Merge pull request 'Release 0.11.0' (#195 ) from dev into main

Reviewed-on: #195 Reviewed-by: Philipp Dormann <philipp@philippdormann.de>
🧾New changelog file version [CI SKIP] [skip ci]
2021-04-14 17:04:29 +00:00 · 2021-04-14 16:59:20 +00:00 · 2021-04-14 18:58:24 +02:00 · 2021-04-14 16:58:11 +00:00 · 2021-04-14 18:57:45 +02:00 · 2021-04-14 18:57:26 +02:00
89 changed files with 1552 additions and 563 deletions
--- a/.drone.yml
+++ b/.drone.yml
@@ -19,10 +19,17 @@ get:
  path: odit-git-bot
  name: sshkey
 ---
 kind: secret
 name: ci_token
 get:
  path: odit-ci-bot
  name: apikey
 ---
 kind: pipeline
 type: kubernetes
-name: tests:node_latest
+name: tests:node_14.15.1-alpine3.12
 clone:
  disable: true
 steps:
@@ -32,7 +39,7 @@ steps:
      - git clone $DRONE_REMOTE_URL .
      - git checkout $DRONE_SOURCE_BRANCH
  - name: run tests
-    image: node:latest
+    image: node:14.15.1-alpine3.12
    commands:
      - yarn
      - yarn test:ci
@@ -176,13 +183,13 @@ steps:
    settings:
      urls: https://ci.odit.services/api/repos/lfk/lfk-client-node/builds?SOURCE_TAG=${DRONE_TAG}
      bearer:
-        from_secret: BOT_DRONE_KEY
+        from_secret: ci_token
  - name: trigger js lib build
    image: idcooldi/drone-webhook
    settings:
      urls: https://ci.odit.services/api/repos/lfk/lfk-client-js/builds?SOURCE_TAG=${DRONE_TAG}
      bearer:
-        from_secret: BOT_DRONE_KEY
+        from_secret: ci_token
 trigger:
  event:
  - tag
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,11 +2,198 @@
 All notable changes to this project will be documented in this file. Dates are displayed in UTC.
 #### [v0.11.0](https://git.odit.services/lfk/backend/compare/v0.10.2...v0.11.0)
 - Fixed spelling [`da266a8`](https://git.odit.services/lfk/backend/commit/da266a8dd68dbb575997ae343624982b690486ec)
 - Updated tests [`01ed514`](https://git.odit.services/lfk/backend/commit/01ed51489eb92fff907d46a930ecf0b0eb5cad2b)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`520608a`](https://git.odit.services/lfk/backend/commit/520608aef05b21f4daadf55cfc8caddba06b8f01)
 - Added payedDonationAmount to donor and responsedonor [`8ae4b85`](https://git.odit.services/lfk/backend/commit/8ae4b8582749332f4fb081eee0c520293347001f)
 - Responses now contain the donation status [`34dbaaa`](https://git.odit.services/lfk/backend/commit/34dbaaafe0422234848eabe3f52b26879c9e5a49)
 - Marked payedAmount as optional during creation and/or update [`0636616`](https://git.odit.services/lfk/backend/commit/0636616dad5afb41ffe47a857d91ac75b4f2f20a)
 - Added payed amount fileld to donation class [`b8fbb72`](https://git.odit.services/lfk/backend/commit/b8fbb72fa0b659c9acc406c72a8a59c2174351b4)
 - Added status to tests [`30c6d3d`](https://git.odit.services/lfk/backend/commit/30c6d3d8db9fe37a51e596a73add8b87e8616e54)
 - Added payed amount to crealte classes [`71542bc`](https://git.odit.services/lfk/backend/commit/71542bc3887b97c15436d03280e49f7b3f0fcb06)
 - Added payed amount to update classes [`9930742`](https://git.odit.services/lfk/backend/commit/99307423c533f8cde847b59a80bffc2ff42c9769)
 - Added mssing check to tests [`6c14ed9`](https://git.odit.services/lfk/backend/commit/6c14ed9c89eadc1a10db8c912d8ea2711a518766)
 - 📖New license file version [CI SKIP] [skip ci] [`a2f0d81`](https://git.odit.services/lfk/backend/commit/a2f0d814fc782ad440500e7d6ec779b6ab7f0ac6)
 - 🚀Bumped version to v0.11.0 [`3558e99`](https://git.odit.services/lfk/backend/commit/3558e9909088647bd4f1f4334f50c07a5ef00214)
 - Merge pull request 'Donation payment management feature/193-donation_payments' (#194) from feature/193-donation_payments into dev [`6df5f63`](https://git.odit.services/lfk/backend/commit/6df5f634f3123e04c015889573ccc5674a8bab27)
 - Added donation status enum [`b4c31ee`](https://git.odit.services/lfk/backend/commit/b4c31ee9b5b35d6e11b07f50f3d30ca12e0f7728)
 - Added payed amount to response class [`d64f470`](https://git.odit.services/lfk/backend/commit/d64f470b608b3f179ec77da0210de51c328ef3f2)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`0c61ff4`](https://git.odit.services/lfk/backend/commit/0c61ff457d02f750efa457dd75464187683b037a)
 - No longer answering with null, but 0 [`49b174f`](https://git.odit.services/lfk/backend/commit/49b174f29f63e963e600d74b6923a20211d832eb)
 - Saved missing file [`8fe3243`](https://git.odit.services/lfk/backend/commit/8fe32436935d7cd6c17eae1e138383d3b714e1ba)
 #### [v0.10.2](https://git.odit.services/lfk/backend/compare/v0.10.1...v0.10.2)
 > 7 April 2021
 - Merge pull request 'Release 0.10.2' (#192) from dev into main [`1d82f65`](https://git.odit.services/lfk/backend/commit/1d82f65b0d3a32d10c1a10c991353c18696d58bf)
 - Added first selfservice test [`057ae0d`](https://git.odit.services/lfk/backend/commit/057ae0d79758cd627d6d128406a0d201b6b7ad9b)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`b7ad5d3`](https://git.odit.services/lfk/backend/commit/b7ad5d3a31b8b4f5960852d3ac38af133719ebcd)
 - First try of the laptime sort [`4471e57`](https://git.odit.services/lfk/backend/commit/4471e57438582d55ff846fd69c2cfcc26b40df2a)
 - Potential fix for all remaining errors [`377d5da`](https://git.odit.services/lfk/backend/commit/377d5dadb2a14cb2d70e0b2dc77026f51b3fb51c)
 - At least one fewer test should fail now [`87f444c`](https://git.odit.services/lfk/backend/commit/87f444c30d69d65a9f918c63631a859a389eeee3)
 - Tried workaround for no availdable stats [`8f0f795`](https://git.odit.services/lfk/backend/commit/8f0f795a709db216396998b68b8bbd64ff4d44ff)
 - Reverted temp bugfix [`4603a84`](https://git.odit.services/lfk/backend/commit/4603a84f16fb53a14d1792447100f5b470969dd0)
 - Fixed sorting algo [`988f17a`](https://git.odit.services/lfk/backend/commit/988f17a795bb2d867e9d1d8e78051dff1a14ec30)
 - Added runners stats tests [`7111068`](https://git.odit.services/lfk/backend/commit/7111068361e00cc1308664a3ae650a56e28c015c)
 - Added basic laptime endpoint [`cb71fcd`](https://git.odit.services/lfk/backend/commit/cb71fcd13bc61e6214e2fd7b70e72094749463d3)
 - Added orgs by donations stats tests [`d4a02e7`](https://git.odit.services/lfk/backend/commit/d4a02e7db2ff4976be21605e31aac2f3c82a49c0)
 - Added teams stats endpoint tests [`b9a7dc8`](https://git.odit.services/lfk/backend/commit/b9a7dc84f05441445453193974b2a793b5197fa5)
 - Now resolving all missing relations [`257f320`](https://git.odit.services/lfk/backend/commit/257f320ee3bf6429c4314c64023520366f9f730b)
 - Added min laptime to StatsRunner [`51daf96`](https://git.odit.services/lfk/backend/commit/51daf969cf74792b2c2f2f16ce4359d9fca47bc8)
 - Fixed sorting [`7b15c2d`](https://git.odit.services/lfk/backend/commit/7b15c2d88b14e7279aad97b0c950202ddb5acaaa)
 - Fixed top-ten bein top 9 [`a6a526d`](https://git.odit.services/lfk/backend/commit/a6a526dc5d8b1613ea34e82e477081349e764aec)
 - added new ci secret [`5633e85`](https://git.odit.services/lfk/backend/commit/5633e85f41cb69b10fd8a86f57f1bd2f50848f7b)
 - Added temp console log for test [`22cae39`](https://git.odit.services/lfk/backend/commit/22cae39bd351ca285880e50187ea0d46a7a26437)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`610988e`](https://git.odit.services/lfk/backend/commit/610988ec16b8df61cca61cf2252a469d30318d81)
 - Added temp console log for ci debugging [`4a73eab`](https://git.odit.services/lfk/backend/commit/4a73eab134c3a9f58771be996bc8811b62cf378e)
 - Temp disabled runners by donations test [`0b07a53`](https://git.odit.services/lfk/backend/commit/0b07a53ed209c6193ead3c4d199545e22333ab32)
 - Updated default docker-compose [`f8baca5`](https://git.odit.services/lfk/backend/commit/f8baca5ab2c56b906751bc7edd71477456ad91f3)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`dd6d799`](https://git.odit.services/lfk/backend/commit/dd6d799c847fc96aec1be8f2667ad371890076fb)
 - Resolved missing parentgroup relation [`23bd432`](https://git.odit.services/lfk/backend/commit/23bd432c5f33a0863217120d97e2e4ea52a08baf)
 - Removed console logs for now working tests [`71b33ab`](https://git.odit.services/lfk/backend/commit/71b33ab05b53b62c8b271bd2995c94b2fc212dfd)
 - Fixed typo in test [`cbcb829`](https://git.odit.services/lfk/backend/commit/cbcb829fbde3a4a5e7f94de5dcf24d854c5fc257)
 - Ptotential fix for stats failing [`dcdbdd1`](https://git.odit.services/lfk/backend/commit/dcdbdd15acfe6eef4220b7ed66db60d78107d1f9)
 - 🚀Bumped version to v0.10.2 [`6e236ed`](https://git.odit.services/lfk/backend/commit/6e236ede145e164ee84543fb62404b4776550973)
 - Merge pull request 'stats/runners/laptime feature/190-runners_laptime' (#191) from feature/190-runners_laptime into dev [`a694ad2`](https://git.odit.services/lfk/backend/commit/a694ad225c68fa23152402acba871c857433cc70)
 - Removed all useless console.logs [`95e1eec`](https://git.odit.services/lfk/backend/commit/95e1eec313a79458dd75307a9d0f8319af0d0904)
 - Pinned testing container tag to prod container tag [`10221b9`](https://git.odit.services/lfk/backend/commit/10221b9f2e4493080f3ff095d9772bcfd0ac50eb)
 - Now resolving all relations for orgs by distance [`4a294b1`](https://git.odit.services/lfk/backend/commit/4a294b1e17c44294274b06748ec8141812c2d217)
 - Added temp console log [`720774f`](https://git.odit.services/lfk/backend/commit/720774fcf47c38601ab88d5d74cfcd0e47b21acf)
 - Removed console log for passing tests [`132b48c`](https://git.odit.services/lfk/backend/commit/132b48cf2a9e990a5e830c744ed8244bd25e8b3a)
 - Removed console log [`1d8c8c8`](https://git.odit.services/lfk/backend/commit/1d8c8c8e9cefa58449f7abb2481d9396fe37ba20)
 - Temp test logging workaround [`bf686e8`](https://git.odit.services/lfk/backend/commit/bf686e89e02998ccc80c838ef890c736c252634c)
 - Temp test logging workaround [`6163f0a`](https://git.odit.services/lfk/backend/commit/6163f0a90b3721d3a1488f89cbb39ddff7152241)
 - Removed test for content type [`63964fb`](https://git.odit.services/lfk/backend/commit/63964fbf2c41d9b90f995f056e9db65ab07d54a8)
 #### [v0.10.1](https://git.odit.services/lfk/backend/compare/v0.10.0...v0.10.1)
 > 3 April 2021
 - Merge pull request 'Release 0.10.1' (#189) from dev into main [`e89e07d`](https://git.odit.services/lfk/backend/commit/e89e07d0fc99f14148b01204fb8ed39e2da77e38)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`69afd4d`](https://git.odit.services/lfk/backend/commit/69afd4d5877401eb46df430f43a7feb273abda1e)
 - 🚀Bumped version to v0.10.1 [`24d152f`](https://git.odit.services/lfk/backend/commit/24d152fdc8fe17fffa2f2a718d7145ba8a91d79c)
 - New class: ResponseSelfServiceDonor [`d70c5b1`](https://git.odit.services/lfk/backend/commit/d70c5b1bbc9f02782f8755b6929e2d3458e10221)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`4279e43`](https://git.odit.services/lfk/backend/commit/4279e4374304887e8db40eab77763b20bbce91a1)
 - Removed duplicate openapi statement [`4834a66`](https://git.odit.services/lfk/backend/commit/4834a6698b0958602421c1478a95fec7edda910b)
 - Switched selfservice donation.donor from string to object [`0767943`](https://git.odit.services/lfk/backend/commit/0767943721b6964d542f580c541e744f86444ac6)
 - Adjusted runner property names [`ca87774`](https://git.odit.services/lfk/backend/commit/ca87774767807a2c4bc869b0de95cc73832a8405)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`71e3d0e`](https://git.odit.services/lfk/backend/commit/71e3d0efe2cbde47aea0f26cb5a8b5cd3312707d)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`c28843c`](https://git.odit.services/lfk/backend/commit/c28843c405dc4fd06a10f0fb85814acede15a769)
 - Merge pull request 'Selfservice donations reformatting feature/187-selfservice_donation' (#188) from feature/187-selfservice_donation into dev [`d837654`](https://git.odit.services/lfk/backend/commit/d837654617f7de5d055ffb06c65e2cd52f65c604)
 - Added new responsetype for new class [`f693f2c`](https://git.odit.services/lfk/backend/commit/f693f2cde9a04147155aea4de5d52e1d19d722ca)
 #### [v0.10.0](https://git.odit.services/lfk/backend/compare/v0.9.2...v0.10.0)
 > 1 April 2021
 - Merge pull request 'Release 0.10.0' (#186) from dev into main [`b517dff`](https://git.odit.services/lfk/backend/commit/b517dff8a82c960836d9f0be90fd89f3ba2fae7d)
 - 🚀Bumped version to v0.10.0 [`dc3071f`](https://git.odit.services/lfk/backend/commit/dc3071f7d2be298f0bb02d86ec67ed1125cd3b49)
 - Added locale to mail related runner endpoints [`7af883f`](https://git.odit.services/lfk/backend/commit/7af883f27198206af542bcaff4686221d3788e87)
 - Added locale to mail related runner endpoints [`f543307`](https://git.odit.services/lfk/backend/commit/f5433076b01c743ed9af085fccadb8f1edc26419)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`5fb355f`](https://git.odit.services/lfk/backend/commit/5fb355f450f19e96d3671b1a46e94d564495942b)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`114c246`](https://git.odit.services/lfk/backend/commit/114c246aceba566cc0dd6daab51a77b951b031cc)
 - Merge pull request 'Mail locales feature/184-mail_locales' (#185) from feature/184-mail_locales into dev [`33c13de`](https://git.odit.services/lfk/backend/commit/33c13de32c68a3d9e87e4fd9ad12a815ed8c9fde)
 - Added locale to mail related user endpoints [`1be073a`](https://git.odit.services/lfk/backend/commit/1be073a4fa39f0332a46f567ee6af10a9137844c)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`6aafe4a`](https://git.odit.services/lfk/backend/commit/6aafe4a6ae7d253ab39220e551c52ae067cc481a)
 #### [v0.9.2](https://git.odit.services/lfk/backend/compare/v0.9.1...v0.9.2)
 > 29 March 2021
 - Merge pull request 'Release 0.9.2' (#183) from dev into main [`bdeeb03`](https://git.odit.services/lfk/backend/commit/bdeeb036459c2a2131e843d8a5a6b338e0ba46ea)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`675c876`](https://git.odit.services/lfk/backend/commit/675c8762e8e4cf28d2f334d5ab2e1cb6b594e33c)
 - Fixed bug in return creation [`6c9b91d`](https://git.odit.services/lfk/backend/commit/6c9b91d75a0d08fc4ab0e72c7a09bd0133566368)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`8c00aef`](https://git.odit.services/lfk/backend/commit/8c00aefd6ce3723d9f83d1c94e6491d5d597391f)
 - 🚀Bumped version to v0.9.2 [`89e3924`](https://git.odit.services/lfk/backend/commit/89e392473c52a3f328545699a0f4df89be33ba89)
 #### [v0.9.1](https://git.odit.services/lfk/backend/compare/v0.9.0...v0.9.1)
 > 29 March 2021
 - Merge pull request 'Release v0.9.1' (#182) from dev into main [`3afd785`](https://git.odit.services/lfk/backend/commit/3afd785a54fac91c12af789af19b45e6124e0e39)
 - 🚀Bumped version to v0.9.1 [`a139554`](https://git.odit.services/lfk/backend/commit/a139554e059e9a10acb1733ce1a82b610cc99269)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`8099999`](https://git.odit.services/lfk/backend/commit/8099999e2cdfc8046f9ff4a90681281b671e402d)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`0290b0e`](https://git.odit.services/lfk/backend/commit/0290b0e5f531364d37d8157e639614cf5a6b4189)
 - Merge pull request 'Return cards generated in bulk feature/180-blank_generation_return' (#181) from feature/180-blank_generation_return into dev [`0f7fa99`](https://git.odit.services/lfk/backend/commit/0f7fa990d473ce2dce032c47c39f79c1d0e8df90)
 - Added query param to return created runenrcards [`5a36c8d`](https://git.odit.services/lfk/backend/commit/5a36c8dcae3d79b3b05ffb30a7ebb0d31dc8183a)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`58f4d21`](https://git.odit.services/lfk/backend/commit/58f4d2151f459bc72692cc70e02a59b77abfb9f0)
 - Added test for returnCards=true array length [`1cb2dc9`](https://git.odit.services/lfk/backend/commit/1cb2dc9d53b530435f5798f9cdf7ee866eb7416e)
 - Added test for single card generation with returnCards=true [`6005b06`](https://git.odit.services/lfk/backend/commit/6005b0661f1d5c461bb102e243cc209a8adc21fa)
 - Fixed copy-paste oversight [`2f568c9`](https://git.odit.services/lfk/backend/commit/2f568c9cb8ae39ce40ec8df6d9acbaf0d5ae1a26)
 #### [v0.9.0](https://git.odit.services/lfk/backend/compare/v0.8.0...v0.9.0)
 > 26 March 2021
 - Merge pull request 'Release 0.9.0' (#179) from dev into main [`95135dd`](https://git.odit.services/lfk/backend/commit/95135ddc893dcf64be67b47b0ef2b0d9041253bd)
 - Reenabled user tests [`4c66650`](https://git.odit.services/lfk/backend/commit/4c6665062fe6717242e43b58e66c1f1d030c018d)
 - Moved to tmp files to better check for other problems [`7a64f23`](https://git.odit.services/lfk/backend/commit/7a64f2393783f97a9729356bc1dfd831927dd312)
 - Added user creation invalid tests [`888cab5`](https://git.odit.services/lfk/backend/commit/888cab5898caf9e552c421346934bf90f717a653)
 - Updated auth test to comply with the new pw requirements [`63f6526`](https://git.odit.services/lfk/backend/commit/63f6526e4f59621edbf1fad59fc569b4bd6acbf2)
 - Added user deletion tests [`e6a8ebc`](https://git.odit.services/lfk/backend/commit/e6a8ebcb5b4f430254da4afe159141b21d8da0ed)
 - Added user creation valid tests [`383a809`](https://git.odit.services/lfk/backend/commit/383a8095b8286d51fb2fb24ae2fd0156230e56ab)
 - 📖New license file version [CI SKIP] [skip ci] [`bd7b81e`](https://git.odit.services/lfk/backend/commit/bd7b81efe795c02512c87f3b5dd5eec796580144)
 - Added password errors [`24c38cc`](https://git.odit.services/lfk/backend/commit/24c38cce26da41ccf375e1ccf04afa1868aad8df)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`274a146`](https://git.odit.services/lfk/backend/commit/274a146b9bccfe5e1a879ca137ebb4f51eaa5d57)
 - Fixed test params [`070560e`](https://git.odit.services/lfk/backend/commit/070560e8632e833dd26505c02ccb2474462b63ac)
 - No longer using createuser in seeding process [`96ba25e`](https://git.odit.services/lfk/backend/commit/96ba25ec6c6c397cd2aa322afa79024395f658fe)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`a7fe1e1`](https://git.odit.services/lfk/backend/commit/a7fe1e175918edd7a98983ece570b47075e85e9a)
 - 🚀Bumped version to v0.8.0 [`c23b4d9`](https://git.odit.services/lfk/backend/commit/c23b4d907f20ed7af37a6de6ea4c61433e30b29b)
 - 🚀Bumped version to v0.9.0 [`56a5f41`](https://git.odit.services/lfk/backend/commit/56a5f4168621263daeab5d2fda97b944cdc6ab31)
 - Merge pull request 'Password security feature/99-password_checks' (#177) from feature/99-password_checks into dev [`5a3fc5b`](https://git.odit.services/lfk/backend/commit/5a3fc5b2bd06b3e26177d017d3503f4f627be3f2)
 - Added pw errors to user controller [`b24e24f`](https://git.odit.services/lfk/backend/commit/b24e24ff7dd75d972cdab0fd1e2fe6c532ca2b2f)
 - Now checking password rules on user creation [`5daaa3a`](https://git.odit.services/lfk/backend/commit/5daaa3a73c4eca2817d67e226679d125928a3645)
 - Now checking password rules on user update [`48a87e8`](https://git.odit.services/lfk/backend/commit/48a87e8936e13c48f4baa3f4b10f781ad2f55a44)
 - Fixed pw not getting hashed currectly; [`cb3ea9b`](https://git.odit.services/lfk/backend/commit/cb3ea9b1ebb82c650abd83d4be8629cfe29a5b21)
 - Added pw errors to me controller [`9ce35d8`](https://git.odit.services/lfk/backend/commit/9ce35d8eb78a01f40af8c70e640eca3bcb142304)
 - Now forceing user deletion in tests [`8154e71`](https://git.odit.services/lfk/backend/commit/8154e715bbf18938bd5d1031656a88d39231fa81)
 - Added password checker dependency [`bd00f4f`](https://git.odit.services/lfk/backend/commit/bd00f4f8d585fb6878874810f7de0b8b9f3950d5)
 - Fixed empty object getting called [`5369000`](https://git.odit.services/lfk/backend/commit/536900091afd7366128f21058490d0d4f15c6c89)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`03d76e6`](https://git.odit.services/lfk/backend/commit/03d76e6d0bc5b4655f7f441232681c9462815526)
 - Formatting [`b8c28eb`](https://git.odit.services/lfk/backend/commit/b8c28ebb0808395218b5fb9031f477ae1d48e65e)
 #### [v0.8.0](https://git.odit.services/lfk/backend/compare/v0.7.1...v0.8.0)
 > 26 March 2021
 - Merge pull request 'Release 0.8.0' (#176) from dev into main [`3f8e8ce`](https://git.odit.services/lfk/backend/commit/3f8e8ce3a66a943801c0c8e17885e71feeee744f)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`c9bd6de`](https://git.odit.services/lfk/backend/commit/c9bd6de4762fec04e1e02cd3b667838d05ef39a7)
 - Merge pull request 'Selfservice deletion feature/174-selfservice_deletion' (#175) from feature/174-selfservice_deletion into dev [`e702118`](https://git.odit.services/lfk/backend/commit/e702118d4d80e362e41bb88c74343d50530d1338)
 - Added tests for the new endpoint [`20aeed8`](https://git.odit.services/lfk/backend/commit/20aeed87780247dc6401bba725801fc1874e50b5)
 - Removed param from test [`97159dd`](https://git.odit.services/lfk/backend/commit/97159dd9f81aed080c174a3eb8da9e66dfea9b10)
 - Added selfservice deletion endpoint [`dcb12b0`](https://git.odit.services/lfk/backend/commit/dcb12b0ac289f8df148ba10ae6389727c16f53fd)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`88844e1`](https://git.odit.services/lfk/backend/commit/88844e1a44d87a7dc253bf9aedf2fb3f6cdd1cfe)
 - Fixed response bug [`ccb7ae2`](https://git.odit.services/lfk/backend/commit/ccb7ae29a39387c0f2762861565dc22996a2493a)
 - Updated old hint [`dd12583`](https://git.odit.services/lfk/backend/commit/dd1258333ef67243f8a8df97c176ec5a054a5e3b)
 #### [v0.7.1](https://git.odit.services/lfk/backend/compare/v0.7.0...v0.7.1)
 > 26 March 2021
 - Merge pull request 'Release 0.7.1' (#173) from dev into main [`e76a9ce`](https://git.odit.services/lfk/backend/commit/e76a9cef956b00de7bbb11b6d863d4f33e3d5a34)
 - Revert "Set timeout even higher b/c sqlite just kills itself during these tests" [`f159252`](https://git.odit.services/lfk/backend/commit/f159252651942e442026dbcaae09b242e05d8204)
 - Set timeout even higher b/c sqlite just kills itself during these tests [`6ab6099`](https://git.odit.services/lfk/backend/commit/6ab60998d4f716aded93bb3b5d15594fc5e0434a)
 - Adjusted jest timeout to mitigate sqlite from invalidateing all tests⏱ [`30d220b`](https://git.odit.services/lfk/backend/commit/30d220bc36a28f224406e49ed27ff3f6b4f409e9)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`963253c`](https://git.odit.services/lfk/backend/commit/963253cbc84ed07af13ed0925952ec1b7dcc53ad)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`3ef3a94`](https://git.odit.services/lfk/backend/commit/3ef3a94b20c1abf6fd2f19472e5f448b4c72bd7f)
 - 🚀Bumped version to v0.7.1 [`135852e`](https://git.odit.services/lfk/backend/commit/135852eb9a91010a4ab972ba9efc7b71dfe4d68f)
 - Merge pull request 'RESPONSERUNNERCARD fix bugfix/171-responserunnercards' (#172) from bugfix/171-responserunnercards into dev [`539a650`](https://git.odit.services/lfk/backend/commit/539a6509b17cfd373eef8e443eaa7d41168ac7a9)
 - Now resolveing runnercards [`24aff3b`](https://git.odit.services/lfk/backend/commit/24aff3bac458a9886ca40163484bc72733dc766a)
 - Tests now keep the group [`f3d73d5`](https://git.odit.services/lfk/backend/commit/f3d73d53467a4d00011d280c24e1e12fbb8e443d)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`ce63043`](https://git.odit.services/lfk/backend/commit/ce63043887769e1f92a8c064d6647e0deb81b7fa)
 #### [v0.7.0](https://git.odit.services/lfk/backend/compare/v0.6.4...v0.7.0)
 > 23 March 2021
 - Merge pull request 'Release 0.7.0' (#170) from dev into main [`e40017a`](https://git.odit.services/lfk/backend/commit/e40017a6b88d83d5bfc57ff4603abeaca7a9a37b)
 - Added bulk card creation tests [`438ff0f`](https://git.odit.services/lfk/backend/commit/438ff0fc3f246f83b1fa04cb11828f4a61dfcd1e)
 - Added new "bulk" endpoint [`c1bbda5`](https://git.odit.services/lfk/backend/commit/c1bbda51f067cbd9ac1a9a5378ae3f5d7b9f4eca)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`7a49e7c`](https://git.odit.services/lfk/backend/commit/7a49e7c5c98eb23af1cd0d2084914641e9a1bf90)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`e843a46`](https://git.odit.services/lfk/backend/commit/e843a464e747c0d41280484cb54495cb2de2a9e8)
 - 🚀Bumped version to v0.7.0 [`d0ae50d`](https://git.odit.services/lfk/backend/commit/d0ae50d5579e969ad33d6b9cfd66dac7fa472223)
 - Merge pull request 'Bulk card creation feature/168-runnercards_bulk' (#169) from feature/168-runnercards_bulk into dev [`1dd6420`](https://git.odit.services/lfk/backend/commit/1dd64204cc63fb1a8a4a4aa503c21da42945eafd)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`4705a39`](https://git.odit.services/lfk/backend/commit/4705a39aabaad894d332a5062df03840c23c6bfa)
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,8 +11,12 @@ services:
      DB_PORT: bla
      DB_USER: bla
      DB_PASSWORD: bla
-      DB_NAME: dev.sqlite
+      DB_NAME: ./db.sqlite
      NODE_ENV: production
      POSTALCODE_COUNTRYCODE: DE
      SEED_TEST_DATA: "false"
      MAILER_URL: https://dev.lauf-fuer-kaya.de/mailer
      MAILER_KEY: asdasd
      # APP_PORT: 4010
      # DB_TYPE: postgres
      # DB_HOST: backend_db
--- a/licenses.md
+++ b/licenses.md
@@ -115,6 +115,35 @@ TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
 SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 # check-password-strength
 **Author**: deanilvincent
 **Repo**: [object Object]
 **License**: MIT
 **Description**: A NPM Password strength checker based from Javascript RegExp. Check passphrase if it's "Weak", "Medium" or "Strong"
 ## License Text
 MIT License
 Copyright (c) 2020 Mark Deanil Vicente
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
 # class-transformer
 **Author**: [object Object]
 **Repo**: [object Object]
@@ -425,7 +454,7 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 ## License Text
 MIT License
-Copyright (c) 2010 - 2020 Brian Carlson
+Copyright (c) 2010 - 2021 Brian Carlson
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@odit/lfk-backend",
-  "version": "0.7.0",
+  "version": "0.11.0",
  "main": "src/app.ts",
  "repository": "https://git.odit.services/lfk/backend",
  "author": {
@@ -26,6 +26,7 @@
    "argon2": "^0.27.1",
    "axios": "^0.21.1",
    "body-parser": "^1.19.0",
    "check-password-strength": "^2.0.2",
    "class-transformer": "0.3.1",
    "class-validator": "^0.13.1",
    "consola": "^2.15.0",
--- a/src/controllers/MeController.ts
+++ b/src/controllers/MeController.ts
@@ -1,7 +1,7 @@
 import { Body, CurrentUser, Delete, Get, JsonController, OnUndefined, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
-import { UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
+import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
 import { UpdateUser } from '../models/actions/update/UpdateUser';
 import { User } from '../models/entities/User';
 import { ResponseUser } from '../models/responses/ResponseUser';
@@ -48,6 +48,10 @@ export class MeController {
 	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
 	@ResponseSchema(UserIdsNotMatchingError, { statusCode: 406 })
 	@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
 	@ResponseSchema(PasswordMustContainUppercaseLetterError, { statusCode: 406 })
 	@ResponseSchema(PasswordMustContainLowercaseLetterError, { statusCode: 406 })
 	@ResponseSchema(PasswordMustContainNumberError, { statusCode: 406 })
 	@ResponseSchema(PasswordTooShortError, { statusCode: 406 })
 	@OpenAPI({ description: "Update the yourself. <br> You can't edit your own permissions or group memberships here - Please use the /api/users/:id enpoint instead. <br> Please remember that ids can't be changed." })
 	async put(@CurrentUser() currentUser: User, @Body({ validate: true }) updateUser: UpdateUser) {
 		let oldUser = await this.userRepository.findOne({ id: currentUser.id }, { relations: ['groups'] });
--- a/src/controllers/RunnerCardController.ts
+++ b/src/controllers/RunnerCardController.ts
@@ -1,121 +1,131 @@
-import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
-import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
+import { getConnectionManager, Repository } from 'typeorm';
-import { RunnerCardHasScansError, RunnerCardIdsNotMatchingError, RunnerCardNotFoundError } from '../errors/RunnerCardErrors';
+import { RunnerCardHasScansError, RunnerCardIdsNotMatchingError, RunnerCardNotFoundError } from '../errors/RunnerCardErrors';
-import { RunnerNotFoundError } from '../errors/RunnerErrors';
+import { RunnerNotFoundError } from '../errors/RunnerErrors';
-import { CreateRunnerCard } from '../models/actions/create/CreateRunnerCard';
+import { CreateRunnerCard } from '../models/actions/create/CreateRunnerCard';
-import { UpdateRunnerCard } from '../models/actions/update/UpdateRunnerCard';
+import { UpdateRunnerCard } from '../models/actions/update/UpdateRunnerCard';
-import { RunnerCard } from '../models/entities/RunnerCard';
+import { RunnerCard } from '../models/entities/RunnerCard';
-import { ResponseEmpty } from '../models/responses/ResponseEmpty';
+import { ResponseEmpty } from '../models/responses/ResponseEmpty';
-import { ResponseRunnerCard } from '../models/responses/ResponseRunnerCard';
+import { ResponseRunnerCard } from '../models/responses/ResponseRunnerCard';
-import { ScanController } from './ScanController';
+import { ScanController } from './ScanController';
-
+
-@JsonController('/cards')
+@JsonController('/cards')
-@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
-export class RunnerCardController {
+export class RunnerCardController {
-	private cardRepository: Repository<RunnerCard>;
+	private cardRepository: Repository<RunnerCard>;
-
+
-	/**
+	/**
-	 * Gets the repository of this controller's model/entity.
+	 * Gets the repository of this controller's model/entity.
-	 */
+	 */
-	constructor() {
+	constructor() {
-		this.cardRepository = getConnectionManager().get().getRepository(RunnerCard);
+		this.cardRepository = getConnectionManager().get().getRepository(RunnerCard);
-	}
+	}
-
+
-	@Get()
+	@Get()
-	@Authorized("CARD:GET")
+	@Authorized("CARD:GET")
-	@ResponseSchema(ResponseRunnerCard, { isArray: true })
+	@ResponseSchema(ResponseRunnerCard, { isArray: true })
-	@OpenAPI({ description: 'Lists all card.' })
+	@OpenAPI({ description: 'Lists all card.' })
-	async getAll() {
+	async getAll() {
-		let responseCards: ResponseRunnerCard[] = new Array<ResponseRunnerCard>();
+		let responseCards: ResponseRunnerCard[] = new Array<ResponseRunnerCard>();
-		const cards = await this.cardRepository.find({ relations: ['runner'] });
+		const cards = await this.cardRepository.find({ relations: ['runner', 'runner.group', 'runner.group.parentGroup'] });
-		cards.forEach(card => {
+		cards.forEach(card => {
-			responseCards.push(new ResponseRunnerCard(card));
+			responseCards.push(new ResponseRunnerCard(card));
-		});
+		});
-		return responseCards;
+		return responseCards;
-	}
+	}
-
+
-	@Get('/:id')
+	@Get('/:id')
-	@Authorized("CARD:GET")
+	@Authorized("CARD:GET")
-	@ResponseSchema(ResponseRunnerCard)
+	@ResponseSchema(ResponseRunnerCard)
-	@ResponseSchema(RunnerCardNotFoundError, { statusCode: 404 })
+	@ResponseSchema(RunnerCardNotFoundError, { statusCode: 404 })
-	@OnUndefined(RunnerCardNotFoundError)
+	@OnUndefined(RunnerCardNotFoundError)
-	@OpenAPI({ description: "Lists all information about the card whose id got provided." })
+	@OpenAPI({ description: "Lists all information about the card whose id got provided." })
-	async getOne(@Param('id') id: number) {
+	async getOne(@Param('id') id: number) {
-		let card = await this.cardRepository.findOne({ id: id }, { relations: ['runner'] });
+		let card = await this.cardRepository.findOne({ id: id }, { relations: ['runner', 'runner.group', 'runner.group.parentGroup'] });
-		if (!card) { throw new RunnerCardNotFoundError(); }
+		if (!card) { throw new RunnerCardNotFoundError(); }
-		return card.toResponse();
+		return card.toResponse();
-	}
+	}
-
+
-	@Post('/bulk')
+	@Post('/bulk')
-	@Authorized("CARD:CREATE")
+	@Authorized("CARD:CREATE")
-	@ResponseSchema(ResponseEmpty, { statusCode: 200 })
+	@ResponseSchema(ResponseEmpty, { statusCode: 200 })
-	@OpenAPI({ description: "Create blank cards in bulk. <br> Just provide the count as a query param and wait for the 200 response." })
+	@OpenAPI({ description: "Create blank cards in bulk. <br> Just provide the count as a query param and wait for the 200 response. <br> You can provide the 'returnCards' query param if you want to receive the RESPONSERUNNERCARD objects in the response." })
-	async postBlancoBulk(@QueryParam("count") count: number) {
+	async postBlancoBulk(@QueryParam("count") count: number, @QueryParam("returnCards") returnCards: boolean = false) {
-		let createPromises = new Array<any>();
+		let createPromises = new Array<any>();
-		for (let index = 0; index < count; index++) {
+		for (let index = 0; index < count; index++) {
-			createPromises.push(this.cardRepository.save({ runner: null, enabled: true }))
+			createPromises.push(this.cardRepository.save({ runner: null, enabled: true }))
-		}
+		}
-		await Promise.all(createPromises);
+
-		let response = new ResponseEmpty();
+		const cards = await Promise.all(createPromises);
-		response.response = `Created ${count} new blanco cards.`
+
-		return response;
+		if (returnCards) {
-	}
+			let responseCards: ResponseRunnerCard[] = new Array<ResponseRunnerCard>();
-
+			for await (let card of cards) {
-	@Post()
+				let dbCard = await this.cardRepository.findOne({ id: card.id });
-	@Authorized("CARD:CREATE")
+				responseCards.push(new ResponseRunnerCard(dbCard));
-	@ResponseSchema(ResponseRunnerCard)
+			}
-	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+			return responseCards;
-	@OpenAPI({ description: "Create a new card. <br> You can provide a associated runner by id but you don't have to." })
+		}
-	async post(@Body({ validate: true }) createCard: CreateRunnerCard) {
+		let response = new ResponseEmpty();
-		let card = await createCard.toEntity();
+		response.response = `Created ${count} new blanco cards.`
-		card = await this.cardRepository.save(card);
+		return response;
-		return (await this.cardRepository.findOne({ id: card.id }, { relations: ['runner'] })).toResponse();
+	}
-	}
+
-
+	@Post()
-	@Put('/:id')
+	@Authorized("CARD:CREATE")
-	@Authorized("CARD:UPDATE")
+	@ResponseSchema(ResponseRunnerCard)
-	@ResponseSchema(ResponseRunnerCard)
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
-	@ResponseSchema(RunnerCardNotFoundError, { statusCode: 404 })
+	@OpenAPI({ description: "Create a new card. <br> You can provide a associated runner by id but you don't have to." })
-	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+	async post(@Body({ validate: true }) createCard: CreateRunnerCard) {
-	@ResponseSchema(RunnerCardIdsNotMatchingError, { statusCode: 406 })
+		let card = await createCard.toEntity();
-	@OpenAPI({ description: "Update the card whose id you provided. <br> Scans created via this card will still be associated with the old runner. <br> Please remember that ids can't be changed." })
+		card = await this.cardRepository.save(card);
-	async put(@Param('id') id: number, @Body({ validate: true }) card: UpdateRunnerCard) {
+		return (await this.cardRepository.findOne({ id: card.id }, { relations: ['runner', 'runner.group', 'runner.group.parentGroup'] })).toResponse();
-		let oldCard = await this.cardRepository.findOne({ id: id });
+	}
-
+
-		if (!oldCard) {
+	@Put('/:id')
-			throw new RunnerCardNotFoundError();
+	@Authorized("CARD:UPDATE")
-		}
+	@ResponseSchema(ResponseRunnerCard)
-
+	@ResponseSchema(RunnerCardNotFoundError, { statusCode: 404 })
-		if (oldCard.id != card.id) {
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
-			throw new RunnerCardIdsNotMatchingError();
+	@ResponseSchema(RunnerCardIdsNotMatchingError, { statusCode: 406 })
-		}
+	@OpenAPI({ description: "Update the card whose id you provided. <br> Scans created via this card will still be associated with the old runner. <br> Please remember that ids can't be changed." })
-
+	async put(@Param('id') id: number, @Body({ validate: true }) card: UpdateRunnerCard) {
-		await this.cardRepository.save(await card.update(oldCard));
+		let oldCard = await this.cardRepository.findOne({ id: id });
-		return (await this.cardRepository.findOne({ id: id }, { relations: ['runner'] })).toResponse();
+
-	}
+		if (!oldCard) {
-
+			throw new RunnerCardNotFoundError();
-	@Delete('/:id')
+		}
-	@Authorized("CARD:DELETE")
+
-	@ResponseSchema(ResponseRunnerCard)
+		if (oldCard.id != card.id) {
-	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
+			throw new RunnerCardIdsNotMatchingError();
-	@ResponseSchema(RunnerCardHasScansError, { statusCode: 406 })
+		}
-	@OnUndefined(204)
+
-	@OpenAPI({ description: "Delete the card whose id you provided. <br> If no card with this id exists it will just return 204(no content). <br> If the card still has scans associated you have to provide the force=true query param (warning: this deletes all scans associated with by this card - please disable it instead or just remove the runner association)." })
+		await this.cardRepository.save(await card.update(oldCard));
-	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
+		return (await this.cardRepository.findOne({ id: id }, { relations: ['runner', 'runner.group', 'runner.group.parentGroup'] })).toResponse();
-		let card = await this.cardRepository.findOne({ id: id });
+	}
-		if (!card) { return null; }
+
-
+	@Delete('/:id')
-		const cardScans = (await this.cardRepository.findOne({ id: id }, { relations: ["scans"] })).scans;
+	@Authorized("CARD:DELETE")
-		if (cardScans.length != 0 && !force) {
+	@ResponseSchema(ResponseRunnerCard)
-			throw new RunnerCardHasScansError();
+	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
-		}
+	@ResponseSchema(RunnerCardHasScansError, { statusCode: 406 })
-		const scanController = new ScanController;
+	@OnUndefined(204)
-		for (let scan of cardScans) {
+	@OpenAPI({ description: "Delete the card whose id you provided. <br> If no card with this id exists it will just return 204(no content). <br> If the card still has scans associated you have to provide the force=true query param (warning: this deletes all scans associated with by this card - please disable it instead or just remove the runner association)." })
-			await scanController.remove(scan.id, force);
+	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
-		}
+		let card = await this.cardRepository.findOne({ id: id });
-
+		if (!card) { return null; }
-		await this.cardRepository.delete(card);
+
-		return card.toResponse();
+		const cardScans = (await this.cardRepository.findOne({ id: id }, { relations: ["scans"] })).scans;
-	}
+		if (cardScans.length != 0 && !force) {
 			throw new RunnerCardHasScansError();
 		}
 		const scanController = new ScanController;
 		for (let scan of cardScans) {
 			await scanController.remove(scan.id, force);
 		}
 		await this.cardRepository.delete(card);
 		return card.toResponse();
 	}
 }
--- a/src/controllers/RunnerSelfServiceController.ts
+++ b/src/controllers/RunnerSelfServiceController.ts
@@ -1,186 +1,228 @@
-import { Request } from "express";
+import { Request } from "express";
-import * as jwt from "jsonwebtoken";
+import * as jwt from "jsonwebtoken";
-import { Body, Get, JsonController, OnUndefined, Param, Post, QueryParam, Req, UseBefore } from 'routing-controllers';
+import { Body, Delete, Get, JsonController, OnUndefined, Param, Post, QueryParam, Req, UseBefore } from 'routing-controllers';
-import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
+import { getConnectionManager, Repository } from 'typeorm';
-import { config } from '../config';
+import { config } from '../config';
-import { InvalidCredentialsError, JwtNotProvidedError } from '../errors/AuthError';
+import { InvalidCredentialsError, JwtNotProvidedError } from '../errors/AuthError';
-import { MailSendingError } from '../errors/MailErrors';
+import { MailSendingError } from '../errors/MailErrors';
-import { RunnerEmailNeededError, RunnerNotFoundError, RunnerSelfserviceTimeoutError } from '../errors/RunnerErrors';
+import { RunnerEmailNeededError, RunnerHasDistanceDonationsError, RunnerNotFoundError, RunnerSelfserviceTimeoutError } from '../errors/RunnerErrors';
-import { RunnerOrganizationNotFoundError } from '../errors/RunnerOrganizationErrors';
+import { RunnerOrganizationNotFoundError } from '../errors/RunnerOrganizationErrors';
-import { ScanStationNotFoundError } from '../errors/ScanStationErrors';
+import { ScanStationNotFoundError } from '../errors/ScanStationErrors';
-import { JwtCreator } from '../jwtcreator';
+import { JwtCreator } from '../jwtcreator';
-import { Mailer } from '../mailer';
+import { Mailer } from '../mailer';
-import ScanAuth from '../middlewares/ScanAuth';
+import ScanAuth from '../middlewares/ScanAuth';
-import { CreateSelfServiceCitizenRunner } from '../models/actions/create/CreateSelfServiceCitizenRunner';
+import { CreateSelfServiceCitizenRunner } from '../models/actions/create/CreateSelfServiceCitizenRunner';
-import { CreateSelfServiceRunner } from '../models/actions/create/CreateSelfServiceRunner';
+import { CreateSelfServiceRunner } from '../models/actions/create/CreateSelfServiceRunner';
-import { Runner } from '../models/entities/Runner';
+import { Runner } from '../models/entities/Runner';
-import { RunnerGroup } from '../models/entities/RunnerGroup';
+import { RunnerGroup } from '../models/entities/RunnerGroup';
-import { RunnerOrganization } from '../models/entities/RunnerOrganization';
+import { RunnerOrganization } from '../models/entities/RunnerOrganization';
-import { ScanStation } from '../models/entities/ScanStation';
+import { ScanStation } from '../models/entities/ScanStation';
-import { ResponseEmpty } from '../models/responses/ResponseEmpty';
+import { ResponseEmpty } from '../models/responses/ResponseEmpty';
-import { ResponseScanStation } from '../models/responses/ResponseScanStation';
+import { ResponseScanStation } from '../models/responses/ResponseScanStation';
-import { ResponseSelfServiceOrganisation } from '../models/responses/ResponseSelfServiceOrganisation';
+import { ResponseSelfServiceOrganisation } from '../models/responses/ResponseSelfServiceOrganisation';
-import { ResponseSelfServiceRunner } from '../models/responses/ResponseSelfServiceRunner';
+import { ResponseSelfServiceRunner } from '../models/responses/ResponseSelfServiceRunner';
-import { ResponseSelfServiceScan } from '../models/responses/ResponseSelfServiceScan';
+import { ResponseSelfServiceScan } from '../models/responses/ResponseSelfServiceScan';
-
+import { DonationController } from './DonationController';
-@JsonController()
+import { RunnerCardController } from './RunnerCardController';
-export class RunnerSelfServiceController {
+import { ScanController } from './ScanController';
-	private runnerRepository: Repository<Runner>;
+
-	private orgRepository: Repository<RunnerOrganization>;
+@JsonController()
-	private stationRepository: Repository<ScanStation>;
+export class RunnerSelfServiceController {
-
+	private runnerRepository: Repository<Runner>;
-	/**
+	private orgRepository: Repository<RunnerOrganization>;
-	 * Gets the repository of this controller's model/entity.
+	private stationRepository: Repository<ScanStation>;
-	 */
+
-	constructor() {
+	/**
-		this.runnerRepository = getConnectionManager().get().getRepository(Runner);
+	 * Gets the repository of this controller's model/entity.
-		this.orgRepository = getConnectionManager().get().getRepository(RunnerOrganization);
+	 */
-		this.stationRepository = getConnectionManager().get().getRepository(ScanStation);
+	constructor() {
-	}
+		this.runnerRepository = getConnectionManager().get().getRepository(Runner);
-
+		this.orgRepository = getConnectionManager().get().getRepository(RunnerOrganization);
-	@Get('/runners/me/:jwt')
+		this.stationRepository = getConnectionManager().get().getRepository(ScanStation);
-	@ResponseSchema(ResponseSelfServiceRunner)
+	}
-	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+
-	@OnUndefined(RunnerNotFoundError)
+	@Get('/runners/me/:jwt')
-	@OpenAPI({ description: 'Lists all information about yourself. <br> Please provide your runner jwt(that code we gave you during registration) for auth. <br> If you lost your jwt/personalized link please contact support.' })
+	@ResponseSchema(ResponseSelfServiceRunner)
-	async get(@Param('jwt') token: string) {
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
-		return (new ResponseSelfServiceRunner(await this.getRunner(token)));
+	@OnUndefined(RunnerNotFoundError)
-	}
+	@OpenAPI({ description: 'Lists all information about yourself. <br> Please provide your runner jwt(that code we gave you during registration) for auth. <br> If you lost your jwt/personalized link please use the forgot endpoint.' })
-
+	async get(@Param('jwt') token: string) {
-	@Get('/runners/me/:jwt/scans')
+		return (new ResponseSelfServiceRunner(await this.getRunner(token)));
-	@ResponseSchema(ResponseSelfServiceScan, { isArray: true })
+	}
-	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+
-	@OnUndefined(RunnerNotFoundError)
+	@Delete('/runners/me/:jwt')
-	@OpenAPI({ description: 'Lists all your (runner) scans. <br> Please provide your runner jwt(that code we gave you during registration) for auth. <br> If you lost your jwt/personalized link please contact support.' })
+	@ResponseSchema(ResponseSelfServiceRunner)
-	async getScans(@Param('jwt') token: string) {
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
-		const scans = (await this.getRunner(token)).scans;
+	@OnUndefined(RunnerNotFoundError)
-		let responseScans = new Array<ResponseSelfServiceScan>()
+	@OpenAPI({ description: 'Deletes all information about yourself. <br> Please provide your runner jwt(that code we gave you during registration) for auth. <br> If you lost your jwt/personalized link please use the forgot endpoint.' })
-		for (let scan of scans) {
+	async remove(@Param('jwt') token: string, @QueryParam("force") force: boolean) {
-			responseScans.push(new ResponseSelfServiceScan(scan));
+		const responseRunner = await this.getRunner(token);
-		}
+		let runner = await this.runnerRepository.findOne({ id: responseRunner.id });
-		return responseScans;
+
-	}
+		if (!runner) { return null; }
-
+		if (!runner) {
-	@Get('/stations/me')
+			throw new RunnerNotFoundError();
-	@UseBefore(ScanAuth)
+		}
-	@ResponseSchema(ResponseScanStation)
+
-	@ResponseSchema(ScanStationNotFoundError, { statusCode: 404 })
+		const runnerDonations = (await this.runnerRepository.findOne({ id: runner.id }, { relations: ["distanceDonations"] })).distanceDonations;
-	@OnUndefined(ScanStationNotFoundError)
+		if (runnerDonations.length > 0 && !force) {
-	@OpenAPI({ description: 'Lists basic information about the station whose token got provided. <br> This includes it\'s associated track.', security: [{ "StationApiToken": [] }] })
+			throw new RunnerHasDistanceDonationsError();
-	async getStationMe(@Req() req: Request) {
+		}
-		let scan = await this.stationRepository.findOne({ id: parseInt(req.headers["station_id"].toString()) }, { relations: ['track'] })
+		const donationController = new DonationController();
-		if (!scan) { throw new ScanStationNotFoundError(); }
+		for (let donation of runnerDonations) {
-		return scan.toResponse();
+			await donationController.remove(donation.id, force);
-	}
+		}
-
+
-	@Post('/runners/forgot')
+		const runnerCards = (await this.runnerRepository.findOne({ id: runner.id }, { relations: ["cards"] })).cards;
-	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+		const cardController = new RunnerCardController;
-	@OnUndefined(ResponseEmpty)
+		for (let card of runnerCards) {
-	@OpenAPI({ description: 'Use this endpoint to reuqest a new selfservice token/link to be sent to your mail address (rate limited to one mail every 24hrs).' })
+			await cardController.remove(card.id, force);
-	async requestNewToken(@QueryParam('mail') mail: string) {
+		}
-		if (!mail) {
+
-			throw new RunnerNotFoundError();
+		const runnerScans = (await this.runnerRepository.findOne({ id: runner.id }, { relations: ["scans"] })).scans;
-		}
+		const scanController = new ScanController;
-		const runner = await this.runnerRepository.findOne({ email: mail });
+		for (let scan of runnerScans) {
-		if (!runner) { throw new RunnerNotFoundError(); }
+			await scanController.remove(scan.id, force);
-
+		}
-		if (runner.resetRequestedTimestamp > (Math.floor(Date.now() / 1000) - 60 * 60 * 24)) { throw new RunnerSelfserviceTimeoutError(); }
+
-		const token = JwtCreator.createSelfService(runner);
+		await this.runnerRepository.delete(runner);
-
+		return new ResponseSelfServiceRunner(responseRunner);
-		try {
+	}
-			await Mailer.sendSelfserviceForgottenMail(runner.email, token, "en")
+
-		} catch (error) {
+	@Get('/runners/me/:jwt/scans')
-			throw new MailSendingError();
+	@ResponseSchema(ResponseSelfServiceScan, { isArray: true })
-		}
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
-
+	@OnUndefined(RunnerNotFoundError)
-		runner.resetRequestedTimestamp = Math.floor(Date.now() / 1000);
+	@OpenAPI({ description: 'Lists all your (runner) scans. <br> Please provide your runner jwt(that code we gave you during registration) for auth. <br> If you lost your jwt/personalized link please contact support.' })
-		await this.runnerRepository.save(runner);
+	async getScans(@Param('jwt') token: string) {
-
+		const scans = (await this.getRunner(token)).scans;
-		return { token };
+		let responseScans = new Array<ResponseSelfServiceScan>()
-	}
+		for (let scan of scans) {
-
+			responseScans.push(new ResponseSelfServiceScan(scan));
-	@Post('/runners/register')
+		}
-	@ResponseSchema(ResponseSelfServiceRunner)
+		return responseScans;
-	@ResponseSchema(RunnerEmailNeededError, { statusCode: 406 })
+	}
-	@OpenAPI({ description: 'Create a new selfservice runner in the citizen org. <br> This endpoint shoud be used to allow "everyday citizen" to register themselves. <br> You have to provide a mail address, b/c the future we\'ll implement email verification.' })
+
-	async registerRunner(@Body({ validate: true }) createRunner: CreateSelfServiceCitizenRunner) {
+	@Get('/stations/me')
-		let runner = await createRunner.toEntity();
+	@UseBefore(ScanAuth)
-
+	@ResponseSchema(ResponseScanStation)
-		runner = await this.runnerRepository.save(runner);
+	@ResponseSchema(ScanStationNotFoundError, { statusCode: 404 })
-		let response = new ResponseSelfServiceRunner(await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards', 'distanceDonations', 'distanceDonations.donor', 'distanceDonations.runner', 'distanceDonations.runner.scans', 'distanceDonations.runner.scans.track'] }));
+	@OnUndefined(ScanStationNotFoundError)
-		response.token = JwtCreator.createSelfService(runner);
+	@OpenAPI({ description: 'Lists basic information about the station whose token got provided. <br> This includes it\'s associated track.', security: [{ "StationApiToken": [] }] })
-
+	async getStationMe(@Req() req: Request) {
-		try {
+		let scan = await this.stationRepository.findOne({ id: parseInt(req.headers["station_id"].toString()) }, { relations: ['track'] })
-			await Mailer.sendSelfserviceWelcomeMail(runner.email, response.token, "en")
+		if (!scan) { throw new ScanStationNotFoundError(); }
-		} catch (error) {
+		return scan.toResponse();
-			throw new MailSendingError();
+	}
-		}
+
-
+	@Post('/runners/forgot')
-		return response;
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
-	}
+	@OnUndefined(ResponseEmpty)
-
+	@OpenAPI({ description: 'Use this endpoint to reuqest a new selfservice token/link to be sent to your mail address (rate limited to one mail every 24hrs).' })
-	@Post('/runners/register/:token')
+	async requestNewToken(@QueryParam('mail') mail: string, @QueryParam("locale") locale: string = "en") {
-	@ResponseSchema(ResponseSelfServiceRunner)
+		if (!mail) {
-	@ResponseSchema(RunnerOrganizationNotFoundError, { statusCode: 404 })
+			throw new RunnerNotFoundError();
-	@OpenAPI({ description: 'Create a new selfservice runner in a provided org. <br> The orgs get provided and authorized via api tokens that can be optained via the /organizations endpoint.' })
+		}
-	async registerOrganizationRunner(@Param('token') token: string, @Body({ validate: true }) createRunner: CreateSelfServiceRunner) {
+		const runner = await this.runnerRepository.findOne({ email: mail });
-		const org = await this.getOrgansisation(token);
+		if (!runner) { throw new RunnerNotFoundError(); }
-
+
-		let runner = await createRunner.toEntity(org);
+		if (runner.resetRequestedTimestamp > (Math.floor(Date.now() / 1000) - 60 * 60 * 24)) { throw new RunnerSelfserviceTimeoutError(); }
-		runner = await this.runnerRepository.save(runner);
+		const token = JwtCreator.createSelfService(runner);
-
+
-		let response = new ResponseSelfServiceRunner(await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards', 'distanceDonations', 'distanceDonations.donor', 'distanceDonations.runner', 'distanceDonations.runner.scans', 'distanceDonations.runner.scans.track'] }));
+		try {
-		response.token = JwtCreator.createSelfService(runner);
+			await Mailer.sendSelfserviceForgottenMail(runner.email, token, locale)
-
+		} catch (error) {
-		try {
+			throw new MailSendingError();
-			await Mailer.sendSelfserviceWelcomeMail(runner.email, response.token, "en")
+		}
-		} catch (error) {
+
-			throw new MailSendingError();
+		runner.resetRequestedTimestamp = Math.floor(Date.now() / 1000);
-		}
+		await this.runnerRepository.save(runner);
-
+
-		return response;
+		return { token };
-	}
+	}
-
+
-	@Get('/organizations/selfservice/:token')
+	@Post('/runners/register')
-	@ResponseSchema(ResponseSelfServiceOrganisation, { isArray: false })
+	@ResponseSchema(ResponseSelfServiceRunner)
-	@ResponseSchema(RunnerOrganizationNotFoundError, { statusCode: 404 })
+	@ResponseSchema(RunnerEmailNeededError, { statusCode: 406 })
-	@OpenAPI({ description: 'Get the basic info and teams for a org.' })
+	@OpenAPI({ description: 'Create a new selfservice runner in the citizen org. <br> This endpoint shoud be used to allow "everyday citizen" to register themselves. <br> You have to provide a mail address, b/c the future we\'ll implement email verification.' })
-	async getSelfserviceOrg(@Param('token') token: string) {
+	async registerRunner(@Body({ validate: true }) createRunner: CreateSelfServiceCitizenRunner, @QueryParam("locale") locale: string = "en") {
-		const orgid = (await this.getOrgansisation(token)).id;
+		let runner = await createRunner.toEntity();
-		const org = await this.orgRepository.findOne({ id: orgid }, { relations: ['teams'] })
+
-
+		runner = await this.runnerRepository.save(runner);
-		return new ResponseSelfServiceOrganisation(<RunnerOrganization>org);
+		let response = new ResponseSelfServiceRunner(await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards', 'distanceDonations', 'distanceDonations.donor', 'distanceDonations.runner', 'distanceDonations.runner.scans', 'distanceDonations.runner.scans.track'] }));
-	}
+		response.token = JwtCreator.createSelfService(runner);
-
+
-	/**
+		try {
-	 * Get's a runner by a provided jwt token.
+			await Mailer.sendSelfserviceWelcomeMail(runner.email, response.token, locale)
-	 * @param token The runner jwt provided by the runner to identitfy themselves.
+		} catch (error) {
-	 */
+			throw new MailSendingError();
-	private async getRunner(token: string): Promise<Runner> {
+		}
-		if (token == "") { throw new JwtNotProvidedError(); }
+
-		let jwtPayload = undefined
+		return response;
-		try {
+	}
-			jwtPayload = <any>jwt.verify(token, config.jwt_secret);
+
-		} catch (error) {
+	@Post('/runners/register/:token')
-			throw new InvalidCredentialsError();
+	@ResponseSchema(ResponseSelfServiceRunner)
-		}
+	@ResponseSchema(RunnerOrganizationNotFoundError, { statusCode: 404 })
-
+	@OpenAPI({ description: 'Create a new selfservice runner in a provided org. <br> The orgs get provided and authorized via api tokens that can be optained via the /organizations endpoint.' })
-		const runner = await this.runnerRepository.findOne({ id: jwtPayload["id"] }, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards', 'distanceDonations', 'distanceDonations.donor', 'distanceDonations.runner', 'distanceDonations.runner.scans', 'distanceDonations.runner.scans.track'] });
+	async registerOrganizationRunner(@Param('token') token: string, @Body({ validate: true }) createRunner: CreateSelfServiceRunner, @QueryParam("locale") locale: string = "en") {
-		if (!runner) { throw new RunnerNotFoundError() }
+		const org = await this.getOrgansisation(token);
-		return runner;
+
-	}
+		let runner = await createRunner.toEntity(org);
-
+		runner = await this.runnerRepository.save(runner);
-	/**
+
-	 * Get's a runner org by a provided registration api key.
+		let response = new ResponseSelfServiceRunner(await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards', 'distanceDonations', 'distanceDonations.donor', 'distanceDonations.runner', 'distanceDonations.runner.scans', 'distanceDonations.runner.scans.track'] }));
-	 * @param token The organization's registration api token.
+		response.token = JwtCreator.createSelfService(runner);
-	 */
+
-	private async getOrgansisation(token: string): Promise<RunnerGroup> {
+		try {
-		token = Buffer.from(token, 'base64').toString('utf8');
+			await Mailer.sendSelfserviceWelcomeMail(runner.email, response.token, locale)
-
+		} catch (error) {
-		const organization = await this.orgRepository.findOne({ key: token });
+			throw new MailSendingError();
-		if (!organization) { throw new RunnerOrganizationNotFoundError; }
+		}
-
+
-		return organization;
+		return response;
-	}
+	}
 	@Get('/organizations/selfservice/:token')
 	@ResponseSchema(ResponseSelfServiceOrganisation, { isArray: false })
 	@ResponseSchema(RunnerOrganizationNotFoundError, { statusCode: 404 })
 	@OpenAPI({ description: 'Get the basic info and teams for a org.' })
 	async getSelfserviceOrg(@Param('token') token: string) {
 		const orgid = (await this.getOrgansisation(token)).id;
 		const org = await this.orgRepository.findOne({ id: orgid }, { relations: ['teams'] })
 		return new ResponseSelfServiceOrganisation(<RunnerOrganization>org);
 	}
 	/**
 	 * Get's a runner by a provided jwt token.
 	 * @param token The runner jwt provided by the runner to identitfy themselves.
 	 */
 	private async getRunner(token: string): Promise<Runner> {
 		if (token == "") { throw new JwtNotProvidedError(); }
 		let jwtPayload = undefined
 		try {
 			jwtPayload = <any>jwt.verify(token, config.jwt_secret);
 		} catch (error) {
 			throw new InvalidCredentialsError();
 		}
 		const runner = await this.runnerRepository.findOne({ id: jwtPayload["id"] }, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards', 'distanceDonations', 'distanceDonations.donor', 'distanceDonations.runner', 'distanceDonations.runner.scans', 'distanceDonations.runner.scans.track'] });
 		if (!runner) { throw new RunnerNotFoundError() }
 		return runner;
 	}
 	/**
 	 * Get's a runner org by a provided registration api key.
 	 * @param token The organization's registration api token.
 	 */
 	private async getOrgansisation(token: string): Promise<RunnerGroup> {
 		token = Buffer.from(token, 'base64').toString('utf8');
 		const organization = await this.orgRepository.findOne({ key: token });
 		if (!organization) { throw new RunnerOrganizationNotFoundError; }
 		return organization;
 	}
 }
--- a/src/controllers/StatsController.ts
+++ b/src/controllers/StatsController.ts
@@ -1,4 +1,4 @@
-import { Get, JsonController, UseBefore } from 'routing-controllers';
+import { Get, JsonController, QueryParam, UseBefore } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnection } from 'typeorm';
 import StatsAuth from '../middlewares/StatsAuth';
@@ -7,6 +7,7 @@ import { Runner } from '../models/entities/Runner';
 import { RunnerOrganization } from '../models/entities/RunnerOrganization';
 import { RunnerTeam } from '../models/entities/RunnerTeam';
 import { Scan } from '../models/entities/Scan';
 import { TrackScan } from '../models/entities/TrackScan';
 import { User } from '../models/entities/User';
 import { ResponseStats } from '../models/responses/ResponseStats';
 import { ResponseStatsOrgnisation } from '../models/responses/ResponseStatsOrganization';
@@ -36,7 +37,10 @@ export class StatsController {
    @OpenAPI({ description: "Returns the top ten runners by distance.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
    async getTopRunnersByDistance() {
        let runners = await getConnection().getRepository(Runner).find({ relations: ['scans', 'group', 'distanceDonations', 'scans.track'] });
-        let topRunners = runners.sort((runner1, runner2) => runner1.distance - runner2.distance).slice(0, 9);
+        if (!runners || runners.length == 0) {
            return [];
        }
        let topRunners = runners.sort((runner1, runner2) => runner2.distance - runner1.distance).slice(0, 10);
        let responseRunners: ResponseStatsRunner[] = new Array<ResponseStatsRunner>();
        topRunners.forEach(runner => {
            responseRunners.push(new ResponseStatsRunner(runner));
@@ -49,8 +53,11 @@ export class StatsController {
    @ResponseSchema(ResponseStatsRunner, { isArray: true })
    @OpenAPI({ description: "Returns the top ten runners by donations.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
    async getTopRunnersByDonations() {
-        let runners = await getConnection().getRepository(Runner).find({ relations: ['scans', 'group', 'distanceDonations', 'scans.track'] });
+        let runners = await getConnection().getRepository(Runner).find({ relations: ['group', 'distanceDonations', 'distanceDonations.runner', 'distanceDonations.runner.scans', 'distanceDonations.runner.scans.track'] });
-        let topRunners = runners.sort((runner1, runner2) => runner1.distanceDonationAmount - runner2.distanceDonationAmount).slice(0, 9);
+        if (!runners || runners.length == 0) {
            return [];
        }
        let topRunners = runners.sort((runner1, runner2) => runner2.distanceDonationAmount - runner1.distanceDonationAmount).slice(0, 10);
        let responseRunners: ResponseStatsRunner[] = new Array<ResponseStatsRunner>();
        topRunners.forEach(runner => {
            responseRunners.push(new ResponseStatsRunner(runner));
@@ -58,6 +65,34 @@ export class StatsController {
        return responseRunners;
    }
    @Get("/runners/laptime")
    @UseBefore(StatsAuth)
    @ResponseSchema(ResponseStatsRunner, { isArray: true })
    @OpenAPI({ description: "Returns the top ten runners by fastest laptime on your selected track (track by id).", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
    async getTopRunnersByLaptime(@QueryParam("track") track: number) {
        let scans = await getConnection().getRepository(TrackScan).find({ relations: ['track', 'runner', 'runner.group', 'runner.scans', 'runner.scans.track', 'runner.distanceDonations'] });
        if (!scans || scans.length == 0) {
            return [];
        }
        scans = scans.filter((s) => { return s.track.id == track && s.valid == true && s.lapTime != 0 }).sort((scan1, scan2) => scan1.lapTime - scan2.lapTime);
        let topScans = new Array<TrackScan>();
        let knownRunners = new Array<number>();
        for (let i = 0; i < scans.length && topScans.length < 10; i++) {
            const element = scans[i];
            if (!knownRunners.includes(element.runner.id)) {
                topScans.push(element);
                knownRunners.push(element.runner.id);
            }
        }
        let responseRunners: ResponseStatsRunner[] = new Array<ResponseStatsRunner>();
        topScans.forEach(scan => {
            responseRunners.push(new ResponseStatsRunner(scan.runner, scan.lapTime));
        });
        return responseRunners;
    }
    @Get("/scans")
    @UseBefore(StatsAuth)
    @ResponseSchema(ResponseStatsRunner, { isArray: true })
@@ -71,8 +106,11 @@ export class StatsController {
    @ResponseSchema(ResponseStatsTeam, { isArray: true })
    @OpenAPI({ description: "Returns the top ten teams by distance.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
    async getTopTeamsByDistance() {
-        let teams = await getConnection().getRepository(RunnerTeam).find({ relations: ['runners', 'runners.scans', 'runners.distanceDonations', 'runners.scans.track'] });
+        let teams = await getConnection().getRepository(RunnerTeam).find({ relations: ['parentGroup', 'runners', 'runners.scans', 'runners.scans.track'] });
-        let topTeams = teams.sort((team1, team2) => team1.distance - team2.distance).slice(0, 9);
+        if (!teams || teams.length == 0) {
            return [];
        }
        let topTeams = teams.sort((team1, team2) => team2.distance - team1.distance).slice(0, 10);
        let responseTeams: ResponseStatsTeam[] = new Array<ResponseStatsTeam>();
        topTeams.forEach(team => {
            responseTeams.push(new ResponseStatsTeam(team));
@@ -85,8 +123,11 @@ export class StatsController {
    @ResponseSchema(ResponseStatsTeam, { isArray: true })
    @OpenAPI({ description: "Returns the top ten teams by donations.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
    async getTopTeamsByDonations() {
-        let teams = await getConnection().getRepository(RunnerTeam).find({ relations: ['runners', 'runners.scans', 'runners.distanceDonations', 'runners.scans.track'] });
+        let teams = await getConnection().getRepository(RunnerTeam).find({ relations: ['parentGroup', 'runners', 'runners.scans', 'runners.distanceDonations', 'runners.scans.track'] });
-        let topTeams = teams.sort((team1, team2) => team1.distanceDonationAmount - team2.distanceDonationAmount).slice(0, 9);
+        if (!teams || teams.length == 0) {
            return [];
        }
        let topTeams = teams.sort((team1, team2) => team2.distanceDonationAmount - team1.distanceDonationAmount).slice(0, 10);
        let responseTeams: ResponseStatsTeam[] = new Array<ResponseStatsTeam>();
        topTeams.forEach(team => {
            responseTeams.push(new ResponseStatsTeam(team));
@@ -100,7 +141,10 @@ export class StatsController {
    @OpenAPI({ description: "Returns the top ten organizations by distance.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
    async getTopOrgsByDistance() {
        let orgs = await getConnection().getRepository(RunnerOrganization).find({ relations: ['runners', 'runners.scans', 'runners.distanceDonations', 'runners.scans.track', 'teams', 'teams.runners', 'teams.runners.scans', 'teams.runners.distanceDonations', 'teams.runners.scans.track'] });
-        let topOrgs = orgs.sort((org1, org2) => org1.distance - org2.distance).slice(0, 9);
+        if (!orgs || orgs.length == 0) {
            return [];
        }
        let topOrgs = orgs.sort((org1, org2) => org2.distance - org1.distance).slice(0, 10);
        let responseOrgs: ResponseStatsOrgnisation[] = new Array<ResponseStatsOrgnisation>();
        topOrgs.forEach(org => {
            responseOrgs.push(new ResponseStatsOrgnisation(org));
@@ -113,8 +157,11 @@ export class StatsController {
    @ResponseSchema(ResponseStatsOrgnisation, { isArray: true })
    @OpenAPI({ description: "Returns the top ten organizations by donations.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
    async getTopOrgsByDonations() {
-        let orgs = await getConnection().getRepository(RunnerOrganization).find({ relations: ['runners', 'runners.scans', 'runners.distanceDonations', 'runners.scans.track', 'teams', 'teams.runners', 'teams.runners.scans', 'teams.runners.distanceDonations', 'teams.runners.scans.track'] });
+        let orgs = await getConnection().getRepository(RunnerOrganization).find({ relations: ['runners', 'runners.distanceDonations', 'runners.distanceDonations.runner', 'runners.distanceDonations.runner.scans', 'runners.distanceDonations.runner.scans.track', 'teams', 'teams.runners', 'teams.runners.distanceDonations', 'teams.runners.distanceDonations.runner', 'teams.runners.distanceDonations.runner.scans', 'teams.runners.distanceDonations.runner.scans.track'] });
-        let topOrgs = orgs.sort((org1, org2) => org1.distanceDonationAmount - org2.distanceDonationAmount).slice(0, 9);
+        if (!orgs || orgs.length == 0) {
            return [];
        }
        let topOrgs = orgs.sort((org1, org2) => org2.distanceDonationAmount - org1.distanceDonationAmount).slice(0, 10);
        let responseOrgs: ResponseStatsOrgnisation[] = new Array<ResponseStatsOrgnisation>();
        topOrgs.forEach(org => {
            responseOrgs.push(new ResponseStatsOrgnisation(org));
--- a/src/controllers/UserController.ts
+++ b/src/controllers/UserController.ts
@@ -1,7 +1,7 @@
 import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
-import { UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
+import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
 import { UserGroupNotFoundError } from '../errors/UserGroupErrors';
 import { CreateUser } from '../models/actions/create/CreateUser';
 import { UpdateUser } from '../models/actions/update/UpdateUser';
@@ -66,6 +66,10 @@ export class UserController {
 	@ResponseSchema(ResponseUser)
 	@ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
 	@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
 	@ResponseSchema(PasswordMustContainUppercaseLetterError, { statusCode: 406 })
 	@ResponseSchema(PasswordMustContainLowercaseLetterError, { statusCode: 406 })
 	@ResponseSchema(PasswordMustContainNumberError, { statusCode: 406 })
 	@ResponseSchema(PasswordTooShortError, { statusCode: 406 })
 	@OpenAPI({ description: 'Create a new user. <br> If you want to grant permissions to the user you have to create them seperately by posting to /api/permissions after creating the user.' })
 	async post(@Body({ validate: true }) createUser: CreateUser) {
 		let user;
@@ -85,6 +89,10 @@ export class UserController {
 	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
 	@ResponseSchema(UserIdsNotMatchingError, { statusCode: 406 })
 	@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
 	@ResponseSchema(PasswordMustContainUppercaseLetterError, { statusCode: 406 })
 	@ResponseSchema(PasswordMustContainLowercaseLetterError, { statusCode: 406 })
 	@ResponseSchema(PasswordMustContainNumberError, { statusCode: 406 })
 	@ResponseSchema(PasswordTooShortError, { statusCode: 406 })
 	@OpenAPI({ description: "Update the user whose id you provided. <br> To change the permissions directly granted to the user please use /api/permissions instead. <br> Please remember that ids can't be changed." })
 	async put(@Param('id') id: number, @Body({ validate: true }) updateUser: UpdateUser) {
 		let oldUser = await this.userRepository.findOne({ id: id });
--- a/src/errors/UserErrors.ts
+++ b/src/errors/UserErrors.ts
@@ -71,4 +71,33 @@ export class UserDeletionNotConfirmedError extends NotAcceptableError {
 	@IsString()
 	message = "You are trying to delete a user! \n If you're sure about doing this: provide the ?force=true query param."
 }
 export class PasswordMustContainUppercaseLetterError extends NotAcceptableError {
 	@IsString()
 	name = "PasswordMustContainUppercaseLetterError"
 	@IsString()
 	message = "Passwords must contain at least one uppercase letter."
 }
 export class PasswordMustContainLowercaseLetterError extends NotAcceptableError {
 	@IsString()
 	name = "PasswordMustContainLowercaseLetterError"
 	@IsString()
 	message = "Passwords must contain at least one lowercase letter."
 }
 export class PasswordMustContainNumberError extends NotAcceptableError {
 	@IsString()
 	name = "PasswordMustContainNumberError"
 	@IsString()
 	message = "Passwords must contain at least one number."
 }
 export class PasswordTooShortError extends NotAcceptableError {
 	@IsString()
 	name = "PasswordTooShortError"
 	@IsString()
 	message = "Passwords must be at least ten characters long."
 }
--- a/src/models/actions/create/CreateDistanceDonation.ts
+++ b/src/models/actions/create/CreateDistanceDonation.ts
@@ -33,6 +33,7 @@ export class CreateDistanceDonation extends CreateDonation {
        let newDonation = new DistanceDonation;
        newDonation.amountPerDistance = this.amountPerDistance;
        newDonation.paidAmount = this.paidAmount;
        newDonation.donor = await this.getDonor();
        newDonation.runner = await this.getRunner();
--- a/src/models/actions/create/CreateDonation.ts
+++ b/src/models/actions/create/CreateDonation.ts
@@ -1,4 +1,4 @@
-import { IsInt, IsPositive } from 'class-validator';
+import { IsInt, IsOptional, IsPositive } from 'class-validator';
 import { getConnection } from 'typeorm';
 import { DonorNotFoundError } from '../../../errors/DonorErrors';
 import { Donation } from '../../entities/Donation';
@@ -16,6 +16,13 @@ export abstract class CreateDonation {
    @IsPositive()
    donor: number;
    /**
     * The donation's paid amount in the smalles unit of your currency (default: euro cent).
     */
    @IsInt()
    @IsOptional()
    paidAmount?: number;
    /**
     * Creates a new Donation entity from this.
     */
--- a/src/models/actions/create/CreateFixedDonation.ts
+++ b/src/models/actions/create/CreateFixedDonation.ts
@@ -21,6 +21,7 @@ export class CreateFixedDonation extends CreateDonation {
        let newDonation = new FixedDonation;
        newDonation.amount = this.amount;
        newDonation.paidAmount = this.paidAmount;
        newDonation.donor = await this.getDonor();
        return newDonation;
--- a/src/models/actions/create/CreateUser.ts
+++ b/src/models/actions/create/CreateUser.ts
@@ -1,9 +1,10 @@
 import * as argon2 from "argon2";
 import { passwordStrength } from "check-password-strength";
 import { IsBoolean, IsEmail, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator';
 import { getConnectionManager } from 'typeorm';
 import * as uuid from 'uuid';
 import { config } from '../../../config';
-import { UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
+import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
 import { UserGroupNotFoundError } from '../../../errors/UserGroupErrors';
 import { User } from '../../entities/User';
 import { UserGroup } from '../../entities/UserGroup';
@@ -94,7 +95,13 @@ export class CreateUser {
        if (!this.email) {
            throw new UserEmailNeededError();
        }
-        if (this.username.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }
+        if (this.username?.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }
        let password_strength = passwordStrength(this.password);
        if (!password_strength.contains.includes("uppercase")) { throw new PasswordMustContainUppercaseLetterError(); }
        if (!password_strength.contains.includes("lowercase")) { throw new PasswordMustContainLowercaseLetterError(); }
        if (!password_strength.contains.includes("number")) { throw new PasswordMustContainNumberError(); }
        if (!(password_strength.length > 9)) { throw new PasswordTooShortError(); }
        newUser.email = this.email
        newUser.username = this.username
--- a/src/models/actions/update/UpdateDistanceDonation.ts
+++ b/src/models/actions/update/UpdateDistanceDonation.ts
@@ -32,6 +32,7 @@ export class UpdateDistanceDonation extends UpdateDonation {
     */
    public async update(donation: DistanceDonation): Promise<DistanceDonation> {
        donation.amountPerDistance = this.amountPerDistance;
        donation.paidAmount = this.paidAmount;
        donation.donor = await this.getDonor();
        donation.runner = await this.getRunner();
--- a/src/models/actions/update/UpdateDonation.ts
+++ b/src/models/actions/update/UpdateDonation.ts
@@ -1,4 +1,4 @@
-import { IsInt, IsPositive } from 'class-validator';
+import { IsInt, IsOptional, IsPositive } from 'class-validator';
 import { getConnection } from 'typeorm';
 import { DonorNotFoundError } from '../../../errors/DonorErrors';
 import { Donation } from '../../entities/Donation';
@@ -23,6 +23,13 @@ export abstract class UpdateDonation {
    @IsPositive()
    donor: number;
    /**
     * The donation's paid amount in the smalles unit of your currency (default: euro cent).
     */
    @IsInt()
    @IsOptional()
    paidAmount?: number;
    /**
     * Creates a new Donation entity from this.
     */
--- a/src/models/actions/update/UpdateFixedDonation.ts
+++ b/src/models/actions/update/UpdateFixedDonation.ts
@@ -20,6 +20,7 @@ export class UpdateFixedDonation extends UpdateDonation {
     */
    public async update(donation: FixedDonation): Promise<FixedDonation> {
        donation.amount = this.amount;
        donation.paidAmount = this.paidAmount;
        donation.donor = await this.getDonor();
        return donation;
--- a/src/models/actions/update/UpdateUser.ts
+++ b/src/models/actions/update/UpdateUser.ts
@@ -1,12 +1,14 @@
 import * as argon2 from "argon2";
 import { passwordStrength } from "check-password-strength";
 import { IsBoolean, IsEmail, IsInt, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator';
 import { getConnectionManager } from 'typeorm';
 import { config } from '../../../config';
-import { UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
+import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
 import { UserGroupNotFoundError } from '../../../errors/UserGroupErrors';
 import { User } from '../../entities/User';
 import { UserGroup } from '../../entities/UserGroup';
 /**
 * This class is used to update a User entity (via put request).
 */
@@ -104,6 +106,11 @@ export class UpdateUser {
        if (this.username.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }
        if (this.password) {
            let password_strength = passwordStrength(this.password);
            if (!password_strength.contains.includes("uppercase")) { throw new PasswordMustContainUppercaseLetterError(); }
            if (!password_strength.contains.includes("lowercase")) { throw new PasswordMustContainLowercaseLetterError(); }
            if (!password_strength.contains.includes("number")) { throw new PasswordMustContainNumberError(); }
            if (!(password_strength.length > 9)) { throw new PasswordTooShortError(); }
            user.password = await argon2.hash(this.password + user.uuid);
            user.refreshTokenCount = user.refreshTokenCount + 1;
        }
--- a/src/models/entities/Donation.ts
+++ b/src/models/entities/Donation.ts
@@ -2,7 +2,7 @@ import {
  IsInt,
  IsNotEmpty
 } from "class-validator";
-import { Entity, ManyToOne, PrimaryGeneratedColumn, TableInheritance } from "typeorm";
+import { Column, Entity, ManyToOne, PrimaryGeneratedColumn, TableInheritance } from "typeorm";
 import { ResponseDonation } from '../responses/ResponseDonation';
 import { Donor } from './Donor';
@@ -34,6 +34,13 @@ export abstract class Donation {
   */
  public abstract get amount(): number;
  /**
   * The donation's paid amount in cents (or whatever your currency's smallest unit is.).
   * Used to mark donations as paid.
   */
  @Column({ nullable: true })
  @IsInt()
  paidAmount: number;
  /**
   * Turns this entity into it's response class.
--- a/src/models/entities/Donor.ts
+++ b/src/models/entities/Donor.ts
@@ -33,6 +33,15 @@ export class Donor extends Participant {
    return this.donations.reduce((sum, current) => sum + current.amount, 0);
  }
  /**
   * Returns the total paid donations of a donor based on his linked donations.
  */
  @IsInt()
  public get paidDonationAmount(): number {
    if (!this.donations) { return 0; }
    return this.donations.reduce((sum, current) => sum + current.paidAmount, 0);
  }
  /**
   * Turns this entity into it's response class.
   */
--- a/src/models/entities/RunnerGroup.ts
+++ b/src/models/entities/RunnerGroup.ts
@@ -51,6 +51,9 @@ export abstract class RunnerGroup {
  */
  @IsInt()
  public get distance(): number {
    if (!this.runners || this.runners.length == 0) {
      return 0;
    }
    return this.runners.reduce((sum, current) => sum + current.distance, 0);
  }
--- a/src/models/enums/DonationStatus.ts
+++ b/src/models/enums/DonationStatus.ts
@@ -0,0 +1,7 @@
 /**
 * This enum contains all status a donation can inherit regarding it's payment status.
 */
 export enum DonationStatus {
    OPEN = 'OPEN',
    PAID = 'PAID'
 }
--- a/src/models/enums/ResponseObjectType.ts
+++ b/src/models/enums/ResponseObjectType.ts
@@ -35,4 +35,5 @@ export enum ResponseObjectType {
    USER = 'USER',
    USERGROUP = 'USERGROUP',
    USERPERMISSIONS = 'USERPERMISSIONS',
    SELFSERVICEDONOR = 'SELFSERVICEDONOR'
 }
--- a/src/models/responses/ResponseDonation.ts
+++ b/src/models/responses/ResponseDonation.ts
@@ -1,5 +1,6 @@
 import { IsInt, IsNotEmpty, IsPositive } from "class-validator";
 import { Donation } from '../entities/Donation';
 import { DonationStatus } from '../enums/DonationStatus';
 import { ResponseObjectType } from '../enums/ResponseObjectType';
 import { IResponse } from './IResponse';
 import { ResponseDonor } from './ResponseDonor';
@@ -15,6 +16,12 @@ export class ResponseDonation implements IResponse {
    */
    responseType: ResponseObjectType = ResponseObjectType.DONATION;
    /**
    * The donation's payment status.
    * Provides you with a quick indicator of it's payment status.
    */
    status: DonationStatus;
    /**
     * The donation's id.
     */
@@ -34,6 +41,12 @@ export class ResponseDonation implements IResponse {
    @IsInt()
    amount: number;
    /**
     * The donation's paid amount in the smalles unit of your currency (default: euro cent).
     */
    @IsInt()
    paidAmount: number;
    /**
     * Creates a ResponseDonation object from a scan.
     * @param donation The donation the response shall be build for.
@@ -42,5 +55,12 @@ export class ResponseDonation implements IResponse {
        this.id = donation.id;
        this.donor = donation.donor.toResponse();
        this.amount = donation.amount;
        this.paidAmount = donation.paidAmount || 0;
        if (this.paidAmount < this.amount) {
            this.status = DonationStatus.OPEN;
        }
        else {
            this.status = DonationStatus.PAID;
        }
    }
 }
--- a/src/models/responses/ResponseDonor.ts
+++ b/src/models/responses/ResponseDonor.ts
@@ -28,6 +28,12 @@ export class ResponseDonor extends ResponseParticipant implements IResponse {
    @IsInt()
    donationAmount: number;
    /**
    * Returns the total paid donations of a donor based on his linked donations.
    */
    @IsInt()
    paidDonationAmount: number;
    /**
     * Creates a ResponseRunner object from a runner.
     * @param runner The user the response shall be build for.
@@ -36,5 +42,6 @@ export class ResponseDonor extends ResponseParticipant implements IResponse {
        super(donor);
        this.receiptNeeded = donor.receiptNeeded;
        this.donationAmount = donor.donationAmount;
        this.paidDonationAmount = donor.paidDonationAmount;
    }
 }
--- a/src/models/responses/ResponseSelfServiceDonation.ts
+++ b/src/models/responses/ResponseSelfServiceDonation.ts
@@ -2,6 +2,7 @@ import { IsInt, IsNotEmpty, IsPositive } from 'class-validator';
 import { DistanceDonation } from '../entities/DistanceDonation';
 import { ResponseObjectType } from '../enums/ResponseObjectType';
 import { IResponse } from './IResponse';
 import { ResponseSelfServiceDonor } from './ResponseSelfServiceDonor';
 /**
 * Defines the runner selfservice donation response.
@@ -18,7 +19,7 @@ export class ResponseSelfServiceDonation implements IResponse {
     * The donation's donor.
     */
    @IsNotEmpty()
-    donor: string;
+    donor: ResponseSelfServiceDonor;
    /**
     * The donation's amount in the smalles unit of your currency (default: euro cent).
@@ -35,9 +36,7 @@ export class ResponseSelfServiceDonation implements IResponse {
    amountPerDistance: number;
    public constructor(donation: DistanceDonation) {
-        if (!donation.donor.middlename) { this.donor = donation.donor.firstname + " " + donation.donor.lastname; }
+        this.donor = new ResponseSelfServiceDonor(donation.donor);
        else { this.donor = donation.donor.firstname + " " + donation.donor.middlename + " " + donation.donor.lastname; }
        this.amountPerDistance = donation.amountPerDistance;
        this.amount = donation.amount;
    }
--- a/src/models/responses/ResponseSelfServiceDonor.ts
+++ b/src/models/responses/ResponseSelfServiceDonor.ts
@@ -0,0 +1,51 @@
 import { IsInt, IsString } from "class-validator";
 import { Donor } from '../entities/Donor';
 import { ResponseObjectType } from '../enums/ResponseObjectType';
 import { IResponse } from './IResponse';
 /**
 * Defines the donor selfservice response.
 * Why? B/C runner's are not allowed to view all information available to admin users.
 */
 export class ResponseSelfServiceDonor implements IResponse {
    /**
    * The responseType.
    * This contains the type of class/entity this response contains.
    */
    responseType: ResponseObjectType = ResponseObjectType.SELFSERVICEDONOR;
    /**
     * The participant's id.
     */
    @IsInt()
    id: number;
    /**
     * The participant's first name.
     */
    @IsString()
    firstname: string;
    /**
     * The participant's middle name.
     */
    @IsString()
    middlename?: string;
    /**
     * The participant's last name.
     */
    @IsString()
    lastname: string;
    /**
     * Creates a ResponseSelfServiceDonor object from a runner.
     * @param donor The donor the response shall be build for.
     */
    public constructor(donor: Donor) {
        this.id = donor.id;
        this.firstname = donor.firstname;
        this.middlename = donor.middlename;
        this.lastname = donor.lastname;
    }
 }
--- a/src/models/responses/ResponseSelfServiceRunner.ts
+++ b/src/models/responses/ResponseSelfServiceRunner.ts
@@ -38,10 +38,10 @@ export class ResponseSelfServiceRunner extends ResponseParticipant implements IR
    group: string;
    /**
-     * The runner's associated donations.
+     * The runner's associated distance donations.
     */
    @IsString()
-    donations: ResponseSelfServiceDonation[]
+    distanceDonations: ResponseSelfServiceDonation[]
    /**
     * The runner's self-service jwt for auth.
@@ -60,7 +60,7 @@ export class ResponseSelfServiceRunner extends ResponseParticipant implements IR
        this.distance = runner.distance;
        this.donationAmount = runner.distanceDonationAmount;
        this.group = this.getTeamString(runner.group);
-        this.donations = this.getDonations(runner.distanceDonations);
+        this.distanceDonations = this.getDonations(runner.distanceDonations);
    }
    /**
--- a/src/models/responses/ResponseStatsOrganization.ts
+++ b/src/models/responses/ResponseStatsOrganization.ts
@@ -49,7 +49,15 @@ export class ResponseStatsOrgnisation implements IResponse {
    public constructor(org: RunnerOrganization) {
        this.name = org.name;
        this.id = org.id;
-        this.distance = org.distance;
+        try {
-        this.donationAmount = org.distanceDonationAmount;
+            this.distance = org.distance;
        } catch {
            this.distance = -1;
        }
        try {
            this.donationAmount = org.distanceDonationAmount;
        } catch {
            this.donationAmount = -1;
        }
    }
 }
--- a/src/models/responses/ResponseStatsRunner.ts
+++ b/src/models/responses/ResponseStatsRunner.ts
@@ -1,6 +1,7 @@
 import {
    IsInt,
    IsObject,
    IsOptional,
    IsString
 } from "class-validator";
 import { Runner } from '../entities/Runner';
@@ -55,6 +56,13 @@ export class ResponseStatsRunner implements IResponse {
    @IsInt()
    donationAmount: number;
    /**
     * The runner's fastest laptime in seconds.
     */
    @IsInt()
    @IsOptional()
    minLaptime?: number;
    /**
     * The runner's group.
     */
@@ -65,13 +73,28 @@ export class ResponseStatsRunner implements IResponse {
     * Creates a new runner stats response from a runner
     * @param runner The runner whoes response shall be generated - the following relations have to be resolved: scans, group, distanceDonations, scans.track
     */
-    public constructor(runner: Runner) {
+    public constructor(runner: Runner, laptime?: number) {
        this.id = runner.id;
        this.firstname = runner.firstname;
-        this.middlename = runner.middlename;
+        if (runner.firstname) {
            this.middlename = runner.middlename;
        }
        this.lastname = runner.lastname;
-        this.distance = runner.distance;
+        try {
-        this.donationAmount = runner.distanceDonationAmount;
+            this.distance = runner.distance;
        }
        catch {
            this.distance = -1;
        }
        try {
            this.donationAmount = runner.distanceDonationAmount;
        }
        catch {
            this.donationAmount = -1;
        }
        if (laptime) {
            this.minLaptime = laptime;
        }
        this.group = runner.group.toResponse();
    }
 }
--- a/src/models/responses/ResponseStatsTeam.ts
+++ b/src/models/responses/ResponseStatsTeam.ts
@@ -57,7 +57,15 @@ export class ResponseStatsTeam implements IResponse {
        this.name = team.name;
        this.id = team.id;
        this.parent = team.parentGroup.toResponse();
-        this.distance = team.distance;
+        try {
-        this.donationAmount = team.distanceDonationAmount;
+            this.distance = team.distance;
        } catch {
            this.distance = -1;
        }
        try {
            this.donationAmount = team.distanceDonationAmount;
        } catch {
            this.donationAmount = -1;
        }
    }
 }
--- a/src/seeds/SeedUsers.ts
+++ b/src/seeds/SeedUsers.ts
@@ -1,14 +1,14 @@
 import * as argon2 from "argon2";
 import { Connection } from 'typeorm';
 import { Factory, Seeder } from 'typeorm-seeding';
 import * as uuid from 'uuid';
 import { CreatePermission } from '../models/actions/create/CreatePermission';
 import { CreateUser } from '../models/actions/create/CreateUser';
 import { CreateUserGroup } from '../models/actions/create/CreateUserGroup';
 import { Permission } from '../models/entities/Permission';
 import { User } from '../models/entities/User';
 import { UserGroup } from '../models/entities/UserGroup';
 import { PermissionAction } from '../models/enums/PermissionAction';
 import { PermissionTarget } from '../models/enums/PermissionTargets';
 /**
 * Seeds a admin group with a demo user into the database for initial setup and auto recovery.
 * We know that the nameing isn't perfectly fitting. Feel free to change it.
@@ -16,7 +16,7 @@ import { PermissionTarget } from '../models/enums/PermissionTargets';
 export default class SeedUsers implements Seeder {
    public async run(factory: Factory, connection: Connection): Promise<any> {
        let adminGroup: UserGroup = await this.createAdminGroup(connection);
-        await this.createUser(connection, adminGroup.id);
+        await this.createUser(connection, adminGroup);
        await this.createPermissions(connection, adminGroup.id);
    }
@@ -27,15 +27,16 @@ export default class SeedUsers implements Seeder {
        return await connection.getRepository(UserGroup).save(await adminGroup.toEntity());
    }
-    public async createUser(connection: Connection, group: number) {
+    public async createUser(connection: Connection, group: UserGroup) {
-        let initialUser = new CreateUser();
+        let initialUser = new User();
        initialUser.firstname = "demo";
        initialUser.lastname = "demo";
        initialUser.username = "demo";
-        initialUser.password = "demo";
+        initialUser.uuid = uuid.v4();
        initialUser.password = await argon2.hash("demo" + initialUser.uuid);
        initialUser.email = "demo@dev.lauf-fuer-kaya.de"
-        initialUser.groups = group;
+        initialUser.groups = [group];
-        return await connection.getRepository(User).save(await initialUser.toEntity());
+        return await connection.getRepository(User).save(initialUser);
    }
    public async createPermissions(connection: Connection, principal: number) {
--- a/src/tests/auth/auth_login.spec.ts
+++ b/src/tests/auth/auth_login.spec.ts
@@ -5,6 +5,7 @@ const base = "http://localhost:" + config.internal_port
 let axios_config;
 beforeAll(async () => {
    jest.setTimeout(20000);
    axios_config = {
        validateStatus: undefined
    };
--- a/src/tests/auth/auth_logout.spec.ts
+++ b/src/tests/auth/auth_logout.spec.ts
@@ -8,14 +8,15 @@ const axios_config = {
 };;
 beforeAll(async () => {
    jest.setTimeout(20000);
    const res_login = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    await axios.post(base + '/api/users', {
-        "firstname": "demo_logout",
+        "firstname": "demo_logoutASD123",
-        "middlename": "demo_logout",
+        "middlename": "demo_logoutASD123",
-        "lastname": "demo_logout",
+        "lastname": "demo_logoutASD123",
-        "username": "demo_logout",
+        "username": "demo_logoutASD123",
-        "password": "demo_logout",
+        "password": "demo_logoutASD123",
-        "email": "demo_logout@dev.lauf-fuer-kaya.de"
+        "email": "demo_logoutASD123@dev.lauf-fuer-kaya.de"
    }, {
        headers: { "authorization": "Bearer " + res_login.data["access_token"] },
        validateStatus: undefined
@@ -25,7 +26,7 @@ beforeAll(async () => {
 describe('POST /api/auth/logout valid', () => {
    let refresh_coookie;
    it('valid logout with token in cookie should return 200', async () => {
-        const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logout", password: "demo_logout" });
+        const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logoutASD123", password: "demo_logoutASD123" });
        refresh_coookie = res_login.headers["set-cookie"];
        const res = await axios.post(base + '/api/auth/logout', null, {
            headers: { "Cookie": refresh_coookie },
@@ -34,7 +35,7 @@ describe('POST /api/auth/logout valid', () => {
        expect(res.status).toEqual(200);
    });
    it('valid logout with token in body should return 200', async () => {
-        const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logout", password: "demo_logout" });
+        const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logoutASD123", password: "demo_logoutASD123" });
        const res = await axios.post(base + '/api/auth/logout', { token: res_login.data["refresh_token"] }, axios_config);
        expect(res.status).toEqual(200);
    });
--- a/src/tests/auth/auth_refresh.spec.ts
+++ b/src/tests/auth/auth_refresh.spec.ts
@@ -8,14 +8,15 @@ const axios_config = {
 };;
 beforeAll(async () => {
    jest.setTimeout(20000);
    const res_login = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    await axios.post(base + '/api/users', {
-        "firstname": "demo_refresh",
+        "firstname": "demo_refreshASD312",
-        "middlename": "demo_refresh",
+        "middlename": "demo_refreshASD312",
-        "lastname": "demo_refresh",
+        "lastname": "demo_refreshASD312",
-        "username": "demo_refresh",
+        "username": "demo_refreshASD312",
-        "password": "demo_refresh",
+        "password": "demo_refreshASD312",
-        "email": "demo_refresh@dev.lauf-fuer-kaya.de"
+        "email": "demo_refreshASD312@dev.lauf-fuer-kaya.de"
    }, {
        headers: { "authorization": "Bearer " + res_login.data["access_token"] },
        validateStatus: undefined
@@ -24,7 +25,7 @@ beforeAll(async () => {
 describe('POST /api/auth/refresh valid', () => {
    it('valid refresh with token in cookie should return 200', async () => {
-        const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refresh", password: "demo_refresh" });
+        const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refreshASD312", password: "demo_refreshASD312" });
        const res = await axios.post(base + '/api/auth/refresh', null, {
            headers: { "Cookie": res_login.headers["set-cookie"] },
            validateStatus: undefined
@@ -32,7 +33,7 @@ describe('POST /api/auth/refresh valid', () => {
        expect(res.status).toEqual(200);
    });
    it('valid refresh with token in body should return 200', async () => {
-        const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refresh", password: "demo_refresh" });
+        const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refreshASD312", password: "demo_refreshASD312" });
        const res = await axios.post(base + '/api/auth/refresh', { token: res_login.data["refresh_token"] }, axios_config);
        expect(res.status).toEqual(200);
    });
--- a/src/tests/auth/auth_reset.spec.ts
+++ b/src/tests/auth/auth_reset.spec.ts
@@ -8,25 +8,26 @@ const axios_config = {
 };;
 beforeAll(async () => {
    jest.setTimeout(20000);
    const res_login = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    await axios.post(base + '/api/users', {
-        "firstname": "demo_reset",
+        "firstname": "demo_resetASD312",
-        "middlename": "demo_reset",
+        "middlename": "demo_resetASD312",
-        "lastname": "demo_reset",
+        "lastname": "demo_resetASD312",
-        "username": "demo_reset",
+        "username": "demo_resetASD312",
-        "password": "demo_reset",
+        "password": "demo_resetASD312",
-        "email": "demo_reset1@dev.lauf-fuer-kaya.de"
+        "email": "demo_resetASD3121@dev.lauf-fuer-kaya.de"
    }, {
        headers: { "authorization": "Bearer " + res_login.data["access_token"] },
        validateStatus: undefined
    });
    await axios.post(base + '/api/users', {
-        "firstname": "demo_reset2",
+        "firstname": "demo_resetASD3122",
-        "middlename": "demo_reset2",
+        "middlename": "demo_resetASD3122",
-        "lastname": "demo_reset2",
+        "lastname": "demo_resetASD3122",
-        "username": "demo_reset2",
+        "username": "demo_resetASD3122",
-        "password": "demo_reset2",
+        "password": "demo_resetASD3122",
-        "email": "demo_reset2@dev.lauf-fuer-kaya.de"
+        "email": "demo_resetASD3122@dev.lauf-fuer-kaya.de"
    }, {
        headers: { "authorization": "Bearer " + res_login.data["access_token"] },
        validateStatus: undefined
@@ -36,7 +37,7 @@ beforeAll(async () => {
 describe('POST /api/auth/reset valid', () => {
    let reset_token;
    it('valid reset token request should return 200 (500 w/o correct auth)', async () => {
-        const res1 = await axios.post(base + '/api/auth/reset', { email: "demo_reset1@dev.lauf-fuer-kaya.de" }, axios_config);
+        const res1 = await axios.post(base + '/api/auth/reset', { email: "demo_resetASD3121@dev.lauf-fuer-kaya.de" }, axios_config);
        reset_token = res1.data.resetToken;
        expect(res1.status).toEqual(200);
    });
@@ -44,8 +45,8 @@ describe('POST /api/auth/reset valid', () => {
 // ---------------
 describe('POST /api/auth/reset invalid requests', () => {
    it('request another password reset before the timeout should return 406', async () => {
-        const res1 = await axios.post(base + '/api/auth/reset', { email: "demo_reset2@dev.lauf-fuer-kaya.de" }, axios_config);
+        const res1 = await axios.post(base + '/api/auth/reset', { email: "demo_resetASD3122@dev.lauf-fuer-kaya.de" }, axios_config);
-        const res2 = await axios.post(base + '/api/auth/reset', { email: "demo_reset2@dev.lauf-fuer-kaya.de" }, axios_config);
+        const res2 = await axios.post(base + '/api/auth/reset', { email: "demo_resetASD3122@dev.lauf-fuer-kaya.de" }, axios_config);
        expect(res2.status).toEqual(406);
    });
 });
--- a/src/tests/cards/cards_add.spec.ts
+++ b/src/tests/cards/cards_add.spec.ts
@@ -1,174 +1,186 @@
-import axios from 'axios';
+import axios from 'axios';
-import { config } from '../../config';
+import { config } from '../../config';
-const base = "http://localhost:" + config.internal_port
+const base = "http://localhost:" + config.internal_port
-
+
-let access_token;
+let access_token;
-let axios_config;
+let axios_config;
-
+
-beforeAll(async () => {
+beforeAll(async () => {
-	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
+	jest.setTimeout(20000);
-	access_token = res.data["access_token"];
+	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
-	axios_config = {
+	access_token = res.data["access_token"];
-		headers: { "authorization": "Bearer " + access_token },
+	axios_config = {
-		validateStatus: undefined
+		headers: { "authorization": "Bearer " + access_token },
-	};
+		validateStatus: undefined
-});
+	};
-
+});
-
+
-describe('POST /api/cards illegally', () => {
+
-	it('non-existant runner input should return 404', async () => {
+describe('POST /api/cards illegally', () => {
-		const res = await axios.post(base + '/api/cards', {
+	it('non-existant runner input should return 404', async () => {
-			"runner": 999999999999999999999999
+		const res = await axios.post(base + '/api/cards', {
-		}, axios_config);
+			"runner": 999999999999999999999999
-		expect(res.status).toEqual(404);
+		}, axios_config);
-		expect(res.headers['content-type']).toContain("application/json")
+		expect(res.status).toEqual(404);
-	});
+		expect(res.headers['content-type']).toContain("application/json")
-});
+	});
-// ---------------
+});
-describe('POST /api/cards successfully (without runner)', () => {
+// ---------------
-	it('creating a card with the minimum amount of parameters should return 200', async () => {
+describe('POST /api/cards successfully (without runner)', () => {
-		const res = await axios.post(base + '/api/cards', null, axios_config);
+	it('creating a card with the minimum amount of parameters should return 200', async () => {
-		expect(res.status).toEqual(200);
+		const res = await axios.post(base + '/api/cards', null, axios_config);
-		expect(res.headers['content-type']).toContain("application/json");
+		expect(res.status).toEqual(200);
-		delete res.data.id;
+		expect(res.headers['content-type']).toContain("application/json");
-		delete res.data.code;
+		delete res.data.id;
-		expect(res.data).toEqual({
+		delete res.data.code;
-			"runner": null,
+		expect(res.data).toEqual({
-			"enabled": true,
+			"runner": null,
-			"responseType": "RUNNERCARD"
+			"enabled": true,
-		});
+			"responseType": "RUNNERCARD"
-	});
+		});
-	it('creating a disabled card should return 200', async () => {
+	});
-		const res = await axios.post(base + '/api/cards', {
+	it('creating a disabled card should return 200', async () => {
-			"enabled": false
+		const res = await axios.post(base + '/api/cards', {
-		}, axios_config);
+			"enabled": false
-		expect(res.status).toEqual(200);
+		}, axios_config);
-		expect(res.headers['content-type']).toContain("application/json");
+		expect(res.status).toEqual(200);
-		delete res.data.id;
+		expect(res.headers['content-type']).toContain("application/json");
-		delete res.data.code;
+		delete res.data.id;
-		expect(res.data).toEqual({
+		delete res.data.code;
-			"runner": null,
+		expect(res.data).toEqual({
-			"enabled": false,
+			"runner": null,
-			"responseType": "RUNNERCARD"
+			"enabled": false,
-		});
+			"responseType": "RUNNERCARD"
-	});
+		});
-	it('creating a enabled card should return 200', async () => {
+	});
-		const res = await axios.post(base + '/api/cards', {
+	it('creating a enabled card should return 200', async () => {
-			"enabled": true
+		const res = await axios.post(base + '/api/cards', {
-		}, axios_config);
+			"enabled": true
-		expect(res.status).toEqual(200);
+		}, axios_config);
-		expect(res.headers['content-type']).toContain("application/json");
+		expect(res.status).toEqual(200);
-		delete res.data.id;
+		expect(res.headers['content-type']).toContain("application/json");
-		delete res.data.code;
+		delete res.data.id;
-		expect(res.data).toEqual({
+		delete res.data.code;
-			"runner": null,
+		expect(res.data).toEqual({
-			"enabled": true,
+			"runner": null,
-			"responseType": "RUNNERCARD"
+			"enabled": true,
-		});
+			"responseType": "RUNNERCARD"
-	});
+		});
-});
+	});
-// ---------------
+});
-describe('POST /api/cards successfully (with runner)', () => {
+// ---------------
-	let added_org;
+describe('POST /api/cards successfully (with runner)', () => {
-	let added_runner;
+	let added_org;
-	it('creating a new org with just a name should return 200', async () => {
+	let added_runner;
-		const res1 = await axios.post(base + '/api/organizations', {
+	it('creating a new org with just a name should return 200', async () => {
-			"name": "test123"
+		const res1 = await axios.post(base + '/api/organizations', {
-		}, axios_config);
+			"name": "test123"
-		added_org = res1.data
+		}, axios_config);
-		expect(res1.status).toEqual(200);
+		added_org = res1.data
-		expect(res1.headers['content-type']).toContain("application/json")
+		expect(res1.status).toEqual(200);
-	});
+		expect(res1.headers['content-type']).toContain("application/json")
-	it('creating a new runner with only needed params should return 200', async () => {
+	});
-		const res2 = await axios.post(base + '/api/runners', {
+	it('creating a new runner with only needed params should return 200', async () => {
-			"firstname": "first",
+		const res2 = await axios.post(base + '/api/runners', {
-			"lastname": "last",
+			"firstname": "first",
-			"group": added_org.id
+			"lastname": "last",
-		}, axios_config);
+			"group": added_org.id
-		delete res2.data.group;
+		}, axios_config);
-		added_runner = res2.data;
+		added_runner = res2.data;
-		expect(res2.status).toEqual(200);
+		expect(res2.status).toEqual(200);
-		expect(res2.headers['content-type']).toContain("application/json")
+		expect(res2.headers['content-type']).toContain("application/json")
-	});
+	});
-	it('creating a card with the minimum amount of parameters should return 200', async () => {
+	it('creating a card with the minimum amount of parameters should return 200', async () => {
-		const res = await axios.post(base + '/api/cards', {
+		const res = await axios.post(base + '/api/cards', {
-			"runner": added_runner.id
+			"runner": added_runner.id
-		}, axios_config);
+		}, axios_config);
-		expect(res.status).toEqual(200);
+		expect(res.status).toEqual(200);
-		expect(res.headers['content-type']).toContain("application/json");
+		expect(res.headers['content-type']).toContain("application/json");
-		delete res.data.id;
+		delete res.data.id;
-		delete res.data.code;
+		delete res.data.code;
-		expect(res.data).toEqual({
+		expect(res.data).toEqual({
-			"runner": added_runner,
+			"runner": added_runner,
-			"enabled": true,
+			"enabled": true,
-			"responseType": "RUNNERCARD"
+			"responseType": "RUNNERCARD"
-		});
+		});
-	});
+	});
-	it('creating a card with runner (no optional params) should return 200', async () => {
+	it('creating a card with runner (no optional params) should return 200', async () => {
-		const res = await axios.post(base + '/api/cards', {
+		const res = await axios.post(base + '/api/cards', {
-			"runner": added_runner.id
+			"runner": added_runner.id
-		}, axios_config);
+		}, axios_config);
-		expect(res.status).toEqual(200);
+		expect(res.status).toEqual(200);
-		expect(res.headers['content-type']).toContain("application/json");
+		expect(res.headers['content-type']).toContain("application/json");
-		delete res.data.id;
+		delete res.data.id;
-		delete res.data.code;
+		delete res.data.code;
-		expect(res.data).toEqual({
+		expect(res.data).toEqual({
-			"runner": added_runner,
+			"runner": added_runner,
-			"enabled": true,
+			"enabled": true,
-			"responseType": "RUNNERCARD"
+			"responseType": "RUNNERCARD"
-		});
+		});
-	});
+	});
-	it('creating a enabled card with runner should return 200', async () => {
+	it('creating a enabled card with runner should return 200', async () => {
-		const res = await axios.post(base + '/api/cards', {
+		const res = await axios.post(base + '/api/cards', {
-			"runner": added_runner.id,
+			"runner": added_runner.id,
-			"enabled": true
+			"enabled": true
-		}, axios_config);
+		}, axios_config);
-		expect(res.status).toEqual(200);
+		expect(res.status).toEqual(200);
-		expect(res.headers['content-type']).toContain("application/json");
+		expect(res.headers['content-type']).toContain("application/json");
-		delete res.data.id;
+		delete res.data.id;
-		delete res.data.code;
+		delete res.data.code;
-		expect(res.data).toEqual({
+		expect(res.data).toEqual({
-			"runner": added_runner,
+			"runner": added_runner,
-			"enabled": true,
+			"enabled": true,
-			"responseType": "RUNNERCARD"
+			"responseType": "RUNNERCARD"
-		});
+		});
-	});
+	});
-	it('creating a disabled card with runner should return 200', async () => {
+	it('creating a disabled card with runner should return 200', async () => {
-		const res = await axios.post(base + '/api/cards', {
+		const res = await axios.post(base + '/api/cards', {
-			"runner": added_runner.id,
+			"runner": added_runner.id,
-			"enabled": false
+			"enabled": false
-		}, axios_config);
+		}, axios_config);
-		expect(res.status).toEqual(200);
+		expect(res.status).toEqual(200);
-		expect(res.headers['content-type']).toContain("application/json");
+		expect(res.headers['content-type']).toContain("application/json");
-		delete res.data.id;
+		delete res.data.id;
-		delete res.data.code;
+		delete res.data.code;
-		expect(res.data).toEqual({
+		expect(res.data).toEqual({
-			"runner": added_runner,
+			"runner": added_runner,
-			"enabled": false,
+			"enabled": false,
-			"responseType": "RUNNERCARD"
+			"responseType": "RUNNERCARD"
-		});
+		});
-	});
+	});
-});
+});
-// ---------------
+// ---------------
-describe('POST /api/cards/bulk successfully', () => {
+describe('POST /api/cards/bulk successfully', () => {
-	it('creating a single new bulk card should return 200', async () => {
+	it('creating a single new bulk card should return 200', async () => {
-		const res = await axios.post(base + '/api/cards/bulk?count=1', {}, axios_config);
+		const res = await axios.post(base + '/api/cards/bulk?count=1', {}, axios_config);
-		expect(res.status).toEqual(200);
+		expect(res.status).toEqual(200);
-		expect(res.headers['content-type']).toContain("application/json");
+		expect(res.headers['content-type']).toContain("application/json");
-	});
+	});
-	it('creating 50 new bulk card should return 200', async () => {
+	it('creating a single new bulk card and letting the system return it should return 200', async () => {
-		const res = await axios.post(base + '/api/cards/bulk?count=50', {}, axios_config);
+		const res = await axios.post(base + '/api/cards/bulk?count=1&returnCards=true', {}, axios_config);
-		expect(res.status).toEqual(200);
+		expect(res.status).toEqual(200);
-		expect(res.headers['content-type']).toContain("application/json");
+		expect(res.headers['content-type']).toContain("application/json");
-	});
+		expect(res.data[0].id).toBeDefined();
-	it('creating 250 new bulk card should return 200', async () => {
+	});
-		const res = await axios.post(base + '/api/cards/bulk?count=250', {}, axios_config);
+	it('creating 50 new bulk card should return 200', async () => {
-		expect(res.status).toEqual(200);
+		const res = await axios.post(base + '/api/cards/bulk?count=50', {}, axios_config);
-		expect(res.headers['content-type']).toContain("application/json");
+		expect(res.status).toEqual(200);
-	});
+		expect(res.headers['content-type']).toContain("application/json");
-	it('creating 2000 new bulk card should return 200', async () => {
+	});
-		const res = await axios.post(base + '/api/cards/bulk?count=2000', {}, axios_config);
+	it('creating 50 new bulk cards and letting the system return it should return 200', async () => {
-		expect(res.status).toEqual(200);
+		const res = await axios.post(base + '/api/cards/bulk?count=50&returnCards=true', {}, axios_config);
-		expect(res.headers['content-type']).toContain("application/json");
+		expect(res.status).toEqual(200);
-	});
+		expect(res.headers['content-type']).toContain("application/json");
 		expect(res.data.length).toEqual(50);
 	});
 	it('creating 250 new bulk card should return 200', async () => {
 		const res = await axios.post(base + '/api/cards/bulk?count=250', {}, axios_config);
 		expect(res.status).toEqual(200);
 		expect(res.headers['content-type']).toContain("application/json");
 	});
 	it('creating 2000 new bulk card should return 200', async () => {
 		const res = await axios.post(base + '/api/cards/bulk?count=2000', {}, axios_config);
 		expect(res.status).toEqual(200);
 		expect(res.headers['content-type']).toContain("application/json");
 	});
 });
--- a/src/tests/cards/cards_delete.spec.ts
+++ b/src/tests/cards/cards_delete.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
 	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/cards/cards_get.spec.ts
+++ b/src/tests/cards/cards_get.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
 	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/cards/cards_update.spec.ts
+++ b/src/tests/cards/cards_update.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
 	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
@@ -63,7 +64,6 @@ describe('adding + updating card.runner successfully', () => {
 			"lastname": "last",
 			"group": added_org.id
 		}, axios_config);
 		delete res2.data.group;
 		added_runner = res2.data;
 		expect(res2.status).toEqual(200);
 		expect(res2.headers['content-type']).toContain("application/json")
@@ -74,7 +74,6 @@ describe('adding + updating card.runner successfully', () => {
 			"lastname": "last",
 			"group": added_org.id
 		}, axios_config);
 		delete res2.data.group;
 		added_runner2 = res2.data;
 		expect(res2.status).toEqual(200);
 		expect(res2.headers['content-type']).toContain("application/json")
--- a/src/tests/contacts/contact_add.spec.ts
+++ b/src/tests/contacts/contact_add.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/contacts/contact_delete.spec.ts
+++ b/src/tests/contacts/contact_delete.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/contacts/contact_get.spec.ts
+++ b/src/tests/contacts/contact_get.spec.ts
@@ -5,6 +5,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/contacts/contact_update.spec.ts
+++ b/src/tests/contacts/contact_update.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/donations/donations_add.spec.ts
+++ b/src/tests/donations/donations_add.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
 	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
@@ -169,7 +170,7 @@ describe('POST /api/donations/fixed successfully', () => {
 		expect(res.status).toEqual(200);
 		expect(res.headers['content-type']).toContain("application/json")
 	});
-	it('creating a new fixed donation should return 200', async () => {
+	it('creating a new fixed donation with more params should return 200', async () => {
 		const res = await axios.post(base + '/api/donations/fixed', {
 			"donor": added_donor.id,
 			"amount": 1000
@@ -180,6 +181,25 @@ describe('POST /api/donations/fixed successfully', () => {
 		expect(res.data).toEqual({
 			"donor": added_donor,
 			"amount": 1000,
 			"paidAmount": 0,
 			"status": "OPEN",
 			"responseType": "DONATION"
 		});
 	});
 	it('creating a new fixed donation with all params should return 200', async () => {
 		const res = await axios.post(base + '/api/donations/fixed', {
 			"donor": added_donor.id,
 			"amount": 1000,
 			"paidAmount": 1000
 		}, axios_config);
 		delete res.data.id;
 		expect(res.status).toEqual(200);
 		expect(res.headers['content-type']).toContain("application/json");
 		expect(res.data).toEqual({
 			"donor": added_donor,
 			"amount": 1000,
 			"paidAmount": 1000,
 			"status": "PAID",
 			"responseType": "DONATION"
 		});
 	});
@@ -218,7 +238,7 @@ describe('POST /api/donations/distance successfully', () => {
 		expect(res.status).toEqual(200);
 		expect(res.headers['content-type']).toContain("application/json")
 	});
-	it('creating a new fixed donation should return 200', async () => {
+	it('creating a new distance donation with most params should return 200', async () => {
 		const res = await axios.post(base + '/api/donations/distance', {
 			"runner": added_runner.id,
 			"amountPerDistance": 100,
@@ -232,6 +252,28 @@ describe('POST /api/donations/distance successfully', () => {
 			"amountPerDistance": 100,
 			"runner": added_runner,
 			"amount": 0,
 			"paidAmount": 0,
 			"status": "PAID",
 			"responseType": "DISTANCEDONATION"
 		})
 	});
 	it('creating a new distance donation with all params should return 200', async () => {
 		const res = await axios.post(base + '/api/donations/distance', {
 			"runner": added_runner.id,
 			"amountPerDistance": 100,
 			"donor": added_donor.id,
 			"paidAmount": 1000
 		}, axios_config);
 		delete res.data.id;
 		expect(res.status).toEqual(200);
 		expect(res.headers['content-type']).toContain("application/json");
 		expect(res.data).toEqual({
 			"donor": added_donor,
 			"amountPerDistance": 100,
 			"runner": added_runner,
 			"amount": 0,
 			"paidAmount": 1000,
 			"status": "PAID",
 			"responseType": "DISTANCEDONATION"
 		})
 	});
--- a/src/tests/donations/donations_delete.spec.ts
+++ b/src/tests/donations/donations_delete.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
 	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/donations/donations_get.spec.ts
+++ b/src/tests/donations/donations_get.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
 	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/donations/donations_update.spec.ts
+++ b/src/tests/donations/donations_update.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
 	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
@@ -212,6 +213,17 @@ describe('adding + updating fixed donation valid', () => {
 		expect(res.headers['content-type']).toContain("application/json");
 		expect(res.data.amount).toEqual(42);
 	});
 	it('updating paidAmount should return 200', async () => {
 		const res = await axios.put(base + '/api/donations/fixed/' + added_donation.id, {
 			"id": added_donation.id,
 			"donor": added_donor.id,
 			"amount": 42,
 			"paidAmount": 10
 		}, axios_config);
 		expect(res.status).toEqual(200);
 		expect(res.headers['content-type']).toContain("application/json");
 		expect(res.data.paidAmount).toEqual(10);
 	});
 	it('updating donor should return 200', async () => {
 		const res = await axios.put(base + '/api/donations/fixed/' + added_donation.id, {
 			"id": added_donation.id,
@@ -316,6 +328,19 @@ describe('adding + updating distance donation valid', () => {
 		expect(res.headers['content-type']).toContain("application/json");
 		expect(res.data.amountPerDistance).toEqual(69);
 	});
 	it('updating paidAmount should return 200', async () => {
 		const res = await axios.put(base + '/api/donations/distance/' + added_donation.id, {
 			"id": added_donation.id,
 			"runner": added_runner.id,
 			"amountPerDistance": 69,
 			"donor": added_donor.id,
 			"paidAmount": 10
 		}, axios_config);
 		delete res.data.donor.donationAmount;
 		expect(res.status).toEqual(200);
 		expect(res.headers['content-type']).toContain("application/json");
 		expect(res.data.paidAmount).toEqual(10);
 	});
 	it('updating runner should return 200', async () => {
 		const res = await axios.put(base + '/api/donations/distance/' + added_donation.id, {
 			"id": added_donation.id,
--- a/src/tests/donors/donor_add.spec.ts
+++ b/src/tests/donors/donor_add.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/donors/donor_delete.spec.ts
+++ b/src/tests/donors/donor_delete.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/donors/donor_get.spec.ts
+++ b/src/tests/donors/donor_get.spec.ts
@@ -5,6 +5,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/donors/donor_update.spec.ts
+++ b/src/tests/donors/donor_update.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/runnerOrgs/org_add.spec.ts
+++ b/src/tests/runnerOrgs/org_add.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/runnerOrgs/org_delete.spec.ts
+++ b/src/tests/runnerOrgs/org_delete.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
@@ -15,7 +16,7 @@ beforeAll(async () => {
 });
 // ---------------
-describe('adding + deletion (non-existant)', () => {
+describe('deletion (non-existant)', () => {
    it('delete', async () => {
        const res2 = await axios.delete(base + '/api/organizations/0', axios_config);
        expect(res2.status).toEqual(204);
--- a/src/tests/runnerOrgs/org_get.spec.ts
+++ b/src/tests/runnerOrgs/org_get.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/runnerOrgs/org_update.spec.ts
+++ b/src/tests/runnerOrgs/org_update.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/runnerTeams/team_add.spec.ts
+++ b/src/tests/runnerTeams/team_add.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/runnerTeams/team_delete.spec.ts
+++ b/src/tests/runnerTeams/team_delete.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/runnerTeams/team_get.spec.ts
+++ b/src/tests/runnerTeams/team_get.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/runnerTeams/team_update.spec.ts
+++ b/src/tests/runnerTeams/team_update.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/runners/runner_add.spec.ts
+++ b/src/tests/runners/runner_add.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/runners/runner_delete.spec.ts
+++ b/src/tests/runners/runner_delete.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/runners/runner_get.spec.ts
+++ b/src/tests/runners/runner_get.spec.ts
@@ -5,6 +5,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/runners/runner_update.spec.ts
+++ b/src/tests/runners/runner_update.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/scans/scans_add.spec.ts
+++ b/src/tests/scans/scans_add.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
 	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/scans/scans_delete.spec.ts
+++ b/src/tests/scans/scans_delete.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
 	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/scans/scans_get.spec.ts
+++ b/src/tests/scans/scans_get.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
 	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/scans/scans_update.spec.ts
+++ b/src/tests/scans/scans_update.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
 	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/scanstations/scanstations_add.spec.ts
+++ b/src/tests/scanstations/scanstations_add.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
 	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/scanstations/scanstations_delete.spec.ts
+++ b/src/tests/scanstations/scanstations_delete.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
 	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/scanstations/scanstations_get.spec.ts
+++ b/src/tests/scanstations/scanstations_get.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
 	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/scanstations/scanstations_update.spec.ts
+++ b/src/tests/scanstations/scanstations_update.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
 	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/selfservice/selfservice_delete.spec.ts
+++ b/src/tests/selfservice/selfservice_delete.spec.ts
@@ -0,0 +1,66 @@
 import axios from 'axios';
 import { config } from '../../config';
 const base = "http://localhost:" + config.internal_port
 let access_token;
 let axios_config;
 beforeAll(async () => {
    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
        headers: { "authorization": "Bearer " + access_token },
        validateStatus: undefined
    };
 });
 // ---------------
 describe('delete selfservice runner invalid', () => {
    let added_runner;
    it('registering as citizen with minimal params should return 200', async () => {
        const res = await axios.post(base + '/api/runners/register', {
            "firstname": "string",
            "lastname": "string",
            "email": "user@example.com"
        }, axios_config);
        added_runner = res.data;
        expect(res.status).toEqual(200);
        expect(res.headers['content-type']).toContain("application/json");
    });
    it('delete with valid jwt should return 200', async () => {
        const res = await axios.delete(base + '/api/runners/me/' + added_runner.token, axios_config);
        expect(res.status).toEqual(200);
        expect(res.headers['content-type']).toContain("application/json");
    });
    it('delete with valid jwt but non-existant runner should return 200', async () => {
        const res = await axios.delete(base + '/api/runners/me/' + added_runner.token, axios_config);
        expect(res.status).toEqual(404);
        expect(res.headers['content-type']).toContain("application/json");
    });
    it('delete with invalid jwt should return 401', async () => {
        const res = await axios.delete(base + '/api/runners/me/123.123', axios_config);
        expect(res.status).toEqual(401);
        expect(res.headers['content-type']).toContain("application/json");
    });
 });
 // ---------------
 describe('delete selfservice runner valid', () => {
    let added_runner;
    it('registering as citizen with minimal params should return 200', async () => {
        const res = await axios.post(base + '/api/runners/register', {
            "firstname": "string",
            "lastname": "string",
            "email": "user@example.com"
        }, axios_config);
        added_runner = res.data;
        expect(res.status).toEqual(200);
        expect(res.headers['content-type']).toContain("application/json");
    });
    it('delete with valid jwt should return 200', async () => {
        const res = await axios.delete(base + '/api/runners/me/' + added_runner.token, axios_config);
        expect(res.status).toEqual(200);
        expect(res.headers['content-type']).toContain("application/json");
        delete added_runner.token;
        expect(res.data).toEqual(added_runner);
    });
 });
--- a/src/tests/selfservice/selfservice_forgotten.spec.ts
+++ b/src/tests/selfservice/selfservice_forgotten.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/selfservice/selfservice_get.spec.ts
+++ b/src/tests/selfservice/selfservice_get.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/selfservice/selfservice_org.spec.ts
+++ b/src/tests/selfservice/selfservice_org.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/selfservice/selfservice_register.spec.ts
+++ b/src/tests/selfservice/selfservice_register.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
--- a/src/tests/stats/stats_get.spec.ts
+++ b/src/tests/stats/stats_get.spec.ts
@@ -0,0 +1,89 @@
 import axios from 'axios';
 import { config } from '../../config';
 const base = "http://localhost:" + config.internal_port
 let axios_config_full;
 let axios_config_stats;
 beforeAll(async () => {
    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    let access_token = res.data["access_token"];
    axios_config_full = {
        headers: { "authorization": "Bearer " + access_token },
        validateStatus: undefined
    };
    const res2 = await axios.post(base + '/api/statsclients', { username: "demo", password: "demo" }, axios_config_full);
    access_token = res2.data["key"];
    axios_config_stats = {
        headers: { "authorization": "Bearer " + access_token },
        validateStatus: undefined
    };
 });
 describe('GET /api/stats/runners/distance w/o auth should return 200', () => {
    it('get with invalid token should return 401', async () => {
        const res = await axios.get(base + '/api/stats/runners/distance', {
            headers: { "authorization": "Bearer 123123123123123123" },
            validateStatus: undefined
        });
        expect(res.status).toEqual(401);
    });
 });
 // ---------------
 describe('GET /api/stats should return 200', () => {
    it('get w/o auth should return 200', async () => {
        const res = await axios.get(base + '/api/stats', { validateStatus: undefined });
        expect(res.status).toEqual(200);
        expect(res.headers['content-type']).toContain("application/json");
    });
    it('get w/ auth should return 200', async () => {
        const res = await axios.get(base + '/api/stats', axios_config_stats);
        expect(res.status).toEqual(200);
        expect(res.headers['content-type']).toContain("application/json");
    });
 });
 // ---------------
 describe('GET /api/stats/runners/* should return 200', () => {
    it('get by distance w/ auth should return 200', async () => {
        const res = await axios.get(base + '/api/stats/runners/distance', axios_config_stats);
        expect(res.status).toEqual(200);
        expect(res.headers['content-type']).toContain("application/json");
    });
    it('get by donations w/ auth should return 200', async () => {
        const res = await axios.get(base + '/api/stats/runners/donations', axios_config_stats);
        expect(res.status).toEqual(200);
        expect(res.headers['content-type']).toContain("application/json");
    });
    it('get by laptime w/ auth should return 200', async () => {
        const res = await axios.get(base + '/api/stats/runners/laptime', axios_config_stats);
        expect(res.status).toEqual(200);
        expect(res.headers['content-type']).toContain("application/json");
    });
 });
 // ---------------
 describe('GET /api/stats/teams/* should return 200', () => {
    it('get by distance w/ auth should return 200', async () => {
        const res = await axios.get(base + '/api/stats/teams/distance', axios_config_stats);
        expect(res.status).toEqual(200);
        expect(res.headers['content-type']).toContain("application/json");
    });
    it('get by donations w/ auth should return 200', async () => {
        const res = await axios.get(base + '/api/stats/teams/donations', axios_config_stats);
        expect(res.status).toEqual(200);
        expect(res.headers['content-type']).toContain("application/json");
    });
 });
 // ---------------
 describe('GET /api/stats/organizations/* should return 200', () => {
    it('get by distance w/ auth should return 200', async () => {
        const res = await axios.get(base + '/api/stats/organizations/distance', axios_config_stats);
        expect(res.status).toEqual(200);
        expect(res.headers['content-type']).toContain("application/json");
    });
    it('get by donations w/ auth should return 200', async () => {
        const res = await axios.get(base + '/api/stats/organizations/donations', axios_config_stats);
        expect(res.status).toEqual(200);
        expect(res.headers['content-type']).toContain("application/json");
    });
 });
--- a/src/tests/tracks/track_add.spec.ts
+++ b/src/tests/tracks/track_add.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
 	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/tracks/track_delete.spec.ts
+++ b/src/tests/tracks/track_delete.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
 	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/tracks/track_update.spec.ts
+++ b/src/tests/tracks/track_update.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
 	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/tracks/tracks_get.spec.ts
+++ b/src/tests/tracks/tracks_get.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
 	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/trackscans/trackscans_add.spec.ts
+++ b/src/tests/trackscans/trackscans_add.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
 	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/trackscans/trackscans_delete.spec.ts
+++ b/src/tests/trackscans/trackscans_delete.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
 	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/trackscans/trackscans_get.spec.ts
+++ b/src/tests/trackscans/trackscans_get.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
 	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/trackscans/trackscans_update.spec.ts
+++ b/src/tests/trackscans/trackscans_update.spec.ts
@@ -6,6 +6,7 @@ let access_token;
 let axios_config;
 beforeAll(async () => {
 	jest.setTimeout(20000);
 	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
 	access_token = res.data["access_token"];
 	axios_config = {
--- a/src/tests/users/user_delete.spec.ts
+++ b/src/tests/users/user_delete.spec.ts
@@ -0,0 +1,51 @@
 import axios from 'axios';
 import { config } from '../../config';
 const base = "http://localhost:" + config.internal_port
 let access_token;
 let axios_config;
 beforeAll(async () => {
    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    access_token = res.data["access_token"];
    axios_config = {
        headers: { "authorization": "Bearer " + access_token },
        validateStatus: undefined
    };
 });
 // ---------------
 describe('adding + deletion (non-existant)', () => {
    it('delete', async () => {
        const res2 = await axios.delete(base + '/api/users/0?force=true', axios_config);
        expect(res2.status).toEqual(204);
    });
 });
 // ---------------
 describe('adding + deletion (successfull)', () => {
    let added_user
    it('valid user creation with minimal parameters should return 200', async () => {
        const res = await axios.post(base + '/api/users', {
            "firstname": "string",
            "middlename": "string",
            "lastname": "string",
            "email": "demo_123_123_123asdASD@example.com",
            "password": "demo_123_123_123asdASD",
            "enabled": true
        }
            , axios_config);
        added_user = res.data;
        expect(res.status).toEqual(200);
    });
    it('delete', async () => {
        const res2 = await axios.delete(base + '/api/users/' + added_user.id + "?force=true", axios_config);
        expect(res2.status).toEqual(200);
        expect(res2.headers['content-type']).toContain("application/json")
    });
    it('check if user really was deleted', async () => {
        const res3 = await axios.get(base + '/api/users/' + added_user.id, axios_config);
        expect(res3.status).toEqual(404);
        expect(res3.headers['content-type']).toContain("application/json")
    });
 });
--- a/src/tests/users/user_post.spec.ts
+++ b/src/tests/users/user_post.spec.ts
@@ -0,0 +1,113 @@
 import axios from 'axios';
 import { config } from '../../config';
 const base = "http://localhost:" + config.internal_port
 let axios_config = {};
 beforeAll(async () => {
    jest.setTimeout(20000);
    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    let access_token = res.data["access_token"];
    axios_config = {
        headers: { "authorization": "Bearer " + access_token },
        validateStatus: undefined
    };
 });
 describe('POST /api/users valid', () => {
    it('valid user creation with minimal parameters should return 200', async () => {
        const res = await axios.post(base + '/api/users', {
            "firstname": "demo_createASD123",
            "lastname": "demo_createASD123",
            "password": "demo_createASD123",
            "email": "demo_createASD123@dev.lauf-fuer-kaya.de"
        }, axios_config);
        expect(res.status).toEqual(200);
    });
    it('valid user creation with all parameters should return 200', async () => {
        const res = await axios.post(base + '/api/users', {
            "firstname": "demo_createASD123_2",
            "middlename": "demo_createASD123_2",
            "lastname": "demo_createASD123_2",
            "username": "demo_createASD123_2",
            "password": "demo_createASD123_2",
            "email": "demo_createASD123_2@dev.lauf-fuer-kaya.de"
        }, axios_config);
        expect(res.status).toEqual(200);
    });
 });
 // ---------------
 describe('POST /api/users invalid -> 400', () => {
    it('user creation w/o firstname should return 400', async () => {
        const res = await axios.post(base + '/api/users', {
            "lastname": "demo_createASD123_3",
            "password": "demo_createASD123_3",
            "email": "demo_createASD123_3@dev.lauf-fuer-kaya.de"
        }, axios_config);
        expect(res.status).toEqual(400);
    });
    it('user creation w/o lastname should return 400', async () => {
        const res = await axios.post(base + '/api/users', {
            "firstname": "demo_createASD123_3",
            "password": "demo_createASD123_3",
            "email": "demo_createASD123_3@dev.lauf-fuer-kaya.de"
        }, axios_config);
        expect(res.status).toEqual(400);
    });
    it('user creation w/o password should return 400', async () => {
        const res = await axios.post(base + '/api/users', {
            "firstname": "demo_createASD123_3",
            "lastname": "demo_createASD123_3",
            "email": "demo_createASD123_3@dev.lauf-fuer-kaya.de"
        }, axios_config);
        expect(res.status).toEqual(400);
    });
    it('user creation w/o email should return 400', async () => {
        const res = await axios.post(base + '/api/users', {
            "firstname": "demo_createASD123_3",
            "lastname": "demo_createASD123_3",
            "password": "demo_createASD123_3"
        }, axios_config);
        expect(res.status).toEqual(400);
    });
 });
 // ---------------
 describe('POST /api/users invalid -> Password errors', () => {
    it('user creation w/ invalid password -> No numbers should return 406', async () => {
        const res = await axios.post(base + '/api/users', {
            "firstname": "demo_createASD123_4",
            "lastname": "demo_createASD123_4",
            "password": "demo_createASD",
            "email": "demo_createASD123_4@dev.lauf-fuer-kaya.de"
        }, axios_config);
        expect(res.status).toEqual(406);
    });
    it('user creation w/ invalid password -> No uppercase should return 406', async () => {
        const res = await axios.post(base + '/api/users', {
            "firstname": "demo_createASD123_4",
            "lastname": "demo_createASD123_4",
            "password": "demo_create_4",
            "email": "demo_createASD123_4@dev.lauf-fuer-kaya.de"
        }, axios_config);
        expect(res.status).toEqual(406);
    });
    it('user creation w/ invalid password -> No lowercase should return 406', async () => {
        const res = await axios.post(base + '/api/users', {
            "firstname": "demo_createASD123_4",
            "lastname": "demo_createASD123_4",
            "password": "DEMO123123ASD",
            "email": "demo_createASD123_4@dev.lauf-fuer-kaya.de"
        }, axios_config);
        expect(res.status).toEqual(406);
    });
    it('user creation w/ invalid password -> Too short should return 406', async () => {
        const res = await axios.post(base + '/api/users', {
            "firstname": "demo_createASD123_4",
            "lastname": "demo_createASD123_4",
            "password": "1Aa_",
            "email": "demo_createASD123_4@dev.lauf-fuer-kaya.de"
        }, axios_config);
        expect(res.status).toEqual(406);
    });
 });