Remove unused file

Merge branch 'faster_ci' of https://gitlab.crans.org/bde/nk20 into faster_ci
please use the configuration I have written for hadolint
2025-06-21 01:48:21 +02:00 · 2021-02-23 23:38:54 +01:00 · 2021-02-23 23:38:26 +01:00 · 2021-02-23 22:23:16 +00:00 · 2021-02-23 22:23:16 +00:00 · 2021-02-23 22:23:16 +00:00
226 changed files with 2060 additions and 6147 deletions
--- a/.ansible-lint
+++ b/.ansible-lint
@ -0,0 +1,3 @@
+skip_list:
+  - command-instead-of-shell  # Use shell only when shell functionality is required
+  - experimental  # all rules tagged as experimental
--- a/.env_example
+++ b/.env_example
@ -10,6 +10,7 @@ DJANGO_SECRET_KEY=CHANGE_ME
 DJANGO_SETTINGS_MODULE=note_kfet.settings
 CONTACT_EMAIL=tresorerie.bde@localhost
 NOTE_URL=localhost
+DOMAIN=localhost

 # Config for mails. Only used in production
 NOTE_MAIL=notekfet@localhost
--- a/.gitignore
+++ b/.gitignore
@ -47,7 +47,6 @@ backups/
 env/
 venv/
 db.sqlite3
-shell.nix

 # ansibles customs host
 ansible/host_vars/*.yaml
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -10,50 +10,22 @@ variables:
 # Debian Buster
 py37-django22:
  stage: test
-  image: debian:buster-backports
-  before_script:
-    - >
-        apt-get update &&
-        apt-get install --no-install-recommends -t buster-backports -y
-        python3-django python3-django-crispy-forms
-        python3-django-extensions python3-django-filters python3-django-polymorphic
-        python3-djangorestframework python3-django-oauth-toolkit python3-psycopg2 python3-pil
-        python3-babel python3-lockfile python3-pip python3-phonenumbers python3-memcache
-        python3-bs4 python3-setuptools tox texlive-xetex
+  image: otthorn/nk20_ci_37
  script: tox -e py37-django22

 # Ubuntu 20.04
 py38-django22:
  stage: test
-  image: ubuntu:20.04
-  before_script:
-    # Fix tzdata prompt
-    - ln -sf /usr/share/zoneinfo/Europe/Paris /etc/localtime && echo Europe/Paris > /etc/timezone
-    - >
-        apt-get update &&
-        apt-get install --no-install-recommends -y
-        python3-django python3-django-crispy-forms
-        python3-django-extensions python3-django-filters python3-django-polymorphic
-        python3-djangorestframework python3-django-oauth-toolkit python3-psycopg2 python3-pil
-        python3-babel python3-lockfile python3-pip python3-phonenumbers python3-memcache
-        python3-bs4 python3-setuptools tox texlive-xetex
+  image: otthorn/nk20_ci_38
  script: tox -e py38-django22

 # Debian Bullseye
 py39-django22:
  stage: test
-  image: debian:bullseye
-  before_script:
-    - >
-        apt-get update &&
-        apt-get install --no-install-recommends -y
-        python3-django python3-django-crispy-forms
-        python3-django-extensions python3-django-filters python3-django-polymorphic
-        python3-djangorestframework python3-django-oauth-toolkit python3-psycopg2 python3-pil
-        python3-babel python3-lockfile python3-pip python3-phonenumbers python3-memcache
-        python3-bs4 python3-setuptools tox texlive-xetex
+  image: otthorn/nk20_ci_39
  script: tox -e py39-django22

+# Tox linter
 linters:
  stage: quality-assurance
  image: debian:buster-backports
@ -64,6 +36,20 @@ linters:
  # Be nice to new contributors, but please use `tox`
  allow_failure: true

+# Ansible linter
+ansible-linter:
+  stage: quality-assurance
+  image: otthorn/nk20_ci_ansiblelint
+  script: ansible-lint ansible/
+
+# Docker linter
+docker-linter:
+  stage: quality-assurance
+  image: hadolint/hadolint
+  script:
+    - hadolint -c .hadolint Dockerfile
+    - hadolint -c .hadolint docker_ci/Dockerfile.*
+
 # Compile documentation
 documentation:
  stage: docs
--- a/.hadolint
+++ b/.hadolint
@ -0,0 +1,4 @@
+ignored:
+  - DL3008  # Do not force to pin version in apt (Debian)
+  - DL3013  # Do not force to pin version in pip (PyPI)
+  - DL3018  # Do not force to pin version in apk (Alpine)
--- a/2
+++ b/2
@ -12,7 +12,7 @@ RUN apt-get update && \
    python3-babel python3-lockfile python3-pip python3-phonenumbers python3-memcache ipython3 \
    python3-bs4 python3-setuptools \
    uwsgi uwsgi-plugin-python3 \
-    texlive-xetex gettext libjs-bootstrap4 && \
+    texlive-xetex gettext libjs-bootstrap4 fonts-font-awesome && \
    rm -rf /var/lib/apt/lists/*

 # Instal PyPI requirements
--- a/README.md
+++ b/README.md
@ -23,7 +23,7 @@ Bien que cela permette de créer une instance sur toutes les distributions,
    $ sudo apt update
    $ sudo apt install --no-install-recommends -y \
        ipython3 python3-setuptools python3-venv python3-dev \
-        texlive-xetex gettext libjs-bootstrap4 git
+        texlive-xetex gettext libjs-bootstrap4 fonts-font-awesome git
    ```

 2.  **Clonage du dépot** là où vous voulez :
@ -115,7 +115,7 @@ Sinon vous pouvez suivre les étapes décrites ci-dessous.
        python3-babel python3-lockfile python3-pip python3-phonenumbers python3-memcache ipython3 \
        python3-bs4 python3-setuptools python3-docutils \
        memcached uwsgi uwsgi-plugin-python3 \
-        texlive-xetex gettext libjs-bootstrap4 \
+        texlive-xetex gettext libjs-bootstrap4 fonts-font-awesome \
        nginx python3-venv git acl
    ```

@ -279,8 +279,7 @@ Le cahier des charges initial est disponible [sur le Wiki Crans](https://wiki.cr
 La documentation des classes et fonctions est directement dans le code et est explorable à partir de la partie documentation de l'interface d'administration de Django.
 **Commentez votre code !**

-La documentation plus haut niveau sur le développement et sur l'utilisation
-est disponible sur <https://note.crans.org/doc> et également dans le dossier `docs`.
+La documentation plus haut niveau sur le développement est disponible sur [le Wiki associé au dépôt Git](https://gitlab.crans.org/bde/nk20/-/wikis/home).

 ## FAQ

--- a/ansible/host_vars/bde-nk20-beta.adh.crans.org.yml
+++ b/ansible/host_vars/bde-nk20-beta.adh.crans.org.yml
@ -0,0 +1,6 @@
+---
+note:
+  server_name: note-beta.crans.org
+  git_branch: beta
+  cron_enabled: false
+  email: notekfet2020@lists.crans.org
--- a/ansible/host_vars/bde-note-dev.adh.crans.org.yml
+++ b/ansible/host_vars/bde-note-dev.adh.crans.org.yml
@ -2,6 +2,5 @@
 note:
  server_name: note-dev.crans.org
  git_branch: beta
-  serve_static: false
  cron_enabled: false
  email: notekfet2020@lists.crans.org
--- a/ansible/host_vars/bde-note.adh.crans.org.yml
+++ b/ansible/host_vars/bde-note.adh.crans.org.yml
@ -2,6 +2,5 @@
 note:
  server_name: note.crans.org
  git_branch: master
-  serve_static: true
  cron_enabled: true
  email: notekfet2020@lists.crans.org
--- a/ansible/hosts_example
+++ b/ansible/hosts_example
@ -1,5 +1,6 @@
 [dev]
 bde-note-dev.adh.crans.org
+bde-nk20-beta.adh.crans.org

 [prod]
 bde-note.adh.crans.org
--- a/ansible/roles/1-apt-basic/tasks/main.yml
+++ b/ansible/roles/1-apt-basic/tasks/main.yml
@ -17,6 +17,7 @@
      - ipython3

      # Front-end dependencies
+      - fonts-font-awesome
      - libjs-bootstrap4

      # Python dependencies
--- a/ansible/roles/5-nginx/templates/nginx_note.conf
+++ b/ansible/roles/5-nginx/templates/nginx_note.conf
@ -41,7 +41,6 @@ server {
    # max upload size
    client_max_body_size 75M;   # adjust to taste

-{% if note.serve_static %}
    # Django media
    location /media  {
        alias /var/www/note_kfet/media;  # your Django project's media files - amend as required
@ -51,7 +50,6 @@ server {
        alias /var/www/note_kfet/static; # your Django project's static files - amend as required
    }

-{% endif %}
    location /doc {
        alias /var/www/documentation;    # The documentation of the project
    }
--- a/apps/activity/init.py
+++ b/apps/activity/init.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 default_app_config = 'activity.apps.ActivityConfig'
--- a/apps/activity/admin.py
+++ b/apps/activity/admin.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.contrib import admin
--- a/apps/activity/api/serializers.py
+++ b/apps/activity/api/serializers.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from rest_framework import serializers
--- a/apps/activity/api/urls.py
+++ b/apps/activity/api/urls.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from .views import ActivityTypeViewSet, ActivityViewSet, EntryViewSet, GuestViewSet
--- a/apps/activity/api/views.py
+++ b/apps/activity/api/views.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from api.viewsets import ReadProtectedModelViewSet
--- a/apps/activity/apps.py
+++ b/apps/activity/apps.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.apps import AppConfig
--- a/apps/activity/forms.py
+++ b/apps/activity/forms.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from datetime import timedelta
@ -11,7 +11,7 @@ from django.utils.translation import gettext_lazy as _
 from member.models import Club
 from note.models import Note, NoteUser
 from note_kfet.inputs import Autocomplete, DateTimePickerInput
-from note_kfet.middlewares import get_current_request
+from note_kfet.middlewares import get_current_authenticated_user
 from permission.backends import PermissionBackend

 from .models import Activity, Guest
@ -24,16 +24,10 @@ class ActivityForm(forms.ModelForm):
        self.fields["attendees_club"].initial = Club.objects.get(name="Kfet")
        self.fields["attendees_club"].widget.attrs["placeholder"] = "Kfet"
        clubs = list(Club.objects.filter(PermissionBackend
-                                         .filter_queryset(get_current_request(), Club, "view")).all())
+                                         .filter_queryset(get_current_authenticated_user(), Club, "view")).all())
        shuffle(clubs)
        self.fields["organizer"].widget.attrs["placeholder"] = ", ".join(club.name for club in clubs[:4]) + ", ..."

-    def clean_organizer(self):
-        organizer = self.cleaned_data['organizer']
-        if not organizer.note.is_active:
-            self.add_error('organiser', _('The note of this club is inactive.'))
-        return organizer
-
    def clean_date_end(self):
        date_end = self.cleaned_data["date_end"]
        date_start = self.cleaned_data["date_start"]
--- a/apps/activity/models.py
+++ b/apps/activity/models.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 import os
--- a/apps/activity/tables.py
+++ b/apps/activity/tables.py
@ -1,9 +1,7 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
-
 from django.utils import timezone
-from django.utils.html import escape
-from django.utils.safestring import mark_safe
+from django.utils.html import format_html
 from django.utils.translation import gettext_lazy as _
 import django_tables2 as tables
 from django_tables2 import A
@ -54,8 +52,8 @@ class GuestTable(tables.Table):
    def render_entry(self, record):
        if record.has_entry:
            return str(_("Entered on ") + str(_("{:%Y-%m-%d %H:%M:%S}").format(record.entry.time, )))
-        return mark_safe('<button id="{id}" class="btn btn-danger btn-sm" onclick="remove_guest(this.id)"> '
-                         '{delete_trans}</button>'.format(id=record.id, delete_trans=_("remove").capitalize()))
+        return format_html('<button id="{id}" class="btn btn-danger btn-sm" onclick="remove_guest(this.id)"> '
+                           '{delete_trans}</button>'.format(id=record.id, delete_trans=_("remove").capitalize()))


 def get_row_class(record):
@ -93,7 +91,7 @@ class EntryTable(tables.Table):
        if hasattr(record, 'username'):
            username = record.username
            if username != value:
-                return mark_safe(escape(value) + " <em>aka.</em> " + escape(username))
+                return format_html(value + " <em>aka.</em> " + username)
        return value

    def render_balance(self, value):
--- a/apps/activity/templates/activity/activity_entry.html
+++ b/apps/activity/templates/activity/activity_entry.html
@ -63,12 +63,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
        refreshBalance();
    }

-    alias_obj.keyup(function(event) {
-        let code = event.originalEvent.keyCode
-        if (65 <= code <= 122 || code === 13) {
-            debounce(reloadTable)()
-        }
-    });
+    alias_obj.keyup(reloadTable);

    $(document).ready(init);

--- a/apps/activity/templates/activity/activity_list.html
+++ b/apps/activity/templates/activity/activity_list.html
@ -34,9 +34,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
    {% endif %}
    <div class="card-footer">
        <a class="btn btn-sm btn-success" href="{% url 'activity:activity_create' %}" data-turbolinks="false">
-            <svg class="bi bi-calendar-plus" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M4 .5a.5.5 0 0 0-1 0V1H2a2 2 0 0 0-2 2v1h16V3a2 2 0 0 0-2-2h-1V.5a.5.5 0 0 0-1 0V1H4V.5zM16 14V5H0v9a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2zM8.5 8.5V10H10a.5.5 0 0 1 0 1H8.5v1.5a.5.5 0 0 1-1 0V11H6a.5.5 0 0 1 0-1h1.5V8.5a.5.5 0 0 1 1 0z"/>
-            </svg>
+            <i class="fa fa-calendar-plus-o" aria-hidden="true"></i>
            {% trans 'New activity' %}
        </a>
    </div>
--- a/apps/activity/tests/test_activities.py
+++ b/apps/activity/tests/test_activities.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from datetime import timedelta
--- a/apps/activity/urls.py
+++ b/apps/activity/urls.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.urls import path
--- a/apps/activity/views.py
+++ b/apps/activity/views.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from hashlib import md5
@ -66,19 +66,21 @@ class ActivityListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView
    ordering = ('-date_start',)
    extra_context = {"title": _("Activities")}

-    def get_queryset(self, **kwargs):
-        return super().get_queryset(**kwargs).distinct()
+    def get_queryset(self):
+        return super().get_queryset().distinct()

    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)

        upcoming_activities = Activity.objects.filter(date_end__gt=timezone.now())
        context['upcoming'] = ActivityTable(
-            data=upcoming_activities.filter(PermissionBackend.filter_queryset(self.request, Activity, "view")),
+            data=upcoming_activities.filter(PermissionBackend.filter_queryset(self.request.user, Activity, "view")),
            prefix='upcoming-',
        )

-        started_activities = self.get_queryset().filter(open=True, valid=True).distinct().all()
+        started_activities = Activity.objects\
+            .filter(PermissionBackend.filter_queryset(self.request.user, Activity, "view"))\
+            .filter(open=True, valid=True).all()
        context["started_activities"] = started_activities

        return context
@ -96,7 +98,7 @@ class ActivityDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
        context = super().get_context_data()

        table = GuestTable(data=Guest.objects.filter(activity=self.object)
-                           .filter(PermissionBackend.filter_queryset(self.request, Guest, "view")))
+                           .filter(PermissionBackend.filter_queryset(self.request.user, Guest, "view")))
        context["guests"] = table

        context["activity_started"] = timezone.now() > timezone.localtime(self.object.date_start)
@ -142,15 +144,15 @@ class ActivityInviteView(ProtectQuerysetMixin, ProtectedCreateView):

    def get_form(self, form_class=None):
        form = super().get_form(form_class)
-        form.activity = Activity.objects.filter(PermissionBackend.filter_queryset(self.request, Activity, "view"))\
-            .filter(pk=self.kwargs["pk"]).first()
+        form.activity = Activity.objects.filter(PermissionBackend.filter_queryset(self.request.user, Activity, "view"))\
+            .get(pk=self.kwargs["pk"])
        form.fields["inviter"].initial = self.request.user.note
        return form

    @transaction.atomic
    def form_valid(self, form):
        form.instance.activity = Activity.objects\
-            .filter(PermissionBackend.filter_queryset(self.request, Activity, "view")).get(pk=self.kwargs["pk"])
+            .filter(PermissionBackend.filter_queryset(self.request.user, Activity, "view")).get(pk=self.kwargs["pk"])
        return super().form_valid(form)

    def get_success_url(self, **kwargs):
@ -171,7 +173,7 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView):
        activity = Activity.objects.get(pk=self.kwargs["pk"])

        sample_entry = Entry(activity=activity, note=self.request.user.note)
-        if not PermissionBackend.check_perm(self.request, "activity.add_entry", sample_entry):
+        if not PermissionBackend.check_perm(self.request.user, "activity.add_entry", sample_entry):
            raise PermissionDenied(_("You are not allowed to display the entry interface for this activity."))

        if not activity.activity_type.manage_entries:
@ -189,8 +191,8 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView):
        guest_qs = Guest.objects\
            .annotate(balance=F("inviter__balance"), note_name=F("inviter__user__username"))\
            .filter(activity=activity)\
-            .filter(PermissionBackend.filter_queryset(self.request, Guest, "view"))\
-            .order_by('last_name', 'first_name')
+            .filter(PermissionBackend.filter_queryset(self.request.user, Guest, "view"))\
+            .order_by('last_name', 'first_name').distinct()

        if "search" in self.request.GET and self.request.GET["search"]:
            pattern = self.request.GET["search"]
@ -204,7 +206,7 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView):
            )
        else:
            guest_qs = guest_qs.none()
-        return guest_qs.distinct()
+        return guest_qs

    def get_invited_note(self, activity):
        """
@ -228,7 +230,7 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView):
        )

        # Filter with permission backend
-        note_qs = note_qs.filter(PermissionBackend.filter_queryset(self.request, Alias, "view"))
+        note_qs = note_qs.filter(PermissionBackend.filter_queryset(self.request.user, Alias, "view"))

        if "search" in self.request.GET and self.request.GET["search"]:
            pattern = self.request.GET["search"]
@ -254,7 +256,7 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView):
        """
        context = super().get_context_data(**kwargs)

-        activity = Activity.objects.filter(PermissionBackend.filter_queryset(self.request, Activity, "view"))\
+        activity = Activity.objects.filter(PermissionBackend.filter_queryset(self.request.user, Activity, "view"))\
            .distinct().get(pk=self.kwargs["pk"])
        context["activity"] = activity

@ -279,9 +281,9 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView):
        context["notespecial_ctype"] = ContentType.objects.get_for_model(NoteSpecial).pk

        activities_open = Activity.objects.filter(open=True).filter(
-            PermissionBackend.filter_queryset(self.request, Activity, "view")).distinct().all()
+            PermissionBackend.filter_queryset(self.request.user, Activity, "view")).distinct().all()
        context["activities_open"] = [a for a in activities_open
-                                      if PermissionBackend.check_perm(self.request,
+                                      if PermissionBackend.check_perm(self.request.user,
                                                                      "activity.add_entry",
                                                                      Entry(activity=a, note=self.request.user.note,))]

--- a/apps/api/init.py
+++ b/apps/api/init.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 default_app_config = 'api.apps.APIConfig'
--- a/apps/api/apps.py
+++ b/apps/api/apps.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.apps import AppConfig
--- a/apps/api/serializers.py
+++ b/apps/api/serializers.py
@ -1,17 +1,13 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later


 from django.contrib.contenttypes.models import ContentType
 from django.contrib.auth.models import User
-from django.utils import timezone
-from rest_framework import serializers
-from member.api.serializers import ProfileSerializer, MembershipSerializer
-from note.api.serializers import NoteSerializer
-from note.models import Alias
+from rest_framework.serializers import ModelSerializer


-class UserSerializer(serializers.ModelSerializer):
+class UserSerializer(ModelSerializer):
    """
    REST API Serializer for Users.
    The djangorestframework plugin will analyse the model `User` and parse all fields in the API.
@ -26,7 +22,7 @@ class UserSerializer(serializers.ModelSerializer):
        )


-class ContentTypeSerializer(serializers.ModelSerializer):
+class ContentTypeSerializer(ModelSerializer):
    """
    REST API Serializer for Users.
    The djangorestframework plugin will analyse the model `User` and parse all fields in the API.
@ -35,42 +31,3 @@ class ContentTypeSerializer(serializers.ModelSerializer):
    class Meta:
        model = ContentType
        fields = '__all__'
-
-
-class OAuthSerializer(serializers.ModelSerializer):
-    """
-    Informations that are transmitted by OAuth.
-    For now, this includes user, profile and valid memberships.
-    This should be better managed later.
-    """
-    normalized_name = serializers.SerializerMethodField()
-
-    profile = ProfileSerializer()
-
-    note = NoteSerializer()
-
-    memberships = serializers.SerializerMethodField()
-
-    def get_normalized_name(self, obj):
-        return Alias.normalize(obj.username)
-
-    def get_memberships(self, obj):
-        return serializers.ListSerializer(child=MembershipSerializer()).to_representation(
-            obj.memberships.filter(date_start__lte=timezone.now(), date_end__gte=timezone.now()))
-
-    class Meta:
-        model = User
-        fields = (
-            'id',
-            'username',
-            'normalized_name',
-            'first_name',
-            'last_name',
-            'email',
-            'is_superuser',
-            'is_active',
-            'is_staff',
-            'profile',
-            'note',
-            'memberships',
-        )
--- a/apps/api/tests.py
+++ b/apps/api/tests.py
@ -1,9 +1,8 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 import json
 from datetime import datetime, date
-from decimal import Decimal
 from urllib.parse import quote_plus
 from warnings import warn

@ -153,8 +152,6 @@ class TestAPI(TestCase):
                value = value.isoformat()
            elif isinstance(value, ImageFieldFile):
                value = value.name
-            elif isinstance(value, Decimal):
-                value = str(value)
            query = json.dumps({field.name: value})

            # Create sample permission
--- a/apps/api/urls.py
+++ b/apps/api/urls.py
@ -1,11 +1,10 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.conf import settings
 from django.conf.urls import url, include
 from rest_framework import routers

-from .views import UserInformationView
 from .viewsets import ContentTypeViewSet, UserViewSet

 # Routers provide an easy way of automatically determining the URL conf.
@ -48,6 +47,5 @@ app_name = 'api'
 # Additionally, we include login URLs for the browsable API.
 urlpatterns = [
    url('^', include(router.urls)),
-    url('^me/', UserInformationView.as_view()),
    url('^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
 ]
--- a/apps/api/views.py
+++ b/apps/api/views.py
@ -1,20 +0,0 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-from django.contrib.auth.models import User
-from rest_framework.generics import RetrieveAPIView
-
-from .serializers import OAuthSerializer
-
-
-class UserInformationView(RetrieveAPIView):
-    """
-    These fields are give to OAuth authenticators.
-    """
-    serializer_class = OAuthSerializer
-
-    def get_queryset(self):
-        return User.objects.filter(pk=self.request.user.pk)
-
-    def get_object(self):
-        return self.request.user
--- a/apps/api/viewsets.py
+++ b/apps/api/viewsets.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.contrib.contenttypes.models import ContentType
@ -9,6 +9,7 @@ from django.contrib.auth.models import User
 from rest_framework.filters import SearchFilter
 from rest_framework.viewsets import ReadOnlyModelViewSet, ModelViewSet
 from permission.backends import PermissionBackend
+from note_kfet.middlewares import get_current_session
 from note.models import Alias

 from .serializers import UserSerializer, ContentTypeSerializer
@ -24,7 +25,9 @@ class ReadProtectedModelViewSet(ModelViewSet):
        self.model = ContentType.objects.get_for_model(self.serializer_class.Meta.model).model_class()

    def get_queryset(self):
-        return self.queryset.filter(PermissionBackend.filter_queryset(self.request, self.model, "view")).distinct()
+        user = self.request.user
+        get_current_session().setdefault("permission_mask", 42)
+        return self.queryset.filter(PermissionBackend.filter_queryset(user, self.model, "view")).distinct()


 class ReadOnlyProtectedModelViewSet(ReadOnlyModelViewSet):
@ -37,7 +40,9 @@ class ReadOnlyProtectedModelViewSet(ReadOnlyModelViewSet):
        self.model = ContentType.objects.get_for_model(self.serializer_class.Meta.model).model_class()

    def get_queryset(self):
-        return self.queryset.filter(PermissionBackend.filter_queryset(self.request, self.model, "view")).distinct()
+        user = self.request.user
+        get_current_session().setdefault("permission_mask", 42)
+        return self.queryset.filter(PermissionBackend.filter_queryset(user, self.model, "view")).distinct()


 class UserViewSet(ReadProtectedModelViewSet):
--- a/apps/logs/init.py
+++ b/apps/logs/init.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 default_app_config = 'logs.apps.LogsConfig'
--- a/apps/logs/api/serializers.py
+++ b/apps/logs/api/serializers.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from rest_framework import serializers
--- a/apps/logs/api/urls.py
+++ b/apps/logs/api/urls.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from .views import ChangelogViewSet
--- a/apps/logs/api/views.py
+++ b/apps/logs/api/views.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django_filters.rest_framework import DjangoFilterBackend
--- a/apps/logs/apps.py
+++ b/apps/logs/apps.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.apps import AppConfig
--- a/apps/logs/models.py
+++ b/apps/logs/models.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.conf import settings
--- a/apps/logs/signals.py
+++ b/apps/logs/signals.py
@ -1,11 +1,11 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.contrib.contenttypes.models import ContentType
 from rest_framework.renderers import JSONRenderer
 from rest_framework.serializers import ModelSerializer
 from note.models import NoteUser, Alias
-from note_kfet.middlewares import get_current_request
+from note_kfet.middlewares import get_current_authenticated_user, get_current_ip

 from .models import Changelog

@ -57,9 +57,9 @@ def save_object(sender, instance, **kwargs):
    previous = instance._previous

    # Si un utilisateur est connecté, on récupère l'utilisateur courant ainsi que son adresse IP
-    request = get_current_request()
+    user, ip = get_current_authenticated_user(), get_current_ip()

-    if request is None:
+    if user is None:
        # Si la modification n'a pas été faite via le client Web, on suppose que c'est du à `manage.py`
        # On récupère alors l'utilisateur·trice connecté·e à la VM, et on récupère la note associée
        # IMPORTANT : l'utilisateur dans la VM doit être un des alias note du respo info
@ -71,23 +71,9 @@ def save_object(sender, instance, **kwargs):
        # else:
        if note.exists():
            user = note.get().user
-        else:
-            user = None
-    else:
-        user = request.user
-        if 'HTTP_X_REAL_IP' in request.META:
-            ip = request.META.get('HTTP_X_REAL_IP')
-        elif 'HTTP_X_FORWARDED_FOR' in request.META:
-            ip = request.META.get('HTTP_X_FORWARDED_FOR').split(', ')[0]
-        else:
-            ip = request.META.get('REMOTE_ADDR')
-
-        if not user.is_authenticated:
-            # For registration and OAuth2 purposes
-            user = None

    # noinspection PyProtectedMember
-    if request is not None and instance._meta.label_lower == "auth.user" and previous:
+    if user is not None and instance._meta.label_lower == "auth.user" and previous:
        # On n'enregistre pas les connexions
        if instance.last_login != previous.last_login:
            return
@ -135,9 +121,9 @@ def delete_object(sender, instance, **kwargs):
        return

    # Si un utilisateur est connecté, on récupère l'utilisateur courant ainsi que son adresse IP
-    request = get_current_request()
+    user, ip = get_current_authenticated_user(), get_current_ip()

-    if request is None:
+    if user is None:
        # Si la modification n'a pas été faite via le client Web, on suppose que c'est du à `manage.py`
        # On récupère alors l'utilisateur·trice connecté·e à la VM, et on récupère la note associée
        # IMPORTANT : l'utilisateur dans la VM doit être un des alias note du respo info
@ -149,20 +135,6 @@ def delete_object(sender, instance, **kwargs):
        # else:
        if note.exists():
            user = note.get().user
-        else:
-            user = None
-    else:
-        user = request.user
-        if 'HTTP_X_REAL_IP' in request.META:
-            ip = request.META.get('HTTP_X_REAL_IP')
-        elif 'HTTP_X_FORWARDED_FOR' in request.META:
-            ip = request.META.get('HTTP_X_FORWARDED_FOR').split(', ')[0]
-        else:
-            ip = request.META.get('REMOTE_ADDR')
-
-        if not user.is_authenticated:
-            # For registration and OAuth2 purposes
-            user = None

    # On crée notre propre sérialiseur JSON pour pouvoir sauvegarder les modèles
    class CustomSerializer(ModelSerializer):
--- a/apps/member/init.py
+++ b/apps/member/init.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 default_app_config = 'member.apps.MemberConfig'
--- a/apps/member/admin.py
+++ b/apps/member/admin.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.contrib import admin
--- a/apps/member/api/serializers.py
+++ b/apps/member/api/serializers.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from rest_framework import serializers
--- a/apps/member/api/urls.py
+++ b/apps/member/api/urls.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from .views import ProfileViewSet, ClubViewSet, MembershipViewSet
--- a/apps/member/api/views.py
+++ b/apps/member/api/views.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django_filters.rest_framework import DjangoFilterBackend
--- a/apps/member/apps.py
+++ b/apps/member/apps.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.apps import AppConfig
--- a/apps/member/auth.py
+++ b/apps/member/auth.py
@ -1,17 +0,0 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-from cas_server.auth import DjangoAuthUser  # pragma: no cover
-from note.models import Alias
-
-
-class CustomAuthUser(DjangoAuthUser):  # pragma: no cover
-    """
-    Override Django Auth User model to define a custom Matrix username.
-    """
-
-    def attributs(self):
-        d = super().attributs()
-        if self.user:
-            d["normalized_name"] = Alias.normalize(self.user.username)
-        return d
--- a/apps/member/forms.py
+++ b/apps/member/forms.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 import io
--- a/apps/member/hashers.py
+++ b/apps/member/hashers.py
@ -1,14 +1,12 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 import hashlib
-from collections import OrderedDict

 from django.conf import settings
-from django.contrib.auth.hashers import PBKDF2PasswordHasher, mask_hash
+from django.contrib.auth.hashers import PBKDF2PasswordHasher
 from django.utils.crypto import constant_time_compare
-from django.utils.translation import gettext_lazy as _
-from note_kfet.middlewares import get_current_request
+from note_kfet.middlewares import get_current_authenticated_user, get_current_session


 class CustomNK15Hasher(PBKDF2PasswordHasher):
@ -26,22 +24,16 @@ class CustomNK15Hasher(PBKDF2PasswordHasher):

    def must_update(self, encoded):
        if settings.DEBUG:
-            # Small hack to let superusers to impersonate people.
-            # Don't change their password.
-            request = get_current_request()
-            current_user = request.user
+            current_user = get_current_authenticated_user()
            if current_user is not None and current_user.is_superuser:
                return False
        return True

    def verify(self, password, encoded):
        if settings.DEBUG:
-            # Small hack to let superusers to impersonate people.
-            # If a superuser is already connected, let him/her log in as another person.
-            request = get_current_request()
-            current_user = request.user
+            current_user = get_current_authenticated_user()
            if current_user is not None and current_user.is_superuser\
-                    and request.session.get("permission_mask", -1) >= 42:
+                    and get_current_session().get("permission_mask", -1) >= 42:
                return True

        if '|' in encoded:
@ -49,18 +41,6 @@ class CustomNK15Hasher(PBKDF2PasswordHasher):
            return constant_time_compare(hashlib.sha256((salt + password).encode("utf-8")).hexdigest(), db_hashed_pass)
        return super().verify(password, encoded)

-    def safe_summary(self, encoded):
-        # Displayed information in Django Admin.
-        if '|' in encoded:
-            salt, db_hashed_pass = encoded.split('$')[2].split('|')
-            return OrderedDict([
-                (_('algorithm'), 'custom_nk15'),
-                (_('iterations'), '1'),
-                (_('salt'), mask_hash(salt)),
-                (_('hash'), mask_hash(db_hashed_pass)),
-            ])
-        return super().safe_summary(encoded)
-

 class DebugSuperuserBackdoor(PBKDF2PasswordHasher):
    """
@ -71,11 +51,8 @@ class DebugSuperuserBackdoor(PBKDF2PasswordHasher):

    def verify(self, password, encoded):
        if settings.DEBUG:
-            # Small hack to let superusers to impersonate people.
-            # If a superuser is already connected, let him/her log in as another person.
-            request = get_current_request()
-            current_user = request.user
+            current_user = get_current_authenticated_user()
            if current_user is not None and current_user.is_superuser\
-                    and request.session.get("permission_mask", -1) >= 42:
+                    and get_current_session().get("permission_mask", -1) >= 42:
                return True
        return super().verify(password, encoded)
--- a/apps/member/migrations/0003_create_bde_and_kfet.py
+++ b/apps/member/migrations/0003_create_bde_and_kfet.py
@ -19,8 +19,8 @@ def create_bde_and_kfet(apps, schema_editor):
        membership_fee_paid=500,
        membership_fee_unpaid=500,
        membership_duration=396,
-        membership_start="2021-08-01",
-        membership_end="2022-09-30",
+        membership_start="2020-08-01",
+        membership_end="2021-09-30",
    )
    Club.objects.get_or_create(
        id=2,
@ -31,8 +31,8 @@ def create_bde_and_kfet(apps, schema_editor):
        membership_fee_paid=3500,
        membership_fee_unpaid=3500,
        membership_duration=396,
-        membership_start="2021-08-01",
-        membership_end="2022-09-30",
+        membership_start="2020-08-01",
+        membership_end="2021-09-30",
    )

    NoteClub.objects.get_or_create(
--- a/apps/member/migrations/0007_auto_20210313_1235.py
+++ b/apps/member/migrations/0007_auto_20210313_1235.py
@ -1,23 +0,0 @@
-# Generated by Django 2.2.19 on 2021-03-13 11:35
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('member', '0006_create_note_account_bde_membership'),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name='membership',
-            name='roles',
-            field=models.ManyToManyField(related_name='memberships', to='permission.Role', verbose_name='roles'),
-        ),
-        migrations.AlterField(
-            model_name='profile',
-            name='promotion',
-            field=models.PositiveSmallIntegerField(default=2021, help_text='Year of entry to the school (None if not ENS student)', null=True, verbose_name='promotion'),
-        ),
-    ]
--- a/apps/member/models.py
+++ b/apps/member/models.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 import datetime
@ -57,7 +57,7 @@ class Profile(models.Model):
            ('A1', _("Mathematics (A1)")),
            ('A2', _("Physics (A2)")),
            ("A'2", _("Applied physics (A'2)")),
-            ("A''2", _("Chemistry (A''2)")),
+            ('A''2', _("Chemistry (A''2)")),
            ('A3', _("Biology (A3)")),
            ('B1234', _("SAPHIRE (B1234)")),
            ('B1', _("Mechanics (B1)")),
@ -74,7 +74,7 @@ class Profile(models.Model):

    promotion = models.PositiveSmallIntegerField(
        null=True,
-        default=datetime.date.today().year if datetime.date.today().month >= 8 else datetime.date.today().year - 1,
+        default=datetime.date.today().year,
        verbose_name=_("promotion"),
        help_text=_("Year of entry to the school (None if not ENS student)"),
    )
@ -413,12 +413,6 @@ class Membership(models.Model):
        """
        Calculate fee and end date before saving the membership and creating the transaction if needed.
        """
-        # Ensure that club membership dates are valid
-        old_membership_start = self.club.membership_start
-        self.club.update_membership_dates()
-        if self.club.membership_start != old_membership_start:
-            self.club.save()
-
        created = not self.pk
        if not created:
            for role in self.roles.all():
--- a/apps/member/signals.py
+++ b/apps/member/signals.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later


--- a/apps/member/tables.py
+++ b/apps/member/tables.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from datetime import date
@ -9,7 +9,7 @@ from django.utils.translation import gettext_lazy as _
 from django.urls import reverse_lazy
 from django.utils.html import format_html
 from note.templatetags.pretty_money import pretty_money
-from note_kfet.middlewares import get_current_request
+from note_kfet.middlewares import get_current_authenticated_user
 from permission.backends import PermissionBackend

 from .models import Club, Membership
@ -31,8 +31,7 @@ class ClubTable(tables.Table):
        row_attrs = {
            'class': 'table-row',
            'id': lambda record: "row-" + str(record.pk),
-            'data-href': lambda record: record.pk,
-            'style': 'cursor:pointer',
+            'data-href': lambda record: record.pk
        }


@ -52,19 +51,19 @@ class UserTable(tables.Table):
    def render_email(self, record, value):
        # Replace the email by a dash if the user can't see the profile detail
        # Replace also the URL
-        if not PermissionBackend.check_perm(get_current_request(), "member.view_profile", record.profile):
+        if not PermissionBackend.check_perm(get_current_authenticated_user(), "member.view_profile", record.profile):
            value = "—"
            record.email = value
        return value

    def render_section(self, record, value):
        return value \
-            if PermissionBackend.check_perm(get_current_request(), "member.view_profile", record.profile) \
+            if PermissionBackend.check_perm(get_current_authenticated_user(), "member.view_profile", record.profile) \
            else "—"

    def render_balance(self, record, value):
        return pretty_money(value)\
-            if PermissionBackend.check_perm(get_current_request(), "note.view_note", record.note) else "—"
+            if PermissionBackend.check_perm(get_current_authenticated_user(), "note.view_note", record.note) else "—"

    class Meta:
        attrs = {
@ -75,8 +74,7 @@ class UserTable(tables.Table):
        model = User
        row_attrs = {
            'class': 'table-row',
-            'data-href': lambda record: record.pk,
-            'style': 'cursor:pointer',
+            'data-href': lambda record: record.pk
        }


@ -95,7 +93,7 @@ class MembershipTable(tables.Table):
    def render_user(self, value):
        # If the user has the right, link the displayed user with the page of its detail.
        s = value.username
-        if PermissionBackend.check_perm(get_current_request(), "auth.view_user", value):
+        if PermissionBackend.check_perm(get_current_authenticated_user(), "auth.view_user", value):
            s = format_html("<a href={url}>{name}</a>",
                            url=reverse_lazy('member:user_detail', kwargs={"pk": value.pk}), name=s)

@ -104,7 +102,7 @@ class MembershipTable(tables.Table):
    def render_club(self, value):
        # If the user has the right, link the displayed club with the page of its detail.
        s = value.name
-        if PermissionBackend.check_perm(get_current_request(), "member.view_club", value):
+        if PermissionBackend.check_perm(get_current_authenticated_user(), "member.view_club", value):
            s = format_html("<a href={url}>{name}</a>",
                            url=reverse_lazy('member:club_detail', kwargs={"pk": value.pk}), name=s)

@ -129,7 +127,7 @@ class MembershipTable(tables.Table):
                    date_end=date.today(),
                    fee=0,
                )
-                if PermissionBackend.check_perm(get_current_request(),
+                if PermissionBackend.check_perm(get_current_authenticated_user(),
                                                "member.add_membership", empty_membership):  # If the user has right
                    renew_url = reverse_lazy('member:club_renew_membership',
                                             kwargs={"pk": record.pk})
@ -144,7 +142,7 @@ class MembershipTable(tables.Table):
        # If the user has the right to manage the roles, display the link to manage them
        roles = record.roles.all()
        s = ", ".join(str(role) for role in roles)
-        if PermissionBackend.check_perm(get_current_request(), "member.change_membership_roles", record):
+        if PermissionBackend.check_perm(get_current_authenticated_user(), "member.change_membership_roles", record):
            s = format_html("<a href='" + str(reverse_lazy("member:club_manage_roles", kwargs={"pk": record.pk}))
                            + "'>" + s + "</a>")
        return s
@ -167,7 +165,7 @@ class ClubManagerTable(tables.Table):
    def render_user(self, value):
        # If the user has the right, link the displayed user with the page of its detail.
        s = value.username
-        if PermissionBackend.check_perm(get_current_request(), "auth.view_user", value):
+        if PermissionBackend.check_perm(get_current_authenticated_user(), "auth.view_user", value):
            s = format_html("<a href={url}>{name}</a>",
                            url=reverse_lazy('member:user_detail', kwargs={"pk": value.pk}), name=s)

--- a/apps/member/templates/member/base.html
+++ b/apps/member/templates/member/base.html
@ -45,10 +45,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
            <div class="card-footer">
                {% if user_object %}
                <a class="btn btn-sm btn-secondary" href="{% url 'member:user_update_profile' user_object.pk %}">
-                    <svg class="bi bi-edit" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                        <path d="M12.854.146a.5.5 0 0 0-.707 0L10.5 1.793 14.207 5.5l1.647-1.646a.5.5 0 0 0 0-.708l-3-3zm.646 6.061L9.793 2.5 3.293 9H3.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.207l6.5-6.5zm-7.468 7.468A.5.5 0 0 1 6 13.5V13h-.5a.5.5 0 0 1-.5-.5V12h-.5a.5.5 0 0 1-.5-.5V11h-.5a.5.5 0 0 1-.5-.5V10h-.5a.499.499 0 0 1-.175-.032l-.179.178a.5.5 0 0 0-.11.168l-2 5a.5.5 0 0 0 .65.65l5-2a.5.5 0 0 0 .168-.11l.178-.178z"/>
-                    </svg>
-                    {% trans 'Update Profile' %}
+                    <i class="fa fa-edit"></i> {% trans 'Update Profile' %}
                </a>
                {% url 'member:user_detail' user_object.pk as user_profile_url %}
                {% if request.path_info != user_profile_url %}
@ -62,10 +59,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
                {% if ".change_"|has_perm:club %}
                <a class="btn btn-sm btn-secondary" href="{% url 'member:club_update' pk=club.pk %}"
                   data-turbolinks="false">
-                    <svg class="bi bi-edit" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                        <path d="M12.854.146a.5.5 0 0 0-.707 0L10.5 1.793 14.207 5.5l1.647-1.646a.5.5 0 0 0 0-.708l-3-3zm.646 6.061L9.793 2.5 3.293 9H3.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.207l6.5-6.5zm-7.468 7.468A.5.5 0 0 1 6 13.5V13h-.5a.5.5 0 0 1-.5-.5V12h-.5a.5.5 0 0 1-.5-.5V11h-.5a.5.5 0 0 1-.5-.5V10h-.5a.499.499 0 0 1-.175-.032l-.179.178a.5.5 0 0 0-.11.168l-2 5a.5.5 0 0 0 .65.65l5-2a.5.5 0 0 0 .168-.11l.178-.178z"/>
-                    </svg>
-                    {% trans 'Update Profile' %}
+                    <i class="fa fa-edit"></i> {% trans 'Update Profile' %}
                </a>
                {% endif %}
                {% url 'member:club_detail' club.pk as club_detail_url %}
--- a/apps/member/templates/member/club_detail.html
+++ b/apps/member/templates/member/club_detail.html
@ -10,10 +10,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 <div class="card">
    <div class="card-header position-relative" id="clubListHeading">
        <a class="font-weight-bold">
-            <svg class="bi bi-users" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M3 14s-1 0-1-1 1-4 6-4 6 3 6 4-1 1-1 1H3zm5-6a3 3 0 1 0 0-6 3 3 0 0 0 0 6z"/>
-            </svg>
-            {% trans "Club managers" %}
+            <i class="fa fa-users"></i> {% trans "Club managers" %}
        </a>
    </div>
    {% render_table managers %}
@ -26,12 +23,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 <div class="card">
    <div class="card-header position-relative" id="clubListHeading">
        <a class="stretched-link font-weight-bold" href="{% url 'member:club_members' pk=club.pk %}">
-            <svg class="bi bi-users" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M7 14s-1 0-1-1 1-4 5-4 5 3 5 4-1 1-1 1H7zm4-6a3 3 0 1 0 0-6 3 3 0 0 0 0 6z"/>
-                <path fill-rule="evenodd" d="M5.216 14A2.238 2.238 0 0 1 5 13c0-1.355.68-2.75 1.936-3.72A6.325 6.325 0 0 0 5 9c-4 0-5 3-5 4s1 1 1 1h4.216z"/>
-                <path d="M4.5 8a2.5 2.5 0 1 0 0-5 2.5 2.5 0 0 0 0 5z"/>
-            </svg>
-            {% trans "Club members" %}
+            <i class="fa fa-users"></i> {% trans "Club members" %}
        </a>
    </div>
    {% render_table member_list %}
@ -45,10 +37,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
    <div class="card-header position-relative" id="historyListHeading">
        <a class="stretched-link font-weight-bold" {% if "note.view_note"|has_perm:club.note %}
            href="{% url 'note:transactions' pk=club.note.pk %}" {% endif %}>
-            <svg class="bi bi-euro" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M4 9.42h1.063C5.4 12.323 7.317 14 10.34 14c.622 0 1.167-.068 1.659-.185v-1.3c-.484.119-1.045.17-1.659.17-2.1 0-3.455-1.198-3.775-3.264h4.017v-.928H6.497v-.936c0-.11 0-.219.008-.329h4.078v-.927H6.618c.388-1.898 1.719-2.985 3.723-2.985.614 0 1.175.05 1.659.177V2.194A6.617 6.617 0 0 0 10.341 2c-2.928 0-4.82 1.569-5.244 4.3H4v.928h1.01v1.265H4v.928z"/>
-            </svg>
-            {% trans "Transaction history" %}
+            <i class="fa fa-euro"></i> {% trans "Transaction history" %}
        </a>
    </div>
    <div id="history_list">
--- a/apps/member/templates/member/includes/club_info.html
+++ b/apps/member/templates/member/includes/club_info.html
@ -47,9 +47,7 @@
    <dt class="col-xl-6">{% trans 'aliases'|capfirst %}</dt>
    <dd class="col-xl-6">
        <a class="badge badge-secondary" href="{% url 'member:club_alias' club.pk %}">
-            <svg class="bi bi-edit" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M12.854.146a.5.5 0 0 0-.707 0L10.5 1.793 14.207 5.5l1.647-1.646a.5.5 0 0 0 0-.708l-3-3zm.646 6.061L9.793 2.5 3.293 9H3.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.207l6.5-6.5zm-7.468 7.468A.5.5 0 0 1 6 13.5V13h-.5a.5.5 0 0 1-.5-.5V12h-.5a.5.5 0 0 1-.5-.5V11h-.5a.5.5 0 0 1-.5-.5V10h-.5a.499.499 0 0 1-.175-.032l-.179.178a.5.5 0 0 0-.11.168l-2 5a.5.5 0 0 0 .65.65l5-2a.5.5 0 0 0 .168-.11l.178-.178z"/>
-            </svg>
+            <i class="fa fa-edit"></i>
            {% trans 'Manage aliases' %} ({{ club.note.alias.all|length }})
        </a>
    </dd>
--- a/apps/member/templates/member/includes/profile_info.html
+++ b/apps/member/templates/member/includes/profile_info.html
@ -11,9 +11,7 @@
    <dt class="col-xl-6">{% trans 'password'|capfirst %}</dt>
    <dd class="col-xl-6">
        <a class="badge badge-secondary" href="{% url 'password_change' %}">
-            <svg class="bi bi-lock" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M8 1a2 2 0 0 1 2 2v4H6V3a2 2 0 0 1 2-2zm3 6V3a3 3 0 0 0-6 0v4a2 2 0 0 0-2 2v5a2 2 0 0 0 2 2h6a2 2 0 0 0 2-2V9a2 2 0 0 0-2-2z"/>
-            </svg>
+            <i class="fa fa-lock"></i>
            {% trans 'Change password' %}
        </a>
    </dd>
@ -22,9 +20,7 @@
    <dt class="col-xl-6">{% trans 'aliases'|capfirst %}</dt>
    <dd class="col-xl-6">
        <a class="badge badge-secondary" href="{% url 'member:user_alias' user_object.pk %}">
-            <svg class="bi bi-edit" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M12.854.146a.5.5 0 0 0-.707 0L10.5 1.793 14.207 5.5l1.647-1.646a.5.5 0 0 0 0-.708l-3-3zm.646 6.061L9.793 2.5 3.293 9H3.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.207l6.5-6.5zm-7.468 7.468A.5.5 0 0 1 6 13.5V13h-.5a.5.5 0 0 1-.5-.5V12h-.5a.5.5 0 0 1-.5-.5V11h-.5a.5.5 0 0 1-.5-.5V10h-.5a.499.499 0 0 1-.175-.032l-.179.178a.5.5 0 0 0-.11.168l-2 5a.5.5 0 0 0 .65.65l5-2a.5.5 0 0 0 .168-.11l.178-.178z"/>
-            </svg>
+            <i class="fa fa-edit"></i>
            {% trans 'Manage aliases' %} ({{ user_object.note.alias.all|length }})
        </a>
    </dd>
@ -43,23 +39,20 @@
        <dt class="col-xl-6">{% trans 'address'|capfirst %}</dt>
        <dd class="col-xl-6">{{ user_object.profile.address }}</dd>

-        <dt class="col-xl-6">{% trans 'paid'|capfirst %}</dt>
-        <dd class="col-xl-6">{{ user_object.profile.paid|yesno }}</dd>
-    {% endif %}
-
-    {% if user_object.note and "note.view_note"|has_perm:user_object.note %}
+        {% if user_object.note and "note.view_note"|has_perm:user_object.note %}
        <dt class="col-xl-6">{% trans 'balance'|capfirst %}</dt>
        <dd class="col-xl-6">{{ user_object.note.balance | pretty_money }}</dd>
+
+        <dt class="col-xl-6">{% trans 'paid'|capfirst %}</dt>
+        <dd class="col-xl-6">{{ user_object.profile.paid|yesno }}</dd>
+        {% endif %}
    {% endif %}
 </dl>

 {% if user_object.pk == user.pk %}
    <div class="text-center">
        <a class="small badge badge-secondary" href="{% url 'member:auth_token' %}">
-            <svg class="bi bi-cogs" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M9.405 1.05c-.413-1.4-2.397-1.4-2.81 0l-.1.34a1.464 1.464 0 0 1-2.105.872l-.31-.17c-1.283-.698-2.686.705-1.987 1.987l.169.311c.446.82.023 1.841-.872 2.105l-.34.1c-1.4.413-1.4 2.397 0 2.81l.34.1a1.464 1.464 0 0 1 .872 2.105l-.17.31c-.698 1.283.705 2.686 1.987 1.987l.311-.169a1.464 1.464 0 0 1 2.105.872l.1.34c.413 1.4 2.397 1.4 2.81 0l.1-.34a1.464 1.464 0 0 1 2.105-.872l.31.17c1.283.698 2.686-.705 1.987-1.987l-.169-.311a1.464 1.464 0 0 1 .872-2.105l.34-.1c1.4-.413 1.4-2.397 0-2.81l-.34-.1a1.464 1.464 0 0 1-.872-2.105l.17-.31c.698-1.283-.705-2.686-1.987-1.987l-.311.169a1.464 1.464 0 0 1-2.105-.872l-.1-.34zM8 10.93a2.929 2.929 0 1 1 0-5.86 2.929 2.929 0 0 1 0 5.858z"/>
-            </svg>
-            {% trans 'API token' %}
+            <i class="fa fa-cogs"></i>{% trans 'API token' %}
        </a>
    </div>
 {% endif %}
--- a/apps/member/templates/member/manage_auth_tokens.html
+++ b/apps/member/templates/member/manage_auth_tokens.html
@ -5,98 +5,32 @@ SPDX-License-Identifier: GPL-3.0-or-later
 {% load i18n %}

 {% block content %}
-<div class="row mt-4">
-    <div class="col-xl-6">
-        <div class="card">
-            <div class="card-header text-center">
-                <h3>{% trans "Token authentication" %}</h3>
-            </div>
-            <div class="card-body">
-                <div class="alert alert-info">
-                    <h4>À quoi sert un jeton d'authentification ?</h4>
+<div class="alert alert-info">
+    <h4>À quoi sert un jeton d'authentification ?</h4>

-                    Un jeton vous permet de vous connecter à <a href="/api/">l'API de la Note Kfet</a> via votre propre compte
-                    depuis un client externe.<br />
-                    Il suffit pour cela d'ajouter en en-tête de vos requêtes <code>Authorization: Token &lt;TOKEN&gt;</code>
-                    pour pouvoir vous identifier.<br /><br />
+    Un jeton vous permet de vous connecter à <a href="/api/">l'API de la Note Kfet</a>.<br />
+    Il suffit pour cela d'ajouter en en-tête de vos requêtes <code>Authorization: Token &lt;TOKEN&gt;</code>
+    pour pouvoir vous identifier.<br /><br />

-                    La documentation de l'API est disponible ici :
-                    <a href="/doc/api/">{{ request.scheme }}://{{ request.get_host }}/doc/api/</a>.
-                </div>
-
-                <div class="alert alert-info">
-                    <strong>{%trans  'Token' %} :</strong>
-                    {% if 'show' in request.GET %}
-                    {{ token.key }} (<a href="?">cacher</a>)
-                    {% else %}
-                    <em>caché</em> (<a href="?show">montrer</a>)
-                    {% endif %}
-                    <br />
-                    <strong>{%trans  'Created' %} :</strong> {{ token.created }}
-                </div>
-
-                <div class="alert alert-warning">
-                    <strong>{% trans "Warning" %} :</strong> regénérer le jeton va révoquer tout accès autorisé à l'API via ce jeton !
-                </div>
-            </div>
-            <div class="card-footer text-center">
-                <a href="?regenerate">
-                    <button class="btn btn-primary">{% trans 'Regenerate token' %}</button>
-                </a>
-            </div>
-        </div>
-    </div>
-
-    <div class="col-xl-6">
-        <div class="card">
-            <div class="card-header text-center">
-                <h3>{% trans "OAuth2 authentication" %}</h3>
-            </div>
-            <div class="card-header">
-                <div class="alert alert-info">
-                    <p>
-                        La Note Kfet implémente également le protocole <a href="https://oauth.net/2/">OAuth2</a>, afin de
-                        permettre à des applications tierces d'interagir avec la Note en récoltant des informations
-                        (de connexion par exemple) voir en permettant des modifications à distance, par exemple lorsqu'il
-                        s'agit d'avoir un site marchand sur lequel faire des transactions via la Note Kfet.
-                    </p>
-
-                    <p>
-                        L'usage de ce protocole est recommandé pour tout usage non personnel, car permet de mieux cibler
-                        les droits dont on a besoin, en restreignant leur usage par jeton généré.
-                    </p>
-
-                    <p>
-                        La documentation vis-à-vis de l'usage de ce protocole est disponible ici :
-                        <a href="/doc/external_services/oauth2/">{{ request.scheme }}://{{ request.get_host }}/doc/external_services/oauth2/</a>.
-                    </p>
-                </div>
-
-                Liste des URL à communiquer à votre application :
-
-                <ul>
-                    <li>
-                        {% trans "Authorization:" %}
-                        <a href="{% url 'oauth2_provider:authorize' %}">{{ request.scheme }}://{{ request.get_host }}{% url 'oauth2_provider:authorize' %}</a>
-                    </li>
-                    <li>
-                        {% trans "Token:" %}
-                        <a href="{% url 'oauth2_provider:authorize' %}">{{ request.scheme }}://{{ request.get_host }}{% url 'oauth2_provider:token' %}</a>
-                    </li>
-                    <li>
-                        {% trans "Revoke Token:" %}
-                        <a href="{% url 'oauth2_provider:authorize' %}">{{ request.scheme }}://{{ request.get_host }}{% url 'oauth2_provider:revoke-token' %}</a>
-                    </li>
-                    <li>
-                        {% trans "Introspect Token:" %}
-                        <a href="{% url 'oauth2_provider:authorize' %}">{{ request.scheme }}://{{ request.get_host }}{% url 'oauth2_provider:introspect' %}</a>
-                    </li>
-                </ul>
-            </div>
-            <div class="card-footer text-center">
-                <a class="btn btn-primary" href="{% url 'oauth2_provider:list' %}">{% trans "Show my applications" %}</a>
-            </div>
-        </div>
-    </div>
+    Une documentation de l'API arrivera ultérieurement.
 </div>
+
+<div class="alert alert-info">
+    <strong>{%trans  'Token' %} :</strong>
+    {% if 'show' in request.GET %}
+    {{ token.key }} (<a href="?">cacher</a>)
+    {% else %}
+    <em>caché</em> (<a href="?show">montrer</a>)
+    {% endif %}
+    <br />
+    <strong>{%trans  'Created' %} :</strong> {{ token.created }}
+</div>
+
+<div class="alert alert-warning">
+    <strong>Attention :</strong> regénérer le jeton va révoquer tout accès autorisé à l'API via ce jeton !
+</div>
+
+<a href="?regenerate">
+    <button class="btn btn-primary">{% trans 'Regenerate token' %}</button>
+</a>
 {% endblock %}
--- a/apps/member/templates/member/profile_detail.html
+++ b/apps/member/templates/member/profile_detail.html
@ -18,10 +18,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 <div class="card bg-light mb-3">
    <div class="card-header position-relative" id="clubListHeading">
        <a class="font-weight-bold">
-            <svg class="bi bi-users" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M3 14s-1 0-1-1 1-4 6-4 6 3 6 4-1 1-1 1H3zm5-6a3 3 0 1 0 0-6 3 3 0 0 0 0 6z"/>
-            </svg>
-            {% trans "View my memberships" %}
+            <i class="fa fa-users"></i> {% trans "View my memberships" %}
        </a>
    </div>
    {% render_table club_list %}
@ -32,10 +29,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
        <a class="stretched-link font-weight-bold text-decoration-none"
            {% if "note.view_note"|has_perm:user_object.note %}
            href="{% url 'note:transactions' pk=user_object.note.pk %}" {% endif %}>
-            <svg class="bi bi-euro" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                <path d="M4 9.42h1.063C5.4 12.323 7.317 14 10.34 14c.622 0 1.167-.068 1.659-.185v-1.3c-.484.119-1.045.17-1.659.17-2.1 0-3.455-1.198-3.775-3.264h4.017v-.928H6.497v-.936c0-.11 0-.219.008-.329h4.078v-.927H6.618c.388-1.898 1.719-2.985 3.723-2.985.614 0 1.175.05 1.659.177V2.194A6.617 6.617 0 0 0 10.341 2c-2.928 0-4.82 1.569-5.244 4.3H4v.928h1.01v1.265H4v.928z"/>
-            </svg>
-            {% trans "Transaction history" %}
+            <i class="fa fa-euro"></i> {% trans "Transaction history" %}
        </a>
    </div>
    <div id="history_list">
--- a/apps/member/templates/member/user_list.html
+++ b/apps/member/templates/member/user_list.html
@ -7,11 +7,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 {% block content %}
 {% if can_manage_registrations %}
 <a class="btn btn-block btn-secondary mb-3" href="{% url 'registration:future_user_list' %}">
-    <svg class="bi bi-user-plus" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-        <path d="M1 14s-1 0-1-1 1-4 6-4 6 3 6 4-1 1-1 1H1zm5-6a3 3 0 1 0 0-6 3 3 0 0 0 0 6z"/>
-        <path fill-rule="evenodd" d="M13.5 5a.5.5 0 0 1 .5.5V7h1.5a.5.5 0 0 1 0 1H14v1.5a.5.5 0 0 1-1 0V8h-1.5a.5.5 0 0 1 0-1H13V5.5a.5.5 0 0 1 .5-.5z"/>
-    </svg>
-    {% trans "Registrations" %}
+    <i class="fa fa-user-plus"></i> {% trans "Registrations" %}
 </a>
 {% endif %}

--- a/apps/member/templatetags/memberinfo.py
+++ b/apps/member/templatetags/memberinfo.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from datetime import date
--- a/apps/member/tests/test_login.py
+++ b/apps/member/tests/test_login.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.conf import settings
 from django.contrib.auth.models import User
--- a/apps/member/tests/test_memberships.py
+++ b/apps/member/tests/test_memberships.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 import hashlib
--- a/apps/member/urls.py
+++ b/apps/member/urls.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.urls import path
--- a/apps/member/views.py
+++ b/apps/member/views.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from datetime import timedelta, date
@ -21,7 +21,7 @@ from rest_framework.authtoken.models import Token
 from note.models import Alias, NoteUser
 from note.models.transactions import Transaction, SpecialTransaction
 from note.tables import HistoryTable, AliasTable
-from note_kfet.middlewares import _set_current_request
+from note_kfet.middlewares import _set_current_user_and_ip
 from permission.backends import PermissionBackend
 from permission.models import Role
 from permission.views import ProtectQuerysetMixin, ProtectedCreateView
@ -41,8 +41,7 @@ class CustomLoginView(LoginView):
    @transaction.atomic
    def form_valid(self, form):
        logout(self.request)
-        self.request.user = form.get_user()
-        _set_current_request(self.request)
+        _set_current_user_and_ip(form.get_user(), self.request.session, None)
        self.request.session['permission_mask'] = form.cleaned_data['permission_mask'].rank
        return super().form_valid(form)

@ -71,7 +70,7 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
        form.fields['email'].required = True
        form.fields['email'].help_text = _("This address must be valid.")

-        if PermissionBackend.check_perm(self.request, "member.change_profile", context['user_object'].profile):
+        if PermissionBackend.check_perm(self.request.user, "member.change_profile", context['user_object'].profile):
            context['profile_form'] = self.profile_form(instance=context['user_object'].profile,
                                                        data=self.request.POST if self.request.POST else None)
            if not self.object.profile.report_frequency:
@ -154,13 +153,13 @@ class UserDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
        history_list = \
            Transaction.objects.all().filter(Q(source=user.note) | Q(destination=user.note))\
            .order_by("-created_at")\
-            .filter(PermissionBackend.filter_queryset(self.request, Transaction, "view"))
+            .filter(PermissionBackend.filter_queryset(self.request.user, Transaction, "view"))
        history_table = HistoryTable(history_list, prefix='transaction-')
        history_table.paginate(per_page=20, page=self.request.GET.get("transaction-page", 1))
        context['history_list'] = history_table

        club_list = Membership.objects.filter(user=user, date_end__gte=date.today() - timedelta(days=15))\
-            .filter(PermissionBackend.filter_queryset(self.request, Membership, "view"))\
+            .filter(PermissionBackend.filter_queryset(self.request.user, Membership, "view"))\
            .order_by("club__name", "-date_start")
        # Display only the most recent membership
        club_list = club_list.distinct("club__name")\
@ -177,20 +176,21 @@ class UserDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
            modified_note.is_active = True
            modified_note.inactivity_reason = 'manual'
            context["can_lock_note"] = user.note.is_active and PermissionBackend\
-                                           .check_perm(self.request, "note.change_noteuser_is_active", modified_note)
+                                           .check_perm(self.request.user, "note.change_noteuser_is_active",
+                                                       modified_note)
            old_note = NoteUser.objects.select_for_update().get(pk=user.note.pk)
            modified_note.inactivity_reason = 'forced'
            modified_note._force_save = True
            modified_note.save()
            context["can_force_lock"] = user.note.is_active and PermissionBackend\
-                .check_perm(self.request, "note.change_note_is_active", modified_note)
+                .check_perm(self.request.user, "note.change_note_is_active", modified_note)
            old_note._force_save = True
            old_note._no_signal = True
            old_note.save()
            modified_note.refresh_from_db()
            modified_note.is_active = True
            context["can_unlock_note"] = not user.note.is_active and PermissionBackend\
-                .check_perm(self.request, "note.change_note_is_active", modified_note)
+                .check_perm(self.request.user, "note.change_note_is_active", modified_note)

        return context

@ -237,7 +237,7 @@ class UserListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):

    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
-        pre_registered_users = User.objects.filter(PermissionBackend.filter_queryset(self.request, User, "view"))\
+        pre_registered_users = User.objects.filter(PermissionBackend.filter_queryset(self.request.user, User, "view"))\
            .filter(profile__registration_valid=False)
        context["can_manage_registrations"] = pre_registered_users.exists()
        return context
@ -256,8 +256,8 @@ class ProfileAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
        context = super().get_context_data(**kwargs)
        note = context['object'].note
        context["aliases"] = AliasTable(
-            note.alias.filter(PermissionBackend.filter_queryset(self.request, Alias, "view")).distinct().all())
-        context["can_create"] = PermissionBackend.check_perm(self.request, "note.add_alias", Alias(
+            note.alias.filter(PermissionBackend.filter_queryset(self.request.user, Alias, "view")).distinct().all())
+        context["can_create"] = PermissionBackend.check_perm(self.request.user, "note.add_alias", Alias(
            note=context["object"].note,
            name="",
            normalized_name="",
@ -382,7 +382,7 @@ class ClubListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):

    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
-        context["can_add_club"] = PermissionBackend.check_perm(self.request, "member.add_club", Club(
+        context["can_add_club"] = PermissionBackend.check_perm(self.request.user, "member.add_club", Club(
            name="",
            email="club@example.com",
        ))
@ -404,7 +404,7 @@ class ClubDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
        context = super().get_context_data(**kwargs)

        club = context["club"]
-        if PermissionBackend.check_perm(self.request, "member.change_club_membership_start", club):
+        if PermissionBackend.check_perm(self.request.user, "member.change_club_membership_start", club):
            club.update_membership_dates()
        # managers list
        managers = Membership.objects.filter(club=self.object, roles__name="Bureau de club",
@ -413,7 +413,7 @@ class ClubDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
        context["managers"] = ClubManagerTable(data=managers, prefix="managers-")
        # transaction history
        club_transactions = Transaction.objects.all().filter(Q(source=club.note) | Q(destination=club.note))\
-            .filter(PermissionBackend.filter_queryset(self.request, Transaction, "view"))\
+            .filter(PermissionBackend.filter_queryset(self.request.user, Transaction, "view"))\
            .order_by('-created_at')
        history_table = HistoryTable(club_transactions, prefix="history-")
        history_table.paginate(per_page=20, page=self.request.GET.get('history-page', 1))
@ -422,7 +422,7 @@ class ClubDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
        club_member = Membership.objects.filter(
            club=club,
            date_end__gte=date.today() - timedelta(days=15),
-        ).filter(PermissionBackend.filter_queryset(self.request, Membership, "view"))\
+        ).filter(PermissionBackend.filter_queryset(self.request.user, Membership, "view"))\
            .order_by("user__username", "-date_start")
        # Display only the most recent membership
        club_member = club_member.distinct("user__username")\
@ -459,8 +459,8 @@ class ClubAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
        context = super().get_context_data(**kwargs)
        note = context['object'].note
        context["aliases"] = AliasTable(note.alias.filter(
-            PermissionBackend.filter_queryset(self.request, Alias, "view")).distinct().all())
-        context["can_create"] = PermissionBackend.check_perm(self.request, "note.add_alias", Alias(
+            PermissionBackend.filter_queryset(self.request.user, Alias, "view")).distinct().all())
+        context["can_create"] = PermissionBackend.check_perm(self.request.user, "note.add_alias", Alias(
            note=context["object"].note,
            name="",
            normalized_name="",
@ -535,7 +535,7 @@ class ClubAddMemberView(ProtectQuerysetMixin, ProtectedCreateView):
        form = context['form']

        if "club_pk" in self.kwargs:  # We create a new membership.
-            club = Club.objects.filter(PermissionBackend.filter_queryset(self.request, Club, "view"))\
+            club = Club.objects.filter(PermissionBackend.filter_queryset(self.request.user, Club, "view"))\
                .get(pk=self.kwargs["club_pk"], weiclub=None)
            form.fields['credit_amount'].initial = club.membership_fee_paid
            # Ensure that the user is member of the parent club and all its the family tree.
@ -625,6 +625,9 @@ class ClubAddMemberView(ProtectQuerysetMixin, ProtectedCreateView):
        # Retrieve form data
        credit_type = form.cleaned_data["credit_type"]
        credit_amount = form.cleaned_data["credit_amount"]
+        last_name = form.cleaned_data["last_name"]
+        first_name = form.cleaned_data["first_name"]
+        bank = form.cleaned_data["bank"]
        soge = form.cleaned_data["soge"] and not user.profile.soge and (club.name == "BDE" or club.name == "Kfet")

        if not credit_type:
@ -655,7 +658,8 @@ class ClubAddMemberView(ProtectQuerysetMixin, ProtectedCreateView):
        if club.name != "Kfet" and club.parent_club and not Membership.objects.filter(
                user=form.instance.user,
                club=club.parent_club,
-                date_start__gte=club.parent_club.membership_start,
+                date_start__lte=timezone.now(),
+                date_end__gte=club.parent_club.membership_end,
        ).exists():
            form.add_error('user', _('User is not a member of the parent club') + ' ' + club.parent_club.name)
            error = True
@ -670,9 +674,17 @@ class ClubAddMemberView(ProtectQuerysetMixin, ProtectedCreateView):
                           .format(form.instance.club.membership_end))
            error = True

-        if credit_amount and not SpecialTransaction.validate_payment_form(form):
-            # Check that special information for payment are filled
-            error = True
+        if credit_amount:
+            if not last_name or not first_name or (not bank and credit_type.special_type == "Chèque"):
+                if not last_name:
+                    form.add_error('last_name', _("This field is required."))
+                    error = True
+                if not first_name:
+                    form.add_error('first_name', _("This field is required."))
+                    error = True
+                if not bank and credit_type.special_type == "Chèque":
+                    form.add_error('bank', _("This field is required."))
+                    error = True

        return not error

@ -683,7 +695,7 @@ class ClubAddMemberView(ProtectQuerysetMixin, ProtectedCreateView):
        """
        # Get the club that is concerned by the membership
        if "club_pk" in self.kwargs:  # get from url of new membership
-            club = Club.objects.filter(PermissionBackend.filter_queryset(self.request, Club, "view")) \
+            club = Club.objects.filter(PermissionBackend.filter_queryset(self.request.user, Club, "view")) \
                .get(pk=self.kwargs["club_pk"])
            user = form.instance.user
            old_membership = None
@ -734,7 +746,6 @@ class ClubAddMemberView(ProtectQuerysetMixin, ProtectedCreateView):
            # When we renew the BDE membership, we update the profile section
            # that should happens at least once a year.
            user.profile.section = user.profile.section_generated
-            user.profile._force_save = True
            user.profile.save()

        # Credit note before the membership is created.
@ -867,7 +878,7 @@ class ClubMembersListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableV
    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
        club = Club.objects.filter(
-            PermissionBackend.filter_queryset(self.request, Club, "view")
+            PermissionBackend.filter_queryset(self.request.user, Club, "view")
        ).get(pk=self.kwargs["pk"])
        context["club"] = club

--- a/apps/note/init.py
+++ b/apps/note/init.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 default_app_config = 'note.apps.NoteConfig'
--- a/apps/note/admin.py
+++ b/apps/note/admin.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.contrib import admin
--- a/apps/note/api/serializers.py
+++ b/apps/note/api/serializers.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.conf import settings
@ -8,7 +8,7 @@ from rest_framework.exceptions import ValidationError
 from rest_polymorphic.serializers import PolymorphicSerializer
 from member.api.serializers import MembershipSerializer
 from member.models import Membership
-from note_kfet.middlewares import get_current_request
+from note_kfet.middlewares import get_current_authenticated_user
 from permission.backends import PermissionBackend
 from rest_framework.utils import model_meta

@ -126,7 +126,7 @@ class ConsumerSerializer(serializers.ModelSerializer):
        """
        # If the user has no right to see the note, then we only display the note identifier
        return NotePolymorphicSerializer().to_representation(obj.note)\
-            if PermissionBackend.check_perm(get_current_request(), "note.view_note", obj.note)\
+            if PermissionBackend.check_perm(get_current_authenticated_user(), "note.view_note", obj.note)\
            else dict(
            id=obj.note.id,
            name=str(obj.note),
@ -142,7 +142,7 @@ class ConsumerSerializer(serializers.ModelSerializer):
    def get_membership(self, obj):
        if isinstance(obj.note, NoteUser):
            memberships = Membership.objects.filter(
-                PermissionBackend.filter_queryset(get_current_request(), Membership, "view")).filter(
+                PermissionBackend.filter_queryset(get_current_authenticated_user(), Membership, "view")).filter(
                user=obj.note.user,
                club=2,  # Kfet
            ).order_by("-date_start")
--- a/apps/note/api/urls.py
+++ b/apps/note/api/urls.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from .views import NotePolymorphicViewSet, AliasViewSet, ConsumerViewSet, \
--- a/apps/note/api/views.py
+++ b/apps/note/api/views.py
@ -1,6 +1,5 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
-import re

 from django.conf import settings
 from django.db.models import Q
@ -11,6 +10,7 @@ from rest_framework import viewsets
 from rest_framework.response import Response
 from rest_framework import status
 from api.viewsets import ReadProtectedModelViewSet, ReadOnlyProtectedModelViewSet
+from note_kfet.middlewares import get_current_session
 from permission.backends import PermissionBackend

 from .serializers import NotePolymorphicSerializer, AliasSerializer, ConsumerSerializer,\
@ -40,11 +40,12 @@ class NotePolymorphicViewSet(ReadProtectedModelViewSet):
        Parse query and apply filters.
        :return: The filtered set of requested notes
        """
-        queryset = self.queryset.filter(PermissionBackend.filter_queryset(self.request, Note, "view")
-                                        | PermissionBackend.filter_queryset(self.request, NoteUser, "view")
-                                        | PermissionBackend.filter_queryset(self.request, NoteClub, "view")
-                                        | PermissionBackend.filter_queryset(self.request, NoteSpecial, "view"))\
-            .distinct()
+        user = self.request.user
+        get_current_session().setdefault("permission_mask", 42)
+        queryset = self.queryset.filter(PermissionBackend.filter_queryset(user, Note, "view")
+                                        | PermissionBackend.filter_queryset(user, NoteUser, "view")
+                                        | PermissionBackend.filter_queryset(user, NoteClub, "view")
+                                        | PermissionBackend.filter_queryset(user, NoteSpecial, "view")).distinct()

        alias = self.request.query_params.get("alias", ".*")
        queryset = queryset.filter(
@ -66,15 +67,14 @@ class AliasViewSet(ReadProtectedModelViewSet):
    serializer_class = AliasSerializer
    filter_backends = [SearchFilter, DjangoFilterBackend, OrderingFilter]
    search_fields = ['$normalized_name', '$name', '$note__polymorphic_ctype__model', ]
-    filterset_fields = ['name', 'normalized_name', 'note', 'note__noteuser__user',
-                        'note__noteclub__club', 'note__polymorphic_ctype__model', ]
+    filterset_fields = ['note', 'note__noteuser__user', 'note__noteclub__club', 'note__polymorphic_ctype__model', ]
    ordering_fields = ['name', 'normalized_name', ]

    def get_serializer_class(self):
        serializer_class = self.serializer_class
        if self.request.method in ['PUT', 'PATCH']:
            # alias owner cannot be change once establish
-            serializer_class.Meta.read_only_fields = ('note',)
+            setattr(serializer_class.Meta, 'read_only_fields', ('note',))
        return serializer_class

    def destroy(self, request, *args, **kwargs):
@ -82,7 +82,7 @@ class AliasViewSet(ReadProtectedModelViewSet):
        try:
            self.perform_destroy(instance)
        except ValidationError as e:
-            return Response({e.code: str(e)}, status.HTTP_400_BAD_REQUEST)
+            return Response({e.code: e.message}, status.HTTP_400_BAD_REQUEST)
        return Response(status=status.HTTP_204_NO_CONTENT)

    def get_queryset(self):
@ -118,8 +118,7 @@ class ConsumerViewSet(ReadOnlyProtectedModelViewSet):
    serializer_class = ConsumerSerializer
    filter_backends = [SearchFilter, OrderingFilter, DjangoFilterBackend]
    search_fields = ['$normalized_name', '$name', '$note__polymorphic_ctype__model', ]
-    filterset_fields = ['name', 'normalized_name', 'note', 'note__noteuser__user',
-                        'note__noteclub__club', 'note__polymorphic_ctype__model', ]
+    filterset_fields = ['note', 'note__noteuser__user', 'note__noteclub__club', 'note__polymorphic_ctype__model', ]
    ordering_fields = ['name', 'normalized_name', ]

    def get_queryset(self):
@ -134,31 +133,23 @@ class ConsumerViewSet(ReadOnlyProtectedModelViewSet):
            if settings.DATABASES[queryset.db]["ENGINE"] == 'django.db.backends.postgresql' else queryset

        alias = self.request.query_params.get("alias", None)
-        # Check if this is a valid regex. If not, we won't check regex
-        try:
-            re.compile(alias)
-            valid_regex = True
-        except (re.error, TypeError):
-            valid_regex = False
-        suffix = '__iregex' if valid_regex else '__istartswith'
-        alias_prefix = '^' if valid_regex else ''
        queryset = queryset.prefetch_related('note')

        if alias:
            # We match first an alias if it is matched without normalization,
            # then if the normalized pattern matches a normalized alias.
            queryset = queryset.filter(
-                **{f'name{suffix}': alias_prefix + alias}
+                name__iregex="^" + alias
            ).union(
                queryset.filter(
-                    Q(**{f'normalized_name{suffix}': alias_prefix + Alias.normalize(alias)})
-                    & ~Q(**{f'name{suffix}': alias_prefix + alias})
+                    Q(normalized_name__iregex="^" + Alias.normalize(alias))
+                    & ~Q(name__iregex="^" + alias)
                ),
                all=True).union(
                queryset.filter(
-                    Q(**{f'normalized_name{suffix}': alias_prefix + alias.lower()})
-                    & ~Q(**{f'normalized_name{suffix}': alias_prefix + Alias.normalize(alias)})
-                    & ~Q(**{f'name{suffix}': alias_prefix + alias})
+                    Q(normalized_name__iregex="^" + alias.lower())
+                    & ~Q(normalized_name__iregex="^" + Alias.normalize(alias))
+                    & ~Q(name__iregex="^" + alias)
                ),
                all=True)

@ -214,5 +205,7 @@ class TransactionViewSet(ReadProtectedModelViewSet):
    ordering_fields = ['created_at', 'amount', ]

    def get_queryset(self):
-        return self.model.objects.filter(PermissionBackend.filter_queryset(self.request, self.model, "view"))\
+        user = self.request.user
+        get_current_session().setdefault("permission_mask", 42)
+        return self.model.objects.filter(PermissionBackend.filter_queryset(user, self.model, "view"))\
            .order_by("created_at", "id")
--- a/apps/note/apps.py
+++ b/apps/note/apps.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.apps import AppConfig
--- a/apps/note/forms.py
+++ b/apps/note/forms.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 from datetime import datetime

--- a/apps/note/migrations/0005_auto_20210313_1235.py
+++ b/apps/note/migrations/0005_auto_20210313_1235.py
@ -1,19 +0,0 @@
-# Generated by Django 2.2.19 on 2021-03-13 11:35
-
-from django.db import migrations, models
-import django.db.models.deletion
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('note', '0004_remove_null_tag_on_charfields'),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name='alias',
-            name='note',
-            field=models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, related_name='alias', to='note.Note'),
-        ),
-    ]
--- a/apps/note/models/init.py
+++ b/apps/note/models/init.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from .notes import Alias, Note, NoteClub, NoteSpecial, NoteUser
--- a/apps/note/models/notes.py
+++ b/apps/note/models/notes.py
@ -1,9 +1,10 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 import unicodedata

 from django.conf import settings
+from django.conf.global_settings import DEFAULT_FROM_EMAIL
 from django.core.exceptions import ValidationError
 from django.core.mail import send_mail
 from django.core.validators import RegexValidator
@ -189,8 +190,8 @@ class NoteClub(Note):
    def send_mail_negative_balance(self):
        plain_text = render_to_string("note/mails/negative_balance.txt", dict(note=self))
        html = render_to_string("note/mails/negative_balance.html", dict(note=self))
-        send_mail("[Note Kfet] Passage en négatif (club {})".format(self.club.name), plain_text,
-                  settings.DEFAULT_FROM_EMAIL, [self.club.email], html_message=html)
+        send_mail("[Note Kfet] Passage en négatif (club {})".format(self.club.name), plain_text, DEFAULT_FROM_EMAIL,
+                  [self.club.email], html_message=html)


 class NoteSpecial(Note):
--- a/apps/note/models/transactions.py
+++ b/apps/note/models/transactions.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.core.exceptions import ValidationError
@ -333,36 +333,6 @@ class SpecialTransaction(Transaction):
        self.clean()
        super().save(*args, **kwargs)

-    @staticmethod
-    def validate_payment_form(form):
-        """
-        Ensure that last name and first name are filled for a form that creates a SpecialTransaction,
-        and check that if the user pays with a check, then the bank field is filled.
-
-        Return True iff there is no error.
-        Whenever there is an error, they are inserted in the form errors.
-        """
-
-        credit_type = form.cleaned_data["credit_type"]
-        last_name = form.cleaned_data["last_name"]
-        first_name = form.cleaned_data["first_name"]
-        bank = form.cleaned_data["bank"]
-
-        error = False
-
-        if not last_name or not first_name or (not bank and credit_type.special_type == "Chèque"):
-            if not last_name:
-                form.add_error('last_name', _("This field is required."))
-                error = True
-            if not first_name:
-                form.add_error('first_name', _("This field is required."))
-                error = True
-            if not bank and credit_type.special_type == "Chèque":
-                form.add_error('bank', _("This field is required."))
-                error = True
-
-        return not error
-
    class Meta:
        verbose_name = _("Special transaction")
        verbose_name_plural = _("Special transactions")
--- a/apps/note/signals.py
+++ b/apps/note/signals.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.utils import timezone
--- a/apps/note/static/note/js/consos.js
+++ b/apps/note/static/note/js/consos.js
@ -1,4 +1,4 @@
-// Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+// Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 // SPDX-License-Identifier: GPL-3.0-or-later

 // When a transaction is performed, lock the interface to prevent spam clicks.
@ -28,7 +28,7 @@ $(document).ready(function () {

  // Switching in double consumptions mode should update the layout
  $('#double_conso').change(function () {
-    document.getElementById('consos_list_div').classList.remove('d-none')
+    $('#consos_list_div').removeClass('d-none')
    $('#infos_div').attr('class', 'col-sm-5 col-xl-6')

    const note_list_obj = $('#note_list')
@ -37,7 +37,7 @@ $(document).ready(function () {
      note_list_obj.html('')

      buttons.forEach(function (button) {
-        document.getElementById(`conso_button_${button.id}`).addEventListener('click', () => {
+        $('#conso_button_' + button.id).click(function () {
          if (LOCK) { return }
          removeNote(button, 'conso_button', buttons, 'consos_list')()
        })
@ -46,7 +46,7 @@ $(document).ready(function () {
  })

  $('#single_conso').change(function () {
-    document.getElementById('consos_list_div').classList.add('d-none')
+    $('#consos_list_div').addClass('d-none')
    $('#infos_div').attr('class', 'col-sm-5 col-md-4')

    const consos_list_obj = $('#consos_list')
@ -68,9 +68,9 @@ $(document).ready(function () {
  })

  // Ensure we begin in single consumption. Fix issue with TurboLinks and BootstrapJS
-  document.querySelector("label[for='double_conso']").classList.remove('active')
+  $("label[for='double_conso']").removeClass('active')

-  document.getElementById("consume_all").addEventListener('click', consumeAll)
+  $('#consume_all').click(consumeAll)
 })

 notes = []
@ -127,10 +127,11 @@ function addConso (dest, amount, type, category_id, category_name, template_id,
      html += li('conso_button_' + button.id, button.name +
                '<span class="badge badge-dark badge-pill">' + button.quantity + '</span>')
    })
-    document.getElementById(list).innerHTML = html

-    buttons.forEach((button) => {
-      document.getElementById(`conso_button_${button.id}`).addEventListener('click', () => {
+    $('#' + list).html(html)
+
+    buttons.forEach(function (button) {
+      $('#conso_button_' + button.id).click(function () {
        if (LOCK) { return }
        removeNote(button, 'conso_button', buttons, list)()
      })
@ -145,13 +146,12 @@ function reset () {
  notes_display.length = 0
  notes.length = 0
  buttons.length = 0
-  document.getElementById('note_list').innerHTML = ''
-  document.getElementById('consos_list').innerHTML = ''
-  document.getElementById('note').value = ''
-  document.getElementById('note').dataset.originTitle = ''
-  $('#note').tooltip('hide')
-  document.getElementById('profile_pic').src = '/static/member/img/default_picture.png'
-  document.getElementById('profile_pic_link').href = '#'
+  $('#note_list').html('')
+  $('#consos_list').html('')
+  $('#note').val('')
+  $('#note').attr('data-original-title', '').tooltip('hide')
+  $('#profile_pic').attr('src', '/static/member/img/default_picture.png')
+  $('#profile_pic_link').attr('href', '#')
  refreshHistory()
  refreshBalance()
  LOCK = false
@ -168,7 +168,7 @@ function consumeAll () {
  let error = false

  if (notes_display.length === 0) {
-    document.getElementById('note').classList.add('is-invalid')
+    $('#note').addClass('is-invalid')
    $('#note_list').html(li('', '<strong>Ajoutez des émetteurs.</strong>', 'text-danger'))
    error = true
  }
--- a/apps/note/static/note/js/transfer.js
+++ b/apps/note/static/note/js/transfer.js
@ -222,13 +222,6 @@ $(document).ready(function () {
  })
 })

-// Make transfer when pressing Enter on the amount section
-$('#amount, #reason, #last_name, #first_name, #bank').keypress((event) => {
-  if (event.originalEvent.charCode === 13) {
-    $('#btn_transfer').click()
-  }
-})
-
 $('#btn_transfer').click(function () {
  if (LOCK) { return }

@ -250,7 +243,7 @@ $('#btn_transfer').click(function () {
    error = true
  }

-  const amount = Math.round(100 * amount_field.val())
+  const amount = Math.floor(100 * amount_field.val())
  if (amount > 2147483647) {
    amount_field.addClass('is-invalid')
    $('#amount-required').html('<strong>' + gettext('The amount must stay under 21,474,836.47 €.') + '</strong>')
@ -355,14 +348,14 @@ $('#btn_transfer').click(function () {
              destination_alias: dest.name
            }).done(function () {
            addMsg(interpolate(gettext('Transfer of %s from %s to %s failed: %s'),
-                [pretty_money(source.quantity * dest.quantity * amount), source.name, dest.name, gettext('insufficient funds')]), 'danger', 10000)
+                [pretty_money(source.quantity * dest.quantity * amount), source.name, + dest.name, gettext('insufficient funds')]), 'danger', 10000)
            reset()
          }).fail(function (err) {
            const errObj = JSON.parse(err.responseText)
            let error = errObj.detail ? errObj.detail : errObj.non_field_errors
            if (!error) { error = err.responseText }
            addMsg(interpolate(gettext('Transfer of %s from %s to %s failed: %s'),
-                [pretty_money(source.quantity * dest.quantity * amount), source.name, dest.name, error]), 'danger')
+                [pretty_money(source.quantity * dest.quantity * amount), source.name, + dest.name, error]), 'danger')
            LOCK = false
          })
        })
--- a/apps/note/tables.py
+++ b/apps/note/tables.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 import html
@ -7,7 +7,7 @@ import django_tables2 as tables
 from django.utils.html import format_html
 from django_tables2.utils import A
 from django.utils.translation import gettext_lazy as _
-from note_kfet.middlewares import get_current_request
+from note_kfet.middlewares import get_current_authenticated_user
 from permission.backends import PermissionBackend

 from .models.notes import Alias
@ -88,16 +88,16 @@ class HistoryTable(tables.Table):
                "class": lambda record:
                str(record.valid).lower()
                + (' validate' if record.source.is_active and record.destination.is_active and PermissionBackend
-                   .check_perm(get_current_request(), "note.change_transaction_invalidity_reason", record)
+                   .check_perm(get_current_authenticated_user(), "note.change_transaction_invalidity_reason", record)
                   else ''),
                "data-toggle": "tooltip",
                "title": lambda record: (_("Click to invalidate") if record.valid else _("Click to validate"))
-                if PermissionBackend.check_perm(get_current_request(),
+                if PermissionBackend.check_perm(get_current_authenticated_user(),
                                                "note.change_transaction_invalidity_reason", record)
                and record.source.is_active and record.destination.is_active else None,
                "onclick": lambda record: 'de_validate(' + str(record.id) + ', ' + str(record.valid).lower()
                                          + ', "' + str(record.__class__.__name__) + '")'
-                if PermissionBackend.check_perm(get_current_request(),
+                if PermissionBackend.check_perm(get_current_authenticated_user(),
                                                "note.change_transaction_invalidity_reason", record)
                and record.source.is_active and record.destination.is_active else None,
                "onmouseover": lambda record: '$("#invalidity_reason_'
@ -126,7 +126,7 @@ class HistoryTable(tables.Table):
        When the validation status is hovered, an input field is displayed to let the user specify an invalidity reason
        """
        has_perm = PermissionBackend \
-            .check_perm(get_current_request(), "note.change_transaction_invalidity_reason", record)
+            .check_perm(get_current_authenticated_user(), "note.change_transaction_invalidity_reason", record)

        val = "✔" if value else "✖"

@ -165,7 +165,7 @@ class AliasTable(tables.Table):
                                       extra_context={"delete_trans": _('delete')},
                                       attrs={'td': {'class': lambda record: 'col-sm-1' + (
                                           ' d-none' if not PermissionBackend.check_perm(
-                                               get_current_request(), "note.delete_alias",
+                                               get_current_authenticated_user(), "note.delete_alias",
                                               record) else '')}}, verbose_name=_("Delete"), )


--- a/apps/note/templates/note/conso_form.html
+++ b/apps/note/templates/note/conso_form.html
@ -129,10 +129,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
                {# Mode switch #}
                <div class="card-footer border-primary">
                    <a class="btn btn-sm btn-secondary float-left" href="{% url 'note:template_list' %}">
-                        <svg class="bi bi-edit" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
-                            <path d="M12.854.146a.5.5 0 0 0-.707 0L10.5 1.793 14.207 5.5l1.647-1.646a.5.5 0 0 0 0-.708l-3-3zm.646 6.061L9.793 2.5 3.293 9H3.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.207l6.5-6.5zm-7.468 7.468A.5.5 0 0 1 6 13.5V13h-.5a.5.5 0 0 1-.5-.5V12h-.5a.5.5 0 0 1-.5-.5V11h-.5a.5.5 0 0 1-.5-.5V10h-.5a.499.499 0 0 1-.175-.032l-.179.178a.5.5 0 0 0-.11.168l-2 5a.5.5 0 0 0 .65.65l5-2a.5.5 0 0 0 .168-.11l.178-.178z"/>
-                        </svg>
-                        {% trans "Edit" %}
+                        <i class="fa fa-edit"></i> {% trans "Edit" %}
                    </a>
                    <div class="btn-group btn-group-toggle float-right" data-toggle="buttons">
                        <label for="single_conso" class="btn btn-sm btn-outline-primary active">
--- a/apps/note/templates/note/transaction_form.html
+++ b/apps/note/templates/note/transaction_form.html
@ -10,25 +10,21 @@ SPDX-License-Identifier: GPL-2.0-or-later
 {# bandeau transfert/crédit/débit/activité #}
    <div class="row">
        <div class="col-xl-12">
-            <div class="btn-group btn-block">
-                <div class="btn-group btn-group-toggle btn-block" data-toggle="buttons">
-                    <label for="type_transfer" class="btn btn-sm btn-outline-primary active">
-                        <input type="radio" name="transaction_type" id="type_transfer">
-                        {% trans "Transfer" %}
+            <div class="btn-group btn-group-toggle btn-block" data-toggle="buttons">
+                <label for="type_transfer" class="btn btn-sm btn-outline-primary active">
+                    <input type="radio" name="transaction_type" id="type_transfer">
+                    {% trans "Transfer" %}
+                </label>
+                {% if "note.notespecial"|not_empty_model_list %}
+                    <label for="type_credit" class="btn btn-sm btn-outline-primary">
+                        <input type="radio" name="transaction_type" id="type_credit">
+                        {% trans "Credit" %}
                    </label>
-                    {% if "note.notespecial"|not_empty_model_list %}
-                        <label for="type_credit" class="btn btn-sm btn-outline-primary">
-                            <input type="radio" name="transaction_type" id="type_credit">
-                            {% trans "Credit" %}
-                        </label>
-                        <label for="type_debit" class="btn btn-sm btn-outline-primary">
-                            <input type="radio" name="transaction_type" id="type_debit">
-                            {% trans "Debit" %}
-                        </label>
-                    {% endif %}
-                </div>
-
-                {# Add shortcuts for opened activites if necessary #}
+                    <label for="type_debit" class="btn btn-sm btn-outline-primary">
+                        <input type="radio" name="transaction_type" id="type_debit">
+                        {% trans "Debit" %}
+                    </label>
+                {% endif %}
                {% for activity in activities_open %}
                    <a href="{% url "activity:activity_entry" pk=activity.pk %}" class="btn btn-sm btn-outline-primary">
                        {% trans "Entries" %} {{ activity.name }}
@ -61,7 +57,7 @@ SPDX-License-Identifier: GPL-2.0-or-later
                <ul class="list-group list-group-flush" id="source_note_list">
                </ul>
                <div class="card-body">
-                    <select id="credit_type" class="form-control custom-select d-none">
+                    <select id="credit_type" class="custom-select d-none">
                        {% for special_type in special_types %}
                            <option value="{{ special_type.id }}">{{ special_type.special_type }}</option>
                        {% endfor %}
@ -88,7 +84,7 @@ SPDX-License-Identifier: GPL-2.0-or-later
                <ul class="list-group list-group-flush" id="dest_note_list">
                </ul>
                <div class="card-body">
-                    <select id="debit_type" class="form-control custom-select d-none">
+                    <select id="debit_type" class="custom-select d-none">
                        {% for special_type in special_types %}
                            <option value="{{ special_type.id }}">{{ special_type.special_type }}</option>
                        {% endfor %}
--- a/apps/note/templatetags/getenv.py
+++ b/apps/note/templatetags/getenv.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django import template
--- a/apps/note/templatetags/pretty_money.py
+++ b/apps/note/templatetags/pretty_money.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django import template
--- a/apps/note/tests/test_transactions.py
+++ b/apps/note/tests/test_transactions.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from api.tests import TestAPI
--- a/apps/note/urls.py
+++ b/apps/note/urls.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.urls import path
--- a/apps/note/views.py
+++ b/apps/note/views.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 import json
@ -38,7 +38,7 @@ class TransactionCreateView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTabl
    def get_queryset(self, **kwargs):
        # retrieves only Transaction that user has the right to see.
        return Transaction.objects.filter(
-            PermissionBackend.filter_queryset(self.request, Transaction, "view")
+            PermissionBackend.filter_queryset(self.request.user, Transaction, "view")
        ).order_by("-created_at").all()[:20]

    def get_context_data(self, **kwargs):
@ -47,16 +47,16 @@ class TransactionCreateView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTabl
        context['polymorphic_ctype'] = ContentType.objects.get_for_model(Transaction).pk
        context['special_polymorphic_ctype'] = ContentType.objects.get_for_model(SpecialTransaction).pk
        context['special_types'] = NoteSpecial.objects\
-            .filter(PermissionBackend.filter_queryset(self.request, NoteSpecial, "view"))\
+            .filter(PermissionBackend.filter_queryset(self.request.user, NoteSpecial, "view"))\
            .order_by("special_type").all()

        # Add a shortcut for entry page for open activities
        if "activity" in settings.INSTALLED_APPS:
            from activity.models import Activity
-            activities_open = Activity.objects.filter(open=True, activity_type__manage_entries=True).filter(
-                PermissionBackend.filter_queryset(self.request, Activity, "view")).distinct().all()
+            activities_open = Activity.objects.filter(open=True).filter(
+                PermissionBackend.filter_queryset(self.request.user, Activity, "view")).distinct().all()
            context["activities_open"] = [a for a in activities_open
-                                          if PermissionBackend.check_perm(self.request,
+                                          if PermissionBackend.check_perm(self.request.user,
                                                                          "activity.add_entry",
                                                                          Entry(activity=a,
                                                                                note=self.request.user.note, ))]
@ -159,7 +159,7 @@ class ConsoView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
            return self.handle_no_permission()

        templates = TransactionTemplate.objects.filter(
-            PermissionBackend().filter_queryset(self.request, TransactionTemplate, "view")
+            PermissionBackend().filter_queryset(self.request.user, TransactionTemplate, "view")
        )
        if not templates.exists():
            raise PermissionDenied(_("You can't see any button."))
@ -170,7 +170,7 @@ class ConsoView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
        restrict to the transaction history the user can see.
        """
        return Transaction.objects.filter(
-            PermissionBackend.filter_queryset(self.request, Transaction, "view")
+            PermissionBackend.filter_queryset(self.request.user, Transaction, "view")
        ).order_by("-created_at").all()[:20]

    def get_context_data(self, **kwargs):
@ -180,13 +180,13 @@ class ConsoView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
        # for each category, find which transaction templates the user can see.
        for category in categories:
            category.templates_filtered = category.templates.filter(
-                PermissionBackend().filter_queryset(self.request, TransactionTemplate, "view")
+                PermissionBackend().filter_queryset(self.request.user, TransactionTemplate, "view")
            ).filter(display=True).order_by('name').all()

        context['categories'] = [cat for cat in categories if cat.templates_filtered]
        # some transactiontemplate are put forward to find them easily
        context['highlighted'] = TransactionTemplate.objects.filter(highlighted=True).filter(
-            PermissionBackend().filter_queryset(self.request, TransactionTemplate, "view")
+            PermissionBackend().filter_queryset(self.request.user, TransactionTemplate, "view")
        ).order_by('name').all()
        context['polymorphic_ctype'] = ContentType.objects.get_for_model(RecurrentTransaction).pk

@ -209,7 +209,7 @@ class TransactionSearchView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView
        data = form.cleaned_data if form.is_valid() else {}

        transactions = Transaction.objects.annotate(total_amount=F("quantity") * F("amount")).filter(
-            PermissionBackend.filter_queryset(self.request, Transaction, "view"))\
+            PermissionBackend.filter_queryset(self.request.user, Transaction, "view"))\
            .filter(Q(source=self.object) | Q(destination=self.object)).order_by('-created_at')

        if "source" in data and data["source"]:
--- a/apps/permission/init.py
+++ b/apps/permission/init.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 default_app_config = 'permission.apps.PermissionConfig'
--- a/apps/permission/admin.py
+++ b/apps/permission/admin.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-lateré

 from django.contrib import admin
--- a/apps/permission/api/serializers.py
+++ b/apps/permission/api/serializers.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from rest_framework import serializers
--- a/apps/permission/api/urls.py
+++ b/apps/permission/api/urls.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from .views import PermissionViewSet, RoleViewSet
--- a/apps/permission/api/views.py
+++ b/apps/permission/api/views.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from api.viewsets import ReadOnlyProtectedModelViewSet
--- a/apps/permission/apps.py
+++ b/apps/permission/apps.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.apps import AppConfig
--- a/apps/permission/backends.py
+++ b/apps/permission/backends.py
@ -1,15 +1,15 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from datetime import date

 from django.contrib.auth.backends import ModelBackend
-from django.contrib.auth.models import User
+from django.contrib.auth.models import User, AnonymousUser
 from django.contrib.contenttypes.models import ContentType
 from django.db.models import Q, F
 from django.utils import timezone
 from note.models import Note, NoteUser, NoteClub, NoteSpecial
-from note_kfet.middlewares import get_current_request
+from note_kfet.middlewares import get_current_session
 from member.models import Membership, Club

 from .decorators import memoize
@ -26,31 +26,14 @@ class PermissionBackend(ModelBackend):

    @staticmethod
    @memoize
-    def get_raw_permissions(request, t):
+    def get_raw_permissions(user, t):
        """
        Query permissions of a certain type for a user, then memoize it.
-        :param request: The current request
+        :param user: The owner of the permissions
        :param t: The type of the permissions: view, change, add or delete
        :return: The queryset of the permissions of the user (memoized) grouped by clubs
        """
-        if hasattr(request, 'auth') and request.auth is not None and hasattr(request.auth, 'scope'):
-            # OAuth2 Authentication
-            user = request.auth.user
-
-            def permission_filter(membership_obj):
-                query = Q(pk=-1)
-                for scope in request.auth.scope.split(' '):
-                    permission_id, club_id = scope.split('_')
-                    if int(club_id) == membership_obj.club_id:
-                        query |= Q(pk=permission_id)
-                return query
-        else:
-            user = request.user
-
-            def permission_filter(membership_obj):
-                return Q(mask__rank__lte=request.session.get("permission_mask", 42))
-
-        if user.is_anonymous:
+        if isinstance(user, AnonymousUser):
            # Unauthenticated users have no permissions
            return Permission.objects.none()

@ -60,7 +43,7 @@ class PermissionBackend(ModelBackend):

        for membership in memberships:
            for role in membership.roles.all():
-                for perm in role.permissions.filter(permission_filter(membership), type=t).all():
+                for perm in role.permissions.filter(type=t, mask__rank__lte=get_current_session().get("permission_mask", -1)).all():
                    if not perm.permanent:
                        if membership.date_start > date.today() or membership.date_end < date.today():
                            continue
@ -69,22 +52,16 @@ class PermissionBackend(ModelBackend):
        return perms

    @staticmethod
-    def permissions(request, model, type):
+    def permissions(user, model, type):
        """
        List all permissions of the given user that applies to a given model and a give type
-        :param request: The current request
+        :param user: The owner of the permissions
        :param model: The model that the permissions shoud apply
        :param type: The type of the permissions: view, change, add or delete
        :return: A generator of the requested permissions
        """

-        if hasattr(request, 'auth') and request.auth is not None and hasattr(request.auth, 'scope'):
-            # OAuth2 Authentication
-            user = request.auth.user
-        else:
-            user = request.user
-
-        for permission in PermissionBackend.get_raw_permissions(request, type):
+        for permission in PermissionBackend.get_raw_permissions(user, type):
            if not isinstance(model.model_class()(), permission.model.model_class()) or not permission.membership:
                continue

@ -111,26 +88,20 @@ class PermissionBackend(ModelBackend):

    @staticmethod
    @memoize
-    def filter_queryset(request, model, t, field=None):
+    def filter_queryset(user, model, t, field=None):
        """
        Filter a queryset by considering the permissions of a given user.
-        :param request: The current request
+        :param user: The owner of the permissions that are fetched
        :param model: The concerned model of the queryset
        :param t: The type of modification (view, add, change, delete)
        :param field: The field of the model to test, if concerned
        :return: A query that corresponds to the filter to give to a queryset
        """
-        if hasattr(request, 'auth') and request.auth is not None and hasattr(request.auth, 'scope'):
-            # OAuth2 Authentication
-            user = request.auth.user
-        else:
-            user = request.user
-
-        if user is None or user.is_anonymous:
+        if user is None or isinstance(user, AnonymousUser):
            # Anonymous users can't do anything
            return Q(pk=-1)

-        if user.is_superuser and request.session.get("permission_mask", -1) >= 42:
+        if user.is_superuser and get_current_session().get("permission_mask", -1) >= 42:
            # Superusers have all rights
            return Q()

@ -139,7 +110,7 @@ class PermissionBackend(ModelBackend):

        # Never satisfied
        query = Q(pk=-1)
-        perms = PermissionBackend.permissions(request, model, t)
+        perms = PermissionBackend.permissions(user, model, t)
        for perm in perms:
            if perm.field and field != perm.field:
                continue
@ -151,7 +122,7 @@ class PermissionBackend(ModelBackend):

    @staticmethod
    @memoize
-    def check_perm(request, perm, obj=None):
+    def check_perm(user_obj, perm, obj=None):
        """
        Check is the given user has the permission over a given object.
        The result is then memoized.
@ -159,18 +130,11 @@ class PermissionBackend(ModelBackend):
        primary key, the result is not memoized. Moreover, the right could change
        (e.g. for a transaction, the balance of the user could change)
        """
-        # Requested by a shell
-        if request is None:
+        if user_obj is None or isinstance(user_obj, AnonymousUser):
            return False

-        user_obj = request.user
-        sess = request.session
-
-        if hasattr(request, 'auth') and request.auth is not None and hasattr(request.auth, 'scope'):
-            # OAuth2 Authentication
-            user_obj = request.auth.user
-
-        if user_obj is None or user_obj.is_anonymous:
+        sess = get_current_session()
+        if sess is not None and sess.session_key is None:
            return False

        if user_obj.is_superuser and sess.get("permission_mask", -1) >= 42:
@ -185,19 +149,16 @@ class PermissionBackend(ModelBackend):

        ct = ContentType.objects.get_for_model(obj)
        if any(permission.applies(obj, perm_type, perm_field)
-               for permission in PermissionBackend.permissions(request, ct, perm_type)):
+               for permission in PermissionBackend.permissions(user_obj, ct, perm_type)):
            return True
        return False

    def has_perm(self, user_obj, perm, obj=None):
-        # Warning: this does not check that user_obj has the permission,
-        # but if the current request has the permission.
-        # This function is implemented for backward compatibility, and should not be used.
-        return PermissionBackend.check_perm(get_current_request(), perm, obj)
+        return PermissionBackend.check_perm(user_obj, perm, obj)

    def has_module_perms(self, user_obj, app_label):
        return False

    def get_all_permissions(self, user_obj, obj=None):
        ct = ContentType.objects.get_for_model(obj)
-        return list(self.permissions(get_current_request(), ct, "view"))
+        return list(self.permissions(user_obj, ct, "view"))
--- a/apps/permission/decorators.py
+++ b/apps/permission/decorators.py
@ -1,11 +1,11 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 import sys
 from functools import lru_cache
 from time import time

 from django.contrib.sessions.models import Session
-from note_kfet.middlewares import get_current_request
+from note_kfet.middlewares import get_current_session


 def memoize(f):
@ -48,11 +48,11 @@ def memoize(f):
            last_collect = time()

        # If there is no session, then we don't memoize anything.
-        request = get_current_request()
-        if request is None or request.session is None or request.session.session_key is None:
+        sess = get_current_session()
+        if sess is None or sess.session_key is None:
            return f(*args, **kwargs)

-        sess_key = request.session.session_key
+        sess_key = sess.session_key
        if sess_key not in sess_funs:
            # lru_cache makes the job of memoization
            # We store only the 512 latest data per session. It has to be enough.
--- a/apps/permission/fixtures/initial.json
+++ b/apps/permission/fixtures/initial.json
@ -111,12 +111,12 @@
 				"note",
 				"alias"
 			],
-			"query": "[\"AND\", [\"OR\", {\"note__noteuser__user__memberships__club__name\": \"BDE\", \"note__noteuser__user__memberships__date_start__lte\": [\"today\"], \"note__noteuser__user__memberships__date_end__gte\": [\"today\"]}, {\"note__noteclub__isnull\": false}], {\"note__is_active\": true}]",
+			"query": "[\"AND\", [\"OR\", {\"note__noteuser__user__memberships__club__name\": \"Kfet\", \"note__noteuser__user__memberships__date_start__lte\": [\"today\"], \"note__noteuser__user__memberships__date_end__gte\": [\"today\"]}, {\"note__noteclub__isnull\": false}], {\"note__is_active\": true}]",
 			"type": "view",
 			"mask": 1,
 			"field": "",
 			"permanent": false,
-			"description": "Voir les aliases des notes des clubs et des adhérents du club BDE"
+			"description": "Voir les aliases des notes des clubs et des adhérents du club Kfet"
 		}
 	},
 	{
@ -627,7 +627,7 @@
 			"type": "view",
 			"mask": 1,
 			"field": "",
-			"permanent": true,
+			"permanent": false,
 			"description": "Voir les personnes qu'on a invitées"
 		}
 	},
@ -1235,7 +1235,7 @@
 			"type": "view",
 			"mask": 1,
 			"field": "",
-			"permanent": true,
+			"permanent": false,
 			"description": "Voir le dernier WEI"
 		}
 	},
@ -1267,7 +1267,7 @@
 			"type": "add",
 			"mask": 1,
 			"field": "",
-			"permanent": true,
+			"permanent": false,
 			"description": "M'inscrire au dernier WEI"
 		}
 	},
@ -1331,7 +1331,7 @@
 			"type": "view",
 			"mask": 1,
 			"field": "",
-			"permanent": true,
+			"permanent": false,
 			"description": "Voir ma propre inscription WEI"
 		}
 	},
@ -1379,7 +1379,7 @@
 			"type": "change",
 			"mask": 1,
 			"field": "soge_credit",
-			"permanent": true,
+			"permanent": false,
 			"description": "Indiquer si mon inscription WEI est payée par la Société générale tant qu'elle n'est pas validée"
 		}
 	},
@ -1427,7 +1427,7 @@
 			"type": "change",
 			"mask": 1,
 			"field": "birth_date",
-			"permanent": true,
+			"permanent": false,
 			"description": "Modifier la date de naissance de ma propre inscription WEI"
 		}
 	},
@ -1459,7 +1459,7 @@
 			"type": "change",
 			"mask": 1,
 			"field": "gender",
-			"permanent": true,
+			"permanent": false,
 			"description": "Modifier le genre de ma propre inscription WEI"
 		}
 	},
@ -1491,7 +1491,7 @@
 			"type": "change",
 			"mask": 1,
 			"field": "health_issues",
-			"permanent": true,
+			"permanent": false,
 			"description": "Modifier mes problèmes de santé de mon inscription WEI"
 		}
 	},
@ -1523,7 +1523,7 @@
 			"type": "change",
 			"mask": 1,
 			"field": "emergency_contact_name",
-			"permanent": true,
+			"permanent": false,
 			"description": "Modifier le nom du contact en cas d'urgence de mon inscription WEI"
 		}
 	},
@ -1555,7 +1555,7 @@
 			"type": "change",
 			"mask": 1,
 			"field": "emergency_contact_phone",
-			"permanent": true,
+			"permanent": false,
 			"description": "Modifier le téléphone du contact en cas d'urgence de mon inscription WEI"
 		}
 	},
@ -1699,7 +1699,7 @@
 			"type": "add",
 			"mask": 3,
 			"field": "",
-			"permanent": true,
+			"permanent": false,
 			"description": "Créer une adhésion WEI pour le dernier WEI"
 		}
 	},
@ -2003,7 +2003,7 @@
 			"type": "change",
 			"mask": 1,
 			"field": "clothing_cut",
-			"permanent": true,
+			"permanent": false,
 			"description": "Modifier ma coupe de vêtements de mon inscription WEI"
 		}
 	},
@ -2035,7 +2035,7 @@
 			"type": "change",
 			"mask": 1,
 			"field": "clothing_size",
-			"permanent": true,
+			"permanent": false,
 			"description": "Modifier la taille de vêtements de mon inscription WEI"
 		}
 	},
@ -2243,7 +2243,7 @@
 			"type": "change",
 			"mask": 1,
 			"field": "information_json",
-			"permanent": true,
+			"permanent": false,
 			"description": "Modifier mes préférences en terme de bus et d'équipe si mon inscription n'est pas validée et que je suis en 2A+"
 		}
 	},
@ -2883,7 +2883,6 @@
 				3,
 				4,
 				5,
-				6,
 				7,
 				8,
 				9,
@ -2891,10 +2890,6 @@
 				11,
 				12,
 				13,
-				14,
-				15,
-				16,
-				17,
 				22,
 				48,
 				52,
@ -2912,6 +2907,11 @@
 			"for_club": 2,
 			"name": "Adh\u00e9rent Kfet",
 			"permissions": [
+				6,
+				14,
+				15,
+				16,
+				17,
 				22,
 				34,
 				36,
@ -3048,7 +3048,6 @@
 				31,
 				32,
 				33,
-				43,
 				51,
 				53,
 				54,
@ -3305,7 +3304,6 @@
 				30,
 				31,
 				70,
-				72,
 				143,
 				166,
 				167,
@ -3497,7 +3495,7 @@
 		"model": "permission.role",
 		"pk": 20,
 		"fields": {
-			"for_club": 1,
+			"for_club": 2,
 			"name": "PC Kfet",
 			"permissions": [
 				6,
@ -3513,9 +3511,6 @@
 				56,
 				57,
 				58,
-				70,
-				72,
-				135,
 				137,
 				143,
 				147,
@ -3526,7 +3521,8 @@
 				176,
 				177,
 				180,
-				181
+				181,
+				182
 			]
 		}
 	},
--- a/apps/permission/models.py
+++ b/apps/permission/models.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 import functools
--- a/apps/permission/permissions.py
+++ b/apps/permission/permissions.py
@ -1,4 +1,4 @@
-# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

 from rest_framework.permissions import DjangoObjectPermissions
@ -45,7 +45,7 @@ class StrongDjangoObjectPermissions(DjangoObjectPermissions):

        perms = self.get_required_object_permissions(request.method, model_cls)
        # if not user.has_perms(perms, obj):
-        if not all(PermissionBackend.check_perm(request, perm, obj) for perm in perms):
+        if not all(PermissionBackend.check_perm(user, perm, obj) for perm in perms):
            # If the user does not have permissions we need to determine if
            # they have read permissions to see 403, or not, and simply see
            # a 404 response.
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Otthorn	3eed93e346	Remove unused file	2021-02-23 23:38:54 +01:00
Otthorn	4da523a1ba	Merge branch 'faster_ci' of https://gitlab.crans.org/bde/nk20 into faster_ci	2021-02-23 23:38:26 +01:00
Otthorn	e74ff54468	please use the configuration I have written for hadolint	2021-02-23 22:23:16 +00:00
Otthorn	2e49c9ffbd	Add CI docker linter for CI Dockerfiles	2021-02-23 22:23:16 +00:00
Otthorn	d20a1038a8	Add CI docker linter for nk20 Dockerfile	2021-02-23 22:23:16 +00:00
Otthorn	f6b711bb1b	Add hadolint configuration file	2021-02-23 22:23:16 +00:00
Otthorn	893d87a9e1	Add ansible linting to the CI	2021-02-23 22:23:16 +00:00
Otthorn	9f3323c73e	Add docker image for ansible lint to be used in CI	2021-02-23 22:23:16 +00:00
Otthorn	c57f81b920	Add skip list for ansible-lint	2021-02-23 22:23:16 +00:00
Otthorn	0636d84286	Add docker image for tox linting to be used in CI	2021-02-23 22:23:16 +00:00
Otthorn	ed06901fae	fix typo (added image: twice)	2021-02-23 22:23:16 +00:00
Otthorn	28932f316b	copy paste is a bad practice	2021-02-23 22:23:16 +00:00
Otthorn	9b50ba722c	Add custom pre-built docker images to be used for the CI	2021-02-23 22:23:16 +00:00
Otthorn	3e3e61d23f	Use prebuilt docker images in the CI	2021-02-23 22:23:16 +00:00
Otthorn	1129815ca3	please use the configuration I have written for hadolint	2021-02-23 23:22:51 +01:00
Otthorn	c13172d3ff	Add CI docker linter for CI Dockerfiles	2021-02-23 23:14:35 +01:00
Otthorn	fcc4121225	Add CI docker linter for nk20 Dockerfile	2021-02-23 23:14:00 +01:00
Otthorn	a06f355559	Add hadolint configuration file	2021-02-23 23:10:30 +01:00
Otthorn	08df5fcccd	Add ansible linting to the CI	2021-02-23 23:02:51 +01:00
Otthorn	b6c0f9758d	Add docker image for ansible lint to be used in CI	2021-02-23 23:02:29 +01:00
Otthorn	a23093851f	Add skip list for ansible-lint	2021-02-23 22:57:33 +01:00
Otthorn	d803ab5ec2	Add docker image for tox linting to be used in CI	2021-02-22 00:17:49 +01:00
Otthorn	d7a537b6b5	fix typo (added image: twice)	2021-02-21 23:52:42 +01:00
Otthorn	0941ee954d	copy paste is a bad practice	2021-02-21 23:46:20 +01:00
Otthorn	fd11d96d95	Add custom pre-built docker images to be used for the CI	2021-02-21 23:40:03 +01:00
Otthorn	4bfc057454	Use prebuilt docker images in the CI	2021-02-21 23:39:08 +01:00