🧾New changelog file version [CI SKIP] [skip ci]

Merge pull request 'Release 0.10.1' (#189 ) from dev into main
Reviewed-on: #189 Reviewed-by: Philipp Dormann <philipp@philippdormann.de>
2021-04-03 16:25:14 +00:00 · 2021-04-03 16:24:25 +00:00 · 2021-04-03 16:17:51 +00:00 · 2021-04-03 18:16:56 +02:00 · 2021-04-03 16:15:38 +00:00 · 2021-04-03 18:14:47 +02:00
22 changed files with 986 additions and 574 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,8 +2,97 @@

 All notable changes to this project will be documented in this file. Dates are displayed in UTC.

-#### [v0.7.1](https://git.odit.services/lfk/backend/compare/v0.7.1...v0.7.1)
+#### [v0.10.1](https://git.odit.services/lfk/backend/compare/v0.10.0...v0.10.1)

+- Merge pull request 'Release 0.10.1' (#189) from dev into main [`e89e07d`](https://git.odit.services/lfk/backend/commit/e89e07d0fc99f14148b01204fb8ed39e2da77e38)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`69afd4d`](https://git.odit.services/lfk/backend/commit/69afd4d5877401eb46df430f43a7feb273abda1e)
+- 🚀Bumped version to v0.10.1 [`24d152f`](https://git.odit.services/lfk/backend/commit/24d152fdc8fe17fffa2f2a718d7145ba8a91d79c)
+- New class: ResponseSelfServiceDonor [`d70c5b1`](https://git.odit.services/lfk/backend/commit/d70c5b1bbc9f02782f8755b6929e2d3458e10221)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`4279e43`](https://git.odit.services/lfk/backend/commit/4279e4374304887e8db40eab77763b20bbce91a1)
+- Removed duplicate openapi statement [`4834a66`](https://git.odit.services/lfk/backend/commit/4834a6698b0958602421c1478a95fec7edda910b)
+- Switched selfservice donation.donor from string to object [`0767943`](https://git.odit.services/lfk/backend/commit/0767943721b6964d542f580c541e744f86444ac6)
+- Adjusted runner property names [`ca87774`](https://git.odit.services/lfk/backend/commit/ca87774767807a2c4bc869b0de95cc73832a8405)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`71e3d0e`](https://git.odit.services/lfk/backend/commit/71e3d0efe2cbde47aea0f26cb5a8b5cd3312707d)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`c28843c`](https://git.odit.services/lfk/backend/commit/c28843c405dc4fd06a10f0fb85814acede15a769)
+- Merge pull request 'Selfservice donations reformatting feature/187-selfservice_donation' (#188) from feature/187-selfservice_donation into dev [`d837654`](https://git.odit.services/lfk/backend/commit/d837654617f7de5d055ffb06c65e2cd52f65c604)
+- Added new responsetype for new class [`f693f2c`](https://git.odit.services/lfk/backend/commit/f693f2cde9a04147155aea4de5d52e1d19d722ca)
+
+#### [v0.10.0](https://git.odit.services/lfk/backend/compare/v0.9.2...v0.10.0)
+
+> 1 April 2021
+
+- Merge pull request 'Release 0.10.0' (#186) from dev into main [`b517dff`](https://git.odit.services/lfk/backend/commit/b517dff8a82c960836d9f0be90fd89f3ba2fae7d)
+- 🚀Bumped version to v0.10.0 [`dc3071f`](https://git.odit.services/lfk/backend/commit/dc3071f7d2be298f0bb02d86ec67ed1125cd3b49)
+- Added locale to mail related runner endpoints [`7af883f`](https://git.odit.services/lfk/backend/commit/7af883f27198206af542bcaff4686221d3788e87)
+- Added locale to mail related runner endpoints [`f543307`](https://git.odit.services/lfk/backend/commit/f5433076b01c743ed9af085fccadb8f1edc26419)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`5fb355f`](https://git.odit.services/lfk/backend/commit/5fb355f450f19e96d3671b1a46e94d564495942b)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`114c246`](https://git.odit.services/lfk/backend/commit/114c246aceba566cc0dd6daab51a77b951b031cc)
+- Merge pull request 'Mail locales feature/184-mail_locales' (#185) from feature/184-mail_locales into dev [`33c13de`](https://git.odit.services/lfk/backend/commit/33c13de32c68a3d9e87e4fd9ad12a815ed8c9fde)
+- Added locale to mail related user endpoints [`1be073a`](https://git.odit.services/lfk/backend/commit/1be073a4fa39f0332a46f567ee6af10a9137844c)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`6aafe4a`](https://git.odit.services/lfk/backend/commit/6aafe4a6ae7d253ab39220e551c52ae067cc481a)
+
+#### [v0.9.2](https://git.odit.services/lfk/backend/compare/v0.9.1...v0.9.2)
+
+> 29 March 2021
+
+- Merge pull request 'Release 0.9.2' (#183) from dev into main [`bdeeb03`](https://git.odit.services/lfk/backend/commit/bdeeb036459c2a2131e843d8a5a6b338e0ba46ea)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`675c876`](https://git.odit.services/lfk/backend/commit/675c8762e8e4cf28d2f334d5ab2e1cb6b594e33c)
+- Fixed bug in return creation [`6c9b91d`](https://git.odit.services/lfk/backend/commit/6c9b91d75a0d08fc4ab0e72c7a09bd0133566368)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`8c00aef`](https://git.odit.services/lfk/backend/commit/8c00aefd6ce3723d9f83d1c94e6491d5d597391f)
+- 🚀Bumped version to v0.9.2 [`89e3924`](https://git.odit.services/lfk/backend/commit/89e392473c52a3f328545699a0f4df89be33ba89)
+
+#### [v0.9.1](https://git.odit.services/lfk/backend/compare/v0.9.0...v0.9.1)
+
+> 29 March 2021
+
+- Merge pull request 'Release v0.9.1' (#182) from dev into main [`3afd785`](https://git.odit.services/lfk/backend/commit/3afd785a54fac91c12af789af19b45e6124e0e39)
+- 🚀Bumped version to v0.9.1 [`a139554`](https://git.odit.services/lfk/backend/commit/a139554e059e9a10acb1733ce1a82b610cc99269)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`8099999`](https://git.odit.services/lfk/backend/commit/8099999e2cdfc8046f9ff4a90681281b671e402d)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`0290b0e`](https://git.odit.services/lfk/backend/commit/0290b0e5f531364d37d8157e639614cf5a6b4189)
+- Merge pull request 'Return cards generated in bulk feature/180-blank_generation_return' (#181) from feature/180-blank_generation_return into dev [`0f7fa99`](https://git.odit.services/lfk/backend/commit/0f7fa990d473ce2dce032c47c39f79c1d0e8df90)
+- Added query param to return created runenrcards [`5a36c8d`](https://git.odit.services/lfk/backend/commit/5a36c8dcae3d79b3b05ffb30a7ebb0d31dc8183a)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`58f4d21`](https://git.odit.services/lfk/backend/commit/58f4d2151f459bc72692cc70e02a59b77abfb9f0)
+- Added test for returnCards=true array length [`1cb2dc9`](https://git.odit.services/lfk/backend/commit/1cb2dc9d53b530435f5798f9cdf7ee866eb7416e)
+- Added test for single card generation with returnCards=true [`6005b06`](https://git.odit.services/lfk/backend/commit/6005b0661f1d5c461bb102e243cc209a8adc21fa)
+- Fixed copy-paste oversight [`2f568c9`](https://git.odit.services/lfk/backend/commit/2f568c9cb8ae39ce40ec8df6d9acbaf0d5ae1a26)
+
+#### [v0.9.0](https://git.odit.services/lfk/backend/compare/v0.8.0...v0.9.0)
+
+> 26 March 2021
+
+- Merge pull request 'Release 0.9.0' (#179) from dev into main [`95135dd`](https://git.odit.services/lfk/backend/commit/95135ddc893dcf64be67b47b0ef2b0d9041253bd)
+- Reenabled user tests [`4c66650`](https://git.odit.services/lfk/backend/commit/4c6665062fe6717242e43b58e66c1f1d030c018d)
+- Moved to tmp files to better check for other problems [`7a64f23`](https://git.odit.services/lfk/backend/commit/7a64f2393783f97a9729356bc1dfd831927dd312)
+- Added user creation invalid tests [`888cab5`](https://git.odit.services/lfk/backend/commit/888cab5898caf9e552c421346934bf90f717a653)
+- Updated auth test to comply with the new pw requirements [`63f6526`](https://git.odit.services/lfk/backend/commit/63f6526e4f59621edbf1fad59fc569b4bd6acbf2)
+- Added user deletion tests [`e6a8ebc`](https://git.odit.services/lfk/backend/commit/e6a8ebcb5b4f430254da4afe159141b21d8da0ed)
+- Added user creation valid tests [`383a809`](https://git.odit.services/lfk/backend/commit/383a8095b8286d51fb2fb24ae2fd0156230e56ab)
+- 📖New license file version [CI SKIP] [skip ci] [`bd7b81e`](https://git.odit.services/lfk/backend/commit/bd7b81efe795c02512c87f3b5dd5eec796580144)
+- Added password errors [`24c38cc`](https://git.odit.services/lfk/backend/commit/24c38cce26da41ccf375e1ccf04afa1868aad8df)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`274a146`](https://git.odit.services/lfk/backend/commit/274a146b9bccfe5e1a879ca137ebb4f51eaa5d57)
+- Fixed test params [`070560e`](https://git.odit.services/lfk/backend/commit/070560e8632e833dd26505c02ccb2474462b63ac)
+- No longer using createuser in seeding process [`96ba25e`](https://git.odit.services/lfk/backend/commit/96ba25ec6c6c397cd2aa322afa79024395f658fe)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`a7fe1e1`](https://git.odit.services/lfk/backend/commit/a7fe1e175918edd7a98983ece570b47075e85e9a)
+- 🚀Bumped version to v0.8.0 [`c23b4d9`](https://git.odit.services/lfk/backend/commit/c23b4d907f20ed7af37a6de6ea4c61433e30b29b)
+- 🚀Bumped version to v0.9.0 [`56a5f41`](https://git.odit.services/lfk/backend/commit/56a5f4168621263daeab5d2fda97b944cdc6ab31)
+- Merge pull request 'Password security feature/99-password_checks' (#177) from feature/99-password_checks into dev [`5a3fc5b`](https://git.odit.services/lfk/backend/commit/5a3fc5b2bd06b3e26177d017d3503f4f627be3f2)
+- Added pw errors to user controller [`b24e24f`](https://git.odit.services/lfk/backend/commit/b24e24ff7dd75d972cdab0fd1e2fe6c532ca2b2f)
+- Now checking password rules on user creation [`5daaa3a`](https://git.odit.services/lfk/backend/commit/5daaa3a73c4eca2817d67e226679d125928a3645)
+- Now checking password rules on user update [`48a87e8`](https://git.odit.services/lfk/backend/commit/48a87e8936e13c48f4baa3f4b10f781ad2f55a44)
+- Fixed pw not getting hashed currectly; [`cb3ea9b`](https://git.odit.services/lfk/backend/commit/cb3ea9b1ebb82c650abd83d4be8629cfe29a5b21)
+- Added pw errors to me controller [`9ce35d8`](https://git.odit.services/lfk/backend/commit/9ce35d8eb78a01f40af8c70e640eca3bcb142304)
+- Now forceing user deletion in tests [`8154e71`](https://git.odit.services/lfk/backend/commit/8154e715bbf18938bd5d1031656a88d39231fa81)
+- Added password checker dependency [`bd00f4f`](https://git.odit.services/lfk/backend/commit/bd00f4f8d585fb6878874810f7de0b8b9f3950d5)
+- Fixed empty object getting called [`5369000`](https://git.odit.services/lfk/backend/commit/536900091afd7366128f21058490d0d4f15c6c89)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`03d76e6`](https://git.odit.services/lfk/backend/commit/03d76e6d0bc5b4655f7f441232681c9462815526)
+- Formatting [`b8c28eb`](https://git.odit.services/lfk/backend/commit/b8c28ebb0808395218b5fb9031f477ae1d48e65e)
+
+#### [v0.8.0](https://git.odit.services/lfk/backend/compare/v0.7.1...v0.8.0)
+
+> 26 March 2021
+
+- Merge pull request 'Release 0.8.0' (#176) from dev into main [`3f8e8ce`](https://git.odit.services/lfk/backend/commit/3f8e8ce3a66a943801c0c8e17885e71feeee744f)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`c9bd6de`](https://git.odit.services/lfk/backend/commit/c9bd6de4762fec04e1e02cd3b667838d05ef39a7)
 - Merge pull request 'Selfservice deletion feature/174-selfservice_deletion' (#175) from feature/174-selfservice_deletion into dev [`e702118`](https://git.odit.services/lfk/backend/commit/e702118d4d80e362e41bb88c74343d50530d1338)
 - Added tests for the new endpoint [`20aeed8`](https://git.odit.services/lfk/backend/commit/20aeed87780247dc6401bba725801fc1874e50b5)
 - Removed param from test [`97159dd`](https://git.odit.services/lfk/backend/commit/97159dd9f81aed080c174a3eb8da9e66dfea9b10)
--- a/licenses.md
+++ b/licenses.md
@@ -115,6 +115,35 @@ TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
 SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 

+# check-password-strength
+**Author**: deanilvincent
+**Repo**: [object Object]
+**License**: MIT
+**Description**: A NPM Password strength checker based from Javascript RegExp. Check passphrase if it's "Weak", "Medium" or "Strong"
+## License Text
+MIT License
+
+Copyright (c) 2020 Mark Deanil Vicente
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+ 
+
 # class-transformer
 **Author**: [object Object]
 **Repo**: [object Object]
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@odit/lfk-backend",
-  "version": "0.7.1",
+  "version": "0.10.1",
  "main": "src/app.ts",
  "repository": "https://git.odit.services/lfk/backend",
  "author": {
@@ -26,6 +26,7 @@
    "argon2": "^0.27.1",
    "axios": "^0.21.1",
    "body-parser": "^1.19.0",
+    "check-password-strength": "^2.0.2",
    "class-transformer": "0.3.1",
    "class-validator": "^0.13.1",
    "consola": "^2.15.0",
--- a/src/controllers/MeController.ts
+++ b/src/controllers/MeController.ts
@@ -1,7 +1,7 @@
 import { Body, CurrentUser, Delete, Get, JsonController, OnUndefined, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
-import { UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
+import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
 import { UpdateUser } from '../models/actions/update/UpdateUser';
 import { User } from '../models/entities/User';
 import { ResponseUser } from '../models/responses/ResponseUser';
@@ -48,6 +48,10 @@ export class MeController {
 	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
 	@ResponseSchema(UserIdsNotMatchingError, { statusCode: 406 })
 	@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainUppercaseLetterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainLowercaseLetterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainNumberError, { statusCode: 406 })
+	@ResponseSchema(PasswordTooShortError, { statusCode: 406 })
 	@OpenAPI({ description: "Update the yourself. <br> You can't edit your own permissions or group memberships here - Please use the /api/users/:id enpoint instead. <br> Please remember that ids can't be changed." })
 	async put(@CurrentUser() currentUser: User, @Body({ validate: true }) updateUser: UpdateUser) {
 		let oldUser = await this.userRepository.findOne({ id: currentUser.id }, { relations: ['groups'] });
--- a/src/controllers/RunnerCardController.ts
+++ b/src/controllers/RunnerCardController.ts
@@ -1,121 +1,131 @@
-import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
-import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
-import { RunnerCardHasScansError, RunnerCardIdsNotMatchingError, RunnerCardNotFoundError } from '../errors/RunnerCardErrors';
-import { RunnerNotFoundError } from '../errors/RunnerErrors';
-import { CreateRunnerCard } from '../models/actions/create/CreateRunnerCard';
-import { UpdateRunnerCard } from '../models/actions/update/UpdateRunnerCard';
-import { RunnerCard } from '../models/entities/RunnerCard';
-import { ResponseEmpty } from '../models/responses/ResponseEmpty';
-import { ResponseRunnerCard } from '../models/responses/ResponseRunnerCard';
-import { ScanController } from './ScanController';
-
-@JsonController('/cards')
-@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
-export class RunnerCardController {
-	private cardRepository: Repository<RunnerCard>;
-
-	/**
-	 * Gets the repository of this controller's model/entity.
-	 */
-	constructor() {
-		this.cardRepository = getConnectionManager().get().getRepository(RunnerCard);
-	}
-
-	@Get()
-	@Authorized("CARD:GET")
-	@ResponseSchema(ResponseRunnerCard, { isArray: true })
-	@OpenAPI({ description: 'Lists all card.' })
-	async getAll() {
-		let responseCards: ResponseRunnerCard[] = new Array<ResponseRunnerCard>();
-		const cards = await this.cardRepository.find({ relations: ['runner', 'runner.group', 'runner.group.parentGroup'] });
-		cards.forEach(card => {
-			responseCards.push(new ResponseRunnerCard(card));
-		});
-		return responseCards;
-	}
-
-	@Get('/:id')
-	@Authorized("CARD:GET")
-	@ResponseSchema(ResponseRunnerCard)
-	@ResponseSchema(RunnerCardNotFoundError, { statusCode: 404 })
-	@OnUndefined(RunnerCardNotFoundError)
-	@OpenAPI({ description: "Lists all information about the card whose id got provided." })
-	async getOne(@Param('id') id: number) {
-		let card = await this.cardRepository.findOne({ id: id }, { relations: ['runner', 'runner.group', 'runner.group.parentGroup'] });
-		if (!card) { throw new RunnerCardNotFoundError(); }
-		return card.toResponse();
-	}
-
-	@Post('/bulk')
-	@Authorized("CARD:CREATE")
-	@ResponseSchema(ResponseEmpty, { statusCode: 200 })
-	@OpenAPI({ description: "Create blank cards in bulk. <br> Just provide the count as a query param and wait for the 200 response." })
-	async postBlancoBulk(@QueryParam("count") count: number) {
-		let createPromises = new Array<any>();
-		for (let index = 0; index < count; index++) {
-			createPromises.push(this.cardRepository.save({ runner: null, enabled: true }))
-		}
-		await Promise.all(createPromises);
-		let response = new ResponseEmpty();
-		response.response = `Created ${count} new blanco cards.`
-		return response;
-	}
-
-	@Post()
-	@Authorized("CARD:CREATE")
-	@ResponseSchema(ResponseRunnerCard)
-	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
-	@OpenAPI({ description: "Create a new card. <br> You can provide a associated runner by id but you don't have to." })
-	async post(@Body({ validate: true }) createCard: CreateRunnerCard) {
-		let card = await createCard.toEntity();
-		card = await this.cardRepository.save(card);
-		return (await this.cardRepository.findOne({ id: card.id }, { relations: ['runner', 'runner.group', 'runner.group.parentGroup'] })).toResponse();
-	}
-
-	@Put('/:id')
-	@Authorized("CARD:UPDATE")
-	@ResponseSchema(ResponseRunnerCard)
-	@ResponseSchema(RunnerCardNotFoundError, { statusCode: 404 })
-	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
-	@ResponseSchema(RunnerCardIdsNotMatchingError, { statusCode: 406 })
-	@OpenAPI({ description: "Update the card whose id you provided. <br> Scans created via this card will still be associated with the old runner. <br> Please remember that ids can't be changed." })
-	async put(@Param('id') id: number, @Body({ validate: true }) card: UpdateRunnerCard) {
-		let oldCard = await this.cardRepository.findOne({ id: id });
-
-		if (!oldCard) {
-			throw new RunnerCardNotFoundError();
-		}
-
-		if (oldCard.id != card.id) {
-			throw new RunnerCardIdsNotMatchingError();
-		}
-
-		await this.cardRepository.save(await card.update(oldCard));
-		return (await this.cardRepository.findOne({ id: id }, { relations: ['runner', 'runner.group', 'runner.group.parentGroup'] })).toResponse();
-	}
-
-	@Delete('/:id')
-	@Authorized("CARD:DELETE")
-	@ResponseSchema(ResponseRunnerCard)
-	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
-	@ResponseSchema(RunnerCardHasScansError, { statusCode: 406 })
-	@OnUndefined(204)
-	@OpenAPI({ description: "Delete the card whose id you provided. <br> If no card with this id exists it will just return 204(no content). <br> If the card still has scans associated you have to provide the force=true query param (warning: this deletes all scans associated with by this card - please disable it instead or just remove the runner association)." })
-	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
-		let card = await this.cardRepository.findOne({ id: id });
-		if (!card) { return null; }
-
-		const cardScans = (await this.cardRepository.findOne({ id: id }, { relations: ["scans"] })).scans;
-		if (cardScans.length != 0 && !force) {
-			throw new RunnerCardHasScansError();
-		}
-		const scanController = new ScanController;
-		for (let scan of cardScans) {
-			await scanController.remove(scan.id, force);
-		}
-
-		await this.cardRepository.delete(card);
-		return card.toResponse();
-	}
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+import { getConnectionManager, Repository } from 'typeorm';
+import { RunnerCardHasScansError, RunnerCardIdsNotMatchingError, RunnerCardNotFoundError } from '../errors/RunnerCardErrors';
+import { RunnerNotFoundError } from '../errors/RunnerErrors';
+import { CreateRunnerCard } from '../models/actions/create/CreateRunnerCard';
+import { UpdateRunnerCard } from '../models/actions/update/UpdateRunnerCard';
+import { RunnerCard } from '../models/entities/RunnerCard';
+import { ResponseEmpty } from '../models/responses/ResponseEmpty';
+import { ResponseRunnerCard } from '../models/responses/ResponseRunnerCard';
+import { ScanController } from './ScanController';
+
+@JsonController('/cards')
+@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+export class RunnerCardController {
+	private cardRepository: Repository<RunnerCard>;
+
+	/**
+	 * Gets the repository of this controller's model/entity.
+	 */
+	constructor() {
+		this.cardRepository = getConnectionManager().get().getRepository(RunnerCard);
+	}
+
+	@Get()
+	@Authorized("CARD:GET")
+	@ResponseSchema(ResponseRunnerCard, { isArray: true })
+	@OpenAPI({ description: 'Lists all card.' })
+	async getAll() {
+		let responseCards: ResponseRunnerCard[] = new Array<ResponseRunnerCard>();
+		const cards = await this.cardRepository.find({ relations: ['runner', 'runner.group', 'runner.group.parentGroup'] });
+		cards.forEach(card => {
+			responseCards.push(new ResponseRunnerCard(card));
+		});
+		return responseCards;
+	}
+
+	@Get('/:id')
+	@Authorized("CARD:GET")
+	@ResponseSchema(ResponseRunnerCard)
+	@ResponseSchema(RunnerCardNotFoundError, { statusCode: 404 })
+	@OnUndefined(RunnerCardNotFoundError)
+	@OpenAPI({ description: "Lists all information about the card whose id got provided." })
+	async getOne(@Param('id') id: number) {
+		let card = await this.cardRepository.findOne({ id: id }, { relations: ['runner', 'runner.group', 'runner.group.parentGroup'] });
+		if (!card) { throw new RunnerCardNotFoundError(); }
+		return card.toResponse();
+	}
+
+	@Post('/bulk')
+	@Authorized("CARD:CREATE")
+	@ResponseSchema(ResponseEmpty, { statusCode: 200 })
+	@OpenAPI({ description: "Create blank cards in bulk. <br> Just provide the count as a query param and wait for the 200 response. <br> You can provide the 'returnCards' query param if you want to receive the RESPONSERUNNERCARD objects in the response." })
+	async postBlancoBulk(@QueryParam("count") count: number, @QueryParam("returnCards") returnCards: boolean = false) {
+		let createPromises = new Array<any>();
+		for (let index = 0; index < count; index++) {
+			createPromises.push(this.cardRepository.save({ runner: null, enabled: true }))
+		}
+
+		const cards = await Promise.all(createPromises);
+
+		if (returnCards) {
+			let responseCards: ResponseRunnerCard[] = new Array<ResponseRunnerCard>();
+			for await (let card of cards) {
+				let dbCard = await this.cardRepository.findOne({ id: card.id });
+				responseCards.push(new ResponseRunnerCard(dbCard));
+			}
+			return responseCards;
+		}
+		let response = new ResponseEmpty();
+		response.response = `Created ${count} new blanco cards.`
+		return response;
+	}
+
+	@Post()
+	@Authorized("CARD:CREATE")
+	@ResponseSchema(ResponseRunnerCard)
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+	@OpenAPI({ description: "Create a new card. <br> You can provide a associated runner by id but you don't have to." })
+	async post(@Body({ validate: true }) createCard: CreateRunnerCard) {
+		let card = await createCard.toEntity();
+		card = await this.cardRepository.save(card);
+		return (await this.cardRepository.findOne({ id: card.id }, { relations: ['runner', 'runner.group', 'runner.group.parentGroup'] })).toResponse();
+	}
+
+	@Put('/:id')
+	@Authorized("CARD:UPDATE")
+	@ResponseSchema(ResponseRunnerCard)
+	@ResponseSchema(RunnerCardNotFoundError, { statusCode: 404 })
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+	@ResponseSchema(RunnerCardIdsNotMatchingError, { statusCode: 406 })
+	@OpenAPI({ description: "Update the card whose id you provided. <br> Scans created via this card will still be associated with the old runner. <br> Please remember that ids can't be changed." })
+	async put(@Param('id') id: number, @Body({ validate: true }) card: UpdateRunnerCard) {
+		let oldCard = await this.cardRepository.findOne({ id: id });
+
+		if (!oldCard) {
+			throw new RunnerCardNotFoundError();
+		}
+
+		if (oldCard.id != card.id) {
+			throw new RunnerCardIdsNotMatchingError();
+		}
+
+		await this.cardRepository.save(await card.update(oldCard));
+		return (await this.cardRepository.findOne({ id: id }, { relations: ['runner', 'runner.group', 'runner.group.parentGroup'] })).toResponse();
+	}
+
+	@Delete('/:id')
+	@Authorized("CARD:DELETE")
+	@ResponseSchema(ResponseRunnerCard)
+	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
+	@ResponseSchema(RunnerCardHasScansError, { statusCode: 406 })
+	@OnUndefined(204)
+	@OpenAPI({ description: "Delete the card whose id you provided. <br> If no card with this id exists it will just return 204(no content). <br> If the card still has scans associated you have to provide the force=true query param (warning: this deletes all scans associated with by this card - please disable it instead or just remove the runner association)." })
+	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
+		let card = await this.cardRepository.findOne({ id: id });
+		if (!card) { return null; }
+
+		const cardScans = (await this.cardRepository.findOne({ id: id }, { relations: ["scans"] })).scans;
+		if (cardScans.length != 0 && !force) {
+			throw new RunnerCardHasScansError();
+		}
+		const scanController = new ScanController;
+		for (let scan of cardScans) {
+			await scanController.remove(scan.id, force);
+		}
+
+		await this.cardRepository.delete(card);
+		return card.toResponse();
+	}
 }
--- a/src/controllers/RunnerSelfServiceController.ts
+++ b/src/controllers/RunnerSelfServiceController.ts
@@ -1,228 +1,228 @@
-import { Request } from "express";
-import * as jwt from "jsonwebtoken";
-import { Body, Delete, Get, JsonController, OnUndefined, Param, Post, QueryParam, Req, UseBefore } from 'routing-controllers';
-import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
-import { config } from '../config';
-import { InvalidCredentialsError, JwtNotProvidedError } from '../errors/AuthError';
-import { MailSendingError } from '../errors/MailErrors';
-import { RunnerEmailNeededError, RunnerHasDistanceDonationsError, RunnerNotFoundError, RunnerSelfserviceTimeoutError } from '../errors/RunnerErrors';
-import { RunnerOrganizationNotFoundError } from '../errors/RunnerOrganizationErrors';
-import { ScanStationNotFoundError } from '../errors/ScanStationErrors';
-import { JwtCreator } from '../jwtcreator';
-import { Mailer } from '../mailer';
-import ScanAuth from '../middlewares/ScanAuth';
-import { CreateSelfServiceCitizenRunner } from '../models/actions/create/CreateSelfServiceCitizenRunner';
-import { CreateSelfServiceRunner } from '../models/actions/create/CreateSelfServiceRunner';
-import { Runner } from '../models/entities/Runner';
-import { RunnerGroup } from '../models/entities/RunnerGroup';
-import { RunnerOrganization } from '../models/entities/RunnerOrganization';
-import { ScanStation } from '../models/entities/ScanStation';
-import { ResponseEmpty } from '../models/responses/ResponseEmpty';
-import { ResponseScanStation } from '../models/responses/ResponseScanStation';
-import { ResponseSelfServiceOrganisation } from '../models/responses/ResponseSelfServiceOrganisation';
-import { ResponseSelfServiceRunner } from '../models/responses/ResponseSelfServiceRunner';
-import { ResponseSelfServiceScan } from '../models/responses/ResponseSelfServiceScan';
-import { DonationController } from './DonationController';
-import { RunnerCardController } from './RunnerCardController';
-import { ScanController } from './ScanController';
-
-@JsonController()
-export class RunnerSelfServiceController {
-	private runnerRepository: Repository<Runner>;
-	private orgRepository: Repository<RunnerOrganization>;
-	private stationRepository: Repository<ScanStation>;
-
-	/**
-	 * Gets the repository of this controller's model/entity.
-	 */
-	constructor() {
-		this.runnerRepository = getConnectionManager().get().getRepository(Runner);
-		this.orgRepository = getConnectionManager().get().getRepository(RunnerOrganization);
-		this.stationRepository = getConnectionManager().get().getRepository(ScanStation);
-	}
-
-	@Get('/runners/me/:jwt')
-	@ResponseSchema(ResponseSelfServiceRunner)
-	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
-	@OnUndefined(RunnerNotFoundError)
-	@OpenAPI({ description: 'Lists all information about yourself. <br> Please provide your runner jwt(that code we gave you during registration) for auth. <br> If you lost your jwt/personalized link please use the forgot endpoint.' })
-	async get(@Param('jwt') token: string) {
-		return (new ResponseSelfServiceRunner(await this.getRunner(token)));
-	}
-
-	@Delete('/runners/me/:jwt')
-	@ResponseSchema(ResponseSelfServiceRunner)
-	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
-	@OnUndefined(RunnerNotFoundError)
-	@OpenAPI({ description: 'Deletes all information about yourself. <br> Please provide your runner jwt(that code we gave you during registration) for auth. <br> If you lost your jwt/personalized link please use the forgot endpoint.' })
-	async remove(@Param('jwt') token: string, @QueryParam("force") force: boolean) {
-		const responseRunner = await this.getRunner(token);
-		let runner = await this.runnerRepository.findOne({ id: responseRunner.id });
-
-		if (!runner) { return null; }
-		if (!runner) {
-			throw new RunnerNotFoundError();
-		}
-
-		const runnerDonations = (await this.runnerRepository.findOne({ id: runner.id }, { relations: ["distanceDonations"] })).distanceDonations;
-		if (runnerDonations.length > 0 && !force) {
-			throw new RunnerHasDistanceDonationsError();
-		}
-		const donationController = new DonationController();
-		for (let donation of runnerDonations) {
-			await donationController.remove(donation.id, force);
-		}
-
-		const runnerCards = (await this.runnerRepository.findOne({ id: runner.id }, { relations: ["cards"] })).cards;
-		const cardController = new RunnerCardController;
-		for (let card of runnerCards) {
-			await cardController.remove(card.id, force);
-		}
-
-		const runnerScans = (await this.runnerRepository.findOne({ id: runner.id }, { relations: ["scans"] })).scans;
-		const scanController = new ScanController;
-		for (let scan of runnerScans) {
-			await scanController.remove(scan.id, force);
-		}
-
-		await this.runnerRepository.delete(runner);
-		return new ResponseSelfServiceRunner(responseRunner);
-	}
-
-	@Get('/runners/me/:jwt/scans')
-	@ResponseSchema(ResponseSelfServiceScan, { isArray: true })
-	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
-	@OnUndefined(RunnerNotFoundError)
-	@OpenAPI({ description: 'Lists all your (runner) scans. <br> Please provide your runner jwt(that code we gave you during registration) for auth. <br> If you lost your jwt/personalized link please contact support.' })
-	async getScans(@Param('jwt') token: string) {
-		const scans = (await this.getRunner(token)).scans;
-		let responseScans = new Array<ResponseSelfServiceScan>()
-		for (let scan of scans) {
-			responseScans.push(new ResponseSelfServiceScan(scan));
-		}
-		return responseScans;
-	}
-
-	@Get('/stations/me')
-	@UseBefore(ScanAuth)
-	@ResponseSchema(ResponseScanStation)
-	@ResponseSchema(ScanStationNotFoundError, { statusCode: 404 })
-	@OnUndefined(ScanStationNotFoundError)
-	@OpenAPI({ description: 'Lists basic information about the station whose token got provided. <br> This includes it\'s associated track.', security: [{ "StationApiToken": [] }] })
-	async getStationMe(@Req() req: Request) {
-		let scan = await this.stationRepository.findOne({ id: parseInt(req.headers["station_id"].toString()) }, { relations: ['track'] })
-		if (!scan) { throw new ScanStationNotFoundError(); }
-		return scan.toResponse();
-	}
-
-	@Post('/runners/forgot')
-	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
-	@OnUndefined(ResponseEmpty)
-	@OpenAPI({ description: 'Use this endpoint to reuqest a new selfservice token/link to be sent to your mail address (rate limited to one mail every 24hrs).' })
-	async requestNewToken(@QueryParam('mail') mail: string) {
-		if (!mail) {
-			throw new RunnerNotFoundError();
-		}
-		const runner = await this.runnerRepository.findOne({ email: mail });
-		if (!runner) { throw new RunnerNotFoundError(); }
-
-		if (runner.resetRequestedTimestamp > (Math.floor(Date.now() / 1000) - 60 * 60 * 24)) { throw new RunnerSelfserviceTimeoutError(); }
-		const token = JwtCreator.createSelfService(runner);
-
-		try {
-			await Mailer.sendSelfserviceForgottenMail(runner.email, token, "en")
-		} catch (error) {
-			throw new MailSendingError();
-		}
-
-		runner.resetRequestedTimestamp = Math.floor(Date.now() / 1000);
-		await this.runnerRepository.save(runner);
-
-		return { token };
-	}
-
-	@Post('/runners/register')
-	@ResponseSchema(ResponseSelfServiceRunner)
-	@ResponseSchema(RunnerEmailNeededError, { statusCode: 406 })
-	@OpenAPI({ description: 'Create a new selfservice runner in the citizen org. <br> This endpoint shoud be used to allow "everyday citizen" to register themselves. <br> You have to provide a mail address, b/c the future we\'ll implement email verification.' })
-	async registerRunner(@Body({ validate: true }) createRunner: CreateSelfServiceCitizenRunner) {
-		let runner = await createRunner.toEntity();
-
-		runner = await this.runnerRepository.save(runner);
-		let response = new ResponseSelfServiceRunner(await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards', 'distanceDonations', 'distanceDonations.donor', 'distanceDonations.runner', 'distanceDonations.runner.scans', 'distanceDonations.runner.scans.track'] }));
-		response.token = JwtCreator.createSelfService(runner);
-
-		try {
-			await Mailer.sendSelfserviceWelcomeMail(runner.email, response.token, "en")
-		} catch (error) {
-			throw new MailSendingError();
-		}
-
-		return response;
-	}
-
-	@Post('/runners/register/:token')
-	@ResponseSchema(ResponseSelfServiceRunner)
-	@ResponseSchema(RunnerOrganizationNotFoundError, { statusCode: 404 })
-	@OpenAPI({ description: 'Create a new selfservice runner in a provided org. <br> The orgs get provided and authorized via api tokens that can be optained via the /organizations endpoint.' })
-	async registerOrganizationRunner(@Param('token') token: string, @Body({ validate: true }) createRunner: CreateSelfServiceRunner) {
-		const org = await this.getOrgansisation(token);
-
-		let runner = await createRunner.toEntity(org);
-		runner = await this.runnerRepository.save(runner);
-
-		let response = new ResponseSelfServiceRunner(await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards', 'distanceDonations', 'distanceDonations.donor', 'distanceDonations.runner', 'distanceDonations.runner.scans', 'distanceDonations.runner.scans.track'] }));
-		response.token = JwtCreator.createSelfService(runner);
-
-		try {
-			await Mailer.sendSelfserviceWelcomeMail(runner.email, response.token, "en")
-		} catch (error) {
-			throw new MailSendingError();
-		}
-
-		return response;
-	}
-
-	@Get('/organizations/selfservice/:token')
-	@ResponseSchema(ResponseSelfServiceOrganisation, { isArray: false })
-	@ResponseSchema(RunnerOrganizationNotFoundError, { statusCode: 404 })
-	@OpenAPI({ description: 'Get the basic info and teams for a org.' })
-	async getSelfserviceOrg(@Param('token') token: string) {
-		const orgid = (await this.getOrgansisation(token)).id;
-		const org = await this.orgRepository.findOne({ id: orgid }, { relations: ['teams'] })
-
-		return new ResponseSelfServiceOrganisation(<RunnerOrganization>org);
-	}
-
-	/**
-	 * Get's a runner by a provided jwt token.
-	 * @param token The runner jwt provided by the runner to identitfy themselves.
-	 */
-	private async getRunner(token: string): Promise<Runner> {
-		if (token == "") { throw new JwtNotProvidedError(); }
-		let jwtPayload = undefined
-		try {
-			jwtPayload = <any>jwt.verify(token, config.jwt_secret);
-		} catch (error) {
-			throw new InvalidCredentialsError();
-		}
-
-		const runner = await this.runnerRepository.findOne({ id: jwtPayload["id"] }, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards', 'distanceDonations', 'distanceDonations.donor', 'distanceDonations.runner', 'distanceDonations.runner.scans', 'distanceDonations.runner.scans.track'] });
-		if (!runner) { throw new RunnerNotFoundError() }
-		return runner;
-	}
-
-	/**
-	 * Get's a runner org by a provided registration api key.
-	 * @param token The organization's registration api token.
-	 */
-	private async getOrgansisation(token: string): Promise<RunnerGroup> {
-		token = Buffer.from(token, 'base64').toString('utf8');
-
-		const organization = await this.orgRepository.findOne({ key: token });
-		if (!organization) { throw new RunnerOrganizationNotFoundError; }
-
-		return organization;
-	}
+import { Request } from "express";
+import * as jwt from "jsonwebtoken";
+import { Body, Delete, Get, JsonController, OnUndefined, Param, Post, QueryParam, Req, UseBefore } from 'routing-controllers';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+import { getConnectionManager, Repository } from 'typeorm';
+import { config } from '../config';
+import { InvalidCredentialsError, JwtNotProvidedError } from '../errors/AuthError';
+import { MailSendingError } from '../errors/MailErrors';
+import { RunnerEmailNeededError, RunnerHasDistanceDonationsError, RunnerNotFoundError, RunnerSelfserviceTimeoutError } from '../errors/RunnerErrors';
+import { RunnerOrganizationNotFoundError } from '../errors/RunnerOrganizationErrors';
+import { ScanStationNotFoundError } from '../errors/ScanStationErrors';
+import { JwtCreator } from '../jwtcreator';
+import { Mailer } from '../mailer';
+import ScanAuth from '../middlewares/ScanAuth';
+import { CreateSelfServiceCitizenRunner } from '../models/actions/create/CreateSelfServiceCitizenRunner';
+import { CreateSelfServiceRunner } from '../models/actions/create/CreateSelfServiceRunner';
+import { Runner } from '../models/entities/Runner';
+import { RunnerGroup } from '../models/entities/RunnerGroup';
+import { RunnerOrganization } from '../models/entities/RunnerOrganization';
+import { ScanStation } from '../models/entities/ScanStation';
+import { ResponseEmpty } from '../models/responses/ResponseEmpty';
+import { ResponseScanStation } from '../models/responses/ResponseScanStation';
+import { ResponseSelfServiceOrganisation } from '../models/responses/ResponseSelfServiceOrganisation';
+import { ResponseSelfServiceRunner } from '../models/responses/ResponseSelfServiceRunner';
+import { ResponseSelfServiceScan } from '../models/responses/ResponseSelfServiceScan';
+import { DonationController } from './DonationController';
+import { RunnerCardController } from './RunnerCardController';
+import { ScanController } from './ScanController';
+
+@JsonController()
+export class RunnerSelfServiceController {
+	private runnerRepository: Repository<Runner>;
+	private orgRepository: Repository<RunnerOrganization>;
+	private stationRepository: Repository<ScanStation>;
+
+	/**
+	 * Gets the repository of this controller's model/entity.
+	 */
+	constructor() {
+		this.runnerRepository = getConnectionManager().get().getRepository(Runner);
+		this.orgRepository = getConnectionManager().get().getRepository(RunnerOrganization);
+		this.stationRepository = getConnectionManager().get().getRepository(ScanStation);
+	}
+
+	@Get('/runners/me/:jwt')
+	@ResponseSchema(ResponseSelfServiceRunner)
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+	@OnUndefined(RunnerNotFoundError)
+	@OpenAPI({ description: 'Lists all information about yourself. <br> Please provide your runner jwt(that code we gave you during registration) for auth. <br> If you lost your jwt/personalized link please use the forgot endpoint.' })
+	async get(@Param('jwt') token: string) {
+		return (new ResponseSelfServiceRunner(await this.getRunner(token)));
+	}
+
+	@Delete('/runners/me/:jwt')
+	@ResponseSchema(ResponseSelfServiceRunner)
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+	@OnUndefined(RunnerNotFoundError)
+	@OpenAPI({ description: 'Deletes all information about yourself. <br> Please provide your runner jwt(that code we gave you during registration) for auth. <br> If you lost your jwt/personalized link please use the forgot endpoint.' })
+	async remove(@Param('jwt') token: string, @QueryParam("force") force: boolean) {
+		const responseRunner = await this.getRunner(token);
+		let runner = await this.runnerRepository.findOne({ id: responseRunner.id });
+
+		if (!runner) { return null; }
+		if (!runner) {
+			throw new RunnerNotFoundError();
+		}
+
+		const runnerDonations = (await this.runnerRepository.findOne({ id: runner.id }, { relations: ["distanceDonations"] })).distanceDonations;
+		if (runnerDonations.length > 0 && !force) {
+			throw new RunnerHasDistanceDonationsError();
+		}
+		const donationController = new DonationController();
+		for (let donation of runnerDonations) {
+			await donationController.remove(donation.id, force);
+		}
+
+		const runnerCards = (await this.runnerRepository.findOne({ id: runner.id }, { relations: ["cards"] })).cards;
+		const cardController = new RunnerCardController;
+		for (let card of runnerCards) {
+			await cardController.remove(card.id, force);
+		}
+
+		const runnerScans = (await this.runnerRepository.findOne({ id: runner.id }, { relations: ["scans"] })).scans;
+		const scanController = new ScanController;
+		for (let scan of runnerScans) {
+			await scanController.remove(scan.id, force);
+		}
+
+		await this.runnerRepository.delete(runner);
+		return new ResponseSelfServiceRunner(responseRunner);
+	}
+
+	@Get('/runners/me/:jwt/scans')
+	@ResponseSchema(ResponseSelfServiceScan, { isArray: true })
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+	@OnUndefined(RunnerNotFoundError)
+	@OpenAPI({ description: 'Lists all your (runner) scans. <br> Please provide your runner jwt(that code we gave you during registration) for auth. <br> If you lost your jwt/personalized link please contact support.' })
+	async getScans(@Param('jwt') token: string) {
+		const scans = (await this.getRunner(token)).scans;
+		let responseScans = new Array<ResponseSelfServiceScan>()
+		for (let scan of scans) {
+			responseScans.push(new ResponseSelfServiceScan(scan));
+		}
+		return responseScans;
+	}
+
+	@Get('/stations/me')
+	@UseBefore(ScanAuth)
+	@ResponseSchema(ResponseScanStation)
+	@ResponseSchema(ScanStationNotFoundError, { statusCode: 404 })
+	@OnUndefined(ScanStationNotFoundError)
+	@OpenAPI({ description: 'Lists basic information about the station whose token got provided. <br> This includes it\'s associated track.', security: [{ "StationApiToken": [] }] })
+	async getStationMe(@Req() req: Request) {
+		let scan = await this.stationRepository.findOne({ id: parseInt(req.headers["station_id"].toString()) }, { relations: ['track'] })
+		if (!scan) { throw new ScanStationNotFoundError(); }
+		return scan.toResponse();
+	}
+
+	@Post('/runners/forgot')
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+	@OnUndefined(ResponseEmpty)
+	@OpenAPI({ description: 'Use this endpoint to reuqest a new selfservice token/link to be sent to your mail address (rate limited to one mail every 24hrs).' })
+	async requestNewToken(@QueryParam('mail') mail: string, @QueryParam("locale") locale: string = "en") {
+		if (!mail) {
+			throw new RunnerNotFoundError();
+		}
+		const runner = await this.runnerRepository.findOne({ email: mail });
+		if (!runner) { throw new RunnerNotFoundError(); }
+
+		if (runner.resetRequestedTimestamp > (Math.floor(Date.now() / 1000) - 60 * 60 * 24)) { throw new RunnerSelfserviceTimeoutError(); }
+		const token = JwtCreator.createSelfService(runner);
+
+		try {
+			await Mailer.sendSelfserviceForgottenMail(runner.email, token, locale)
+		} catch (error) {
+			throw new MailSendingError();
+		}
+
+		runner.resetRequestedTimestamp = Math.floor(Date.now() / 1000);
+		await this.runnerRepository.save(runner);
+
+		return { token };
+	}
+
+	@Post('/runners/register')
+	@ResponseSchema(ResponseSelfServiceRunner)
+	@ResponseSchema(RunnerEmailNeededError, { statusCode: 406 })
+	@OpenAPI({ description: 'Create a new selfservice runner in the citizen org. <br> This endpoint shoud be used to allow "everyday citizen" to register themselves. <br> You have to provide a mail address, b/c the future we\'ll implement email verification.' })
+	async registerRunner(@Body({ validate: true }) createRunner: CreateSelfServiceCitizenRunner, @QueryParam("locale") locale: string = "en") {
+		let runner = await createRunner.toEntity();
+
+		runner = await this.runnerRepository.save(runner);
+		let response = new ResponseSelfServiceRunner(await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards', 'distanceDonations', 'distanceDonations.donor', 'distanceDonations.runner', 'distanceDonations.runner.scans', 'distanceDonations.runner.scans.track'] }));
+		response.token = JwtCreator.createSelfService(runner);
+
+		try {
+			await Mailer.sendSelfserviceWelcomeMail(runner.email, response.token, locale)
+		} catch (error) {
+			throw new MailSendingError();
+		}
+
+		return response;
+	}
+
+	@Post('/runners/register/:token')
+	@ResponseSchema(ResponseSelfServiceRunner)
+	@ResponseSchema(RunnerOrganizationNotFoundError, { statusCode: 404 })
+	@OpenAPI({ description: 'Create a new selfservice runner in a provided org. <br> The orgs get provided and authorized via api tokens that can be optained via the /organizations endpoint.' })
+	async registerOrganizationRunner(@Param('token') token: string, @Body({ validate: true }) createRunner: CreateSelfServiceRunner, @QueryParam("locale") locale: string = "en") {
+		const org = await this.getOrgansisation(token);
+
+		let runner = await createRunner.toEntity(org);
+		runner = await this.runnerRepository.save(runner);
+
+		let response = new ResponseSelfServiceRunner(await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards', 'distanceDonations', 'distanceDonations.donor', 'distanceDonations.runner', 'distanceDonations.runner.scans', 'distanceDonations.runner.scans.track'] }));
+		response.token = JwtCreator.createSelfService(runner);
+
+		try {
+			await Mailer.sendSelfserviceWelcomeMail(runner.email, response.token, locale)
+		} catch (error) {
+			throw new MailSendingError();
+		}
+
+		return response;
+	}
+
+	@Get('/organizations/selfservice/:token')
+	@ResponseSchema(ResponseSelfServiceOrganisation, { isArray: false })
+	@ResponseSchema(RunnerOrganizationNotFoundError, { statusCode: 404 })
+	@OpenAPI({ description: 'Get the basic info and teams for a org.' })
+	async getSelfserviceOrg(@Param('token') token: string) {
+		const orgid = (await this.getOrgansisation(token)).id;
+		const org = await this.orgRepository.findOne({ id: orgid }, { relations: ['teams'] })
+
+		return new ResponseSelfServiceOrganisation(<RunnerOrganization>org);
+	}
+
+	/**
+	 * Get's a runner by a provided jwt token.
+	 * @param token The runner jwt provided by the runner to identitfy themselves.
+	 */
+	private async getRunner(token: string): Promise<Runner> {
+		if (token == "") { throw new JwtNotProvidedError(); }
+		let jwtPayload = undefined
+		try {
+			jwtPayload = <any>jwt.verify(token, config.jwt_secret);
+		} catch (error) {
+			throw new InvalidCredentialsError();
+		}
+
+		const runner = await this.runnerRepository.findOne({ id: jwtPayload["id"] }, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards', 'distanceDonations', 'distanceDonations.donor', 'distanceDonations.runner', 'distanceDonations.runner.scans', 'distanceDonations.runner.scans.track'] });
+		if (!runner) { throw new RunnerNotFoundError() }
+		return runner;
+	}
+
+	/**
+	 * Get's a runner org by a provided registration api key.
+	 * @param token The organization's registration api token.
+	 */
+	private async getOrgansisation(token: string): Promise<RunnerGroup> {
+		token = Buffer.from(token, 'base64').toString('utf8');
+
+		const organization = await this.orgRepository.findOne({ key: token });
+		if (!organization) { throw new RunnerOrganizationNotFoundError; }
+
+		return organization;
+	}
 }
--- a/src/controllers/UserController.ts
+++ b/src/controllers/UserController.ts
@@ -1,7 +1,7 @@
 import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
-import { UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
+import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
 import { UserGroupNotFoundError } from '../errors/UserGroupErrors';
 import { CreateUser } from '../models/actions/create/CreateUser';
 import { UpdateUser } from '../models/actions/update/UpdateUser';
@@ -66,6 +66,10 @@ export class UserController {
 	@ResponseSchema(ResponseUser)
 	@ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
 	@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainUppercaseLetterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainLowercaseLetterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainNumberError, { statusCode: 406 })
+	@ResponseSchema(PasswordTooShortError, { statusCode: 406 })
 	@OpenAPI({ description: 'Create a new user. <br> If you want to grant permissions to the user you have to create them seperately by posting to /api/permissions after creating the user.' })
 	async post(@Body({ validate: true }) createUser: CreateUser) {
 		let user;
@@ -85,6 +89,10 @@ export class UserController {
 	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
 	@ResponseSchema(UserIdsNotMatchingError, { statusCode: 406 })
 	@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainUppercaseLetterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainLowercaseLetterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainNumberError, { statusCode: 406 })
+	@ResponseSchema(PasswordTooShortError, { statusCode: 406 })
 	@OpenAPI({ description: "Update the user whose id you provided. <br> To change the permissions directly granted to the user please use /api/permissions instead. <br> Please remember that ids can't be changed." })
 	async put(@Param('id') id: number, @Body({ validate: true }) updateUser: UpdateUser) {
 		let oldUser = await this.userRepository.findOne({ id: id });
--- a/src/errors/UserErrors.ts
+++ b/src/errors/UserErrors.ts
@@ -71,4 +71,33 @@ export class UserDeletionNotConfirmedError extends NotAcceptableError {

 	@IsString()
 	message = "You are trying to delete a user! \n If you're sure about doing this: provide the ?force=true query param."
+}
+
+export class PasswordMustContainUppercaseLetterError extends NotAcceptableError {
+	@IsString()
+	name = "PasswordMustContainUppercaseLetterError"
+
+	@IsString()
+	message = "Passwords must contain at least one uppercase letter."
+}
+export class PasswordMustContainLowercaseLetterError extends NotAcceptableError {
+	@IsString()
+	name = "PasswordMustContainLowercaseLetterError"
+
+	@IsString()
+	message = "Passwords must contain at least one lowercase letter."
+}
+export class PasswordMustContainNumberError extends NotAcceptableError {
+	@IsString()
+	name = "PasswordMustContainNumberError"
+
+	@IsString()
+	message = "Passwords must contain at least one number."
+}
+export class PasswordTooShortError extends NotAcceptableError {
+	@IsString()
+	name = "PasswordTooShortError"
+
+	@IsString()
+	message = "Passwords must be at least ten characters long."
 }
--- a/src/models/actions/create/CreateUser.ts
+++ b/src/models/actions/create/CreateUser.ts
@@ -1,9 +1,10 @@
 import * as argon2 from "argon2";
+import { passwordStrength } from "check-password-strength";
 import { IsBoolean, IsEmail, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator';
 import { getConnectionManager } from 'typeorm';
 import * as uuid from 'uuid';
 import { config } from '../../../config';
-import { UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
+import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
 import { UserGroupNotFoundError } from '../../../errors/UserGroupErrors';
 import { User } from '../../entities/User';
 import { UserGroup } from '../../entities/UserGroup';
@@ -94,7 +95,13 @@ export class CreateUser {
        if (!this.email) {
            throw new UserEmailNeededError();
        }
-        if (this.username.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }
+        if (this.username?.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }
+
+        let password_strength = passwordStrength(this.password);
+        if (!password_strength.contains.includes("uppercase")) { throw new PasswordMustContainUppercaseLetterError(); }
+        if (!password_strength.contains.includes("lowercase")) { throw new PasswordMustContainLowercaseLetterError(); }
+        if (!password_strength.contains.includes("number")) { throw new PasswordMustContainNumberError(); }
+        if (!(password_strength.length > 9)) { throw new PasswordTooShortError(); }

        newUser.email = this.email
        newUser.username = this.username
--- a/src/models/actions/update/UpdateUser.ts
+++ b/src/models/actions/update/UpdateUser.ts
@@ -1,12 +1,14 @@
 import * as argon2 from "argon2";
+import { passwordStrength } from "check-password-strength";
 import { IsBoolean, IsEmail, IsInt, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator';
 import { getConnectionManager } from 'typeorm';
 import { config } from '../../../config';
-import { UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
+import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
 import { UserGroupNotFoundError } from '../../../errors/UserGroupErrors';
 import { User } from '../../entities/User';
 import { UserGroup } from '../../entities/UserGroup';

+
 /**
 * This class is used to update a User entity (via put request).
 */
@@ -104,6 +106,11 @@ export class UpdateUser {
        if (this.username.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }

        if (this.password) {
+            let password_strength = passwordStrength(this.password);
+            if (!password_strength.contains.includes("uppercase")) { throw new PasswordMustContainUppercaseLetterError(); }
+            if (!password_strength.contains.includes("lowercase")) { throw new PasswordMustContainLowercaseLetterError(); }
+            if (!password_strength.contains.includes("number")) { throw new PasswordMustContainNumberError(); }
+            if (!(password_strength.length > 9)) { throw new PasswordTooShortError(); }
            user.password = await argon2.hash(this.password + user.uuid);
            user.refreshTokenCount = user.refreshTokenCount + 1;
        }
--- a/src/models/enums/ResponseObjectType.ts
+++ b/src/models/enums/ResponseObjectType.ts
@@ -35,4 +35,5 @@ export enum ResponseObjectType {
    USER = 'USER',
    USERGROUP = 'USERGROUP',
    USERPERMISSIONS = 'USERPERMISSIONS',
+    SELFSERVICEDONOR = 'SELFSERVICEDONOR'
 }
--- a/src/models/responses/ResponseSelfServiceDonation.ts
+++ b/src/models/responses/ResponseSelfServiceDonation.ts
@@ -2,6 +2,7 @@ import { IsInt, IsNotEmpty, IsPositive } from 'class-validator';
 import { DistanceDonation } from '../entities/DistanceDonation';
 import { ResponseObjectType } from '../enums/ResponseObjectType';
 import { IResponse } from './IResponse';
+import { ResponseSelfServiceDonor } from './ResponseSelfServiceDonor';

 /**
 * Defines the runner selfservice donation response.
@@ -18,7 +19,7 @@ export class ResponseSelfServiceDonation implements IResponse {
     * The donation's donor.
     */
    @IsNotEmpty()
-    donor: string;
+    donor: ResponseSelfServiceDonor;

    /**
     * The donation's amount in the smalles unit of your currency (default: euro cent).
@@ -35,9 +36,7 @@ export class ResponseSelfServiceDonation implements IResponse {
    amountPerDistance: number;

    public constructor(donation: DistanceDonation) {
-        if (!donation.donor.middlename) { this.donor = donation.donor.firstname + " " + donation.donor.lastname; }
-        else { this.donor = donation.donor.firstname + " " + donation.donor.middlename + " " + donation.donor.lastname; }
-
+        this.donor = new ResponseSelfServiceDonor(donation.donor);
        this.amountPerDistance = donation.amountPerDistance;
        this.amount = donation.amount;
    }
--- a/src/models/responses/ResponseSelfServiceDonor.ts
+++ b/src/models/responses/ResponseSelfServiceDonor.ts
@@ -0,0 +1,51 @@
+import { IsInt, IsString } from "class-validator";
+import { Donor } from '../entities/Donor';
+import { ResponseObjectType } from '../enums/ResponseObjectType';
+import { IResponse } from './IResponse';
+
+/**
+ * Defines the donor selfservice response.
+ * Why? B/C runner's are not allowed to view all information available to admin users.
+*/
+export class ResponseSelfServiceDonor implements IResponse {
+    /**
+    * The responseType.
+    * This contains the type of class/entity this response contains.
+    */
+    responseType: ResponseObjectType = ResponseObjectType.SELFSERVICEDONOR;
+
+    /**
+     * The participant's id.
+     */
+    @IsInt()
+    id: number;
+
+    /**
+     * The participant's first name.
+     */
+    @IsString()
+    firstname: string;
+
+    /**
+     * The participant's middle name.
+     */
+    @IsString()
+    middlename?: string;
+
+    /**
+     * The participant's last name.
+     */
+    @IsString()
+    lastname: string;
+
+    /**
+     * Creates a ResponseSelfServiceDonor object from a runner.
+     * @param donor The donor the response shall be build for.
+     */
+    public constructor(donor: Donor) {
+        this.id = donor.id;
+        this.firstname = donor.firstname;
+        this.middlename = donor.middlename;
+        this.lastname = donor.lastname;
+    }
+}
--- a/src/models/responses/ResponseSelfServiceRunner.ts
+++ b/src/models/responses/ResponseSelfServiceRunner.ts
@@ -38,10 +38,10 @@ export class ResponseSelfServiceRunner extends ResponseParticipant implements IR
    group: string;

    /**
-     * The runner's associated donations.
+     * The runner's associated distance donations.
     */
    @IsString()
-    donations: ResponseSelfServiceDonation[]
+    distanceDonations: ResponseSelfServiceDonation[]

    /**
     * The runner's self-service jwt for auth.
@@ -60,7 +60,7 @@ export class ResponseSelfServiceRunner extends ResponseParticipant implements IR
        this.distance = runner.distance;
        this.donationAmount = runner.distanceDonationAmount;
        this.group = this.getTeamString(runner.group);
-        this.donations = this.getDonations(runner.distanceDonations);
+        this.distanceDonations = this.getDonations(runner.distanceDonations);
    }

    /**
--- a/src/seeds/SeedUsers.ts
+++ b/src/seeds/SeedUsers.ts
@@ -1,14 +1,14 @@
+import * as argon2 from "argon2";
 import { Connection } from 'typeorm';
 import { Factory, Seeder } from 'typeorm-seeding';
+import * as uuid from 'uuid';
 import { CreatePermission } from '../models/actions/create/CreatePermission';
-import { CreateUser } from '../models/actions/create/CreateUser';
 import { CreateUserGroup } from '../models/actions/create/CreateUserGroup';
 import { Permission } from '../models/entities/Permission';
 import { User } from '../models/entities/User';
 import { UserGroup } from '../models/entities/UserGroup';
 import { PermissionAction } from '../models/enums/PermissionAction';
 import { PermissionTarget } from '../models/enums/PermissionTargets';
-
 /**
 * Seeds a admin group with a demo user into the database for initial setup and auto recovery.
 * We know that the nameing isn't perfectly fitting. Feel free to change it.
@@ -16,7 +16,7 @@ import { PermissionTarget } from '../models/enums/PermissionTargets';
 export default class SeedUsers implements Seeder {
    public async run(factory: Factory, connection: Connection): Promise<any> {
        let adminGroup: UserGroup = await this.createAdminGroup(connection);
-        await this.createUser(connection, adminGroup.id);
+        await this.createUser(connection, adminGroup);
        await this.createPermissions(connection, adminGroup.id);
    }

@@ -27,15 +27,16 @@ export default class SeedUsers implements Seeder {
        return await connection.getRepository(UserGroup).save(await adminGroup.toEntity());
    }

-    public async createUser(connection: Connection, group: number) {
-        let initialUser = new CreateUser();
+    public async createUser(connection: Connection, group: UserGroup) {
+        let initialUser = new User();
        initialUser.firstname = "demo";
        initialUser.lastname = "demo";
        initialUser.username = "demo";
-        initialUser.password = "demo";
+        initialUser.uuid = uuid.v4();
+        initialUser.password = await argon2.hash("demo" + initialUser.uuid);
        initialUser.email = "demo@dev.lauf-fuer-kaya.de"
-        initialUser.groups = group;
-        return await connection.getRepository(User).save(await initialUser.toEntity());
+        initialUser.groups = [group];
+        return await connection.getRepository(User).save(initialUser);
    }

    public async createPermissions(connection: Connection, principal: number) {
--- a/src/tests/auth/auth_logout.spec.ts
+++ b/src/tests/auth/auth_logout.spec.ts
@@ -11,12 +11,12 @@ beforeAll(async () => {
    jest.setTimeout(20000);
    const res_login = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    await axios.post(base + '/api/users', {
-        "firstname": "demo_logout",
-        "middlename": "demo_logout",
-        "lastname": "demo_logout",
-        "username": "demo_logout",
-        "password": "demo_logout",
-        "email": "demo_logout@dev.lauf-fuer-kaya.de"
+        "firstname": "demo_logoutASD123",
+        "middlename": "demo_logoutASD123",
+        "lastname": "demo_logoutASD123",
+        "username": "demo_logoutASD123",
+        "password": "demo_logoutASD123",
+        "email": "demo_logoutASD123@dev.lauf-fuer-kaya.de"
    }, {
        headers: { "authorization": "Bearer " + res_login.data["access_token"] },
        validateStatus: undefined
@@ -26,7 +26,7 @@ beforeAll(async () => {
 describe('POST /api/auth/logout valid', () => {
    let refresh_coookie;
    it('valid logout with token in cookie should return 200', async () => {
-        const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logout", password: "demo_logout" });
+        const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logoutASD123", password: "demo_logoutASD123" });
        refresh_coookie = res_login.headers["set-cookie"];
        const res = await axios.post(base + '/api/auth/logout', null, {
            headers: { "Cookie": refresh_coookie },
@@ -35,7 +35,7 @@ describe('POST /api/auth/logout valid', () => {
        expect(res.status).toEqual(200);
    });
    it('valid logout with token in body should return 200', async () => {
-        const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logout", password: "demo_logout" });
+        const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logoutASD123", password: "demo_logoutASD123" });
        const res = await axios.post(base + '/api/auth/logout', { token: res_login.data["refresh_token"] }, axios_config);
        expect(res.status).toEqual(200);
    });
--- a/src/tests/auth/auth_refresh.spec.ts
+++ b/src/tests/auth/auth_refresh.spec.ts
@@ -11,12 +11,12 @@ beforeAll(async () => {
    jest.setTimeout(20000);
    const res_login = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    await axios.post(base + '/api/users', {
-        "firstname": "demo_refresh",
-        "middlename": "demo_refresh",
-        "lastname": "demo_refresh",
-        "username": "demo_refresh",
-        "password": "demo_refresh",
-        "email": "demo_refresh@dev.lauf-fuer-kaya.de"
+        "firstname": "demo_refreshASD312",
+        "middlename": "demo_refreshASD312",
+        "lastname": "demo_refreshASD312",
+        "username": "demo_refreshASD312",
+        "password": "demo_refreshASD312",
+        "email": "demo_refreshASD312@dev.lauf-fuer-kaya.de"
    }, {
        headers: { "authorization": "Bearer " + res_login.data["access_token"] },
        validateStatus: undefined
@@ -25,7 +25,7 @@ beforeAll(async () => {

 describe('POST /api/auth/refresh valid', () => {
    it('valid refresh with token in cookie should return 200', async () => {
-        const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refresh", password: "demo_refresh" });
+        const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refreshASD312", password: "demo_refreshASD312" });
        const res = await axios.post(base + '/api/auth/refresh', null, {
            headers: { "Cookie": res_login.headers["set-cookie"] },
            validateStatus: undefined
@@ -33,7 +33,7 @@ describe('POST /api/auth/refresh valid', () => {
        expect(res.status).toEqual(200);
    });
    it('valid refresh with token in body should return 200', async () => {
-        const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refresh", password: "demo_refresh" });
+        const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refreshASD312", password: "demo_refreshASD312" });
        const res = await axios.post(base + '/api/auth/refresh', { token: res_login.data["refresh_token"] }, axios_config);
        expect(res.status).toEqual(200);
    });
--- a/src/tests/auth/auth_reset.spec.ts
+++ b/src/tests/auth/auth_reset.spec.ts
@@ -11,23 +11,23 @@ beforeAll(async () => {
    jest.setTimeout(20000);
    const res_login = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
    await axios.post(base + '/api/users', {
-        "firstname": "demo_reset",
-        "middlename": "demo_reset",
-        "lastname": "demo_reset",
-        "username": "demo_reset",
-        "password": "demo_reset",
-        "email": "demo_reset1@dev.lauf-fuer-kaya.de"
+        "firstname": "demo_resetASD312",
+        "middlename": "demo_resetASD312",
+        "lastname": "demo_resetASD312",
+        "username": "demo_resetASD312",
+        "password": "demo_resetASD312",
+        "email": "demo_resetASD3121@dev.lauf-fuer-kaya.de"
    }, {
        headers: { "authorization": "Bearer " + res_login.data["access_token"] },
        validateStatus: undefined
    });
    await axios.post(base + '/api/users', {
-        "firstname": "demo_reset2",
-        "middlename": "demo_reset2",
-        "lastname": "demo_reset2",
-        "username": "demo_reset2",
-        "password": "demo_reset2",
-        "email": "demo_reset2@dev.lauf-fuer-kaya.de"
+        "firstname": "demo_resetASD3122",
+        "middlename": "demo_resetASD3122",
+        "lastname": "demo_resetASD3122",
+        "username": "demo_resetASD3122",
+        "password": "demo_resetASD3122",
+        "email": "demo_resetASD3122@dev.lauf-fuer-kaya.de"
    }, {
        headers: { "authorization": "Bearer " + res_login.data["access_token"] },
        validateStatus: undefined
@@ -37,7 +37,7 @@ beforeAll(async () => {
 describe('POST /api/auth/reset valid', () => {
    let reset_token;
    it('valid reset token request should return 200 (500 w/o correct auth)', async () => {
-        const res1 = await axios.post(base + '/api/auth/reset', { email: "demo_reset1@dev.lauf-fuer-kaya.de" }, axios_config);
+        const res1 = await axios.post(base + '/api/auth/reset', { email: "demo_resetASD3121@dev.lauf-fuer-kaya.de" }, axios_config);
        reset_token = res1.data.resetToken;
        expect(res1.status).toEqual(200);
    });
@@ -45,8 +45,8 @@ describe('POST /api/auth/reset valid', () => {
 // ---------------
 describe('POST /api/auth/reset invalid requests', () => {
    it('request another password reset before the timeout should return 406', async () => {
-        const res1 = await axios.post(base + '/api/auth/reset', { email: "demo_reset2@dev.lauf-fuer-kaya.de" }, axios_config);
-        const res2 = await axios.post(base + '/api/auth/reset', { email: "demo_reset2@dev.lauf-fuer-kaya.de" }, axios_config);
+        const res1 = await axios.post(base + '/api/auth/reset', { email: "demo_resetASD3122@dev.lauf-fuer-kaya.de" }, axios_config);
+        const res2 = await axios.post(base + '/api/auth/reset', { email: "demo_resetASD3122@dev.lauf-fuer-kaya.de" }, axios_config);
        expect(res2.status).toEqual(406);
    });
 });
--- a/src/tests/cards/cards_add.spec.ts
+++ b/src/tests/cards/cards_add.spec.ts
@@ -1,174 +1,186 @@
-import axios from 'axios';
-import { config } from '../../config';
-const base = "http://localhost:" + config.internal_port
-
-let access_token;
-let axios_config;
-
-beforeAll(async () => {
-	jest.setTimeout(20000);
-	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
-	access_token = res.data["access_token"];
-	axios_config = {
-		headers: { "authorization": "Bearer " + access_token },
-		validateStatus: undefined
-	};
-});
-
-
-describe('POST /api/cards illegally', () => {
-	it('non-existant runner input should return 404', async () => {
-		const res = await axios.post(base + '/api/cards', {
-			"runner": 999999999999999999999999
-		}, axios_config);
-		expect(res.status).toEqual(404);
-		expect(res.headers['content-type']).toContain("application/json")
-	});
-});
-// ---------------
-describe('POST /api/cards successfully (without runner)', () => {
-	it('creating a card with the minimum amount of parameters should return 200', async () => {
-		const res = await axios.post(base + '/api/cards', null, axios_config);
-		expect(res.status).toEqual(200);
-		expect(res.headers['content-type']).toContain("application/json");
-		delete res.data.id;
-		delete res.data.code;
-		expect(res.data).toEqual({
-			"runner": null,
-			"enabled": true,
-			"responseType": "RUNNERCARD"
-		});
-	});
-	it('creating a disabled card should return 200', async () => {
-		const res = await axios.post(base + '/api/cards', {
-			"enabled": false
-		}, axios_config);
-		expect(res.status).toEqual(200);
-		expect(res.headers['content-type']).toContain("application/json");
-		delete res.data.id;
-		delete res.data.code;
-		expect(res.data).toEqual({
-			"runner": null,
-			"enabled": false,
-			"responseType": "RUNNERCARD"
-		});
-	});
-	it('creating a enabled card should return 200', async () => {
-		const res = await axios.post(base + '/api/cards', {
-			"enabled": true
-		}, axios_config);
-		expect(res.status).toEqual(200);
-		expect(res.headers['content-type']).toContain("application/json");
-		delete res.data.id;
-		delete res.data.code;
-		expect(res.data).toEqual({
-			"runner": null,
-			"enabled": true,
-			"responseType": "RUNNERCARD"
-		});
-	});
-});
-// ---------------
-describe('POST /api/cards successfully (with runner)', () => {
-	let added_org;
-	let added_runner;
-	it('creating a new org with just a name should return 200', async () => {
-		const res1 = await axios.post(base + '/api/organizations', {
-			"name": "test123"
-		}, axios_config);
-		added_org = res1.data
-		expect(res1.status).toEqual(200);
-		expect(res1.headers['content-type']).toContain("application/json")
-	});
-	it('creating a new runner with only needed params should return 200', async () => {
-		const res2 = await axios.post(base + '/api/runners', {
-			"firstname": "first",
-			"lastname": "last",
-			"group": added_org.id
-		}, axios_config);
-		added_runner = res2.data;
-		expect(res2.status).toEqual(200);
-		expect(res2.headers['content-type']).toContain("application/json")
-	});
-	it('creating a card with the minimum amount of parameters should return 200', async () => {
-		const res = await axios.post(base + '/api/cards', {
-			"runner": added_runner.id
-		}, axios_config);
-		expect(res.status).toEqual(200);
-		expect(res.headers['content-type']).toContain("application/json");
-		delete res.data.id;
-		delete res.data.code;
-		expect(res.data).toEqual({
-			"runner": added_runner,
-			"enabled": true,
-			"responseType": "RUNNERCARD"
-		});
-	});
-	it('creating a card with runner (no optional params) should return 200', async () => {
-		const res = await axios.post(base + '/api/cards', {
-			"runner": added_runner.id
-		}, axios_config);
-		expect(res.status).toEqual(200);
-		expect(res.headers['content-type']).toContain("application/json");
-		delete res.data.id;
-		delete res.data.code;
-		expect(res.data).toEqual({
-			"runner": added_runner,
-			"enabled": true,
-			"responseType": "RUNNERCARD"
-		});
-	});
-	it('creating a enabled card with runner should return 200', async () => {
-		const res = await axios.post(base + '/api/cards', {
-			"runner": added_runner.id,
-			"enabled": true
-		}, axios_config);
-		expect(res.status).toEqual(200);
-		expect(res.headers['content-type']).toContain("application/json");
-		delete res.data.id;
-		delete res.data.code;
-		expect(res.data).toEqual({
-			"runner": added_runner,
-			"enabled": true,
-			"responseType": "RUNNERCARD"
-		});
-	});
-	it('creating a disabled card with runner should return 200', async () => {
-		const res = await axios.post(base + '/api/cards', {
-			"runner": added_runner.id,
-			"enabled": false
-		}, axios_config);
-		expect(res.status).toEqual(200);
-		expect(res.headers['content-type']).toContain("application/json");
-		delete res.data.id;
-		delete res.data.code;
-		expect(res.data).toEqual({
-			"runner": added_runner,
-			"enabled": false,
-			"responseType": "RUNNERCARD"
-		});
-	});
-});
-// ---------------
-describe('POST /api/cards/bulk successfully', () => {
-	it('creating a single new bulk card should return 200', async () => {
-		const res = await axios.post(base + '/api/cards/bulk?count=1', {}, axios_config);
-		expect(res.status).toEqual(200);
-		expect(res.headers['content-type']).toContain("application/json");
-	});
-	it('creating 50 new bulk card should return 200', async () => {
-		const res = await axios.post(base + '/api/cards/bulk?count=50', {}, axios_config);
-		expect(res.status).toEqual(200);
-		expect(res.headers['content-type']).toContain("application/json");
-	});
-	it('creating 250 new bulk card should return 200', async () => {
-		const res = await axios.post(base + '/api/cards/bulk?count=250', {}, axios_config);
-		expect(res.status).toEqual(200);
-		expect(res.headers['content-type']).toContain("application/json");
-	});
-	it('creating 2000 new bulk card should return 200', async () => {
-		const res = await axios.post(base + '/api/cards/bulk?count=2000', {}, axios_config);
-		expect(res.status).toEqual(200);
-		expect(res.headers['content-type']).toContain("application/json");
-	});
+import axios from 'axios';
+import { config } from '../../config';
+const base = "http://localhost:" + config.internal_port
+
+let access_token;
+let axios_config;
+
+beforeAll(async () => {
+	jest.setTimeout(20000);
+	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
+	access_token = res.data["access_token"];
+	axios_config = {
+		headers: { "authorization": "Bearer " + access_token },
+		validateStatus: undefined
+	};
+});
+
+
+describe('POST /api/cards illegally', () => {
+	it('non-existant runner input should return 404', async () => {
+		const res = await axios.post(base + '/api/cards', {
+			"runner": 999999999999999999999999
+		}, axios_config);
+		expect(res.status).toEqual(404);
+		expect(res.headers['content-type']).toContain("application/json")
+	});
+});
+// ---------------
+describe('POST /api/cards successfully (without runner)', () => {
+	it('creating a card with the minimum amount of parameters should return 200', async () => {
+		const res = await axios.post(base + '/api/cards', null, axios_config);
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+		delete res.data.id;
+		delete res.data.code;
+		expect(res.data).toEqual({
+			"runner": null,
+			"enabled": true,
+			"responseType": "RUNNERCARD"
+		});
+	});
+	it('creating a disabled card should return 200', async () => {
+		const res = await axios.post(base + '/api/cards', {
+			"enabled": false
+		}, axios_config);
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+		delete res.data.id;
+		delete res.data.code;
+		expect(res.data).toEqual({
+			"runner": null,
+			"enabled": false,
+			"responseType": "RUNNERCARD"
+		});
+	});
+	it('creating a enabled card should return 200', async () => {
+		const res = await axios.post(base + '/api/cards', {
+			"enabled": true
+		}, axios_config);
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+		delete res.data.id;
+		delete res.data.code;
+		expect(res.data).toEqual({
+			"runner": null,
+			"enabled": true,
+			"responseType": "RUNNERCARD"
+		});
+	});
+});
+// ---------------
+describe('POST /api/cards successfully (with runner)', () => {
+	let added_org;
+	let added_runner;
+	it('creating a new org with just a name should return 200', async () => {
+		const res1 = await axios.post(base + '/api/organizations', {
+			"name": "test123"
+		}, axios_config);
+		added_org = res1.data
+		expect(res1.status).toEqual(200);
+		expect(res1.headers['content-type']).toContain("application/json")
+	});
+	it('creating a new runner with only needed params should return 200', async () => {
+		const res2 = await axios.post(base + '/api/runners', {
+			"firstname": "first",
+			"lastname": "last",
+			"group": added_org.id
+		}, axios_config);
+		added_runner = res2.data;
+		expect(res2.status).toEqual(200);
+		expect(res2.headers['content-type']).toContain("application/json")
+	});
+	it('creating a card with the minimum amount of parameters should return 200', async () => {
+		const res = await axios.post(base + '/api/cards', {
+			"runner": added_runner.id
+		}, axios_config);
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+		delete res.data.id;
+		delete res.data.code;
+		expect(res.data).toEqual({
+			"runner": added_runner,
+			"enabled": true,
+			"responseType": "RUNNERCARD"
+		});
+	});
+	it('creating a card with runner (no optional params) should return 200', async () => {
+		const res = await axios.post(base + '/api/cards', {
+			"runner": added_runner.id
+		}, axios_config);
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+		delete res.data.id;
+		delete res.data.code;
+		expect(res.data).toEqual({
+			"runner": added_runner,
+			"enabled": true,
+			"responseType": "RUNNERCARD"
+		});
+	});
+	it('creating a enabled card with runner should return 200', async () => {
+		const res = await axios.post(base + '/api/cards', {
+			"runner": added_runner.id,
+			"enabled": true
+		}, axios_config);
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+		delete res.data.id;
+		delete res.data.code;
+		expect(res.data).toEqual({
+			"runner": added_runner,
+			"enabled": true,
+			"responseType": "RUNNERCARD"
+		});
+	});
+	it('creating a disabled card with runner should return 200', async () => {
+		const res = await axios.post(base + '/api/cards', {
+			"runner": added_runner.id,
+			"enabled": false
+		}, axios_config);
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+		delete res.data.id;
+		delete res.data.code;
+		expect(res.data).toEqual({
+			"runner": added_runner,
+			"enabled": false,
+			"responseType": "RUNNERCARD"
+		});
+	});
+});
+// ---------------
+describe('POST /api/cards/bulk successfully', () => {
+	it('creating a single new bulk card should return 200', async () => {
+		const res = await axios.post(base + '/api/cards/bulk?count=1', {}, axios_config);
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+	});
+	it('creating a single new bulk card and letting the system return it should return 200', async () => {
+		const res = await axios.post(base + '/api/cards/bulk?count=1&returnCards=true', {}, axios_config);
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+		expect(res.data[0].id).toBeDefined();
+	});
+	it('creating 50 new bulk card should return 200', async () => {
+		const res = await axios.post(base + '/api/cards/bulk?count=50', {}, axios_config);
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+	});
+	it('creating 50 new bulk cards and letting the system return it should return 200', async () => {
+		const res = await axios.post(base + '/api/cards/bulk?count=50&returnCards=true', {}, axios_config);
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+		expect(res.data.length).toEqual(50);
+	});
+	it('creating 250 new bulk card should return 200', async () => {
+		const res = await axios.post(base + '/api/cards/bulk?count=250', {}, axios_config);
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+	});
+	it('creating 2000 new bulk card should return 200', async () => {
+		const res = await axios.post(base + '/api/cards/bulk?count=2000', {}, axios_config);
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+	});
 });
--- a/src/tests/runnerOrgs/org_delete.spec.ts
+++ b/src/tests/runnerOrgs/org_delete.spec.ts
@@ -16,7 +16,7 @@ beforeAll(async () => {
 });

 // ---------------
-describe('adding + deletion (non-existant)', () => {
+describe('deletion (non-existant)', () => {
    it('delete', async () => {
        const res2 = await axios.delete(base + '/api/organizations/0', axios_config);
        expect(res2.status).toEqual(204);
--- a/src/tests/users/user_delete.spec.ts
+++ b/src/tests/users/user_delete.spec.ts
@@ -0,0 +1,51 @@
+import axios from 'axios';
+import { config } from '../../config';
+const base = "http://localhost:" + config.internal_port
+
+let access_token;
+let axios_config;
+
+beforeAll(async () => {
+    jest.setTimeout(20000);
+    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
+    access_token = res.data["access_token"];
+    axios_config = {
+        headers: { "authorization": "Bearer " + access_token },
+        validateStatus: undefined
+    };
+});
+
+// ---------------
+describe('adding + deletion (non-existant)', () => {
+    it('delete', async () => {
+        const res2 = await axios.delete(base + '/api/users/0?force=true', axios_config);
+        expect(res2.status).toEqual(204);
+    });
+});
+// ---------------
+describe('adding + deletion (successfull)', () => {
+    let added_user
+    it('valid user creation with minimal parameters should return 200', async () => {
+        const res = await axios.post(base + '/api/users', {
+            "firstname": "string",
+            "middlename": "string",
+            "lastname": "string",
+            "email": "demo_123_123_123asdASD@example.com",
+            "password": "demo_123_123_123asdASD",
+            "enabled": true
+        }
+            , axios_config);
+        added_user = res.data;
+        expect(res.status).toEqual(200);
+    });
+    it('delete', async () => {
+        const res2 = await axios.delete(base + '/api/users/' + added_user.id + "?force=true", axios_config);
+        expect(res2.status).toEqual(200);
+        expect(res2.headers['content-type']).toContain("application/json")
+    });
+    it('check if user really was deleted', async () => {
+        const res3 = await axios.get(base + '/api/users/' + added_user.id, axios_config);
+        expect(res3.status).toEqual(404);
+        expect(res3.headers['content-type']).toContain("application/json")
+    });
+});
--- a/src/tests/users/user_post.spec.ts
+++ b/src/tests/users/user_post.spec.ts
@@ -0,0 +1,113 @@
+import axios from 'axios';
+import { config } from '../../config';
+
+const base = "http://localhost:" + config.internal_port
+
+let axios_config = {};
+
+beforeAll(async () => {
+    jest.setTimeout(20000);
+    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
+    let access_token = res.data["access_token"];
+    axios_config = {
+        headers: { "authorization": "Bearer " + access_token },
+        validateStatus: undefined
+    };
+});
+
+describe('POST /api/users valid', () => {
+    it('valid user creation with minimal parameters should return 200', async () => {
+        const res = await axios.post(base + '/api/users', {
+            "firstname": "demo_createASD123",
+            "lastname": "demo_createASD123",
+            "password": "demo_createASD123",
+            "email": "demo_createASD123@dev.lauf-fuer-kaya.de"
+        }, axios_config);
+        expect(res.status).toEqual(200);
+    });
+    it('valid user creation with all parameters should return 200', async () => {
+        const res = await axios.post(base + '/api/users', {
+            "firstname": "demo_createASD123_2",
+            "middlename": "demo_createASD123_2",
+            "lastname": "demo_createASD123_2",
+            "username": "demo_createASD123_2",
+            "password": "demo_createASD123_2",
+            "email": "demo_createASD123_2@dev.lauf-fuer-kaya.de"
+        }, axios_config);
+        expect(res.status).toEqual(200);
+    });
+});
+// ---------------
+describe('POST /api/users invalid -> 400', () => {
+    it('user creation w/o firstname should return 400', async () => {
+        const res = await axios.post(base + '/api/users', {
+            "lastname": "demo_createASD123_3",
+            "password": "demo_createASD123_3",
+            "email": "demo_createASD123_3@dev.lauf-fuer-kaya.de"
+        }, axios_config);
+        expect(res.status).toEqual(400);
+    });
+    it('user creation w/o lastname should return 400', async () => {
+        const res = await axios.post(base + '/api/users', {
+            "firstname": "demo_createASD123_3",
+            "password": "demo_createASD123_3",
+            "email": "demo_createASD123_3@dev.lauf-fuer-kaya.de"
+        }, axios_config);
+        expect(res.status).toEqual(400);
+    });
+    it('user creation w/o password should return 400', async () => {
+        const res = await axios.post(base + '/api/users', {
+            "firstname": "demo_createASD123_3",
+            "lastname": "demo_createASD123_3",
+            "email": "demo_createASD123_3@dev.lauf-fuer-kaya.de"
+        }, axios_config);
+        expect(res.status).toEqual(400);
+    });
+    it('user creation w/o email should return 400', async () => {
+        const res = await axios.post(base + '/api/users', {
+            "firstname": "demo_createASD123_3",
+            "lastname": "demo_createASD123_3",
+            "password": "demo_createASD123_3"
+        }, axios_config);
+        expect(res.status).toEqual(400);
+    });
+});
+// ---------------
+describe('POST /api/users invalid -> Password errors', () => {
+    it('user creation w/ invalid password -> No numbers should return 406', async () => {
+        const res = await axios.post(base + '/api/users', {
+            "firstname": "demo_createASD123_4",
+            "lastname": "demo_createASD123_4",
+            "password": "demo_createASD",
+            "email": "demo_createASD123_4@dev.lauf-fuer-kaya.de"
+        }, axios_config);
+        expect(res.status).toEqual(406);
+    });
+    it('user creation w/ invalid password -> No uppercase should return 406', async () => {
+        const res = await axios.post(base + '/api/users', {
+            "firstname": "demo_createASD123_4",
+            "lastname": "demo_createASD123_4",
+            "password": "demo_create_4",
+            "email": "demo_createASD123_4@dev.lauf-fuer-kaya.de"
+        }, axios_config);
+        expect(res.status).toEqual(406);
+    });
+    it('user creation w/ invalid password -> No lowercase should return 406', async () => {
+        const res = await axios.post(base + '/api/users', {
+            "firstname": "demo_createASD123_4",
+            "lastname": "demo_createASD123_4",
+            "password": "DEMO123123ASD",
+            "email": "demo_createASD123_4@dev.lauf-fuer-kaya.de"
+        }, axios_config);
+        expect(res.status).toEqual(406);
+    });
+    it('user creation w/ invalid password -> Too short should return 406', async () => {
+        const res = await axios.post(base + '/api/users', {
+            "firstname": "demo_createASD123_4",
+            "lastname": "demo_createASD123_4",
+            "password": "1Aa_",
+            "email": "demo_createASD123_4@dev.lauf-fuer-kaya.de"
+        }, axios_config);
+        expect(res.status).toEqual(406);
+    });
+});
Author	SHA1	Message	Date
Nicolai Ort	dd6d799c84	🧾New changelog file version [CI SKIP] [skip ci]	2021-04-03 16:25:14 +00:00
Nicolai Ort	e89e07d0fc	Merge pull request 'Release 0.10.1' (#189 ) from dev into main All checks were successful continuous-integration/drone/push Build is passing Details continuous-integration/drone/tag Build is passing Details Reviewed-on: #189 Reviewed-by: Philipp Dormann <philipp@philippdormann.de>	2021-04-03 16:24:25 +00:00
Nicolai Ort	c28843c405	🧾New changelog file version [CI SKIP] [skip ci] All checks were successful continuous-integration/drone/pr Build is passing Details	2021-04-03 16:17:51 +00:00
Nicolai Ort	4834a6698b	Removed duplicate openapi statement All checks were successful continuous-integration/drone/push Build is passing Details	2021-04-03 18:16:56 +02:00
Nicolai Ort	69afd4d587	🧾New changelog file version [CI SKIP] [skip ci]	2021-04-03 16:15:38 +00:00
Nicolai Ort	24d152fdc8	🚀Bumped version to v0.10.1 Some checks reported errors continuous-integration/drone/push Build was killed Details	2021-04-03 18:14:47 +02:00
Nicolai Ort	4279e43743	🧾New changelog file version [CI SKIP] [skip ci]	2021-04-03 16:14:17 +00:00
Nicolai Ort	d837654617	Merge pull request 'Selfservice donations reformatting feature/187-selfservice_donation' (#188 ) from feature/187-selfservice_donation into dev Some checks reported errors continuous-integration/drone/push Build was killed Details Reviewed-on: #188	2021-04-03 16:13:34 +00:00
Nicolai Ort	0767943721	Switched selfservice donation.donor from string to object All checks were successful continuous-integration/drone/pr Build is passing Details ref #187	2021-04-03 17:07:44 +02:00
Nicolai Ort	ca87774767	Adjusted runner property names ref #187	2021-04-03 17:06:54 +02:00
Nicolai Ort	f693f2cde9	Added new responsetype for new class ref #187	2021-04-03 17:05:58 +02:00
Nicolai Ort	d70c5b1bbc	New class: ResponseSelfServiceDonor ref #187	2021-04-03 17:05:10 +02:00
Nicolai Ort	71e3d0efe2	🧾New changelog file version [CI SKIP] [skip ci]	2021-04-01 16:39:21 +00:00
Nicolai Ort	b517dff8a8	Merge pull request 'Release 0.10.0' (#186 ) from dev into main All checks were successful continuous-integration/drone/tag Build is passing Details continuous-integration/drone/push Build is passing Details Reviewed-on: #186 Reviewed-by: Philipp Dormann <philipp@philippdormann.de>	2021-04-01 16:38:30 +00:00
Nicolai Ort	114c246ace	🧾New changelog file version [CI SKIP] [skip ci] All checks were successful continuous-integration/drone/pr Build is passing Details	2021-04-01 16:31:25 +00:00
Nicolai Ort	d7703c9e07	Merge branch 'dev' of git.odit.services:lfk/backend into dev All checks were successful continuous-integration/drone/push Build is passing Details	2021-04-01 18:30:38 +02:00
Nicolai Ort	dc3071f7d2	🚀Bumped version to v0.10.0	2021-04-01 18:30:30 +02:00
Nicolai Ort	5fb355f450	🧾New changelog file version [CI SKIP] [skip ci]	2021-04-01 16:30:20 +00:00
Nicolai Ort	33c13de32c	Merge pull request 'Mail locales feature/184-mail_locales' (#185 ) from feature/184-mail_locales into dev Some checks reported errors continuous-integration/drone/push Build was killed Details Reviewed-on: #185	2021-04-01 16:29:39 +00:00
Nicolai Ort	1be073a4fa	Added locale to mail related user endpoints All checks were successful continuous-integration/drone/pr Build is passing Details ref #184	2021-04-01 18:25:09 +02:00
Nicolai Ort	b0d8249452	Merge branch 'feature/184-mail_locales' of git.odit.services:lfk/backend into feature/184-mail_locales	2021-04-01 18:23:21 +02:00
Nicolai Ort	7af883f271	Added locale to mail related runner endpoints ref #184	2021-04-01 18:23:19 +02:00
Nicolai Ort	f5433076b0	Added locale to mail related runner endpoints ref #84	2021-04-01 18:23:15 +02:00
Nicolai Ort	6aafe4a6ae	🧾New changelog file version [CI SKIP] [skip ci]	2021-03-29 16:43:52 +00:00
Nicolai Ort	bdeeb03645	Merge pull request 'Release 0.9.2' (#183 ) from dev into main All checks were successful continuous-integration/drone/push Build is passing Details continuous-integration/drone/tag Build is passing Details Reviewed-on: #183 Reviewed-by: Philipp Dormann <philipp@philippdormann.de>	2021-03-29 16:42:59 +00:00
Nicolai Ort	675c8762e8	🧾New changelog file version [CI SKIP] [skip ci] All checks were successful continuous-integration/drone/pr Build is passing Details	2021-03-29 16:32:26 +00:00
Nicolai Ort	89e392473c	🚀Bumped version to v0.9.2 All checks were successful continuous-integration/drone/push Build is passing Details	2021-03-29 18:31:40 +02:00
Nicolai Ort	6c9b91d75a	Fixed bug in return creation	2021-03-29 18:31:27 +02:00
Nicolai Ort	8c00aefd6c	🧾New changelog file version [CI SKIP] [skip ci]	2021-03-29 16:13:02 +00:00
Nicolai Ort	3afd785a54	Merge pull request 'Release v0.9.1' (#182 ) from dev into main All checks were successful continuous-integration/drone/push Build is passing Details continuous-integration/drone/tag Build is passing Details Reviewed-on: #182 Reviewed-by: Philipp Dormann <philipp@philippdormann.de>	2021-03-29 16:12:14 +00:00
Nicolai Ort	8099999e2c	🧾New changelog file version [CI SKIP] [skip ci] All checks were successful continuous-integration/drone/pr Build is passing Details	2021-03-29 15:49:57 +00:00
Nicolai Ort	a139554e05	🚀Bumped version to v0.9.1 All checks were successful continuous-integration/drone/push Build is passing Details	2021-03-29 17:48:53 +02:00
Nicolai Ort	0290b0e5f5	🧾New changelog file version [CI SKIP] [skip ci]	2021-03-29 15:48:47 +00:00
Nicolai Ort	0f7fa990d4	Merge pull request 'Return cards generated in bulk feature/180-blank_generation_return' (#181 ) from feature/180-blank_generation_return into dev Some checks failed continuous-integration/drone/push Build is failing Details Reviewed-on: #181	2021-03-29 15:48:05 +00:00
Nicolai Ort	2f568c9cb8	Fixed copy-paste oversight All checks were successful continuous-integration/drone/pr Build is passing Details ref #180	2021-03-28 18:54:16 +02:00
Nicolai Ort	1cb2dc9d53	Added test for returnCards=true array length Some checks failed continuous-integration/drone/pr Build is failing Details ref #180	2021-03-28 18:47:32 +02:00
Nicolai Ort	6005b0661f	Added test for single card generation with returnCards=true ref #180	2021-03-28 18:46:25 +02:00
Nicolai Ort	5a36c8dcae	Added query param to return created runenrcards ref #180	2021-03-28 18:44:21 +02:00
Nicolai Ort	58f4d2151f	🧾New changelog file version [CI SKIP] [skip ci]	2021-03-26 20:36:54 +00:00
Nicolai Ort	95135ddc89	Merge pull request 'Release 0.9.0' (#179 ) from dev into main All checks were successful continuous-integration/drone/tag Build is passing Details continuous-integration/drone/push Build is passing Details Reviewed-on: #179 Reviewed-by: Philipp Dormann <philipp@philippdormann.de>	2021-03-26 20:36:02 +00:00
Nicolai Ort	a7fe1e1759	🧾New changelog file version [CI SKIP] [skip ci] All checks were successful continuous-integration/drone/pr Build is passing Details	2021-03-26 20:32:56 +00:00
Nicolai Ort	56a5f41686	🚀Bumped version to v0.9.0 All checks were successful continuous-integration/drone/push Build is passing Details	2021-03-26 21:32:11 +01:00
Nicolai Ort	c23b4d907f	🚀Bumped version to v0.8.0	2021-03-26 21:32:02 +01:00
Nicolai Ort	bd7b81efe7	📖New license file version [CI SKIP] [skip ci]	2021-03-26 20:31:19 +00:00
Nicolai Ort	274a146b9b	🧾New changelog file version [CI SKIP] [skip ci]	2021-03-26 20:30:16 +00:00
Nicolai Ort	5a3fc5b2bd	Merge pull request 'Password security feature/99-password_checks' (#177 ) from feature/99-password_checks into dev All checks were successful continuous-integration/drone/push Build is passing Details Reviewed-on: #177	2021-03-26 20:29:35 +00:00
Nicolai Ort	070560e863	Fixed test params All checks were successful continuous-integration/drone/pr Build is passing Details ref #99	2021-03-26 21:24:53 +01:00
Nicolai Ort	536900091a	Fixed empty object getting called Some checks failed continuous-integration/drone/pr Build is failing Details ref #99	2021-03-26 21:19:58 +01:00
Nicolai Ort	8154e715bb	Now forceing user deletion in tests Some checks failed continuous-integration/drone/pr Build is failing Details ref #99	2021-03-26 21:13:17 +01:00
Nicolai Ort	4c6665062f	Reenabled user tests Some checks failed continuous-integration/drone/pr Build is failing Details ref #99	2021-03-26 21:08:50 +01:00
Nicolai Ort	cb3ea9b1eb	Fixed pw not getting hashed currectly; All checks were successful continuous-integration/drone/pr Build is passing Details ref #99	2021-03-26 21:06:42 +01:00
Nicolai Ort	7a64f23937	Moved to tmp files to better check for other problems Some checks failed continuous-integration/drone/pr Build is failing Details ref #99	2021-03-26 20:57:42 +01:00
Nicolai Ort	96ba25ec6c	No longer using createuser in seeding process Some checks failed continuous-integration/drone/pr Build is failing Details ref #99	2021-03-26 20:52:58 +01:00
Nicolai Ort	e6a8ebcb5b	Added user deletion tests Some checks reported errors continuous-integration/drone/pr Build was killed Details ref #99	2021-03-26 20:44:28 +01:00
Nicolai Ort	888cab5898	Added user creation invalid tests ref #99	2021-03-26 20:41:36 +01:00
Nicolai Ort	383a8095b8	Added user creation valid tests ref #99	2021-03-26 20:41:25 +01:00
Nicolai Ort	63f6526e4f	Updated auth test to comply with the new pw requirements ref #99	2021-03-26 20:28:08 +01:00
Nicolai Ort	b24e24ff7d	Added pw errors to user controller ref #99	2021-03-26 20:24:08 +01:00
Nicolai Ort	9ce35d8eb7	Added pw errors to me controller ref #99	2021-03-26 20:23:29 +01:00
Nicolai Ort	48a87e8936	Now checking password rules on user update ref #99	2021-03-26 20:19:23 +01:00
Nicolai Ort	b8c28ebb08	Formatting ref #99	2021-03-26 20:18:39 +01:00
Nicolai Ort	5daaa3a73c	Now checking password rules on user creation ref #99	2021-03-26 20:18:08 +01:00
Nicolai Ort	24c38cce26	Added password errors ref #99	2021-03-26 20:17:00 +01:00
Nicolai Ort	bd00f4f8d5	Added password checker dependency ref #99	2021-03-26 20:11:22 +01:00
Nicolai Ort	03d76e6d0b	🧾New changelog file version [CI SKIP] [skip ci]	2021-03-26 16:35:23 +00:00