Merge pull request #10423 from misilot/automated-image-build-github-actions

Automatic Building of Docker Images and Pushing to DockerHub
Merge pull request #10422 from misilot/docker-alpine-build-automatic
2021-12-13 11:32:57 -08:00 · 2021-12-13 11:32:42 -08:00 · 2021-12-13 11:28:01 -08:00 · 2021-12-13 11:01:02 -08:00 · 2021-12-13 10:39:55 -06:00 · 2021-12-13 10:39:04 -06:00
1287 changed files with 25125 additions and 4078 deletions
--- a/.all-contributorsrc
+++ b/.all-contributorsrc
@@ -2308,10 +2308,208 @@
      ]
    },
    {
-      "login": "Nevets82",
-      "name": "Steven",
-      "avatar_url": "https://avatars.githubusercontent.com/u/4462739?v=4",
-      "profile": "http://nevets82.github.io",
+      "login": "JohnnyPicnic",
+      "name": "JohnnyPicnic",
+      "avatar_url": "https://avatars.githubusercontent.com/u/5553884?v=4",
+      "profile": "https://github.com/JohnnyPicnic",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "markbrule",
+      "name": "markbrule",
+      "avatar_url": "https://avatars.githubusercontent.com/u/8799594?v=4",
+      "profile": "https://github.com/markbrule",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "mikecmpbll",
+      "name": "Mike Campbell",
+      "avatar_url": "https://avatars.githubusercontent.com/u/1962801?v=4",
+      "profile": "https://github.com/mikecmpbll",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "tbrconnect",
+      "name": "tbrconnect",
+      "avatar_url": "https://avatars.githubusercontent.com/u/11973217?v=4",
+      "profile": "https://github.com/tbrconnect",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "kcoyo",
+      "name": "kcoyo",
+      "avatar_url": "https://avatars.githubusercontent.com/u/12447225?v=4",
+      "profile": "https://github.com/kcoyo",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "travismiller",
+      "name": "Travis Miller",
+      "avatar_url": "https://avatars.githubusercontent.com/u/494017?v=4",
+      "profile": "https://travismiller.com/",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "PetriAsi",
+      "name": "Petri Asikainen",
+      "avatar_url": "https://avatars.githubusercontent.com/u/8735148?v=4",
+      "profile": "https://github.com/PetriAsi",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "derdeagle",
+      "name": "derdeagle",
+      "avatar_url": "https://avatars.githubusercontent.com/u/11424540?v=4",
+      "profile": "https://github.com/derdeagle",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "vapier",
+      "name": "Mike Frysinger",
+      "avatar_url": "https://avatars.githubusercontent.com/u/176950?v=4",
+      "profile": "https://wh0rd.org/",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "AL4AL",
+      "name": "ALPHA",
+      "avatar_url": "https://avatars.githubusercontent.com/u/22044358?v=4",
+      "profile": "https://github.com/AL4AL",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "FliegenKLATSCH",
+      "name": "FliegenKLATSCH",
+      "avatar_url": "https://avatars.githubusercontent.com/u/1042587?v=4",
+      "profile": "https://www.ifern.de",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "jerm",
+      "name": "Jeremy Price",
+      "avatar_url": "https://avatars.githubusercontent.com/u/442138?v=4",
+      "profile": "https://github.com/jerm",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "Toreg87",
+      "name": "Toreg87",
+      "avatar_url": "https://avatars.githubusercontent.com/u/84392209?v=4",
+      "profile": "https://github.com/Toreg87",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "Computroniks",
+      "name": "Matthew Nickson",
+      "avatar_url": "https://avatars.githubusercontent.com/u/67638596?v=4",
+      "profile": "https://github.com/Computroniks",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "jethron",
+      "name": "Jethro Nederhof",
+      "avatar_url": "https://avatars.githubusercontent.com/u/1646397?v=4",
+      "profile": "https://jethron.id.au",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "01ste02",
+      "name": "Oskar Stenberg",
+      "avatar_url": "https://avatars.githubusercontent.com/u/23289826?v=4",
+      "profile": "https://github.com/01ste02",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "Robert-Azelis",
+      "name": "Robert-Azelis",
+      "avatar_url": "https://avatars.githubusercontent.com/u/82208283?v=4",
+      "profile": "https://github.com/Robert-Azelis",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "alwism",
+      "name": "Alexander William Smith",
+      "avatar_url": "https://avatars.githubusercontent.com/u/60648387?v=4",
+      "profile": "https://github.com/alwism",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "leitwerk-ag",
+      "name": "LEITWERK AG",
+      "avatar_url": "https://avatars.githubusercontent.com/u/24418301?v=4",
+      "profile": "https://www.leitwerk.de/",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "adamboutcher",
+      "name": "Adam",
+      "avatar_url": "https://avatars.githubusercontent.com/u/1911435?v=4",
+      "profile": "http://www.aboutcher.co.uk",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "sneak-it",
+      "name": "Ian",
+      "avatar_url": "https://avatars.githubusercontent.com/u/16104273?v=4",
+      "profile": "https://snksrv.com",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "bestlong",
+      "name": "Shao Yu-Lung (Allen)",
+      "avatar_url": "https://avatars.githubusercontent.com/u/4023909?v=4",
+      "profile": "http://blog.bestlong.idv.tw/",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "Haxatron",
+      "name": "Haxatron",
+      "avatar_url": "https://avatars.githubusercontent.com/u/76475453?v=4",
+      "profile": "https://github.com/Haxatron",
      "contributions": [
        "code"
      ]
--- a/.env.example
+++ b/.env.example
@@ -77,7 +77,7 @@ ENCRYPT=false
 COOKIE_NAME=snipeit_session
 COOKIE_DOMAIN=null
 SECURE_COOKIES=false
-API_TOKEN_EXPIRATION_YEARS=40
+API_TOKEN_EXPIRATION_YEARS=15

 # --------------------------------------------
 # OPTIONAL: SECURITY HEADER SETTINGS
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -1,62 +0,0 @@
---
-name: Bug report
-about: Create a report to help us improve
-
---
-
-#### Please confirm you have done the following before posting your bug report:
-
- [ ] I have enabled debug mode 
- [ ] I have read [checked the Common Issues page](https://snipe-it.readme.io/docs/common-issues)
-
-**Describe the bug**
-A clear and concise description of what the bug is.
-
-**To Reproduce**
-Steps to reproduce the behavior:
-1. Go to '...'
-2. Click on '....'
-3. Scroll down to '....'
-4. See error
-
-**Expected behavior**
-A clear and concise description of what you expected to happen.
-
-**Screenshots**
-If applicable, add screenshots to help explain your problem.
-
-**Server (please complete the following information):**
- - Snipe-IT Version 
- - OS: [e.g. Ubuntu, CentOS]
- - Web Server: [e.g. Apache, IIS]
- - PHP Version 
-
-**Desktop (please complete the following information):**
- - OS: [e.g. iOS]
- - Browser [e.g. chrome, safari]
- - Version [e.g. 22]
-
-**Smartphone (please complete the following information):**
- - Device: [e.g. iPhone6]
- - OS: [e.g. iOS8.1]
- - Browser [e.g. stock browser, safari]
- - Version [e.g. 22]
-
-**Error Messages**
- WITH DEBUG TURNED ON, if you're getting an error in your browser, include that error
- If a stacktrace is provided in the error, include that too.
- Any errors that appear in your browser's error console.
- Confirm whether the error is reproducible on the demo: https://snipeitapp.com/demo.
- Include any additional information you can find in `storage/logs` and your webserver's logs.
- Include the output from `php -m` (this should display what modules you have enabled.)
-
-**Additional context**
- Is this a fresh install or an upgrade? 
- What OS and web server you're running Snipe-IT on
- What method you used to install Snipe-IT (install.sh, manual installation, docker, etc)
- Include what you've done so far in the installation, and if you got any error messages along the way.
- Indicate whether or not you've manually edited any data directly in the database
-
-Add any other context about the problem here.
-
-Please do not post an issue without answering the related questions above. If you have opened a different issue and already answered these questions, answer them again, once for every ticket. It will be next to impossible for us to help you.
--- a/.github/ISSUE_TEMPLATE/Feature_request.md
+++ b/.github/ISSUE_TEMPLATE/Feature_request.md
@@ -1,23 +0,0 @@
---
-name: Feature request
-about: Suggest an idea for this project
-
---
-
-**Server (please complete the following information):**
- - Snipe-IT Version 
- - OS: [e.g. Ubuntu, CentOS]
- - Web Server: [e.g. Apache, IIS]
- - PHP Version 
-
-**Is your feature request related to a problem? Please describe.**
-A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
-
-**Describe the solution you'd like**
-A clear and concise description of what you want to happen.
-
-**Describe alternatives you've considered**
-A clear and concise description of any alternative solutions or features you've considered.
-
-**Additional context**
-Add any other context or screenshots about the feature request here.
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -0,0 +1,129 @@
+name: Bug Report
+description: Create a report to help us improve
+body:
+  - type: checkboxes
+    attributes:
+      label: Debug mode
+      description: Please confirm you have done the following before posting your bug report
+      options:
+        - label: I have enabled debug mode
+          required: true
+        - label: I have read [checked the Common Issues page](https://snipe-it.readme.io/docs/common-issues)
+          required: true
+  - type: textarea
+    attributes:
+      label: Describe the bug
+      description: A clear and concise description of what the bug is.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Reproduction steps
+      description: Steps to reproduce the behavior.
+      value: |
+        1.
+        2.
+        3.
+        ...
+    validations:
+        required: true
+  - type: textarea
+    attributes:
+      label: Expected behavior
+      description: A clear and concise description of what you expected to happen.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Screenshots
+      description: 'If applicable, add screenshots to help explain your problem.'
+  - type: markdown
+    attributes:
+      value: "### Server"
+  - type: input
+    attributes:
+      label: Snipe-IT Version
+    validations:
+      required: true
+  - type: input
+    id: server_operatingSystem
+    attributes:
+      label: Operating System
+      description: 'e.g. Ubuntu, Windows'
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: Web Server
+      description: 'e.g. Apache, IIS'
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: PHP Version
+    validations:
+      required: true
+  - type: markdown
+    attributes:
+      value: "### Desktop"
+  - type: input
+    id: desktop_operatingSystem
+    attributes:
+      label: Operating System
+      description: 'e.g. Ubuntu, Windows'
+  - type: input
+    id: desktop_browser
+    attributes:
+      label: Browser
+      description: 'e.g. Google Chrome, Safari'
+  - type: input
+    id: desktop_version
+    attributes:
+      label: Version
+      description: 'e.g. 93'
+  - type: markdown
+    attributes:
+      value: "### Mobile"
+  - type: input
+    attributes:
+      label: Device
+      description: 'e.g. iPhone 6, Pixel 4a'
+  - type: input
+    id: mobile_operatingSystem
+    attributes:
+      label: Operating System
+      description: 'e.g. iOS 8.1, Android 9'
+  - type: input
+    id: mobile_browser
+    attributes:
+      label: Browser
+      description: 'e.g. Google Chrome, Safari'
+  - type: input
+    id: mobile_version
+    attributes:
+      label: Version
+      description: 'e.g. 93'
+  - type: textarea
+    attributes:
+      label: Error messages
+      description: |
+        WITH DEBUG TURNED ON, if you're getting an error in your browser, include that error
+        If a stacktrace is provided in the error, include that too.
+        Any errors that appear in your browser's error console.
+        Confirm whether the error is reproducible on the demo: https://snipeitapp.com/demo.
+        Include any additional information you can find in `storage/logs` and your webserver's logs.
+        Include the output from `php -m` (this should display what modules you have enabled.)
+      render: shell
+  - type: textarea
+    attributes:
+      label: Additional context
+      description: |
+        Is this a fresh install or an upgrade?
+        What OS and web server you're running Snipe-IT on
+        What method you used to install Snipe-IT (install.sh, manual installation, docker, etc)
+        Include what you've done so far in the installation, and if you got any error messages along the way.
+        Indicate whether or not you've manually edited any data directly in the database
+        Add any other context about the problem here.
+  - type: markdown
+    attributes:
+      value: Please do not post an issue without answering the related questions above. If you have opened a different issue and already answered these questions, answer them again, once for every ticket. It will be next to impossible for us to help you.
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1 @@
+blank_issues_enabled: false
--- a/.github/ISSUE_TEMPLATE/feature_request.yml
+++ b/.github/ISSUE_TEMPLATE/feature_request.yml
@@ -0,0 +1,42 @@
+name: Feature Request
+description: Suggest an idea for this project
+body:
+  - type: input
+    attributes:
+      label: Snipe-IT Version
+    validations:
+      required: true
+  - type: input
+    id: server_operatingSystem
+    attributes:
+      label: Operating System
+      description: 'e.g. Ubuntu, Windows'
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: Web Server
+      description: 'e.g. Apache, IIS'
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: PHP Version
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Is your feature request related to a problem? Please describe. A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Describe the solution you'd like A clear and concise description of what you want to happen.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.
+  - type: textarea
+    attributes:
+      label: Additional context Add any other context or screenshots about the feature request here.
--- a/.github/workflows/docker-alpine.yml
+++ b/.github/workflows/docker-alpine.yml
@@ -0,0 +1,82 @@
+# Snipe-IT (Alpine) Docker image build for hub.docker.com
+name: Docker images (Alpine)
+
+# Run this Build for all pushes to 'master' or develop branch, or tagged releases.
+# Also run for PRs to ensure PR doesn't break Docker build process
+on:
+  push:
+    branches:
+      - master
+      - develop
+    tags:
+      - 'v**'
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+  pull_request:
+
+jobs:
+  docker:
+    # Ensure this job never runs on forked repos. It's only executed for 'snipe/snipe-it'
+    if: github.repository == 'snipe/snipe-it'
+    runs-on: ubuntu-latest
+    env:
+      # Define tags to use for Docker images based on Git tags/branches (for docker/metadata-action)
+      # For a new commit on default branch (master), use the literal tag 'latest' on Docker image.
+      # For a new commit on other branches, use the branch name as the tag for Docker image.
+      # For a new tag, copy that tag name as the tag for Docker image.
+      IMAGE_TAGS: |
+        type=raw,value=latest,enable=${{ endsWith(github.ref, github.event.repository.default_branch) }},suffix=-alpine
+        type=ref,event=branch,enable=${{ !endsWith(github.ref, github.event.repository.default_branch) }},suffix=-alpine
+        type=ref,event=tag,suffix=-alpine
+      # Define default tag "flavor" for docker/metadata-action per
+      # https://github.com/docker/metadata-action#flavor-input
+      # We turn off 'latest' tag by default.
+      TAGS_FLAVOR: |
+        latest=false
+
+    steps:
+      # https://github.com/actions/checkout
+      - name: Checkout codebase
+        uses: actions/checkout@v2
+
+      # https://github.com/docker/setup-buildx-action
+      - name: Setup Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      # https://github.com/docker/login-action
+      - name: Login to DockerHub
+        # Only login if not a PR, as PRs only trigger a Docker build and not a push
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
+
+      ###############################################
+      # Build/Push the 'snipe/snipe-it' image
+      ###############################################
+      # https://github.com/docker/metadata-action
+      # Get Metadata for docker_build step below
+      - name: Sync metadata (tags, labels) from GitHub to Docker for 'snipe-it' image
+        id: meta_build
+        uses: docker/metadata-action@v3
+        with:
+          images: snipe/snipe-it
+          tags: ${{ env.IMAGE_TAGS }}
+          flavor: ${{ env.TAGS_FLAVOR }}
+
+      # https://github.com/docker/build-push-action
+      - name: Build and push 'snipe-it' image
+        id: docker_build
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Dockerfile.alpine
+          platforms: linux/amd64
+          # For pull requests, we run the Docker build (to ensure no PR changes break the build),
+          # but we ONLY do an image push to DockerHub if it's NOT a PR
+          push: ${{ github.event_name != 'pull_request' }}
+          # Use tags / labels provided by 'docker/metadata-action' above
+          tags: ${{ steps.meta_build.outputs.tags }}
+          labels: ${{ steps.meta_build.outputs.labels }}
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -0,0 +1,82 @@
+# Snipe-IT Docker image build for hub.docker.com
+name: Docker images
+
+# Run this Build for all pushes to 'master' or develop branch, or tagged releases.
+# Also run for PRs to ensure PR doesn't break Docker build process
+on:
+  push:
+    branches:
+      - master
+      - develop
+    tags:
+      - 'v**'
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+  pull_request:
+
+jobs:
+  docker:
+    # Ensure this job never runs on forked repos. It's only executed for 'snipe/snipe-it'
+    if: github.repository == 'snipe/snipe-it'
+    runs-on: ubuntu-latest
+    env:
+      # Define tags to use for Docker images based on Git tags/branches (for docker/metadata-action)
+      # For a new commit on default branch (master), use the literal tag 'latest' on Docker image.
+      # For a new commit on other branches, use the branch name as the tag for Docker image.
+      # For a new tag, copy that tag name as the tag for Docker image.
+      IMAGE_TAGS: |
+        type=raw,value=latest,enable=${{ endsWith(github.ref, github.event.repository.default_branch) }}
+        type=ref,event=branch,enable=${{ !endsWith(github.ref, github.event.repository.default_branch) }}
+        type=ref,event=tag
+      # Define default tag "flavor" for docker/metadata-action per
+      # https://github.com/docker/metadata-action#flavor-input
+      # We turn off 'latest' tag by default.
+      TAGS_FLAVOR: |
+        latest=false
+
+    steps:
+      # https://github.com/actions/checkout
+      - name: Checkout codebase
+        uses: actions/checkout@v2
+
+      # https://github.com/docker/setup-buildx-action
+      - name: Setup Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      # https://github.com/docker/login-action
+      - name: Login to DockerHub
+        # Only login if not a PR, as PRs only trigger a Docker build and not a push
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
+
+      ###############################################
+      # Build/Push the 'snipe/snipe-it' image
+      ###############################################
+      # https://github.com/docker/metadata-action
+      # Get Metadata for docker_build step below
+      - name: Sync metadata (tags, labels) from GitHub to Docker for 'snipe-it' image
+        id: meta_build
+        uses: docker/metadata-action@v3
+        with:
+          images: snipe/snipe-it
+          tags: ${{ env.IMAGE_TAGS }}
+          flavor: ${{ env.TAGS_FLAVOR }}
+
+      # https://github.com/docker/build-push-action
+      - name: Build and push 'snipe-it' image
+        id: docker_build
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64
+          # For pull requests, we run the Docker build (to ensure no PR changes break the build),
+          # but we ONLY do an image push to DockerHub if it's NOT a PR
+          push: ${{ github.event_name != 'pull_request' }}
+          # Use tags / labels provided by 'docker/metadata-action' above
+          tags: ${{ steps.meta_build.outputs.tags }}
+          labels: ${{ steps.meta_build.outputs.labels }}
--- a/.gitignore
+++ b/.gitignore
@@ -63,3 +63,5 @@ _ide_helper.php
 .phpstorm.meta.php
 _ide_helper_models.php
 /.phplint-cache
+storage/ldap_client_tls.cert
+storage/ldap_client_tls.key
--- a/34
+++ b/34
@@ -1,5 +1,5 @@
-FROM ubuntu:bionic
-LABEL maintainer Brady Wetherington <uberbrady@gmail.com>
+FROM ubuntu:focal
+LABEL maintainer Brady Wetherington <bwetherington@grokability.com>

 # No need to add `apt-get clean` here, reference:
 # - https://github.com/snipe/snipe-it/pull/9201
@@ -14,15 +14,15 @@ RUN export DEBIAN_FRONTEND=noninteractive; \
 apt-utils \
 apache2 \
 apache2-bin \
-libapache2-mod-php7.2 \
-php7.2-curl \
-php7.2-ldap \
-php7.2-mysql \
-php7.2-gd \
-php7.2-xml \
-php7.2-mbstring \
-php7.2-zip \
-php7.2-bcmath \
+libapache2-mod-php7.4 \
+php7.4-curl \
+php7.4-ldap \
+php7.4-mysql \
+php7.4-gd \
+php7.4-xml \
+php7.4-mbstring \
+php7.4-zip \
+php7.4-bcmath \
 patch \
 curl \
 wget  \
@@ -38,7 +38,7 @@ autoconf \
 libc-dev \
 pkg-config \
 libmcrypt-dev \
-php7.2-dev \
+php7.4-dev \
 ca-certificates \
 unzip \
 && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
@@ -47,16 +47,16 @@ unzip \
 RUN curl -L -O https://github.com/pear/pearweb_phars/raw/master/go-pear.phar
 RUN php go-pear.phar

-RUN pecl install mcrypt-1.0.2
+RUN pecl install mcrypt-1.0.3

-RUN bash -c "echo extension=/usr/lib/php/20170718/mcrypt.so > /etc/php/7.2/mods-available/mcrypt.ini"
+RUN bash -c "echo extension=/usr/lib/php/20190902/mcrypt.so > /etc/php/7.4/mods-available/mcrypt.ini"

 RUN phpenmod mcrypt
 RUN phpenmod gd
 RUN phpenmod bcmath

-RUN sed -i 's/variables_order = .*/variables_order = "EGPCS"/' /etc/php/7.2/apache2/php.ini
-RUN sed -i 's/variables_order = .*/variables_order = "EGPCS"/' /etc/php/7.2/cli/php.ini
+RUN sed -i 's/variables_order = .*/variables_order = "EGPCS"/' /etc/php/7.4/apache2/php.ini
+RUN sed -i 's/variables_order = .*/variables_order = "EGPCS"/' /etc/php/7.4/cli/php.ini

 RUN useradd -m --uid 1000 --gid 50 docker

@@ -96,6 +96,8 @@ RUN \
      && rm -r "/var/www/html/storage/app/backups" && ln -fs "/var/lib/snipeit/dumps" "/var/www/html/storage/app/backups" \
      && mkdir -p "/var/lib/snipeit/keys" && ln -fs "/var/lib/snipeit/keys/oauth-private.key" "/var/www/html/storage/oauth-private.key" \
      && ln -fs "/var/lib/snipeit/keys/oauth-public.key" "/var/www/html/storage/oauth-public.key" \
+      && ln -fs "/var/lib/snipeit/keys/ldap_client_tls.cert" "/var/www/html/storage/ldap_client_tls.cert" \
+      && ln -fs "/var/lib/snipeit/keys/ldap_client_tls.key" "/var/www/html/storage/ldap_client_tls.key" \
      && chown docker "/var/lib/snipeit/keys/" \
      && chown -h docker "/var/www/html/storage/" \
      && chmod +x /var/www/html/artisan \
--- a/Dockerfile.alpine
+++ b/Dockerfile.alpine
@@ -1,4 +1,4 @@
-FROM alpine:3.12
+FROM alpine:3
 # Apache + PHP
 RUN  apk add --no-cache \
        apache2 \
@@ -57,7 +57,7 @@ RUN \
    && mkdir -p "/var/lib/snipeit/dumps" && rm -r "/var/www/html/storage/app/backups" && ln -fs "/var/lib/snipeit/dumps" "/var/www/html/storage/app/backups" \
    && mkdir -p "/var/lib/snipeit/keys" && ln -fs "/var/lib/snipeit/keys/oauth-private.key" "/var/www/html/storage/oauth-private.key" \
    && ln -fs "/var/lib/snipeit/keys/oauth-public.key" "/var/www/html/storage/oauth-public.key" \
-    && chown -h "/var/www/html/storage/*.key"
+    && chown -hR apache "/var/www/html/storage/" \
    && chown -R apache "/var/lib/snipeit"

 # Install composer
--- a/1
+++ b/1
@@ -0,0 +1 @@
+web: php heroku/startup.php && heroku-php-apache2 public/
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
-![Build Status](https://app.chipperci.com/projects/0e5f8979-31eb-4ee6-9abf-050b76ab0383/status/master) [![Crowdin](https://d322cqt584bo4o.cloudfront.net/snipe-it/localized.svg)](https://crowdin.com/project/snipe-it) [![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/snipe/snipe-it?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) [![Docker Pulls](https://img.shields.io/docker/pulls/snipe/snipe-it.svg)](https://hub.docker.com/r/snipe/snipe-it/) [![Twitter Follow](https://img.shields.io/twitter/follow/snipeitapp.svg?style=social)](https://twitter.com/snipeitapp)  [![Codacy Badge](https://api.codacy.com/project/badge/Grade/553ce52037fc43ea99149785afcfe641)](https://www.codacy.com/app/snipe/snipe-it?utm_source=github.com&amp;utm_medium=referral&amp;utm_content=snipe/snipe-it&amp;utm_campaign=Badge_Grade)
-[![All Contributors](https://img.shields.io/badge/all_contributors-254-orange.svg?style=flat-square)](#contributors) 
+![Build Status](https://app.chipperci.com/projects/0e5f8979-31eb-4ee6-9abf-050b76ab0383/status/master) [![Crowdin](https://d322cqt584bo4o.cloudfront.net/snipe-it/localized.svg)](https://crowdin.com/project/snipe-it) [![Docker Pulls](https://img.shields.io/docker/pulls/snipe/snipe-it.svg)](https://hub.docker.com/r/snipe/snipe-it/) [![Twitter Follow](https://img.shields.io/twitter/follow/snipeitapp.svg?style=social)](https://twitter.com/snipeitapp)  [![Codacy Badge](https://api.codacy.com/project/badge/Grade/553ce52037fc43ea99149785afcfe641)](https://www.codacy.com/app/snipe/snipe-it?utm_source=github.com&amp;utm_medium=referral&amp;utm_content=snipe/snipe-it&amp;utm_campaign=Badge_Grade)
+[![All Contributors](https://img.shields.io/badge/all_contributors-276-orange.svg?style=flat-square)](#contributors) [![Discord](https://badgen.net/badge/icon/discord?icon=discord&label)](https://discord.gg/yZFtShAcKk) [![huntr](https://cdn.huntr.dev/huntr_security_badge_mono.svg)](https://huntr.dev)

 ## Snipe-IT - Open Source Asset Management System

@@ -19,6 +19,8 @@ For instructions on installing and configuring Snipe-IT on your server, check ou

 If you're having trouble with the installation, please check the [Common Issues](https://snipe-it.readme.io/docs/common-issues) and [Getting Help](https://snipe-it.readme.io/docs/getting-help) documentation, and search this repository's open *and* closed issues for help.

+[![Deploy](https://www.herokucdn.com/deploy/button.svg)](https://heroku.com/deploy)
+
 -----
 ### User's Manual
 For help using Snipe-IT, check out the [user's manual](https://snipe-it.readme.io/docs/overview).
@@ -55,11 +57,11 @@ Since the release of the JSON REST API, several third-party developers have been

 - [Python Module](https://github.com/jbloomer/SnipeIT-PythonAPI) by [@jbloomer](https://github.com/jbloomer)
 - [SnipeSharp - .NET module in C#](https://github.com/barrycarey/SnipeSharp) by [@barrycarey](https://github.com/barrycarey)
- [InQRy](https://github.com/Microsoft/InQRy) by [@Microsoft](https://github.com/Microsoft)
+- [InQRy -unmaintained-](https://github.com/Microsoft/InQRy) by [@Microsoft](https://github.com/Microsoft)
 - [SnipeitPS](https://github.com/snazy2000/SnipeitPS) by [@snazy2000](https://github.com/snazy2000) - Powershell API Wrapper for Snipe-it
 - [jamf2snipe](https://github.com/ParadoxGuitarist/jamf2snipe) by [@ParadoxGuitarist](https://github.com/ParadoxGuitarist) - Python script to sync assets between a JAMFPro instance and a Snipe-IT instance
 - [Marksman](https://github.com/Scope-IT/marksman) - A Windows agent for Snipe-IT
- [Snipe-IT plugin for Jira Service Desk (beta)](https://marketplace.atlassian.com/apps/1220379/snipe-it-for-jira-service-desk-beta?hosting=cloud&tab=overview) - for the upcoming Snipe-IT v5 only
+- [Snipe-IT plugin for Jira Service Desk](https://marketplace.atlassian.com/apps/1220964/snipe-it-for-jira)
 - [Python 3 CSV importer](https://github.com/gastamper/snipeit-csvimporter) - allows importing assets into Snipe-IT based on Item Name rather than Asset Tag.
 - [Snipe-IT Kubernetes Helm Chart](https://github.com/t3n/helm-charts/tree/master/snipeit) - For more information, [click here](https://hub.helm.sh/charts/t3n/snipeit).
 - [Snipe-IT Bulk Edit](https://github.com/bricelabelle/snipe-it-bulkedit) - Google Script files to use Google Sheets as a bulk checkout/checkin/edit tool for Snipe-it.
@@ -125,7 +127,10 @@ Thanks goes to all of these wonderful people ([emoji key](https://github.com/ken
 | [<img src="https://avatars.githubusercontent.com/u/915514?v=4" width="110px;"/><br /><sub>Kevin Köllmann</sub>](https://www.kevinkoellmann.de)<br />[💻](https://github.com/snipe/snipe-it/commits?author=koelle25 "Code") | [<img src="https://avatars.githubusercontent.com/u/49025941?v=4" width="110px;"/><br /><sub>sw-mreyes</sub>](https://github.com/sw-mreyes)<br />[💻](https://github.com/snipe/snipe-it/commits?author=sw-mreyes "Code") | [<img src="https://avatars.githubusercontent.com/u/70129?v=4" width="110px;"/><br /><sub>Joel Pittet</sub>](https://pittet.ca)<br />[💻](https://github.com/snipe/snipe-it/commits?author=joelpittet "Code") | [<img src="https://avatars.githubusercontent.com/u/792695?v=4" width="110px;"/><br /><sub>Eli Young</sub>](https://elyscape.com)<br />[💻](https://github.com/snipe/snipe-it/commits?author=elyscape "Code") | [<img src="https://avatars.githubusercontent.com/u/317015?v=4" width="110px;"/><br /><sub>Raell Dottin</sub>](https://github.com/raelldottin)<br />[💻](https://github.com/snipe/snipe-it/commits?author=raelldottin "Code") | [<img src="https://avatars.githubusercontent.com/u/1446856?v=4" width="110px;"/><br /><sub>Tom Misilo</sub>](https://github.com/misilot)<br />[💻](https://github.com/snipe/snipe-it/commits?author=misilot "Code") | [<img src="https://avatars.githubusercontent.com/u/4496300?v=4" width="110px;"/><br /><sub>David Davenne</sub>](http://david.davenne.be)<br />[💻](https://github.com/snipe/snipe-it/commits?author=JuustoMestari "Code") |
 | [<img src="https://avatars.githubusercontent.com/u/9255772?v=4" width="110px;"/><br /><sub>Mark Stenglein</sub>](https://markstenglein.com)<br />[💻](https://github.com/snipe/snipe-it/commits?author=ocelotsloth "Code") | [<img src="https://avatars.githubusercontent.com/u/35658596?v=4" width="110px;"/><br /><sub>ajsy</sub>](https://github.com/ajsy)<br />[💻](https://github.com/snipe/snipe-it/commits?author=ajsy "Code") | [<img src="https://avatars.githubusercontent.com/u/3628035?v=4" width="110px;"/><br /><sub>Jan Kiesewetter</sub>](https://github.com/t3easy)<br />[💻](https://github.com/snipe/snipe-it/commits?author=t3easy "Code") | [<img src="https://avatars.githubusercontent.com/u/79449630?v=4" width="110px;"/><br /><sub>Tetrachloromethane250</sub>](https://github.com/Tetrachloromethane250)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Tetrachloromethane250 "Code") | [<img src="https://avatars.githubusercontent.com/u/22004482?v=4" width="110px;"/><br /><sub>Lars Kajes</sub>](https://www.kajes.se/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=kajes "Code") | [<img src="https://avatars.githubusercontent.com/u/13993216?v=4" width="110px;"/><br /><sub>Joly0</sub>](https://github.com/Joly0)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Joly0 "Code") | [<img src="https://avatars.githubusercontent.com/u/1501022?v=4" width="110px;"/><br /><sub>theburger</sub>](https://github.com/limeless)<br />[💻](https://github.com/snipe/snipe-it/commits?author=limeless "Code") |
 | [<img src="https://avatars.githubusercontent.com/u/36065681?v=4" width="110px;"/><br /><sub>David Valin Alonso</sub>](https://github.com/deivishome)<br />[💻](https://github.com/snipe/snipe-it/commits?author=deivishome "Code") | [<img src="https://avatars.githubusercontent.com/u/8290389?v=4" width="110px;"/><br /><sub>andreaci</sub>](https://github.com/andreaci)<br />[💻](https://github.com/snipe/snipe-it/commits?author=andreaci "Code") | [<img src="https://avatars.githubusercontent.com/u/1828542?v=4" width="110px;"/><br /><sub>Jelle Sebreghts</sub>](http://www.jellesebreghts.be)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Jelle-S "Code") | [<img src="https://avatars.githubusercontent.com/u/11180862?v=4" width="110px;"/><br /><sub>Michael Pietsch</sub>](https://github.com/Skywalker-11)<br /> | [<img src="https://avatars.githubusercontent.com/u/22068886?v=4" width="110px;"/><br /><sub>Masudul Haque Shihab</sub>](https://github.com/sh1hab)<br />[💻](https://github.com/snipe/snipe-it/commits?author=sh1hab "Code") | [<img src="https://avatars.githubusercontent.com/u/16099942?v=4" width="110px;"/><br /><sub>Supapong Areeprasertkul</sub>](http://www.freedomdive.com/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=zybersup "Code") | [<img src="https://avatars.githubusercontent.com/u/207358?v=4" width="110px;"/><br /><sub>Peter Sarossy</sub>](https://github.com/psarossy)<br />[💻](https://github.com/snipe/snipe-it/commits?author=psarossy "Code") |
-| [<img src="https://avatars.githubusercontent.com/u/11823649?v=4" width="110px;"/><br /><sub>Renee Margaret McConahy</sub>](https://github.com/nepella)<br />[💻](https://github.com/snipe/snipe-it/commits?author=nepella "Code") | [<img src="https://avatars.githubusercontent.com/u/4462739?v=4" width="110px;"/><br /><sub>Steven</sub>](http://nevets82.github.io)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Nevets82 "Code") |
+| [<img src="https://avatars.githubusercontent.com/u/11823649?v=4" width="110px;"/><br /><sub>Renee Margaret McConahy</sub>](https://github.com/nepella)<br />[💻](https://github.com/snipe/snipe-it/commits?author=nepella "Code") | [<img src="https://avatars.githubusercontent.com/u/5553884?v=4" width="110px;"/><br /><sub>JohnnyPicnic</sub>](https://github.com/JohnnyPicnic)<br />[💻](https://github.com/snipe/snipe-it/commits?author=JohnnyPicnic "Code") | [<img src="https://avatars.githubusercontent.com/u/8799594?v=4" width="110px;"/><br /><sub>markbrule</sub>](https://github.com/markbrule)<br />[💻](https://github.com/snipe/snipe-it/commits?author=markbrule "Code") | [<img src="https://avatars.githubusercontent.com/u/1962801?v=4" width="110px;"/><br /><sub>Mike Campbell</sub>](https://github.com/mikecmpbll)<br />[💻](https://github.com/snipe/snipe-it/commits?author=mikecmpbll "Code") | [<img src="https://avatars.githubusercontent.com/u/11973217?v=4" width="110px;"/><br /><sub>tbrconnect</sub>](https://github.com/tbrconnect)<br />[💻](https://github.com/snipe/snipe-it/commits?author=tbrconnect "Code") | [<img src="https://avatars.githubusercontent.com/u/12447225?v=4" width="110px;"/><br /><sub>kcoyo</sub>](https://github.com/kcoyo)<br />[💻](https://github.com/snipe/snipe-it/commits?author=kcoyo "Code") | [<img src="https://avatars.githubusercontent.com/u/494017?v=4" width="110px;"/><br /><sub>Travis Miller</sub>](https://travismiller.com/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=travismiller "Code") |
+| [<img src="https://avatars.githubusercontent.com/u/8735148?v=4" width="110px;"/><br /><sub>Petri Asikainen</sub>](https://github.com/PetriAsi)<br />[💻](https://github.com/snipe/snipe-it/commits?author=PetriAsi "Code") | [<img src="https://avatars.githubusercontent.com/u/11424540?v=4" width="110px;"/><br /><sub>derdeagle</sub>](https://github.com/derdeagle)<br />[💻](https://github.com/snipe/snipe-it/commits?author=derdeagle "Code") | [<img src="https://avatars.githubusercontent.com/u/176950?v=4" width="110px;"/><br /><sub>Mike Frysinger</sub>](https://wh0rd.org/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=vapier "Code") | [<img src="https://avatars.githubusercontent.com/u/22044358?v=4" width="110px;"/><br /><sub>ALPHA</sub>](https://github.com/AL4AL)<br />[💻](https://github.com/snipe/snipe-it/commits?author=AL4AL "Code") | [<img src="https://avatars.githubusercontent.com/u/1042587?v=4" width="110px;"/><br /><sub>FliegenKLATSCH</sub>](https://www.ifern.de)<br />[💻](https://github.com/snipe/snipe-it/commits?author=FliegenKLATSCH "Code") | [<img src="https://avatars.githubusercontent.com/u/442138?v=4" width="110px;"/><br /><sub>Jeremy Price</sub>](https://github.com/jerm)<br />[💻](https://github.com/snipe/snipe-it/commits?author=jerm "Code") | [<img src="https://avatars.githubusercontent.com/u/84392209?v=4" width="110px;"/><br /><sub>Toreg87</sub>](https://github.com/Toreg87)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Toreg87 "Code") |
+| [<img src="https://avatars.githubusercontent.com/u/67638596?v=4" width="110px;"/><br /><sub>Matthew Nickson</sub>](https://github.com/Computroniks)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Computroniks "Code") | [<img src="https://avatars.githubusercontent.com/u/1646397?v=4" width="110px;"/><br /><sub>Jethro Nederhof</sub>](https://jethron.id.au)<br />[💻](https://github.com/snipe/snipe-it/commits?author=jethron "Code") | [<img src="https://avatars.githubusercontent.com/u/23289826?v=4" width="110px;"/><br /><sub>Oskar Stenberg</sub>](https://github.com/01ste02)<br />[💻](https://github.com/snipe/snipe-it/commits?author=01ste02 "Code") | [<img src="https://avatars.githubusercontent.com/u/82208283?v=4" width="110px;"/><br /><sub>Robert-Azelis</sub>](https://github.com/Robert-Azelis)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Robert-Azelis "Code") | [<img src="https://avatars.githubusercontent.com/u/60648387?v=4" width="110px;"/><br /><sub>Alexander William Smith</sub>](https://github.com/alwism)<br />[💻](https://github.com/snipe/snipe-it/commits?author=alwism "Code") | [<img src="https://avatars.githubusercontent.com/u/24418301?v=4" width="110px;"/><br /><sub>LEITWERK AG</sub>](https://www.leitwerk.de/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=leitwerk-ag "Code") | [<img src="https://avatars.githubusercontent.com/u/1911435?v=4" width="110px;"/><br /><sub>Adam</sub>](http://www.aboutcher.co.uk)<br />[💻](https://github.com/snipe/snipe-it/commits?author=adamboutcher "Code") |
+| [<img src="https://avatars.githubusercontent.com/u/16104273?v=4" width="110px;"/><br /><sub>Ian</sub>](https://snksrv.com)<br />[💻](https://github.com/snipe/snipe-it/commits?author=sneak-it "Code") | [<img src="https://avatars.githubusercontent.com/u/4023909?v=4" width="110px;"/><br /><sub>Shao Yu-Lung (Allen)</sub>](http://blog.bestlong.idv.tw/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=bestlong "Code") | [<img src="https://avatars.githubusercontent.com/u/76475453?v=4" width="110px;"/><br /><sub>Haxatron</sub>](https://github.com/Haxatron)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Haxatron "Code") |
 <!-- ALL-CONTRIBUTORS-LIST:END -->

 This project follows the [all-contributors](https://github.com/kentcdodds/all-contributors) specification. Contributions of any kind welcome!
--- a/ansible/ubuntu/vagrant_playbook.yml
+++ b/ansible/ubuntu/vagrant_playbook.yml
@@ -199,7 +199,7 @@
        - { regexp: '^DB_PASSWORD=', line: 'DB_PASSWORD=vagrant' }
        - { regexp: '^APP_URL=', line: "APP_URL=http://{{ fqdn }}" }
        - { regexp: '^APP_ENV=', line: "APP_ENV=development" }
-        - { regexp: '^APP_DEBUG=', line: "APP_ENV=true" }
+        - { regexp: '^APP_DEBUG=', line: "APP_DEBUG=true" }
    - name: Generate application key
      shell: "php {{ app_path }}/artisan key:generate --force"
    - name: Artisan Migrate
--- a/app.json
+++ b/app.json
@@ -0,0 +1,154 @@
+{
+    "name": "Snipe-IT",
+    "description": "Open source asset management.",
+    "keywords": [
+      "asset management",
+      "it asset"
+    ],
+    "website": "https://snipeitapp.com/",
+    "repository": "https://github.com/snipe/snipe-it",
+    "logo": "https://pbs.twimg.com/profile_images/976748875733020672/K-HnZCCK_400x400.jpg",
+    "success_url": "/setup",
+    "env": {
+      "APP_ENV": {
+        "description": "Laravel environment mode. Unless developing the application, this should be production.",
+        "value": "production"
+      },
+      "APP_DEBUG": {
+        "description": "Laravel debug mode. Unless developing the application or actively debugging a problem, this should be set to false.",
+        "value": "false"
+      },
+      "APP_KEY": {
+        "description": "A secret key for verifying the integrity of signed cookies. (See either https://snipe-it.readme.io/docs/generate-your-app-key or generate at https://coderstoolbox.online/toolbox/generate-symfony-secret)",
+        "value": ""
+      },
+      "APP_URL": {
+        "description": "URL where your Snipe-IT install will be available at.",
+        "value": "https://your-app-name.herokuapp.com"
+      },
+      "APP_TIMEZONE": {
+        "description": "Which timezone do you want to use for your install? (http://php.net/manual/en/timezones.php)",
+        "value": "UTC"
+      },
+      "APP_LOCALE": {
+        "description": "Which language do you want to use for your install? (https://snipe-it.readme.io/docs/configuration#setting-a-language)",
+        "value": "en"
+      },
+      "MAX_RESULTS": {
+        "description": "The maximum number of search results that can be returned at one time.",
+        "value": "500"
+      },
+      "MAIL_DRIVER": {
+        "description": "Mail driver - Generally SMTP on Heroku - https://snipe-it.readme.io/docs/configuration#required-outgoing-mail-settings",
+        "value": "smtp"
+      },
+      "MAIL_HOST": {
+        "description": "SMTP Server Hostname",
+        "value": "smtp.your.domain.name"
+      },
+      "MAIL_PORT": {
+        "description": "SMTP Server Port",
+        "value": "25"
+      },
+      "MAIL_USERNAME": {
+        "description": "SMTP Server Username",
+        "value": "YOURUSERNAME"
+      },
+      "MAIL_PASSWORD": {
+        "description": "SMTP Server Password",
+        "value": "YOURPASSWORD"
+      },
+      "MAIL_ENCRYPTION": {
+        "description": "Encryption protocol for email sending.",
+        "value": "null"
+      },
+      "MAIL_FROM_ADDR": {
+        "description": "Email from address",
+        "value": "no-reply@domain.name"
+      },
+      "MAIL_FROM_NAME": {
+        "description": "Email from Name",
+        "value": "Snipe-IT"
+      },
+      "MAIL_REPLYTO_ADDR": {
+        "description": "Email Reply-To address",
+        "value": "your@domain.name"
+      },
+      "MAIL_REPLYTO_NAME": {
+        "description": "Email Reply-To Name",
+        "value": "Snipe-IT"
+      },
+      "MAIL_AUTO_EMBED": {
+        "description": "Whether or not to embed images in emails (via CID or base64) versus linking to them.",
+        "value": "true"
+      },
+      "MAIL_AUTO_EMBED_METHOD": {
+        "description": "Method that should be used for attaching inline images.",
+        "value": "base64"
+      },
+      "SESSION_LIFETIME": {
+        "description": "Specify the time in minutes that the session should remain valid.",
+        "value": "12000"
+      },
+      "EXPIRE_ON_CLOSE": {
+        "description": "Specify whether or not the logged in session should be expired when the user closes their browser window.",
+        "value": "false"
+      },
+      "ENCRYPT": {
+        "description": "Specify whether you wish to use encrypted cookies for your Snipe-IT sessions.",
+        "value": "true"
+      },
+      "COOKIE_NAME": {
+        "description": "The name of the cookie set by Snipe-IT for session management.",
+        "value": "snipeit_session"
+      },
+      "COOKIE_DOMAIN": {
+        "description": "The domain name that the session cookie should be sent for.",
+        "value": "your-app-name.herokuapp.com"
+      },
+      "SECURE_COOKIES": {
+        "description": "Should cookies only be sent for HTTPS connections? Generally true on Heroku.",
+        "value": "true"
+      },
+      "LOGIN_MAX_ATTEMPTS": {
+        "description": "The maximum number of failed attempts allowed before the user is throttled.",
+        "value": "5"
+      },
+      "LOGIN_LOCKOUT_DURATION": {
+        "description": "The duration (in seconds) that the user should be blocked from attempting to authenticate again.",
+        "value": "60"
+      },
+      "APP_LOG": {
+        "description": "Driver to send logs to. (errorlog for stderr)",
+        "value": "errorlog"
+      },
+      "ALLOW_IFRAMING": {
+        "description": "Allow Snipe-IT to be loaded using an iFrame?",
+        "value": "false"
+      },
+      "GOOGLE_MAPS_API": {
+        "description": "Include your Google Maps API key here if you'd like Snipe-IT to load maps from Google on your locations and suppliers pages.",
+        "required": false
+      },
+      "BACKUP_ENV": {
+        "description": "Set this to true if you wish to backup your .env file in your Admin > Backups process.",
+        "value": "true"
+      },
+      "ENABLE_HSTS": {
+        "description": "Whether or not to send the HSTS security policy header.",
+        "value": "false"
+      }
+    },
+    "formation": {
+      "web": {
+        "quantity": 1,
+        "size": "free"
+      }
+    },
+    "image": "heroku/php",
+    "addons": [
+      "cleardb:ignite",
+      "heroku-redis:hobby-dev",
+      "papertrail:choklad"
+    ]
+  }
--- a/app/Console/Commands/PaveIt.php
+++ b/app/Console/Commands/PaveIt.php
@@ -2,23 +2,9 @@

 namespace App\Console\Commands;

-use App\Models\Accessory;
 use App\Models\Asset;
-use App\Models\AssetModel;
-use App\Models\Category;
-use App\Models\Company;
-use App\Models\Component;
-use App\Models\Consumable;
-use App\Models\Department;
-use App\Models\Depreciation;
-use App\Models\Group;
-use App\Models\Import;
-use App\Models\License;
-use App\Models\LicenseSeat;
-use App\Models\Location;
-use App\Models\Manufacturer;
-use App\Models\Statuslabel;
-use App\Models\Supplier;
+use App\Models\CustomField;
+use Schema;
 use DB;
 use Illuminate\Console\Command;

@@ -29,15 +15,14 @@ class PaveIt extends Command
     *
     * @var string
     */
-    protected $signature = 'snipeit:pave
-              {--soft : Perform a "Soft" Delete, leaving all migrations, table structure, and the first user in place.}';
+    protected $signature = 'snipeit:pave  {--force : Skip the interactive yes/no prompt for confirmation}';

    /**
     * The console command description.
     *
     * @var string
     */
-    protected $description = 'Pave the database to start over. This should ALMOST NEVER BE USED. (It is primarily a quick tool for developers.)';
+    protected $description = 'Clear the database tables, leaving all migrations, table structure, and the first user in place. (It is primarily a quick tool for developers.) If you want to destroy all tables as well, use php artisan db:wipe.';

    /**
     * Create a new command instance.
@@ -56,106 +41,51 @@ class PaveIt extends Command
     */
    public function handle()
    {
-        if ($this->confirm("\n****************************************************\nTHIS WILL DELETE ALL OF THE DATA IN YOUR DATABASE. \nThere is NO undo. This WILL destroy ALL of your data. \n****************************************************\n\nDo you wish to continue? No backsies! [y|N]")) {
-            if ($this->option('soft')) {
-                Accessory::getQuery()->delete();
-                Asset::getQuery()->delete();
-                Category::getQuery()->delete();
-                Company::getQuery()->delete();
-                Component::getQuery()->delete();
-                Consumable::getQuery()->delete();
-                Department::getQuery()->delete();
-                Depreciation::getQuery()->delete();
-                License::getQuery()->delete();
-                LicenseSeat::getQuery()->delete();
-                Location::getQuery()->delete();
-                Manufacturer::getQuery()->delete();
-                AssetModel::getQuery()->delete();
-                Statuslabel::getQuery()->delete();
-                Supplier::getQuery()->delete();
-                Group::getQuery()->delete();
-                Import::getQuery()->delete();

-                DB::statement('delete from accessories_users');
-                DB::statement('delete from asset_logs');
-                DB::statement('delete from asset_maintenances');
-                DB::statement('delete from login_attempts');
-                DB::statement('delete from asset_uploads');
-                DB::statement('delete from action_logs');
-                DB::statement('delete from checkout_requests');
-                DB::statement('delete from checkout_acceptances');
-                DB::statement('delete from consumables_users');
-                DB::statement('delete from custom_field_custom_fieldset');
-                DB::statement('delete from custom_fields');
-                DB::statement('delete from custom_fieldsets');
-                DB::statement('delete from components_assets');
-                DB::statement('delete from kits');
-                DB::statement('delete from kits_accessories');
-                DB::statement('delete from kits_consumables');
-                DB::statement('delete from kits_licenses');
-                DB::statement('delete from kits_models');
-                DB::statement('delete from login_attempts');
-                DB::statement('delete from models_custom_fields');
-                DB::statement('delete from permission_groups');
-                DB::statement('delete from password_resets');
-                DB::statement('delete from requested_assets');
-                DB::statement('delete from requests');
-                DB::statement('delete from throttle');
-                DB::statement('delete from users_groups');
-                DB::statement('delete from users WHERE id!=1');
-            } else {
-                \DB::statement('drop table IF EXISTS accessories_users');
-                \DB::statement('drop table IF EXISTS accessories');
-                \DB::statement('drop table IF EXISTS asset_logs');
-                \DB::statement('drop table IF EXISTS action_logs');
-                \DB::statement('drop table IF EXISTS asset_maintenances');
-                \DB::statement('drop table IF EXISTS asset_uploads');
-                \DB::statement('drop table IF EXISTS assets');
-                \DB::statement('drop table IF EXISTS categories');
-                \DB::statement('drop table IF EXISTS checkout_requests');
-                \DB::statement('drop table IF EXISTS checkout_acceptances');
-                \DB::statement('drop table IF EXISTS companies');
-                \DB::statement('drop table IF EXISTS components');
-                \DB::statement('drop table IF EXISTS components_assets');
-                \DB::statement('drop table IF EXISTS consumables_users');
-                \DB::statement('drop table IF EXISTS consumables');
-                \DB::statement('drop table IF EXISTS custom_field_custom_fieldset');
-                \DB::statement('drop table IF EXISTS custom_fields');
-                \DB::statement('drop table IF EXISTS custom_fieldsets');
-                \DB::statement('drop table IF EXISTS depreciations');
-                \DB::statement('drop table IF EXISTS departments');
-                \DB::statement('drop table IF EXISTS groups');
-                \DB::statement('drop table IF EXISTS history');
-                \DB::statement('drop table IF EXISTS kits');
-                \DB::statement('drop table IF EXISTS kits_accessories');
-                \DB::statement('drop table IF EXISTS kits_consumables');
-                \DB::statement('drop table IF EXISTS kits_licenses');
-                \DB::statement('drop table IF EXISTS kits_models');
-                \DB::statement('drop table IF EXISTS models_custom_fields');
-                \DB::statement('drop table IF EXISTS permission_groups');
-                \DB::statement('drop table IF EXISTS license_seats');
-                \DB::statement('drop table IF EXISTS licenses');
-                \DB::statement('drop table IF EXISTS locations');
-                \DB::statement('drop table IF EXISTS login_attempts');
-                \DB::statement('drop table IF EXISTS manufacturers');
-                \DB::statement('drop table IF EXISTS models');
-                \DB::statement('drop table IF EXISTS migrations');
-                \DB::statement('drop table IF EXISTS oauth_access_tokens');
-                \DB::statement('drop table IF EXISTS oauth_auth_codes');
-                \DB::statement('drop table IF EXISTS oauth_clients');
-                \DB::statement('drop table IF EXISTS oauth_personal_access_clients');
-                \DB::statement('drop table IF EXISTS oauth_refresh_tokens');
-                \DB::statement('drop table IF EXISTS password_resets');
-                \DB::statement('drop table IF EXISTS requested_assets');
-                \DB::statement('drop table IF EXISTS requests');
-                \DB::statement('drop table IF EXISTS settings');
-                \DB::statement('drop table IF EXISTS status_labels');
-                \DB::statement('drop table IF EXISTS suppliers');
-                \DB::statement('drop table IF EXISTS throttle');
-                \DB::statement('drop table IF EXISTS users_groups');
-                \DB::statement('drop table IF EXISTS users');
-                \DB::statement('drop table IF EXISTS imports');
+        if (!$this->option('force')) {
+            $confirmation = $this->confirm("\n****************************************************\nTHIS WILL DELETE ALL OF THE DATA IN YOUR DATABASE. \nThere is NO undo. This WILL destroy ALL of your data, \nINCLUDING ANY non-Snipe-IT tables you have in this database. \n****************************************************\n\nDo you wish to continue? No backsies! ");
+            if (!$confirmation) {
+                $this->error('ABORTING');
+                exit(-1);
            }
        }
+
+        // List all the tables in the database so we don't have to worry about missing some as the app grows
+        $tables = DB::connection()->getDoctrineSchemaManager()->listTableNames();
+
+        $except_tables = [
+            'oauth_access_tokens',
+            'oauth_clients',
+            'oauth_personal_access_clients',
+            'migrations',
+            'settings',
+            'users',
+        ];
+
+        // We only need to find out what these are so we can nuke these columns on the assets table.
+        $custom_fields = CustomField::get();
+        foreach ($custom_fields as $custom_field) {
+            $this->info('DROP the '.$custom_field->db_column.' column from assets as well.');
+
+            if (\Schema::hasColumn('assets', $custom_field->db_column)) {
+                \Schema::table('assets', function ($table) use ($custom_field) {
+                    $table->dropColumn($custom_field->db_column);
+                });
+            }
+        }
+
+        foreach ($tables as $table) {
+            if (in_array($table, $except_tables)) {
+                $this->info($table. ' is SKIPPED.');
+            } else {
+                \DB::statement('truncate '.$table);
+                $this->info($table. ' is TRUNCATED.');
+            }
+        }
+
+        // Leave in the demo oauth keys so we don't have to reset them every day in the demos
+        \DB::statement('delete from oauth_clients WHERE id > 2');
+        \DB::statement('delete from oauth_access_tokens WHERE id > 2');
+    
    }
-}
+}
--- a/app/Console/Commands/ResetDemoSettings.php
+++ b/app/Console/Commands/ResetDemoSettings.php
@@ -81,6 +81,8 @@ class ResetDemoSettings extends Command
            $user->save();
        }

+        \Storage::disk('public')->put('snipe-logo.png', file_get_contents(public_path('img/demo/snipe-logo.png')));
+        \Storage::disk('public')->put('snipe-logo-lg.png', file_get_contents(public_path('img/demo/snipe-logo-lg.png')));

    }

--- a/app/Console/Commands/RestoreFromBackup.php
+++ b/app/Console/Commands/RestoreFromBackup.php
@@ -0,0 +1,297 @@
+<?php
+
+namespace App\Console\Commands;
+
+use Illuminate\Console\Command;
+
+use ZipArchive;
+
+class RestoreFromBackup extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'snipeit:restore 
+                                            {--force : Skip the danger prompt; assuming you hit "y"} 
+                                            {filename : The zip file to be migrated}
+                                            {--no-progress : Don\'t show a progress bar}';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Restore from a previously created backup';
+
+    /**
+     * Create a new command instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        parent::__construct();
+    }
+
+    /**
+     * Execute the console command.
+     *
+     * @return mixed
+     */
+    public function handle()
+    {
+        $dir = getcwd();
+        print "Current working directory is: $dir\n";
+        //
+        $filename = $this->argument('filename');
+
+        if (!$filename) {
+            return $this->error("Missing required filename");
+        }
+
+        if (!$this->option('force') && !$this->confirm('Are you sure you wish to restore from the given backup file? This can lead to MASSIVE DATA LOSS!')) {
+            return $this->error("Data loss not confirmed");
+        }
+
+        if (config('database.default') != 'mysql') {
+            return $this->error("DB_CONNECTION must be MySQL in order to perform a restore. Detected: ".config('database.default'));
+        }
+
+        $za = new ZipArchive();
+
+        $errcode = $za->open($filename/* , ZipArchive::RDONLY */); // that constant only exists in PHP 7.4 and higher
+        if ($errcode !== true) {
+            $errors = [
+                ZipArchive::ER_EXISTS => "File already exists.",
+                ZipArchive::ER_INCONS => "Zip archive inconsistent.",
+                ZipArchive::ER_INVAL => "Invalid argument.",
+                ZipArchive::ER_MEMORY => "Malloc failure.",
+                ZipArchive::ER_NOENT => "No such file.",
+                ZipArchive::ER_NOZIP => "Not a zip archive.",
+                ZipArchive::ER_OPEN => "Can't open file.",
+                ZipArchive::ER_READ => "Read error.",
+                ZipArchive::ER_SEEK => "Seek error."
+            ];
+
+            return $this->error("Could not access file: ".$filename." - ".array_key_exists($errcode,$errors) ? $errors[$errcode] : " Unknown reason: $errcode");
+        }
+
+
+        $private_dirs = [
+            'storage/private_uploads/assets', // these are asset _files_, not the pictures.
+            'storage/private_uploads/audits',
+            'storage/private_uploads/imports',
+            'storage/private_uploads/assetmodels',
+            'storage/private_uploads/users',
+            'storage/private_uploads/licenses',
+            'storage/private_uploads/signatures'
+        ];
+        $private_files = [
+            'storage/oauth-private.key',
+            'storage/oauth-public.key'
+        ];
+        $public_dirs = [
+            'public/uploads/companies',
+            'public/uploads/components',
+            'public/uploads/categories',
+            'public/uploads/manufacturers',
+            //'public/uploads/barcodes', // we don't want this, let the barcodes be regenerated
+            'public/uploads/consumables',
+            'public/uploads/departments',
+            'public/uploads/avatars',
+            'public/uploads/suppliers',
+            'public/uploads/assets', // these are asset _pictures_, not asset files
+            'public/uploads/locations',
+            'public/uploads/accessories',
+            'public/uploads/models',
+            'public/uploads/categories',
+            'public/uploads/avatars',
+            'public/uploads/manufacturers'
+        ];
+        
+        $public_files = [
+            'public/uploads/logo.*',
+            'public/uploads/setting-email_logo*',
+            'public/uploads/setting-label_logo*',
+            'public/uploads/setting-logo*',
+            'public/uploads/favicon.*',
+            'public/uploads/favicon-uploaded.*'
+        ];
+
+        $all_files = $private_dirs + $public_dirs;
+
+        $sqlfiles = [];
+        $sqlfile_indices = [];
+
+        $interesting_files = [];
+        $boring_files = [];
+        
+        for ($i=0; $i<$za->numFiles;$i++) {
+            $stat_results = $za->statIndex($i);
+            // echo "index: $i\n";
+            // print_r($stat_results);
+        
+            $raw_path = $stat_results['name'];
+            if(strpos($raw_path,'\\')!==false) { //found a backslash, swap it to forward-slash
+                $raw_path = strtr($raw_path,'\\','/');
+                //print "Translating file: ".$stat_results['name']." to: ".$raw_path."\n";
+            }
+        
+            // skip macOS resource fork files (?!?!?!)
+            if(strpos($raw_path,"__MACOSX")!==false && strpos($raw_path,"._") !== false) {
+                //print "SKIPPING macOS Resource fork file: $raw_path\n";
+                $boring_files[] = $raw_path;
+                continue;
+            }
+            if(@pathinfo($raw_path)['extension'] == "sql") {
+                print "Found a sql file!\n";
+                $sqlfiles[] = $raw_path;
+                $sqlfile_indices[] = $i;
+                continue;
+            }
+        
+            foreach(array_merge($private_dirs,$public_dirs) as $dir) {
+                $last_pos = strrpos($raw_path,$dir.'/');
+                if($last_pos !== false ) {
+                    //print("INTERESTING - last_pos is $last_pos when searching $raw_path for $dir - last_pos+strlen(\$dir) is: ".($last_pos+strlen($dir))." and strlen(\$rawpath) is: ".strlen($raw_path)."\n");
+                    //print("We would copy $raw_path to $dir.\n"); //FIXME append to a path?
+                    $interesting_files[$raw_path] = ['dest' =>$dir, 'index' => $i];
+                    continue 2;
+                    if($last_pos + strlen($dir) +1 == strlen($raw_path)) {
+                        // we don't care about that; we just want files with the appropriate prefix
+                        //print("FOUND THE EXACT DIRECTORY: $dir AT: $raw_path!!!\n");
+                    }
+                }
+            }
+            $good_extensions = ["png","gif","jpg","svg","jpeg","doc","docx","pdf","txt",
+                                "zip","rar","xls","xlsx","lic","xml","rtf", "webp","key","ico"];
+            foreach(array_merge($private_files, $public_files) as $file) {
+                $has_wildcard = (strpos($file,"*") !== false);
+                if($has_wildcard) {
+                    $file = substr($file,0,-1); //trim last character (which should be the wildcard)
+                }
+                $last_pos = strrpos($raw_path,$file); // no trailing slash!
+                if($last_pos !== false ) {
+                    $extension = strtolower(pathinfo($raw_path, PATHINFO_EXTENSION));
+                    if(!in_array($extension, $good_extensions)) {
+                        $this->warn("Potentially unsafe file ".$raw_path." is being skipped");
+                        $boring_files[] = $raw_path;
+                        continue 2;
+                    }
+                    //print("INTERESTING - last_pos is $last_pos when searching $raw_path for $file - last_pos+strlen(\$file) is: ".($last_pos+strlen($file))." and strlen(\$rawpath) is: ".strlen($raw_path)."\n");
+                    //no wildcards found in $file, process 'normally'
+                    if($last_pos + strlen($file) == strlen($raw_path) || $has_wildcard) { //again, no trailing slash. or this is a wildcard and we just take it.
+                        // print("FOUND THE EXACT FILE: $file AT: $raw_path!!!\n"); //we *do* care about this, though.
+                        $interesting_files[$raw_path] = ['dest' => dirname($file),'index' => $i];
+                        continue 2;
+                    }
+                }
+            }
+            $boring_files[] = $raw_path; //if we've gotten to here and haven't continue'ed our way into the next iteration, we don't want this file
+        } // end of pre-processing the ZIP file for-loop
+
+        // print_r($interesting_files);exit(-1);
+
+        if( count($sqlfiles) != 1) {
+            return $this->error("There should be exactly *one* sql backup file found, found: ".( count($sqlfiles) == 0 ? "None" : implode(", ",$sqlfiles)));
+        }
+
+        if( strpos($sqlfiles[0], "db-dumps") === false ) {
+            //return $this->error("SQL backup file is missing 'db-dumps' component of full pathname: ".$sqlfiles[0]);
+            //older Snipe-IT installs don't have the db-dumps subdirectory component
+        }
+
+        //how to invoke the restore?
+        $pipes = [];
+
+        $env_vars = getenv();
+        $env_vars['MYSQL_PWD'] = config("database.connections.mysql.password");
+        $proc_results = proc_open("mysql -h ".escapeshellarg(config('database.connections.mysql.host'))." -u ".escapeshellarg(config('database.connections.mysql.username'))." ".escapeshellarg(config('database.connections.mysql.database')), // yanked -p since we pass via ENV
+                                  [0 => ['pipe','r'],1 => ['pipe','w'],2 => ['pipe','w']],
+                                  $pipes,
+                                  null,
+                                  $env_vars); // this is not super-duper awesome-secure, but definitely more secure than showing it on the CLI, or dropping temporary files with passwords in them.
+        if($proc_results === false) {
+            return $this->error("Unable to invoke mysql via CLI");
+        }
+
+        // $this->info("Stdout says? ".fgets($pipes[1])); //FIXME: I think we might need to set non-blocking mode to use this properly?
+        // $this->info("Stderr says? ".fgets($pipes[2])); //FIXME: ditto, same.
+        // should we read stdout?
+        // fwrite($pipes[0],config("database.connections.mysql.password")."\n"); //this doesn't work :(
+
+        //$sql_contents = fopen($sqlfiles[0], "r"); //NOPE! This isn't a real file yet, silly-billy!
+
+        $sql_stat = $za->statIndex($sqlfile_indices[0]);
+        //$this->info("SQL Stat is: ".print_r($sql_stat,true));
+        $sql_contents = $za->getStream($sql_stat['name']);
+        if ($sql_contents === false) {
+            $stdout = fgets($pipes[1]);
+            $this->info($stdout);
+            $stderr = fgets($pipes[2]);
+            $this->info($stderr);
+            return false;
+        }
+
+        while(($buffer = fgets($sql_contents)) !== false ) {
+            //$this->info("Buffer is: '$buffer'");
+            $bytes_written = fwrite($pipes[0],$buffer);
+            if($bytes_written === false) {
+                $stdout = fgets($pipes[1]);
+                $this->info($stdout);
+                $stderr = fgets($pipes[2]);
+                $this->info($stderr);
+                return false;
+            }
+        }
+        fclose($pipes[0]);
+        fclose($sql_contents);
+        
+        $this->line(stream_get_contents($pipes[1]));
+        fclose($pipes[1]);
+
+        $this->error(stream_get_contents($pipes[2]));
+        fclose($pipes[2]);
+
+        //wait, have to do fclose() on all pipes first?
+        $close_results = proc_close($proc_results);
+        if($close_results != 0) {
+            return $this->error("There may have been a problem with the database import: Error number ".$close_results);
+        }
+        
+        //and now copy the files over too (right?)
+        //FIXME - we don't prune the filesystem space yet!!!!
+        if($this->option('no-progress')) {
+            $bar = null;
+        } else {
+            $bar = $this->output->createProgressBar(count($interesting_files));
+        }
+        foreach($interesting_files AS $pretty_file_name => $file_details) {
+            $ugly_file_name = $za->statIndex($file_details['index'])['name'];
+            $fp = $za->getStream($ugly_file_name);
+            //$this->info("Weird problem, here are file details? ".print_r($file_details,true));
+            $migrated_file = fopen($file_details['dest']."/".basename($pretty_file_name),"w");
+            while(($buffer = fgets($fp))!== false) {
+                fwrite($migrated_file,$buffer);
+            }
+            fclose($migrated_file);
+            fclose($fp);
+            //$this->info("Wrote $ugly_file_name to $pretty_file_name");
+            if($bar) {
+                $bar->advance();
+            }
+        }
+        if($bar) {
+            $bar->finish();
+            $this->line("");
+        } else {
+            $this->info(count($interesting_files)." files were succesfully transferred");
+        }
+        foreach($boring_files as $boring_file) {
+            $this->warn($boring_file." was skipped.");
+        }
+        
+    }
+}
--- a/app/Exceptions/Handler.php
+++ b/app/Exceptions/Handler.php
@@ -121,6 +121,6 @@ class Handler extends ExceptionHandler
     */
    protected function invalidJson($request, ValidationException $exception)
    {
-        return response()->json(Helper::formatStandardApiResponse('error', null, $exception->errors(), 400));
+        return response()->json(Helper::formatStandardApiResponse('error', null, $exception->errors(), 422));
    }
 }
--- a/app/Helpers/Helper.php
+++ b/app/Helpers/Helper.php
@@ -46,7 +46,10 @@ class Helper
    public static function formatCurrencyOutput($cost)
    {
        if (is_numeric($cost)) {
-            return number_format($cost, 2, '.', '');
+            if (Setting::getSettings()->digit_separator=='1.234,56') {
+                return number_format($cost, 2, ',', '.');
+            }
+            return number_format($cost, 2, '.', ',');
        }
        // It's already been parsed.
        return $cost;
@@ -64,7 +67,7 @@ class Helper
    {
        $colors = [
            "#008941",
-            "#FF4A46",
+            "#FF851B",
            "#006FA6",
            "#A30059",
            "#1CE6FF",
@@ -400,6 +403,19 @@ class Helper
     */
    public static function ParseFloat($floatString)
    {
+        /*******
+         * 
+         * WARNING: This does conversions based on *locale* - a Unix-ey-like thing.
+         * 
+         * Everything else in the system tends to convert based on the Snipe-IT settings
+         * 
+         * So it's very likely this is *not* what you want - instead look for the new
+         * 
+         * ParseCurrency($currencyString)
+         * 
+         * Which should be directly below here
+         * 
+         */
        $LocaleInfo = localeconv();
        $floatString = str_replace(",", "", $floatString);
        $floatString = str_replace($LocaleInfo["decimal_point"], ".", $floatString);
@@ -413,6 +429,26 @@ class Helper
        $floatString = str_replace($currencySymbol, '', $floatString);
        return floatval($floatString);
    }
+    
+    /**
+     * Format currency using comma or period for thousands, and period or comma for decimal, based on settings.
+     * 
+     * @author [B. Wetherington] [<bwetherington@grokability.com>]
+     * @since [v5.2]
+     * @return Float
+     */
+    public static function ParseCurrency($currencyString) {
+        $without_currency = str_replace(Setting::getSettings()->default_currency, '', $currencyString); //generally shouldn't come up, since we don't do this in fields, but just in case it does...
+        if(Setting::getSettings()->digit_separator=='1.234,56') {
+            //EU format
+            $without_thousands = str_replace('.', '', $without_currency);
+            $corrected_decimal = str_replace(',', '.', $without_thousands);
+        } else {
+            $without_thousands = str_replace(',', '', $without_currency);
+            $corrected_decimal = $without_thousands;  // decimal is already OK
+        }
+        return floatval($corrected_decimal);
+    }

    /**
     * Get the list of status labels in an array to make a dropdown menu
@@ -887,7 +923,8 @@ class Helper
            // If upload_max_size is less, then reduce. Except if upload_max_size is
            // zero, which indicates no limit.
            $upload_max = Helper::parse_size(ini_get('upload_max_filesize'));
-            if ($upload_max > 0 && $upload_max < $max_size) {
+
+            if ($upload_max > 0 && $upload_max < $post_max_size) {
                $max_size = ini_get('upload_max_filesize');
            }
        }
--- a/app/Http/Controllers/Accessories/AccessoriesController.php
+++ b/app/Http/Controllers/Accessories/AccessoriesController.php
@@ -74,7 +74,7 @@ class AccessoriesController extends Controller
        $accessory->manufacturer_id         = request('manufacturer_id');
        $accessory->model_number            = request('model_number');
        $accessory->purchase_date           = request('purchase_date');
-        $accessory->purchase_cost           = Helper::ParseFloat(request('purchase_cost'));
+        $accessory->purchase_cost           = Helper::ParseCurrency(request('purchase_cost'));
        $accessory->qty                     = request('qty');
        $accessory->user_id                 = Auth::user()->id;
        $accessory->supplier_id             = request('supplier_id');
@@ -137,7 +137,7 @@ class AccessoriesController extends Controller
        $accessory->order_number            = request('order_number');
        $accessory->model_number            = request('model_number');
        $accessory->purchase_date           = request('purchase_date');
-        $accessory->purchase_cost           = request('purchase_cost');
+        $accessory->purchase_cost           = Helper::ParseCurrency(request('purchase_cost'));
        $accessory->qty                     = request('qty');
        $accessory->supplier_id             = request('supplier_id');

--- a/app/Http/Controllers/Api/AccessoriesController.php
+++ b/app/Http/Controllers/Api/AccessoriesController.php
@@ -13,6 +13,7 @@ use Carbon\Carbon;
 use Auth;
 use DB;
 use Illuminate\Http\Request;
+use App\Http\Requests\ImageUploadRequest;

 class AccessoriesController extends Controller
 {
@@ -26,9 +27,23 @@ class AccessoriesController extends Controller
    public function index(Request $request)
    {
        $this->authorize('view', Accessory::class);
-        $allowed_columns = ['id','name','model_number','eol','notes','created_at','min_amt','company_id'];
+        
+        // This array is what determines which fields should be allowed to be sorted on ON the table itself, no relations
+        // Relations will be handled in query scopes a little further down.
+        $allowed_columns = 
+            [
+                'id',
+                'name',
+                'model_number',
+                'eol',
+                'notes',
+                'created_at',
+                'min_amt',
+                'company_id'
+            ];

-        $accessories = Accessory::with('category', 'company', 'manufacturer', 'users', 'location');
+
+        $accessories = Accessory::select('accessories.*')->with('category', 'company', 'manufacturer', 'users', 'location', 'supplier');

        if ($request->filled('search')) {
            $accessories = $accessories->TextSearch($request->input('search'));
@@ -50,6 +65,10 @@ class AccessoriesController extends Controller
            $accessories->where('supplier_id','=',$request->input('supplier_id'));
        }

+        if ($request->filled('location_id')) {
+            $accessories->where('location_id','=',$request->input('location_id'));
+        }
+
        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
        // case we override with the actual count, so we should return 0 items.
        $offset = (($accessories) && ($request->get('offset') > $accessories->count())) ? $accessories->count() : $request->get('offset', 0);
@@ -57,24 +76,32 @@ class AccessoriesController extends Controller
        // Check to make sure the limit is not higher than the max allowed
        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');

-
        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
-        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
+        $sort_override =  $request->input('sort');
+        $column_sort = in_array($sort_override, $allowed_columns) ? $sort_override : 'created_at';

-        switch ($sort) {
+        switch ($sort_override) {
            case 'category':
                $accessories = $accessories->OrderCategory($order);
                break;
            case 'company':
                $accessories = $accessories->OrderCompany($order);
                break;
+            case 'location':
+                $accessories = $accessories->OrderLocation($order);
+                break;
+            case 'manufacturer':
+                $accessories = $accessories->OrderManufacturer($order);
+                break;    
+            case 'supplier':
+                $accessories = $accessories->OrderSupplier($order);
+                break;       
            default:
-                $accessories = $accessories->orderBy($sort, $order);
+                $accessories = $accessories->orderBy($column_sort, $order);
                break;
        }

-        $accessories->orderBy($sort, $order);
-
+    
        $total = $accessories->count();
        $accessories = $accessories->skip($offset)->take($limit)->get();
        return (new AccessoriesTransformer)->transformAccessories($accessories, $total);
@@ -86,14 +113,15 @@ class AccessoriesController extends Controller
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest $request
     * @return \Illuminate\Http\Response
     */
-    public function store(Request $request)
+    public function store(ImageUploadRequest $request)
    {
        $this->authorize('create', Accessory::class);
        $accessory = new Accessory;
        $accessory->fill($request->all());
+        $accessory = $request->handleImages($accessory);

        if ($accessory->save()) {
            return response()->json(Helper::formatStandardApiResponse('success', $accessory, trans('admin/accessories/message.create.success')));
@@ -165,9 +193,13 @@ class AccessoriesController extends Controller

        if ($request->filled('search')) {
            $accessory_users = $accessory->users()
-                                ->where('first_name', 'like', '%'.$request->input('search').'%')
-                                ->orWhere('last_name', 'like', '%'.$request->input('search').'%')
-                                ->get();
+                                         ->where(function ($query) use ($request) {
+                                             $search_str = '%' . $request->input('search') . '%';
+                                             $query->where('first_name', 'like', $search_str)
+                                                   ->orWhere('last_name', 'like', $search_str)
+                                                   ->orWhere('note', 'like', $search_str);
+                                         })
+                                         ->get();
            $total = $accessory_users->count();
        }

@@ -180,15 +212,16 @@ class AccessoriesController extends Controller
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest $request
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
-    public function update(Request $request, $id)
+    public function update(ImageUploadRequest $request, $id)
    {
        $this->authorize('update', Accessory::class);
        $accessory = Accessory::findOrFail($id);
        $accessory->fill($request->all());
+        $accessory = $request->handleImages($accessory);

        if ($accessory->save()) {
            return response()->json(Helper::formatStandardApiResponse('success', $accessory, trans('admin/accessories/message.update.success')));
@@ -287,7 +320,7 @@ class AccessoriesController extends Controller
        $accessory = Accessory::find($accessory_user->accessory_id);
        $this->authorize('checkin', $accessory);

-        $logaction = $accessory->logCheckin(User::find($accessoryUserId), $request->input('note'));
+        $logaction = $accessory->logCheckin(User::find($accessory_user->user_id), $request->input('note'));

        // Was the accessory updated?
        if (DB::table('accessories_users')->where('id', '=', $accessory_user->id)->delete()) {
--- a/app/Http/Controllers/Api/AssetMaintenancesController.php
+++ b/app/Http/Controllers/Api/AssetMaintenancesController.php
@@ -105,7 +105,7 @@ class AssetMaintenancesController extends Controller
        $assetMaintenance = new AssetMaintenance();
        $assetMaintenance->supplier_id = $request->input('supplier_id');
        $assetMaintenance->is_warranty = $request->input('is_warranty');
-        $assetMaintenance->cost =  e($request->input('cost'));
+        $assetMaintenance->cost =  Helper::ParseCurrency($request->input('cost'));
        $assetMaintenance->notes = e($request->input('notes'));
        $asset = Asset::find(e($request->input('asset_id')));

@@ -162,7 +162,7 @@ class AssetMaintenancesController extends Controller

        $assetMaintenance->supplier_id = e($request->input('supplier_id'));
        $assetMaintenance->is_warranty = e($request->input('is_warranty'));
-        $assetMaintenance->cost =  Helper::ParseFloat(e($request->input('cost')));
+        $assetMaintenance->cost =  Helper::ParseCurrency($request->input('cost'));
        $assetMaintenance->notes = e($request->input('notes'));

        $asset = Asset::find(request('asset_id'));
--- a/app/Http/Controllers/Api/AssetModelsController.php
+++ b/app/Http/Controllers/Api/AssetModelsController.php
@@ -9,6 +9,7 @@ use App\Http\Transformers\SelectlistTransformer;
 use App\Models\Asset;
 use App\Models\AssetModel;
 use Illuminate\Http\Request;
+use App\Http\Requests\ImageUploadRequest;
 use Illuminate\Support\Facades\Storage;

 /**
@@ -66,7 +67,7 @@ class AssetModelsController extends Controller



-        if ($request->filled('status')) {
+        if ($request->input('status')=='deleted') {
            $assetmodels->onlyTrashed();
        }

@@ -107,14 +108,15 @@ class AssetModelsController extends Controller
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
     * @return \Illuminate\Http\Response
     */
-    public function store(Request $request)
+    public function store(ImageUploadRequest $request)
    {
        $this->authorize('create', AssetModel::class);
        $assetmodel = new AssetModel;
        $assetmodel->fill($request->all());
+        $assetmodel = $request->handleImages($assetmodel);

        if ($assetmodel->save()) {
            return response()->json(Helper::formatStandardApiResponse('success', $assetmodel, trans('admin/models/message.create.success')));
@@ -159,16 +161,17 @@ class AssetModelsController extends Controller
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
-    public function update(Request $request, $id)
+    public function update(ImageUploadRequest $request, $id)
    {
        $this->authorize('update', AssetModel::class);
        $assetmodel = AssetModel::findOrFail($id);
        $assetmodel->fill($request->all());
-
+        $assetmodel = $request->handleImages($assetmodel);
+        
        /**
         * Allow custom_fieldset_id to override and populate fieldset_id.
         * This is stupid, but required for legacy API support.
--- a/app/Http/Controllers/Api/AssetsController.php
+++ b/app/Http/Controllers/Api/AssetsController.php
@@ -1,13 +1,16 @@
 <?php
 namespace App\Http\Controllers\Api;

+use App\Events\CheckoutableCheckedIn;
 use Illuminate\Support\Facades\Gate;
 use App\Helpers\Helper;
 use App\Http\Controllers\Controller;
 use App\Http\Requests\AssetCheckoutRequest;
 use App\Http\Transformers\AssetsTransformer;
+use App\Http\Transformers\DepreciationReportTransformer;
 use App\Http\Transformers\LicensesTransformer;
 use App\Http\Transformers\SelectlistTransformer;
+use App\Models\Actionlog;
 use App\Models\Asset;
 use App\Models\AssetModel;
 use App\Models\Company;
@@ -20,12 +23,14 @@ use Auth;
 use Carbon\Carbon;
 use DB;
 use Illuminate\Http\Request;
+use App\Http\Requests\ImageUploadRequest;
 use Input;
 use Paginator;
 use Slack;
 use Str;
 use TCPDF;
 use Validator;
+use Route;


 /**
@@ -46,10 +51,32 @@ class AssetsController extends Controller
     * @since [v4.0]
     * @return JsonResponse
     */
-    public function index(Request $request, $audit = null)
+    public function index(Request $request, $audit = null) 
    {

-        $this->authorize('index', Asset::class);
+        \Log::debug(Route::currentRouteName());
+        
+
+        /**
+         * This looks MAD janky (and it is), but the AssetsController@index does a LOT of heavy lifting throughout the 
+         * app. This bit here just makes sure that someone without permission to view assets doesn't 
+         * end up with priv escalations because they asked for a different endpoint. 
+         * 
+         * Since we never gave the specification for which transformer to use before, it should default 
+         * gracefully to just use the AssetTransformer by default, which shouldn't break anything. 
+         * 
+         * It was either this mess, or repeating ALL of the searching and sorting and filtering code, 
+         * which would have been far worse of a mess. *sad face*  - snipe (Sept 1, 2021)
+         */
+        if (Route::currentRouteName()=='api.depreciation-report.index') {
+            $transformer = 'App\Http\Transformers\DepreciationReportTransformer';
+            $this->authorize('reports.view');
+        } else {
+            $transformer = 'App\Http\Transformers\AssetsTransformer';
+            $this->authorize('index', Asset::class);          
+        }
+        
+       
        $settings = Setting::getSettings();

        $allowed_columns = [
@@ -88,10 +115,10 @@ class AssetsController extends Controller
        }

        $assets = Company::scopeCompanyables(Asset::select('assets.*'),"company_id","assets")
-            ->with('location', 'assetstatus', 'assetlog', 'company', 'defaultLoc','assignedTo',
-                'model.category', 'model.manufacturer', 'model.fieldset','supplier');
-
+            ->with('location', 'assetstatus', 'company', 'defaultLoc','assignedTo',
+                'model.category', 'model.manufacturer', 'model.fieldset','supplier'); //it might be tempting to add 'assetlog' here, but don't. It blows up update-heavy users.

+        
        // These are used by the API to query against specific ID numbers.
        // They are also used by the individual searches on detail pages like
        // locations, etc.
@@ -243,7 +270,7 @@ class AssetsController extends Controller
            $assets->TextSearch($request->input('search'));
        }

-
+        
        // This is kinda gross, but we need to do this because the Bootstrap Tables
        // API passes custom field ordering as custom_fields.fieldname, and we have to strip
        // that out to let the default sorter below order them correctly on the assets table.
@@ -292,8 +319,25 @@ class AssetsController extends Controller

        $total = $assets->count();
        $assets = $assets->skip($offset)->take($limit)->get();
-        // dd($assets);
-        return (new AssetsTransformer)->transformAssets($assets, $total);
+        
+    
+        /**
+         * Include additional associated relationships
+         */  
+        if ($request->input('components')) {
+            $assets->loadMissing(['components' => function ($query) {
+                $query->orderBy('created_at', 'desc');
+            }]);
+        }
+
+        
+
+
+        /**
+         * Here we're just determining which Transformer (via $transformer) to use based on the 
+         * variables we set earlier on in this method - we default to AssetsTransformer.
+         */
+        return (new $transformer)->transformAssets($assets, $total, $request);
    }


@@ -305,11 +349,11 @@ class AssetsController extends Controller
     * @since [v4.2.1]
     * @return JsonResponse
     */
-    public function showByTag($tag)
+    public function showByTag(Request $request, $tag)
    {
        if ($asset = Asset::with('assetstatus')->with('assignedTo')->where('asset_tag',$tag)->first()) {
            $this->authorize('view', $asset);
-            return (new AssetsTransformer)->transformAsset($asset);
+            return (new AssetsTransformer)->transformAsset($asset, $request);
        }
        return response()->json(Helper::formatStandardApiResponse('error', null, 'Asset not found'), 200);

@@ -323,18 +367,24 @@ class AssetsController extends Controller
     * @since [v4.2.1]
     * @return JsonResponse
     */
-    public function showBySerial($serial)
+    public function showBySerial(Request $request, $serial)
    {
        $this->authorize('index', Asset::class);
-        if ($assets = Asset::with('assetstatus')->with('assignedTo')
-            ->withTrashed()->where('serial',$serial)->get()) {
-                return (new AssetsTransformer)->transformAssets($assets, $assets->count());
+
+        $assets = Asset::with('assetstatus')->with('assignedTo');
+
+        if ($request->input('deleted', 'false') === 'true') {
+            $assets = $assets->withTrashed();
        }
-        return response()->json(Helper::formatStandardApiResponse('error', null, 'Asset not found'), 200);

+        $assets = $assets->where('serial', $serial)->get();
+        if ($assets) {
+            return (new AssetsTransformer)->transformAssets($assets, $assets->count());
+        } else {
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'Asset not found'), 200);
+        }
    }

-
    /**
     * Returns JSON with information about an asset for detail view.
     *
@@ -343,17 +393,17 @@ class AssetsController extends Controller
     * @since [v4.0]
     * @return JsonResponse
     */
-    public function show($id)
+    public function show(Request $request, $id)
    {
        if ($asset = Asset::with('assetstatus')->with('assignedTo')->withTrashed()
            ->withCount('checkins as checkins_count', 'checkouts as checkouts_count', 'userRequests as user_requests_count')->findOrFail($id)) {
            $this->authorize('view', $asset);
-            return (new AssetsTransformer)->transformAsset($asset);
+            return (new AssetsTransformer)->transformAsset($asset, $request->input('components') );
        }


    }
-    public function licenses($id)
+    public function licenses(Request $request, $id)
    {
        $this->authorize('view', Asset::class);
        $this->authorize('view', License::class);
@@ -424,11 +474,11 @@ class AssetsController extends Controller
     * Accepts a POST request to create a new asset
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
-     * @param Request $request
+     * @param \App\Http\Requests\ImageUploadRequest $request
     * @since [v4.0]
     * @return JsonResponse
     */
-    public function store(Request $request)
+    public function store(ImageUploadRequest $request)
    {

        $this->authorize('create', Asset::class);
@@ -449,7 +499,7 @@ class AssetsController extends Controller
        $asset->depreciate              = '0';
        $asset->status_id               = $request->get('status_id', 0);
        $asset->warranty_months         = $request->get('warranty_months', null);
-        $asset->purchase_cost           = Helper::ParseFloat($request->get('purchase_cost'));
+        $asset->purchase_cost           = Helper::ParseCurrency($request->get('purchase_cost')); // this is the API's store method, so I don't know that I want to do this? Confusing. FIXME (or not?!)
        $asset->purchase_date           = $request->get('purchase_date', null);
        $asset->assigned_to             = $request->get('assigned_to', null);
        $asset->supplier_id             = $request->get('supplier_id', 0);
@@ -457,21 +507,15 @@ class AssetsController extends Controller
        $asset->rtd_location_id         = $request->get('rtd_location_id', null);
        $asset->location_id             = $request->get('rtd_location_id', null);

-        if ($request->has('image_source') && $request->input('image_source') != "") {
-            $saved_image_path = Helper::processUploadedImage(
-                $request->input('image_source'), 'uploads/assets/'
-            );
+        /**
+        * this is here just legacy reasons. Api\AssetController
+        * used image_source  once to allow encoded image uploads.
+        */
+        if ($request->has('image_source')) {
+            $request->offsetSet('image', $request->offsetGet('image_source'));
+        }     

-            if (!$saved_image_path) {
-                return response()->json(Helper::formatStandardApiResponse(
-                        'error',
-                        null,
-                        trans('admin/hardware/message.create.error')
-                    ), 200);
-            }
-
-            $asset->image = $saved_image_path;
-        }
+        $asset = $request->handleImages($asset);

        // Update custom fields in the database.
        // Validation for these fields is handled through the AssetRequest form request
@@ -539,11 +583,11 @@ class AssetsController extends Controller
     * Accepts a POST request to update an asset
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
-     * @param Request $request
+     * @param \App\Http\Requests\ImageUploadRequest $request
     * @since [v4.0]
     * @return JsonResponse
     */
-    public function update(Request $request, $id)
+    public function update(ImageUploadRequest $request, $id)
    {
        $this->authorize('update', Asset::class);

@@ -557,32 +601,19 @@ class AssetsController extends Controller
            ($request->filled('company_id')) ?
                $asset->company_id = Company::getIdForCurrentUser($request->get('company_id')) : '';

-($request->filled('rtd_location_id')) ?
-                $asset->location_id = $request->get('rtd_location_id') : null;
-
-
-            if ($request->filled('image_source')) {
-                if ($request->input('image_source') == "") {
            ($request->filled('rtd_location_id')) ?
                $asset->location_id = $request->get('rtd_location_id') : null;
-                    $asset->image = null;
-                } else {
-                    $saved_image_path = Helper::processUploadedImage(
-                        $request->input('image_source'), 'uploads/assets/'
-                    );

-                    if (!$saved_image_path) {
-                        return response()->json(Helper::formatStandardApiResponse(
-                            'error',
-                            null,
-                            trans('admin/hardware/message.update.error')
-                        ), 200);
-                    }
-
-                    $asset->image = $saved_image_path;
-                }
-            }
+            /**
+            * this is here just legacy reasons. Api\AssetController
+            * used image_source  once to allow encoded image uploads.
+            */
+            if ($request->has('image_source')) {
+                $request->offsetSet('image', $request->offsetGet('image_source'));
+            }     

+            $asset = $request->handleImages($asset); 
+            
            // Update custom fields
            if (($model = AssetModel::find($asset->model_id)) && (isset($model->fieldset))) {
                foreach ($model->fieldset->fields as $field) {
@@ -657,6 +688,39 @@ class AssetsController extends Controller
        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/hardware/message.does_not_exist')), 200);
    }

+    
+
+    /**
+     * Restore a soft-deleted asset.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @param int $assetId
+     * @since [v5.1.18]
+     * @return JsonResponse
+     */
+    public function restore($assetId = null)
+    {
+        // Get asset information
+        $asset = Asset::withTrashed()->find($assetId);
+        $this->authorize('delete', $asset);
+        if (isset($asset->id)) {
+            // Restore the asset
+            Asset::withTrashed()->where('id', $assetId)->restore();
+
+            $logaction = new Actionlog();
+            $logaction->item_type = Asset::class;
+            $logaction->item_id = $asset->id;
+            $logaction->created_at =  date("Y-m-d H:i:s");
+            $logaction->user_id = Auth::user()->id;
+            $logaction->logaction('restored');
+
+            return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/hardware/message.restore.success')));
+        
+
+        }
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/hardware/message.does_not_exist')), 200);
+    }
+


    /**
@@ -781,7 +845,8 @@ class AssetsController extends Controller
        }

        if ($asset->save()) {
-            $asset->logCheckin($target, e($request->input('note')));
+            event(new CheckoutableCheckedIn($asset, $target, Auth::user(), $request->input('note')));
+
            return response()->json(Helper::formatStandardApiResponse('success', ['asset'=> e($asset->asset_tag)], trans('admin/hardware/message.checkin.success')));
        }

@@ -845,7 +910,7 @@ class AssetsController extends Controller
            }
        }

-        return response()->json(Helper::formatStandardApiResponse('error', ['asset_tag'=> e($request->input('asset_tag'))], 'Asset with tag '.$request->input('asset_tag').' not found'));
+        return response()->json(Helper::formatStandardApiResponse('error', ['asset_tag'=> e($request->input('asset_tag'))], 'Asset with tag '.e($request->input('asset_tag')).' not found'));



--- a/app/Http/Controllers/Api/CategoriesController.php
+++ b/app/Http/Controllers/Api/CategoriesController.php
@@ -8,6 +8,7 @@ use App\Http\Transformers\CategoriesTransformer;
 use App\Http\Transformers\SelectlistTransformer;
 use App\Models\Category;
 use Illuminate\Http\Request;
+use App\Http\Requests\ImageUploadRequest;
 use Illuminate\Support\Facades\Storage;

 class CategoriesController extends Controller
@@ -54,14 +55,16 @@ class CategoriesController extends Controller
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest $request
     * @return \Illuminate\Http\Response
     */
-    public function store(Request $request)
+    public function store(ImageUploadRequest $request)
    {
        $this->authorize('create', Category::class);
        $category = new Category;
        $category->fill($request->all());
+        $category->category_type = strtolower($request->input('category_type'));
+        $category = $request->handleImages($category);

        if ($category->save()) {
            return response()->json(Helper::formatStandardApiResponse('success', $category, trans('admin/categories/message.create.success')));
@@ -92,15 +95,17 @@ class CategoriesController extends Controller
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
-    public function update(Request $request, $id)
+    public function update(ImageUploadRequest $request, $id)
    {
        $this->authorize('update', Category::class);
        $category = Category::findOrFail($id);
        $category->fill($request->all());
+        $category->category_type = strtolower($request->input('category_type'));
+        $category = $request->handleImages($category);

        if ($category->save()) {
            return response()->json(Helper::formatStandardApiResponse('success', $category, trans('admin/categories/message.update.success')));
--- a/app/Http/Controllers/Api/CompaniesController.php
+++ b/app/Http/Controllers/Api/CompaniesController.php
@@ -8,6 +8,7 @@ use App\Http\Transformers\CompaniesTransformer;
 use App\Http\Transformers\SelectlistTransformer;
 use App\Models\Company;
 use Illuminate\Http\Request;
+use App\Http\Requests\ImageUploadRequest;
 use Illuminate\Support\Facades\Storage;

 class CompaniesController extends Controller
@@ -65,15 +66,16 @@ class CompaniesController extends Controller
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest $request
     * @return \Illuminate\Http\Response
     */
-    public function store(Request $request)
+    public function store(ImageUploadRequest $request)
    {
        $this->authorize('create', Company::class);
        $company = new Company;
        $company->fill($request->all());
-
+        $company = $request->handleImages($company);
+        
        if ($company->save()) {
            return response()->json(Helper::formatStandardApiResponse('success', (new CompaniesTransformer)->transformCompany($company), trans('admin/companies/message.create.success')));
        }
@@ -104,15 +106,16 @@ class CompaniesController extends Controller
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
-    public function update(Request $request, $id)
+    public function update(ImageUploadRequest $request, $id)
    {
        $this->authorize('update', Company::class);
        $company = Company::findOrFail($id);
        $company->fill($request->all());
+        $company = $request->handleImages($company);

        if ($company->save()) {
            return response()
--- a/app/Http/Controllers/Api/ComponentsController.php
+++ b/app/Http/Controllers/Api/ComponentsController.php
@@ -8,6 +8,10 @@ use App\Http\Transformers\ComponentsTransformer;
 use App\Models\Company;
 use App\Models\Component;
 use Illuminate\Http\Request;
+use App\Http\Requests\ImageUploadRequest;
+use App\Events\CheckoutableCheckedIn;
+use App\Events\ComponentCheckedIn;
+use App\Models\Asset;

 class ComponentsController extends Controller
 {
@@ -22,8 +26,25 @@ class ComponentsController extends Controller
    public function index(Request $request)
    {
        $this->authorize('view', Component::class);
+
+        // This array is what determines which fields should be allowed to be sorted on ON the table itself, no relations
+        // Relations will be handled in query scopes a little further down.
+        $allowed_columns = 
+            [
+                'id',
+                'name',
+                'min_amt',
+                'order_number',
+                'serial',
+                'purchase_date',
+                'purchase_cost',
+                'qty',
+                'image',
+            ];
+
+
        $components = Company::scopeCompanyables(Component::select('components.*')
-            ->with('company', 'location', 'category'));
+            ->with('company', 'location', 'category', 'assets'));

        if ($request->filled('search')) {
            $components = $components->TextSearch($request->input('search'));
@@ -48,11 +69,12 @@ class ComponentsController extends Controller
        // Check to make sure the limit is not higher than the max allowed
        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');

-        $allowed_columns = ['id','name','min_amt','order_number','serial','purchase_date','purchase_cost','company','category','qty','location','image'];
+        
        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
-        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
+        $sort_override =  $request->input('sort');
+        $column_sort = in_array($sort_override, $allowed_columns) ? $sort_override : 'created_at';

-        switch ($sort) {
+        switch ($sort_override) {
            case 'category':
                $components = $components->OrderCategory($order);
                break;
@@ -63,7 +85,7 @@ class ComponentsController extends Controller
                $components = $components->OrderCompany($order);
                break;
            default:
-                $components = $components->orderBy($sort, $order);
+                $components = $components->orderBy($column_sort, $order);
                break;
        }

@@ -78,14 +100,15 @@ class ComponentsController extends Controller
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
     * @return \Illuminate\Http\Response
     */
-    public function store(Request $request)
+    public function store(ImageUploadRequest $request)
    {
        $this->authorize('create', Component::class);
        $component = new Component;
        $component->fill($request->all());
+        $component = $request->handleImages($component);

        if ($component->save()) {
            return response()->json(Helper::formatStandardApiResponse('success', $component, trans('admin/components/message.create.success')));
@@ -116,15 +139,17 @@ class ComponentsController extends Controller
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param   \App\Http\Requests\ImageUploadRequest  $request
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
-    public function update(Request $request, $id)
+    public function update(ImageUploadRequest $request, $id)
    {
        $this->authorize('update', Component::class);
        $component = Component::findOrFail($id);
        $component->fill($request->all());
+        $component = $request->handleImages($component);
+        

        if ($component->save()) {
            return response()->json(Helper::formatStandardApiResponse('success', $component, trans('admin/components/message.update.success')));
@@ -172,4 +197,119 @@ class ComponentsController extends Controller
        $assets = $assets->skip($offset)->take($limit)->get();
        return (new ComponentsTransformer)->transformCheckedoutComponents($assets, $total);
    }
+
+
+    /**
+     * Validate and checkout the component.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * t
+     * @since [v5.1.8]
+     * @param Request $request
+     * @param int $componentId
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function checkout(Request $request, $componentId)
+    {
+        // Check if the component exists
+        if (is_null($component = Component::find($componentId))) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/components/message.does_not_exist')));
+        }
+
+        $this->authorize('checkout', $component);
+
+
+        if ($component->numRemaining() >= $request->get('assigned_qty')) {
+
+            if (!$asset = Asset::find($request->input('assigned_to'))) {
+                return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/hardware/message.does_not_exist')));
+            }
+
+            // Update the accessory data
+            $component->assigned_to = $request->input('assigned_to');
+
+            $component->assets()->attach($component->id, [
+                'component_id' => $component->id,
+                'created_at' => \Carbon::now(),
+                'assigned_qty' => $request->get('assigned_qty', 1),
+                'user_id' => \Auth::id(),
+                'asset_id' => $request->get('assigned_to')
+            ]);
+
+            $component->logCheckout($request->input('note'), $asset);
+
+            return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/components/message.checkout.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, 'Not enough components remaining: '.$component->numRemaining().' remaining, '.$request->get('assigned_qty').' requested.'));
+    }
+
+    /**
+     * Validate and store checkin data.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v5.1.8]
+     * @param Request $request
+     * @param $component_asset_id
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function checkin(Request $request, $component_asset_id)
+    {
+        if ($component_assets = \DB::table('components_assets')->find($component_asset_id)) {
+
+            if (is_null($component = Component::find($component_assets->component_id))) {
+
+                return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/components/message.not_found')));
+            }
+
+            $this->authorize('checkin', $component);
+
+            $max_to_checkin = $component_assets->assigned_qty;
+
+            if ($max_to_checkin > 1) {
+                
+                $validator = \Validator::make($request->all(), [
+                    "checkin_qty" => "required|numeric|between:1,$max_to_checkin"
+                ]);
+    
+                if ($validator->fails()) {
+                    return response()->json(Helper::formatStandardApiResponse('error', null, 'Checkin quantity must be between 1 and '.$max_to_checkin));
+                }
+            }
+            
+
+            // Validation passed, so let's figure out what we have to do here.
+            $qty_remaining_in_checkout = ($component_assets->assigned_qty - (int)$request->input('checkin_qty', 1));
+
+            // We have to modify the record to reflect the new qty that's
+            // actually checked out.
+            $component_assets->assigned_qty = $qty_remaining_in_checkout;
+
+            \Log::debug($component_asset_id.' - '.$qty_remaining_in_checkout.' remaining in record '.$component_assets->id);
+            
+            \DB::table('components_assets')->where('id',
+                $component_asset_id)->update(['assigned_qty' => $qty_remaining_in_checkout]);
+
+            // If the checked-in qty is exactly the same as the assigned_qty,
+            // we can simply delete the associated components_assets record
+            if ($qty_remaining_in_checkout == 0) {
+                \DB::table('components_assets')->where('id', '=', $component_asset_id)->delete();
+            }
+            
+
+            $asset = Asset::find($component_assets->asset_id);
+
+            event(new CheckoutableCheckedIn($component, $asset, \Auth::user(), $request->input('note'), \Carbon::now()));
+
+            return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/components/message.checkin.success')));
+
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, 'No matching checkouts for that component join record'));
+
+    
+    }
+
 }
--- a/app/Http/Controllers/Api/ConsumablesController.php
+++ b/app/Http/Controllers/Api/ConsumablesController.php
@@ -10,6 +10,7 @@ use App\Models\Company;
 use App\Models\Consumable;
 use App\Models\User;
 use Illuminate\Http\Request;
+use App\Http\Requests\ImageUploadRequest;

 class ConsumablesController extends Controller
 {
@@ -24,6 +25,26 @@ class ConsumablesController extends Controller
    public function index(Request $request)
    {
        $this->authorize('index', Consumable::class);
+
+        // This array is what determines which fields should be allowed to be sorted on ON the table itself, no relations
+        // Relations will be handled in query scopes a little further down.
+        $allowed_columns = 
+            [
+                'id',
+                'name',
+                'order_number',
+                'min_amt',
+                'purchase_date',
+                'purchase_cost',
+                'company',
+                'category',
+                'model_number', 
+                'item_no', 
+                'qty',
+                'image',
+                ];
+
+
        $consumables = Company::scopeCompanyables(
            Consumable::select('consumables.*')
                ->with('company', 'location', 'category', 'users', 'manufacturer')
@@ -41,10 +62,18 @@ class ConsumablesController extends Controller
            $consumables->where('category_id','=',$request->input('category_id'));
        }

+        if ($request->filled('model_number')) {
+            $consumables->where('model_number','=',$request->input('model_number'));
+        }
+
        if ($request->filled('manufacturer_id')) {
            $consumables->where('manufacturer_id','=',$request->input('manufacturer_id'));
        }

+        if ($request->filled('location_id')) {
+            $consumables->where('location_id','=',$request->input('location_id'));
+        }
+

        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
        // case we override with the actual count, so we should return 0 items.
@@ -53,12 +82,14 @@ class ConsumablesController extends Controller
        // Check to make sure the limit is not higher than the max allowed
        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');

-        $allowed_columns = ['id','name','order_number','min_amt','purchase_date','purchase_cost','company','category','model_number', 'item_no', 'manufacturer','location','qty','image'];
+        
        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
-        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
+
+        $sort_override =  $request->input('sort');
+        $column_sort = in_array($sort_override, $allowed_columns) ? $sort_override : 'created_at';


-        switch ($sort) {
+        switch ($sort_override) {
            case 'category':
                $consumables = $consumables->OrderCategory($order);
                break;
@@ -72,7 +103,7 @@ class ConsumablesController extends Controller
                $consumables = $consumables->OrderCompany($order);
                break;
            default:
-                $consumables = $consumables->orderBy($sort, $order);
+                $consumables = $consumables->orderBy($column_sort, $order);
                break;
        }

@@ -90,14 +121,15 @@ class ConsumablesController extends Controller
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v4.0]
-     * @param  \Illuminate\Http\Request $request
+     * @param  \App\Http\Requests\ImageUploadRequest $request
     * @return \Illuminate\Http\Response
     */
-    public function store(Request $request)
+    public function store(ImageUploadRequest $request)
    {
        $this->authorize('create', Consumable::class);
        $consumable = new Consumable;
        $consumable->fill($request->all());
+        $consumable = $request->handleImages($consumable);

        if ($consumable->save()) {
            return response()->json(Helper::formatStandardApiResponse('success', $consumable, trans('admin/consumables/message.create.success')));
@@ -125,16 +157,17 @@ class ConsumablesController extends Controller
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v4.0]
-     * @param  \Illuminate\Http\Request $request
+     * @param  \App\Http\Requests\ImageUploadRequest $request
     * @param  int $id
     * @return \Illuminate\Http\Response
     */
-    public function update(Request $request, $id)
+    public function update(ImageUploadRequest $request, $id)
    {
        $this->authorize('update', Consumable::class);
        $consumable = Consumable::findOrFail($id);
        $consumable->fill($request->all());
-
+        $consumable = $request->handleImages($consumable);
+        
        if ($consumable->save()) {
            return response()->json(Helper::formatStandardApiResponse('success', $consumable, trans('admin/consumables/message.update.success')));
        }
--- a/app/Http/Controllers/Api/DepartmentsController.php
+++ b/app/Http/Controllers/Api/DepartmentsController.php
@@ -9,6 +9,7 @@ use App\Http\Transformers\SelectlistTransformer;
 use App\Models\Department;
 use Auth;
 use Illuminate\Http\Request;
+use App\Http\Requests\ImageUploadRequest;
 use Illuminate\Support\Facades\Storage;

 class DepartmentsController extends Controller
@@ -73,14 +74,16 @@ class DepartmentsController extends Controller
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
     * @return \Illuminate\Http\Response
     */
-    public function store(Request $request)
+    public function store(ImageUploadRequest $request)
    {
        $this->authorize('create', Department::class);
        $department = new Department;
        $department->fill($request->all());
+        $department = $request->handleImages($department);
+
        $department->user_id = Auth::user()->id;
        $department->manager_id = ($request->filled('manager_id' ) ? $request->input('manager_id') : null);

@@ -111,15 +114,16 @@ class DepartmentsController extends Controller
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v5.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
-    public function update(Request $request, $id)
+    public function update(ImageUploadRequest $request, $id)
    {
        $this->authorize('update', Department::class);
        $department = Department::findOrFail($id);
        $department->fill($request->all());
+        $department = $request->handleImages($department);

        if ($department->save()) {
            return response()->json(Helper::formatStandardApiResponse('success', $department, trans('admin/departments/message.update.success')));
--- a/app/Http/Controllers/Api/DepreciationsController.php
+++ b/app/Http/Controllers/Api/DepreciationsController.php
@@ -20,9 +20,9 @@ class DepreciationsController extends Controller
    public function index(Request $request)
    {
        $this->authorize('view', Depreciation::class);
-        $allowed_columns = ['id','name','months','created_at'];
+        $allowed_columns = ['id','name','months','depreciation_min','created_at'];

-        $depreciations = Depreciation::select('id','name','months','user_id','created_at','updated_at');
+        $depreciations = Depreciation::select('id','name','months','depreciation_min','user_id','created_at','updated_at');

        if ($request->filled('search')) {
            $depreciations = $depreciations->TextSearch($request->input('search'));
--- a/app/Http/Controllers/Api/LicenseSeatsController.php
+++ b/app/Http/Controllers/Api/LicenseSeatsController.php
@@ -17,6 +17,8 @@ class LicenseSeatsController extends Controller
    /**
     * Display a listing of the resource.
     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  int  $licenseId
     * @return \Illuminate\Http\Response
     */
    public function index(Request $request, $licenseId)
@@ -53,7 +55,8 @@ class LicenseSeatsController extends Controller
    /**
     * Display the specified resource.
     *
-     * @param  int  $id
+     * @param  int  $licenseId
+     * @param  int  $seatId
     * @return \Illuminate\Http\Response
     */
    public function show($licenseId, $seatId)
--- a/app/Http/Controllers/Api/LocationsController.php
+++ b/app/Http/Controllers/Api/LocationsController.php
@@ -3,6 +3,7 @@
 namespace App\Http\Controllers\Api;

 use Illuminate\Http\Request;
+use App\Http\Requests\ImageUploadRequest;
 use App\Http\Controllers\Controller;
 use App\Helpers\Helper;
 use App\Models\Location;
@@ -86,14 +87,15 @@ class LocationsController extends Controller
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
     * @return \Illuminate\Http\Response
     */
-    public function store(Request $request)
+    public function store(ImageUploadRequest $request)
    {
        $this->authorize('create', Location::class);
        $location = new Location;
        $location->fill($request->all());
+        $location = $request->handleImages($location);

        if ($location->save()) {
            return response()->json(Helper::formatStandardApiResponse('success', (new LocationsTransformer)->transformLocation($location), trans('admin/locations/message.create.success')));
@@ -141,17 +143,17 @@ class LocationsController extends Controller
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
     * @param  int  $id
     * @return \Illuminate\Http\JsonResponse
     */
-    public function update(Request $request, $id)
+    public function update(ImageUploadRequest $request, $id)
    {
        $this->authorize('update', Location::class);
        $location = Location::findOrFail($id);

        $location->fill($request->all());
-
+        $location = $request->handleImages($location);

        if ($location->isValid()) {

--- a/app/Http/Controllers/Api/ManufacturersController.php
+++ b/app/Http/Controllers/Api/ManufacturersController.php
@@ -8,6 +8,7 @@ use App\Http\Transformers\ManufacturersTransformer;
 use App\Http\Transformers\SelectlistTransformer;
 use App\Models\Manufacturer;
 use Illuminate\Http\Request;
+use App\Http\Requests\ImageUploadRequest;
 use Illuminate\Support\Facades\Storage;

 class ManufacturersController extends Controller
@@ -59,14 +60,15 @@ class ManufacturersController extends Controller
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest $request
     * @return \Illuminate\Http\Response
     */
-    public function store(Request $request)
+    public function store(ImageUploadRequest $request)
    {
        $this->authorize('create', Manufacturer::class);
        $manufacturer = new Manufacturer;
        $manufacturer->fill($request->all());
+        $manufacturer = $request->handleImages($manufacturer);

        if ($manufacturer->save()) {
            return response()->json(Helper::formatStandardApiResponse('success', $manufacturer, trans('admin/manufacturers/message.create.success')));
@@ -96,15 +98,16 @@ class ManufacturersController extends Controller
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
-    public function update(Request $request, $id)
+    public function update(ImageUploadRequest $request, $id)
    {
        $this->authorize('update', Manufacturer::class);
        $manufacturer = Manufacturer::findOrFail($id);
        $manufacturer->fill($request->all());
+        $manufacturer = $request->handleImages($manufacturer);

        if ($manufacturer->save()) {
            return response()->json(Helper::formatStandardApiResponse('success', $manufacturer, trans('admin/manufacturers/message.update.success')));
--- a/app/Http/Controllers/Api/SettingsController.php
+++ b/app/Http/Controllers/Api/SettingsController.php
@@ -17,6 +17,7 @@ use GuzzleHttp\Client;
 use Illuminate\Support\Facades\Storage;
 use Illuminate\Support\Facades\Validator;
 use App\Models\Ldap; // forward-port of v4 LDAP model for Sync
+use App\Http\Requests\SlackSettingsRequest;


 class SettingsController extends Controller
@@ -165,31 +166,41 @@ class SettingsController extends Controller
    public function slacktest(Request $request)
    {

-        $slack = new Client([
-            'base_url' => e($request->input('slack_endpoint')),
-            'defaults' => [
-                'exceptions' => false
-            ]
+        $validator = Validator::make($request->all(), [
+            'slack_endpoint'                      => 'url|required_with:slack_channel|starts_with:https://hooks.slack.com/|nullable',
+            'slack_channel'                       => 'required_with:slack_endpoint|starts_with:#|nullable',
        ]);

-
-        $payload = json_encode(
-            [
-                'channel'    => e($request->input('slack_channel')),
-                'text'       => trans('general.slack_test_msg'),
-                'username'    => e($request->input('slack_botname')),
-                'icon_emoji' => ':heart:'
-            ]);
-
-        try {
-            $slack->post($request->input('slack_endpoint'),['body' => $payload]);
-            return response()->json(['message' => 'Success'], 200);
-        } catch (\Exception $e) {
-            return response()->json(['message' => 'Oops! Please check the channel name and webhook endpoint URL. Slack responded with: '.$e->getMessage()], 400);
+        if ($validator->fails()) {
+            return response()->json(['message' => 'Validation failed', 'errors' => $validator->errors()], 422);
        }

-        return response()->json(['message' => 'Something went wrong :( '], 400);
+        // If validation passes, continue to the curl request
+            $slack = new Client([
+                'base_url' => e($request->input('slack_endpoint')),
+                'defaults' => [
+                    'exceptions' => false,
+                ],
+            ]);

+            $payload = json_encode(
+                [
+                    'channel'    => e($request->input('slack_channel')),
+                    'text'       => trans('general.slack_test_msg'),
+                    'username'    => e($request->input('slack_botname')),
+                    'icon_emoji' => ':heart:',
+                ]);
+
+            try {
+                $slack->post($request->input('slack_endpoint'), ['body' => $payload]);
+                return response()->json(['message' => 'Success'], 200);
+
+            } catch (\Exception $e) {
+                return response()->json(['message' => 'FARTS! Please check the channel name and webhook endpoint URL ('.$request->input('slack_endpoint').'). Slack responded with: '.$e->getMessage()], 400);
+            }
+        
+        //} 
+        return response()->json(['message' => 'Something went wrong :( '], 400);
    }


--- a/app/Http/Controllers/Api/StatuslabelsController.php
+++ b/app/Http/Controllers/Api/StatuslabelsController.php
@@ -22,7 +22,7 @@ class StatuslabelsController extends Controller
    public function index(Request $request)
    {
        $this->authorize('view', Statuslabel::class);
-        $allowed_columns = ['id','name','created_at', 'assets_count','color','default_label'];
+        $allowed_columns = ['id','name','created_at', 'assets_count','color', 'notes','default_label'];

        $statuslabels = Statuslabel::withCount('assets as assets_count');

@@ -71,6 +71,10 @@ class StatuslabelsController extends Controller
        $statuslabel->deployable        =  $statusType['deployable'];
        $statuslabel->pending           =  $statusType['pending'];
        $statuslabel->archived          =  $statusType['archived'];
+        $statuslabel->color             =  $request->input('color');
+        $statuslabel->show_in_nav       =  $request->input('show_in_nav', 0);
+        $statuslabel->default_label     =  $request->input('default_label', 0);
+

        if ($statuslabel->save()) {
            return response()->json(Helper::formatStandardApiResponse('success', $statuslabel, trans('admin/statuslabels/message.create.success')));
@@ -111,9 +115,7 @@ class StatuslabelsController extends Controller
        
        $request->except('deployable', 'pending','archived');

-        if (!$request->filled('type')) {
-            return response()->json(Helper::formatStandardApiResponse('error', null, 'Status label type is required.'));
-        }
+

        $statuslabel->fill($request->all());

@@ -121,6 +123,9 @@ class StatuslabelsController extends Controller
        $statuslabel->deployable        =  $statusType['deployable'];
        $statuslabel->pending           =  $statusType['pending'];
        $statuslabel->archived          =  $statusType['archived'];
+        $statuslabel->color             =  $request->input('color');
+        $statuslabel->show_in_nav       =  $request->input('show_in_nav');
+        $statuslabel->default_label     =  $request->input('default_label');

        if ($statuslabel->save()) {
            return response()->json(Helper::formatStandardApiResponse('success', $statuslabel, trans('admin/statuslabels/message.update.success')));
@@ -167,10 +172,7 @@ class StatuslabelsController extends Controller
    {
        $this->authorize('view', Statuslabel::class);

-        $statuslabels = Statuslabel::with('assets')
-            ->groupBy('id')
-            ->withCount('assets as assets_count')
-            ->get();
+        $statuslabels = Statuslabel::withCount('assets')->get();

        $labels=[];
        $points=[];
@@ -179,7 +181,6 @@ class StatuslabelsController extends Controller

        foreach ($statuslabels as $statuslabel) {
            if ($statuslabel->assets_count > 0) {
-
                $labels[]=$statuslabel->name. ' ('.number_format($statuslabel->assets_count).')';
                $points[]=$statuslabel->assets_count;

@@ -187,8 +188,8 @@ class StatuslabelsController extends Controller
                    $colors_array[] = $statuslabel->color;
                } else {
                    $colors_array[] = Helper::defaultChartColors($default_color_count);
-                    $default_color_count++;
                }
+                $default_color_count++;
            }
        }

--- a/app/Http/Controllers/Api/SuppliersController.php
+++ b/app/Http/Controllers/Api/SuppliersController.php
@@ -8,6 +8,7 @@ use App\Http\Transformers\SelectlistTransformer;
 use App\Http\Transformers\SuppliersTransformer;
 use App\Models\Supplier;
 use Illuminate\Http\Request;
+use App\Http\Requests\ImageUploadRequest;
 use Illuminate\Support\Facades\Storage;

 class SuppliersController extends Controller
@@ -55,14 +56,15 @@ class SuppliersController extends Controller
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
     * @return \Illuminate\Http\Response
     */
-    public function store(Request $request)
+    public function store(ImageUploadRequest $request)
    {
        $this->authorize('create', Supplier::class);
        $supplier = new Supplier;
        $supplier->fill($request->all());
+        $supplier = $request->handleImages($supplier);

        if ($supplier->save()) {
            return response()->json(Helper::formatStandardApiResponse('success', $supplier, trans('admin/suppliers/message.create.success')));
@@ -92,15 +94,16 @@ class SuppliersController extends Controller
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
-    public function update(Request $request, $id)
+    public function update(ImageUploadRequest $request, $id)
    {
        $this->authorize('update', Supplier::class);
        $supplier = Supplier::findOrFail($id);
        $supplier->fill($request->all());
+        $supplier = $request->handleImages($supplier);

        if ($supplier->save()) {
            return response()->json(Helper::formatStandardApiResponse('success', $supplier, trans('admin/suppliers/message.update.success')));
--- a/app/Http/Controllers/Api/UsersController.php
+++ b/app/Http/Controllers/Api/UsersController.php
@@ -16,6 +16,7 @@ use App\Models\License;
 use App\Models\User;
 use Auth;
 use Illuminate\Http\Request;
+use App\Http\Requests\ImageUploadRequest;
 use Illuminate\Support\Facades\Storage;

 class UsersController extends Controller
@@ -74,6 +75,10 @@ class UsersController extends Controller
            $users = $users->withTrashed();
        }

+        if ($request->filled('activated')) {
+            $users = $users->where('users.activated', '=', $request->input('activated'));
+        }
+
        if ($request->filled('company_id')) {
            $users = $users->where('users.company_id', '=', $request->input('company_id'));
        }
@@ -90,6 +95,30 @@ class UsersController extends Controller
            $users = $users->where('users.username', '=', $request->input('username'));
        }

+        if ($request->filled('first_name')) {
+            $users = $users->where('users.first_name', '=', $request->input('first_name'));
+        }
+
+        if ($request->filled('last_name')) {
+            $users = $users->where('users.last_name', '=', $request->input('last_name'));
+        }
+
+        if ($request->filled('employee_num')) {
+            $users = $users->where('users.employee_num', '=', $request->input('employee_num'));
+        }
+
+        if ($request->filled('state')) {
+            $users = $users->where('users.state', '=', $request->input('state'));
+        }
+
+        if ($request->filled('country')) {
+            $users = $users->where('users.country', '=', $request->input('country'));
+        }
+
+        if ($request->filled('zip')) {
+            $users = $users->where('users.zip', '=', $request->input('zip'));
+        }
+
        if ($request->filled('group_id')) {
            $users = $users->ByGroup($request->get('group_id'));
        }
@@ -98,6 +127,10 @@ class UsersController extends Controller
            $users = $users->where('users.department_id','=',$request->input('department_id'));
        }

+        if ($request->filled('manager_id')) {
+            $users = $users->where('users.manager_id','=',$request->input('manager_id'));
+        }
+
        if ($request->filled('search')) {
            $users = $users->TextSearch($request->input('search'));
        }
@@ -237,7 +270,8 @@ class UsersController extends Controller
        $tmp_pass = substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, 20);
        $user->password = bcrypt($request->get('password', $tmp_pass));

-
+        app('App\Http\Requests\ImageUploadRequest')->handleImages($user, 600, 'image', 'avatars', 'avatar');
+        
        if ($user->save()) {
            if ($request->filled('groups')) {
                $user->groups()->sync($request->input('groups'));
@@ -280,9 +314,15 @@ class UsersController extends Controller

        $user = User::findOrFail($id);

-        // This is a janky hack to prevent people from changing admin demo user data on the public demo.
-        // The $ids 1 and 2 are special since they are seeded as superadmins in the demo seeder.
-        // Thanks, jerks. You are why we can't have nice things. - snipe
+        /**
+         * This is a janky hack to prevent people from changing admin demo user data on the public demo.
+         * 
+         * The $ids 1 and 2 are special since they are seeded as superadmins in the demo seeder.
+         * 
+         *  Thanks, jerks. You are why we can't have nice things. - snipe
+         * 
+         */ 
+

        if ((($id == 1) || ($id == 2)) && (config('app.lock_passwords'))) {
            return response()->json(Helper::formatStandardApiResponse('error', null, 'Permission denied. You cannot update user information via API on the demo.'));
@@ -290,7 +330,7 @@ class UsersController extends Controller


        $user->fill($request->all());
-
+        
        if ($user->id == $request->input('manager_id')) {
            return response()->json(Helper::formatStandardApiResponse('error', null, 'You cannot be your own manager'));
        }
@@ -320,6 +360,9 @@ class UsersController extends Controller
        Asset::where('assigned_type', User::class)
            ->where('assigned_to', $user->id)->update(['location_id' => $request->input('location_id', null)]);

+        
+        app('App\Http\Requests\ImageUploadRequest')->handleImages($user, 600, 'image', 'avatars', 'avatar');
+          
        if ($user->save()) {

            // Sync group memberships:
@@ -397,12 +440,12 @@ class UsersController extends Controller
     * @param $userId
     * @return string JSON
     */
-    public function assets($id)
+    public function assets(Request $request, $id)
    {
        $this->authorize('view', User::class);
        $this->authorize('view', Asset::class);
        $assets = Asset::where('assigned_to', '=', $id)->where('assigned_type', '=', User::class)->with('model')->get();
-        return (new AssetsTransformer)->transformAssets($assets, $assets->count());
+        return (new AssetsTransformer)->transformAssets($assets, $assets->count(), $request);
    }

    /**
--- a/app/Http/Controllers/AssetMaintenancesController.php
+++ b/app/Http/Controllers/AssetMaintenancesController.php
@@ -100,7 +100,7 @@ class AssetMaintenancesController extends Controller
        $assetMaintenance = new AssetMaintenance();
        $assetMaintenance->supplier_id = $request->input('supplier_id');
        $assetMaintenance->is_warranty = $request->input('is_warranty');
-        $assetMaintenance->cost =  $request->input('cost');
+        $assetMaintenance->cost = Helper::ParseCurrency($request->input('cost'));
        $assetMaintenance->notes = $request->input('notes');
        $asset = Asset::find($request->input('asset_id'));

@@ -209,10 +209,10 @@ class AssetMaintenancesController extends Controller
            return static::getInsufficientPermissionsRedirect();
        }

-        $assetMaintenance->supplier_id = e($request->input('supplier_id'));
-        $assetMaintenance->is_warranty = e($request->input('is_warranty'));
-        $assetMaintenance->cost =  Helper::ParseFloat(e($request->input('cost')));
-        $assetMaintenance->notes = e($request->input('notes'));
+        $assetMaintenance->supplier_id = $request->input('supplier_id');
+        $assetMaintenance->is_warranty = $request->input('is_warranty');
+        $assetMaintenance->cost =  Helper::ParseCurrency($request->input('cost'));
+        $assetMaintenance->notes = $request->input('notes');

        $asset = Asset::find(request('asset_id'));

--- a/app/Http/Controllers/AssetModelsController.php
+++ b/app/Http/Controllers/AssetModelsController.php
@@ -269,6 +269,7 @@ class AssetModelsController extends Controller
    */
    public function getClone($modelId = null)
    {
+        $this->authorize('create', AssetModel::class);
        // Check if the model exists
        if (is_null($model_to_clone = AssetModel::find($modelId))) {
            return redirect()->route('models.index')->with('error', trans('admin/models/message.does_not_exist'));
--- a/app/Http/Controllers/Assets/AssetFilesController.php
+++ b/app/Http/Controllers/Assets/AssetFilesController.php
@@ -2,7 +2,6 @@

 namespace App\Http\Controllers\Assets;

-
 use App\Http\Controllers\Controller;
 use App\Http\Requests\AssetFileRequest;
 use App\Models\Actionlog;
@@ -10,6 +9,7 @@ use App\Models\Asset;
 use Illuminate\Support\Facades\Response;
 use Illuminate\Support\Facades\Storage;
 use App\Helpers\StorageHelper;
+use enshrined\svgSanitize\Sanitizer;

 class AssetFilesController extends Controller
 {
@@ -36,9 +36,29 @@ class AssetFilesController extends Controller
            if (!Storage::exists('private_uploads/assets')) Storage::makeDirectory('private_uploads/assets', 775);

            foreach ($request->file('file') as $file) {
+
                $extension = $file->getClientOriginalExtension();
                $file_name = 'hardware-'.$asset->id.'-'.str_random(8).'-'.str_slug(basename($file->getClientOriginalName(), '.'.$extension)).'.'.$extension;
-                Storage::put('private_uploads/assets/'.$file_name, file_get_contents($file));
+
+                // Check for SVG and sanitize it
+                if ($extension=='svg') {
+                    \Log::debug('This is an SVG');
+
+                        $sanitizer = new Sanitizer();
+                        $dirtySVG = file_get_contents($file->getRealPath());
+                        $cleanSVG = $sanitizer->sanitize($dirtySVG);
+
+                        try {
+                            Storage::put('private_uploads/assets/'.$file_name, $cleanSVG);
+                        } catch (\Exception $e) {
+                            \Log::debug('Upload no workie :( ');
+                            \Log::debug($e);
+                        }
+                } else {
+                    Storage::put('private_uploads/assets/'.$file_name, file_get_contents($file));
+                }
+               
+                
                $asset->logUpload($file_name, e($request->get('notes')));
            }
            return redirect()->back()->with('success', trans('admin/hardware/message.upload.success'));
@@ -110,20 +130,20 @@ class AssetFilesController extends Controller
    {
        $asset = Asset::find($assetId);
        $this->authorize('update', $asset);
-        $rel_path = 'storage/private_uploads/assets';
+        $rel_path = 'private_uploads/assets';

        // the asset is valid
        if (isset($asset->id)) {
            $this->authorize('update', $asset);
            $log = Actionlog::find($fileId);
            if ($log) {
-            if (file_exists(base_path().'/'.$rel_path.'/'.$log->filename)) {
-                Storage::disk('public')->delete($rel_path.'/'.$log->filename);
+                if (Storage::exists($rel_path.'/'.$log->filename)) {
+                    Storage::delete($rel_path.'/'.$log->filename);
                }
                $log->delete();
                return redirect()->back()->with('success', trans('admin/hardware/message.deletefile.success'));
            }
-            $log->delete();
+
            return redirect()->back()
                ->with('success', trans('admin/hardware/message.deletefile.success'));
        }
--- a/app/Http/Controllers/Assets/AssetsController.php
+++ b/app/Http/Controllers/Assets/AssetsController.php
@@ -138,7 +138,7 @@ class AssetsController extends Controller
            $asset->depreciate              = '0';
            $asset->status_id               = request('status_id', 0);
            $asset->warranty_months         = request('warranty_months', null);
-            $asset->purchase_cost           = Helper::ParseFloat($request->get('purchase_cost'));
+            $asset->purchase_cost           = Helper::ParseCurrency($request->get('purchase_cost'));
            $asset->purchase_date           = request('purchase_date', null);
            $asset->assigned_to             = request('assigned_to', null);
            $asset->supplier_id             = request('supplier_id', 0);
@@ -196,7 +196,7 @@ class AssetsController extends Controller
                }

                if (isset($target)) {
-                    $asset->checkOut($target, Auth::user(), date('Y-m-d H:i:s'), $request->input('expected_checkin', null), 'Checked out on asset creation', e($request->get('name')), $location);
+                    $asset->checkOut($target, Auth::user(), date('Y-m-d H:i:s'), $request->input('expected_checkin', null), 'Checked out on asset creation', $request->get('name'), $location);
                }

                $success = true;
@@ -302,7 +302,7 @@ class AssetsController extends Controller

        $asset->status_id = $request->input('status_id', null);
        $asset->warranty_months = $request->input('warranty_months', null);
-        $asset->purchase_cost = Helper::ParseFloat($request->input('purchase_cost', null));
+        $asset->purchase_cost = Helper::ParseCurrency($request->input('purchase_cost', null));
        $asset->purchase_date = $request->input('purchase_date', null);
        $asset->supplier_id = $request->input('supplier_id', null);
        $asset->expected_checkin = $request->input('expected_checkin', null);
@@ -813,7 +813,7 @@ class AssetsController extends Controller
        $asset->unsetEventDispatcher();

        $asset->next_audit_date = $request->input('next_audit_date');
-        $asset->last_audit_date = date('Y-m-d h:i:s');
+        $asset->last_audit_date = date('Y-m-d H:i:s');

        // Check to see if they checked the box to update the physical location,
        // not just note it in the audit notes
--- a/app/Http/Controllers/Assets/BulkAssetsController.php
+++ b/app/Http/Controllers/Assets/BulkAssetsController.php
@@ -32,7 +32,8 @@ class BulkAssetsController extends Controller
            return redirect()->back()->with('error', 'No assets selected');
        }

-        $asset_ids = array_keys($request->input('ids'));
+        
+        $asset_ids = array_values(array_unique($request->input('ids')));

        if ($request->filled('bulk_actions')) {
            switch($request->input('bulk_actions')) {
@@ -50,7 +51,7 @@ class BulkAssetsController extends Controller
                    return view('hardware/bulk-delete')->with('assets', $assets);
                case 'edit':
                    return view('hardware/bulk')
-                        ->with('assets', request('ids'))
+                        ->with('assets', $asset_ids)
                        ->with('statuslabel_list', Helper::statusLabelList());
            }
        }
@@ -90,6 +91,7 @@ class BulkAssetsController extends Controller
            || ($request->filled('model_id'))
        ) {
            foreach ($assets as $assetId) {
+
                $this->update_array = [];

                $this->conditionallyAddItem('purchase_date')
@@ -102,7 +104,7 @@ class BulkAssetsController extends Controller
                    ->conditionallyAddItem('warranty_months');

                if ($request->filled('purchase_cost')) {
-                    $this->update_array['purchase_cost'] =  Helper::ParseFloat($request->input('purchase_cost'));
+                    $this->update_array['purchase_cost'] =  Helper::ParseCurrency($request->input('purchase_cost'));
                }

                if ($request->filled('company_id')) {
--- a/app/Http/Controllers/Auth/ForgotPasswordController.php
+++ b/app/Http/Controllers/Auth/ForgotPasswordController.php
@@ -29,6 +29,7 @@ class ForgotPasswordController extends Controller
    public function __construct()
    {
        $this->middleware('guest');
+        $this->middleware('throttle:5,1', ['except' => 'showLinkRequestForm']);
    }

    /**
@@ -61,7 +62,7 @@ class ForgotPasswordController extends Controller
        $request->validate([
            'username' => ['required', 'max:255'],
        ]);
-        
+


        /**
@@ -71,13 +72,21 @@ class ForgotPasswordController extends Controller
         * Once we have attempted to send the link, we will examine the response
         * then see the message we need to show to the user. Finally, we'll send out a proper response.
         */
-        $response = $this->broker()->sendResetLink(
-            array_merge(
-                $request->only('username'),
-                ['activated' => '1'],
-                ['ldap_import' => '0']
-            )
-        );
+        
+        $response = null;
+
+        try {
+            $response = $this->broker()->sendResetLink(
+                array_merge(
+                    $request->only('username'),
+                    ['activated' => '1'],
+                    ['ldap_import' => '0']
+                )
+            );
+        } catch(\Exception $e) {
+            \Log::info('Password reset attempt: User '.$request->input('username').'failed with exception: '.$e );
+        }
+

        if ($response === \Password::RESET_LINK_SENT) {
            \Log::info('Password reset attempt: User '.$request->input('username').' WAS found, password reset sent');
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@@ -108,7 +108,7 @@ class LoginController extends Controller
                Log::debug("Attempting to log user in by SAML authentication.");
                $user = $saml->samlLogin($samlData);
                if(!is_null($user)) {
-                    Auth::login($user, true);
+                    Auth::login($user);
                } else {
                    $username = $saml->getUsername();
                    \Log::warning("SAML user '$username' could not be found in database.");
@@ -183,7 +183,7 @@ class LoginController extends Controller
            try {
                $user = User::where('username', '=', $remote_user)->whereNull('deleted_at')->where('activated', '=', '1')->first();
                Log::debug("Remote user auth lookup complete");
-                if(!is_null($user)) Auth::login($user, true);
+                if(!is_null($user)) Auth::login($user, $request->input('remember'));
            } catch(Exception $e) {
                Log::debug("There was an error authenticating the Remote user: " . $e->getMessage());
            }
@@ -223,7 +223,7 @@ class LoginController extends Controller
            try {
                LOG::debug("Attempting to log user in by LDAP authentication.");
                $user = $this->loginViaLdap($request);
-                Auth::login($user, true);
+                Auth::login($user, $request->input('remember'));

            // If the user was unable to login via LDAP, log the error and let them fall through to
            // local authentication.
--- a/app/Http/Controllers/Components/ComponentsController.php
+++ b/app/Http/Controllers/Components/ComponentsController.php
@@ -5,6 +5,7 @@ use App\Http\Controllers\Controller;
 use App\Http\Requests\ImageUploadRequest;
 use App\Models\Company;
 use App\Models\Component;
+use App\Helpers\Helper;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Input;
 use Illuminate\Support\Facades\Storage;
@@ -74,7 +75,7 @@ class ComponentsController extends Controller
        $component->min_amt                = $request->input('min_amt', null);
        $component->serial                 = $request->input('serial', null);
        $component->purchase_date          = $request->input('purchase_date', null);
-        $component->purchase_cost          = $request->input('purchase_cost', null);
+        $component->purchase_cost          = Helper::ParseCurrency($request->input('purchase_cost', null));
        $component->qty                    = $request->input('qty');
        $component->user_id                = Auth::id();

@@ -144,7 +145,7 @@ class ComponentsController extends Controller
        $component->min_amt                = $request->input('min_amt');
        $component->serial                 = $request->input('serial');
        $component->purchase_date          = $request->input('purchase_date');
-        $component->purchase_cost          = request('purchase_cost');
+        $component->purchase_cost          = Helper::ParseCurrency(request('purchase_cost'));
        $component->qty                    = $request->input('qty');

        $component = $request->handleImages($component);
--- a/app/Http/Controllers/Consumables/ConsumablesController.php
+++ b/app/Http/Controllers/Consumables/ConsumablesController.php
@@ -75,7 +75,7 @@ class ConsumablesController extends Controller
        $consumable->model_number           = $request->input('model_number');
        $consumable->item_no                = $request->input('item_no');
        $consumable->purchase_date          = $request->input('purchase_date');
-        $consumable->purchase_cost          = Helper::ParseFloat($request->input('purchase_cost'));
+        $consumable->purchase_cost          = Helper::ParseCurrency($request->input('purchase_cost'));
        $consumable->qty                    = $request->input('qty');
        $consumable->user_id                = Auth::id();

@@ -141,7 +141,7 @@ class ConsumablesController extends Controller
        $consumable->model_number           = $request->input('model_number');
        $consumable->item_no                = $request->input('item_no');
        $consumable->purchase_date          = $request->input('purchase_date');
-        $consumable->purchase_cost          = Helper::ParseFloat($request->input('purchase_cost'));
+        $consumable->purchase_cost          = Helper::ParseCurrency($request->input('purchase_cost'));
        $consumable->qty                    = Helper::ParseFloat($request->input('qty'));

        $consumable = $request->handleImages($consumable);
--- a/app/Http/Controllers/CustomFieldsController.php
+++ b/app/Http/Controllers/CustomFieldsController.php
@@ -92,7 +92,7 @@ class CustomFieldsController extends Controller
        $this->authorize('create', CustomField::class);

        $field = new CustomField([
-            "name" => $request->get("name"),
+            "name" => trim($request->get("name")),
            "element" => $request->get("element"),
            "help_text" => $request->get("help_text"),
            "field_values" => $request->get("field_values"),
@@ -212,7 +212,7 @@ class CustomFieldsController extends Controller
 
        $this->authorize('update', $field);

-        $field->name          = e($request->get("name"));
+        $field->name          = trim(e($request->get("name")));
        $field->element       = e($request->get("element"));
        $field->field_values  = e($request->get("field_values"));
        $field->user_id       = Auth::id();
--- a/app/Http/Controllers/DepreciationsController.php
+++ b/app/Http/Controllers/DepreciationsController.php
@@ -69,6 +69,7 @@ class DepreciationsController extends Controller
        // Depreciation data
        $depreciation->name             = $request->input('name');
        $depreciation->months           = $request->input('months');
+        $depreciation->depreciation_min= $request->input('depreciation_min');
        $depreciation->user_id          = Auth::id();

        // Was the asset created?
@@ -125,8 +126,9 @@ class DepreciationsController extends Controller
        $this->authorize('update', $depreciation);

        // Depreciation data
-        $depreciation->name      = $request->input('name');
-        $depreciation->months    = $request->input('months');
+        $depreciation->name             = $request->input('name');
+        $depreciation->months           = $request->input('months');
+        $depreciation->depreciation_min = $request->input('depreciation_min');

        // Was the asset created?
        if ($depreciation->save()) {
--- a/app/Http/Controllers/Licenses/LicenseCheckinController.php
+++ b/app/Http/Controllers/Licenses/LicenseCheckinController.php
@@ -7,6 +7,7 @@ use App\Http\Controllers\Controller;
 use App\Models\License;
 use App\Models\LicenseSeat;
 use App\Models\User;
+use App\Models\Asset;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Input;
@@ -80,7 +81,12 @@ class LicenseCheckinController extends Controller
            // Ooops.. something went wrong
            return redirect()->back()->withInput()->withErrors($validator);
        }
-        $return_to = User::find($licenseSeat->assigned_to);
+
+        if($licenseSeat->assigned_to != null){
+            $return_to = User::find($licenseSeat->assigned_to);
+        } else {
+            $return_to = Asset::find($licenseSeat->asset_id);
+        }

        // Update the asset data
        $licenseSeat->assigned_to                   = null;
@@ -88,7 +94,6 @@ class LicenseCheckinController extends Controller

        // Was the asset updated?
        if ($licenseSeat->save()) {
-
            event(new CheckoutableCheckedIn($licenseSeat, $return_to, Auth::user(), $request->input('note')));

            if ($backTo=='user') {
--- a/app/Http/Controllers/Licenses/LicenseFilesController.php
+++ b/app/Http/Controllers/Licenses/LicenseFilesController.php
@@ -6,11 +6,11 @@ use App\Http\Controllers\Controller;
 use App\Http\Requests\AssetFileRequest;
 use App\Models\Actionlog;
 use App\Models\License;
-use Illuminate\Support\Facades\Input;
 use Illuminate\Support\Facades\Response;
 use Illuminate\Support\Facades\Storage;
 use Symfony\Component\HttpFoundation\JsonResponse;
 use App\Helpers\StorageHelper;
+use enshrined\svgSanitize\Sanitizer;

 class LicenseFilesController extends Controller
 {
@@ -37,28 +37,39 @@ class LicenseFilesController extends Controller

                if (!Storage::exists('private_uploads/licenses')) Storage::makeDirectory('private_uploads/licenses', 775);

-                $upload_success = false;
                foreach ($request->file('file') as $file) {

-
-                    $file_name = 'license-'.$license->id.'-'.str_random(8).'-'.str_slug(basename($file->getClientOriginalName(), '.'.$file->getClientOriginalExtension())).'.'.$file->getClientOriginalExtension();
+                    $extension = $file->getClientOriginalExtension();
+                    $file_name = 'license-'.$license->id.'-'.str_random(8).'-'.str_slug(basename($file->getClientOriginalName(), '.'.$extension)).'.'.$extension;


-                    $upload_success = $file->storeAs('private_uploads/licenses', $file_name);
-                    // $upload_success = $file->storeAs('private_uploads/licenses/'.$file_name, $file);
+                        // Check for SVG and sanitize it
+                        if ($extension == 'svg') {
+                            \Log::debug('This is an SVG');
+                            \Log::debug($file_name);
+
+                                $sanitizer = new Sanitizer();
+                                $dirtySVG = file_get_contents($file->getRealPath());
+                                $cleanSVG = $sanitizer->sanitize($dirtySVG);
+
+                                try {
+                                    Storage::put('private_uploads/licenses/'.$file_name, $cleanSVG);
+                                } catch (\Exception $e) {
+                                    \Log::debug('Upload no workie :( ');
+                                    \Log::debug($e);
+                                }
+
+                        } else {
+                            Storage::put('private_uploads/licenses/'.$file_name, file_get_contents($file));
+                        }

                    //Log the upload to the log
                    $license->logUpload($file_name, e($request->input('notes')));
                }

-                // This being called from a modal seems to confuse redirect()->back()
-                // It thinks we should go to the dashboard.  As this is only used
-                // from the modal at present, hardcode the redirect.  Longterm
-                // maybe we evaluate something else.
-                if ($upload_success) {
+
                    return redirect()->route('licenses.show', $license->id)->with('success', trans('admin/licenses/message.upload.success'));
-                }
-                return redirect()->route('licenses.show', $license->id)->with('error', trans('admin/licenses/message.upload.error'));
+                
            }
            return redirect()->route('licenses.show', $license->id)->with('error', trans('admin/licenses/message.upload.nofiles'));
        }
--- a/app/Http/Controllers/Licenses/LicensesController.php
+++ b/app/Http/Controllers/Licenses/LicensesController.php
@@ -88,7 +88,7 @@ class LicensesController extends Controller
        $license->name              = $request->input('name');
        $license->notes             = $request->input('notes');
        $license->order_number      = $request->input('order_number');
-        $license->purchase_cost     = $request->input('purchase_cost');
+        $license->purchase_cost     = Helper::ParseCurrency($request->input('purchase_cost'));
        $license->purchase_date     = $request->input('purchase_date');
        $license->purchase_order    = $request->input('purchase_order');
        $license->purchase_order    = $request->input('purchase_order');
@@ -165,7 +165,7 @@ class LicensesController extends Controller
        $license->name              = $request->input('name');
        $license->notes             = $request->input('notes');
        $license->order_number      = $request->input('order_number');
-        $license->purchase_cost     = $request->input('purchase_cost');
+        $license->purchase_cost     = Helper::ParseCurrency($request->input('purchase_cost'));
        $license->purchase_date     = $request->input('purchase_date');
        $license->purchase_order    = $request->input('purchase_order');
        $license->reassignable      = $request->input('reassignable', 0);
--- a/app/Http/Controllers/LocationsController.php
+++ b/app/Http/Controllers/LocationsController.php
@@ -6,6 +6,7 @@ use App\Http\Requests\ImageUploadRequest;
 use App\Models\Location;
 use App\Models\User;
 use Illuminate\Support\Facades\Auth;
+use App\Models\Asset;
 use Illuminate\Support\Facades\Storage;

 /**
--- a/app/Http/Controllers/ReportsController.php
+++ b/app/Http/Controllers/ReportsController.php
@@ -102,11 +102,7 @@ class ReportsController extends Controller
    {
        $this->authorize('reports.view');
        $depreciations = Depreciation::get();
-        // Grab all the assets
-        $assets = Asset::with( 'assignedTo', 'assetstatus', 'defaultLoc', 'location', 'company', 'model.category', 'model.depreciation')
-                       ->orderBy('created_at', 'DESC')->get();
-
-        return view('reports/depreciation', compact('assets'))->with('depreciations',$depreciations);
+        return view('reports/depreciation')->with('depreciations',$depreciations);
    }

    /**
@@ -563,7 +559,7 @@ class ReportsController extends Controller


            foreach ($customfields as $customfield) {
-                if (e($request->input($customfield->db_column_name())) == '1') {
+                if ($request->input($customfield->db_column_name()) == '1') {
                    $header[] = $customfield->name;
                }
            }
@@ -641,7 +637,7 @@ class ReportsController extends Controller
                $assets->whereBetween('assets.next_audit_date', [$request->input('next_audit_start'), $request->input('next_audit_end')]);
            }
            
-            $assets->orderBy('assets.created_at', 'ASC')->chunk(20, function($assets) use($handle, $customfields, $request) {
+            $assets->orderBy('assets.id', 'ASC')->chunk(20, function($assets) use($handle, $customfields, $request) {

                $executionTime = microtime(true) - $_SERVER["REQUEST_TIME_FLOAT"];
                \Log::debug('Walking results: '.$executionTime);
--- a/app/Http/Controllers/SettingsController.php
+++ b/app/Http/Controllers/SettingsController.php
@@ -22,6 +22,7 @@ use Input;
 use Redirect;
 use Response;
 use App\Helpers\StorageHelper;
+use App\Http\Requests\SlackSettingsRequest;

 /**
 * This controller handles all actions related to Settings for
@@ -667,25 +668,12 @@ class SettingsController extends Controller
     *
     * @return View
     */
-    public function postSlack(Request $request)
+    public function postSlack(SlackSettingsRequest $request)
    {
        if (is_null($setting = Setting::getSettings())) {
            return redirect()->to('admin')->with('error', trans('admin/settings/message.update.error'));
        }

-        $validatedData = $request->validate([
-            'slack_channel'   => 'regex:/(?<!\w)#\w+/|required_with:slack_endpoint|nullable',
-        ]);
-
-
-        if ($validatedData) {
-
-            $setting->slack_endpoint = $request->input('slack_endpoint');
-            $setting->slack_channel = $request->input('slack_channel');
-            $setting->slack_botname = $request->input('slack_botname');
-
-        }
-
        if ($setting->save()) {
            return redirect()->route('settings.index')
                ->with('success', trans('admin/settings/message.update.success'));
@@ -947,10 +935,14 @@ class SettingsController extends Controller
            $setting->ldap_jobtitle          = $request->input('ldap_jobtitle');
            $setting->ldap_country           = $request->input('ldap_country');
            $setting->ldap_dept              = $request->input('ldap_dept');
+            $setting->ldap_client_tls_cert   = $request->input('ldap_client_tls_cert');
+            $setting->ldap_client_tls_key    = $request->input('ldap_client_tls_key');
+

        }

        if ($setting->save()) {
+            $setting->update_client_side_cert_files();
            return redirect()->route('settings.ldap.index')
                ->with('success', trans('admin/settings/message.update.success'));
        }
--- a/app/Http/Controllers/Users/UserFilesController.php
+++ b/app/Http/Controllers/Users/UserFilesController.php
@@ -10,6 +10,8 @@ use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Input;
 use Illuminate\Support\Facades\Response;
 use Symfony\Component\HttpFoundation\JsonResponse;
+use enshrined\svgSanitize\Sanitizer;
+use Illuminate\Support\Facades\Storage;

 class UserFilesController extends Controller
 {
@@ -33,13 +35,36 @@ class UserFilesController extends Controller

            $logActions = [];
            $files = $request->file('file');
+
+            if (is_null($files)){
+                return redirect()->back()->with('error', trans('admin/users/message.upload.nofiles'));
+            }
            foreach($files as $file) {
+                
                $extension = $file->getClientOriginalExtension();
-                $filename = 'user-' . $user->id . '-' . str_random(8);
-                $filename .= '-' . str_slug($file->getClientOriginalName()) . '.' . $extension;
-                if (!$file->move($destinationPath, $filename)) {
-                    return redirect()->back()->with('error', trans('admin/users/message.upload.invalidfiles'));
-                }
+                $file_name = 'user-'.$user->id.'-'.str_random(8).'-'.str_slug(basename($file->getClientOriginalName(), '.'.$extension)).'.'.$extension;
+
+
+                    // Check for SVG and sanitize it
+                    if ($extension == 'svg') {
+                        \Log::debug('This is an SVG');
+                        \Log::debug($file_name);
+
+                            $sanitizer = new Sanitizer();
+                            $dirtySVG = file_get_contents($file->getRealPath());
+                            $cleanSVG = $sanitizer->sanitize($dirtySVG);
+
+                            try {
+                                Storage::put('private_uploads/users/'.$file_name, $cleanSVG);
+                            } catch (\Exception $e) {
+                                \Log::debug('Upload no workie :( ');
+                                \Log::debug($e);
+                            }
+
+                    } else {
+                        Storage::put('private_uploads/users/'.$file_name, file_get_contents($file));
+                    }
+
                //Log the uploaded file to the log
                $logAction = new Actionlog();
                $logAction->item_id = $user->id;
@@ -48,7 +73,7 @@ class UserFilesController extends Controller
                $logAction->note = $request->input('notes');
                $logAction->target_id = null;
                $logAction->created_at = date("Y-m-d H:i:s");
-                $logAction->filename = $filename;
+                $logAction->filename = $file_name;
                $logAction->action_type = 'uploaded';

                if (!$logAction->save()) {
--- a/app/Http/Controllers/Users/UsersController.php
+++ b/app/Http/Controllers/Users/UsersController.php
@@ -15,6 +15,7 @@ use App\Models\User;
 use App\Notifications\WelcomeNotification;
 use Auth;
 use Illuminate\Database\Eloquent\ModelNotFoundException;
+use Illuminate\Support\Facades\Password;
 use Input;
 use Redirect;
 use Str;
@@ -617,4 +618,31 @@ class UsersController extends Controller
            ->with('show_user', $show_user)
            ->with('settings', Setting::getSettings());
    }
+
+
+    /**
+     * Send individual password reset email
+     *
+     * @author A. Gianotto
+     * @since [v5.0.15]
+     * @return \Illuminate\Http\RedirectResponse
+     */
+    public function sendPasswordReset($id) {
+
+        if (($user = User::find($id)) &&  ($user->activated == '1') && ($user->email!='') && ($user->ldap_import == '0')) {
+            $credentials = ['email' => $user->email];
+
+            try {
+                \Password::sendResetLink($credentials, function (Message $message) use ($user) {
+                    $message->subject($this->getEmailSubject());
+                });
+                return redirect()->back()->with('success', trans('admin/users/message.password_reset_sent', ['email' => $user->email]));
+
+            } catch (\Exception $e) {
+                return redirect()->back()->with('error', ' Error sending email. :( ');
+            }
+
+        }
+        return redirect()->back()->with('error', 'User is not activated, is LDAP synced, or does not have an email address ');
+    }
 }
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -23,6 +23,7 @@ class Kernel extends HttpKernel
        \App\Http\Middleware\CheckForDebug::class,
        \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
        \App\Http\Middleware\SecurityHeaders::class,
+        \App\Http\Middleware\PreventBackHistory::class,

    ];

--- a/app/Http/Middleware/PreventBackHistory.php
+++ b/app/Http/Middleware/PreventBackHistory.php
@@ -0,0 +1,30 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+
+class PreventBackHistory
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        $headers = [
+            'Cache-Control' => 'no-cache, no-store, max-age=0, must-revalidate',
+            'Pragma'        => 'no-cache',
+            'Expires'       => 'Sun, 02 Jan 1990 00:00:00 GMT'
+        ];
+        $response = $next($request);
+        foreach($headers as $key => $value) {
+            $response->headers->set($key, $value);
+        }
+
+        return $response;
+    }
+}
--- a/app/Http/Middleware/SecurityHeaders.php
+++ b/app/Http/Middleware/SecurityHeaders.php
@@ -99,7 +99,7 @@ class SecurityHeaders
        // We have to exclude debug mode here because debugbar pulls from a CDN or two
        // and it will break things.

-        if ((config('app.debug')!='true')  || (config('app.enable_csp')=='true')) {
+        if ((config('app.debug')!='true')  && (config('app.enable_csp')=='true')) {
            $csp_policy[] = "default-src 'self'";
            $csp_policy[] = "style-src 'self' 'unsafe-inline'";
            $csp_policy[] = "script-src 'self' 'unsafe-inline' 'unsafe-eval'";
--- a/app/Http/Requests/AssetFileRequest.php
+++ b/app/Http/Requests/AssetFileRequest.php
@@ -24,7 +24,7 @@ class AssetFileRequest extends Request
    {
        $max_file_size = \App\Helpers\Helper::file_upload_max_size();
        return [
-          'file.*' => 'required|mimes:png,gif,jpg,svg,jpeg,doc,docx,pdf,txt,zip,rar,xls,xlsx,lic,xml,rtf|max:'.$max_file_size,
+          'file.*' => 'required|mimes:png,gif,jpg,svg,jpeg,doc,docx,pdf,txt,zip,rar,xls,xlsx,lic,xml,rtf,webp|max:'.$max_file_size,
        ];
    }
 }
--- a/app/Http/Requests/ImageUploadRequest.php
+++ b/app/Http/Requests/ImageUploadRequest.php
@@ -5,10 +5,14 @@ namespace App\Http\Requests;
 use App\Models\SnipeModel;
 use Intervention\Image\Facades\Image;
 use enshrined\svgSanitize\Sanitizer;
+use App\Http\Traits\ConvertsBase64ToFiles;
+use Illuminate\Http\UploadedFile;
 use Storage;

 class ImageUploadRequest extends Request
 {
+    use ConvertsBase64ToFiles;
+
    /**
     * Determine if the user is authorized to make this request.
     *
@@ -26,16 +30,32 @@ class ImageUploadRequest extends Request
     */
    public function rules()
    {
-        return [
-            'image' => 'mimes:png,gif,jpg,jpeg,svg,bmp,svg+xml,webp',
-            'avatar' => 'mimes:png,gif,jpg,jpeg,svg,bmp,svg+xml',
-        ];
+       
+            return [
+                'image' => 'mimes:png,gif,jpg,jpeg,svg,bmp,svg+xml,webp',
+                'avatar' => 'mimes:png,gif,jpg,jpeg,svg,bmp,svg+xml,webp',
+            ];
    }

    public function response(array $errors)
    {
        return $this->redirector->back()->withInput()->withErrors($errors, $this->errorBag);
    }
+    
+    /** 
+     * Fields that should be traited from base64 to files
+     */
+    protected function base64FileKeys(): array
+    {
+        /**
+         * image_source is here just legacy reasons. Api\AssetController
+         * had it once to allow encoded image uploads.
+        */ 
+        return [
+            'image' => 'auto',
+            'image_source' => 'auto'
+        ];
+    }

    /**
     * Handle and store any images attached to request
@@ -77,14 +97,22 @@ class ImageUploadRequest extends Request
        \Log::debug('Form fieldname is: '.$form_fieldname);
        \Log::debug('DB fieldname is: '.$use_db_field);
        \Log::debug('Trying to upload to '. $path);
+        
+        // ConvertBase64ToFiles just changes object type, 
+        // as it cannot currently insert files to $this->files
+        if ($this->offsetGet($form_fieldname) instanceof UploadedFile) {
+           $image=$this->offsetGet($form_fieldname);
+        } else {
+            if ($this->hasFile($form_fieldname)) {
+                $image = $this->file($form_fieldname);
+            }
+        }

-        \Log::debug($this->file());
-
-        if ($this->hasFile($form_fieldname)) {
+        if (isset($image)) {
+            \Log::debug($image);

            if (!config('app.lock_passwords')) {

-                $image = $this->file($form_fieldname);
                $ext = $image->getClientOriginalExtension();
                $file_name = $type.'-'.$form_fieldname.'-'.str_random(10).'.'.$ext;

@@ -165,4 +193,5 @@ class ImageUploadRequest extends Request

        return $item;
    }
+    
 }
--- a/app/Http/Requests/SlackSettingsRequest.php
+++ b/app/Http/Requests/SlackSettingsRequest.php
@@ -0,0 +1,33 @@
+<?php
+
+namespace App\Http\Requests;
+
+class SlackSettingsRequest extends Request
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     *
+     * @return bool
+     */
+    public function authorize()
+    {
+        return true;
+    }
+
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array
+     */
+    public function rules()
+    {
+        return [
+            'slack_endpoint'                      => 'url|required_with:slack_channel|starts_with:"https://hooks.slack.com"|nullable',
+            'slack_channel'                       => 'required_with:slack_endpoint|starts_with:#|nullable',
+            'slack_botname'                       => 'string|nullable',
+
+        ];
+    }
+
+
+}
--- a/app/Http/Traits/ConvertsBase64ToFiles.php
+++ b/app/Http/Traits/ConvertsBase64ToFiles.php
@@ -0,0 +1,80 @@
+<?php
+
+namespace App\Http\Traits;
+
+use Illuminate\Http\UploadedFile;
+use Illuminate\Support\Arr;
+use Illuminate\Support\Collection;
+use Illuminate\Support\Str;
+
+trait ConvertsBase64ToFiles
+{
+    protected function base64FileKeys(): array
+    {
+        return [];
+    }
+
+    /**
+     * Pulls the Base64 contents for each file key and creates
+     * an UploadedFile instance from it and sets it on the
+     * request.
+     *
+     * @return void
+     */
+    protected function prepareForValidation()
+    {
+        $flattened = Arr::dot($this->base64FileKeys());
+
+        Collection::make($flattened)->each(function ($filename, $key) {
+            rescue(function () use ($key, $filename) {
+                // dont process plain files
+                if ( $this->file($key)){
+                    return;
+                }
+
+                $base64Contents = $this->input($key);
+
+                if (!$base64Contents) {
+                    return;
+                }
+                
+                // autogenerate filenames
+                if ($filename == 'auto'){
+                    $header = explode(';', $base64Contents, 2)[0];
+                    // Grab the image type from the header while we're at it.
+                    $filename = $key . '.' . substr($header, strpos($header, '/')+1);
+                }
+
+                // Generate a temporary path to store the Base64 contents
+                $tempFilePath = tempnam(sys_get_temp_dir(), $filename);
+
+                // Store the contents using a stream, or by decoding manually
+                if (Str::startsWith($base64Contents, 'data:') && count(explode(',', $base64Contents)) > 1) {
+                    $source = fopen($base64Contents, 'r');
+                    $destination = fopen($tempFilePath, 'w');
+
+                    stream_copy_to_stream($source, $destination);
+
+                    fclose($source);
+                    fclose($destination);
+                } else {
+                    file_put_contents($tempFilePath, base64_decode($base64Contents, true));
+                }
+
+                $uploadedFile = new UploadedFile($tempFilePath, $filename, null, null, true);
+
+                \Log::debug("Trait: uploadedfile ". $tempFilePath);
+                $this->offsetUnset($key);                                                                                                                                                                                                                                                                                                                                               
+                \Log::debug("Trait: encoded field \"$key\" removed" );
+                
+                //Inserting new file  to $this-files does not work so have to deal this after
+                $this->offsetSet($key,$uploadedFile);
+                \Log::debug("Trait:  field \"$key\" inserted as UplodedFile" );
+    
+            }, null, false);
+        });
+    }
+}
+/**
+ * Loosely based on idea https://github.com/protonemedia/laravel-mixins/tree/master/src/Request
+ * */
--- a/app/Http/Transformers/AccessoriesTransformer.php
+++ b/app/Http/Transformers/AccessoriesTransformer.php
@@ -82,7 +82,7 @@ class AccessoriesTransformer
                'first_name'=> e($user->first_name),
                'last_name'=> e($user->last_name),
                'employee_number' =>  e($user->employee_num),
-                'checkout_notes' => $user->pivot->note,
+                'checkout_notes' => e($user->pivot->note),
                'last_checkout' => Helper::getFormattedDateObject($user->pivot->created_at, 'datetime'),
                'type' => 'user',
                'available_actions' => ['checkin' => true]
--- a/app/Http/Transformers/ActionlogsTransformer.php
+++ b/app/Http/Transformers/ActionlogsTransformer.php
@@ -115,7 +115,7 @@ class ActionlogsTransformer
            'note'          => ($actionlog->note) ? e($actionlog->note): null,
            'signature_file'   => ($actionlog->accept_signature) ? route('log.signature.view', ['filename' => $actionlog->accept_signature ]) : null,
            'log_meta'          => ((isset($clean_meta)) && (is_array($clean_meta))) ? $clean_meta: null,
-            'action_date'   => ($actionlog->action_date) ? Helper::getFormattedDateObject($actionlog->action_date, 'datetime'): null,
+            'action_date'   => ($actionlog->action_date) ? Helper::getFormattedDateObject($actionlog->action_date, 'datetime'): Helper::getFormattedDateObject($actionlog->created_at, 'datetime'),

        ];

--- a/app/Http/Transformers/AssetsTransformer.php
+++ b/app/Http/Transformers/AssetsTransformer.php
@@ -93,15 +93,15 @@ class AssetsTransformer
                    $value = (Gate::allows('superadmin')) ? $decrypted : strtoupper(trans('admin/custom_fields/general.encrypted'));

                    $fields_array[$field->name] = [
-                            'field' => $field->convertUnicodeDbSlug(),
-                            'value' => $value,
+                            'field' => e($field->convertUnicodeDbSlug()),
+                            'value' => e($value),
                            'field_format' => $field->format,
                        ];

                } else {
                    $fields_array[$field->name] = [
-                        'field' => $field->convertUnicodeDbSlug(),
-                        'value' => $asset->{$field->convertUnicodeDbSlug()},
+                        'field' => e($field->convertUnicodeDbSlug()),
+                        'value' => e($asset->{$field->convertUnicodeDbSlug()}),
                        'field_format' => $field->format,
                    ];

@@ -114,26 +114,38 @@ class AssetsTransformer
        }

        $permissions_array['available_actions'] = [
-            'checkout' => Gate::allows('checkout', Asset::class),
-            'checkin' => Gate::allows('checkin', Asset::class),
-            'clone' => Gate::allows('create', Asset::class),
-            'restore' => false,
-            'update' => (bool) Gate::allows('update', Asset::class),
-            'delete' => ($asset->assigned_to=='' && Gate::allows('delete', Asset::class)),
+            'checkout'      => ($asset->deleted_at=='' && Gate::allows('checkout', Asset::class)) ? true : false,
+            'checkin'       => ($asset->deleted_at=='' && Gate::allows('checkin', Asset::class)) ? true : false,
+            'clone'         => Gate::allows('create', Asset::class) ? true : false,
+            'restore'       => ($asset->deleted_at!='' && Gate::allows('create', Asset::class)) ? true : false,
+            'update'        => ($asset->deleted_at=='' && Gate::allows('update', Asset::class)) ? true : false,
+            'delete'        => ($asset->deleted_at=='' && $asset->assigned_to =='' && Gate::allows('delete', Asset::class)) ? true : false,
        ];

-        if ($asset->deleted_at!='') {
-            $permissions_array['available_actions'] = [
-                'checkout' => true,
-                'checkin' => false,
-                'clone' => Gate::allows('create', Asset::class),
-                'restore' => Gate::allows('create', Asset::class),
-                'update' => false,
-                'delete' => false,
-            ];
+
+
+        if (request('components')=='true') {
+        
+            if ($asset->components) {
+                $array['components'] = [];
+    
+                foreach ($asset->components as $component) {
+                    $array['components'][] = [
+                        
+                            'id' => $component->id,
+                            'pivot_id' => $component->pivot->id,
+                            'name' => e($component->name),
+                            'qty' => $component->pivot->assigned_qty,
+                            'price_cost' => $component->purchase_cost,
+                            'purchase_total' => $component->purchase_cost * $component->pivot->assigned_qty,
+                            'checkout_date' => Helper::getFormattedDateObject($component->pivot->created_at, 'datetime') ,
+                        
+                    ];
+                }
+            }
+
        }
-
-
+        
        $array += $permissions_array;
        return $array;
    }
@@ -197,4 +209,4 @@ class AssetsTransformer
        return $array;

    }
-}
+}
--- a/app/Http/Transformers/CategoriesTransformer.php
+++ b/app/Http/Transformers/CategoriesTransformer.php
@@ -29,6 +29,7 @@ class CategoriesTransformer
                'image' =>   ($category->image) ? Storage::disk('public')->url('categories/'.e($category->image)) : null,
                'category_type' => ucwords(e($category->category_type)),
                'has_eula' => ($category->getEula() ? true : false),
+                'use_default_eula' => ($category->use_default_eula=='1' ? true : false),
                'eula' => ($category->getEula()),
                'checkin_email' => ($category->checkin_email =='1'),
                'require_acceptance' => ($category->require_acceptance == '1'),
--- a/app/Http/Transformers/DepreciationReportTransformer.php
+++ b/app/Http/Transformers/DepreciationReportTransformer.php
@@ -0,0 +1,120 @@
+<?php
+namespace App\Http\Transformers;
+
+use App\Helpers\Helper;
+use App\Models\Asset;
+use Illuminate\Database\Eloquent\Collection;
+
+/**
+ *  This tranformer looks like it's extraneous, since we return as much or more
+ * info in the AssetsTransformer, but we want to flatten these results out so that they 
+ * don't dislose more information than we want. Folks with depreciation powers don't necessaily 
+ * have the right to see additional info, and inspecting the API call here could disclose 
+ * info they're not supposed to see.
+ * 
+ * @author [A. Gianotto] [<snipe@snipe.net>]
+ * @since [v5.2.0]
+ */
+class DepreciationReportTransformer
+{
+    public function transformAssets(Collection $assets, $total)
+    {
+        $array = array();
+        foreach ($assets as $asset) {
+            $array[] = self::transformAsset($asset);
+        }
+        return (new DatatablesTransformer)->transformDatatables($array, $total);
+    }
+
+
+    public function transformAsset(Asset $asset)
+    {
+
+        /**
+         * Set some default values here
+         */
+        $purchase_cost = null;
+        $depreciated_value = null;
+        $monthly_depreciation = null;
+        $diff = null;
+        $checkout_target = null;
+
+        /**
+         * If there is a location set and a currency set, use that for display
+         */
+        if ($asset->location && $asset->location->currency) {
+            $purchase_cost_currency = $asset->location->currency;
+        } else {
+            $purchase_cost_currency = \App\Models\Setting::getSettings()->default_currency;
+        }
+
+        /**
+         * If there is a NOT an empty purchase cost (meaning not null or '' but it *could* be zero),
+         * format the purchase cost. We coould do this inline in the transformer, but we need that value 
+         * for the other calculations that come after, like diff, etc.
+         */
+        if ($asset->purchase_cost!='') {
+            $purchase_cost = $asset->purchase_cost;
+        }
+       
+
+        /**
+         * Override the previously set null values if there is a valid model and associated depreciation
+         */
+        if (($asset->model) && ($asset->model->depreciation)) {
+            $depreciated_value = \App\Helpers\Helper::formatCurrencyOutput($asset->getDepreciatedValue());
+            $monthly_depreciation = \App\Helpers\Helper::formatCurrencyOutput(($asset->model->eol > 0 ? ($asset->purchase_cost / $asset->model->eol) : 0));
+            $diff = \App\Helpers\Helper::formatCurrencyOutput(($asset->purchase_cost - $asset->getDepreciatedValue()));
+        }
+
+        if ($asset->assigned) {
+            $checkout_target = $asset->assigned->name;
+            if ($asset->checkedOutToUser()) {
+                $checkout_target = $asset->assigned->getFullNameAttribute();
+            } 
+
+        }
+                   
+        $array = [
+    
+            'company' => ($asset->company) ? e($asset->company->name) : null,
+            'name' => e($asset->name),
+            'asset_tag' => e($asset->asset_tag),
+            'serial' => e($asset->serial),
+            'model' => ($asset->model) ?  e($asset->model->name) : null,
+            'model_number' => (($asset->model) && ($asset->model->model_number)) ? e($asset->model->model_number) : null,
+            'eol' => ($asset->purchase_date!='') ? Helper::getFormattedDateObject($asset->present()->eol_date(), 'date') : null ,
+            'status_label' => ($asset->assetstatus) ? e($asset->assetstatus->name) : null,
+            'status' => ($asset->assetstatus) ?  e($asset->present()->statusMeta) : null,
+            'category' => (($asset->model) && ($asset->model->category)) ? e($asset->model->category->name) : null,
+            'manufacturer' => (($asset->model) && ($asset->model->manufacturer)) ? e($asset->model->manufacturer->name) : null,
+            'supplier' => ($asset->supplier) ? e($asset->supplier->name) : null,
+            'notes' => ($asset->notes) ? e($asset->notes) : null,
+            'order_number' => ($asset->order_number) ? e($asset->order_number) : null,
+            'location' => ($asset->location) ? e($asset->location->name) : null,
+            'warranty_expires' => ($asset->warranty_months > 0) ?  Helper::getFormattedDateObject($asset->warranty_expires, 'date') : null,
+            'currency' => $purchase_cost_currency,
+            'purchase_date' => Helper::getFormattedDateObject($asset->purchase_date, 'date'),
+            'purchase_cost' => Helper::formatCurrencyOutput($asset->purchase_cost),
+            'book_value' => Helper::formatCurrencyOutput($depreciated_value),
+            'monthly_depreciation' => $monthly_depreciation,
+            'checked_out_to' => $checkout_target,
+            'diff' =>  Helper::formatCurrencyOutput($diff),
+            'number_of_months' =>  ($asset->model && $asset->model->depreciation) ? e($asset->model->depreciation->months) : null,
+            'depreciation' => (($asset->model) && ($asset->model->depreciation)) ?  e($asset->model->depreciation->name) : null,
+            
+
+        
+        ];
+
+        return $array;
+    }
+
+    public function transformAssetsDatatable($assets)
+    {
+        return (new DatatablesTransformer)->transformDatatables($assets);
+    }
+
+
+   
+}
--- a/app/Http/Transformers/DepreciationsTransformer.php
+++ b/app/Http/Transformers/DepreciationsTransformer.php
@@ -24,6 +24,7 @@ class DepreciationsTransformer
            'id' => (int) $depreciation->id,
            'name' => e($depreciation->name),
            'months' => $depreciation->months . ' '. trans('general.months'),
+            'depreciation_min' => $depreciation->depreciation_min,
            'created_at' => Helper::getFormattedDateObject($depreciation->created_at, 'datetime'),
            'updated_at' => Helper::getFormattedDateObject($depreciation->updated_at, 'datetime'),
        ];
--- a/app/Http/Transformers/LicensesTransformer.php
+++ b/app/Http/Transformers/LicensesTransformer.php
@@ -31,7 +31,8 @@ class LicensesTransformer
            'purchase_date' => Helper::getFormattedDateObject($license->purchase_date, 'date'),
            'termination_date' => Helper::getFormattedDateObject($license->termination_date, 'date'),
            'depreciation' => ($license->depreciation) ? ['id' => (int) $license->depreciation->id,'name'=> e($license->depreciation->name)] : null,
-            'purchase_cost' => e($license->purchase_cost),
+            'purchase_cost' => Helper::formatCurrencyOutput($license->purchase_cost),
+            'purchase_cost_numeric' => $license->purchase_cost,
            'notes' => e($license->notes),
            'expiration_date' => Helper::getFormattedDateObject($license->expiration_date, 'date'),
            'seats' => (int) $license->seats,
--- a/app/Importer/AccessoryImporter.php
+++ b/app/Importer/AccessoryImporter.php
@@ -14,7 +14,7 @@ class AccessoryImporter extends ItemImporter
    protected function handle($row)
    {
        parent::handle($row); // TODO: Change the autogenerated stub
-        $this->createAccessoryIfNotExists();
+        $this->createAccessoryIfNotExists($row);
    }

    /**
@@ -23,7 +23,7 @@ class AccessoryImporter extends ItemImporter
     * @author Daniel Melzter
     * @since 3.0
     */
-    public function createAccessoryIfNotExists()
+    public function createAccessoryIfNotExists($row)
    {
        $accessory = Accessory::where('name', $this->item['name'])->first();
        if ($accessory) {
@@ -33,12 +33,14 @@ class AccessoryImporter extends ItemImporter
            }

            $this->log('Updating Accessory');
+            $this->item['model_number'] = $this->findCsvMatch($row, "model_number");
            $accessory->update($this->sanitizeItemForUpdating($accessory));
            $accessory->save();
            return;
        }
        $this->log("No Matching Accessory, Creating a new one");
        $accessory = new Accessory();
+        $this->item['model_number'] = $this->findCsvMatch($row, "model_number");
        $accessory->fill($this->sanitizeItemForStoring($accessory));

        //FIXME: this disables model validation.  Need to find a way to avoid double-logs without breaking everything.
--- a/app/Importer/ConsumableImporter.php
+++ b/app/Importer/ConsumableImporter.php
@@ -41,9 +41,12 @@ class ConsumableImporter extends ItemImporter
        $consumable = new Consumable();
        $this->item['model_number'] = $this->findCsvMatch($row, "model_number");;
        $this->item['item_no'] = $this->findCsvMatch($row, "item_number");
+        $this->item['min_amt'] = $this->findCsvMatch($row, "minimum quantity");
+        $this->log("min_amt " . $this->item["min_amt"]);
        $consumable->fill($this->sanitizeItemForStoring($consumable));
        //FIXME: this disables model validation.  Need to find a way to avoid double-logs without breaking everything.
        $consumable->unsetEventDispatcher();
+        $this->log(implode(",", $this->item));
        if ($consumable->save()) {
            $consumable->logCreate('Imported using CSV Importer');
            $this->log("Consumable " . $this->item["name"] . ' was created');
--- a/app/Importer/Importer.php
+++ b/app/Importer/Importer.php
@@ -75,6 +75,7 @@ abstract class Importer
        'department' => 'department',
        'manager_first_name' => 'manager first name',
        'manager_last_name' => 'manager last name',
+        'min_amt' => 'minimum quantity',
    ];
    /**
     * Map of item fields->csv names
@@ -195,11 +196,11 @@ abstract class Importer
        $val = $default;
        $key = $this->lookupCustomKey($key);

-        // $this->log("Custom Key: ${key}");
+        $this->log("Custom Key: ${key}");
        if (array_key_exists($key, $array)) {
            $val = Encoding::toUTF8(trim($array[ $key ]));
        }
-        // $this->log("${key}: ${val}");
+        $this->log("${key}: ${val}");
        return $val;
    }

--- a/app/Importer/ItemImporter.php
+++ b/app/Importer/ItemImporter.php
@@ -100,7 +100,7 @@ class ItemImporter extends Importer
            return $this->createOrFetchUser($row);
        }

-        if ($this->item['checkout_class'] === 'location') {
+        if (strtolower($this->item['checkout_class']) === 'location') {
            return Location::findOrFail($this->createOrFetchLocation($this->findCsvMatch($row, 'checkout_location')));
        }

--- a/app/Importer/UserImporter.php
+++ b/app/Importer/UserImporter.php
@@ -121,12 +121,15 @@ class UserImporter extends ItemImporter
     */
    public function createOrFetchDepartment($department_name)
    {
+        if (is_null($department_name) || $department_name == ''){
+            return null;
+        }
+
+
        $department = Department::where(['name' => $department_name])->first();
        if ($department) {
            $this->log('A matching department ' . $department_name . ' already exists');
            return $department->id;
-        } else {
-            return null;
        }

        $department = new department();
--- a/app/Importer/import_mappings.md
+++ b/app/Importer/import_mappings.md
@@ -29,6 +29,7 @@
 | serial number       | serial           | Asset, license                            |
 | status              | status           | Asset ? All                               |
 | supplier            | supplier         | Asset ? All                               |
+| minimum quantity    | min_amt          | Consumable                                |
 | termination date    | termination_date | License                                   |
 | warranty months     | warranty_months  | Asset                                     |
 | User Related Fields | assigned_to      | Asset                                     |
--- a/app/Listeners/CheckoutableListener.php
+++ b/app/Listeners/CheckoutableListener.php
@@ -71,20 +71,27 @@ class CheckoutableListener
        /**
         * Send the appropriate notification
         */
+        $acceptances = CheckoutAcceptance::where('checkoutable_id', $event->checkoutable->id)
+                                        ->where('assigned_to_id', $event->checkedOutTo->id)
+                                        ->get();

-
+        foreach($acceptances as $acceptance){
+            if($acceptance->isPending()){
+                $acceptance->delete();
+            }
+        }
        \Log::debug('checked out to a user');
        if(!$event->checkedOutTo->locale){
            \Log::debug('Use default settings locale');
            Notification::locale(Setting::getSettings()->locale)->send(
-                $this->getNotifiables($event), 
+                $this->getNotifiables($event),
                $this->getCheckinNotification($event)
            );
        } else {
            \Log::debug('Use user locale? I do not think this works as expected yet');
            // \Log::debug(print_r($this->getNotifiables($event), true));
            Notification::send(
-                $this->getNotifiables($event), 
+                $this->getNotifiables($event),
                $this->getCheckinNotification($event)
            );
        }
--- a/app/Models/Accessory.php
+++ b/app/Models/Accessory.php
@@ -91,6 +91,7 @@ class Accessory extends SnipeModel
        'supplier_id',
        'image',
        'qty',
+        'min_amt',
        'requestable'
    ];

@@ -377,4 +378,17 @@ class Accessory extends SnipeModel
    {
        return $query->leftJoin('manufacturers', 'accessories.manufacturer_id', '=', 'manufacturers.id')->orderBy('manufacturers.name', $order);
    }
+
+    /**
+    * Query builder scope to order on supplier
+    *
+    * @param  \Illuminate\Database\Query\Builder  $query  Query builder instance
+    * @param  text                              $order       Order
+    *
+    * @return \Illuminate\Database\Query\Builder          Modified query builder
+    */
+    public function scopeOrderSupplier($query, $order)
+    {
+        return $query->leftJoin('suppliers', 'accessories.supplier_id', '=', 'suppliers.id')->orderBy('suppliers.name', $order);
+    }
 }
--- a/app/Models/Asset.php
+++ b/app/Models/Asset.php
@@ -26,6 +26,7 @@ use Watson\Validating\ValidatingTrait;
 class Asset extends Depreciable
 {
    protected $presenter = 'App\Presenters\AssetPresenter';
+    use CompanyableTrait;
    use Loggable, Requestable, Presentable, SoftDeletes, ValidatingTrait, UniqueUndeletedTrait, UniqueSerialTrait;

    const LOCATION = 'location';
@@ -180,11 +181,6 @@ class Asset extends Depreciable
     */
    public function save(array $params = [])
    {
-        $settings = \App\Models\Setting::getSettings();
-
-        // I don't remember why we have this here? Asset tag would always be required, even if auto increment is on...
-        $this->rules['asset_tag'] = ($settings->auto_increment_assets == '1') ? 'max:255' : 'required';
-
        if($this->model_id != '') {
            $model = AssetModel::find($this->model_id);

@@ -380,7 +376,7 @@ class Asset extends Depreciable
     */
    public function components()
    {
-        return $this->belongsToMany('\App\Models\Component', 'components_assets', 'asset_id', 'component_id')->withPivot('id', 'assigned_qty')->withTrashed();
+        return $this->belongsToMany('\App\Models\Component', 'components_assets', 'asset_id', 'component_id')->withPivot('id', 'assigned_qty', 'created_at')->withTrashed();
    }


@@ -890,7 +886,7 @@ class Asset extends Depreciable
                ->orWhere('assets_users.first_name', 'LIKE', '%'.$term.'%')
                ->orWhere('assets_users.last_name', 'LIKE', '%'.$term.'%')
                ->orWhere('assets_users.username', 'LIKE', '%'.$term.'%')
-                ->orWhereRaw('CONCAT('.DB::getTablePrefix().'assets_users.first_name," ",'.DB::getTablePrefix().'assets_users.last_name) LIKE ?', ["%$term%", "%$term%"]);
+                ->orWhereRaw('CONCAT('.DB::getTablePrefix().'assets_users.first_name," ",'.DB::getTablePrefix().'assets_users.last_name) LIKE ?', ["%$term%"]);

        }

@@ -1260,7 +1256,7 @@ class Asset extends Depreciable
                })->orWhere(function ($query) use ($search) {
                    $query->where('assets_users.first_name', 'LIKE', '%'.$search.'%')
                        ->orWhere('assets_users.last_name', 'LIKE', '%'.$search.'%')
-                        ->orWhereRaw('CONCAT('.DB::getTablePrefix().'assets_users.first_name," ",'.DB::getTablePrefix().'assets_users.last_name) LIKE ?', ["%$search%", "%$search%"])
+                        ->orWhereRaw('CONCAT('.DB::getTablePrefix().'assets_users.first_name," ",'.DB::getTablePrefix().'assets_users.last_name) LIKE ?', ["%$search%"])
                        ->orWhere('assets_users.username', 'LIKE', '%'.$search.'%')
                        ->orWhere('assets_locations.name', 'LIKE', '%'.$search.'%')
                        ->orWhere('assigned_assets.name', 'LIKE', '%'.$search.'%');
--- a/app/Models/Company.php
+++ b/app/Models/Company.php
@@ -78,12 +78,12 @@ final class Company extends SnipeModel
            $company_id = null;
        }

-        $table = ($table_name) ? $table_name."." : '';
+        $table = ($table_name) ? $table_name."." : $query->getModel()->getTable().".";

        if(\Schema::hasColumn($query->getModel()->getTable(), $column)){
-             return $query->where($table.$column, '=', $company_id); 
+             return $query->where($table.$column, '=', $company_id);
        } else {
-            return $query->join('users as users_comp', 'users_comp.id', 'user_id')->where('users_comp.company_id', '=', $company_id); 
+            return $query->join('users as users_comp', 'users_comp.id', 'user_id')->where('users_comp.company_id', '=', $company_id);
        }
    }

--- a/app/Models/Consumable.php
+++ b/app/Models/Consumable.php
@@ -68,6 +68,7 @@ class Consumable extends SnipeModel
        'purchase_cost',
        'purchase_date',
        'qty',
+        'min_amt',
        'requestable'
    ];

@@ -78,7 +79,7 @@ class Consumable extends SnipeModel
     * 
     * @var array
     */
-    protected $searchableAttributes = ['name', 'order_number', 'purchase_cost', 'purchase_date', 'item_no'];
+    protected $searchableAttributes = ['name', 'order_number', 'purchase_cost', 'purchase_date', 'item_no', 'model_number'];

    /**
     * The relations and their attributes that should be included when searching the model.
--- a/app/Models/Ldap.php
+++ b/app/Models/Ldap.php
@@ -27,7 +27,6 @@ class Ldap extends Model
        $ldap_server_cert_ignore = Setting::getSettings()->ldap_server_cert_ignore;
        $ldap_use_tls = Setting::getSettings()->ldap_tls;

-
        // If we are ignoring the SSL cert we need to setup the environment variable
        // before we create the connection
        if ($ldap_server_cert_ignore=='1') {
@@ -50,10 +49,16 @@ class Ldap extends Model
        ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, $ldap_version);
        ldap_set_option($connection, LDAP_OPT_NETWORK_TIMEOUT, 20);

+        if (Setting::getSettings()->ldap_client_tls_cert && Setting::getSettings()->ldap_client_tls_key) {
+            ldap_set_option($connection, LDAP_OPT_X_TLS_CERTFILE, Setting::get_client_side_cert_path());
+            ldap_set_option($connection, LDAP_OPT_X_TLS_KEYFILE, Setting::get_client_side_key_path());
+        }
+
        if ($ldap_use_tls=='1') {
            ldap_start_tls($connection);
        }

+
        return $connection;
    }

--- a/app/Models/Location.php
+++ b/app/Models/Location.php
@@ -23,7 +23,7 @@ class Location extends SnipeModel
    protected $rules = array(
        'name'          => 'required|min:2|max:255|unique_undeleted',
        'city'          => 'min:2|max:255|nullable',
-        'country'       => 'min:2|max:2|nullable',
+        'country'       => 'min:2|max:255|nullable',
        'address'       => 'max:80|nullable',
        'address2'      => 'max:80|nullable',
        'zip'           => 'min:3|max:10|nullable',
--- a/app/Models/Setting.php
+++ b/app/Models/Setting.php
@@ -52,10 +52,7 @@ class Setting extends Model
          'admin_cc_email'                      => 'email|nullable',
          'default_currency'                    => 'required',
          'locale'                              => 'required',
-          'slack_endpoint'                      => 'url|required_with:slack_channel|nullable',
          'labels_per_page'                     => 'numeric',
-          'slack_channel'                       => 'regex:/^[\#\@]?\w+/|required_with:slack_endpoint|nullable',
-          'slack_botname'                       => 'string|nullable',
          'labels_width'                        => 'numeric',
          'labels_height'                       => 'numeric',
          'labels_pmargin_left'                 => 'numeric|nullable',
@@ -342,8 +339,60 @@ class Setting extends Model
            'is_ad',
            'ad_domain',
            'ad_append_domain',
+            'ldap_client_tls_key',
+            'ldap_client_tls_cert'
            ])->first()->getAttributes();

        return collect($ldapSettings);
    }
+
+    /**
+     * Return the filename for the client-side SSL cert
+     *
+     * @var string
+     */
+    public static function get_client_side_cert_path()
+    {
+        return storage_path().'/ldap_client_tls.cert';
+    }
+
+    /**
+     * Return the filename for the client-side SSL key
+     *
+     * @var string
+     */
+    public static function get_client_side_key_path()
+    {
+        return storage_path().'/ldap_client_tls.key';
+    }
+
+    public function update_client_side_cert_files()
+    {
+        /**
+         * I'm not sure if it makes sense to have a cert but no key
+         * nor vice versa, but for now I'm just leaving it like this.
+         *
+         * Also, we could easily set this up with an event handler and
+         * self::saved() or something like that but there's literally only
+         * one place where we will do that, so I'll just explicitly call
+         * this method at that spot instead. It'll be easier to debug and understand.
+         */
+        if ($this->ldap_client_tls_cert) {
+            file_put_contents(self::get_client_side_cert_path(), $this->ldap_client_tls_cert);
+        } else {
+            if (file_exists(self::get_client_side_cert_path())) {
+                unlink(self::get_client_side_cert_path());
+            }
+        }
+
+        if ($this->ldap_client_tls_key) {
+            file_put_contents(self::get_client_side_key_path(), $this->ldap_client_tls_key);
+        } else {
+            if (file_exists(self::get_client_side_key_path())) {
+                unlink(self::get_client_side_key_path());
+            }
+        }
+    }
+
+
 }
--- a/app/Models/Statuslabel.php
+++ b/app/Models/Statuslabel.php
@@ -41,7 +41,7 @@ class Statuslabel extends SnipeModel
     * 
     * @var array
     */
-    protected $searchableAttributes = ['name'];
+    protected $searchableAttributes = ['name', 'notes'];

    /**
     * The relations and their attributes that should be included when searching the model.
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -619,7 +619,7 @@ class User extends SnipeModel implements AuthenticatableContract, AuthorizableCo

           $query = $query->where('first_name', 'LIKE', '%'.$search.'%')
               ->orWhere('last_name', 'LIKE', '%'.$search.'%')
-               ->orWhereRaw('CONCAT('.DB::getTablePrefix().'users.first_name," ",'.DB::getTablePrefix().'users.last_name) LIKE ?', ["%$search%", "%$search%"]);
+               ->orWhereRaw('CONCAT('.DB::getTablePrefix().'users.first_name," ",'.DB::getTablePrefix().'users.last_name) LIKE ?', ["%$search%"]);
        return $query;
    }

@@ -635,7 +635,7 @@ class User extends SnipeModel implements AuthenticatableContract, AuthorizableCo
    public function advancedTextSearch(Builder $query, array $terms) {

        foreach($terms as $term) {
-            $query = $query->orWhereRaw('CONCAT('.DB::getTablePrefix().'users.first_name," ",'.DB::getTablePrefix().'users.last_name) LIKE ?', ["%$term%", "%$term%"]);
+            $query = $query->orWhereRaw('CONCAT('.DB::getTablePrefix().'users.first_name," ",'.DB::getTablePrefix().'users.last_name) LIKE ?', ["%$term%"]);
        }

        return $query;
--- a/app/Presenters/AssetPresenter.php
+++ b/app/Presenters/AssetPresenter.php
@@ -146,7 +146,6 @@ class AssetPresenter extends Presenter
                "searchable" => true,
                "sortable" => true,
                "title" => trans('general.purchase_cost'),
-                "formatter" => 'numberWithCommas',
                "footerFormatter" => 'sumFormatter',
            ], [
                "field" => "order_number",
--- a/app/Presenters/CategoryPresenter.php
+++ b/app/Presenters/CategoryPresenter.php
@@ -56,6 +56,13 @@ class CategoryPresenter extends Presenter
                "title" => trans('admin/categories/table.eula_text'),
                "visible" => false,
                "formatter" => 'trueFalseFormatter',
+            ],[
+                "field" => "use_default_eula",
+                "searchable" => false,
+                "sortable" => true,
+                "title" => trans('admin/categories/general.use_default_eula_column'),
+                "visible" => false,
+                "formatter" => 'trueFalseFormatter',
            ],[
                "field" => "checkin_email",
                "searchable" => false,
--- a/app/Presenters/DepreciationReportPresenter.php
+++ b/app/Presenters/DepreciationReportPresenter.php
@@ -0,0 +1,401 @@
+<?php
+namespace App\Presenters;
+
+use DateTime;
+
+/**
+ * Class DepreciationReportPresenter
+ * @package App\Presenters
+ */
+class DepreciationReportPresenter extends Presenter
+{
+
+    /**
+     * Json Column Layout for bootstrap table
+     * @return string
+     */
+    public static function dataTableLayout()
+    {
+        $layout = [
+           [
+                "field" => "company",
+                "searchable" => true,
+                "sortable" => true,
+                "switchable" => true,
+                "title" => trans('general.company'),
+                "visible" => false,
+            ], [
+                "field" => "category",
+                "searchable" => true,
+                "sortable" => true,
+                "title" => trans('general.category'),
+                "visible" => true,
+            ], [
+                "field" => "name",
+                "searchable" => true,
+                "sortable" => true,
+                "title" => trans('admin/hardware/form.name'),
+                "visible" => false,
+            ], [
+                "field" => "asset_tag",
+                "searchable" => true,
+                "sortable" => true,
+                "title" => trans('general.asset_tag'),
+                "visible" => true,
+            ],[
+                "field" => "model",
+                "searchable" => true,
+                "sortable" => true,
+                "title" => trans('general.asset_model'),
+                "visible" => true,
+            ], [
+                "field" => "model",
+                "searchable" => true,
+                "sortable" => true,
+                "title" => trans('admin/hardware/form.model'),
+                "visible" => true,
+            ], [
+                "field" => "model_number",
+                "searchable" => true,
+                "sortable" => true,
+                "title" => trans('admin/models/table.modelnumber'),
+                "visible" => false
+            ], [
+                "field" => "serial",
+                "searchable" => true,
+                "sortable" => true,
+                "title" => trans('admin/hardware/form.serial'),
+                "visible" => true,
+            ], [
+                "field" => "depreciation",
+                "searchable" => true,
+                "sortable" => true,
+                "title" => trans('general.depreciation'),
+                "visible" => true,
+            ], [
+                "field" => "number_of_months",
+                "searchable" => true,
+                "sortable" => true,
+                "title" => trans('admin/depreciations/general.number_of_months'),
+                "visible" => true,
+            ],  [
+                "field" => "status",
+                "searchable" => true,
+                "sortable" => true,
+                "title" => trans('admin/hardware/table.status'),
+                "visible" => true,
+            ], [
+                "field" => "checked_out_to",
+                "searchable" => true,
+                "sortable" => true,
+                "title" => trans('admin/hardware/table.checkoutto'),
+                "visible" => false,
+            ], [
+                "field" => "location",
+                "searchable" => true,
+                "sortable" => true,
+                "title" => trans('admin/hardware/table.location'),
+                "visible" => true,
+            ],  [
+                "field" => "manufacturer",
+                "searchable" => true,
+                "sortable" => true,
+                "title" => trans('general.manufacturer'),
+                "visible" => false,
+            ],[
+                "field" => "supplier",
+                "searchable" => true,
+                "sortable" => true,
+                "title" => trans('general.supplier'),
+                "visible" => false,
+            ], [
+                "field" => "purchase_date",
+                "searchable" => true,
+                "sortable" => true,
+                "visible" => true,
+                "title" => trans('general.purchase_date'),
+                "formatter" => "dateDisplayFormatter"
+            ], [
+                "field" => "currency",
+                "searchable" => false,
+                "sortable" => false,
+                "visible" => false,
+                "title" =>  'Currency',
+            ], [
+                "field" => "purchase_cost",
+                "searchable" => true,
+                "sortable" => true,
+                "visible" => true,
+                "title" => trans('general.purchase_cost'),
+                "footerFormatter" => 'sumFormatter',
+            ], [
+                "field" => "order_number",
+                "searchable" => true,
+                "sortable" => true,
+                "visible" => false,
+                "title" => trans('general.order_number'),
+            ],  [
+                "field" => "eol",
+                "searchable" => false,
+                "sortable" => false,
+                "visible" => false,
+                "title" => trans('general.eol'),
+                "formatter" => "dateDisplayFormatter"
+            ], [
+                "field" => "book_value",
+                "searchable" => true,
+                "sortable" => true,
+                "visible" => true,
+                "title" => trans('admin/hardware/table.book_value'),
+                "footerFormatter" => 'sumFormatter',
+            ], [
+                "field" => "monthly_depreciation",
+                "searchable" => true,
+                "sortable" => true,
+                "visible" => true,
+                "title" => trans('admin/hardware/table.monthly_depreciation')
+            ],[
+                "field" => "diff",
+                "searchable" => false,
+                "sortable" => false,
+                "visible" => true,
+                "title" => trans('admin/hardware/table.diff'),
+                "footerFormatter" => 'sumFormatter',
+            ],[
+                "field" => "warranty_expires",
+                "searchable" => false,
+                "sortable" => false,
+                "visible" => false,
+                "title" => trans('admin/hardware/form.warranty_expires'),
+                "formatter" => "dateDisplayFormatter"
+            ], 
+        ];
+
+        return json_encode($layout);
+    }
+
+
+
+    /**
+     * Generate html link to this items name.
+     * @return string
+     */
+    public function nameUrl()
+    {
+        return (string) link_to_route('hardware.show', e($this->name), $this->id);
+    }
+
+    public function modelUrl()
+    {
+        if ($this->model->model) {
+            return $this->model->model->present()->nameUrl();
+        }
+        return '';
+    }
+
+    /**
+     * Generate img tag to this items image.
+     * @return mixed|string
+     */
+    public function imageUrl()
+    {
+        $imagePath = '';
+        if ($this->image && !empty($this->image)) {
+            $imagePath = $this->image;
+            $imageAlt = $this->name;
+        } elseif ($this->model && !empty($this->model->image)) {
+            $imagePath = $this->model->image;
+            $imageAlt = $this->model->name;
+        }
+        $url = config('app.url');
+        if (!empty($imagePath)) {
+            $imagePath = '<img src="'.$url.'/uploads/assets/'.$imagePath.' height="50" width="50" alt="'.$imageAlt.'">';
+        }
+        return $imagePath;
+    }
+
+    /**
+     * Generate img tag to this items image.
+     * @return mixed|string
+     */
+    public function imageSrc()
+    {
+        $imagePath = '';
+        if ($this->image && !empty($this->image)) {
+            $imagePath = $this->image;
+        } elseif ($this->model && !empty($this->model->image)) {
+            $imagePath = $this->model->image;
+        }
+        if (!empty($imagePath)) {
+            return config('app.url').'/uploads/assets/'.$imagePath;
+        }
+        return $imagePath;
+    }
+
+    /**
+     * Get Displayable Name
+     * @return string
+     *
+     * @todo this should be factored out - it should be subsumed by fullName (below)
+     *
+     **/
+    public function name()
+    {
+        return $this->fullName;
+    }
+
+    /**
+     * Helper for notification polymorphism.
+     * @return mixed
+     */
+    public function fullName()
+    {
+        $str = '';
+
+        // Asset name
+        if ($this->model->name) {
+            $str .= $this->model->name;
+        }
+
+        // Asset tag
+        if ($this->asset_tag) {
+            $str .= ' ('.$this->model->asset_tag.')';
+        }
+
+        // Asset Model name
+        if ($this->model->model) {
+            $str .= ' - '.$this->model->model->name;
+        }
+        return $str;
+    }
+    /**
+     * Returns the date this item hits EOL.
+     * @return false|string
+     */
+    public function eol_date()
+    {
+
+        if (( $this->purchase_date ) && ( $this->model->model ) && ($this->model->model->eol) ) {
+            $date = date_create($this->purchase_date);
+            date_add($date, date_interval_create_from_date_string($this->model->model->eol . ' months'));
+            return date_format($date, 'Y-m-d');
+        }
+
+    }
+
+    /**
+     * How many months until this asset hits EOL.
+     * @return null
+     */
+    public function months_until_eol()
+    {
+
+        $today = date("Y-m-d");
+        $d1    = new DateTime($today);
+        $d2    = new DateTime($this->eol_date());
+
+        if ($this->eol_date() > $today) {
+            $interval = $d2->diff($d1);
+        } else {
+            $interval = null;
+        }
+
+        return $interval;
+    }
+
+    /**
+     * @return string
+     * This handles the status label "meta" status of "deployed" if
+     * it's assigned. Should maybe deprecate.
+     */
+    public function statusMeta()
+    {
+        if ($this->model->assigned) {
+            return 'deployed';
+        }
+        return $this->model->assetstatus->getStatuslabelType();
+    }
+
+    /**
+     * @return string
+     * This handles the status label "meta" status of "deployed" if
+     * it's assigned. Should maybe deprecate.
+     */
+    public function statusText()
+    {
+        if ($this->model->assigned) {
+            return trans('general.deployed');
+        }
+        return $this->model->assetstatus->name;
+    }
+
+    /**
+     * @return string
+     * This handles the status label "meta" status of "deployed" if
+     * it's assigned. Results look like:
+     *
+     * (if assigned and the status label is "Ready to Deploy"):
+     * (Deployed)
+     *
+     * (f assigned and status label is not "Ready to Deploy":)
+     * Deployed (Another Status Label)
+     *
+     * (if not deployed:)
+     * Another Status Label
+     */
+    public function fullStatusText() {
+        // Make sure the status is valid
+        if ($this->assetstatus) {
+
+            // If the status is assigned to someone or something...
+            if ($this->model->assigned) {
+
+                // If it's assigned and not set to the default "ready to deploy" status
+                if ($this->assetstatus->name != trans('general.ready_to_deploy')) {
+                    return trans('general.deployed'). ' (' . $this->model->assetstatus->name.')';
+                }
+
+                // If it's assigned to the default "ready to deploy" status, just
+                // say it's deployed - otherwise it's confusing to have a status that is
+                // both "ready to deploy" and deployed at the same time.
+                return trans('general.deployed');
+            }
+
+            // Return just the status name
+            return $this->model->assetstatus->name;
+        }
+
+        // This status doesn't seem valid - either data has been manually edited or
+        // the status label was deleted.
+        return 'Invalid status';
+    }
+
+    /**
+     * Date the warantee expires.
+     * @return false|string
+     */
+    public function warrantee_expires()
+    {
+        if (($this->purchase_date) && ($this->warranty_months)) {
+            $date = date_create($this->purchase_date);
+            date_add($date, date_interval_create_from_date_string($this->warranty_months . ' months'));
+            return date_format($date, 'Y-m-d');
+        }
+
+        return false;
+    }
+
+    /**
+     * Url to view this item.
+     * @return string
+     */
+    public function viewUrl()
+    {
+        return route('hardware.show', $this->id);
+    }
+
+    public function glyph()
+    {
+        return '<i class="fa fa-barcode" aria-hidden="true"></i>';
+    }
+}
--- a/app/Services/LdapAd.php
+++ b/app/Services/LdapAd.php
@@ -135,7 +135,7 @@ class LdapAd extends LdapAdConfiguration
            $bind_as_user = true;
        }

-        if ($this->ldap->auth()->attempt($login_username, $password, $bind_as_user) === false) {
+        if (($this->ldap) && ($this->ldap->auth()->attempt($login_username, $password, $bind_as_user) === false)) {
            throw new Exception('Unable to validate user credentials!');
        }    

--- a/app/Services/LdapAdConfiguration.php
+++ b/app/Services/LdapAdConfiguration.php
@@ -156,7 +156,7 @@ class LdapAdConfiguration
    private function setLdapConnectionConfiguration(): array
    {
        // Create the configuration array.
-        return [
+        $ldap_settings =  [
            // Mandatory Configuration Options
            'hosts'            => $this->getServerUrlBase(),
            'base_dn'          => $this->ldapSettings['ldap_basedn'],
@@ -180,6 +180,14 @@ class LdapAdConfiguration
                // LDAP_OPT_X_TLS_REQUIRE_CERT => LDAP_OPT_X_TLS_HARD,
            ],
        ];
+
+        if($this->ldapSettings['ldap_client_tls_cert'] || $this->ldapSettings['ldap_client_tls_key']) {
+            $ldap_settings['custom_options'] = [
+                LDAP_OPT_X_TLS_CERTFILE => Setting::get_client_side_cert_path(),
+                LDAP_OPT_X_TLS_KEYFILE => Setting::get_client_side_key_path()
+            ];
+        }
+        return $ldap_settings;
    }

    /**
--- a/composer.json
+++ b/composer.json
@@ -41,6 +41,7 @@
    "laravel/tinker": "^2.4",
    "laravelcollective/html": "^6.0",
    "league/csv": "^9.5",
+    "league/flysystem": "1.1.4",
    "league/flysystem-aws-s3-v3": "^1.0",
    "league/flysystem-cached-adapter": "^1.0",
    "neitanod/forceutf8": "^2.0",
@@ -110,6 +111,9 @@
    "sort-packages": true,
    "optimize-autoloader": true,
    "discard-changes": true,
-    "process-timeout": 3000
+    "process-timeout": 3000,
+    "platform": {
+      "php": "7.2.5"
+  }
  }
 }
--- a/composer.lock
+++ b/composer.lock
--- a/config/app.php
+++ b/config/app.php
@@ -407,6 +407,7 @@ return [
        'Google2FA' => PragmaRX\Google2FALaravel\Facade::class,
        'Image'     => Intervention\Image\ImageServiceProvider::class,
        'Carbon' => Carbon\Carbon::class,
+        'Helper' => App\Helpers\Helper::class, // makes it much easier to use 'Helper::blah' in blades (which is where we usually use this)


    ],
--- a/config/version.php
+++ b/config/version.php
@@ -1,10 +1,10 @@
 <?php
 return array (
-  'app_version' => 'v5.1.5',
-  'full_app_version' => 'v5.1.5 - build 6029-gb8c356443',
-  'build_version' => '6029',
+  'app_version' => 'v5.3.4',
+  'full_app_version' => 'v5.3.4 - build 6550-g39b0dc136',
+  'build_version' => '6550',
  'prerelease_version' => '',
-  'hash_version' => 'gb8c356443',
-  'full_hash' => 'v5.1.5-125-gb8c356443',
+  'hash_version' => 'g39b0dc136',
+  'full_hash' => 'v5.3.4-17-g39b0dc136',
  'branch' => 'master',
 );
--- a/database/factories/AssetModelFactory.php
+++ b/database/factories/AssetModelFactory.php
@@ -226,26 +226,26 @@ $factory->state(App\Models\AssetModel::class, 'tab3-model', function ($faker) {
 |--------------------------------------------------------------------------
 */

-$factory->state(App\Models\AssetModel::class, 'iphone6s-model', function ($faker) {
+$factory->state(App\Models\AssetModel::class, 'iphone11-model', function ($faker) {
    return [
-        'name' => 'iPhone 6s',
+        'name' => 'iPhone 11',
        'category_id' => 4,
        'manufacturer_id' => 1,
        'eol' => '12',
        'depreciation_id' => 3,
-        'image' => 'iphone6.jpg',
+        'image' => 'iphone11.jpeg',
        'fieldset_id' => 1,
    ];
 });

-$factory->state(App\Models\AssetModel::class, 'iphone7-model', function ($faker) {
+$factory->state(App\Models\AssetModel::class, 'iphone12-model', function ($faker) {
    return [
-        'name' => 'iPhone 7',
+        'name' => 'iPhone 12',
        'category_id' => 4,
        'manufacturer_id' => 1,
        'eol' => '12',
        'depreciation_id' => 1,
-        'image' => 'iphone7.jpg',
+        'image' => 'iphone12.jpeg',
        'fieldset_id' => 1,
    ];
 });
--- a/database/migrations/2020_10_22_233743_move_accessory_checkout_note_to_join_table.php
+++ b/database/migrations/2020_10_22_233743_move_accessory_checkout_note_to_join_table.php
@@ -15,9 +15,16 @@ class MoveAccessoryCheckoutNoteToJoinTable extends Migration
     */
    public function up()
    {
-        Schema::table('accessories_users', function (Blueprint $table) {
-            $table->string('note')->nullable(true)->default(null);
-        });
+
+        if (!Schema::hasColumn('accessories_users', 'note'))
+        {
+            Schema::table('accessories_users', function (Blueprint $table) {
+                $table->string('note')->nullable(true)->default(null);
+            });
+        }
+
+
+        

        // Loop through the checked out accessories, find their related action_log entry, and copy over the note
        // to the newly created note field
@@ -44,8 +51,10 @@ class MoveAccessoryCheckoutNoteToJoinTable extends Migration
                $action_log_entries = Actionlog::where('created_at', '=',$join_log->created_at)
                    ->where('target_id', '=',$join_log->assigned_to)
                    ->where('item_id', '=',$accessory->id)
+                    ->where('item_type', '=','App\\Models\\Accessory')
                    ->where('target_type', '=','App\\Models\\User')
                    ->where('action_type', '=', 'checkout')
+                    ->where('note', '!=', '')
                    ->orderBy('created_at', 'DESC')->get();

                \Log::debug($action_log_entries->count().' matching entries in the action_logs table');
@@ -82,8 +91,15 @@ class MoveAccessoryCheckoutNoteToJoinTable extends Migration
     */
    public function down()
    {
-        Schema::table('accessories_users', function (Blueprint $table) {
-            $table->dropColumn('note');
-        });
+
+        if (Schema::hasColumn('accessories_users', 'note'))
+        {
+            Schema::table('accessories_users', function (Blueprint $table)
+            {
+                $table->dropColumn('note');
+            });
+        }
+
+    
    }
 }
--- a/database/migrations/2020_12_14_233815_add_digit_separator_to_settings.php
+++ b/database/migrations/2020_12_14_233815_add_digit_separator_to_settings.php
@@ -14,7 +14,7 @@ class AddDigitSeparatorToSettings extends Migration
    public function up()
    {
        Schema::table('settings', function (Blueprint $table) {
-            $table->char('digit_separator')->nullable()->default('1234.56');
+            $table->char('digit_separator')->nullable()->default('1,234.56');
        });
    }

--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				`web: php heroku/startup.php && heroku-php-apache2 public/`