From a73d34e5460fa701759dac24dcdca656f8a83042 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 8 May 2026 21:25:25 +0000
Subject: [PATCH 1/2] Bump fast-uri from 3.0.3 to 3.1.2

Bumps [fast-uri](https://github.com/fastify/fast-uri) from 3.0.3 to 3.1.2.
- [Release notes](https://github.com/fastify/fast-uri/releases)
- [Commits](https://github.com/fastify/fast-uri/compare/v3.0.3...v3.1.2)

---
updated-dependencies:
- dependency-name: fast-uri
  dependency-version: 3.1.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index d7262352..fc414e29 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1259,10 +1259,21 @@
             "dev": true
         },
         "node_modules/fast-uri": {
-            "version": "3.0.3",
-            "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.0.3.tgz",
-            "integrity": "sha512-aLrHthzCjH5He4Z2H9YZ+v6Ujb9ocRuW6ZzkJQOrTxleEijANq4v1TsaPaVG1PZcuurEzrLcWRyYBYXD5cEiaw==",
-            "dev": true
+            "version": "3.1.2",
+            "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.2.tgz",
+            "integrity": "sha512-rVjf7ArG3LTk+FS6Yw81V1DLuZl1bRbNrev6Tmd/9RaroeeRRJhAt7jg/6YFxbvAQXUCavSoZhPPj6oOx+5KjQ==",
+            "dev": true,
+            "funding": [
+                {
+                    "type": "github",
+                    "url": "https://github.com/sponsors/fastify"
+                },
+                {
+                    "type": "opencollective",
+                    "url": "https://opencollective.com/fastify"
+                }
+            ],
+            "license": "BSD-3-Clause"
         },
         "node_modules/fastest-levenshtein": {
             "version": "1.0.16",

From d421478bb8c1ceb2b05bb6a54b35cbfe08fe7b38 Mon Sep 17 00:00:00 2001
From: Peter Pfeufer <info@ppfeufer.de>
Date: Sat, 9 May 2026 17:13:26 +0200
Subject: [PATCH 2/2] [MISC] Update test suite

---
 testauth/settings/base.py | 70 +++++++++++++++++++++++++++++++--------
 1 file changed, 56 insertions(+), 14 deletions(-)

diff --git a/testauth/settings/base.py b/testauth/settings/base.py
index 66b84821..f7de33bf 100644
--- a/testauth/settings/base.py
+++ b/testauth/settings/base.py
@@ -27,11 +27,11 @@
     "django.contrib.humanize",
     "django_celery_beat",
     "solo",
-    "bootstrapform",
     "django_bootstrap5",  # https://github.com/zostera/django-bootstrap5
     "sortedm2m",
     "esi",
     "allianceauth.framework",
+    "allianceauth.admin_status",
     "allianceauth.authentication",
     "allianceauth.services",
     "allianceauth.eveonline",
@@ -60,9 +60,10 @@
         "task": "esi.tasks.cleanup_callbackredirect",
         "schedule": crontab(minute="0", hour="*/4"),
     },
-    "esi_cleanup_token": {
-        "task": "esi.tasks.cleanup_token",
-        "schedule": crontab(minute="0", hour="0"),
+    "esi_cleanup_token": {  # 1/48th * 1hr = 48Hr/2Day Refresh Cycles.
+        "task": "esi.tasks.cleanup_token_subset",
+        "schedule": crontab(minute="0", hour="*"),
+        "apply_offset": True,
     },
     "run_model_update": {
         "task": "allianceauth.eveonline.tasks.run_model_update",
@@ -89,6 +90,7 @@
     "django.middleware.security.SecurityMiddleware",
     "django.contrib.sessions.middleware.SessionMiddleware",
     "allianceauth.authentication.middleware.UserSettingsMiddleware",
+    "allianceauth.middleware.DeviceDetectionMiddleware",
     "django.middleware.locale.LocaleMiddleware",
     "django.middleware.common.CommonMiddleware",
     "django.middleware.csrf.CsrfViewMiddleware",
@@ -218,6 +220,15 @@
 
 # Static files (CSS, JavaScript, Images)
 # https://docs.djangoproject.com/en/1.10/howto/static-files/
+STORAGES = {
+    "default": {
+        "BACKEND": "django.core.files.storage.FileSystemStorage",
+    },
+    "staticfiles": {
+        "BACKEND": "allianceauth.framework.staticfiles.storage.AaManifestStaticFilesStorage",
+    },
+}
+
 STATIC_URL = "/static/"
 STATICFILES_DIRS = [
     os.path.join(PROJECT_DIR, "static"),
@@ -237,6 +248,7 @@
 SESSION_ENGINE = "django.contrib.sessions.backends.cached_db"
 
 DEBUG = True
+DISPLAY_DEBUG = True
 ALLOWED_HOSTS = ["*"]
 DATABASES = {
     "default": {
@@ -248,7 +260,6 @@
 SITE_NAME = "Alliance Auth"
 
 DEFAULT_THEME = "allianceauth.theme.flatly.auth_hooks.FlatlyThemeHook"
-DEFAULT_THEME_DARK = "allianceauth.theme.darkly.auth_hooks.DarklyThemeHook"  # Legacy AAv3 user.profile.night_mode=1
 
 LOGIN_URL = "auth_login_user"  # view that handles login logic
 
@@ -297,35 +308,66 @@
             "maxBytes": 1024 * 1024 * 5,  # edit this line to change max log file size
             "backupCount": 5,  # edit this line to change number of log backups
         },
+        "mumble_authenticator_file": {
+            "level": "INFO",
+            "class": "logging.handlers.RotatingFileHandler",
+            "filename": os.path.join(BASE_DIR, "log/mumble_authenticator.log"),
+            "formatter": "verbose",
+            "maxBytes": 1024 * 1024 * 5,  # edit this line to change max log file size
+            "backupCount": 5,  # edit this line to change number of log backups
+        },
         "console": {
             "level": "DEBUG",  # edit this line to change logging level to console
             "class": "logging.StreamHandler",
             "formatter": "verbose",
         },
-        "notifications": {  # creates notifications for users with logging_notifications permission
-            "level": "ERROR",  # edit this line to change logging level to notifications
-            "class": "allianceauth.notifications.handlers.NotificationHandler",
-            "formatter": "verbose",
-        },
     },
     "loggers": {
         "allianceauth": {
-            "handlers": ["log_file", "console", "notifications"],
+            "handlers": [
+                "log_file",
+                "console",
+            ],
             "level": "DEBUG",
         },
         "extensions": {
-            "handlers": ["extension_file", "console"],
+            "handlers": [
+                "extension_file",
+                "console",
+            ],
+            "level": "DEBUG",
+        },
+        "mumble_authenticator": {
+            "handlers": [
+                "mumble_authenticator_file",
+                "console",
+            ],
             "level": "DEBUG",
         },
         "django": {
-            "handlers": ["log_file", "console"],
+            "handlers": [
+                "log_file",
+                "console",
+            ],
             "level": "ERROR",
         },
         "esi": {
-            "handlers": ["log_file", "console"],
+            "handlers": [
+                "log_file",
+                "console",
+            ],
             "level": "DEBUG",
         },
     },
 }
 
 DEFAULT_AUTO_FIELD = "django.db.models.AutoField"
+
+# https://docs.djangoproject.com/en/6.0/ref/settings/#security
+CSRF_COOKIE_SECURE = True
+# CSRF_COOKIE_HTTPONLY = True # Only here for security Auditors, refer to django docs on why this is unneccessary
+SESSION_COOKIE_SECURE = True
+# HSTS Should be set either in the Apache/nginx as a reverse proxy or NPM for docker installs.
+# Here for documentary purposes for non-standard installs that dont use reverse proxies.
+# SECURE_HSTS_SECONDS = 31536000
+# SECURE_HSTS_INCLUDE_SUBDOMAINS = True