D1447.1775297947.diff
No OneTemporary
Actions

Authored By

Unknown

Size

319 KB

Referenced Files

None

Subscribers

None

D1447.1775297947.diff
View Options

This file is larger than 256 KB, so syntax highlighting was skipped.

	diff --git a/README.md b/README.md
	--- a/README.md
	+++ b/README.md
	@@ -21,7 +21,7 @@
	$ cat .env.local >> .env
	$ ./artisan key:generate
	$ ./artisan jwt:secret -f
	-$ artisan clear-compiled
	+$ ./artisan clear-compiled
	$ npm run dev
	$ rm -rf database/database.sqlite
	$ touch database/database.sqlite
	diff --git a/bin/phpunit-fast b/bin/phpunit-fast
	new file mode 100755
	--- /dev/null
	+++ b/bin/phpunit-fast
	@@ -0,0 +1,13 @@
	+#!/bin/bash
	+
	+cwd=$(dirname $0)
	+
	+pushd ${cwd}/../src/
	+
	+php vendor/bin/phpunit \
	+ --no-coverage \
	+ --stop-on-defect \
	+ --stop-on-error \
	+ --stop-on-failure $*
	+
	+popd
	diff --git a/bin/quickstart.sh b/bin/quickstart.sh
	--- a/bin/quickstart.sh
	+++ b/bin/quickstart.sh
	@@ -56,7 +56,7 @@
	pushd ${base_dir}/src/

	rm -rf vendor/ composer.lock
	-composer install
	+php -dmemory_limit=-1 /bin/composer install
	npm install
	find bootstrap/cache/ -type f ! -name ".gitignore" -delete
	./artisan key:generate
	diff --git a/docker/ds389/Dockerfile b/docker/ds389/Dockerfile
	new file mode 100644
	--- /dev/null
	+++ b/docker/ds389/Dockerfile
	@@ -0,0 +1,41 @@
	+FROM centos/centos7:latest
	+
	+MAINTAINER Liutauras Adomaitis <adomaitis@kolabsys.com>
	+
	+RUN yum -y install \
	+ epel-release \
	+ 389-ds-base \
	+ 389-adminutil \
	+ gettext && \
	+ yum clean all
	+
	+COPY *.tpl /
	+COPY kolab-schema.ldif /etc/dirsrv/schema/99kolab-schema.ldif
	+
	+RUN for F in $(ls *.tpl); do eval "echo \"$(cat $F)\"" \| tee ${F%%.tpl}; done
	+
	+RUN rm -fr /var/lock /usr/lib/systemd/system && \
	+ setup-ds.pl -ddd --silent --file /ds_setup.inf && \
	+ chown nobody.nobody -R /var/lib/dirsrv/ && \
	+ mv mgmt_com-install.ldif ${DOMAIN_DB}-install.ldif && \
	+ mv hosted_com-install.ldif ${HOSTED_DOMAIN_DB}-install.ldif && \
	+ mv *.ldif /var/lib/dirsrv/slapd-${DS_INSTANCE_NAME}/ldif/.
	+
	+# This only copies another kolab-schema.ldif
	+#COPY *.ldif /var/lib/dirsrv/slapd-${DS_INSTANCE_NAME}/ldif/
	+
	+EXPOSE 389
	+
	+CMD cd /var/lib/dirsrv/slapd-${DS_INSTANCE_NAME}/ldif/ && \
	+ for ldif in $(ls -import.ldif \|\| ls -install.ldif \|\| true); do \
	+ sed -r -i -e 's/mailHost: .*$/mailHost: localhost/g' ${ldif}; \
	+ chmod 644 ${ldif}; \
	+ namespace=$(echo "${ldif}" \| sed -e 's/-import.ldif$//' -e 's/-install.ldif$//'); \
	+ /usr/lib64/dirsrv/slapd-${DS_INSTANCE_NAME}/ldif2db \
	+ -Z ${DS_INSTANCE_NAME} \
	+ -n ${namespace} \
	+ -i /var/lib/dirsrv/slapd-${DS_INSTANCE_NAME}/ldif/${ldif}; \
	+ done && \
	+ /usr/lib64/dirsrv/slapd-hkccp/start-slapd && \
	+ tail -F /var/log/dirsrv/slapd-${DS_INSTANCE_NAME}/{access,audit,errors}
	+
	diff --git a/docker/ds389/ds_adjustments.ldif.tpl b/docker/ds389/ds_adjustments.ldif.tpl
	new file mode 100644
	--- /dev/null
	+++ b/docker/ds389/ds_adjustments.ldif.tpl
	@@ -0,0 +1,105 @@
	+dn: cn=config
	+changetype: modify
	+replace: nsslapd-accesslog-logging-enabled
	+nsslapd-accesslog-logging-enabled: ${DS389_ACCESSLOG:-on}
	+
	+dn: cn=config
	+changetype: modify
	+replace: nsslapd-auditlog-logging-enabled
	+nsslapd-auditlog-logging-enabled: ${DS389_AUDITLOG:-on}
	+
	+dn: cn=config
	+changetype: modify
	+replace: nsslapd-sizelimit
	+nsslapd-sizelimit: -1
	+
	+dn: cn=config
	+changetype: modify
	+replace: nsslapd-idletimeout
	+nsslapd-idletimeout: 0
	+
	+dn: cn=config
	+changetype: modify
	+replace: nsslapd-timelimit
	+nsslapd-timelimit: -1
	+
	+dn: cn=config
	+changetype: modify
	+replace: nsslapd-lookthroughlimit
	+nsslapd-lookthroughlimit: -1
	+
	+dn: cn=config
	+changetype: modify
	+replace: nsslapd-allow-anonymous-access
	+nsslapd-allow-anonymous-access: rootdse
	+
	+dn: cn=alias,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config
	+changetype: add
	+objectClass: top
	+objectClass: nsIndex
	+cn: alias
	+nsSystemIndex: false
	+nsIndexType: pres
	+nsIndexType: eq
	+nsIndexType: sub
	+
	+dn: cn=mailAlternateAddress,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config
	+changetype: modify
	+add: nsIndexType
	+nsIndexType: pres
	+nsIndexType: sub
	+
	+dn: cn=associateddomain,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config
	+changetype: add
	+objectclass: top
	+objectclass: nsindex
	+cn: associateddomain
	+nsSystemIndex: false
	+nsindextype: pres
	+nsindextype: eq
	+
	+dn: cn=ACL Plugin,cn=plugins,cn=config
	+changetype: modify
	+replace: nsslapd-aclpb-max-selected-acls
	+nsslapd-aclpb-max-selected-acls: 8192
	+
	+dn: cn=7-bit check,cn=plugins,cn=config
	+changetype: modify
	+replace: nsslapd-pluginEnabled
	+nsslapd-pluginEnabled: off
	+
	+dn: cn=attribute uniqueness,cn=plugins,cn=config
	+changetype: modify
	+replace: nsslapd-pluginEnabled
	+nsslapd-pluginEnabled: on
	+
	+dn: cn=referential integrity postoperation,cn=plugins,cn=config
	+changetype: modify
	+replace: nsslapd-pluginEnabled
	+nsslapd-pluginEnabled: on
	+
	+dn: cn=Account Policy Plugin,cn=plugins,cn=config
	+changetype: modify
	+replace: nsslapd-pluginEnabled
	+nsslapd-pluginEnabled: on
	+
	+dn: cn=Account Policy Plugin,cn=plugins,cn=config
	+changetype: modify
	+replace: nsslapd-pluginarg0
	+nsslapd-pluginarg0: cn=config,cn=Account Policy Plugin,cn=plugins,cn=config
	+
	+dn: cn=config,cn=Account Policy Plugin,cn=plugins,cn=config
	+changetype: modify
	+replace: alwaysrecordlogin
	+alwaysrecordlogin: yes
	+
	+dn: cn=config,cn=Account Policy Plugin,cn=plugins,cn=config
	+changetype: modify
	+replace: stateattrname
	+stateattrname: lastLoginTime
	+
	+dn: cn=config,cn=Account Policy Plugin,cn=plugins,cn=config
	+changetype: modify
	+replace: altstateattrname
	+altstateattrname: createTimestamp
	+
	diff --git a/docker/ds389/ds_admin_backend.ldif.tpl b/docker/ds389/ds_admin_backend.ldif.tpl
	new file mode 100644
	--- /dev/null
	+++ b/docker/ds389/ds_admin_backend.ldif.tpl
	@@ -0,0 +1,20 @@
	+dn: cn=\"${LDAP_ADMIN_ROOT_DN}\",cn=mapping tree,cn=config
	+objectClass: top
	+objectClass: extensibleObject
	+objectClass: nsMappingTree
	+cn: ${LDAP_ADMIN_ROOT_DN}
	+nsslapd-state: backend
	+nsslapd-backend: ${DOMAIN_DB}
	+
	+dn: cn=${DOMAIN_DB},cn=ldbm database,cn=plugins,cn=config
	+objectClass: top
	+objectClass: extensibleObject
	+objectClass: nsBackendInstance
	+cn: ${DOMAIN_DB}
	+nsslapd-suffix: ${LDAP_ADMIN_ROOT_DN}
	+nsslapd-cachesize: -1
	+nsslapd-cachememsize: 10485760
	+nsslapd-readonly: off
	+nsslapd-require-index: off
	+nsslapd-directory: /var/lib/dirsrv/slapd-${DS_INSTANCE_NAME:-$(hostname -s)}/db/${DOMAIN_DB}
	+nsslapd-dncachememsize: 10485760
	diff --git a/docker/ds389/ds_hosted_backend.ldif.tpl b/docker/ds389/ds_hosted_backend.ldif.tpl
	new file mode 100644
	--- /dev/null
	+++ b/docker/ds389/ds_hosted_backend.ldif.tpl
	@@ -0,0 +1,21 @@
	+dn: cn=\"${LDAP_HOSTED_ROOT_DN}\",cn=mapping tree,cn=config
	+objectClass: top
	+objectClass: extensibleObject
	+objectClass: nsMappingTree
	+nsslapd-state: backend
	+cn: ${LDAP_HOSTED_ROOT_DN}
	+nsslapd-backend: ${HOSTED_DOMAIN_DB}
	+
	+dn: cn=${HOSTED_DOMAIN_DB},cn=ldbm database,cn=plugins,cn=config
	+objectClass: top
	+objectClass: extensibleobject
	+objectClass: nsbackendinstance
	+cn: ${HOSTED_DOMAIN_DB}
	+nsslapd-suffix: ${LDAP_HOSTED_ROOT_DN}
	+nsslapd-cachesize: -1
	+nsslapd-cachememsize: 10485760
	+nsslapd-readonly: off
	+nsslapd-require-index: off
	+nsslapd-directory: /var/lib/dirsrv/slapd-${DS_INSTANCE_NAME:-$(hostname -s)}/db/${HOSTED_DOMAIN_DB}
	+nsslapd-dncachememsize: 10485760
	+
	diff --git a/docker/ds389/ds_setup.inf.tpl b/docker/ds389/ds_setup.inf.tpl
	new file mode 100644
	--- /dev/null
	+++ b/docker/ds389/ds_setup.inf.tpl
	@@ -0,0 +1,26 @@
	+[General]
	+FullMachineName = ${FULL_MACHINE_NAME}
	+SuiteSpotUserID = nobody
	+SuiteSpotGroup = nobody
	+AdminDomain = ${DOMAIN}
	+StrictHostCheck = ${STRICT_HOST_CHECK}
	+ConfigDirectoryLdapURL = ldap://${DS_INSTANCE_NAME}:389/o=NetscapeRoot
	+ConfigDirectoryAdminID = admin
	+ConfigDirectoryAdminPwd = ${LDAP_ADMIN_BIND_PW}
	+
	+[slapd]
	+start_server = 0
	+SlapdConfigForMC = Yes
	+UseExistingMC = 0
	+ServerPort = 389
	+ServerIdentifier = ${DS_INSTANCE_NAME}
	+RootDN = ${LDAP_ADMIN_BIND_DN}
	+RootDNPwd = ${LDAP_ADMIN_BIND_PW}
	+AddSampleEntries = No
	+## InstallLdifFile = /ds_install.ldif
	+ConfigFile = /ds_adjustments.ldif
	+ds_bename = ${DOMAIN_DB}
	+Suffix = ${LDAP_ADMIN_ROOT_DN}
	+ConfigFile = /ds_admin_backend.ldif
	+ConfigFile = /ds_hosted_backend.ldif
	+
	diff --git a/docker/ds389/hosted_com-install.ldif.tpl b/docker/ds389/hosted_com-install.ldif.tpl
	new file mode 100644
	--- /dev/null
	+++ b/docker/ds389/hosted_com-install.ldif.tpl
	@@ -0,0 +1,77 @@
	+# ${HOSTED_DOMAIN}, ${LDAP_DOMAIN_BASE_DN}
	+dn: associateddomain=${HOSTED_DOMAIN},${LDAP_DOMAIN_BASE_DN}
	+objectclass: top
	+objectclass: domainrelatedobject
	+objectclass: inetdomain
	+inetdomainstatus: active
	+associateddomain: ${HOSTED_DOMAIN}
	+inetdomainbasedn: ${LDAP_HOSTED_ROOT_DN}
	+
	+# ${LDAP_HOSTED_ROOT_DN}
	+dn: ${LDAP_HOSTED_ROOT_DN}
	+aci: (targetattr=\"carLicense \|\| description \|\| displayName \|\| facsimileTelephoneNumber \|\| homePhone \|\| homePostalAddress \|\| initials \|\| jpegPhoto \|\| labeledURI \|\| mobile \|\| pager \|\| photo \|\| postOfficeBox \|\| postalAddress \|\| postalCode \|\| preferredDeliveryMethod \|\| preferredLanguage \|\| registeredAddress \|\| roomNumber \|\| secretary \|\| seeAlso \|\| st \|\| street \|\| telephoneNumber \|\| telexNumber \|\| title \|\| userCertificate \|\| userPassword \|\| userSMIMECertificate \|\| x500UniqueIdentifier\")(version 3.0; acl \"Enable self write for common attributes\"; allow (write) userdn=\"ldap:///self\";)
	+aci: (targetattr=\"*\")(version 3.0;acl \"Directory Administrators Group\";allow (all) (groupdn=\"ldap:///cn=Directory Administrators,${LDAP_HOSTED_ROOT_DN}\" or roledn=\"ldap:///cn=kolab-admin,${LDAP_HOSTED_ROOT_DN}\");)
	+aci: (targetattr=\"*\")(version 3.0; acl \"Configuration Administrators Group\"; allow (all) groupdn=\"ldap:///cn=Configuration Administrators,ou=Groups,ou=TopologyManagement,o=NetscapeRoot\";)
	+aci: (targetattr=\"*\")(version 3.0; acl \"Configuration Administrator\"; allow (all) userdn=\"ldap:///uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot\";)
	+aci: (targetattr=\"*\")(version 3.0; acl \"SIE Group\"; allow (all) groupdn = \"ldap:///cn=slapd-${DS_INSTANCE_NAME},cn=389 Directory Server,cn=Server Group,cn=${FULL_MACHINE_NAME},ou=${DOMAIN},o=NetscapeRoot\";)
	+aci: (targetattr=\"\") (version 3.0;acl \"Search Access\";allow (read,compare,search)(userdn = \"ldap:///${LDAP_HOSTED_ROOT_DN}??sub?(objectclass=)\");)
	+aci: (targetattr=\"*\") (version 3.0;acl \"Service Search Access\";allow (read,compare,search)(userdn = \"ldap:///${LDAP_SERVICE_BIND_DN}\");)
	+objectClass: top
	+objectClass: domain
	+dc: ${HOSTED_DOMAIN%.com}
	+
	+# cn=2fa-user, ${LDAP_HOSTED_ROOT_DN}
	+dn: cn=2fa-user,${LDAP_HOSTED_ROOT_DN}
	+cn: 2fa-user
	+description: 2fa-user role
	+objectclass: top
	+objectclass: ldapsubentry
	+objectclass: nsmanagedroledefinition
	+objectclass: nsroledefinition
	+objectclass: nssimpleroledefinition
	+
	+# cn=activesync-user, ${LDAP_HOSTED_ROOT_DN}
	+dn: cn=activesync-user,${LDAP_HOSTED_ROOT_DN}
	+cn: activesync-user
	+description: activesync-user role
	+objectclass: top
	+objectclass: ldapsubentry
	+objectclass: nsmanagedroledefinition
	+objectclass: nsroledefinition
	+objectclass: nssimpleroledefinition
	+
	+# cn=imap-user, ${LDAP_HOSTED_ROOT_DN}
	+dn: cn=imap-user,${LDAP_HOSTED_ROOT_DN}
	+cn: imap-user
	+description: imap-user role
	+objectclass: top
	+objectclass: ldapsubentry
	+objectclass: nsmanagedroledefinition
	+objectclass: nsroledefinition
	+objectclass: nssimpleroledefinition
	+
	+# ou=Groups, ${LDAP_HOSTED_ROOT_DN}
	+dn: ou=Groups,${LDAP_HOSTED_ROOT_DN}
	+ou: Groups
	+objectClass: top
	+objectClass: organizationalunit
	+
	+# ou=People, ${LDAP_HOSTED_ROOT_DN}
	+dn: ou=People,${LDAP_HOSTED_ROOT_DN}
	+aci: (targetattr=\"*\") (version 3.0;acl \"Hosted Kolab Services\";allow (all)(userdn = \"ldap:///${LDAP_HOSTED_BIND_DN}\");)
	+ou: People
	+objectClass: top
	+objectClass: organizationalunit
	+
	+# ou=Resources, ${LDAP_HOSTED_ROOT_DN}
	+dn: ou=Resources,${LDAP_HOSTED_ROOT_DN}
	+ou: Resources
	+objectClass: top
	+objectClass: organizationalunit
	+
	+# ou=Shared Folders, ${LDAP_HOSTED_ROOT_DN}
	+dn: ou=Shared Folders,${LDAP_HOSTED_ROOT_DN}
	+ou: Shared Folders
	+objectClass: top
	+objectClass: organizationalunit
	+
	diff --git a/docker/ds389/kolab-schema.ldif b/docker/ds389/kolab-schema.ldif
	new file mode 100644
	--- /dev/null
	+++ b/docker/ds389/kolab-schema.ldif
	@@ -0,0 +1,384 @@
	+# $Id$
	+# (c) 2003, 2004 Tassilo Erlewein <tassilo.erlewein@erfrakon.de>
	+# (c) 2003-2009 Martin Konold <martin.konold@erfrakon.de>
	+# (c) 2003 Achim Frank <achim.frank@erfrakon.de>
	+#
	+# Redistribution and use in source and binary forms, with or without
	+# modification, are permitted provided that the following conditions are met:
	+#
	+# Redistributions of source code must retain the above copyright notice, this
	+# list of conditions and the following disclaimer.
	+#
	+# Redistributions in binary form must reproduce the above copyright notice,
	+# this list of conditions and the following disclaimer in the documentation
	+# and/or other materials provided with the distribution.
	+#
	+# The name of the author may not be used to endorse or promote products derived
	+# from this software without specific prior written permission.
	+#
	+#
	+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
	+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
	+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
	+# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
	+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
	+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
	+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
	+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
	+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	+# This schema highly depends on the core.schema, cosine.schema and the inetorgperson.schema
	+# as provided by 3rd parties like OpenLDAP.
	+#
	+# slapd.conf then looks like
	+# include /kolab/etc/openldap/schema/core.schema
	+# include /kolab/etc/openldap/schema/cosine.schema
	+# include /kolab/etc/openldap/schema/inetorgperson.schema
	+# include /kolab/etc/openldap/schema/rfc2739.schema
	+# include /kolab/etc/openldap/schema/kolab3.schema
	+# Prefix for OIDs: 1.3.6.1.4.1.19414 <- registered
	+# Prefix for OIDs: 1.3.6.1.4.1.19414.2000 <-- temporarily reserved for ob
	+# Prefix for attributes: 1.3.6.1.4.1.19414.1
	+# Prefix for attributes: 1.3.6.1.4.1.19414.2
	+# Prefix for objectclasses: 1.3.6.1.4.1.19414.3
	+# nameprefix: kolab
	+#
	+dn: cn=schema
	+####################
	+# kolab attributes #
	+####################
	+# kolabDeleteflag used to be a boolean but describes with Kolab 2
	+# the fqdn of the server which is requested to delete this objects
	+# in its local store
	+attributeTypes: ( 1.3.6.1.4.1.19414.2.1.2
	+ NAME 'kolabDeleteflag'
	+ DESC 'Per host deletion status'
	+ EQUALITY caseIgnoreIA5Match
	+ SUBSTR caseIgnoreIA5SubstringsMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
	+# alias used to provide alternative rfc822 email addresses for kolab users
	+attributeTypes: ( 1.3.6.1.4.1.19414.2.1.3
	+ NAME 'alias'
	+ DESC 'RFC1274: RFC822 Mailbox'
	+ EQUALITY caseIgnoreIA5Match
	+ SUBSTR caseIgnoreIA5SubstringsMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
	+# Specifies the email delegates.
	+# An email delegate can send email on behalf of the account
	+# which means using the "from" of the account.
	+# Delegates are specified by the syntax of rfc822 email addresses.
	+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.3
	+ NAME 'kolabDelegate'
	+ DESC 'Kolab user allowed to act as delegates - RFC822 Mailbox/Alias'
	+ EQUALITY caseIgnoreIA5Match
	+ SUBSTR caseIgnoreIA5SubstringsMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
	+# For user, group and resource Kolab accounts
	+# Describes how to respond to invitations
	+# We keep the attribute as a string, but actually it can only have one
	+# of the following values:
	+#
	+# ACT_ALWAYS_ACCEPT
	+# ACT_ALWAYS_REJECT
	+# ACT_REJECT_IF_CONFLICTS
	+# ACT_MANUAL_IF_CONFLICTS
	+# ACT_MANUAL
	+# In addition one of these values may be prefixed with a primary email
	+# address followed by a colon like
	+# user@domain.tld: ACT_ALWAYS_ACCEPT
	+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.4
	+ NAME ( 'kolabInvitationPolicy' 'kolabResourceAction' )
	+ DESC 'defines how to respond to invitations'
	+ EQUALITY caseIgnoreIA5Match
	+ SUBSTR caseIgnoreIA5SubstringsMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
	+# Begin date of Kolab vacation period. Sender will
	+# be notified every kolabVacationResendIntervall days
	+# that recipient is absent until kolabVacationEnd.
	+# Values in this syntax are encoded as printable strings,
	+# represented as specified in X.208.
	+# Note that the time zone must be specified.
	+# For Kolab we limit ourself to GMT
	+# YYYYMMDDHHMMZ e.g. 200512311458Z.
	+# see also: rfc 2252.
	+# Currently this attribute is not used in Kolab.
	+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.8
	+ NAME 'kolabVacationBeginDateTime'
	+ DESC 'Begin date of vacation'
	+ EQUALITY generalizedTimeMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
	+ SINGLE-VALUE )
	+# End date of Kolab vacation period. Sender will
	+# be notified every kolabVacationResendIntervall days
	+# that recipient is absent starting from kolabVacationBeginDateTime.
	+# Values in this syntax are encoded as printable strings,
	+# represented as specified in X.208.
	+# Note that the time zone must be specified.
	+# For Kolab we limit ourself to GMT
	+# YYYYMMDDHHMMZ e.g. 200601012258Z.
	+# see also: rfc 2252.
	+# Currently this attribute is not used in Kolab.
	+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.9
	+ NAME 'kolabVacationEndDateTime'
	+ DESC 'End date of vacation'
	+ EQUALITY generalizedTimeMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
	+ SINGLE-VALUE )
	+# Intervall in days after which senders get
	+# another vacation message.
	+# Currently this attribute is not used in Kolab.
	+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.10
	+ NAME 'kolabVacationResendInterval'
	+ DESC 'Vacation notice interval in days'
	+ EQUALITY integerMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
	+ SINGLE-VALUE )
	+# Email recipient addresses which are handled by the
	+# vacation script. There can be multiple kolabVacationAddress
	+# entries for each kolabInetOrgPerson.
	+# Default is the primary email address and all
	+# email aliases of the kolabInetOrgPerson.
	+# Currently this attribute is not used in Kolab.
	+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.11
	+ NAME 'kolabVacationAddress'
	+ DESC 'Email address for vacation to response upon'
	+ EQUALITY caseIgnoreIA5Match
	+ SUBSTR caseIgnoreIA5SubstringsMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
	+# Enable sending vacation notices in reaction
	+# unsolicited commercial email.
	+# Default is no.
	+# Currently this attribute is not used in Kolab.
	+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.12
	+ NAME 'kolabVacationReplyToUCE'
	+ DESC 'Enable vacation notices to UCE'
	+ EQUALITY booleanMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
	+ SINGLE-VALUE )
	+# Email recipient domains which are handled by the
	+# vacation script. There can be multiple kolabVacationReactDomain
	+# entries for each kolabInetOrgPerson
	+# Default is to handle all domains.
	+# Currently this attribute is not used in Kolab.
	+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.13
	+ NAME 'kolabVacationReactDomain'
	+ DESC 'Multivalued -- Email domain for vacation to response upon'
	+ EQUALITY caseIgnoreIA5Match
	+ SUBSTR caseIgnoreIA5SubstringsMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
	+# Keep local copy when forwarding emails to list of
	+# kolabForwardAddress.
	+# Default is no.
	+# Currently this attribute is not used in Kolab.
	+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.15
	+ NAME 'kolabForwardKeepCopy'
	+ DESC 'Keep copy when forwarding'
	+ EQUALITY booleanMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
	+ SINGLE-VALUE )
	+# Enable forwarding of UCE.
	+# Default is yes.
	+# Currently this attribute is not used in Kolab.
	+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.16
	+ NAME 'kolabForwardUCE'
	+ DESC 'Enable forwarding of mails known as UCE'
	+ EQUALITY booleanMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
	+ SINGLE-VALUE )
	+# Describes the allowed or disallowed smtp recipient addresses for mail sent
	+# by the user associated with the LDAP object this attribute is associated with.
	+#
	+# If this attribute is not set for a user or distribution group,
	+# no Kolab recipient policy does apply.
	+#
	+# Example entries:
	+# .tld - allow mail to every recipient for this tld
	+# domain.tld - allow mail to everyone in domain.tld
	+# .domain.tld - allow mail to everyone in domain.tld and its subdomains
	+# user@domain.tld - allow mail to explicit user@domain.tld
	+# user@ - allow mail to this user but any domain
	+# -.tld - disallow mail to every recipient for this tld
	+# -domain.tld - disallow mail to everyone in domain.tld
	+# -.domain.tld - disallow mail to everyone in domain.tld and its subdomains
	+# -user@domain.tld - disallow mail to explicit user@domain.tld
	+# -user@ - disallow mail to this user but any domain
	+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.18
	+ NAME 'kolabAllowSMTPRecipient'
	+ DESC 'SMTP address allowed for destination (multi-valued)'
	+ EQUALITY caseIgnoreIA5Match
	+ SUBSTR caseIgnoreIA5SubstringsMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} )
	+# Jeroen van Meeuwen (Kolab Systems): Unnecessary in this deployment, as users
	+# will be created on one server only, however we keep this in here to allow the
	+# mail server to use to be specified from the user provisioning batch operation.
	+#
	+# Create the user mailbox on the kolabHomeServer only.
	+# Default is no.
	+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.19
	+ NAME 'kolabHomeServerOnly'
	+ DESC 'Create the user mailbox on the kolabHomeServer only'
	+ EQUALITY booleanMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
	+ SINGLE-VALUE )
	+# Describes the allowed or disallowed smtp envelope sender addresses used for
	+# the recipient this attribute is associated with.
	+#
	+# If this attribute is not set for a user or distribution
	+# kolab sender policy does apply.
	+#
	+# Example entries:
	+# .tld - allow mail to every recipient for this tld
	+# domain.tld - allow mail to everyone in domain.tld
	+# .domain.tld - allow mail to everyone in domain.tld and its subdomains
	+# user@domain.tld - allow mail to explicit user@domain.tld
	+# user@ - allow mail to this user but any domain
	+# -.tld - disallow mail to every recipient for this tld
	+# -domain.tld - disallow mail to everyone in domain.tld
	+# -.domain.tld - disallow mail to everyone in domain.tld and its subdomains
	+# -user@domain.tld - disallow mail to explicit user@domain.tld
	+# -user@ - disallow mail to this user but any domain
	+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.43
	+ NAME 'kolabAllowSMTPSender'
	+ DESC 'SMTP envelope sender address accepted for delivery (multi-valued)'
	+ EQUALITY caseIgnoreIA5Match
	+ SUBSTR caseIgnoreIA5SubstringsMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} )
	+# kolabFolderType describes the kind of Kolab folder
	+# as defined in the kolab format specification.
	+# We will annotate all folders with an entry
	+# /vendor/kolab/folder-type containing the attribute
	+# value.shared set to: <type>[.<subtype>].
	+# The <type> can be: mail, event, journal, task, note,
	+# or contact. The <subtype> for a mail folder can be
	+# inbox, drafts, sentitems, or junkemail (this one holds
	+# spam mails). For the other <type>s, it can only be
	+# default, or not set. For other types of folders
	+# supported by the clients, these should be prefixed with
	+# "k-" for KMail, "h-" for Horde and "o-" for Outlook, and
	+# look like for example "kolab.o-voicemail". Other third-party
	+# clients shall use the "x-" prefix.
	+# We then use the ANNOTATEMORE IMAP extension to
	+# associate the folder type with a folder.
	+attributeTypes: ( 1.3.6.1.4.1.19414.2.1.7
	+ NAME 'kolabFolderType'
	+ DESC 'type of a kolab folder'
	+ EQUALITY caseIgnoreIA5Match
	+ SUBSTR caseIgnoreIA5SubstringsMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
	+ SINGLE-VALUE )
	+attributeTypes: ( 1.3.6.1.4.1.19414.2.1.8
	+ NAME 'kolabTargetFolder'
	+ DESC 'Target for a Kolab Shared Folder delivery'
	+ EQUALITY caseExactMatch
	+ SUBSTR caseExactSubstringsMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512}
	+ SINGLE-VALUE )
	+# cyrus imapd access control list
	+# acls work with users and groups
	+attributeTypes: ( 1.3.6.1.4.1.19414.2.1.651
	+ NAME 'acl'
	+ EQUALITY caseIgnoreIA5Match
	+ SUBSTR caseIgnoreIA5SubstringsMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
	+# Extended attributes for Resources
	+attributeTypes: ( 1.3.6.1.4.1.19414.3.1.1
	+ NAME 'kolabDescAttribute'
	+ DESC 'Descriptive attribute or parameter for a Resource'
	+ EQUALITY caseIgnoreIA5Match
	+ SUBSTR caseIgnoreIA5SubstringsMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
	+##########################
	+# kolabfilter attributes #
	+##########################
	+# enable trustable From:
	+attributeTypes: ( 1.3.6.1.4.1.19414.2.1.750
	+ NAME 'kolabfilter-verify-from-header'
	+ EQUALITY booleanMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
	+# should Sender header be allowed instead of From
	+# when present?
	+attributeTypes: ( 1.3.6.1.4.1.19414.2.1.751
	+ NAME 'kolabfilter-allow-sender-header'
	+ EQUALITY booleanMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
	+# Should reject messages with From headers that dont match
	+# the envelope? Default is to rewrite the header
	+attributeTypes: ( 1.3.6.1.4.1.19414.2.1.752
	+ NAME 'kolabfilter-reject-forged-from-header'
	+ EQUALITY booleanMatch
	+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
	+########################
	+# kolab object classes #
	+########################
	+# public folders are typically visible to everyone subscribed to
	+# the server without the need for an extra login. Subfolders are
	+# defined using the hiarchy seperator '/' e.g. "sf/sub1". Please note
	+# that the term public folder is prefered to shared folder because
	+# normal user mailboxes can also share folders using acls.
	+objectClasses: ( 1.3.6.1.4.1.19414.2.2.9
	+ NAME 'kolabSharedFolder'
	+ DESC 'Kolab public shared folder'
	+ SUP top AUXILIARY
	+ MUST cn
	+ MAY ( acl $
	+ alias $
	+ mailHost $
	+ kolabFolderType $
	+ kolabDeleteflag $
	+ kolabDelegate $
	+ kolabTargetFolder $
	+ kolabAllowSMTPRecipient $
	+ kolabAllowSMTPSender $
	+ owner ) )
	+# kolab account
	+# we use an auxiliary in order to ease integration
	+# with existing inetOrgPerson objects
	+# Please note that userPassword is a may
	+# attribute in the schema but is mandatory for
	+# Kolab
	+objectClasses: ( 1.3.6.1.4.1.19414.3.2.2
	+ NAME 'kolabInetOrgPerson'
	+ DESC 'Kolab Internet Organizational Person'
	+ SUP top AUXILIARY
	+ MAY ( alias $
	+ mailHost $
	+ kolabHomeServerOnly $
	+ kolabDelegate $
	+ kolabInvitationPolicy $
	+ kolabVacationBeginDateTime $
	+ kolabVacationEndDateTime $
	+ kolabVacationResendInterval $
	+ kolabVacationAddress $
	+ kolabVacationReplyToUCE $
	+ kolabVacationReactDomain $
	+ kolabForwardKeepCopy $
	+ kolabForwardUCE $
	+ kolabAllowSMTPRecipient $
	+ kolabAllowSMTPSender $
	+ kolabDeleteflag ) )
	+# kolab groupOfNames with extra kolabDeleteflag and the required
	+# attribute mail.
	+# The mail attribute for kolab objects of the type kolabGroupOfNames
	+# is not arbitrary but MUST be a single attribute of the form
	+# of an valid SMTP address with the CN as the local part.
	+# E.g cn@kolabdomain (e.g. employees@mydomain.com). The
	+# mail attribute MUST be globally unique.
	+objectClasses: ( 1.3.6.1.4.1.19414.3.2.8
	+ NAME 'kolabGroupOfUniqueNames'
	+ DESC 'Kolab group of names (DNs) derived from RFC2256'
	+ SUP top AUXILIARY
	+ MAY ( mail $
	+ alias $
	+ kolabDelegate $
	+ kolabDeleteflag $
	+ kolabAllowSMTPRecipient $
	+ kolabAllowSMTPSender ) )
	+# kolab resources
	+objectClasses: ( 1.3.6.1.4.1.19414.3.2.9
	+ NAME 'kolabResource'
	+ DESC 'Kolab Resource'
	+ SUP top AUXILIARY
	+ MAY ( kolabInvitationPolicy $
	+ kolabDescAttribute $
	+ description $
	+ owner ) )
	diff --git a/docker/ds389/mgmt_com-install.ldif.tpl b/docker/ds389/mgmt_com-install.ldif.tpl
	new file mode 100644
	--- /dev/null
	+++ b/docker/ds389/mgmt_com-install.ldif.tpl
	@@ -0,0 +1,119 @@
	+# ${LDAP_ADMIN_ROOT_DN}
	+dn: ${LDAP_ADMIN_ROOT_DN}
	+aci: (targetattr = \"carLicense \|\| description \|\| displayName \|\| facsimileTelephoneNumber \|\| homePhone \|\| homePostalAddress \|\| initials \|\| jpegPhoto \|\| l \|\| labeledURI \|\| mobile \|\| o \|\| pager \|\| photo \|\| postOfficeBox \|\| postalAddress \|\| postalCode \|\| preferredDeliveryMethod \|\| preferredLanguage \|\| registeredAddress \|\| roomNumber \|\| secretary \|\| seeAlso \|\| st \|\| street \|\| telephoneNumber \|\| telexNumber \|\| title \|\| userCertificate \|\| userPassword \|\| userSMIMECertificate \|\| x500UniqueIdentifier \|\| kolabDelegate \|\| kolabInvitationPolicy \|\| kolabAllowSMTPSender\") (version 3.0; acl \"Enable self write for common attributes\"; allow (read,compare,search,write)(userdn = \"ldap:///self\");)
	+aci: (targetattr = \"*\") (version 3.0;acl \"Directory Administrators Group\";allow (all)(groupdn = \"ldap:///cn=Directory Administrators,${LDAP_ADMIN_ROOT_DN}\" or roledn = \"ldap:///cn=kolab-admin,${LDAP_ADMIN_ROOT_DN}\");)
	+aci: (targetattr=\"*\")(version 3.0; acl \"Configuration Administrators Group\"; allow (all) groupdn=\"ldap:///cn=Configuration Administrators,ou=Groups,ou=TopologyManagement,o=NetscapeRoot\";)
	+aci: (targetattr=\"*\")(version 3.0; acl \"Configuration Administrator\"; allow (all) userdn=\"ldap:///uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot\";)
	+aci: (targetattr = \"*\")(version 3.0; acl \"SIE Group\"; allow (all) groupdn = \"ldap:///cn=slapd-ldap-k8s,cn=389 Directory Server,cn=Server Group,cn=${FULL_MACHINE_NAME},ou=${DOMAIN},o=NetscapeRoot\";)
	+aci: (targetattr != \"userPassword\") (version 3.0;acl \"Search Access\";allow (read,compare,search)(userdn = \"ldap:///all\");)
	+objectClass: top
	+objectClass: domain
	+
	+# Directory Administrators, ${DOMAIN}
	+dn: cn=Directory Administrators,${LDAP_ADMIN_ROOT_DN}
	+objectClass: top
	+objectClass: groupofuniquenames
	+cn: Directory Administrators
	+uniqueMember: cn=Directory Manager
	+
	+# Domains definition location ${DOMAIN}
	+dn: ${LDAP_DOMAIN_BASE_DN}
	+objectclass: top
	+objectclass: extensibleobject
	+ou: Domains
	+aci: (targetattr = \"*\") (version 3.0;acl \"Kolab Services\";allow (read,compare,search)(userdn = \"ldap:///uid=kolab-service,ou=Special Users,${LDAP_ADMIN_ROOT_DN}\");)
	+
	+# Groups, ${DOMAIN}
	+dn: ou=Groups,${LDAP_ADMIN_ROOT_DN}
	+objectClass: top
	+objectClass: organizationalunit
	+ou: Groups
	+
	+# People, ${DOMAIN}
	+dn: ou=People,${LDAP_ADMIN_ROOT_DN}
	+objectClass: top
	+objectClass: organizationalunit
	+ou: People
	+
	+# Resources, ${DOMAIN}
	+dn: ou=Resources,${LDAP_ADMIN_ROOT_DN}
	+objectClass: top
	+objectClass: organizationalunit
	+ou: Resources
	+
	+# Shared Folders, ${DOMAIN}
	+dn: ou=Shared Folders,${LDAP_ADMIN_ROOT_DN}
	+objectClass: top
	+objectClass: organizationalunit
	+ou: Shared Folders
	+
	+# Special User, ${DOMAIN}
	+dn: ou=Special Users,${LDAP_ADMIN_ROOT_DN}
	+objectClass: top
	+objectClass: organizationalUnit
	+ou: Special Users
	+description: Special Administrative Accounts
	+
	+# Add kolab-admin role
	+dn: cn=kolab-admin,${LDAP_ADMIN_ROOT_DN}
	+objectClass: top
	+objectClass: ldapsubentry
	+objectClass: nsroledefinition
	+objectClass: nssimpleroledefinition
	+objectClass: nsmanagedroledefinition
	+cn: kolab-admin
	+description: Kolab Administrator
	+
	+# cyrus-admin, Special Users, ${DOMAIN}
	+dn: uid=cyrus-admin,ou=Special Users,${LDAP_ADMIN_ROOT_DN}
	+sn: Administrator
	+uid: cyrus-admin
	+objectClass: top
	+objectClass: person
	+objectClass: inetorgperson
	+objectClass: organizationalperson
	+givenName: Cyrus
	+cn: Cyrus Administrator
	+userPassword: ${IMAP_ADMIN_PASSWORD}
	+
	+# kolab-service, Special Users, ${DOMAIN}
	+dn: ${LDAP_SERVICE_BIND_DN}
	+sn: Service
	+uid: kolab-service
	+objectClass: top
	+objectClass: person
	+objectClass: inetorgperson
	+objectClass: organizationalperson
	+givenName: Kolab
	+cn: Kolab Service
	+userPassword: ${LDAP_SERVICE_BIND_PW}
	+nsIdleTimeout: -1
	+nsTimeLimit: -1
	+nsSizeLimit: -1
	+nsLookThroughLimit: -1
	+
	+# hosted-kolab-service, Special Users, ${DOMAIN}
	+dn: ${LDAP_HOSTED_BIND_DN}
	+objectclass: top
	+objectclass: inetorgperson
	+objectclass: person
	+uid: hosted-kolab-service
	+cn: Hosted Kolab Service Account
	+sn: Service Account
	+givenname: Hosted Kolab
	+userpassword: ${LDAP_HOSTED_BIND_PW}
	+nsIdleTimeout: -1
	+nsTimeLimit: -1
	+nsSizeLimit: -1
	+nsLookThroughLimit: -1
	+
	+# ${DOMAIN}, ${LDAP_DOMAIN_BASE_DN}
	+dn: associateddomain=${DOMAIN},${LDAP_DOMAIN_BASE_DN}
	+objectclass: top
	+objectclass: domainrelatedobject
	+associateddomain: ${DOMAIN}
	+associateddomain: localhost.localdomain
	+associateddomain: localhost
	+aci: (targetattr = \"\")(version 3.0;acl \"Deny Rest\";deny (all)(userdn != \"ldap:///${LDAP_SERVICE_BIND_DN} \|\| ldap:///${LDAP_ADMIN_ROOT_DN}??sub?$objectclass=$\");)
	+aci: (targetattr = \"*\")(version 3.0;acl \"Deny Hosted Kolab\";deny (all)(userdn = \"ldap:///${LDAP_HOSTED_BIND_DN}\");)
	+
	diff --git a/docker/kolab/Dockerfile b/docker/kolab/Dockerfile
	--- a/docker/kolab/Dockerfile
	+++ b/docker/kolab/Dockerfile
	@@ -1,15 +1,63 @@
	-FROM kolab/centos7:latest
	+FROM centos:7

	-RUN yum -y install rsyslog && \
	- yum --enablerepo=kolab-16-updates-testing -y update pykolab && \
	+LABEL maintainer="contact@kolabsystems.com"
	+LABEL dist=centos7
	+LABEL tier=${TIER}
	+
	+ENV container docker
	+ENV SYSTEMD_PAGER=''
	+ENV DISTRO=centos7
	+ENV LANG=en_US.utf8
	+ENV LC_ALL=en_US.utf8
	+
	+RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] \|\| rm -f $i; done); \
	+ rm -f /lib/systemd/system/multi-user.target.wants/*; \
	+ rm -f /etc/systemd/system/.wants/; \
	+ rm -f /lib/systemd/system/local-fs.target.wants/*; \
	+ rm -f /lib/systemd/system/sockets.target.wants/udev; \
	+ rm -f /lib/systemd/system/sockets.target.wants/initctl; \
	+ rm -f /lib/systemd/system/basic.target.wants/*; \
	+ rm -f /lib/systemd/system/anaconda.target.wants/*;
	+
	+# To speed things up, disable fastestmirror.
	+RUN sed -r -i \
	+ -e 's/^enabled.*$/enabled = 0/g' \
	+ /etc/yum/pluginconf.d/fastestmirror.conf
	+
	+# Avoid using a mirrorlist (use a transparent proxy and cache everything instead).
	+RUN sed -r -i \
	+ -e 's/^mirrorlist/#mirrorlist/g' \
	+ -e 's/^#baseurl/baseurl/g' \
	+ /etc/yum.repos.d/*.repo
	+
	+RUN sed -i -e '/tsflags=nodocs/d' /etc/yum.conf
	+
	+# Add EPEL.
	+RUN yum -y install \
	+ epel-release && \
	yum clean all

	+# Add the EPEL key.
	+RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
	+
	+RUN rpm --import https://mirror.kolabenterprise.com/maipo.asc
	+
	+RUN yum -y install https://mirror.kolabenterprise.com/kolab-16-for-el7.rpm && \
	+ yum -y install kolab-16-release-development && \
	+ yum clean all
	+
	+RUN yum -y --setopt tsflags= install kolab
	+
	COPY kolab-init.service /etc/systemd/system/kolab-init.service
	+COPY kolab-setenv.service /etc/systemd/system/kolab-setenv.service
	COPY kolab-vlv.service /etc/systemd/system/kolab-vlv.service
	+COPY utils /root/utils

	RUN rm -rf /etc/systemd/system/multi-user.target.wants/{avahi-daemon,sshd}.* && \
	ln -s /etc/systemd/system/kolab-init.service \
	/etc/systemd/system/multi-user.target.wants/kolab-init.service && \
	+ ln -s /etc/systemd/system/kolab-setenv.service \
	+ /etc/systemd/system/multi-user.target.wants/kolab-setenv.service && \
	ln -s /etc/systemd/system/kolab-vlv.service \
	/etc/systemd/system/multi-user.target.wants/kolab-vlv.service

	@@ -23,6 +71,10 @@
	COPY kolab-vlv.sh /usr/local/sbin/
	RUN chmod 750 /usr/local/sbin/kolab-vlv.sh

	+VOLUME [ "/sys/fs/cgroup" ]
	+
	+WORKDIR /root/
	+
	CMD ["/lib/systemd/systemd"]

	EXPOSE 21/tcp 22/tcp 25/tcp 53/tcp 53/udp 80/tcp 110/tcp 143/tcp 389/tcp 443/tcp 465/tcp 587/tcp 993/tcp 995/tcp 5353/udp 8880/tcp 8443/tcp 8447/tcp
	diff --git a/docker/kolab/kolab-init.service b/docker/kolab/kolab-init.service
	--- a/docker/kolab/kolab-init.service
	+++ b/docker/kolab/kolab-init.service
	@@ -1,8 +1,11 @@
	[Unit]
	Description=Kolab Setup Service
	+Requires=kolab-setenv.service
	+After=kolab-setenv.service

	[Service]
	Type=oneshot
	+EnvironmentFile=/etc/openshift-environment
	ExecStart=/usr/local/sbin/kolab-init.sh

	[Install]
	diff --git a/docker/kolab/kolab-init.sh b/docker/kolab/kolab-init.sh
	--- a/docker/kolab/kolab-init.sh
	+++ b/docker/kolab/kolab-init.sh
	@@ -6,26 +6,26 @@

	pushd /root/utils/

	-./01-reverse-etc-hosts.sh
	-./02-write-my.cnf.sh
	-./03-setup-kolab.sh
	-./04-reset-mysql-kolab-password.sh
	-./05-replace-localhost.sh
	-./06-mysql-for-kolabdev.sh
	-./07-adjust-base-dns.sh
	-./08-disable-amavisd.sh
	-./09-enable-debugging.sh
	-./10-reset-kolab-service-password.sh
	-./11-reset-cyrus-admin-password.sh
	-./12-create-hosted-kolab-service.sh
	-./13-create-ou-domains.sh
	-./14-create-management-domain.sh
	-./15-create-hosted-domain.sh
	-./16-remove-cn-kolab-cn-config.sh
	-./17-remove-hosted-service-access-from-mgmt-domain.sh
	-./18-adjust-kolab-conf.sh
	-./19-turn-on-vlv-in-roundcube.sh
	-./20-add-alias-attribute-index.sh
	-./21-adjust-postfix-config.sh
	+./01-reverse-etc-hosts.sh && echo "01 done"
	+./02-write-my.cnf.sh && echo "02 done"
	+./03-setup-kolab.sh && echo "03 done"
	+./04-reset-mysql-kolab-password.sh && echo "04 done"
	+./05-replace-localhost.sh && echo "05 done"
	+./06-mysql-for-kolabdev.sh && echo "06 done"
	+./07-adjust-base-dns.sh && echo "07 done"
	+./08-disable-amavisd.sh && echo "08 done"
	+./09-enable-debugging.sh && echo "09 done"
	+./10-reset-kolab-service-password.sh && echo "10 done"
	+./11-reset-cyrus-admin-password.sh && echo "11 done"
	+./12-create-hosted-kolab-service.sh && echo "12 done"
	+./13-create-ou-domains.sh && echo "13 done"
	+./14-create-management-domain.sh && echo "14 done"
	+./15-create-hosted-domain.sh && echo "15 done"
	+./16-remove-cn-kolab-cn-config.sh && echo "16 done"
	+./17-remove-hosted-service-access-from-mgmt-domain.sh && echo "17 done"
	+./18-adjust-kolab-conf.sh && echo "18 done"
	+./19-turn-on-vlv-in-roundcube.sh && echo "19 done"
	+./20-add-alias-attribute-index.sh && echo "20 done"
	+./21-adjust-postfix-config.sh && echo "21 done"

	touch /tmp/kolab-init.done
	diff --git a/docker/kolab/kolab-setenv.service b/docker/kolab/kolab-setenv.service
	new file mode 100644
	--- /dev/null
	+++ b/docker/kolab/kolab-setenv.service
	@@ -0,0 +1,9 @@
	+[Unit]
	+Description=Kolab Set Environment
	+
	+[Service]
	+Type=oneshot
	+ExecStart=/bin/bash -c "cat /proc/1/environ \| tr '\0' '\n' > /etc/openshift-environment"
	+
	+[Install]
	+WantedBy=multi-user.target
	diff --git a/docker/kolab/utils/02-write-my.cnf.sh b/docker/kolab/utils/02-write-my.cnf.sh
	--- a/docker/kolab/utils/02-write-my.cnf.sh
	+++ b/docker/kolab/utils/02-write-my.cnf.sh
	@@ -2,8 +2,7 @@

	cat > /root/.my.cnf << EOF
	[client]
	-host=127.0.0.1
	+host=${DB_HOST:-127.0.0.1}
	user=root
	-password=Welcome2KolabSystems
	+password=${DB_ROOT_PASSWORD:-Welcome2KolabSystems}
	EOF
	-
	diff --git a/docker/kolab/utils/03-setup-kolab.sh b/docker/kolab/utils/03-setup-kolab.sh
	--- a/docker/kolab/utils/03-setup-kolab.sh
	+++ b/docker/kolab/utils/03-setup-kolab.sh
	@@ -1,11 +1,38 @@
	#!/bin/bash

	-setup-kolab \
	- --default \
	- --fqdn=kolab.mgmt.com \
	+. ./settings.sh
	+
	+if [ -f /root/kolab.conf.template ]; then
	+ eval "echo \"$(cat /root/kolab.conf.template)\"" > /root/kolab.conf.ref
	+ KOLAB_CONFIG_REF="--config=/root/kolab.conf.ref"
	+ cp -f ${KOLAB_CONFIG_REF#--config=} /etc/kolab/kolab.conf
	+fi
	+
	+CMD="$(which setup-kolab) \
	+ --default ${LDAP_HOST+--without-ldap} ${KOLAB_CONFIG_REF} \
	+ --fqdn=kolab.${domain} \
	--timezone=Europe/Zurich \
	- --mysqlhost=127.0.0.1 \
	+ --mysqlhost=${DB_HOST:-127.0.0.1} \
	--mysqlserver=existing \
	- --mysqlrootpw=Welcome2KolabSystems \
	- --directory-manager-pwd=Welcome2KolabSystems 2>&1 \| tee /root/setup-kolab.log
	+ --mysqlrootpw=${DB_ROOT_PASSWORD:-Welcome2KolabSystems} \
	+ --directory-manager-pwd=${LDAP_ADMIN_BIND_PW:-Welcome2KolabSystems}"
	+
	+echo ${CMD} \| tee -a /root/setup-kolab.log
	+echo -n "Wait for MariaDB container: " \| tee -a /root/setup-kolab.log
	+while ! mysqladmin -u root ping > /dev/null 2>&1 ; do
	+ echo -n '.'
	+ sleep 3
	+done \| tee -a /root/setup-kolab.log
	+echo "OK!" \| tee -a /root/setup-kolab.log
	+
	+if [ ! -z "${LDAP_HOST}" ]; then
	+ echo -n "Wait for DS389 container: " \| tee -a /root/setup-kolab.log
	+ while ! ldapsearch -h ${LDAP_HOST} -D "${LDAP_ADMIN_BIND_DN}" -w "${LDAP_ADMIN_BIND_PW}" -b "" -s base > /dev/null 2>&1 ; do
	+ echo -n '.'
	+ sleep 3
	+ done \| tee -a /root/setup-kolab.log
	+ echo "OK!" \| tee -a /root/setup-kolab.log
	+fi
	+
	+${CMD} 2>&1 \| tee -a /root/setup-kolab.log

	diff --git a/docker/kolab/utils/04-reset-mysql-kolab-password.sh b/docker/kolab/utils/04-reset-mysql-kolab-password.sh
	--- a/docker/kolab/utils/04-reset-mysql-kolab-password.sh
	+++ b/docker/kolab/utils/04-reset-mysql-kolab-password.sh
	@@ -2,6 +2,11 @@

	sqlpw=$(grep ^sql_uri /etc/kolab/kolab.conf \| awk -F':' '{print $3}' \| awk -F'@' '{print $1}')

	-mysql -h 127.0.0.1 -u root --password=Welcome2KolabSystems \
	- -e "SET PASSWORD FOR 'kolab'@'localhost' = PASSWORD('${sqlpw}');"
	+mysql -h ${DB_HOST} -u root --password=${DB_ROOT_PASSWORD} \
	+ -e "SET PASSWORD FOR '${DB_HKCCP_USERNAME:-kolabdev}'@'%' = PASSWORD('${DB_HKCCP_PASSWORD:-Welcome2KolabSystems}');"

	+mysql -h ${DB_HOST} -u root --password=${DB_ROOT_PASSWORD} \
	+ -e "SET PASSWORD FOR '${DB_KOLAB_USERNAME:-kolab}'@'%' = PASSWORD('${DB_KOLAB_PASSWORD:=$sqlpw}');"
	+
	+mysql -h ${DB_HOST} -u root --password=${DB_ROOT_PASSWORD} \
	+ -e "SET PASSWORD FOR '${DB_RC_USERNAME:-roundcube}'@'%' = PASSWORD('${DB_RC_PASSWORD:-Welcome2KolabSystems}');"
	diff --git a/docker/kolab/utils/05-replace-localhost.sh b/docker/kolab/utils/05-replace-localhost.sh
	--- a/docker/kolab/utils/05-replace-localhost.sh
	+++ b/docker/kolab/utils/05-replace-localhost.sh
	@@ -1,23 +1,31 @@
	#!/bin/bash

	-mysql -h 127.0.0.1 -u root --password=Welcome2KolabSystems \
	- -e "UPDATE mysql.db SET Host = '127.0.0.1' WHERE Host = 'localhost';"
	+if [[ ${DB_HOST} == "localhost" \|\| ${DB_HOST} == "127.0.0.1" ]]; then
	+ mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD:-Welcome2KolabSystems} \
	+ -e "UPDATE mysql.db SET Host = '127.0.0.1' WHERE Host = 'localhost';"
	+
	+ mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD:-Welcome2KolabSystems} \
	+ -e "UPDATE mysql.user SET Host = '127.0.0.1' WHERE Host = 'localhost';"
	+
	+ mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD:-Welcome2KolabSystems} \
	+ -e "FLUSH PRIVILEGES;"
	+fi

	-mysql -h 127.0.0.1 -u root --password=Welcome2KolabSystems \
	- -e "UPDATE mysql.user SET Host = '127.0.0.1' WHERE Host = 'localhost';"
	-
	-mysql -h 127.0.0.1 -u root --password=Welcome2KolabSystems \
	- -e "FLUSH PRIVILEGES;"
	-
	-sed -i -e 's/localhost/127.0.0.1/g' \
	- /etc/imapd.conf \
	- /etc/iRony/dav.inc.php \
	- /etc/kolab/kolab.conf \
	- /etc/kolab-freebusy/config.ini \
	- /etc/postfix/ldap/*.cf \
	- /etc/roundcubemail/password.inc.php \
	- /etc/roundcubemail/kolab_auth.inc.php \
	- /etc/roundcubemail/config.inc.php \
	- /etc/roundcubemail/calendar.inc.php
	+sed -i -e "s#^ldap_servers:.*#ldap_servers: ldap://${LDAP_HOST:-127.0.0.1}:389#" /etc/imapd.conf
	+sed -i -e "/hosts/s/localhost/${LDAP_HOST:-127.0.0.1}/" /etc/iRony/dav.inc.php
	+sed -i -e "s#^ldap_uri.*#ldap_uri = ldap://${LDAP_HOST:-127.0.0.1}:389#" \
	+ -e "s#^cache_uri.mysql://$.$:$.$@$.$\/$.*$#cache_uri = mysql://${DB_KOLAB_USERNAME:-\1}:${DB_KOLAB_PASSWORD:-\2}@${DB_HOST:-127.0.0.1}/${DB_KOLAB_DATABASE:-\4}#" \
	+ -e "s#^sql_uri.mysql://$.$:$.$@$.$\/$.*$#sql_uri = mysql://${DB_KOLAB_USERNAME:-\1}:${DB_KOLAB_PASSWORD:-\2}@${DB_HOST:-127.0.0.1}/${DB_KOLAB_DATABASE:-\4}#" \
	+ -e "s#^uri.*#uri = imaps://${IMAP_HOST:-127.0.0.1}:993#" /etc/kolab/kolab.conf
	+sed -i -e "/host/s/localhost/${LDAP_HOST:-127.0.0.1}/g" \
	+ -e "/fbsource/s/localhost/${IMAP_HOST:-127.0.0.1}/g" /etc/kolab-freebusy/config.ini
	+sed -i -e "s/server_host./server_host = ${LDAP_HOST:-127.0.0.1}/g" /etc/postfix/ldap/
	+sed -i -e "/password_ldap_host/s/localhost/${LDAP_HOST:-127.0.0.1}/" /etc/roundcubemail/password.inc.php
	+sed -i -e "/hosts/s/localhost/${LDAP_HOST:-127.0.0.1}/" /etc/roundcubemail/kolab_auth.inc.php
	+sed -i -e "#db_dsnw#s#=.*$#= mysqli//${DB_RC_USERNAME:-roundcube}:${DB_RC_PASSWORD:-Welcome2KolabSystems}@${DB_HOST:-127.0.0.1}/${DB_RC_DATABASE:-roundcube}#" \
	+ -e "/default_host/s/localhost/${IMAP_HOST:-127.0.0.1}/" \
	+ -e "/smtp_server/s/localhost/${MAIL_HOST:-127.0.0.1}/" \
	+ -e "/hosts/s/localhost/${LDAP_HOST:-127.0.0.1}/" /etc/roundcubemail/config.inc.php
	+sed -i -e "/hosts/s/localhost/${LDAP_HOST:-127.0.0.1}/" /etc/roundcubemail/calendar.inc.php

	systemctl restart cyrus-imapd postfix
	diff --git a/docker/kolab/utils/06-mysql-for-kolabdev.sh b/docker/kolab/utils/06-mysql-for-kolabdev.sh
	--- a/docker/kolab/utils/06-mysql-for-kolabdev.sh
	+++ b/docker/kolab/utils/06-mysql-for-kolabdev.sh
	@@ -1,11 +1,11 @@
	#!/bin/bash

	-mysql -h 127.0.0.1 -u root --password=Welcome2KolabSystems \
	- -e "CREATE DATABASE kolabdev;"
	+mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD:-Welcome2KolabSystems} \
	+ -e "CREATE DATABASE IF NOT EXISTS ${DB_HKCCP_DATABASE:-kolabdev};"

	-mysql -h 127.0.0.1 -u root --password=Welcome2KolabSystems \
	- -e "GRANT ALL PRIVILEGES ON kolabdev.* TO 'kolabdev'@'127.0.0.1' IDENTIFIED BY 'kolab';"
	+mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD:-Welcome2KolabSystems} \
	+ -e "GRANT ALL PRIVILEGES ON ${DB_HKCCP_DATABASE:-kolabdev}.* TO '${DB_HKCCP_USERNAME:-kolabdev}'@'%' IDENTIFIED BY '${DB_HKCCP_PASSWORD:-kolab}';"

	-mysql -h 127.0.0.1 -u root --password=Welcome2KolabSystems \
	+mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD:-Welcome2KolabSystems} \
	-e "FLUSH PRIVILEGES;"

	diff --git a/docker/kolab/utils/07-adjust-base-dns.sh b/docker/kolab/utils/07-adjust-base-dns.sh
	--- a/docker/kolab/utils/07-adjust-base-dns.sh
	+++ b/docker/kolab/utils/07-adjust-base-dns.sh
	@@ -6,6 +6,8 @@

	sed -i -r \
	-e "s/(\s+)base => '.*',$/\1base => '${hosted_domain_rootdn}',/g" \
	+ -e "/\\\$mydomain = / a\
	+\$myhostname = '${HOSTNAME:-kolab}.${DOMAIN:-mgmt.com}';" \
	-e "s/^base_dn = .*$/base_dn = ${hosted_domain_rootdn}/g" \
	-e "s/^search_base = .*$/search_base = ${hosted_domain_rootdn}/g" \
	-e "s/(\s+)'base_dn'(\s+)=> '.*',/\1'base_dn'\2=> '${hosted_domain_rootdn}',/g" \
	diff --git a/docker/kolab/utils/10-reset-kolab-service-password.sh b/docker/kolab/utils/10-reset-kolab-service-password.sh
	--- a/docker/kolab/utils/10-reset-kolab-service-password.sh
	+++ b/docker/kolab/utils/10-reset-kolab-service-password.sh
	@@ -6,14 +6,14 @@
	echo "dn: uid=kolab-service,ou=Special Users,${rootdn}"
	echo "changetype: modify"
	echo "replace: userpassword"
	- echo "userpassword: ${ldap_bindpw}"
	+ echo "userpassword: ${kolab_service_pw}"
	echo ""
	) \| ldapmodify -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"

	oldpw=$(grep ^service_bind_pw /etc/kolab/kolab.conf \| awk '{print $3}')

	sed -i -r \
	- -e "s/${oldpw}/${ldap_bindpw}/g" \
	+ -e "s/${oldpw}/${kolab_service_pw}/g" \
	$(grep -rn -- ${oldpw} /etc/ \| awk -F':' '{print $1}' \| sort -u)

	systemctl restart \
	diff --git a/docker/kolab/utils/11-reset-cyrus-admin-password.sh b/docker/kolab/utils/11-reset-cyrus-admin-password.sh
	--- a/docker/kolab/utils/11-reset-cyrus-admin-password.sh
	+++ b/docker/kolab/utils/11-reset-cyrus-admin-password.sh
	@@ -6,14 +6,14 @@
	echo "dn: uid=cyrus-admin,ou=Special Users,${rootdn}"
	echo "changetype: modify"
	echo "replace: userpassword"
	- echo "userpassword: ${ldap_bindpw}"
	+ echo "userpassword: ${cyrus_admin_pw}"
	echo ""
	) \| ldapmodify -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"

	oldpw=$(grep ^admin_password /etc/kolab/kolab.conf \| awk '{print $3}')

	sed -i -r \
	- -e "s/${oldpw}/${ldap_bindpw}/g" \
	+ -e "s/${oldpw}/${cyrus_admin_pw}/g" \
	/etc/kolab/kolab.conf

	systemctl restart kolabd wallace
	diff --git a/docker/kolab/utils/12-create-hosted-kolab-service.sh b/docker/kolab/utils/12-create-hosted-kolab-service.sh
	--- a/docker/kolab/utils/12-create-hosted-kolab-service.sh
	+++ b/docker/kolab/utils/12-create-hosted-kolab-service.sh
	@@ -1,6 +1,7 @@
	#!/bin/bash

	- . ./settings.sh
	+. ./settings.sh
	+
	(
	echo "dn: uid=hosted-kolab-service,ou=Special Users,${rootdn}"
	echo "objectclass: top"
	diff --git a/docker/kolab/utils/13-create-ou-domains.sh b/docker/kolab/utils/13-create-ou-domains.sh
	--- a/docker/kolab/utils/13-create-ou-domains.sh
	+++ b/docker/kolab/utils/13-create-ou-domains.sh
	@@ -1,6 +1,7 @@
	#!/bin/bash

	. ./settings.sh
	+
	(
	echo "dn: ou=Domains,${rootdn}"
	echo "ou: Domains"
	diff --git a/docker/kolab/utils/14-create-management-domain.sh b/docker/kolab/utils/14-create-management-domain.sh
	--- a/docker/kolab/utils/14-create-management-domain.sh
	+++ b/docker/kolab/utils/14-create-management-domain.sh
	@@ -1,6 +1,7 @@
	#!/bin/bash

	- . ./settings.sh
	+. ./settings.sh
	+
	(
	echo "dn: associateddomain=${domain},${domain_base_dn}"
	echo "aci: (targetattr = \"\")(version 3.0;acl \"Deny Rest\";deny (all)(userdn != \"ldap:///uid=kolab-service,ou=Special Users,${rootdn} \|\| ldap:///${rootdn}??sub?(objectclass=)\");)"
	diff --git a/docker/kolab/utils/15-create-hosted-domain.sh b/docker/kolab/utils/15-create-hosted-domain.sh
	--- a/docker/kolab/utils/15-create-hosted-domain.sh
	+++ b/docker/kolab/utils/15-create-hosted-domain.sh
	@@ -3,7 +3,7 @@
	. ./settings.sh

	(
	- echo "dn: associateddomain=${hosted_domain},ou=Domains,${rootdn}"
	+ echo "dn: associateddomain=${hosted_domain},${domain_base_dn}"
	echo "objectclass: top"
	echo "objectclass: domainrelatedobject"
	echo "objectclass: inetdomain"
	@@ -31,7 +31,7 @@
	echo "nsslapd-cachememsize: 10485760"
	echo "nsslapd-readonly: off"
	echo "nsslapd-require-index: off"
	- echo "nsslapd-directory: /var/lib/dirsrv/slapd-$(hostname -s)/db/$(echo ${hosted_domain} \| sed -e 's/\./_/g')"
	+ echo "nsslapd-directory: /var/lib/dirsrv/slapd-${DS_INSTANCE_NAME:-$(hostname -s)}/db/$(echo ${hosted_domain} \| sed -e 's/\./_/g')"
	echo "nsslapd-dncachememsize: 10485760"
	echo ""

	diff --git a/docker/kolab/utils/17-remove-hosted-service-access-from-mgmt-domain.sh b/docker/kolab/utils/17-remove-hosted-service-access-from-mgmt-domain.sh
	--- a/docker/kolab/utils/17-remove-hosted-service-access-from-mgmt-domain.sh
	+++ b/docker/kolab/utils/17-remove-hosted-service-access-from-mgmt-domain.sh
	@@ -1,6 +1,7 @@
	#!/bin/bash

	- . ./settings.sh
	+. ./settings.sh
	+
	(
	echo "dn: associateddomain=${domain},ou=Domains,${rootdn}"
	echo "changetype: modify"
	diff --git a/docker/kolab/utils/20-add-alias-attribute-index.sh b/docker/kolab/utils/20-add-alias-attribute-index.sh
	--- a/docker/kolab/utils/20-add-alias-attribute-index.sh
	+++ b/docker/kolab/utils/20-add-alias-attribute-index.sh
	@@ -1,6 +1,6 @@
	#!/bin/bash

	- . ./settings.sh
	+. ./settings.sh

	export index_attr=alias

	diff --git a/docker/kolab/utils/settings.sh b/docker/kolab/utils/settings.sh
	--- a/docker/kolab/utils/settings.sh
	+++ b/docker/kolab/utils/settings.sh
	@@ -1,23 +1,24 @@
	#!/bin/bash

	-export rootdn="dc=mgmt,dc=com"
	-export domain="mgmt.com"
	-export domain_db="mgmt_com"
	-export ldap_host="127.0.0.1"
	-export ldap_binddn="cn=Directory Manager"
	-export ldap_bindpw="Welcome2KolabSystems"
	+export rootdn=${LDAP_ADMIN_ROOT_DN:-"dc=mgmt,dc=com"}
	+export domain=${DOMAIN:-"mgmt.com"}
	+export domain_db=${DOMAIN_DB:-"mgmt_com"}
	+export ldap_host=${LDAP_HOST:-"127.0.0.1"}
	+export ldap_binddn=${LDAP_ADMIN_BIND_DN:-"cn=Directory Manager"}
	+export ldap_bindpw=${LDAP_ADMIN_BIND_PW:-"Welcome2KolabSystems"}

	-export cyrus_admin="cyrus-admin"
	+export cyrus_admin=${IMAP_ADMIN_LOGIN:-"cyrus-admin"}

	-export imap_host="127.0.0.1"
	-export cyrus_admin_pw="Welcome2KolabSystems"
	+export imap_host=${IMAP_HOST:-"127.0.0.1"}
	+export cyrus_admin_pw=${IMAP_ADMIN_PASSWORD:-"Welcome2KolabSystems"}

	-export hosted_kolab_service_pw="Welcome2KolabSystems"
	+export kolab_service_pw=${LDAP_SERVICE_BIND_PW:-"Welcome2KolabSystems"}
	+export hosted_kolab_service_pw=${LDAP_HOSTED_BIND_PW:-"Welcome2KolabSystems"}

	-export hosted_domain="hosted.com"
	-export hosted_domain_db="hosted_com"
	-export hosted_domain_rootdn="dc=hosted,dc=com"
	+export hosted_domain=${HOSTED_DOMAIN:-"hosted.com"}
	+export hosted_domain_db=${HOSTED_DOMAIN_DB:-"hosted_com"}
	+export hosted_domain_rootdn=${LDAP_HOSTED_ROOT_DN:-"dc=hosted,dc=com"}

	-export domain_base_dn="ou=Domains,dc=mgmt,dc=com"
	+export domain_base_dn=${LDAP_DOMAIN_BASE_DN:-"ou=Domains,dc=mgmt,dc=com"}

	-export default_user_password="Welcome2KolabSystems"
	+export default_user_password=${DEFAULT_USER_PASSWORD:-"Welcome2KolabSystems"}
	diff --git a/docker/mariadb/mysql-init/80-add-users.sh b/docker/mariadb/mysql-init/80-add-users.sh
	new file mode 100644
	--- /dev/null
	+++ b/docker/mariadb/mysql-init/80-add-users.sh
	@@ -0,0 +1,29 @@
	+create_arbitrary_users() {
	+
	+ # Do not care what option is compulsory here, just create what is specified
	+ log_info "Creating user specified by (${2}) ..."
	+mysql $mysql_flags <<EOSQL
	+ CREATE USER '${2}'@'${4}' IDENTIFIED BY '${3}';
	+EOSQL
	+
	+ log_info "Granting privileges to user ${2} for ${1} ..."
	+mysql $mysql_flags <<EOSQL
	+ GRANT ALL ON \`${1}\`.* TO '${2}'@'${4}' ;
	+ FLUSH PRIVILEGES ;
	+EOSQL
	+}
	+
	+DB_NO=1
	+while [[ ${DB_NO} -ne 0 ]]; do
	+ DB_CUR="DB_${DB_NO}"
	+ if [[ -n $(eval echo '${!'${DB_CUR}'*}') ]]; then
	+ NAME="${DB_CUR}_NAME"
	+ USER="${DB_CUR}_USER"
	+ PASS="${DB_CUR}_PASS"
	+ HOST="${DB_CUR}_HOST"
	+ create_arbitrary_users ${!NAME} ${!USER} ${!PASS:-Welcome2KolabSystems} ${!HOST:-127.0.0.1} \|\| true
	+ let "DB_NO+=1"
	+ else
	+ DB_NO=0
	+ fi
	+done
	diff --git a/docker/mariadb/mysql-init/81-update-root-user.sh b/docker/mariadb/mysql-init/81-update-root-user.sh
	new file mode 100644
	--- /dev/null
	+++ b/docker/mariadb/mysql-init/81-update-root-user.sh
	@@ -0,0 +1,10 @@
	+#!/bin/bash
	+
	+if [ ! -v ${MYSQL_ROOT_PASSWORD} ]; then
	+ log_info "Update root user for host 127.0.0.1 ..."
	+mysql $mysql_flags <<EOSQL
	+ UPDATE mysql.user SET Password = PASSWORD('${MYSQL_ROOT_PASSWORD}') WHERE User = 'root' AND Host = '127.0.0.1';
	+ FLUSH PRIVILEGES;
	+EOSQL
	+fi
	+
	diff --git a/src/.env.example b/src/.env.example
	--- a/src/.env.example
	+++ b/src/.env.example
	@@ -6,6 +6,8 @@
	APP_PUBLIC_URL=
	APP_DOMAIN=kolabnow.com

	+ASSET_URL=http://127.0.0.1:8000
	+
	SUPPORT_URL=

	LOG_CHANNEL=stack
	@@ -25,10 +27,10 @@
	SESSION_DRIVER=file
	SESSION_LIFETIME=120

	-2FA_DSN=mysql://roundcube:Welcome2KolabSystems@127.0.0.1/roundcube
	-2FA_TOTP_DIGITS=6
	-2FA_TOTP_INTERVAL=30
	-2FA_TOTP_DIGEST=sha1
	+MFA_DSN=mysql://roundcube:Welcome2KolabSystems@127.0.0.1/roundcube
	+MFA_TOTP_DIGITS=6
	+MFA_TOTP_INTERVAL=30
	+MFA_TOTP_DIGEST=sha1

	IMAP_URI=ssl://127.0.0.1:993
	IMAP_ADMIN_LOGIN=cyrus-admin
	@@ -113,6 +115,7 @@
	PUSHER_APP_SECRET=
	PUSHER_APP_CLUSTER=mt1

	+MIX_ASSET_PATH=
	MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
	MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"

	diff --git a/src/.gitignore b/src/.gitignore
	--- a/src/.gitignore
	+++ b/src/.gitignore
	@@ -2,7 +2,7 @@
	database/database.sqlite
	node_modules/
	package-lock.json
	-public/css/app.css
	+public/css/*.css
	public/hot
	public/js/*.js
	public/storage/
	diff --git a/src/.s2i/bin/assemble b/src/.s2i/bin/assemble
	new file mode 100755
	--- /dev/null
	+++ b/src/.s2i/bin/assemble
	@@ -0,0 +1,33 @@
	+#!/bin/bash
	+
	+set -e
	+
	+shopt -s dotglob
	+echo "--->> $(rm -vrf vendor/ composer.lock)"
	+
	+if [ -f ".env.local" ]; then
	+ # Ensure there's a line ending
	+ echo "---->> Append .env.local"
	+ echo "" >> .env
	+ cat .env.local >> .env
	+fi
	+
	+#env
	+
	+/usr/libexec/s2i/assemble
	+
	+#cat >> /opt/app-root/etc/conf.d/99-loglevel.conf << EOF
	+#LogLevel warn mod_rewrite.c:trace4
	+#EOF
	+
	+# Won't work due to:
	+# Cannot install, php_dir for channel "pecl.php.net" is not writeable by the current user
	+#pecl channel-update pecl.php.net
	+#pecl install swoole
	+
	+pushd /opt/app-root/src
	+
	+echo "---->> Run npm run prod"
	+npm install cross-env
	+npm run prod
	+
	diff --git a/src/.s2i/bin/run b/src/.s2i/bin/run
	new file mode 100755
	--- /dev/null
	+++ b/src/.s2i/bin/run
	@@ -0,0 +1,60 @@
	+#!/bin/bash
	+
	+shopt -s dotglob
	+
	+pushd /opt/app-root/src
	+
	+echo "----> Remove bootstrap cache"
	+find bootstrap/cache/ -type f ! -name ".gitignore" -delete
	+
	+if [ -z ${APP_KEY} ]; then
	+ echo "----> Run artisan key:generate"
	+ ./artisan key:generate
	+fi
	+
	+if [ -z ${JWT_SECRET} ]; then
	+ echo "----> Run artisan jwt:secret"
	+ ./artisan jwt:secret --always-no
	+fi
	+
	+echo "----> Run artisan clear-compiled"
	+./artisan clear-compiled
	+
	+echo "----> Run artisan cache:clear"
	+./artisan ${ARTISAN_VERBOSITY} cache:clear \|\| true
	+
	+# rpm -qv chromium
	+# if [ ! -z "$(rpm -qv chromium 2>/dev/null)" ]; then
	+# echo "---- Run artisan dusk:chrome-driver"
	+# chver=$(rpmquery --queryformat="%{VERSION}" chromium \| awk -F'.' '{print $1}')
	+# ./artisan dusk:chrome-driver ${chver}
	+# fi
	+
	+if [ ! -f 'resources/countries.php' ]; then
	+ echo "----> Run artisan data:countries"
	+ ./artisan data:countries
	+fi
	+
	+rm -rvf bootstrap/cache/
	+mkdir -vp bootstrap/cache/
	+chown default bootstrap/cache
	+
	+./artisan db:ping --wait \|\| exit 1
	+
	+./artisan migrate --force \|\| :
	+#./artisan db:seed --force \|\| :
	+
	+case ${HKCCP_APP} in
	+ worker\|WORKER )
	+ echo "----> Running worker "
	+ ./artisan queue:work;;
	+ server\|SERVER )
	+ echo "----> Running server "
	+ ./artisan serve;;
	+ apache\|APACHE\|httpd\|HTTPD )
	+ echo "----> Starting httpd "
	+ /usr/libexec/s2i/run 2>&1;;
	+ * )
	+ echo "----> Sleeping"
	+ sleep 10000;;
	+esac
	diff --git a/src/app/Auth/LDAPUserProvider.php b/src/app/Auth/LDAPUserProvider.php
	--- a/src/app/Auth/LDAPUserProvider.php
	+++ b/src/app/Auth/LDAPUserProvider.php
	@@ -22,7 +22,7 @@
	*/
	public function retrieveByCredentials(array $credentials)
	{
	- $entries = User::where('email', '=', $credentials['email'])->get();
	+ $entries = User::where('email', \strtolower($credentials['email']))->get();

	$count = $entries->count();

	@@ -51,7 +51,7 @@
	{
	$authenticated = false;

	- if ($user->email == $credentials['email']) {
	+ if ($user->email === \strtolower($credentials['email'])) {
	if (!empty($user->password)) {
	if (Hash::check($credentials['password'], $user->password)) {
	$authenticated = true;
	diff --git a/src/app/Backends/LDAP.php b/src/app/Backends/LDAP.php
	--- a/src/app/Backends/LDAP.php
	+++ b/src/app/Backends/LDAP.php
	@@ -22,6 +22,8 @@
	* Starts a new LDAP connection that will be used by all methods
	* until you call self::disconnect() explicitely. Normally every
	* method uses a separate connection.
	+ *
	+ * @throws \Exception
	*/
	public static function connect(): void
	{
	@@ -47,9 +49,9 @@
	*
	* @param \App\Domain $domain The domain to create.
	*
	- * @return void
	+ * @throws \Exception
	*/
	- public static function createDomain(Domain $domain)
	+ public static function createDomain(Domain $domain): void
	{
	$config = self::getConfig('admin');
	$ldap = self::initLDAP($config);
	@@ -90,8 +92,14 @@

	$dn = "associateddomain={$domain->namespace},{$config['domain_base_dn']}";

	+ self::setDomainAttributes($domain, $entry);
	+
	if (!$ldap->get_entry($dn)) {
	- $ldap->add_entry($dn, $entry);
	+ $result = $ldap->add_entry($dn, $entry);
	+
	+ if (!$result) {
	+ self::throwException($ldap, "Failed to create domain {$domain->namespace} in LDAP");
	+ }
	}

	// create ou, roles, ous
	@@ -155,7 +163,7 @@
	}
	}

	- foreach (['kolab-admin', 'billing-user'] as $item) {
	+ foreach (['kolab-admin'] as $item) {
	if (!$ldap->get_entry("cn={$item},{$domainBaseDN}")) {
	$ldap->add_entry(
	"cn={$item},{$domainBaseDN}",
	@@ -174,6 +182,8 @@
	}
	}

	+ // TODO: Assign kolab-admin role to the owner?
	+
	if (empty(self::$ldap)) {
	$ldap->close();
	}
	@@ -199,9 +209,9 @@
	*
	* @param \App\User $user The user account to create.
	*
	- * @return bool\|void
	+ * @throws \Exception
	*/
	- public static function createUser(User $user)
	+ public static function createUser(User $user): void
	{
	$config = self::getConfig('admin');
	$ldap = self::initLDAP($config);
	@@ -223,7 +233,11 @@
	if (!self::getUserEntry($ldap, $user->email, $dn) && $dn) {
	self::setUserAttributes($user, $entry);

	- $ldap->add_entry($dn, $entry);
	+ $result = $ldap->add_entry($dn, $entry);
	+
	+ if (!$result) {
	+ self::throwException($ldap, "Failed to create user {$user->email} in LDAP");
	+ }
	}

	if (empty(self::$ldap)) {
	@@ -232,25 +246,39 @@
	}

	/**
	- * Update a domain in LDAP.
	+ * Delete a domain from LDAP.
	*
	* @param \App\Domain $domain The domain to update.
	*
	- * @return void
	+ * @throws \Exception
	*/
	- public static function updateDomain(Domain $domain)
	+ public static function deleteDomain(Domain $domain): void
	{
	$config = self::getConfig('admin');
	$ldap = self::initLDAP($config);

	- $ldapDomain = $ldap->find_domain($domain->namespace);
	+ $hostedRootDN = \config('ldap.hosted.root_dn');
	+ $mgmtRootDN = \config('ldap.admin.root_dn');

	- $oldEntry = $ldap->get_entry($ldapDomain['dn']);
	- $newEntry = $oldEntry;
	+ $domainBaseDN = "ou={$domain->namespace},{$hostedRootDN}";

	- self::setDomainAttributes($domain, $newEntry);
	+ if ($ldap->get_entry($domainBaseDN)) {
	+ $result = $ldap->delete_entry_recursive($domainBaseDN);
	+
	+ if (!$result) {
	+ self::throwException($ldap, "Failed to delete domain {$domain->namespace} from LDAP");
	+ }
	+ }

	- $ldap->modify_entry($ldapDomain['dn'], $oldEntry, $newEntry);
	+ if ($ldap_domain = $ldap->find_domain($domain->namespace)) {
	+ if ($ldap->get_entry($ldap_domain['dn'])) {
	+ $result = $ldap->delete_entry($ldap_domain['dn']);
	+
	+ if (!$result) {
	+ self::throwException($ldap, "Failed to delete domain {$domain->namespace} from LDAP");
	+ }
	+ }
	+ }

	if (empty(self::$ldap)) {
	$ldap->close();
	@@ -258,29 +286,22 @@
	}

	/**
	- * Delete a domain from LDAP.
	+ * Delete a user from LDAP.
	*
	- * @param \App\Domain $domain The domain to update.
	+ * @param \App\User $user The user account to update.
	*
	- * @return void
	+ * @throws \Exception
	*/
	- public static function deleteDomain(Domain $domain)
	+ public static function deleteUser(User $user): void
	{
	$config = self::getConfig('admin');
	$ldap = self::initLDAP($config);

	- $hostedRootDN = \config('ldap.hosted.root_dn');
	- $mgmtRootDN = \config('ldap.admin.root_dn');
	-
	- $domainBaseDN = "ou={$domain->namespace},{$hostedRootDN}";
	-
	- if ($ldap->get_entry($domainBaseDN)) {
	- $ldap->delete_entry_recursive($domainBaseDN);
	- }
	+ if (self::getUserEntry($ldap, $user->email, $dn)) {
	+ $result = $ldap->delete_entry($dn);

	- if ($ldap_domain = $ldap->find_domain($domain->namespace)) {
	- if ($ldap->get_entry($ldap_domain['dn'])) {
	- $ldap->delete_entry($ldap_domain['dn']);
	+ if (!$result) {
	+ self::throwException($ldap, "Failed to delete user {$user->email} from LDAP");
	}
	}

	@@ -290,24 +311,29 @@
	}

	/**
	- * Delete a user from LDAP.
	+ * Get a domain data from LDAP.
	*
	- * @param \App\User $user The user account to update.
	+ * @param string $namespace The domain name
	*
	- * @return void
	+ * @return array\|false\|null
	+ * @throws \Exception
	*/
	- public static function deleteUser(User $user)
	+ public static function getDomain(string $namespace)
	{
	$config = self::getConfig('admin');
	$ldap = self::initLDAP($config);

	- if (self::getUserEntry($ldap, $user->email, $dn)) {
	- $ldap->delete_entry($dn);
	+ $ldapDomain = $ldap->find_domain($namespace);
	+
	+ if ($ldapDomain) {
	+ $domain = $ldap->get_entry($ldapDomain['dn']);
	}

	if (empty(self::$ldap)) {
	$ldap->close();
	}
	+
	+ return $domain ?? null;
	}

	/**
	@@ -316,6 +342,7 @@
	* @param string $email The user email.
	*
	* @return array\|false\|null
	+ * @throws \Exception
	*/
	public static function getUser(string $email)
	{
	@@ -331,14 +358,52 @@
	return $user;
	}

	+ /**
	+ * Update a domain in LDAP.
	+ *
	+ * @param \App\Domain $domain The domain to update.
	+ *
	+ * @throws \Exception
	+ */
	+ public static function updateDomain(Domain $domain): void
	+ {
	+ $config = self::getConfig('admin');
	+ $ldap = self::initLDAP($config);
	+
	+ $ldapDomain = $ldap->find_domain($domain->namespace);
	+
	+ if (!$ldapDomain) {
	+ self::throwException($ldap, "Failed to update domain {$domain->namespace} in LDAP (domain not found)");
	+ }
	+
	+ $oldEntry = $ldap->get_entry($ldapDomain['dn']);
	+ $newEntry = $oldEntry;
	+
	+ self::setDomainAttributes($domain, $newEntry);
	+
	+ if (array_key_exists('inetdomainstatus', $newEntry)) {
	+ $newEntry['inetdomainstatus'] = (string) $newEntry['inetdomainstatus'];
	+ }
	+
	+ $result = $ldap->modify_entry($ldapDomain['dn'], $oldEntry, $newEntry);
	+
	+ if (!is_array($result)) {
	+ self::throwException($ldap, "Failed to update domain {$domain->namespace} in LDAP");
	+ }
	+
	+ if (empty(self::$ldap)) {
	+ $ldap->close();
	+ }
	+ }
	+
	/**
	* Update a user in LDAP.
	*
	* @param \App\User $user The user account to update.
	*
	- * @return false\|void
	+ * @throws \Exception
	*/
	- public static function updateUser(User $user)
	+ public static function updateUser(User $user): void
	{
	$config = self::getConfig('admin');
	$ldap = self::initLDAP($config);
	@@ -346,12 +411,30 @@
	$newEntry = $oldEntry = self::getUserEntry($ldap, $user->email, $dn, true);

	if (!$oldEntry) {
	- return false;
	+ self::throwException($ldap, "Failed to update user {$user->email} in LDAP (user not found)");
	}

	self::setUserAttributes($user, $newEntry);

	- $ldap->modify_entry($dn, $oldEntry, $newEntry);
	+ if (array_key_exists('objectclass', $newEntry)) {
	+ if (!in_array('inetuser', $newEntry['objectclass'])) {
	+ $newEntry['objectclass'][] = 'inetuser';
	+ }
	+ }
	+
	+ if (array_key_exists('inetuserstatus', $newEntry)) {
	+ $newEntry['inetuserstatus'] = (string) $newEntry['inetuserstatus'];
	+ }
	+
	+ if (array_key_exists('mailquota', $newEntry)) {
	+ $newEntry['mailquota'] = (string) $newEntry['mailquota'];
	+ }
	+
	+ $result = $ldap->modify_entry($dn, $oldEntry, $newEntry);
	+
	+ if (!is_array($result)) {
	+ self::throwException($ldap, "Failed to update user {$user->email} in LDAP");
	+ }

	if (empty(self::$ldap)) {
	$ldap->close();
	@@ -369,11 +452,17 @@

	$ldap = new \Net_LDAP3($config);

	- $ldap->connect();
	+ $connected = $ldap->connect();

	- $ldap->bind(\config("ldap.{$privilege}.bind_dn"), \config("ldap.{$privilege}.bind_pw"));
	+ if (!$connected) {
	+ throw new \Exception("Failed to connect to LDAP");
	+ }

	- // TODO: error handling
	+ $bound = $ldap->bind(\config("ldap.{$privilege}.bind_dn"), \config("ldap.{$privilege}.bind_pw"));
	+
	+ if (!$bound) {
	+ throw new \Exception("Failed to bind to LDAP");
	+ }

	return $ldap;
	}
	@@ -447,14 +536,6 @@

	$hostedRootDN = \config('ldap.hosted.root_dn');

	- if (empty($roles)) {
	- if (array_key_exists('nsroledn', $entry)) {
	- unset($entry['nsroledn']);
	- }
	-
	- return;
	- }
	-
	$entry['nsroledn'] = [];

	if (in_array("2fa", $roles)) {
	@@ -468,10 +549,6 @@
	if (!in_array("groupware", $roles)) {
	$entry['nsroledn'][] = "cn=imap-user,{$hostedRootDN}";
	}
	-
	- if (empty($entry['nsroledn'])) {
	- unset($entry['nsroledn']);
	- }
	}

	/**
	@@ -502,14 +579,14 @@
	*
	* @return false\|null\|array User entry, False on error, NULL if not found
	*/
	- protected static function getUserEntry($ldap, $email, &$dn = null, $full = false)
	+ private static function getUserEntry($ldap, $email, &$dn = null, $full = false)
	{
	list($_local, $_domain) = explode('@', $email, 2);

	$domain = $ldap->find_domain($_domain);

	if (!$domain) {
	- return false;
	+ return $domain;
	}

	$base_dn = $ldap->domain_root_dn($_domain);
	@@ -582,4 +659,21 @@

	\Log::{$function}($msg);
	}
	+
	+ /**
	+ * Throw exception and close the connection when needed
	+ *
	+ * @param \Net_LDAP3 $ldap Ldap connection
	+ * @param string $message Exception message
	+ *
	+ * @throws \Exception
	+ */
	+ private static function throwException($ldap, string $message): void
	+ {
	+ if (empty(self::$ldap) && !empty($ldap)) {
	+ $ldap->close();
	+ }
	+
	+ throw new \Exception($message);
	+ }
	}
	diff --git a/src/app/Console/Commands/DataCountries.php b/src/app/Console/Commands/DataCountries.php
	--- a/src/app/Console/Commands/DataCountries.php
	+++ b/src/app/Console/Commands/DataCountries.php
	@@ -6,6 +6,11 @@

	class DataCountries extends Command
	{
	+ private $currency_fixes = [
	+ // Country code => currency
	+ 'LT' => 'EUR',
	+ ];
	+
	/**
	* The name and signature of the console command.
	*
	@@ -29,111 +34,61 @@
	{
	$countries = [];
	$currencies = [];
	- $currencies_url = 'http://en.wikipedia.org/wiki/ISO_4217';
	- $countries_url = 'http://en.wikipedia.org/wiki/ISO_3166-1';
	+ $currencies_url = 'http://country.io/currency.json';
	+ $countries_url = 'http://country.io/names.json';

	$this->info("Fetching currencies from $currencies_url...");

	// fetch currency table and create an index by country page url
	- $page = file_get_contents($currencies_url);
	+ $currencies_json = file_get_contents($currencies_url);

	- if (!$page) {
	+ if (!$currencies_json) {
	$this->error("Failed to fetch currencies");
	return;
	}

	- $table_regexp = '!<table class="(wikitable\|prettytable) sortable".+</table>!ims';
	- if (preg_match_all($table_regexp, $page, $matches, PREG_PATTERN_ORDER)) {
	- foreach ($matches[0] as $currency_table) {
	- preg_match_all('!<tr>\s<td>(.+)</td>\s</tr>!Ums', $currency_table, $rows);
	-
	- foreach ($rows[1] as $row) {
	- $cells = preg_split('!</td>\s<td[^>]>!', $row);
	-
	- if (count($cells) == 5) {
	- // actual currency table
	- $currency = preg_match('/([A-Z]{3})/', $cells[0], $m) ? $m[1] : '';
	-
	- if (preg_match('/(\d+)/', $cells[1], $m)) {
	- $isocode = $m[1];
	- $currencies[$m[1]] = $currency;
	- }
	-
	- preg_match_all('!<a[^>]+href="(/wiki/[^"]+)"[^>]*>!', $cells[4], $links, PREG_PATTERN_ORDER);
	-
	- foreach ($links[1] as $link) {
	- $currencies[strtolower($link)] = $currency;
	- }
	- } elseif (count($cells) == 7) {
	- // replacements table
	- $currency = preg_match('/([A-Z]{3})/', $cells[6], $m) ? $m[1] : '';
	-
	- if (preg_match('/(\d+)/', $cells[1], $m)) {
	- $currencies[$m[1]] = $currency;
	- }
	- }
	- }
	- }
	- }
	-
	- $namecol = 0;
	- $codecol = 1;
	- $numcol = 3;
	- $lang = 'en';
	-
	$this->info("Fetching countries from $countries_url...");

	- $page = file_get_contents($countries_url);
	+ $countries_json = file_get_contents($countries_url);

	- if (!$page) {
	+ if (!$countries_json) {
	$this->error("Failed to fetch countries");
	return;
	}

	- if (preg_match($table_regexp, $page, $matches)) {
	- preg_match_all('!<tr>\s<td>(.+)</td>\s</tr>!Ums', $matches[0], $rows);
	-
	- foreach ($rows[1] as $row) {
	- $cells = preg_split('!</td>\s<td[^>]>!', $row);
	-
	- if (count($cells) < 5) {
	- continue;
	- }
	-
	- $regexp = '!<a[^>]+href="(/wiki/[^"]+)"[^>]*>([^>]+)</a>!i';
	- $content = preg_match($regexp, $cells[$namecol], $m) ? $m : null;
	-
	- if (preg_match('/>([A-Z]{2})</', $cells[$codecol], $m)) {
	- $code = $m[1];
	- } elseif (preg_match('/^([A-Z]{2})/', $cells[$codecol], $m)) {
	- $code = $m[1];
	- } else {
	- continue;
	- }
	-
	- if ($content) {
	- $isocode = preg_match('/(\d+)/', $cells[$numcol], $m) ? $m[1] : '';
	- list(, $link, $name) = $content;
	- $countries[$code][$lang] = $name;
	-
	- if (!empty($currencies[$isocode])) {
	- $countries[$code]['currency'] = $currencies[$isocode];
	- } elseif (!empty($currencies[strtolower($link)])) {
	- $countries[$code]['currency'] = $currencies[strtolower($link)];
	- }
	- }
	- }
	+ $currencies = json_decode($currencies_json, true);
	+ $countries = json_decode($countries_json, true);
	+
	+ if (!is_array($countries) \|\| empty($countries)) {
	+ $this->error("Invalid countries data");
	+ return;
	+ }
	+
	+ if (!is_array($currencies) \|\| empty($currencies)) {
	+ $this->error("Invalid currencies data");
	+ return;
	}

	$file = resource_path('countries.php');

	$this->info("Generating resource file $file...");

	+ asort($countries);
	+
	$out = "<?php return [\n";
	- foreach ($countries as $code => $names) {
	- if (!empty($names['en']) && !empty($names['currency'])) {
	- $out .= sprintf(" '%s' => ['%s','%s'],\n", $code, $names['currency'], addslashes($names['en']));
	+ foreach ($countries as $code => $name) {
	+ $currency = $currencies[$code] ?? null;
	+
	+ if (!empty($this->currency_fixes[$code])) {
	+ $currency = $this->currency_fixes[$code];
	+ }
	+
	+ if (!$currency) {
	+ $this->error("Unknown currency for {$name} ({$code}). Skipped.");
	+ continue;
	}
	+
	+ $out .= sprintf(" '%s' => ['%s','%s'],\n", $code, $currency, addslashes($name));
	}
	$out .= "];\n";

	diff --git a/src/app/Console/Commands/DomainAdd.php b/src/app/Console/Commands/DomainAdd.php
	new file mode 100644
	--- /dev/null
	+++ b/src/app/Console/Commands/DomainAdd.php
	@@ -0,0 +1,76 @@
	+<?php
	+
	+namespace App\Console\Commands;
	+
	+use App\Domain;
	+use App\Entitlement;
	+use Illuminate\Console\Command;
	+use Illuminate\Support\Facades\Queue;
	+
	+class DomainAdd extends Command
	+{
	+ /**
	+ * The name and signature of the console command.
	+ *
	+ * @var string
	+ */
	+ protected $signature = 'domain:add {domain} {--force}';
	+
	+ /**
	+ * The console command description.
	+ *
	+ * @var string
	+ */
	+ protected $description = "Create a domain.";
	+
	+ /**
	+ * Execute the console command.
	+ *
	+ * @return mixed
	+ */
	+ public function handle()
	+ {
	+ $namespace = \strtolower($this->argument('domain'));
	+
	+ // must use withTrashed(), because unique constraint
	+ $domain = Domain::withTrashed()->where('namespace', $namespace)->first();
	+
	+ if ($domain && !$this->option('force')) {
	+ $this->error("Domain {$namespace} already exists.");
	+ return 1;
	+ }
	+
	+ Queue::fake(); // ignore LDAP for now
	+
	+ if ($domain) {
	+ if ($domain->deleted_at) {
	+ // revive domain
	+ $domain->deleted_at = null;
	+ $domain->status = 0;
	+ $domain->save();
	+
	+ // remove existing entitlement
	+ $entitlement = Entitlement::withTrashed()->where(
	+ [
	+ 'entitleable_id' => $domain->id,
	+ 'entitleable_type' => \App\Domain::class
	+ ]
	+ )->first();
	+
	+ if ($entitlement) {
	+ $entitlement->forceDelete();
	+ }
	+ } else {
	+ $this->error("Domain {$namespace} not marked as deleted... examine more closely");
	+ return 1;
	+ }
	+ } else {
	+ $domain = Domain::create([
	+ 'namespace' => $namespace,
	+ 'type' => Domain::TYPE_EXTERNAL,
	+ ]);
	+ }
	+
	+ $this->info($domain->id);
	+ }
	+}
	diff --git a/src/app/Console/Commands/DomainStatus.php b/src/app/Console/Commands/DomainSetStatus.php
	copy from src/app/Console/Commands/DomainStatus.php
	copy to src/app/Console/Commands/DomainSetStatus.php
	--- a/src/app/Console/Commands/DomainStatus.php
	+++ b/src/app/Console/Commands/DomainSetStatus.php
	@@ -4,32 +4,23 @@

	use App\Domain;
	use Illuminate\Console\Command;
	+use Illuminate\Support\Facades\Queue;

	-class DomainStatus extends Command
	+class DomainSetStatus extends Command
	{
	/**
	* The name and signature of the console command.
	*
	* @var string
	*/
	- protected $signature = 'domain:status {domain}';
	+ protected $signature = 'domain:set-status {domain} {status}';

	/**
	* The console command description.
	*
	* @var string
	*/
	- protected $description = 'Display the status of a domain';
	-
	- /**
	- * Create a new command instance.
	- *
	- * @return void
	- */
	- public function __construct()
	- {
	- parent::__construct();
	- }
	+ protected $description = "Set a domain's status.";

	/**
	* Execute the console command.
	@@ -44,7 +35,10 @@
	return 1;
	}

	- $this->info("Found domain: {$domain->id}");
	+ Queue::fake(); // ignore LDAP for now
	+
	+ $domain->status = (int) $this->argument('status');
	+ $domain->save();

	$this->info($domain->status);
	}
	diff --git a/src/app/Console/Commands/DomainSetWallet.php b/src/app/Console/Commands/DomainSetWallet.php
	new file mode 100644
	--- /dev/null
	+++ b/src/app/Console/Commands/DomainSetWallet.php
	@@ -0,0 +1,68 @@
	+<?php
	+
	+namespace App\Console\Commands;
	+
	+use App\Entitlement;
	+use App\Domain;
	+use App\Sku;
	+use App\Wallet;
	+use Illuminate\Console\Command;
	+use Illuminate\Support\Facades\Queue;
	+
	+class DomainSetWallet extends Command
	+{
	+ /**
	+ * The name and signature of the console command.
	+ *
	+ * @var string
	+ */
	+ protected $signature = 'domain:set-wallet {domain} {wallet}';
	+
	+ /**
	+ * The console command description.
	+ *
	+ * @var string
	+ */
	+ protected $description = "Assign a domain to a wallet.";
	+
	+ /**
	+ * Execute the console command.
	+ *
	+ * @return mixed
	+ */
	+ public function handle()
	+ {
	+ $domain = Domain::where('namespace', $this->argument('domain'))->first();
	+
	+ if (!$domain) {
	+ $this->error("Domain not found.");
	+ return 1;
	+ }
	+
	+ $wallet = Wallet::find($this->argument('wallet'));
	+
	+ if (!$wallet) {
	+ $this->error("Wallet not found.");
	+ return 1;
	+ }
	+
	+ if ($domain->entitlement) {
	+ $this->error("Domain already assigned to a wallet: {$domain->entitlement->wallet->id}.");
	+ return 1;
	+ }
	+
	+ $sku = Sku::where('title', 'domain-hosting')->first();
	+
	+ Queue::fake(); // ignore LDAP for now (note: adding entitlements updates the domain)
	+
	+ Entitlement::create(
	+ [
	+ 'wallet_id' => $wallet->id,
	+ 'sku_id' => $sku->id,
	+ 'cost' => 0,
	+ 'entitleable_id' => $domain->id,
	+ 'entitleable_type' => Domain::class,
	+ ]
	+ );
	+ }
	+}
	diff --git a/src/app/Console/Commands/DomainStatus.php b/src/app/Console/Commands/DomainStatus.php
	--- a/src/app/Console/Commands/DomainStatus.php
	+++ b/src/app/Console/Commands/DomainStatus.php
	@@ -44,8 +44,6 @@
	return 1;
	}

	- $this->info("Found domain: {$domain->id}");
	-
	$this->info($domain->status);
	}
	}
	diff --git a/src/app/Console/Commands/DomainStatus.php b/src/app/Console/Commands/Job/DomainCreate.php
	copy from src/app/Console/Commands/DomainStatus.php
	copy to src/app/Console/Commands/Job/DomainCreate.php
	--- a/src/app/Console/Commands/DomainStatus.php
	+++ b/src/app/Console/Commands/Job/DomainCreate.php
	@@ -1,35 +1,25 @@
	<?php

	-namespace App\Console\Commands;
	+namespace App\Console\Commands\Job;

	use App\Domain;
	use Illuminate\Console\Command;

	-class DomainStatus extends Command
	+class DomainCreate extends Command
	{
	/**
	* The name and signature of the console command.
	*
	* @var string
	*/
	- protected $signature = 'domain:status {domain}';
	+ protected $signature = 'job:domaincreate {domain}';

	/**
	* The console command description.
	*
	* @var string
	*/
	- protected $description = 'Display the status of a domain';
	-
	- /**
	- * Create a new command instance.
	- *
	- * @return void
	- */
	- public function __construct()
	- {
	- parent::__construct();
	- }
	+ protected $description = "Execute the DomainCreate job (again).";

	/**
	* Execute the console command.
	@@ -44,8 +34,7 @@
	return 1;
	}

	- $this->info("Found domain: {$domain->id}");
	-
	- $this->info($domain->status);
	+ $job = new \App\Jobs\DomainCreate($domain);
	+ $job->handle();
	}
	}
	diff --git a/src/app/Console/Commands/DomainStatus.php b/src/app/Console/Commands/Job/DomainUpdate.php
	copy from src/app/Console/Commands/DomainStatus.php
	copy to src/app/Console/Commands/Job/DomainUpdate.php
	--- a/src/app/Console/Commands/DomainStatus.php
	+++ b/src/app/Console/Commands/Job/DomainUpdate.php
	@@ -1,35 +1,25 @@
	<?php

	-namespace App\Console\Commands;
	+namespace App\Console\Commands\Job;

	use App\Domain;
	use Illuminate\Console\Command;

	-class DomainStatus extends Command
	+class DomainUpdate extends Command
	{
	/**
	* The name and signature of the console command.
	*
	* @var string
	*/
	- protected $signature = 'domain:status {domain}';
	+ protected $signature = 'job:domainupdate {domain}';

	/**
	* The console command description.
	*
	* @var string
	*/
	- protected $description = 'Display the status of a domain';
	-
	- /**
	- * Create a new command instance.
	- *
	- * @return void
	- */
	- public function __construct()
	- {
	- parent::__construct();
	- }
	+ protected $description = "Execute the DomainUpdate job (again).";

	/**
	* Execute the console command.
	@@ -44,8 +34,7 @@
	return 1;
	}

	- $this->info("Found domain: {$domain->id}");
	-
	- $this->info($domain->status);
	+ $job = new \App\Jobs\DomainUpdate($domain->id);
	+ $job->handle();
	}
	}
	diff --git a/src/app/Console/Commands/Job/UserCreate.php b/src/app/Console/Commands/Job/UserCreate.php
	new file mode 100644
	--- /dev/null
	+++ b/src/app/Console/Commands/Job/UserCreate.php
	@@ -0,0 +1,40 @@
	+<?php
	+
	+namespace App\Console\Commands\Job;
	+
	+use App\User;
	+use Illuminate\Console\Command;
	+
	+class UserCreate extends Command
	+{
	+ /**
	+ * The name and signature of the console command.
	+ *
	+ * @var string
	+ */
	+ protected $signature = 'job:usercreate {user}';
	+
	+ /**
	+ * The console command description.
	+ *
	+ * @var string
	+ */
	+ protected $description = "Execute the UserCreate job (again).";
	+
	+ /**
	+ * Execute the console command.
	+ *
	+ * @return mixed
	+ */
	+ public function handle()
	+ {
	+ $user = User::where('email', $this->argument('user'))->first();
	+
	+ if (!$user) {
	+ return 1;
	+ }
	+
	+ $job = new \App\Jobs\UserCreate($user);
	+ $job->handle();
	+ }
	+}
	diff --git a/src/app/Console/Commands/Job/UserUpdate.php b/src/app/Console/Commands/Job/UserUpdate.php
	new file mode 100644
	--- /dev/null
	+++ b/src/app/Console/Commands/Job/UserUpdate.php
	@@ -0,0 +1,40 @@
	+<?php
	+
	+namespace App\Console\Commands\Job;
	+
	+use App\User;
	+use Illuminate\Console\Command;
	+
	+class UserUpdate extends Command
	+{
	+ /**
	+ * The name and signature of the console command.
	+ *
	+ * @var string
	+ */
	+ protected $signature = 'job:userupdate {user}';
	+
	+ /**
	+ * The console command description.
	+ *
	+ * @var string
	+ */
	+ protected $description = "Execute the UserUpdate job (again).";
	+
	+ /**
	+ * Execute the console command.
	+ *
	+ * @return mixed
	+ */
	+ public function handle()
	+ {
	+ $user = User::where('email', $this->argument('user'))->first();
	+
	+ if (!$user) {
	+ return 1;
	+ }
	+
	+ $job = new \App\Jobs\UserUpdate($user);
	+ $job->handle();
	+ }
	+}
	diff --git a/src/app/Console/Commands/Job/WalletCheck.php b/src/app/Console/Commands/Job/WalletCheck.php
	new file mode 100644
	--- /dev/null
	+++ b/src/app/Console/Commands/Job/WalletCheck.php
	@@ -0,0 +1,40 @@
	+<?php
	+
	+namespace App\Console\Commands\Job;
	+
	+use App\Wallet;
	+use Illuminate\Console\Command;
	+
	+class WalletCheck extends Command
	+{
	+ /**
	+ * The name and signature of the console command.
	+ *
	+ * @var string
	+ */
	+ protected $signature = 'job:walletcheck {wallet}';
	+
	+ /**
	+ * The console command description.
	+ *
	+ * @var string
	+ */
	+ protected $description = "Execute the WalletCheck job (again).";
	+
	+ /**
	+ * Execute the console command.
	+ *
	+ * @return mixed
	+ */
	+ public function handle()
	+ {
	+ $wallet = Wallet::find($this->argument('wallet'));
	+
	+ if (!$wallet) {
	+ return 1;
	+ }
	+
	+ $job = new \App\Jobs\WalletCheck($wallet);
	+ $job->handle();
	+ }
	+}
	diff --git a/src/app/Console/Commands/UserAddAlias.php b/src/app/Console/Commands/UserAddAlias.php
	new file mode 100644
	--- /dev/null
	+++ b/src/app/Console/Commands/UserAddAlias.php
	@@ -0,0 +1,69 @@
	+<?php
	+
	+namespace App\Console\Commands;
	+
	+use App\Http\Controllers\API\V4\UsersController;
	+use Illuminate\Console\Command;
	+
	+class UserAddAlias extends Command
	+{
	+ /**
	+ * The name and signature of the console command.
	+ *
	+ * @var string
	+ */
	+ protected $signature = 'user:add-alias {--force} {user} {alias}';
	+
	+ /**
	+ * The console command description.
	+ *
	+ * @var string
	+ */
	+ protected $description = 'Add an email alias to a user (forcefully)';
	+
	+ /**
	+ * Create a new command instance.
	+ *
	+ * @return void
	+ */
	+ public function __construct()
	+ {
	+ parent::__construct();
	+ }
	+
	+ /**
	+ * Execute the console command.
	+ *
	+ * @return mixed
	+ */
	+ public function handle()
	+ {
	+ $user = \App\User::where('email', $this->argument('user'))->first();
	+
	+ if (!$user) {
	+ return 1;
	+ }
	+
	+ $alias = \strtolower($this->argument('alias'));
	+
	+ // Check if the alias already exists
	+ if ($user->aliases()->where('alias', $alias)->first()) {
	+ $this->error("Address is already assigned to the user.");
	+ return 1;
	+ }
	+
	+ $controller = $user->wallet()->owner;
	+
	+ // Validate the alias
	+ $error = UsersController::validateEmail($alias, $controller, true);
	+
	+ if ($error) {
	+ if (!$this->option('force')) {
	+ $this->error($error);
	+ return 1;
	+ }
	+ }
	+
	+ $user->aliases()->create(['alias' => $alias]);
	+ }
	+}
	diff --git a/src/app/Console/Commands/DomainStatus.php b/src/app/Console/Commands/WalletAddTransaction.php
	copy from src/app/Console/Commands/DomainStatus.php
	copy to src/app/Console/Commands/WalletAddTransaction.php
	--- a/src/app/Console/Commands/DomainStatus.php
	+++ b/src/app/Console/Commands/WalletAddTransaction.php
	@@ -2,24 +2,23 @@

	namespace App\Console\Commands;

	-use App\Domain;
	use Illuminate\Console\Command;

	-class DomainStatus extends Command
	+class WalletAddTransaction extends Command
	{
	/**
	* The name and signature of the console command.
	*
	* @var string
	*/
	- protected $signature = 'domain:status {domain}';
	+ protected $signature = 'wallet:add-transaction {wallet} {qty} {--message=}';

	/**
	* The console command description.
	*
	* @var string
	*/
	- protected $description = 'Display the status of a domain';
	+ protected $description = 'Add a transaction to a wallet';

	/**
	* Create a new command instance.
	@@ -38,14 +37,20 @@
	*/
	public function handle()
	{
	- $domain = Domain::where('namespace', $this->argument('domain'))->first();
	+ $wallet = \App\Wallet::find($this->argument('wallet'));

	- if (!$domain) {
	+ if (!$wallet) {
	return 1;
	}

	- $this->info("Found domain: {$domain->id}");
	+ $qty = (int) $this->argument('qty');

	- $this->info($domain->status);
	+ $message = $this->option('message');
	+
	+ if ($qty < 0) {
	+ $wallet->debit($qty, $message);
	+ } else {
	+ $wallet->credit($qty, $message);
	+ }
	}
	}
	diff --git a/src/app/Console/Commands/WalletCharge.php b/src/app/Console/Commands/WalletCharge.php
	--- a/src/app/Console/Commands/WalletCharge.php
	+++ b/src/app/Console/Commands/WalletCharge.php
	@@ -2,6 +2,7 @@

	namespace App\Console\Commands;

	+use App\Wallet;
	use Illuminate\Console\Command;

	class WalletCharge extends Command
	@@ -11,7 +12,7 @@
	*
	* @var string
	*/
	- protected $signature = 'wallet:charge';
	+ protected $signature = 'wallet:charge {wallet?}';

	/**
	* The console command description.
	@@ -37,7 +38,22 @@
	*/
	public function handle()
	{
	- $wallets = \App\Wallet::all();
	+ if ($wallet = $this->argument('wallet')) {
	+ // Find specified wallet by ID
	+ $wallet = Wallet::find($wallet);
	+
	+ if (!$wallet \|\| !$wallet->owner) {
	+ return 1;
	+ }
	+
	+ $wallets = [$wallet];
	+ } else {
	+ // Get all wallets, excluding deleted accounts
	+ $wallets = Wallet::select('wallets.*')
	+ ->join('users', 'users.id', '=', 'wallets.user_id')
	+ ->whereNull('users.deleted_at')
	+ ->get();
	+ }

	foreach ($wallets as $wallet) {
	$charge = $wallet->chargeEntitlements();
	@@ -50,6 +66,11 @@
	// Top-up the wallet if auto-payment enabled for the wallet
	\App\Jobs\WalletCharge::dispatch($wallet);
	}
	+
	+ if ($wallet->balance < 0) {
	+ // Check the account balance, send notifications, suspend, delete
	+ \App\Jobs\WalletCheck::dispatch($wallet);
	+ }
	}
	}
	}
	diff --git a/src/app/Domain.php b/src/app/Domain.php
	--- a/src/app/Domain.php
	+++ b/src/app/Domain.php
	@@ -399,7 +399,7 @@
	public function wallet(): ?Wallet
	{
	// Note: Not all domains have a entitlement/wallet
	- $entitlement = $this->entitlement()->first();
	+ $entitlement = $this->entitlement()->withTrashed()->first();

	return $entitlement ? $entitlement->wallet : null;
	}
	diff --git a/src/app/Http/Controllers/API/AuthController.php b/src/app/Http/Controllers/API/AuthController.php
	--- a/src/app/Http/Controllers/API/AuthController.php
	+++ b/src/app/Http/Controllers/API/AuthController.php
	@@ -20,6 +20,11 @@
	$user = Auth::guard()->user();
	$response = V4\UsersController::userResponse($user);

	+ if (!empty(request()->input('refresh_token'))) {
	+ // @phpstan-ignore-next-line
	+ return $this->respondWithToken(Auth::guard()->refresh(), $response);
	+ }
	+
	return response()->json($response);
	}

	@@ -34,13 +39,7 @@
	// @phpstan-ignore-next-line
	$token = Auth::guard()->login($user);

	- return response()->json([
	- 'status' => 'success',
	- 'access_token' => $token,
	- 'token_type' => 'bearer',
	- // @phpstan-ignore-next-line
	- 'expires_in' => Auth::guard()->factory()->getTTL() * 60,
	- ]);
	+ return self::respondWithToken($token, ['status' => 'success']);
	}

	/**
	@@ -109,19 +108,18 @@
	/**
	* Get the token array structure.
	*
	- * @param string $token Respond with this token.
	+ * @param string $token Respond with this token.
	+ * @param array $response Additional response data
	*
	* @return \Illuminate\Http\JsonResponse
	*/
	- protected function respondWithToken($token)
	+ protected static function respondWithToken($token, array $response = [])
	{
	- return response()->json(
	- [
	- 'access_token' => $token,
	- 'token_type' => 'bearer',
	- // @phpstan-ignore-next-line
	- 'expires_in' => Auth::guard()->factory()->getTTL() * 60
	- ]
	- );
	+ $response['access_token'] = $token;
	+ $response['token_type'] = 'bearer';
	+ // @phpstan-ignore-next-line
	+ $response['expires_in'] = Auth::guard()->factory()->getTTL() * 60;
	+
	+ return response()->json($response);
	}
	}
	diff --git a/src/app/Http/Controllers/API/V4/Admin/DomainsController.php b/src/app/Http/Controllers/API/V4/Admin/DomainsController.php
	--- a/src/app/Http/Controllers/API/V4/Admin/DomainsController.php
	+++ b/src/app/Http/Controllers/API/V4/Admin/DomainsController.php
	@@ -4,6 +4,7 @@

	use App\Domain;
	use App\User;
	+use Illuminate\Http\Request;

	class DomainsController extends \App\Http\Controllers\API\V4\DomainsController
	{
	@@ -29,7 +30,7 @@
	}
	}

	- $result = $result->sortBy('namespace');
	+ $result = $result->sortBy('namespace')->values();
	}
	} elseif (!empty($search)) {
	if ($domain = Domain::where('namespace', $search)->first()) {
	@@ -52,4 +53,52 @@

	return response()->json($result);
	}
	+
	+ /**
	+ * Suspend the domain
	+ *
	+ * @param \Illuminate\Http\Request $request The API request.
	+ * @params string $id Domain identifier
	+ *
	+ * @return \Illuminate\Http\JsonResponse The response
	+ */
	+ public function suspend(Request $request, $id)
	+ {
	+ $domain = Domain::find($id);
	+
	+ if (empty($domain) \|\| $domain->isPublic()) {
	+ return $this->errorResponse(404);
	+ }
	+
	+ $domain->suspend();
	+
	+ return response()->json([
	+ 'status' => 'success',
	+ 'message' => __('app.domain-suspend-success'),
	+ ]);
	+ }
	+
	+ /**
	+ * Un-Suspend the domain
	+ *
	+ * @param \Illuminate\Http\Request $request The API request.
	+ * @params string $id Domain identifier
	+ *
	+ * @return \Illuminate\Http\JsonResponse The response
	+ */
	+ public function unsuspend(Request $request, $id)
	+ {
	+ $domain = Domain::find($id);
	+
	+ if (empty($domain) \|\| $domain->isPublic()) {
	+ return $this->errorResponse(404);
	+ }
	+
	+ $domain->unsuspend();
	+
	+ return response()->json([
	+ 'status' => 'success',
	+ 'message' => __('app.domain-unsuspend-success'),
	+ ]);
	+ }
	}
	diff --git a/src/app/Http/Controllers/API/V4/Admin/UsersController.php b/src/app/Http/Controllers/API/V4/Admin/UsersController.php
	--- a/src/app/Http/Controllers/API/V4/Admin/UsersController.php
	+++ b/src/app/Http/Controllers/API/V4/Admin/UsersController.php
	@@ -3,6 +3,7 @@
	namespace App\Http\Controllers\API\V4\Admin;

	use App\Domain;
	+use App\Sku;
	use App\User;
	use App\UserAlias;
	use App\UserSetting;
	@@ -28,32 +29,34 @@
	}
	} elseif (strpos($search, '@')) {
	// Search by email
	- $user = User::where('email', $search)->first();
	- if ($user) {
	- $result->push($user);
	- } else {
	+ $result = User::withTrashed()->where('email', $search)
	+ ->orderBy('email')->get();
	+
	+ if ($result->isEmpty()) {
	// Search by an alias
	$user_ids = UserAlias::where('alias', $search)->get()->pluck('user_id');
	- if ($user_ids->isEmpty()) {
	- // Search by an external email
	- $user_ids = UserSetting::where('key', 'external_email')
	- ->where('value', $search)->get()->pluck('user_id');
	- }
	+
	+ // Search by an external email
	+ $ext_user_ids = UserSetting::where('key', 'external_email')
	+ ->where('value', $search)->get()->pluck('user_id');
	+
	+ $user_ids = $user_ids->merge($ext_user_ids)->unique();

	if (!$user_ids->isEmpty()) {
	- $result = User::whereIn('id', $user_ids)->orderBy('email')->get();
	+ $result = User::withTrashed()->whereIn('id', $user_ids)
	+ ->orderBy('email')->get();
	}
	}
	} elseif (is_numeric($search)) {
	// Search by user ID
	- if ($user = User::find($search)) {
	+ if ($user = User::withTrashed()->find($search)) {
	$result->push($user);
	}
	} elseif (!empty($search)) {
	// Search by domain
	- if ($domain = Domain::where('namespace', $search)->first()) {
	+ if ($domain = Domain::withTrashed()->where('namespace', $search)->first()) {
	if ($wallet = $domain->wallet()) {
	- $result->push($wallet->owner);
	+ $result->push($wallet->owner()->withTrashed()->first());
	}
	}
	}
	@@ -74,6 +77,36 @@
	return response()->json($result);
	}

	+ /**
	+ * Reset 2-Factor Authentication for the user
	+ *
	+ * @param \Illuminate\Http\Request $request The API request.
	+ * @params string $id User identifier
	+ *
	+ * @return \Illuminate\Http\JsonResponse The response
	+ */
	+ public function reset2FA(Request $request, $id)
	+ {
	+ $user = User::find($id);
	+
	+ if (empty($user)) {
	+ return $this->errorResponse(404);
	+ }
	+
	+ $sku = Sku::where('title', '2fa')->first();
	+
	+ // Note: we do select first, so the observer can delete
	+ // 2FA preferences from Roundcube database, so don't
	+ // be tempted to replace first() with delete() below
	+ $entitlement = $user->entitlements()->where('sku_id', $sku->id)->first();
	+ $entitlement->delete();
	+
	+ return response()->json([
	+ 'status' => 'success',
	+ 'message' => __('app.user-reset-2fa-success'),
	+ ]);
	+ }
	+
	/**
	* Suspend the user
	*
	diff --git a/src/app/Http/Controllers/API/V4/PaymentsController.php b/src/app/Http/Controllers/API/V4/PaymentsController.php
	--- a/src/app/Http/Controllers/API/V4/PaymentsController.php
	+++ b/src/app/Http/Controllers/API/V4/PaymentsController.php
	@@ -265,6 +265,13 @@
	return false;
	}

	+ $provider = PaymentProvider::factory($wallet);
	+ $mandate = (array) $provider->getMandate($wallet);
	+
	+ if (empty($mandate['isValid'])) {
	+ return false;
	+ }
	+
	// The defined top-up amount is not enough
	// Disable auto-payment and notify the user
	if ($wallet->balance + $amount < 0) {
	@@ -274,13 +281,6 @@
	return false;
	}

	- $provider = PaymentProvider::factory($wallet);
	- $mandate = (array) $provider->getMandate($wallet);
	-
	- if (empty($mandate['isValid'])) {
	- return false;
	- }
	-
	$request = [
	'type' => PaymentProvider::TYPE_RECURRING,
	'currency' => 'CHF',
	diff --git a/src/app/Http/Controllers/API/V4/UsersController.php b/src/app/Http/Controllers/API/V4/UsersController.php
	--- a/src/app/Http/Controllers/API/V4/UsersController.php
	+++ b/src/app/Http/Controllers/API/V4/UsersController.php
	@@ -214,7 +214,17 @@
	$state = 'failed';
	}

	+ // Check if the user is a controller of his wallet
	+ $isController = $user->canDelete($user);
	+ $hasCustomDomain = $user->wallet()->entitlements()
	+ ->where('entitleable_type', Domain::class)
	+ ->count() > 0;
	+
	return [
	+ // TODO: This will change when we enable all users to create domains
	+ 'enableDomains' => $isController && $hasCustomDomain,
	+ 'enableUsers' => $isController,
	+ 'enableWallets' => $isController,
	'process' => $process,
	'processState' => $state,
	'isReady' => $all === $checked,
	@@ -621,6 +631,10 @@

	list($login, $domain) = explode('@', $email);

	+ if (strlen($login) === 0 \|\| strlen($domain) === 0) {
	+ return \trans('validation.entryinvalid', ['attribute' => $attribute]);
	+ }
	+
	// Check if domain exists
	$domain = Domain::where('namespace', Str::lower($domain))->first();

	@@ -639,14 +653,7 @@
	}

	// Check if it is one of domains available to the user
	- // TODO: We should have a helper that returns "flat" array with domain names
	- // I guess we could use pluck() somehow
	- $domains = array_map(
	- function ($domain) {
	- return $domain->namespace;
	- },
	- $user->domains()
	- );
	+ $domains = \collect($user->domains())->pluck('namespace')->all();

	if (!in_array($domain->namespace, $domains)) {
	return \trans('validation.entryexists', ['attribute' => 'domain']);
	@@ -655,7 +662,8 @@
	// Check if a user/alias with specified address already exists
	// Allow assigning the same alias to a user in the same group account,
	// but only for non-public domains
	- if ($exists = User::emailExists($email, true, $alias_exists)) {
	+ // Allow an alias in a custom domain to an address that was a user before
	+ if ($exists = User::emailExists($email, true, $alias_exists, $is_alias && !$domain->isPublic())) {
	if (
	!$is_alias
	\|\| !$alias_exists
	diff --git a/src/app/Http/Controllers/API/V4/WalletsController.php b/src/app/Http/Controllers/API/V4/WalletsController.php
	--- a/src/app/Http/Controllers/API/V4/WalletsController.php
	+++ b/src/app/Http/Controllers/API/V4/WalletsController.php
	@@ -284,24 +284,28 @@
	*/
	protected function getWalletNotice(Wallet $wallet): ?string
	{
	+ // there is no credit
	if ($wallet->balance < 0) {
	return \trans('app.wallet-notice-nocredit');
	}

	+ // the discount is 100%, no credit is needed
	if ($wallet->discount && $wallet->discount->discount == 100) {
	return null;
	}

	- if ($wallet->owner->created_at > Carbon::now()->subDays(14)) {
	+ // the owner was created less than a month ago
	+ if ($wallet->owner->created_at > Carbon::now()->subMonthsWithoutOverflow(1)) {
	+ // but more than two weeks ago, notice of trial ending
	+ if ($wallet->owner->created_at <= Carbon::now()->subWeeks(2)) {
	+ return \trans('app.wallet-notice-trial-end');
	+ }
	+
	return \trans('app.wallet-notice-trial');
	}

	if ($until = $wallet->balanceLastsUntil()) {
	if ($until->isToday()) {
	- if ($wallet->owner->created_at > Carbon::now()->subDays(30)) {
	- return \trans('app.wallet-notice-trial-end');
	- }
	-
	return \trans('app.wallet-notice-today');
	}

	diff --git a/src/app/Http/Middleware/TrustProxies.php b/src/app/Http/Middleware/TrustProxies.php
	--- a/src/app/Http/Middleware/TrustProxies.php
	+++ b/src/app/Http/Middleware/TrustProxies.php
	@@ -12,7 +12,12 @@
	*
	* @var array\|string
	*/
	- protected $proxies = [ '127.0.0.1' ];
	+ protected $proxies = [
	+ '10.0.0.0/8',
	+ '127.0.0.1/8',
	+ '172.16.0.0/12',
	+ '192.168.0.0/16'
	+ ];

	/**
	* The headers that should be used to detect proxies.
	diff --git a/src/app/Jobs/PaymentEmail.php b/src/app/Jobs/PaymentEmail.php
	--- a/src/app/Jobs/PaymentEmail.php
	+++ b/src/app/Jobs/PaymentEmail.php
	@@ -62,25 +62,49 @@
	$this->controller = $wallet->owner;
	}

	- $ext_email = $this->controller->getSetting('external_email');
	- $cc = [];
	-
	- if ($ext_email && $ext_email != $this->controller->email) {
	- $cc[] = $ext_email;
	+ if (empty($this->controller)) {
	+ return;
	}

	if ($this->payment->status == PaymentProvider::STATUS_PAID) {
	$mail = new \App\Mail\PaymentSuccess($this->payment, $this->controller);
	+ $label = "Success";
	} elseif (
	$this->payment->status == PaymentProvider::STATUS_EXPIRED
	\|\| $this->payment->status == PaymentProvider::STATUS_FAILED
	) {
	$mail = new \App\Mail\PaymentFailure($this->payment, $this->controller);
	+ $label = "Failure";
	} else {
	return;
	}

	- Mail::to($this->controller->email)->cc($cc)->send($mail);
	+ list($to, $cc) = \App\Mail\Helper::userEmails($this->controller);
	+
	+ if (!empty($to)) {
	+ try {
	+ Mail::to($to)->cc($cc)->send($mail);
	+
	+ $msg = sprintf(
	+ "[Payment] %s mail sent for %s (%s)",
	+ $label,
	+ $wallet->id,
	+ empty($cc) ? $to : implode(', ', array_merge([$to], $cc))
	+ );
	+
	+ \Log::info($msg);
	+ } catch (\Exception $e) {
	+ $msg = sprintf(
	+ "[Payment] Failed to send mail for wallet %s (%s): %s",
	+ $wallet->id,
	+ empty($cc) ? $to : implode(', ', array_merge([$to], $cc)),
	+ $e->getMessage()
	+ );
	+
	+ \Log::error($msg);
	+ throw $e;
	+ }
	+ }

	/*
	// Send the email to all wallet controllers too
	diff --git a/src/app/Jobs/PaymentMandateDisabledEmail.php b/src/app/Jobs/PaymentMandateDisabledEmail.php
	--- a/src/app/Jobs/PaymentMandateDisabledEmail.php
	+++ b/src/app/Jobs/PaymentMandateDisabledEmail.php
	@@ -60,16 +60,37 @@
	$this->controller = $this->wallet->owner;
	}

	- $ext_email = $this->controller->getSetting('external_email');
	- $cc = [];
	-
	- if ($ext_email && $ext_email != $this->controller->email) {
	- $cc[] = $ext_email;
	+ if (empty($this->controller)) {
	+ return;
	}

	$mail = new PaymentMandateDisabled($this->wallet, $this->controller);

	- Mail::to($this->controller->email)->cc($cc)->send($mail);
	+ list($to, $cc) = \App\Mail\Helper::userEmails($this->controller);
	+
	+ if (!empty($to)) {
	+ try {
	+ Mail::to($to)->cc($cc)->send($mail);
	+
	+ $msg = sprintf(
	+ "[PaymentMandateDisabled] Sent mail for %s (%s)",
	+ $this->wallet->id,
	+ empty($cc) ? $to : implode(', ', array_merge([$to], $cc))
	+ );
	+
	+ \Log::info($msg);
	+ } catch (\Exception $e) {
	+ $msg = sprintf(
	+ "[PaymentMandateDisabled] Failed to send mail for wallet %s (%s): %s",
	+ $this->wallet->id,
	+ empty($cc) ? $to : implode(', ', array_merge([$to], $cc)),
	+ $e->getMessage()
	+ );
	+
	+ \Log::error($msg);
	+ throw $e;
	+ }
	+ }

	/*
	// Send the email to all controllers too
	diff --git a/src/app/Jobs/UserVerify.php b/src/app/Jobs/UserVerify.php
	--- a/src/app/Jobs/UserVerify.php
	+++ b/src/app/Jobs/UserVerify.php
	@@ -44,22 +44,7 @@
	*/
	public function handle()
	{
	- // Verify a mailbox sku is among the user entitlements.
	- $skuMailbox = \App\Sku::where('title', 'mailbox')->first();
	-
	- if (!$skuMailbox) {
	- return;
	- }
	-
	- $mailbox = \App\Entitlement::where(
	- [
	- 'sku_id' => $skuMailbox->id,
	- 'entitleable_id' => $this->user->id,
	- 'entitleable_type' => User::class
	- ]
	- )->first();
	-
	- if (!$mailbox) {
	+ if (!$this->user->hasSku('mailbox')) {
	return;
	}

	diff --git a/src/app/Jobs/WalletCheck.php b/src/app/Jobs/WalletCheck.php
	new file mode 100644
	--- /dev/null
	+++ b/src/app/Jobs/WalletCheck.php
	@@ -0,0 +1,311 @@
	+<?php
	+
	+namespace App\Jobs;
	+
	+use App\Wallet;
	+use Carbon\Carbon;
	+use Illuminate\Bus\Queueable;
	+use Illuminate\Contracts\Queue\ShouldQueue;
	+use Illuminate\Foundation\Bus\Dispatchable;
	+use Illuminate\Queue\InteractsWithQueue;
	+use Illuminate\Queue\SerializesModels;
	+use Illuminate\Support\Facades\Mail;
	+
	+class WalletCheck implements ShouldQueue
	+{
	+ use Dispatchable;
	+ use InteractsWithQueue;
	+ use Queueable;
	+ use SerializesModels;
	+
	+ public const THRESHOLD_DELETE = 'delete';
	+ public const THRESHOLD_BEFORE_DELETE = 'before_delete';
	+ public const THRESHOLD_SUSPEND = 'suspend';
	+ public const THRESHOLD_REMINDER = 'reminder';
	+ public const THRESHOLD_INITIAL = 'initial';
	+
	+ /** @var int The number of seconds to wait before retrying the job. */
	+ public $retryAfter = 10;
	+
	+ /** @var int How many times retry the job if it fails. */
	+ public $tries = 5;
	+
	+ /** @var bool Delete the job if the wallet no longer exist. */
	+ public $deleteWhenMissingModels = true;
	+
	+ /** @var \App\Wallet A wallet object */
	+ protected $wallet;
	+
	+
	+ /**
	+ * Create a new job instance.
	+ *
	+ * @param \App\Wallet $wallet The wallet that has been charged.
	+ *
	+ * @return void
	+ */
	+ public function __construct(Wallet $wallet)
	+ {
	+ $this->wallet = $wallet;
	+ }
	+
	+ /**
	+ * Execute the job.
	+ *
	+ * @return void
	+ */
	+ public function handle()
	+ {
	+ if ($this->wallet->balance >= 0) {
	+ return;
	+ }
	+
	+ $now = Carbon::now();
	+
	+ // Delete the account
	+ if (self::threshold($this->wallet, self::THRESHOLD_DELETE) < $now) {
	+ $this->deleteAccount();
	+ return;
	+ }
	+
	+ // Warn about the upcomming account deletion
	+ if (self::threshold($this->wallet, self::THRESHOLD_BEFORE_DELETE) < $now) {
	+ $this->warnBeforeDelete();
	+ return;
	+ }
	+
	+ // Suspend the account
	+ if (self::threshold($this->wallet, self::THRESHOLD_SUSPEND) < $now) {
	+ $this->suspendAccount();
	+ return;
	+ }
	+
	+ // Send the second reminder
	+ if (self::threshold($this->wallet, self::THRESHOLD_REMINDER) < $now) {
	+ $this->secondReminder();
	+ return;
	+ }
	+
	+ // Send the initial reminder
	+ if (self::threshold($this->wallet, self::THRESHOLD_INITIAL) < $now) {
	+ $this->initialReminder();
	+ return;
	+ }
	+ }
	+
	+ /**
	+ * Send the initial reminder
	+ */
	+ protected function initialReminder()
	+ {
	+ if ($this->wallet->getSetting('balance_warning_initial')) {
	+ return;
	+ }
	+
	+ // TODO: Should we check if the account is already suspended?
	+
	+ $label = "Notification sent for";
	+
	+ $this->sendMail(\App\Mail\NegativeBalance::class, false, $label);
	+
	+ $now = \Carbon\Carbon::now()->toDateTimeString();
	+ $this->wallet->setSetting('balance_warning_initial', $now);
	+ }
	+
	+ /**
	+ * Send the second reminder
	+ */
	+ protected function secondReminder()
	+ {
	+ if ($this->wallet->getSetting('balance_warning_reminder')) {
	+ return;
	+ }
	+
	+ // TODO: Should we check if the account is already suspended?
	+
	+ $label = "Reminder sent for";
	+
	+ $this->sendMail(\App\Mail\NegativeBalanceReminder::class, false, $label);
	+
	+ $now = \Carbon\Carbon::now()->toDateTimeString();
	+ $this->wallet->setSetting('balance_warning_reminder', $now);
	+ }
	+
	+ /**
	+ * Suspend the account (and send the warning)
	+ */
	+ protected function suspendAccount()
	+ {
	+ if ($this->wallet->getSetting('balance_warning_suspended')) {
	+ return;
	+ }
	+
	+ // Sanity check, already deleted
	+ if (!$this->wallet->owner) {
	+ return;
	+ }
	+
	+ // Suspend the account
	+ $this->wallet->owner->suspend();
	+ foreach ($this->wallet->entitlements as $entitlement) {
	+ if (
	+ $entitlement->entitleable_type == \App\Domain::class
	+ \|\| $entitlement->entitleable_type == \App\User::class
	+ ) {
	+ $entitlement->entitleable->suspend();
	+ }
	+ }
	+
	+ $label = "Account suspended";
	+
	+ $this->sendMail(\App\Mail\NegativeBalanceSuspended::class, false, $label);
	+
	+ $now = \Carbon\Carbon::now()->toDateTimeString();
	+ $this->wallet->setSetting('balance_warning_suspended', $now);
	+ }
	+
	+ /**
	+ * Send the last warning before delete
	+ */
	+ protected function warnBeforeDelete()
	+ {
	+ if ($this->wallet->getSetting('balance_warning_before_delete')) {
	+ return;
	+ }
	+
	+ // Sanity check, already deleted
	+ if (!$this->wallet->owner) {
	+ return;
	+ }
	+
	+ $label = "Last warning sent for";
	+
	+ $this->sendMail(\App\Mail\NegativeBalanceBeforeDelete::class, true, $label);
	+
	+ $now = \Carbon\Carbon::now()->toDateTimeString();
	+ $this->wallet->setSetting('balance_warning_before_delete', $now);
	+ }
	+
	+ /**
	+ * Delete the account
	+ */
	+ protected function deleteAccount()
	+ {
	+ // TODO: This will not work when we actually allow multiple-wallets per account
	+ // but in this case we anyway have to change the whole thing
	+ // and calculate summarized balance from all wallets.
	+ // The dirty work will be done by UserObserver
	+ if ($this->wallet->owner) {
	+ $email = $this->wallet->owner->email;
	+
	+ $this->wallet->owner->delete();
	+
	+ \Log::info(
	+ sprintf(
	+ "[WalletCheck] Account deleted %s (%s)",
	+ $this->wallet->id,
	+ $email
	+ )
	+ );
	+ }
	+ }
	+
	+ /**
	+ * Send the email
	+ *
	+ * @param string $class Mailable class name
	+ * @param bool $with_external Use users's external email
	+ * @param ?string $log_label Log label
	+ */
	+ protected function sendMail($class, $with_external = false, $log_label = null): void
	+ {
	+ // TODO: Send the email to all wallet controllers?
	+
	+ $mail = new $class($this->wallet, $this->wallet->owner);
	+
	+ list($to, $cc) = \App\Mail\Helper::userEmails($this->wallet->owner, $with_external);
	+
	+ if (!empty($to) \|\| !empty($cc)) {
	+ try {
	+ Mail::to($to)->cc($cc)->send($mail);
	+
	+ if ($log_label) {
	+ $msg = sprintf(
	+ "[WalletCheck] %s %s (%s)",
	+ $log_label,
	+ $this->wallet->id,
	+ empty($cc) ? $to : implode(', ', array_merge([$to], $cc)),
	+ );
	+
	+ \Log::info($msg);
	+ }
	+ } catch (\Exception $e) {
	+ $msg = sprintf(
	+ "[WalletCheck] Failed to send mail for %s (%s): %s",
	+ $this->wallet->id,
	+ empty($cc) ? $to : implode(', ', array_merge([$to], $cc)),
	+ $e->getMessage()
	+ );
	+
	+ \Log::error($msg);
	+ throw $e;
	+ }
	+ }
	+ }
	+
	+ /**
	+ * Get the date-time for an action threshold. Calculated using
	+ * the date when a wallet balance turned negative.
	+ *
	+ * @param \App\Wallet $wallet A wallet
	+ * @param string $type Action type (one of self::THRESHOLD_*)
	+ *
	+ * @return \Carbon\Carbon The threshold date-time object
	+ */
	+ public static function threshold(Wallet $wallet, string $type): ?Carbon
	+ {
	+ $negative_since = $wallet->getSetting('balance_negative_since');
	+
	+ // Migration scenario: balance<0, but no balance_negative_since set
	+ if (!$negative_since) {
	+ // 2h back from now, so first run can sent the initial notification
	+ $negative_since = Carbon::now()->subHours(2);
	+ $wallet->setSetting('balance_negative_since', $negative_since->toDateTimeString());
	+ } else {
	+ $negative_since = new Carbon($negative_since);
	+ }
	+
	+ $remind = 7; // remind after first X days
	+ $suspend = 14; // suspend after next X days
	+ $delete = 21; // delete after next X days
	+ $warn = 3; // warn about delete on X days before delete
	+
	+ // Acount deletion
	+ if ($type == self::THRESHOLD_DELETE) {
	+ return $negative_since->addDays($delete + $suspend + $remind);
	+ }
	+
	+ // Warning about the upcomming account deletion
	+ if ($type == self::THRESHOLD_BEFORE_DELETE) {
	+ return $negative_since->addDays($delete + $suspend + $remind - $warn);
	+ }
	+
	+ // Account suspension
	+ if ($type == self::THRESHOLD_SUSPEND) {
	+ return $negative_since->addDays($suspend + $remind);
	+ }
	+
	+ // Second notification
	+ if ($type == self::THRESHOLD_REMINDER) {
	+ return $negative_since->addDays($remind);
	+ }
	+
	+ // Initial notification
	+ // Give it an hour so the async recurring payment has a chance to be finished
	+ if ($type == self::THRESHOLD_INITIAL) {
	+ return $negative_since->addHours(1);
	+ }
	+
	+ return null;
	+ }
	+}
	diff --git a/src/app/Mail/Helper.php b/src/app/Mail/Helper.php
	--- a/src/app/Mail/Helper.php
	+++ b/src/app/Mail/Helper.php
	@@ -30,4 +30,32 @@
	// HTML output
	return $mail->build()->render(); // @phpstan-ignore-line
	}
	+
	+ /**
	+ * Return user's email addresses, separately for use in To and Cc.
	+ *
	+ * @param \App\User $user The user
	+ * @param bool $external Include users's external email
	+ *
	+ * @return array To address as the first element, Cc address(es) as the second.
	+ */
	+ public static function userEmails(\App\User $user, bool $external = false): array
	+ {
	+ $to = $user->email;
	+ $cc = [];
	+
	+ // If user has no mailbox entitlement we should not send
	+ // the email to his main address, but use external address, if defined
	+ if (!$user->hasSku('mailbox')) {
	+ $to = $user->getSetting('external_email');
	+ } elseif ($external) {
	+ $ext_email = $user->getSetting('external_email');
	+
	+ if ($ext_email && $ext_email != $to) {
	+ $cc[] = $ext_email;
	+ }
	+ }
	+
	+ return [$to, $cc];
	+ }
	}
	diff --git a/src/app/Mail/NegativeBalance.php b/src/app/Mail/NegativeBalance.php
	--- a/src/app/Mail/NegativeBalance.php
	+++ b/src/app/Mail/NegativeBalance.php
	@@ -4,6 +4,7 @@

	use App\User;
	use App\Utils;
	+use App\Wallet;
	use Illuminate\Bus\Queueable;
	use Illuminate\Mail\Mailable;
	use Illuminate\Queue\SerializesModels;
	@@ -13,20 +14,25 @@
	use Queueable;
	use SerializesModels;

	- /** @var \App\User A user (account) that is behind with payments */
	- protected $account;
	+ /** @var \App\Wallet A wallet with a negative balance */
	+ protected $wallet;
	+
	+ /** @var \App\User A wallet controller to whom the email is being sent */
	+ protected $user;


	/**
	* Create a new message instance.
	*
	- * @param \App\User $account A user (account)
	+ * @param \App\Wallet $wallet A wallet
	+ * @param \App\User $user An email recipient
	*
	* @return void
	*/
	- public function __construct(User $account)
	+ public function __construct(Wallet $wallet, User $user)
	{
	- $this->account = $account;
	+ $this->wallet = $wallet;
	+ $this->user = $user;
	}

	/**
	@@ -36,8 +42,6 @@
	*/
	public function build()
	{
	- $user = $this->account;
	-
	$subject = \trans('mail.negativebalance-subject', ['site' => \config('app.name')]);

	$this->view('emails.html.negative_balance')
	@@ -46,7 +50,7 @@
	->with([
	'site' => \config('app.name'),
	'subject' => $subject,
	- 'username' => $user->name(true),
	+ 'username' => $this->user->name(true),
	'supportUrl' => \config('app.support_url'),
	'walletUrl' => Utils::serviceUrl('/wallet'),
	]);
	@@ -63,9 +67,10 @@
	*/
	public static function fakeRender(string $type = 'html'): string
	{
	+ $wallet = new Wallet();
	$user = new User();

	- $mail = new self($user);
	+ $mail = new self($wallet, $user);

	return Helper::render($mail, $type);
	}
	diff --git a/src/app/Mail/NegativeBalance.php b/src/app/Mail/NegativeBalanceBeforeDelete.php
	copy from src/app/Mail/NegativeBalance.php
	copy to src/app/Mail/NegativeBalanceBeforeDelete.php
	--- a/src/app/Mail/NegativeBalance.php
	+++ b/src/app/Mail/NegativeBalanceBeforeDelete.php
	@@ -2,31 +2,38 @@

	namespace App\Mail;

	+use App\Jobs\WalletCheck;
	use App\User;
	use App\Utils;
	+use App\Wallet;
	use Illuminate\Bus\Queueable;
	use Illuminate\Mail\Mailable;
	use Illuminate\Queue\SerializesModels;

	-class NegativeBalance extends Mailable
	+class NegativeBalanceBeforeDelete extends Mailable
	{
	use Queueable;
	use SerializesModels;

	- /** @var \App\User A user (account) that is behind with payments */
	- protected $account;
	+ /** @var \App\Wallet A wallet with a negative balance */
	+ protected $wallet;
	+
	+ /** @var \App\User A wallet controller to whom the email is being sent */
	+ protected $user;


	/**
	* Create a new message instance.
	*
	- * @param \App\User $account A user (account)
	+ * @param \App\Wallet $wallet A wallet
	+ * @param \App\User $user An email recipient
	*
	* @return void
	*/
	- public function __construct(User $account)
	+ public function __construct(Wallet $wallet, User $user)
	{
	- $this->account = $account;
	+ $this->wallet = $wallet;
	+ $this->user = $user;
	}

	/**
	@@ -36,19 +43,20 @@
	*/
	public function build()
	{
	- $user = $this->account;
	+ $threshold = WalletCheck::threshold($this->wallet, WalletCheck::THRESHOLD_DELETE);

	- $subject = \trans('mail.negativebalance-subject', ['site' => \config('app.name')]);
	+ $subject = \trans('mail.negativebalancebeforedelete-subject', ['site' => \config('app.name')]);

	- $this->view('emails.html.negative_balance')
	- ->text('emails.plain.negative_balance')
	+ $this->view('emails.html.negative_balance_before_delete')
	+ ->text('emails.plain.negative_balance_before_delete')
	->subject($subject)
	->with([
	'site' => \config('app.name'),
	'subject' => $subject,
	- 'username' => $user->name(true),
	+ 'username' => $this->user->name(true),
	'supportUrl' => \config('app.support_url'),
	'walletUrl' => Utils::serviceUrl('/wallet'),
	+ 'date' => $threshold->toDateString(),
	]);

	return $this;
	@@ -63,9 +71,10 @@
	*/
	public static function fakeRender(string $type = 'html'): string
	{
	+ $wallet = new Wallet();
	$user = new User();

	- $mail = new self($user);
	+ $mail = new self($wallet, $user);

	return Helper::render($mail, $type);
	}
	diff --git a/src/app/Mail/NegativeBalance.php b/src/app/Mail/NegativeBalanceReminder.php
	copy from src/app/Mail/NegativeBalance.php
	copy to src/app/Mail/NegativeBalanceReminder.php
	--- a/src/app/Mail/NegativeBalance.php
	+++ b/src/app/Mail/NegativeBalanceReminder.php
	@@ -2,31 +2,38 @@

	namespace App\Mail;

	+use App\Jobs\WalletCheck;
	use App\User;
	use App\Utils;
	+use App\Wallet;
	use Illuminate\Bus\Queueable;
	use Illuminate\Mail\Mailable;
	use Illuminate\Queue\SerializesModels;

	-class NegativeBalance extends Mailable
	+class NegativeBalanceReminder extends Mailable
	{
	use Queueable;
	use SerializesModels;

	- /** @var \App\User A user (account) that is behind with payments */
	- protected $account;
	+ /** @var \App\Wallet A wallet with a negative balance */
	+ protected $wallet;
	+
	+ /** @var \App\User A wallet controller to whom the email is being sent */
	+ protected $user;


	/**
	* Create a new message instance.
	*
	- * @param \App\User $account A user (account)
	+ * @param \App\Wallet $wallet A wallet
	+ * @param \App\User $user An email recipient
	*
	* @return void
	*/
	- public function __construct(User $account)
	+ public function __construct(Wallet $wallet, User $user)
	{
	- $this->account = $account;
	+ $this->wallet = $wallet;
	+ $this->user = $user;
	}

	/**
	@@ -36,19 +43,20 @@
	*/
	public function build()
	{
	- $user = $this->account;
	+ $threshold = WalletCheck::threshold($this->wallet, WalletCheck::THRESHOLD_SUSPEND);

	- $subject = \trans('mail.negativebalance-subject', ['site' => \config('app.name')]);
	+ $subject = \trans('mail.negativebalancereminder-subject', ['site' => \config('app.name')]);

	- $this->view('emails.html.negative_balance')
	- ->text('emails.plain.negative_balance')
	+ $this->view('emails.html.negative_balance_reminder')
	+ ->text('emails.plain.negative_balance_reminder')
	->subject($subject)
	->with([
	'site' => \config('app.name'),
	'subject' => $subject,
	- 'username' => $user->name(true),
	+ 'username' => $this->user->name(true),
	'supportUrl' => \config('app.support_url'),
	'walletUrl' => Utils::serviceUrl('/wallet'),
	+ 'date' => $threshold->toDateString(),
	]);

	return $this;
	@@ -63,9 +71,10 @@
	*/
	public static function fakeRender(string $type = 'html'): string
	{
	+ $wallet = new Wallet();
	$user = new User();

	- $mail = new self($user);
	+ $mail = new self($wallet, $user);

	return Helper::render($mail, $type);
	}
	diff --git a/src/app/Mail/NegativeBalance.php b/src/app/Mail/NegativeBalanceSuspended.php
	copy from src/app/Mail/NegativeBalance.php
	copy to src/app/Mail/NegativeBalanceSuspended.php
	--- a/src/app/Mail/NegativeBalance.php
	+++ b/src/app/Mail/NegativeBalanceSuspended.php
	@@ -2,31 +2,38 @@

	namespace App\Mail;

	+use App\Jobs\WalletCheck;
	use App\User;
	use App\Utils;
	+use App\Wallet;
	use Illuminate\Bus\Queueable;
	use Illuminate\Mail\Mailable;
	use Illuminate\Queue\SerializesModels;

	-class NegativeBalance extends Mailable
	+class NegativeBalanceSuspended extends Mailable
	{
	use Queueable;
	use SerializesModels;

	- /** @var \App\User A user (account) that is behind with payments */
	- protected $account;
	+ /** @var \App\Wallet A wallet with a negative balance */
	+ protected $wallet;
	+
	+ /** @var \App\User A wallet controller to whom the email is being sent */
	+ protected $user;


	/**
	* Create a new message instance.
	*
	- * @param \App\User $account A user (account)
	+ * @param \App\Wallet $wallet A wallet
	+ * @param \App\User $user An email recipient
	*
	* @return void
	*/
	- public function __construct(User $account)
	+ public function __construct(Wallet $wallet, User $user)
	{
	- $this->account = $account;
	+ $this->wallet = $wallet;
	+ $this->user = $user;
	}

	/**
	@@ -36,19 +43,20 @@
	*/
	public function build()
	{
	- $user = $this->account;
	+ $threshold = WalletCheck::threshold($this->wallet, WalletCheck::THRESHOLD_DELETE);

	- $subject = \trans('mail.negativebalance-subject', ['site' => \config('app.name')]);
	+ $subject = \trans('mail.negativebalancesuspended-subject', ['site' => \config('app.name')]);

	- $this->view('emails.html.negative_balance')
	- ->text('emails.plain.negative_balance')
	+ $this->view('emails.html.negative_balance_suspended')
	+ ->text('emails.plain.negative_balance_suspended')
	->subject($subject)
	->with([
	'site' => \config('app.name'),
	'subject' => $subject,
	- 'username' => $user->name(true),
	+ 'username' => $this->user->name(true),
	'supportUrl' => \config('app.support_url'),
	'walletUrl' => Utils::serviceUrl('/wallet'),
	+ 'date' => $threshold->toDateString(),
	]);

	return $this;
	@@ -63,9 +71,10 @@
	*/
	public static function fakeRender(string $type = 'html'): string
	{
	+ $wallet = new Wallet();
	$user = new User();

	- $mail = new self($user);
	+ $mail = new self($wallet, $user);

	return Helper::render($mail, $type);
	}
	diff --git a/src/app/Mail/PasswordReset.php b/src/app/Mail/PasswordReset.php
	--- a/src/app/Mail/PasswordReset.php
	+++ b/src/app/Mail/PasswordReset.php
	@@ -39,7 +39,7 @@
	public function build()
	{
	$href = Utils::serviceUrl(
	- sprintf('/login/reset/%s-%s', $this->code->short_code, $this->code->code)
	+ sprintf('/password-reset/%s-%s', $this->code->short_code, $this->code->code)
	);

	$this->view('emails.html.password_reset')
	diff --git a/src/app/Observers/EntitlementObserver.php b/src/app/Observers/EntitlementObserver.php
	--- a/src/app/Observers/EntitlementObserver.php
	+++ b/src/app/Observers/EntitlementObserver.php
	@@ -97,18 +97,29 @@
	{
	// Start calculating the costs for the consumption of this entitlement if the
	// existing consumption spans >= 14 days.
	- // anything's free for 14 days
	+ //
	+ // Effect is that anything's free for the first 14 days
	if ($entitlement->created_at >= Carbon::now()->subDays(14)) {
	return;
	}

	+ $owner = $entitlement->wallet->owner;
	+
	+ // Determine if we're still within the free first month
	+ $freeMonthEnds = $owner->created_at->copy()->addMonthsWithoutOverflow(1);
	+
	+ if ($freeMonthEnds >= Carbon::now()) {
	+ return;
	+ }
	+
	$cost = 0;
	+ $now = Carbon::now();

	// get the discount rate applied to the wallet.
	$discount = $entitlement->wallet->getDiscountRate();

	// just in case this had not been billed yet, ever
	- $diffInMonths = $entitlement->updated_at->diffInMonths(Carbon::now());
	+ $diffInMonths = $entitlement->updated_at->diffInMonths($now);
	$cost += (int) ($entitlement->cost * $discount * $diffInMonths);

	// this moves the hypothetical updated at forward to however many months past the original
	@@ -116,26 +127,23 @@

	// now we have the diff in days since the last "billed" period end.
	// This may be an entitlement paid up until February 28th, 2020, with today being March
	- // 12th 2020. Calculating the costs for the entitlement is based on the daily price for the
	- // past month -- i.e. $price/29 in the case at hand -- times the number of (full) days in
	- // between the period end and now.
	- //
	- // a) The number of days left in the past month, 1
	- // b) The cost divided by the number of days in the past month, for example, 555/29,
	- // c) a) + Todays day-of-month, 12, so 13.
	- //
	+ // 12th 2020. Calculating the costs for the entitlement is based on the daily price

	- $diffInDays = $updatedAt->diffInDays(Carbon::now());
	+ // the price per day is based on the number of days in the last month
	+ // or the current month if the period does not overlap with the previous month
	+ // FIXME: This really should be simplified to $daysInMonth=30

	- $dayOfThisMonth = Carbon::now()->day;
	+ $diffInDays = $updatedAt->diffInDays($now);

	- // days in the month for the month prior to this one.
	- // the price per day is based on the number of days left in the last month
	- $daysInLastMonth = \App\Utils::daysInLastMonth();
	+ if ($now->day >= $diffInDays) {
	+ $daysInMonth = $now->daysInMonth;
	+ } else {
	+ $daysInMonth = \App\Utils::daysInLastMonth();
	+ }

	- $pricePerDay = (float)$entitlement->cost / $daysInLastMonth;
	+ $pricePerDay = $entitlement->cost / $daysInMonth;

	- $cost += (int) (round($pricePerDay * $diffInDays, 0));
	+ $cost += (int) (round($pricePerDay * $discount * $diffInDays, 0));

	if ($cost == 0) {
	return;
	diff --git a/src/app/Observers/UserAliasObserver.php b/src/app/Observers/UserAliasObserver.php
	--- a/src/app/Observers/UserAliasObserver.php
	+++ b/src/app/Observers/UserAliasObserver.php
	@@ -21,17 +21,22 @@
	{
	$alias->alias = \strtolower($alias->alias);

	- if ($exists = User::emailExists($alias->alias, true, $alias_exists)) {
	+ list($login, $domain) = explode('@', $alias->alias);
	+
	+ $domain = Domain::where('namespace', $domain)->first();
	+
	+ if (!$domain) {
	+ \Log::error("Failed creating alias {$alias->alias}. Domain does not exist.");
	+ return false;
	+ }
	+/*
	+ if ($exists = User::emailExists($alias->alias, true, $alias_exists, !$domain->isPublic())) {
	if (!$alias_exists) {
	\Log::error("Failed creating alias {$alias->alias}. Email address exists.");
	return false;
	}

	- list($login, $domain) = explode('@', $alias->alias);
	-
	- $domain = Domain::where('namespace', $domain)->first();
	-
	- if (!$domain \|\| $domain->isPublic()) {
	+ if ($domain->isPublic()) {
	\Log::error("Failed creating alias {$alias->alias}. Alias exists in public domain.");
	return false;
	}
	@@ -41,7 +46,7 @@
	return false;
	}
	}
	-
	+*/
	return true;
	}

	diff --git a/src/app/Observers/WalletObserver.php b/src/app/Observers/WalletObserver.php
	--- a/src/app/Observers/WalletObserver.php
	+++ b/src/app/Observers/WalletObserver.php
	@@ -69,4 +69,44 @@

	return true;
	}
	+
	+ /**
	+ * Handle the wallet "updated" event.
	+ *
	+ * @param \App\Wallet $wallet The wallet.
	+ *
	+ * @return void
	+ */
	+ public function updated(Wallet $wallet)
	+ {
	+ $negative_since = $wallet->getSetting('balance_negative_since');
	+
	+ if ($wallet->balance < 0) {
	+ if (!$negative_since) {
	+ $now = \Carbon\Carbon::now()->toDateTimeString();
	+ $wallet->setSetting('balance_negative_since', $now);
	+ }
	+ } elseif ($negative_since) {
	+ $wallet->setSettings([
	+ 'balance_negative_since' => null,
	+ 'balance_warning_initial' => null,
	+ 'balance_warning_reminder' => null,
	+ 'balance_warning_suspended' => null,
	+ 'balance_warning_before_delete' => null,
	+ ]);
	+
	+ // Unsuspend the account/domains/users
	+ if ($wallet->owner) {
	+ $wallet->owner->unsuspend();
	+ }
	+ foreach ($wallet->entitlements as $entitlement) {
	+ if (
	+ $entitlement->entitleable_type == \App\Domain::class
	+ \|\| $entitlement->entitleable_type == \App\User::class
	+ ) {
	+ $entitlement->entitleable->unsuspend();
	+ }
	+ }
	+ }
	+ }
	}
	diff --git a/src/app/Providers/AppServiceProvider.php b/src/app/Providers/AppServiceProvider.php
	--- a/src/app/Providers/AppServiceProvider.php
	+++ b/src/app/Providers/AppServiceProvider.php
	@@ -3,6 +3,7 @@
	namespace App\Providers;

	use Illuminate\Support\Facades\DB;
	+use Illuminate\Support\Facades\Schema;
	use Illuminate\Support\ServiceProvider;

	class AppServiceProvider extends ServiceProvider
	@@ -39,6 +40,8 @@
	\App\VerificationCode::observe(\App\Observers\VerificationCodeObserver::class);
	\App\Wallet::observe(\App\Observers\WalletObserver::class);

	+ Schema::defaultStringLength(191);
	+
	// Log SQL queries in debug mode
	if (\config('app.debug')) {
	DB::listen(function ($query) {
	diff --git a/src/app/Providers/Payment/Mollie.php b/src/app/Providers/Payment/Mollie.php
	--- a/src/app/Providers/Payment/Mollie.php
	+++ b/src/app/Providers/Payment/Mollie.php
	@@ -18,7 +18,11 @@
	*/
	public function customerLink(Wallet $wallet): ?string
	{
	- $customer_id = self::mollieCustomerId($wallet);
	+ $customer_id = self::mollieCustomerId($wallet, false);
	+
	+ if (!$customer_id) {
	+ return null;
	+ }

	return sprintf(
	'<a href="https://www.mollie.com/dashboard/customers/%s" target="_blank">%s</a>',
	@@ -43,7 +47,7 @@
	public function createMandate(Wallet $wallet, array $payment): ?array
	{
	// Register the user in Mollie, if not yet done
	- $customer_id = self::mollieCustomerId($wallet);
	+ $customer_id = self::mollieCustomerId($wallet, true);

	$request = [
	'amount' => [
	@@ -54,7 +58,7 @@
	'sequenceType' => 'first',
	'description' => $payment['description'],
	'webhookUrl' => Utils::serviceUrl('/api/webhooks/payment/mollie'),
	- 'redirectUrl' => \url('/wallet'),
	+ 'redirectUrl' => Utils::serviceUrl('/wallet'),
	'locale' => 'en_US',
	// 'method' => 'creditcard',
	];
	@@ -155,7 +159,7 @@
	}

	// Register the user in Mollie, if not yet done
	- $customer_id = self::mollieCustomerId($wallet);
	+ $customer_id = self::mollieCustomerId($wallet, true);

	// Note: Required fields: description, amount/currency, amount/value

	@@ -171,7 +175,7 @@
	'webhookUrl' => Utils::serviceUrl('/api/webhooks/payment/mollie'),
	'locale' => 'en_US',
	// 'method' => 'creditcard',
	- 'redirectUrl' => \url('/wallet') // required for non-recurring payments
	+ 'redirectUrl' => Utils::serviceUrl('/wallet') // required for non-recurring payments
	];

	// TODO: Additional payment parameters for better fraud protection:
	@@ -211,7 +215,7 @@
	return null;
	}

	- $customer_id = self::mollieCustomerId($wallet);
	+ $customer_id = self::mollieCustomerId($wallet, true);

	// Note: Required fields: description, amount/currency, amount/value

	@@ -353,15 +357,16 @@
	* Create one if does not exist yet.
	*
	* @param \App\Wallet $wallet The wallet
	+ * @param bool $create Create the customer if does not exist yet
	*
	- * @return string Mollie customer identifier
	+ * @return ?string Mollie customer identifier
	*/
	- protected static function mollieCustomerId(Wallet $wallet): string
	+ protected static function mollieCustomerId(Wallet $wallet, bool $create = false): ?string
	{
	$customer_id = $wallet->getSetting('mollie_id');

	// Register the user in Mollie
	- if (empty($customer_id)) {
	+ if (empty($customer_id) && $create) {
	$customer = mollie()->customers()->create([
	'name' => $wallet->owner->name(),
	'email' => $wallet->id . '@private.' . \config('app.domain'),
	diff --git a/src/app/Providers/Payment/Stripe.php b/src/app/Providers/Payment/Stripe.php
	--- a/src/app/Providers/Payment/Stripe.php
	+++ b/src/app/Providers/Payment/Stripe.php
	@@ -29,7 +29,11 @@
	*/
	public function customerLink(Wallet $wallet): ?string
	{
	- $customer_id = self::stripeCustomerId($wallet);
	+ $customer_id = self::stripeCustomerId($wallet, false);
	+
	+ if (!$customer_id) {
	+ return null;
	+ }

	$location = 'https://dashboard.stripe.com';

	@@ -62,12 +66,12 @@
	public function createMandate(Wallet $wallet, array $payment): ?array
	{
	// Register the user in Stripe, if not yet done
	- $customer_id = self::stripeCustomerId($wallet);
	+ $customer_id = self::stripeCustomerId($wallet, true);

	$request = [
	'customer' => $customer_id,
	- 'cancel_url' => \url('/wallet'), // required
	- 'success_url' => \url('/wallet'), // required
	+ 'cancel_url' => Utils::serviceUrl('/wallet'), // required
	+ 'success_url' => Utils::serviceUrl('/wallet'), // required
	'payment_method_types' => ['card'], // required
	'locale' => 'en',
	'mode' => 'setup',
	@@ -173,12 +177,12 @@
	}

	// Register the user in Stripe, if not yet done
	- $customer_id = self::stripeCustomerId($wallet);
	+ $customer_id = self::stripeCustomerId($wallet, true);

	$request = [
	'customer' => $customer_id,
	- 'cancel_url' => \url('/wallet'), // required
	- 'success_url' => \url('/wallet'), // required
	+ 'cancel_url' => Utils::serviceUrl('/wallet'), // required
	+ 'success_url' => Utils::serviceUrl('/wallet'), // required
	'payment_method_types' => ['card'], // required
	'locale' => 'en',
	'line_items' => [
	@@ -371,15 +375,16 @@
	* Create one if does not exist yet.
	*
	* @param \App\Wallet $wallet The wallet
	+ * @param bool $create Create the customer if does not exist yet
	*
	- * @return string Stripe customer identifier
	+ * @return string\|null Stripe customer identifier
	*/
	- protected static function stripeCustomerId(Wallet $wallet): string
	+ protected static function stripeCustomerId(Wallet $wallet, bool $create = false): ?string
	{
	$customer_id = $wallet->getSetting('stripe_id');

	// Register the user in Stripe
	- if (empty($customer_id)) {
	+ if (empty($customer_id) && $create) {
	$customer = StripeAPI\Customer::create([
	'name' => $wallet->owner->name(),
	// Stripe will display the email on Checkout page, editable,
	diff --git a/src/app/Providers/RouteServiceProvider.php b/src/app/Providers/RouteServiceProvider.php
	--- a/src/app/Providers/RouteServiceProvider.php
	+++ b/src/app/Providers/RouteServiceProvider.php
	@@ -65,8 +65,9 @@
	*/
	protected function mapApiRoutes()
	{
	- Route::prefix('api')
	- ->middleware('api')
	+ // Note: We removed the prefix from here, to have more control
	+ // over it in routes/api.php
	+ Route::middleware('api')
	->namespace($this->namespace)
	->group(base_path('routes/api.php'));
	}
	diff --git a/src/app/User.php b/src/app/User.php
	--- a/src/app/User.php
	+++ b/src/app/User.php
	@@ -342,10 +342,11 @@
	* @param string $email Email address
	* @param bool $return_user Return User instance instead of boolean
	* @param bool $is_alias Set to True if the existing email is an alias
	+ * @param bool $existing Ignore deleted users
	*
	* @return \App\User\|bool True or User model object if found, False otherwise
	*/
	- public static function emailExists(string $email, bool $return_user = false, &$is_alias = false)
	+ public static function emailExists(string $email, bool $return_user = false, &$is_alias = false, $existing = false)
	{
	if (strpos($email, '@') === false) {
	return false;
	@@ -353,17 +354,28 @@

	$email = \strtolower($email);

	- $user = self::withTrashed()->where('email', $email)->first();
	+ if ($existing) {
	+ $user = self::where('email', $email)->first();
	+ } else {
	+ $user = self::withTrashed()->where('email', $email)->first();
	+ }

	if ($user) {
	return $return_user ? $user : true;
	}

	- $alias = UserAlias::where('alias', $email)->first();
	+ $aliases = UserAlias::where('alias', $email);
	+
	+ if ($existing) {
	+ $aliases = $aliases->join('users', 'user_id', '=', 'users.id')
	+ ->whereNull('users.deleted_at');
	+ }
	+
	+ $alias = $aliases->first();

	if ($alias) {
	$is_alias = true;
	- return $return_user ? User::withTrashed()->find($alias->user_id) : true;
	+ return $return_user ? self::withTrashed()->find($alias->user_id) : true;
	}

	return false;
	@@ -415,6 +427,24 @@
	return [];
	}

	+ /**
	+ * Check if user has an entitlement for the specified SKU.
	+ *
	+ * @param string $title The SKU title
	+ *
	+ * @return bool True if specified SKU entitlement exists
	+ */
	+ public function hasSku($title): bool
	+ {
	+ $sku = Sku::where('title', $title)->first();
	+
	+ if (!$sku) {
	+ return false;
	+ }
	+
	+ return $this->entitlements()->where('sku_id', $sku->id)->count() > 0;
	+ }
	+
	/**
	* Returns whether this domain is active.
	*
	diff --git a/src/app/Utils.php b/src/app/Utils.php
	--- a/src/app/Utils.php
	+++ b/src/app/Utils.php
	@@ -157,16 +157,13 @@
	*/
	public static function serviceUrl(string $route): string
	{
	- $url = \url($route);
	+ $url = \config('app.public_url');

	- $app_url = trim(\config('app.url'), '/');
	- $pub_url = trim(\config('app.public_url'), '/');
	-
	- if ($pub_url != $app_url) {
	- $url = str_replace($app_url, $pub_url, $url);
	+ if (!$url) {
	+ $url = \config('app.url');
	}

	- return $url;
	+ return rtrim(trim($url, '/') . '/' . ltrim($route, '/'), '/');
	}

	/**
	diff --git a/src/app/Wallet.php b/src/app/Wallet.php
	--- a/src/app/Wallet.php
	+++ b/src/app/Wallet.php
	@@ -60,6 +60,22 @@

	public function chargeEntitlements($apply = true)
	{
	+ // This wallet has been created less than a month ago, this is the trial period
	+ if ($this->owner->created_at >= Carbon::now()->subMonthsWithoutOverflow(1)) {
	+ // Move all the current entitlement's updated_at timestamps forward to one month after
	+ // this wallet was created.
	+ $freeMonthEnds = $this->owner->created_at->copy()->addMonthsWithoutOverflow(1);
	+
	+ foreach ($this->entitlements()->get()->fresh() as $entitlement) {
	+ if ($entitlement->updated_at < $freeMonthEnds) {
	+ $entitlement->updated_at = $freeMonthEnds;
	+ $entitlement->save();
	+ }
	+ }
	+
	+ return 0;
	+ }
	+
	$charges = 0;
	$discount = $this->getDiscountRate();

	@@ -80,7 +96,7 @@
	continue;
	}

	- // created more than a month ago -- was it billed?
	+ // updated last more than a month ago -- was it billed?
	if ($entitlement->updated_at <= Carbon::now()->subMonthsWithoutOverflow(1)) {
	$diff = $entitlement->updated_at->diffInMonths(Carbon::now());

	@@ -93,7 +109,9 @@
	continue;
	}

	- $entitlement->updated_at = $entitlement->updated_at->copy()->addMonthsWithoutOverflow($diff);
	+ $entitlement->updated_at = $entitlement->updated_at->copy()
	+ ->addMonthsWithoutOverflow($diff);
	+
	$entitlement->save();

	if ($cost == 0) {
	diff --git a/src/config/2fa.php b/src/config/2fa.php
	--- a/src/config/2fa.php
	+++ b/src/config/2fa.php
	@@ -3,12 +3,12 @@
	return [

	'totp' => [
	- 'digits' => (int) env('2FA_TOTP_DIGITS', 6),
	- 'interval' => (int) env('2FA_TOTP_INTERVAL', 30),
	- 'digest' => env('2FA_TOTP_DIGEST', 'sha1'),
	+ 'digits' => (int) env('MFA_TOTP_DIGITS', 6),
	+ 'interval' => (int) env('MFA_TOTP_INTERVAL', 30),
	+ 'digest' => env('MFA_TOTP_DIGEST', 'sha1'),
	'issuer' => env('APP_NAME', 'Laravel'),
	],

	- 'dsn' => env('2FA_DSN'),
	+ 'dsn' => env('MFA_DSN'),

	];
	diff --git a/src/config/database.php b/src/config/database.php
	--- a/src/config/database.php
	+++ b/src/config/database.php
	@@ -52,8 +52,8 @@
	'username' => env('DB_USERNAME', 'forge'),
	'password' => env('DB_PASSWORD', ''),
	'unix_socket' => env('DB_SOCKET', ''),
	- 'charset' => 'utf8mb4',
	- 'collation' => 'utf8mb4_unicode_ci',
	+ 'charset' => 'utf8',
	+ 'collation' => 'utf8_unicode_ci',
	'prefix' => '',
	'prefix_indexes' => true,
	'strict' => true,
	diff --git a/src/database/migrations/2019_09_17_102628_create_sku_entitlements.php b/src/database/migrations/2019_09_17_102628_create_sku_entitlements.php
	--- a/src/database/migrations/2019_09_17_102628_create_sku_entitlements.php
	+++ b/src/database/migrations/2019_09_17_102628_create_sku_entitlements.php
	@@ -19,8 +19,10 @@
	function (Blueprint $table) {
	$table->string('id', 36)->primary();
	$table->string('title', 64);
	- $table->json('name');
	- $table->json('description');
	+ // were json, but mariadb
	+ $table->text('name');
	+ $table->text('description');
	+ // end of
	$table->integer('cost');
	$table->smallinteger('units_free')->default('0');
	$table->string('period', strlen('monthly'))->default('monthly');
	diff --git a/src/database/migrations/2019_12_10_095027_create_packages_table.php b/src/database/migrations/2019_12_10_095027_create_packages_table.php
	--- a/src/database/migrations/2019_12_10_095027_create_packages_table.php
	+++ b/src/database/migrations/2019_12_10_095027_create_packages_table.php
	@@ -19,8 +19,10 @@
	function (Blueprint $table) {
	$table->string('id', 36);
	$table->string('title', 36);
	- $table->json('name');
	- $table->json('description');
	+ // were json, but mariadb
	+ $table->text('name');
	+ $table->text('description');
	+ // end of
	$table->integer('discount_rate')->default(0)->nullable();

	$table->primary('id');
	diff --git a/src/database/migrations/2019_12_10_105428_create_plans_table.php b/src/database/migrations/2019_12_10_105428_create_plans_table.php
	--- a/src/database/migrations/2019_12_10_105428_create_plans_table.php
	+++ b/src/database/migrations/2019_12_10_105428_create_plans_table.php
	@@ -19,8 +19,10 @@
	function (Blueprint $table) {
	$table->string('id', 36);
	$table->string('title', 36);
	- $table->json('name');
	- $table->json('description');
	+ // were json, but mariadb
	+ $table->text('name');
	+ $table->text('description');
	+ // end of
	$table->datetime('promo_from')->nullable();
	$table->datetime('promo_to')->nullable();
	$table->integer('qty_min')->default(0)->nullable();
	diff --git a/src/database/migrations/2020_03_30_100000_create_discounts.php b/src/database/migrations/2020_03_30_100000_create_discounts.php
	--- a/src/database/migrations/2020_03_30_100000_create_discounts.php
	+++ b/src/database/migrations/2020_03_30_100000_create_discounts.php
	@@ -19,7 +19,9 @@
	function (Blueprint $table) {
	$table->string('id', 36);
	$table->tinyInteger('discount')->unsigned();
	- $table->json('description');
	+ // was json, but mariadb
	+ $table->text('description');
	+ // end of
	$table->string('code', 32)->nullable();
	$table->boolean('active')->default(false);
	$table->timestamp('created_at')->useCurrent();
	diff --git a/src/database/migrations/2019_12_10_095027_create_packages_table.php b/src/database/migrations/2020_09_02_150004_unique_discounts.php
	copy from src/database/migrations/2019_12_10_095027_create_packages_table.php
	copy to src/database/migrations/2020_09_02_150004_unique_discounts.php
	--- a/src/database/migrations/2019_12_10_095027_create_packages_table.php
	+++ b/src/database/migrations/2020_09_02_150004_unique_discounts.php
	@@ -1,11 +1,11 @@
	<?php

	-use Illuminate\Support\Facades\Schema;
	-use Illuminate\Database\Schema\Blueprint;
	use Illuminate\Database\Migrations\Migration;
	+use Illuminate\Database\Schema\Blueprint;
	+use Illuminate\Support\Facades\Schema;

	// phpcs:ignore
	-class CreatePackagesTable extends Migration
	+class UniqueDiscounts extends Migration
	{
	/**
	* Run the migrations.
	@@ -14,16 +14,10 @@
	*/
	public function up()
	{
	- Schema::create(
	- 'packages',
	+ Schema::table(
	+ 'discounts',
	function (Blueprint $table) {
	- $table->string('id', 36);
	- $table->string('title', 36);
	- $table->json('name');
	- $table->json('description');
	- $table->integer('discount_rate')->default(0)->nullable();
	-
	- $table->primary('id');
	+ $table->unique(['discount', 'description', 'code', 'active']);
	}
	);
	}
	@@ -35,6 +29,11 @@
	*/
	public function down()
	{
	- Schema::dropIfExists('packages');
	+ Schema::table(
	+ 'discounts',
	+ function (Blueprint $table) {
	+ $table->dropUnique(['discount', 'description', 'code', 'active']);
	+ }
	+ );
	}
	}
	diff --git a/src/database/seeds/production/PackageSeeder.php b/src/database/seeds/production/PackageSeeder.php
	--- a/src/database/seeds/production/PackageSeeder.php
	+++ b/src/database/seeds/production/PackageSeeder.php
	@@ -15,6 +15,7 @@
	*/
	public function run()
	{
	+ $skuActiveSync = Sku::firstOrCreate(['title' => 'activesync']);
	$skuGroupware = Sku::firstOrCreate(['title' => 'groupware']);
	$skuMailbox = Sku::firstOrCreate(['title' => 'mailbox']);
	$skuStorage = Sku::firstOrCreate(['title' => 'storage']);
	@@ -31,7 +32,8 @@
	$skus = [
	$skuMailbox,
	$skuGroupware,
	- $skuStorage
	+ $skuStorage,
	+ $skuActiveSync
	];

	$package->skus()->saveMany($skus);
	diff --git a/src/phpunit-fast b/src/phpunit-fast
	new file mode 120000
	--- /dev/null
	+++ b/src/phpunit-fast
	@@ -0,0 +1 @@
	+../bin/phpunit-fast
	\ No newline at end of file
	diff --git a/src/resources/countries.php b/src/resources/countries.php
	--- a/src/resources/countries.php
	+++ b/src/resources/countries.php
	@@ -1,6 +1,6 @@
	<?php return [
	'AF' => ['AFN','Afghanistan'],
	- 'AX' => ['EUR','Åland Islands'],
	+ 'AX' => ['EUR','Aland Islands'],
	'AL' => ['ALL','Albania'],
	'DZ' => ['DZD','Algeria'],
	'AS' => ['USD','American Samoa'],
	@@ -14,60 +14,62 @@
	'AU' => ['AUD','Australia'],
	'AT' => ['EUR','Austria'],
	'AZ' => ['AZN','Azerbaijan'],
	+ 'BS' => ['BSD','Bahamas'],
	'BH' => ['BHD','Bahrain'],
	'BD' => ['BDT','Bangladesh'],
	- 'BB' => ['USD','Barbados'],
	- 'BY' => ['BYN','Belarus'],
	+ 'BB' => ['BBD','Barbados'],
	+ 'BY' => ['BYR','Belarus'],
	'BE' => ['EUR','Belgium'],
	'BZ' => ['BZD','Belize'],
	'BJ' => ['XOF','Benin'],
	- 'BM' => ['USD','Bermuda'],
	- 'BT' => ['INR','Bhutan'],
	- 'BO' => ['BOV','Bolivia (Plurinational State of)'],
	- 'BQ' => ['USD','Bonaire, Sint Eustatius and Saba'],
	+ 'BM' => ['BMD','Bermuda'],
	+ 'BT' => ['BTN','Bhutan'],
	+ 'BO' => ['BOB','Bolivia'],
	+ 'BQ' => ['USD','Bonaire, Saint Eustatius and Saba '],
	'BA' => ['BAM','Bosnia and Herzegovina'],
	'BW' => ['BWP','Botswana'],
	'BV' => ['NOK','Bouvet Island'],
	'BR' => ['BRL','Brazil'],
	'IO' => ['USD','British Indian Ocean Territory'],
	+ 'VG' => ['USD','British Virgin Islands'],
	+ 'BN' => ['BND','Brunei'],
	'BG' => ['BGN','Bulgaria'],
	'BF' => ['XOF','Burkina Faso'],
	'BI' => ['BIF','Burundi'],
	- 'KH' => ['USD','Cambodia'],
	+ 'KH' => ['KHR','Cambodia'],
	'CM' => ['XAF','Cameroon'],
	'CA' => ['CAD','Canada'],
	+ 'CV' => ['CVE','Cape Verde'],
	'KY' => ['KYD','Cayman Islands'],
	'CF' => ['XAF','Central African Republic'],
	'TD' => ['XAF','Chad'],
	'CL' => ['CLP','Chile'],
	'CN' => ['CNY','China'],
	'CX' => ['AUD','Christmas Island'],
	- 'CC' => ['AUD','Cocos (Keeling) Islands'],
	- 'CO' => ['COU','Colombia'],
	+ 'CC' => ['AUD','Cocos Islands'],
	+ 'CO' => ['COP','Colombia'],
	'KM' => ['KMF','Comoros'],
	- 'CG' => ['XAF','Congo'],
	- 'CD' => ['CDF','Congo, Democratic Republic of the'],
	'CK' => ['NZD','Cook Islands'],
	'CR' => ['CRC','Costa Rica'],
	- 'CI' => ['XOF','Côte d\'Ivoire'],
	'HR' => ['HRK','Croatia'],
	'CU' => ['CUP','Cuba'],
	- 'CW' => ['ANG','Curaçao'],
	+ 'CW' => ['ANG','Curacao'],
	'CY' => ['EUR','Cyprus'],
	- 'CZ' => ['CZK','Czechia'],
	+ 'CZ' => ['CZK','Czech Republic'],
	+ 'CD' => ['CDF','Democratic Republic of the Congo'],
	'DK' => ['DKK','Denmark'],
	'DJ' => ['DJF','Djibouti'],
	'DM' => ['XCD','Dominica'],
	'DO' => ['DOP','Dominican Republic'],
	+ 'TL' => ['USD','East Timor'],
	'EC' => ['USD','Ecuador'],
	'EG' => ['EGP','Egypt'],
	'SV' => ['USD','El Salvador'],
	'GQ' => ['XAF','Equatorial Guinea'],
	'ER' => ['ERN','Eritrea'],
	'EE' => ['EUR','Estonia'],
	- 'SZ' => ['SZL','Eswatini'],
	'ET' => ['ETB','Ethiopia'],
	- 'FK' => ['FKP','Falkland Islands (Malvinas)'],
	+ 'FK' => ['FKP','Falkland Islands'],
	'FO' => ['DKK','Faroe Islands'],
	'FJ' => ['FJD','Fiji'],
	'FI' => ['EUR','Finland'],
	@@ -76,6 +78,7 @@
	'PF' => ['XPF','French Polynesia'],
	'TF' => ['EUR','French Southern Territories'],
	'GA' => ['XAF','Gabon'],
	+ 'GM' => ['GMD','Gambia'],
	'GE' => ['GEL','Georgia'],
	'DE' => ['EUR','Germany'],
	'GH' => ['GHS','Ghana'],
	@@ -86,10 +89,11 @@
	'GP' => ['EUR','Guadeloupe'],
	'GU' => ['USD','Guam'],
	'GT' => ['GTQ','Guatemala'],
	+ 'GG' => ['GBP','Guernsey'],
	'GN' => ['GNF','Guinea'],
	'GW' => ['XOF','Guinea-Bissau'],
	'GY' => ['GYD','Guyana'],
	- 'HT' => ['USD','Haiti'],
	+ 'HT' => ['HTG','Haiti'],
	'HM' => ['AUD','Heard Island and McDonald Islands'],
	'HN' => ['HNL','Honduras'],
	'HK' => ['HKD','Hong Kong'],
	@@ -97,12 +101,13 @@
	'IS' => ['ISK','Iceland'],
	'IN' => ['INR','India'],
	'ID' => ['IDR','Indonesia'],
	- 'IR' => ['IRR','Iran (Islamic Republic of)'],
	+ 'IR' => ['IRR','Iran'],
	'IQ' => ['IQD','Iraq'],
	'IE' => ['EUR','Ireland'],
	'IM' => ['GBP','Isle of Man'],
	'IL' => ['ILS','Israel'],
	'IT' => ['EUR','Italy'],
	+ 'CI' => ['XOF','Ivory Coast'],
	'JM' => ['JMD','Jamaica'],
	'JP' => ['JPY','Japan'],
	'JE' => ['GBP','Jersey'],
	@@ -110,20 +115,20 @@
	'KZ' => ['KZT','Kazakhstan'],
	'KE' => ['KES','Kenya'],
	'KI' => ['AUD','Kiribati'],
	- 'KP' => ['KPW','Korea (Democratic People\'s Republic of)'],
	- 'KR' => ['KRW','Korea, Republic of'],
	+ 'XK' => ['EUR','Kosovo'],
	'KW' => ['KWD','Kuwait'],
	'KG' => ['KGS','Kyrgyzstan'],
	- 'LA' => ['LAK','Lao People\'s Democratic Republic'],
	+ 'LA' => ['LAK','Laos'],
	'LV' => ['EUR','Latvia'],
	'LB' => ['LBP','Lebanon'],
	- 'LS' => ['ZAR','Lesotho'],
	+ 'LS' => ['LSL','Lesotho'],
	'LR' => ['LRD','Liberia'],
	'LY' => ['LYD','Libya'],
	'LI' => ['CHF','Liechtenstein'],
	'LT' => ['EUR','Lithuania'],
	'LU' => ['EUR','Luxembourg'],
	'MO' => ['MOP','Macao'],
	+ 'MK' => ['MKD','Macedonia'],
	'MG' => ['MGA','Madagascar'],
	'MW' => ['MWK','Malawi'],
	'MY' => ['MYR','Malaysia'],
	@@ -132,12 +137,12 @@
	'MT' => ['EUR','Malta'],
	'MH' => ['USD','Marshall Islands'],
	'MQ' => ['EUR','Martinique'],
	- 'MR' => ['MRU','Mauritania'],
	+ 'MR' => ['MRO','Mauritania'],
	'MU' => ['MUR','Mauritius'],
	'YT' => ['EUR','Mayotte'],
	- 'MX' => ['MXV','Mexico'],
	- 'FM' => ['USD','Micronesia (Federated States of)'],
	- 'MD' => ['MDL','Moldova, Republic of'],
	+ 'MX' => ['MXN','Mexico'],
	+ 'FM' => ['USD','Micronesia'],
	+ 'MD' => ['MDL','Moldova'],
	'MC' => ['EUR','Monaco'],
	'MN' => ['MNT','Mongolia'],
	'ME' => ['EUR','Montenegro'],
	@@ -145,9 +150,10 @@
	'MA' => ['MAD','Morocco'],
	'MZ' => ['MZN','Mozambique'],
	'MM' => ['MMK','Myanmar'],
	- 'NA' => ['ZAR','Namibia'],
	+ 'NA' => ['NAD','Namibia'],
	'NR' => ['AUD','Nauru'],
	'NP' => ['NPR','Nepal'],
	+ 'NL' => ['EUR','Netherlands'],
	'NC' => ['XPF','New Caledonia'],
	'NZ' => ['NZD','New Zealand'],
	'NI' => ['NIO','Nicaragua'],
	@@ -155,13 +161,14 @@
	'NG' => ['NGN','Nigeria'],
	'NU' => ['NZD','Niue'],
	'NF' => ['AUD','Norfolk Island'],
	- 'MK' => ['MKD','North Macedonia'],
	+ 'KP' => ['KPW','North Korea'],
	'MP' => ['USD','Northern Mariana Islands'],
	'NO' => ['NOK','Norway'],
	'OM' => ['OMR','Oman'],
	'PK' => ['PKR','Pakistan'],
	'PW' => ['USD','Palau'],
	- 'PA' => ['USD','Panama'],
	+ 'PS' => ['ILS','Palestinian Territory'],
	+ 'PA' => ['PAB','Panama'],
	'PG' => ['PGK','Papua New Guinea'],
	'PY' => ['PYG','Paraguay'],
	'PE' => ['PEN','Peru'],
	@@ -171,42 +178,49 @@
	'PT' => ['EUR','Portugal'],
	'PR' => ['USD','Puerto Rico'],
	'QA' => ['QAR','Qatar'],
	- 'RE' => ['EUR','Réunion'],
	+ 'CG' => ['XAF','Republic of the Congo'],
	+ 'RE' => ['EUR','Reunion'],
	'RO' => ['RON','Romania'],
	- 'RU' => ['RUB','Russian Federation'],
	+ 'RU' => ['RUB','Russia'],
	'RW' => ['RWF','Rwanda'],
	- 'BL' => ['EUR','Saint Barthélemy'],
	+ 'BL' => ['EUR','Saint Barthelemy'],
	+ 'SH' => ['SHP','Saint Helena'],
	'KN' => ['XCD','Saint Kitts and Nevis'],
	'LC' => ['XCD','Saint Lucia'],
	- 'MF' => ['EUR','Saint Martin (French part)'],
	+ 'MF' => ['EUR','Saint Martin'],
	'PM' => ['EUR','Saint Pierre and Miquelon'],
	'VC' => ['XCD','Saint Vincent and the Grenadines'],
	'WS' => ['WST','Samoa'],
	'SM' => ['EUR','San Marino'],
	+ 'ST' => ['STD','Sao Tome and Principe'],
	'SA' => ['SAR','Saudi Arabia'],
	'SN' => ['XOF','Senegal'],
	'RS' => ['RSD','Serbia'],
	'SC' => ['SCR','Seychelles'],
	'SL' => ['SLL','Sierra Leone'],
	'SG' => ['SGD','Singapore'],
	- 'SX' => ['ANG','Sint Maarten (Dutch part)'],
	+ 'SX' => ['ANG','Sint Maarten'],
	'SK' => ['EUR','Slovakia'],
	'SI' => ['EUR','Slovenia'],
	'SB' => ['SBD','Solomon Islands'],
	'SO' => ['SOS','Somalia'],
	'ZA' => ['ZAR','South Africa'],
	+ 'GS' => ['GBP','South Georgia and the South Sandwich Islands'],
	+ 'KR' => ['KRW','South Korea'],
	'SS' => ['SSP','South Sudan'],
	'ES' => ['EUR','Spain'],
	'LK' => ['LKR','Sri Lanka'],
	'SD' => ['SDG','Sudan'],
	'SR' => ['SRD','Suriname'],
	+ 'SJ' => ['NOK','Svalbard and Jan Mayen'],
	+ 'SZ' => ['SZL','Swaziland'],
	'SE' => ['SEK','Sweden'],
	- 'CH' => ['CHW','Switzerland'],
	- 'SY' => ['SYP','Syrian Arab Republic'],
	+ 'CH' => ['CHF','Switzerland'],
	+ 'SY' => ['SYP','Syria'],
	+ 'TW' => ['TWD','Taiwan'],
	'TJ' => ['TJS','Tajikistan'],
	- 'TZ' => ['TZS','Tanzania, United Republic of'],
	+ 'TZ' => ['TZS','Tanzania'],
	'TH' => ['THB','Thailand'],
	- 'TL' => ['USD','Timor-Leste'],
	'TG' => ['XOF','Togo'],
	'TK' => ['NZD','Tokelau'],
	'TO' => ['TOP','Tonga'],
	@@ -216,22 +230,22 @@
	'TM' => ['TMT','Turkmenistan'],
	'TC' => ['USD','Turks and Caicos Islands'],
	'TV' => ['AUD','Tuvalu'],
	+ 'VI' => ['USD','U.S. Virgin Islands'],
	'UG' => ['UGX','Uganda'],
	'UA' => ['UAH','Ukraine'],
	'AE' => ['AED','United Arab Emirates'],
	- 'GB' => ['GBP','United Kingdom of Great Britain and Northern Ireland'],
	- 'US' => ['USN','United States of America'],
	+ 'GB' => ['GBP','United Kingdom'],
	+ 'US' => ['USD','United States'],
	'UM' => ['USD','United States Minor Outlying Islands'],
	- 'UY' => ['UYW','Uruguay'],
	+ 'UY' => ['UYU','Uruguay'],
	'UZ' => ['UZS','Uzbekistan'],
	'VU' => ['VUV','Vanuatu'],
	- 'VE' => ['VES','Venezuela (Bolivarian Republic of)'],
	- 'VN' => ['VND','Viet Nam'],
	- 'VG' => ['USD','Virgin Islands (British)'],
	- 'VI' => ['USD','Virgin Islands (U.S.)'],
	+ 'VA' => ['EUR','Vatican'],
	+ 'VE' => ['VEF','Venezuela'],
	+ 'VN' => ['VND','Vietnam'],
	'WF' => ['XPF','Wallis and Futuna'],
	'EH' => ['MAD','Western Sahara'],
	'YE' => ['YER','Yemen'],
	- 'ZM' => ['ZMW','Zambia'],
	+ 'ZM' => ['ZMK','Zambia'],
	'ZW' => ['ZWL','Zimbabwe'],
	];
	diff --git a/src/resources/js/app.js b/src/resources/js/app.js
	--- a/src/resources/js/app.js
	+++ b/src/resources/js/app.js
	@@ -72,7 +72,6 @@
	let timeout = response.expires_in \|\| 0

	// We'll refresh 60 seconds before the token expires
	- // or immediately when we have no expiration time (on token re-use)
	if (timeout > 60) {
	timeout -= 60
	}
	@@ -85,7 +84,6 @@
	axios.post('/api/auth/refresh').then(response => {
	this.loginUser(response.data, false, true)
	})
	-
	}, timeout * 1000)
	},
	// Set user state to "not logged in"
	@@ -113,7 +111,7 @@
	startLoading() {
	this.isLoading = true
	// Lock the UI with the 'loading...' element
	- let loading = $('#app > .app-loader').show()
	+ let loading = $('#app > .app-loader').removeClass('fadeOut')
	if (!loading.length) {
	$('#app').append($(loader))
	}
	@@ -183,7 +181,7 @@
	})
	},
	price(price, currency) {
	- return (price/100).toLocaleString('de-DE', { style: 'currency', currency: currency \|\| 'CHF' })
	+ return ((price \|\| 0) / 100).toLocaleString('de-DE', { style: 'currency', currency: currency \|\| 'CHF' })
	},
	priceLabel(cost, units = 1, discount) {
	let index = ''
	@@ -201,7 +199,10 @@
	},
	clickRecord(event) {
	if (!/^(a\|button\|svg\|path)$/i.test(event.target.nodeName)) {
	- $(event.target).closest('tr').find('a')[0].click()
	+ let link = $(event.target).closest('tr').find('a')[0]
	+ if (link) {
	+ link.click()
	+ }
	}
	},
	domainStatusClass(domain) {
	diff --git a/src/resources/js/bootstrap.js b/src/resources/js/bootstrap.js
	--- a/src/resources/js/bootstrap.js
	+++ b/src/resources/js/bootstrap.js
	@@ -50,7 +50,16 @@

	Vue.use(VueRouter)

	+let vueRouterBase = '/'
	+try {
	+ let url = new URL(window.config['app.url'])
	+ vueRouterBase = url.pathname
	+} catch(e) {
	+ // ignore
	+}
	+
	window.router = new VueRouter({
	+ base: vueRouterBase,
	mode: 'history',
	routes: window.routes,
	scrollBehavior (to, from, savedPosition) {
	@@ -88,5 +97,5 @@
	*/

	window.axios = require('axios')
	-
	+axios.defaults.baseURL = vueRouterBase
	axios.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest'
	diff --git a/src/resources/lang/en/app.php b/src/resources/lang/en/app.php
	--- a/src/resources/lang/en/app.php
	+++ b/src/resources/lang/en/app.php
	@@ -31,12 +31,15 @@

	'domain-verify-success' => 'Domain verified successfully.',
	'domain-verify-error' => 'Domain ownership verification failed.',
	+ 'domain-suspend-success' => 'Domain suspended successfully.',
	+ 'domain-unsuspend-success' => 'Domain unsuspended successfully.',

	'user-update-success' => 'User data updated successfully.',
	'user-create-success' => 'User created successfully.',
	'user-delete-success' => 'User deleted successfully.',
	'user-suspend-success' => 'User suspended successfully.',
	'user-unsuspend-success' => 'User unsuspended successfully.',
	+ 'user-reset-2fa-success' => '2-Factor authentication reset successfully.',

	'search-foundxdomains' => ':x domains have been found.',
	'search-foundxusers' => ':x user accounts have been found.',
	diff --git a/src/resources/lang/en/mail.php b/src/resources/lang/en/mail.php
	--- a/src/resources/lang/en/mail.php
	+++ b/src/resources/lang/en/mail.php
	@@ -17,11 +17,30 @@
	'more-info-html' => "See <a href=\":href\">here</a> for more information.",
	'more-info-text' => "See :href for more information.",

	- 'negativebalance-subject' => ":site Payment Reminder",
	- 'negativebalance-body' => "It has probably skipped your attention that you are behind on paying for your :site account. "
	- . "Consider setting up auto-payment to avoid messages like this in the future.",
	+ 'negativebalance-subject' => ":site Payment Required",
	+ 'negativebalance-body' => "This is a notification to let you know that your :site account balance has run into the negative and requires your attention. "
	+ . "Consider setting up an automatic payment to avoid messages like this in the future.",
	'negativebalance-body-ext' => "Settle up to keep your account running:",

	+ 'negativebalancereminder-subject' => ":site Payment Reminder",
	+ 'negativebalancereminder-body' => "It has probably skipped your attention that you are behind on paying for your :site account. "
	+ . "Consider setting up an automatic payment to avoid messages like this in the future.",
	+ 'negativebalancereminder-body-ext' => "Settle up to keep your account running:",
	+ 'negativebalancereminder-body-warning' => "Please, be aware that your account will be suspended "
	+ . "if your account balance is not settled by :date.",
	+
	+ 'negativebalancesuspended-subject' => ":site Account Suspended",
	+ 'negativebalancesuspended-body' => "Your :site account has been suspended for having a negative balance for too long. "
	+ . "Consider setting up an automatic payment to avoid messages like this in the future.",
	+ 'negativebalancesuspended-body-ext' => "Settle up now to unsuspend your account:",
	+ 'negativebalancesuspended-body-warning' => "Please, be aware that your account and all its data will be deleted "
	+ . "if your account balance is not settled by :date.",
	+
	+ 'negativebalancebeforedelete-subject' => ":site Final Warning",
	+ 'negativebalancebeforedelete-body' => "This is a final reminder to settle your :site account balance. "
	+ . "Your account and all its data will be deleted if your account balance is not settled by :date.",
	+ 'negativebalancebeforedelete-body-ext' => "Settle up now to keep your account:",
	+
	'passwordreset-subject' => ":site Password Reset",
	'passwordreset-body1' => "Someone recently asked to change your :site password.",
	'passwordreset-body2' => "If this was you, use this verification code to complete the process:",
	diff --git a/src/resources/sass/app.scss b/src/resources/sass/app.scss
	--- a/src/resources/sass/app.scss
	+++ b/src/resources/sass/app.scss
	@@ -113,6 +113,7 @@
	td {
	vertical-align: middle;
	height: 8em;
	+ border: 0;
	}

	tbody:not(:empty) + & {
	@@ -319,6 +320,16 @@
	margin-bottom: 0.5rem;
	}

	+ .nav-tabs {
	+ flex-wrap: nowrap;
	+ overflow-x: auto;
	+
	+ .nav-link {
	+ white-space: nowrap;
	+ padding: 0.5rem 0.75rem;
	+ }
	+ }
	+
	.tab-content {
	margin-top: 0.5rem;
	}
	@@ -343,6 +354,7 @@
	#app > div.container {
	margin-bottom: 1rem;
	margin-top: 1rem;
	+ max-width: 100%;
	}

	#header-menu-navbar {
	@@ -367,4 +379,55 @@
	}
	}
	}
	+
	+ .table.transactions {
	+ thead {
	+ display: none;
	+ }
	+
	+ tbody {
	+ tr {
	+ position: relative;
	+ display: flex;
	+ flex-wrap: wrap;
	+ }
	+
	+ td {
	+ width: auto;
	+ border: 0;
	+ padding: 0.5rem;
	+
	+ &.datetime {
	+ width: 50%;
	+ padding-left: 0;
	+ }
	+
	+ &.description {
	+ order: 3;
	+ width: 100%;
	+ border-bottom: 1px solid $border-color;
	+ color: $secondary;
	+ padding: 0 1.5em 0.5rem 0;
	+ margin-top: -0.25em;
	+ }
	+
	+ &.selection {
	+ position: absolute;
	+ right: 0;
	+ border: 0;
	+ top: 1.7em;
	+ padding-right: 0;
	+ }
	+
	+ &.price {
	+ width: 50%;
	+ padding-right: 0;
	+ }
	+
	+ &.email {
	+ display: none;
	+ }
	+ }
	+ }
	+ }
	}
	diff --git a/src/resources/sass/menu.scss b/src/resources/sass/menu.scss
	--- a/src/resources/sass/menu.scss
	+++ b/src/resources/sass/menu.scss
	@@ -38,6 +38,7 @@
	#footer-menu {
	background-color: $main-color;
	height: 100px;
	+ overflow: hidden;

	.navbar-brand {
	margin: 0;
	@@ -76,16 +77,16 @@
	}
	}

	- #footer-menu {
	+ .navbar {
	.navbar {
	- flex-direction: column;
	- align-items: flex-end;
	+ justify-content: flex-end;
	}
	}

	- .navbar {
	+ #footer-menu {
	.navbar {
	- justify-content: flex-end;
	+ flex-direction: column;
	+ align-items: flex-end;
	}
	}
	}
	diff --git a/src/resources/views/documents/receipt.blade.php b/src/resources/views/documents/receipt.blade.php
	--- a/src/resources/views/documents/receipt.blade.php
	+++ b/src/resources/views/documents/receipt.blade.php
	@@ -26,7 +26,7 @@
	{!! $customer['customer'] !!}
	</td>
	<td class="idents">
	- <span class="gray">{{ __('documents.account-id') }}</span> {{ $customer['wallet_id'] }}<br>
	+ {{--<span class="gray">{{ __('documents.account-id') }}</span> {{ $customer['wallet_id'] }}<br>--}}
	<span class="gray">{{ __('documents.customer-no') }}</span> {{ $customer['id'] }}
	</td>
	</tr>
	diff --git a/src/resources/views/emails/html/negative_balance_before_delete.blade.php b/src/resources/views/emails/html/negative_balance_before_delete.blade.php
	new file mode 100644
	--- /dev/null
	+++ b/src/resources/views/emails/html/negative_balance_before_delete.blade.php
	@@ -0,0 +1,21 @@
	+<!DOCTYPE html>
	+<html lang="{{ str_replace('_', '-', app()->getLocale()) }}">
	+ <head>
	+ <meta charset="utf-8">
	+ </head>
	+ <body>
	+ <p>{{ __('mail.header', ['name' => $username]) }}</p>
	+
	+ <p>{{ __('mail.negativebalancebeforedelete-body', ['site' => $site, 'date' => $date]) }}</p>
	+ <p>{{ __('mail.negativebalancebeforedelete-body-ext', ['site' => $site]) }}</p>
	+ <p><a href="{{ $walletUrl }}">{{ $walletUrl }}</a></p>
	+
	+@if ($supportUrl)
	+ <p>{{ __('mail.support', ['site' => $site]) }}</p>
	+ <p><a href="{{ $supportUrl }}">{{ $supportUrl }}</a></p>
	+@endif
	+
	+ <p>{{ __('mail.footer1') }}</p>
	+ <p>{{ __('mail.footer2', ['site' => $site]) }}</p>
	+ </body>
	+</html>
	diff --git a/src/resources/views/emails/html/negative_balance_reminder.blade.php b/src/resources/views/emails/html/negative_balance_reminder.blade.php
	new file mode 100644
	--- /dev/null
	+++ b/src/resources/views/emails/html/negative_balance_reminder.blade.php
	@@ -0,0 +1,22 @@
	+<!DOCTYPE html>
	+<html lang="{{ str_replace('_', '-', app()->getLocale()) }}">
	+ <head>
	+ <meta charset="utf-8">
	+ </head>
	+ <body>
	+ <p>{{ __('mail.header', ['name' => $username]) }}</p>
	+
	+ <p>{{ __('mail.negativebalancereminder-body', ['site' => $site]) }}</p>
	+ <p>{{ __('mail.negativebalancereminder-body-ext', ['site' => $site]) }}</p>
	+ <p><a href="{{ $walletUrl }}">{{ $walletUrl }}</a></p>
	+ <p><b>{{ __('mail.negativebalancereminder-body-warning', ['site' => $site, 'date' => $date]) }}</b></p>
	+
	+@if ($supportUrl)
	+ <p>{{ __('mail.support', ['site' => $site]) }}</p>
	+ <p><a href="{{ $supportUrl }}">{{ $supportUrl }}</a></p>
	+@endif
	+
	+ <p>{{ __('mail.footer1') }}</p>
	+ <p>{{ __('mail.footer2', ['site' => $site]) }}</p>
	+ </body>
	+</html>
	diff --git a/src/resources/views/emails/html/negative_balance_suspended.blade.php b/src/resources/views/emails/html/negative_balance_suspended.blade.php
	new file mode 100644
	--- /dev/null
	+++ b/src/resources/views/emails/html/negative_balance_suspended.blade.php
	@@ -0,0 +1,22 @@
	+<!DOCTYPE html>
	+<html lang="{{ str_replace('_', '-', app()->getLocale()) }}">
	+ <head>
	+ <meta charset="utf-8">
	+ </head>
	+ <body>
	+ <p>{{ __('mail.header', ['name' => $username]) }}</p>
	+
	+ <p>{{ __('mail.negativebalancesuspended-body', ['site' => $site]) }}</p>
	+ <p>{{ __('mail.negativebalancesuspended-body-ext', ['site' => $site]) }}</p>
	+ <p><a href="{{ $walletUrl }}">{{ $walletUrl }}</a></p>
	+ <p><b>{{ __('mail.negativebalancesuspended-body-warning', ['site' => $site, 'date' => $date]) }}</b></p>
	+
	+@if ($supportUrl)
	+ <p>{{ __('mail.support', ['site' => $site]) }}</p>
	+ <p><a href="{{ $supportUrl }}">{{ $supportUrl }}</a></p>
	+@endif
	+
	+ <p>{{ __('mail.footer1') }}</p>
	+ <p>{{ __('mail.footer2', ['site' => $site]) }}</p>
	+ </body>
	+</html>
	diff --git a/src/resources/views/emails/plain/negative_balance_before_delete.blade.php b/src/resources/views/emails/plain/negative_balance_before_delete.blade.php
	new file mode 100644
	--- /dev/null
	+++ b/src/resources/views/emails/plain/negative_balance_before_delete.blade.php
	@@ -0,0 +1,17 @@
	+{!! __('mail.header', ['name' => $username]) !!}
	+
	+{!! __('mail.negativebalancebeforedelete-body', ['site' => $site, 'date' => $date]) !!}
	+
	+{!! __('mail.negativebalancebeforedelete-body-ext', ['site' => $site]) !!}
	+
	+{!! $walletUrl !!}
	+
	+@if ($supportUrl)
	+{!! __('mail.support', ['site' => $site]) !!}
	+
	+{!! $supportUrl !!}
	+@endif
	+
	+--
	+{!! __('mail.footer1') !!}
	+{!! __('mail.footer2', ['site' => $site]) !!}
	diff --git a/src/resources/views/emails/plain/negative_balance_reminder.blade.php b/src/resources/views/emails/plain/negative_balance_reminder.blade.php
	new file mode 100644
	--- /dev/null
	+++ b/src/resources/views/emails/plain/negative_balance_reminder.blade.php
	@@ -0,0 +1,19 @@
	+{!! __('mail.header', ['name' => $username]) !!}
	+
	+{!! __('mail.negativebalancereminder-body', ['site' => $site]) !!}
	+
	+{!! __('mail.negativebalancereminder-body-ext', ['site' => $site]) !!}
	+
	+{!! $walletUrl !!}
	+
	+{!! __('mail.negativebalancereminder-body-warning', ['site' => $site, 'date' => $date]) !!}
	+
	+@if ($supportUrl)
	+{!! __('mail.support', ['site' => $site]) !!}
	+
	+{!! $supportUrl !!}
	+@endif
	+
	+--
	+{!! __('mail.footer1') !!}
	+{!! __('mail.footer2', ['site' => $site]) !!}
	diff --git a/src/resources/views/emails/plain/negative_balance_suspended.blade.php b/src/resources/views/emails/plain/negative_balance_suspended.blade.php
	new file mode 100644
	--- /dev/null
	+++ b/src/resources/views/emails/plain/negative_balance_suspended.blade.php
	@@ -0,0 +1,19 @@
	+{!! __('mail.header', ['name' => $username]) !!}
	+
	+{!! __('mail.negativebalancesuspended-body', ['site' => $site]) !!}
	+
	+{!! __('mail.negativebalancesuspended-body-ext', ['site' => $site]) !!}
	+
	+{!! $walletUrl !!}
	+
	+{!! __('mail.negativebalancesuspended-body-warning', ['site' => $site, 'date' => $date]) !!}
	+
	+@if ($supportUrl)
	+{!! __('mail.support', ['site' => $site]) !!}
	+
	+{!! $supportUrl !!}
	+@endif
	+
	+--
	+{!! __('mail.footer1') !!}
	+{!! __('mail.footer2', ['site' => $site]) !!}
	diff --git a/src/resources/views/layouts/app.blade.php b/src/resources/views/layouts/app.blade.php
	--- a/src/resources/views/layouts/app.blade.php
	+++ b/src/resources/views/layouts/app.blade.php
	@@ -3,14 +3,14 @@
	<head>
	<meta charset="utf-8">
	<meta http-equiv="X-UA-Compatible" content="IE=edge">
	- <meta name="viewport" content="width=device-width, initial-scale=1">
	+ <meta name="viewport" content="width=device-width, initial-scale=1.0, shrink-to-fit=no, maximum-scale=1.0">
	<meta name="csrf-token" content="{{ csrf_token() }}">

	<title>{{ config('app.name') }} -- @yield('title')</title>

	{{-- TODO: PWA disabled for now: @laravelPWA --}}
	<link rel="icon" type="image/x-icon" href="{{ asset('images/favicon.ico') }}">
	- <link href="{{ asset('css/app.css') }}" rel="stylesheet">
	+ <link href="{{ secure_asset('css/app.css') }}" rel="stylesheet">
	</head>
	<body>
	<div class="outer-container">
	@@ -18,6 +18,6 @@
	</div>

	<script>window.config = {!! json_encode($env) !!}</script>
	- <script src="{{ asset('js/' . $env['jsapp']) }}" defer></script>
	+ <script src="{{ secure_asset('js/' . $env['jsapp']) }}" defer></script>
	</body>
	</html>
	diff --git a/src/resources/vue/Admin/Dashboard.vue b/src/resources/vue/Admin/Dashboard.vue
	--- a/src/resources/vue/Admin/Dashboard.vue
	+++ b/src/resources/vue/Admin/Dashboard.vue
	@@ -15,17 +15,23 @@
	<tr>
	<th scope="col">Primary Email</th>
	<th scope="col">ID</th>
	+ <th scope="col" class="d-none d-md-table-cell">Created</th>
	+ <th scope="col" class="d-none d-md-table-cell">Deleted</th>
	</tr>
	</thead>
	<tbody>
	- <tr v-for="user in users" :id="'user' + user.id" :key="user.id">
	- <td>
	+ <tr v-for="user in users" :id="'user' + user.id" :key="user.id" :class="user.isDeleted ? 'text-secondary' : ''">
	+ <td class="text-nowrap">
	<svg-icon icon="user" :class="$root.userStatusClass(user)" :title="$root.userStatusText(user)"></svg-icon>
	- <router-link :to="{ path: 'user/' + user.id }">{{ user.email }}</router-link>
	+ <router-link v-if="!user.isDeleted" :to="{ path: 'user/' + user.id }">{{ user.email }}</router-link>
	+ <span v-if="user.isDeleted">{{ user.email }}</span>
	</td>
	<td>
	- <router-link :to="{ path: 'user/' + user.id }">{{ user.id }}</router-link>
	+ <router-link v-if="!user.isDeleted" :to="{ path: 'user/' + user.id }">{{ user.id }}</router-link>
	+ <span v-if="user.isDeleted">{{ user.id }}</span>
	</td>
	+ <td class="d-none d-md-table-cell">{{ toDate(user.created_at) }}</td>
	+ <td class="d-none d-md-table-cell">{{ toDate(user.deleted_at) }}</td>
	</tr>
	</tbody>
	</table>
	@@ -65,7 +71,7 @@

	axios.get('/api/v4/users', { params: { search: this.search } })
	.then(response => {
	- if (response.data.count == 1) {
	+ if (response.data.count == 1 && !response.data.list[0].isDeleted) {
	this.$router.push({ name: 'user', params: { user: response.data.list[0].id } })
	return
	}
	@@ -77,6 +83,11 @@
	this.users = response.data.list
	})
	.catch(this.$root.errorHandler)
	+ },
	+ toDate(datetime) {
	+ if (datetime) {
	+ return datetime.split(' ')[0]
	+ }
	}
	}
	}
	diff --git a/src/resources/vue/Admin/Domain.vue b/src/resources/vue/Admin/Domain.vue
	--- a/src/resources/vue/Admin/Domain.vue
	+++ b/src/resources/vue/Admin/Domain.vue
	@@ -22,6 +22,10 @@
	</div>
	</div>
	</form>
	+ <div class="mt-2">
	+ <button v-if="!domain.isSuspended" id="button-suspend" class="btn btn-warning" type="button" @click="suspendDomain">Suspend</button>
	+ <button v-if="domain.isSuspended" id="button-unsuspend" class="btn btn-warning" type="button" @click="unsuspendDomain">Unsuspend</button>
	+ </div>
	</div>
	</div>
	</div>
	@@ -64,6 +68,24 @@
	.catch(this.$root.errorHandler)
	},
	methods: {
	+ suspendDomain() {
	+ axios.post('/api/v4/domains/' + this.domain.id + '/suspend', {})
	+ .then(response => {
	+ if (response.data.status == 'success') {
	+ this.$toast.success(response.data.message)
	+ this.domain = Object.assign({}, this.domain, { isSuspended: true })
	+ }
	+ })
	+ },
	+ unsuspendDomain() {
	+ axios.post('/api/v4/domains/' + this.domain.id + '/unsuspend', {})
	+ .then(response => {
	+ if (response.data.status == 'success') {
	+ this.$toast.success(response.data.message)
	+ this.domain = Object.assign({}, this.domain, { isSuspended: false })
	+ }
	+ })
	+ }
	}
	}
	</script>
	diff --git a/src/resources/vue/Admin/User.vue b/src/resources/vue/Admin/User.vue
	--- a/src/resources/vue/Admin/User.vue
	+++ b/src/resources/vue/Admin/User.vue
	@@ -176,7 +176,7 @@
	<div class="tab-pane" id="user-subscriptions" role="tabpanel" aria-labelledby="tab-subscriptions">
	<div class="card-body">
	<div class="card-text">
	- <table class="table table-sm table-hover">
	+ <table class="table table-sm table-hover mb-0">
	<thead class="thead-light">
	<tr>
	<th scope="col">Subscription</th>
	@@ -184,7 +184,7 @@
	</tr>
	</thead>
	<tbody>
	- <tr v-for="(sku, sku_id) in skus" :id="'sku' + sku_id" :key="sku_id">
	+ <tr v-for="(sku, sku_id) in skus" :id="'sku' + sku.id" :key="sku_id">
	<td>{{ sku.name }}</td>
	<td>{{ sku.price }}</td>
	</tr>
	@@ -199,6 +199,9 @@
	<hr class="m-0">
	¹ applied discount: {{ discount }}% - {{ discount_description }}
	</small>
	+ <div class="mt-2">
	+ <button type="button" class="btn btn-danger" id="reset2fa" v-if="has2FA" @click="reset2FADialog">Reset 2-Factor Auth</button>
	+ </div>
	</div>
	</div>
	</div>
	@@ -241,7 +244,8 @@
	<tr v-for="item in users" :id="'user' + item.id" :key="item.id" @click="$root.clickRecord">
	<td>
	<svg-icon icon="user" :class="$root.userStatusClass(item)" :title="$root.userStatusText(item)"></svg-icon>
	- <router-link :to="{ path: '/user/' + item.id }">{{ item.email }}</router-link>
	+ <router-link v-if="item.id != user.id" :to="{ path: '/user/' + item.id }">{{ item.email }}</router-link>
	+ <span v-else>{{ item.email }}</span>
	</td>
	</tr>
	</tbody>
	@@ -342,6 +346,28 @@
	</div>
	</div>
	</div>
	+
	+ <div id="reset-2fa-dialog" class="modal" tabindex="-1" role="dialog">
	+ <div class="modal-dialog" role="document">
	+ <div class="modal-content">
	+ <div class="modal-header">
	+ <h5 class="modal-title">2-Factor Authentication Reset</h5>
	+ <button type="button" class="close" data-dismiss="modal" aria-label="Close">
	+ <span aria-hidden="true">×</span>
	+ </button>
	+ </div>
	+ <div class="modal-body">
	+ <p>This will remove 2-Factor Authentication entitlement as well
	+ as the user-configured factors.</p>
	+ <p>Please, make sure to confirm the user identity properly.</p>
	+ </div>
	+ <div class="modal-footer">
	+ <button type="button" class="btn btn-secondary modal-cancel" data-dismiss="modal">Cancel</button>
	+ <button type="button" class="btn btn-danger modal-action" @click="reset2FA()">Reset</button>
	+ </div>
	+ </div>
	+ </div>
	+ </div>
	</div>
	</template>

	@@ -369,10 +395,12 @@
	discount_description: '',
	discounts: [],
	external_email: '',
	+ has2FA: false,
	wallet: {},
	walletReload: false,
	domains: [],
	skus: [],
	+ sku2FA: null,
	users: [],
	user: {
	aliases: [],
	@@ -394,12 +422,14 @@

	const financesTab = '#user-finances'
	const keys = ['first_name', 'last_name', 'external_email', 'billing_address', 'phone', 'organization']
	- const country = this.user.settings.country

	- if (country) {
	- this.user.country = window.config.countries[country][1]
	+ let country = this.user.settings.country
	+ if (country && country in window.config.countries) {
	+ country = window.config.countries[country][1]
	}

	+ this.user.country = country
	+
	keys.forEach(key => { this.user[key] = this.user.settings[key] })

	this.discount = this.user.wallet.discount
	@@ -437,6 +467,11 @@
	}

	this.skus.push(item)
	+
	+ if (sku.title == '2fa') {
	+ this.has2FA = true
	+ this.sku2FA = sku.id
	+ }
	}
	})
	})
	@@ -445,9 +480,7 @@
	// TODO: Multiple wallets
	axios.get('/api/v4/users?owner=' + user_id)
	.then(response => {
	- this.users = response.data.list.filter(user => {
	- return user.id != user_id;
	- })
	+ this.users = response.data.list;
	})

	// Fetch domains
	@@ -513,6 +546,20 @@
	this.walletReload = true
	this.$nextTick(() => { this.walletReload = false })
	},
	+ reset2FA() {
	+ $('#reset-2fa-dialog').modal('hide')
	+ axios.post('/api/v4/users/' + this.user.id + '/reset2FA')
	+ .then(response => {
	+ if (response.data.status == 'success') {
	+ this.$toast.success(response.data.message)
	+ this.skus = this.skus.filter(sku => sku.id != this.sku2FA)
	+ this.has2FA = false
	+ }
	+ })
	+ },
	+ reset2FADialog() {
	+ $('#reset-2fa-dialog').modal()
	+ },
	submitDiscount() {
	$('#discount-dialog').modal('hide')

	diff --git a/src/resources/vue/App.vue b/src/resources/vue/App.vue
	--- a/src/resources/vue/App.vue
	+++ b/src/resources/vue/App.vue
	@@ -17,11 +17,11 @@
	this.$root.startLoading()
	axios.defaults.headers.common.Authorization = 'Bearer ' + token

	- axios.get('/api/auth/info')
	+ axios.get('/api/auth/info?refresh_token=1')
	.then(response => {
	this.isLoading = false
	this.$root.stopLoading()
	- this.$root.loginUser({ access_token: token }, false)
	+ this.$root.loginUser(response.data, false)
	this.$store.state.authInfo = response.data
	})
	.catch(error => {
	diff --git a/src/resources/vue/Dashboard.vue b/src/resources/vue/Dashboard.vue
	--- a/src/resources/vue/Dashboard.vue
	+++ b/src/resources/vue/Dashboard.vue
	@@ -6,13 +6,13 @@
	<router-link class="card link-profile" :to="{ name: 'profile' }">
	<svg-icon icon="user-cog"></svg-icon><span class="name">Your profile</span>
	</router-link>
	- <router-link class="card link-domains" :to="{ name: 'domains' }">
	+ <router-link v-if="status.enableDomains" class="card link-domains" :to="{ name: 'domains' }">
	<svg-icon icon="globe"></svg-icon><span class="name">Domains</span>
	</router-link>
	- <router-link class="card link-users" :to="{ name: 'users' }">
	+ <router-link v-if="status.enableUsers" class="card link-users" :to="{ name: 'users' }">
	<svg-icon icon="users"></svg-icon><span class="name">User accounts</span>
	</router-link>
	- <router-link class="card link-wallet" :to="{ name: 'wallet' }">
	+ <router-link v-if="status.enableWallets" class="card link-wallet" :to="{ name: 'wallet' }">
	<svg-icon icon="wallet"></svg-icon><span class="name">Wallet</span>
	<span v-if="balance < 0" class="badge badge-danger">{{ $root.price(balance) }}</span>
	</router-link>
	diff --git a/src/resources/vue/Domain/Info.vue b/src/resources/vue/Domain/Info.vue
	--- a/src/resources/vue/Domain/Info.vue
	+++ b/src/resources/vue/Domain/Info.vue
	@@ -53,12 +53,17 @@
	},
	created() {
	if (this.domain_id = this.$route.params.domain) {
	+ this.$root.startLoading()
	+
	axios.get('/api/v4/domains/' + this.domain_id)
	.then(response => {
	+ this.$root.stopLoading()
	this.domain = response.data
	+
	if (!this.domain.isConfirmed) {
	$('#domain-verify button').focus()
	}
	+
	this.status = response.data.statusInfo
	})
	.catch(this.$root.errorHandler)
	diff --git a/src/resources/vue/Domain/List.vue b/src/resources/vue/Domain/List.vue
	--- a/src/resources/vue/Domain/List.vue
	+++ b/src/resources/vue/Domain/List.vue
	@@ -20,6 +20,11 @@
	<td class="buttons"></td>
	</tr>
	</tbody>
	+ <tfoot class="table-fake-body">
	+ <tr>
	+ <td colspan="2">There are no domains in this account.</td>
	+ </tr>
	+ </tfoot>
	</table>
	</div>
	</div>
	@@ -35,8 +40,11 @@
	}
	},
	created() {
	+ this.$root.startLoading()
	+
	axios.get('/api/v4/domains')
	.then(response => {
	+ this.$root.stopLoading()
	this.domains = response.data
	})
	.catch(this.$root.errorHandler)
	diff --git a/src/resources/vue/User/Info.vue b/src/resources/vue/User/Info.vue
	--- a/src/resources/vue/User/Info.vue
	+++ b/src/resources/vue/User/Info.vue
	@@ -193,10 +193,14 @@
	this.discount_description = wallet.discount_description
	}

	+ this.$root.startLoading()
	+
	if (this.user_id === 'new') {
	// do nothing (for now)
	axios.get('/api/v4/packages')
	.then(response => {
	+ this.$root.stopLoading()
	+
	this.packages = response.data.filter(pkg => !pkg.isDomain)
	this.package_id = this.packages[0].id
	})
	@@ -205,6 +209,8 @@
	else {
	axios.get('/api/v4/users/' + this.user_id)
	.then(response => {
	+ this.$root.stopLoading()
	+
	this.user = response.data
	this.user.first_name = response.data.settings.first_name
	this.user.last_name = response.data.settings.last_name
	@@ -267,14 +273,8 @@

	axios[method](location, this.user)
	.then(response => {
	- if (response.data.status == 'success') {
	- this.$toast.success(response.data.message)
	- }
	-
	- // on new user redirect to users list
	- if (this.user_id === 'new') {
	- this.$router.push({ name: 'users' })
	- }
	+ this.$toast.success(response.data.message)
	+ this.$router.push({ name: 'users' })
	})
	},
	onInputSku(e) {
	diff --git a/src/resources/vue/User/List.vue b/src/resources/vue/User/List.vue
	--- a/src/resources/vue/User/List.vue
	+++ b/src/resources/vue/User/List.vue
	@@ -33,6 +33,11 @@
	</td>
	</tr>
	</tbody>
	+ <tfoot class="table-fake-body">
	+ <tr>
	+ <td colspan="2">There are no users in this account.</td>
	+ </tr>
	+ </tfoot>
	</table>
	</div>
	</div>
	@@ -73,8 +78,11 @@
	}
	},
	created() {
	+ this.$root.startLoading()
	+
	axios.get('/api/v4/users')
	.then(response => {
	+ this.$root.stopLoading()
	this.users = response.data
	})
	.catch(this.$root.errorHandler)
	diff --git a/src/resources/vue/User/Profile.vue b/src/resources/vue/User/Profile.vue
	--- a/src/resources/vue/User/Profile.vue
	+++ b/src/resources/vue/User/Profile.vue
	@@ -5,6 +5,12 @@
	<div class="card-title">Your profile</div>
	<div class="card-text">
	<form @submit.prevent="submit">
	+ <div class="form-group row plaintext">
	+ <label class="col-sm-4 col-form-label">Customer No.</label>
	+ <div class="col-sm-8">
	+ <span class="form-control-plaintext" id="userid">{{ user_id }}</span>
	+ </div>
	+ </div>
	<div class="form-group row">
	<label for="first_name" class="col-sm-4 col-form-label">First name</label>
	<div class="col-sm-8">
	@@ -80,6 +86,7 @@
	data() {
	return {
	profile: {},
	+ user_id: null,
	wallet_id: null,
	countries: window.config.countries
	}
	@@ -87,26 +94,22 @@
	created() {
	this.wallet_id = this.$store.state.authInfo.wallet.id
	this.profile = this.$store.state.authInfo.settings
	+ this.user_id = this.$store.state.authInfo.id
	},
	mounted() {
	$('#first_name').focus()
	},
	methods: {
	submit() {
	- if (this.profile.country) {
	- this.profile.currency = this.countries[this.profile.country][0]
	- }
	-
	this.$root.clearFormValidation($('#user-profile form'))

	- axios.put('/api/v4/users/' + this.$store.state.authInfo.id, this.profile)
	+ axios.put('/api/v4/users/' + this.user_id, this.profile)
	.then(response => {
	delete this.profile.password
	delete this.profile.password_confirm

	- if (response.data.status == 'success') {
	- this.$toast.success(response.data.message)
	- }
	+ this.$toast.success(response.data.message)
	+ this.$router.push({ name: 'dashboard' })
	})
	}
	}
	diff --git a/src/resources/vue/Widgets/ListInput.vue b/src/resources/vue/Widgets/ListInput.vue
	--- a/src/resources/vue/Widgets/ListInput.vue
	+++ b/src/resources/vue/Widgets/ListInput.vue
	@@ -10,7 +10,7 @@
	</div>
	</div>
	<div class="input-group" v-for="(item, index) in list" :key="index">
	- <input type="text" class="form-control" :value="item">
	+ <input type="text" class="form-control" v-model="list[index]">
	<div class="input-group-append">
	<a href="#" class="btn btn-outline-secondary" @click.prevent="deleteItem(index)">
	<svg-icon icon="trash-alt"></svg-icon>
	diff --git a/src/resources/vue/Widgets/Menu.vue b/src/resources/vue/Widgets/Menu.vue
	--- a/src/resources/vue/Widgets/Menu.vue
	+++ b/src/resources/vue/Widgets/Menu.vue
	@@ -2,7 +2,7 @@
	<nav :id="mode + '-menu'" class="navbar navbar-expand-lg navbar-light">
	<div class="container">
	<router-link class="navbar-brand" :to="{ name: 'dashboard' }">
	- <img :src="'/images/logo_' + mode + '.png'" :alt="app_name">
	+ <img :src="app_url + '/images/logo_' + mode + '.png'" :alt="app_name">
	</router-link>
	<button v-if="mode == 'header'" class="navbar-toggler" type="button"
	data-toggle="collapse" :data-target="'#' + mode + '-menu-navbar'"
	diff --git a/src/resources/vue/Widgets/Status.vue b/src/resources/vue/Widgets/Status.vue
	--- a/src/resources/vue/Widgets/Status.vue
	+++ b/src/resources/vue/Widgets/Status.vue
	@@ -72,14 +72,22 @@
	parseStatusInfo(info) {
	if (info) {
	if (!info.isReady) {
	+ let failedCount = 0
	+ let allCount = info.process.length
	+
	info.process.forEach((step, idx) => {
	- if (!step.state && !('percent' in info)) {
	- info.title = step.title
	- info.step = step.label
	- info.percent = Math.floor(idx / info.process.length * 100);
	- info.link = step.link
	+ if (!step.state) {
	+ failedCount++
	+
	+ if (!info.title) {
	+ info.title = step.title
	+ info.step = step.label
	+ info.link = step.link
	+ }
	}
	})
	+
	+ info.percent = Math.floor((allCount - failedCount) / allCount * 100);
	}

	this.state = info \|\| {}
	diff --git a/src/resources/vue/Widgets/TransactionLog.vue b/src/resources/vue/Widgets/TransactionLog.vue
	--- a/src/resources/vue/Widgets/TransactionLog.vue
	+++ b/src/resources/vue/Widgets/TransactionLog.vue
	@@ -15,7 +15,7 @@
	<td class="datetime">{{ transaction.createdAt }}</td>
	<td class="email" v-if="isAdmin">{{ transaction.user }}</td>
	<td class="selection">
	- <button class="btn btn-lg btn-link btn-action" title="Details"
	+ <button class="btn btn-lg btn-link btn-action" title="Details" type="button"
	v-if="transaction.hasDetails"
	@click="loadTransaction(transaction.id)"
	>
	diff --git a/src/routes/api.php b/src/routes/api.php
	--- a/src/routes/api.php
	+++ b/src/routes/api.php
	@@ -13,10 +13,12 @@
	\|
	*/

	+$prefix = \trim(\parse_url(\config('app.url'), PHP_URL_PATH), '/') . '/';
	+
	Route::group(
	[
	'middleware' => 'api',
	- 'prefix' => 'auth'
	+ 'prefix' => $prefix . 'api/auth'
	],
	function ($router) {
	Route::post('login', 'API\AuthController@login');
	@@ -36,7 +38,7 @@
	[
	'domain' => \config('app.domain'),
	'middleware' => 'api',
	- 'prefix' => 'auth'
	+ 'prefix' => $prefix . 'api/auth'
	],
	function ($router) {
	Route::post('password-reset/init', 'API\PasswordResetController@init');
	@@ -54,7 +56,7 @@
	[
	'domain' => \config('app.domain'),
	'middleware' => 'auth:api',
	- 'prefix' => 'v4'
	+ 'prefix' => $prefix . 'api/v4'
	],
	function () {
	Route::apiResource('domains', API\V4\DomainsController::class);
	@@ -97,9 +99,10 @@
	Route::group(
	[
	'domain' => \config('app.domain'),
	+ 'prefix' => $prefix . 'api/webhooks',
	],
	function () {
	- Route::post('webhooks/payment/{provider}', 'API\V4\PaymentsController@webhook');
	+ Route::post('payment/{provider}', 'API\V4\PaymentsController@webhook');
	Route::post('webhooks/meet/openvidu', 'API\V4\OpenViduController@webhook');
	}
	);
	@@ -108,16 +111,19 @@
	[
	'domain' => 'admin.' . \config('app.domain'),
	'middleware' => ['auth:api', 'admin'],
	- 'prefix' => 'v4',
	+ 'prefix' => $prefix . 'api/v4',
	],
	function () {
	Route::apiResource('domains', API\V4\Admin\DomainsController::class);
	Route::get('domains/{id}/confirm', 'API\V4\Admin\DomainsController@confirm');
	+ Route::post('domains/{id}/suspend', 'API\V4\Admin\DomainsController@suspend');
	+ Route::post('domains/{id}/unsuspend', 'API\V4\Admin\DomainsController@unsuspend');

	Route::apiResource('entitlements', API\V4\Admin\EntitlementsController::class);
	Route::apiResource('packages', API\V4\Admin\PackagesController::class);
	Route::apiResource('skus', API\V4\Admin\SkusController::class);
	Route::apiResource('users', API\V4\Admin\UsersController::class);
	+ Route::post('users/{id}/reset2FA', 'API\V4\Admin\UsersController@reset2FA');
	Route::post('users/{id}/suspend', 'API\V4\Admin\UsersController@suspend');
	Route::post('users/{id}/unsuspend', 'API\V4\Admin\UsersController@unsuspend');
	Route::apiResource('wallets', API\V4\Admin\WalletsController::class);
	diff --git a/src/routes/web.php b/src/routes/web.php
	--- a/src/routes/web.php
	+++ b/src/routes/web.php
	@@ -3,9 +3,16 @@
	// We can handle every URL with the default action because
	// we have client-side router (including 404 error handler).
	// This way we don't have to define any "deep link" routes here.
	-Route::fallback(
	+Route::group(
	+ [
	+ //'domain' => \config('app.domain'),
	+ ],
	function () {
	- $env = \App\Utils::uiEnv();
	- return view($env['view'])->with('env', $env);
	+ Route::fallback(
	+ function () {
	+ $env = \App\Utils::uiEnv();
	+ return view($env['view'])->with('env', $env);
	+ }
	+ );
	}
	);
	diff --git a/src/tests/Browser.php b/src/tests/Browser.php
	--- a/src/tests/Browser.php
	+++ b/src/tests/Browser.php
	@@ -119,7 +119,24 @@
	{
	$element = $this->resolver->findOrFail($selector);

	- Assert::assertTrue(strpos($element->getText(), $text) !== false, "No expected text in [$selector]");
	+ if ($text === '') {
	+ Assert::assertTrue((string) $element->getText() === $text, "Element's text is not empty [$selector]");
	+ } else {
	+ Assert::assertTrue(strpos($element->getText(), $text) !== false, "No expected text in [$selector]");
	+ }
	+
	+ return $this;
	+ }
	+
	+ /**
	+ * Assert that the given element contains specified text,
	+ * no matter it's displayed or not - using a regular expression.
	+ */
	+ public function assertTextRegExp($selector, $regexp)
	+ {
	+ $element = $this->resolver->findOrFail($selector);
	+
	+ Assert::assertRegExp($regexp, $element->getText(), "No expected text in [$selector]");

	return $this;
	}
	@@ -185,6 +202,27 @@
	return $this;
	}

	+ /**
	+ * Clears the input field and related vue v-model data.
	+ */
	+ public function vueClear($selector)
	+ {
	+ if ($this->resolver->prefix != 'body') {
	+ $selector = $this->resolver->prefix . ' ' . $selector;
	+ }
	+
	+ // The existing clear(), and type() with empty string do not work.
	+ // We have to clear the field and dispatch 'input' event programatically.
	+
	+ $this->script(
	+ "var element = document.querySelector('$selector');"
	+ . "element.value = '';"
	+ . "element.dispatchEvent(new Event('input'))"
	+ );
	+
	+ return $this;
	+ }
	+
	/**
	* Execute code within body context.
	* Useful to execute code that selects elements outside of a component context
	diff --git a/src/tests/Browser/Admin/DashboardTest.php b/src/tests/Browser/Admin/DashboardTest.php
	--- a/src/tests/Browser/Admin/DashboardTest.php
	+++ b/src/tests/Browser/Admin/DashboardTest.php
	@@ -2,12 +2,12 @@

	namespace Tests\Browser\Admin;

	+use Illuminate\Support\Facades\Queue;
	use Tests\Browser;
	use Tests\Browser\Components\Toast;
	use Tests\Browser\Pages\Dashboard;
	use Tests\Browser\Pages\Home;
	use Tests\TestCaseDusk;
	-use Illuminate\Foundation\Testing\DatabaseMigrations;

	class DashboardTest extends TestCaseDusk
	{
	@@ -21,6 +21,9 @@

	$jack = $this->getTestUser('jack@kolab.org');
	$jack->setSetting('external_email', null);
	+
	+ $this->deleteTestUser('test@testsearch.com');
	+ $this->deleteTestDomain('testsearch.com');
	}

	/**
	@@ -31,6 +34,9 @@
	$jack = $this->getTestUser('jack@kolab.org');
	$jack->setSetting('external_email', null);

	+ $this->deleteTestUser('test@testsearch.com');
	+ $this->deleteTestDomain('testsearch.com');
	+
	parent::tearDown();
	}

	@@ -60,9 +66,24 @@
	$browser->type('@search input', 'john.doe.external@gmail.com')
	->click('@search form button')
	->assertToast(Toast::TYPE_INFO, '2 user accounts have been found.')
	- ->whenAvailable('@search table', function (Browser $browser) {
	- $browser->assertElementsCount('tbody tr', 2);
	- // TODO: Assert table content
	+ ->whenAvailable('@search table', function (Browser $browser) use ($john, $jack) {
	+ $browser->assertElementsCount('tbody tr', 2)
	+ ->with('tbody tr:first-child', function (Browser $browser) use ($jack) {
	+ $browser->assertSeeIn('td:nth-child(1) a', $jack->email)
	+ ->assertSeeIn('td:nth-child(2) a', $jack->id)
	+ ->assertVisible('td:nth-child(3)')
	+ ->assertTextRegExp('td:nth-child(3)', '/^[0-9]{4}-[0-9]{2}-[0-9]{2}$/')
	+ ->assertVisible('td:nth-child(4)')
	+ ->assertText('td:nth-child(4)', '');
	+ })
	+ ->with('tbody tr:last-child', function (Browser $browser) use ($john) {
	+ $browser->assertSeeIn('td:nth-child(1) a', $john->email)
	+ ->assertSeeIn('td:nth-child(2) a', $john->id)
	+ ->assertVisible('td:nth-child(3)')
	+ ->assertTextRegExp('td:nth-child(3)', '/^[0-9]{4}-[0-9]{2}-[0-9]{2}$/')
	+ ->assertVisible('td:nth-child(4)')
	+ ->assertText('td:nth-child(4)', '');
	+ });
	});

	// Test search with single record result -> redirect to user page
	@@ -70,8 +91,50 @@
	->click('@search form button')
	->assertMissing('@search table')
	->waitForLocation('/user/' . $john->id)
	- ->waitFor('#user-info')
	- ->assertSeeIn('#user-info .card-title', $john->email);
	+ ->waitUntilMissing('.app-loader')
	+ ->whenAvailable('#user-info', function (Browser $browser) use ($john) {
	+ $browser->assertSeeIn('.card-title', $john->email);
	+ });
	+ });
	+ }
	+
	+ /**
	+ * Test user search deleted user/domain
	+ */
	+ public function testSearchDeleted(): void
	+ {
	+ $this->browse(function (Browser $browser) {
	+ $browser->visit(new Home())
	+ ->submitLogon('jeroen@jeroen.jeroen', 'jeroen', true)
	+ ->on(new Dashboard())
	+ ->assertFocused('@search input')
	+ ->assertMissing('@search table');
	+
	+ // Deleted users/domains
	+ $domain = $this->getTestDomain('testsearch.com', ['type' => \App\Domain::TYPE_EXTERNAL]);
	+ $user = $this->getTestUser('test@testsearch.com');
	+ $plan = \App\Plan::where('title', 'group')->first();
	+ $user->assignPlan($plan, $domain);
	+ $user->setAliases(['alias@testsearch.com']);
	+ Queue::fake();
	+ $user->delete();
	+
	+ // Test search with multiple results
	+ $browser->type('@search input', 'testsearch.com')
	+ ->click('@search form button')
	+ ->assertToast(Toast::TYPE_INFO, '1 user accounts have been found.')
	+ ->whenAvailable('@search table', function (Browser $browser) use ($user) {
	+ $browser->assertElementsCount('tbody tr', 1)
	+ ->assertVisible('tbody tr:first-child.text-secondary')
	+ ->with('tbody tr:first-child', function (Browser $browser) use ($user) {
	+ $browser->assertSeeIn('td:nth-child(1) span', $user->email)
	+ ->assertSeeIn('td:nth-child(2) span', $user->id)
	+ ->assertVisible('td:nth-child(3)')
	+ ->assertTextRegExp('td:nth-child(3)', '/^[0-9]{4}-[0-9]{2}-[0-9]{2}$/')
	+ ->assertVisible('td:nth-child(4)')
	+ ->assertTextRegExp('td:nth-child(4)', '/^[0-9]{4}-[0-9]{2}-[0-9]{2}$/');
	+ });
	+ });
	});
	}
	}
	diff --git a/src/tests/Browser/Admin/DomainTest.php b/src/tests/Browser/Admin/DomainTest.php
	--- a/src/tests/Browser/Admin/DomainTest.php
	+++ b/src/tests/Browser/Admin/DomainTest.php
	@@ -2,7 +2,7 @@

	namespace Tests\Browser\Admin;

	-use App\Discount;
	+use App\Domain;
	use Tests\Browser;
	use Tests\Browser\Components\Toast;
	use Tests\Browser\Pages\Admin\Domain as DomainPage;
	@@ -86,4 +86,34 @@
	});
	});
	}
	+
	+ /**
	+ * Test suspending/unsuspending a domain
	+ *
	+ * @depends testDomainInfo
	+ */
	+ public function testSuspendAndUnsuspend(): void
	+ {
	+ $this->browse(function (Browser $browser) {
	+ $domain = $this->getTestDomain('domainscontroller.com', [
	+ 'status' => Domain::STATUS_NEW \| Domain::STATUS_ACTIVE
	+ \| Domain::STATUS_LDAP_READY \| Domain::STATUS_CONFIRMED
	+ \| Domain::STATUS_VERIFIED,
	+ 'type' => Domain::TYPE_EXTERNAL,
	+ ]);
	+
	+ $browser->visit(new DomainPage($domain->id))
	+ ->assertVisible('@domain-info #button-suspend')
	+ ->assertMissing('@domain-info #button-unsuspend')
	+ ->click('@domain-info #button-suspend')
	+ ->assertToast(Toast::TYPE_SUCCESS, 'Domain suspended successfully.')
	+ ->assertSeeIn('@domain-info #status span.text-warning', 'Suspended')
	+ ->assertMissing('@domain-info #button-suspend')
	+ ->click('@domain-info #button-unsuspend')
	+ ->assertToast(Toast::TYPE_SUCCESS, 'Domain unsuspended successfully.')
	+ ->assertSeeIn('@domain-info #status span.text-success', 'Active')
	+ ->assertVisible('@domain-info #button-suspend')
	+ ->assertMissing('@domain-info #button-unsuspend');
	+ });
	+ }
	}
	diff --git a/src/tests/Browser/Admin/UserFinancesTest.php b/src/tests/Browser/Admin/UserFinancesTest.php
	--- a/src/tests/Browser/Admin/UserFinancesTest.php
	+++ b/src/tests/Browser/Admin/UserFinancesTest.php
	@@ -30,6 +30,7 @@
	$wallet->discount()->dissociate();
	$wallet->balance = 0;
	$wallet->save();
	+ $wallet->setSettings(['mollie_id' => null, 'stripe_id' => null]);
	}

	/**
	@@ -40,7 +41,9 @@
	// Assert Jack's Finances tab
	$this->browse(function (Browser $browser) {
	$jack = $this->getTestUser('jack@kolab.org');
	- $jack->wallets()->first()->transactions()->delete();
	+ $wallet = $jack->wallets()->first();
	+ $wallet->transactions()->delete();
	+ $wallet->setSetting('stripe_id', 'abc');
	$page = new UserPage($jack->id);

	$browser->visit(new Home())
	@@ -54,12 +57,11 @@
	->assertSeeIn('.card-title:first-child', 'Account balance')
	->assertSeeIn('.card-title:first-child .text-success', '0,00 CHF')
	->with('form', function (Browser $browser) {
	- $payment_provider = ucfirst(\config('services.payment_provider'));
	$browser->assertElementsCount('.row', 2)
	->assertSeeIn('.row:nth-child(1) label', 'Discount')
	->assertSeeIn('.row:nth-child(1) #discount span', 'none')
	- ->assertSeeIn('.row:nth-child(2) label', $payment_provider . ' ID')
	- ->assertVisible('.row:nth-child(2) a');
	+ ->assertSeeIn('.row:nth-child(2) label', 'Stripe ID')
	+ ->assertSeeIn('.row:nth-child(2) a', 'abc');
	})
	->assertSeeIn('h2:nth-of-type(2)', 'Transactions')
	->with('table', function (Browser $browser) {
	@@ -101,15 +103,18 @@
	->assertSeeIn('.card-title:first-child', 'Account balance')
	->assertSeeIn('.card-title:first-child .text-danger', '-20,10 CHF')
	->with('form', function (Browser $browser) {
	- $browser->assertElementsCount('.row', 2)
	+ $browser->assertElementsCount('.row', 1)
	->assertSeeIn('.row:nth-child(1) label', 'Discount')
	->assertSeeIn('.row:nth-child(1) #discount span', '10% - Test voucher');
	})
	->assertSeeIn('h2:nth-of-type(2)', 'Transactions')
	->with('table', function (Browser $browser) {
	$browser->assertElementsCount('tbody tr', 2)
	- ->assertMissing('tfoot')
	- ->assertSeeIn('tbody tr:last-child td.email', 'jeroen@jeroen.jeroen');
	+ ->assertMissing('tfoot');
	+
	+ if (!$browser->isPhone()) {
	+ $browser->assertSeeIn('tbody tr:last-child td.email', 'jeroen@jeroen.jeroen');
	+ }
	});
	});
	});
	@@ -117,17 +122,20 @@
	// Now we go to Ned's info page, he's a controller on John's wallet
	$this->browse(function (Browser $browser) {
	$ned = $this->getTestUser('ned@kolab.org');
	+ $wallet = $ned->wallets()->first();
	+ $wallet->balance = 0;
	+ $wallet->save();
	$page = new UserPage($ned->id);

	$browser->click('@nav #tab-users')
	- ->click('@user-users tbody tr:nth-child(3) td:first-child a')
	+ ->click('@user-users tbody tr:nth-child(4) td:first-child a')
	->on($page)
	->with('@user-finances', function (Browser $browser) {
	$browser->waitUntilMissing('.app-loader')
	->assertSeeIn('.card-title:first-child', 'Account balance')
	->assertSeeIn('.card-title:first-child .text-success', '0,00 CHF')
	->with('form', function (Browser $browser) {
	- $browser->assertElementsCount('.row', 2)
	+ $browser->assertElementsCount('.row', 1)
	->assertSeeIn('.row:nth-child(1) label', 'Discount')
	->assertSeeIn('.row:nth-child(1) #discount span', 'none');
	})
	@@ -260,8 +268,11 @@
	$browser->assertElementsCount('tbody tr', 3)
	->assertMissing('tfoot')
	->assertSeeIn('tbody tr:first-child td.description', 'Bonus: Test bonus')
	- ->assertSeeIn('tbody tr:first-child td.email', 'jeroen@jeroen.jeroen')
	->assertSeeIn('tbody tr:first-child td.price', '12,34 CHF');
	+
	+ if (!$browser->isPhone()) {
	+ $browser->assertSeeIn('tbody tr:first-child td.email', 'jeroen@jeroen.jeroen');
	+ }
	});

	$this->assertSame(1234, $john->wallets()->first()->balance);
	diff --git a/src/tests/Browser/Admin/UserTest.php b/src/tests/Browser/Admin/UserTest.php
	--- a/src/tests/Browser/Admin/UserTest.php
	+++ b/src/tests/Browser/Admin/UserTest.php
	@@ -2,7 +2,9 @@

	namespace Tests\Browser\Admin;

	+use App\Auth\SecondFactor;
	use App\Discount;
	+use App\Sku;
	use App\User;
	use Tests\Browser;
	use Tests\Browser\Components\Dialog;
	@@ -33,6 +35,7 @@
	}
	$wallet = $john->wallets()->first();
	$wallet->discount()->dissociate();
	+ $wallet->save();
	}

	/**
	@@ -50,6 +53,7 @@
	}
	$wallet = $john->wallets()->first();
	$wallet->discount()->dissociate();
	+ $wallet->save();

	parent::tearDown();
	}
	@@ -98,7 +102,7 @@
	->assertSeeIn('.row:nth-child(6) label', 'External email')
	->assertMissing('.row:nth-child(6) #external_email a')
	->assertSeeIn('.row:nth-child(7) label', 'Country')
	- ->assertSeeIn('.row:nth-child(7) #country', 'United States of America');
	+ ->assertSeeIn('.row:nth-child(7) #country', 'United States');
	});

	// Some tabs are loaded in background, wait a second
	@@ -128,7 +132,8 @@
	->assertSeeIn('table tbody tr:nth-child(2) td:last-child', '0,00 CHF')
	->assertSeeIn('table tbody tr:nth-child(3) td:first-child', 'Groupware Features')
	->assertSeeIn('table tbody tr:nth-child(3) td:last-child', '5,55 CHF')
	- ->assertMissing('table tfoot');
	+ ->assertMissing('table tfoot')
	+ ->assertMissing('#reset2fa');
	});

	// Assert Domains tab
	@@ -193,7 +198,7 @@
	->assertSeeIn('.row:nth-child(8) label', 'Address')
	->assertSeeIn('.row:nth-child(8) #billing_address', $john->getSetting('billing_address'))
	->assertSeeIn('.row:nth-child(9) label', 'Country')
	- ->assertSeeIn('.row:nth-child(9) #country', 'United States of America');
	+ ->assertSeeIn('.row:nth-child(9) #country', 'United States');
	});

	// Some tabs are loaded in background, wait a second
	@@ -238,16 +243,18 @@
	});

	// Assert Users tab
	- $browser->assertSeeIn('@nav #tab-users', 'Users (3)')
	+ $browser->assertSeeIn('@nav #tab-users', 'Users (4)')
	->click('@nav #tab-users')
	->with('@user-users table', function (Browser $browser) {
	- $browser->assertElementsCount('tbody tr', 3)
	+ $browser->assertElementsCount('tbody tr', 4)
	->assertSeeIn('tbody tr:nth-child(1) td:first-child a', 'jack@kolab.org')
	->assertVisible('tbody tr:nth-child(1) td:first-child svg.text-success')
	->assertSeeIn('tbody tr:nth-child(2) td:first-child a', 'joe@kolab.org')
	->assertVisible('tbody tr:nth-child(2) td:first-child svg.text-success')
	- ->assertSeeIn('tbody tr:nth-child(3) td:first-child a', 'ned@kolab.org')
	+ ->assertSeeIn('tbody tr:nth-child(3) td:first-child span', 'john@kolab.org')
	->assertVisible('tbody tr:nth-child(3) td:first-child svg.text-success')
	+ ->assertSeeIn('tbody tr:nth-child(4) td:first-child a', 'ned@kolab.org')
	+ ->assertVisible('tbody tr:nth-child(4) td:first-child svg.text-success')
	->assertMissing('tfoot');
	});
	});
	@@ -257,7 +264,7 @@
	$ned = $this->getTestUser('ned@kolab.org');
	$page = new UserPage($ned->id);

	- $browser->click('@user-users tbody tr:nth-child(3) td:first-child a')
	+ $browser->click('@user-users tbody tr:nth-child(4) td:first-child a')
	->on($page);

	// Assert main info box content
	@@ -298,7 +305,8 @@
	->assertSeeIn('table tbody tr:nth-child(5) td:first-child', '2-Factor Authentication')
	->assertSeeIn('table tbody tr:nth-child(5) td:last-child', '0,00 CHF/month¹')
	->assertMissing('table tfoot')
	- ->assertSeeIn('table + .hint', '¹ applied discount: 10% - Test voucher');
	+ ->assertSeeIn('table + .hint', '¹ applied discount: 10% - Test voucher')
	+ ->assertSeeIn('#reset2fa', 'Reset 2-Factor Auth');
	});

	// We don't expect John's domains here
	@@ -396,4 +404,36 @@
	->assertMissing('@user-info #button-unsuspend');
	});
	}
	+
	+ /**
	+ * Test resetting 2FA for the user
	+ */
	+ public function testReset2FA(): void
	+ {
	+ $this->browse(function (Browser $browser) {
	+ $this->deleteTestUser('userstest1@kolabnow.com');
	+ $user = $this->getTestUser('userstest1@kolabnow.com');
	+ $sku2fa = Sku::firstOrCreate(['title' => '2fa']);
	+ $user->assignSku($sku2fa);
	+ SecondFactor::seed('userstest1@kolabnow.com');
	+
	+ $browser->visit(new UserPage($user->id))
	+ ->click('@nav #tab-subscriptions')
	+ ->with('@user-subscriptions', function (Browser $browser) use ($sku2fa) {
	+ $browser->waitFor('#reset2fa')
	+ ->assertVisible('#sku' . $sku2fa->id);
	+ })
	+ ->assertSeeIn('@nav #tab-subscriptions', 'Subscriptions (1)')
	+ ->click('#reset2fa')
	+ ->with(new Dialog('#reset-2fa-dialog'), function (Browser $browser) {
	+ $browser->assertSeeIn('@title', '2-Factor Authentication Reset')
	+ ->assertSeeIn('@button-cancel', 'Cancel')
	+ ->assertSeeIn('@button-action', 'Reset')
	+ ->click('@button-action');
	+ })
	+ ->assertToast(Toast::TYPE_SUCCESS, '2-Factor authentication reset successfully.')
	+ ->assertMissing('#sku' . $sku2fa->id)
	+ ->assertSeeIn('@nav #tab-subscriptions', 'Subscriptions (0)');
	+ });
	+ }
	}
	diff --git a/src/tests/Browser/DomainTest.php b/src/tests/Browser/DomainTest.php
	--- a/src/tests/Browser/DomainTest.php
	+++ b/src/tests/Browser/DomainTest.php
	@@ -118,9 +118,11 @@
	->click('@links a.link-domains')
	// On Domains List page click the domain entry
	->on(new DomainList())
	+ ->waitFor('@table tbody tr')
	->assertVisible('@table tbody tr:first-child td:first-child svg.fa-globe.text-success')
	->assertText('@table tbody tr:first-child td:first-child svg title', 'Active')
	->assertSeeIn('@table tbody tr:first-child td:first-child', 'kolab.org')
	+ ->assertMissing('@table tfoot')
	->click('@table tbody tr:first-child td:first-child a')
	// On Domain Info page verify that's the clicked domain
	->on(new DomainInfo())
	@@ -131,4 +133,31 @@

	// TODO: Test domains list acting as Ned (John's "delegatee")
	}
	+
	+ /**
	+ * Test domains list page (user with no domains)
	+ */
	+ public function testDomainListEmpty(): void
	+ {
	+ $this->browse(function ($browser) {
	+ // Login the user
	+ $browser->visit('/login')
	+ ->on(new Home())
	+ ->submitLogon('jack@kolab.org', 'simple123', true)
	+ ->on(new Dashboard())
	+ ->assertVisible('@links a.link-profile')
	+ ->assertMissing('@links a.link-domains')
	+ ->assertMissing('@links a.link-users')
	+ ->assertMissing('@links a.link-wallet');
	+/*
	+ // On dashboard click the "Domains" link
	+ ->assertSeeIn('@links a.link-domains', 'Domains')
	+ ->click('@links a.link-domains')
	+ // On Domains List page click the domain entry
	+ ->on(new DomainList())
	+ ->assertMissing('@table tbody')
	+ ->assertSeeIn('tfoot td', 'There are no domains in this account.');
	+*/
	+ });
	+ }
	}
	diff --git a/src/tests/Browser/LogonTest.php b/src/tests/Browser/LogonTest.php
	--- a/src/tests/Browser/LogonTest.php
	+++ b/src/tests/Browser/LogonTest.php
	@@ -72,10 +72,13 @@
	{
	$this->browse(function (Browser $browser) {
	$browser->visit(new Home())
	- ->submitLogon('john@kolab.org', 'simple123', true);
	-
	- // Checks if we're really on Dashboard page
	- $browser->on(new Dashboard())
	+ ->submitLogon('john@kolab.org', 'simple123', true)
	+ // Checks if we're really on Dashboard page
	+ ->on(new Dashboard())
	+ ->assertVisible('@links a.link-profile')
	+ ->assertVisible('@links a.link-domains')
	+ ->assertVisible('@links a.link-users')
	+ ->assertVisible('@links a.link-wallet')
	->within(new Menu(), function ($browser) {
	$browser->assertMenuItems(['support', 'contact', 'webmail', 'logout']);
	});
	@@ -201,7 +204,8 @@
	$browser->type('@second-factor-input', $code)
	->press('form button')
	->waitUntilMissing('@second-factor-input.is-invalid')
	- ->waitForLocation('/dashboard')->on(new Dashboard());
	+ ->waitForLocation('/dashboard')
	+ ->on(new Dashboard());
	});
	}
	}
	diff --git a/src/tests/Browser/Pages/PaymentStripe.php b/src/tests/Browser/Pages/PaymentStripe.php
	--- a/src/tests/Browser/Pages/PaymentStripe.php
	+++ b/src/tests/Browser/Pages/PaymentStripe.php
	@@ -37,8 +37,8 @@
	{
	return [
	'@form' => '.App-Payment > form',
	- '@title' => '.App-Overview .ProductSummary-Info .Text',
	- '@amount' => '#ProductSummary-TotalAmount',
	+ '@title' => '.App-Overview .ProductSummary',
	+ '@amount' => '#ProductSummary-totalAmount',
	'@description' => '#ProductSummary-Description',
	'@email-input' => '.App-Payment #email',
	'@cardnumber-input' => '.App-Payment #cardNumber',
	diff --git a/src/tests/Browser/Pages/UserInfo.php b/src/tests/Browser/Pages/UserInfo.php
	--- a/src/tests/Browser/Pages/UserInfo.php
	+++ b/src/tests/Browser/Pages/UserInfo.php
	@@ -25,7 +25,8 @@
	*/
	public function assert($browser)
	{
	- $browser->waitFor('@form');
	+ $browser->waitFor('@form')
	+ ->waitUntilMissing('.app-loader');
	}

	/**
	diff --git a/src/tests/Browser/PasswordResetTest.php b/src/tests/Browser/PasswordResetTest.php
	--- a/src/tests/Browser/PasswordResetTest.php
	+++ b/src/tests/Browser/PasswordResetTest.php
	@@ -146,9 +146,10 @@

	$browser->waitFor('.toast-error');

	- $step->assertVisible('#reset_short_code.is-invalid');
	- $step->assertVisible('#reset_short_code + .invalid-feedback');
	- $step->assertFocused('#reset_short_code');
	+ $step->waitFor('#reset_short_code.is-invalid')
	+ ->assertVisible('#reset_short_code.is-invalid')
	+ ->assertVisible('#reset_short_code + .invalid-feedback')
	+ ->assertFocused('#reset_short_code');

	$browser->click('.toast-error'); // remove the toast
	});
	@@ -249,9 +250,10 @@

	$browser->waitFor('.toast-error');

	- $step->assertVisible('#reset_password.is-invalid');
	- $step->assertVisible('#reset_password + .invalid-feedback');
	- $step->assertFocused('#reset_password');
	+ $step->waitFor('#reset_password.is-invalid')
	+ ->assertVisible('#reset_password.is-invalid')
	+ ->assertVisible('#reset_password + .invalid-feedback')
	+ ->assertFocused('#reset_password');

	$browser->click('.toast-error'); // remove the toast
	});
	diff --git a/src/tests/Browser/SignupTest.php b/src/tests/Browser/SignupTest.php
	--- a/src/tests/Browser/SignupTest.php
	+++ b/src/tests/Browser/SignupTest.php
	@@ -369,7 +369,11 @@
	$browser->waitUntilMissing('@step3')
	->waitUntilMissing('.app-loader')
	->on(new Dashboard())
	- ->assertUser('signuptestdusk@' . \config('app.domain'));
	+ ->assertUser('signuptestdusk@' . \config('app.domain'))
	+ ->assertVisible('@links a.link-profile')
	+ ->assertMissing('@links a.link-domains')
	+ ->assertVisible('@links a.link-users')
	+ ->assertVisible('@links a.link-wallet');

	// Logout the user
	$browser->within(new Menu(), function ($browser) {
	@@ -466,7 +470,11 @@
	$browser->waitUntilMissing('@step3')
	->waitUntilMissing('.app-loader')
	->on(new Dashboard())
	- ->assertUser('admin@user-domain-signup.com');
	+ ->assertUser('admin@user-domain-signup.com')
	+ ->assertVisible('@links a.link-profile')
	+ ->assertVisible('@links a.link-domains')
	+ ->assertVisible('@links a.link-users')
	+ ->assertVisible('@links a.link-wallet');

	$browser->within(new Menu(), function ($browser) {
	$browser->clickMenuItem('logout');
	@@ -482,6 +490,7 @@
	$this->browse(function (Browser $browser) {
	$browser->visit('/signup/voucher/TEST')
	->onWithoutAssert(new Signup())
	+ ->waitUntilMissing('.app-loader')
	->waitFor('@step0')
	->click('.plan-individual button')
	->whenAvailable('@step1', function (Browser $browser) {
	diff --git a/src/tests/Browser/StatusTest.php b/src/tests/Browser/StatusTest.php
	--- a/src/tests/Browser/StatusTest.php
	+++ b/src/tests/Browser/StatusTest.php
	@@ -72,7 +72,7 @@
	->on(new Dashboard())
	->with(new Status(), function ($browser) use ($john) {
	$browser->assertSeeIn('@body', 'We are preparing your account')
	- ->assertProgress(28, 'Creating a mailbox...', 'pending')
	+ ->assertProgress(71, 'Creating a mailbox...', 'pending')
	->assertMissing('#status-verify')
	->assertMissing('#status-link')
	->assertMissing('@refresh-button')
	@@ -123,7 +123,7 @@
	$browser->visit(new Dashboard())
	->with(new Status(), function ($browser) use ($john, $domain) {
	$browser->assertSeeIn('@body', 'We are preparing your account')
	- ->assertProgress(28, 'Creating a mailbox...', 'failed')
	+ ->assertProgress(71, 'Creating a mailbox...', 'failed')
	->assertVisible('@refresh-button')
	->assertVisible('@refresh-text');

	@@ -158,6 +158,7 @@
	$browser->on(new Dashboard())
	->click('@links a.link-domains')
	->on(new DomainList())
	+ ->waitFor('@table tbody tr')
	// Assert domain status icon
	->assertVisible('@table tbody tr:first-child td:first-child svg.fa-globe.text-danger')
	->assertText('@table tbody tr:first-child td:first-child svg title', 'Not Ready')
	@@ -222,6 +223,7 @@
	$browser->visit(new Dashboard())
	->click('@links a.link-users')
	->on(new UserList())
	+ ->waitFor('@table tbody tr')
	// Assert user status icons
	->assertVisible('@table tbody tr:first-child td:first-child svg.fa-user.text-success')
	->assertText('@table tbody tr:first-child td:first-child svg title', 'Active')
	@@ -236,7 +238,7 @@
	})
	->with(new Status(), function ($browser) use ($john) {
	$browser->assertSeeIn('@body', 'We are preparing the user account')
	- ->assertProgress(28, 'Creating a mailbox...', 'pending')
	+ ->assertProgress(71, 'Creating a mailbox...', 'pending')
	->assertMissing('#status-verify')
	->assertMissing('#status-link')
	->assertMissing('@refresh-button')
	diff --git a/src/tests/Browser/UserProfileTest.php b/src/tests/Browser/UserProfileTest.php
	--- a/src/tests/Browser/UserProfileTest.php
	+++ b/src/tests/Browser/UserProfileTest.php
	@@ -71,55 +71,58 @@
	->on(new UserProfile())
	->assertSeeIn('#user-profile .button-delete', 'Delete account')
	->whenAvailable('@form', function (Browser $browser) {
	+ $user = User::where('email', 'john@kolab.org')->first();
	// Assert form content
	- $browser->assertFocused('div.row:nth-child(1) input')
	- ->assertSeeIn('div.row:nth-child(1) label', 'First name')
	- ->assertValue('div.row:nth-child(1) input[type=text]', $this->profile['first_name'])
	- ->assertSeeIn('div.row:nth-child(2) label', 'Last name')
	- ->assertValue('div.row:nth-child(2) input[type=text]', $this->profile['last_name'])
	- ->assertSeeIn('div.row:nth-child(3) label', 'Organization')
	- ->assertValue('div.row:nth-child(3) input[type=text]', $this->profile['organization'])
	- ->assertSeeIn('div.row:nth-child(4) label', 'Phone')
	- ->assertValue('div.row:nth-child(4) input[type=text]', $this->profile['phone'])
	- ->assertSeeIn('div.row:nth-child(5) label', 'External email')
	- ->assertValue('div.row:nth-child(5) input[type=text]', $this->profile['external_email'])
	- ->assertSeeIn('div.row:nth-child(6) label', 'Address')
	- ->assertValue('div.row:nth-child(6) textarea', $this->profile['billing_address'])
	- ->assertSeeIn('div.row:nth-child(7) label', 'Country')
	- ->assertValue('div.row:nth-child(7) select', $this->profile['country'])
	- ->assertSeeIn('div.row:nth-child(8) label', 'Password')
	- ->assertValue('div.row:nth-child(8) input[type=password]', '')
	- ->assertSeeIn('div.row:nth-child(9) label', 'Confirm password')
	+ $browser->assertFocused('div.row:nth-child(2) input')
	+ ->assertSeeIn('div.row:nth-child(1) label', 'Customer No.')
	+ ->assertSeeIn('div.row:nth-child(1) .form-control-plaintext', $user->id)
	+ ->assertSeeIn('div.row:nth-child(2) label', 'First name')
	+ ->assertValue('div.row:nth-child(2) input[type=text]', $this->profile['first_name'])
	+ ->assertSeeIn('div.row:nth-child(3) label', 'Last name')
	+ ->assertValue('div.row:nth-child(3) input[type=text]', $this->profile['last_name'])
	+ ->assertSeeIn('div.row:nth-child(4) label', 'Organization')
	+ ->assertValue('div.row:nth-child(4) input[type=text]', $this->profile['organization'])
	+ ->assertSeeIn('div.row:nth-child(5) label', 'Phone')
	+ ->assertValue('div.row:nth-child(5) input[type=text]', $this->profile['phone'])
	+ ->assertSeeIn('div.row:nth-child(6) label', 'External email')
	+ ->assertValue('div.row:nth-child(6) input[type=text]', $this->profile['external_email'])
	+ ->assertSeeIn('div.row:nth-child(7) label', 'Address')
	+ ->assertValue('div.row:nth-child(7) textarea', $this->profile['billing_address'])
	+ ->assertSeeIn('div.row:nth-child(8) label', 'Country')
	+ ->assertValue('div.row:nth-child(8) select', $this->profile['country'])
	+ ->assertSeeIn('div.row:nth-child(9) label', 'Password')
	->assertValue('div.row:nth-child(9) input[type=password]', '')
	+ ->assertSeeIn('div.row:nth-child(10) label', 'Confirm password')
	+ ->assertValue('div.row:nth-child(10) input[type=password]', '')
	->assertSeeIn('button[type=submit]', 'Submit');

	+ // Test form error handling
	+ $browser->type('#phone', 'aaaaaa')
	+ ->type('#external_email', 'bbbbb')
	+ ->click('button[type=submit]')
	+ ->waitFor('#phone + .invalid-feedback')
	+ ->assertSeeIn('#phone + .invalid-feedback', 'The phone format is invalid.')
	+ ->assertSeeIn(
	+ '#external_email + .invalid-feedback',
	+ 'The external email must be a valid email address.'
	+ )
	+ ->assertFocused('#phone')
	+ ->assertToast(Toast::TYPE_ERROR, 'Form validation error')
	+ ->clearToasts();
	+
	// Clear all fields and submit
	// FIXME: Should any of these fields be required?
	- $browser->type('#first_name', '')
	- ->type('#last_name', '')
	- ->type('#organization', '')
	- ->type('#phone', '')
	- ->type('#external_email', '')
	- ->type('#billing_address', '')
	- ->select('#country', '')
	- ->click('button[type=submit]');
	+ $browser->vueClear('#first_name')
	+ ->vueClear('#last_name')
	+ ->vueClear('#organization')
	+ ->vueClear('#phone')
	+ ->vueClear('#external_email')
	+ ->vueClear('#billing_address')
	+ ->click('button[type=submit]')
	+ ->assertToast(Toast::TYPE_SUCCESS, 'User data updated successfully.');
	})
	- ->assertToast(Toast::TYPE_SUCCESS, 'User data updated successfully.');
	-
	- // Test error handling
	- $browser->with('@form', function (Browser $browser) {
	- $browser->type('#phone', 'aaaaaa')
	- ->type('#external_email', 'bbbbb')
	- ->click('button[type=submit]')
	- ->waitFor('#phone + .invalid-feedback')
	- ->assertSeeIn('#phone + .invalid-feedback', 'The phone format is invalid.')
	- ->assertSeeIn(
	- '#external_email + .invalid-feedback',
	- 'The external email must be a valid email address.'
	- )
	- ->assertFocused('#phone')
	- ->assertToast(Toast::TYPE_ERROR, 'Form validation error');
	- });
	+ // On success we're redirected to Dashboard
	+ ->on(new Dashboard());
	});
	}

	diff --git a/src/tests/Browser/UsersTest.php b/src/tests/Browser/UsersTest.php
	--- a/src/tests/Browser/UsersTest.php
	+++ b/src/tests/Browser/UsersTest.php
	@@ -107,7 +107,8 @@
	->click('@links .link-users')
	->on(new UserList())
	->whenAvailable('@table', function (Browser $browser) {
	- $browser->assertElementsCount('tbody tr', 4)
	+ $browser->waitFor('tbody tr')
	+ ->assertElementsCount('tbody tr', 4)
	->assertSeeIn('tbody tr:nth-child(1) a', 'jack@kolab.org')
	->assertSeeIn('tbody tr:nth-child(2) a', 'joe@kolab.org')
	->assertSeeIn('tbody tr:nth-child(3) a', 'john@kolab.org')
	@@ -115,7 +116,8 @@
	->assertVisible('tbody tr:nth-child(1) button.button-delete')
	->assertVisible('tbody tr:nth-child(2) button.button-delete')
	->assertVisible('tbody tr:nth-child(3) button.button-delete')
	- ->assertVisible('tbody tr:nth-child(4) button.button-delete');
	+ ->assertVisible('tbody tr:nth-child(4) button.button-delete')
	+ ->assertMissing('tfoot');
	});
	});
	}
	@@ -156,56 +158,53 @@
	->assertValue('div.row:nth-child(7) input[type=password]', '')
	->assertSeeIn('div.row:nth-child(8) label', 'Confirm password')
	->assertValue('div.row:nth-child(8) input[type=password]', '')
	- ->assertSeeIn('button[type=submit]', 'Submit');
	-
	- // Clear some fields and submit
	- $browser->type('#first_name', '')
	- ->type('#last_name', '')
	+ ->assertSeeIn('button[type=submit]', 'Submit')
	+ // Clear some fields and submit
	+ ->vueClear('#first_name')
	+ ->vueClear('#last_name')
	->click('button[type=submit]');
	})
	- ->assertToast(Toast::TYPE_SUCCESS, 'User data updated successfully.');
	+ ->assertToast(Toast::TYPE_SUCCESS, 'User data updated successfully.')
	+ ->on(new UserList())
	+ ->click('@table tr:nth-child(3) a')
	+ ->on(new UserInfo())
	+ ->assertSeeIn('#user-info .card-title', 'User account')
	+ ->with('@form', function (Browser $browser) {
	+ // Test error handling (password)
	+ $browser->type('#password', 'aaaaaa')
	+ ->vueClear('#password_confirmation')
	+ ->click('button[type=submit]')
	+ ->waitFor('#password + .invalid-feedback')
	+ ->assertSeeIn('#password + .invalid-feedback', 'The password confirmation does not match.')
	+ ->assertFocused('#password')
	+ ->assertToast(Toast::TYPE_ERROR, 'Form validation error');

	- // Test error handling (password)
	- $browser->with('@form', function (Browser $browser) {
	- $browser->type('#password', 'aaaaaa')
	- ->type('#password_confirmation', '')
	- ->click('button[type=submit]')
	- ->waitFor('#password + .invalid-feedback')
	- ->assertSeeIn('#password + .invalid-feedback', 'The password confirmation does not match.')
	- ->assertFocused('#password')
	- ->assertToast(Toast::TYPE_ERROR, 'Form validation error');
	- });
	+ // TODO: Test password change

	- // TODO: Test password change
	+ // Test form error handling (aliases)
	+ $browser->vueClear('#password')
	+ ->vueClear('#password_confirmation')
	+ ->with(new ListInput('#aliases'), function (Browser $browser) {
	+ $browser->addListEntry('invalid address');
	+ })
	+ ->click('button[type=submit]')
	+ ->assertToast(Toast::TYPE_ERROR, 'Form validation error');

	- // Test form error handling (aliases)
	- $browser->with('@form', function (Browser $browser) {
	- // TODO: For some reason, clearing the input value
	- // with ->type('#password', '') does not work, maybe some dusk/vue intricacy
	- // For now we just use the default password
	- $browser->type('#password', 'simple123')
	- ->type('#password_confirmation', 'simple123')
	- ->with(new ListInput('#aliases'), function (Browser $browser) {
	- $browser->addListEntry('invalid address');
	- })
	- ->click('button[type=submit]')
	- ->assertToast(Toast::TYPE_ERROR, 'Form validation error');
	- })
	- ->with('@form', function (Browser $browser) {
	- $browser->with(new ListInput('#aliases'), function (Browser $browser) {
	- $browser->assertFormError(2, 'The specified alias is invalid.', false);
	- });
	- });
	+ $browser->with(new ListInput('#aliases'), function (Browser $browser) {
	+ $browser->assertFormError(2, 'The specified alias is invalid.', false);
	+ });

	- // Test adding aliases
	- $browser->with('@form', function (Browser $browser) {
	- $browser->with(new ListInput('#aliases'), function (Browser $browser) {
	- $browser->removeListEntry(2)
	- ->addListEntry('john.test@kolab.org');
	+ // Test adding aliases
	+ $browser->with(new ListInput('#aliases'), function (Browser $browser) {
	+ $browser->removeListEntry(2)
	+ ->addListEntry('john.test@kolab.org');
	+ })
	+ ->click('button[type=submit]')
	+ ->assertToast(Toast::TYPE_SUCCESS, 'User data updated successfully.');
	})
	- ->click('button[type=submit]')
	- ->assertToast(Toast::TYPE_SUCCESS, 'User data updated successfully.');
	- });
	+ ->on(new UserList())
	+ ->click('@table tr:nth-child(3) a')
	+ ->on(new UserInfo());

	$john = User::where('email', 'john@kolab.org')->first();
	$alias = UserAlias::where('user_id', $john->id)->where('alias', 'john.test@kolab.org')->first();
	@@ -271,7 +270,10 @@
	->assertMissing('@skus table + .hint')
	->click('button[type=submit]')
	->assertToast(Toast::TYPE_SUCCESS, 'User data updated successfully.');
	- });
	+ })
	+ ->on(new UserList())
	+ ->click('@table tr:nth-child(3) a')
	+ ->on(new UserInfo());

	$expected = ['activesync', 'groupware', 'mailbox', 'storage', 'storage', 'storage'];
	$this->assertUserEntitlements($john, $expected);
	@@ -398,7 +400,6 @@
	})
	->assertToast(Toast::TYPE_SUCCESS, 'User created successfully.')
	// check redirection to users list
	- ->waitForLocation('/users')
	->on(new UserList())
	->whenAvailable('@table', function (Browser $browser) {
	$browser->assertElementsCount('tbody tr', 5)
	@@ -412,6 +413,29 @@
	$this->assertSame('Julia', $julia->getSetting('first_name'));
	$this->assertSame('Roberts', $julia->getSetting('last_name'));
	$this->assertSame('Test Org', $julia->getSetting('organization'));
	+
	+ // Some additional tests for the list input widget
	+ $browser->click('tbody tr:nth-child(4) a')
	+ ->on(new UserInfo())
	+ ->with(new ListInput('#aliases'), function (Browser $browser) {
	+ $browser->assertListInputValue(['julia.roberts2@kolab.org'])
	+ ->addListEntry('invalid address')
	+ ->type('.input-group:nth-child(2) input', '@kolab.org');
	+ })
	+ ->click('button[type=submit]')
	+ ->assertToast(Toast::TYPE_ERROR, 'Form validation error')
	+ ->with(new ListInput('#aliases'), function (Browser $browser) {
	+ $browser->assertVisible('.input-group:nth-child(2) input.is-invalid')
	+ ->assertVisible('.input-group:nth-child(3) input.is-invalid')
	+ ->type('.input-group:nth-child(2) input', 'julia.roberts3@kolab.org')
	+ ->type('.input-group:nth-child(3) input', 'julia.roberts4@kolab.org');
	+ })
	+ ->click('button[type=submit]')
	+ ->assertToast(Toast::TYPE_SUCCESS, 'User data updated successfully.');
	+
	+ $julia = User::where('email', 'julia.roberts@kolab.org')->first();
	+ $aliases = $julia->aliases()->orderBy('alias')->get()->pluck('alias')->all();
	+ $this->assertSame(['julia.roberts3@kolab.org', 'julia.roberts4@kolab.org'], $aliases);
	});
	}

	@@ -477,7 +501,8 @@
	->submitLogon('jack@kolab.org', 'simple123', true)
	->visit(new UserList())
	->whenAvailable('@table', function (Browser $browser) {
	- $browser->assertElementsCount('tbody tr', 0);
	+ $browser->assertElementsCount('tbody tr', 0)
	+ ->assertSeeIn('tfoot td', 'There are no users in this account.');
	});
	});

	@@ -516,6 +541,7 @@
	->on(new Home())
	->submitLogon('john@kolab.org', 'simple123', true)
	->visit(new UserList())
	+ ->waitFor('@table tr:nth-child(2)')
	->click('@table tr:nth-child(2) a')
	->on(new UserInfo())
	->with('@form', function (Browser $browser) {
	diff --git a/src/tests/Browser/WalletTest.php b/src/tests/Browser/WalletTest.php
	--- a/src/tests/Browser/WalletTest.php
	+++ b/src/tests/Browser/WalletTest.php
	@@ -174,7 +174,7 @@
	$this->assertTrue(strpos($filename, $receipts[0]) !== false);

	$content = $browser->readDownloadedFile($filename, 0);
	- $this->assertStringStartsWith("%PDF-1.3\n", $content);
	+ $this->assertStringStartsWith("%PDF-1.", $content);

	$browser->removeDownloadedFile($filename);
	});
	diff --git a/src/tests/Feature/Backends/LDAPTest.php b/src/tests/Feature/Backends/LDAPTest.php
	--- a/src/tests/Feature/Backends/LDAPTest.php
	+++ b/src/tests/Feature/Backends/LDAPTest.php
	@@ -11,6 +11,8 @@

	class LDAPTest extends TestCase
	{
	+ private $ldap_config = [];
	+
	/**
	* {@inheritDoc}
	*/
	@@ -18,7 +20,12 @@
	{
	parent::setUp();

	+ $this->ldap_config = [
	+ 'ldap.hosts' => \config('ldap.hosts'),
	+ ];
	+
	$this->deleteTestUser('user-ldap-test@' . \config('app.domain'));
	+ $this->deleteTestDomain('testldap.com');
	}

	/**
	@@ -26,11 +33,28 @@
	*/
	public function tearDown(): void
	{
	+ \config($this->ldap_config);
	+
	$this->deleteTestUser('user-ldap-test@' . \config('app.domain'));
	+ $this->deleteTestDomain('testldap.com');

	parent::tearDown();
	}

	+ /**
	+ * Test handling connection errors
	+ *
	+ * @group ldap
	+ */
	+ public function testConnectException(): void
	+ {
	+ \config(['ldap.hosts' => 'non-existing.host']);
	+
	+ $this->expectException(\Exception::class);
	+
	+ LDAP::connect();
	+ }
	+
	/**
	* Test creating/updating/deleting a domain record
	*
	@@ -38,7 +62,51 @@
	*/
	public function testDomain(): void
	{
	- $this->markTestIncomplete();
	+ Queue::fake();
	+
	+ $domain = $this->getTestDomain('testldap.com', [
	+ 'type' => Domain::TYPE_EXTERNAL,
	+ 'status' => Domain::STATUS_NEW \| Domain::STATUS_ACTIVE,
	+ ]);
	+
	+ // Create the domain
	+ LDAP::createDomain($domain);
	+
	+ $ldap_domain = LDAP::getDomain($domain->namespace);
	+
	+ $expected = [
	+ 'associateddomain' => $domain->namespace,
	+ 'inetdomainstatus' => $domain->status,
	+ 'objectclass' => [
	+ 'top',
	+ 'domainrelatedobject',
	+ 'inetdomain'
	+ ],
	+ ];
	+
	+ foreach ($expected as $attr => $value) {
	+ $this->assertEquals($value, isset($ldap_domain[$attr]) ? $ldap_domain[$attr] : null);
	+ }
	+
	+ // TODO: Test other attributes, aci, roles/ous
	+
	+ // Update the domain
	+ $domain->status \|= User::STATUS_LDAP_READY;
	+
	+ LDAP::updateDomain($domain);
	+
	+ $expected['inetdomainstatus'] = $domain->status;
	+
	+ $ldap_domain = LDAP::getDomain($domain->namespace);
	+
	+ foreach ($expected as $attr => $value) {
	+ $this->assertEquals($value, isset($ldap_domain[$attr]) ? $ldap_domain[$attr] : null);
	+ }
	+
	+ // Delete the domain
	+ LDAP::deleteDomain($domain);
	+
	+ $this->assertSame(null, LDAP::getDomain($domain->namespace));
	}

	/**
	@@ -68,7 +136,9 @@
	],
	'mail' => $user->email,
	'uid' => $user->email,
	- 'nsroledn' => null,
	+ 'nsroledn' => [
	+ 'cn=imap-user,' . \config('ldap.hosted.root_dn')
	+ ],
	'cn' => 'unknown',
	'displayname' => '',
	'givenname' => '',
	@@ -150,4 +220,41 @@

	$this->assertSame(null, LDAP::getUser($user->email));
	}
	+
	+ /**
	+ * Test handling update of a non-existing domain
	+ *
	+ * @group ldap
	+ */
	+ public function testUpdateDomainException(): void
	+ {
	+ $this->expectException(\Exception::class);
	+ $this->expectExceptionMessageMatches('/domain not found/');
	+
	+ $domain = new Domain([
	+ 'namespace' => 'testldap.com',
	+ 'type' => Domain::TYPE_EXTERNAL,
	+ 'status' => Domain::STATUS_NEW \| Domain::STATUS_ACTIVE,
	+ ]);
	+
	+ LDAP::updateDomain($domain);
	+ }
	+
	+ /**
	+ * Test handling update of a non-existing user
	+ *
	+ * @group ldap
	+ */
	+ public function testUpdateUserException(): void
	+ {
	+ $this->expectException(\Exception::class);
	+ $this->expectExceptionMessageMatches('/user not found/');
	+
	+ $user = new User([
	+ 'email' => 'test-non-existing-ldap@kolab.org',
	+ 'status' => User::STATUS_ACTIVE,
	+ ]);
	+
	+ LDAP::updateUser($user);
	+ }
	}
	diff --git a/src/tests/Feature/BillingTest.php b/src/tests/Feature/BillingTest.php
	--- a/src/tests/Feature/BillingTest.php
	+++ b/src/tests/Feature/BillingTest.php
	@@ -82,7 +82,10 @@
	*/
	public function testFullTrial(): void
	{
	- $this->backdateEntitlements($this->wallet->entitlements, Carbon::now()->subMonthsWithoutOverflow(1));
	+ $this->backdateEntitlements(
	+ $this->wallet->entitlements,
	+ Carbon::now()->subMonthsWithoutOverflow(1)
	+ );

	$this->assertEquals(999, $this->wallet->expectedCharges());
	}
	diff --git a/src/tests/Feature/Console/WalletChargeTest.php b/src/tests/Feature/Console/WalletChargeTest.php
	new file mode 100644
	--- /dev/null
	+++ b/src/tests/Feature/Console/WalletChargeTest.php
	@@ -0,0 +1,137 @@
	+<?php
	+
	+namespace Tests\Feature\Console;
	+
	+use Illuminate\Support\Facades\Queue;
	+use Tests\TestCase;
	+
	+class WalletChargeTest extends TestCase
	+{
	+ /**
	+ * {@inheritDoc}
	+ */
	+ public function setUp(): void
	+ {
	+ parent::setUp();
	+
	+ $this->deleteTestUser('wallet-charge@kolabnow.com');
	+ }
	+
	+ /**
	+ * {@inheritDoc}
	+ */
	+ public function tearDown(): void
	+ {
	+ $this->deleteTestUser('wallet-charge@kolabnow.com');
	+
	+ parent::tearDown();
	+ }
	+
	+ /**
	+ * Test command run for a specified wallet
	+ */
	+ public function testHandleSingle(): void
	+ {
	+ $user = $this->getTestUser('wallet-charge@kolabnow.com');
	+ $wallet = $user->wallets()->first();
	+ $wallet->balance = 0;
	+ $wallet->save();
	+
	+ Queue::fake();
	+
	+ // Non-existing wallet ID
	+ $this->artisan('wallet:charge 123')
	+ ->assertExitCode(1);
	+
	+ Queue::assertNothingPushed();
	+
	+ // The wallet has no entitlements, expect no charge and no check
	+ $this->artisan('wallet:charge ' . $wallet->id)
	+ ->assertExitCode(0);
	+
	+ Queue::assertNothingPushed();
	+
	+ // The wallet has no entitlements, but has negative balance
	+ $wallet->balance = -100;
	+ $wallet->save();
	+
	+ $this->artisan('wallet:charge ' . $wallet->id)
	+ ->assertExitCode(0);
	+
	+ Queue::assertPushed(\App\Jobs\WalletCharge::class, 0);
	+ Queue::assertPushed(\App\Jobs\WalletCheck::class, 1);
	+ Queue::assertPushed(\App\Jobs\WalletCheck::class, function ($job) use ($wallet) {
	+ $job_wallet = TestCase::getObjectProperty($job, 'wallet');
	+ return $job_wallet->id === $wallet->id;
	+ });
	+
	+ Queue::fake();
	+
	+ // The wallet has entitlements to charge, and negative balance
	+ $sku = \App\Sku::where('title', 'mailbox')->first();
	+ $entitlement = \App\Entitlement::create([
	+ 'wallet_id' => $wallet->id,
	+ 'sku_id' => $sku->id,
	+ 'cost' => 100,
	+ 'entitleable_id' => $user->id,
	+ 'entitleable_type' => \App\User::class,
	+ ]);
	+ \App\Entitlement::where('id', $entitlement->id)->update([
	+ 'created_at' => \Carbon\Carbon::now()->subMonths(1),
	+ 'updated_at' => \Carbon\Carbon::now()->subMonths(1),
	+ ]);
	+ \App\User::where('id', $user->id)->update([
	+ 'created_at' => \Carbon\Carbon::now()->subMonths(1),
	+ 'updated_at' => \Carbon\Carbon::now()->subMonths(1),
	+ ]);
	+
	+ $this->assertSame(100, $wallet->fresh()->chargeEntitlements(false));
	+
	+ $this->artisan('wallet:charge ' . $wallet->id)
	+ ->assertExitCode(0);
	+
	+ Queue::assertPushed(\App\Jobs\WalletCharge::class, 1);
	+ Queue::assertPushed(\App\Jobs\WalletCharge::class, function ($job) use ($wallet) {
	+ $job_wallet = TestCase::getObjectProperty($job, 'wallet');
	+ return $job_wallet->id === $wallet->id;
	+ });
	+
	+ Queue::assertPushed(\App\Jobs\WalletCheck::class, 1);
	+ Queue::assertPushed(\App\Jobs\WalletCheck::class, function ($job) use ($wallet) {
	+ $job_wallet = TestCase::getObjectProperty($job, 'wallet');
	+ return $job_wallet->id === $wallet->id;
	+ });
	+ }
	+
	+ /**
	+ * Test command run for all wallets
	+ */
	+ public function testHandleAll(): void
	+ {
	+ $user = $this->getTestUser('john@kolab.org');
	+ $wallet = $user->wallets()->first();
	+ $wallet->balance = 0;
	+ $wallet->save();
	+
	+ // backdate john's entitlements and set balance=0 for all wallets
	+ $this->backdateEntitlements($user->entitlements, \Carbon\Carbon::now()->subWeeks(5));
	+ \App\Wallet::where('balance', '<', '0')->update(['balance' => 0]);
	+
	+ Queue::fake();
	+
	+ // Non-existing wallet ID
	+ $this->artisan('wallet:charge')->assertExitCode(0);
	+
	+ Queue::assertPushed(\App\Jobs\WalletCheck::class, 1);
	+ Queue::assertPushed(\App\Jobs\WalletCheck::class, function ($job) use ($wallet) {
	+ $job_wallet = TestCase::getObjectProperty($job, 'wallet');
	+ return $job_wallet->id === $wallet->id;
	+ });
	+
	+ Queue::assertPushed(\App\Jobs\WalletCharge::class, 1);
	+ Queue::assertPushed(\App\Jobs\WalletCharge::class, function ($job) use ($wallet) {
	+ $job_wallet = TestCase::getObjectProperty($job, 'wallet');
	+ return $job_wallet->id === $wallet->id;
	+ });
	+ }
	+}
	diff --git a/src/tests/Feature/Controller/Admin/DomainsTest.php b/src/tests/Feature/Controller/Admin/DomainsTest.php
	--- a/src/tests/Feature/Controller/Admin/DomainsTest.php
	+++ b/src/tests/Feature/Controller/Admin/DomainsTest.php
	@@ -2,6 +2,8 @@

	namespace Tests\Feature\Controller\Admin;

	+use App\Domain;
	+use Illuminate\Support\Facades\Queue;
	use Tests\TestCase;

	class DomainsTest extends TestCase
	@@ -13,6 +15,8 @@
	{
	parent::setUp();
	self::useAdminUrl();
	+
	+ $this->deleteTestDomain('domainscontroller.com');
	}

	/**
	@@ -20,6 +24,8 @@
	*/
	public function tearDown(): void
	{
	+ $this->deleteTestDomain('domainscontroller.com');
	+
	parent::tearDown();
	}

	@@ -84,4 +90,70 @@
	$this->assertSame(0, $json['count']);
	$this->assertCount(0, $json['list']);
	}
	+
	+ /**
	+ * Test domain suspending (POST /api/v4/domains/<domain-id>/suspend)
	+ */
	+ public function testSuspend(): void
	+ {
	+ Queue::fake(); // disable jobs
	+
	+ $domain = $this->getTestDomain('domainscontroller.com', [
	+ 'status' => Domain::STATUS_NEW,
	+ 'type' => Domain::TYPE_EXTERNAL,
	+ ]);
	+ $user = $this->getTestUser('test@domainscontroller.com');
	+ $admin = $this->getTestUser('jeroen@jeroen.jeroen');
	+
	+ // Test unauthorized access to admin API
	+ $response = $this->actingAs($user)->post("/api/v4/domains/{$domain->id}/suspend", []);
	+ $response->assertStatus(403);
	+
	+ $this->assertFalse($domain->fresh()->isSuspended());
	+
	+ // Test suspending the user
	+ $response = $this->actingAs($admin)->post("/api/v4/domains/{$domain->id}/suspend", []);
	+ $response->assertStatus(200);
	+
	+ $json = $response->json();
	+
	+ $this->assertSame('success', $json['status']);
	+ $this->assertSame("Domain suspended successfully.", $json['message']);
	+ $this->assertCount(2, $json);
	+
	+ $this->assertTrue($domain->fresh()->isSuspended());
	+ }
	+
	+ /**
	+ * Test user un-suspending (POST /api/v4/users/<user-id>/unsuspend)
	+ */
	+ public function testUnsuspend(): void
	+ {
	+ Queue::fake(); // disable jobs
	+
	+ $domain = $this->getTestDomain('domainscontroller.com', [
	+ 'status' => Domain::STATUS_NEW \| Domain::STATUS_SUSPENDED,
	+ 'type' => Domain::TYPE_EXTERNAL,
	+ ]);
	+ $user = $this->getTestUser('test@domainscontroller.com');
	+ $admin = $this->getTestUser('jeroen@jeroen.jeroen');
	+
	+ // Test unauthorized access to admin API
	+ $response = $this->actingAs($user)->post("/api/v4/domains/{$domain->id}/unsuspend", []);
	+ $response->assertStatus(403);
	+
	+ $this->assertTrue($domain->fresh()->isSuspended());
	+
	+ // Test suspending the user
	+ $response = $this->actingAs($admin)->post("/api/v4/domains/{$domain->id}/unsuspend", []);
	+ $response->assertStatus(200);
	+
	+ $json = $response->json();
	+
	+ $this->assertSame('success', $json['status']);
	+ $this->assertSame("Domain unsuspended successfully.", $json['message']);
	+ $this->assertCount(2, $json);
	+
	+ $this->assertFalse($domain->fresh()->isSuspended());
	+ }
	}
	diff --git a/src/tests/Feature/Controller/Admin/UsersTest.php b/src/tests/Feature/Controller/Admin/UsersTest.php
	--- a/src/tests/Feature/Controller/Admin/UsersTest.php
	+++ b/src/tests/Feature/Controller/Admin/UsersTest.php
	@@ -2,6 +2,8 @@

	namespace Tests\Feature\Controller\Admin;

	+use App\Auth\SecondFactor;
	+use App\Sku;
	use Illuminate\Support\Facades\Queue;
	use Tests\TestCase;

	@@ -16,6 +18,8 @@
	self::useAdminUrl();

	$this->deleteTestUser('UsersControllerTest1@userscontroller.com');
	+ $this->deleteTestUser('test@testsearch.com');
	+ $this->deleteTestDomain('testsearch.com');

	$jack = $this->getTestUser('jack@kolab.org');
	$jack->setSetting('external_email', null);
	@@ -27,6 +31,8 @@
	public function tearDown(): void
	{
	$this->deleteTestUser('UsersControllerTest1@userscontroller.com');
	+ $this->deleteTestUser('test@testsearch.com');
	+ $this->deleteTestDomain('testsearch.com');

	$jack = $this->getTestUser('jack@kolab.org');
	$jack->setSetting('external_email', null);
	@@ -144,6 +150,87 @@

	$this->assertSame(0, $json['count']);
	$this->assertCount(0, $json['list']);
	+
	+ // Deleted users/domains
	+ $domain = $this->getTestDomain('testsearch.com', ['type' => \App\Domain::TYPE_EXTERNAL]);
	+ $user = $this->getTestUser('test@testsearch.com');
	+ $plan = \App\Plan::where('title', 'group')->first();
	+ $user->assignPlan($plan, $domain);
	+ $user->setAliases(['alias@testsearch.com']);
	+ Queue::fake();
	+ $user->delete();
	+
	+ $response = $this->actingAs($admin)->get("api/v4/users?search=test@testsearch.com");
	+ $response->assertStatus(200);
	+
	+ $json = $response->json();
	+
	+ $this->assertSame(1, $json['count']);
	+ $this->assertCount(1, $json['list']);
	+ $this->assertSame($user->id, $json['list'][0]['id']);
	+ $this->assertSame($user->email, $json['list'][0]['email']);
	+ $this->assertTrue($json['list'][0]['isDeleted']);
	+
	+ $response = $this->actingAs($admin)->get("api/v4/users?search=alias@testsearch.com");
	+ $response->assertStatus(200);
	+
	+ $json = $response->json();
	+
	+ $this->assertSame(1, $json['count']);
	+ $this->assertCount(1, $json['list']);
	+ $this->assertSame($user->id, $json['list'][0]['id']);
	+ $this->assertSame($user->email, $json['list'][0]['email']);
	+ $this->assertTrue($json['list'][0]['isDeleted']);
	+
	+ $response = $this->actingAs($admin)->get("api/v4/users?search=testsearch.com");
	+ $response->assertStatus(200);
	+
	+ $json = $response->json();
	+
	+ $this->assertSame(1, $json['count']);
	+ $this->assertCount(1, $json['list']);
	+ $this->assertSame($user->id, $json['list'][0]['id']);
	+ $this->assertSame($user->email, $json['list'][0]['email']);
	+ $this->assertTrue($json['list'][0]['isDeleted']);
	+ }
	+
	+ /**
	+ * Test reseting 2FA (POST /api/v4/users/<user-id>/reset2FA)
	+ */
	+ public function testReset2FA(): void
	+ {
	+ $user = $this->getTestUser('UsersControllerTest1@userscontroller.com');
	+ $admin = $this->getTestUser('jeroen@jeroen.jeroen');
	+
	+ $sku2fa = Sku::firstOrCreate(['title' => '2fa']);
	+ $user->assignSku($sku2fa);
	+ SecondFactor::seed('userscontrollertest1@userscontroller.com');
	+
	+ // Test unauthorized access to admin API
	+ $response = $this->actingAs($user)->post("/api/v4/users/{$user->id}/reset2FA", []);
	+ $response->assertStatus(403);
	+
	+ $entitlements = $user->fresh()->entitlements()->where('sku_id', $sku2fa->id)->get();
	+ $this->assertCount(1, $entitlements);
	+
	+ $sf = new SecondFactor($user);
	+ $this->assertCount(1, $sf->factors());
	+
	+ // Test reseting 2FA
	+ $response = $this->actingAs($admin)->post("/api/v4/users/{$user->id}/reset2FA", []);
	+ $response->assertStatus(200);
	+
	+ $json = $response->json();
	+
	+ $this->assertSame('success', $json['status']);
	+ $this->assertSame("2-Factor authentication reset successfully.", $json['message']);
	+ $this->assertCount(2, $json);
	+
	+ $entitlements = $user->fresh()->entitlements()->where('sku_id', $sku2fa->id)->get();
	+ $this->assertCount(0, $entitlements);
	+
	+ $sf = new SecondFactor($user);
	+ $this->assertCount(0, $sf->factors());
	}

	/**
	diff --git a/src/tests/Feature/Controller/Admin/WalletsTest.php b/src/tests/Feature/Controller/Admin/WalletsTest.php
	--- a/src/tests/Feature/Controller/Admin/WalletsTest.php
	+++ b/src/tests/Feature/Controller/Admin/WalletsTest.php
	@@ -63,7 +63,7 @@
	$this->assertTrue(empty($json['description']));
	$this->assertTrue(empty($json['discount_description']));
	$this->assertTrue(!empty($json['provider']));
	- $this->assertTrue(!empty($json['providerLink']));
	+ $this->assertTrue(empty($json['providerLink']));
	$this->assertTrue(!empty($json['mandate']));
	}

	diff --git a/src/tests/Feature/Controller/AuthTest.php b/src/tests/Feature/Controller/AuthTest.php
	--- a/src/tests/Feature/Controller/AuthTest.php
	+++ b/src/tests/Feature/Controller/AuthTest.php
	@@ -52,8 +52,27 @@
	$this->assertTrue(is_array($json['statusInfo']));
	$this->assertTrue(is_array($json['settings']));
	$this->assertTrue(is_array($json['aliases']));
	+ $this->assertTrue(!isset($json['access_token']));

	// Note: Details of the content are tested in testUserResponse()
	+
	+ // Test token refresh via the info request
	+ // First we log in as we need the token (actingAs() will not work)
	+ $post = ['email' => 'john@kolab.org', 'password' => 'simple123'];
	+ $response = $this->post("api/auth/login", $post);
	+ $json = $response->json();
	+ $response = $this->withHeaders(['Authorization' => 'Bearer ' . $json['access_token']])
	+ ->get("api/auth/info?refresh_token=1");
	+ $response->assertStatus(200);
	+
	+ $json = $response->json();
	+
	+ $this->assertEquals('john@kolab.org', $json['email']);
	+ $this->assertTrue(is_array($json['statusInfo']));
	+ $this->assertTrue(is_array($json['settings']));
	+ $this->assertTrue(is_array($json['aliases']));
	+ $this->assertTrue(!empty($json['access_token']));
	+ $this->assertTrue(!empty($json['expires_in']));
	}

	/**
	@@ -91,6 +110,16 @@
	$this->assertEquals(\config('jwt.ttl') * 60, $json['expires_in']);
	$this->assertEquals('bearer', $json['token_type']);

	+ // Valid user+password (upper-case)
	+ $post = ['email' => 'John@Kolab.org', 'password' => 'simple123'];
	+ $response = $this->post("api/auth/login", $post);
	+ $json = $response->json();
	+
	+ $response->assertStatus(200);
	+ $this->assertTrue(!empty($json['access_token']));
	+ $this->assertEquals(\config('jwt.ttl') * 60, $json['expires_in']);
	+ $this->assertEquals('bearer', $json['token_type']);
	+
	// TODO: We have browser tests for 2FA but we should probably also test it here

	return $json['access_token'];
	diff --git a/src/tests/Feature/Controller/UsersTest.php b/src/tests/Feature/Controller/UsersTest.php
	--- a/src/tests/Feature/Controller/UsersTest.php
	+++ b/src/tests/Feature/Controller/UsersTest.php
	@@ -29,6 +29,8 @@
	$this->deleteTestUser('UsersControllerTest3@userscontroller.com');
	$this->deleteTestUser('UserEntitlement2A@UserEntitlement.com');
	$this->deleteTestUser('john2.doe2@kolab.org');
	+ $this->deleteTestUser('deleted@kolab.org');
	+ $this->deleteTestUser('deleted@kolabnow.com');
	$this->deleteTestDomain('userscontroller.com');

	$user = $this->getTestUser('john@kolab.org');
	@@ -51,6 +53,8 @@
	$this->deleteTestUser('UsersControllerTest3@userscontroller.com');
	$this->deleteTestUser('UserEntitlement2A@UserEntitlement.com');
	$this->deleteTestUser('john2.doe2@kolab.org');
	+ $this->deleteTestUser('deleted@kolab.org');
	+ $this->deleteTestUser('deleted@kolabnow.com');
	$this->deleteTestDomain('userscontroller.com');

	$user = $this->getTestUser('john@kolab.org');
	@@ -414,6 +418,8 @@
	{
	$jack = $this->getTestUser('jack@kolab.org');
	$john = $this->getTestUser('john@kolab.org');
	+ $deleted_priv = $this->getTestUser('deleted@kolab.org');
	+ $deleted_priv->delete();

	// Test empty request
	$response = $this->actingAs($john)->post("/api/v4/users", []);
	@@ -477,7 +483,7 @@
	'last_name' => 'Doe2',
	'email' => 'john2.doe2@kolab.org',
	'organization' => 'TestOrg',
	- 'aliases' => ['useralias1@kolab.org', 'useralias2@kolab.org'],
	+ 'aliases' => ['useralias1@kolab.org', 'deleted@kolab.org'],
	];

	// Missing package
	@@ -519,8 +525,8 @@
	$this->assertSame('TestOrg', $user->getSetting('organization'));
	$aliases = $user->aliases()->orderBy('alias')->get();
	$this->assertCount(2, $aliases);
	- $this->assertSame('useralias1@kolab.org', $aliases[0]->alias);
	- $this->assertSame('useralias2@kolab.org', $aliases[1]->alias);
	+ $this->assertSame('deleted@kolab.org', $aliases[0]->alias);
	+ $this->assertSame('useralias1@kolab.org', $aliases[1]->alias);
	// Assert the new user entitlements
	$this->assertUserEntitlements($user, ['groupware', 'mailbox', 'storage', 'storage']);
	// Assert the wallet to which the new user should be assigned to
	@@ -649,11 +655,14 @@
	$this->assertCount(1, $aliases);
	$this->assertSame('useralias2@' . \config('app.domain'), $aliases[0]->alias);

	- // Test error on setting an alias to other user's domain
	- // and missing password confirmation
	+ // Test error on some invalid aliases missing password confirmation
	$post = [
	'password' => 'simple123',
	- 'aliases' => ['useralias2@' . \config('app.domain'), 'useralias1@kolab.org']
	+ 'aliases' => [
	+ 'useralias2@' . \config('app.domain'),
	+ 'useralias1@kolab.org',
	+ '@kolab.org',
	+ ]
	];

	$response = $this->actingAs($userA)->put("/api/v4/users/{$userA->id}", $post);
	@@ -663,8 +672,9 @@

	$this->assertSame('error', $json['status']);
	$this->assertCount(2, $json['errors']);
	- $this->assertCount(1, $json['errors']['aliases']);
	+ $this->assertCount(2, $json['errors']['aliases']);
	$this->assertSame("The specified domain is not available.", $json['errors']['aliases'][1]);
	+ $this->assertSame("The specified alias is invalid.", $json['errors']['aliases'][2]);
	$this->assertSame("The password confirmation does not match.", $json['errors']['password'][0]);

	// Test authorized update of other user
	@@ -903,6 +913,11 @@
	$this->assertSame($wallet->id, $result['wallet']['id']);
	$this->assertArrayNotHasKey('discount', $result['wallet']);

	+ $this->assertTrue($result['statusInfo']['enableDomains']);
	+ $this->assertTrue($result['statusInfo']['enableWallets']);
	+ $this->assertTrue($result['statusInfo']['enableUsers']);
	+
	+ // Ned is John's wallet controller
	$ned = $this->getTestUser('ned@kolab.org');
	$ned_wallet = $ned->wallets()->first();
	$result = $this->invokeMethod(new UsersController(), 'userResponse', [$ned]);
	@@ -919,6 +934,10 @@
	$this->assertSame($provider, $result['wallet']['provider']);
	$this->assertSame($provider, $result['wallets'][0]['provider']);

	+ $this->assertTrue($result['statusInfo']['enableDomains']);
	+ $this->assertTrue($result['statusInfo']['enableWallets']);
	+ $this->assertTrue($result['statusInfo']['enableUsers']);
	+
	// Test discount in a response
	$discount = Discount::where('code', 'TEST')->first();
	$wallet->discount()->associate($discount);
	@@ -938,6 +957,14 @@
	$this->assertSame($discount->discount, $result['wallets'][0]['discount']);
	$this->assertSame($discount->description, $result['wallets'][0]['discount_description']);
	$this->assertSame($mod_provider, $result['wallets'][0]['provider']);
	+
	+ // Jack is not a John's wallet controller
	+ $jack = $this->getTestUser('jack@kolab.org');
	+ $result = $this->invokeMethod(new UsersController(), 'userResponse', [$jack]);
	+
	+ $this->assertFalse($result['statusInfo']['enableDomains']);
	+ $this->assertFalse($result['statusInfo']['enableWallets']);
	+ $this->assertFalse($result['statusInfo']['enableUsers']);
	}

	/**
	@@ -1004,4 +1031,38 @@

	$this->assertSame($expected_result, $result);
	}
	+
	+ /**
	+ * User email/alias validation - more cases.
	+ *
	+ * Note: Technically these include unit tests, but let's keep it here for now.
	+ * FIXME: Shall we do a http request for each case?
	+ */
	+ public function testValidateEmail2(): void
	+ {
	+ Queue::fake();
	+
	+ $john = $this->getTestUser('john@kolab.org');
	+ $jack = $this->getTestUser('jack@kolab.org');
	+ $user = $this->getTestUser('UsersControllerTest1@userscontroller.com');
	+ $deleted_priv = $this->getTestUser('deleted@kolab.org');
	+ $deleted_priv->setAliases(['deleted-alias@kolab.org']);
	+ $deleted_priv->delete();
	+ $deleted_pub = $this->getTestUser('deleted@kolabnow.com');
	+ $deleted_pub->setAliases(['deleted-alias@kolabnow.com']);
	+ $deleted_pub->delete();
	+
	+ // An alias that was a user email before is allowed, but only for custom domains
	+ $result = UsersController::validateEmail('deleted@kolab.org', $john, true);
	+ $this->assertSame(null, $result);
	+
	+ $result = UsersController::validateEmail('deleted-alias@kolab.org', $john, true);
	+ $this->assertSame(null, $result);
	+
	+ $result = UsersController::validateEmail('deleted@kolabnow.com', $john, true);
	+ $this->assertSame('The specified alias is not available.', $result);
	+
	+ $result = UsersController::validateEmail('deleted-alias@kolabnow.com', $john, true);
	+ $this->assertSame('The specified alias is not available.', $result);
	+ }
	}
	diff --git a/src/tests/Feature/Controller/WalletsTest.php b/src/tests/Feature/Controller/WalletsTest.php
	--- a/src/tests/Feature/Controller/WalletsTest.php
	+++ b/src/tests/Feature/Controller/WalletsTest.php
	@@ -64,7 +64,10 @@

	$this->assertSame('You are out of credit, top up your balance now.', $notice);

	- // User/entitlements created today, balance=-9,99 CHF (monthly cost)
	+ // User/entitlements created slightly more than a month ago, balance=9,99 CHF (monthly)
	+ $wallet->owner->created_at = Carbon::now()->subMonthsWithoutOverflow(1)->subDays(1);
	+ $wallet->owner->save();
	+
	$wallet->balance = 999;
	$notice = $method->invoke($controller, $wallet);

	@@ -119,7 +122,7 @@

	$length = $response->headers->get('content-length');
	$content = $response->content();
	- $this->assertStringStartsWith("%PDF-1.3\n", $content);
	+ $this->assertStringStartsWith("%PDF-1.", $content);
	$this->assertEquals(strlen($content), $length);
	}

	diff --git a/src/tests/Feature/Documents/ReceiptTest.php b/src/tests/Feature/Documents/ReceiptTest.php
	--- a/src/tests/Feature/Documents/ReceiptTest.php
	+++ b/src/tests/Feature/Documents/ReceiptTest.php
	@@ -85,7 +85,7 @@
	$customerExpected = "Firstname Lastname\nTest Unicode Straße 150\n10115 Berlin";
	$this->assertSame($customerExpected, $this->getNodeContent($customerCells[0]));
	$customerIdents = $this->getNodeContent($customerCells[1]);
	- $this->assertTrue(strpos($customerIdents, "Account ID {$wallet->id}") !== false);
	+ //$this->assertTrue(strpos($customerIdents, "Account ID {$wallet->id}") !== false);
	$this->assertTrue(strpos($customerIdents, "Customer No. {$wallet->owner->id}") !== false);

	// Company details in the footer
	@@ -156,7 +156,7 @@
	$receipt = new Receipt($wallet, 2020, 5);
	$pdf = $receipt->PdfOutput();

	- $this->assertStringStartsWith("%PDF-1.3\n", $pdf);
	+ $this->assertStringStartsWith("%PDF-1.", $pdf);
	$this->assertTrue(strlen($pdf) > 5000);

	// TODO: Test the content somehow
	diff --git a/src/tests/Feature/DomainOwnerTest.php b/src/tests/Feature/DomainOwnerTest.php
	--- a/src/tests/Feature/DomainOwnerTest.php
	+++ b/src/tests/Feature/DomainOwnerTest.php
	@@ -9,6 +9,9 @@

	class DomainOwnerTest extends TestCase
	{
	+ /**
	+ * {@inheritDoc}
	+ */
	public function setUp(): void
	{
	parent::setUp();
	@@ -16,6 +19,9 @@
	$this->deleteTestUser('jane@kolab.org');
	}

	+ /**
	+ * {@inheritDoc}
	+ */
	public function tearDown(): void
	{
	$this->deleteTestUser('jane@kolab.org');
	diff --git a/src/tests/Feature/DomainTest.php b/src/tests/Feature/DomainTest.php
	--- a/src/tests/Feature/DomainTest.php
	+++ b/src/tests/Feature/DomainTest.php
	@@ -23,6 +23,9 @@
	'ci-failure-none.kolab.org',
	];

	+ /**
	+ * {@inheritDoc}
	+ */
	public function setUp(): void
	{
	parent::setUp();
	@@ -32,6 +35,9 @@
	}
	}

	+ /**
	+ * {@inheritDoc}
	+ */
	public function tearDown(): void
	{
	foreach ($this->domains as $domain) {
	diff --git a/src/tests/Feature/EntitlementTest.php b/src/tests/Feature/EntitlementTest.php
	--- a/src/tests/Feature/EntitlementTest.php
	+++ b/src/tests/Feature/EntitlementTest.php
	@@ -2,7 +2,6 @@

	namespace Tests\Feature;

	-use App\Auth\SecondFactor;
	use App\Domain;
	use App\Entitlement;
	use App\Package;
	@@ -13,7 +12,9 @@

	class EntitlementTest extends TestCase
	{
	-
	+ /**
	+ * {@inheritDoc}
	+ */
	public function setUp(): void
	{
	parent::setUp();
	@@ -23,6 +24,9 @@
	$this->deleteTestDomain('custom-domain.com');
	}

	+ /**
	+ * {@inheritDoc}
	+ */
	public function tearDown(): void
	{
	$this->deleteTestUser('entitlement-test@kolabnow.com');
	@@ -146,18 +150,32 @@

	$wallet = $user->wallets()->first();

	- $this->backdateEntitlements($user->entitlements, Carbon::now()->subWeeks(7));
	+ $backdate = Carbon::now()->subWeeks(7);
	+ $this->backdateEntitlements($user->entitlements, $backdate);

	$charge = $wallet->chargeEntitlements();

	- $this->assertTrue($wallet->balance < 0);
	+ $this->assertSame(-1099, $wallet->balance);

	$balance = $wallet->balance;
	+ $discount = \App\Discount::where('discount', 30)->first();
	+ $wallet->discount()->associate($discount);
	+ $wallet->save();

	$user->removeSku($storage, 4);

	- // we expect the wallet to have been charged.
	- $this->assertTrue($wallet->fresh()->balance < $balance);
	+ // we expect the wallet to have been charged for ~3 weeks of use of
	+ // 4 deleted storage entitlements, it should also take discount into account
	+ $backdate->addMonthsWithoutOverflow(1);
	+ $diffInDays = $backdate->diffInDays(Carbon::now());
	+
	+ // entitlements-num * cost * discount * days-in-month
	+ $max = intval(4 * 25 * 0.7 * $diffInDays / 28);
	+ $min = intval(4 * 25 * 0.7 * $diffInDays / 31);
	+
	+ $wallet->refresh();
	+ $this->assertTrue($wallet->balance >= $balance - $max);
	+ $this->assertTrue($wallet->balance <= $balance - $min);

	$transactions = \App\Transaction::where('object_id', $wallet->id)
	->where('object_type', \App\Wallet::class)->get();
	diff --git a/src/tests/Feature/Jobs/PaymentEmailTest.php b/src/tests/Feature/Jobs/PaymentEmailTest.php
	--- a/src/tests/Feature/Jobs/PaymentEmailTest.php
	+++ b/src/tests/Feature/Jobs/PaymentEmailTest.php
	@@ -69,8 +69,8 @@
	Mail::assertSent(PaymentSuccess::class, 1);

	// Assert the mail was sent to the user's email
	- Mail::assertSent(PaymentSuccess::class, function ($mail) use ($user) {
	- return $mail->hasTo($user->email) && $mail->hasCc('ext@email.tld');
	+ Mail::assertSent(PaymentSuccess::class, function ($mail) {
	+ return $mail->hasTo('ext@email.tld') && !$mail->hasCc('ext@email.tld');
	});

	$payment->status = PaymentProvider::STATUS_FAILED;
	@@ -83,8 +83,8 @@
	Mail::assertSent(PaymentFailure::class, 1);

	// Assert the mail was sent to the user's email
	- Mail::assertSent(PaymentFailure::class, function ($mail) use ($user) {
	- return $mail->hasTo($user->email) && $mail->hasCc('ext@email.tld');
	+ Mail::assertSent(PaymentFailure::class, function ($mail) {
	+ return $mail->hasTo('ext@email.tld') && !$mail->hasCc('ext@email.tld');
	});

	$payment->status = PaymentProvider::STATUS_EXPIRED;
	diff --git a/src/tests/Feature/Jobs/PaymentMandateDisabledEmailTest.php b/src/tests/Feature/Jobs/PaymentMandateDisabledEmailTest.php
	--- a/src/tests/Feature/Jobs/PaymentMandateDisabledEmailTest.php
	+++ b/src/tests/Feature/Jobs/PaymentMandateDisabledEmailTest.php
	@@ -56,8 +56,8 @@
	Mail::assertSent(PaymentMandateDisabled::class, 1);

	// Assert the mail was sent to the user's email
	- Mail::assertSent(PaymentMandateDisabled::class, function ($mail) use ($user) {
	- return $mail->hasTo($user->email) && $mail->hasCc('ext@email.tld');
	+ Mail::assertSent(PaymentMandateDisabled::class, function ($mail) {
	+ return $mail->hasTo('ext@email.tld') && !$mail->hasCc('ext@email.tld');
	});
	}
	}
	diff --git a/src/tests/Feature/Jobs/UserUpdateTest.php b/src/tests/Feature/Jobs/UserUpdateTest.php
	--- a/src/tests/Feature/Jobs/UserUpdateTest.php
	+++ b/src/tests/Feature/Jobs/UserUpdateTest.php
	@@ -19,6 +19,9 @@
	$this->deleteTestUser('new-job-user@' . \config('app.domain'));
	}

	+ /**
	+ * {@inheritDoc}
	+ */
	public function tearDown(): void
	{
	$this->deleteTestUser('new-job-user@' . \config('app.domain'));
	diff --git a/src/tests/Feature/Jobs/UserVerifyTest.php b/src/tests/Feature/Jobs/UserVerifyTest.php
	--- a/src/tests/Feature/Jobs/UserVerifyTest.php
	+++ b/src/tests/Feature/Jobs/UserVerifyTest.php
	@@ -10,6 +10,9 @@

	class UserVerifyTest extends TestCase
	{
	+ /**
	+ * {@inheritDoc}
	+ */
	public function setUp(): void
	{
	parent::setUp();
	@@ -19,6 +22,9 @@
	$ned->save();
	}

	+ /**
	+ * {@inheritDoc}
	+ */
	public function tearDown(): void
	{
	$ned = $this->getTestUser('ned@kolab.org');
	diff --git a/src/tests/Feature/Jobs/WalletCheckTest.php b/src/tests/Feature/Jobs/WalletCheckTest.php
	new file mode 100644
	--- /dev/null
	+++ b/src/tests/Feature/Jobs/WalletCheckTest.php
	@@ -0,0 +1,275 @@
	+<?php
	+
	+namespace Tests\Feature\Jobs;
	+
	+use App\Jobs\WalletCheck;
	+use App\User;
	+use Carbon\Carbon;
	+use Illuminate\Support\Facades\Mail;
	+use Tests\TestCase;
	+
	+class WalletCheckTest extends TestCase
	+{
	+ /**
	+ * {@inheritDoc}
	+ */
	+ public function setUp(): void
	+ {
	+ parent::setUp();
	+
	+ $ned = $this->getTestUser('ned@kolab.org');
	+ if ($ned->isSuspended()) {
	+ $ned->status -= User::STATUS_SUSPENDED;
	+ $ned->save();
	+ }
	+
	+ $this->deleteTestUser('wallet-check@kolabnow.com');
	+ }
	+
	+ /**
	+ * {@inheritDoc}
	+ */
	+ public function tearDown(): void
	+ {
	+ $ned = $this->getTestUser('ned@kolab.org');
	+ if ($ned->isSuspended()) {
	+ $ned->status -= User::STATUS_SUSPENDED;
	+ $ned->save();
	+ }
	+
	+ $this->deleteTestUser('wallet-check@kolabnow.com');
	+
	+ parent::tearDown();
	+ }
	+
	+ /**
	+ * Test job handle, initial negative-balance notification
	+ */
	+ public function testHandleInitial(): void
	+ {
	+ Mail::fake();
	+
	+ $user = $this->getTestUser('ned@kolab.org');
	+ $user->setSetting('external_email', 'external@test.com');
	+ $wallet = $user->wallets()->first();
	+ $now = Carbon::now();
	+
	+ // Balance is not negative, double-update+save for proper resetting of the state
	+ $wallet->balance = -100;
	+ $wallet->save();
	+ $wallet->balance = 0;
	+ $wallet->save();
	+
	+ $job = new WalletCheck($wallet);
	+ $job->handle();
	+
	+ Mail::assertNothingSent();
	+
	+ // Balance is negative now
	+ $wallet->balance = -100;
	+ $wallet->save();
	+
	+ $job = new WalletCheck($wallet);
	+ $job->handle();
	+
	+ Mail::assertNothingSent();
	+
	+ // Balance turned negative 2 hours ago, expect mail sent
	+ $wallet->setSetting('balance_negative_since', $now->subHours(2)->toDateTimeString());
	+ $wallet->setSetting('balance_warning_initial', null);
	+
	+ $job = new WalletCheck($wallet);
	+ $job->handle();
	+
	+ // Assert the mail was sent to the user's email, but not to his external email
	+ Mail::assertSent(\App\Mail\NegativeBalance::class, 1);
	+ Mail::assertSent(\App\Mail\NegativeBalance::class, function ($mail) use ($user) {
	+ return $mail->hasTo($user->email) && !$mail->hasCc('external@test.com');
	+ });
	+
	+ // Run the job again to make sure the notification is not sent again
	+ Mail::fake();
	+ $job = new WalletCheck($wallet);
	+ $job->handle();
	+
	+ Mail::assertNothingSent();
	+
	+ // Test the migration scenario where a negative wallet has no balance_negative_since set yet
	+ Mail::fake();
	+ $wallet->setSetting('balance_negative_since', null);
	+ $wallet->setSetting('balance_warning_initial', null);
	+
	+ $job = new WalletCheck($wallet);
	+ $job->handle();
	+
	+ // Assert the mail was sent to the user's email, but not to his external email
	+ Mail::assertSent(\App\Mail\NegativeBalance::class, 1);
	+ Mail::assertSent(\App\Mail\NegativeBalance::class, function ($mail) use ($user) {
	+ return $mail->hasTo($user->email) && !$mail->hasCc('external@test.com');
	+ });
	+
	+ $wallet->refresh();
	+ $today_regexp = '/' . Carbon::now()->toDateString() . ' [0-9]{2}:[0-9]{2}:[0-9]{2}/';
	+ $this->assertRegExp($today_regexp, $wallet->getSetting('balance_negative_since'));
	+ $this->assertRegExp($today_regexp, $wallet->getSetting('balance_warning_initial'));
	+ }
	+
	+ /**
	+ * Test job handle, reminder notification
	+ *
	+ * @depends testHandleInitial
	+ */
	+ public function testHandleReminder(): void
	+ {
	+ Mail::fake();
	+
	+ $user = $this->getTestUser('ned@kolab.org');
	+ $user->setSetting('external_email', 'external@test.com');
	+ $wallet = $user->wallets()->first();
	+ $now = Carbon::now();
	+
	+ // Balance turned negative 7+1 days ago, expect mail sent
	+ $wallet->setSetting('balance_negative_since', $now->subDays(7 + 1)->toDateTimeString());
	+
	+ $job = new WalletCheck($wallet);
	+ $job->handle();
	+
	+ // Assert the mail was sent to the user's email, but not to his external email
	+ Mail::assertSent(\App\Mail\NegativeBalanceReminder::class, 1);
	+ Mail::assertSent(\App\Mail\NegativeBalanceReminder::class, function ($mail) use ($user) {
	+ return $mail->hasTo($user->email) && !$mail->hasCc('external@test.com');
	+ });
	+
	+ // Run the job again to make sure the notification is not sent again
	+ Mail::fake();
	+ $job = new WalletCheck($wallet);
	+ $job->handle();
	+
	+ Mail::assertNothingSent();
	+ }
	+
	+ /**
	+ * Test job handle, account suspending
	+ *
	+ * @depends testHandleReminder
	+ */
	+ public function testHandleSuspended(): void
	+ {
	+ Mail::fake();
	+
	+ $user = $this->getTestUser('ned@kolab.org');
	+ $user->setSetting('external_email', 'external@test.com');
	+ $wallet = $user->wallets()->first();
	+ $now = Carbon::now();
	+
	+ // Balance turned negative 7+14+1 days ago, expect mail sent
	+ $days = 7 + 14 + 1;
	+ $wallet->setSetting('balance_negative_since', $now->subDays($days)->toDateTimeString());
	+
	+ $job = new WalletCheck($wallet);
	+ $job->handle();
	+
	+ // Assert the mail was sent to the user's email, but not to his external email
	+ Mail::assertSent(\App\Mail\NegativeBalanceSuspended::class, 1);
	+ Mail::assertSent(\App\Mail\NegativeBalanceSuspended::class, function ($mail) use ($user) {
	+ return $mail->hasTo($user->email) && !$mail->hasCc('external@test.com');
	+ });
	+
	+ // Check that it has been suspended
	+ $this->assertTrue($user->fresh()->isSuspended());
	+
	+ // TODO: Test that group account members/domain are also being suspended
	+ /*
	+ foreach ($wallet->entitlements()->fresh()->get() as $entitlement) {
	+ if (
	+ $entitlement->entitleable_type == \App\Domain::class
	+ \|\| $entitlement->entitleable_type == \App\User::class
	+ ) {
	+ $this->assertTrue($entitlement->entitleable->isSuspended());
	+ }
	+ }
	+ */
	+
	+ // Run the job again to make sure the notification is not sent again
	+ Mail::fake();
	+ $job = new WalletCheck($wallet);
	+ $job->handle();
	+
	+ Mail::assertNothingSent();
	+ }
	+
	+ /**
	+ * Test job handle, final warning before delete
	+ *
	+ * @depends testHandleSuspended
	+ */
	+ public function testHandleBeforeDelete(): void
	+ {
	+ Mail::fake();
	+
	+ $user = $this->getTestUser('ned@kolab.org');
	+ $user->setSetting('external_email', 'external@test.com');
	+ $wallet = $user->wallets()->first();
	+ $now = Carbon::now();
	+
	+ // Balance turned negative 7+14+21-3+1 days ago, expect mail sent
	+ $days = 7 + 14 + 21 - 3 + 1;
	+ $wallet->setSetting('balance_negative_since', $now->subDays($days)->toDateTimeString());
	+
	+ $job = new WalletCheck($wallet);
	+ $job->handle();
	+
	+ // Assert the mail was sent to the user's email, and his external email
	+ Mail::assertSent(\App\Mail\NegativeBalanceBeforeDelete::class, 1);
	+ Mail::assertSent(\App\Mail\NegativeBalanceBeforeDelete::class, function ($mail) use ($user) {
	+ return $mail->hasTo($user->email) && $mail->hasCc('external@test.com');
	+ });
	+
	+ // Check that it has not been deleted yet
	+ $this->assertFalse($user->fresh()->isDeleted());
	+
	+ // Run the job again to make sure the notification is not sent again
	+ Mail::fake();
	+ $job = new WalletCheck($wallet);
	+ $job->handle();
	+
	+ Mail::assertNothingSent();
	+ }
	+
	+ /**
	+ * Test job handle, account delete
	+ *
	+ * @depends testHandleBeforeDelete
	+ */
	+ public function testHandleDelete(): void
	+ {
	+ Mail::fake();
	+
	+ $user = $this->getTestUser('wallet-check@kolabnow.com');
	+ $wallet = $user->wallets()->first();
	+ $wallet->balance = -100;
	+ $wallet->save();
	+ $now = Carbon::now();
	+
	+ $package = \App\Package::where('title', 'kolab')->first();
	+ $user->assignPackage($package);
	+
	+ $this->assertFalse($user->isDeleted());
	+ $this->assertCount(4, $user->entitlements()->get());
	+
	+ // Balance turned negative 7+14+21+1 days ago, expect mail sent
	+ $days = 7 + 14 + 21 + 1;
	+ $wallet->setSetting('balance_negative_since', $now->subDays($days)->toDateTimeString());
	+
	+ $job = new WalletCheck($wallet);
	+ $job->handle();
	+
	+ Mail::assertNothingSent();
	+
	+ // Check that it has not been deleted
	+ $this->assertTrue($user->fresh()->trashed());
	+ $this->assertCount(0, $user->entitlements()->get());
	+
	+ // TODO: Test it deletes all members of the group account
	+ }
	+}
	diff --git a/src/tests/Feature/UserTest.php b/src/tests/Feature/UserTest.php
	--- a/src/tests/Feature/UserTest.php
	+++ b/src/tests/Feature/UserTest.php
	@@ -331,6 +331,10 @@
	Queue::assertNothingPushed();

	$user = $this->getTestUser('UserAccountA@UserAccount.com');
	+ $domain = $this->getTestDomain('UserAccount.com', [
	+ 'status' => Domain::STATUS_NEW,
	+ 'type' => Domain::TYPE_HOSTED,
	+ ]);

	$this->assertCount(0, $user->aliases->all());

	@@ -369,6 +373,9 @@

	$this->assertCount(0, $user->aliases()->get());

	+ // The test below fail since we removed validation code from the UserAliasObserver
	+ $this->markTestIncomplete();
	+
	// Test sanity checks in UserAliasObserver
	Queue::fake();

	diff --git a/src/tests/Feature/WalletTest.php b/src/tests/Feature/WalletTest.php
	--- a/src/tests/Feature/WalletTest.php
	+++ b/src/tests/Feature/WalletTest.php
	@@ -44,6 +44,31 @@
	parent::tearDown();
	}

	+ /**
	+ * Test that turning wallet balance from negative to positive
	+ * unsuspends the account
	+ */
	+ public function testBalancePositiveUnsuspend(): void
	+ {
	+ $user = $this->getTestUser('UserWallet1@UserWallet.com');
	+ $user->suspend();
	+
	+ $wallet = $user->wallets()->first();
	+ $wallet->balance = -100;
	+ $wallet->save();
	+
	+ $this->assertTrue($user->isSuspended());
	+ $this->assertNotNull($wallet->getSetting('balance_negative_since'));
	+
	+ $wallet->balance = 100;
	+ $wallet->save();
	+
	+ $this->assertFalse($user->fresh()->isSuspended());
	+ $this->assertNull($wallet->getSetting('balance_negative_since'));
	+
	+ // TODO: Test group account and unsuspending domain/members
	+ }
	+
	/**
	* Test for Wallet::balanceLastsUntil()
	*/
	@@ -61,7 +86,10 @@
	// User/entitlements created today, balance=0
	$until = $wallet->balanceLastsUntil();

	- $this->assertSame(Carbon::now()->toDateString(), $until->toDateString());
	+ $this->assertSame(
	+ Carbon::now()->addMonthsWithoutOverflow(1)->toDateString(),
	+ $until->toDateString()
	+ );

	// User/entitlements created today, balance=-10 CHF
	$wallet->balance = -1000;
	@@ -76,7 +104,7 @@
	$daysInLastMonth = \App\Utils::daysInLastMonth();

	$this->assertSame(
	- Carbon::now()->addDays($daysInLastMonth)->toDateString(),
	+ Carbon::now()->addMonthsWithoutOverflow(1)->addDays($daysInLastMonth)->toDateString(),
	$until->toDateString()
	);

	diff --git a/src/tests/TestCase.php b/src/tests/TestCase.php
	--- a/src/tests/TestCase.php
	+++ b/src/tests/TestCase.php
	@@ -14,6 +14,10 @@
	$entitlement->created_at = $targetDate;
	$entitlement->updated_at = $targetDate;
	$entitlement->save();
	+
	+ $owner = $entitlement->wallet->owner;
	+ $owner->created_at = $targetDate;
	+ $owner->save();
	}
	}

	diff --git a/src/tests/Unit/Mail/HelperTest.php b/src/tests/Unit/Mail/HelperTest.php
	new file mode 100644
	--- /dev/null
	+++ b/src/tests/Unit/Mail/HelperTest.php
	@@ -0,0 +1,84 @@
	+<?php
	+
	+namespace Tests\Unit\Mail;
	+
	+use App\Mail\Helper;
	+use Tests\TestCase;
	+
	+class HelperTest extends TestCase
	+{
	+ /**
	+ * {@inheritDoc}
	+ */
	+ public function setUp(): void
	+ {
	+ parent::setUp();
	+ $this->deleteTestUser('mail-helper-test@kolabnow.com');
	+ }
	+
	+ /**
	+ * {@inheritDoc}
	+ */
	+ public function tearDown(): void
	+ {
	+ $this->deleteTestUser('mail-helper-test@kolabnow.com');
	+ parent::tearDown();
	+ }
	+
	+ /**
	+ * Test Helper::userEmails()
	+ */
	+ public function testUserEmails(): void
	+ {
	+ $user = $this->getTestUser('mail-helper-test@kolabnow.com');
	+
	+ // User with no mailbox and no external email
	+ list($to, $cc) = Helper::userEmails($user);
	+
	+ $this->assertSame(null, $to);
	+ $this->assertSame([], $cc);
	+
	+ list($to, $cc) = Helper::userEmails($user, true);
	+
	+ $this->assertSame(null, $to);
	+ $this->assertSame([], $cc);
	+
	+ // User with no mailbox but with external email
	+ $user->setSetting('external_email', 'external@test.com');
	+ list($to, $cc) = Helper::userEmails($user);
	+
	+ $this->assertSame('external@test.com', $to);
	+ $this->assertSame([], $cc);
	+
	+ list($to, $cc) = Helper::userEmails($user, true);
	+
	+ $this->assertSame('external@test.com', $to);
	+ $this->assertSame([], $cc);
	+
	+ // User with mailbox and external email
	+ $sku = \App\Sku::where('title', 'mailbox')->first();
	+ $user->assignSku($sku);
	+
	+ list($to, $cc) = Helper::userEmails($user);
	+
	+ $this->assertSame($user->email, $to);
	+ $this->assertSame([], $cc);
	+
	+ list($to, $cc) = Helper::userEmails($user, true);
	+
	+ $this->assertSame($user->email, $to);
	+ $this->assertSame(['external@test.com'], $cc);
	+
	+ // User with mailbox, but no external email
	+ $user->setSetting('external_email', null);
	+ list($to, $cc) = Helper::userEmails($user);
	+
	+ $this->assertSame($user->email, $to);
	+ $this->assertSame([], $cc);
	+
	+ list($to, $cc) = Helper::userEmails($user, true);
	+
	+ $this->assertSame($user->email, $to);
	+ $this->assertSame([], $cc);
	+ }
	+}
	diff --git a/src/tests/Unit/Mail/NegativeBalanceTest.php b/src/tests/Unit/Mail/NegativeBalanceBeforeDeleteTest.php
	copy from src/tests/Unit/Mail/NegativeBalanceTest.php
	copy to src/tests/Unit/Mail/NegativeBalanceBeforeDeleteTest.php
	--- a/src/tests/Unit/Mail/NegativeBalanceTest.php
	+++ b/src/tests/Unit/Mail/NegativeBalanceBeforeDeleteTest.php
	@@ -2,12 +2,14 @@

	namespace Tests\Unit\Mail;

	-use App\Mail\NegativeBalance;
	+use App\Jobs\WalletCheck;
	+use App\Mail\NegativeBalanceBeforeDelete;
	use App\User;
	+use App\Wallet;
	use Tests\MailInterceptTrait;
	use Tests\TestCase;

	-class NegativeBalanceTest extends TestCase
	+class NegativeBalanceBeforeDeleteTest extends TestCase
	{
	use MailInterceptTrait;

	@@ -16,13 +18,18 @@
	*/
	public function testBuild(): void
	{
	- $user = new User();
	+ $user = $this->getTestUser('ned@kolab.org');
	+ $wallet = $user->wallets->first();
	+ $wallet->balance = -100;
	+ $wallet->save();
	+
	+ $threshold = WalletCheck::threshold($wallet, WalletCheck::THRESHOLD_DELETE);

	\config([
	'app.support_url' => 'https://kolab.org/support',
	]);

	- $mail = $this->fakeMail(new NegativeBalance($user));
	+ $mail = $this->fakeMail(new NegativeBalanceBeforeDelete($wallet, $user));

	$html = $mail['html'];
	$plain = $mail['plain'];
	@@ -33,20 +40,22 @@
	$supportLink = sprintf('<a href="%s">%s</a>', $supportUrl, $supportUrl);
	$appName = \config('app.name');

	- $this->assertMailSubject("$appName Payment Reminder", $mail['message']);
	+ $this->assertMailSubject("$appName Final Warning", $mail['message']);

	$this->assertStringStartsWith('<!DOCTYPE html>', $html);
	$this->assertTrue(strpos($html, $user->name(true)) > 0);
	$this->assertTrue(strpos($html, $walletLink) > 0);
	$this->assertTrue(strpos($html, $supportLink) > 0);
	- $this->assertTrue(strpos($html, "behind on paying for your $appName account") > 0);
	+ $this->assertTrue(strpos($html, "This is a final reminder to settle your $appName") > 0);
	+ $this->assertTrue(strpos($html, $threshold->toDateString()) > 0);
	$this->assertTrue(strpos($html, "$appName Support") > 0);
	$this->assertTrue(strpos($html, "$appName Team") > 0);

	$this->assertStringStartsWith('Dear ' . $user->name(true), $plain);
	$this->assertTrue(strpos($plain, $walletUrl) > 0);
	$this->assertTrue(strpos($plain, $supportUrl) > 0);
	- $this->assertTrue(strpos($plain, "behind on paying for your $appName account") > 0);
	+ $this->assertTrue(strpos($plain, "This is a final reminder to settle your $appName") > 0);
	+ $this->assertTrue(strpos($plain, $threshold->toDateString()) > 0);
	$this->assertTrue(strpos($plain, "$appName Support") > 0);
	$this->assertTrue(strpos($plain, "$appName Team") > 0);
	}
	diff --git a/src/tests/Unit/Mail/NegativeBalanceTest.php b/src/tests/Unit/Mail/NegativeBalanceReminderTest.php
	copy from src/tests/Unit/Mail/NegativeBalanceTest.php
	copy to src/tests/Unit/Mail/NegativeBalanceReminderTest.php
	--- a/src/tests/Unit/Mail/NegativeBalanceTest.php
	+++ b/src/tests/Unit/Mail/NegativeBalanceReminderTest.php
	@@ -2,12 +2,14 @@

	namespace Tests\Unit\Mail;

	-use App\Mail\NegativeBalance;
	+use App\Jobs\WalletCheck;
	+use App\Mail\NegativeBalanceReminder;
	use App\User;
	+use App\Wallet;
	use Tests\MailInterceptTrait;
	use Tests\TestCase;

	-class NegativeBalanceTest extends TestCase
	+class NegativeBalanceReminderTest extends TestCase
	{
	use MailInterceptTrait;

	@@ -16,13 +18,18 @@
	*/
	public function testBuild(): void
	{
	- $user = new User();
	+ $user = $this->getTestUser('ned@kolab.org');
	+ $wallet = $user->wallets->first();
	+ $wallet->balance = -100;
	+ $wallet->save();
	+
	+ $threshold = WalletCheck::threshold($wallet, WalletCheck::THRESHOLD_SUSPEND);

	\config([
	'app.support_url' => 'https://kolab.org/support',
	]);

	- $mail = $this->fakeMail(new NegativeBalance($user));
	+ $mail = $this->fakeMail(new NegativeBalanceReminder($wallet, $user));

	$html = $mail['html'];
	$plain = $mail['plain'];
	@@ -39,14 +46,16 @@
	$this->assertTrue(strpos($html, $user->name(true)) > 0);
	$this->assertTrue(strpos($html, $walletLink) > 0);
	$this->assertTrue(strpos($html, $supportLink) > 0);
	- $this->assertTrue(strpos($html, "behind on paying for your $appName account") > 0);
	+ $this->assertTrue(strpos($html, "you are behind on paying for your $appName account") > 0);
	+ $this->assertTrue(strpos($html, $threshold->toDateString()) > 0);
	$this->assertTrue(strpos($html, "$appName Support") > 0);
	$this->assertTrue(strpos($html, "$appName Team") > 0);

	$this->assertStringStartsWith('Dear ' . $user->name(true), $plain);
	$this->assertTrue(strpos($plain, $walletUrl) > 0);
	$this->assertTrue(strpos($plain, $supportUrl) > 0);
	- $this->assertTrue(strpos($plain, "behind on paying for your $appName account") > 0);
	+ $this->assertTrue(strpos($plain, "you are behind on paying for your $appName account") > 0);
	+ $this->assertTrue(strpos($plain, $threshold->toDateString()) > 0);
	$this->assertTrue(strpos($plain, "$appName Support") > 0);
	$this->assertTrue(strpos($plain, "$appName Team") > 0);
	}
	diff --git a/src/tests/Unit/Mail/NegativeBalanceTest.php b/src/tests/Unit/Mail/NegativeBalanceSuspendedTest.php
	copy from src/tests/Unit/Mail/NegativeBalanceTest.php
	copy to src/tests/Unit/Mail/NegativeBalanceSuspendedTest.php
	--- a/src/tests/Unit/Mail/NegativeBalanceTest.php
	+++ b/src/tests/Unit/Mail/NegativeBalanceSuspendedTest.php
	@@ -2,12 +2,14 @@

	namespace Tests\Unit\Mail;

	-use App\Mail\NegativeBalance;
	+use App\Jobs\WalletCheck;
	+use App\Mail\NegativeBalanceSuspended;
	use App\User;
	+use App\Wallet;
	use Tests\MailInterceptTrait;
	use Tests\TestCase;

	-class NegativeBalanceTest extends TestCase
	+class NegativeBalanceSuspendedTest extends TestCase
	{
	use MailInterceptTrait;

	@@ -16,13 +18,18 @@
	*/
	public function testBuild(): void
	{
	- $user = new User();
	+ $user = $this->getTestUser('ned@kolab.org');
	+ $wallet = $user->wallets->first();
	+ $wallet->balance = -100;
	+ $wallet->save();
	+
	+ $threshold = WalletCheck::threshold($wallet, WalletCheck::THRESHOLD_DELETE);

	\config([
	'app.support_url' => 'https://kolab.org/support',
	]);

	- $mail = $this->fakeMail(new NegativeBalance($user));
	+ $mail = $this->fakeMail(new NegativeBalanceSuspended($wallet, $user));

	$html = $mail['html'];
	$plain = $mail['plain'];
	@@ -33,20 +40,22 @@
	$supportLink = sprintf('<a href="%s">%s</a>', $supportUrl, $supportUrl);
	$appName = \config('app.name');

	- $this->assertMailSubject("$appName Payment Reminder", $mail['message']);
	+ $this->assertMailSubject("$appName Account Suspended", $mail['message']);

	$this->assertStringStartsWith('<!DOCTYPE html>', $html);
	$this->assertTrue(strpos($html, $user->name(true)) > 0);
	$this->assertTrue(strpos($html, $walletLink) > 0);
	$this->assertTrue(strpos($html, $supportLink) > 0);
	- $this->assertTrue(strpos($html, "behind on paying for your $appName account") > 0);
	+ $this->assertTrue(strpos($html, "Your $appName account has been suspended") > 0);
	+ $this->assertTrue(strpos($html, $threshold->toDateString()) > 0);
	$this->assertTrue(strpos($html, "$appName Support") > 0);
	$this->assertTrue(strpos($html, "$appName Team") > 0);

	$this->assertStringStartsWith('Dear ' . $user->name(true), $plain);
	$this->assertTrue(strpos($plain, $walletUrl) > 0);
	$this->assertTrue(strpos($plain, $supportUrl) > 0);
	- $this->assertTrue(strpos($plain, "behind on paying for your $appName account") > 0);
	+ $this->assertTrue(strpos($plain, "Your $appName account has been suspended") > 0);
	+ $this->assertTrue(strpos($plain, $threshold->toDateString()) > 0);
	$this->assertTrue(strpos($plain, "$appName Support") > 0);
	$this->assertTrue(strpos($plain, "$appName Team") > 0);
	}
	diff --git a/src/tests/Unit/Mail/NegativeBalanceTest.php b/src/tests/Unit/Mail/NegativeBalanceTest.php
	--- a/src/tests/Unit/Mail/NegativeBalanceTest.php
	+++ b/src/tests/Unit/Mail/NegativeBalanceTest.php
	@@ -4,6 +4,7 @@

	use App\Mail\NegativeBalance;
	use App\User;
	+use App\Wallet;
	use Tests\MailInterceptTrait;
	use Tests\TestCase;

	@@ -17,12 +18,13 @@
	public function testBuild(): void
	{
	$user = new User();
	+ $wallet = new Wallet();

	\config([
	'app.support_url' => 'https://kolab.org/support',
	]);

	- $mail = $this->fakeMail(new NegativeBalance($user));
	+ $mail = $this->fakeMail(new NegativeBalance($wallet, $user));

	$html = $mail['html'];
	$plain = $mail['plain'];
	@@ -33,20 +35,20 @@
	$supportLink = sprintf('<a href="%s">%s</a>', $supportUrl, $supportUrl);
	$appName = \config('app.name');

	- $this->assertMailSubject("$appName Payment Reminder", $mail['message']);
	+ $this->assertMailSubject("$appName Payment Required", $mail['message']);

	$this->assertStringStartsWith('<!DOCTYPE html>', $html);
	$this->assertTrue(strpos($html, $user->name(true)) > 0);
	$this->assertTrue(strpos($html, $walletLink) > 0);
	$this->assertTrue(strpos($html, $supportLink) > 0);
	- $this->assertTrue(strpos($html, "behind on paying for your $appName account") > 0);
	+ $this->assertTrue(strpos($html, "your $appName account balance has run into the nega") > 0);
	$this->assertTrue(strpos($html, "$appName Support") > 0);
	$this->assertTrue(strpos($html, "$appName Team") > 0);

	$this->assertStringStartsWith('Dear ' . $user->name(true), $plain);
	$this->assertTrue(strpos($plain, $walletUrl) > 0);
	$this->assertTrue(strpos($plain, $supportUrl) > 0);
	- $this->assertTrue(strpos($plain, "behind on paying for your $appName account") > 0);
	+ $this->assertTrue(strpos($plain, "your $appName account balance has run into the nega") > 0);
	$this->assertTrue(strpos($plain, "$appName Support") > 0);
	$this->assertTrue(strpos($plain, "$appName Team") > 0);
	}
	diff --git a/src/tests/Unit/Mail/PasswordResetTest.php b/src/tests/Unit/Mail/PasswordResetTest.php
	--- a/src/tests/Unit/Mail/PasswordResetTest.php
	+++ b/src/tests/Unit/Mail/PasswordResetTest.php
	@@ -34,7 +34,7 @@
	$html = $mail['html'];
	$plain = $mail['plain'];

	- $url = Utils::serviceUrl('/login/reset/' . $code->short_code . '-' . $code->code);
	+ $url = Utils::serviceUrl('/password-reset/' . $code->short_code . '-' . $code->code);
	$link = "<a href=\"$url\">$url</a>";
	$appName = \config('app.name');

	diff --git a/src/tests/Unit/UtilsTest.php b/src/tests/Unit/UtilsTest.php
	--- a/src/tests/Unit/UtilsTest.php
	+++ b/src/tests/Unit/UtilsTest.php
	@@ -9,10 +9,8 @@
	{
	/**
	* Test for Utils::powerSet()
	- *
	- * @return void
	*/
	- public function testPowerSet()
	+ public function testPowerSet(): void
	{
	$set = [];

	@@ -54,12 +52,37 @@
	$this->assertTrue(in_array(["a1", "a2", "a3"], $result));
	}

	+ /**
	+ * Test for Utils::serviceUrl()
	+ */
	+ public function testServiceUrl(): void
	+ {
	+ $public_href = 'https://public.url/cockpit';
	+ $local_href = 'https://local.url/cockpit';
	+
	+ \config([
	+ 'app.url' => $local_href,
	+ 'app.public_url' => '',
	+ ]);
	+
	+ $this->assertSame($local_href, Utils::serviceUrl(''));
	+ $this->assertSame($local_href . '/unknown', Utils::serviceUrl('unknown'));
	+ $this->assertSame($local_href . '/unknown', Utils::serviceUrl('/unknown'));
	+
	+ \config([
	+ 'app.url' => $local_href,
	+ 'app.public_url' => $public_href,
	+ ]);
	+
	+ $this->assertSame($public_href, Utils::serviceUrl(''));
	+ $this->assertSame($public_href . '/unknown', Utils::serviceUrl('unknown'));
	+ $this->assertSame($public_href . '/unknown', Utils::serviceUrl('/unknown'));
	+ }
	+
	/**
	* Test for Utils::uuidInt()
	- *
	- * @return void
	*/
	- public function testUuidInt()
	+ public function testUuidInt(): void
	{
	$result = Utils::uuidInt();

	@@ -69,10 +92,8 @@

	/**
	* Test for Utils::uuidStr()
	- *
	- * @return void
	*/
	- public function testUuidStr()
	+ public function testUuidStr(): void
	{
	$result = Utils::uuidStr();

	diff --git a/src/webpack.mix.js b/src/webpack.mix.js
	--- a/src/webpack.mix.js
	+++ b/src/webpack.mix.js
	@@ -12,6 +12,9 @@
	*/

	mix.webpackConfig({
	+ output: {
	+ publicPath: process.env.MIX_ASSET_PATH
	+ },
	resolve: {
	alias: {
	'jquery$': 'jquery/dist/jquery.slim.js',

File Metadata

Mime Type: text/plain
Expires: Sat, Apr 4, 10:19 AM (14 h, 48 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 18828815
Default Alt Text: D1447.1775297947.diff (319 KB)

D1447.1775297947.diffNo OneTemporaryActions

D1447.1775297947.diffView Options

File Metadata

Event Timeline

D1447.1775297947.diff
No OneTemporary
Actions

D1447.1775297947.diff
View Options