Merge pull request 'Release v0.9.1' (#182 ) from dev into main

Reviewed-on: #182 Reviewed-by: Philipp Dormann <philipp@philippdormann.de>
🧾New changelog file version [CI SKIP] [skip ci]
2021-03-29 16:12:14 +00:00 · 2021-03-29 15:49:57 +00:00 · 2021-03-29 17:48:53 +02:00 · 2021-03-29 15:48:47 +00:00 · 2021-03-29 15:48:05 +00:00 · 2021-03-28 18:54:16 +02:00
99 changed files with 1784 additions and 1403 deletions
--- a/.drone.yml
+++ b/.drone.yml
@@ -1,5 +1,27 @@
+---
+kind: secret
+name: docker_username
+get:
+  path: odit-registry-builder
+  name: username
+
+---
+kind: secret
+name: docker_password
+get:
+  path: odit-registry-builder
+  name: password
+
+---
+kind: secret
+name: git_ssh
+get:
+  path: odit-git-bot
+  name: sshkey
+
 ---
 kind: pipeline
+type: kubernetes
 name: tests:node_latest
 clone:
  disable: true
@@ -20,7 +42,7 @@ trigger:

 ---
 kind: pipeline
-type: docker
+type: kubernetes
 name: build:dev
 clone:
  disable: true
@@ -36,13 +58,14 @@ steps:
    depends_on: [clone]
    settings:
      username:
-        from_secret: DOCKER_REGISTRY_USER
+        from_secret: docker_username
      password:
-        from_secret: DOCKER_REGISTRY_PASSWORD
+        from_secret: docker_password
      repo: registry.odit.services/lfk/backend
      tags:
        - dev
      registry: registry.odit.services
+      mtu: 1000
  - name: run changelog export
    depends_on: ["clone"]
    image: node:latest
@@ -58,7 +81,7 @@ steps:
      author_email: bot@odit.services
      remote: git@git.odit.services:lfk/backend.git
      ssh_key:
-        from_secret: GITLAB_SSHKEY
+        from_secret: git_ssh
  - name: run full license export
    depends_on: ["clone"]
    image: node:14.15.1-alpine3.12
@@ -76,7 +99,7 @@ steps:
      remote: git@git.odit.services:lfk/backend.git
      skip_verify: true
      ssh_key:
-        from_secret: GITLAB_SSHKEY
+        from_secret: git_ssh


 trigger:
@@ -87,7 +110,7 @@ trigger:

 ---
 kind: pipeline
-type: docker
+type: kubernetes
 name: build:latest
 clone:
  disable: true
@@ -105,13 +128,14 @@ steps:
    image: plugins/docker
    settings:
      username:
-        from_secret: DOCKER_REGISTRY_USER
+        from_secret: docker_username
      password:
-        from_secret: DOCKER_REGISTRY_PASSWORD
+        from_secret: docker_password
      repo: registry.odit.services/lfk/backend
      tags:
        - latest
      registry: registry.odit.services
+      mtu: 1000
  - name: push merge to repo
    depends_on: ["clone"]
    image: appleboy/drone-git-push
@@ -120,7 +144,7 @@ steps:
      commit: false
      remote: git@git.odit.services:lfk/backend.git
      ssh_key:
-        from_secret: GITLAB_SSHKEY
+        from_secret: git_ssh

 trigger:
  branch:
@@ -130,7 +154,7 @@ trigger:

 ---
 kind: pipeline
-type: docker
+type: kubernetes
 name: build:tags

 steps:
@@ -139,13 +163,14 @@ steps:
    depends_on: [clone]
    settings:
      username:
-        from_secret: DOCKER_REGISTRY_USER
+        from_secret: docker_username
      password:
-        from_secret: DOCKER_REGISTRY_PASSWORD
+        from_secret: docker_password
      repo: registry.odit.services/lfk/backend
      tags:
        - '${DRONE_TAG}'
      registry: registry.odit.services
+      mtu: 1000
  - name: trigger node lib build
    image: idcooldi/drone-webhook
    settings:
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,12 +2,289 @@

 All notable changes to this project will be documented in this file. Dates are displayed in UTC.

+#### [v0.9.1](https://git.odit.services/lfk/backend/compare/v0.9.0...v0.9.1)
+
+- 🚀Bumped version to v0.9.1 [`a139554`](https://git.odit.services/lfk/backend/commit/a139554e059e9a10acb1733ce1a82b610cc99269)
+- Added query param to return created runenrcards [`5a36c8d`](https://git.odit.services/lfk/backend/commit/5a36c8dcae3d79b3b05ffb30a7ebb0d31dc8183a)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`0290b0e`](https://git.odit.services/lfk/backend/commit/0290b0e5f531364d37d8157e639614cf5a6b4189)
+- Merge pull request 'Return cards generated in bulk feature/180-blank_generation_return' (#181) from feature/180-blank_generation_return into dev [`0f7fa99`](https://git.odit.services/lfk/backend/commit/0f7fa990d473ce2dce032c47c39f79c1d0e8df90)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`58f4d21`](https://git.odit.services/lfk/backend/commit/58f4d2151f459bc72692cc70e02a59b77abfb9f0)
+- Added test for returnCards=true array length [`1cb2dc9`](https://git.odit.services/lfk/backend/commit/1cb2dc9d53b530435f5798f9cdf7ee866eb7416e)
+- Added test for single card generation with returnCards=true [`6005b06`](https://git.odit.services/lfk/backend/commit/6005b0661f1d5c461bb102e243cc209a8adc21fa)
+- Fixed copy-paste oversight [`2f568c9`](https://git.odit.services/lfk/backend/commit/2f568c9cb8ae39ce40ec8df6d9acbaf0d5ae1a26)
+
+#### [v0.9.0](https://git.odit.services/lfk/backend/compare/v0.8.0...v0.9.0)
+
+> 26 March 2021
+
+- Merge pull request 'Release 0.9.0' (#179) from dev into main [`95135dd`](https://git.odit.services/lfk/backend/commit/95135ddc893dcf64be67b47b0ef2b0d9041253bd)
+- Reenabled user tests [`4c66650`](https://git.odit.services/lfk/backend/commit/4c6665062fe6717242e43b58e66c1f1d030c018d)
+- Moved to tmp files to better check for other problems [`7a64f23`](https://git.odit.services/lfk/backend/commit/7a64f2393783f97a9729356bc1dfd831927dd312)
+- Added user creation invalid tests [`888cab5`](https://git.odit.services/lfk/backend/commit/888cab5898caf9e552c421346934bf90f717a653)
+- Updated auth test to comply with the new pw requirements [`63f6526`](https://git.odit.services/lfk/backend/commit/63f6526e4f59621edbf1fad59fc569b4bd6acbf2)
+- Added user deletion tests [`e6a8ebc`](https://git.odit.services/lfk/backend/commit/e6a8ebcb5b4f430254da4afe159141b21d8da0ed)
+- Added user creation valid tests [`383a809`](https://git.odit.services/lfk/backend/commit/383a8095b8286d51fb2fb24ae2fd0156230e56ab)
+- 📖New license file version [CI SKIP] [skip ci] [`bd7b81e`](https://git.odit.services/lfk/backend/commit/bd7b81efe795c02512c87f3b5dd5eec796580144)
+- Added password errors [`24c38cc`](https://git.odit.services/lfk/backend/commit/24c38cce26da41ccf375e1ccf04afa1868aad8df)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`274a146`](https://git.odit.services/lfk/backend/commit/274a146b9bccfe5e1a879ca137ebb4f51eaa5d57)
+- Fixed test params [`070560e`](https://git.odit.services/lfk/backend/commit/070560e8632e833dd26505c02ccb2474462b63ac)
+- No longer using createuser in seeding process [`96ba25e`](https://git.odit.services/lfk/backend/commit/96ba25ec6c6c397cd2aa322afa79024395f658fe)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`a7fe1e1`](https://git.odit.services/lfk/backend/commit/a7fe1e175918edd7a98983ece570b47075e85e9a)
+- 🚀Bumped version to v0.8.0 [`c23b4d9`](https://git.odit.services/lfk/backend/commit/c23b4d907f20ed7af37a6de6ea4c61433e30b29b)
+- 🚀Bumped version to v0.9.0 [`56a5f41`](https://git.odit.services/lfk/backend/commit/56a5f4168621263daeab5d2fda97b944cdc6ab31)
+- Merge pull request 'Password security feature/99-password_checks' (#177) from feature/99-password_checks into dev [`5a3fc5b`](https://git.odit.services/lfk/backend/commit/5a3fc5b2bd06b3e26177d017d3503f4f627be3f2)
+- Added pw errors to user controller [`b24e24f`](https://git.odit.services/lfk/backend/commit/b24e24ff7dd75d972cdab0fd1e2fe6c532ca2b2f)
+- Now checking password rules on user creation [`5daaa3a`](https://git.odit.services/lfk/backend/commit/5daaa3a73c4eca2817d67e226679d125928a3645)
+- Now checking password rules on user update [`48a87e8`](https://git.odit.services/lfk/backend/commit/48a87e8936e13c48f4baa3f4b10f781ad2f55a44)
+- Fixed pw not getting hashed currectly; [`cb3ea9b`](https://git.odit.services/lfk/backend/commit/cb3ea9b1ebb82c650abd83d4be8629cfe29a5b21)
+- Added pw errors to me controller [`9ce35d8`](https://git.odit.services/lfk/backend/commit/9ce35d8eb78a01f40af8c70e640eca3bcb142304)
+- Now forceing user deletion in tests [`8154e71`](https://git.odit.services/lfk/backend/commit/8154e715bbf18938bd5d1031656a88d39231fa81)
+- Added password checker dependency [`bd00f4f`](https://git.odit.services/lfk/backend/commit/bd00f4f8d585fb6878874810f7de0b8b9f3950d5)
+- Fixed empty object getting called [`5369000`](https://git.odit.services/lfk/backend/commit/536900091afd7366128f21058490d0d4f15c6c89)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`03d76e6`](https://git.odit.services/lfk/backend/commit/03d76e6d0bc5b4655f7f441232681c9462815526)
+- Formatting [`b8c28eb`](https://git.odit.services/lfk/backend/commit/b8c28ebb0808395218b5fb9031f477ae1d48e65e)
+
+#### [v0.8.0](https://git.odit.services/lfk/backend/compare/v0.7.1...v0.8.0)
+
+> 26 March 2021
+
+- Merge pull request 'Release 0.8.0' (#176) from dev into main [`3f8e8ce`](https://git.odit.services/lfk/backend/commit/3f8e8ce3a66a943801c0c8e17885e71feeee744f)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`c9bd6de`](https://git.odit.services/lfk/backend/commit/c9bd6de4762fec04e1e02cd3b667838d05ef39a7)
+- Merge pull request 'Selfservice deletion feature/174-selfservice_deletion' (#175) from feature/174-selfservice_deletion into dev [`e702118`](https://git.odit.services/lfk/backend/commit/e702118d4d80e362e41bb88c74343d50530d1338)
+- Added tests for the new endpoint [`20aeed8`](https://git.odit.services/lfk/backend/commit/20aeed87780247dc6401bba725801fc1874e50b5)
+- Removed param from test [`97159dd`](https://git.odit.services/lfk/backend/commit/97159dd9f81aed080c174a3eb8da9e66dfea9b10)
+- Added selfservice deletion endpoint [`dcb12b0`](https://git.odit.services/lfk/backend/commit/dcb12b0ac289f8df148ba10ae6389727c16f53fd)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`88844e1`](https://git.odit.services/lfk/backend/commit/88844e1a44d87a7dc253bf9aedf2fb3f6cdd1cfe)
+- Fixed response bug [`ccb7ae2`](https://git.odit.services/lfk/backend/commit/ccb7ae29a39387c0f2762861565dc22996a2493a)
+- Updated old hint [`dd12583`](https://git.odit.services/lfk/backend/commit/dd1258333ef67243f8a8df97c176ec5a054a5e3b)
+
+#### [v0.7.1](https://git.odit.services/lfk/backend/compare/v0.7.0...v0.7.1)
+
+> 26 March 2021
+
+- Merge pull request 'Release 0.7.1' (#173) from dev into main [`e76a9ce`](https://git.odit.services/lfk/backend/commit/e76a9cef956b00de7bbb11b6d863d4f33e3d5a34)
+- Revert "Set timeout even higher b/c sqlite just kills itself during these tests" [`f159252`](https://git.odit.services/lfk/backend/commit/f159252651942e442026dbcaae09b242e05d8204)
+- Set timeout even higher b/c sqlite just kills itself during these tests [`6ab6099`](https://git.odit.services/lfk/backend/commit/6ab60998d4f716aded93bb3b5d15594fc5e0434a)
+- Adjusted jest timeout to mitigate sqlite from invalidateing all tests⏱ [`30d220b`](https://git.odit.services/lfk/backend/commit/30d220bc36a28f224406e49ed27ff3f6b4f409e9)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`963253c`](https://git.odit.services/lfk/backend/commit/963253cbc84ed07af13ed0925952ec1b7dcc53ad)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`3ef3a94`](https://git.odit.services/lfk/backend/commit/3ef3a94b20c1abf6fd2f19472e5f448b4c72bd7f)
+- 🚀Bumped version to v0.7.1 [`135852e`](https://git.odit.services/lfk/backend/commit/135852eb9a91010a4ab972ba9efc7b71dfe4d68f)
+- Merge pull request 'RESPONSERUNNERCARD fix bugfix/171-responserunnercards' (#172) from bugfix/171-responserunnercards into dev [`539a650`](https://git.odit.services/lfk/backend/commit/539a6509b17cfd373eef8e443eaa7d41168ac7a9)
+- Now resolveing runnercards [`24aff3b`](https://git.odit.services/lfk/backend/commit/24aff3bac458a9886ca40163484bc72733dc766a)
+- Tests now keep the group [`f3d73d5`](https://git.odit.services/lfk/backend/commit/f3d73d53467a4d00011d280c24e1e12fbb8e443d)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`ce63043`](https://git.odit.services/lfk/backend/commit/ce63043887769e1f92a8c064d6647e0deb81b7fa)
+
+#### [v0.7.0](https://git.odit.services/lfk/backend/compare/v0.6.4...v0.7.0)
+
+> 23 March 2021
+
+- Merge pull request 'Release 0.7.0' (#170) from dev into main [`e40017a`](https://git.odit.services/lfk/backend/commit/e40017a6b88d83d5bfc57ff4603abeaca7a9a37b)
+- Added bulk card creation tests [`438ff0f`](https://git.odit.services/lfk/backend/commit/438ff0fc3f246f83b1fa04cb11828f4a61dfcd1e)
+- Added new "bulk" endpoint [`c1bbda5`](https://git.odit.services/lfk/backend/commit/c1bbda51f067cbd9ac1a9a5378ae3f5d7b9f4eca)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`7a49e7c`](https://git.odit.services/lfk/backend/commit/7a49e7c5c98eb23af1cd0d2084914641e9a1bf90)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`e843a46`](https://git.odit.services/lfk/backend/commit/e843a464e747c0d41280484cb54495cb2de2a9e8)
+- 🚀Bumped version to v0.7.0 [`d0ae50d`](https://git.odit.services/lfk/backend/commit/d0ae50d5579e969ad33d6b9cfd66dac7fa472223)
+- Merge pull request 'Bulk card creation feature/168-runnercards_bulk' (#169) from feature/168-runnercards_bulk into dev [`1dd6420`](https://git.odit.services/lfk/backend/commit/1dd64204cc63fb1a8a4a4aa503c21da42945eafd)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`4705a39`](https://git.odit.services/lfk/backend/commit/4705a39aabaad894d332a5062df03840c23c6bfa)
+
+#### [v0.6.4](https://git.odit.services/lfk/backend/compare/v0.6.3...v0.6.4)
+
+> 19 March 2021
+
+- Merge pull request 'Release 0.6.4' (#167) from dev into main [`4d721f6`](https://git.odit.services/lfk/backend/commit/4d721f62d9a5f6a1361ef2811a3a2ff63011b2ad)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`b0328ff`](https://git.odit.services/lfk/backend/commit/b0328ffdaffc8ef2e6e01e808c29748f58f42cac)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`cc6568c`](https://git.odit.services/lfk/backend/commit/cc6568c3810fed3ff2597df0db73a6ca9e072413)
+- 🚀Bumped version to v0.6.4 [`031cede`](https://git.odit.services/lfk/backend/commit/031cede5426742dc3c2b9dc6b049951d7c14871c)
+- Adjsuted endpoint [`3c69f8c`](https://git.odit.services/lfk/backend/commit/3c69f8c4a824e588977b06dbb45119cccb03c6bc)
+
+#### [v0.6.3](https://git.odit.services/lfk/backend/compare/v0.6.2...v0.6.3)
+
+> 18 March 2021
+
+- Merge pull request 'Release 0.6.3' (#165) from dev into main [`a3a1395`](https://git.odit.services/lfk/backend/commit/a3a1395a46d7970cff1b8cc2e84306a97791ed88)
+- The basic bugfix 🐞 [`fbdadbe`](https://git.odit.services/lfk/backend/commit/fbdadbef1f9eb835e1914e8d3770cca836b4c443)
+- The basic bugfix 🐞 [`c87c97c`](https://git.odit.services/lfk/backend/commit/c87c97c90f5e1229f92671b1f2ebe1fa0d2307cd)
+- Updated tests 🧪 [`f347b7a`](https://git.odit.services/lfk/backend/commit/f347b7ad4982ed3760117c08e11dca5c3f72d495)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`3f9a704`](https://git.odit.services/lfk/backend/commit/3f9a7049e31a6948125a07e847233b804f27ba31)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`b08acc6`](https://git.odit.services/lfk/backend/commit/b08acc666035ed766cc6ccfa9a410a54db4d7321)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`a6bca59`](https://git.odit.services/lfk/backend/commit/a6bca59ffe06a37f03af21500c442cebeaa74c7e)
+- 🚀Bumped version to v0.6.3 [`7a303c2`](https://git.odit.services/lfk/backend/commit/7a303c2b2c267d6dd566b1470649e65bc1c1b2ee)
+- Merge pull request 'TrackScan Update bug 🐞bugfix/163-trackscan_updates' (#164) from bugfix/163-trackscan_updates into dev [`6249419`](https://git.odit.services/lfk/backend/commit/6249419fae22e0203c046c1a3cd82c07f94f510c)
+
+#### [v0.6.2](https://git.odit.services/lfk/backend/compare/v0.6.1...v0.6.2)
+
+> 17 March 2021
+
+- Merge pull request 'Release 0.6.2' (#162) from dev into main [`732a1b8`](https://git.odit.services/lfk/backend/commit/732a1b88d916720ea82cd4b192fc696640ade2aa)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`fcb43f9`](https://git.odit.services/lfk/backend/commit/fcb43f92b0b7a8fa2ed3772357c3eab8e6564eef)
+- Fixed trackscan vaildation [`a8ea4fa`](https://git.odit.services/lfk/backend/commit/a8ea4fa659732ca2c922fc3c75d2238be2feb5c7)
+- Added comments✏ [`289f9e2`](https://git.odit.services/lfk/backend/commit/289f9e219692789f86c631f52c67b578216acb48)
+- Added comments✏ [`937a9fa`](https://git.odit.services/lfk/backend/commit/937a9fad4d8914b83fc6300f776c0720b756a9f4)
+- Removed duplicate openapi declarations 🗑 [`c8882ae`](https://git.odit.services/lfk/backend/commit/c8882ae6a18188a9c98a237dd594548ebac6f460)
+- Now defining security per endpoint 🔐 [`d709ee7`](https://git.odit.services/lfk/backend/commit/d709ee74795b785599cda50b4351bd566a0b8573)
+- Changed the method of getting a parameter from the headers🛠 [`1d38d30`](https://git.odit.services/lfk/backend/commit/1d38d308ad8ae00d67c2b807b584da4f00bd9a58)
+- Now auto-etting the station token🔥🔥🔥 [`aae042c`](https://git.odit.services/lfk/backend/commit/aae042c041e325626b89b146d005e900bd880453)
+- Marked station as optional (quality of life improvements incoming) [`1f32ed0`](https://git.odit.services/lfk/backend/commit/1f32ed0727cb1117e5d201b5530b2f2d7f0323d8)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`4c960fe`](https://git.odit.services/lfk/backend/commit/4c960feeb22f819d1c618ced73f5799a3c7e4f00)
+- Fixed missing renameing🛠 [`0ed7f78`](https://git.odit.services/lfk/backend/commit/0ed7f78b2c284909d47fa0533424c279adef0ba3)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`c1dd451`](https://git.odit.services/lfk/backend/commit/c1dd4518d128edd8b8e36981a513744471241a25)
+- 🚀Bumped version to v0.6.2 [`5ba8f1d`](https://git.odit.services/lfk/backend/commit/5ba8f1dd4451c1a1b38fdd36cf632c9e6efa829c)
+- Merge pull request 'Bugfixes for trackscans feature/160-responseTrackScan_total_distance' (#161) from feature/160-responseTrackScan_total_distance into dev [`3d3790c`](https://git.odit.services/lfk/backend/commit/3d3790c2eb6a92bb5b1d2c7e44c75aef4e1b015f)
+- Fixed wrong error type 👀👀 [`1fa3fa7`](https://git.odit.services/lfk/backend/commit/1fa3fa75ee447b9919585e02c7997e3f1de9c8a7)
+- Added missing discription [`673e896`](https://git.odit.services/lfk/backend/commit/673e896aa3dc853b301a2e560e785c464a449b6f)
+
+#### [v0.6.1](https://git.odit.services/lfk/backend/compare/v0.6.0...v0.6.1)
+
+> 17 March 2021
+
+#### [v0.6.0](https://git.odit.services/lfk/backend/compare/v0.5.0...v0.6.0)
+
+> 17 March 2021
+
+- Merge pull request 'Release v0.6.0' (#159) from dev into main [`bdc7bb6`](https://git.odit.services/lfk/backend/commit/bdc7bb67e7e21769d95a762c3b6dfbf82e7e38d0)
+- 📖New license file version [CI SKIP] [skip ci] [`5f5c8a0`](https://git.odit.services/lfk/backend/commit/5f5c8a061eb94361e4cd02e9a6469194a9092513)
+- As requested by @philpp [`2cb7ec7`](https://git.odit.services/lfk/backend/commit/2cb7ec7317d8a48364261506facb2c11c7cf895f)
+- Updated ci with new kubernetes secrets 🚀🚀🚀 [`5541ae6`](https://git.odit.services/lfk/backend/commit/5541ae6ebd7f36f4482ae752f358102a18b95de0)
+- Added selfservice forgott positive tests [`bf1ec97`](https://git.odit.services/lfk/backend/commit/bf1ec976e3732b6ac052a55a51ee2ee18a8b1d3d)
+- Added all "negative" tests [`d0a7e34`](https://git.odit.services/lfk/backend/commit/d0a7e34de8095fca282adefff01fa5f72e7cdba3)
+- Added mailer functions [`8376513`](https://git.odit.services/lfk/backend/commit/83765136ccacd82ba6a8f9fb43eed78191ee0aa5)
+- Added tests for the new endpoint [`757332e`](https://git.odit.services/lfk/backend/commit/757332ed2b3325d8730ef1b284ac6ba40356df93)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`e4ed20d`](https://git.odit.services/lfk/backend/commit/e4ed20da3e0a9e32a2e4664d50f316f9131564f0)
+- Added first selfservice forgotten test [`a95a9b4`](https://git.odit.services/lfk/backend/commit/a95a9b4ec4a3012a91f6f622cfb9f5bff3376344)
+- Created basic endpoint for user forgotten mails [`d709971`](https://git.odit.services/lfk/backend/commit/d7099717c2eee8aaf1b580345717cc5acc06dbd2)
+- Implemented the "real" errors [`e26b7d4`](https://git.odit.services/lfk/backend/commit/e26b7d4923777a3013368e29c122709de7e1d9da)
+- Runner controller now uses the Mailer functions [`a343747`](https://git.odit.services/lfk/backend/commit/a3437475caf6b435ae4bdf6d48aeb7da7d43b25f)
+- Added scanstation me endpoint [`c5178e0`](https://git.odit.services/lfk/backend/commit/c5178e01814cedaa4402773b10f24d186714c1d2)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`54988ba`](https://git.odit.services/lfk/backend/commit/54988ba0fe012ce87d44c9068f7546a9be73723c)
+- Added last reset requested timestamp to runners [`66d6023`](https://git.odit.services/lfk/backend/commit/66d6023335c7a9d1a145c4189b610940ef5a525a)
+- Scanauth return objects [`46b7ace`](https://git.odit.services/lfk/backend/commit/46b7aceb0b86b03688faf0ec6661e4c9fbc6115c)
+- Revert "Switched normal images to chached registry" [`ca6fa63`](https://git.odit.services/lfk/backend/commit/ca6fa633a156a265d8f643a5f23090b6ab32260d)
+- Switched normal images to chached registry [`cba4455`](https://git.odit.services/lfk/backend/commit/cba4455d53f9a39b6f9993c36b5abd281201dfa1)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`a7958ee`](https://git.odit.services/lfk/backend/commit/a7958eecd65116ab937f640cbebcae1962cb86c8)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`076aa87`](https://git.odit.services/lfk/backend/commit/076aa87dba1d6fc544e76c16f99c64d37fc82ea0)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`486e450`](https://git.odit.services/lfk/backend/commit/486e450a58d3671dc867ae1a99d052d9fe814c1a)
+- Updated request timeout [`ffcd45e`](https://git.odit.services/lfk/backend/commit/ffcd45e5724fccdec9b1dbc48f1320525dcd7288)
+- Added testing env check [`3f37212`](https://git.odit.services/lfk/backend/commit/3f372123fd2e1fae467e9cb20985de1eeb9f6a57)
+- 🚀Bumped version to v0.6.1 [`ce3ca9f`](https://git.odit.services/lfk/backend/commit/ce3ca9f1c86a6fe72e4dd77e3a0d60bf1e1bf542)
+- 🚀Bumped version to v0.6.0 [`623b5a1`](https://git.odit.services/lfk/backend/commit/623b5a1873afa73a984251543995b7da1cfdb5c9)
+- Merge pull request 'Scanstation "me" endpoint feature/157-scanstation_me' (#158) from feature/157-scanstation_me into dev [`13e8399`](https://git.odit.services/lfk/backend/commit/13e839902c063057e902fdb52b403be081d1667e)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`a1a94ec`](https://git.odit.services/lfk/backend/commit/a1a94ec9dafecd9b4c453cc8cfe32c2e90acccf5)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`d5930f7`](https://git.odit.services/lfk/backend/commit/d5930f7c46f4fc8ed56b6eeec9f784d435fd3b2b)
+- Changed ci pipeline type to kubernetes [`6c43872`](https://git.odit.services/lfk/backend/commit/6c43872198c3dba44b3af3a7cfc7b628d5b304a3)
+- Mailer now ignores mailing erros when env is set to test [`6bb3ae8`](https://git.odit.services/lfk/backend/commit/6bb3ae8ba992bd6c4d5809d75a264c710999cdcf)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`bf71e35`](https://git.odit.services/lfk/backend/commit/bf71e35ecd333d888d63213d69b04fc681a9d0bd)
+- Adjusted tests for the new testing env [`9292027`](https://git.odit.services/lfk/backend/commit/92920273bec409563d1e38ea27f4d30f893598e8)
+- Applied Docker MTU fix 🛠 [`f7af777`](https://git.odit.services/lfk/backend/commit/f7af77710421d7aae5efb048e0622cd067fc20eb)
+- Updated description [`94001a4`](https://git.odit.services/lfk/backend/commit/94001a48f1b314e91ea5ec982e5585124f9541b6)
+- Now adding station id to headers of request for scan auth [`8ba7ee1`](https://git.odit.services/lfk/backend/commit/8ba7ee1d481e44e686489e237980b21aaaf6071c)
+- Merge pull request 'selfservice forgotten mails feature/154-selfservice_forgotten' (#155) from feature/154-selfservice_forgotten into dev [`cb6e78f`](https://git.odit.services/lfk/backend/commit/cb6e78fc176ec9efe94311b64286020b3c5bf633)
+- Changed endpoint url to avoid conflicts [`e5dab34`](https://git.odit.services/lfk/backend/commit/e5dab3469c3cef6298fc8deb1192a38f7d18406b)
+- Added console logging when a testing env get's discovered [`c01233b`](https://git.odit.services/lfk/backend/commit/c01233b4d663aefece26dbb86f8b6bcd5c916325)
+- Added not found error logic [`e7f0cb4`](https://git.odit.services/lfk/backend/commit/e7f0cb45c9ac3aa06e2a57786aa1cc51c9d66598)
+- Updated to new responsetype [`08957d4`](https://git.odit.services/lfk/backend/commit/08957d4dc2951cfeec56a54680c2ae4ef1525ab2)
+- Added readme description for testing env [`cedc175`](https://git.odit.services/lfk/backend/commit/cedc1750c21ad256c3337f293f06e894e2c2ef9f)
+- Renamed test [`1d762f5`](https://git.odit.services/lfk/backend/commit/1d762f56628eff47f4e1a910c7152bd0158283bd)
+
+#### [v0.5.0](https://git.odit.services/lfk/backend/compare/v0.4.6...v0.5.0)
+
+> 4 March 2021
+
+- Merge pull request 'Alpha Release 0.5.0' (#153) from dev into main [`64da0ea`](https://git.odit.services/lfk/backend/commit/64da0eadb313f3bd3ae20a66bcaf4401528008d9)
+- Removed mail templates [`c2fdfee`](https://git.odit.services/lfk/backend/commit/c2fdfeed4f5fc454b02bc4b198965889c173bbaa)
+- Removed mail config [`0342757`](https://git.odit.services/lfk/backend/commit/0342757d929b12635c88e74f17495df656865b1a)
+- Added selfservice scan response class [`6074ac5`](https://git.odit.services/lfk/backend/commit/6074ac5b3a8e43fd98394c1fb70c6e1dea8fcd5e)
+- Removed old mailer code [`0fcc729`](https://git.odit.services/lfk/backend/commit/0fcc729b56430f0fdb56242857aa1d883d5a4866)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`5272829`](https://git.odit.services/lfk/backend/commit/52728290b477d3f90ee7c14e0d438c4c74415322)
+- Added the new mailer code [`1551a44`](https://git.odit.services/lfk/backend/commit/1551a444babc025cde6e894c66d2be2c84ab26da)
+- Removed (now useless) mail controller [`485c247`](https://git.odit.services/lfk/backend/commit/485c247cd3305c4c4422d5582b1d61cc7af84989)
+- Trackscans now have a laptime that get's calculated on creation [`aa83373`](https://git.odit.services/lfk/backend/commit/aa833736d32993b1656abeeb02a4f8b021ec6252)
+- Removed useless functions and updated comments [`ada6798`](https://git.odit.services/lfk/backend/commit/ada679823cda8bc31d45c0ff6905f3d270cfd729)
+- Added new selfservice scans endpoint [`771a205`](https://git.odit.services/lfk/backend/commit/771a205fe634fc5c07e794b3245c59483ff14bd8)
+- Updated mail errors [`f289afd`](https://git.odit.services/lfk/backend/commit/f289afd8bc47f6eae9f12f765322b2db974ba918)
+- Laptime is now a part of the response [`a2c97a1`](https://git.odit.services/lfk/backend/commit/a2c97a11a3dc82543076e3844f20d1218943bbf9)
+- Updated readme env section [`db58a28`](https://git.odit.services/lfk/backend/commit/db58a280b3792b768eb2b1c82a76d9a9836978b1)
+- Added locale to pw reset endpoint [`a5d2a6e`](https://git.odit.services/lfk/backend/commit/a5d2a6ecd31dc9c186d4201aef5c52e34cbef3b5)
+- Now using mailer as static funtion [`9a1678a`](https://git.odit.services/lfk/backend/commit/9a1678acf0929dab9f84bd2c6a961b52e36172ce)
+- Updated readme env section [`149f3a8`](https://git.odit.services/lfk/backend/commit/149f3a83b2e9d59bfbf36c7ea9e27bc7f514856d)
+- Now checking for mails being set [`bb9bad6`](https://git.odit.services/lfk/backend/commit/bb9bad6d90370e768d4baffaae23ec756cc8353b)
+- Updated auth reset test for new mailer [`ae7d617`](https://git.odit.services/lfk/backend/commit/ae7d6176902699f82ea127194908ee360233e7b4)
+- Added scans returns 200 test [`82c65b6`](https://git.odit.services/lfk/backend/commit/82c65b632cdf44165b083494702b836c74e46a41)
+- 🚀Bumped version to v0.4.7 [`f1d85cf`](https://git.odit.services/lfk/backend/commit/f1d85cfb855c2aae581ade69751b3969ce38f020)
+- Now generateing bs mailer config in test env [`bf6b701`](https://git.odit.services/lfk/backend/commit/bf6b70106eb735d9ad6f6ad89f09194680af5ae1)
+- Added new mailer settings to config [`ddea02d`](https://git.odit.services/lfk/backend/commit/ddea02db574cc348685558f3fa3ecc84adbd6b65)
+- 🚀Bumped version to v0.5.0 [`3f2a2d2`](https://git.odit.services/lfk/backend/commit/3f2a2d292979c7f8162d92465b60b220f2634e7a)
+- Merge pull request 'Features for the new selfservice feature/151-selfservice_scans_mails' (#152) from feature/151-selfservice_scans_mails into dev [`15356c1`](https://git.odit.services/lfk/backend/commit/15356c1030988d03e3739f3ffe770669789759f2)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`be397c8`](https://git.odit.services/lfk/backend/commit/be397c8899d5b4406c17e8f9951555c54f852901)
+- Promoted axios to dependency [`a9e06c9`](https://git.odit.services/lfk/backend/commit/a9e06c905537b6da24706389e304e825a33a28ad)
+- Removed nodemailer from backend [`5833f42`](https://git.odit.services/lfk/backend/commit/5833f4218f9a4c97b69021814df92470a1816917)
+- Added another resonse type [`030b225`](https://git.odit.services/lfk/backend/commit/030b2255d42aab21d8974fc3a7235285934d53b7)
+- Added new selfservice response type [`f7f6df4`](https://git.odit.services/lfk/backend/commit/f7f6df41ff74708482db3ea2db717ffb562131c0)
+
+#### [v0.4.6](https://git.odit.services/lfk/backend/compare/v0.4.5...v0.4.6)
+
+> 26 February 2021
+
+- Merge pull request 'Alpha Release 0.4.6' (#148) from dev into main [`dd3c927`](https://git.odit.services/lfk/backend/commit/dd3c9275d60cb5bb1a40fbe91f666f17a8e0c8d3)
+- Added tests for the new org selfservice endpoints [`28ef139`](https://git.odit.services/lfk/backend/commit/28ef139a70e0c063982b2eb9167b7abe41db1621)
+- Added selfservice org response model [`ba3b5ee`](https://git.odit.services/lfk/backend/commit/ba3b5eeefc45f9bd94aef24f9f509f6835f5ea7c)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`764b7ff`](https://git.odit.services/lfk/backend/commit/764b7ffe00086248e1f1cccb265ca920a568c0a0)
+- Merge pull request 'Fixed wrong body acceptance type' (#150) from bugfix/146-usergroup_update into dev [`d870b2f`](https://git.odit.services/lfk/backend/commit/d870b2fd01b11b1732fcbb6feecaf6a6155fa702)
+- Added selfservice team response model [`ba396e0`](https://git.odit.services/lfk/backend/commit/ba396e0eba15647b3004437a5a9949c7a69e828d)
+- 📖New license file version [CI SKIP] [skip ci] [`bce8811`](https://git.odit.services/lfk/backend/commit/bce8811925e7f77c64fc507d55335ac45b0e5572)
+- 📖New license file version [CI SKIP] [skip ci] [`b1fced7`](https://git.odit.services/lfk/backend/commit/b1fced77640b6c26438331474f368f2b0708b672)
+- Added selfservice org info endpoint [`656f63d`](https://git.odit.services/lfk/backend/commit/656f63dfd5fdbe13554fc98440e416be7e56d909)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`c0cafb4`](https://git.odit.services/lfk/backend/commit/c0cafb4d510116773fed12592cad1efc2ef09f38)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`09fe47b`](https://git.odit.services/lfk/backend/commit/09fe47b9aaac47b65d4e910ef89d558c47fd7364)
+- Fixed wrong body acceptance type [`aaec09d`](https://git.odit.services/lfk/backend/commit/aaec09d2ab08a76e9d367fdfefc01cea5588f1b9)
+- Pinned package version to avoid dependency conflicts 📌 [`39ebfbf`](https://git.odit.services/lfk/backend/commit/39ebfbf0b633ecc479a33fdf851cd6550616bfee)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`3736b29`](https://git.odit.services/lfk/backend/commit/3736b29e5435abb05de03e5d99d9adb438cd7d7e)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`305fa00`](https://git.odit.services/lfk/backend/commit/305fa0078d44b39b0391e84ba67b048285cf77b9)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`3afc207`](https://git.odit.services/lfk/backend/commit/3afc207903c9cf1e62e6f4a62601b4213f608192)
+- Quick bugfix [`5d6c8c9`](https://git.odit.services/lfk/backend/commit/5d6c8c957acd098a20e674ce5529f60cbc9f4151)
+- 🚀Bumped version to v0.4.6 [`b4acd15`](https://git.odit.services/lfk/backend/commit/b4acd157fc075154a60946c1ee8876ee5f5dfbee)
+- Merge pull request 'New org selfservice endpoint feature/146-more_selfservice_endpoints' (#147) from feature/146-more_selfservice_endpoints into dev [`45d61b4`](https://git.odit.services/lfk/backend/commit/45d61b487e8e6fdd8e00c184a08c9d6e34a1b6bf)
+- Added new response types [`3c11d88`](https://git.odit.services/lfk/backend/commit/3c11d88557a2612bf4320ff669323bc048634e94)
+
+#### [v0.4.5](https://git.odit.services/lfk/backend/compare/v0.4.4...v0.4.5)
+
+> 9 February 2021
+
+- Merge pull request 'Alpha release 0.4.5' (#145) from dev into main [`a46d142`](https://git.odit.services/lfk/backend/commit/a46d14278b9a084ca54f8f90e5e70b04739c2dd7)
+- 🚀Bumped version to v0.4.5 [`cc869f6`](https://git.odit.services/lfk/backend/commit/cc869f69add1f1a175ff94510d52888f81bccb69)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`680ae8e`](https://git.odit.services/lfk/backend/commit/680ae8ebbb39d103085fe1fe8781d71b3c3ed055)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`b9aac71`](https://git.odit.services/lfk/backend/commit/b9aac7167681ff0945e538dd177abd6f97771bf2)
+- Merge pull request 'usergroups/permissions endpoint feature/143-usergroup_permissions_endpoint' (#144) from feature/143-usergroup_permissions_endpoint into dev [`a30a342`](https://git.odit.services/lfk/backend/commit/a30a342e00ba944f8014044bba28141c0657a17f)
+- Implemented /groups/permissions endpoint [`0c9867d`](https://git.odit.services/lfk/backend/commit/0c9867d70616615c8f3c72bbec37a4441e4868ef)
+- Now all /usergroups endpoints return ResponseUserGroup [`bdcfce8`](https://git.odit.services/lfk/backend/commit/bdcfce88cbe069f9ba1925fcaac06367a109d2b7)
+- The ResponseUserGroup now returns their permisssions as a string array [`416f2a1`](https://git.odit.services/lfk/backend/commit/416f2a1366c570998011d022ebd7f5f44276b2c9)
+- The ResponseUserGroup now returns their permisssions as a string array [`5e353db`](https://git.odit.services/lfk/backend/commit/5e353db2061c30b4d10965c47f0dcbecb7f59fc5)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`8379c3e`](https://git.odit.services/lfk/backend/commit/8379c3e29c45f0d7c4c84bce1f3abc718158fa84)
+
+#### [v0.4.4](https://git.odit.services/lfk/backend/compare/v0.4.3...v0.4.4)
+
+> 9 February 2021
+
+- Merge pull request 'Alpha release 0.4.4' (#142) from dev into main [`c4edcca`](https://git.odit.services/lfk/backend/commit/c4edccace78765dd5caa0f0e79c52f07c8a3568e)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`ca3d093`](https://git.odit.services/lfk/backend/commit/ca3d093e54bfaaa77c97e96738a74eeb25aee440)
+- Now loading runner's group's parentgroup with every runner controller request [`701706c`](https://git.odit.services/lfk/backend/commit/701706c0289b357439608b4e2eaa66c617d16e9d)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`74de655`](https://git.odit.services/lfk/backend/commit/74de6559d7c5e8c6d257d41dc91396b53bf0c071)
+- The group/runners endpoints now also deliver the runner's group's parentGroup [`906a1dc`](https://git.odit.services/lfk/backend/commit/906a1dc9e79ea4eb298a561cf98e6ae42b3ae4ec)
+- 🚀Bumped version to v0.4.4 [`a6f73c7`](https://git.odit.services/lfk/backend/commit/a6f73c733c8cfc8d84beb7e0bbd5bcd1313df9d0)
+- Merge pull request 'Expanded runner response feature/140-runner_group_parent' (#141) from feature/140-runner_group_parent into dev [`28cfbaa`](https://git.odit.services/lfk/backend/commit/28cfbaa6624d0bc65e2a9b72ffed17060e828735)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`09bbc70`](https://git.odit.services/lfk/backend/commit/09bbc70f5fd1f026148be07fe889a6907bc3f75a)
+- Adjusted test for the new response depth [`90e1ad7`](https://git.odit.services/lfk/backend/commit/90e1ad7db72732d13002c87461c33560b74befa6)
+- Adjusted test for the new response depth [`5872c63`](https://git.odit.services/lfk/backend/commit/5872c6335be573d849cdc3746b261c6cf476c3de)
+
 #### [v0.4.3](https://git.odit.services/lfk/backend/compare/v0.4.2...v0.4.3)

+> 7 February 2021
+
+- Merge pull request 'Alpha Release 0.4.3' (#139) from dev into main [`dd9cb6d`](https://git.odit.services/lfk/backend/commit/dd9cb6d3ef60cb118391abc2ba17fd0f83db0b1c)
 - 🚀Bumped version to v0.4.3 [`656d564`](https://git.odit.services/lfk/backend/commit/656d564baa8c8bf1f63523b0301ad9ff23e08aa4)
- 🧾New changelog file version [CI SKIP] [skip ci] [`f3f5cb4`](https://git.odit.services/lfk/backend/commit/f3f5cb462e4ecf932ad55eb519815222b4e5dd17)
- Merge pull request 'Bugfix for @lfk/frontend/#43' (#138) from bugfix/118-encode_jwt_in_mail into dev [`9959172`](https://git.odit.services/lfk/backend/commit/9959172f2ae11cbb7a2b8e97bad432956fc70a80)
 - Bugfix for @lfk/frontend/#43 [`8f0a396`](https://git.odit.services/lfk/backend/commit/8f0a396dd07937fb7ccfb345d1acbac86eb5d9bb)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`f3f5cb4`](https://git.odit.services/lfk/backend/commit/f3f5cb462e4ecf932ad55eb519815222b4e5dd17)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`23c732b`](https://git.odit.services/lfk/backend/commit/23c732b6905cc9f6479a53a7744b72d01e345ecb)
+- Merge pull request 'Bugfix for @lfk/frontend/#43' (#138) from bugfix/118-encode_jwt_in_mail into dev [`9959172`](https://git.odit.services/lfk/backend/commit/9959172f2ae11cbb7a2b8e97bad432956fc70a80)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`a18d4d3`](https://git.odit.services/lfk/backend/commit/a18d4d3cee58f8eb9dc428b051a2394bd3ece5c2)

 #### [v0.4.2](https://git.odit.services/lfk/backend/compare/v0.4.1...v0.4.2)
--- a/README.md
+++ b/README.md
@@ -49,7 +49,7 @@ yarn docs

 ## ENV Vars
 > You can provide them via .env file or docker env vars.
-> You can use the `test:ci:generate_env` package script to generate a example env (uses [ethereal.email](https://ethereal.email) as the mailserver).
+> You can use the `test:ci:generate_env` package script to generate a example env (uses bs data as test server and ignores the errors).

 | Name | Type | Default | Description
 | - | - | - | -
@@ -60,15 +60,12 @@ yarn docs
 | DB_USER | String | N/A | The user for accessing the db
 | DB_PASSWORD | String | N/A | The user's password for accessing the db
 | DB_NAME | String | N/A | The db's name
-| NODE_ENV | String | dev | The apps env - influences debug info.
+| NODE_ENV | String | dev | The apps env - influences debug info. Also when the env is set to "test", mailing errors get ignored.
 | POSTALCODE_COUNTRYCODE | String/CountryCode | N/A | The countrycode used to validate address's postal codes
 | PHONE_COUNTRYCODE | String/CountryCode | null (international) | The countrycode used to validate phone numers
 | SEED_TEST_DATA | Boolean | False | If you want the app to seed some example data set this to true
-| MAIL_SERVER | String | N/A | The smtp server's ip-address/fqdn
-| MAIL_PORT | String | N/A | The smtp server's port
-| MAIL_USER | String | N/A | The username for sending mails
-| MAIL_PASSWORD | String | N/A | The user's password for sending mails
-| MAIL_FROM | String | N/A | The from-address for sending mails
+| MAILER_URL | String(Url) | N/A | The mailer's base url (no trailing slash)
+| MAILER_KEY | String | N/A | The mailer's api key.
 | IMPRINT_URL | String(Url) | /imprint | The link to a imprint page for the system (Defaults to the frontend's imprint)
 | PRIVACY_URL | String(Url) | /privacy | The link to a privacy page for the system (Defaults to the frontend's privacy page)

--- a/licenses.md
+++ b/licenses.md
@@ -57,6 +57,33 @@ SOFTWARE.

 

+# axios
+**Author**: Matt Zabriskie
+**Repo**: [object Object]
+**License**: MIT
+**Description**: Promise based HTTP client for the browser and node.js
+## License Text
+Copyright (c) 2014-present Matt Zabriskie
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+ 
+
 # body-parser
 **Author**: undefined
 **Repo**: expressjs/body-parser
@@ -88,6 +115,35 @@ TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
 SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 

+# check-password-strength
+**Author**: deanilvincent
+**Repo**: [object Object]
+**License**: MIT
+**Description**: A NPM Password strength checker based from Javascript RegExp. Check passphrase if it's "Weak", "Medium" or "Strong"
+## License Text
+MIT License
+
+Copyright (c) 2020 Mark Deanil Vicente
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+ 
+
 # class-transformer
 **Author**: [object Object]
 **Repo**: [object Object]
@@ -390,30 +446,6 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 ## License Text
 

-# nodemailer
-**Author**: Andris Reinman
-**Repo**: [object Object]
-**License**: MIT
-**Description**: Easy as cake e-mail sending from your Node.js applications
-## License Text
-Copyright (c) 2011-2019 Andris Reinman
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
- 
-
 # pg
 **Author**: Brian Carlson <brian.m.carlson@gmail.com>
 **Repo**: [object Object]
@@ -865,35 +897,6 @@ OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
    SOFTWARE
 

-# @types/nodemailer
-**Author**: undefined
-**Repo**: [object Object]
-**License**: MIT
-**Description**: TypeScript definitions for Nodemailer
-## License Text
-    MIT License
-
-    Copyright (c) Microsoft Corporation. All rights reserved.
-
-    Permission is hereby granted, free of charge, to any person obtaining a copy
-    of this software and associated documentation files (the "Software"), to deal
-    in the Software without restriction, including without limitation the rights
-    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-    copies of the Software, and to permit persons to whom the Software is
-    furnished to do so, subject to the following conditions:
-
-    The above copyright notice and this permission notice shall be included in all
-    copies or substantial portions of the Software.
-
-    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-    SOFTWARE
- 
-
 # @types/uuid
 **Author**: undefined
 **Repo**: [object Object]
@@ -923,33 +926,6 @@ OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
    SOFTWARE
 

-# axios
-**Author**: Matt Zabriskie
-**Repo**: [object Object]
-**License**: MIT
-**Description**: Promise based HTTP client for the browser and node.js
-## License Text
-Copyright (c) 2014-present Matt Zabriskie
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
- 
-
 # cp-cli
 **Author**: undefined
 **Repo**: [object Object]
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@odit/lfk-backend",
-  "version": "0.4.3",
+  "version": "0.9.1",
  "main": "src/app.ts",
  "repository": "https://git.odit.services/lfk/backend",
  "author": {
@@ -24,7 +24,9 @@
  "dependencies": {
    "@odit/class-validator-jsonschema": "2.1.1",
    "argon2": "^0.27.1",
+    "axios": "^0.21.1",
    "body-parser": "^1.19.0",
+    "check-password-strength": "^2.0.2",
    "class-transformer": "0.3.1",
    "class-validator": "^0.13.1",
    "consola": "^2.15.0",
@@ -37,10 +39,9 @@
    "jsonwebtoken": "^8.5.1",
    "libphonenumber-js": "^1.9.9",
    "mysql": "^2.18.1",
-    "nodemailer": "^6.4.17",
    "pg": "^8.5.1",
    "reflect-metadata": "^0.1.13",
-    "routing-controllers": "^0.9.0-alpha.6",
+    "routing-controllers": "0.9.0-alpha.6",
    "routing-controllers-openapi": "^2.2.0",
    "sqlite3": "5.0.0",
    "typeorm": "^0.2.30",
@@ -57,9 +58,7 @@
    "@types/jest": "^26.0.20",
    "@types/jsonwebtoken": "^8.5.0",
    "@types/node": "^14.14.22",
-    "@types/nodemailer": "^6.4.0",
    "@types/uuid": "^8.3.0",
-    "axios": "^0.21.1",
    "cp-cli": "^2.0.0",
    "jest": "^26.6.3",
    "nodemon": "^2.0.7",
--- a/scripts/create_testenv.ts
+++ b/scripts/create_testenv.ts
@@ -1,15 +1,8 @@
 import consola from "consola";
 import fs from "fs";
-import nodemailer from "nodemailer";


-nodemailer.createTestAccount((err, account) => {
-    if (err) {
-        console.error('Failed to create a testing account. ' + err.message);
-        return process.exit(1);
-    }
-
-    const env = `
+const env = `
 APP_PORT=4010
 DB_TYPE=sqlite
 DB_HOST=bla
@@ -17,21 +10,15 @@ DB_PORT=bla
 DB_USER=bla
 DB_PASSWORD=bla
 DB_NAME=./test.sqlite
-NODE_ENV=dev
+NODE_ENV=test
 POSTALCODE_COUNTRYCODE=DE
 SEED_TEST_DATA=true
-MAIL_SERVER=${account.smtp.host}
-MAIL_PORT=${account.smtp.port}
-MAIL_USER=${account.user}
-MAIL_PASSWORD=${account.pass}
-MAIL_FROM=${account.user}`
+MAILER_URL=https://dev.lauf-fuer-kaya.de/mailer
+MAILER_KEY=asdasd`;

-    try {
+try {
    fs.writeFileSync("./.env", env, { encoding: "utf-8" });
    consola.success("Exported ci env to .env");
-    } catch (error) {
+} catch (error) {
    consola.error("Couldn't export the ci env");
-    }
-
-});
-
+}
--- a/src/app.ts
+++ b/src/app.ts
@@ -20,6 +20,9 @@ const app = createExpressServer({

 async function main() {
  await loaders(app);
+  if (config.testing) {
+    consola.info("🛠[config]: Discovered testing env. Mailing errors will get ignored!")
+  }
  app.listen(config.internal_port, () => {
    consola.success(
      `⚡️[server]: Server is running at http://localhost:${config.internal_port}`
--- a/src/config.ts
+++ b/src/config.ts
@@ -6,19 +6,17 @@ configDotenv();
 export const config = {
    internal_port: parseInt(process.env.APP_PORT) || 4010,
    development: process.env.NODE_ENV === "production",
+    testing: process.env.NODE_ENV === "test",
    jwt_secret: process.env.JWT_SECRET || "secretjwtsecret",
    phone_validation_countrycode: getPhoneCodeLocale(),
    postalcode_validation_countrycode: getPostalCodeLocale(),
    version: process.env.VERSION || require('../package.json').version,
    seedTestData: getDataSeeding(),
    app_url: process.env.APP_URL || "http://localhost:8080",
-    mail_server: process.env.MAIL_SERVER,
-    mail_port: Number(process.env.MAIL_PORT) || 25,
-    mail_user: process.env.MAIL_USER,
-    mail_password: process.env.MAIL_PASSWORD,
-    mail_from: process.env.MAIL_FROM,
    privacy_url: process.env.PRIVACY_URL || "/privacy",
-    imprint_url: process.env.IMPRINT_URL || "/imprint"
+    imprint_url: process.env.IMPRINT_URL || "/imprint",
+    mailer_url: process.env.MAILER_URL || "",
+    mailer_key: process.env.MAILER_KEY || ""
 }
 let errors = 0
 if (typeof config.internal_port !== "number") {
@@ -27,6 +25,9 @@ if (typeof config.internal_port !== "number") {
 if (typeof config.development !== "boolean") {
    errors++
 }
+if (config.mailer_url == "" || config.mailer_key == "") {
+    errors++;
+}
 function getPhoneCodeLocale(): CountryCode {
    return (process.env.PHONE_COUNTRYCODE as CountryCode);
 }
--- a/src/controllers/AuthController.ts
+++ b/src/controllers/AuthController.ts
@@ -1,6 +1,7 @@
-import { Body, CookieParam, JsonController, Param, Post, Req, Res } from 'routing-controllers';
+import { Body, CookieParam, JsonController, Param, Post, QueryParam, Req, Res } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { IllegalJWTError, InvalidCredentialsError, JwtNotProvidedError, PasswordNeededError, RefreshTokenCountInvalidError, UsernameOrEmailNeededError } from '../errors/AuthError';
+import { MailSendingError } from '../errors/MailErrors';
 import { UserNotFoundError } from '../errors/UserErrors';
 import { Mailer } from '../mailer';
 import { CreateAuth } from '../models/actions/create/CreateAuth';
@@ -15,12 +16,6 @@ import { Logout } from '../models/responses/ResponseLogout';
@JsonController('/auth')
 export class AuthController {

-	private mailer: Mailer;
-
-	constructor() {
-		this.mailer = new Mailer();
-	}
-
 	@Post("/login")
 	@ResponseSchema(ResponseAuth)
 	@ResponseSchema(InvalidCredentialsError)
@@ -91,10 +86,11 @@ export class AuthController {
 	@ResponseSchema(ResponseEmpty, { statusCode: 200 })
 	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
 	@ResponseSchema(UsernameOrEmailNeededError, { statusCode: 406 })
+	@ResponseSchema(MailSendingError, { statusCode: 500 })
 	@OpenAPI({ description: "Request a password reset token. <br> This will provide you with a reset token that you can use by posting to /api/auth/reset/{token}." })
-	async getResetToken(@Body({ validate: true }) passwordReset: CreateResetToken) {
+	async getResetToken(@Body({ validate: true }) passwordReset: CreateResetToken, @QueryParam("locale") locale: string = "en") {
 		const reset_token: string = await passwordReset.toResetToken();
-		await this.mailer.sendResetMail(passwordReset.email, reset_token);
+		await Mailer.sendResetMail(passwordReset.email, reset_token, locale);
 		return new ResponseEmpty();
 	}

--- a/src/controllers/MailController.ts
+++ b/src/controllers/MailController.ts
@@ -1,26 +0,0 @@
-import { Authorized, JsonController, Post } from 'routing-controllers';
-import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { config } from '../config';
-import { Mailer } from '../mailer';
-import { ResponseEmpty } from '../models/responses/ResponseEmpty';
-
-
-@JsonController('/mails')
-@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
-export class MailController {
-
-	private mailer: Mailer;
-
-	constructor() {
-		this.mailer = new Mailer();
-	}
-
-	@Post('/test')
-	@Authorized(["MAIL:CREATE"])
-	@ResponseSchema(ResponseEmpty, { statusCode: 200 })
-	@OpenAPI({ description: 'Sends a test email to the configured from-address.' })
-	async get() {
-		await this.mailer.sendTestMail(config.mail_from);
-		return new ResponseEmpty();
-	}
-}
--- a/src/controllers/MeController.ts
+++ b/src/controllers/MeController.ts
@@ -1,7 +1,7 @@
 import { Body, CurrentUser, Delete, Get, JsonController, OnUndefined, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
-import { UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
+import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
 import { UpdateUser } from '../models/actions/update/UpdateUser';
 import { User } from '../models/entities/User';
 import { ResponseUser } from '../models/responses/ResponseUser';
@@ -32,7 +32,7 @@ export class MeController {
 		return new ResponseUser(user);
 	}

-	@Get('/')
+	@Get('/permissions')
 	@ResponseSchema(ResponseUserPermissions)
 	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
 	@OnUndefined(UserNotFoundError)
@@ -48,6 +48,10 @@ export class MeController {
 	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
 	@ResponseSchema(UserIdsNotMatchingError, { statusCode: 406 })
 	@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainUppercaseLetterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainLowercaseLetterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainNumberError, { statusCode: 406 })
+	@ResponseSchema(PasswordTooShortError, { statusCode: 406 })
 	@OpenAPI({ description: "Update the yourself. <br> You can't edit your own permissions or group memberships here - Please use the /api/users/:id enpoint instead. <br> Please remember that ids can't be changed." })
 	async put(@CurrentUser() currentUser: User, @Body({ validate: true }) updateUser: UpdateUser) {
 		let oldUser = await this.userRepository.findOne({ id: currentUser.id }, { relations: ['groups'] });
--- a/src/controllers/RunnerCardController.ts
+++ b/src/controllers/RunnerCardController.ts
@@ -28,7 +28,7 @@ export class RunnerCardController {
 	@OpenAPI({ description: 'Lists all card.' })
 	async getAll() {
 		let responseCards: ResponseRunnerCard[] = new Array<ResponseRunnerCard>();
-		const cards = await this.cardRepository.find({ relations: ['runner'] });
+		const cards = await this.cardRepository.find({ relations: ['runner', 'runner.group', 'runner.group.parentGroup'] });
 		cards.forEach(card => {
 			responseCards.push(new ResponseRunnerCard(card));
 		});
@@ -42,11 +42,35 @@ export class RunnerCardController {
 	@OnUndefined(RunnerCardNotFoundError)
 	@OpenAPI({ description: "Lists all information about the card whose id got provided." })
 	async getOne(@Param('id') id: number) {
-		let card = await this.cardRepository.findOne({ id: id }, { relations: ['runner'] });
+		let card = await this.cardRepository.findOne({ id: id }, { relations: ['runner', 'runner.group', 'runner.group.parentGroup'] });
 		if (!card) { throw new RunnerCardNotFoundError(); }
 		return card.toResponse();
 	}

+	@Post('/bulk')
+	@Authorized("CARD:CREATE")
+	@ResponseSchema(ResponseEmpty, { statusCode: 200 })
+	@OpenAPI({ description: "Create blank cards in bulk. <br> Just provide the count as a query param and wait for the 200 response. <br> You can provide the 'returnCards' query param if you want to receive the RESPONSERUNNERCARD objects in the response." })
+	async postBlancoBulk(@QueryParam("count") count: number, @QueryParam("returnCards") returnCards: boolean = false) {
+		let createPromises = new Array<any>();
+		for (let index = 0; index < count; index++) {
+			createPromises.push(this.cardRepository.save({ runner: null, enabled: true }))
+		}
+
+		const cards = await Promise.all(createPromises);
+
+		if (returnCards) {
+			let responseCards: ResponseRunnerCard[] = new Array<ResponseRunnerCard>();
+			cards.forEach(card => {
+				responseCards.push(new ResponseRunnerCard(card));
+			});
+			return responseCards;
+		}
+		let response = new ResponseEmpty();
+		response.response = `Created ${count} new blanco cards.`
+		return response;
+	}
+
 	@Post()
 	@Authorized("CARD:CREATE")
 	@ResponseSchema(ResponseRunnerCard)
@@ -55,7 +79,7 @@ export class RunnerCardController {
 	async post(@Body({ validate: true }) createCard: CreateRunnerCard) {
 		let card = await createCard.toEntity();
 		card = await this.cardRepository.save(card);
-		return (await this.cardRepository.findOne({ id: card.id }, { relations: ['runner'] })).toResponse();
+		return (await this.cardRepository.findOne({ id: card.id }, { relations: ['runner', 'runner.group', 'runner.group.parentGroup'] })).toResponse();
 	}

 	@Put('/:id')
@@ -77,7 +101,7 @@ export class RunnerCardController {
 		}

 		await this.cardRepository.save(await card.update(oldCard));
-		return (await this.cardRepository.findOne({ id: id }, { relations: ['runner'] })).toResponse();
+		return (await this.cardRepository.findOne({ id: id }, { relations: ['runner', 'runner.group', 'runner.group.parentGroup'] })).toResponse();
 	}

 	@Delete('/:id')
--- a/src/controllers/RunnerController.ts
+++ b/src/controllers/RunnerController.ts
@@ -32,7 +32,7 @@ export class RunnerController {
 	@OpenAPI({ description: 'Lists all runners from all teams/orgs. <br> This includes the runner\'s group and distance ran.' })
 	async getAll() {
 		let responseRunners: ResponseRunner[] = new Array<ResponseRunner>();
-		const runners = await this.runnerRepository.find({ relations: ['scans', 'group', 'scans.track', 'cards'] });
+		const runners = await this.runnerRepository.find({ relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards'] });
 		runners.forEach(runner => {
 			responseRunners.push(new ResponseRunner(runner));
 		});
@@ -46,7 +46,7 @@ export class RunnerController {
 	@OnUndefined(RunnerNotFoundError)
 	@OpenAPI({ description: 'Lists all information about the runner whose id got provided.' })
 	async getOne(@Param('id') id: number) {
-		let runner = await this.runnerRepository.findOne({ id: id }, { relations: ['scans', 'group', 'scans.track', 'cards'] })
+		let runner = await this.runnerRepository.findOne({ id: id }, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards'] })
 		if (!runner) { throw new RunnerNotFoundError(); }
 		return new ResponseRunner(runner);
 	}
@@ -91,7 +91,7 @@ export class RunnerController {
 		}

 		runner = await this.runnerRepository.save(runner)
-		return new ResponseRunner(await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'scans.track', 'cards'] }));
+		return new ResponseRunner(await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards'] }));
 	}

 	@Put('/:id')
@@ -112,7 +112,7 @@ export class RunnerController {
 		}

 		await this.runnerRepository.save(await runner.update(oldRunner));
-		return new ResponseRunner(await this.runnerRepository.findOne({ id: id }, { relations: ['scans', 'group', 'scans.track', 'cards'] }));
+		return new ResponseRunner(await this.runnerRepository.findOne({ id: id }, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards'] }));
 	}

 	@Delete('/:id')
@@ -125,7 +125,7 @@ export class RunnerController {
 	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
 		let runner = await this.runnerRepository.findOne({ id: id });
 		if (!runner) { return null; }
-		const responseRunner = await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'scans.track', 'cards'] });
+		const responseRunner = await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards'] });

 		if (!runner) {
 			throw new RunnerNotFoundError();
--- a/src/controllers/RunnerOrganizationController.ts
+++ b/src/controllers/RunnerOrganizationController.ts
@@ -58,8 +58,8 @@ export class RunnerOrganizationController {
 	async getRunners(@Param('id') id: number, @QueryParam('onlyDirect') onlyDirect: boolean) {
 		let responseRunners: ResponseRunner[] = new Array<ResponseRunner>();
 		let runners: Runner[];
-		if (!onlyDirect) { runners = (await this.runnerOrganizationRepository.findOne({ id: id }, { relations: ['runners', 'runners.group', 'runners.scans', 'runners.scans.track', 'teams', 'teams.runners', 'teams.runners.group', 'teams.runners.scans', 'teams.runners.scans.track'] })).allRunners; }
-		else { runners = (await this.runnerOrganizationRepository.findOne({ id: id }, { relations: ['runners', 'runners.group', 'runners.scans', 'runners.scans.track'] })).runners; }
+		if (!onlyDirect) { runners = (await this.runnerOrganizationRepository.findOne({ id: id }, { relations: ['runners', 'runners.group', 'runners.group.parentGroup', 'runners.scans', 'runners.scans.track', 'teams', 'teams.runners', 'teams.runners.group', 'teams.runners.group.parentGroup', 'teams.runners.scans', 'teams.runners.scans.track'] })).allRunners; }
+		else { runners = (await this.runnerOrganizationRepository.findOne({ id: id }, { relations: ['runners', 'runners.group', 'runners.group.parentGroup', 'runners.scans', 'runners.scans.track'] })).runners; }
 		runners.forEach(runner => {
 			responseRunners.push(new ResponseRunner(runner));
 		});
--- a/src/controllers/RunnerSelfServiceController.ts
+++ b/src/controllers/RunnerSelfServiceController.ts
@@ -1,24 +1,37 @@
+import { Request } from "express";
 import * as jwt from "jsonwebtoken";
-import { Body, Get, JsonController, OnUndefined, Param, Post } from 'routing-controllers';
+import { Body, Delete, Get, JsonController, OnUndefined, Param, Post, QueryParam, Req, UseBefore } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
 import { config } from '../config';
 import { InvalidCredentialsError, JwtNotProvidedError } from '../errors/AuthError';
-import { RunnerEmailNeededError, RunnerNotFoundError } from '../errors/RunnerErrors';
+import { MailSendingError } from '../errors/MailErrors';
+import { RunnerEmailNeededError, RunnerHasDistanceDonationsError, RunnerNotFoundError, RunnerSelfserviceTimeoutError } from '../errors/RunnerErrors';
 import { RunnerOrganizationNotFoundError } from '../errors/RunnerOrganizationErrors';
+import { ScanStationNotFoundError } from '../errors/ScanStationErrors';
 import { JwtCreator } from '../jwtcreator';
+import { Mailer } from '../mailer';
+import ScanAuth from '../middlewares/ScanAuth';
 import { CreateSelfServiceCitizenRunner } from '../models/actions/create/CreateSelfServiceCitizenRunner';
 import { CreateSelfServiceRunner } from '../models/actions/create/CreateSelfServiceRunner';
 import { Runner } from '../models/entities/Runner';
 import { RunnerGroup } from '../models/entities/RunnerGroup';
 import { RunnerOrganization } from '../models/entities/RunnerOrganization';
+import { ScanStation } from '../models/entities/ScanStation';
+import { ResponseEmpty } from '../models/responses/ResponseEmpty';
+import { ResponseScanStation } from '../models/responses/ResponseScanStation';
+import { ResponseSelfServiceOrganisation } from '../models/responses/ResponseSelfServiceOrganisation';
 import { ResponseSelfServiceRunner } from '../models/responses/ResponseSelfServiceRunner';
+import { ResponseSelfServiceScan } from '../models/responses/ResponseSelfServiceScan';
+import { DonationController } from './DonationController';
+import { RunnerCardController } from './RunnerCardController';
+import { ScanController } from './ScanController';

-
-@JsonController('/runners')
+@JsonController()
 export class RunnerSelfServiceController {
 	private runnerRepository: Repository<Runner>;
 	private orgRepository: Repository<RunnerOrganization>;
+	private stationRepository: Repository<ScanStation>;

 	/**
 	 * Gets the repository of this controller's model/entity.
@@ -26,18 +39,110 @@ export class RunnerSelfServiceController {
 	constructor() {
 		this.runnerRepository = getConnectionManager().get().getRepository(Runner);
 		this.orgRepository = getConnectionManager().get().getRepository(RunnerOrganization);
+		this.stationRepository = getConnectionManager().get().getRepository(ScanStation);
 	}

-	@Get('/me/:jwt')
+	@Get('/runners/me/:jwt')
 	@ResponseSchema(ResponseSelfServiceRunner)
 	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
 	@OnUndefined(RunnerNotFoundError)
-	@OpenAPI({ description: 'Lists all information about yourself. <br> Please provide your runner jwt(that code we gave you during registration) for auth. <br> If you lost your jwt/personalized link please contact support.' })
+	@OpenAPI({ description: 'Lists all information about yourself. <br> Please provide your runner jwt(that code we gave you during registration) for auth. <br> If you lost your jwt/personalized link please use the forgot endpoint.' })
 	async get(@Param('jwt') token: string) {
 		return (new ResponseSelfServiceRunner(await this.getRunner(token)));
 	}

-	@Post('/register')
+	@Delete('/runners/me/:jwt')
+	@ResponseSchema(ResponseSelfServiceRunner)
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+	@OnUndefined(RunnerNotFoundError)
+	@OpenAPI({ description: 'Deletes all information about yourself. <br> Please provide your runner jwt(that code we gave you during registration) for auth. <br> If you lost your jwt/personalized link please use the forgot endpoint.' })
+	async remove(@Param('jwt') token: string, @QueryParam("force") force: boolean) {
+		const responseRunner = await this.getRunner(token);
+		let runner = await this.runnerRepository.findOne({ id: responseRunner.id });
+
+		if (!runner) { return null; }
+		if (!runner) {
+			throw new RunnerNotFoundError();
+		}
+
+		const runnerDonations = (await this.runnerRepository.findOne({ id: runner.id }, { relations: ["distanceDonations"] })).distanceDonations;
+		if (runnerDonations.length > 0 && !force) {
+			throw new RunnerHasDistanceDonationsError();
+		}
+		const donationController = new DonationController();
+		for (let donation of runnerDonations) {
+			await donationController.remove(donation.id, force);
+		}
+
+		const runnerCards = (await this.runnerRepository.findOne({ id: runner.id }, { relations: ["cards"] })).cards;
+		const cardController = new RunnerCardController;
+		for (let card of runnerCards) {
+			await cardController.remove(card.id, force);
+		}
+
+		const runnerScans = (await this.runnerRepository.findOne({ id: runner.id }, { relations: ["scans"] })).scans;
+		const scanController = new ScanController;
+		for (let scan of runnerScans) {
+			await scanController.remove(scan.id, force);
+		}
+
+		await this.runnerRepository.delete(runner);
+		return new ResponseSelfServiceRunner(responseRunner);
+	}
+
+	@Get('/runners/me/:jwt/scans')
+	@ResponseSchema(ResponseSelfServiceScan, { isArray: true })
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+	@OnUndefined(RunnerNotFoundError)
+	@OpenAPI({ description: 'Lists all your (runner) scans. <br> Please provide your runner jwt(that code we gave you during registration) for auth. <br> If you lost your jwt/personalized link please contact support.' })
+	async getScans(@Param('jwt') token: string) {
+		const scans = (await this.getRunner(token)).scans;
+		let responseScans = new Array<ResponseSelfServiceScan>()
+		for (let scan of scans) {
+			responseScans.push(new ResponseSelfServiceScan(scan));
+		}
+		return responseScans;
+	}
+
+	@Get('/stations/me')
+	@UseBefore(ScanAuth)
+	@ResponseSchema(ResponseScanStation)
+	@ResponseSchema(ScanStationNotFoundError, { statusCode: 404 })
+	@OnUndefined(ScanStationNotFoundError)
+	@OpenAPI({ description: 'Lists basic information about the station whose token got provided. <br> This includes it\'s associated track.', security: [{ "StationApiToken": [] }] })
+	async getStationMe(@Req() req: Request) {
+		let scan = await this.stationRepository.findOne({ id: parseInt(req.headers["station_id"].toString()) }, { relations: ['track'] })
+		if (!scan) { throw new ScanStationNotFoundError(); }
+		return scan.toResponse();
+	}
+
+	@Post('/runners/forgot')
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+	@OnUndefined(ResponseEmpty)
+	@OpenAPI({ description: 'Use this endpoint to reuqest a new selfservice token/link to be sent to your mail address (rate limited to one mail every 24hrs).' })
+	async requestNewToken(@QueryParam('mail') mail: string) {
+		if (!mail) {
+			throw new RunnerNotFoundError();
+		}
+		const runner = await this.runnerRepository.findOne({ email: mail });
+		if (!runner) { throw new RunnerNotFoundError(); }
+
+		if (runner.resetRequestedTimestamp > (Math.floor(Date.now() / 1000) - 60 * 60 * 24)) { throw new RunnerSelfserviceTimeoutError(); }
+		const token = JwtCreator.createSelfService(runner);
+
+		try {
+			await Mailer.sendSelfserviceForgottenMail(runner.email, token, "en")
+		} catch (error) {
+			throw new MailSendingError();
+		}
+
+		runner.resetRequestedTimestamp = Math.floor(Date.now() / 1000);
+		await this.runnerRepository.save(runner);
+
+		return { token };
+	}
+
+	@Post('/runners/register')
 	@ResponseSchema(ResponseSelfServiceRunner)
 	@ResponseSchema(RunnerEmailNeededError, { statusCode: 406 })
 	@OpenAPI({ description: 'Create a new selfservice runner in the citizen org. <br> This endpoint shoud be used to allow "everyday citizen" to register themselves. <br> You have to provide a mail address, b/c the future we\'ll implement email verification.' })
@@ -47,10 +152,17 @@ export class RunnerSelfServiceController {
 		runner = await this.runnerRepository.save(runner);
 		let response = new ResponseSelfServiceRunner(await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards', 'distanceDonations', 'distanceDonations.donor', 'distanceDonations.runner', 'distanceDonations.runner.scans', 'distanceDonations.runner.scans.track'] }));
 		response.token = JwtCreator.createSelfService(runner);
+
+		try {
+			await Mailer.sendSelfserviceWelcomeMail(runner.email, response.token, "en")
+		} catch (error) {
+			throw new MailSendingError();
+		}
+
 		return response;
 	}

-	@Post('/register/:token')
+	@Post('/runners/register/:token')
 	@ResponseSchema(ResponseSelfServiceRunner)
 	@ResponseSchema(RunnerOrganizationNotFoundError, { statusCode: 404 })
 	@OpenAPI({ description: 'Create a new selfservice runner in a provided org. <br> The orgs get provided and authorized via api tokens that can be optained via the /organizations endpoint.' })
@@ -62,9 +174,27 @@ export class RunnerSelfServiceController {

 		let response = new ResponseSelfServiceRunner(await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards', 'distanceDonations', 'distanceDonations.donor', 'distanceDonations.runner', 'distanceDonations.runner.scans', 'distanceDonations.runner.scans.track'] }));
 		response.token = JwtCreator.createSelfService(runner);
+
+		try {
+			await Mailer.sendSelfserviceWelcomeMail(runner.email, response.token, "en")
+		} catch (error) {
+			throw new MailSendingError();
+		}
+
 		return response;
 	}

+	@Get('/organizations/selfservice/:token')
+	@ResponseSchema(ResponseSelfServiceOrganisation, { isArray: false })
+	@ResponseSchema(RunnerOrganizationNotFoundError, { statusCode: 404 })
+	@OpenAPI({ description: 'Get the basic info and teams for a org.' })
+	async getSelfserviceOrg(@Param('token') token: string) {
+		const orgid = (await this.getOrgansisation(token)).id;
+		const org = await this.orgRepository.findOne({ id: orgid }, { relations: ['teams'] })
+
+		return new ResponseSelfServiceOrganisation(<RunnerOrganization>org);
+	}
+
 	/**
 	 * Get's a runner by a provided jwt token.
 	 * @param token The runner jwt provided by the runner to identitfy themselves.
--- a/src/controllers/RunnerTeamController.ts
+++ b/src/controllers/RunnerTeamController.ts
@@ -55,7 +55,7 @@ export class RunnerTeamController {
 	@OpenAPI({ description: 'Lists all runners from this team. <br> This includes the runner\'s group and distance ran.' })
 	async getRunners(@Param('id') id: number) {
 		let responseRunners: ResponseRunner[] = new Array<ResponseRunner>();
-		const runners = (await this.runnerTeamRepository.findOne({ id: id }, { relations: ['runners', 'runners.group', 'runners.scans', 'runners.scans.track'] })).runners;
+		const runners = (await this.runnerTeamRepository.findOne({ id: id }, { relations: ['runners', 'runners.group', 'runners.group.parentGroup', 'runners.scans', 'runners.scans.track'] })).runners;
 		runners.forEach(runner => {
 			responseRunners.push(new ResponseRunner(runner));
 		});
--- a/src/controllers/ScanController.ts
+++ b/src/controllers/ScanController.ts
@@ -1,4 +1,5 @@
-import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam, UseBefore } from 'routing-controllers';
+import { Request } from "express";
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam, Req, UseBefore } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
 import { RunnerNotFoundError } from '../errors/RunnerErrors';
@@ -14,7 +15,6 @@ import { TrackScan } from '../models/entities/TrackScan';
 import { ResponseEmpty } from '../models/responses/ResponseEmpty';
 import { ResponseScan } from '../models/responses/ResponseScan';
 import { ResponseTrackScan } from '../models/responses/ResponseTrackScan';
-
@JsonController('/scans')
@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
 export class ScanController {
@@ -60,7 +60,7 @@ export class ScanController {
 	@UseBefore(ScanAuth)
 	@ResponseSchema(ResponseScan)
 	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
-	@OpenAPI({ description: 'Create a new scan (not track scan - use /scans/trackscans instead). <br> Please rmemember to provide the scan\'s runner\'s id and distance.', security: [{ "ScanApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+	@OpenAPI({ description: 'Create a new scan (not track scan - use /scans/trackscans instead). <br> Please rmemember to provide the scan\'s runner\'s id and distance.', security: [{ "StationApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
 	async post(@Body({ validate: true }) createScan: CreateScan) {
 		let scan = await createScan.toEntity();
 		scan = await this.scanRepository.save(scan);
@@ -71,8 +71,12 @@ export class ScanController {
 	@UseBefore(ScanAuth)
 	@ResponseSchema(ResponseTrackScan)
 	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
-	@OpenAPI({ description: 'Create a new track scan (for "normal" scans use /scans instead). <br> Please remember that to provide the scan\'s card\'s station\'s id.', security: [{ "ScanApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
-	async postTrackScans(@Body({ validate: true }) createScan: CreateTrackScan) {
+	@OpenAPI({ description: 'Create a new track scan (for "normal" scans use /scans instead). <br> Please remember that to provide the scan\'s card\'s station\'s id.', security: [{ "StationApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+	async postTrackScans(@Body({ validate: true }) createScan: CreateTrackScan, @Req() req: Request) {
+		const station_id = req.headers["station_id"];
+		if (station_id) {
+			createScan.station = parseInt(station_id.toString());
+		}
 		let scan = await createScan.toEntity();
 		scan = await this.trackScanRepository.save(scan);
 		return (await this.scanRepository.findOne({ id: scan.id }, { relations: ['runner', 'track', 'runner.scans', 'runner.group', 'runner.scans.track', 'card', 'station'] })).toResponse();
--- a/src/controllers/UserController.ts
+++ b/src/controllers/UserController.ts
@@ -1,7 +1,7 @@
 import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
-import { UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
+import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
 import { UserGroupNotFoundError } from '../errors/UserGroupErrors';
 import { CreateUser } from '../models/actions/create/CreateUser';
 import { UpdateUser } from '../models/actions/update/UpdateUser';
@@ -66,6 +66,10 @@ export class UserController {
 	@ResponseSchema(ResponseUser)
 	@ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
 	@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainUppercaseLetterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainLowercaseLetterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainNumberError, { statusCode: 406 })
+	@ResponseSchema(PasswordTooShortError, { statusCode: 406 })
 	@OpenAPI({ description: 'Create a new user. <br> If you want to grant permissions to the user you have to create them seperately by posting to /api/permissions after creating the user.' })
 	async post(@Body({ validate: true }) createUser: CreateUser) {
 		let user;
@@ -85,6 +89,10 @@ export class UserController {
 	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
 	@ResponseSchema(UserIdsNotMatchingError, { statusCode: 406 })
 	@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainUppercaseLetterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainLowercaseLetterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainNumberError, { statusCode: 406 })
+	@ResponseSchema(PasswordTooShortError, { statusCode: 406 })
 	@OpenAPI({ description: "Update the user whose id you provided. <br> To change the permissions directly granted to the user please use /api/permissions instead. <br> Please remember that ids can't be changed." })
 	async put(@Param('id') id: number, @Body({ validate: true }) updateUser: UpdateUser) {
 		let oldUser = await this.userRepository.findOne({ id: id });
--- a/src/controllers/UserGroupController.ts
+++ b/src/controllers/UserGroupController.ts
@@ -1,13 +1,13 @@
 import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
-import { EntityFromBody } from 'typeorm-routing-controllers-extensions';
 import { UserGroupIdsNotMatchingError, UserGroupNotFoundError } from '../errors/UserGroupErrors';
 import { CreateUserGroup } from '../models/actions/create/CreateUserGroup';
 import { UpdateUserGroup } from '../models/actions/update/UpdateUserGroup';
 import { UserGroup } from '../models/entities/UserGroup';
 import { ResponseEmpty } from '../models/responses/ResponseEmpty';
 import { ResponseUserGroup } from '../models/responses/ResponseUserGroup';
+import { ResponseUserGroupPermissions } from '../models/responses/ResponseUserGroupPermissions';
 import { PermissionController } from './PermissionController';


@@ -25,20 +25,37 @@ export class UserGroupController {

 	@Get()
 	@Authorized("USERGROUP:GET")
-	@ResponseSchema(UserGroup, { isArray: true })
+	@ResponseSchema(ResponseUserGroup, { isArray: true })
 	@OpenAPI({ description: 'Lists all groups. <br> The information provided might change while the project continues to evolve.' })
-	getAll() {
-		return this.userGroupsRepository.find({ relations: ["permissions"] });
+	async getAll() {
+		let responseGroups: ResponseUserGroup[] = new Array<ResponseUserGroup>();
+		const groups = await this.userGroupsRepository.find({ relations: ['permissions'] });
+		groups.forEach(group => {
+			responseGroups.push(group.toResponse());
+		});
+		return responseGroups;
 	}

 	@Get('/:id')
 	@Authorized("USERGROUP:GET")
-	@ResponseSchema(UserGroup)
+	@ResponseSchema(ResponseUserGroup)
 	@ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
 	@OnUndefined(UserGroupNotFoundError)
 	@OpenAPI({ description: 'Lists all information about the group whose id got provided. <br> The information provided might change while the project continues to evolve.' })
-	getOne(@Param('id') id: number) {
-		return this.userGroupsRepository.findOne({ id: id }, { relations: ["permissions"] });
+	async getOne(@Param('id') id: number) {
+		return await (await (this.userGroupsRepository.findOne({ id: id }, { relations: ["permissions"] }))).toResponse();
+	}
+
+	@Get('/:id/permissions')
+	@Authorized("USERGROUP:GET")
+	@ResponseSchema(ResponseUserGroupPermissions)
+	@ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
+	@OnUndefined(UserGroupNotFoundError)
+	@OpenAPI({ description: 'Lists all permissions granted to the group as permission response objects.' })
+	async getPermissions(@Param('id') id: number) {
+		let group = await this.userGroupsRepository.findOne({ id: id }, { relations: ['permissions', 'permissions.principal'] })
+		if (!group) { throw new UserGroupNotFoundError(); }
+		return new ResponseUserGroupPermissions(group);
 	}

 	@Post()
@@ -54,7 +71,8 @@ export class UserGroupController {
 			throw error;
 		}

-		return this.userGroupsRepository.save(userGroup);
+		userGroup = await this.userGroupsRepository.save(userGroup);
+		return (await (this.userGroupsRepository.findOne({ id: userGroup.id }, { relations: ["permissions"] }))).toResponse();
 	}

 	@Put('/:id')
@@ -63,7 +81,7 @@ export class UserGroupController {
 	@ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
 	@ResponseSchema(UserGroupIdsNotMatchingError, { statusCode: 406 })
 	@OpenAPI({ description: "Update the group whose id you provided. <br> To change the permissions granted to the group please use /api/permissions instead. <br> Please remember that ids can't be changed." })
-	async put(@Param('id') id: number, @EntityFromBody() updateGroup: UpdateUserGroup) {
+	async put(@Param('id') id: number, @Body({ validate: true }) updateGroup: UpdateUserGroup) {
 		let oldGroup = await this.userGroupsRepository.findOne({ id: id });

 		if (!oldGroup) {
@@ -75,7 +93,7 @@ export class UserGroupController {
 		}
 		await this.userGroupsRepository.save(await updateGroup.update(oldGroup));

-		return (await this.userGroupsRepository.findOne({ id: id }, { relations: ['permissions', 'groups'] })).toResponse();
+		return (await this.userGroupsRepository.findOne({ id: id }, { relations: ['permissions'] })).toResponse();
 	}

 	@Delete('/:id')
@@ -85,7 +103,7 @@ export class UserGroupController {
 	@OnUndefined(204)
 	@OpenAPI({ description: 'Delete the group whose id you provided. <br> If there are any permissions directly granted to the group they will get deleted as well. <br> Users associated with this group won\'t get deleted - just deassociated. <br> If no group with this id exists it will just return 204(no content).' })
 	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
-		let group = await this.userGroupsRepository.findOne({ id: id }, { relations: ["permissions"] });
+		let group = await this.userGroupsRepository.findOne({ id: id });
 		if (!group) { return null; }
 		const responseGroup = await this.userGroupsRepository.findOne({ id: id }, { relations: ['permissions'] });

--- a/src/errors/MailErrors.ts
+++ b/src/errors/MailErrors.ts
@@ -1,12 +1,17 @@
-import { IsString } from 'class-validator'
+import { IsString } from 'class-validator';
+import { InternalServerError } from 'routing-controllers';

 /**
 * Error to throw when a permission couldn't be found.
 */
-export class MailServerConfigError extends Error {
+export class MailSendingError extends InternalServerError {
    @IsString()
-    name = "MailServerConfigError"
+    name = "MailSendingError"

    @IsString()
-    message = "The SMTP server you provided couldn't be reached!"
+    message = "We had a problem sending the mail!"
+
+    constructor() {
+        super("We had a problem sending the mail!");
+    }
 }
--- a/src/errors/RunnerErrors.ts
+++ b/src/errors/RunnerErrors.ts
@@ -46,6 +46,17 @@ export class RunnerEmailNeededError extends NotAcceptableError {
 	message = "Citizenrunners have to provide an email address for verification and contacting."
 }

+/**
+ * Error to throw when a runner already requested a new selfservice link in the last 24hrs.
+ */
+export class RunnerSelfserviceTimeoutError extends NotAcceptableError {
+	@IsString()
+	name = "RunnerSelfserviceTimeoutError"
+
+	@IsString()
+	message = "You can only reqest a new token every 24hrs."
+}
+
 /**
 * Error to throw when a runner still has distance donations associated.
 */
--- a/src/errors/UserErrors.ts
+++ b/src/errors/UserErrors.ts
@@ -72,3 +72,32 @@ export class UserDeletionNotConfirmedError extends NotAcceptableError {
 	@IsString()
 	message = "You are trying to delete a user! \n If you're sure about doing this: provide the ?force=true query param."
 }
+
+export class PasswordMustContainUppercaseLetterError extends NotAcceptableError {
+	@IsString()
+	name = "PasswordMustContainUppercaseLetterError"
+
+	@IsString()
+	message = "Passwords must contain at least one uppercase letter."
+}
+export class PasswordMustContainLowercaseLetterError extends NotAcceptableError {
+	@IsString()
+	name = "PasswordMustContainLowercaseLetterError"
+
+	@IsString()
+	message = "Passwords must contain at least one lowercase letter."
+}
+export class PasswordMustContainNumberError extends NotAcceptableError {
+	@IsString()
+	name = "PasswordMustContainNumberError"
+
+	@IsString()
+	message = "Passwords must contain at least one number."
+}
+export class PasswordTooShortError extends NotAcceptableError {
+	@IsString()
+	name = "PasswordTooShortError"
+
+	@IsString()
+	message = "Passwords must be at least ten characters long."
+}
--- a/src/mailer.ts
+++ b/src/mailer.ts
@@ -1,79 +1,64 @@
-import fs from "fs";
-import nodemailer from 'nodemailer';
-import { MailOptions } from 'nodemailer/lib/json-transport';
-import Mail from 'nodemailer/lib/mailer';
+import axios from 'axios';
 import { config } from './config';
-import { MailServerConfigError } from './errors/MailErrors';
+import { MailSendingError } from './errors/MailErrors';

 /**
 * This class is responsible for all things mail sending.
- * This uses the mail emplates from src/static/mail_templates
+ * This uses axios to communicate with the mailer api (https://git.odit.services/lfk/mailer).
 */
 export class Mailer {
-    private transport: Mail;
+    public static base: string = config.mailer_url;
+    public static key: string = config.mailer_key;
+    public static testing: boolean = config.testing;

    /**
-     * The class's default constructor.
-     * Creates the transporter and tests the connection.
-     */
-    constructor() {
-        this.transport = nodemailer.createTransport({
-            host: config.mail_server,
-            port: config.mail_port,
-            auth: {
-                user: config.mail_user,
-                pass: config.mail_password
-            }
-        });
-
-        this.transport.verify(function (error, success) {
-            if (error) {
-                throw new MailServerConfigError();
-            }
-        });
-    }
-
-    /**
-     * Function for sending a test mail from the test mail template.
+     * Function for sending a password reset mail.
     * @param to_address The address the mail will be sent to. Should always get pulled from a user object.
     * @param token The requested password reset token - will be combined with the app_url to generate a password reset link.
     */
-    public async sendResetMail(to_address: string, token: string) {
-        const reset_link = `${config.app_url}/reset/${(Buffer.from(token)).toString("base64")}`
-        const body_html = fs.readFileSync(__dirname + '/static/mail_templates/pw-reset.html', { encoding: 'utf8' }).replace("{{reset_link}}", reset_link).replace("{{recipient_mail}}", to_address).replace("{{copyright_owner}}", "LfK!").replace("{{link_imprint}}", `${config.app_url}/imprint`).replace("{{link_privacy}}", `${config.app_url}/privacy`);
-        const body_txt = fs.readFileSync(__dirname + '/static/mail_templates/pw-reset.html', { encoding: 'utf8' }).replace("{{reset_link}}", reset_link).replace("{{recipient_mail}}", to_address).replace("{{copyright_owner}}", "LfK!").replace("{{link_imprint}}", `${config.app_url}/imprint`).replace("{{link_privacy}}", `${config.app_url}/privacy`);
-
-        const mail: MailOptions = {
-            to: to_address,
-            subject: "LfK! Password Reset",
-            text: body_txt,
-            html: body_html
-        };
-        await this.sendMail(mail);
+    public static async sendResetMail(to_address: string, token: string, locale: string = "en") {
+        try {
+            await axios.post(`${Mailer.base}/reset?locale=${locale}&key=${Mailer.key}`, {
+                address: to_address,
+                resetKey: token
+            });
+        } catch (error) {
+            if (Mailer.testing) { return true; }
+            throw new MailSendingError();
+        }
    }

    /**
-     * Function for sending a test mail from the test mail template.
-     * @param to_address The address the test mail will be sent to - this is the configured from-address by default.
+     * Function for sending a runner selfservice welcome mail.
+     * @param to_address The address the mail will be sent to. Should always get pulled from a runner object.
+     * @param token The requested selfservice token - will be combined with the app_url to generate a selfservice profile link.
     */
-    public async sendTestMail(to_address: string = config.mail_from) {
-        const body_html = fs.readFileSync(__dirname + '/static/mail_templates/test.html', { encoding: 'utf8' }).replace("{{recipient_mail}}", to_address).replace("{{copyright_owner}}", "LfK!").replace("{{link_imprint}}", `${config.app_url}/imprint`).replace("{{link_privacy}}", `${config.app_url}/privacy`);
-        const body_txt = fs.readFileSync(__dirname + '/static/mail_templates/test.txt', { encoding: 'utf8' }).replace("{{recipient_mail}}", to_address).replace("{{copyright_owner}}", "LfK!").replace("{{link_imprint}}", `${config.app_url}/imprint`).replace("{{link_privacy}}", `${config.app_url}/privacy`);
-        const mail: MailOptions = {
-            to: to_address,
-            subject: "LfK! Test Mail",
-            text: body_txt,
-            html: body_html
-        };
-        await this.sendMail(mail);
+    public static async sendSelfserviceWelcomeMail(to_address: string, token: string, locale: string = "en") {
+        try {
+            await axios.post(`${Mailer.base}/registration?locale=${locale}&key=${Mailer.key}`, {
+                address: to_address,
+                selfserviceToken: token
+            });
+        } catch (error) {
+            if (Mailer.testing) { return true; }
+            throw new MailSendingError();
+        }
    }

    /**
-     * Wrapper function for sending a mail via this object's transporter.
-     * @param mail MailOptions object containing the 
+     * Function for sending a runner selfservice link forgotten mail.
+     * @param to_address The address the mail will be sent to. Should always get pulled from a runner object.
+     * @param token The requested selfservice token - will be combined with the app_url to generate a selfservice profile link.
     */
-    public async sendMail(mail: MailOptions) {
-        mail.from = config.mail_from;
-        await this.transport.sendMail(mail);
+    public static async sendSelfserviceForgottenMail(to_address: string, token: string, locale: string = "en") {
+        try {
+            await axios.post(`${Mailer.base}/registration_forgot?locale=${locale}&key=${Mailer.key}`, {
+                address: to_address,
+                selfserviceToken: token
+            });
+        } catch (error) {
+            if (Mailer.testing) { return true; }
+            throw new MailSendingError();
+        }
    }
 }
--- a/src/middlewares/ScanAuth.ts
+++ b/src/middlewares/ScanAuth.ts
@@ -15,14 +15,14 @@ import authchecker from './authchecker';
 const ScanAuth = async (req: Request, res: Response, next: () => void) => {
    let provided_token: string = req.headers["authorization"];
    if (provided_token == "" || provided_token === undefined || provided_token === null) {
-        res.status(401).send("No api token provided.");
+        res.status(401).send({ http_code: 401, short: "no_token", message: "No api token provided." });
        return;
    }

    try {
        provided_token = provided_token.replace("Bearer ", "");
    } catch (error) {
-        res.status(401).send("No valid jwt or api token provided.");
+        res.status(401).send({ http_code: 401, short: "no_token", message: "No valid jwt or api token provided." });
        return;
    }

@@ -32,7 +32,7 @@ const ScanAuth = async (req: Request, res: Response, next: () => void) => {
    }
    finally {
        if (prefix == "" || prefix == undefined || prefix == null) {
-            res.status(401).send("Api token non-existent or invalid syntax.");
+            res.status(401).send({ http_code: 401, short: "invalid_token", message: "Api token non-existent or invalid syntax." });
            return;
        }
    }
@@ -46,7 +46,7 @@ const ScanAuth = async (req: Request, res: Response, next: () => void) => {
        }
        finally {
            if (user_authorized == false) {
-                res.status(401).send("Api token non-existent or invalid syntax.");
+                res.status(401).send({ http_code: 401, short: "invalid_token", message: "Api token non-existent or invalid syntax." });
                return;
            }
            else {
@@ -56,13 +56,13 @@ const ScanAuth = async (req: Request, res: Response, next: () => void) => {
    }
    else {
        if (station.enabled == false) {
-            res.status(401).send("Station disabled.");
+            res.status(401).send({ http_code: 401, short: "station_disabled", message: "Station is disabled." });
        }
        if (!(await argon2.verify(station.key, provided_token))) {
-            res.status(401).send("Api token invalid.");
+            res.status(401).send({ http_code: 401, short: "invalid_token", message: "Api token non-existent or invalid syntax." });
            return;
        }
-
+        req.headers["station_id"] = station.id.toString();
        next();
    }
 }
--- a/src/models/actions/create/CreateTrackScan.ts
+++ b/src/models/actions/create/CreateTrackScan.ts
@@ -1,4 +1,5 @@
-import { IsInt, IsPositive } from 'class-validator';
+import { IsInt, IsOptional, IsPositive } from 'class-validator';
+import { BadRequestError } from 'routing-controllers';
 import { getConnection } from 'typeorm';
 import { RunnerCardNotFoundError } from '../../../errors/RunnerCardErrors';
 import { RunnerNotFoundError } from '../../../errors/RunnerErrors';
@@ -22,10 +23,12 @@ export class CreateTrackScan {
    /**
     * The scanning station's id that created the scan.
     * Mainly used for logging and traceing back scans (or errors).
+     * You don't have to provide the station if you're authenticateing via a scanstation token (The server takes care of it for you).
     */
    @IsInt()
    @IsPositive()
-    station: number;
+    @IsOptional()
+    station?: number;

    /**
     * Creates a new Track entity from this.
@@ -44,11 +47,15 @@ export class CreateTrackScan {
        }

        newScan.timestamp = Math.round(new Date().getTime() / 1000);
-        newScan.valid = await this.validateScan(newScan);
+        newScan = await this.validateScan(newScan);

        return newScan;
    }

+    /**
+     * Get's a runnerCard entity via the provided id.
+     * @returns The runnerCard whom's id you provided.
+     */
    public async getCard(): Promise<RunnerCard> {
        const track = await getConnection().getRepository(RunnerCard).findOne({ id: this.card }, { relations: ["runner"] });
        if (!track) {
@@ -57,7 +64,14 @@ export class CreateTrackScan {
        return track;
    }

+    /**
+     * Get's a scanstation entity via the provided id.
+     * @returns The scanstation whom's id you provided.
+     */
    public async getStation(): Promise<ScanStation> {
+        if (!this.station) {
+            throw new BadRequestError("You are missing the station's id!")
+        }
        const station = await getConnection().getRepository(ScanStation).findOne({ id: this.station }, { relations: ["track"] });
        if (!station) {
            throw new ScanStationNotFoundError();
@@ -65,15 +79,22 @@ export class CreateTrackScan {
        return station;
    }

-    public async validateScan(scan: TrackScan): Promise<boolean> {
+    /**
+     * Validates the scan and sets it's lap time;
+     * @param scan The scan you want to validate
+     * @returns The validated scan with it's laptime set.
+     */
+    public async validateScan(scan: TrackScan): Promise<TrackScan> {
        const scans = await getConnection().getRepository(TrackScan).find({ where: { runner: scan.runner, valid: true }, relations: ["track"] });
-        if (scans.length == 0) { return true; }
-
-        const newestScan = scans[scans.length - 1];
-        if ((scan.timestamp - newestScan.timestamp) > scan.track.minimumLapTime) {
-            return true;
+        if (scans.length == 0) {
+            scan.lapTime = 0;
+            scan.valid = true;
        }
-
-        return false;
+        else {
+            const newestScan = scans[scans.length - 1];
+            scan.lapTime = scan.timestamp - newestScan.timestamp;
+            scan.valid = (scan.lapTime > scan.track.minimumLapTime);
+        }
+        return scan;
    }
 }
--- a/src/models/actions/create/CreateUser.ts
+++ b/src/models/actions/create/CreateUser.ts
@@ -1,9 +1,10 @@
 import * as argon2 from "argon2";
+import { passwordStrength } from "check-password-strength";
 import { IsBoolean, IsEmail, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator';
 import { getConnectionManager } from 'typeorm';
 import * as uuid from 'uuid';
 import { config } from '../../../config';
-import { UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
+import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
 import { UserGroupNotFoundError } from '../../../errors/UserGroupErrors';
 import { User } from '../../entities/User';
 import { UserGroup } from '../../entities/UserGroup';
@@ -94,7 +95,13 @@ export class CreateUser {
        if (!this.email) {
            throw new UserEmailNeededError();
        }
-        if (this.username.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }
+        if (this.username?.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }
+
+        let password_strength = passwordStrength(this.password);
+        if (!password_strength.contains.includes("uppercase")) { throw new PasswordMustContainUppercaseLetterError(); }
+        if (!password_strength.contains.includes("lowercase")) { throw new PasswordMustContainLowercaseLetterError(); }
+        if (!password_strength.contains.includes("number")) { throw new PasswordMustContainNumberError(); }
+        if (!(password_strength.length > 9)) { throw new PasswordTooShortError(); }

        newUser.email = this.email
        newUser.username = this.username
--- a/src/models/actions/update/UpdateTrackScan.ts
+++ b/src/models/actions/update/UpdateTrackScan.ts
@@ -1,9 +1,9 @@
 import { IsBoolean, IsInt, IsOptional, IsPositive } from 'class-validator';
 import { getConnection } from 'typeorm';
 import { RunnerNotFoundError } from '../../../errors/RunnerErrors';
-import { ScanStationNotFoundError } from '../../../errors/ScanStationErrors';
+import { TrackNotFoundError } from '../../../errors/TrackErrors';
 import { Runner } from '../../entities/Runner';
-import { ScanStation } from '../../entities/ScanStation';
+import { Track } from '../../entities/Track';
 import { TrackScan } from '../../entities/TrackScan';

 /**
@@ -38,7 +38,7 @@ export abstract class UpdateTrackScan {
     */
    @IsInt()
    @IsPositive()
-    public station: number;
+    public track: number;

    /**
     * Update a TrackScan entity based on this.
@@ -47,8 +47,7 @@ export abstract class UpdateTrackScan {
    public async update(scan: TrackScan): Promise<TrackScan> {
        scan.valid = this.valid;
        scan.runner = await this.getRunner();
-        scan.station = await this.getStation();
-        scan.track = scan.station.track;
+        scan.track = await this.getTrack();

        return scan;
    }
@@ -67,11 +66,11 @@ export abstract class UpdateTrackScan {
    /**
     * Gets a runner based on the runner id provided via this.runner.
     */
-    public async getStation(): Promise<ScanStation> {
-        const station = await getConnection().getRepository(ScanStation).findOne({ id: this.station }, { relations: ['track'] });
-        if (!station) {
-            throw new ScanStationNotFoundError();
+    public async getTrack(): Promise<Track> {
+        const track = await getConnection().getRepository(Track).findOne({ id: this.track });
+        if (!track) {
+            throw new TrackNotFoundError();
        }
-        return station;
+        return track;
    }
 }
--- a/src/models/actions/update/UpdateUser.ts
+++ b/src/models/actions/update/UpdateUser.ts
@@ -1,12 +1,14 @@
 import * as argon2 from "argon2";
+import { passwordStrength } from "check-password-strength";
 import { IsBoolean, IsEmail, IsInt, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator';
 import { getConnectionManager } from 'typeorm';
 import { config } from '../../../config';
-import { UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
+import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
 import { UserGroupNotFoundError } from '../../../errors/UserGroupErrors';
 import { User } from '../../entities/User';
 import { UserGroup } from '../../entities/UserGroup';

+
 /**
 * This class is used to update a User entity (via put request).
 */
@@ -104,6 +106,11 @@ export class UpdateUser {
        if (this.username.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }

        if (this.password) {
+            let password_strength = passwordStrength(this.password);
+            if (!password_strength.contains.includes("uppercase")) { throw new PasswordMustContainUppercaseLetterError(); }
+            if (!password_strength.contains.includes("lowercase")) { throw new PasswordMustContainLowercaseLetterError(); }
+            if (!password_strength.contains.includes("number")) { throw new PasswordMustContainNumberError(); }
+            if (!(password_strength.length > 9)) { throw new PasswordTooShortError(); }
            user.password = await argon2.hash(this.password + user.uuid);
            user.refreshTokenCount = user.refreshTokenCount + 1;
        }
--- a/src/models/entities/Runner.ts
+++ b/src/models/entities/Runner.ts
@@ -1,5 +1,5 @@
-import { IsInt, IsNotEmpty } from "class-validator";
-import { ChildEntity, ManyToOne, OneToMany } from "typeorm";
+import { IsInt, IsNotEmpty, IsOptional, IsString } from "class-validator";
+import { ChildEntity, Column, ManyToOne, OneToMany } from "typeorm";
 import { ResponseRunner } from '../responses/ResponseRunner';
 import { DistanceDonation } from "./DistanceDonation";
 import { Participant } from "./Participant";
@@ -43,6 +43,15 @@ export class Runner extends Participant {
  @OneToMany(() => Scan, scan => scan.runner, { nullable: true })
  scans: Scan[];

+  /**
+  * The last time the runner requested a selfservice link.
+  * Used to prevent spamming of the selfservice link forgotten route.
+  */
+  @Column({ nullable: true, unique: false })
+  @IsString()
+  @IsOptional()
+  resetRequestedTimestamp?: number;
+
  /**
   * Returns all valid scans associated with this runner.
   * This is implemented here to avoid duplicate code in other files.
--- a/src/models/entities/TrackScan.ts
+++ b/src/models/entities/TrackScan.ts
@@ -2,6 +2,8 @@ import {
  IsInt,
  IsNotEmpty,

+  IsNumber,
+
  IsPositive
 } from "class-validator";
 import { ChildEntity, Column, ManyToOne } from "typeorm";
@@ -59,6 +61,14 @@ export class TrackScan extends Scan {
  @IsInt()
  timestamp: number;

+  /**
+   * The scan's lap time.
+   * This simply get's calculated from the last lap time;
+   */
+  @Column()
+  @IsNumber()
+  lapTime: number;
+
  /**
   * Turns this entity into it's response class.
   */
--- a/src/models/enums/ResponseObjectType.ts
+++ b/src/models/enums/ResponseObjectType.ts
@@ -21,6 +21,10 @@ export enum ResponseObjectType {
    SCANSTATION = 'SCANSTATION',
    SELFSERVICEDONATION = 'SELFSERVICEDONATION',
    SELFSERVICERUNNER = 'SELFSERVICRUNNER',
+    SELFSERVICESCAN = 'SELFSERVICESCAN',
+    SELFSERVICETRACKSCAN = 'SELFSERVICETRACKSCAN',
+    SELFSERVICETEAM = 'SELFSERVICETEAM',
+    SELFSERVICEORGANIZATION = 'SELFSERVICEORGANIZATION',
    STATS = 'STATS',
    STATSCLIENT = 'STATSCLIENT',
    STATSORGANIZATION = 'STATSORGANIZATION',
--- a/src/models/responses/ResponseSelfServiceOrganisation.ts
+++ b/src/models/responses/ResponseSelfServiceOrganisation.ts
@@ -0,0 +1,38 @@
+import { IsArray, IsNotEmpty, IsString } from 'class-validator';
+import { RunnerOrganization } from '../entities/RunnerOrganization';
+import { ResponseObjectType } from '../enums/ResponseObjectType';
+import { IResponse } from './IResponse';
+import { ResponseSelfServiceTeam } from './ResponseSelfServiceTeam';
+
+/**
+ * Defines the runner selfservice organization response.
+ * Why? B/C runner's are not allowed to view all information available to admin users.
+*/
+export class ResponseSelfServiceOrganisation implements IResponse {
+    /**
+    * The responseType.
+    * This contains the type of class/entity this response contains.
+    */
+    responseType: ResponseObjectType = ResponseObjectType.SELFSERVICEORGANIZATION;
+
+    /**
+     * The org's name.
+     */
+    @IsNotEmpty()
+    @IsString()
+    name: string;
+
+    /**
+     * The org's teams (just containing name and id).
+     */
+    @IsArray()
+    teams: ResponseSelfServiceTeam[];
+
+    public constructor(org: RunnerOrganization) {
+        this.name = org.name;
+        this.teams = new Array<ResponseSelfServiceTeam>();
+        for (let team of org.teams) {
+            this.teams.push(new ResponseSelfServiceTeam(team));
+        }
+    }
+}
--- a/src/models/responses/ResponseSelfServiceScan.ts
+++ b/src/models/responses/ResponseSelfServiceScan.ts
@@ -0,0 +1,57 @@
+import { IsBoolean, IsInt, IsNotEmpty, IsPositive } from "class-validator";
+import { Scan } from '../entities/Scan';
+import { TrackScan } from '../entities/TrackScan';
+import { ResponseObjectType } from '../enums/ResponseObjectType';
+import { IResponse } from './IResponse';
+
+/**
+ * Defines the scan selfservice response.
+*/
+export class ResponseSelfServiceScan implements IResponse {
+    /**
+    * The responseType.
+    * This contains the type of class/entity this response contains.
+    */
+    responseType: ResponseObjectType = ResponseObjectType.SELFSERVICESCAN;
+
+    /**
+     * The scans's id (for sorting).
+     */
+    @IsInt()
+    id: number;
+
+    /**
+     * Is the scan valid (for fraud reasons).
+     * The determination of validity will work differently for every child class.
+     */
+    @IsBoolean()
+    valid: boolean = true;
+
+    /**
+     * The scans's length/distance in meters.
+     */
+    @IsInt()
+    @IsPositive()
+    distance: number;
+
+    /**
+     * The scans's lap time (0 if non is availdable).
+     */
+    @IsInt()
+    @IsNotEmpty()
+    lapTime: number = 0;
+
+    /**
+     * Creates a ResponseScan object from a scan.
+     * @param scan The scan the response shall be build for.
+     */
+    public constructor(scan: Scan | TrackScan) {
+        this.id = scan.id;
+        this.distance = scan.distance;
+        this.valid = scan.valid;
+        if (scan instanceof TrackScan) {
+            this.lapTime = scan.lapTime;
+            this.responseType = ResponseObjectType.SELFSERVICETRACKSCAN;
+        }
+    }
+}
--- a/src/models/responses/ResponseSelfServiceTeam.ts
+++ b/src/models/responses/ResponseSelfServiceTeam.ts
@@ -0,0 +1,36 @@
+import { IsInt, IsNotEmpty, IsPositive, IsString } from 'class-validator';
+import { RunnerTeam } from '../entities/RunnerTeam';
+import { ResponseObjectType } from '../enums/ResponseObjectType';
+import { IResponse } from './IResponse';
+
+/**
+ * Defines the runner selfservice team response.
+ * Why? B/C runner's are not allowed to view all information available to admin users.
+*/
+export class ResponseSelfServiceTeam implements IResponse {
+    /**
+    * The responseType.
+    * This contains the type of class/entity this response contains.
+    */
+    responseType: ResponseObjectType = ResponseObjectType.SELFSERVICETEAM;
+
+    /**
+     * The team's name.
+     */
+    @IsNotEmpty()
+    @IsString()
+    name: string;
+
+    /**
+     * The team's id.
+     * Will be used to insert runners it into that team.
+     */
+    @IsInt()
+    @IsPositive()
+    id: number;
+
+    public constructor(team: RunnerTeam) {
+        this.name = team.name;
+        this.id = team.id;
+    }
+}
--- a/src/models/responses/ResponseTrackScan.ts
+++ b/src/models/responses/ResponseTrackScan.ts
@@ -1,4 +1,4 @@
-import { IsDateString, IsNotEmpty } from "class-validator";
+import { IsDateString, IsNotEmpty, IsNumber } from "class-validator";
 import { TrackScan } from '../entities/TrackScan';
 import { ResponseObjectType } from '../enums/ResponseObjectType';
 import { IResponse } from './IResponse';
@@ -42,6 +42,13 @@ export class ResponseTrackScan extends ResponseScan implements IResponse {
    @IsNotEmpty()
    timestamp: number;

+    /**
+   * The scan's lap time.
+   * This simply get's calculated from the last lap time;
+   */
+    @IsNumber()
+    lapTime: number;
+
    /**
     * Creates a ResponseTrackScan object from a scan.
     * @param scan The trackSscan the response shall be build for.
@@ -53,5 +60,6 @@ export class ResponseTrackScan extends ResponseScan implements IResponse {
        if (scan.station) { scan.station.toResponse(); }
        this.timestamp = scan.timestamp;
        this.distance = scan.distance;
+        this.lapTime = scan.lapTime;
    }
 }
--- a/src/models/responses/ResponseUserGroup.ts
+++ b/src/models/responses/ResponseUserGroup.ts
@@ -2,7 +2,6 @@ import { IsArray, IsNotEmpty, IsOptional, IsString } from "class-validator";
 import { UserGroup } from '../entities/UserGroup';
 import { ResponseObjectType } from '../enums/ResponseObjectType';
 import { IResponse } from './IResponse';
-import { ResponsePermission } from './ResponsePermission';
 import { ResponsePrincipal } from './ResponsePrincipal';

 /**
@@ -34,7 +33,7 @@ export class ResponseUserGroup extends ResponsePrincipal implements IResponse {
     */
    @IsArray()
    @IsOptional()
-    permissions: ResponsePermission[];
+    permissions: string[] = new Array<string>();

    /**
     * Creates a ResponseUserGroup object from a userGroup.
@@ -46,7 +45,7 @@ export class ResponseUserGroup extends ResponsePrincipal implements IResponse {
        this.description = group.description;
        if (group.permissions) {
            for (let permission of group.permissions) {
-                this.permissions.push(permission.toResponse());
+                this.permissions.push(permission.toString());
            }
        }
    }
--- a/src/models/responses/ResponseUserGroupPermissions.ts
+++ b/src/models/responses/ResponseUserGroupPermissions.ts
@@ -0,0 +1,43 @@
+import {
+    IsArray,
+    IsOptional
+} from "class-validator";
+import { UserGroup } from '../entities/UserGroup';
+import { ResponseObjectType } from '../enums/ResponseObjectType';
+import { IResponse } from './IResponse';
+import { ResponsePermission } from './ResponsePermission';
+
+/**
+ * Defines the group permission response (get /api/groups/:id/permissions).
+*/
+export class ResponseUserGroupPermissions implements IResponse {
+    /**
+    * The responseType.
+    * This contains the type of class/entity this response contains.
+    */
+    responseType: ResponseObjectType = ResponseObjectType.USERPERMISSIONS;
+
+    /**
+     * The permissions directly granted to the group.
+     */
+    @IsArray()
+    @IsOptional()
+    directlyGranted: ResponsePermission[] = new Array<ResponsePermission>();
+
+    /**
+     * Is just here for compatability.
+     */
+    @IsArray()
+    @IsOptional()
+    inherited: ResponsePermission[] = new Array<ResponsePermission>();
+
+    /**
+     * Creates a ResponseUserPermissions object from a group.
+     * @param group The group the response shall be build for.
+     */
+    public constructor(group: UserGroup) {
+        for (let permission of group.permissions) {
+            this.directlyGranted.push(permission.toResponse());
+        }
+    }
+}
--- a/src/seeds/SeedUsers.ts
+++ b/src/seeds/SeedUsers.ts
@@ -1,14 +1,14 @@
+import * as argon2 from "argon2";
 import { Connection } from 'typeorm';
 import { Factory, Seeder } from 'typeorm-seeding';
+import * as uuid from 'uuid';
 import { CreatePermission } from '../models/actions/create/CreatePermission';
-import { CreateUser } from '../models/actions/create/CreateUser';
 import { CreateUserGroup } from '../models/actions/create/CreateUserGroup';
 import { Permission } from '../models/entities/Permission';
 import { User } from '../models/entities/User';
 import { UserGroup } from '../models/entities/UserGroup';
 import { PermissionAction } from '../models/enums/PermissionAction';
 import { PermissionTarget } from '../models/enums/PermissionTargets';
-
 /**
 * Seeds a admin group with a demo user into the database for initial setup and auto recovery.
 * We know that the nameing isn't perfectly fitting. Feel free to change it.
@@ -16,7 +16,7 @@ import { PermissionTarget } from '../models/enums/PermissionTargets';
 export default class SeedUsers implements Seeder {
    public async run(factory: Factory, connection: Connection): Promise<any> {
        let adminGroup: UserGroup = await this.createAdminGroup(connection);
-        await this.createUser(connection, adminGroup.id);
+        await this.createUser(connection, adminGroup);
        await this.createPermissions(connection, adminGroup.id);
    }

@@ -27,15 +27,16 @@ export default class SeedUsers implements Seeder {
        return await connection.getRepository(UserGroup).save(await adminGroup.toEntity());
    }

-    public async createUser(connection: Connection, group: number) {
-        let initialUser = new CreateUser();
+    public async createUser(connection: Connection, group: UserGroup) {
+        let initialUser = new User();
        initialUser.firstname = "demo";
        initialUser.lastname = "demo";
        initialUser.username = "demo";
-        initialUser.password = "demo";
+        initialUser.uuid = uuid.v4();
+        initialUser.password = await argon2.hash("demo" + initialUser.uuid);
        initialUser.email = "demo@dev.lauf-fuer-kaya.de"
-        initialUser.groups = group;
-        return await connection.getRepository(User).save(await initialUser.toEntity());
+        initialUser.groups = [group];
+        return await connection.getRepository(User).save(initialUser);
    }

    public async createPermissions(connection: Connection, principal: number) {
--- a/src/static/mail_templates/.gitkeep
+++ b/src/static/mail_templates/.gitkeep
--- a/src/static/mail_templates/pw-reset.html
+++ b/src/static/mail_templates/pw-reset.html
@@ -1,384 +0,0 @@
-
-<!DOCTYPE html>
-<html lang="de" xmlns="http://www.w3.org/1999/xhtml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:v="urn:schemas-microsoft-com:vml">
-<head>
-    <title>LfK! - Passwort zurücksetzen</title> <!-- The title tag shows in email notifications, like Android 4.4. -->
-    <meta charset="utf-8"> <!-- utf-8 works for most cases -->
-    <meta http-equiv="Content-Type" content="text/html charset=UTF-8" />
-    <meta name="viewport" content="width=device-width"> <!-- Forcing initial-scale shouldn't be necessary -->
-    <meta http-equiv="X-UA-Compatible" content="IE=edge"> <!-- Use the latest (edge) version of IE rendering engine -->
-    <meta name="x-apple-disable-message-reformatting"> <!-- Disable auto-scale in iOS 10 Mail entirely -->
-    <meta name="format-detection" content="telephone=no,address=no,email=no,date=no,url=no"> <!-- Tell iOS not to automatically link certain text strings. -->
-
-    <!-- CSS Reset : BEGIN -->
-    <style>
-        /* What it does: Remove spaces around the email design added by some email clients. */
-        /* Beware: It can remove the padding / margin and add a background color to the compose a reply window. */
-        html,
-        body {
-            margin: 0 auto !important;
-            padding: 0 !important;
-            height: 100% !important;
-            width: 100% !important;
-        }
-
-        /* What it does: Stops email clients resizing small text. */
-        * {
-            -ms-text-size-adjust: 100%;
-            -webkit-text-size-adjust: 100%;
-        }
-
-        /* What it does: Centers email on Android 4.4 */
-        div[style*="margin: 16px 0"] {
-            margin:0 !important;
-        }
-
-        /* What it does: Stops Outlook from adding extra spacing to tables. */
-        table,
-        td {
-            mso-table-lspace: 0pt !important;
-            mso-table-rspace: 0pt !important;
-        }
-
-        /* What it does: Fixes webkit padding issue. */
-        table {
-            border: 0;
-            border-spacing: 0;
-            border-collapse: collapse
-        }
-
-        /* What it does: Forces Samsung Android mail clients to use the entire viewport. */
-        #MessageViewBody,
-        #MessageWebViewDiv{
-            width: 100% !important;
-        }
-
-        /* What it does: Uses a better rendering method when resizing images in IE. */
-        img {
-            -ms-interpolation-mode:bicubic;
-        }
-
-        /* What it does: Prevents Windows 10 Mail from underlining links despite inline CSS. Styles for underlined links should be inline. */
-        a {
-            text-decoration: none;
-        }
-
-        /* What it does: A work-around for email clients automatically linking certain text strings. */
-        /* iOS */
-        a[x-apple-data-detectors],
-        .unstyle-auto-detected-links a,
-        .aBn {
-            border-bottom: 0 !important;
-            cursor: default !important;
-            color: inherit !important;
-            text-decoration: none !important;
-            font-size: inherit !important;
-            font-family: inherit !important;
-            font-weight: inherit !important;
-            line-height: inherit !important;
-        }
-        u + #body a,        /* Gmail */
-        #MessageViewBody a  /* Samsung Mail */
-        {
-           color: inherit;
-           text-decoration: none;
-           font-size: inherit;
-           font-family: inherit;
-           font-weight: inherit;
-           line-height: inherit;
-        }
-
-        /* What it does: Prevents Gmail from changing the text color in conversation threads. */
-        .im {
-            color: inherit !important;
-        }
-
-        /* What it does: Prevents Gmail from displaying an download button on large, non-linked images. */
-        .a6S {
-            display: none !important;
-            opacity: 0.01 !important;
-        }
-        /* If the above doesn't work, add a .g-img class to any image in question. */
-        img.g-img + div {
-            display:none !important;
-        }
-
-        /* What it does: Removes right gutter in Gmail iOS app: https://github.com/TedGoas/Cerberus/issues/89  */
-        /* Create one of these media queries for each additional viewport size you'd like to fix */
-
-        /* iPhone 4, 4S, 5, 5S, 5C, and 5SE */
-        @media only screen and (min-device-width: 320px) and (max-device-width: 374px) {
-            u ~ div .email-container {
-                min-width: 320px !important;
-            }
-        }
-        /* iPhone 6, 6S, 7, 8, and X */
-        @media only screen and (min-device-width: 375px) and (max-device-width: 413px) {
-            u ~ div .email-container {
-                min-width: 375px !important;
-            }
-        }
-        /* iPhone 6+, 7+, and 8+ */
-        @media only screen and (min-device-width: 414px) {
-            u ~ div .email-container {
-                min-width: 414px !important;
-            }
-        }
-    </style>
-    <!-- What it does: Helps DPI scaling in Outlook 2007-2013 -->
-    <!--[if gte mso 9]>
-    <xml>
-        <o:OfficeDocumentSettings>
-            <o:AllowPNG/>
-            <o:PixelsPerInch>96</o:PixelsPerInch>
-        </o:OfficeDocumentSettings>
-        </xml>
-    <![endif]-->
-
-    <!-- CSS Reset : END -->
-
-    <!-- Progressive Enhancements : BEGIN -->
-    <style>
-        /* What it does: Hover styles for buttons and tags */
-        .s-btn__primary:hover {
-            background: #0077CC !important;
-            border-color: #0077CC !important;
-        }
-        .s-btn__white:hover {
-            background: #EFF0F1 !important;
-            border-color: #EFF0F1 !important;
-        }
-        .s-btn__outlined:hover {
-            background: rgba(0,119,204,.05) !important;
-            color: #005999 !important;
-        }
-        .s-tag:hover,
-        .post-tag:hover {
-            border-color: #cee0ed !important;
-            background: #cee0ed !important;
-        }
-
-        /* What it does: Styles markdown links that we can't write inline CSS for. */
-        .has-markdown a,
-        .has-markdown a:visited {
-            color: #0077CC !important;
-            text-decoration: none !important;
-        }
-
-        /* What it does: Styles markdown code blocks that we can't write inline CSS for. */
-        code {
-            padding: 1px 5px;
-            background-color: #EFF0F1;
-            color: #242729;
-            font-size: 13px;
-            line-height: inherit;
-            font-family: Consolas, Menlo, Monaco, Lucida Console, Liberation Mono, DejaVu Sans Mono, Bitstream Vera Sans Mono, Courier New, monospace, sans-serif;
-        }
-        pre {
-            margin: 0 0 15px;
-            line-height: 17px;
-            background-color: #EFF0F1;
-            padding: 4px 8px;
-            border-radius: 3px;
-            overflow-x: auto;
-        }
-        pre code {
-            margin: 0 0 15px;
-            padding: 0;
-            line-height: 17px;
-            background-color: none;
-        }
-
-        /* What it does: Styles markdown blockquotes that we can't write inline CSS for. */
-        blockquote {
-            margin: 0 0 15px;
-            padding: 4px 10px;
-            background-color: #FFF8DC;
-            border-left: 2px solid #ffeb8e;
-        }
-        blockquote p {
-            padding: 4px 0;
-            margin: 0;
-            overflow-wrap: break-word;
-        }
-
-        /* What it does: Rounds corners in email clients that support it */
-        .bar {
-            border-radius: 5px;
-        }
-        .btr {
-            border-top-left-radius: 5px;
-            border-top-right-radius: 5px;
-        }
-        .bbr {
-            border-bottom-left-radius: 5px;
-            border-bottom-right-radius: 5px;
-        }
-
-        @media screen and (max-width: 680px) {
-            /* What it does: Forces table cells into full-width rows. */
-            .stack-column,
-            .stack-column-center {
-                display: block !important;
-                width: 100% !important;
-                max-width: 100% !important;
-                direction: ltr !important;
-            }
-            /* And center justify these ones. */
-            .stack-column-center {
-                text-align: center !important;
-            }
-
-            /* Hides things in small viewports. */
-            .hide-on-mobile {
-                display: none !important;
-                max-height: 0 !important;
-                overflow: hidden !important;
-                visibility: hidden !important;
-            }
-
-            /* What it does: Utility classes to reduce spacing for smaller viewports. */
-            .sm-p-none  {padding: 0 !important;}
-            .sm-pt-none {padding-top: 0 !important;}
-            .sm-pb-none {padding-bottom: 0 !important;}
-            .sm-pr-none {padding-right: 0 !important;}
-            .sm-pl-none {padding-left: 0 !important;}
-            .sm-px-none {padding-left: 0 !important; padding-right: 0 !important;}
-            .sm-py-none {padding-top: 0 !important; padding-bottom: 0 !important;}
-
-            .sm-p   {padding: 20px !important;}
-            .sm-pt  {padding-top: 20px !important;}
-            .sm-pb  {padding-bottom: 20px !important;}
-            .sm-pr  {padding-right: 20px !important;}
-            .sm-pl  {padding-left: 20px !important;}
-            .sm-px  {padding-left: 20px !important; padding-right: 20px !important;}
-            .sm-py  {padding-top: 20px !important; padding-bottom: 20px !important;}
-            .sm-mb  {margin-bottom: 20px !important;}
-
-            /* What it does: Utility classes to kill border radius for smaller viewports. Used mainly on the email's main container(s). */
-            .bar,
-            .btr,
-            .bbr {
-                border-top-left-radius: 0;
-                border-top-right-radius: 0;
-                border-bottom-left-radius: 0;
-                border-bottom-right-radius: 0;
-            }
-        }
-    </style>
-    <!-- Progressive Enhancements : END -->
-</head>
-
-<!--
-    The email background color is defined in three places, just below. If you change one, remember to change the others.
-    1. body tag: for most email clients
-    2. center tag: for Gmail and Inbox mobile apps and web versions of Gmail, GSuite, Inbox, Yahoo, AOL, Libero, Comcast, freenet, Mail.ru, Orange.fr
-    3. mso conditional: For Windows 10 Mail
-->
-<body width="100%" style="margin: 0; padding: 0 !important; background: #f3f3f5; mso-line-height-rule: exactly;">
-    <center style="width: 100%; background: #f3f3f5;">
-    <!--[if mso | IE]>
-    <table role="presentation" border="0" cellpadding="0" cellspacing="0" width="100%" style="background-color: #f3f3f5;">
-    <tr>
-    <td>
-    <![endif]-->
-
-        <!-- Visually Hidden Preview Text : BEGIN -->
-        <div style="display: none; font-size: 1px; line-height: 1px; max-height: 0px; max-width: 0px; opacity: 0; overflow: hidden; mso-hide: all; font-family: sans-serif;">
-            LfK! - Password reset
-        </div>
-        <!-- Visually Hidden Preview Text : END -->
-
-        <div class="email-container" style="max-width: 680px; margin: 0 auto;">
-            <!--[if mso]>
-            <table role="presentation" cellspacing="0" cellpadding="0" border="0" width="680" align="center">
-            <tr>
-            <td>
-            <![endif]-->
-            <table border="0" cellpadding="0" cellspacing="0" role="presentation" style="max-width: 680px; width:100%">
-                <tr>
-                    <td style="padding: 30px; background-color: #ffffff;" class="sm-p bar">
-                        <table border="0" cellpadding="0" cellspacing="0" role="presentation" style="width:100%;">
-                            <tr>
-                                <td style="padding-bottom: 15px; font-family: arial, sans-serif; font-size: 15px; line-height: 21px; color: #3C3F44; text-align: left;">
-                                    <h1 style="font-weight: bold; font-size: 27px; line-height: 27px; color: #0C0D0E; margin: 0 0 15px 0;">LfK!</h1>
-                                </td>
-                            </tr>
-                            <tr>
-                                <td style="padding-bottom: 15px; font-family: arial, sans-serif; font-size: 15px; line-height: 21px; color: #3C3F44; text-align: left;">
-                                    <h1 style="font-weight: bold; font-size: 21px; line-height: 21px; color: #0C0D0E; margin: 0 0 15px 0;">Password reset</h1>
-                                    <p style="margin: 0 0 15px;" class="has-markdown">A password reset for your account got requested.<br><b>If you didn't request the reset please ignore this mail.</b><br>Your password won't be changed until you click the reset link below and set a new one.</p>
-                                </td>
-                            </tr>
-                            <!-- Button Row : BEGIN -->
-                            <tr>
-                                <td>
-                                    <!-- Button : BEGIN -->
-                                    <table align="left" border="0" cellpadding="0" cellspacing="0" role="presentation">
-                                        <tr>
-                                            <td class="s-btn s-btn__primary" style="border-radius: 4px; background: #0095ff;">
-                                                <a class="s-btn s-btn__primary" href="{{reset_link}}" target="_parent" style="background: #0095FF; border: 1px solid #0077cc; box-shadow: inset 0 1px 0 0 rgba(102,191,255,.75); font-family: arial, sans-serif; font-size: 17px; line-height: 17px; color: #ffffff; text-align: center; text-decoration: none; padding: 13px 17px; display: block; border-radius: 4px; white-space: nowrap;">Reset password</a>
-                                            </td>
-                                        </tr>
-                                    </table>
-                                    <!-- Button : END -->
-                                </td>
-                            </tr>
-                            <!-- Button Row : END -->
-                        </table>
-                    </td>
-                </tr>
-
-                <!-----------------------------
-
-                    EMAIL BODY : END
-
-                ------------------------------>
-
-                <!-- Footer : BEGIN -->
-                <tr>
-                    <td style="padding: 30px;" class="sm-p">
-                        <table align="left" border="0" cellpadding="0" cellspacing="0" role="presentation" width="100%">
-                            <!-- Subscription Info : BEGIN -->
-                            <tr>
-                                <td style="padding-bottom: 10px; font-size: 12px; line-height: 15px; font-family: arial, sans-serif; color: #9199A1; text-align: left;">
-                                    Copyright © {{copyright_owner}}. All rights reserved.
-                                </td>
-                            </tr>
-                            <tr>
-                                <td style="font-size: 12px; line-height: 15px; font-family: arial, sans-serif; color: #9199A1; text-align: left;">
-                                    <a href="{{link_imprint}}"
-                                    style="color: #9199A1; text-decoration: underline;">Imprint</a>&nbsp;&nbsp;&nbsp;&nbsp;
-                                    <a href="{{link_privacy}}" style="color: #9199A1; text-decoration: underline;">Privacy</a>
-                                </td>
-                            </tr>
-                            <!-- Subscription Info : BEGIN -->
-                            <!-- HR line : BEGIN -->
-                            <tr>
-                                <td style="padding: 30px 0;" width="100%" class="sm-py">
-                                    <table aria-hidden="true" border="0" cellpadding="0" cellspacing="0" role="presentation" style="width:100%">
-                                        <tr>
-                                            <td height="1" width="100%" style="font-size: 0; line-height: 0; border-top: 1px solid #D6D8DB;">&nbsp;</td>
-                                        </tr>
-                                    </table>
-                                </td>
-                            </tr>
-                            <!-- HR line : END -->
-                            <tr>
-                                <td style="padding-bottom: 5px; font-size: 12px; line-height: 15px; font-family: arial, sans-serif; color: #9199A1; text-align: left;">This mail was sent to <strong>{{recipient_mail}}</strong> because someone request a password reset for a account linked to the mail address.</td>
-                            </tr>
-                            <!-- Sender Info : END -->
-                        </table>
-                    </td>
-                </tr>
-                <!-- Footer : END -->
-            </table>
-        </div>
-    <!--[if mso | IE]>
-    </td>
-    </tr>
-    </table>
-    <![endif]-->
-    </center>
-</body>
-</html>
--- a/src/static/mail_templates/pw-reset.txt
+++ b/src/static/mail_templates/pw-reset.txt
@@ -1,12 +0,0 @@
-LfK! - Password reset.
-
-A password reset for your account got requested
-If you didn't request the reset please ignore this mail
-Your password won't be changed until you click the reset link below and set a new one.
-
-Reset: {{reset_link}}
-
-
-Copyright © {{copyright_owner}}. All rights reserved.
-Imprint: {{link_imprint}} | Privacy: {{link_privacy}}
-This mail was sent to {{recipient_mail}} because someone request a password reset for a account linked to the mail address.
--- a/src/static/mail_templates/test.html
+++ b/src/static/mail_templates/test.html
@@ -1,369 +0,0 @@
-
-<!DOCTYPE html>
-<html lang="de" xmlns="http://www.w3.org/1999/xhtml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:v="urn:schemas-microsoft-com:vml">
-<head>
-    <title>LfK! - Mail test</title> <!-- The title tag shows in email notifications, like Android 4.4. -->
-    <meta charset="utf-8"> <!-- utf-8 works for most cases -->
-    <meta http-equiv="Content-Type" content="text/html charset=UTF-8" />
-    <meta name="viewport" content="width=device-width"> <!-- Forcing initial-scale shouldn't be necessary -->
-    <meta http-equiv="X-UA-Compatible" content="IE=edge"> <!-- Use the latest (edge) version of IE rendering engine -->
-    <meta name="x-apple-disable-message-reformatting"> <!-- Disable auto-scale in iOS 10 Mail entirely -->
-    <meta name="format-detection" content="telephone=no,address=no,email=no,date=no,url=no"> <!-- Tell iOS not to automatically link certain text strings. -->
-
-    <!-- CSS Reset : BEGIN -->
-    <style>
-        /* What it does: Remove spaces around the email design added by some email clients. */
-        /* Beware: It can remove the padding / margin and add a background color to the compose a reply window. */
-        html,
-        body {
-            margin: 0 auto !important;
-            padding: 0 !important;
-            height: 100% !important;
-            width: 100% !important;
-        }
-
-        /* What it does: Stops email clients resizing small text. */
-        * {
-            -ms-text-size-adjust: 100%;
-            -webkit-text-size-adjust: 100%;
-        }
-
-        /* What it does: Centers email on Android 4.4 */
-        div[style*="margin: 16px 0"] {
-            margin:0 !important;
-        }
-
-        /* What it does: Stops Outlook from adding extra spacing to tables. */
-        table,
-        td {
-            mso-table-lspace: 0pt !important;
-            mso-table-rspace: 0pt !important;
-        }
-
-        /* What it does: Fixes webkit padding issue. */
-        table {
-            border: 0;
-            border-spacing: 0;
-            border-collapse: collapse
-        }
-
-        /* What it does: Forces Samsung Android mail clients to use the entire viewport. */
-        #MessageViewBody,
-        #MessageWebViewDiv{
-            width: 100% !important;
-        }
-
-        /* What it does: Uses a better rendering method when resizing images in IE. */
-        img {
-            -ms-interpolation-mode:bicubic;
-        }
-
-        /* What it does: Prevents Windows 10 Mail from underlining links despite inline CSS. Styles for underlined links should be inline. */
-        a {
-            text-decoration: none;
-        }
-
-        /* What it does: A work-around for email clients automatically linking certain text strings. */
-        /* iOS */
-        a[x-apple-data-detectors],
-        .unstyle-auto-detected-links a,
-        .aBn {
-            border-bottom: 0 !important;
-            cursor: default !important;
-            color: inherit !important;
-            text-decoration: none !important;
-            font-size: inherit !important;
-            font-family: inherit !important;
-            font-weight: inherit !important;
-            line-height: inherit !important;
-        }
-        u + #body a,        /* Gmail */
-        #MessageViewBody a  /* Samsung Mail */
-        {
-           color: inherit;
-           text-decoration: none;
-           font-size: inherit;
-           font-family: inherit;
-           font-weight: inherit;
-           line-height: inherit;
-        }
-
-        /* What it does: Prevents Gmail from changing the text color in conversation threads. */
-        .im {
-            color: inherit !important;
-        }
-
-        /* What it does: Prevents Gmail from displaying an download button on large, non-linked images. */
-        .a6S {
-            display: none !important;
-            opacity: 0.01 !important;
-        }
-        /* If the above doesn't work, add a .g-img class to any image in question. */
-        img.g-img + div {
-            display:none !important;
-        }
-
-        /* What it does: Removes right gutter in Gmail iOS app: https://github.com/TedGoas/Cerberus/issues/89  */
-        /* Create one of these media queries for each additional viewport size you'd like to fix */
-
-        /* iPhone 4, 4S, 5, 5S, 5C, and 5SE */
-        @media only screen and (min-device-width: 320px) and (max-device-width: 374px) {
-            u ~ div .email-container {
-                min-width: 320px !important;
-            }
-        }
-        /* iPhone 6, 6S, 7, 8, and X */
-        @media only screen and (min-device-width: 375px) and (max-device-width: 413px) {
-            u ~ div .email-container {
-                min-width: 375px !important;
-            }
-        }
-        /* iPhone 6+, 7+, and 8+ */
-        @media only screen and (min-device-width: 414px) {
-            u ~ div .email-container {
-                min-width: 414px !important;
-            }
-        }
-    </style>
-    <!-- What it does: Helps DPI scaling in Outlook 2007-2013 -->
-    <!--[if gte mso 9]>
-    <xml>
-        <o:OfficeDocumentSettings>
-            <o:AllowPNG/>
-            <o:PixelsPerInch>96</o:PixelsPerInch>
-        </o:OfficeDocumentSettings>
-        </xml>
-    <![endif]-->
-
-    <!-- CSS Reset : END -->
-
-    <!-- Progressive Enhancements : BEGIN -->
-    <style>
-        /* What it does: Hover styles for buttons and tags */
-        .s-btn__primary:hover {
-            background: #0077CC !important;
-            border-color: #0077CC !important;
-        }
-        .s-btn__white:hover {
-            background: #EFF0F1 !important;
-            border-color: #EFF0F1 !important;
-        }
-        .s-btn__outlined:hover {
-            background: rgba(0,119,204,.05) !important;
-            color: #005999 !important;
-        }
-        .s-tag:hover,
-        .post-tag:hover {
-            border-color: #cee0ed !important;
-            background: #cee0ed !important;
-        }
-
-        /* What it does: Styles markdown links that we can't write inline CSS for. */
-        .has-markdown a,
-        .has-markdown a:visited {
-            color: #0077CC !important;
-            text-decoration: none !important;
-        }
-
-        /* What it does: Styles markdown code blocks that we can't write inline CSS for. */
-        code {
-            padding: 1px 5px;
-            background-color: #EFF0F1;
-            color: #242729;
-            font-size: 13px;
-            line-height: inherit;
-            font-family: Consolas, Menlo, Monaco, Lucida Console, Liberation Mono, DejaVu Sans Mono, Bitstream Vera Sans Mono, Courier New, monospace, sans-serif;
-        }
-        pre {
-            margin: 0 0 15px;
-            line-height: 17px;
-            background-color: #EFF0F1;
-            padding: 4px 8px;
-            border-radius: 3px;
-            overflow-x: auto;
-        }
-        pre code {
-            margin: 0 0 15px;
-            padding: 0;
-            line-height: 17px;
-            background-color: none;
-        }
-
-        /* What it does: Styles markdown blockquotes that we can't write inline CSS for. */
-        blockquote {
-            margin: 0 0 15px;
-            padding: 4px 10px;
-            background-color: #FFF8DC;
-            border-left: 2px solid #ffeb8e;
-        }
-        blockquote p {
-            padding: 4px 0;
-            margin: 0;
-            overflow-wrap: break-word;
-        }
-
-        /* What it does: Rounds corners in email clients that support it */
-        .bar {
-            border-radius: 5px;
-        }
-        .btr {
-            border-top-left-radius: 5px;
-            border-top-right-radius: 5px;
-        }
-        .bbr {
-            border-bottom-left-radius: 5px;
-            border-bottom-right-radius: 5px;
-        }
-
-        @media screen and (max-width: 680px) {
-            /* What it does: Forces table cells into full-width rows. */
-            .stack-column,
-            .stack-column-center {
-                display: block !important;
-                width: 100% !important;
-                max-width: 100% !important;
-                direction: ltr !important;
-            }
-            /* And center justify these ones. */
-            .stack-column-center {
-                text-align: center !important;
-            }
-
-            /* Hides things in small viewports. */
-            .hide-on-mobile {
-                display: none !important;
-                max-height: 0 !important;
-                overflow: hidden !important;
-                visibility: hidden !important;
-            }
-
-            /* What it does: Utility classes to reduce spacing for smaller viewports. */
-            .sm-p-none  {padding: 0 !important;}
-            .sm-pt-none {padding-top: 0 !important;}
-            .sm-pb-none {padding-bottom: 0 !important;}
-            .sm-pr-none {padding-right: 0 !important;}
-            .sm-pl-none {padding-left: 0 !important;}
-            .sm-px-none {padding-left: 0 !important; padding-right: 0 !important;}
-            .sm-py-none {padding-top: 0 !important; padding-bottom: 0 !important;}
-
-            .sm-p   {padding: 20px !important;}
-            .sm-pt  {padding-top: 20px !important;}
-            .sm-pb  {padding-bottom: 20px !important;}
-            .sm-pr  {padding-right: 20px !important;}
-            .sm-pl  {padding-left: 20px !important;}
-            .sm-px  {padding-left: 20px !important; padding-right: 20px !important;}
-            .sm-py  {padding-top: 20px !important; padding-bottom: 20px !important;}
-            .sm-mb  {margin-bottom: 20px !important;}
-
-            /* What it does: Utility classes to kill border radius for smaller viewports. Used mainly on the email's main container(s). */
-            .bar,
-            .btr,
-            .bbr {
-                border-top-left-radius: 0;
-                border-top-right-radius: 0;
-                border-bottom-left-radius: 0;
-                border-bottom-right-radius: 0;
-            }
-        }
-    </style>
-    <!-- Progressive Enhancements : END -->
-</head>
-
-<!--
-    The email background color is defined in three places, just below. If you change one, remember to change the others.
-    1. body tag: for most email clients
-    2. center tag: for Gmail and Inbox mobile apps and web versions of Gmail, GSuite, Inbox, Yahoo, AOL, Libero, Comcast, freenet, Mail.ru, Orange.fr
-    3. mso conditional: For Windows 10 Mail
-->
-<body width="100%" style="margin: 0; padding: 0 !important; background: #f3f3f5; mso-line-height-rule: exactly;">
-    <center style="width: 100%; background: #f3f3f5;">
-    <!--[if mso | IE]>
-    <table role="presentation" border="0" cellpadding="0" cellspacing="0" width="100%" style="background-color: #f3f3f5;">
-    <tr>
-    <td>
-    <![endif]-->
-
-        <!-- Visually Hidden Preview Text : BEGIN -->
-        <div style="display: none; font-size: 1px; line-height: 1px; max-height: 0px; max-width: 0px; opacity: 0; overflow: hidden; mso-hide: all; font-family: sans-serif;">
-            LfK! - Mail test
-        </div>
-        <!-- Visually Hidden Preview Text : END -->
-
-        <div class="email-container" style="max-width: 680px; margin: 0 auto;">
-            <!--[if mso]>
-            <table role="presentation" cellspacing="0" cellpadding="0" border="0" width="680" align="center">
-            <tr>
-            <td>
-            <![endif]-->
-            <table border="0" cellpadding="0" cellspacing="0" role="presentation" style="max-width: 680px; width:100%">
-                <tr>
-                    <td style="padding: 30px; background-color: #ffffff;" class="sm-p bar">
-                        <table border="0" cellpadding="0" cellspacing="0" role="presentation" style="width:100%;">
-                            <tr>
-                                <td style="padding-bottom: 15px; font-family: arial, sans-serif; font-size: 15px; line-height: 21px; color: #3C3F44; text-align: left;">
-                                    <h1 style="font-weight: bold; font-size: 27px; line-height: 27px; color: #0C0D0E; margin: 0 0 15px 0;">LfK!</h1>
-                                </td>
-                            </tr>
-                            <tr>
-                                <td style="padding-bottom: 15px; font-family: arial, sans-serif; font-size: 15px; line-height: 21px; color: #3C3F44; text-align: left;">
-                                    <h1 style="font-weight: bold; font-size: 21px; line-height: 21px; color: #0C0D0E; margin: 0 0 15px 0;">Test mail</h1>
-                                    <p style="margin: 0 0 15px;" class="has-markdown">This is a test mail triggered by an admin in the LfK! backend.</p>
-                                </td>
-                            </tr>
-                        </table>
-                    </td>
-                </tr>
-
-                <!-----------------------------
-
-                    EMAIL BODY : END
-
-                ------------------------------>
-
-                <!-- Footer : BEGIN -->
-                <tr>
-                    <td style="padding: 30px;" class="sm-p">
-                        <table align="left" border="0" cellpadding="0" cellspacing="0" role="presentation" width="100%">
-                            <!-- Subscription Info : BEGIN -->
-                            <tr>
-                                <td style="padding-bottom: 10px; font-size: 12px; line-height: 15px; font-family: arial, sans-serif; color: #9199A1; text-align: left;">
-                                    Copyright © {{copyright_owner}}. All rights reserved.
-                                </td>
-                            </tr>
-                            <tr>
-                                <td style="font-size: 12px; line-height: 15px; font-family: arial, sans-serif; color: #9199A1; text-align: left;">
-                                    <a href="{{link_imprint}}"
-                                    style="color: #9199A1; text-decoration: underline;">Imprint</a>&nbsp;&nbsp;&nbsp;&nbsp;
-                                    <a href="{{link_privacy}}" style="color: #9199A1; text-decoration: underline;">Privacy</a>
-                                </td>
-                            </tr>
-                            <!-- Subscription Info : BEGIN -->
-                            <!-- HR line : BEGIN -->
-                            <tr>
-                                <td style="padding: 30px 0;" width="100%" class="sm-py">
-                                    <table aria-hidden="true" border="0" cellpadding="0" cellspacing="0" role="presentation" style="width:100%">
-                                        <tr>
-                                            <td height="1" width="100%" style="font-size: 0; line-height: 0; border-top: 1px solid #D6D8DB;">&nbsp;</td>
-                                        </tr>
-                                    </table>
-                                </td>
-                            </tr>
-                            <!-- HR line : END -->
-                            <tr>
-                                <td style="padding-bottom: 5px; font-size: 12px; line-height: 15px; font-family: arial, sans-serif; color: #9199A1; text-align: left;">This mail was sent to <strong>{{recipient_mail}}</strong> because someone request a mail test for this mail address.</td>
-                            </tr>
-                            <!-- Sender Info : END -->
-                        </table>
-                    </td>
-                </tr>
-                <!-- Footer : END -->
-            </table>
-        </div>
-    <!--[if mso | IE]>
-    </td>
-    </tr>
-    </table>
-    <![endif]-->
-    </center>
-</body>
-</html>
--- a/src/static/mail_templates/test.txt
+++ b/src/static/mail_templates/test.txt
@@ -1,8 +0,0 @@
-LfK! - Mail test.
-
-This is a test mail triggered by an admin in the LfK! backend.
-
-
-Copyright © {{copyright_owner}}. All rights reserved.
-Imprint: {{link_imprint}} | Privacy: {{link_privacy}}
-This mail was sent to {{recipient_mail}} because someone requested a mail test for this mail address.
--- a/src/tests/auth/auth_login.spec.ts
+++ b/src/tests/auth/auth_login.spec.ts
@@ -5,6 +5,7 @@ const base = "http://localhost:" + config.internal_port
 let axios_config;

 beforeAll(async () => {
+    jest.setTimeout(20000);
    axios_config = {
        validateStatus: undefined
    };
--- a/src/tests/auth/auth_logout.spec.ts
+++ b/src/tests/auth/auth_logout.spec.ts
@@ -8,14 +8,15 @@ const axios_config = {
 };;

 beforeAll(async () => {
+    jest.setTimeout(20000);
    const res_login = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    await axios.post(base + '/api/users', {
-        "firstname": "demo_logout",
-        "middlename": "demo_logout",
-        "lastname": "demo_logout",
-        "username": "demo_logout",
-        "password": "demo_logout",
-        "email": "demo_logout@dev.lauf-fuer-kaya.de"
+        "firstname": "demo_logoutASD123",
+        "middlename": "demo_logoutASD123",
+        "lastname": "demo_logoutASD123",
+        "username": "demo_logoutASD123",
+        "password": "demo_logoutASD123",
+        "email": "demo_logoutASD123@dev.lauf-fuer-kaya.de"
    }, {
        headers: { "authorization": "Bearer " + res_login.data["access_token"] },
        validateStatus: undefined
@@ -25,7 +26,7 @@ beforeAll(async () => {
 describe('POST /api/auth/logout valid', () => {
    let refresh_coookie;
    it('valid logout with token in cookie should return 200', async () => {
-        const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logout", password: "demo_logout" });
+        const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logoutASD123", password: "demo_logoutASD123" });
        refresh_coookie = res_login.headers["set-cookie"];
        const res = await axios.post(base + '/api/auth/logout', null, {
            headers: { "Cookie": refresh_coookie },
@@ -34,7 +35,7 @@ describe('POST /api/auth/logout valid', () => {
        expect(res.status).toEqual(200);
    });
    it('valid logout with token in body should return 200', async () => {
-        const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logout", password: "demo_logout" });
+        const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logoutASD123", password: "demo_logoutASD123" });
        const res = await axios.post(base + '/api/auth/logout', { token: res_login.data["refresh_token"] }, axios_config);
        expect(res.status).toEqual(200);
    });
--- a/src/tests/auth/auth_refresh.spec.ts
+++ b/src/tests/auth/auth_refresh.spec.ts
@@ -8,14 +8,15 @@ const axios_config = {
 };;

 beforeAll(async () => {
+    jest.setTimeout(20000);
    const res_login = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    await axios.post(base + '/api/users', {
-        "firstname": "demo_refresh",
-        "middlename": "demo_refresh",
-        "lastname": "demo_refresh",
-        "username": "demo_refresh",
-        "password": "demo_refresh",
-        "email": "demo_refresh@dev.lauf-fuer-kaya.de"
+        "firstname": "demo_refreshASD312",
+        "middlename": "demo_refreshASD312",
+        "lastname": "demo_refreshASD312",
+        "username": "demo_refreshASD312",
+        "password": "demo_refreshASD312",
+        "email": "demo_refreshASD312@dev.lauf-fuer-kaya.de"
    }, {
        headers: { "authorization": "Bearer " + res_login.data["access_token"] },
        validateStatus: undefined
@@ -24,7 +25,7 @@ beforeAll(async () => {

 describe('POST /api/auth/refresh valid', () => {
    it('valid refresh with token in cookie should return 200', async () => {
-        const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refresh", password: "demo_refresh" });
+        const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refreshASD312", password: "demo_refreshASD312" });
        const res = await axios.post(base + '/api/auth/refresh', null, {
            headers: { "Cookie": res_login.headers["set-cookie"] },
            validateStatus: undefined
@@ -32,7 +33,7 @@ describe('POST /api/auth/refresh valid', () => {
        expect(res.status).toEqual(200);
    });
    it('valid refresh with token in body should return 200', async () => {
-        const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refresh", password: "demo_refresh" });
+        const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refreshASD312", password: "demo_refreshASD312" });
        const res = await axios.post(base + '/api/auth/refresh', { token: res_login.data["refresh_token"] }, axios_config);
        expect(res.status).toEqual(200);
    });
--- a/src/tests/auth/auth_reset.spec.ts
+++ b/src/tests/auth/auth_reset.spec.ts
@@ -8,25 +8,26 @@ const axios_config = {
 };;

 beforeAll(async () => {
+    jest.setTimeout(20000);
    const res_login = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    await axios.post(base + '/api/users', {
-        "firstname": "demo_reset",
-        "middlename": "demo_reset",
-        "lastname": "demo_reset",
-        "username": "demo_reset",
-        "password": "demo_reset",
-        "email": "demo_reset1@dev.lauf-fuer-kaya.de"
+        "firstname": "demo_resetASD312",
+        "middlename": "demo_resetASD312",
+        "lastname": "demo_resetASD312",
+        "username": "demo_resetASD312",
+        "password": "demo_resetASD312",
+        "email": "demo_resetASD3121@dev.lauf-fuer-kaya.de"
    }, {
        headers: { "authorization": "Bearer " + res_login.data["access_token"] },
        validateStatus: undefined
    });
    await axios.post(base + '/api/users', {
-        "firstname": "demo_reset2",
-        "middlename": "demo_reset2",
-        "lastname": "demo_reset2",
-        "username": "demo_reset2",
-        "password": "demo_reset2",
-        "email": "demo_reset2@dev.lauf-fuer-kaya.de"
+        "firstname": "demo_resetASD3122",
+        "middlename": "demo_resetASD3122",
+        "lastname": "demo_resetASD3122",
+        "username": "demo_resetASD3122",
+        "password": "demo_resetASD3122",
+        "email": "demo_resetASD3122@dev.lauf-fuer-kaya.de"
    }, {
        headers: { "authorization": "Bearer " + res_login.data["access_token"] },
        validateStatus: undefined
@@ -35,8 +36,8 @@ beforeAll(async () => {

 describe('POST /api/auth/reset valid', () => {
    let reset_token;
-    it('valid reset token request should return 200', async () => {
-        const res1 = await axios.post(base + '/api/auth/reset', { email: "demo_reset1@dev.lauf-fuer-kaya.de" });
+    it('valid reset token request should return 200 (500 w/o correct auth)', async () => {
+        const res1 = await axios.post(base + '/api/auth/reset', { email: "demo_resetASD3121@dev.lauf-fuer-kaya.de" }, axios_config);
        reset_token = res1.data.resetToken;
        expect(res1.status).toEqual(200);
    });
@@ -44,8 +45,8 @@ describe('POST /api/auth/reset valid', () => {
 // ---------------
 describe('POST /api/auth/reset invalid requests', () => {
    it('request another password reset before the timeout should return 406', async () => {
-        const res1 = await axios.post(base + '/api/auth/reset', { email: "demo_reset2@dev.lauf-fuer-kaya.de" }, axios_config);
-        const res2 = await axios.post(base + '/api/auth/reset', { email: "demo_reset2@dev.lauf-fuer-kaya.de" }, axios_config);
+        const res1 = await axios.post(base + '/api/auth/reset', { email: "demo_resetASD3122@dev.lauf-fuer-kaya.de" }, axios_config);
+        const res2 = await axios.post(base + '/api/auth/reset', { email: "demo_resetASD3122@dev.lauf-fuer-kaya.de" }, axios_config);
        expect(res2.status).toEqual(406);
    });
 });
--- a/src/tests/cards/cards_add.spec.ts
+++ b/src/tests/cards/cards_add.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
@@ -85,7 +86,6 @@ describe('POST /api/cards successfully (with runner)', () => {
 			"lastname": "last",
 			"group": added_org.id
 		}, axios_config);
-		delete res2.data.group;
 		added_runner = res2.data;
 		expect(res2.status).toEqual(200);
 		expect(res2.headers['content-type']).toContain("application/json")
@@ -149,3 +149,38 @@ describe('POST /api/cards successfully (with runner)', () => {
 		});
 	});
 });
+// ---------------
+describe('POST /api/cards/bulk successfully', () => {
+	it('creating a single new bulk card should return 200', async () => {
+		const res = await axios.post(base + '/api/cards/bulk?count=1', {}, axios_config);
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+	});
+	it('creating a single new bulk card and letting the system return it should return 200', async () => {
+		const res = await axios.post(base + '/api/cards/bulk?count=1&returnCards=true', {}, axios_config);
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+		expect(res.data[0].id).toBeDefined();
+	});
+	it('creating 50 new bulk card should return 200', async () => {
+		const res = await axios.post(base + '/api/cards/bulk?count=50', {}, axios_config);
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+	});
+	it('creating 50 new bulk cards and letting the system return it should return 200', async () => {
+		const res = await axios.post(base + '/api/cards/bulk?count=50&returnCards=true', {}, axios_config);
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+		expect(res.data.length).toEqual(50);
+	});
+	it('creating 250 new bulk card should return 200', async () => {
+		const res = await axios.post(base + '/api/cards/bulk?count=250', {}, axios_config);
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+	});
+	it('creating 2000 new bulk card should return 200', async () => {
+		const res = await axios.post(base + '/api/cards/bulk?count=2000', {}, axios_config);
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+	});
+});
--- a/src/tests/cards/cards_delete.spec.ts
+++ b/src/tests/cards/cards_delete.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/cards/cards_get.spec.ts
+++ b/src/tests/cards/cards_get.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/cards/cards_update.spec.ts
+++ b/src/tests/cards/cards_update.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
@@ -63,7 +64,6 @@ describe('adding + updating card.runner successfully', () => {
 			"lastname": "last",
 			"group": added_org.id
 		}, axios_config);
-		delete res2.data.group;
 		added_runner = res2.data;
 		expect(res2.status).toEqual(200);
 		expect(res2.headers['content-type']).toContain("application/json")
@@ -74,7 +74,6 @@ describe('adding + updating card.runner successfully', () => {
 			"lastname": "last",
 			"group": added_org.id
 		}, axios_config);
-		delete res2.data.group;
 		added_runner2 = res2.data;
 		expect(res2.status).toEqual(200);
 		expect(res2.headers['content-type']).toContain("application/json")
--- a/src/tests/contacts/contact_add.spec.ts
+++ b/src/tests/contacts/contact_add.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/contacts/contact_delete.spec.ts
+++ b/src/tests/contacts/contact_delete.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/contacts/contact_get.spec.ts
+++ b/src/tests/contacts/contact_get.spec.ts
@@ -5,6 +5,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/contacts/contact_update.spec.ts
+++ b/src/tests/contacts/contact_update.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/donations/donations_add.spec.ts
+++ b/src/tests/donations/donations_add.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/donations/donations_delete.spec.ts
+++ b/src/tests/donations/donations_delete.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/donations/donations_get.spec.ts
+++ b/src/tests/donations/donations_get.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/donations/donations_update.spec.ts
+++ b/src/tests/donations/donations_update.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/donors/donor_add.spec.ts
+++ b/src/tests/donors/donor_add.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/donors/donor_delete.spec.ts
+++ b/src/tests/donors/donor_delete.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/donors/donor_get.spec.ts
+++ b/src/tests/donors/donor_get.spec.ts
@@ -5,6 +5,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/donors/donor_update.spec.ts
+++ b/src/tests/donors/donor_update.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/mails/mail_test.spec.ts
+++ b/src/tests/mails/mail_test.spec.ts
@@ -1,22 +0,0 @@
-import axios from 'axios';
-import { config } from '../../config';
-
-const base = "http://localhost:" + config.internal_port
-
-let access_token;
-let axios_config;
-
-beforeAll(async () => {
-    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
-    access_token = res.data["access_token"];
-    axios_config = {
-        headers: { "authorization": "Bearer " + access_token },
-        validateStatus: undefined
-    };
-});
-
-describe('POST /mails/test valid', () => {
-    it('test mail request should return 200', async () => {
-        const res1 = await axios.post(base + '/api/mails/test', null, axios_config);
-    });
-});
--- a/src/tests/runnerOrgs/org_add.spec.ts
+++ b/src/tests/runnerOrgs/org_add.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/runnerOrgs/org_delete.spec.ts
+++ b/src/tests/runnerOrgs/org_delete.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
@@ -15,7 +16,7 @@ beforeAll(async () => {
 });

 // ---------------
-describe('adding + deletion (non-existant)', () => {
+describe('deletion (non-existant)', () => {
    it('delete', async () => {
        const res2 = await axios.delete(base + '/api/organizations/0', axios_config);
        expect(res2.status).toEqual(204);
--- a/src/tests/runnerOrgs/org_get.spec.ts
+++ b/src/tests/runnerOrgs/org_get.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/runnerOrgs/org_update.spec.ts
+++ b/src/tests/runnerOrgs/org_update.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/runnerTeams/team_add.spec.ts
+++ b/src/tests/runnerTeams/team_add.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/runnerTeams/team_delete.spec.ts
+++ b/src/tests/runnerTeams/team_delete.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/runnerTeams/team_get.spec.ts
+++ b/src/tests/runnerTeams/team_get.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/runnerTeams/team_update.spec.ts
+++ b/src/tests/runnerTeams/team_update.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/runners/runner_add.spec.ts
+++ b/src/tests/runners/runner_add.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/runners/runner_delete.spec.ts
+++ b/src/tests/runners/runner_delete.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/runners/runner_get.spec.ts
+++ b/src/tests/runners/runner_get.spec.ts
@@ -5,6 +5,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/runners/runner_update.spec.ts
+++ b/src/tests/runners/runner_update.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/scans/scans_add.spec.ts
+++ b/src/tests/scans/scans_add.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/scans/scans_delete.spec.ts
+++ b/src/tests/scans/scans_delete.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/scans/scans_get.spec.ts
+++ b/src/tests/scans/scans_get.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/scans/scans_update.spec.ts
+++ b/src/tests/scans/scans_update.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/scanstations/scanstations_add.spec.ts
+++ b/src/tests/scanstations/scanstations_add.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/scanstations/scanstations_delete.spec.ts
+++ b/src/tests/scanstations/scanstations_delete.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/scanstations/scanstations_get.spec.ts
+++ b/src/tests/scanstations/scanstations_get.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
@@ -57,3 +58,33 @@ describe('adding + getting stations', () => {
 		expect(res.headers['content-type']).toContain("application/json");
 	});
 });
+// ---------------
+describe('adding + getting via me endpoint', () => {
+	let added_track;
+	let added_station;
+	it('creating a track should return 200', async () => {
+		const res1 = await axios.post(base + '/api/tracks', {
+			"name": "test123",
+			"distance": 123
+		}, axios_config);
+		added_track = res1.data
+		expect(res1.status).toEqual(200);
+		expect(res1.headers['content-type']).toContain("application/json")
+	});
+	it('correct description and track input for station creation return 200', async () => {
+		const res = await axios.post(base + '/api/stations', {
+			"track": added_track.id,
+			"description": "I am but a simple test."
+		}, axios_config);
+		added_station = res.data;
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json")
+	});
+	it('correct description and track input for station creation return 200', async () => {
+		const res = await axios.get(base + '/api/stations/me', { headers: { "authorization": "Bearer " + added_station.key } });
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json")
+		added_station.key = "Only visible on creation.";
+		expect(res.data).toEqual(added_station);
+	});
+});
--- a/src/tests/scanstations/scanstations_update.spec.ts
+++ b/src/tests/scanstations/scanstations_update.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/selfservice/selfservice_delete.spec.ts
+++ b/src/tests/selfservice/selfservice_delete.spec.ts
@@ -0,0 +1,66 @@
+import axios from 'axios';
+import { config } from '../../config';
+const base = "http://localhost:" + config.internal_port
+
+let access_token;
+let axios_config;
+
+beforeAll(async () => {
+    jest.setTimeout(20000);
+    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
+    access_token = res.data["access_token"];
+    axios_config = {
+        headers: { "authorization": "Bearer " + access_token },
+        validateStatus: undefined
+    };
+});
+// ---------------
+describe('delete selfservice runner invalid', () => {
+    let added_runner;
+    it('registering as citizen with minimal params should return 200', async () => {
+        const res = await axios.post(base + '/api/runners/register', {
+            "firstname": "string",
+            "lastname": "string",
+            "email": "user@example.com"
+        }, axios_config);
+        added_runner = res.data;
+        expect(res.status).toEqual(200);
+        expect(res.headers['content-type']).toContain("application/json");
+    });
+    it('delete with valid jwt should return 200', async () => {
+        const res = await axios.delete(base + '/api/runners/me/' + added_runner.token, axios_config);
+        expect(res.status).toEqual(200);
+        expect(res.headers['content-type']).toContain("application/json");
+    });
+    it('delete with valid jwt but non-existant runner should return 200', async () => {
+        const res = await axios.delete(base + '/api/runners/me/' + added_runner.token, axios_config);
+        expect(res.status).toEqual(404);
+        expect(res.headers['content-type']).toContain("application/json");
+    });
+    it('delete with invalid jwt should return 401', async () => {
+        const res = await axios.delete(base + '/api/runners/me/123.123', axios_config);
+        expect(res.status).toEqual(401);
+        expect(res.headers['content-type']).toContain("application/json");
+    });
+});
+// ---------------
+describe('delete selfservice runner valid', () => {
+    let added_runner;
+    it('registering as citizen with minimal params should return 200', async () => {
+        const res = await axios.post(base + '/api/runners/register', {
+            "firstname": "string",
+            "lastname": "string",
+            "email": "user@example.com"
+        }, axios_config);
+        added_runner = res.data;
+        expect(res.status).toEqual(200);
+        expect(res.headers['content-type']).toContain("application/json");
+    });
+    it('delete with valid jwt should return 200', async () => {
+        const res = await axios.delete(base + '/api/runners/me/' + added_runner.token, axios_config);
+        expect(res.status).toEqual(200);
+        expect(res.headers['content-type']).toContain("application/json");
+        delete added_runner.token;
+        expect(res.data).toEqual(added_runner);
+    });
+});
--- a/src/tests/selfservice/selfservice_forgotten.spec.ts
+++ b/src/tests/selfservice/selfservice_forgotten.spec.ts
@@ -0,0 +1,82 @@
+import axios from 'axios';
+import { config } from '../../config';
+const base = "http://localhost:" + config.internal_port
+
+let access_token;
+let axios_config;
+
+beforeAll(async () => {
+    jest.setTimeout(20000);
+    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
+    access_token = res.data["access_token"];
+    axios_config = {
+        headers: { "authorization": "Bearer " + access_token },
+        validateStatus: undefined
+    };
+});
+
+describe('POST /api/runners/me/forgot invalid syntax/mail should fail', () => {
+    it('get without mail return 404', async () => {
+        const res = await axios.post(base + '/api/runners/forgot', null, axios_config);
+        expect(res.status).toEqual(404);
+        expect(res.headers['content-type']).toContain("application/json");
+    });
+    it('get without bs mail return 404', async () => {
+        const res = await axios.post(base + '/api/runners/forgot?mail=asdasdasdasdasd@tester.test.dev.lauf-fuer-kaya.de', null, axios_config);
+        expect(res.status).toEqual(404);
+        expect(res.headers['content-type']).toContain("application/json");
+    });
+});
+// ---------------
+describe('POST /api/runners/me/forgot 2 times within timeout should fail', () => {
+    let added_runner;
+    it('registering as citizen should return 200', async () => {
+        const res = await axios.post(base + '/api/runners/register', {
+            "firstname": "string",
+            "middlename": "string",
+            "lastname": "string",
+            "email": "citizen420@dev.lauf-fuer-kaya.de"
+        }, axios_config);
+        expect(res.status).toEqual(200);
+        expect(res.headers['content-type']).toContain("application/json");
+        added_runner = res.data;
+    });
+    it('post with valid mail should return 200', async () => {
+        const res = await axios.post(base + '/api/runners/forgot?mail=' + added_runner.email, null, axios_config);
+        expect(res.status).toEqual(200);
+        expect(res.headers['content-type']).toContain("application/json");
+    });
+    it('2nd post with valid mail should return 406', async () => {
+        const res = await axios.post(base + '/api/runners/forgot?mail=' + added_runner.email, null, axios_config);
+        expect(res.status).toEqual(406);
+        expect(res.headers['content-type']).toContain("application/json");
+    });
+});
+
+// ---------------
+describe('POST /api/runners/me/forgot valid should return 200', () => {
+    let added_runner;
+    let new_token;
+    it('registering as citizen should return 200', async () => {
+        const res = await axios.post(base + '/api/runners/register', {
+            "firstname": "string",
+            "middlename": "string",
+            "lastname": "string",
+            "email": "citizen69@dev.lauf-fuer-kaya.de"
+        }, axios_config);
+        expect(res.status).toEqual(200);
+        expect(res.headers['content-type']).toContain("application/json");
+        added_runner = res.data;
+    });
+    it('post with valid mail should return 200', async () => {
+        const res = await axios.post(base + '/api/runners/forgot?mail=' + added_runner.email, null, axios_config);
+        expect(res.status).toEqual(200);
+        expect(res.headers['content-type']).toContain("application/json");
+        new_token = res.data.token;
+    });
+    it('get infos with valid jwt should return 200', async () => {
+        const res = await axios.get(base + '/api/runners/me/' + new_token, axios_config);
+        expect(res.status).toEqual(200);
+        expect(res.headers['content-type']).toContain("application/json");
+    });
+});
--- a/src/tests/selfservice/selfservice_get.spec.ts
+++ b/src/tests/selfservice/selfservice_get.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
@@ -40,4 +41,9 @@ describe('register + get should return 200', () => {
        expect(res.status).toEqual(200);
        expect(res.headers['content-type']).toContain("application/json");
    });
+    it('get scans with valid jwt should return 200', async () => {
+        const res = await axios.get(base + '/api/runners/me/' + added_runner.token + "/scans", axios_config);
+        expect(res.status).toEqual(200);
+        expect(res.headers['content-type']).toContain("application/json");
+    });
 });
--- a/src/tests/selfservice/selfservice_org.spec.ts
+++ b/src/tests/selfservice/selfservice_org.spec.ts
@@ -0,0 +1,55 @@
+import axios from 'axios';
+import { config } from '../../config';
+const base = "http://localhost:" + config.internal_port
+
+let access_token;
+let axios_config;
+
+beforeAll(async () => {
+    jest.setTimeout(20000);
+    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
+    access_token = res.data["access_token"];
+    axios_config = {
+        headers: { "authorization": "Bearer " + access_token },
+        validateStatus: undefined
+    };
+});
+
+// ---------------
+describe('get invalid org', () => {
+    it('getting random org via selfservice should return 4040', async () => {
+        const res = await axios.get(base + '/api/organizations/selfservice/asfdasfasdfsdafsadfsadfasdfasdfsdf', axios_config);
+        expect(res.status).toEqual(404);
+    });
+});
+
+// ---------------
+describe('get valid org w/teams', () => {
+    let added_org;
+    let added_team;
+    it('creating a new org with just a name and registration enabled should return 200', async () => {
+        const res = await axios.post(base + '/api/organizations', {
+            "name": "test123",
+            "registrationEnabled": true
+        }, axios_config);
+        added_org = res.data;
+        expect(res.status).toEqual(200);
+        expect(res.headers['content-type']).toContain("application/json")
+    });
+    it('creating a new team with a parent org should return 200', async () => {
+        const res = await axios.post(base + '/api/teams', {
+            "name": "test_team",
+            "parentGroup": added_org.id
+        }, axios_config);
+        added_team = res.data;
+        expect(res.status).toEqual(200);
+        expect(res.headers['content-type']).toContain("application/json")
+    });
+    it('getting org via selfservice should return 200', async () => {
+        const res = await axios.get(base + '/api/organizations/selfservice/' + added_org.registrationKey, axios_config);
+        expect(res.status).toEqual(200);
+        expect(res.headers['content-type']).toContain("application/json");
+        expect(res.data.name).toEqual(added_org.name);
+        expect(res.data.teams[0]).toEqual({ name: added_team.name, id: added_team.id, responseType: "SELFSERVICETEAM" });
+    });
+});
--- a/src/tests/selfservice/selfservice_register.spec.ts
+++ b/src/tests/selfservice/selfservice_register.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/tracks/track_add.spec.ts
+++ b/src/tests/tracks/track_add.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/tracks/track_delete.spec.ts
+++ b/src/tests/tracks/track_delete.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/tracks/track_update.spec.ts
+++ b/src/tests/tracks/track_update.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/tracks/tracks_get.spec.ts
+++ b/src/tests/tracks/tracks_get.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/trackscans/trackscans_add.spec.ts
+++ b/src/tests/trackscans/trackscans_add.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/trackscans/trackscans_delete.spec.ts
+++ b/src/tests/trackscans/trackscans_delete.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/trackscans/trackscans_get.spec.ts
+++ b/src/tests/trackscans/trackscans_get.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/trackscans/trackscans_update.spec.ts
+++ b/src/tests/trackscans/trackscans_update.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;

 beforeAll(async () => {
+	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
@@ -86,7 +87,7 @@ describe('adding + updating illegally', () => {
 	it('updating with wrong id should return 406', async () => {
 		const res2 = await axios.put(base + '/api/scans/trackscans/' + added_scan.id, {
 			"id": added_scan.id + 1,
-			"station": added_station.id,
+			"track": added_track.id,
 			"runner": added_runner.id
 		}, axios_config);
 		expect(res2.status).toEqual(406);
@@ -95,7 +96,7 @@ describe('adding + updating illegally', () => {
 	it('updating with invalid station should return 404', async () => {
 		const res2 = await axios.put(base + '/api/scans/trackscans/' + added_scan.id, {
 			"id": added_scan.id,
-			"station": 9999999999999999,
+			"track": 9999999999999999,
 			"runner": added_runner.id
 		}, axios_config);
 		expect(res2.status).toEqual(404);
@@ -104,7 +105,7 @@ describe('adding + updating illegally', () => {
 	it('updating with invalid runner should return 404', async () => {
 		const res2 = await axios.put(base + '/api/scans/trackscans/' + added_scan.id, {
 			"id": added_scan.id,
-			"station": added_station.id,
+			"track": added_station.id,
 			"runner": 9999999999999999999
 		}, axios_config);
 		expect(res2.status).toEqual(404);
@@ -211,7 +212,7 @@ describe('adding + updating successfilly', () => {
 	it('updating with new runner should return 200', async () => {
 		const res2 = await axios.put(base + '/api/scans/trackscans/' + added_scan.id, {
 			"id": added_scan.id,
-			"station": added_station.id,
+			"track": added_track.id,
 			"runner": added_runner2.id
 		}, axios_config);
 		expect(res2.status).toEqual(200);
@@ -220,7 +221,7 @@ describe('adding + updating successfilly', () => {
 	it('updating with new station should return 200', async () => {
 		const res2 = await axios.put(base + '/api/scans/trackscans/' + added_scan.id, {
 			"id": added_scan.id,
-			"station": added_station2.id,
+			"track": added_track2.id,
 			"runner": added_runner.id
 		}, axios_config);
 		expect(res2.status).toEqual(200);
@@ -229,7 +230,7 @@ describe('adding + updating successfilly', () => {
 	it('updating with valid=false should return 200', async () => {
 		const res2 = await axios.put(base + '/api/scans/trackscans/' + added_scan.id, {
 			"id": added_scan.id,
-			"station": added_station2.id,
+			"track": added_track2.id,
 			"runner": added_runner.id,
 			"valid": false
 		}, axios_config);
--- a/src/tests/users/user_delete.spec.ts
+++ b/src/tests/users/user_delete.spec.ts
@@ -0,0 +1,51 @@
+import axios from 'axios';
+import { config } from '../../config';
+const base = "http://localhost:" + config.internal_port
+
+let access_token;
+let axios_config;
+
+beforeAll(async () => {
+    jest.setTimeout(20000);
+    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
+    access_token = res.data["access_token"];
+    axios_config = {
+        headers: { "authorization": "Bearer " + access_token },
+        validateStatus: undefined
+    };
+});
+
+// ---------------
+describe('adding + deletion (non-existant)', () => {
+    it('delete', async () => {
+        const res2 = await axios.delete(base + '/api/users/0?force=true', axios_config);
+        expect(res2.status).toEqual(204);
+    });
+});
+// ---------------
+describe('adding + deletion (successfull)', () => {
+    let added_user
+    it('valid user creation with minimal parameters should return 200', async () => {
+        const res = await axios.post(base + '/api/users', {
+            "firstname": "string",
+            "middlename": "string",
+            "lastname": "string",
+            "email": "demo_123_123_123asdASD@example.com",
+            "password": "demo_123_123_123asdASD",
+            "enabled": true
+        }
+            , axios_config);
+        added_user = res.data;
+        expect(res.status).toEqual(200);
+    });
+    it('delete', async () => {
+        const res2 = await axios.delete(base + '/api/users/' + added_user.id + "?force=true", axios_config);
+        expect(res2.status).toEqual(200);
+        expect(res2.headers['content-type']).toContain("application/json")
+    });
+    it('check if user really was deleted', async () => {
+        const res3 = await axios.get(base + '/api/users/' + added_user.id, axios_config);
+        expect(res3.status).toEqual(404);
+        expect(res3.headers['content-type']).toContain("application/json")
+    });
+});
--- a/src/tests/users/user_post.spec.ts
+++ b/src/tests/users/user_post.spec.ts
@@ -0,0 +1,113 @@
+import axios from 'axios';
+import { config } from '../../config';
+
+const base = "http://localhost:" + config.internal_port
+
+let axios_config = {};
+
+beforeAll(async () => {
+    jest.setTimeout(20000);
+    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
+    let access_token = res.data["access_token"];
+    axios_config = {
+        headers: { "authorization": "Bearer " + access_token },
+        validateStatus: undefined
+    };
+});
+
+describe('POST /api/users valid', () => {
+    it('valid user creation with minimal parameters should return 200', async () => {
+        const res = await axios.post(base + '/api/users', {
+            "firstname": "demo_createASD123",
+            "lastname": "demo_createASD123",
+            "password": "demo_createASD123",
+            "email": "demo_createASD123@dev.lauf-fuer-kaya.de"
+        }, axios_config);
+        expect(res.status).toEqual(200);
+    });
+    it('valid user creation with all parameters should return 200', async () => {
+        const res = await axios.post(base + '/api/users', {
+            "firstname": "demo_createASD123_2",
+            "middlename": "demo_createASD123_2",
+            "lastname": "demo_createASD123_2",
+            "username": "demo_createASD123_2",
+            "password": "demo_createASD123_2",
+            "email": "demo_createASD123_2@dev.lauf-fuer-kaya.de"
+        }, axios_config);
+        expect(res.status).toEqual(200);
+    });
+});
+// ---------------
+describe('POST /api/users invalid -> 400', () => {
+    it('user creation w/o firstname should return 400', async () => {
+        const res = await axios.post(base + '/api/users', {
+            "lastname": "demo_createASD123_3",
+            "password": "demo_createASD123_3",
+            "email": "demo_createASD123_3@dev.lauf-fuer-kaya.de"
+        }, axios_config);
+        expect(res.status).toEqual(400);
+    });
+    it('user creation w/o lastname should return 400', async () => {
+        const res = await axios.post(base + '/api/users', {
+            "firstname": "demo_createASD123_3",
+            "password": "demo_createASD123_3",
+            "email": "demo_createASD123_3@dev.lauf-fuer-kaya.de"
+        }, axios_config);
+        expect(res.status).toEqual(400);
+    });
+    it('user creation w/o password should return 400', async () => {
+        const res = await axios.post(base + '/api/users', {
+            "firstname": "demo_createASD123_3",
+            "lastname": "demo_createASD123_3",
+            "email": "demo_createASD123_3@dev.lauf-fuer-kaya.de"
+        }, axios_config);
+        expect(res.status).toEqual(400);
+    });
+    it('user creation w/o email should return 400', async () => {
+        const res = await axios.post(base + '/api/users', {
+            "firstname": "demo_createASD123_3",
+            "lastname": "demo_createASD123_3",
+            "password": "demo_createASD123_3"
+        }, axios_config);
+        expect(res.status).toEqual(400);
+    });
+});
+// ---------------
+describe('POST /api/users invalid -> Password errors', () => {
+    it('user creation w/ invalid password -> No numbers should return 406', async () => {
+        const res = await axios.post(base + '/api/users', {
+            "firstname": "demo_createASD123_4",
+            "lastname": "demo_createASD123_4",
+            "password": "demo_createASD",
+            "email": "demo_createASD123_4@dev.lauf-fuer-kaya.de"
+        }, axios_config);
+        expect(res.status).toEqual(406);
+    });
+    it('user creation w/ invalid password -> No uppercase should return 406', async () => {
+        const res = await axios.post(base + '/api/users', {
+            "firstname": "demo_createASD123_4",
+            "lastname": "demo_createASD123_4",
+            "password": "demo_create_4",
+            "email": "demo_createASD123_4@dev.lauf-fuer-kaya.de"
+        }, axios_config);
+        expect(res.status).toEqual(406);
+    });
+    it('user creation w/ invalid password -> No lowercase should return 406', async () => {
+        const res = await axios.post(base + '/api/users', {
+            "firstname": "demo_createASD123_4",
+            "lastname": "demo_createASD123_4",
+            "password": "DEMO123123ASD",
+            "email": "demo_createASD123_4@dev.lauf-fuer-kaya.de"
+        }, axios_config);
+        expect(res.status).toEqual(406);
+    });
+    it('user creation w/ invalid password -> Too short should return 406', async () => {
+        const res = await axios.post(base + '/api/users', {
+            "firstname": "demo_createASD123_4",
+            "lastname": "demo_createASD123_4",
+            "password": "1Aa_",
+            "email": "demo_createASD123_4@dev.lauf-fuer-kaya.de"
+        }, axios_config);
+        expect(res.status).toEqual(406);
+    });
+});