sso.py
@@ -0,0 +1,46 @@
+import urllib
+from hashlib import sha256
+import hmac
+from base64 import b64decode, b64encode
+
+
+class DiscourseSSO:
+    def __init__(self, secret_key):
+        self.__secret_key = secret_key
+
+    def validate(self, payload, sig):
+        payload = urllib.unquote(payload)
+        computed_sig = hmac.new(
+            self.__secret_key.encode(),
+            payload.encode(),
+            sha256
+        ).hexdigest()
+
+        return hmac.compare_digest(unicode(computed_sig), sig)
+
+    def get_nonce(self, payload):
+        payload = b64decode(urllib.unquote(payload)).decode()
+        d = dict(nonce.split("=") for nonce in payload.split('&'))
+
+        if 'nonce' in d and d['nonce'] != '':
+            return d['nonce']
+        else:
+            raise Exception("Nonce could not be found in payload")
+
+    def get_data(self, payload):
+        payload = urllib.unquote(b64decode(urllib.unquote(payload)).decode())
+        d = dict(data.split("=") for data in payload.split('&'))
+
+        return d
+
+    def build_login_URL(self, nonce, redirect_uri):
+        data = {
+            'nonce': nonce,
+            'return_sso_url': redirect_uri
+        }
+
+        payload = urllib.urlencode(data)
+        payload = b64encode(payload.encode())
+        sig = hmac.new(self.__secret_key.encode(), payload, sha256).hexdigest()
+
+        return '/session/sso_provider?' + urllib.urlencode({'sso': payload, 'sig': sig})
--- a/RIGS/finance.py
+++ b/RIGS/finance.py
@@ -1,32 +1,41 @@
 import cStringIO as StringIO
+import datetime
+import re

+from django.contrib import messages
 from django.core.urlresolvers import reverse_lazy
-from django.db import connection
 from django.http import Http404, HttpResponseRedirect
-from django.views import generic
-from django.template import RequestContext
-from django.template.loader import get_template
 from django.http import HttpResponse
 from django.shortcuts import get_object_or_404
-from django.contrib import messages
-import datetime
+from django.template import RequestContext
+from django.template.loader import get_template
+from django.views import generic
+from django.db.models import Q
 from z3c.rml import rml2pdf

 from RIGS import models

-import re

 class InvoiceIndex(generic.ListView):
    model = models.Invoice
-    template_name = 'RIGS/invoice_list.html'
+    template_name = 'RIGS/invoice_list_active.html'
+
+    def get_context_data(self, **kwargs):
+        context = super(InvoiceIndex, self).get_context_data(**kwargs)
+        total = 0
+        for i in context['object_list']:
+            total += i.balance
+        context['total'] = total
+        context['count'] = len(list(context['object_list']))
+        return context

    def get_queryset(self):
        # Manual query is the only way I have found to do this efficiently. Not ideal but needs must
        sql = "SELECT * FROM " \
              "(SELECT " \
-              "(SELECT COUNT(p.amount) FROM \"RIGS_payment\" as p WHERE p.invoice_id=\"RIGS_invoice\".id) AS \"payment_count\", " \
+              "(SELECT COUNT(p.amount) FROM \"RIGS_payment\" AS p WHERE p.invoice_id=\"RIGS_invoice\".id) AS \"payment_count\", " \
              "(SELECT SUM(ei.cost * ei.quantity) FROM \"RIGS_eventitem\" AS ei WHERE ei.event_id=\"RIGS_invoice\".event_id) AS \"cost\", " \
-              "(SELECT SUM(p.amount) FROM \"RIGS_payment\" as p WHERE p.invoice_id=\"RIGS_invoice\".id) AS \"payments\", " \
+              "(SELECT SUM(p.amount) FROM \"RIGS_payment\" AS p WHERE p.invoice_id=\"RIGS_invoice\".id) AS \"payments\", " \
              "\"RIGS_invoice\".\"id\", \"RIGS_invoice\".\"event_id\", \"RIGS_invoice\".\"invoice_date\", \"RIGS_invoice\".\"void\" FROM \"RIGS_invoice\") " \
              "AS sub " \
              "WHERE (((cost > 0.0) AND (payment_count=0)) OR (cost - payments) <> 0.0) AND void = '0'" \
@@ -40,6 +49,7 @@ class InvoiceIndex(generic.ListView):
 class InvoiceDetail(generic.DetailView):
    model = models.Invoice

+
 class InvoicePrint(generic.View):
    def get(self, request, pk):
        invoice = get_object_or_404(models.Invoice, pk=pk)
@@ -72,6 +82,7 @@ class InvoicePrint(generic.View):
        response.write(pdfData)
        return response

+
 class InvoiceVoid(generic.View):
    def get(self, *args, **kwargs):
        pk = kwargs.get('pk')
@@ -83,25 +94,64 @@ class InvoiceVoid(generic.View):
            return HttpResponseRedirect(reverse_lazy('invoice_list'))
        return HttpResponseRedirect(reverse_lazy('invoice_detail', kwargs={'pk': object.pk}))

+class InvoiceDelete(generic.DeleteView):
+    model = models.Invoice
+
+    def get(self, request, pk):
+        obj = self.get_object()
+        if obj.payment_set.all().count() > 0:
+            messages.info(self.request, 'To delete an invoice, delete the payments first.')
+            return HttpResponseRedirect(reverse_lazy('invoice_detail', kwargs={'pk': obj.pk}))
+        return super(InvoiceDelete, self).get(pk)
+
+    def post(self, request, pk):
+        obj = self.get_object()
+        if obj.payment_set.all().count() > 0:
+            messages.info(self.request, 'To delete an invoice, delete the payments first.')
+            return HttpResponseRedirect(reverse_lazy('invoice_detail', kwargs={'pk': obj.pk}))
+        return super(InvoiceDelete, self).post(pk)
+
+    def get_success_url(self):
+        return self.request.POST.get('next')

 class InvoiceArchive(generic.ListView):
    model = models.Invoice
+    template_name = 'RIGS/invoice_list_archive.html'
    paginate_by = 25


 class InvoiceWaiting(generic.ListView):
    model = models.Event
-    paginate_by = 25
+    # paginate_by = 25
    template_name = 'RIGS/event_invoice.html'

+    def get_context_data(self, **kwargs):
+        context = super(InvoiceWaiting, self).get_context_data(**kwargs)
+        total = 0
+        for obj in self.get_objects():
+            total += obj.sum_total
+        context['total'] = total
+        context['count'] = len(self.get_objects())
+        return context
+
    def get_queryset(self):
+        return self.get_objects()
+
+    def get_objects(self):
        # @todo find a way to select items
-        events = self.model.objects.filter(is_rig=True, end_date__lt=datetime.date.today(),
-                                           invoice__isnull=True) \
-            .order_by('start_date') \
+        events = self.model.objects.filter(
+            (
+                Q(start_date__lte=datetime.date.today(), end_date__isnull=True) |  # Starts before with no end
+                Q(end_date__lte=datetime.date.today()) # Has end date, finishes before
+            ) & Q(invoice__isnull=True) # Has not already been invoiced
+            & Q(is_rig=True) # Is a rig (not non-rig)
+            
+            ).order_by('start_date') \
            .select_related('person',
                            'organisation',
-                            'venue', 'mic')
+                            'venue', 'mic') \
+            .prefetch_related('items')
+
        return events


@@ -113,6 +163,7 @@ class InvoiceEvent(generic.View):

        if created:
            invoice.invoice_date = datetime.date.today()
+            messages.success(self.request, 'Invoice created successfully')

        return HttpResponseRedirect(reverse_lazy('invoice_detail', kwargs={'pk': invoice.pk}))

--- a/RIGS/forms.py
+++ b/RIGS/forms.py
@@ -3,6 +3,7 @@ from django import forms
 from django.utils import formats
 from django.conf import settings
 from django.core import serializers
+from django.core.exceptions import ValidationError
 from django.contrib.auth.forms import UserCreationForm, UserChangeForm, AuthenticationForm, PasswordResetForm
 from registration.forms import RegistrationFormUniqueEmail
 from captcha.fields import ReCaptchaField
@@ -27,6 +28,16 @@ class ProfileRegistrationFormUniqueEmail(RegistrationFormUniqueEmail):
            raise forms.ValidationError("These initials are already in use. Please supply different initials.")
        return self.cleaned_data['initials']

+    def clean_first_name(self):
+        if self.cleaned_data["first_name"].strip() == '':
+            raise ValidationError("First name is required.")
+        return self.cleaned_data["first_name"]
+
+    def clean_last_name(self):
+        if self.cleaned_data["last_name"].strip() == '':
+            raise ValidationError("Last name is required.")
+        return self.cleaned_data["last_name"]
+

 # Login form
 class PasswordReset(PasswordResetForm):
--- a/assets/migrations/init.py
+++ b/assets/migrations/init.py
--- a/RIGS/management/commands/init.py
+++ b/RIGS/management/commands/init.py
--- a/RIGS/management/commands/generateSampleData.py
+++ b/RIGS/management/commands/generateSampleData.py
@@ -0,0 +1,248 @@
+from django.core.management.base import BaseCommand, CommandError
+from django.contrib.auth.models import Group, Permission
+from django.db import transaction
+import reversion
+
+import datetime
+import random
+
+from RIGS import models
+class Command(BaseCommand):
+    help = 'Adds sample data to use for testing'
+    can_import_settings = True
+
+    people = []
+    organisations = []
+    venues = []
+    profiles = []
+
+    keyholder_group = None
+    finance_group = None
+
+
+    def handle(self, *args, **options):
+        from django.conf import settings
+
+        if not (settings.DEBUG or settings.STAGING):
+            raise CommandError('You cannot run this command in production')
+
+        random.seed('Some object to seed the random number generator') # otherwise it is done by time, which could lead to inconsistant tests
+
+        with transaction.atomic():
+            models.VatRate.objects.create(start_at='2014-03-05',rate=0.20,comment='test1')
+
+            self.setupGenericProfiles()
+
+            self.setupPeople()
+            self.setupOrganisations()
+            self.setupVenues()
+            
+            self.setupGroups()
+            
+            self.setupEvents()
+
+            self.setupUsefulProfiles()
+
+    def setupPeople(self):
+        names = ["Regulus Black","Sirius Black","Lavender Brown","Cho Chang","Vincent Crabbe","Vincent Crabbe","Bartemius Crouch","Fleur Delacour","Cedric Diggory","Alberforth Dumbledore","Albus Dumbledore","Dudley Dursley","Petunia Dursley","Vernon Dursley","Argus Filch","Seamus Finnigan","Nicolas Flamel","Cornelius Fudge","Goyle","Gregory Goyle","Hermione Granger","Rubeus Hagrid","Igor Karkaroff","Viktor Krum","Bellatrix Lestrange","Alice Longbottom","Frank Longbottom","Neville Longbottom","Luna Lovegood","Xenophilius Lovegood","Remus Lupin","Draco Malfoy","Lucius Malfoy","Narcissa Malfoy","Olympe Maxime","Minerva McGonagall","Mad-Eye Moody","Peter Pettigrew","Harry Potter","James Potter","Lily Potter","Quirinus Quirrell","Tom Riddle","Mary Riddle","Lord Voldemort","Rita Skeeter","Severus Snape","Nymphadora Tonks","Dolores Janes Umbridge","Arthur Weasley","Bill Weasley","Charlie Weasley","Fred Weasley","George Weasley","Ginny Weasley","Molly Weasley","Percy Weasley","Ron Weasley","Dobby","Fluffy","Hedwig","Moaning Myrtle","Aragog","Grawp"]
+        for i, name in enumerate(names):
+            with reversion.create_revision():
+                reversion.set_user(random.choice(self.profiles))
+
+                newPerson = models.Person.objects.create(name=name)
+                if i % 3 == 0:
+                    newPerson.email = "address@person.com"
+
+                if i % 5 == 0:
+                    newPerson.notes = "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua"
+
+                if i % 7 == 0:
+                    newPerson.address = "1 Person Test Street \n Demoton \n United States of TEC \n RMRF 567"
+
+                if i % 9 == 0:
+                    newPerson.phone = "01234 567894"
+
+                newPerson.save()
+                self.people.append(newPerson)
+
+    def setupOrganisations(self):
+        names = ["Acme, inc.","Widget Corp","123 Warehousing","Demo Company","Smith and Co.","Foo Bars","ABC Telecom","Fake Brothers","QWERTY Logistics","Demo, inc.","Sample Company","Sample, inc","Acme Corp","Allied Biscuit","Ankh-Sto Associates","Extensive Enterprise","Galaxy Corp","Globo-Chem","Mr. Sparkle","Globex Corporation","LexCorp","LuthorCorp","North Central Positronics","Omni Consimer Products","Praxis Corporation","Sombra Corporation","Sto Plains Holdings","Tessier-Ashpool","Wayne Enterprises","Wentworth Industries","ZiffCorp","Bluth Company","Strickland Propane","Thatherton Fuels","Three Waters","Water and Power","Western Gas & Electric","Mammoth Pictures","Mooby Corp","Gringotts","Thrift Bank","Flowers By Irene","The Legitimate Businessmens Club","Osato Chemicals","Transworld Consortium","Universal Export","United Fried Chicken","Virtucon","Kumatsu Motors","Keedsler Motors","Powell Motors","Industrial Automation","Sirius Cybernetics Corporation","U.S. Robotics and Mechanical Men","Colonial Movers","Corellian Engineering Corporation","Incom Corporation","General Products","Leeding Engines Ltd.","Blammo","Input, Inc.","Mainway Toys","Videlectrix","Zevo Toys","Ajax","Axis Chemical Co.","Barrytron","Carrys Candles","Cogswell Cogs","Spacely Sprockets","General Forge and Foundry","Duff Brewing Company","Dunder Mifflin","General Services Corporation","Monarch Playing Card Co.","Krustyco","Initech","Roboto Industries","Primatech","Sonky Rubber Goods","St. Anky Beer","Stay Puft Corporation","Vandelay Industries","Wernham Hogg","Gadgetron","Burleigh and Stronginthearm","BLAND Corporation","Nordyne Defense Dynamics","Petrox Oil Company","Roxxon","McMahon and Tate","Sixty Second Avenue","Charles Townsend Agency","Spade and Archer","Megadodo Publications","Rouster and Sideways","C.H. Lavatory and Sons","Globo Gym American Corp","The New Firm","SpringShield","Compuglobalhypermeganet","Data Systems","Gizmonic Institute","Initrode","Taggart Transcontinental","Atlantic Northern","Niagular","Plow King","Big Kahuna Burger","Big T Burgers and Fries","Chez Quis","Chotchkies","The Frying Dutchman","Klimpys","The Krusty Krab","Monks Diner","Milliways","Minuteman Cafe","Taco Grande","Tip Top Cafe","Moes Tavern","Central Perk","Chasers"]
+        for i, name in enumerate(names):
+            with reversion.create_revision():
+                reversion.set_user(random.choice(self.profiles))
+                newOrganisation = models.Organisation.objects.create(name=name)
+                if i % 2 == 0:
+                    newOrganisation.has_su_account = True
+
+                if i % 3 == 0:
+                    newOrganisation.email = "address@organisation.com"
+
+                if i % 5 == 0:
+                    newOrganisation.notes = "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua"
+
+                if i % 7 == 0:
+                    newOrganisation.address = "1 Organisation Test Street \n Demoton \n United States of TEC \n RMRF 567"
+
+                if i % 9 == 0:
+                    newOrganisation.phone = "01234 567894"
+
+                newOrganisation.save()
+                self.organisations.append(newOrganisation)
+
+    def setupVenues(self):
+        names = ["Bear Island","Crossroads Inn","Deepwood Motte","The Dreadfort","The Eyrie","Greywater Watch","The Iron Islands","Karhold","Moat Cailin","Oldstones","Raventree Hall","Riverlands","The Ruby Ford","Saltpans","Seagard","Torrhen's Square","The Trident","The Twins","The Vale of Arryn","The Whispering Wood","White Harbor","Winterfell","The Arbor","Ashemark","Brightwater Keep","Casterly Rock","Clegane's Keep","Dragonstone","Dorne","God's Eye","The Golden Tooth","Harrenhal","Highgarden","Horn Hill","Fingers","King's Landing","Lannisport","Oldtown","Rainswood","Storm's End","Summerhall","Sunspear","Tarth","Castle Black","Craster's Keep","Fist of the First Men","The Frostfangs","The Gift","The Skirling Pass","The Wall","Asshai","Astapor","Braavos","The Dothraki Sea","Lys","Meereen","Myr","Norvos","Pentos","Qarth","Qohor","The Red Waste","Tyrosh","Vaes Dothrak","Valyria","Village of the Lhazareen","Volantis","Yunkai"]
+        for i, name in enumerate(names):
+            with reversion.create_revision():
+                reversion.set_user(random.choice(self.profiles))
+                newVenue = models.Venue.objects.create(name=name)
+                if i % 2 == 0:
+                    newVenue.three_phase_available = True
+
+                if i % 3 == 0:
+                    newVenue.email = "address@venue.com"
+
+                if i % 5 == 0:
+                    newVenue.notes = "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua"
+
+                if i % 7 == 0:
+                    newVenue.address = "1 Venue Test Street \n Demoton \n United States of TEC \n RMRF 567"
+
+                if i % 9 == 0:
+                    newVenue.phone = "01234 567894"
+
+                newVenue.save()
+                self.venues.append(newVenue)
+
+    def setupGroups(self):
+        self.keyholder_group = Group.objects.create(name='Keyholders')
+        self.finance_group = Group.objects.create(name='Finance')
+
+        keyholderPerms = ["add_event","change_event","view_event","add_eventitem","change_eventitem","delete_eventitem","add_organisation","change_organisation","view_organisation","add_person","change_person","view_person","view_profile","add_venue","change_venue","view_venue"]
+        financePerms = ["change_event","view_event","add_eventitem","change_eventitem","add_invoice","change_invoice","view_invoice","add_organisation","change_organisation","view_organisation","add_payment","change_payment","delete_payment","add_person","change_person","view_person"]
+
+        for permId in keyholderPerms:
+            self.keyholder_group.permissions.add(Permission.objects.get(codename=permId))
+
+        for permId in financePerms:
+            self.finance_group.permissions.add(Permission.objects.get(codename=permId))
+
+    def setupGenericProfiles(self):
+        names = ["Clara Oswin Oswald","Rory Williams","Amy Pond","River Song","Martha Jones","Donna Noble","Jack Harkness","Mickey Smith","Rose Tyler"]
+        for i, name in enumerate(names):
+            newProfile = models.Profile.objects.create(username=name.replace(" ",""), first_name=name.split(" ")[0], last_name=name.split(" ")[-1],
+                                                         email=name.replace(" ","")+"@example.com",
+                                                        initials="".join([ j[0].upper() for j in name.split() ]))
+            if i % 2 == 0:
+                newProfile.phone = "01234 567894"
+
+            newProfile.save()
+            self.profiles.append(newProfile)
+
+    def setupUsefulProfiles(self):
+        superUser = models.Profile.objects.create(username="superuser", first_name="Super", last_name="User", initials="SU", 
+                                                email="superuser@example.com", is_superuser=True, is_active=True, is_staff=True)
+        superUser.set_password('superuser')
+        superUser.save()
+
+        financeUser = models.Profile.objects.create(username="finance", first_name="Finance", last_name="User", initials="FU", 
+                                                email="financeuser@example.com", is_active=True)
+        financeUser.groups.add(self.finance_group)
+        financeUser.groups.add(self.keyholder_group)
+        financeUser.set_password('finance')
+        financeUser.save()
+
+        keyholderUser = models.Profile.objects.create(username="keyholder", first_name="Keyholder", last_name="User", initials="KU", 
+                                                email="keyholderuser@example.com", is_active=True)
+        keyholderUser.groups.add(self.keyholder_group)
+        keyholderUser.set_password('keyholder')
+        keyholderUser.save()
+
+        basicUser = models.Profile.objects.create(username="basic", first_name="Basic", last_name="User", initials="BU", 
+                                                email="basicuser@example.com", is_active=True)
+        basicUser.set_password('basic')
+        basicUser.save()
+
+    def setupEvents(self):
+        names = ["Outdoor Concert","Hall Open Mic Night","Festival","Weekend Event","Magic Show","Society Ball","Evening Show","Talent Show","Acoustic Evening","Hire of Things","SU Event","End of Term Show","Theatre Show","Outdoor Fun Day","Summer Carnival","Open Days","Magic Show","Awards Ceremony","Debating Event","Club Night","DJ Evening","Building Projection","Choir Concert"]
+        descriptions = ["A brief desciption of the event","This event is boring","Probably wont happen","Warning: this has lots of kit"]
+        notes = ["The client came into the office at some point","Who knows if this will happen", "Probably should check this event", "Maybe not happening", "Run away!"]
+
+        itemOptions = [{'name': 'Speakers', 'description': 'Some really really big speakers \n these are very loud', 'quantity': 2, 'cost': 200.00},
+                        {'name': 'Projector', 'description': 'Some kind of video thinamejig, probably with unnecessary processing for free', 'quantity': 1, 'cost': 500.00},
+                        {'name': 'Lighting Desk', 'description': 'Cannot provide guarentee that it will work', 'quantity': 1, 'cost': 200.52},
+                        {'name': 'Moving lights', 'description': 'Flashy lights, with the copper', 'quantity': 8, 'cost': 50.00},
+                        {'name': 'Microphones', 'description': 'Make loud noise \n you will want speakers with this', 'quantity': 5, 'cost': 0.50},
+                        {'name': 'Sound Mixer Thing', 'description': 'Might be analogue, might be digital', 'quantity': 1, 'cost': 100.00},
+                        {'name': 'Electricity', 'description': 'You need this', 'quantity': 1, 'cost': 200.00},
+                        {'name': 'Crew', 'description': 'Costs nothing, because reasons', 'quantity': 1, 'cost': 0.00},
+                        {'name': 'Loyalty Discount', 'description': 'Have some negative moneys', 'quantity': 1, 'cost': -50.00}]
+
+        dayDelta = -120 # start adding events from 4 months ago
+
+        for i in range(150): # Let's add 100 events
+            with reversion.create_revision():
+                reversion.set_user(random.choice(self.profiles))
+
+                name = names[i%len(names)]
+
+                startDate = datetime.date.today() + datetime.timedelta(days=dayDelta)
+                dayDelta = dayDelta + random.randint(0,3)
+
+                newEvent = models.Event.objects.create(name=name, start_date=startDate)
+
+                if random.randint(0,2) > 1: # 1 in 3 have a start time
+                    newEvent.start_time = datetime.time(random.randint(15,20))
+                    if random.randint(0,2) > 1: # of those, 1 in 3 have an end time on the same day
+                        newEvent.end_time = datetime.time(random.randint(21,23))
+                    elif random.randint(0,1)>0: # half of the others finish early the next day
+                        newEvent.end_date = newEvent.start_date + datetime.timedelta(days=1)
+                        newEvent.end_time = datetime.time(random.randint(0,5))
+                elif random.randint(0,2)>1: # 1 in 3 of the others finish a few days ahead
+                    newEvent.end_date = newEvent.start_date + datetime.timedelta(days=random.randint(1,4))
+
+
+                if random.randint(0,6) > 0: # 5 in 6 have MIC
+                    newEvent.mic = random.choice(self.profiles)
+
+                if random.randint(0,6) > 0: # 5 in 6 have organisation
+                    newEvent.organisation = random.choice(self.organisations)
+
+                if random.randint(0,6) > 0: # 5 in 6 have person
+                    newEvent.person = random.choice(self.people)
+
+                if random.randint(0,6) > 0: # 5 in 6 have venue
+                    newEvent.venue = random.choice(self.venues)
+
+                # Could have any status, equally weighted
+                newEvent.status = random.choice([models.Event.BOOKED,models.Event.CONFIRMED,models.Event.PROVISIONAL, models.Event.CANCELLED])
+
+                newEvent.dry_hire = (random.randint(0,7)==0) # 1 in 7 are dry hire
+
+                if random.randint(0,1) > 0: # 1 in 2 have description
+                    newEvent.description = random.choice(descriptions)
+
+                if random.randint(0,1) > 0: # 1 in 2 have notes
+                    newEvent.notes = random.choice(notes)
+
+                newEvent.save()
+
+                # Now add some items
+                for j in range(random.randint(1,5)):
+                    itemData = itemOptions[random.randint(0,len(itemOptions)-1)]
+                    newItem = models.EventItem.objects.create(event=newEvent, order=j, **itemData)
+                    newItem.save()
+
+                while newEvent.sum_total < 0:
+                    itemData = itemOptions[random.randint(0,len(itemOptions)-1)]
+                    newItem = models.EventItem.objects.create(event=newEvent, order=j, **itemData)
+                    newItem.save()
+
+            with reversion.create_revision():
+                reversion.set_user(random.choice(self.profiles))
+                if newEvent.start_date < datetime.date.today(): # think about adding an invoice
+                    if random.randint(0,2) > 0: # 2 in 3 have had paperwork sent to treasury
+                        newInvoice = models.Invoice.objects.create(event=newEvent)
+                        if newEvent.status is models.Event.CANCELLED: # void cancelled events
+                            newInvoice.void = True
+                        elif random.randint(0,2)>1: # 1 in 3 have been paid
+                            models.Payment.objects.create(invoice=newInvoice, amount=newInvoice.balance, date=datetime.date.today())
--- a/RIGS/migrations/0025_profile_avatar_template.py
+++ b/RIGS/migrations/0025_profile_avatar_template.py
@@ -0,0 +1,19 @@
+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from django.db import models, migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('RIGS', '0024_auto_20160229_2042'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='profile',
+            name='avatar_template',
+            field=models.CharField(max_length=255, null=True, editable=False, blank=True),
+        ),
+    ]
--- a/RIGS/models.py
+++ b/RIGS/models.py
@@ -1,26 +1,28 @@
+import datetime
 import hashlib
-import datetime, pytz
-
-from django.db import models, connection
-from django.contrib.auth.models import AbstractUser
-from django.conf import settings
-from django.utils.functional import cached_property
-from django.utils.encoding import python_2_unicode_compatible
-import reversion
-import string
+import pytz
 import random
+import string
 from collections import Counter
-from django.core.urlresolvers import reverse_lazy
-from django.core.exceptions import ValidationError
-
 from decimal import Decimal

+import reversion
+from django.conf import settings
+from django.contrib.auth.models import AbstractUser
+from django.core.exceptions import ValidationError
+from django.core.urlresolvers import reverse_lazy
+from django.db import models
+from django.utils.encoding import python_2_unicode_compatible
+from django.utils.functional import cached_property
+
+
 # Create your models here.
@python_2_unicode_compatible
 class Profile(AbstractUser):
    initials = models.CharField(max_length=5, unique=True, null=True, blank=False)
    phone = models.CharField(max_length=13, null=True, blank=True)
    api_key = models.CharField(max_length=40, blank=True, editable=False, null=True)
+    avatar_template = models.CharField(max_length=255, blank=True, editable=False, null=True)

    @classmethod
    def make_api_key(cls):
@@ -32,8 +34,13 @@ class Profile(AbstractUser):
    @property
    def profile_picture(self):
        url = ""
+        if settings.DISCOURSE_API_KEY is not None:
+            if self.avatar_template:
+                return settings.DISCOURSE_HOST+self.avatar_template.format(size=500)
+
        if settings.USE_GRAVATAR or settings.USE_GRAVATAR is None:
            url = "https://www.gravatar.com/avatar/" + hashlib.md5(self.email).hexdigest() + "?d=wavatar&s=500"
+
        return url

    @property
@@ -55,6 +62,7 @@ class Profile(AbstractUser):
            ('view_profile', 'Can view Profile'),
        )

+
 class RevisionMixin(object):
    @property
    def last_edited_at(self):
@@ -83,6 +91,7 @@ class RevisionMixin(object):
        else:
            return None

+
@reversion.register
@python_2_unicode_compatible
 class Person(models.Model, RevisionMixin):
@@ -238,12 +247,18 @@ class Venue(models.Model, RevisionMixin):
 class EventManager(models.Manager):
    def current_events(self):
        events = self.filter(
-            (models.Q(start_date__gte=datetime.date.today(), end_date__isnull=True, dry_hire=False) & ~models.Q(status=Event.CANCELLED)) |  # Starts after with no end
-            (models.Q(end_date__gte=datetime.date.today(), dry_hire=False) & ~models.Q(status=Event.CANCELLED)) |  # Ends after
-            (models.Q(dry_hire=True, start_date__gte=datetime.date.today()) & ~models.Q(status=Event.CANCELLED)) |  # Active dry hire
-            (models.Q(dry_hire=True, checked_in_by__isnull=True) & (models.Q(status=Event.BOOKED) | models.Q(status=Event.CONFIRMED))) |  # Active dry hire GT
+            (models.Q(start_date__gte=datetime.date.today(), end_date__isnull=True, dry_hire=False) & ~models.Q(
+                status=Event.CANCELLED)) |  # Starts after with no end
+            (models.Q(end_date__gte=datetime.date.today(), dry_hire=False) & ~models.Q(
+                status=Event.CANCELLED)) |  # Ends after
+            (models.Q(dry_hire=True, start_date__gte=datetime.date.today()) & ~models.Q(
+                status=Event.CANCELLED)) |  # Active dry hire
+            (models.Q(dry_hire=True, checked_in_by__isnull=True) & (
+                models.Q(status=Event.BOOKED) | models.Q(status=Event.CONFIRMED))) |  # Active dry hire GT
            models.Q(status=Event.CANCELLED, start_date__gte=datetime.date.today())  # Canceled but not started
-        ).order_by('start_date', 'end_date', 'start_time', 'end_time', 'meet_at').select_related('person', 'organisation', 'venue', 'mic')
+        ).order_by('start_date', 'end_date', 'start_time', 'end_time', 'meet_at').select_related('person',
+                                                                                                 'organisation',
+                                                                                                 'venue', 'mic')
        return events

    def events_in_bounds(self, start, end):
@@ -259,7 +274,9 @@ class EventManager(models.Manager):
            (models.Q(meet_at__lte=start, start_date__gte=end)) |  # Meet before, start after
            (models.Q(meet_at__lte=start, end_date__gte=end))  # Meet before, end after

-        ).order_by('start_date', 'end_date', 'start_time', 'end_time', 'meet_at').select_related('person', 'organisation', 'venue', 'mic')
+        ).order_by('start_date', 'end_date', 'start_time', 'end_time', 'meet_at').select_related('person',
+                                                                                                 'organisation',
+                                                                                                 'venue', 'mic')
        return events

    def rig_count(self):
@@ -301,7 +318,8 @@ class Event(models.Model, RevisionMixin):
    status = models.IntegerField(choices=EVENT_STATUS_CHOICES, default=PROVISIONAL)
    dry_hire = models.BooleanField(default=False)
    is_rig = models.BooleanField(default=True)
-    based_on = models.ForeignKey('Event', on_delete=models.SET_NULL, related_name='future_events', blank=True, null=True)
+    based_on = models.ForeignKey('Event', on_delete=models.SET_NULL, related_name='future_events', blank=True,
+                                 null=True)

    # Timing
    start_date = models.DateField()
@@ -327,6 +345,7 @@ class Event(models.Model, RevisionMixin):
    """
    EX Vat
    """
+
    @property
    def sum_total(self):
        # Manual querying is required for efficiency whilst maintaining floating point arithmetic
@@ -341,7 +360,8 @@ class Event(models.Model, RevisionMixin):
        # for item in self.items.filter(cost__gt=0).extra(select="SUM(cost * quantity) AS sum"):
        #    total += item.sum
        total = EventItem.objects.filter(event=self).aggregate(
-            sum_total=models.Sum(models.F('cost')*models.F('quantity'), output_field=models.DecimalField(max_digits=10, decimal_places=2))
+            sum_total=models.Sum(models.F('cost') * models.F('quantity'),
+                                 output_field=models.DecimalField(max_digits=10, decimal_places=2))
        )['sum_total']
        if total:
            return total
@@ -358,6 +378,7 @@ class Event(models.Model, RevisionMixin):
    """
    Inc VAT
    """
+
    @property
    def total(self):
        return self.sum_total + self.vat
@@ -430,7 +451,6 @@ class Event(models.Model, RevisionMixin):
        else:
            return endDate

-        
    objects = EventManager()

    def get_absolute_url(self):
@@ -503,15 +523,6 @@ class Invoice(models.Model):

    @property
    def payment_total(self):
-        # Manual querying is required for efficiency whilst maintaining floating point arithmetic
-        #if connection.vendor == 'postgresql':
-        #    sql = "SELECT SUM(amount) AS total FROM \"RIGS_payment\" WHERE invoice_id=%i" % self.id
-        #else:
-        #    sql = "SELECT id, SUM(amount) AS total FROM RIGS_payment WHERE invoice_id=%i" % self.id
-        #total = self.payment_set.raw(sql)[0]
-        #if total.total:
-        #    return total.total
-        #return 0.0
        total = self.payment_set.aggregate(total=models.Sum('amount'))['total']
        if total:
            return total
@@ -521,6 +532,10 @@ class Invoice(models.Model):
    def balance(self):
        return self.sum_total - self.payment_total

+    @property
+    def is_closed(self):
+        return self.balance == 0 or self.void
+
    def __str__(self):
        return "%i: %s (%.2f)" % (self.pk, self.event, self.balance)

--- a/RIGS/rigboard.py
+++ b/RIGS/rigboard.py
@@ -9,11 +9,13 @@ from django.shortcuts import get_object_or_404
 from django.template import RequestContext
 from django.template.loader import get_template
 from django.conf import settings
+from django.core.urlresolvers import reverse
 from django.http import HttpResponse
 from django.db.models import Q
 from django.contrib import messages
 from z3c.rml import rml2pdf
 from PyPDF2 import PdfFileMerger, PdfFileReader
+import simplejson

 from RIGS import models, forms
 import datetime
@@ -47,6 +49,28 @@ class EventDetail(generic.DetailView):
    model = models.Event


+class EventOembed(generic.View):
+    model = models.Event
+
+    def get(self, request, pk=None):
+
+        embed_url = reverse('event_embed', args=[pk])
+        full_url = "{0}://{1}{2}".format(request.scheme, request.META['HTTP_HOST'], embed_url)
+
+        data = {
+            'html': '<iframe src="{0}" frameborder="0" width="100%" height="250"></iframe>'.format(full_url),
+            'version': '1.0',
+            'type': 'rich',
+        }
+
+        json = simplejson.JSONEncoderForHTML().encode(data)
+        return HttpResponse(json, content_type="application/json")
+
+
+class EventEmbed(EventDetail):
+    template_name = 'RIGS/event_embed.html'
+
+
 class EventCreate(generic.CreateView):
    model = models.Event
    form_class = forms.EventForm
@@ -97,10 +121,11 @@ class EventDuplicate(EventUpdate):
        old = super(EventDuplicate, self).get_object(queryset) # Get the object (the event you're duplicating)
        new = copy.copy(old) # Make a copy of the object in memory
        new.based_on = old # Make the new event based on the old event
+        new.purchase_order = None

        if self.request.method in ('POST', 'PUT'): # This only happens on save (otherwise items won't display in editor)
            new.pk = None # This means a new event will be created on save, and all items will be re-created
-
+        else:
            messages.info(self.request, 'Event data duplicated but not yet saved. Click save to complete operation.')

        return new
--- a/RIGS/static/css/screen.css
+++ b/RIGS/static/css/screen.css
--- a/RIGS/static/imgs/forum-logo.gif
+++ b/RIGS/static/imgs/forum-logo.gif
--- a/RIGS/static/scss/screen.scss
+++ b/RIGS/static/scss/screen.scss
@@ -147,3 +147,45 @@ ins {
      };
  }
 }
+
+html.embedded{
+  min-height:100%;
+  display: table;
+  width: 100%;
+
+  body{
+    padding:0;
+    display: table-cell;
+    vertical-align: middle;
+    width:100%;
+    background:none;
+  }
+
+  .embed_container{
+    border:5px solid #e9e9e9;
+    padding:12px 0px;
+    min-height:100%;
+    width:100%;
+  }
+
+  .source{
+    background: url('/static/imgs/pyrigs-avatar.png') no-repeat;
+    background-size: 16px 16px;
+    padding-left: 20px;
+    color: #000;
+  }
+
+  h3{
+    margin-top:10px;
+    margin-bottom:5px;
+  }
+
+  p{
+    margin-bottom:2px;
+    font-size: 11px;
+  }
+
+  .event-mic-photo{
+    max-width: 3em;
+  }
+}
--- a/RIGS/templates/RIGS/event_detail.html
+++ b/RIGS/templates/RIGS/event_detail.html
@@ -25,9 +25,17 @@
                            class="hidden-xs">Duplicate</span></a>
                {% if event.is_rig %}
                    {% if perms.RIGS.add_invoice %}
-                        <a href="{% url 'invoice_event' event.pk %}" class="btn btn-default" title="Invoice Rig"><span
-                                class="glyphicon glyphicon-gbp"></span> <span
-                            class="hidden-xs">Invoice</span></a>
+                        <a id="invoiceDropdownLabel" href="{% url 'invoice_event' event.pk %}" class="btn
+                        {% if event.invoice and event.invoice.is_closed %}
+                            btn-success
+                        {% elif event.invoice %}
+                            btn-warning
+                        {% else %}
+                            btn-danger
+                        {% endif %}
+                        " title="Invoice Rig"><span
+                                class="glyphicon glyphicon-gbp"></span> 
+                                <span class="hidden-xs">Invoice</span></a>
                    {% endif %}
                {% endif %}
            </div>
@@ -190,9 +198,17 @@
                        class="hidden-xs">Duplicate</span></a>
            {% if event.is_rig %}
                {% if perms.RIGS.add_invoice %}
-                    <a href="{% url 'invoice_event' event.pk %}" class="btn btn-default" title="Invoice Rig"><span
-                            class="glyphicon glyphicon-gbp"></span> <span
-                        class="hidden-xs">Invoice</span></a>
+                    <a id="invoiceDropdownLabel" href="{% url 'invoice_event' event.pk %}" class="btn
+                    {% if event.invoice and event.invoice.is_closed %}
+                        btn-success
+                    {% elif event.invoice %}
+                        btn-warning
+                    {% else %}
+                        btn-danger
+                    {% endif %}
+                    " title="Invoice Rig"><span
+                            class="glyphicon glyphicon-gbp"></span> 
+                            <span class="hidden-xs">Invoice</span></a>
                {% endif %}
            {% endif %}
        </div>
@@ -227,9 +243,17 @@
                            class="hidden-xs">Duplicate</span></a>
                {% if event.is_rig %}
                    {% if perms.RIGS.add_invoice %}
-                        <a href="{% url 'invoice_event' event.pk %}" class="btn btn-default" title="Invoice Rig"><span
-                                class="glyphicon glyphicon-gbp"></span> <span
-                            class="hidden-xs">Invoice</span></a>
+                        <a id="invoiceDropdownLabel" href="{% url 'invoice_event' event.pk %}" class="btn
+                        {% if event.invoice and event.invoice.is_closed %}
+                            btn-success
+                        {% elif event.invoice %}
+                            btn-warning
+                        {% else %}
+                            btn-danger
+                        {% endif %}
+                        " title="Invoice Rig"><span
+                                class="glyphicon glyphicon-gbp"></span> 
+                                <span class="hidden-xs">Invoice</span></a>
                    {% endif %}
                {% endif %}
            </div>
--- a/RIGS/templates/RIGS/event_embed.html
+++ b/RIGS/templates/RIGS/event_embed.html
@@ -0,0 +1,106 @@
+{% extends 'base_embed.html' %}
+{% load static from staticfiles %}
+
+{% block content %}
+
+<div class="row">
+    <div class="col-sm-12">
+        <a href="/">
+            <span class="source"> R<small>ig</small> I<small>nformation</small> G<small>athering</small> S<small>ystem</small></span> 
+        </a>
+    </div>
+
+    <div class="col-sm-12">
+       <span class="pull-right">
+            {% if object.mic %}
+                <div class="text-center">
+                    <img src="{{ object.mic.profile_picture }}" class="event-mic-photo img-rounded"/>
+                </div>
+            {% elif object.is_rig %}
+                <span class="glyphicon glyphicon-exclamation-sign"></span>
+            {% endif %}
+        </span>
+        
+        <h3>
+            <a {% if perms.RIGS.view_event %}href="{% url 'event_detail' object.pk %}"{% endif %}>
+                {% if object.is_rig %}N{{ object.pk|stringformat:"05d" }}{% else %}{{ object.pk }}{% endif %}
+                | {{ object.name }} </a>
+                {% if object.venue %}
+                <small>at {{ object.venue }}</small>
+                {% endif %}
+        <br/><small>
+            {{ object.start_date|date:"D d/m/Y" }}
+            {% if object.has_start_time %}
+                {{ object.start_time|date:"H:i" }}
+            {% endif %}
+            {% if object.end_date or object.has_end_time %}
+                &ndash;
+            {% endif %}
+            {% if object.end_date and object.end_date != object.start_date %}
+                 {{ object.end_date|date:"D d/m/Y"  }}
+            {% endif %}
+            {% if object.has_end_time %}
+                {{ object.end_time|date:"H:i" }}
+            {% endif %}
+            </small>
+        </h3>
+
+        <div class="row">
+            <div class="col-xs-6">
+                <p>
+                    <strong>Status:</strong>
+                    {{ object.get_status_display }}
+                </p>
+                <p>
+                    {% if object.is_rig %}
+                        <strong>Client:</strong> {{ object.person.name }}
+                        {% if object.organisation %}
+                        for {{ object.organisation.name }}
+                        {% endif %}
+                        {% if object.dry_hire %}(Dry Hire){% endif %}
+                    {% else %}
+                        <strong>Non-Rig</strong>
+                    {% endif %}
+                </p>
+                <p>
+                    <strong>MIC:</strong>
+                    {% if object.mic %}
+                        {{object.mic.name}}
+                    {% else %}
+                        None
+                    {% endif %}
+                </p>
+            </div>
+            <div class="col-xs-6">
+                
+                {% if object.meet_at %}
+                    <p>
+                        <strong>Crew meet:</strong>
+                        {{ object.meet_at|date:"H:i" }} {{ object.meet_at|date:"(Y-m-d)" }}
+                    </p>
+                {% endif %}
+                {% if object.access_at %}
+                    <p>
+                        <strong>Access at:</strong>
+                        {{ object.access_at|date:"H:i" }} {{ object.access_at|date:"(Y-m-d)" }}
+                    </p>
+                {% endif %}
+                <p>
+                    <strong>Last updated:</strong>
+                    {{ object.last_edited_at }} by "{{ object.last_edited_by.initials }}"
+                </p>
+            </div>
+        </div>
+        {% if object.description %}
+            <p>
+            <strong>Description: </strong>
+            {{ object.description|linebreaksbr }}
+            </p>
+        {% endif %}
+            
+        </table>
+    </div>
+</div>
+
+
+{% endblock %}
--- a/RIGS/templates/RIGS/event_form.html
+++ b/RIGS/templates/RIGS/event_form.html
@@ -63,7 +63,7 @@
                        } else {
                            $('.form-is_rig').slideDown();
                        }
-                        $('.form-hws').css('overflow', 'visible');
+                        $('.form-hws, .form-hws .form-is_rig').css('overflow', 'visible');
                    } else {
                        $('#{{form.is_rig.auto_id}}').prop('checked', false);
                        $('.form-is_rig').slideUp();
--- a/RIGS/templates/RIGS/event_invoice.html
+++ b/RIGS/templates/RIGS/event_invoice.html
@@ -1,25 +1,37 @@
 {% extends 'base.html' %}
 {% load paginator from filters %}
+{% load static %}

 {% block title %}Events for Invoice{% endblock %}

+{% block js %}
+<script src="{% static "js/tooltip.js" %}"></script>
+<script>
+    $(function () {
+      $('[data-toggle="tooltip"]').tooltip();
+    });
+</script>
+{% endblock %}
+
 {% block content %}
    <div class="col-sm-12">
-        <h2>Events for Invoice</h2>
+        <h2>Events for Invoice ({{count}} Events, £ {{ total|floatformat:2 }})</h2>
+        <p>These events have happened, but paperwork has not yet been sent to treasury</p>
        {% if is_paginated %}
            <div class="col-md-6 col-md-offset-6 col-sm-12 text-right">
                {% paginator %}
            </div>
        {% endif %}
-        <table class="table table-responsive table-hover">
+        <div class="table-responsive col-sm-12">
+            <table class="table table-hover">
                <thead>
                <tr>
-                <th class="hiddenx-xs">#</th>
-                <th>Date</th>
-                <th>Event</th>
+                    <th>Event #</th>
+                    <th>Start Date</th>
+                    <th>Event Name</th>
                    <th>Client</th>
                    <th>Cost</th>
-                <th class="hidden-xs">MIC</th>
+                    <th>MIC</th>
                    <th></th>
                </tr>
                </thead>
@@ -39,23 +51,33 @@
                                danger
                            {% endif %}
                            ">
-                    <td class="hidden-xs"><a href="{% url 'event_detail' object.pk %}" target="_blank">N{{ object.pk|stringformat:"05d" }}</a></td>
-                    <td>{{ object.end_date }}</td>
+                        <td><a href="{% url 'event_detail' object.pk %}">N{{ object.pk|stringformat:"05d" }}</a><br>
+                            <span class="text-muted">{{ object.get_status_display }}</span></td>
+                        <td>{{ object.start_date }}</td>
                        <td>{{ object.name }}</td>
                        <td>
                            {% if object.organisation %}
                                {{ object.organisation.name }}
+                                <br>
+                                <span class="text-muted">{{ object.organisation.union_account|yesno:'Internal,External' }}</span>
                            {% else %}
                                {{ object.person.name }}
+                                <br>
+                                <span class="text-muted">External</span>
                            {% endif %}
+
                        </td>
                        <td>{{ object.sum_total|floatformat:2 }}</td>
                        <td class="text-center">
-                        {{ object.mic.initials }}<br/>
+                            {% if object.mic %}
+                                {{ object.mic.initials }}<br>
                                <img src="{{ object.mic.profile_picture }}" class="event-mic-photo"/>
+                            {% else %}
+                                <span class="glyphicon glyphicon-exclamation-sign"></span>
+                            {% endif %}
                        </td>
                        <td class="text-right">
-                        <a href="{% url 'invoice_event' object.pk %}" target="_blank" class="btn btn-default">
+                            <a href="{% url 'invoice_event' object.pk %}" class="btn btn-default" data-toggle="tooltip" title="'Invoice' this event - click this when paperwork has been sent to treasury">
                                <span class="glyphicon glyphicon-gbp"></span>
                            </a>
                        </td>
@@ -63,6 +85,7 @@
                {% endfor %}
                </tbody>
            </table>
+        </div>
        {% if is_paginated %}
            <div class="col-md-6 col-md-offset-6 col-sm-12 text-right">
                {% paginator %}
--- a/RIGS/templates/RIGS/event_table.html
+++ b/RIGS/templates/RIGS/event_table.html
@@ -1,7 +1,7 @@
 <div class="table-responsive">
    <table class="table">
        <thead>
-        <td class="hidden-xs">#</td>
+        <td>#</td>
        <td>Event Date</td>
        <td>Event Details</td>
        <td>Event Timings</td>
@@ -23,7 +23,7 @@
 							danger
 						{% endif %}
                        ">
-                <td class="hidden-xs">{{ event.pk }}</td>
+                <td>{{ event.pk }}</td>
                <td>
                    <div><strong>{{ event.start_date|date:"D d/m/Y" }}</strong></div>
                    {% if event.end_date and event.end_date != event.start_date %}
--- a/RIGS/templates/RIGS/index.html
+++ b/RIGS/templates/RIGS/index.html
@@ -25,7 +25,9 @@

                    <a class="list-group-item" href="//members.nottinghamtec.co.uk/forum" target="_blank"><span class="glyphicon glyphicon-link"></span> TEC Forum</a>
                    <a class="list-group-item" href="//members.nottinghamtec.co.uk/wiki" target="_blank"><span class="glyphicon glyphicon-link"></span> TEC Wiki</a>
+                    <a class="list-group-item" href="http://members.nottinghamtec.co.uk/wiki/images/2/22/Event_Risk_Assesment.pdf" target="_blank"><span class="glyphicon glyphicon-link"></span> Pre-Event Risk Assessment</a>
                    <a class="list-group-item" href="//members.nottinghamtec.co.uk/price" target="_blank"><span class="glyphicon glyphicon-link"></span> Price List</a>
+                    <a class="list-group-item" href="https://form.jotformeu.com/62203600438344" target="_blank"><span class="glyphicon glyphicon-link"></span> Subhire Insurance Form</a>
                
            </div>
        </div>
--- a/RIGS/templates/RIGS/invoice_confirm_delete.html
+++ b/RIGS/templates/RIGS/invoice_confirm_delete.html
@@ -0,0 +1,35 @@
+{% extends 'base.html' %}
+
+{% block title %}Delete payment on invoice {{ object.invoice.pk }}{% endblock %}
+
+{% block content %}
+    <div class="col-sm-offset-2 col-sm-8">
+        <div class="alert alert-danger" role="alert">
+            <h2>Delete invoice {{ object.pk }}</h2>
+
+            <p>Are you sure you wish to delete invoice {{ object.pk }}?</p>
+
+            <p class="text-center"><strong>This action cannot be undone!</strong></p>
+
+            <div class="row">
+                <div class="col-sm-12">
+                    <form action="{{ action_link }}" method="post">{% csrf_token %}
+                        <input type="hidden" name="next" value="{% url 'invoice_list' %}"/>
+                        <a href="{% url 'invoice_detail' object.pk %}" class="btn btn-default col-sm-1">No</a>
+                        <a href="{% url 'invoice_detail' object.pk %}" class="btn btn-default col-sm-1">No</a>
+                        <a href="{% url 'invoice_detail' object.pk %}" class="btn btn-default col-sm-1">No</a>
+                        <input type="submit" value="Yes" class="btn btn-danger col-sm-1"/>
+                        <a href="{% url 'invoice_detail' object.pk %}" class="btn btn-default col-sm-1">No</a>
+                        <a href="{% url 'invoice_detail' object.pk %}" class="btn btn-default col-sm-1">No</a>
+                        <a href="{% url 'invoice_detail' object.pk %}" class="btn btn-default col-sm-1">No</a>
+                        <a href="{% url 'invoice_detail' object.pk %}" class="btn btn-default col-sm-1">No</a>
+                        <a href="{% url 'invoice_detail' object.pk %}" class="btn btn-default col-sm-1">No</a>
+                        <a href="{% url 'invoice_detail' object.pk %}" class="btn btn-default col-sm-1">No</a>
+                        <a href="{% url 'invoice_detail' object.pk %}" class="btn btn-default col-sm-1">No</a>
+                        <a href="{% url 'invoice_detail' object.pk %}" class="btn btn-default col-sm-1">No</a>
+                    </form>
+                </div>
+            </div>
+        </div>
+    </div>
+{% endblock %}
--- a/RIGS/templates/RIGS/invoice_detail.html
+++ b/RIGS/templates/RIGS/invoice_detail.html
@@ -11,6 +11,10 @@

            <div class="col-sm-4 text-right">
                <div class="btn-group btn-page">
+                <a href="{% url 'invoice_delete' object.pk %}" class="btn btn-default" title="Void Invoice">
+                    <span class="glyphicon glyphicon-remove"></span> <span
+                            class="hidden-xs">Delete</span>
+                </a>
                <a href="{% url 'invoice_void' object.pk %}" class="btn btn-default" title="Void Invoice">
                    <span class="glyphicon glyphicon-ban-circle"></span> <span
                            class="hidden-xs">Void</span>
@@ -38,8 +42,11 @@
                </div>
            </div>
            <div class="col-sm-6">
-                <div class="panel panel-{% if object.void %}danger{% else %}info{% endif %}">
-                    <div class="panel-heading">Event Details</div>
+                <div class="panel panel-{% if object.is_closed %}success{% else %}warning{% endif %}">
+                    <div class="panel-heading">Event Details<span class="pull-right">
+                        {% if object.void %}(VOID){% elif object.is_closed %}(PAID){% else %}(OUTSTANDING){% endif %}
+                        </span>
+                    </div>
                    <div class="panel-body">
                        <dl class="dl-horizontal">
                            <dt>Event Number</dt>
@@ -109,6 +116,11 @@
                                    </td>
                                </tr>
                            {% endfor %}
+                            <tr>
+                                <td class="text-right"><strong>Balance:</strong></td>
+                                <td>{{ object.balance|floatformat:2 }}</td>
+                                <td></td>
+                                <td></td>
                            </tbody>
                        </table>
                    </div>
--- a/RIGS/templates/RIGS/invoice_list.html
+++ b/RIGS/templates/RIGS/invoice_list.html
@@ -5,17 +5,21 @@

 {% block content %}
    <div class="col-sm-12">
-        <h2>Invoices</h2>
+        <h2>{% block heading %}Invoices{% endblock %}</h2>
+        {% block description %}{% endblock %}
        {% if is_paginated %}
            <div class="col-md-6 col-md-offset-6 col-sm-12 text-right">
                {% paginator %}
            </div>
        {% endif %}
-        <table class="table table-responsive table-hover">
+        <div class="table-responsive col-sm-12">
+            <table class="table table-hover">
                <thead>
                <tr>
-                <th>#</th>
+                    <th>Invoice #</th>
                    <th>Event</th>
+                    <th>Client</th>
+                    <th>Event Date</th>
                    <th>Invoice Date</th>
                    <th>Balance</th>
                    <th></th>
@@ -23,9 +27,37 @@
                </thead>
                <tbody>
                {% for object in object_list %}
-                <tr class="{% if object.void %}danger{% elif object.balance == 0 %}success{% endif %}">
-                    <td>{{ object.pk }}</td>
-                    <td><a href="{% url 'event_detail' object.event.pk %}" target="_blank">N{{ object.event.pk|stringformat:"05d" }}</a>: {{ object.event.name }}</td>
+                    <tr>
+                        <td class="{% if object.is_closed %}success{% else %}warning{% endif %}">{{ object.pk }}<br>
+                        <span class="text-muted">{% if object.void %}(VOID){% elif object.is_closed %}(PAID){% else %}(O/S){% endif %}</span></td>
+                        <td class="
+                            {% if object.event.cancelled %}
+                                active text-muted
+                            {% elif not object.event.is_rig %}
+                                info
+                            {% elif object.event.confirmed and object.event.mic %}
+                            {# interpreated as (booked and mic) #}
+                                success
+                            {% elif object.event.mic %}
+                                warning
+                            {% else %}
+                                danger
+                            {% endif %}
+                            "><a href="{% url 'event_detail' object.event.pk %}">N{{ object.event.pk|stringformat:"05d" }}</a>: {{ object.event.name }} <br>
+                            <span class="text-muted">{{ object.event.get_status_display }}{% if not object.event.mic %}, No MIC{% endif %}
+                            </span></td>
+                        </td>
+                        <td>{% if object.event.organisation %}
+                                {{ object.event.organisation.name }}
+                                <br>
+                                <span class="text-muted">{{ object.event.organisation.union_account|yesno:'Internal,External' }}</span>
+                            {% else %}
+                                {{ object.event.person.name }}
+                                <br>
+                                <span class="text-muted">External</span>
+                            {% endif %}
+                        </td>
+                        <td>{{ object.event.start_date }}</td>
                        <td>{{ object.invoice_date }}</td>
                        <td>{{ object.balance|floatformat:2 }}</td>
                        <td class="text-right">
@@ -37,6 +69,7 @@
                {% endfor %}
                </tbody>
            </table>
+        </div>
        {% if is_paginated %}
            <div class="col-md-6 col-md-offset-6 col-sm-12 text-right">
                {% paginator %}
--- a/RIGS/templates/RIGS/invoice_list_active.html
+++ b/RIGS/templates/RIGS/invoice_list_active.html
@@ -0,0 +1,13 @@
+{% extends 'RIGS/invoice_list.html' %}
+
+{% block title %}
+Outstanding Invoices
+{% endblock %}
+
+{% block heading %}
+Outstanding Invoices ({{ count }} Events, £ {{ total|floatformat:2 }})
+{% endblock %}
+
+{% block description %}
+<p>Paperwork for these events has been sent to treasury, but the full balance has not yet appeared on a ledger</p>
+{% endblock %}
--- a/RIGS/templates/RIGS/invoice_list_archive.html
+++ b/RIGS/templates/RIGS/invoice_list_archive.html
@@ -0,0 +1,13 @@
+{% extends 'RIGS/invoice_list.html' %}
+
+{% block title %}
+Invoice Archive
+{% endblock %}
+
+{% block heading %}
+All Invoices
+{% endblock %}
+
+{% block description %}
+<p>This page displays all invoices: outstanding, paid, and void</p>
+{% endblock %}
--- a/RIGS/templates/RIGS/organisation_list.html
+++ b/RIGS/templates/RIGS/organisation_list.html
@@ -45,7 +45,7 @@
                        <td>{{ object.pk }}</td>
                        <td>{{ object.name }}</td>
                        <td>{{ object.email }}</td>
-                        <td>{{ object.phone }}</td>
+                        <td><a href="tel:{{ object.phone }}">{{ object.phone }}</a></td>
                        <td>{{ object.notes|yesno|capfirst }}</td>
                        <td>{{ object.union_account|yesno|capfirst }}</td>
                        <td>
--- a/RIGS/templates/RIGS/person_list.html
+++ b/RIGS/templates/RIGS/person_list.html
@@ -44,7 +44,7 @@
                        <td>{{ person.pk }}</td>
                        <td>{{ person.name }}</td>
                        <td>{{ person.email }}</td>
-                        <td>{{ person.phone }}</td>
+                        <td><a href="tel:{{ person.phone }}">{{ person.phone }}</a></td>
                        <td>{{ person.notes|yesno|capfirst }}</td>
                        <td>
                            <a href="{% url 'person_detail' person.pk %}" class="btn btn-default modal-href">
--- a/RIGS/templates/RIGS/profile_detail.html
+++ b/RIGS/templates/RIGS/profile_detail.html
@@ -71,7 +71,7 @@
 				<dd>{{object.initials}}</dd>

 				<dt>Phone</dt>
-				<dd>{{object.phone}}</dd>
+				<dd><a href="tel:{{ object.phone }}">{{object.phone}}</a></dd>
 			</dl>
 			{% if not request.is_ajax %}
 			{% if object.pk == user.pk %}
@@ -126,13 +126,27 @@
 				<dd>
 					{% if user.api_key %}
 						<pre id="cal-url" data-url="http{{ request.is_secure|yesno:"s,"}}://{{ request.get_host }}{% url 'ics_calendar' api_pk=user.pk api_key=user.api_key %}"></pre>
-						<small><a id="gcal-link" data-url="http://www.google.com/calendar/render?cid=http{{ request.is_secure|yesno:"s,"}}://{{ request.get_host }}{% url 'ics_calendar' api_pk=user.pk api_key=user.api_key %}" href="">Click here</a> to add to google calendar.<br/>
+						<small><a id="gcal-link" data-url="https://support.google.com/calendar/answer/37100" href="">Click here</a> for instructions on adding to google calendar.<br/>
 						To sync from google calendar to mobile device, visit <a href="https://www.google.com/calendar/syncselect" target="_blank">this page</a> on your device and tick "RIGS Calendar".</small>
 					{% else %}
 						<pre>No API Key Generated</pre>
 					{% endif %}
 				</dd>
 			</dl>
+
+			<h4>Linked to {{object.social_auth.count}} Forum Account(s)</h4>
+
+			{% if object.social_auth.count > 0 %}
+
+		    	<a href="{% url 'unlink_forum' %}" class="btn btn-danger">
+					Unlink Forum Account(s) <span class="glyphicon glyphicon-pencil"></span>
+				</a>
+			{% else %}
+				<a href="{% url "social:begin" "discourse" %}" class="btn btn-success">
+					Link Forum Account <span class="glyphicon glyphicon-pencil"></span>
+				</a>
+			{% endif %}
+
 			{% endif %}
 			{% endif %}
 		</div>
--- a/RIGS/templates/RIGS/social-associate.html
+++ b/RIGS/templates/RIGS/social-associate.html
@@ -0,0 +1,55 @@
+{% extends 'base.html' %}
+{% load widget_tweaks %}
+{% block title %}Associate{% endblock %}
+
+{% block content %}
+<div class="col-sm-10 col-sm-offset-1">
+
+    <div class="text-center">
+        <h1>R<small>ig</small> I<small>nformation</small> G<small>athering</small> S<small>ystem</small></h1>
+    </div>
+    <h2 class="text-center">Welcome <strong>{{details.username}}</strong></h2>
+    <h4 class="text-center">This is the first time you've visited RIGS with your forum account, so we need a few details to get you set up</h4>
+    <hr/>
+    
+
+    {% if alreadyLoggedIn %}
+        <h2 class="text-center">You are logged in to RIGS as <strong>{{loggedInUser.username}}</strong></h2>
+        <div class="col-sm-8 col-sm-offset-2">
+        <form action="", method="post">{% csrf_token %}
+            <input type="hidden" name="UseCurrentAccount" value="1"/>
+            <button type="submit" class="btn btn-lg btn-primary center btn-block">Link Forum account to RIGS Account</button>
+            </form>
+            <a class="btn btn-lg btn-warning center btn-block" href="{% url 'logout' %}" role="button">Logout</a>
+        </div>
+    {% else %}
+        <h4 class="text-center"><a class="btn btn-info" href="{{login_url}}" role="button">I already have a RIGS account</a></h4>
+        {% if form.errors or supplement_form.errors %}
+        <div class="alert alert-danger">
+            {{form.errors}}
+            {{supplement_form.errors}}
+        </div>
+        {% endif %}
+
+        <div class="col-sm-8 col-sm-offset-2">
+            <form action="" method="post" class="form-horizontal" role="form">{% csrf_token %}
+                {% for field in form %}
+                    <div class="form-group">
+                        <label for="{{ field.id_for_label }}" class="control-label col-sm-4">{{ field.label }}</label>
+                        <div class="controls col-sm-8">
+                            {% render_field field class+="form-control" placeholder=field.label %}
+                        </div>
+                    </div>
+                {% endfor %}
+                <p><input type="submit" value="Register" class="btn btn-primary pull-right"></p>
+            </form>
+
+        </div>
+    {% endif %}
+
+    
+    
+
+
+</div>
+{% endblock %}
--- a/RIGS/templates/RIGS/venue_list.html
+++ b/RIGS/templates/RIGS/venue_list.html
@@ -45,7 +45,7 @@
                        <td>{{ object.pk }}</td>
                        <td>{{ object.name }}</td>
                        <td>{{ object.email }}</td>
-                        <td>{{ object.phone }}</td>
+                        <td><a href="tel:{{ object.phone }}">{{ object.phone }}</a></td>
                        <td>{{ object.notes|yesno|capfirst }}</td>
                        <td>
                            <a href="{% url 'venue_detail' object.pk %}" class="btn btn-default modal-href">
--- a/RIGS/test_functional.py
+++ b/RIGS/test_functional.py
@@ -1,150 +1,151 @@
 # -*- coding: utf-8 -*-
+import os
+import re
+from datetime import date, timedelta
+
+import reversion
+from django.core import mail
+from django.db import transaction
 from django.test import LiveServerTestCase
 from django.test.client import Client
-from django.core import mail
 from selenium import webdriver
-from selenium.webdriver.common.keys import Keys
 from selenium.common.exceptions import StaleElementReferenceException, WebDriverException
+from selenium.webdriver.common.keys import Keys
 from selenium.webdriver.support.ui import WebDriverWait
+
 from RIGS import models
-import re
-import os
-from datetime import date, timedelta
-from django.db import transaction
-import reversion
-import json


-class UserRegistrationTest(LiveServerTestCase):
+# class UserRegistrationTest(LiveServerTestCase):

-    def setUp(self):
-        self.browser = webdriver.Firefox()
-        self.browser.implicitly_wait(3) # Set implicit wait session wide
-        os.environ['RECAPTCHA_TESTING'] = 'True'
+#     def setUp(self):
+#         self.browser = webdriver.Firefox()
+#         self.browser.implicitly_wait(3) # Set implicit wait session wide
+#         os.environ['RECAPTCHA_TESTING'] = 'True'

-    def tearDown(self):
-        self.browser.quit()
-        os.environ['RECAPTCHA_TESTING'] = 'False'
+#     def tearDown(self):
+#         self.browser.quit()
+#         os.environ['RECAPTCHA_TESTING'] = 'False'

-    def test_registration(self):
-        # Navigate to the registration page
-        self.browser.get(self.live_server_url + '/user/register/')
-        title_text = self.browser.find_element_by_tag_name('h3').text
-        self.assertIn("User Registration", title_text)
+#     def test_registration(self):
+#         # Navigate to the registration page
+#         self.browser.get(self.live_server_url + '/user/register/')
+#         title_text = self.browser.find_element_by_tag_name('h3').text
+#         self.assertIn("User Registration", title_text)

-        # Check the form invites correctly
-        username = self.browser.find_element_by_id('id_username')
-        self.assertEqual(username.get_attribute('placeholder'), 'Username')
-        email = self.browser.find_element_by_id('id_email')
-        self.assertEqual(email.get_attribute('placeholder'), 'E-mail')
-        # If this is correct we don't need to test it later
-        self.assertEqual(email.get_attribute('type'), 'email')
-        password1 = self.browser.find_element_by_id('id_password1')
-        self.assertEqual(password1.get_attribute('placeholder'), 'Password')
-        self.assertEqual(password1.get_attribute('type'), 'password')
-        password2 = self.browser.find_element_by_id('id_password2')
-        self.assertEqual(
-            password2.get_attribute('placeholder'), 'Password confirmation')
-        self.assertEqual(password2.get_attribute('type'), 'password')
-        first_name = self.browser.find_element_by_id('id_first_name')
-        self.assertEqual(first_name.get_attribute('placeholder'), 'First name')
-        last_name = self.browser.find_element_by_id('id_last_name')
-        self.assertEqual(last_name.get_attribute('placeholder'), 'Last name')
-        initials = self.browser.find_element_by_id('id_initials')
-        self.assertEqual(initials.get_attribute('placeholder'), 'Initials')
-        phone = self.browser.find_element_by_id('id_phone')
-        self.assertEqual(phone.get_attribute('placeholder'), 'Phone')
+#         # Check the form invites correctly
+#         username = self.browser.find_element_by_id('id_username')
+#         self.assertEqual(username.get_attribute('placeholder'), 'Username')
+#         email = self.browser.find_element_by_id('id_email')
+#         self.assertEqual(email.get_attribute('placeholder'), 'E-mail')
+#         # If this is correct we don't need to test it later
+#         self.assertEqual(email.get_attribute('type'), 'email')
+#         password1 = self.browser.find_element_by_id('id_password1')
+#         self.assertEqual(password1.get_attribute('placeholder'), 'Password')
+#         self.assertEqual(password1.get_attribute('type'), 'password')
+#         password2 = self.browser.find_element_by_id('id_password2')
+#         self.assertEqual(
+#             password2.get_attribute('placeholder'), 'Password confirmation')
+#         self.assertEqual(password2.get_attribute('type'), 'password')
+#         first_name = self.browser.find_element_by_id('id_first_name')
+#         self.assertEqual(first_name.get_attribute('placeholder'), 'First name')
+#         last_name = self.browser.find_element_by_id('id_last_name')
+#         self.assertEqual(last_name.get_attribute('placeholder'), 'Last name')
+#         initials = self.browser.find_element_by_id('id_initials')
+#         self.assertEqual(initials.get_attribute('placeholder'), 'Initials')
+#         phone = self.browser.find_element_by_id('id_phone')
+#         self.assertEqual(phone.get_attribute('placeholder'), 'Phone')

-        # Fill the form out incorrectly
-        username.send_keys('TestUsername')
-        email.send_keys('test@example.com')
-        password1.send_keys('correcthorsebatterystaple')
-        # deliberate mistake
-        password2.send_keys('correcthorsebatterystapleerror')
-        first_name.send_keys('John')
-        last_name.send_keys('Smith')
-        initials.send_keys('JS')
-        phone.send_keys('0123456789')
-        self.browser.execute_script(
-            "return jQuery('#g-recaptcha-response').val('PASSED')")
+#         # Fill the form out incorrectly
+#         username.send_keys('TestUsername')
+#         email.send_keys('test@example.com')
+#         password1.send_keys('correcthorsebatterystaple')
+#         # deliberate mistake
+#         password2.send_keys('correcthorsebatterystapleerror')
+#         first_name.send_keys('John')
+#         last_name.send_keys('Smith')
+#         initials.send_keys('JS')
+#         phone.send_keys('0123456789')
+#         self.browser.execute_script(
+#             "return jQuery('#g-recaptcha-response').val('PASSED')")

-        # Submit incorrect form
-        submit = self.browser.find_element_by_xpath("//input[@type='submit']")
-        submit.click()
+#         # Submit incorrect form
+#         submit = self.browser.find_element_by_xpath("//input[@type='submit']")
+#         submit.click()

-        # Restablish error fields
-        password1 = self.browser.find_element_by_id('id_password1')
-        password2 = self.browser.find_element_by_id('id_password2')
+#         # Restablish error fields
+#         password1 = self.browser.find_element_by_id('id_password1')
+#         password2 = self.browser.find_element_by_id('id_password2')

-        # Read what the error is
-        alert = self.browser.find_element_by_css_selector(
-            'div.alert-danger').text
-        self.assertIn("password fields didn't match", alert)
+#         # Read what the error is
+#         alert = self.browser.find_element_by_css_selector(
+#             'div.alert-danger').text
+#         self.assertIn("password fields didn't match", alert)

-        # Passwords should be empty
-        self.assertEqual(password1.get_attribute('value'), '')
-        self.assertEqual(password2.get_attribute('value'), '')
+#         # Passwords should be empty
+#         self.assertEqual(password1.get_attribute('value'), '')
+#         self.assertEqual(password2.get_attribute('value'), '')

-        # Correct error
-        password1.send_keys('correcthorsebatterystaple')
-        password2.send_keys('correcthorsebatterystaple')
-        self.browser.execute_script(
-            "return jQuery('#g-recaptcha-response').val('PASSED')")
+#         # Correct error
+#         password1.send_keys('correcthorsebatterystaple')
+#         password2.send_keys('correcthorsebatterystaple')
+#         self.browser.execute_script(
+#             "return jQuery('#g-recaptcha-response').val('PASSED')")

-        # Submit again
-        password2.send_keys(Keys.ENTER)
+#         # Submit again
+#         password2.send_keys(Keys.ENTER)

-        # Check we have a success message
-        alert = self.browser.find_element_by_css_selector(
-            'div.alert-success').text
-        self.assertIn('register', alert)
-        self.assertIn('email', alert)
+#         # Check we have a success message
+#         alert = self.browser.find_element_by_css_selector(
+#             'div.alert-success').text
+#         self.assertIn('register', alert)
+#         self.assertIn('email', alert)

-        # Check Email
-        self.assertEqual(len(mail.outbox), 1)
-        email = mail.outbox[0]
-        self.assertIn('activation required', email.subject)
-        urls = re.findall(
-            'http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+', email.body)
-        self.assertEqual(len(urls), 1)
+#         # Check Email
+#         self.assertEqual(len(mail.outbox), 1)
+#         email = mail.outbox[0]
+#         self.assertIn('John Smith "JS" activation required', email.subject)
+#         urls = re.findall(
+#             'http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+', email.body)
+#         self.assertEqual(len(urls), 1)

-        mail.outbox = []  # empty this for later
+#         mail.outbox = []  # empty this for later

-        # Follow link
-        self.browser.get(urls[0])  # go to the first link
+#         # Follow link
+#         self.browser.get(urls[0])  # go to the first link

-        # Complete registration
-        title_text = self.browser.find_element_by_tag_name('h2').text
-        self.assertIn('Complete', title_text)
+#         # Complete registration
+#         title_text = self.browser.find_element_by_tag_name('h2').text
+#         self.assertIn('Complete', title_text)

-        # Test login
-        self.browser.get(self.live_server_url + '/user/login')
-        username = self.browser.find_element_by_id('id_username')
-        self.assertEqual(username.get_attribute('placeholder'), 'Username')
-        password = self.browser.find_element_by_id('id_password')
-        self.assertEqual(password.get_attribute('placeholder'), 'Password')
-        self.assertEqual(password.get_attribute('type'), 'password')
+#         # Test login
+#         self.browser.get(self.live_server_url + '/user/login')
+#         username = self.browser.find_element_by_id('id_username')
+#         self.assertEqual(username.get_attribute('placeholder'), 'Username')
+#         password = self.browser.find_element_by_id('id_password')
+#         self.assertEqual(password.get_attribute('placeholder'), 'Password')
+#         self.assertEqual(password.get_attribute('type'), 'password')

-        username.send_keys('TestUsername')
-        password.send_keys('correcthorsebatterystaple')
-        self.browser.execute_script(
-            "return jQuery('#g-recaptcha-response').val('PASSED')")
-        password.send_keys(Keys.ENTER)
+#         username.send_keys('TestUsername')
+#         password.send_keys('correcthorsebatterystaple')
+#         self.browser.execute_script(
+#             "return jQuery('#g-recaptcha-response').val('PASSED')")
+#         password.send_keys(Keys.ENTER)

-        # Check we are logged in
-        udd = self.browser.find_element_by_class_name('navbar').text
-        self.assertIn('Hi John', udd)
+#         # Check we are logged in
+#         udd = self.browser.find_element_by_class_name('navbar').text
+#         self.assertIn('Hi John', udd)

-        # Check all the data actually got saved
-        profileObject = models.Profile.objects.all()[0]
-        self.assertEqual(profileObject.username, 'TestUsername')
-        self.assertEqual(profileObject.first_name, 'John')
-        self.assertEqual(profileObject.last_name, 'Smith')
-        self.assertEqual(profileObject.initials, 'JS')
-        self.assertEqual(profileObject.phone, '0123456789')
-        self.assertEqual(profileObject.email, 'test@example.com')
+#         # Check all the data actually got saved
+#         profileObject = models.Profile.objects.all()[0]
+#         self.assertEqual(profileObject.username, 'TestUsername')
+#         self.assertEqual(profileObject.first_name, 'John')
+#         self.assertEqual(profileObject.last_name, 'Smith')
+#         self.assertEqual(profileObject.initials, 'JS')
+#         self.assertEqual(profileObject.phone, '0123456789')
+#         self.assertEqual(profileObject.email, 'test@example.com')

-        # All is well
+#         # All is well


 class EventTest(LiveServerTestCase):
@@ -437,7 +438,7 @@ class EventTest(LiveServerTestCase):
            pass

    def testEventDuplicate(self):
-        testEvent = models.Event.objects.create(name="TE E1", status=models.Event.PROVISIONAL, start_date=date.today() + timedelta(days=6), description="start future no end") 
+        testEvent = models.Event.objects.create(name="TE E1", status=models.Event.PROVISIONAL, start_date=date.today() + timedelta(days=6), description="start future no end", purchase_order="TESTPO") 

        item1 = models.EventItem(
                event=testEvent,
@@ -470,6 +471,9 @@ class EventTest(LiveServerTestCase):
        self.assertIn("Test Item 1", table.text)
        self.assertIn("Test Item 2", table.text)

+        # Check the info message is visible
+        self.assertIn("Event data duplicated but not yet saved",self.browser.find_element_by_id('content').text)
+
        # Add item
        form.find_element_by_xpath('//button[contains(@class, "item-add")]').click()
        wait.until(animation_is_finished())
@@ -488,6 +492,7 @@ class EventTest(LiveServerTestCase):
        save.click()

        self.assertNotIn("N0000%d"%testEvent.pk, self.browser.find_element_by_xpath('//h1').text)
+        self.assertNotIn("Event data duplicated but not yet saved", self.browser.find_element_by_id('content').text) # Check info message not visible

        # Check the new items are visible
        table = self.browser.find_element_by_id('item-table') # ID number is known, see above
@@ -497,6 +502,8 @@ class EventTest(LiveServerTestCase):

        infoPanel = self.browser.find_element_by_xpath('//div[contains(text(), "Event Info")]/..')
        self.assertIn("N0000%d"%testEvent.pk, infoPanel.find_element_by_xpath('//dt[text()="Based On"]/following-sibling::dd[1]').text)
+        # Check the PO hasn't carried through
+        self.assertNotIn("TESTPO", infoPanel.find_element_by_xpath('//dt[text()="PO"]/following-sibling::dd[1]').text)



@@ -505,6 +512,8 @@ class EventTest(LiveServerTestCase):
        #Check that based-on hasn't crept into the old event
        infoPanel = self.browser.find_element_by_xpath('//div[contains(text(), "Event Info")]/..')
        self.assertNotIn("N0000%d"%testEvent.pk, infoPanel.find_element_by_xpath('//dt[text()="Based On"]/following-sibling::dd[1]').text)        
+        # Check the PO remains on the old event
+        self.assertIn("TESTPO", infoPanel.find_element_by_xpath('//dt[text()="PO"]/following-sibling::dd[1]').text)

        # Check the items are as they were
        table = self.browser.find_element_by_id('item-table') # ID number is known, see above
--- a/RIGS/test_unit.py
+++ b/RIGS/test_unit.py
@@ -1,9 +1,12 @@
-from django.core.urlresolvers import reverse
-from django.test import TestCase
 from datetime import date

-from RIGS import models
 from django.core.exceptions import ObjectDoesNotExist
+from django.core.management import call_command
+from django.core.urlresolvers import reverse
+from django.test import TestCase
+from django.test.utils import override_settings
+
+from RIGS import models


 class TestAdminMergeObjects(TestCase):
@@ -155,3 +158,153 @@ class TestAdminMergeObjects(TestCase):
            if event.organisation == self.organisations[3]:  # The one we left in place
                continue
            self.assertEqual(updatedEvent.organisation, self.organisations[1])
+
+class TestInvoiceDelete(TestCase):
+    @classmethod
+    def setUpTestData(cls):
+        cls.profile = models.Profile.objects.create(username="testuser1", email="1@test.com", is_superuser=True, is_active=True, is_staff=True)
+
+        cls.events = {
+            1: models.Event.objects.create(name="TE E1", start_date=date.today()),
+            2: models.Event.objects.create(name="TE E2", start_date=date.today())
+        }
+
+        cls.invoices = {
+            1: models.Invoice.objects.create(event=cls.events[1]),
+            2: models.Invoice.objects.create(event=cls.events[2])
+        }
+
+        cls.payments = {
+            1: models.Payment.objects.create(invoice=cls.invoices[1], date=date.today(), amount=12.34, method=models.Payment.CASH)
+        }
+
+    def setUp(self):
+        self.profile.set_password('testuser')
+        self.profile.save()
+        self.assertTrue(self.client.login(username=self.profile.username, password='testuser'))
+
+    def test_invoice_delete_allowed(self):
+        request_url = reverse('invoice_delete', kwargs={'pk':self.invoices[2].pk})
+
+        response = self.client.get(request_url, follow=True)
+        self.assertContains(response, "Are you sure")
+
+        # Check the invoice still exists
+        self.assertTrue(models.Invoice.objects.get(pk=self.invoices[2].pk))
+
+        # Actually delete it
+        response = self.client.post(request_url, follow=True)
+
+        # Check the invoice is deleted
+        self.assertRaises(ObjectDoesNotExist, models.Invoice.objects.get, pk=self.invoices[2].pk)
+
+    def test_invoice_delete_not_allowed(self):
+        request_url = reverse('invoice_delete', kwargs={'pk':self.invoices[1].pk})
+
+        response = self.client.get(request_url, follow=True)
+        self.assertContains(response, "To delete an invoice, delete the payments first.")
+
+        # Check the invoice still exists
+        self.assertTrue(models.Invoice.objects.get(pk=self.invoices[1].pk))
+
+        # Try to actually delete it
+        response = self.client.post(request_url, follow=True)
+
+        # Check this didn't work
+        self.assertTrue(models.Invoice.objects.get(pk=self.invoices[1].pk))
+
+
+class TestEmbeddedViews(TestCase):
+    @classmethod
+    def setUpTestData(cls):
+        cls.profile = models.Profile.objects.create(username="testuser1", email="1@test.com", is_superuser=True, is_active=True, is_staff=True)
+
+        cls.events = {
+            1: models.Event.objects.create(name="TE E1", start_date=date.today()),
+            2: models.Event.objects.create(name="TE E2", start_date=date.today())
+        }
+
+        cls.invoices = {
+            1: models.Invoice.objects.create(event=cls.events[1]),
+            2: models.Invoice.objects.create(event=cls.events[2])
+        }
+
+        cls.payments = {
+            1: models.Payment.objects.create(invoice=cls.invoices[1], date=date.today(), amount=12.34, method=models.Payment.CASH)
+        }
+
+    def setUp(self):
+        self.profile.set_password('testuser')
+        self.profile.save()
+
+    def testLoginRedirect(self):
+        request_url = reverse('event_embed', kwargs={'pk': 1})
+        expected_url = "{0}?next={1}".format(reverse('login_embed'), request_url)
+
+        # Request the page and check it redirects
+        response = self.client.get(request_url, follow=True)
+        self.assertRedirects(response, expected_url, status_code=302, target_status_code=200)
+
+        # Now login
+        self.assertTrue(self.client.login(username=self.profile.username, password='testuser'))
+
+        # And check that it no longer redirects
+        response = self.client.get(request_url, follow=True)
+        self.assertEqual(len(response.redirect_chain), 0)
+
+    def testLoginCookieWarning(self):
+        login_url = reverse('login_embed')
+        response = self.client.post(login_url, follow=True)
+        self.assertContains(response, "Cookies do not seem to be enabled")
+
+    def testXFrameHeaders(self):
+        event_url = reverse('event_embed', kwargs={'pk': 1})
+        login_url = reverse('login_embed')
+
+        self.assertTrue(self.client.login(username=self.profile.username, password='testuser'))
+
+        response = self.client.get(event_url, follow=True)
+        with self.assertRaises(KeyError):
+            response._headers["X-Frame-Options"]
+
+        response = self.client.get(login_url, follow=True)
+        with self.assertRaises(KeyError):
+            response._headers["X-Frame-Options"]
+
+    def testOEmbed(self):
+        event_url = reverse('event_detail', kwargs={'pk': 1})
+        event_embed_url = reverse('event_embed', kwargs={'pk': 1})
+        oembed_url = reverse('event_oembed', kwargs={'pk': 1})
+
+        alt_oembed_url = reverse('event_oembed', kwargs={'pk': 999})
+        alt_event_embed_url = reverse('event_embed', kwargs={'pk': 999})
+
+        # Test the meta tag is in place
+        response = self.client.get(event_url, follow=True, HTTP_HOST='example.com')
+        self.assertContains(response, '<link rel="alternate" type="application/json+oembed"')
+        self.assertContains(response, oembed_url)
+
+        # Test that the JSON exists
+        response = self.client.get(oembed_url, follow=True, HTTP_HOST='example.com')
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, event_embed_url)
+
+        # Should also work for non-existant events
+        response = self.client.get(alt_oembed_url, follow=True, HTTP_HOST='example.com')
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, alt_event_embed_url)
+
+
+class TestSampleDataGenerator(TestCase):
+    @override_settings(DEBUG=True)
+    def test_generate_sample_data(self):
+        # Run the management command and check there are no exceptions
+        call_command('generateSampleData')
+
+        # Check there are lots of events
+        self.assertTrue(models.Event.objects.all().count() > 100)
+
+    def test_production_exception(self):
+        from django.core.management.base import CommandError
+
+        self.assertRaisesRegexp(CommandError, ".*production", call_command, 'generateSampleData')
--- a/RIGS/urls.py
+++ b/RIGS/urls.py
@@ -1,7 +1,8 @@
-from django.conf.urls import patterns, include, url
+from django.conf.urls import patterns, url
 from django.contrib.auth.decorators import login_required
 from RIGS import models, views, rigboard, finance, ical, versioning, forms
 from django.views.generic import RedirectView
+from django.views.decorators.clickjacking import xframe_options_exempt

 from PyRIGS.decorators import permission_required_with_403
 from PyRIGS.decorators import api_key_required
@@ -14,6 +15,7 @@ urlpatterns = patterns('',
                       url(r'^closemodal/$', views.CloseModal.as_view(), name='closemodal'),

                       url('^user/login/$', 'RIGS.views.login', name='login'),
+                       url('^user/login/embed/$', xframe_options_exempt(views.login_embed), name='login_embed'),
                       url(r'^user/password_reset/$', 'django.contrib.auth.views.password_reset', {'password_reset_form': forms.PasswordReset}),

                       # People
@@ -80,8 +82,14 @@ urlpatterns = patterns('',
                           name='activity_feed'),

                       url(r'^event/(?P<pk>\d+)/$',
-                           permission_required_with_403('RIGS.view_event')(rigboard.EventDetail.as_view()),
+                           permission_required_with_403('RIGS.view_event', oembed_view="event_oembed")(rigboard.EventDetail.as_view()),
                           name='event_detail'),
+                       url(r'^event/(?P<pk>\d+)/embed/$',
+                           xframe_options_exempt(login_required(login_url='/user/login/embed/')(rigboard.EventEmbed.as_view())),
+                           name='event_embed'),
+                       url(r'^event/(?P<pk>\d+)/oembed_json/$',
+                           rigboard.EventOembed.as_view(),
+                           name='event_oembed'),
                       url(r'^event/(?P<pk>\d+)/print/$',
                           permission_required_with_403('RIGS.view_event')(rigboard.EventPrint.as_view()),
                           name='event_print'),
@@ -127,6 +135,9 @@ urlpatterns = patterns('',
                       url(r'^invoice/(?P<pk>\d+)/void/$',
                           permission_required_with_403('RIGS.change_invoice')(finance.InvoiceVoid.as_view()),
                           name='invoice_void'),
+                       url(r'^invoice/(?P<pk>\d+)/delete/$',
+                           permission_required_with_403('RIGS.change_invoice')(finance.InvoiceDelete.as_view()),
+                           name='invoice_delete'),
                       url(r'^payment/create/$',
                           permission_required_with_403('RIGS.add_payment')(finance.PaymentCreate.as_view()),
                           name='payment_create'),
@@ -142,6 +153,7 @@ urlpatterns = patterns('',
                       url(r'^user/edit/$', login_required(views.ProfileUpdateSelf.as_view()),
                           name='profile_update_self'),
                       url(r'^user/reset_api_key$', login_required(views.ResetApiKey.as_view(permanent=False)), name='reset_api_key'),
+                       url(r'^user/unlink_forum$', login_required(views.UnlinkForum.as_view(permanent=False)), name='unlink_forum'),

                       # ICS Calendar - API key authentication
                       url(r'^ical/(?P<api_pk>\d+)/(?P<api_key>\w+)/rigs.ics$', api_key_required(ical.CalendarICS()), name="ics_calendar"),
@@ -155,4 +167,3 @@ urlpatterns = patterns('',
                       url(r'^bookings/$', RedirectView.as_view(permanent=True, pattern_name='rigboard')),
                       url(r'^bookings/past/$', RedirectView.as_view(permanent=True, pattern_name='event_archive')),
                       )
-
--- a/RIGS/views.py
+++ b/RIGS/views.py
@@ -12,6 +12,8 @@ from django.contrib import messages
 import datetime, pytz
 import operator
 from registration.views import RegistrationView
+from django.views.decorators.csrf import csrf_exempt
+

 from RIGS import models, forms

@@ -29,12 +31,37 @@ class Index(generic.TemplateView):
 def login(request, **kwargs):
    if request.user.is_authenticated():
        next = request.REQUEST.get('next', '/')
-        return HttpResponseRedirect(request.REQUEST.get('next', '/'))
+        return HttpResponseRedirect(next)
    else:
        from django.contrib.auth.views import login

        return login(request)

+
+# This view should be exempt from requiring CSRF token.
+# Then we can check for it and show a nice error
+# Don't worry, django.contrib.auth.views.login will
+# check for it before logging  the user in
+@csrf_exempt
+def login_embed(request, **kwargs):
+    print("Running LOGIN")
+    if request.user.is_authenticated():
+        next = request.REQUEST.get('next', '/')
+        return HttpResponseRedirect(next)
+    else:
+        from django.contrib.auth.views import login
+
+        if request.method == "POST":
+            csrf_cookie = request.COOKIES.get('csrftoken', None)
+
+            if csrf_cookie is None:
+                messages.warning(request, 'Cookies do not seem to be enabled. Try logging in using a new tab.')
+                request.method = 'GET'  # Render the page without trying to login
+
+        return login(request, template_name="registration/login_embed.html")
+
+
+
 """
 Called from a modal window (e.g. when an item is submitted to an event/invoice).
 May optionally also include some javascript in a success message to cause a load of
@@ -355,3 +382,12 @@ class ResetApiKey(generic.RedirectView):
        self.request.user.save()

        return reverse_lazy('profile_detail')
+
+class UnlinkForum(generic.RedirectView):
+    def get_redirect_url(self, *args, **kwargs):
+        for link in self.request.user.social_auth.all():
+            link.delete()
+        
+        self.request.user.save()
+
+        return reverse_lazy('profile_detail')
--- a/app.json
+++ b/app.json
@@ -0,0 +1,53 @@
+{
+  "name": "PyRIGS",
+  "description": "",
+  "scripts": {
+    "postdeploy": "python manage.py migrate && python manage.py generateSampleData"
+  },
+  "env": {
+    "DEBUG": {
+      "required": true
+    },
+    "STAGING": "1",
+    "EMAIL_FROM": {
+      "required": true
+    },
+    "EMAIL_HOST": {
+      "required": true
+    },
+    "EMAIL_HOST_PASSWORD": {
+      "required": true
+    },
+    "EMAIL_HOST_USER": {
+      "required": true
+    },
+    "EMAIL_PORT": {
+      "required": true
+    },
+    "EMAIL_USE_SSL": {
+      "required": true
+    },
+    "RECAPTCHA_PRIVATE_KEY": {
+      "required": true
+    },
+    "RECAPTCHA_PUBLIC_KEY": {
+      "required": true
+    },
+    "SECRET_KEY": {
+      "generator": "secret"
+    }
+  },
+  "formation": {
+    "web": {
+      "quantity": 1
+    }
+  },
+  "addons": [
+    "heroku-postgresql"
+  ],
+  "buildpacks": [
+    {
+      "url": "heroku/python"
+    }
+  ]
+}
--- a/assets/admin.py
+++ b/assets/admin.py
@@ -1,3 +0,0 @@
-from django.contrib import admin
-
-# Register your models here.
--- a/assets/models.py
+++ b/assets/models.py
@@ -1,71 +0,0 @@
-from django.db import models
-import reversion
-
-
-# Create your models here.
-class Suppliers(models.Model):
-    name = models.CharField(max_length=100)
-
-
-class AbstractAsset(models.Model):
-    STATUS_LOST = 1
-    STATUS_ACTIVE = 2
-    STATUS_INACTIVE = 3
-    STATUS_BROKEN = 4
-    STATUS_SCRAPPED = 5
-    STATUS_NOT_BUILT = 6
-    STATUS_SOLD = 7
-
-    STATUS_CHOICES = (
-        (STATUS_LOST, 'Lost'),
-        (STATUS_ACTIVE, 'Active'),
-        (STATUS_INACTIVE, 'Inactive'),
-        (STATUS_BROKEN, 'Broken'),
-        (STATUS_SCRAPPED, 'Scrapped'),
-        (STATUS_NOT_BUILT, 'Not Yet Built'),
-        (STATUS_SOLD, 'Sold'),
-    )
-
-    status = models.IntegerField(choices=STATUS_CHOICES)
-    notes = models.TextField(blank=True, null=True)
-    # test_period  # decide what to do with this later
-
-    class Meta:
-        abstract = True
-
-
-class Asset(models.Model):
-    CATEGORY_GENERAL = 1
-    CATEGORY_CASE = 2
-    CATEGORY_COMMS = 3
-    CATEGORY_DECKING = 4
-    CATEGORY_OFFICE = 5
-    CATEGORY_SOUND = 10
-    CATEGORY_LIGHTING = 20
-    CATEGORY_VIDEO = 30
-    CATEGORY_RIGGING = 40
-    CATEGORY_TRUSS = 41
-    CATEGORY_LADDERS = 42
-    CATEGORY_POWER = 50
-    CATEGORY_DISTRO = 51
-
-    CATEGORY_CHOICES = (
-        (CATEGORY_SOUND, 'Sound'),
-        (CATEGORY_LIGHTING, 'Lighting'),
-        ('Other', (
-            (CATEGORY_GENERAL, 'General'),
-            (CATEGORY_CASE, 'Case'),
-            (CATEGORY_COMMS, 'Comms'),
-            (CATEGORY_DECKING, 'Decking'),
-            (CATEGORY_OFFICE, 'Office'),
-        )),
-
-    )
-
-    name = models.CharField(max_length=255)
-    serial_number = models.CharField(max_length=255)
-    date_acquired = models.DateField(null=True, blank=True)
-    date_sold = models.DateField(null=True, blank=True)
-    purchase_price = models.DecimalField(max_digits=10, decimal_places=2)
-    replacement_price = models.DecimalField(max_digits=10, decimal_places=2)
-
--- a/assets/tests.py
+++ b/assets/tests.py
@@ -1,3 +0,0 @@
-from django.test import TestCase
-
-# Create your tests here.
--- a/assets/views.py
+++ b/assets/views.py
@@ -1,3 +0,0 @@
-from django.shortcuts import render
-
-# Create your views here.
--- a/requirements.txt
+++ b/requirements.txt
@@ -12,17 +12,23 @@ django-widget-tweaks==1.3
 gunicorn==19.3.0
 icalendar==3.9.0
 lxml==3.4.4
+oauthlib==2.0.0
 Pillow==2.8.1
 psycopg2==2.6
 Pygments==2.0.2
+PyJWT==1.4.2
 PyPDF2==1.24
 python-dateutil==2.4.2
+python-openid==2.2.5
+python-social-auth==0.2.21
 pytz==2015.4
 raven==5.8.1
 reportlab==3.1.44
-selenium==2.53.1
+requests==2.11.1
+requests-oauthlib==0.7.0
+selenium==2.53.6
 simplejson==3.7.2
-six==1.9.0
+six==1.10.0
 sqlparse==0.1.15
 static3==0.6.1
 svg2rlg==0.3
--- a/templates/base.html
+++ b/templates/base.html
@@ -14,7 +14,7 @@

    <link rel="icon" type="image/png" href="{% static "imgs/pyrigs-avatar.png" %}">
    <link rel="apple-touch-icon" href="{% static "imgs/pyrigs-avatar.png" %}">
-    <link href='http://fonts.googleapis.com/css?family=Open+Sans:400italic,700,300,400' rel='stylesheet'
+    <link href='https://fonts.googleapis.com/css?family=Open+Sans:400italic,700,300,400' rel='stylesheet'
          type='text/css'>


@@ -74,12 +74,12 @@
                    <li class="dropdown">
                        <a href="#" class="dropdown-toggle" data-toggle="dropdown">Invoices<b class="caret"></b></a>
                        <ul class="dropdown-menu">
-                            <li><a href="{% url 'invoice_list' %}"><span class="glyphicon glyphicon-gbp"></span> Active</a>
-                            </li>
                            {% if perms.RIGS.add_invoice %}
                                <li><a href="{% url 'invoice_waiting' %}"><span
-                                        class="glyphicon glyphicon-briefcase"></span> Waiting</a></li>
+                                        class="glyphicon glyphicon-briefcase text-danger"></span> Waiting</a></li>
                            {% endif %}
+                            <li><a href="{% url 'invoice_list' %}"><span class="glyphicon glyphicon-gbp text-warning"></span> Outstanding</a>
+                            </li>
                            <li><a href="{% url 'invoice_archive' %}"><span class="glyphicon glyphicon-book"></span>
                                Archive</a></li>
                        </ul>
--- a/templates/base_embed.html
+++ b/templates/base_embed.html
@@ -0,0 +1,49 @@
+{% load static from staticfiles %}
+{% load raven %}
+
+<!DOCTYPE html>
+<html
+        dir="{% if LANGUAGE_BIDI %}rtl{% else %}ltr{% endif %}"
+        xml:lang="{% firstof LANGUAGE_CODE 'en' %}"
+        lang="{% firstof LANGUAGE_CODE 'en' %}"
+        class="embedded">
+<head>
+    <base target="_blank" />
+    <!-- Open all links in a new tab, not in the iframe -->
+
+    <link href='https://fonts.googleapis.com/css?family=Open+Sans:400italic,700,300,400' rel='stylesheet'
+          type='text/css'>
+
+    <link rel="stylesheet" type="text/css" href="{% static "css/screen.css" %}">
+
+    <script src="https://code.jquery.com/jquery-1.8.3.min.js"
+            integrity="sha256-YcbK69I5IXQftf/mYD8WY0/KmEDCv1asggHpJk1trM8=" crossorigin="anonymous"></script>
+    <script src="https://cdn.ravenjs.com/1.3.0/jquery,native/raven.min.js"></script>
+    <script>Raven.config('{% sentry_public_dsn %}').install()</script>
+
+</head>
+
+<body>
+{% include "analytics.html" %}
+
+<div class="embed_container">
+    <div class="container-fluid">
+        {% if messages %}
+            {% for message in messages %}
+                <div class="alert alert-{{ message.level_tag }} alert-dismissible" role="alert">
+                    <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span
+                            aria-hidden="true">&times;</span></button>
+                    {{ message }}
+                </div>
+            {% endfor %}
+        {% endif %}
+
+        {% block content %}
+        {% endblock %}
+    </div>
+</div>
+
+{% block js %}
+{% endblock %}
+</body>
+</html>
--- a/templates/login_redirect.html
+++ b/templates/login_redirect.html
@@ -0,0 +1,24 @@
+{% extends 'base.html' %}
+{% load staticfiles %}
+{% block title %}Login Required{% endblock %}
+
+{% block js %}
+	<script>
+	document.location = "{{login_url}}"
+	</script>
+{% endblock %}
+
+{% block extra-head %}
+	{% if oembed_url %}
+	<link rel="alternate" type="application/json+oembed"
+	  href="{{oembed_url}}"
+	  title="RIGS Embed" />
+	{% endif %}
+{% endblock %}
+
+{% block content %}
+    <div class="text-center">
+        <h2>Login is required for this page</h2>
+        <a href="{{login_url}}" class="btn btn-primary">Login</a>
+    </div>
+{% endblock %}
--- a/templates/registration/activation_email_subject.txt
+++ b/templates/registration/activation_email_subject.txt
@@ -1 +1 @@
-{{ user }} activation required
+{{ user|safe }} activation required
--- a/templates/registration/login.html
+++ b/templates/registration/login.html
@@ -1,7 +1,49 @@
 {% extends 'base.html' %}
+{% load static from staticfiles %}

 {% block title %}Login{% endblock %}

 {% block content %}
+<div class="text-center">
+	<h1>R<small>ig</small> I<small>nformation</small> G<small>athering</small> S<small>ystem</small></h1>
+</div>
+
+
+<div class="panel-group">
+  {% url "social:complete" "discourse" as completeUrl %}
+  {% if not request.GET.next == completeUrl %}
+  <div class="panel panel-default">
+    <div class="panel-heading">
+      <h4 class="panel-title">
+        
+          Login with TEC Forum
+        
+      </h4>
+    </div>
+    <div id="forumLogin">
+      <div class="panel-body" style="text-align:center;">
+      	<a class="btn btn-default" href="{% url "social:begin" "discourse" %}?next={{request.GET.next}}">
+
+      		<h4>Login using</h4>
+        	<img src="{% static "imgs/forum-logo.gif" %}" width=200></img>
+        </a>
+      </div>
+    </div>
+  </div>
+  {% endif %}
+  <div class="panel panel-default">
+    <div class="panel-heading">
+      <h4 class="panel-title">
+          Login with RIGS Credentials
+      </h4>
+    </div>
+    <div class="panel-body">
+      <div class="panel-body">
        {% include 'registration/loginform.html' %}
+      </div>
+    </div>
+  </div>
+</div>
+
+
 {% endblock %}
--- a/templates/registration/login_embed.html
+++ b/templates/registration/login_embed.html
@@ -0,0 +1,34 @@
+{% extends 'base_embed.html' %}
+{% load widget_tweaks %}
+
+{% block title %}Login{% endblock %}
+
+{% block content %}
+<div class="text-center">
+<h1>R<small>ig</small> I<small>nformation</small> G<small>athering</small> S<small>ystem</small></h1>
+</div>
+
+
+{% include 'form_errors.html' %}
+
+
+<div class="col-sm-6 col-sm-offset-3 col-lg-4 col-lg-offset-4">
+
+    <form id="loginForm" action="" method="post" role="form" target="_self">{% csrf_token %}
+        <div class="form-group">
+            <label for="id_username">{{ form.username.label }}</label>
+            {% render_field form.username class+="form-control" placeholder=form.username.label %}
+        </div>
+        <div class="form-group">
+            <label for="{{ form.password.id_for_label }}">{{ form.password.label }}</label>
+            {% render_field form.password class+="form-control" placeholder=form.password.label %}
+        </div>
+        <div class="text-right">
+            <input type="submit" value="Login" class="btn btn-primary"/>
+        </div>
+        <input type="hidden" name="next" value="{{ next }}"/>
+
+    </form>
+</div>
+
+{% endblock %}
--- a/templates/registration/loginform.html
+++ b/templates/registration/loginform.html
@@ -3,7 +3,7 @@
 {% include 'form_errors.html' %}
 <div class="col-sm-6 col-sm-offset-3 col-lg-4 col-lg-offset-4">

-    <form action="{% url 'login' %}" method="post" role="form">{% csrf_token %}
+    <form action="{% url 'login' %}" method="post" role="form" target="_self">{% csrf_token %}
        <div class="form-group">
            <label for="id_username">{{ form.username.label }}</label>
            {% render_field form.username class+="form-control" placeholder=form.username.label autofocus="" %}
@@ -12,9 +12,11 @@
            <label for="{{ form.password.id_for_label }}">{{ form.password.label }}</label>
            {% render_field form.password class+="form-control" placeholder=form.password.label %}
        </div>
-        <a href="{% url 'registration_register' %}" class="btn">Register</a>
+        <div class="text-right">
+            {# <a href="{% url 'registration_register' %}" class="btn">Register</a> #}
            <a href="{% url 'password_reset' %}" class="btn">Forgotten Password</a>
            <input type="submit" value="Login" class="btn btn-primary"/>
            <input type="hidden" name="next" value="{{ next }}"/>
+        </div>
    </form>
 </div>
--- a/wercker.yml
+++ b/wercker.yml
@@ -1,103 +0,0 @@
-# This references the default Python container from
-# the Docker Hub with the 2.7 tag:
-# https://registry.hub.docker.com/_/python/
-# If you want to use a slim Python container with
-# version 3.4.3 you would use: python:3.4-slim
-# If you want Google's container you would reference google/python
-# Read more about containers on our dev center
-# http://devcenter.wercker.com/docs/containers/index.html
-box: heroku/python
-# You can also use services such as databases. Read more on our dev center:
-# http://devcenter.wercker.com/docs/services/index.html
-services:
-#    - id: postgres
-#      env:
-#        POSTGRES_PASSWORD: pyrigstesting
-#        POSTGRES_USER: pyrigs
-    # http://devcenter.wercker.com/docs/services/postgresql.html
-
-    # - mongodb
-    # http://devcenter.wercker.com/docs/services/mongodb.html
-
-# This is the build pipeline. Pipelines are the core of wercker
-# Read more about pipelines on our dev center
-# http://devcenter.wercker.com/docs/pipelines/index.html
-build:
-  # The steps that will be executed on build
-  # Steps make up the actions in your pipeline
-  # Read more about steps on our dev center:
-  # http://devcenter.wercker.com/docs/steps/index.html
-  steps:
-    - install-packages:
-        packages: firefox xvfb
-
-    - script:
-        name: Enable virtual display
-        code: |-
-          # Start xvfb which gives the context an virtual display
-          # which is required for tests that require an GUI
-          export DISPLAY=:99.0
-          start-stop-daemon --start --quiet --pidfile /tmp/xvfb_99.pid --make-pidfile --background --exec /usr/bin/Xvfb -- :99 -screen 0 1024x768x24 -ac +extension GLX +render -noreset
-          # Give xvfb time to start. 3 seconds is the default for all xvfb-run commands.
-          # sleep 3
-
-    - script:
-        name: virtualenv install
-        code: |
-          pip install virtualenv
-
-    # A step that sets up the python virtual environment
-    - virtualenv:
-        name: setup virtual environment
-        install_wheel: false # Enable wheel to speed up builds (experimental)
-
-    # # Use this virtualenv step for python 3.2
-    # - virtualenv
-    #     name: setup virtual environment
-    #     python_location: /usr/bin/python3.2
-
-    # # This pip-install clears the local wheel cache
-    # - pip-install:
-    #     clean_wheel_dir: true
-
-    # A custom script step, name value is used in the UI
-    # and the code value contains the command that get executed
-    - script:
-        name: Python Version
-        code: |
-          echo "python version $(python --version) running"
-          echo "pip version $(pip --version) running"
-
-    # Django uses this to connect to the database
-#    - script:
-#        name: set environment
-#        code: |
-#          export DEBUG=0
-#          export DATABASE_URL="postgres://pyrigs:pyrigstesting@$POSTGRES_PORT_5432_TCP_ADDR:$POSTGRES_PORT_5432_TCP_PORT$POSTGRES_NAME"
-
-    # A step that executes `pip install` command.
-    - pip-install
-
-    # Install coverage
-    - script:
-        name: install coverage
-        code: |
-          pip install coverage
-
-    # Collect static files so the manifest storage knows where to look
-    - script:
-        name: collect static
-        code: |
-          python manage.py collectstatic --noinput
-
-    # Run python tests
-    - script:
-        name: run tests
-        code: |
-          coverage run manage.py test RIGS
-
-    - script:
-        name: collect coverage data
-        code: |
-          coverage report -m --include=PyRIGS/*.*,RIGS/*.* --omit=*/migrations/* | tee coverage.txt
-          coverage html --include=PyRIGS/*.*,RIGS/*.* --omit=*/migrations/*
Author	SHA1	Message	Date
David Taylor	adc94820bb	Added discourse profile pictures. Will fallback to gravatar if not linked to forum account	2016-11-03 01:55:27 +00:00
David Taylor	f3947d89ca	Commented registration test - since registration is now disabled	2016-11-03 00:09:09 +00:00
David Taylor	0ad3aa7d3f	Fixed penguins of death due to infinite loop of SSO login redirects	2016-11-02 23:50:49 +00:00
David Taylor	01f754ad53	Removed unused views	2016-11-02 21:27:04 +00:00
David Taylor	793f1d4e05	Made it work :)	2016-11-02 21:01:40 +00:00
David Taylor	f5bf40bd9b	Proof of concept discourse authentication	2016-11-02 02:43:16 +00:00
David Taylor	289b30e823	Merge pull request #271 from nottinghamtec/hotfix/duplicate-message Do not display "not saved" message when the event has been saved. Closes #151	2016-10-23 14:15:08 +01:00
David Taylor	b939bc5a64	Do not display "not saved" message when the event has been saved	2016-10-23 14:05:25 +01:00
David Taylor	5e8f2312d3	Merge pull request #270 from nottinghamtec/po-duplicate Remove duplicated PO numbers, closes #256	2016-10-23 13:06:29 +01:00
David Taylor	90c8b19915	Added tests for PO non-duplication	2016-10-23 12:45:27 +01:00
David Taylor	d82ef3f8d1	Merge branch 'master' into master	2016-10-23 12:36:29 +01:00
David Taylor	fc006dc53e	Merge pull request #269 from johnathan99j/patch-1 Fix table display issue in README	2016-10-23 12:36:10 +01:00
Johnathan Graydon	3ce191aaf2	Update README.md Small adjustment to make GitHub markdown display the table.	2016-10-23 12:26:35 +01:00
Johnathan Graydon	6fc89727f2	Stop PO number from duplicating when copying event Would close #256	2016-10-21 15:48:54 +01:00
David Taylor	b235ac540f	Merge pull request #265 from nottinghamtec/ra-link Add link to pre-event RA	2016-10-19 10:35:58 +01:00
Sam Osborne	97decf8c52	Add link to pre-event RA #accessible	2016-10-19 00:54:42 +01:00
David Taylor	97cdf34c18	Merge pull request #263 from nottinghamtec/feature/forum-embed Forum embed	2016-10-11 18:56:02 +01:00
Tom Price	92c77c07e0	Fix tailing line breaks	2016-10-11 18:47:13 +01:00
David Taylor	0541a70cec	Fixed event title link (_blank)	2016-10-09 11:30:13 +01:00
David Taylor	e0cb2f4925	Linked RIGS title	2016-10-09 11:26:32 +01:00
David Taylor	68a46af1a8	Fixed rounded corner fail	2016-10-09 11:22:34 +01:00
David Taylor	f61158b9c0	Rounded corners, transparent background	2016-10-09 11:20:43 +01:00
David Taylor	88954eca5c	Removed weird background from embed	2016-10-09 10:40:18 +01:00
David Taylor	3fc04616b3	Added test for cookie warning	2016-10-09 10:36:30 +01:00
David Taylor	2d5f768523	Added cookie check with nice error message	2016-10-09 10:32:58 +01:00
David Taylor	5949ff74ec	Added javascript cookie check, if blocked, login in new tab	2016-10-08 22:55:27 +01:00
David Taylor	879ecd1f6d	Made font size smaller in embed	2016-10-08 21:49:03 +01:00
David Taylor	0e72c3f896	Made pretty, and made embedding accessible to non-keyholders	2016-10-08 21:38:12 +01:00
David Taylor	b93a716a3b	Added unit tests	2016-10-08 20:37:01 +01:00
David Taylor	0d92c3812a	Tidied up python	2016-10-08 19:56:56 +01:00
David Taylor	fc110a0bff	Fixed padding	2016-10-08 19:55:31 +01:00
David Taylor	008edd8bee	Lots of tidying up, moved inline CSS into SCSS	2016-10-08 19:32:45 +01:00
David Taylor	ac7e85c24a	PEP8 and comments	2016-10-08 17:30:23 +01:00
David Taylor	73b8ce4add	Revert "Added decorator for X-Frame header" This reverts commit `8a838aa4bd`.	2016-10-08 17:19:35 +01:00
David Taylor	511ce554b1	Revert "Try allow-from header (limited browser support)" This reverts commit `3f4c362bfa`.	2016-10-08 17:19:27 +01:00
David Taylor	536842971d	Revert "Try just removing the header, this should work in all browsers" This reverts commit `3e224a33a7`.	2016-10-08 17:19:18 +01:00
David Taylor	3e224a33a7	Try just removing the header, this should work in all browsers	2016-10-08 17:14:29 +01:00
David Taylor	3f4c362bfa	Try allow-from header (limited browser support)	2016-10-08 17:01:37 +01:00
David Taylor	8a838aa4bd	Added decorator for X-Frame header	2016-10-07 02:51:08 +01:00
David Taylor	7e379b33db	Fixed login autofocus and error messages	2016-10-07 02:24:24 +01:00
David Taylor	5e9f7e2c63	More prettying	2016-10-06 17:00:45 +01:00
David Taylor	3f752cd7b7	Made embed prettier	2016-10-06 16:48:19 +01:00
David Taylor	25a3ef3f0c	Don't login in new window	2016-10-06 16:15:53 +01:00
David Taylor	1b28efb6af	Allow the embedded login to be embedded (useful feature)	2016-10-06 16:10:51 +01:00
David Taylor	441a2be0b8	Added embedded login, and all iframe links open in new tab	2016-10-06 16:08:01 +01:00
David Taylor	1bdc4bd293	Fixed description = none in embed	2016-10-06 13:22:47 +01:00
David Taylor	f0bb4c5b02	Move exemption to urls.py (cleaner)	2016-10-06 13:13:09 +01:00
David Taylor	4660322964	Remove hardcoded URL	2016-10-06 13:04:33 +01:00
David Taylor	59efc2c485	Fixed JSON	2016-10-06 12:59:37 +01:00
David Taylor	69b0ff9fae	Made embed page, with clickjacking protection turned off	2016-10-06 12:52:33 +01:00
David Taylor	4b94ea7ef2	Made login redirect JS for event detail	2016-10-06 12:02:44 +01:00
David Taylor	0244f5cfca	Restored login security to events	2016-10-05 10:42:49 +01:00
David Taylor	17c7a3c524	Made embed tag use absolute URL	2016-10-05 10:39:50 +01:00
David Taylor	a02087bf2a	Fixed fail	2016-10-04 21:11:43 +01:00
David Taylor	585f909d3f	Escape JSON	2016-10-04 21:05:07 +01:00
David Taylor	eb10c8e21f	Add meta to detail page	2016-10-03 23:13:25 +01:00
David Taylor	f7ea0cb834	Remove security from event detail (for testing in staging)	2016-10-03 23:09:57 +01:00
David Taylor	64f3842a13	Added iframe to embed	2016-10-03 23:02:19 +01:00
David Taylor	6370679b62	Initial proof of concept	2016-10-03 22:45:57 +01:00
David Taylor	e77728c52c	Merge pull request #260 from nottinghamtec/subhire-form Looks good, merging	2016-09-22 13:40:05 +01:00
Sam Osborne	92f4e26883	Added link to subhire form Until such a point that subhire on RIGS actually happens, it's useful to have this link here.	2016-09-22 12:58:43 +01:00
davidtaylorhq	024f08562b	Merge pull request #254 from nottinghamtec/hotfix/newrig-overflow Fix for MIC field overflowing the bottom of the panel #218	2016-07-14 08:21:21 +01:00
Tom Price	b4246fe170	Fix for MIC field overflowing the bottom of the panel #218	2016-07-14 00:04:09 +01:00
davidtaylorhq	fc6db5bff2	Heroku Staging Setup (#250 ) Heroku Staging Setup Includes data generation	2016-07-13 23:19:31 +01:00
davidtaylorhq	c5d3e7c0f2	Merge pull request #252 from nottinghamtec/hotfix/register-emails Fix special characters in registration email subject	2016-07-12 23:18:19 +01:00
Tom Price	10b57adb37	Merge branch 'master' into hotfix/register-emails	2016-07-11 23:35:49 +01:00
Tom Price	4f839d05f9	Fix issues with special characters in registration email subject. Closes #251	2016-07-11 23:28:15 +01:00
Tom Price	84393e9e4a	Modify user creation test to replicate special character issue in #251	2016-07-11 23:26:43 +01:00
Tom Price	b94cef92d2	Update selenium due to OS X based firefox issue	2016-07-11 23:26:12 +01:00
David Taylor	10c04be051	Merge branch 'feature/heroku-review' (needs to be in master)	2016-07-11 20:17:21 +01:00
David Taylor	7ecd6212ac	Initial commit of app.json (for heroku review apps)	2016-07-11 20:15:48 +01:00
Tom Price	11180e507c	Merged branch develop into master	2016-07-11 13:11:37 +01:00
Tom Price	1c90ce5b41	Merged feature/invoiceDelete into develop	2016-07-11 13:08:47 +01:00
Tom Price	11dd9ad02f	Add tmp directory to gitignore	2016-07-11 13:08:05 +01:00
Tom Price	27c0deaba3	Add codeclimit coverage reporting	2016-07-11 12:44:47 +01:00
Tom Price	4c09258566	Enable code climate	2016-07-11 12:40:39 +01:00
Tom Price	7d14429d84	Update status badges	2016-07-11 12:38:43 +01:00
Tom Price	190825f5ef	Tidy up coverage to use a .coveragerc file instead of having it .travis.yml	2016-07-11 12:34:51 +01:00
Tom Price	021edfd39d	Filter coverage down to just our code	2016-07-11 12:27:00 +01:00
Tom Price	3052f28329	Enable coveralls reporting	2016-07-11 12:15:17 +01:00
Tom Price	4cec20e357	Add collect static command	2016-07-11 12:07:19 +01:00
Tom Price	8a0cbe32bd	Remove erroneous travis pip command. I hate setting up travis	2016-07-11 12:03:21 +01:00
Tom Price	8a3a52a21b	Add missing pip commands. Travis docs say this isn't necessary, fails without https://docs.travis-ci.com/user/languages/python#pip	2016-07-11 12:02:16 +01:00
Tom Price	98a9b22e0e	Switch to using travis for builds	2016-07-11 11:58:56 +01:00
David Taylor	9178cf6062	Remove pagination from invoice waiting page	2016-07-10 11:31:25 +01:00
David Taylor	abbb20e49e	More invoice UI improvements, makes colour coding of invoice vs events clearer	2016-07-10 11:23:06 +01:00
David Taylor	01d2eae7bc	More invoice UI improvements - makes colouring consistent - also closes #242	2016-07-10 11:14:24 +01:00
David Taylor	39d27d2730	Basic invoice UI improvements - closes #232	2016-07-10 10:49:23 +01:00
David Taylor	05b2de561e	Added phone links - closes #247	2016-07-10 09:54:35 +01:00
David Taylor	667b0c80ca	Added tests for invoice deleting	2016-06-16 01:44:59 +01:00
David Taylor	67624eea6f	Allow deleting invoices, if there are no payments yet	2016-06-15 23:18:46 +01:00
David Taylor	e1578eb0d4	Fixed responsive table fail	2016-06-15 13:00:14 +01:00
David Taylor	a7247c273e	Fixed #245	2016-06-14 19:50:35 +01:00
David Taylor	f265da2f1d	Fixed #241 and #244	2016-06-14 19:45:45 +01:00
David Taylor	1163b117e4	Fixed #240	2016-06-14 19:23:40 +01:00
David Taylor	f92f418bc5	Fixed waiting invoice counter - closes #239	2016-06-06 23:06:30 +01:00
David Taylor	9108cb3c4e	Fail! Hide non-rigs from waiting invoices	2016-06-04 18:08:43 +01:00
David Taylor	08d17adc8a	Merge branch 'develop'	2016-06-04 17:55:23 +01:00
David Taylor	68b35c2d24	Removed print button conditions following discussion	2016-05-29 23:47:56 +01:00
David Taylor	5cc69cbb41	Stopped things opening in a new window, because it's really annoying. If you want to do this, use the appropriate keyboard shortcut or mouse button	2016-05-29 23:03:41 +01:00
David Taylor	a48afb9157	Added internal/external indicators to invoice lists	2016-05-29 22:56:58 +01:00
David Taylor	3ccbdff737	Added balance to invoice page - closes #235	2016-05-29 22:51:41 +01:00
David Taylor	0990f0bfbb	Only display invoice print button for external clients	2016-05-29 22:46:49 +01:00
David Taylor	f43635ee89	Added more useful information to the invoice tables	2016-05-29 22:42:17 +01:00
David Taylor	705f1bda2b	Fix the query for the 'outstanding' invoices page. Previously this only displayed events with an end date set.	2016-05-29 22:05:53 +01:00
David Taylor	0ff0d06eaf	Fix counter on outstanding invoices page ('length' property doesn't work because of the custom SQL query)	2016-05-29 22:04:48 +01:00
David Taylor	a769486c9c	Changed order of invoice menu items to make it more intuitive (now in order of workflow)	2016-05-29 21:37:14 +01:00
David Taylor	83302c4439	Invoice UI improvements. Renamed pages, added description, and added total number of events	2016-05-29 21:30:05 +01:00
David Taylor	ba020b43f1	Merge branch 'master' into develop	2016-05-29 20:28:52 +01:00
David Taylor	eaf5c9687e	Fixed typo, closes #174	2016-05-29 20:21:23 +01:00
David Taylor	a725ef5caf	Removed add to google calendar link, closes #237	2016-05-29 17:09:52 +01:00
David Taylor	aa79f3628e	Only redirect to HTTPS in production	2016-05-28 15:27:38 +01:00
David Taylor	000351d884	Redirect all requests to https	2016-05-28 15:20:15 +01:00
David Taylor	db58c113aa	Changed font to load over https - #236	2016-05-28 14:52:48 +01:00
Tom Price	7cb8503164	Merged feature/invoice-total into develop	2016-05-24 18:44:27 +01:00
Tom Price	cc2450ff87	Make total conditional if defined	2016-05-24 17:50:48 +01:00
Tom Price	6b77393414	Fix for incorrect selection of active invoices. Make sure waiting shows total across all pages.	2016-05-24 17:49:44 +01:00
Tom Price	7ccc8faf20	Add total for waiting events	2016-05-24 17:32:58 +01:00
Tom Price	6030288956	Cheap and dirty active totals	2016-05-24 17:17:52 +01:00
Tom Price	e4a955f323	Reformat code to PEP8	2016-05-23 12:36:21 +01:00