diff --git a/.dockerignore b/.dockerignore
index fcc890f76..40ff6c49f 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,11 +1,11 @@
 conf/stack
 screenshots
+tools
 test/data/registry
 venv
 .git
 .gitignore
 Bobfile
 README.md
-license.py
 requirements-nover.txt
-run-local.sh
+run-local.sh
\ No newline at end of file
diff --git a/Dockerfile.buildworker b/Dockerfile.buildworker
index c18c24589..159c7867c 100644
--- a/Dockerfile.buildworker
+++ b/Dockerfile.buildworker
@@ -1,13 +1,13 @@
-FROM phusion/baseimage:0.9.11
+FROM phusion/baseimage:0.9.13
 
 ENV DEBIAN_FRONTEND noninteractive
 ENV HOME /root
 
 # Install the dependencies.
-RUN apt-get update  # 06AUG2014
+RUN apt-get update  # 10SEP2014
 
 # New ubuntu packages should be added as their own apt-get install lines below the existing install commands
-RUN apt-get install -y git python-virtualenv python-dev libjpeg8 libjpeg62-dev libevent-dev gdebi-core g++ libmagic1 phantomjs nodejs npm libldap2-dev libsasl2-dev
+RUN apt-get install -y git python-virtualenv python-dev libjpeg8 libjpeg62-dev libevent-dev gdebi-core g++ libmagic1 phantomjs nodejs npm libldap2-dev libsasl2-dev libpq-dev
 
 # Build the python dependencies
 ADD requirements.txt requirements.txt
diff --git a/Dockerfile.web b/Dockerfile.web
index c9ba36823..605b088b3 100644
--- a/Dockerfile.web
+++ b/Dockerfile.web
@@ -1,13 +1,13 @@
-FROM phusion/baseimage:0.9.11
+FROM phusion/baseimage:0.9.13
 
 ENV DEBIAN_FRONTEND noninteractive
 ENV HOME /root
 
 # Install the dependencies.
-RUN apt-get update  # 06AUG2014
+RUN apt-get update  # 10SEP2014
 
 # New ubuntu packages should be added as their own apt-get install lines below the existing install commands
-RUN apt-get install -y git python-virtualenv python-dev libjpeg8 libjpeg62-dev libevent-dev gdebi-core g++ libmagic1 phantomjs nodejs npm libldap2-dev libsasl2-dev
+RUN apt-get install -y git python-virtualenv python-dev libjpeg8 libjpeg62-dev libevent-dev gdebi-core g++ libmagic1 phantomjs nodejs npm libldap2-dev libsasl2-dev libpq-dev
 
 # Build the python dependencies
 ADD requirements.txt requirements.txt
@@ -30,6 +30,7 @@ RUN cd grunt && npm install
 RUN cd grunt && grunt
 
 ADD conf/init/svlogd_config /svlogd_config
+ADD conf/init/doupdatelimits.sh /etc/my_init.d/
 ADD conf/init/preplogsdir.sh /etc/my_init.d/
 ADD conf/init/runmigration.sh /etc/my_init.d/
 
@@ -37,9 +38,7 @@ ADD conf/init/gunicorn /etc/service/gunicorn
 ADD conf/init/nginx /etc/service/nginx
 ADD conf/init/diffsworker /etc/service/diffsworker
 ADD conf/init/notificationworker /etc/service/notificationworker
-
-# TODO: Remove this after the prod CL push
-ADD conf/init/webhookworker /etc/service/webhookworker
+ADD conf/init/buildlogsarchiver /etc/service/buildlogsarchiver
 
 # Download any external libs.
 RUN mkdir static/fonts static/ldn
@@ -48,7 +47,7 @@ RUN venv/bin/python -m external_libraries
 # Run the tests
 RUN TEST=true venv/bin/python -m unittest discover
 
-VOLUME ["/conf/stack", "/var/log", "/datastorage"]
+VOLUME ["/conf/stack", "/var/log", "/datastorage", "/tmp"]
 
 EXPOSE 443 80
 
diff --git a/app.py b/app.py
index 78746fbcf..8f0a57d62 100644
--- a/app.py
+++ b/app.py
@@ -1,8 +1,9 @@
 import logging
 import os
 import json
+import yaml
 
-from flask import Flask
+from flask import Flask as BaseFlask, Config as BaseConfig
 from flask.ext.principal import Principal
 from flask.ext.login import LoginManager
 from flask.ext.mail import Mail
@@ -19,13 +20,40 @@ from util.exceptionlog import Sentry
 from util.queuemetrics import QueueMetrics
 from data.billing import Billing
 from data.buildlogs import BuildLogs
+from data.archivedlogs import LogArchive
 from data.queue import WorkQueue
 from data.userevent import UserEventsBuilderModule
-from license import load_license
 from datetime import datetime
 
 
-OVERRIDE_CONFIG_FILENAME = 'conf/stack/config.py'
+class Config(BaseConfig):
+  """ Flask config enhanced with a `from_yamlfile` method """
+   
+  def from_yamlfile(self, config_file):
+    with open(config_file) as f:
+      c = yaml.load(f)
+      if not c:
+        logger.debug('Empty YAML config file')
+        return
+
+      if isinstance(c, str):
+        raise Exception('Invalid YAML config file: ' + str(c))
+
+      for key in c.iterkeys():
+        if key.isupper():
+          self[key] = c[key]
+
+class Flask(BaseFlask):
+  """ Extends the Flask class to implement our custom Config class. """
+
+  def make_config(self, instance_relative=False):
+    root_path = self.instance_path if instance_relative else self.root_path
+    return Config(root_path, self.default_config)
+
+
+OVERRIDE_CONFIG_YAML_FILENAME = 'conf/stack/config.yaml'
+OVERRIDE_CONFIG_PY_FILENAME = 'conf/stack/config.py'
+
 OVERRIDE_CONFIG_KEY = 'QUAY_OVERRIDE_CONFIG'
 LICENSE_FILENAME = 'conf/stack/license.enc'
 
@@ -43,22 +71,17 @@ else:
   logger.debug('Loading default config.')
   app.config.from_object(DefaultConfig())
 
-  if os.path.exists(OVERRIDE_CONFIG_FILENAME):
-    logger.debug('Applying config file: %s', OVERRIDE_CONFIG_FILENAME)
-    app.config.from_pyfile(OVERRIDE_CONFIG_FILENAME)
+  if os.path.exists(OVERRIDE_CONFIG_PY_FILENAME):
+    logger.debug('Applying config file: %s', OVERRIDE_CONFIG_PY_FILENAME)
+    app.config.from_pyfile(OVERRIDE_CONFIG_PY_FILENAME)
+
+  if os.path.exists(OVERRIDE_CONFIG_YAML_FILENAME):
+    logger.debug('Applying config file: %s', OVERRIDE_CONFIG_YAML_FILENAME)
+    app.config.from_yamlfile(OVERRIDE_CONFIG_YAML_FILENAME)
 
   environ_config = json.loads(os.environ.get(OVERRIDE_CONFIG_KEY, '{}'))
   app.config.update(environ_config)
 
-  logger.debug('Applying license config from: %s', LICENSE_FILENAME)
-  try:
-    app.config.update(load_license(LICENSE_FILENAME))
-  except IOError:
-    raise RuntimeError('License file %s not found; please check your configuration' % LICENSE_FILENAME)
-
-  if app.config.get('LICENSE_EXPIRATION', datetime.min) < datetime.utcnow():
-    raise RuntimeError('License has expired, please contact support@quay.io')
-
 features.import_features(app.config)
 
 Principal(app, use_sessions=False)
@@ -66,7 +89,8 @@ Principal(app, use_sessions=False)
 login_manager = LoginManager(app)
 mail = Mail(app)
 storage = Storage(app)
-userfiles = Userfiles(app)
+userfiles = Userfiles(app, storage)
+log_archive = LogArchive(app, storage)
 analytics = Analytics(app)
 billing = Billing(app)
 sentry = Sentry(app)
diff --git a/application.py b/application.py
index 2fb79835b..493b34fed 100644
--- a/application.py
+++ b/application.py
@@ -7,7 +7,7 @@ from peewee import Proxy
 from app import app as application
 from flask import request, Request
 from util.names import urn_generator
-from data.model import db as model_db, read_slave
+from data.database import db as model_db, read_slave
 
 # Turn off debug logging for boto
 logging.getLogger('boto').setLevel(logging.CRITICAL)
diff --git a/auth/auth.py b/auth/auth.py
index 3616792ad..ed0c8d82a 100644
--- a/auth/auth.py
+++ b/auth/auth.py
@@ -25,7 +25,7 @@ def _load_user_from_cookie():
   if not current_user.is_anonymous():
     logger.debug('Loading user from cookie: %s', current_user.get_id())
     set_authenticated_user_deferred(current_user.get_id())
-    loaded = QuayDeferredPermissionUser(current_user.get_id(), 'username', {scopes.DIRECT_LOGIN})
+    loaded = QuayDeferredPermissionUser(current_user.get_id(), 'user_db_id', {scopes.DIRECT_LOGIN})
     identity_changed.send(app, identity=loaded)
     return current_user.db_user()
   return None
@@ -58,12 +58,10 @@ def _validate_and_apply_oauth_token(token):
   set_authenticated_user(validated.authorized_user)
   set_validated_oauth_token(validated)
 
-  new_identity = QuayDeferredPermissionUser(validated.authorized_user.username, 'username',
-                                            scope_set)
+  new_identity = QuayDeferredPermissionUser(validated.authorized_user.id, 'user_db_id', scope_set)
   identity_changed.send(app, identity=new_identity)
 
 
-
 def process_basic_auth(auth):
   normalized = [part.strip() for part in auth.split(' ') if part]
   if normalized[0].lower() != 'basic' or len(normalized) != 2:
@@ -100,8 +98,7 @@ def process_basic_auth(auth):
       logger.debug('Successfully validated robot: %s' % credentials[0])
       set_authenticated_user(robot)
       
-      deferred_robot = QuayDeferredPermissionUser(robot.username, 'username',
-                                                  {scopes.DIRECT_LOGIN})
+      deferred_robot = QuayDeferredPermissionUser(robot.id, 'user_db_id', {scopes.DIRECT_LOGIN})
       identity_changed.send(app, identity=deferred_robot)
       return
     except model.InvalidRobotException:
@@ -114,7 +111,7 @@ def process_basic_auth(auth):
       logger.debug('Successfully validated user: %s' % authenticated.username)
       set_authenticated_user(authenticated)
 
-      new_identity = QuayDeferredPermissionUser(authenticated.username, 'username',
+      new_identity = QuayDeferredPermissionUser(authenticated.id, 'user_db_id',
                                                 {scopes.DIRECT_LOGIN})
       identity_changed.send(app, identity=new_identity)
       return
@@ -135,8 +132,15 @@ def process_token(auth):
     logger.warning('Invalid token format: %s' % auth)
     abort(401, message='Invalid token format: %(auth)s', issue='invalid-auth-token', auth=auth)
 
-  token_vals = {val[0]: val[1] for val in
+  def safe_get(lst, index, default_value):
+    try:
+      return lst[index]
+    except IndexError:
+      return default_value
+
+  token_vals = {val[0]: safe_get(val, 1, '') for val in
                 (detail.split('=') for detail in token_details)}
+
   if 'signature' not in token_vals:
     logger.warning('Token does not contain signature: %s' % auth)
     abort(401, message='Token does not contain a valid signature: %(auth)s',
diff --git a/auth/auth_context.py b/auth/auth_context.py
index b97ffa02d..6c587f901 100644
--- a/auth/auth_context.py
+++ b/auth/auth_context.py
@@ -10,13 +10,13 @@ logger = logging.getLogger(__name__)
 def get_authenticated_user():
   user = getattr(_request_ctx_stack.top, 'authenticated_user', None)
   if not user:
-    username = getattr(_request_ctx_stack.top, 'authenticated_username', None)
-    if not username:
-      logger.debug('No authenticated user or deferred username.')
+    db_id = getattr(_request_ctx_stack.top, 'authenticated_db_id', None)
+    if not db_id:
+      logger.debug('No authenticated user or deferred database id.')
       return None
 
     logger.debug('Loading deferred authenticated user.')
-    loaded = model.get_user(username)
+    loaded = model.get_user_by_id(db_id)
     set_authenticated_user(loaded)
     user = loaded
 
@@ -30,10 +30,10 @@ def set_authenticated_user(user_or_robot):
   ctx.authenticated_user = user_or_robot
 
 
-def set_authenticated_user_deferred(username_or_robotname):
-  logger.debug('Deferring loading of authenticated user object: %s', username_or_robotname)
+def set_authenticated_user_deferred(user_or_robot_db_id):
+  logger.debug('Deferring loading of authenticated user object: %s', user_or_robot_db_id)
   ctx = _request_ctx_stack.top
-  ctx.authenticated_username = username_or_robotname
+  ctx.authenticated_db_id = user_or_robot_db_id
 
 
 def get_validated_oauth_token():
diff --git a/auth/permissions.py b/auth/permissions.py
index 2b27f9583..eb9059c22 100644
--- a/auth/permissions.py
+++ b/auth/permissions.py
@@ -58,8 +58,8 @@ SCOPE_MAX_USER_ROLES.update({
 
 
 class QuayDeferredPermissionUser(Identity):
-  def __init__(self, id, auth_type, scopes):
-    super(QuayDeferredPermissionUser, self).__init__(id, auth_type)
+  def __init__(self, db_id, auth_type, scopes):
+    super(QuayDeferredPermissionUser, self).__init__(db_id, auth_type)
 
     self._permissions_loaded = False
     self._scope_set = scopes
@@ -88,7 +88,7 @@ class QuayDeferredPermissionUser(Identity):
   def can(self, permission):
     if not self._permissions_loaded:
       logger.debug('Loading user permissions after deferring.')
-      user_object = model.get_user(self.id)
+      user_object = model.get_user_by_id(self.id)
 
       # Add the superuser need, if applicable.
       if (user_object.username is not None and
@@ -112,7 +112,7 @@ class QuayDeferredPermissionUser(Identity):
 
       # Add repository permissions
       for perm in model.get_all_user_permissions(user_object):
-        repo_grant = _RepositoryNeed(perm.repository.namespace, perm.repository.name,
+        repo_grant = _RepositoryNeed(perm.repository.namespace_user.username, perm.repository.name,
                                      self._repo_role_for_scopes(perm.role.name))
         logger.debug('User added permission: {0}'.format(repo_grant))
         self.provides.add(repo_grant)
@@ -230,16 +230,16 @@ def on_identity_loaded(sender, identity):
   if isinstance(identity, QuayDeferredPermissionUser):
     logger.debug('Deferring permissions for user: %s', identity.id)
 
-  elif identity.auth_type == 'username':
+  elif identity.auth_type == 'user_db_id':
     logger.debug('Switching username permission to deferred object: %s', identity.id)
-    switch_to_deferred = QuayDeferredPermissionUser(identity.id, 'username', {scopes.DIRECT_LOGIN})
+    switch_to_deferred = QuayDeferredPermissionUser(identity.id, 'user_db_id', {scopes.DIRECT_LOGIN})
     identity_changed.send(app, identity=switch_to_deferred)
 
   elif identity.auth_type == 'token':
     logger.debug('Loading permissions for token: %s', identity.id)
     token_data = model.load_token_data(identity.id)
 
-    repo_grant = _RepositoryNeed(token_data.repository.namespace,
+    repo_grant = _RepositoryNeed(token_data.repository.namespace_user.username,
                                  token_data.repository.name,
                                  token_data.role.name)
     logger.debug('Delegate token added permission: {0}'.format(repo_grant))
diff --git a/conf/gunicorn_config.py b/conf/gunicorn_config.py
index 4d9d50499..ca8ad5363 100644
--- a/conf/gunicorn_config.py
+++ b/conf/gunicorn_config.py
@@ -1,5 +1,5 @@
 bind = 'unix:/tmp/gunicorn.sock'
-workers = 8
+workers = 16
 worker_class = 'gevent'
 timeout = 2000
 logconfig = 'conf/logging.conf'
diff --git a/conf/init/buildlogsarchiver/log/run b/conf/init/buildlogsarchiver/log/run
new file mode 100755
index 000000000..c35fb1fb9
--- /dev/null
+++ b/conf/init/buildlogsarchiver/log/run
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec svlogd /var/log/buildlogsarchiver/
\ No newline at end of file
diff --git a/conf/init/buildlogsarchiver/run b/conf/init/buildlogsarchiver/run
new file mode 100755
index 000000000..df3d4b05f
--- /dev/null
+++ b/conf/init/buildlogsarchiver/run
@@ -0,0 +1,8 @@
+#! /bin/bash
+
+echo 'Starting build logs archiver worker'
+
+cd /
+venv/bin/python -m workers.buildlogsarchiver 2>&1
+
+echo 'Diffs worker exited'
\ No newline at end of file
diff --git a/conf/init/doupdatelimits.sh b/conf/init/doupdatelimits.sh
new file mode 100755
index 000000000..603559de0
--- /dev/null
+++ b/conf/init/doupdatelimits.sh
@@ -0,0 +1,5 @@
+#! /bin/bash
+set -e
+
+# Update the connection limit
+sysctl -w net.core.somaxconn=1024
\ No newline at end of file
diff --git a/conf/init/webhookworker/log/run b/conf/init/webhookworker/log/run
deleted file mode 100755
index 6738f16f8..000000000
--- a/conf/init/webhookworker/log/run
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-exec svlogd -t /var/log/webhookworker/
\ No newline at end of file
diff --git a/conf/init/webhookworker/run b/conf/init/webhookworker/run
deleted file mode 100755
index 04521552a..000000000
--- a/conf/init/webhookworker/run
+++ /dev/null
@@ -1,8 +0,0 @@
-#! /bin/bash
-
-echo 'Starting webhook worker'
-
-cd /
-venv/bin/python -m workers.webhookworker
-
-echo 'Webhook worker exited'
\ No newline at end of file
diff --git a/conf/server-base.conf b/conf/server-base.conf
index 6aeaa689e..a13cf1424 100644
--- a/conf/server-base.conf
+++ b/conf/server-base.conf
@@ -1,4 +1,4 @@
-client_max_body_size 8G;
+client_max_body_size 20G;
 client_body_temp_path /var/log/nginx/client_body 1 2;
 server_name _;
 
diff --git a/config.py b/config.py
index a903fa29a..6742d1a43 100644
--- a/config.py
+++ b/config.py
@@ -19,7 +19,7 @@ def build_requests_session():
 CLIENT_WHITELIST = ['SERVER_HOSTNAME', 'PREFERRED_URL_SCHEME', 'GITHUB_CLIENT_ID',
                     'GITHUB_LOGIN_CLIENT_ID', 'MIXPANEL_KEY', 'STRIPE_PUBLISHABLE_KEY',
                     'ENTERPRISE_LOGO_URL', 'SENTRY_PUBLIC_DSN', 'AUTHENTICATION_TYPE',
-                    'REGISTRY_TITLE', 'REGISTRY_TITLE_SHORT']
+                    'REGISTRY_TITLE', 'REGISTRY_TITLE_SHORT', 'GOOGLE_LOGIN_CLIENT_ID']
 
 
 def getFrontendVisibleConfig(config_dict):
@@ -80,19 +80,15 @@ class DefaultConfig(object):
   AUTHENTICATION_TYPE = 'Database'
 
   # Build logs
-  BUILDLOGS_REDIS_HOSTNAME = 'logs.quay.io'
+  BUILDLOGS_REDIS = {'host': 'logs.quay.io'}
   BUILDLOGS_OPTIONS = []
 
   # Real-time user events
-  USER_EVENTS_REDIS_HOSTNAME = 'logs.quay.io'
+  USER_EVENTS_REDIS = {'host': 'logs.quay.io'}
 
   # Stripe config
   BILLING_TYPE = 'FakeStripe'
 
-  # Userfiles
-  USERFILES_TYPE = 'LocalUserfiles'
-  USERFILES_PATH = 'test/data/registry/userfiles'
-
   # Analytics
   ANALYTICS_TYPE = 'FakeAnalytics'
 
@@ -115,6 +111,13 @@ class DefaultConfig(object):
   GITHUB_LOGIN_CLIENT_ID = ''
   GITHUB_LOGIN_CLIENT_SECRET = ''
 
+  # Google Config.
+  GOOGLE_TOKEN_URL = 'https://accounts.google.com/o/oauth2/token'
+  GOOGLE_USER_URL = 'https://www.googleapis.com/oauth2/v1/userinfo'
+
+  GOOGLE_LOGIN_CLIENT_ID = ''
+  GOOGLE_LOGIN_CLIENT_SECRET = ''
+
   # Requests based HTTP client with a large request pool
   HTTPCLIENT = build_requests_session()
 
@@ -144,6 +147,9 @@ class DefaultConfig(object):
   # Feature Flag: Whether GitHub login is supported.
   FEATURE_GITHUB_LOGIN = False
 
+  # Feature Flag: Whether Google login is supported.
+  FEATURE_GOOGLE_LOGIN = False
+
   # Feature flag, whether to enable olark chat
   FEATURE_OLARK_CHAT = False
 
@@ -153,9 +159,26 @@ class DefaultConfig(object):
   # Feature Flag: Whether to support GitHub build triggers.
   FEATURE_GITHUB_BUILD = False
 
+  # Feature Flag: Dockerfile build support.
+  FEATURE_BUILD_SUPPORT = True
+
+  # Feature Flag: Whether emails are enabled.
+  FEATURE_MAILING = True
+
+  # Feature Flag: Whether users can be created (by non-super users).
+  FEATURE_USER_CREATION = True
+
   DISTRIBUTED_STORAGE_CONFIG = {
     'local_eu': ['LocalStorage', {'storage_path': 'test/data/registry/eu'}],
     'local_us': ['LocalStorage', {'storage_path': 'test/data/registry/us'}],
   }
 
   DISTRIBUTED_STORAGE_PREFERENCE = ['local_us']
+
+  # Userfiles
+  USERFILES_LOCATION = 'local_us'
+  USERFILES_PATH = 'userfiles/'
+
+  # Build logs archive
+  LOG_ARCHIVE_LOCATION = 'local_us'
+  LOG_ARCHIVE_PATH = 'logarchive/'
diff --git a/data/archivedlogs.py b/data/archivedlogs.py
new file mode 100644
index 000000000..e190b9782
--- /dev/null
+++ b/data/archivedlogs.py
@@ -0,0 +1,56 @@
+import logging
+
+from gzip import GzipFile
+from flask import send_file, abort
+from cStringIO import StringIO
+
+from data.userfiles import DelegateUserfiles, UserfilesHandlers
+
+
+JSON_MIMETYPE = 'application/json'
+
+
+logger = logging.getLogger(__name__)
+
+
+class LogArchiveHandlers(UserfilesHandlers):
+  def get(self, file_id):
+    path = self._files.get_file_id_path(file_id)
+    try:
+      with self._storage.stream_read_file(self._locations, path) as gzip_stream:
+        with GzipFile(fileobj=gzip_stream) as unzipped:
+          unzipped_buffer = StringIO(unzipped.read())
+          return send_file(unzipped_buffer, mimetype=JSON_MIMETYPE)
+    except IOError:
+      abort(404)
+
+
+class LogArchive(object):
+  def __init__(self, app=None, distributed_storage=None):
+    self.app = app
+    if app is not None:
+      self.state = self.init_app(app, distributed_storage)
+    else:
+      self.state = None
+
+  def init_app(self, app, distributed_storage):
+    location = app.config.get('LOG_ARCHIVE_LOCATION')
+    path = app.config.get('LOG_ARCHIVE_PATH', None)
+
+    handler_name = 'logarchive_handlers'
+
+    log_archive = DelegateUserfiles(app, distributed_storage, location, path, handler_name)
+
+    app.add_url_rule('/logarchive/<file_id>',
+                     view_func=LogArchiveHandlers.as_view(handler_name,
+                                                          distributed_storage=distributed_storage,
+                                                          location=location,
+                                                          files=log_archive))
+
+    # register extension with app
+    app.extensions = getattr(app, 'extensions', {})
+    app.extensions['log_archive'] = log_archive
+    return log_archive
+
+  def __getattr__(self, name):
+    return getattr(self.state, name, None)
diff --git a/data/billing.py b/data/billing.py
index 4847dd3f8..e1510c054 100644
--- a/data/billing.py
+++ b/data/billing.py
@@ -3,6 +3,8 @@ import stripe
 from datetime import datetime, timedelta
 from calendar import timegm
 
+from util.morecollections import AttrDict
+
 PLANS = [
   # Deprecated Plans
   {
@@ -118,20 +120,6 @@ def get_plan(plan_id):
   return None
 
 
-class AttrDict(dict):
-  def __init__(self, *args, **kwargs):
-    super(AttrDict, self).__init__(*args, **kwargs)
-    self.__dict__ = self
-
-  @classmethod
-  def deep_copy(cls, attr_dict):
-    copy = AttrDict(attr_dict)
-    for key, value in copy.items():
-      if isinstance(value, AttrDict):
-        copy[key] = cls.deep_copy(value)
-    return copy
-
-
 class FakeStripe(object):
   class Customer(AttrDict):
     FAKE_PLAN = AttrDict({
diff --git a/data/buildlogs.py b/data/buildlogs.py
index 2ccd03899..6e24f501b 100644
--- a/data/buildlogs.py
+++ b/data/buildlogs.py
@@ -2,6 +2,11 @@ import redis
 import json
 
 from util.dynamic import import_class
+from datetime import timedelta
+
+
+ONE_DAY = timedelta(days=1)
+
 
 class BuildStatusRetrievalError(Exception):
   pass
@@ -11,8 +16,8 @@ class RedisBuildLogs(object):
   COMMAND = 'command'
   PHASE = 'phase'
 
-  def __init__(self, redis_host):
-    self._redis = redis.StrictRedis(host=redis_host)
+  def __init__(self, redis_config):
+    self._redis = redis.StrictRedis(socket_connect_timeout=5, **redis_config)
 
   @staticmethod
   def _logs_key(build_id):
@@ -25,7 +30,7 @@ class RedisBuildLogs(object):
     """
     return self._redis.rpush(self._logs_key(build_id), json.dumps(log_obj))
 
-  def append_log_message(self, build_id, log_message, log_type=None):
+  def append_log_message(self, build_id, log_message, log_type=None, log_data=None):
     """
     Wraps the message in an envelope and push it to the end of the log entry
     list and returns the index at which it was inserted.
@@ -37,6 +42,9 @@ class RedisBuildLogs(object):
     if log_type:
       log_obj['type'] = log_type
 
+    if log_data:
+      log_obj['data'] = log_data
+
     return self._redis.rpush(self._logs_key(build_id), json.dumps(log_obj)) - 1
 
   def get_log_entries(self, build_id, start_index):
@@ -51,6 +59,13 @@ class RedisBuildLogs(object):
     except redis.ConnectionError:
       raise BuildStatusRetrievalError('Cannot retrieve build logs')
 
+  def expire_log_entries(self, build_id):
+    """
+    Sets the log entry to expire in 1 day.
+    """
+    self._redis.expire(self._logs_key(build_id), ONE_DAY)
+
+
   @staticmethod
   def _status_key(build_id):
     return 'builds/%s/status' % build_id
@@ -89,7 +104,13 @@ class BuildLogs(object):
       self.state = None
 
   def init_app(self, app):
-    buildlogs_hostname = app.config.get('BUILDLOGS_REDIS_HOSTNAME')
+    buildlogs_config = app.config.get('BUILDLOGS_REDIS')
+    if not buildlogs_config:
+      # This is the old key name.
+      buildlogs_config = {
+        'host': app.config.get('BUILDLOGS_REDIS_HOSTNAME')
+      }
+
     buildlogs_options = app.config.get('BUILDLOGS_OPTIONS', [])
     buildlogs_import = app.config.get('BUILDLOGS_MODULE_AND_CLASS', None)
 
@@ -98,7 +119,7 @@ class BuildLogs(object):
     else:
       klass = import_class(buildlogs_import[0], buildlogs_import[1])
 
-    buildlogs = klass(buildlogs_hostname, *buildlogs_options)
+    buildlogs = klass(buildlogs_config, *buildlogs_options)
 
     # register extension with app
     app.extensions = getattr(app, 'extensions', {})
@@ -106,4 +127,4 @@ class BuildLogs(object):
     return buildlogs
 
   def __getattr__(self, name):
-    return getattr(self.state, name, None)
\ No newline at end of file
+    return getattr(self.state, name, None)
diff --git a/data/database.py b/data/database.py
index 76a0af9df..aba62b88b 100644
--- a/data/database.py
+++ b/data/database.py
@@ -8,7 +8,7 @@ from peewee import *
 from data.read_slave import ReadSlaveModel
 from sqlalchemy.engine.url import make_url
 from urlparse import urlparse
-
+from util.names import urn_generator
 
 logger = logging.getLogger(__name__)
 
@@ -17,10 +17,28 @@ SCHEME_DRIVERS = {
   'mysql': MySQLDatabase,
   'mysql+pymysql': MySQLDatabase,
   'sqlite': SqliteDatabase,
+  'postgresql': PostgresqlDatabase,
+  'postgresql+psycopg2': PostgresqlDatabase,
 }
 
+SCHEME_RANDOM_FUNCTION = {
+  'mysql': fn.Rand,
+  'mysql+pymysql': fn.Rand,
+  'sqlite': fn.Random,
+  'postgresql': fn.Random,
+  'postgresql+psycopg2': fn.Random,  
+}
+
+class CallableProxy(Proxy):
+  def __call__(self, *args, **kwargs):
+    if self.obj is None:
+      raise AttributeError('Cannot use uninitialized Proxy.')
+    return self.obj(*args, **kwargs)
+
 db = Proxy()
 read_slave = Proxy()
+db_random_func = CallableProxy()
+
 
 def _db_from_url(url, db_kwargs):
   parsed_url = make_url(url)
@@ -32,15 +50,19 @@ def _db_from_url(url, db_kwargs):
   if parsed_url.username:
     db_kwargs['user'] = parsed_url.username
   if parsed_url.password:
-    db_kwargs['passwd'] = parsed_url.password
+    db_kwargs['password'] = parsed_url.password
 
   return SCHEME_DRIVERS[parsed_url.drivername](parsed_url.database, **db_kwargs)
 
+
 def configure(config_object):
   db_kwargs = dict(config_object['DB_CONNECTION_ARGS'])
   write_db_uri = config_object['DB_URI']
   db.initialize(_db_from_url(write_db_uri, db_kwargs))
 
+  parsed_write_uri = make_url(write_db_uri)
+  db_random_func.initialize(SCHEME_RANDOM_FUNCTION[parsed_write_uri.drivername])
+
   read_slave_uri = config_object.get('DB_READ_SLAVE_URI', None)
   if read_slave_uri is not None:
     read_slave.initialize(_db_from_url(read_slave_uri, db_kwargs))
@@ -74,6 +96,8 @@ class User(BaseModel):
   organization = BooleanField(default=False, index=True)
   robot = BooleanField(default=False, index=True)
   invoice_email = BooleanField(default=False)
+  invalid_login_attempts = IntegerField(default=0)
+  last_invalid_login = DateTimeField(default=datetime.utcnow)
 
 
 class TeamRole(BaseModel):
@@ -108,6 +132,15 @@ class TeamMember(BaseModel):
     )
 
 
+class TeamMemberInvite(BaseModel):
+  # Note: Either user OR email will be filled in, but not both.
+  user = ForeignKeyField(User, index=True, null=True)
+  email = CharField(null=True)
+  team = ForeignKeyField(Team, index=True)
+  inviter = ForeignKeyField(User, related_name='inviter')
+  invite_token = CharField(default=urn_generator(['teaminvite']))
+
+
 class LoginService(BaseModel):
   name = CharField(unique=True, index=True)
 
@@ -116,6 +149,7 @@ class FederatedLogin(BaseModel):
   user = ForeignKeyField(User, index=True)
   service = ForeignKeyField(LoginService, index=True)
   service_ident = CharField()
+  metadata_json = TextField(default='{}')  
 
   class Meta:
     database = db
@@ -134,7 +168,7 @@ class Visibility(BaseModel):
 
 
 class Repository(BaseModel):
-  namespace = CharField()
+  namespace_user = ForeignKeyField(User)
   name = CharField()
   visibility = ForeignKeyField(Visibility)
   description = TextField(null=True)
@@ -145,7 +179,7 @@ class Repository(BaseModel):
     read_slaves = (read_slave,)
     indexes = (
       # create a unique index on namespace and name
-      (('namespace', 'name'), True),
+      (('namespace_user', 'name'), True),
     )
 
 
@@ -229,6 +263,7 @@ class ImageStorage(BaseModel):
   comment = TextField(null=True)
   command = TextField(null=True)
   image_size = BigIntegerField(null=True)
+  uncompressed_size = BigIntegerField(null=True)
   uploading = BooleanField(default=True, null=True)
 
 
@@ -284,6 +319,16 @@ class RepositoryTag(BaseModel):
     )
 
 
+class BUILD_PHASE(object):
+  """ Build phases enum """
+  ERROR = 'error'
+  UNPACKING = 'unpacking'
+  PULLING = 'pulling'
+  BUILDING = 'building'
+  PUSHING = 'pushing'
+  COMPLETE = 'complete'
+
+
 class RepositoryBuild(BaseModel):
   uuid = CharField(default=uuid_generator, index=True)
   repository = ForeignKeyField(Repository, index=True)
@@ -295,12 +340,13 @@ class RepositoryBuild(BaseModel):
   display_name = CharField()
   trigger = ForeignKeyField(RepositoryBuildTrigger, null=True, index=True)
   pull_robot = ForeignKeyField(User, null=True, related_name='buildpullrobot')
+  logs_archived = BooleanField(default=False)
 
 
 class QueueItem(BaseModel):
   queue_name = CharField(index=True, max_length=1024)
   body = TextField()
-  available_after = DateTimeField(default=datetime.now, index=True)
+  available_after = DateTimeField(default=datetime.utcnow, index=True)
   available = BooleanField(default=True, index=True)
   processing_expires = DateTimeField(null=True, index=True)
   retries_remaining = IntegerField(default=5)
@@ -405,4 +451,4 @@ all_models = [User, Repository, Image, AccessToken, Role, RepositoryPermission,
               OAuthApplication, OAuthAuthorizationCode, OAuthAccessToken, NotificationKind,
               Notification, ImageStorageLocation, ImageStoragePlacement,
               ExternalNotificationEvent, ExternalNotificationMethod, RepositoryNotification,
-              RepositoryAuthorizedEmail]
+              RepositoryAuthorizedEmail, TeamMemberInvite]
diff --git a/data/migrations/env.py b/data/migrations/env.py
index c267c2f50..d64cf4ee7 100644
--- a/data/migrations/env.py
+++ b/data/migrations/env.py
@@ -8,6 +8,7 @@ from peewee import SqliteDatabase
 from data.database import all_models, db
 from app import app
 from data.model.sqlalchemybridge import gen_sqlalchemy_metadata
+from util.morecollections import AttrDict
 
 # this is the Alembic Config object, which provides
 # access to the values within the .ini file in use.
@@ -23,6 +24,7 @@ fileConfig(config.config_file_name)
 # from myapp import mymodel
 # target_metadata = mymodel.Base.metadata
 target_metadata = gen_sqlalchemy_metadata(all_models)
+tables = AttrDict(target_metadata.tables)
 
 # other values from the config, defined by the needs of env.py,
 # can be acquired:
@@ -45,7 +47,7 @@ def run_migrations_offline():
     context.configure(url=url, target_metadata=target_metadata, transactional_ddl=True)
 
     with context.begin_transaction():
-        context.run_migrations()
+        context.run_migrations(tables=tables)
 
 def run_migrations_online():
     """Run migrations in 'online' mode.
@@ -72,7 +74,7 @@ def run_migrations_online():
 
     try:
         with context.begin_transaction():
-            context.run_migrations()
+            context.run_migrations(tables=tables)
     finally:
         connection.close()
 
diff --git a/data/migrations/script.py.mako b/data/migrations/script.py.mako
index 95702017e..1b92f9f48 100644
--- a/data/migrations/script.py.mako
+++ b/data/migrations/script.py.mako
@@ -14,9 +14,9 @@ from alembic import op
 import sqlalchemy as sa
 ${imports if imports else ""}
 
-def upgrade():
+def upgrade(tables):
     ${upgrades if upgrades else "pass"}
 
 
-def downgrade():
+def downgrade(tables):
     ${downgrades if downgrades else "pass"}
diff --git a/data/migrations/versions/13da56878560_migrate_registry_namespaces_to_.py b/data/migrations/versions/13da56878560_migrate_registry_namespaces_to_.py
new file mode 100644
index 000000000..30ac75c96
--- /dev/null
+++ b/data/migrations/versions/13da56878560_migrate_registry_namespaces_to_.py
@@ -0,0 +1,24 @@
+"""Migrate registry namespaces to reference a user.
+
+Revision ID: 13da56878560
+Revises: 51d04d0e7e6f
+Create Date: 2014-09-18 13:56:45.130455
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '13da56878560'
+down_revision = '51d04d0e7e6f'
+
+from alembic import op
+import sqlalchemy as sa
+
+from data.database import Repository, User
+
+def upgrade(tables):
+    # Add the namespace_user column, allowing it to be nullable
+    op.add_column('repository', sa.Column('namespace_user_id', sa.Integer(), sa.ForeignKey('user.id')))
+
+
+def downgrade(tables):
+    op.drop_column('repository', 'namespace_user_id')
diff --git a/data/migrations/versions/1594a74a74ca_add_metadata_field_to_external_logins.py b/data/migrations/versions/1594a74a74ca_add_metadata_field_to_external_logins.py
new file mode 100644
index 000000000..2f6c60706
--- /dev/null
+++ b/data/migrations/versions/1594a74a74ca_add_metadata_field_to_external_logins.py
@@ -0,0 +1,35 @@
+"""add metadata field to external logins
+
+Revision ID: 1594a74a74ca
+Revises: f42b0ea7a4d
+Create Date: 2014-09-04 18:17:35.205698
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '1594a74a74ca'
+down_revision = 'f42b0ea7a4d'
+
+from alembic import op
+import sqlalchemy as sa
+from sqlalchemy.dialects import mysql
+
+def upgrade(tables):
+    ### commands auto generated by Alembic - please adjust! ###
+    op.add_column('federatedlogin', sa.Column('metadata_json', sa.Text(), nullable=False))
+    ### end Alembic commands ###
+
+    op.bulk_insert(tables.loginservice,
+    [
+        {'id':4, 'name':'google'},
+    ])
+
+def downgrade(tables):
+    ### commands auto generated by Alembic - please adjust! ###
+    op.drop_column('federatedlogin', 'metadata_json')
+    ### end Alembic commands ###
+
+    op.execute(
+        (tables.loginservice.delete()
+            .where(tables.loginservice.c.name == op.inline_literal('google')))
+    )
diff --git a/data/migrations/versions/201d55b38649_remove_fields_from_image_table_that_.py b/data/migrations/versions/201d55b38649_remove_fields_from_image_table_that_.py
index ea36e3f57..d50c3a592 100644
--- a/data/migrations/versions/201d55b38649_remove_fields_from_image_table_that_.py
+++ b/data/migrations/versions/201d55b38649_remove_fields_from_image_table_that_.py
@@ -14,7 +14,7 @@ from alembic import op
 import sqlalchemy as sa
 from sqlalchemy.dialects import mysql
 
-def upgrade():
+def upgrade(tables):
     ### commands auto generated by Alembic - please adjust! ###
     op.drop_index('buildtriggerservice_name', table_name='buildtriggerservice')
     op.create_index('buildtriggerservice_name', 'buildtriggerservice', ['name'], unique=True)
@@ -34,7 +34,7 @@ def upgrade():
     ### end Alembic commands ###
 
 
-def downgrade():
+def downgrade(tables):
     ### commands auto generated by Alembic - please adjust! ###
     op.drop_index('visibility_name', table_name='visibility')
     op.create_index('visibility_name', 'visibility', ['name'], unique=False)
diff --git a/data/migrations/versions/325a4d7c79d9_prepare_the_database_for_the_new_.py b/data/migrations/versions/325a4d7c79d9_prepare_the_database_for_the_new_.py
index 18c8bf654..e3be811b6 100644
--- a/data/migrations/versions/325a4d7c79d9_prepare_the_database_for_the_new_.py
+++ b/data/migrations/versions/325a4d7c79d9_prepare_the_database_for_the_new_.py
@@ -13,12 +13,8 @@ down_revision = '4b7ef0c7bdb2'
 from alembic import op
 import sqlalchemy as sa
 from sqlalchemy.dialects import mysql
-from data.model.sqlalchemybridge import gen_sqlalchemy_metadata
-from data.database import all_models
-
-def upgrade():
-    schema = gen_sqlalchemy_metadata(all_models)
 
+def upgrade(tables):
     ### commands auto generated by Alembic - please adjust! ###
     op.create_table('externalnotificationmethod',
     sa.Column('id', sa.Integer(), nullable=False),
@@ -26,7 +22,7 @@ def upgrade():
     sa.PrimaryKeyConstraint('id')
     )
     op.create_index('externalnotificationmethod_name', 'externalnotificationmethod', ['name'], unique=True)
-    op.bulk_insert(schema.tables['externalnotificationmethod'],
+    op.bulk_insert(tables.externalnotificationmethod,
     [
         {'id':1, 'name':'quay_notification'},
         {'id':2, 'name':'email'},
@@ -38,7 +34,7 @@ def upgrade():
     sa.PrimaryKeyConstraint('id')
     )
     op.create_index('externalnotificationevent_name', 'externalnotificationevent', ['name'], unique=True)
-    op.bulk_insert(schema.tables['externalnotificationevent'],
+    op.bulk_insert(tables.externalnotificationevent,
     [
         {'id':1, 'name':'repo_push'},
         {'id':2, 'name':'build_queued'},
@@ -77,7 +73,7 @@ def upgrade():
     op.add_column(u'notification', sa.Column('dismissed', sa.Boolean(), nullable=False))
     
     # Manually add the new notificationkind types
-    op.bulk_insert(schema.tables['notificationkind'],
+    op.bulk_insert(tables.notificationkind,
     [
         {'id':5, 'name':'repo_push'},
         {'id':6, 'name':'build_queued'},
@@ -87,7 +83,7 @@ def upgrade():
     ])
 
     # Manually add the new logentrykind types
-    op.bulk_insert(schema.tables['logentrykind'],
+    op.bulk_insert(tables.logentrykind,
     [
         {'id':39, 'name':'add_repo_notification'},
         {'id':40, 'name':'delete_repo_notification'},
@@ -97,61 +93,49 @@ def upgrade():
     ### end Alembic commands ###
 
 
-def downgrade():
-    schema = gen_sqlalchemy_metadata(all_models)
-
+def downgrade(tables):
     ### commands auto generated by Alembic - please adjust! ###
     op.drop_column(u'notification', 'dismissed')
-    op.drop_index('repositorynotification_uuid', table_name='repositorynotification')
-    op.drop_index('repositorynotification_repository_id', table_name='repositorynotification')
-    op.drop_index('repositorynotification_method_id', table_name='repositorynotification')
-    op.drop_index('repositorynotification_event_id', table_name='repositorynotification')
     op.drop_table('repositorynotification')
-    op.drop_index('repositoryauthorizedemail_repository_id', table_name='repositoryauthorizedemail')
-    op.drop_index('repositoryauthorizedemail_email_repository_id', table_name='repositoryauthorizedemail')
-    op.drop_index('repositoryauthorizedemail_code', table_name='repositoryauthorizedemail')
     op.drop_table('repositoryauthorizedemail')
-    op.drop_index('externalnotificationevent_name', table_name='externalnotificationevent')
     op.drop_table('externalnotificationevent')
-    op.drop_index('externalnotificationmethod_name', table_name='externalnotificationmethod')
     op.drop_table('externalnotificationmethod')
 
     # Manually remove the notificationkind and logentrykind types
-    notificationkind = schema.tables['notificationkind']
     op.execute(
-        (notificationkind.delete()
-            .where(notificationkind.c.name == op.inline_literal('repo_push')))
+        (tables.notificationkind.delete()
+            .where(tables.notificationkind.c.name == op.inline_literal('repo_push')))
 
     )
     op.execute(
-        (notificationkind.delete()
-            .where(notificationkind.c.name == op.inline_literal('build_queued')))
+        (tables.notificationkind.delete()
+            .where(tables.notificationkind.c.name == op.inline_literal('build_queued')))
 
     )
     op.execute(
-        (notificationkind.delete()
-            .where(notificationkind.c.name == op.inline_literal('build_start')))
+        (tables.notificationkind.delete()
+            .where(tables.notificationkind.c.name == op.inline_literal('build_start')))
 
     )
     op.execute(
-        (notificationkind.delete()
-            .where(notificationkind.c.name == op.inline_literal('build_success')))
+        (tables.notificationkind.delete()
+            .where(tables.notificationkind.c.name == op.inline_literal('build_success')))
 
     )
     op.execute(
-        (notificationkind.delete()
-            .where(notificationkind.c.name == op.inline_literal('build_failure')))
+        (tables.notificationkind.delete()
+            .where(tables.notificationkind.c.name == op.inline_literal('build_failure')))
 
     )
 
     op.execute(
-        (logentrykind.delete()
-            .where(logentrykind.c.name == op.inline_literal('add_repo_notification')))
+        (tables.logentrykind.delete()
+            .where(tables.logentrykind.c.name == op.inline_literal('add_repo_notification')))
 
     )
     op.execute(
-        (logentrykind.delete()
-            .where(logentrykind.c.name == op.inline_literal('delete_repo_notification')))
+        (tables.logentrykind.delete()
+            .where(tables.logentrykind.c.name == op.inline_literal('delete_repo_notification')))
 
     )
     ### end Alembic commands ###
diff --git a/data/migrations/versions/34fd69f63809_add_support_for_build_log_migration.py b/data/migrations/versions/34fd69f63809_add_support_for_build_log_migration.py
new file mode 100644
index 000000000..a731d0158
--- /dev/null
+++ b/data/migrations/versions/34fd69f63809_add_support_for_build_log_migration.py
@@ -0,0 +1,26 @@
+"""Add support for build log migration.
+
+Revision ID: 34fd69f63809
+Revises: 4a0c94399f38
+Create Date: 2014-09-12 11:50:09.217777
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '34fd69f63809'
+down_revision = '4a0c94399f38'
+
+from alembic import op
+import sqlalchemy as sa
+
+
+def upgrade(tables):
+    ### commands auto generated by Alembic - please adjust! ###
+    op.add_column('repositorybuild', sa.Column('logs_archived', sa.Boolean(), nullable=False, server_default=sa.sql.expression.false()))
+    ### end Alembic commands ###
+
+
+def downgrade(tables):
+    ### commands auto generated by Alembic - please adjust! ###
+    op.drop_column('repositorybuild', 'logs_archived')
+    ### end Alembic commands ###
diff --git a/data/migrations/versions/3f4fe1194671_backfill_the_namespace_user_fields.py b/data/migrations/versions/3f4fe1194671_backfill_the_namespace_user_fields.py
new file mode 100644
index 000000000..6f40f4fc0
--- /dev/null
+++ b/data/migrations/versions/3f4fe1194671_backfill_the_namespace_user_fields.py
@@ -0,0 +1,26 @@
+"""Backfill the namespace_user fields.
+
+Revision ID: 3f4fe1194671
+Revises: 6f2ecf5afcf
+Create Date: 2014-09-24 14:29:45.192179
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '3f4fe1194671'
+down_revision = '6f2ecf5afcf'
+
+from alembic import op
+import sqlalchemy as sa
+
+
+def upgrade(tables):
+    conn = op.get_bind()
+    conn.execute('update repository set namespace_user_id = (select id from user where user.username = repository.namespace) where namespace_user_id is NULL')
+
+    op.create_index('repository_namespace_user_id_name', 'repository', ['namespace_user_id', 'name'], unique=True)
+
+
+def downgrade(tables):
+    op.drop_constraint('fk_repository_namespace_user_id_user', table_name='repository', type_='foreignkey')
+    op.drop_index('repository_namespace_user_id_name', table_name='repository')
diff --git a/data/migrations/versions/43e943c0639f_add_log_kind_for_regenerating_robot_.py b/data/migrations/versions/43e943c0639f_add_log_kind_for_regenerating_robot_.py
new file mode 100644
index 000000000..f676bf972
--- /dev/null
+++ b/data/migrations/versions/43e943c0639f_add_log_kind_for_regenerating_robot_.py
@@ -0,0 +1,29 @@
+"""add log kind for regenerating robot tokens
+
+Revision ID: 43e943c0639f
+Revises: 82297d834ad
+Create Date: 2014-08-25 17:14:42.784518
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '43e943c0639f'
+down_revision = '82297d834ad'
+
+from alembic import op
+import sqlalchemy as sa
+from sqlalchemy.dialects import mysql
+
+def upgrade(tables):
+    op.bulk_insert(tables.logentrykind,
+    [
+        {'id': 41, 'name':'regenerate_robot_token'},
+    ])
+
+
+def downgrade(tables):
+    op.execute(
+        (tables.logentrykind.delete()
+            .where(tables.logentrykind.c.name == op.inline_literal('regenerate_robot_token')))
+
+    )
diff --git a/data/migrations/versions/47670cbeced_migrate_existing_webhooks_to_.py b/data/migrations/versions/47670cbeced_migrate_existing_webhooks_to_.py
index 6f516e9b9..eaa687c73 100644
--- a/data/migrations/versions/47670cbeced_migrate_existing_webhooks_to_.py
+++ b/data/migrations/versions/47670cbeced_migrate_existing_webhooks_to_.py
@@ -18,14 +18,14 @@ def get_id(query):
     conn = op.get_bind()
     return list(conn.execute(query, ()).fetchall())[0][0]
 
-def upgrade():
+def upgrade(tables):
     conn = op.get_bind()
-    event_id = get_id('Select id From externalnotificationevent Where name="repo_push" Limit 1')
-    method_id = get_id('Select id From externalnotificationmethod Where name="webhook" Limit 1')
+    event_id = get_id('Select id From externalnotificationevent Where name=\'repo_push\' Limit 1')
+    method_id = get_id('Select id From externalnotificationmethod Where name=\'webhook\' Limit 1')
     conn.execute('Insert Into repositorynotification (uuid, repository_id, event_id, method_id, config_json) Select public_id, repository_id, %s, %s, parameters FROM webhook' % (event_id, method_id))
 
-def downgrade():
+def downgrade(tables):
     conn = op.get_bind()
-    event_id = get_id('Select id From externalnotificationevent Where name="repo_push" Limit 1')
-    method_id = get_id('Select id From externalnotificationmethod Where name="webhook" Limit 1')
+    event_id = get_id('Select id From externalnotificationevent Where name=\'repo_push\' Limit 1')
+    method_id = get_id('Select id From externalnotificationmethod Where name=\'webhook\' Limit 1')
     conn.execute('Insert Into webhook (public_id, repository_id, parameters) Select uuid, repository_id, config_json FROM repositorynotification Where event_id=%s And method_id=%s' % (event_id, method_id))
diff --git a/data/migrations/versions/4a0c94399f38_add_new_notification_kinds.py b/data/migrations/versions/4a0c94399f38_add_new_notification_kinds.py
new file mode 100644
index 000000000..6b4160b19
--- /dev/null
+++ b/data/migrations/versions/4a0c94399f38_add_new_notification_kinds.py
@@ -0,0 +1,39 @@
+"""add new notification kinds
+
+Revision ID: 4a0c94399f38
+Revises: 1594a74a74ca
+Create Date: 2014-08-28 16:17:01.898269
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '4a0c94399f38'
+down_revision = '1594a74a74ca'
+
+from alembic import op
+import sqlalchemy as sa
+from sqlalchemy.dialects import mysql
+
+def upgrade(tables):
+    op.bulk_insert(tables.externalnotificationmethod,
+    [
+        {'id':4, 'name':'flowdock'},
+        {'id':5, 'name':'hipchat'},
+        {'id':6, 'name':'slack'},
+    ])
+
+def downgrade(tables):
+    op.execute(
+        (tables.externalnotificationmethod.delete()
+         .where(tables.externalnotificationmethod.c.name == op.inline_literal('flowdock')))
+    )
+
+    op.execute(
+        (tables.externalnotificationmethod.delete()
+         .where(tables.externalnotificationmethod.c.name == op.inline_literal('hipchat')))
+    )
+
+    op.execute(
+        (tables.externalnotificationmethod.delete()
+         .where(tables.externalnotificationmethod.c.name == op.inline_literal('slack')))
+    )
diff --git a/data/migrations/versions/4b7ef0c7bdb2_add_the_maintenance_notification_type.py b/data/migrations/versions/4b7ef0c7bdb2_add_the_maintenance_notification_type.py
index 9e5fff425..9f48ca6c6 100644
--- a/data/migrations/versions/4b7ef0c7bdb2_add_the_maintenance_notification_type.py
+++ b/data/migrations/versions/4b7ef0c7bdb2_add_the_maintenance_notification_type.py
@@ -11,23 +11,18 @@ revision = '4b7ef0c7bdb2'
 down_revision = 'bcdde200a1b'
 
 from alembic import op
-from data.model.sqlalchemybridge import gen_sqlalchemy_metadata
-from data.database import all_models
 import sqlalchemy as sa
 
-
-def upgrade():
-    schema = gen_sqlalchemy_metadata(all_models)
-    op.bulk_insert(schema.tables['notificationkind'],
+def upgrade(tables):
+    op.bulk_insert(tables.notificationkind,
     [
         {'id':4, 'name':'maintenance'},
     ])
 
 
-def downgrade():
-    notificationkind = schema.tables['notificationkind']
+def downgrade(tables):
     op.execute(
-        (notificationkind.delete()
-            .where(notificationkind.c.name == op.inline_literal('maintenance')))
+        (tables.notificationkind.delete()
+            .where(tables.notificationkind.c.name == op.inline_literal('maintenance')))
 
     )
diff --git a/data/migrations/versions/4fdb65816b8d_add_brute_force_prevention_metadata_to_.py b/data/migrations/versions/4fdb65816b8d_add_brute_force_prevention_metadata_to_.py
new file mode 100644
index 000000000..1ce802eca
--- /dev/null
+++ b/data/migrations/versions/4fdb65816b8d_add_brute_force_prevention_metadata_to_.py
@@ -0,0 +1,28 @@
+"""Add brute force prevention metadata to the user table.
+
+Revision ID: 4fdb65816b8d
+Revises: 43e943c0639f
+Create Date: 2014-09-03 12:35:33.722435
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '4fdb65816b8d'
+down_revision = '43e943c0639f'
+
+from alembic import op
+import sqlalchemy as sa
+from sqlalchemy.dialects import mysql
+
+def upgrade(tables):
+    ### commands auto generated by Alembic - please adjust! ###
+    op.add_column('user', sa.Column('invalid_login_attempts', sa.Integer(), nullable=False, server_default="0"))
+    op.add_column('user', sa.Column('last_invalid_login', sa.DateTime(), nullable=False, server_default=sa.func.now()))
+    ### end Alembic commands ###
+
+
+def downgrade(tables):
+    ### commands auto generated by Alembic - please adjust! ###
+    op.drop_column('user', 'last_invalid_login')
+    op.drop_column('user', 'invalid_login_attempts')
+    ### end Alembic commands ###
diff --git a/data/migrations/versions/51d04d0e7e6f_email_invites_for_joining_a_team.py b/data/migrations/versions/51d04d0e7e6f_email_invites_for_joining_a_team.py
new file mode 100644
index 000000000..c18335adb
--- /dev/null
+++ b/data/migrations/versions/51d04d0e7e6f_email_invites_for_joining_a_team.py
@@ -0,0 +1,78 @@
+"""Email invites for joining a team.
+
+Revision ID: 51d04d0e7e6f
+Revises: 34fd69f63809
+Create Date: 2014-09-15 23:51:35.478232
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '51d04d0e7e6f'
+down_revision = '34fd69f63809'
+
+from alembic import op
+import sqlalchemy as sa
+
+
+def upgrade(tables):
+    ### commands auto generated by Alembic - please adjust! ###
+    op.create_table('teammemberinvite',
+    sa.Column('id', sa.Integer(), nullable=False),
+    sa.Column('user_id', sa.Integer(), nullable=True),
+    sa.Column('email', sa.String(length=255), nullable=True),
+    sa.Column('team_id', sa.Integer(), nullable=False),
+    sa.Column('inviter_id', sa.Integer(), nullable=False),
+    sa.Column('invite_token', sa.String(length=255), nullable=False),
+    sa.ForeignKeyConstraint(['inviter_id'], ['user.id'], ),
+    sa.ForeignKeyConstraint(['team_id'], ['team.id'], ),
+    sa.ForeignKeyConstraint(['user_id'], ['user.id'], ),
+    sa.PrimaryKeyConstraint('id')
+    )
+    op.create_index('teammemberinvite_inviter_id', 'teammemberinvite', ['inviter_id'], unique=False)
+    op.create_index('teammemberinvite_team_id', 'teammemberinvite', ['team_id'], unique=False)
+    op.create_index('teammemberinvite_user_id', 'teammemberinvite', ['user_id'], unique=False)
+    ### end Alembic commands ###
+
+    # Manually add the new logentrykind types
+    op.bulk_insert(tables.logentrykind,
+    [
+        {'id':42, 'name':'org_invite_team_member'},
+        {'id':43, 'name':'org_team_member_invite_accepted'},
+        {'id':44, 'name':'org_team_member_invite_declined'},
+        {'id':45, 'name':'org_delete_team_member_invite'},
+    ])
+
+    op.bulk_insert(tables.notificationkind,
+    [
+        {'id':10, 'name':'org_team_invite'},
+    ])
+
+def downgrade(tables):
+    ### commands auto generated by Alembic - please adjust! ###
+    op.execute(
+        (tables.logentrykind.delete()
+         .where(tables.logentrykind.c.name == op.inline_literal('org_invite_team_member')))
+        )
+
+    op.execute(
+        (tables.logentrykind.delete()
+         .where(tables.logentrykind.c.name == op.inline_literal('org_team_member_invite_accepted')))
+        )
+
+    op.execute(
+        (tables.logentrykind.delete()
+         .where(tables.logentrykind.c.name == op.inline_literal('org_team_member_invite_declined')))
+        )
+
+    op.execute(
+        (tables.logentrykind.delete()
+         .where(tables.logentrykind.c.name == op.inline_literal('org_delete_team_member_invite')))
+        )
+
+    op.execute(
+        (tables.notificationkind.delete()
+         .where(tables.notificationkind.c.name == op.inline_literal('org_team_invite')))
+        )
+
+    op.drop_table('teammemberinvite')
+    ### end Alembic commands ###
diff --git a/data/migrations/versions/5a07499ce53f_set_up_initial_database.py b/data/migrations/versions/5a07499ce53f_set_up_initial_database.py
index 23aaf506a..f67224645 100644
--- a/data/migrations/versions/5a07499ce53f_set_up_initial_database.py
+++ b/data/migrations/versions/5a07499ce53f_set_up_initial_database.py
@@ -11,14 +11,9 @@ revision = '5a07499ce53f'
 down_revision = None
 
 from alembic import op
-from data.model.sqlalchemybridge import gen_sqlalchemy_metadata
-from data.database import all_models
 import sqlalchemy as sa
 
-
-def upgrade():
-    schema = gen_sqlalchemy_metadata(all_models)
-
+def upgrade(tables):
     ### commands auto generated by Alembic - please adjust! ###
     op.create_table('loginservice',
     sa.Column('id', sa.Integer(), nullable=False),
@@ -27,7 +22,7 @@ def upgrade():
     )
     op.create_index('loginservice_name', 'loginservice', ['name'], unique=True)
 
-    op.bulk_insert(schema.tables['loginservice'],
+    op.bulk_insert(tables.loginservice,
     [
         {'id':1, 'name':'github'},
         {'id':2, 'name':'quayrobot'},
@@ -66,7 +61,7 @@ def upgrade():
     )
     op.create_index('role_name', 'role', ['name'], unique=False)
 
-    op.bulk_insert(schema.tables['role'],
+    op.bulk_insert(tables.role,
     [
         {'id':1, 'name':'admin'},
         {'id':2, 'name':'write'},
@@ -80,7 +75,7 @@ def upgrade():
     )
     op.create_index('logentrykind_name', 'logentrykind', ['name'], unique=False)
 
-    op.bulk_insert(schema.tables['logentrykind'],
+    op.bulk_insert(tables.logentrykind,
     [
         {'id':1, 'name':'account_change_plan'},
         {'id':2, 'name':'account_change_cc'},
@@ -136,7 +131,7 @@ def upgrade():
     )
     op.create_index('notificationkind_name', 'notificationkind', ['name'], unique=False)
 
-    op.bulk_insert(schema.tables['notificationkind'],
+    op.bulk_insert(tables.notificationkind,
     [
         {'id':1, 'name':'password_required'},
         {'id':2, 'name':'over_private_usage'},
@@ -150,7 +145,7 @@ def upgrade():
     )
     op.create_index('teamrole_name', 'teamrole', ['name'], unique=False)
 
-    op.bulk_insert(schema.tables['teamrole'],
+    op.bulk_insert(tables.teamrole,
     [
         {'id':1, 'name':'admin'},
         {'id':2, 'name':'creator'},
@@ -164,7 +159,7 @@ def upgrade():
     )
     op.create_index('visibility_name', 'visibility', ['name'], unique=False)
 
-    op.bulk_insert(schema.tables['visibility'],
+    op.bulk_insert(tables.visibility,
     [
         {'id':1, 'name':'public'},
         {'id':2, 'name':'private'},
@@ -194,7 +189,7 @@ def upgrade():
     )
     op.create_index('buildtriggerservice_name', 'buildtriggerservice', ['name'], unique=False)
 
-    op.bulk_insert(schema.tables['buildtriggerservice'],
+    op.bulk_insert(tables.buildtriggerservice,
     [
         {'id':1, 'name':'github'},
     ])
@@ -203,7 +198,7 @@ def upgrade():
     sa.Column('id', sa.Integer(), nullable=False),
     sa.Column('user_id', sa.Integer(), nullable=False),
     sa.Column('service_id', sa.Integer(), nullable=False),
-    sa.Column('service_ident', sa.String(length=255, collation='utf8_general_ci'), nullable=False),
+    sa.Column('service_ident', sa.String(length=255), nullable=False),
     sa.ForeignKeyConstraint(['service_id'], ['loginservice.id'], ),
     sa.ForeignKeyConstraint(['user_id'], ['user.id'], ),
     sa.PrimaryKeyConstraint('id')
@@ -375,7 +370,7 @@ def upgrade():
     sa.Column('command', sa.Text(), nullable=True),
     sa.Column('repository_id', sa.Integer(), nullable=False),
     sa.Column('image_size', sa.BigInteger(), nullable=True),
-    sa.Column('ancestors', sa.String(length=60535, collation='latin1_swedish_ci'), nullable=True),
+    sa.Column('ancestors', sa.String(length=60535), nullable=True),
     sa.Column('storage_id', sa.Integer(), nullable=True),
     sa.ForeignKeyConstraint(['repository_id'], ['repository.id'], ),
     sa.ForeignKeyConstraint(['storage_id'], ['imagestorage.id'], ),
@@ -490,119 +485,34 @@ def upgrade():
     ### end Alembic commands ###
 
 
-def downgrade():
+def downgrade(tables):
     ### commands auto generated by Alembic - please adjust! ###
-    op.drop_index('repositorybuild_uuid', table_name='repositorybuild')
-    op.drop_index('repositorybuild_trigger_id', table_name='repositorybuild')
-    op.drop_index('repositorybuild_resource_key', table_name='repositorybuild')
-    op.drop_index('repositorybuild_repository_id', table_name='repositorybuild')
-    op.drop_index('repositorybuild_pull_robot_id', table_name='repositorybuild')
-    op.drop_index('repositorybuild_access_token_id', table_name='repositorybuild')
     op.drop_table('repositorybuild')
-    op.drop_index('repositorybuildtrigger_write_token_id', table_name='repositorybuildtrigger')
-    op.drop_index('repositorybuildtrigger_service_id', table_name='repositorybuildtrigger')
-    op.drop_index('repositorybuildtrigger_repository_id', table_name='repositorybuildtrigger')
-    op.drop_index('repositorybuildtrigger_pull_robot_id', table_name='repositorybuildtrigger')
-    op.drop_index('repositorybuildtrigger_connected_user_id', table_name='repositorybuildtrigger')
     op.drop_table('repositorybuildtrigger')
-    op.drop_index('logentry_repository_id', table_name='logentry')
-    op.drop_index('logentry_performer_id', table_name='logentry')
-    op.drop_index('logentry_kind_id', table_name='logentry')
-    op.drop_index('logentry_datetime', table_name='logentry')
-    op.drop_index('logentry_account_id', table_name='logentry')
-    op.drop_index('logentry_access_token_id', table_name='logentry')
     op.drop_table('logentry')
-    op.drop_index('repositorytag_repository_id_name', table_name='repositorytag')
-    op.drop_index('repositorytag_repository_id', table_name='repositorytag')
-    op.drop_index('repositorytag_image_id', table_name='repositorytag')
     op.drop_table('repositorytag')
-    op.drop_index('permissionprototype_role_id', table_name='permissionprototype')
-    op.drop_index('permissionprototype_org_id_activating_user_id', table_name='permissionprototype')
-    op.drop_index('permissionprototype_org_id', table_name='permissionprototype')
-    op.drop_index('permissionprototype_delegate_user_id', table_name='permissionprototype')
-    op.drop_index('permissionprototype_delegate_team_id', table_name='permissionprototype')
-    op.drop_index('permissionprototype_activating_user_id', table_name='permissionprototype')
     op.drop_table('permissionprototype')
-    op.drop_index('image_storage_id', table_name='image')
-    op.drop_index('image_repository_id_docker_image_id', table_name='image')
-    op.drop_index('image_repository_id', table_name='image')
-    op.drop_index('image_ancestors', table_name='image')
     op.drop_table('image')
-    op.drop_index('oauthauthorizationcode_code', table_name='oauthauthorizationcode')
-    op.drop_index('oauthauthorizationcode_application_id', table_name='oauthauthorizationcode')
     op.drop_table('oauthauthorizationcode')
-    op.drop_index('webhook_repository_id', table_name='webhook')
-    op.drop_index('webhook_public_id', table_name='webhook')
     op.drop_table('webhook')
-    op.drop_index('teammember_user_id_team_id', table_name='teammember')
-    op.drop_index('teammember_user_id', table_name='teammember')
-    op.drop_index('teammember_team_id', table_name='teammember')
     op.drop_table('teammember')
-    op.drop_index('oauthaccesstoken_uuid', table_name='oauthaccesstoken')
-    op.drop_index('oauthaccesstoken_refresh_token', table_name='oauthaccesstoken')
-    op.drop_index('oauthaccesstoken_authorized_user_id', table_name='oauthaccesstoken')
-    op.drop_index('oauthaccesstoken_application_id', table_name='oauthaccesstoken')
-    op.drop_index('oauthaccesstoken_access_token', table_name='oauthaccesstoken')
     op.drop_table('oauthaccesstoken')
-    op.drop_index('repositorypermission_user_id_repository_id', table_name='repositorypermission')
-    op.drop_index('repositorypermission_user_id', table_name='repositorypermission')
-    op.drop_index('repositorypermission_team_id_repository_id', table_name='repositorypermission')
-    op.drop_index('repositorypermission_team_id', table_name='repositorypermission')
-    op.drop_index('repositorypermission_role_id', table_name='repositorypermission')
-    op.drop_index('repositorypermission_repository_id', table_name='repositorypermission')
     op.drop_table('repositorypermission')
-    op.drop_index('accesstoken_role_id', table_name='accesstoken')
-    op.drop_index('accesstoken_repository_id', table_name='accesstoken')
-    op.drop_index('accesstoken_code', table_name='accesstoken')
     op.drop_table('accesstoken')
-    op.drop_index('repository_visibility_id', table_name='repository')
-    op.drop_index('repository_namespace_name', table_name='repository')
     op.drop_table('repository')
-    op.drop_index('team_role_id', table_name='team')
-    op.drop_index('team_organization_id', table_name='team')
-    op.drop_index('team_name_organization_id', table_name='team')
-    op.drop_index('team_name', table_name='team')
     op.drop_table('team')
-    op.drop_index('emailconfirmation_user_id', table_name='emailconfirmation')
-    op.drop_index('emailconfirmation_code', table_name='emailconfirmation')
     op.drop_table('emailconfirmation')
-    op.drop_index('notification_uuid', table_name='notification')
-    op.drop_index('notification_target_id', table_name='notification')
-    op.drop_index('notification_kind_id', table_name='notification')
-    op.drop_index('notification_created', table_name='notification')
     op.drop_table('notification')
-    op.drop_index('oauthapplication_organization_id', table_name='oauthapplication')
-    op.drop_index('oauthapplication_client_id', table_name='oauthapplication')
     op.drop_table('oauthapplication')
-    op.drop_index('federatedlogin_user_id', table_name='federatedlogin')
-    op.drop_index('federatedlogin_service_id_user_id', table_name='federatedlogin')
-    op.drop_index('federatedlogin_service_id_service_ident', table_name='federatedlogin')
-    op.drop_index('federatedlogin_service_id', table_name='federatedlogin')
     op.drop_table('federatedlogin')
-    op.drop_index('buildtriggerservice_name', table_name='buildtriggerservice')
     op.drop_table('buildtriggerservice')
-    op.drop_index('user_username', table_name='user')
-    op.drop_index('user_stripe_id', table_name='user')
-    op.drop_index('user_robot', table_name='user')
-    op.drop_index('user_organization', table_name='user')
-    op.drop_index('user_email', table_name='user')
     op.drop_table('user')
-    op.drop_index('visibility_name', table_name='visibility')
     op.drop_table('visibility')
-    op.drop_index('teamrole_name', table_name='teamrole')
     op.drop_table('teamrole')
-    op.drop_index('notificationkind_name', table_name='notificationkind')
     op.drop_table('notificationkind')
-    op.drop_index('logentrykind_name', table_name='logentrykind')
     op.drop_table('logentrykind')
-    op.drop_index('role_name', table_name='role')
     op.drop_table('role')
-    op.drop_index('queueitem_queue_name', table_name='queueitem')
-    op.drop_index('queueitem_processing_expires', table_name='queueitem')
-    op.drop_index('queueitem_available_after', table_name='queueitem')
-    op.drop_index('queueitem_available', table_name='queueitem')
     op.drop_table('queueitem')
     op.drop_table('imagestorage')
-    op.drop_index('loginservice_name', table_name='loginservice')
     op.drop_table('loginservice')
     ### end Alembic commands ###
diff --git a/data/migrations/versions/6f2ecf5afcf_add_the_uncompressed_size_to_image_.py b/data/migrations/versions/6f2ecf5afcf_add_the_uncompressed_size_to_image_.py
new file mode 100644
index 000000000..0022ae128
--- /dev/null
+++ b/data/migrations/versions/6f2ecf5afcf_add_the_uncompressed_size_to_image_.py
@@ -0,0 +1,25 @@
+"""add the uncompressed size to image storage
+
+Revision ID: 6f2ecf5afcf
+Revises: 13da56878560
+Create Date: 2014-09-22 14:39:13.470566
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '6f2ecf5afcf'
+down_revision = '13da56878560'
+
+from alembic import op
+import sqlalchemy as sa
+
+
+def upgrade(tables):
+    ### commands auto generated by Alembic - please adjust! ###
+    op.add_column('imagestorage', sa.Column('uncompressed_size', sa.BigInteger(), nullable=True))
+    ### end Alembic commands ###
+
+def downgrade(tables):
+    ### commands auto generated by Alembic - please adjust! ###
+    op.drop_column('imagestorage', 'uncompressed_size')
+    ### end Alembic commands ###
diff --git a/data/migrations/versions/82297d834ad_add_us_west_location.py b/data/migrations/versions/82297d834ad_add_us_west_location.py
index 59eb1f800..b939a939e 100644
--- a/data/migrations/versions/82297d834ad_add_us_west_location.py
+++ b/data/migrations/versions/82297d834ad_add_us_west_location.py
@@ -13,24 +13,17 @@ down_revision = '47670cbeced'
 from alembic import op
 import sqlalchemy as sa
 from sqlalchemy.dialects import mysql
-from data.model.sqlalchemybridge import gen_sqlalchemy_metadata
-from data.database import all_models
 
-
-def upgrade():
-    schema = gen_sqlalchemy_metadata(all_models)
-
-    op.bulk_insert(schema.tables['imagestoragelocation'],
+def upgrade(tables):
+    op.bulk_insert(tables.imagestoragelocation,
     [
         {'id':8, 'name':'s3_us_west_1'},
     ])
 
 
-def downgrade():
-    schema = gen_sqlalchemy_metadata(all_models)
-
+def downgrade(tables):
     op.execute(
-        (imagestoragelocation.delete()
-            .where(imagestoragelocation.c.name == op.inline_literal('s3_us_west_1')))
+        (tables.imagestoragelocation.delete()
+            .where(tables.imagestoragelocation.c.name == op.inline_literal('s3_us_west_1')))
 
     )
diff --git a/data/migrations/versions/9a1087b007d_allow_the_namespace_column_to_be_.py b/data/migrations/versions/9a1087b007d_allow_the_namespace_column_to_be_.py
new file mode 100644
index 000000000..9b63ae190
--- /dev/null
+++ b/data/migrations/versions/9a1087b007d_allow_the_namespace_column_to_be_.py
@@ -0,0 +1,28 @@
+"""Allow the namespace column to be nullable.
+
+Revision ID: 9a1087b007d
+Revises: 3f4fe1194671
+Create Date: 2014-10-01 16:11:21.277226
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '9a1087b007d'
+down_revision = '3f4fe1194671'
+
+from alembic import op
+import sqlalchemy as sa
+
+
+def upgrade(tables):
+    op.drop_index('repository_namespace_name', table_name='repository')
+    op.alter_column('repository', 'namespace', nullable=True, existing_type=sa.String(length=255),
+                    server_default=sa.text('NULL'))
+
+
+def downgrade(tables):
+    conn = op.get_bind()
+    conn.execute('update repository set namespace = (select username from user where user.id = repository.namespace_user_id) where namespace is NULL')
+
+    op.create_index('repository_namespace_name', 'repository', ['namespace', 'name'], unique=True)
+    op.alter_column('repository', 'namespace', nullable=False, existing_type=sa.String(length=255))
diff --git a/data/migrations/versions/bcdde200a1b_add_placements_and_locations_to_the_db.py b/data/migrations/versions/bcdde200a1b_add_placements_and_locations_to_the_db.py
index eda4b2840..9fc433126 100644
--- a/data/migrations/versions/bcdde200a1b_add_placements_and_locations_to_the_db.py
+++ b/data/migrations/versions/bcdde200a1b_add_placements_and_locations_to_the_db.py
@@ -11,14 +11,10 @@ revision = 'bcdde200a1b'
 down_revision = '201d55b38649'
 
 from alembic import op
-from data.model.sqlalchemybridge import gen_sqlalchemy_metadata
-from data.database import all_models
 import sqlalchemy as sa
 
 
-def upgrade():
-    schema = gen_sqlalchemy_metadata(all_models)
-
+def upgrade(tables):
     ### commands auto generated by Alembic - please adjust! ###
     op.create_table('imagestoragelocation',
     sa.Column('id', sa.Integer(), nullable=False),
@@ -27,7 +23,7 @@ def upgrade():
     )
     op.create_index('imagestoragelocation_name', 'imagestoragelocation', ['name'], unique=True)
 
-    op.bulk_insert(schema.tables['imagestoragelocation'],
+    op.bulk_insert(tables.imagestoragelocation,
     [
         {'id':1, 'name':'s3_us_east_1'},
         {'id':2, 'name':'s3_eu_west_1'},
@@ -52,12 +48,8 @@ def upgrade():
     ### end Alembic commands ###
 
 
-def downgrade():
+def downgrade(tables):
     ### commands auto generated by Alembic - please adjust! ###
-    op.drop_index('imagestorageplacement_storage_id_location_id', table_name='imagestorageplacement')
-    op.drop_index('imagestorageplacement_storage_id', table_name='imagestorageplacement')
-    op.drop_index('imagestorageplacement_location_id', table_name='imagestorageplacement')
     op.drop_table('imagestorageplacement')
-    op.drop_index('imagestoragelocation_name', table_name='imagestoragelocation')
     op.drop_table('imagestoragelocation')
     ### end Alembic commands ###
diff --git a/data/migrations/versions/f42b0ea7a4d_remove_the_old_webhooks_table.py b/data/migrations/versions/f42b0ea7a4d_remove_the_old_webhooks_table.py
new file mode 100644
index 000000000..9ceab4218
--- /dev/null
+++ b/data/migrations/versions/f42b0ea7a4d_remove_the_old_webhooks_table.py
@@ -0,0 +1,35 @@
+"""Remove the old webhooks table.
+
+Revision ID: f42b0ea7a4d
+Revises: 4fdb65816b8d
+Create Date: 2014-09-03 13:43:23.391464
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = 'f42b0ea7a4d'
+down_revision = '4fdb65816b8d'
+
+from alembic import op
+import sqlalchemy as sa
+from sqlalchemy.dialects import mysql
+
+def upgrade(tables):
+    ### commands auto generated by Alembic - please adjust! ###
+    op.drop_table('webhook')
+    ### end Alembic commands ###
+
+
+def downgrade(tables):
+    ### commands auto generated by Alembic - please adjust! ###
+    op.create_table('webhook',
+    sa.Column('id', mysql.INTEGER(display_width=11), nullable=False),
+    sa.Column('public_id', mysql.VARCHAR(length=255), nullable=False),
+    sa.Column('repository_id', mysql.INTEGER(display_width=11), autoincrement=False, nullable=False),
+    sa.Column('parameters', mysql.LONGTEXT(), nullable=False),
+    sa.ForeignKeyConstraint(['repository_id'], [u'repository.id'], name=u'fk_webhook_repository_repository_id'),
+    sa.PrimaryKeyConstraint('id'),
+    mysql_default_charset=u'latin1',
+    mysql_engine=u'InnoDB'
+    )
+    ### end Alembic commands ###
diff --git a/data/model/legacy.py b/data/model/legacy.py
index 9feea0738..87b4349fb 100644
--- a/data/model/legacy.py
+++ b/data/model/legacy.py
@@ -1,12 +1,31 @@
 import bcrypt
 import logging
-import datetime
 import dateutil.parser
 import json
 
-from data.database import *
-from util.validation import *
+from datetime import datetime, timedelta
+
+from data.database import (User, Repository, Image, AccessToken, Role, RepositoryPermission,
+                           Visibility, RepositoryTag, EmailConfirmation, FederatedLogin,
+                           LoginService, RepositoryBuild, Team, TeamMember, TeamRole,
+                           LogEntryKind, LogEntry, PermissionPrototype, ImageStorage,
+                           BuildTriggerService, RepositoryBuildTrigger, NotificationKind,
+                           Notification, ImageStorageLocation, ImageStoragePlacement,
+                           ExternalNotificationEvent, ExternalNotificationMethod,
+                           RepositoryNotification, RepositoryAuthorizedEmail, TeamMemberInvite,
+                           random_string_generator, db, BUILD_PHASE)
+from peewee import JOIN_LEFT_OUTER, fn
+from util.validation import (validate_username, validate_email, validate_password,
+                             INVALID_PASSWORD_MESSAGE)
 from util.names import format_robot_username
+from util.backoff import exponential_backoff
+
+
+EXPONENTIAL_BACKOFF_SCALE = timedelta(seconds=1)
+PRESUMED_DEAD_BUILD_AGE = timedelta(days=15)
+
+
+Namespace = User.alias()
 
 
 logger = logging.getLogger(__name__)
@@ -43,6 +62,9 @@ class InvalidRobotException(DataModelException):
 class InvalidTeamException(DataModelException):
   pass
 
+class InvalidTeamMemberException(DataModelException):
+  pass
+
 
 class InvalidPasswordException(DataModelException):
   pass
@@ -64,15 +86,42 @@ class InvalidBuildTriggerException(DataModelException):
   pass
 
 
+class InvalidImageException(DataModelException):
+  pass
+
+
 class TooManyUsersException(DataModelException):
   pass
 
 
+class UserAlreadyInTeam(DataModelException):
+  pass
+
+
+class TooManyLoginAttemptsException(Exception):
+  def __init__(self, message, retry_after):
+    super(TooManyLoginAttemptsException, self).__init__(message)
+    self.retry_after = retry_after
+
+
+def _get_repository(namespace_name, repository_name):
+  return (Repository
+          .select(Repository, Namespace)
+          .join(Namespace, on=(Repository.namespace_user == Namespace.id))
+          .where(Namespace.username == namespace_name, Repository.name == repository_name)
+          .get())
+
+
+def hash_password(password, salt=None):
+  salt = salt or bcrypt.gensalt()
+  return bcrypt.hashpw(password.encode('utf-8'), salt)
+
+
 def is_create_user_allowed():
-  return get_active_user_count() < config.app_config['LICENSE_USER_LIMIT']
+  return True
 
 
-def create_user(username, password, email):
+def create_user(username, password, email, auto_verify=False):
   """ Creates a regular user, if allowed. """
   if not validate_password(password):
     raise InvalidPasswordException(INVALID_PASSWORD_MESSAGE)
@@ -81,15 +130,13 @@ def create_user(username, password, email):
     raise TooManyUsersException()
 
   created = _create_user(username, email)
-  
-  # Store the password hash
-  pw_hash = bcrypt.hashpw(password, bcrypt.gensalt())
-  created.password_hash = pw_hash
-  
+  created.password_hash = hash_password(password)
+  created.verified = auto_verify  
   created.save()
 
   return created
 
+
 def _create_user(username, email):
   if not validate_email(email):
     raise InvalidEmailAddressException('Invalid email address: %s' % email)
@@ -181,6 +228,19 @@ def create_robot(robot_shortname, parent):
   except Exception as ex:
     raise DataModelException(ex.message)
 
+def get_robot(robot_shortname, parent):
+  robot_username = format_robot_username(parent.username, robot_shortname)
+  robot = lookup_robot(robot_username)
+
+  if not robot:
+    msg = ('Could not find robot with username: %s' %
+           robot_username)
+    raise InvalidRobotException(msg)
+
+  service = LoginService.get(name='quayrobot')
+  login = FederatedLogin.get(FederatedLogin.user == robot, FederatedLogin.service == service)
+
+  return robot, login.service_ident
 
 def lookup_robot(robot_username):
   joined = User.select().join(FederatedLogin).join(LoginService)
@@ -191,7 +251,6 @@ def lookup_robot(robot_username):
 
   return found[0]
 
-
 def verify_robot(robot_username, password):
   joined = User.select().join(FederatedLogin).join(LoginService)
   found = list(joined.where(FederatedLogin.service_ident == password,
@@ -204,6 +263,25 @@ def verify_robot(robot_username, password):
 
   return found[0]
 
+def regenerate_robot_token(robot_shortname, parent):
+  robot_username = format_robot_username(parent.username, robot_shortname)
+
+  robot = lookup_robot(robot_username)
+  if not robot:
+    raise InvalidRobotException('Could not find robot with username: %s' %
+                                robot_username)
+
+  password = random_string_generator(length=64)()
+  robot.email = password
+
+  service = LoginService.get(name='quayrobot')
+  login = FederatedLogin.get(FederatedLogin.user == robot, FederatedLogin.service == service)
+  login.service_ident = password
+
+  login.save()
+  robot.save()
+
+  return robot, password
 
 def delete_robot(robot_username):
   try:
@@ -291,12 +369,41 @@ def remove_team(org_name, team_name, removed_by_username):
   team.delete_instance(recursive=True, delete_nullable=True)
 
 
+def add_or_invite_to_team(inviter, team, user=None, email=None, requires_invite=True):
+  # If the user is a member of the organization, then we simply add the
+  # user directly to the team. Otherwise, an invite is created for the user/email.
+  # We return None if the user was directly added and the invite object if the user was invited.  
+  if user and requires_invite:
+    orgname = team.organization.username
+
+    # If the user is part of the organization (or a robot), then no invite is required.
+    if user.robot:
+      requires_invite = False
+      if not user.username.startswith(orgname + '+'):
+        raise InvalidTeamMemberException('Cannot add the specified robot to this team, ' +
+                                         'as it is not a member of the organization')
+    else:      
+      Org = User.alias()
+      found = User.select(User.username)
+      found = found.where(User.username == user.username).join(TeamMember).join(Team)
+      found = found.join(Org, on=(Org.username == orgname)).limit(1)
+      requires_invite = not any(found)
+
+  # If we have a valid user and no invite is required, simply add the user to the team.
+  if user and not requires_invite:
+    add_user_to_team(user, team)
+    return None
+
+  email_address = email if not user else None
+  return TeamMemberInvite.create(user=user, email=email_address, team=team, inviter=inviter)
+
+
 def add_user_to_team(user, team):
   try:
     return TeamMember.create(user=user, team=team)
   except Exception:
-    raise DataModelException('Unable to add user \'%s\' to team: \'%s\'' %
-                             (user.username, team.name))
+    raise UserAlreadyInTeam('User \'%s\' is already a member of team \'%s\'' %
+                            (user.username, team.name))
 
 
 def remove_user_from_team(org_name, team_name, username, removed_by_username):
@@ -346,7 +453,8 @@ def set_team_org_permission(team, team_role_name, set_by_username):
   return team
 
 
-def create_federated_user(username, email, service_name, service_id, set_password_notification):
+def create_federated_user(username, email, service_name, service_id,
+                          set_password_notification, metadata={}):
   if not is_create_user_allowed():
     raise TooManyUsersException()
 
@@ -356,7 +464,8 @@ def create_federated_user(username, email, service_name, service_id, set_passwor
 
   service = LoginService.get(LoginService.name == service_name)
   FederatedLogin.create(user=new_user, service=service,
-                        service_ident=service_id)
+                        service_ident=service_id,
+                        metadata_json=json.dumps(metadata))
 
   if set_password_notification:
     create_notification('password_required', new_user)
@@ -364,9 +473,10 @@ def create_federated_user(username, email, service_name, service_id, set_passwor
   return new_user
 
 
-def attach_federated_login(user, service_name, service_id):
+def attach_federated_login(user, service_name, service_id, metadata={}):
   service = LoginService.get(LoginService.name == service_name)
-  FederatedLogin.create(user=user, service=service, service_ident=service_id)
+  FederatedLogin.create(user=user, service=service, service_ident=service_id,
+                        metadata_json=json.dumps(metadata))
   return user
 
 
@@ -385,7 +495,7 @@ def verify_federated_login(service_name, service_id):
 
 def list_federated_logins(user):
   selected = FederatedLogin.select(FederatedLogin.service_ident,
-                                   LoginService.name)
+                                   LoginService.name, FederatedLogin.metadata_json)
   joined = selected.join(LoginService)
   return joined.where(LoginService.name != 'quayrobot',
                       FederatedLogin.user == user)
@@ -412,18 +522,20 @@ def confirm_user_email(code):
   user = code.user
   user.verified = True
 
+  old_email = None
   new_email = code.new_email
   if new_email:
     if find_user_by_email(new_email):
       raise DataModelException('E-mail address already used.')    
       
+    old_email = user.email
     user.email = new_email
   
   user.save()
 
   code.delete_instance()
 
-  return user, new_email
+  return user, new_email, old_email
 
 
 def create_reset_password_email_code(email):
@@ -466,6 +578,20 @@ def get_user(username):
     return None
 
 
+def get_user_or_org(username):
+  try:
+    return User.get(User.username == username, User.robot == False)
+  except User.DoesNotExist:
+    return None
+
+
+def get_user_by_id(user_db_id):
+  try:
+    return User.get(User.id == user_db_id, User.organization == False)
+  except User.DoesNotExist:
+    return None
+
+
 def get_user_or_org_by_customer_id(customer_id):
   try:
     return User.get(User.stripe_id == customer_id)
@@ -490,12 +616,13 @@ def get_matching_users(username_prefix, robot_namespace=None,
                           (User.robot == True)))
 
   query = (User
-    .select(User.username, fn.Sum(Team.id), User.robot)
+    .select(User.username, User.robot)
     .group_by(User.username)
     .where(direct_user_query))
 
   if organization:
     query = (query
+      .select(User.username, User.robot, fn.Sum(Team.id))
       .join(TeamMember, JOIN_LEFT_OUTER)
       .join(Team, JOIN_LEFT_OUTER, on=((Team.id == TeamMember.team) &
                                        (Team.organization == organization))))
@@ -504,9 +631,9 @@ def get_matching_users(username_prefix, robot_namespace=None,
   class MatchingUserResult(object):
     def __init__(self, *args):
       self.username = args[0]
-      self.is_robot = args[2]
+      self.is_robot = args[1]
       if organization:
-        self.is_org_member = (args[1] != None)
+        self.is_org_member = (args[2] != None)
       else:
         self.is_org_member = None
 
@@ -521,11 +648,28 @@ def verify_user(username_or_email, password):
   except User.DoesNotExist:
     return None
 
-  if (fetched.password_hash and 
-      bcrypt.hashpw(password, fetched.password_hash) ==
-      fetched.password_hash):
+  now = datetime.utcnow()
+
+  if fetched.invalid_login_attempts > 0:
+    can_retry_at = exponential_backoff(fetched.invalid_login_attempts, EXPONENTIAL_BACKOFF_SCALE,
+                                       fetched.last_invalid_login)
+
+    if can_retry_at > now:
+      retry_after = can_retry_at - now
+      raise TooManyLoginAttemptsException('Too many login attempts.', retry_after.total_seconds())
+
+  if (fetched.password_hash and
+      hash_password(password, fetched.password_hash) == fetched.password_hash):
+    if fetched.invalid_login_attempts > 0:
+      fetched.invalid_login_attempts = 0
+      fetched.save()
+
     return fetched
 
+  fetched.invalid_login_attempts += 1
+  fetched.last_invalid_login = now
+  fetched.save()
+
   # We weren't able to authorize the user
   return None
 
@@ -570,6 +714,10 @@ def get_organization_team_members(teamid):
   query = joined.where(Team.id == teamid)
   return query
 
+def get_organization_team_member_invites(teamid):
+  joined = TeamMemberInvite.select().join(Team).join(User)
+  query = joined.where(Team.id == teamid)
+  return query
 
 def get_organization_member_set(orgname):
   Org = User.alias()
@@ -600,7 +748,7 @@ def get_visible_repositories(username=None, include_public=True, page=None,
                              limit=None, sort=False, namespace=None):
   query = _visible_repository_query(username=username, include_public=include_public, page=page,
                                     limit=limit, namespace=namespace,
-                                    select_models=[Repository, Visibility])
+                                    select_models=[Repository, Namespace, Visibility])
 
   if sort:
     query = query.order_by(Repository.description.desc())
@@ -614,11 +762,13 @@ def get_visible_repositories(username=None, include_public=True, page=None,
 def _visible_repository_query(username=None, include_public=True, limit=None,
                               page=None, namespace=None, select_models=[]):
   query = (Repository
-             .select(*select_models)  # Note: We need to leave this blank for the get_count case. Otherwise, MySQL/RDS complains.
-             .distinct()
-             .join(Visibility)
-             .switch(Repository)
-             .join(RepositoryPermission, JOIN_LEFT_OUTER))
+           .select(*select_models)  # MySQL/RDS complains is there are selected models for counts.
+           .distinct()
+           .join(Visibility)
+           .switch(Repository)
+           .join(Namespace, on=(Repository.namespace_user == Namespace.id))
+           .switch(Repository)
+           .join(RepositoryPermission, JOIN_LEFT_OUTER))
 
   query = _filter_to_repos_for_user(query, username, namespace, include_public)
 
@@ -644,31 +794,25 @@ def _filter_to_repos_for_user(query, username=None, namespace=None,
     AdminUser = User.alias()
 
     query = (query
-      .switch(RepositoryPermission)
-      .join(User, JOIN_LEFT_OUTER)
-      .switch(RepositoryPermission)
-      .join(Team, JOIN_LEFT_OUTER)
-      .join(TeamMember, JOIN_LEFT_OUTER)
-      .join(UserThroughTeam, JOIN_LEFT_OUTER, on=(UserThroughTeam.id ==
-                                                  TeamMember.user))
-      .switch(Repository)
-      .join(Org, JOIN_LEFT_OUTER, on=(Org.username == Repository.namespace))
-      .join(AdminTeam, JOIN_LEFT_OUTER, on=(Org.id ==
-                                            AdminTeam.organization))
-      .join(TeamRole, JOIN_LEFT_OUTER, on=(AdminTeam.role == TeamRole.id))
-      .switch(AdminTeam)
-      .join(AdminTeamMember, JOIN_LEFT_OUTER, on=(AdminTeam.id ==
-                                                  AdminTeamMember.team))
-      .join(AdminUser, JOIN_LEFT_OUTER, on=(AdminTeamMember.user ==
-                                            AdminUser.id)))
+             .switch(RepositoryPermission)
+             .join(User, JOIN_LEFT_OUTER)
+             .switch(RepositoryPermission)
+             .join(Team, JOIN_LEFT_OUTER)
+             .join(TeamMember, JOIN_LEFT_OUTER)
+             .join(UserThroughTeam, JOIN_LEFT_OUTER, on=(UserThroughTeam.id == TeamMember.user))
+             .switch(Repository)
+             .join(Org, JOIN_LEFT_OUTER, on=(Repository.namespace_user == Org.id))
+             .join(AdminTeam, JOIN_LEFT_OUTER, on=(Org.id == AdminTeam.organization))
+             .join(TeamRole, JOIN_LEFT_OUTER, on=(AdminTeam.role == TeamRole.id))
+             .switch(AdminTeam)
+             .join(AdminTeamMember, JOIN_LEFT_OUTER, on=(AdminTeam.id == AdminTeamMember.team))
+             .join(AdminUser, JOIN_LEFT_OUTER, on=(AdminTeamMember.user == AdminUser.id)))
 
-    where_clause = ((User.username == username) |
-                    (UserThroughTeam.username == username) |
-                    ((AdminUser.username == username) &
-                     (TeamRole.name == 'admin')))
+    where_clause = ((User.username == username) | (UserThroughTeam.username == username) |
+                    ((AdminUser.username == username) & (TeamRole.name == 'admin')))
 
     if namespace:
-      where_clause = where_clause & (Repository.namespace == namespace)
+      where_clause = where_clause & (Namespace.username == namespace)
 
   if include_public:
     new_clause = (Visibility.name == 'public')
@@ -687,7 +831,7 @@ def get_matching_repositories(repo_term, username=None):
   visible = get_visible_repositories(username)
 
   search_clauses = (Repository.name ** ('%' + name_term + '%') |
-                    Repository.namespace ** ('%' + namespace_term + '%'))
+                    Namespace.username ** ('%' + namespace_term + '%'))
 
   # Handle the case where the user has already entered a namespace path.
   if repo_term.find('/') > 0:
@@ -696,7 +840,7 @@ def get_matching_repositories(repo_term, username=None):
     name_term = parts[-1]
 
     search_clauses = (Repository.name ** ('%' + name_term + '%') &
-                      Repository.namespace ** ('%' + namespace_term + '%'))
+                      Namespace.username ** ('%' + namespace_term + '%'))
 
   final = visible.where(search_clauses).limit(10)
   return list(final)
@@ -706,7 +850,7 @@ def change_password(user, new_password):
   if not validate_password(new_password):
     raise InvalidPasswordException(INVALID_PASSWORD_MESSAGE)
 
-  pw_hash = bcrypt.hashpw(new_password, bcrypt.gensalt())
+  pw_hash = hash_password(new_password)
   user.password_hash = pw_hash
   user.save()
 
@@ -719,29 +863,27 @@ def change_invoice_email(user, invoice_email):
   user.save()
 
 
-def update_email(user, new_email):
+def update_email(user, new_email, auto_verify=False):
   user.email = new_email
-  user.verified = False
+  user.verified = auto_verify
   user.save()
 
 
 def get_all_user_permissions(user):
-  select = RepositoryPermission.select(RepositoryPermission, Role, Repository)
-  with_role = select.join(Role)
-  with_repo = with_role.switch(RepositoryPermission).join(Repository)
-  through_user = with_repo.switch(RepositoryPermission).join(User,
-                                                             JOIN_LEFT_OUTER)
-  as_perm = through_user.switch(RepositoryPermission)
-  through_team = as_perm.join(Team, JOIN_LEFT_OUTER).join(TeamMember,
-                                                          JOIN_LEFT_OUTER)
-
   UserThroughTeam = User.alias()
-  with_team_member = through_team.join(UserThroughTeam, JOIN_LEFT_OUTER,
-                                       on=(UserThroughTeam.id ==
-                                           TeamMember.user))
 
-  return with_team_member.where((User.id == user) | 
-                                (UserThroughTeam.id == user))
+  return (RepositoryPermission
+          .select(RepositoryPermission, Role, Repository, Namespace)
+          .join(Role)
+          .switch(RepositoryPermission)
+          .join(Repository)
+          .join(Namespace, on=(Repository.namespace_user == Namespace.id))
+          .switch(RepositoryPermission)
+          .join(User, JOIN_LEFT_OUTER)
+          .switch(RepositoryPermission)
+          .join(Team, JOIN_LEFT_OUTER).join(TeamMember, JOIN_LEFT_OUTER)
+          .join(UserThroughTeam, JOIN_LEFT_OUTER, on=(UserThroughTeam.id == TeamMember.user))
+          .where((User.id == user) | (UserThroughTeam.id == user)))
 
 
 def delete_prototype_permission(org, uid):
@@ -806,33 +948,37 @@ def get_org_wide_permissions(user):
 
 
 def get_all_repo_teams(namespace_name, repository_name):
-  select = RepositoryPermission.select(Team.name.alias('team_name'),
-                                       Role.name, RepositoryPermission)
-  with_team = select.join(Team)
-  with_role = with_team.switch(RepositoryPermission).join(Role)
-  with_repo = with_role.switch(RepositoryPermission).join(Repository)
-  return with_repo.where(Repository.namespace == namespace_name,
-                         Repository.name == repository_name)
+  return (RepositoryPermission.select(Team.name.alias('team_name'), Role.name, RepositoryPermission)
+          .join(Team)
+          .switch(RepositoryPermission)
+          .join(Role)
+          .switch(RepositoryPermission)
+          .join(Repository)
+          .join(Namespace, on=(Repository.namespace_user == Namespace.id))
+          .where(Namespace.username == namespace_name, Repository.name == repository_name))
 
 
 def get_all_repo_users(namespace_name, repository_name):
-  select = RepositoryPermission.select(User.username, User.robot, Role.name,
-                                       RepositoryPermission)
-  with_user = select.join(User)
-  with_role = with_user.switch(RepositoryPermission).join(Role)
-  with_repo = with_role.switch(RepositoryPermission).join(Repository)
-  return with_repo.where(Repository.namespace == namespace_name,
-                         Repository.name == repository_name)
+  return (RepositoryPermission.select(User.username, User.robot, Role.name, RepositoryPermission)
+          .join(User)
+          .switch(RepositoryPermission)
+          .join(Role)
+          .switch(RepositoryPermission)
+          .join(Repository)
+          .join(Namespace, on=(Repository.namespace_user == Namespace.id))
+          .where(Namespace.username == namespace_name, Repository.name == repository_name))
 
 
 def get_all_repo_users_transitive_via_teams(namespace_name, repository_name):
-  select = User.select().distinct()
-  with_team_member = select.join(TeamMember)
-  with_team = with_team_member.join(Team)
-  with_perm = with_team.join(RepositoryPermission)
-  with_repo = with_perm.join(Repository)
-  return with_repo.where(Repository.namespace == namespace_name,
-                          Repository.name == repository_name)
+  return (User
+          .select()
+          .distinct()
+          .join(TeamMember)
+          .join(Team)
+          .join(RepositoryPermission)
+          .join(Repository)
+          .join(Namespace, on=(Repository.namespace_user == Namespace.id))
+          .where(Namespace.username == namespace_name, Repository.name == repository_name))
 
 
 def get_all_repo_users_transitive(namespace_name, repository_name):
@@ -856,10 +1002,12 @@ def get_all_repo_users_transitive(namespace_name, repository_name):
 def get_repository_for_resource(resource_key):
   try:
     return (Repository
-      .select()
-      .join(RepositoryBuild)
-      .where(RepositoryBuild.resource_key == resource_key)
-      .get())
+            .select(Repository, Namespace)
+            .join(Namespace, on=(Repository.namespace_user == Namespace.id))
+            .switch(Repository)
+            .join(RepositoryBuild)
+            .where(RepositoryBuild.resource_key == resource_key)
+            .get())
   except Repository.DoesNotExist:
     return None
 
@@ -873,8 +1021,7 @@ def lookup_repository(repo_id):
 
 def get_repository(namespace_name, repository_name):
   try:
-    return Repository.get(Repository.name == repository_name,
-                          Repository.namespace == namespace_name)
+    return _get_repository(namespace_name, repository_name)
   except Repository.DoesNotExist:
     return None
 
@@ -891,11 +1038,18 @@ def get_repo_image(namespace_name, repository_name, image_id):
 
 
 def repository_is_public(namespace_name, repository_name):
-  joined = Repository.select().join(Visibility)
-  query = joined.where(Repository.namespace == namespace_name,
-                       Repository.name == repository_name,
-                       Visibility.name == 'public')
-  return len(list(query)) > 0
+  try:
+    (Repository
+     .select()
+     .join(Namespace, on=(Repository.namespace_user == Namespace.id))
+     .switch(Repository)
+     .join(Visibility)
+     .where(Namespace.username == namespace_name, Repository.name == repository_name,
+            Visibility.name == 'public')
+     .get())
+    return True
+  except Repository.DoesNotExist:
+    return False
 
 
 def set_repository_visibility(repo, visibility):
@@ -927,8 +1081,8 @@ def __apply_default_permissions(repo, proto_query, name_property,
 
 def create_repository(namespace, name, creating_user, visibility='private'):
   private = Visibility.get(name=visibility)
-  repo = Repository.create(namespace=namespace, name=name,
-                           visibility=private)
+  namespace_user = User.get(username=namespace)
+  repo = Repository.create(name=name, visibility=private, namespace_user=namespace_user)
   admin = Role.get(name='admin')
 
   if creating_user and not creating_user.organization:
@@ -994,31 +1148,34 @@ def __translate_ancestry(old_ancestry, translations, repository, username, prefe
 def find_create_or_link_image(docker_image_id, repository, username, translations,
                               preferred_location):
   with config.app_config['DB_TRANSACTION_FACTORY'](db):
-    repo_image = get_repo_image(repository.namespace, repository.name,
+    repo_image = get_repo_image(repository.namespace_user.username, repository.name,
                                 docker_image_id)
     if repo_image:
       return repo_image
 
     query = (Image
-      .select(Image, ImageStorage)
-      .distinct()
-      .join(ImageStorage)
-      .switch(Image)
-      .join(Repository)
-      .join(Visibility)
-      .switch(Repository)
-      .join(RepositoryPermission, JOIN_LEFT_OUTER))
+             .select(Image, ImageStorage)
+             .distinct()
+             .join(ImageStorage)
+             .switch(Image)
+             .join(Repository)
+             .join(Visibility)
+             .switch(Repository)
+             .join(RepositoryPermission, JOIN_LEFT_OUTER)
+             .switch(Repository)
+             .join(Namespace, on=(Repository.namespace_user == Namespace.id))
+             .where(ImageStorage.uploading == False))
 
     query = (_filter_to_repos_for_user(query, username)
-      .where(Image.docker_image_id == docker_image_id))
-    
+             .where(Image.docker_image_id == docker_image_id))
+
     new_image_ancestry = '/'
     origin_image_id = None
     try:
       to_copy = query.get()
       msg = 'Linking image to existing storage with docker id: %s and uuid: %s'
       logger.debug(msg, docker_image_id, to_copy.storage.uuid)
-      
+
       new_image_ancestry = __translate_ancestry(to_copy.ancestors, translations, repository,
                                                 username, preferred_location)
 
@@ -1049,49 +1206,64 @@ def find_create_or_link_image(docker_image_id, repository, username, translation
     return new_image
 
 
-def set_image_size(docker_image_id, namespace_name, repository_name,
-                   image_size):
+def get_storage_by_uuid(storage_uuid):
+  placements = list(ImageStoragePlacement
+                    .select(ImageStoragePlacement, ImageStorage, ImageStorageLocation)
+                    .join(ImageStorageLocation)
+                    .switch(ImageStoragePlacement)
+                    .join(ImageStorage)
+                    .where(ImageStorage.uuid == storage_uuid))
+
+  if not placements:
+    raise InvalidImageException('No storage found with uuid: %s', storage_uuid)
+
+  found = placements[0].storage
+  found.locations = {placement.location.name for placement in placements}
+
+  return found
+
+
+def set_image_size(docker_image_id, namespace_name, repository_name, image_size, uncompressed_size):
   try:
     image = (Image
-      .select(Image, ImageStorage)
-      .join(Repository)
-      .switch(Image)
-      .join(ImageStorage, JOIN_LEFT_OUTER)
-      .where(Repository.name == repository_name,
-             Repository.namespace == namespace_name,
-             Image.docker_image_id == docker_image_id)
-      .get())
+             .select(Image, ImageStorage)
+             .join(Repository)
+             .join(Namespace, on=(Repository.namespace_user == Namespace.id))
+             .switch(Image)
+             .join(ImageStorage, JOIN_LEFT_OUTER)
+             .where(Repository.name == repository_name, Namespace.username == namespace_name,
+                    Image.docker_image_id == docker_image_id)
+             .get())
 
   except Image.DoesNotExist:
     raise DataModelException('No image with specified id and repository')
 
-  if image.storage and image.storage.id:
-    image.storage.image_size = image_size
-    image.storage.save()
-  else:
-    image.image_size = image_size
-    image.save()
+  image.storage.image_size = image_size
+  image.storage.uncompressed_size = uncompressed_size
+  image.storage.save()
 
   return image
 
 
-def set_image_metadata(docker_image_id, namespace_name, repository_name,
-                       created_date_str, comment, command, parent=None):
+def set_image_metadata(docker_image_id, namespace_name, repository_name, created_date_str, comment,
+                       command, parent=None):
   with config.app_config['DB_TRANSACTION_FACTORY'](db):
     query = (Image
-      .select(Image, ImageStorage)
-      .join(Repository)
-      .switch(Image)
-      .join(ImageStorage)
-      .where(Repository.name == repository_name,
-             Repository.namespace == namespace_name,
-             Image.docker_image_id == docker_image_id))
+             .select(Image, ImageStorage)
+             .join(Repository)
+             .join(Namespace, on=(Repository.namespace_user == Namespace.id))
+             .switch(Image)
+             .join(ImageStorage)
+             .where(Repository.name == repository_name, Namespace.username == namespace_name,
+                    Image.docker_image_id == docker_image_id))
 
     try:
       fetched = query.get()
     except Image.DoesNotExist:
       raise DataModelException('No image with specified id and repository')
 
+    # We cleanup any old checksum in case it's a retry after a fail
+    fetched.storage.checksum = None
     fetched.storage.created = dateutil.parser.parse(created_date_str).replace(tzinfo=None)
     fetched.storage.comment = comment
     fetched.storage.command = command
@@ -1106,14 +1278,14 @@ def set_image_metadata(docker_image_id, namespace_name, repository_name,
 
 def _get_repository_images_base(namespace_name, repository_name, query_modifier):
   query = (ImageStoragePlacement
-    .select(ImageStoragePlacement, Image, ImageStorage, ImageStorageLocation)
-    .join(ImageStorageLocation)
-    .switch(ImageStoragePlacement)
-    .join(ImageStorage, JOIN_LEFT_OUTER)
-    .join(Image)
-    .join(Repository)
-    .where(Repository.name == repository_name,
-           Repository.namespace == namespace_name))
+           .select(ImageStoragePlacement, Image, ImageStorage, ImageStorageLocation)
+           .join(ImageStorageLocation)
+           .switch(ImageStoragePlacement)
+           .join(ImageStorage, JOIN_LEFT_OUTER)
+           .join(Image)
+           .join(Repository)
+           .join(Namespace, on=(Repository.namespace_user == Namespace.id))
+           .where(Repository.name == repository_name, Namespace.username == namespace_name))
 
   query = query_modifier(query)
 
@@ -1144,24 +1316,26 @@ def get_repository_images(namespace_name, repository_name):
 
 
 def list_repository_tags(namespace_name, repository_name):
-  select = RepositoryTag.select(RepositoryTag, Image)
-  with_repo = select.join(Repository)
-  with_image = with_repo.switch(RepositoryTag).join(Image)
-  return with_image.where(Repository.name == repository_name,
-                          Repository.namespace == namespace_name)
+  return (RepositoryTag
+          .select(RepositoryTag, Image)
+          .join(Repository)
+          .join(Namespace, on=(Repository.namespace_user == Namespace.id))
+          .switch(RepositoryTag)
+          .join(Image)
+          .where(Repository.name == repository_name, Namespace.username == namespace_name))
 
 
 def garbage_collect_repository(namespace_name, repository_name):
   with config.app_config['DB_TRANSACTION_FACTORY'](db):
     # Get a list of all images used by tags in the repository
     tag_query = (RepositoryTag
-      .select(RepositoryTag, Image, ImageStorage)
-      .join(Image)
-      .join(ImageStorage, JOIN_LEFT_OUTER)
-      .switch(RepositoryTag)
-      .join(Repository)
-      .where(Repository.name == repository_name,
-             Repository.namespace == namespace_name))
+                 .select(RepositoryTag, Image, ImageStorage)
+                 .join(Image)
+                 .join(ImageStorage, JOIN_LEFT_OUTER)
+                 .switch(RepositoryTag)
+                 .join(Repository)
+                 .join(Namespace, on=(Repository.namespace_user == Namespace.id))
+                 .where(Repository.name == repository_name, Namespace.username == namespace_name))
 
     referenced_anscestors = set()
     for tag in tag_query:
@@ -1189,11 +1363,11 @@ def garbage_collect_repository(namespace_name, repository_name):
 
     if uuids_to_check_for_gc:
       storage_to_remove = (ImageStorage
-        .select()
-        .join(Image, JOIN_LEFT_OUTER)
-        .group_by(ImageStorage)
-        .where(ImageStorage.uuid << list(uuids_to_check_for_gc))
-        .having(fn.Count(Image.id) == 0))
+                           .select()
+                           .join(Image, JOIN_LEFT_OUTER)
+                           .group_by(ImageStorage)
+                           .where(ImageStorage.uuid << list(uuids_to_check_for_gc))
+                           .having(fn.Count(Image.id) == 0))
 
       for storage in storage_to_remove:
         logger.debug('Garbage collecting image storage: %s', storage.uuid)
@@ -1212,9 +1386,9 @@ def garbage_collect_repository(namespace_name, repository_name):
 def get_tag_image(namespace_name, repository_name, tag_name):
   def limit_to_tag(query):
     return (query
-      .switch(Image)
-      .join(RepositoryTag)
-      .where(RepositoryTag.name == tag_name))
+            .switch(Image)
+            .join(RepositoryTag)
+            .where(RepositoryTag.name == tag_name))
 
   images = _get_repository_images_base(namespace_name, repository_name, limit_to_tag)
   if not images:
@@ -1252,22 +1426,17 @@ def get_parent_images(namespace_name, repository_name, image_obj):
 def create_or_update_tag(namespace_name, repository_name, tag_name,
                          tag_docker_image_id):
   try:
-    repo = Repository.get(Repository.name == repository_name,
-                          Repository.namespace == namespace_name)
+    repo = _get_repository(namespace_name, repository_name)
   except Repository.DoesNotExist:
-    raise DataModelException('Invalid repository %s/%s' %
-                             (namespace_name, repository_name))
+    raise DataModelException('Invalid repository %s/%s' % (namespace_name, repository_name))
 
   try:
-    image = Image.get(Image.docker_image_id == tag_docker_image_id,
-                      Image.repository == repo)
+    image = Image.get(Image.docker_image_id == tag_docker_image_id, Image.repository == repo)
   except Image.DoesNotExist:
-    raise DataModelException('Invalid image with id: %s' %
-                             tag_docker_image_id)
+    raise DataModelException('Invalid image with id: %s' % tag_docker_image_id)
 
   try:
-    tag = RepositoryTag.get(RepositoryTag.repository == repo,
-                            RepositoryTag.name == tag_name)
+    tag = RepositoryTag.get(RepositoryTag.repository == repo, RepositoryTag.name == tag_name)
     tag.image = image
     tag.save()
   except RepositoryTag.DoesNotExist:
@@ -1277,41 +1446,46 @@ def create_or_update_tag(namespace_name, repository_name, tag_name,
 
 
 def delete_tag(namespace_name, repository_name, tag_name):
-  joined = RepositoryTag.select().join(Repository)
-  found = list(joined.where(Repository.name == repository_name,
-                            Repository.namespace == namespace_name,
-                            RepositoryTag.name == tag_name))
+  try:
+    found = (RepositoryTag
+             .select()
+             .join(Repository)
+             .join(Namespace, on=(Repository.namespace_user == Namespace.id))
+             .where(Repository.name == repository_name, Namespace.username == namespace_name,
+                    RepositoryTag.name == tag_name)
+             .get())
 
-  if not found:
+  except RepositoryTag.DoesNotExist:
     msg = ('Invalid repository tag \'%s\' on repository \'%s/%s\'' %
            (tag_name, namespace_name, repository_name))
     raise DataModelException(msg)
 
-  found[0].delete_instance()
+  found.delete_instance()
 
 
 def delete_all_repository_tags(namespace_name, repository_name):
   try:
-    repo = Repository.get(Repository.name == repository_name,
-                          Repository.namespace == namespace_name)
+    repo = _get_repository(namespace_name, repository_name)
   except Repository.DoesNotExist:
     raise DataModelException('Invalid repository \'%s/%s\'' %
                              (namespace_name, repository_name))
   RepositoryTag.delete().where(RepositoryTag.repository == repo.id).execute()
 
 
-def __entity_permission_repo_query(entity_id, entity_table,
-                                   entity_id_property, namespace_name,
+def __entity_permission_repo_query(entity_id, entity_table, entity_id_property, namespace_name,
                                    repository_name):
   """ This method works for both users and teams. """
-  selected = RepositoryPermission.select(entity_table, Repository, Role,
-                                         RepositoryPermission)
-  with_user = selected.join(entity_table)
-  with_role = with_user.switch(RepositoryPermission).join(Role)
-  with_repo = with_role.switch(RepositoryPermission).join(Repository)
-  return with_repo.where(Repository.name == repository_name,
-                         Repository.namespace == namespace_name,
-                         entity_id_property == entity_id)
+
+  return (RepositoryPermission
+          .select(entity_table, Repository, Namespace, Role, RepositoryPermission)
+          .join(entity_table)
+          .switch(RepositoryPermission)
+          .join(Role)
+          .switch(RepositoryPermission)
+          .join(Repository)
+          .join(Namespace, on=(Repository.namespace_user == Namespace.id))
+          .where(Repository.name == repository_name, Namespace.username == namespace_name,
+                 entity_id_property == entity_id))
 
 
 def get_user_reponame_permission(username, namespace_name, repository_name):
@@ -1359,8 +1533,7 @@ def delete_team_permission(team_name, namespace_name, repository_name):
 
 def __set_entity_repo_permission(entity, permission_entity_property,
                                  namespace_name, repository_name, role_name):
-  repo = Repository.get(Repository.name == repository_name,
-                        Repository.namespace == namespace_name)
+  repo = _get_repository(namespace_name, repository_name)
   new_role = Role.get(Role.name == role_name)
 
   # Fetch any existing permission for this entity on the repo
@@ -1411,15 +1584,18 @@ def purge_repository(namespace_name, repository_name):
   garbage_collect_repository(namespace_name, repository_name)
 
   # Delete the rest of the repository metadata
-  fetched = Repository.get(Repository.name == repository_name,
-                           Repository.namespace == namespace_name)
+  fetched = _get_repository(namespace_name, repository_name)
   fetched.delete_instance(recursive=True)
 
 
 def get_private_repo_count(username):
-  joined = Repository.select().join(Visibility)
-  return joined.where(Repository.namespace == username,
-                      Visibility.name == 'private').count()
+  return (Repository
+          .select()
+          .join(Visibility)
+          .switch(Repository)
+          .join(Namespace, on=(Repository.namespace_user == Namespace.id))
+          .where(Namespace.username == username, Visibility.name == 'private')
+          .count())
 
 
 def create_access_token(repository, role):
@@ -1432,22 +1608,23 @@ def create_access_token(repository, role):
 def create_delegate_token(namespace_name, repository_name, friendly_name,
                           role='read'):
   read_only = Role.get(name=role)
-  repo = Repository.get(Repository.name == repository_name,
-                        Repository.namespace == namespace_name)
+  repo = _get_repository(namespace_name, repository_name)
   new_token = AccessToken.create(repository=repo, role=read_only,
                                  friendly_name=friendly_name, temporary=False)
   return new_token
 
 
 def get_repository_delegate_tokens(namespace_name, repository_name):
-  return (AccessToken.select(AccessToken, Role)
-    .join(Repository)
-    .switch(AccessToken)
-    .join(Role)
-    .switch(AccessToken)
-    .join(RepositoryBuildTrigger, JOIN_LEFT_OUTER)
-    .where(Repository.name == repository_name, Repository.namespace == namespace_name,
-           AccessToken.temporary == False, RepositoryBuildTrigger.uuid >> None))
+  return (AccessToken
+          .select(AccessToken, Role)
+          .join(Repository)
+          .join(Namespace, on=(Repository.namespace_user == Namespace.id))
+          .switch(AccessToken)
+          .join(Role)
+          .switch(AccessToken)
+          .join(RepositoryBuildTrigger, JOIN_LEFT_OUTER)
+          .where(Repository.name == repository_name, Namespace.username == namespace_name,
+                 AccessToken.temporary == False, RepositoryBuildTrigger.uuid >> None))
 
 
 def get_repo_delegate_token(namespace_name, repository_name, code):
@@ -1481,14 +1658,17 @@ def delete_delegate_token(namespace_name, repository_name, code):
 
 def load_token_data(code):
   """ Load the permissions for any token by code. """
-  selected = AccessToken.select(AccessToken, Repository, Role)
-  with_role = selected.join(Role)
-  with_repo = with_role.switch(AccessToken).join(Repository)
-  fetched = list(with_repo.where(AccessToken.code == code))
+  try:
+    return (AccessToken
+            .select(AccessToken, Repository, Namespace, Role)
+            .join(Role)
+            .switch(AccessToken)
+            .join(Repository)
+            .join(Namespace, on=(Repository.namespace_user == Namespace.id))
+            .where(AccessToken.code == code)
+            .get())
 
-  if fetched:
-    return fetched[0]
-  else:
+  except AccessToken.DoesNotExist:
     raise InvalidTokenException('Invalid delegate token code: %s' % code)
 
 
@@ -1505,15 +1685,15 @@ def get_repository_build(namespace_name, repository_name, build_uuid):
 def list_repository_builds(namespace_name, repository_name, limit,
                            include_inactive=True):
   query = (RepositoryBuild
-    .select(RepositoryBuild, RepositoryBuildTrigger, BuildTriggerService)
-    .join(Repository)
-    .switch(RepositoryBuild)
-    .join(RepositoryBuildTrigger, JOIN_LEFT_OUTER)
-    .join(BuildTriggerService, JOIN_LEFT_OUTER)
-    .where(Repository.name == repository_name,
-           Repository.namespace == namespace_name)
-    .order_by(RepositoryBuild.started.desc())
-    .limit(limit))
+           .select(RepositoryBuild, RepositoryBuildTrigger, BuildTriggerService)
+           .join(Repository)
+           .join(Namespace, on=(Repository.namespace_user == Namespace.id))
+           .switch(RepositoryBuild)
+           .join(RepositoryBuildTrigger, JOIN_LEFT_OUTER)
+           .join(BuildTriggerService, JOIN_LEFT_OUTER)
+           .where(Repository.name == repository_name, Namespace.username == namespace_name)
+           .order_by(RepositoryBuild.started.desc())
+           .limit(limit))
 
   if not include_inactive:
     query = query.where(RepositoryBuild.phase != 'error',
@@ -1577,16 +1757,17 @@ def create_repo_notification(repo, event_name, method_name, config):
 
 
 def get_repo_notification(namespace_name, repository_name, uuid):
-  joined = RepositoryNotification.select().join(Repository)
-  found = list(joined.where(Repository.namespace == namespace_name,
-                            Repository.name == repository_name,
-                            RepositoryNotification.uuid == uuid))
-
-  if not found:
+  try:
+    return (RepositoryNotification
+            .select(RepositoryNotification, Repository, Namespace)
+            .join(Repository)
+            .join(Namespace, on=(Repository.namespace_user == Namespace.id))
+            .where(Namespace.username == namespace_name, Repository.name == repository_name,
+                   RepositoryNotification.uuid == uuid)
+            .get())
+  except RepositoryNotification.DoesNotExist:
     raise InvalidNotificationException('No repository notification found with id: %s' % uuid)
 
-  return found[0]
-
 
 def delete_repo_notification(namespace_name, repository_name, uuid):
   found = get_repo_notification(namespace_name, repository_name, uuid)
@@ -1595,15 +1776,19 @@ def delete_repo_notification(namespace_name, repository_name, uuid):
 
 
 def list_repo_notifications(namespace_name, repository_name, event_name=None):
-  joined = RepositoryNotification.select().join(Repository)
-  where = joined.where(Repository.namespace == namespace_name,
-                       Repository.name == repository_name)
+  query = (RepositoryNotification
+           .select(RepositoryNotification, Repository, Namespace)
+           .join(Repository)
+           .join(Namespace, on=(Repository.namespace_user == Namespace.id))
+           .where(Namespace.username == namespace_name, Repository.name == repository_name))
 
   if event_name:
-    event = ExternalNotificationEvent.get(ExternalNotificationEvent.name == event_name)
-    where = where.where(RepositoryNotification.event == event)
+    query = (query
+             .switch(RepositoryNotification)
+             .join(ExternalNotificationEvent)
+             .where(ExternalNotificationEvent.name == event_name))
 
-  return where
+  return query
 
 
 def list_logs(start_time, end_time, performer=None, repository=None, namespace=None):
@@ -1647,16 +1832,17 @@ def create_build_trigger(repo, service_name, auth_token, user, pull_robot=None):
 def get_build_trigger(namespace_name, repository_name, trigger_uuid):
   try:
     return (RepositoryBuildTrigger
-      .select(RepositoryBuildTrigger, BuildTriggerService, Repository)
-      .join(BuildTriggerService)
-      .switch(RepositoryBuildTrigger)
-      .join(Repository)
-      .switch(RepositoryBuildTrigger)
-      .join(User)
-      .where(RepositoryBuildTrigger.uuid == trigger_uuid,
-             Repository.namespace == namespace_name,
-             Repository.name == repository_name)
-      .get())
+            .select(RepositoryBuildTrigger, BuildTriggerService, Repository, Namespace)
+            .join(BuildTriggerService)
+            .switch(RepositoryBuildTrigger)
+            .join(Repository)
+            .join(Namespace, on=(Repository.namespace_user == Namespace.id))
+            .switch(RepositoryBuildTrigger)
+            .join(User)
+            .where(RepositoryBuildTrigger.uuid == trigger_uuid,
+                   Namespace.username == namespace_name,
+                   Repository.name == repository_name)
+            .get())
   except RepositoryBuildTrigger.DoesNotExist:
     msg = 'No build trigger with uuid: %s' % trigger_uuid
     raise InvalidBuildTriggerException(msg)
@@ -1664,12 +1850,12 @@ def get_build_trigger(namespace_name, repository_name, trigger_uuid):
 
 def list_build_triggers(namespace_name, repository_name):
   return (RepositoryBuildTrigger
-    .select(RepositoryBuildTrigger, BuildTriggerService, Repository)
-    .join(BuildTriggerService)
-    .switch(RepositoryBuildTrigger)
-    .join(Repository)
-    .where(Repository.namespace == namespace_name,
-           Repository.name == repository_name))
+          .select(RepositoryBuildTrigger, BuildTriggerService, Repository)
+          .join(BuildTriggerService)
+          .switch(RepositoryBuildTrigger)
+          .join(Repository)
+          .join(Namespace, on=(Repository.namespace_user == Namespace.id))
+          .where(Namespace.username == namespace_name, Repository.name == repository_name))
 
 
 def list_trigger_builds(namespace_name, repository_name, trigger_uuid,
@@ -1687,19 +1873,20 @@ def create_notification(kind_name, target, metadata={}):
 
 def create_unique_notification(kind_name, target, metadata={}):
   with config.app_config['DB_TRANSACTION_FACTORY'](db):
-    if list_notifications(target, kind_name).count() == 0:
+    if list_notifications(target, kind_name, limit=1).count() == 0:
       create_notification(kind_name, target, metadata)
 
 
 def lookup_notification(user, uuid):
-  results = list(list_notifications(user, id_filter=uuid, include_dismissed=True))
+  results = list(list_notifications(user, id_filter=uuid, include_dismissed=True, limit=1))
   if not results:
     return None
 
   return results[0]
 
 
-def list_notifications(user, kind_name=None, id_filter=None, include_dismissed=False):
+def list_notifications(user, kind_name=None, id_filter=None, include_dismissed=False,
+                       page=None, limit=None):
   Org = User.alias()
   AdminTeam = Team.alias()
   AdminTeamMember = TeamMember.alias()
@@ -1737,6 +1924,11 @@ def list_notifications(user, kind_name=None, id_filter=None, include_dismissed=F
       .switch(Notification)
       .where(Notification.uuid == id_filter))
 
+  if page:
+    query = query.paginate(page, limit)
+  elif limit:
+    query = query.limit(limit)
+
   return query
 
 
@@ -1753,17 +1945,57 @@ def delete_notifications_by_kind(target, kind_name):
                               Notification.kind == kind_ref).execute()
 
 
+def delete_matching_notifications(target, kind_name, **kwargs):
+  kind_ref = NotificationKind.get(name=kind_name)
+
+  # Load all notifications for the user with the given kind.
+  notifications = Notification.select().where(
+      Notification.target == target,
+      Notification.kind == kind_ref)
+
+  # For each, match the metadata to the specified values.
+  for notification in notifications:
+    matches = True
+    try:
+      metadata = json.loads(notification.metadata_json)
+    except:
+      continue
+
+    for (key, value) in kwargs.iteritems():
+      if not key in metadata or metadata[key] != value:
+        matches = False
+        break
+
+    if not matches:
+      continue
+
+    notification.delete_instance()
+
+
 def get_active_users():
   return User.select().where(User.organization == False, User.robot == False)
 
+
 def get_active_user_count():
   return get_active_users().count()
 
+
+def detach_external_login(user, service_name):
+  try:
+    service = LoginService.get(name = service_name)
+  except LoginService.DoesNotExist:
+    return
+
+  FederatedLogin.delete().where(FederatedLogin.user == user,
+                                FederatedLogin.service == service).execute()
+
+
 def delete_user(user):
   user.delete_instance(recursive=True, delete_nullable=True)
 
   # TODO: also delete any repository data associated
 
+
 def check_health():
   # We will connect to the db, check that it contains some log entry kinds
   try:
@@ -1772,24 +2004,23 @@ def check_health():
   except:
     return False
 
-def get_email_authorized_for_repo(namespace, repository, email):
-  found = list(RepositoryAuthorizedEmail.select()
-            .join(Repository)
-            .where(Repository.namespace == namespace,
-                   Repository.name == repository,
-                   RepositoryAuthorizedEmail.email == email)
-            .switch(RepositoryAuthorizedEmail)
-            .limit(1))
-  if not found or len(found) < 1:
-    return None
 
-  return found[0]
+def get_email_authorized_for_repo(namespace, repository, email):
+  try:
+    return (RepositoryAuthorizedEmail
+            .select(RepositoryAuthorizedEmail, Repository, Namespace)
+            .join(Repository)
+            .join(Namespace, on=(Repository.namespace_user == Namespace.id))
+            .where(Namespace.username == namespace, Repository.name == repository,
+                   RepositoryAuthorizedEmail.email == email)
+            .get())
+  except RepositoryAuthorizedEmail.DoesNotExist:
+    return None
 
 
 def create_email_authorization_for_repo(namespace_name, repository_name, email):
   try:
-    repo = Repository.get(Repository.name == repository_name,
-                          Repository.namespace == namespace_name)
+    repo = _get_repository(namespace_name, repository_name)
   except Repository.DoesNotExist:
     raise DataModelException('Invalid repository %s/%s' %
                              (namespace_name, repository_name))
@@ -1799,7 +2030,12 @@ def create_email_authorization_for_repo(namespace_name, repository_name, email):
 
 def confirm_email_authorization_for_repo(code):
   try:
-    found = RepositoryAuthorizedEmail.get(RepositoryAuthorizedEmail.code == code)
+    found = (RepositoryAuthorizedEmail
+             .select(RepositoryAuthorizedEmail, Repository, Namespace)
+             .join(Repository)
+             .join(Namespace, on=(Repository.namespace_user == Namespace.id))
+             .where(RepositoryAuthorizedEmail.code == code)
+             .get())
   except RepositoryAuthorizedEmail.DoesNotExist:
     raise DataModelException('Invalid confirmation code.')    
 
@@ -1807,3 +2043,72 @@ def confirm_email_authorization_for_repo(code):
   found.save()
 
   return found
+
+
+def delete_team_email_invite(team, email):
+  found = TeamMemberInvite.get(TeamMemberInvite.email == email, TeamMemberInvite.team == team)
+  found.delete_instance()
+
+def delete_team_user_invite(team, user):
+  try:
+    found = TeamMemberInvite.get(TeamMemberInvite.user == user, TeamMemberInvite.team == team)
+  except TeamMemberInvite.DoesNotExist:
+    return False
+
+  found.delete_instance()
+  return True
+
+def lookup_team_invites(user):
+  return TeamMemberInvite.select().where(TeamMemberInvite.user == user)
+
+def lookup_team_invite(code, user=None):
+ # Lookup the invite code.
+  try:
+    found = TeamMemberInvite.get(TeamMemberInvite.invite_token == code)
+  except TeamMemberInvite.DoesNotExist:
+    raise DataModelException('Invalid confirmation code.')
+
+  if user and found.user != user:
+    raise DataModelException('Invalid confirmation code.')    
+
+  return found
+
+def delete_team_invite(code, user=None):
+  found = lookup_team_invite(code, user)
+
+  team = found.team
+  inviter = found.inviter
+
+  found.delete_instance()
+
+  return (team, inviter)
+
+
+def confirm_team_invite(code, user):
+  found = lookup_team_invite(code)
+
+  # If the invite is for a specific user, we have to confirm that here.
+  if found.user is not None and found.user != user:
+    message = """This invite is intended for user "%s". 
+                 Please login to that account and try again.""" % found.user.username
+    raise DataModelException(message)
+
+  # Add the user to the team.
+  try:
+    add_user_to_team(user, found.team)
+  except UserAlreadyInTeam:
+    # Ignore.
+    pass
+
+  # Delete the invite and return the team.
+  team = found.team
+  inviter = found.inviter
+  found.delete_instance()
+  return (team, inviter)
+
+def archivable_buildlogs_query():
+  presumed_dead_date = datetime.utcnow() - PRESUMED_DEAD_BUILD_AGE
+  return (RepositoryBuild.select()
+    .where((RepositoryBuild.phase == BUILD_PHASE.COMPLETE) |
+           (RepositoryBuild.phase == BUILD_PHASE.ERROR) |
+           (RepositoryBuild.started < presumed_dead_date), RepositoryBuild.logs_archived == False))
diff --git a/data/model/oauth.py b/data/model/oauth.py
index 309e2122a..51bfc053e 100644
--- a/data/model/oauth.py
+++ b/data/model/oauth.py
@@ -46,7 +46,7 @@ class DatabaseAuthorizationProvider(AuthorizationProvider):
   def validate_redirect_uri(self, client_id, redirect_uri):
     try:
       app = OAuthApplication.get(client_id=client_id)
-      if app.redirect_uri and redirect_uri.startswith(app.redirect_uri):
+      if app.redirect_uri and redirect_uri and redirect_uri.startswith(app.redirect_uri):
         return True
       return False
     except OAuthApplication.DoesNotExist:
diff --git a/data/model/sqlalchemybridge.py b/data/model/sqlalchemybridge.py
index 46809fb21..8b7d8b664 100644
--- a/data/model/sqlalchemybridge.py
+++ b/data/model/sqlalchemybridge.py
@@ -17,7 +17,12 @@ OPTION_TRANSLATIONS = {
 
 
 def gen_sqlalchemy_metadata(peewee_model_list):
-  metadata = MetaData()
+  metadata = MetaData(naming_convention={
+    "ix": 'ix_%(column_0_label)s',
+    "uq": "uq_%(table_name)s_%(column_0_name)s",
+    "fk": "fk_%(table_name)s_%(column_0_name)s_%(referred_table_name)s",
+    "pk": "pk_%(table_name)s"
+  })
 
   for model in peewee_model_list:
     meta = model._meta
diff --git a/data/queue.py b/data/queue.py
index 44d7ad531..79e645ebf 100644
--- a/data/queue.py
+++ b/data/queue.py
@@ -68,9 +68,8 @@ class WorkQueue(object):
       'retries_remaining': retries_remaining,
     }
 
-    if available_after:
-      available_date = datetime.utcnow() + timedelta(seconds=available_after)
-      params['available_after'] = available_date
+    available_date = datetime.utcnow() + timedelta(seconds=available_after or 0)
+    params['available_after'] = available_date
 
     with self._transaction_factory(db):
       QueueItem.create(**params)
diff --git a/data/userevent.py b/data/userevent.py
index bcdafd078..b45d4e4fa 100644
--- a/data/userevent.py
+++ b/data/userevent.py
@@ -7,14 +7,14 @@ class UserEventBuilder(object):
   Defines a helper class for constructing UserEvent and UserEventListener
   instances.
   """
-  def __init__(self, redis_host):
-    self._redis_host = redis_host
+  def __init__(self, redis_config):
+    self._redis_config = redis_config
 
   def get_event(self, username):
-    return UserEvent(self._redis_host, username)
+    return UserEvent(self._redis_config, username)
 
   def get_listener(self, username, events):
-    return UserEventListener(self._redis_host, username, events)
+    return UserEventListener(self._redis_config, username, events)
 
 
 class UserEventsBuilderModule(object):
@@ -26,8 +26,14 @@ class UserEventsBuilderModule(object):
       self.state = None
 
   def init_app(self, app):
-    redis_hostname = app.config.get('USER_EVENTS_REDIS_HOSTNAME')
-    user_events = UserEventBuilder(redis_hostname)
+    redis_config = app.config.get('USER_EVENTS_REDIS')
+    if not redis_config:
+      # This is the old key name.
+      redis_config = {
+        'host': app.config.get('USER_EVENTS_REDIS_HOSTNAME')
+      }
+
+    user_events = UserEventBuilder(redis_config)
 
     # register extension with app
     app.extensions = getattr(app, 'extensions', {})
@@ -43,8 +49,8 @@ class UserEvent(object):
   Defines a helper class for publishing to realtime user events
   as backed by Redis.
   """
-  def __init__(self, redis_host, username):
-    self._redis = redis.StrictRedis(host=redis_host)
+  def __init__(self, redis_config, username):
+    self._redis = redis.StrictRedis(socket_connect_timeout=5, **redis_config)
     self._username = username
 
   @staticmethod
@@ -74,10 +80,10 @@ class UserEventListener(object):
   Defines a helper class for subscribing to realtime user events as
   backed by Redis.
   """
-  def __init__(self, redis_host, username, events=set([])):
+  def __init__(self, redis_config, username, events=set([])):
     channels = [self._user_event_key(username, e) for e in events]
 
-    self._redis = redis.StrictRedis(host=redis_host)
+    self._redis = redis.StrictRedis(socket_connect_timeout=5, **redis_config)
     self._pubsub = self._redis.pubsub()
     self._pubsub.subscribe(channels)
 
diff --git a/data/userfiles.py b/data/userfiles.py
index 79fbcb507..f4b786df5 100644
--- a/data/userfiles.py
+++ b/data/userfiles.py
@@ -1,110 +1,35 @@
-import boto
 import os
 import logging
-import hashlib
 import magic
 
-from boto.s3.key import Key
 from uuid import uuid4
 from flask import url_for, request, send_file, make_response, abort
 from flask.views import View
+from _pyio import BufferedReader
 
 
 logger = logging.getLogger(__name__)
 
 
-class FakeUserfiles(object):
-  def prepare_for_drop(self, mime_type):
-    return ('http://fake/url', uuid4())
-
-  def store_file(self, file_like_obj, content_type):
-    raise NotImplementedError()
-
-  def get_file_url(self, file_id, expires_in=300):
-    return ('http://fake/url')
-
-  def get_file_checksum(self, file_id):
-    return 'abcdefg'
-
-
-class S3FileWriteException(Exception):
-  pass
-
-
-class S3Userfiles(object):
-  def __init__(self, path, s3_access_key, s3_secret_key, bucket_name):
-    self._initialized = False
-    self._bucket_name = bucket_name
-    self._access_key = s3_access_key
-    self._secret_key = s3_secret_key
-    self._prefix = path
-    self._s3_conn = None
-    self._bucket = None
-
-  def _initialize_s3(self):
-    if not self._initialized:
-      self._s3_conn = boto.connect_s3(self._access_key, self._secret_key)
-      self._bucket = self._s3_conn.get_bucket(self._bucket_name)
-      self._initialized = True
-
-  def prepare_for_drop(self, mime_type):
-    """ Returns a signed URL to upload a file to our bucket. """
-    self._initialize_s3()
-    logger.debug('Requested upload url with content type: %s' % mime_type)
-    file_id = str(uuid4())
-    full_key = os.path.join(self._prefix, file_id)
-    k = Key(self._bucket, full_key)
-    url = k.generate_url(300, 'PUT', headers={'Content-Type': mime_type},
-                         encrypt_key=True)
-    return (url, file_id)
-
-  def store_file(self, file_like_obj, content_type):
-    self._initialize_s3()
-    file_id = str(uuid4())
-    full_key = os.path.join(self._prefix, file_id)
-    k = Key(self._bucket, full_key)
-    logger.debug('Setting s3 content type to: %s' % content_type)
-    k.set_metadata('Content-Type', content_type)
-    bytes_written = k.set_contents_from_file(file_like_obj, encrypt_key=True,
-                                             rewind=True)
-
-    if bytes_written == 0:
-      raise S3FileWriteException('Unable to write file to S3')
-
-    return file_id
-
-  def get_file_url(self, file_id, expires_in=300, mime_type=None):
-    self._initialize_s3()
-    full_key = os.path.join(self._prefix, file_id)
-    k = Key(self._bucket, full_key)
-    headers = None
-    if mime_type:
-      headers={'Content-Type': mime_type}
-    
-    return k.generate_url(expires_in, headers=headers)
-
-  def get_file_checksum(self, file_id):
-    self._initialize_s3()
-    full_key = os.path.join(self._prefix, file_id)
-    k = self._bucket.lookup(full_key)
-    return k.etag[1:-1][:7]
-
-
 class UserfilesHandlers(View):
   methods = ['GET', 'PUT']
 
-  def __init__(self, local_userfiles):
-    self._userfiles = local_userfiles
+  def __init__(self, distributed_storage, location, files):
+    self._storage = distributed_storage
+    self._files = files
+    self._locations = {location}
     self._magic = magic.Magic(mime=True)
 
   def get(self, file_id):
-    path = self._userfiles.file_path(file_id)
-    if not os.path.exists(path):
+    path = self._files.get_file_id_path(file_id)
+    try:
+      file_stream = self._storage.stream_read_file(self._locations, path)
+      buffered = BufferedReader(file_stream)
+      file_header_bytes = buffered.peek(1024)
+      return send_file(buffered, mimetype=self._magic.from_buffer(file_header_bytes))
+    except IOError:
       abort(404)
 
-    logger.debug('Sending path: %s' % path)
-    return send_file(path, mimetype=self._magic.from_file(path))
-
   def put(self, file_id):
     input_stream = request.stream
     if request.headers.get('transfer-encoding') == 'chunked':
@@ -112,7 +37,10 @@ class UserfilesHandlers(View):
       # encoding (Gunicorn)
       input_stream = request.environ['wsgi.input']
 
-    self._userfiles.store_stream(input_stream, file_id)
+    c_type = request.headers.get('Content-Type', None)
+
+    path = self._files.get_file_id_path(file_id)
+    self._storage.stream_write(self._locations, path, input_stream, c_type)
 
     return make_response('Okay')
 
@@ -123,99 +51,82 @@ class UserfilesHandlers(View):
       return self.put(file_id)
 
 
-class LocalUserfiles(object):
-  def __init__(self, app, path):
-    self._root_path = path
-    self._buffer_size = 64 * 1024  # 64 KB
+class DelegateUserfiles(object):
+  def __init__(self, app, distributed_storage, location, path, handler_name):
     self._app = app
+    self._storage = distributed_storage
+    self._locations = {location}
+    self._prefix = path
+    self._handler_name = handler_name
 
   def _build_url_adapter(self):
     return self._app.url_map.bind(self._app.config['SERVER_HOSTNAME'],
                                   script_name=self._app.config['APPLICATION_ROOT'] or '/',
                                   url_scheme=self._app.config['PREFERRED_URL_SCHEME'])
 
-  def prepare_for_drop(self, mime_type):
+  def get_file_id_path(self, file_id):
+    return os.path.join(self._prefix, file_id)
+
+  def prepare_for_drop(self, mime_type, requires_cors=True):
+    """ Returns a signed URL to upload a file to our bucket. """
+    logger.debug('Requested upload url with content type: %s' % mime_type)
     file_id = str(uuid4())
-    with self._app.app_context() as ctx:
-      ctx.url_adapter = self._build_url_adapter()
-      return (url_for('userfiles_handlers', file_id=file_id, _external=True), file_id)
+    path = self.get_file_id_path(file_id)
+    url = self._storage.get_direct_upload_url(self._locations, path, mime_type, requires_cors)
 
-  def file_path(self, file_id):
-    if '..' in file_id or file_id.startswith('/'):
-      raise RuntimeError('Invalid Filename')
-    return os.path.join(self._root_path, file_id)
+    if url is None:
+      with self._app.app_context() as ctx:
+        ctx.url_adapter = self._build_url_adapter()
+        return (url_for(self._handler_name, file_id=file_id, _external=True), file_id)
 
-  def store_stream(self, stream, file_id):
-    path = self.file_path(file_id)
-    dirname = os.path.dirname(path)
-    if not os.path.exists(dirname):
-      os.makedirs(dirname)
+    return (url, file_id)
 
-    with open(path, 'w') as to_write:
-      while True:
-        try:
-          buf = stream.read(self._buffer_size)
-          if not buf:
-            break
-          to_write.write(buf)
-        except IOError:
-          break
+  def store_file(self, file_like_obj, content_type, content_encoding=None, file_id=None):
+    if file_id is None:
+      file_id = str(uuid4())
 
-  def store_file(self, file_like_obj, content_type):
-    file_id = str(uuid4())
-
-    # Rewind the file to match what s3 does
-    file_like_obj.seek(0, os.SEEK_SET)
-
-    self.store_stream(file_like_obj, file_id)
+    path = self.get_file_id_path(file_id)
+    self._storage.stream_write(self._locations, path, file_like_obj, content_type,
+                               content_encoding)
     return file_id
 
-  def get_file_url(self, file_id, expires_in=300):
-    with self._app.app_context() as ctx:
-      ctx.url_adapter = self._build_url_adapter()
-      return url_for('userfiles_handlers', file_id=file_id, _external=True)
+  def get_file_url(self, file_id, expires_in=300, requires_cors=False):
+    path = self.get_file_id_path(file_id)
+    url = self._storage.get_direct_download_url(self._locations, path, expires_in, requires_cors)
+
+    if url is None:
+      with self._app.app_context() as ctx:
+        ctx.url_adapter = self._build_url_adapter()
+        return url_for(self._handler_name, file_id=file_id, _external=True)
+
+    return url
 
   def get_file_checksum(self, file_id):
-    path = self.file_path(file_id)
-    sha_hash = hashlib.sha256()
-    with open(path, 'r') as to_hash:
-      while True:
-        buf = to_hash.read(self._buffer_size)
-        if not buf:
-          break
-        sha_hash.update(buf)
-    return sha_hash.hexdigest()[:7]
+    path = self.get_file_id_path(file_id)
+    return self._storage.get_checksum(self._locations, path)
 
 
 class Userfiles(object):
-  def __init__(self, app=None):
+  def __init__(self, app=None, distributed_storage=None):
     self.app = app
     if app is not None:
-      self.state = self.init_app(app)
+      self.state = self.init_app(app, distributed_storage)
     else:
       self.state = None
 
-  def init_app(self, app):
-    storage_type = app.config.get('USERFILES_TYPE', 'LocalUserfiles')
-    path = app.config.get('USERFILES_PATH', '')
+  def init_app(self, app, distributed_storage):
+    location = app.config.get('USERFILES_LOCATION')
+    path = app.config.get('USERFILES_PATH', None)
 
-    if storage_type == 'LocalUserfiles':
-      userfiles = LocalUserfiles(app, path)
-      app.add_url_rule('/userfiles/<file_id>',
-                       view_func=UserfilesHandlers.as_view('userfiles_handlers',
-                                                           local_userfiles=userfiles))
+    handler_name = 'userfiles_handlers'
 
-    elif storage_type == 'S3Userfiles':
-      access_key = app.config.get('USERFILES_AWS_ACCESS_KEY', '')
-      secret_key = app.config.get('USERFILES_AWS_SECRET_KEY', '')
-      bucket = app.config.get('USERFILES_S3_BUCKET', '')
-      userfiles = S3Userfiles(path, access_key, secret_key, bucket)
+    userfiles = DelegateUserfiles(app, distributed_storage, location, path, handler_name)
 
-    elif storage_type == 'FakeUserfiles':
-      userfiles = FakeUserfiles()
-
-    else:
-      raise RuntimeError('Unknown userfiles type: %s' % storage_type)
+    app.add_url_rule('/userfiles/<file_id>',
+                     view_func=UserfilesHandlers.as_view(handler_name,
+                                                         distributed_storage=distributed_storage,
+                                                         location=location,
+                                                         files=userfiles))
 
     # register extension with app
     app.extensions = getattr(app, 'extensions', {})
diff --git a/emails/base.html b/emails/base.html
new file mode 100644
index 000000000..33dac53de
--- /dev/null
+++ b/emails/base.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xmlns="http://www.w3.org/1999/xhtml" style="font-family: 'Helvetica Neue', 'Helvetica', Helvetica, Arial, sans-serif; margin: 0; padding: 0;">
+  <head>
+    <meta name="viewport" content="width=device-width" />
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <title>{{ subject }}</title>
+  </head>
+  <body bgcolor="#FFFFFF" style="font-family: 'Helvetica Neue', 'Helvetica', Helvetica, Arial, sans-serif; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; width: 100% !important; height: 100%; margin: 0; padding: 0;"><style type="text/css">
+      @media only screen and (max-width: 600px) {
+      a[class="btn"] {
+      display: block !important; margin-bottom: 10px !important; background-image: none !important; margin-right: 0 !important;
+      }
+      div[class="column"] {
+      width: auto !important; float: none !important;
+      }
+      table.social div[class="column"] {
+      width: auto !important;
+      }
+      }
+    </style>
+
+    <!-- HEADER -->
+    <table class="head-wrap" bgcolor="#FFFFFF" style="font-family: 'Helvetica Neue', 'Helvetica', Helvetica, Arial, sans-serif; width: 100%; margin: 0; padding: 0;"><tr style="font-family: 'Helvetica Neue', 'Helvetica', Helvetica, Arial, sans-serif; margin: 0; padding: 0;"><td style="font-family: 'Helvetica Neue', 'Helvetica', Helvetica, Arial, sans-serif; margin: 0; padding: 0;"></td>
+	<td class="header container" style="font-family: 'Helvetica Neue', 'Helvetica', Helvetica, Arial, sans-serif; display: block !important; max-width: 100% !important; clear: both !important; margin: 0; padding: 0;">
+	  
+	  <div class="content" style="font-family: 'Helvetica Neue', 'Helvetica', Helvetica, Arial, sans-serif; max-width: 100%; display: block; margin: 0; padding: 15px;">
+	    <table bgcolor="#FFFFFF" style="font-family: 'Helvetica Neue', 'Helvetica', Helvetica, Arial, sans-serif; width: 100%; margin: 0; padding: 0;"><tr style="font-family: 'Helvetica Neue', 'Helvetica', Helvetica, Arial, sans-serif; margin: 0; padding: 0;"><td style="font-family: 'Helvetica Neue', 'Helvetica', Helvetica, Arial, sans-serif; margin: 0; padding: 0;"><img src="{{ app_logo }}" style="font-family: 'Helvetica Neue', 'Helvetica', Helvetica, Arial, sans-serif; max-width: 100%; margin: 0; padding: 0;" alt="{{ app_title }}" title="{{ app_title }}"/></td>					
+	  </tr></table></div>
+	  
+	</td>
+	<td style="font-family: 'Helvetica Neue', 'Helvetica', Helvetica, Arial, sans-serif; margin: 0; padding: 0;"></td>
+    </tr></table><!-- /HEADER --><!-- BODY --><table class="body-wrap" style="font-family: 'Helvetica Neue', 'Helvetica', Helvetica, Arial, sans-serif; width: 100%; margin: 0; padding: 0;"><tr style="font-family: 'Helvetica Neue', 'Helvetica', Helvetica, Arial, sans-serif; margin: 0; padding: 0;"><td style="font-family: 'Helvetica Neue', 'Helvetica', Helvetica, Arial, sans-serif; margin: 0; padding: 0;"></td>
+	<td class="container" bgcolor="#FFFFFF" style="font-family: 'Helvetica Neue', 'Helvetica', Helvetica, Arial, sans-serif; display: block !important; max-width: 100% !important; clear: both !important; margin: 0; padding: 0;">
+
+	  <div class="content" style="font-family: 'Helvetica Neue', 'Helvetica', Helvetica, Arial, sans-serif; max-width: 100%; display: block; margin: 0; padding: 15px;">
+	    <table style="font-family: 'Helvetica Neue', 'Helvetica', Helvetica, Arial, sans-serif; width: 100%; margin: 0; padding: 0;"><tr style="font-family: 'Helvetica Neue', 'Helvetica', Helvetica, Arial, sans-serif; margin: 0; padding: 0;"><td style="font-family: 'Helvetica Neue', 'Helvetica', Helvetica, Arial, sans-serif; margin: 0; padding: 0;">
+                  {% block content %}{% endblock %}
+		</td>
+	  </tr></table></div><!-- /content -->
+	  
+	</td>
+	<td style="font-family: 'Helvetica Neue', 'Helvetica', Helvetica, Arial, sans-serif; margin: 0; padding: 0;"></td>
+    </tr></table><!-- /BODY -->
+  </body>
+</html>
diff --git a/emails/changeemail.html b/emails/changeemail.html
new file mode 100644
index 000000000..ee9b909fc
--- /dev/null
+++ b/emails/changeemail.html
@@ -0,0 +1,13 @@
+{% extends "base.html" %}
+
+{% block content %}
+
+<h3>E-mail Address Change Requested</h3>
+
+This email address was recently asked to become the new e-mail address for user {{ username | user_reference }}.
+<br>
+<br>
+To confirm this change, please click the following link:<br>
+{{ app_link('confirm?code=' + token) }}
+
+{% endblock %}
diff --git a/emails/confirmemail.html b/emails/confirmemail.html
new file mode 100644
index 000000000..de94372cd
--- /dev/null
+++ b/emails/confirmemail.html
@@ -0,0 +1,13 @@
+{% extends "base.html" %}
+
+{% block content %}
+
+<h3>Please Confirm E-mail Address</h3>
+
+This email address was recently used to register user {{ username | user_reference }}.
+<br>
+<br>
+To confirm this email address, please click the following link:<br>
+{{ app_link('confirm?code=' + token) }}
+
+{% endblock %}
diff --git a/emails/emailchanged.html b/emails/emailchanged.html
new file mode 100644
index 000000000..ce6de5565
--- /dev/null
+++ b/emails/emailchanged.html
@@ -0,0 +1,12 @@
+{% extends "base.html" %}
+
+{% block content %}
+
+<h3>Account E-mail Address Changed</h3>
+
+The email address for user {{ username | user_reference }} has been changed from this e-mail address to {{ new_email }}.
+<br>
+<br>
+If this change was not expected, please immediately log into your {{ username | admin_reference }} and reset your email address.
+
+{% endblock %}
diff --git a/emails/passwordchanged.html b/emails/passwordchanged.html
new file mode 100644
index 000000000..07c6232cc
--- /dev/null
+++ b/emails/passwordchanged.html
@@ -0,0 +1,13 @@
+{% extends "base.html" %}
+
+{% block content %}
+
+<h3>Account Password Changed</h3>
+
+The password for user {{ username | user_reference }} has been updated.
+<br>
+<br>
+If this change was not expected, please immediately log into your account settings and reset your email address,
+or <a href="https://quay.io/contact">contact support</a>.
+
+{% endblock %}
diff --git a/emails/paymentfailure.html b/emails/paymentfailure.html
new file mode 100644
index 000000000..790f590b4
--- /dev/null
+++ b/emails/paymentfailure.html
@@ -0,0 +1,13 @@
+{% extends "base.html" %}
+
+{% block content %}
+
+<h3>Subscription Payment Failure</h3>
+
+Your recent payment for account {{ username | user_reference }} failed, which usually results in our payments processor canceling
+your subscription automatically. If you would like to continue to use {{ app_title }} without interruption,
+please add a new card to {{ app_title }} and re-subscribe to your plan.<br>
+<br>
+You can find the card and subscription management features under your {{ username | admin_reference }}<br>
+
+{% endblock %}
diff --git a/emails/recovery.html b/emails/recovery.html
new file mode 100644
index 000000000..6f0267e39
--- /dev/null
+++ b/emails/recovery.html
@@ -0,0 +1,18 @@
+{% extends "base.html" %}
+
+{% block content %}
+
+<h3>Account recovery</h3>
+
+A user at {{ app_link() }} has attempted to recover their account
+using this email address.
+<br>
+<br>
+If you made this request, please click the following link to recover your account and
+change your password:
+{{ app_link('recovery?code=' + token) }}
+<br><br>
+If you did not make this request, your account has not been compromised and the user was
+not given access. Please disregard this email.
+
+{% endblock %}
diff --git a/emails/repoauthorizeemail.html b/emails/repoauthorizeemail.html
new file mode 100644
index 000000000..7ae33975c
--- /dev/null
+++ b/emails/repoauthorizeemail.html
@@ -0,0 +1,13 @@
+{% extends "base.html" %}
+
+{% block content %}
+
+<h3>Verify e-mail to receive repository notifications</h3>
+
+A request has been made to send <a href="http://docs.quay.io/guides/notifications.html">notifications</a> to this email address for repository {{ (namespace, repository) | repository_reference }}
+
+<br><br>
+To verify this email address, please click the following link:<br>
+{{ app_link('authrepoemail?code=' + token) }}
+
+{% endblock %}
diff --git a/emails/teaminvite.html b/emails/teaminvite.html
new file mode 100644
index 000000000..3d8ff9c14
--- /dev/null
+++ b/emails/teaminvite.html
@@ -0,0 +1,17 @@
+{% extends "base.html" %}
+
+{% block content %}
+
+<h3>Invitation to join team: {{ teamname }}</h3>
+
+{{ inviter | user_reference }} has invited you to join the team <b>{{ teamname }}</b> under organization {{ organization | user_reference }}.
+
+<br><br>
+
+To join the team, please click the following link:<br>
+{{ app_link('confirminvite?code=' + token) }}
+
+<br><br>
+If you were not expecting this invitation, you can ignore this email.
+
+{% endblock %}
diff --git a/endpoints/api/__init__.py b/endpoints/api/__init__.py
index 0234e6820..a885c10b7 100644
--- a/endpoints/api/__init__.py
+++ b/endpoints/api/__init__.py
@@ -1,8 +1,9 @@
 import logging
 import json
+import datetime
 
 from app import app
-from flask import Blueprint, request, make_response, jsonify
+from flask import Blueprint, request, make_response, jsonify, session
 from flask.ext.restful import Resource, abort, Api, reqparse
 from flask.ext.restful.utils.cors import crossdomain
 from werkzeug.exceptions import HTTPException
@@ -53,11 +54,6 @@ class InvalidRequest(ApiException):
     ApiException.__init__(self, 'invalid_request', 400, error_description, payload)
 
 
-class InvalidResponse(ApiException):
-  def __init__(self, error_description, payload=None):
-    ApiException.__init__(self, 'invalid_response', 500, error_description, payload)
-
-
 class InvalidToken(ApiException):
   def __init__(self, error_description, payload=None):
     ApiException.__init__(self, 'invalid_token', 401, error_description, payload)
@@ -72,6 +68,11 @@ class Unauthorized(ApiException):
       ApiException.__init__(self, 'insufficient_scope', 403, 'Unauthorized', payload)
 
 
+class FreshLoginRequired(ApiException):
+  def __init__(self, payload=None):
+    ApiException.__init__(self, 'fresh_login_required', 401, "Requires fresh login", payload)
+
+
 class ExceedsLicenseException(ApiException):
   def __init__(self, payload=None):
     ApiException.__init__(self, None, 402, 'Payment Required', payload)
@@ -93,6 +94,14 @@ def handle_api_error(error):
   return response
 
 
+@api_bp.app_errorhandler(model.TooManyLoginAttemptsException)
+@crossdomain(origin='*', headers=['Authorization', 'Content-Type'])
+def handle_too_many_login_attempts(error):
+  response = make_response('Too many login attempts', 429)
+  response.headers['Retry-After'] = int(error.retry_after)
+  return response
+
+
 def resource(*urls, **kwargs):
   def wrapper(api_resource):
     if not api_resource:
@@ -163,7 +172,7 @@ def path_param(name, description):
   def add_param(func):
     if not func:
       return func
-
+      
     if '__api_path_params' not in dir(func):
       func.__api_path_params = {}
     func.__api_path_params[name] = {
@@ -265,6 +274,26 @@ def require_user_permission(permission_class, scope=None):
 
 require_user_read = require_user_permission(UserReadPermission, scopes.READ_USER)
 require_user_admin = require_user_permission(UserAdminPermission, None)
+require_fresh_user_admin = require_user_permission(UserAdminPermission, None)
+
+def require_fresh_login(func):
+  @add_method_metadata('requires_fresh_login', True)
+  @wraps(func)
+  def wrapped(*args, **kwargs):
+    user = get_authenticated_user()
+    if not user:
+      raise Unauthorized()
+
+    logger.debug('Checking fresh login for user %s', user.username)
+
+    last_login = session.get('login_time', datetime.datetime.min)
+    valid_span = datetime.datetime.now() - datetime.timedelta(minutes=10)
+
+    if not user.password_hash or last_login >= valid_span:
+      return func(*args, **kwargs)
+    
+    raise FreshLoginRequired()
+  return wrapped
 
 
 def require_scope(scope_object):
@@ -292,25 +321,6 @@ def validate_json_request(schema_name):
   return wrapper
 
 
-def define_json_response(schema_name):
-  def wrapper(func):
-    @add_method_metadata('response_schema', schema_name)
-    @wraps(func)
-    def wrapped(self, *args, **kwargs):
-      schema = self.schemas[schema_name]
-      try:
-        resp = func(self, *args, **kwargs)
-
-        if app.config['TESTING']:
-          validate(resp, schema)
-
-        return resp
-      except ValidationError as ex:
-        raise InvalidResponse(ex.message)
-    return wrapped
-  return wrapper
-
-
 def request_error(exception=None, **kwargs):
   data = kwargs.copy()
   message = 'Request error.'
@@ -338,6 +348,25 @@ def log_action(kind, user_or_orgname, metadata=None, repo=None):
                    metadata=metadata, repository=repo)
 
 
+def define_json_response(schema_name):
+  def wrapper(func):
+    @add_method_metadata('response_schema', schema_name)
+    @wraps(func)
+    def wrapped(self, *args, **kwargs):
+      schema = self.schemas[schema_name]
+      resp = func(self, *args, **kwargs)
+
+      if app.config['TESTING']:
+        try:
+          validate(resp, schema)
+        except ValidationError as ex:
+          raise InvalidResponse(ex.message)
+
+      return resp
+    return wrapped
+  return wrapper
+
+
 import endpoints.api.billing
 import endpoints.api.build
 import endpoints.api.discovery
diff --git a/endpoints/api/billing.py b/endpoints/api/billing.py
index f5b022ca6..de3c2126a 100644
--- a/endpoints/api/billing.py
+++ b/endpoints/api/billing.py
@@ -4,7 +4,7 @@ from flask import request
 from app import billing
 from endpoints.api import (resource, nickname, ApiResource, validate_json_request, log_action,
                            related_user_resource, internal_only, Unauthorized, NotFound,
-                           require_user_admin, show_if, hide_if, path_param, require_scope)
+                           require_user_admin, show_if, hide_if, path_param, require_scope, abort)
 from endpoints.api.subscribe import subscribe, subscription_view
 from auth.permissions import AdministerOrganizationPermission
 from auth.auth_context import get_authenticated_user
@@ -24,7 +24,11 @@ def get_card(user):
   }
 
   if user.stripe_id:
-    cus = billing.Customer.retrieve(user.stripe_id)
+    try:
+      cus = billing.Customer.retrieve(user.stripe_id)
+    except stripe.APIConnectionError as e:
+      abort(503, message='Cannot contact Stripe')
+
     if cus and cus.default_card:
       # Find the default card.
       default_card = None
@@ -47,7 +51,11 @@ def get_card(user):
 
 def set_card(user, token):
   if user.stripe_id:
-    cus = billing.Customer.retrieve(user.stripe_id)
+    try:
+      cus = billing.Customer.retrieve(user.stripe_id)
+    except stripe.APIConnectionError as e:
+      abort(503, message='Cannot contact Stripe')
+
     if cus:
       try:
         cus.card = token
@@ -56,6 +64,8 @@ def set_card(user, token):
         return carderror_response(exc)
       except stripe.InvalidRequestError as exc:
         return carderror_response(exc)
+      except stripe.APIConnectionError as e:
+        return carderror_response(e)
 
   return get_card(user)
 
@@ -76,7 +86,11 @@ def get_invoices(customer_id):
       'plan': i.lines.data[0].plan.id if i.lines.data[0].plan else None
     }
     
-  invoices = billing.Invoice.all(customer=customer_id, count=12)
+  try:
+    invoices = billing.Invoice.all(customer=customer_id, count=12)
+  except stripe.APIConnectionError as e:
+    abort(503, message='Cannot contact Stripe')
+
   return {
     'invoices': [invoice_view(i) for i in invoices.data]
   }
@@ -231,7 +245,10 @@ class UserPlan(ApiResource):
     private_repos = model.get_private_repo_count(user.username)
 
     if user.stripe_id:
-      cus = billing.Customer.retrieve(user.stripe_id)
+      try:
+        cus = billing.Customer.retrieve(user.stripe_id)
+      except stripe.APIConnectionError as e:
+        abort(503, message='Cannot contact Stripe')
 
       if cus.subscription:                                
         return subscription_view(cus.subscription, private_repos)
@@ -297,7 +314,10 @@ class OrganizationPlan(ApiResource):
       private_repos = model.get_private_repo_count(orgname)
       organization = model.get_organization(orgname)
       if organization.stripe_id:
-        cus = billing.Customer.retrieve(organization.stripe_id)
+        try:
+          cus = billing.Customer.retrieve(organization.stripe_id)
+        except stripe.APIConnectionError as e:
+          abort(503, message='Cannot contact Stripe')
 
         if cus.subscription:                                
           return subscription_view(cus.subscription, private_repos)
diff --git a/endpoints/api/build.py b/endpoints/api/build.py
index 7fa11cc15..e416b0083 100644
--- a/endpoints/api/build.py
+++ b/endpoints/api/build.py
@@ -1,9 +1,9 @@
 import logging
 import json
 
-from flask import request
+from flask import request, redirect
 
-from app import app, userfiles as user_files, build_logs
+from app import app, userfiles as user_files, build_logs, log_archive
 from endpoints.api import (RepositoryParamResource, parse_args, query_param, nickname, resource,
                            require_repo_read, require_repo_write, validate_json_request,
                            ApiResource, internal_only, format_date, api, Unauthorized, NotFound,
@@ -81,7 +81,7 @@ def build_status_view(build_obj, can_write=False):
   }
 
   if can_write:
-    resp['archive_url'] = user_files.get_file_url(build_obj.resource_key)
+    resp['archive_url'] = user_files.get_file_url(build_obj.resource_key, requires_cors=True)
 
   return resp
 
@@ -171,7 +171,7 @@ class RepositoryBuildList(RepositoryParamResource):
     # was used.
     associated_repository = model.get_repository_for_resource(dockerfile_id)
     if associated_repository:
-      if not ModifyRepositoryPermission(associated_repository.namespace,
+      if not ModifyRepositoryPermission(associated_repository.namespace_user.username,
                                         associated_repository.name):
         raise Unauthorized()
 
@@ -221,6 +221,10 @@ class RepositoryBuildLogs(RepositoryParamResource):
 
     build = model.get_repository_build(namespace, repository, build_uuid)
 
+    # If the logs have been archived, just redirect to the completed archive
+    if build.logs_archived:
+      return redirect(log_archive.get_file_url(build.uuid))
+
     start = int(request.args.get('start', 0))
 
     try:
@@ -263,7 +267,7 @@ class FileDropResource(ApiResource):
   def post(self):
     """ Request a URL to which a file may be uploaded. """
     mime_type = request.get_json()['mimeType']
-    (url, file_id) = user_files.prepare_for_drop(mime_type)
+    (url, file_id) = user_files.prepare_for_drop(mime_type, requires_cors=True)
     return {
       'url': url,
       'file_id': str(file_id),
diff --git a/endpoints/api/discovery.py b/endpoints/api/discovery.py
index db61a14b2..e0d8f5724 100644
--- a/endpoints/api/discovery.py
+++ b/endpoints/api/discovery.py
@@ -125,8 +125,17 @@ def swagger_route_data(include_internal=False, compact=False):
           if internal is not None:
             new_operation['internal'] = True
 
+          if include_internal:
+            requires_fresh_login = method_metadata(method, 'requires_fresh_login')
+            if requires_fresh_login is not None:
+              new_operation['requires_fresh_login'] = True
+
           if not internal or (internal and include_internal):
-            operations.append(new_operation)
+            # Swagger requires valid nicknames on all operations.
+            if new_operation.get('nickname'):              
+              operations.append(new_operation)
+            else:
+              logger.debug('Operation missing nickname: %s' % method)
 
       swagger_path = PARAM_REGEX.sub(r'{\2}', rule.rule)
       new_resource = {
diff --git a/endpoints/api/image.py b/endpoints/api/image.py
index 6da110eff..b2780c2aa 100644
--- a/endpoints/api/image.py
+++ b/endpoints/api/image.py
@@ -9,22 +9,33 @@ from data import model
 from util.cache import cache_control_flask_restful
 
 
-def image_view(image):
+def image_view(image, image_map):
   extended_props = image
   if image.storage and image.storage.id:
     extended_props = image.storage
 
   command = extended_props.command
+
+  def docker_id(aid):
+    if not aid:
+      return ''
+
+    return image_map[aid]
+
+  # Calculate the ancestors string, with the DBID's replaced with the docker IDs.
+  ancestors = [docker_id(a) for a in image.ancestors.split('/')]
+  ancestors_string = '/'.join(ancestors)
+
   return {
     'id': image.docker_image_id,
     'created': format_date(extended_props.created),
     'comment': extended_props.comment,
     'command': json.loads(command) if command else None,
-    'ancestors': image.ancestors,
-    'dbid': image.id,
     'size': extended_props.image_size,
     'locations': list(image.storage.locations),
     'uploading': image.storage.uploading,
+    'ancestors': ancestors_string,
+    'sort_index': len(image.ancestors)
   }
 
 
@@ -43,14 +54,16 @@ class RepositoryImageList(RepositoryParamResource):
     for tag in all_tags:
       tags_by_image_id[tag.image.docker_image_id].append(tag.name)
 
+    image_map = {}
+    for image in all_images:
+      image_map[str(image.id)] = image.docker_image_id
 
     def add_tags(image_json):
       image_json['tags'] = tags_by_image_id[image_json['id']]
       return image_json
 
-
     return {
-      'images': [add_tags(image_view(image)) for image in all_images]
+      'images': [add_tags(image_view(image, image_map)) for image in all_images]
     }
 
 
@@ -67,7 +80,12 @@ class RepositoryImage(RepositoryParamResource):
     if not image:
       raise NotFound()
 
-    return image_view(image)
+    # Lookup all the ancestor images for the image.
+    image_map = {}
+    for current_image in model.get_parent_images(namespace, repository, image):
+      image_map[str(current_image.id)] = image.docker_image_id
+
+    return image_view(image, image_map)
 
 
 @resource('/v1/repository/<repopath:repository>/image/<image_id>/changes')
diff --git a/endpoints/api/repoemail.py b/endpoints/api/repoemail.py
index 0b7c66917..288a4a12f 100644
--- a/endpoints/api/repoemail.py
+++ b/endpoints/api/repoemail.py
@@ -4,7 +4,7 @@ from flask import request, abort
 
 from endpoints.api import (resource, nickname, require_repo_admin, RepositoryParamResource,
                            log_action, validate_json_request, NotFound, internal_only,
-                           path_param)
+                           path_param, show_if)
 
 from app import tf
 from data import model
@@ -20,12 +20,13 @@ def record_view(record):
   return {
     'email': record.email,
     'repository': record.repository.name,
-    'namespace': record.repository.namespace,
+    'namespace': record.repository.namespace_user.username,
     'confirmed': record.confirmed
   }
 
 
 @internal_only
+@show_if(features.MAILING)
 @resource('/v1/repository/<repopath:repository>/authorizedemail/<email>')
 @path_param('repository', 'The full path of the repository. e.g. namespace/name')
 @path_param('email', 'The e-mail address')
diff --git a/endpoints/api/repository.py b/endpoints/api/repository.py
index b7ff899f6..722411d36 100644
--- a/endpoints/api/repository.py
+++ b/endpoints/api/repository.py
@@ -82,8 +82,7 @@ class RepositoryList(ApiResource):
 
       visibility = req['visibility']
 
-      repo = model.create_repository(namespace_name, repository_name, owner,
-                                     visibility)
+      repo = model.create_repository(namespace_name, repository_name, owner, visibility)
       repo.description = req['description']
       repo.save()
 
@@ -112,7 +111,7 @@ class RepositoryList(ApiResource):
     """Fetch the list of repositories under a variety of situations."""
     def repo_view(repo_obj):
       return {
-        'namespace': repo_obj.namespace,
+        'namespace': repo_obj.namespace_user.username,
         'name': repo_obj.name,
         'description': repo_obj.description,
         'is_public': repo_obj.visibility.name == 'public',
@@ -136,7 +135,8 @@ class RepositoryList(ApiResource):
 
     response['repositories'] = [repo_view(repo) for repo in repo_query
                                 if (repo.visibility.name == 'public' or
-                                    ReadRepositoryPermission(repo.namespace, repo.name).can())]
+                                    ReadRepositoryPermission(repo.namespace_user.username,
+                                                             repo.name).can())]
 
     return response
 
@@ -171,8 +171,7 @@ class Repository(RepositoryParamResource):
     def tag_view(tag):
       return {
         'name': tag.name,
-        'image_id': tag.image.docker_image_id,
-        'dbid': tag.image.id
+        'image_id': tag.image.docker_image_id
       }
 
     organization = None
diff --git a/endpoints/api/robot.py b/endpoints/api/robot.py
index df01f1a0d..b52cd4c5b 100644
--- a/endpoints/api/robot.py
+++ b/endpoints/api/robot.py
@@ -35,6 +35,14 @@ class UserRobotList(ApiResource):
 @internal_only
 class UserRobot(ApiResource):
   """ Resource for managing a user's robots. """
+  @require_user_admin
+  @nickname('getUserRobot')
+  def get(self, robot_shortname):
+    """ Returns the user's robot with the specified name. """
+    parent = get_authenticated_user()
+    robot, password = model.get_robot(robot_shortname, parent)
+    return robot_view(robot.username, password)
+
   @require_user_admin
   @nickname('createUserRobot')
   def put(self, robot_shortname):
@@ -79,6 +87,18 @@ class OrgRobotList(ApiResource):
 @related_user_resource(UserRobot)
 class OrgRobot(ApiResource):
   """ Resource for managing an organization's robots. """
+  @require_scope(scopes.ORG_ADMIN)
+  @nickname('getOrgRobot')
+  def get(self, orgname, robot_shortname):
+    """ Returns the organization's robot with the specified name. """
+    permission = AdministerOrganizationPermission(orgname)
+    if permission.can():
+      parent = model.get_organization(orgname)
+      robot, password = model.get_robot(robot_shortname, parent)
+      return robot_view(robot.username, password)
+    
+    raise Unauthorized()
+
   @require_scope(scopes.ORG_ADMIN)
   @nickname('createOrgRobot')
   def put(self, orgname, robot_shortname):
@@ -103,3 +123,38 @@ class OrgRobot(ApiResource):
       return 'Deleted', 204
 
     raise Unauthorized()
+
+
+@resource('/v1/user/robots/<robot_shortname>/regenerate')
+@path_param('robot_shortname', 'The short name for the robot, without any user or organization prefix')
+@internal_only
+class RegenerateUserRobot(ApiResource):
+  """ Resource for regenerate an organization's robot's token. """
+  @require_user_admin
+  @nickname('regenerateUserRobotToken')
+  def post(self, robot_shortname):
+    """ Regenerates the token for a user's robot. """
+    parent = get_authenticated_user()
+    robot, password = model.regenerate_robot_token(robot_shortname, parent)
+    log_action('regenerate_robot_token', parent.username,  {'robot': robot_shortname})
+    return robot_view(robot.username, password)
+
+
+@resource('/v1/organization/<orgname>/robots/<robot_shortname>/regenerate')
+@path_param('orgname', 'The name of the organization')
+@path_param('robot_shortname', 'The short name for the robot, without any user or organization prefix')
+@related_user_resource(RegenerateUserRobot)
+class RegenerateOrgRobot(ApiResource):
+  """ Resource for regenerate an organization's robot's token. """
+  @require_scope(scopes.ORG_ADMIN)
+  @nickname('regenerateOrgRobotToken')
+  def post(self, orgname, robot_shortname):
+    """ Regenerates the token for an organization robot. """
+    permission = AdministerOrganizationPermission(orgname)
+    if permission.can():
+      parent = model.get_organization(orgname)
+      robot, password = model.regenerate_robot_token(robot_shortname, parent)
+      log_action('regenerate_robot_token', orgname,  {'robot': robot_shortname})
+      return robot_view(robot.username, password)
+
+    raise Unauthorized()
diff --git a/endpoints/api/search.py b/endpoints/api/search.py
index 83a398b6b..3758f5f7c 100644
--- a/endpoints/api/search.py
+++ b/endpoints/api/search.py
@@ -112,7 +112,7 @@ class FindRepositories(ApiResource):
 
     def repo_view(repo):
       return {
-        'namespace': repo.namespace,
+        'namespace': repo.namespace_user.username,
         'name': repo.name,
         'description': repo.description
       }
@@ -126,5 +126,5 @@ class FindRepositories(ApiResource):
     return {
       'repositories': [repo_view(repo) for repo in matching
                        if (repo.visibility.name == 'public' or 
-                           ReadRepositoryPermission(repo.namespace, repo.name).can())]
+                           ReadRepositoryPermission(repo.namespace_user.username, repo.name).can())]
     }
diff --git a/endpoints/api/subscribe.py b/endpoints/api/subscribe.py
index dd6de9678..2c3fba359 100644
--- a/endpoints/api/subscribe.py
+++ b/endpoints/api/subscribe.py
@@ -15,6 +15,9 @@ logger = logging.getLogger(__name__)
 def carderror_response(exc):
   return {'carderror': exc.message}, 402
 
+def connection_response(exc):
+  return {'message': 'Could not contact Stripe. Please try again.'}, 503
+
 
 def subscription_view(stripe_subscription, used_repos):
   view = {
@@ -74,19 +77,29 @@ def subscribe(user, plan, token, require_business_plan):
         log_action('account_change_plan', user.username, {'plan': plan})
       except stripe.CardError as e:
         return carderror_response(e)
+      except stripe.APIConnectionError as e:
+        return connection_response(e)
 
       response_json = subscription_view(cus.subscription, private_repos)
       status_code = 201
 
   else:
     # Change the plan
-    cus = billing.Customer.retrieve(user.stripe_id)
+    try:
+      cus = billing.Customer.retrieve(user.stripe_id)
+    except stripe.APIConnectionError as e:
+      return connection_response(e)
 
     if plan_found['price'] == 0:
       if cus.subscription is not None:
         # We only have to cancel the subscription if they actually have one
-        cus.cancel_subscription()
-        cus.save()
+        try:
+          cus.cancel_subscription()
+          cus.save()
+        except stripe.APIConnectionError as e:
+          return connection_response(e)
+
+
         check_repository_usage(user, plan_found)
         log_action('account_change_plan', user.username, {'plan': plan})
 
@@ -101,6 +114,8 @@ def subscribe(user, plan, token, require_business_plan):
         cus.save()
       except stripe.CardError as e:
         return carderror_response(e)
+      except stripe.APIConnectionError as e:
+        return connection_response(e)
           
       response_json = subscription_view(cus.subscription, private_repos)
       check_repository_usage(user, plan_found)
diff --git a/endpoints/api/superuser.py b/endpoints/api/superuser.py
index 3eacd2f97..6defe4c77 100644
--- a/endpoints/api/superuser.py
+++ b/endpoints/api/superuser.py
@@ -1,20 +1,22 @@
+import string
 import logging
 import json
 
+from random import SystemRandom
 from app import app
-
 from flask import request
 
 from endpoints.api import (ApiResource, nickname, resource, validate_json_request, request_error,
                            log_action, internal_only, NotFound, require_user_admin, format_date,
                            InvalidToken, require_scope, format_date, hide_if, show_if, parse_args,
-                           query_param, abort, path_param)
+                           query_param, abort, require_fresh_login, path_param)
 
 from endpoints.api.logs import get_logs
 
 from data import model
 from auth.permissions import SuperUserPermission
 from auth.auth_context import get_authenticated_user
+from util.useremails import send_confirmation_email, send_recovery_email
 
 import features
 
@@ -42,24 +44,6 @@ class SuperUserLogs(ApiResource):
     abort(403)
 
 
-@resource('/v1/superuser/seats')
-@internal_only
-@show_if(features.SUPER_USERS)
-@hide_if(features.BILLING)
-class SeatUsage(ApiResource):
-  """ Resource for managing the seats granted in the license for the system. """
-  @nickname('getSeatCount')
-  def get(self):
-    """ Returns the current number of seats being used in the system. """
-    if SuperUserPermission().can():
-        return {
-          'count': model.get_active_user_count(),
-          'allowed': app.config.get('LICENSE_USER_LIMIT', 0)
-        }
-
-    abort(403)
-
-
 def user_view(user):
   return  {
     'username': user.username,
@@ -73,6 +57,26 @@ def user_view(user):
 @show_if(features.SUPER_USERS)
 class SuperUserList(ApiResource):
   """ Resource for listing users in the system. """
+  schemas = {
+    'CreateInstallUser': {
+      'id': 'CreateInstallUser',
+      'description': 'Data for creating a user',
+      'required': ['username', 'email'],
+      'properties': {
+        'username': {
+          'type': 'string',
+          'description': 'The username of the user being created'
+        },
+
+        'email': {
+          'type': 'string',
+          'description': 'The email address of the user being created'
+        }
+      }
+    }
+  }
+
+  @require_fresh_login
   @nickname('listAllUsers')
   def get(self):
     """ Returns a list of all users in the system. """
@@ -85,6 +89,63 @@ class SuperUserList(ApiResource):
     abort(403)
 
 
+  @require_fresh_login
+  @nickname('createInstallUser')
+  @validate_json_request('CreateInstallUser')
+  def post(self):
+    """ Creates a new user. """
+    user_information = request.get_json()
+    if SuperUserPermission().can():
+      username = user_information['username']
+      email = user_information['email']
+
+      # Generate a temporary password for the user.
+      random = SystemRandom()
+      password =  ''.join([random.choice(string.ascii_uppercase + string.digits) for _ in range(32)])
+
+      # Create the user.
+      user = model.create_user(username, password, email, auto_verify=not features.MAILING)
+
+      # If mailing is turned on, send the user a verification email.
+      if features.MAILING:
+        confirmation = model.create_confirm_email_code(user, new_email=user.email)
+        send_confirmation_email(user.username, user.email, confirmation.code)
+
+      return {
+        'username': username,
+        'email': email,
+        'password': password
+      }
+
+    abort(403)
+
+
+@resource('/v1/superusers/users/<username>/sendrecovery')
+@internal_only
+@show_if(features.SUPER_USERS)
+@show_if(features.MAILING)
+class SuperUserSendRecoveryEmail(ApiResource):
+  """ Resource for sending a recovery user on behalf of a user. """
+  @require_fresh_login
+  @nickname('sendInstallUserRecoveryEmail')
+  def post(self, username):
+    if SuperUserPermission().can():
+      user = model.get_user(username)
+      if not user or user.organization or user.robot:
+        abort(404)
+
+      if username in app.config['SUPER_USERS']:
+          abort(403)
+
+      code = model.create_reset_password_email_code(user.email)
+      send_recovery_email(user.email, code.code)
+      return {
+        'email': user.email
+      }
+
+    abort(403)
+
+
 @resource('/v1/superuser/users/<username>')
 @path_param('username', 'The username of the user being managed')
 @internal_only
@@ -109,18 +170,20 @@ class SuperUserManagement(ApiResource):
     },
   }
 
+  @require_fresh_login
   @nickname('getInstallUser')
   def get(self, username):
     """ Returns information about the specified user. """
     if SuperUserPermission().can():
-        user = model.get_user(username)
-        if not user or user.organization or user.robot:
-          abort(404)
-            
-        return user_view(user)
+      user = model.get_user(username)
+      if not user or user.organization or user.robot:
+        abort(404)
+          
+      return user_view(user)
 
     abort(403)
 
+  @require_fresh_login
   @nickname('deleteInstallUser')
   def delete(self, username):
     """ Deletes the specified user. """
@@ -137,6 +200,7 @@ class SuperUserManagement(ApiResource):
 
     abort(403)
 
+  @require_fresh_login
   @nickname('changeInstallUser')
   @validate_json_request('UpdateUser')
   def put(self, username):
diff --git a/endpoints/api/tag.py b/endpoints/api/tag.py
index 751fd6f60..223d57012 100644
--- a/endpoints/api/tag.py
+++ b/endpoints/api/tag.py
@@ -90,11 +90,14 @@ class RepositoryTagImages(RepositoryParamResource):
       raise NotFound()
 
     parent_images = model.get_parent_images(namespace, repository, tag_image)
+    image_map = {}
+    for image in parent_images:
+      image_map[str(image.id)] = image.docker_image_id
 
     parents = list(parent_images)
     parents.reverse()
     all_images = [tag_image] + parents
 
     return {
-      'images': [image_view(image) for image in all_images]
+      'images': [image_view(image, image_map) for image in all_images]
     }
diff --git a/endpoints/api/team.py b/endpoints/api/team.py
index 4ecef0e6e..e41ddad49 100644
--- a/endpoints/api/team.py
+++ b/endpoints/api/team.py
@@ -2,12 +2,51 @@ from flask import request
 
 from endpoints.api import (resource, nickname, ApiResource, validate_json_request, request_error,
                            log_action, Unauthorized, NotFound, internal_only, require_scope,
-                           path_param)
+                           path_param, query_param, truthy_bool, parse_args, require_user_admin,
+                           show_if)
 from auth.permissions import AdministerOrganizationPermission, ViewTeamPermission
 from auth.auth_context import get_authenticated_user
 from auth import scopes
 from data import model
+from util.useremails import send_org_invite_email
+from util.gravatar import compute_hash
 
+import features
+
+def try_accept_invite(code, user):
+  (team, inviter) = model.confirm_team_invite(code, user)
+
+  model.delete_matching_notifications(user, 'org_team_invite', code=code)
+
+  orgname = team.organization.username
+  log_action('org_team_member_invite_accepted', orgname, {
+    'member': user.username,
+    'team': team.name,
+    'inviter': inviter.username
+  })
+
+  return team
+
+
+def handle_addinvite_team(inviter, team, user=None, email=None):
+  invite = model.add_or_invite_to_team(inviter, team, user, email, 
+    requires_invite = features.MAILING)
+  if not invite:
+    # User was added to the team directly.
+    return
+
+  orgname = team.organization.username
+  if user:
+    model.create_notification('org_team_invite', user, metadata = {
+      'code': invite.invite_token,
+      'inviter': inviter.username,
+      'org': orgname,
+      'team': team.name
+    })
+
+  send_org_invite_email(user.username if user else email, user.email if user else email,
+                        orgname, team.name, inviter.username, invite.invite_token)
+  return invite
 
 def team_view(orgname, team):
   view_permission = ViewTeamPermission(orgname, team.name)
@@ -20,14 +59,28 @@ def team_view(orgname, team):
     'role': role
   }
 
-def member_view(member):
+def member_view(member, invited=False):
   return {
     'name': member.username,
     'kind': 'user',
     'is_robot': member.robot,
+    'gravatar': compute_hash(member.email) if not member.robot else None,
+    'invited': invited,
   }
 
 
+def invite_view(invite):
+  if invite.user:
+    return member_view(invite.user, invited=True)
+  else:
+    return {
+      'email': invite.email,
+      'kind': 'invite',
+      'gravatar': compute_hash(invite.email),
+      'invited': True
+    }
+
+
 @resource('/v1/organization/<orgname>/team/<teamname>')
 @path_param('orgname', 'The name of the organization')
 @path_param('teamname', 'The name of the team')
@@ -119,10 +172,11 @@ class OrganizationTeam(ApiResource):
 @path_param('teamname', 'The name of the team')
 class TeamMemberList(ApiResource):
   """ Resource for managing the list of members for a team. """
-
   @require_scope(scopes.ORG_ADMIN)
+  @parse_args
+  @query_param('includePending', 'Whether to include pending members', type=truthy_bool, default=False)
   @nickname('getOrganizationTeamMembers')
-  def get(self, orgname, teamname):
+  def get(self, args, orgname, teamname):
     """ Retrieve the list of members for the specified team. """
     view_permission = ViewTeamPermission(orgname, teamname)
     edit_permission = AdministerOrganizationPermission(orgname)
@@ -135,11 +189,18 @@ class TeamMemberList(ApiResource):
         raise NotFound()
         
       members = model.get_organization_team_members(team.id)
-      return {
-        'members': {m.username : member_view(m) for m in members},
+      invites = []
+
+      if args['includePending'] and edit_permission.can():
+        invites = model.get_organization_team_member_invites(team.id)
+
+      data = {
+        'members': [member_view(m) for m in members] + [invite_view(i) for i in invites],
         'can_edit': edit_permission.can()
       }
 
+      return data
+
     raise Unauthorized()
 
 
@@ -153,7 +214,7 @@ class TeamMember(ApiResource):
   @require_scope(scopes.ORG_ADMIN)
   @nickname('updateOrganizationTeamMember')
   def put(self, orgname, teamname, membername):
-    """ Add a member to an existing team. """
+    """ Adds or invites a member to an existing team. """
     permission = AdministerOrganizationPermission(orgname)
     if permission.can():
       team = None
@@ -170,23 +231,151 @@ class TeamMember(ApiResource):
       if not user:
         raise request_error(message='Unknown user')
         
-      # Add the user to the team.
-      model.add_user_to_team(user, team)
-      log_action('org_add_team_member', orgname, {'member': membername, 'team': teamname})
-      return member_view(user)
+      # Add or invite the user to the team.
+      inviter = get_authenticated_user()
+      invite = handle_addinvite_team(inviter, team, user=user)
+      if not invite:
+        log_action('org_add_team_member', orgname, {'member': membername, 'team': teamname})
+        return member_view(user, invited=False)
+    
+      # User was invited.
+      log_action('org_invite_team_member', orgname, {
+        'user': membername,
+        'member': membername,
+        'team': teamname
+      })
+      return member_view(user, invited=True)
 
     raise Unauthorized()
 
   @require_scope(scopes.ORG_ADMIN)
   @nickname('deleteOrganizationTeamMember')
   def delete(self, orgname, teamname, membername):
-    """ Delete an existing member of a team. """
+    """ Delete a member of a team. If the user is merely invited to join
+        the team, then the invite is removed instead.
+    """
     permission = AdministerOrganizationPermission(orgname)
     if permission.can():
       # Remote the user from the team.
       invoking_user = get_authenticated_user().username
+
+      # Find the team.
+      try:
+        team = model.get_organization_team(orgname, teamname)
+      except model.InvalidTeamException:
+        raise NotFound()
+     
+      # Find the member.
+      member = model.get_user(membername)
+      if not member:
+        raise NotFound()
+
+      # First attempt to delete an invite for the user to this team. If none found,
+      # then we try to remove the user directly.
+      if model.delete_team_user_invite(team, member):
+        log_action('org_delete_team_member_invite', orgname, {
+          'user': membername,
+          'team': teamname,
+          'member': membername
+        })
+        return 'Deleted', 204
+
       model.remove_user_from_team(orgname, teamname, membername, invoking_user)
       log_action('org_remove_team_member', orgname, {'member': membername, 'team': teamname})
       return 'Deleted', 204
 
     raise Unauthorized()
+
+
+@resource('/v1/organization/<orgname>/team/<teamname>/invite/<email>')
+@show_if(features.MAILING)
+class InviteTeamMember(ApiResource):
+  """ Resource for inviting a team member via email address. """
+  @require_scope(scopes.ORG_ADMIN)
+  @nickname('inviteTeamMemberEmail')
+  def put(self, orgname, teamname, email):
+    """ Invites an email address to an existing team. """
+    permission = AdministerOrganizationPermission(orgname)
+    if permission.can():
+      team = None
+
+      # Find the team.
+      try:
+        team = model.get_organization_team(orgname, teamname)
+      except model.InvalidTeamException:
+        raise NotFound()
+     
+      # Invite the email to the team.
+      inviter = get_authenticated_user()
+      invite = handle_addinvite_team(inviter, team, email=email)
+      log_action('org_invite_team_member', orgname, {
+        'email': email,
+        'team': teamname,
+        'member': email
+      })
+      return invite_view(invite)
+
+    raise Unauthorized()
+
+  @require_scope(scopes.ORG_ADMIN)
+  @nickname('deleteTeamMemberEmailInvite')
+  def delete(self, orgname, teamname, email):
+    """ Delete an invite of an email address to join a team. """
+    permission = AdministerOrganizationPermission(orgname)
+    if permission.can():
+      team = None
+
+      # Find the team.
+      try:
+        team = model.get_organization_team(orgname, teamname)
+      except model.InvalidTeamException:
+        raise NotFound()
+     
+      # Delete the invite.
+      model.delete_team_email_invite(team, email)
+      log_action('org_delete_team_member_invite', orgname, {
+        'email': email,
+        'team': teamname,
+        'member': email
+      })
+      return 'Deleted', 204
+
+    raise Unauthorized()
+
+
+@resource('/v1/teaminvite/<code>')
+@internal_only
+@show_if(features.MAILING)
+class TeamMemberInvite(ApiResource):
+  """ Resource for managing invites to jon a team. """
+  @require_user_admin
+  @nickname('acceptOrganizationTeamInvite')
+  def put(self, code):
+    """ Accepts an invite to join a team in an organization. """
+    # Accept the invite for the current user.
+    team = try_accept_invite(code, get_authenticated_user())
+    if not team:
+      raise NotFound()      
+
+    orgname = team.organization.username
+    return {
+      'org': orgname,
+      'team': team.name
+    }
+
+  @nickname('declineOrganizationTeamInvite')
+  @require_user_admin
+  def delete(self, code):
+    """ Delete an existing member of a team. """
+    (team, inviter) = model.delete_team_invite(code, get_authenticated_user())
+
+    model.delete_matching_notifications(get_authenticated_user(), 'org_team_invite', code=code)
+
+    orgname = team.organization.username
+    log_action('org_team_member_invite_declined', orgname, {
+        'member': get_authenticated_user().username,
+        'team': team.name,
+        'inviter': inviter.username
+    })
+
+    return 'Deleted', 204
diff --git a/endpoints/api/trigger.py b/endpoints/api/trigger.py
index 4cc224a00..68cd18da8 100644
--- a/endpoints/api/trigger.py
+++ b/endpoints/api/trigger.py
@@ -15,7 +15,7 @@ from endpoints.api.build import (build_status_view, trigger_view, RepositoryBuil
 from endpoints.common import start_build
 from endpoints.trigger import (BuildTrigger as BuildTriggerBase, TriggerDeactivationException,
                                TriggerActivationException, EmptyRepositoryException,
-                               RepositoryReadException)
+                               RepositoryReadException, TriggerStartException)
 from data import model
 from auth.permissions import UserAdminPermission, AdministerOrganizationPermission, ReadRepositoryPermission
 from util.names import parse_robot_username
@@ -212,7 +212,7 @@ class BuildTriggerActivate(RepositoryParamResource):
                                           'write')
 
       try:
-        repository_path = '%s/%s' % (trigger.repository.namespace,
+        repository_path = '%s/%s' % (trigger.repository.namespace_user.username,
                                      trigger.repository.name)
         path = url_for('webhooks.build_trigger_webhook',
                        repository=repository_path, trigger_uuid=trigger.uuid)
@@ -385,9 +385,24 @@ class BuildTriggerAnalyze(RepositoryParamResource):
 @path_param('trigger_uuid', 'The UUID of the build trigger')
 class ActivateBuildTrigger(RepositoryParamResource):
   """ Custom verb to manually activate a build trigger. """
+  schemas = {
+    'RunParameters': {
+      'id': 'RunParameters',
+      'type': 'object',
+      'description': 'Optional run parameters for activating the build trigger',
+      'additional_properties': False,
+      'properties': {
+        'branch_name': {
+          'type': 'string',
+          'description': '(GitHub Only) If specified, the name of the GitHub branch to build.'
+        }
+      }
+    }
+  }
 
   @require_repo_admin
   @nickname('manuallyStartBuildTrigger')
+  @validate_json_request('RunParameters')
   def post(self, namespace, repository, trigger_uuid):
     """ Manually start a build from the specified trigger. """
     try:
@@ -400,14 +415,18 @@ class ActivateBuildTrigger(RepositoryParamResource):
     if not handler.is_active(config_dict):
       raise InvalidRequest('Trigger is not active.')
 
-    specs = handler.manual_start(trigger.auth_token, config_dict)
-    dockerfile_id, tags, name, subdir = specs
+    try:
+      run_parameters = request.get_json()
+      specs = handler.manual_start(trigger.auth_token, config_dict, run_parameters=run_parameters)
+      dockerfile_id, tags, name, subdir = specs
 
-    repo = model.get_repository(namespace, repository)
-    pull_robot_name = model.get_pull_robot_name(trigger)
+      repo = model.get_repository(namespace, repository)
+      pull_robot_name = model.get_pull_robot_name(trigger)
 
-    build_request = start_build(repo, dockerfile_id, tags, name, subdir, True,
-                                pull_robot_name=pull_robot_name)
+      build_request = start_build(repo, dockerfile_id, tags, name, subdir, True,
+                                  pull_robot_name=pull_robot_name)
+    except TriggerStartException as tse:
+      raise InvalidRequest(tse.message)
 
     resp = build_status_view(build_request, True)
     repo_string = '%s/%s' % (namespace, repository)
@@ -437,6 +456,36 @@ class TriggerBuildList(RepositoryParamResource):
     }
 
 
+
+@resource('/v1/repository/<repopath:repository>/trigger/<trigger_uuid>/fields/<field_name>')
+@internal_only
+class BuildTriggerFieldValues(RepositoryParamResource):
+  """ Custom verb to fetch a values list for a particular field name. """
+  @require_repo_admin
+  @nickname('listTriggerFieldValues')
+  def get(self, namespace, repository, trigger_uuid, field_name):
+    """ List the field values for a custom run field. """
+    try:
+      trigger = model.get_build_trigger(namespace, repository, trigger_uuid)
+    except model.InvalidBuildTriggerException:
+      raise NotFound()
+
+    user_permission = UserAdminPermission(trigger.connected_user.username)
+    if user_permission.can():
+      trigger_handler = BuildTriggerBase.get_trigger_for_service(trigger.service.name)
+      values = trigger_handler.list_field_values(trigger.auth_token, json.loads(trigger.config),
+                                                 field_name)
+
+      if values is None:
+        raise NotFound()
+        
+      return {
+        'values': values
+      }
+    else:
+      raise Unauthorized()
+
+
 @resource('/v1/repository/<repopath:repository>/trigger/<trigger_uuid>/sources')
 @path_param('repository', 'The full path of the repository. e.g. namespace/name')
 @path_param('trigger_uuid', 'The UUID of the build trigger')
diff --git a/endpoints/api/user.py b/endpoints/api/user.py
index 3bafe40b4..440a76fa9 100644
--- a/endpoints/api/user.py
+++ b/endpoints/api/user.py
@@ -7,11 +7,13 @@ from flask.ext.principal import identity_changed, AnonymousIdentity
 
 from app import app, billing as stripe, authentication
 from endpoints.api import (ApiResource, nickname, resource, validate_json_request, request_error,
-                           log_action, internal_only, NotFound, require_user_admin, path_param,
-                           InvalidToken, require_scope, format_date, hide_if, show_if, license_error,
-                           define_json_response)
+                           log_action, internal_only, NotFound, require_user_admin, parse_args,
+                           query_param, InvalidToken, require_scope, format_date, hide_if, show_if,
+                           license_error,  require_fresh_login, path_param, define_json_response)
 from endpoints.api.subscribe import subscribe
 from endpoints.common import common_login
+from endpoints.api.team import try_accept_invite
+
 from data import model
 from data.billing import get_plan
 from auth.permissions import (AdministerOrganizationPermission, CreateRepositoryPermission,
@@ -19,7 +21,8 @@ from auth.permissions import (AdministerOrganizationPermission, CreateRepository
 from auth.auth_context import get_authenticated_user
 from auth import scopes
 from util.gravatar import compute_hash
-from util.useremails import (send_confirmation_email, send_recovery_email, send_change_email)
+from util.useremails import (send_confirmation_email, send_recovery_email, send_change_email, send_password_changed)
+from util.names import parse_single_urn
 
 import features
 
@@ -40,9 +43,15 @@ def user_view(user):
   organizations = model.get_user_organizations(user.username)
 
   def login_view(login):
+    try:
+      metadata = json.loads(login.metadata_json)
+    except:
+      metadata = {}
+
     return {
       'service': login.service.name,
       'service_identifier': login.service_ident,
+      'metadata': metadata
     }
 
   logins = model.list_federated_logins(user)
@@ -89,6 +98,7 @@ class User(ApiResource):
   """ Operations related to users. """
   schemas = {
     'NewUser': {
+
       'id': 'NewUser',
       'type': 'object',
       'description': 'Fields which must be specified for a new user.',
@@ -185,6 +195,7 @@ class User(ApiResource):
     return user_view(user)
 
   @require_user_admin
+  @require_fresh_login
   @nickname('changeUserDetails')
   @internal_only
   @validate_json_request('UpdateUser')
@@ -194,12 +205,15 @@ class User(ApiResource):
     user = get_authenticated_user()
     user_data = request.get_json()
 
-    try:
+    try:     
       if 'password' in user_data:
         logger.debug('Changing password for user: %s', user.username)
         log_action('account_change_password', user.username)
         model.change_password(user, user_data['password'])
 
+        if features.MAILING:
+          send_password_changed(user.username, user.email)
+
       if 'invoice_email' in user_data:
         logger.debug('Changing invoice_email for user: %s', user.username)
         model.change_invoice_email(user, user_data['invoice_email'])
@@ -210,22 +224,30 @@ class User(ApiResource):
           # Email already used.
           raise request_error(message='E-mail address already used')
         
-        logger.debug('Sending email to change email address for user: %s',
-                     user.username)
-        code = model.create_confirm_email_code(user, new_email=new_email)
-        send_change_email(user.username, user_data['email'], code.code)
+        if features.MAILING:          
+          logger.debug('Sending email to change email address for user: %s',
+                       user.username)
+          code = model.create_confirm_email_code(user, new_email=new_email)
+          send_change_email(user.username, user_data['email'], code.code)
+        else:
+          model.update_email(user, new_email, auto_verify=not features.MAILING)
         
     except model.InvalidPasswordException, ex:
       raise request_error(exception=ex)
 
     return user_view(user)
 
+  @show_if(features.USER_CREATION)
   @nickname('createNewUser')
+  @parse_args
+  @query_param('inviteCode', 'Invitation code given for creating the user.', type=str,
+               default='')
   @internal_only
   @validate_json_request('NewUser')
-  def post(self):
+  def post(self, args):
     """ Create a new user. """
     user_data = request.get_json()
+    invite_code = args['inviteCode']
 
     existing_user = model.get_user(user_data['username'])
     if existing_user:
@@ -233,10 +255,29 @@ class User(ApiResource):
 
     try:
       new_user = model.create_user(user_data['username'], user_data['password'],
-                                   user_data['email'])
-      code = model.create_confirm_email_code(new_user)
-      send_confirmation_email(new_user.username, new_user.email, code.code)
-      return 'Created', 201
+                                   user_data['email'], auto_verify=not features.MAILING)
+
+      # Handle any invite codes.
+      parsed_invite = parse_single_urn(invite_code)
+      if parsed_invite is not None:
+        if parsed_invite[0] == 'teaminvite':
+          # Add the user to the team.
+          try:
+            try_accept_invite(invite_code, new_user)
+          except model.DataModelException:
+            pass
+
+
+      if features.MAILING:
+        code = model.create_confirm_email_code(new_user)
+        send_confirmation_email(new_user.username, new_user.email, code.code)
+        return {
+          'awaiting_verification': True
+        }
+      else:
+        common_login(new_user)
+        return user_view(new_user)
+
     except model.TooManyUsersException as ex:
       raise license_error(exception=ex)
     except model.DataModelException as ex:
@@ -399,6 +440,37 @@ class Signin(ApiResource):
     return conduct_signin(username, password)
 
 
+@resource('/v1/signin/verify')
+@internal_only
+class VerifyUser(ApiResource):
+  """ Operations for verifying the existing user. """
+  schemas = {
+    'VerifyUser': {
+      'id': 'VerifyUser',
+      'type': 'object',
+      'description': 'Information required to verify the signed in user.',
+      'required': [
+        'password',
+      ],
+      'properties': {
+        'password': {
+          'type': 'string',
+          'description': 'The user\'s password',
+        },
+      },
+    },
+  }
+
+  @require_user_admin
+  @nickname('verifyUser')
+  @validate_json_request('VerifyUser')
+  def post(self):
+    """ Verifies the signed in the user with the specified credentials. """
+    signin_data = request.get_json()
+    password = signin_data['password']
+    return conduct_signin(get_authenticated_user().username, password)
+
+
 @resource('/v1/signout')
 @internal_only
 class Signout(ApiResource):
@@ -411,7 +483,21 @@ class Signout(ApiResource):
     return {'success': True}
 
 
+
+@resource('/v1/detachexternal/<servicename>')
+@internal_only
+class DetachExternal(ApiResource):
+  """ Resource for detaching an external login. """
+  @require_user_admin
+  @nickname('detachExternalLogin')
+  def post(self, servicename):
+    """ Request that the current user be detached from the external login service. """
+    model.detach_external_login(get_authenticated_user(), servicename)
+    return {'success': True}
+
+
 @resource("/v1/recovery")
+@show_if(features.MAILING)
 @internal_only
 class Recovery(ApiResource):
   """ Resource for requesting a password recovery email. """
@@ -446,11 +532,24 @@ class Recovery(ApiResource):
 @internal_only
 class UserNotificationList(ApiResource):
   @require_user_admin
+  @parse_args
+  @query_param('page', 'Offset page number. (int)', type=int, default=0)
+  @query_param('limit', 'Limit on the number of results (int)', type=int, default=5)
   @nickname('listUserNotifications')
-  def get(self):
-    notifications = model.list_notifications(get_authenticated_user())
+  def get(self, args):
+    page = args['page']
+    limit = args['limit']
+
+    notifications = list(model.list_notifications(get_authenticated_user(), page=page, limit=limit + 1))
+    has_more = False
+
+    if len(notifications) > limit:
+      has_more = True
+      notifications = notifications[0:limit]
+
     return {
-      'notifications': [notification_view(notification) for notification in notifications]
+      'notifications': [notification_view(notification) for notification in notifications],
+      'additional': has_more
     }
 
 
diff --git a/endpoints/callbacks.py b/endpoints/callbacks.py
index 015f3c3a7..637033ab6 100644
--- a/endpoints/callbacks.py
+++ b/endpoints/callbacks.py
@@ -4,12 +4,14 @@ from flask import request, redirect, url_for, Blueprint
 from flask.ext.login import current_user
 
 from endpoints.common import render_page_template, common_login, route_show_if
-from app import app, analytics
+from app import app, analytics, get_app_url
 from data import model
 from util.names import parse_repository_name
+from util.validation import generate_valid_usernames
 from util.http import abort
 from auth.permissions import AdministerRepositoryPermission
 from auth.auth import require_session_login
+from peewee import IntegrityError
 
 import features
 
@@ -20,20 +22,40 @@ client = app.config['HTTPCLIENT']
 
 callback = Blueprint('callback', __name__)
 
+def render_ologin_error(service_name,
+                        error_message='Could not load user data. The token may have expired.'):
+  return render_page_template('ologinerror.html', service_name=service_name,
+                              error_message=error_message,
+                              service_url=get_app_url(),
+                              user_creation=features.USER_CREATION)
 
-def exchange_github_code_for_token(code, for_login=True):
+def exchange_code_for_token(code, service_name='GITHUB', for_login=True, form_encode=False,
+                            redirect_suffix=''):
   code = request.args.get('code')
+  id_config = service_name + '_LOGIN_CLIENT_ID' if for_login else service_name + '_CLIENT_ID'
+  secret_config = service_name + '_LOGIN_CLIENT_SECRET' if for_login else service_name + '_CLIENT_SECRET'
+
   payload = {
-    'client_id': app.config['GITHUB_LOGIN_CLIENT_ID' if for_login else 'GITHUB_CLIENT_ID'],
-    'client_secret': app.config['GITHUB_LOGIN_CLIENT_SECRET' if for_login else 'GITHUB_CLIENT_SECRET'],
+    'client_id': app.config[id_config],
+    'client_secret': app.config[secret_config],
     'code': code,
+    'grant_type': 'authorization_code',
+    'redirect_uri': '%s://%s/oauth2/%s/callback%s' % (app.config['PREFERRED_URL_SCHEME'],
+                                                      app.config['SERVER_HOSTNAME'],
+                                                      service_name.lower(),
+                                                      redirect_suffix)
   }
+
   headers = {
     'Accept': 'application/json'
   }
 
-  get_access_token = client.post(app.config['GITHUB_TOKEN_URL'],
-                                 params=payload, headers=headers)
+  if form_encode:
+    get_access_token = client.post(app.config[service_name + '_TOKEN_URL'],
+                                   data=payload, headers=headers)
+  else:
+    get_access_token = client.post(app.config[service_name + '_TOKEN_URL'],
+                                   params=payload, headers=headers)
 
   json_data = get_access_token.json()
   if not json_data:
@@ -52,17 +74,87 @@ def get_github_user(token):
   return get_user.json()
 
 
+def get_google_user(token):
+  token_param = {
+    'access_token': token,
+    'alt': 'json',
+  }
+
+  get_user = client.get(app.config['GOOGLE_USER_URL'], params=token_param)
+  return get_user.json()
+
+def conduct_oauth_login(service_name, user_id, username, email, metadata={}):
+  to_login = model.verify_federated_login(service_name.lower(), user_id)
+  if not to_login:
+    # See if we can create a new user.
+    if not features.USER_CREATION:
+      error_message = 'User creation is disabled. Please contact your administrator'
+      return render_ologin_error(service_name, error_message)
+
+    # Try to create the user
+    try:
+      valid = next(generate_valid_usernames(username))
+      to_login = model.create_federated_user(valid, email, service_name.lower(),
+                                             user_id, set_password_notification=True,
+                                             metadata=metadata)
+
+      # Success, tell analytics
+      analytics.track(to_login.username, 'register', {'service': service_name.lower()})
+
+      state = request.args.get('state', None)
+      if state:
+        logger.debug('Aliasing with state: %s' % state)
+        analytics.alias(to_login.username, state)
+
+    except model.DataModelException, ex:
+      return render_ologin_error(service_name, ex.message)
+
+  if common_login(to_login):
+    return redirect(url_for('web.index'))
+
+  return render_ologin_error(service_name)
+
+def get_google_username(user_data):
+  username = user_data['email']
+  at = username.find('@')
+  if at > 0:
+    username = username[0:at]
+
+  return username
+
+
+@callback.route('/google/callback', methods=['GET'])
+@route_show_if(features.GOOGLE_LOGIN)
+def google_oauth_callback():
+  error = request.args.get('error', None)
+  if error:
+    return render_ologin_error('Google', error)
+
+  token = exchange_code_for_token(request.args.get('code'), service_name='GOOGLE', form_encode=True)
+  user_data = get_google_user(token)
+  if not user_data or not user_data.get('id', None) or not user_data.get('email', None):
+    return render_ologin_error('Google')
+
+  username = get_google_username(user_data)
+  metadata = {
+    'service_username': user_data['email']
+  }
+
+  return conduct_oauth_login('Google', user_data['id'], username, user_data['email'],
+                             metadata=metadata)
+
+
 @callback.route('/github/callback', methods=['GET'])
 @route_show_if(features.GITHUB_LOGIN)
 def github_oauth_callback():
   error = request.args.get('error', None)
   if error:
-    return render_page_template('githuberror.html', error_message=error)
+    return render_ologin_error('GitHub', error)
 
-  token = exchange_github_code_for_token(request.args.get('code'))
+  token = exchange_code_for_token(request.args.get('code'), service_name='GITHUB')
   user_data = get_github_user(token)
-  if not user_data:
-    return render_page_template('githuberror.html', error_message='Could not load user data')    
+  if not user_data or not 'login' in user_data:
+    return render_ologin_error('GitHub')
 
   username = user_data['login']
   github_id = user_data['id']
@@ -84,42 +176,67 @@ def github_oauth_callback():
     if user_email['primary']:
       break
 
-  to_login = model.verify_federated_login('github', github_id)
-  if not to_login:
-    # try to create the user
-    try:
-      to_login = model.create_federated_user(username, found_email, 'github',
-                                             github_id, set_password_notification=True)
+  metadata = {
+    'service_username': username
+  }
 
-      # Success, tell analytics
-      analytics.track(to_login.username, 'register', {'service': 'github'})
+  return conduct_oauth_login('github', github_id, username, found_email, metadata=metadata)
 
-      state = request.args.get('state', None)
-      if state:
-        logger.debug('Aliasing with state: %s' % state)
-        analytics.alias(to_login.username, state)
 
-    except model.DataModelException, ex:
-      return render_page_template('githuberror.html', error_message=ex.message)
+@callback.route('/google/callback/attach', methods=['GET'])
+@route_show_if(features.GOOGLE_LOGIN)
+@require_session_login
+def google_oauth_attach():
+  token = exchange_code_for_token(request.args.get('code'), service_name='GOOGLE',
+                                  redirect_suffix='/attach', form_encode=True)
 
-  if common_login(to_login):
-    return redirect(url_for('web.index'))
+  user_data = get_google_user(token)
+  if not user_data or not user_data.get('id', None):
+    return render_ologin_error('Google')
 
-  return render_page_template('githuberror.html')
+  google_id = user_data['id']
+  user_obj = current_user.db_user()
+
+  username = get_google_username(user_data)
+  metadata = {
+    'service_username': user_data['email']
+  }
+
+  try:
+    model.attach_federated_login(user_obj, 'google', google_id, metadata=metadata)
+  except IntegrityError:
+    err = 'Google account %s is already attached to a %s account' % (
+      username, app.config['REGISTRY_TITLE_SHORT'])
+    return render_ologin_error('Google', err)
+
+  return redirect(url_for('web.user'))
 
 
 @callback.route('/github/callback/attach', methods=['GET'])
 @route_show_if(features.GITHUB_LOGIN)
 @require_session_login
 def github_oauth_attach():
-  token = exchange_github_code_for_token(request.args.get('code'))
+  token = exchange_code_for_token(request.args.get('code'), service_name='GITHUB')
   user_data = get_github_user(token)
   if not user_data:
-    return render_page_template('githuberror.html', error_message='Could not load user data')    
+    return render_ologin_error('GitHub')
 
   github_id = user_data['id']
   user_obj = current_user.db_user()
-  model.attach_federated_login(user_obj, 'github', github_id)
+
+  username = user_data['login']
+  metadata = {
+    'service_username': username
+  }
+
+  try:
+    model.attach_federated_login(user_obj, 'github', github_id, metadata=metadata)
+  except IntegrityError:
+    err = 'Github account %s is already attached to a %s account' % (
+      username, app.config['REGISTRY_TITLE_SHORT'])
+
+    return render_ologin_error('GitHub', err)
+
   return redirect(url_for('web.user'))
 
 
@@ -130,7 +247,8 @@ def github_oauth_attach():
 def attach_github_build_trigger(namespace, repository):
   permission = AdministerRepositoryPermission(namespace, repository)
   if permission.can():
-    token = exchange_github_code_for_token(request.args.get('code'), for_login=False)
+    token = exchange_code_for_token(request.args.get('code'), service_name='GITHUB',
+                                    for_login=False)
     repo = model.get_repository(namespace, repository)
     if not repo:
       msg = 'Invalid repository: %s/%s' % (namespace, repository)
diff --git a/endpoints/common.py b/endpoints/common.py
index fe09104ca..37ae80ee8 100644
--- a/endpoints/common.py
+++ b/endpoints/common.py
@@ -2,8 +2,9 @@ import logging
 import urlparse
 import json
 import string
+import datetime
 
-from flask import make_response, render_template, request, abort
+from flask import make_response, render_template, request, abort, session
 from flask.ext.login import login_user, UserMixin
 from flask.ext.principal import identity_changed
 from random import SystemRandom
@@ -81,20 +82,23 @@ def param_required(param_name):
 
 
 @login_manager.user_loader
-def load_user(username):
-  logger.debug('User loader loading deferred user: %s' % username)
-  return _LoginWrappedDBUser(username)
+def load_user(user_db_id):
+  logger.debug('User loader loading deferred user id: %s' % user_db_id)
+  try:
+    user_db_id_int = int(user_db_id)
+    return _LoginWrappedDBUser(user_db_id_int)
+  except ValueError:
+    return None
 
 
 class _LoginWrappedDBUser(UserMixin):
-  def __init__(self, db_username, db_user=None):
-
-    self._db_username = db_username
+  def __init__(self, user_db_id, db_user=None):
+    self._db_id = user_db_id
     self._db_user = db_user
 
   def db_user(self):
     if not self._db_user:
-      self._db_user = model.get_user(self._db_username)
+      self._db_user = model.get_user_by_id(self._db_id)
     return self._db_user
 
   def is_authenticated(self):
@@ -104,14 +108,15 @@ class _LoginWrappedDBUser(UserMixin):
     return self.db_user().verified
 
   def get_id(self):
-    return unicode(self._db_username)
+    return unicode(self._db_id)
 
 
 def common_login(db_user):
-  if login_user(_LoginWrappedDBUser(db_user.username, db_user)):
+  if login_user(_LoginWrappedDBUser(db_user.id, db_user)):
     logger.debug('Successfully signed in as: %s' % db_user.username)
-    new_identity = QuayDeferredPermissionUser(db_user.username, 'username', {scopes.DIRECT_LOGIN})
+    new_identity = QuayDeferredPermissionUser(db_user.id, 'user_db_id', {scopes.DIRECT_LOGIN})
     identity_changed.send(app, identity=new_identity)
+    session['login_time'] = datetime.datetime.now()
     return True
   else:
     logger.debug('User could not be logged in, inactive?.')
@@ -200,7 +205,7 @@ def check_repository_usage(user_or_org, plan_found):
 def start_build(repository, dockerfile_id, tags, build_name, subdir, manual,
                 trigger=None, pull_robot_name=None):
   host = urlparse.urlparse(request.url).netloc
-  repo_path = '%s/%s/%s' % (host, repository.namespace, repository.name)
+  repo_path = '%s/%s/%s' % (host, repository.namespace_user.username, repository.name)
 
   token = model.create_access_token(repository, 'write')
   logger.debug('Creating build %s with repo %s tags %s and dockerfile_id %s',
@@ -216,9 +221,9 @@ def start_build(repository, dockerfile_id, tags, build_name, subdir, manual,
                                                 dockerfile_id, build_name,
                                                 trigger, pull_robot_name=pull_robot_name)
 
-  dockerfile_build_queue.put([repository.namespace, repository.name], json.dumps({
+  dockerfile_build_queue.put([repository.namespace_user.username, repository.name], json.dumps({
     'build_uuid': build_request.uuid,
-    'namespace': repository.namespace,
+    'namespace': repository.namespace_user.username,
     'repository': repository.name,
     'pull_credentials': model.get_pull_credentials(pull_robot_name) if pull_robot_name else None
   }), retries_remaining=1)
@@ -226,7 +231,7 @@ def start_build(repository, dockerfile_id, tags, build_name, subdir, manual,
   # Add the build to the repo's log.
   metadata = {
     'repo': repository.name,
-    'namespace': repository.namespace,
+    'namespace': repository.namespace_user.username,
     'fileid': dockerfile_id,
     'manual': manual,
   }
@@ -236,9 +241,8 @@ def start_build(repository, dockerfile_id, tags, build_name, subdir, manual,
     metadata['config'] = json.loads(trigger.config)
     metadata['service'] = trigger.service.name
 
-  model.log_action('build_dockerfile', repository.namespace,
-                   ip=request.remote_addr, metadata=metadata,
-                   repository=repository)
+  model.log_action('build_dockerfile', repository.namespace_user.username, ip=request.remote_addr,
+                   metadata=metadata, repository=repository)
 
   # Add notifications for the build queue.
   profile.debug('Adding notifications for repository')
diff --git a/endpoints/index.py b/endpoints/index.py
index 39327e6a8..5f0a88695 100644
--- a/endpoints/index.py
+++ b/endpoints/index.py
@@ -19,6 +19,7 @@ from auth.permissions import (ModifyRepositoryPermission, UserAdminPermission,
 from util.http import abort
 from endpoints.notificationhelper import spawn_notification
 
+import features
 
 logger = logging.getLogger(__name__)
 profile = logging.getLogger('application.profiler')
@@ -65,7 +66,13 @@ def generate_headers(role='read'):
 @index.route('/users', methods=['POST'])
 @index.route('/users/', methods=['POST'])
 def create_user():
+  if not features.USER_CREATION:
+    abort(400, 'User creation is disabled. Please speak to your administrator.')
+
   user_data = request.get_json()
+  if not 'username' in user_data:
+    abort(400, 'Missing username')
+
   username = user_data['username']
   password = user_data.get('password', '')
 
@@ -413,8 +420,39 @@ def put_repository_auth(namespace, repository):
 
 
 @index.route('/search', methods=['GET'])
+@process_auth
 def get_search():
-  abort(501, 'Not Implemented', issue='not-implemented')
+  def result_view(repo):
+    return {
+      "name": repo.namespace_user.username + '/' + repo.name,
+      "description": repo.description
+    }
+
+  query = request.args.get('q')
+
+  username = None
+  user = get_authenticated_user()
+  if user is not None:
+    username = user.username
+
+  if query:
+    matching = model.get_matching_repositories(query, username)
+  else:
+    matching = []
+
+  results = [result_view(repo) for repo in matching
+             if (repo.visibility.name == 'public' or 
+                 ReadRepositoryPermission(repo.namespace_user.username, repo.name).can())]
+
+  data = {
+    "query": query,
+    "num_results": len(results),
+    "results" : results
+  }
+
+  resp = make_response(json.dumps(data), 200)
+  resp.mimetype = 'application/json'
+  return resp
 
 
 @index.route('/_ping')
diff --git a/endpoints/notificationevent.py b/endpoints/notificationevent.py
index f1cbec42c..4a195fbd7 100644
--- a/endpoints/notificationevent.py
+++ b/endpoints/notificationevent.py
@@ -1,8 +1,4 @@
 import logging
-import io
-import os.path
-import tarfile
-import base64
 
 from notificationhelper import build_event_data
 
@@ -15,6 +11,13 @@ class NotificationEvent(object):
   def __init__(self):
     pass
 
+  def get_level(self, event_data, notification_data):
+    """
+    Returns a 'level' representing the severity of the event.
+    Valid values are: 'info', 'warning', 'error', 'primary'
+    """
+    raise NotImplementedError
+
   def get_summary(self, event_data, notification_data):
     """
     Returns a human readable one-line summary for the given notification data.
@@ -55,6 +58,9 @@ class RepoPushEvent(NotificationEvent):
   def event_name(cls):
     return 'repo_push'
 
+  def get_level(self, event_data, notification_data):
+    return 'info'
+
   def get_summary(self, event_data, notification_data):
     return 'Repository %s updated' % (event_data['repository'])
 
@@ -87,6 +93,9 @@ class BuildQueueEvent(NotificationEvent):
   @classmethod
   def event_name(cls):
     return 'build_queued'
+
+  def get_level(self, event_data, notification_data):
+    return 'info'
   
   def get_sample_data(self, repository):
     build_uuid = 'fake-build-id'
@@ -127,6 +136,9 @@ class BuildStartEvent(NotificationEvent):
   def event_name(cls):
     return 'build_start'
 
+  def get_level(self, event_data, notification_data):
+    return 'info'
+
   def get_sample_data(self, repository):
     build_uuid = 'fake-build-id'
 
@@ -155,6 +167,9 @@ class BuildSuccessEvent(NotificationEvent):
   def event_name(cls):
     return 'build_success'
 
+  def get_level(self, event_data, notification_data):
+    return 'primary'
+
   def get_sample_data(self, repository):
     build_uuid = 'fake-build-id'
 
@@ -183,7 +198,12 @@ class BuildFailureEvent(NotificationEvent):
   def event_name(cls):
     return 'build_failure'
 
+  def get_level(self, event_data, notification_data):
+    return 'error'
+
   def get_sample_data(self, repository):
+    build_uuid = 'fake-build-id'
+
     return build_event_data(repository, {
       'build_id': build_uuid,
       'build_name': 'some-fake-build',
diff --git a/endpoints/notificationhelper.py b/endpoints/notificationhelper.py
index 773779fb7..6f80f83d0 100644
--- a/endpoints/notificationhelper.py
+++ b/endpoints/notificationhelper.py
@@ -4,7 +4,7 @@ from data import model
 import json
 
 def build_event_data(repo, extra_data={}, subpage=None):
-  repo_string = '%s/%s' % (repo.namespace, repo.name)
+  repo_string = '%s/%s' % (repo.namespace_user.username, repo.name)
   homepage = '%s://%s/repository/%s' % (app.config['PREFERRED_URL_SCHEME'], 
                                         app.config['SERVER_HOSTNAME'],
                                         repo_string)
@@ -17,7 +17,7 @@ def build_event_data(repo, extra_data={}, subpage=None):
 
   event_data = {
     'repository': repo_string,
-    'namespace': repo.namespace,
+    'namespace': repo.namespace_user.username,
     'name': repo.name,
     'docker_url': '%s/%s' % (app.config['SERVER_HOSTNAME'], repo_string),
     'homepage': homepage,
@@ -30,7 +30,7 @@ def build_event_data(repo, extra_data={}, subpage=None):
 def build_notification_data(notification, event_data):
   return {
     'notification_uuid': notification.uuid,
-    'repository_namespace': notification.repository.namespace,
+    'repository_namespace': notification.repository.namespace_user.username,
     'repository_name': notification.repository.name,
     'event_data': event_data
   }
@@ -39,8 +39,9 @@ def build_notification_data(notification, event_data):
 def spawn_notification(repo, event_name, extra_data={}, subpage=None, pathargs=[]):
   event_data = build_event_data(repo, extra_data=extra_data, subpage=subpage)
 
-  notifications = model.list_repo_notifications(repo.namespace, repo.name, event_name=event_name)
+  notifications = model.list_repo_notifications(repo.namespace_user.username, repo.name,
+                                                event_name=event_name)
   for notification in notifications:
     notification_data = build_notification_data(notification, event_data)
-    path = [repo.namespace, repo.name, event_name] + pathargs
+    path = [repo.namespace_user.username, repo.name, event_name] + pathargs
     notification_queue.put(path, json.dumps(notification_data))
diff --git a/endpoints/notificationmethod.py b/endpoints/notificationmethod.py
index b49055157..589ebd06d 100644
--- a/endpoints/notificationmethod.py
+++ b/endpoints/notificationmethod.py
@@ -4,10 +4,13 @@ import os.path
 import tarfile
 import base64
 import json
+import requests
+import re
 
 from flask.ext.mail import Message
-from app import mail, app
+from app import mail, app, get_app_url
 from data import model
+from workers.worker import JobException
 
 logger = logging.getLogger(__name__)
 
@@ -17,6 +20,9 @@ class InvalidNotificationMethodException(Exception):
 class CannotValidateNotificationMethodException(Exception):
   pass
 
+class NotificationMethodPerformException(JobException):
+  pass
+
 
 class NotificationMethod(object):
   def __init__(self):
@@ -82,7 +88,7 @@ class QuayNotificationMethod(NotificationMethod):
         return (True, 'Unknown organization %s' % target_info['name'], None)
 
       # Only repositories under the organization can cause notifications to that org.
-      if target_info['name'] != repository.namespace:
+      if target_info['name'] != repository.namespace_user.username:
         return (False, 'Organization name must match repository namespace')
 
       return (True, None, [target])
@@ -90,7 +96,7 @@ class QuayNotificationMethod(NotificationMethod):
       # Lookup the team.
       team = None
       try:
-        team = model.get_organization_team(repository.namespace, target_info['name'])
+        team = model.get_organization_team(repository.namespace_user.username, target_info['name'])
       except model.InvalidTeamException:
         # Probably deleted.
         return (True, 'Unknown team %s' % target_info['name'], None)
@@ -103,19 +109,18 @@ class QuayNotificationMethod(NotificationMethod):
     repository = notification.repository
     if not repository:
       # Probably deleted.
-      return True
+      return
 
     # Lookup the target user or team to which we'll send the notification.
     config_data = json.loads(notification.config_json)
     status, err_message, target_users = self.find_targets(repository, config_data)
     if not status:
-      return False
+      raise NotificationMethodPerformException(err_message)
 
     # For each of the target users, create a notification.
     for target_user in set(target_users or []):
       model.create_notification(event_handler.event_name(), target_user,
                                 metadata=notification_data['event_data'])
-    return True
 
 
 class EmailMethod(NotificationMethod):
@@ -128,7 +133,8 @@ class EmailMethod(NotificationMethod):
     if not email:
       raise CannotValidateNotificationMethodException('Missing e-mail address')
 
-    record = model.get_email_authorized_for_repo(repository.namespace, repository.name, email)
+    record = model.get_email_authorized_for_repo(repository.namespace_user.username,
+                                                 repository.name, email)
     if not record or not record.confirmed:
       raise CannotValidateNotificationMethodException('The specified e-mail address '
                                                       'is not authorized to receive '
@@ -139,7 +145,7 @@ class EmailMethod(NotificationMethod):
     config_data = json.loads(notification.config_json)
     email = config_data.get('email', '')
     if not email:
-      return False
+      return
 
     msg = Message(event_handler.get_summary(notification_data['event_data'], notification_data),
                   sender='support@quay.io',
@@ -151,9 +157,7 @@ class EmailMethod(NotificationMethod):
         mail.send(msg)
     except Exception as ex:
       logger.exception('Email was unable to be sent: %s' % ex.message)
-      return False      
-
-    return True
+      raise NotificationMethodPerformException(ex.message)
 
 
 class WebhookMethod(NotificationMethod):
@@ -170,7 +174,7 @@ class WebhookMethod(NotificationMethod):
     config_data = json.loads(notification.config_json)
     url = config_data.get('url', '')
     if not url:
-      return False
+      return
 
     payload = notification_data['event_data']
     headers = {'Content-type': 'application/json'}
@@ -178,12 +182,197 @@ class WebhookMethod(NotificationMethod):
     try:
       resp = requests.post(url, data=json.dumps(payload), headers=headers)
       if resp.status_code/100 != 2:
-        logger.error('%s response for webhook to url: %s' % (resp.status_code,
-                                                             url))
-        return False
+        error_message = '%s response for webhook to url: %s' % (resp.status_code, url)
+        logger.error(error_message)
+        logger.error(resp.content)
+        raise NotificationMethodPerformException(error_message)
 
     except requests.exceptions.RequestException as ex:
       logger.exception('Webhook was unable to be sent: %s' % ex.message)
-      return False
+      raise NotificationMethodPerformException(ex.message)
 
-    return True
+
+class FlowdockMethod(NotificationMethod):
+  """ Method for sending notifications to Flowdock via the Team Inbox API:
+      https://www.flowdock.com/api/team-inbox 
+  """
+  @classmethod
+  def method_name(cls):
+    return 'flowdock'
+
+  def validate(self, repository, config_data):
+    token = config_data.get('flow_api_token', '')
+    if not token:
+      raise CannotValidateNotificationMethodException('Missing Flowdock API Token')
+
+  def perform(self, notification, event_handler, notification_data):
+    config_data = json.loads(notification.config_json)
+    token = config_data.get('flow_api_token', '')
+    if not token:
+      return
+
+    owner = model.get_user(notification.repository.namespace_user.username)
+    if not owner:
+      # Something went wrong.
+      return
+
+    url = 'https://api.flowdock.com/v1/messages/team_inbox/%s' % token
+    headers = {'Content-type': 'application/json'}
+    payload = {
+      'source': 'Quay',
+      'from_address':  'support@quay.io',
+      'subject': event_handler.get_summary(notification_data['event_data'], notification_data),
+      'content': event_handler.get_message(notification_data['event_data'], notification_data),
+      'from_name': owner.username,
+      'project': (notification.repository.namespace_user.username + ' ' +
+                  notification.repository.name),
+      'tags': ['#' + event_handler.event_name()],
+      'link': notification_data['event_data']['homepage']
+    }
+
+    try:
+      resp = requests.post(url, data=json.dumps(payload), headers=headers)
+      if resp.status_code/100 != 2:
+        error_message = '%s response for flowdock to url: %s' % (resp.status_code, url)
+        logger.error(error_message)
+        logger.error(resp.content)
+        raise NotificationMethodPerformException(error_message)
+
+    except requests.exceptions.RequestException as ex:
+      logger.exception('Flowdock method was unable to be sent: %s' % ex.message)
+      raise NotificationMethodPerformException(ex.message)
+
+
+class HipchatMethod(NotificationMethod):
+  """ Method for sending notifications to Hipchat via the API:
+      https://www.hipchat.com/docs/apiv2/method/send_room_notification
+  """
+  @classmethod
+  def method_name(cls):
+    return 'hipchat'
+
+  def validate(self, repository, config_data):
+    if not config_data.get('notification_token', ''):
+      raise CannotValidateNotificationMethodException('Missing Hipchat Room Notification Token')
+
+    if not config_data.get('room_id', ''):
+      raise CannotValidateNotificationMethodException('Missing Hipchat Room ID')
+
+  def perform(self, notification, event_handler, notification_data):
+    config_data = json.loads(notification.config_json)
+
+    token = config_data.get('notification_token', '')
+    room_id = config_data.get('room_id', '')
+
+    if not token or not room_id:
+      return
+
+    owner = model.get_user(notification.repository.namespace_user.username)
+    if not owner:
+      # Something went wrong.
+      return
+
+    url = 'https://api.hipchat.com/v2/room/%s/notification?auth_token=%s' % (room_id, token)
+
+    level = event_handler.get_level(notification_data['event_data'], notification_data)
+    color = {
+      'info': 'gray',
+      'warning': 'yellow',
+      'error': 'red',
+      'primary': 'purple'
+    }.get(level, 'gray')
+
+    headers = {'Content-type': 'application/json'}
+    payload = {
+      'color': color,
+      'message': event_handler.get_message(notification_data['event_data'], notification_data),
+      'notify': level == 'error',
+      'message_format': 'html',      
+    }
+
+    try:
+      resp = requests.post(url, data=json.dumps(payload), headers=headers)
+      if resp.status_code/100 != 2:
+        error_message = '%s response for hipchat to url: %s' % (resp.status_code, url)
+        logger.error(error_message)
+        logger.error(resp.content)
+        raise NotificationMethodPerformException(error_message)
+
+    except requests.exceptions.RequestException as ex:
+      logger.exception('Hipchat method was unable to be sent: %s' % ex.message)
+      raise NotificationMethodPerformException(ex.message)
+
+
+class SlackMethod(NotificationMethod):
+  """ Method for sending notifications to Slack via the API:
+      https://api.slack.com/docs/attachments
+  """
+  @classmethod
+  def method_name(cls):
+    return 'slack'
+
+  def validate(self, repository, config_data):
+    if not config_data.get('token', ''):
+      raise CannotValidateNotificationMethodException('Missing Slack Token')
+
+    if not config_data.get('subdomain', '').isalnum():
+      raise CannotValidateNotificationMethodException('Missing Slack Subdomain Name')
+
+  def formatForSlack(self, message):
+    message = message.replace('\n', '')
+    message = re.sub(r'\s+', ' ', message)
+    message = message.replace('<br>', '\n')
+    message = re.sub(r'<a href="(.+)">(.+)</a>', '<\\1|\\2>', message)
+    return message
+
+  def perform(self, notification, event_handler, notification_data):
+    config_data = json.loads(notification.config_json)
+
+    token = config_data.get('token', '')
+    subdomain = config_data.get('subdomain', '')
+
+    if not token or not subdomain:
+      return
+
+    owner = model.get_user(notification.repository.namespace_user.username)
+    if not owner:
+      # Something went wrong.
+      return
+
+    url = 'https://%s.slack.com/services/hooks/incoming-webhook?token=%s' % (subdomain, token)
+
+    level = event_handler.get_level(notification_data['event_data'], notification_data)
+    color = {
+      'info': '#ffffff',
+      'warning': 'warning',
+      'error': 'danger',
+      'primary': 'good'
+    }.get(level, '#ffffff')
+
+    summary = event_handler.get_summary(notification_data['event_data'], notification_data)
+    message = event_handler.get_message(notification_data['event_data'], notification_data)
+
+    headers = {'Content-type': 'application/json'}
+    payload = {
+      'text': summary,
+      'username': 'quayiobot',
+      'attachments': [
+        {
+          'fallback': summary,
+          'text': self.formatForSlack(message),
+          'color': color
+        }
+      ]
+    }
+
+    try:
+      resp = requests.post(url, data=json.dumps(payload), headers=headers)
+      if resp.status_code/100 != 2:
+        error_message = '%s response for Slack to url: %s' % (resp.status_code, url)
+        logger.error(error_message)
+        logger.error(resp.content)
+        raise NotificationMethodPerformException(error_message)
+
+    except requests.exceptions.RequestException as ex:
+      logger.exception('Slack method was unable to be sent: %s' % ex.message)
+      raise NotificationMethodPerformException(ex.message)
diff --git a/endpoints/registry.py b/endpoints/registry.py
index 72633939e..5699f0db2 100644
--- a/endpoints/registry.py
+++ b/endpoints/registry.py
@@ -14,6 +14,7 @@ from util.http import abort, exact_abort
 from auth.permissions import (ReadRepositoryPermission,
                               ModifyRepositoryPermission)
 from data import model
+from util import gzipstream
 
 
 registry = Blueprint('registry', __name__)
@@ -110,10 +111,10 @@ def head_image_layer(namespace, repository, image_id, headers):
 
     extra_headers = {}
 
-    # Add the Accept-Ranges header if the storage engine supports resumeable
+    # Add the Accept-Ranges header if the storage engine supports resumable
     # downloads.
-    if store.get_supports_resumeable_downloads(repo_image.storage.locations):
-      profile.debug('Storage supports resumeable downloads')
+    if store.get_supports_resumable_downloads(repo_image.storage.locations):
+      profile.debug('Storage supports resumable downloads')
       extra_headers['Accept-Ranges'] = 'bytes'
 
     resp = make_response('')
@@ -193,21 +194,33 @@ def put_image_layer(namespace, repository, image_id):
     # encoding (Gunicorn)
     input_stream = request.environ['wsgi.input']
 
-  # compute checksums
-  csums = []
+  # Create a socket reader to read the input stream containing the layer data.
   sr = SocketReader(input_stream)
+
+  # Add a handler that store the data in storage.
   tmp, store_hndlr = store.temp_store_handler()
   sr.add_handler(store_hndlr)
+
+  # Add a handler to compute the uncompressed size of the layer.
+  uncompressed_size_info, size_hndlr = gzipstream.calculate_size_handler()
+  sr.add_handler(size_hndlr)
+
+  # Add a handler which computes the checksum.
   h, sum_hndlr = checksums.simple_checksum_handler(json_data)
   sr.add_handler(sum_hndlr)
+
+  # Stream write the data to storage.
   store.stream_write(repo_image.storage.locations, layer_path, sr)
+
+  # Append the computed checksum.
+  csums = []
   csums.append('sha256:{0}'.format(h.hexdigest()))
 
   try:
     image_size = tmp.tell()
 
     # Save the size of the image.
-    model.set_image_size(image_id, namespace, repository, image_size)
+    model.set_image_size(image_id, namespace, repository, image_size, uncompressed_size_info.size)
 
     tmp.seek(0)
     csums.append(checksums.compute_tarsum(tmp, json_data))
@@ -451,11 +464,6 @@ def put_image_json(namespace, repository, image_id):
 
   set_uploading_flag(repo_image, True)
 
-  # We cleanup any old checksum in case it's a retry after a fail
-  profile.debug('Cleanup old checksum')
-  repo_image.storage.checksum = None
-  repo_image.storage.save()
-
   # If we reach that point, it means that this is a new image or a retry
   # on a failed push
   # save the metadata
diff --git a/endpoints/trigger.py b/endpoints/trigger.py
index ab7aa9065..4a10485ae 100644
--- a/endpoints/trigger.py
+++ b/endpoints/trigger.py
@@ -36,6 +36,9 @@ class TriggerActivationException(Exception):
 class TriggerDeactivationException(Exception):
   pass
 
+class TriggerStartException(Exception):
+  pass
+
 class ValidationRequestException(Exception):
   pass
 
@@ -109,12 +112,19 @@ class BuildTrigger(object):
     """
     raise NotImplementedError
 
-  def manual_start(self, auth_token, config):
+  def manual_start(self, auth_token, config, run_parameters = None):
     """
     Manually creates a repository build for this trigger.
     """
     raise NotImplementedError
 
+  def list_field_values(self, auth_token, config, field_name):
+    """
+    Lists all values for the given custom trigger field. For example, a trigger might have a
+    field named "branches", and this method would return all branches.
+    """
+    raise NotImplementedError
+
   @classmethod
   def service_name(cls):
     """
@@ -291,6 +301,9 @@ class GithubBuildTrigger(BuildTrigger):
       with tarfile.open(fileobj=tarball) as archive:
         tarball_subdir = archive.getnames()[0]
 
+      # Seek to position 0 to make boto multipart happy
+      tarball.seek(0)
+
       dockerfile_id = user_files.store_file(tarball, TARBALL_MIME)
 
     logger.debug('Successfully prepared job')
@@ -342,14 +355,37 @@ class GithubBuildTrigger(BuildTrigger):
     return GithubBuildTrigger._prepare_build(config, repo, commit_sha,
                                              short_sha, ref)
 
-  def manual_start(self, auth_token, config):
-    source = config['build_source']
+  def manual_start(self, auth_token, config, run_parameters = None):
+    try:
+      source = config['build_source']
+      run_parameters = run_parameters or {}
 
-    gh_client = self._get_client(auth_token)
-    repo = gh_client.get_repo(source)
-    master = repo.get_branch(repo.default_branch)
-    master_sha = master.commit.sha
-    short_sha = GithubBuildTrigger.get_display_name(master_sha)
-    ref = 'refs/heads/%s' % repo.default_branch
+      gh_client = self._get_client(auth_token)
+      repo = gh_client.get_repo(source)
+      master = repo.get_branch(repo.default_branch)
+      master_sha = master.commit.sha
+      short_sha = GithubBuildTrigger.get_display_name(master_sha)
+      ref = 'refs/heads/%s' % (run_parameters.get('branch_name') or repo.default_branch)
 
-    return self._prepare_build(config, repo, master_sha, short_sha, ref)
+      return self._prepare_build(config, repo, master_sha, short_sha, ref)
+    except GithubException as ghe:
+      raise TriggerStartException(ghe.data['message'])
+
+
+  def list_field_values(self, auth_token, config, field_name):
+    if field_name == 'branch_name':
+      gh_client = self._get_client(auth_token)
+      source = config['build_source']
+      repo = gh_client.get_repo(source)
+      branches = [branch['name'] for branch in repo.get_branches()]
+
+      if not repo.default_branch in branches:
+        branches.insert(0, repo.default_branch)
+
+      if branches[0] != repo.default_branch:
+        branches.remove(repo.default_branch)
+        branches.insert(0, repo.default_branch)
+
+      return branches
+
+    return None
diff --git a/endpoints/web.py b/endpoints/web.py
index 19f9bb7f1..63e463666 100644
--- a/endpoints/web.py
+++ b/endpoints/web.py
@@ -18,6 +18,7 @@ from endpoints.common import common_login, render_page_template, route_show_if,
 from endpoints.csrf import csrf_protect, generate_csrf_token
 from util.names import parse_repository_name
 from util.gravatar import compute_hash
+from util.useremails import send_email_changed
 from auth import scopes
 
 import features
@@ -32,8 +33,8 @@ STATUS_TAGS = app.config['STATUS_TAGS']
 @web.route('/', methods=['GET'], defaults={'path': ''})
 @web.route('/organization/<path:path>', methods=['GET'])
 @no_cache
-def index(path):
-  return render_page_template('index.html')
+def index(path, **kwargs):
+  return render_page_template('index.html', **kwargs)
 
 
 @web.route('/500', methods=['GET'])
@@ -101,7 +102,7 @@ def superuser():
 
 @web.route('/signin/')
 @no_cache
-def signin():
+def signin(redirect=None):
   return index('')
 
 
@@ -123,6 +124,13 @@ def new():
   return index('')
 
 
+@web.route('/confirminvite')
+@no_cache
+def confirm_invite():
+  code = request.values['code']
+  return index('', code=code)
+
+
 @web.route('/repository/', defaults={'path': ''})
 @web.route('/repository/<path:path>', methods=['GET'])
 @no_cache
@@ -215,6 +223,7 @@ def receipt():
 
 
 @web.route('/authrepoemail', methods=['GET'])
+@route_show_if(features.MAILING)
 def confirm_repo_email():
   code = request.values['code']
   record = None
@@ -228,23 +237,27 @@ def confirm_repo_email():
   Your E-mail address has been authorized to receive notifications for repository
   <a href="%s://%s/repository/%s/%s">%s/%s</a>.
   """ % (app.config['PREFERRED_URL_SCHEME'], app.config['SERVER_HOSTNAME'],
-         record.repository.namespace, record.repository.name,
-         record.repository.namespace, record.repository.name)
+         record.repository.namespace_user.username, record.repository.name,
+         record.repository.namespace_user.username, record.repository.name)
 
   return render_page_template('message.html', message=message)
 
 
 @web.route('/confirm', methods=['GET'])
+@route_show_if(features.MAILING)
 def confirm_email():
   code = request.values['code']
   user = None
   new_email = None
 
   try:
-    user, new_email = model.confirm_user_email(code)
+    user, new_email, old_email = model.confirm_user_email(code)
   except model.DataModelException as ex:
     return render_page_template('confirmerror.html', error_message=ex.message)
     
+  if new_email:
+    send_email_changed(user.username, old_email, new_email)
+
   common_login(user)
 
   return redirect(url_for('web.user', tab='email') 
diff --git a/initdb.py b/initdb.py
index 7e48ae3af..6fa8efe98 100644
--- a/initdb.py
+++ b/initdb.py
@@ -51,7 +51,7 @@ def __gen_checksum(image_id):
 
 
 def __gen_image_id(repo, image_num):
-  str_to_hash = "%s/%s/%s" % (repo.namespace, repo.name, image_num)
+  str_to_hash = "%s/%s/%s" % (repo.namespace_user.username, repo.name, image_num)
 
   h = hashlib.md5(str_to_hash)
   return h.hexdigest() + h.hexdigest()
@@ -79,12 +79,12 @@ def __create_subtree(repo, structure, creator_username, parent):
     creation_time = REFERENCE_DATE + timedelta(days=image_num)
     command_list = SAMPLE_CMDS[image_num % len(SAMPLE_CMDS)]
     command = json.dumps(command_list) if command_list else None
-    new_image = model.set_image_metadata(docker_image_id, repo.namespace,
-                                         repo.name, str(creation_time),
-                                         'no comment', command, parent)
+    new_image = model.set_image_metadata(docker_image_id, repo.namespace_user.username, repo.name,
+                                         str(creation_time), 'no comment', command, parent)
 
-    model.set_image_size(docker_image_id, repo.namespace, repo.name,
-                         random.randrange(1, 1024 * 1024 * 1024))
+    compressed_size = random.randrange(1, 1024 * 1024 * 1024)
+    model.set_image_size(docker_image_id, repo.namespace_user.username, repo.name, compressed_size,
+                         int(compressed_size * 1.4))
 
     # Populate the diff file
     diff_path = store.image_file_diffs_path(new_image.storage.uuid)
@@ -100,7 +100,7 @@ def __create_subtree(repo, structure, creator_username, parent):
       last_node_tags = [last_node_tags]
 
     for tag_name in last_node_tags:
-      model.create_or_update_tag(repo.namespace, repo.name, tag_name,
+      model.create_or_update_tag(repo.namespace_user.username, repo.name, tag_name,
                                  new_image.docker_image_id)
 
   for subtree in subtrees:
@@ -179,6 +179,8 @@ def initialize_database():
   TeamRole.create(name='member')
   Visibility.create(name='public')
   Visibility.create(name='private')
+
+  LoginService.create(name='google')
   LoginService.create(name='github')
   LoginService.create(name='quayrobot')
   LoginService.create(name='ldap')
@@ -212,7 +214,11 @@ def initialize_database():
 
   LogEntryKind.create(name='org_create_team')
   LogEntryKind.create(name='org_delete_team')
+  LogEntryKind.create(name='org_invite_team_member')
+  LogEntryKind.create(name='org_delete_team_member_invite')
   LogEntryKind.create(name='org_add_team_member')
+  LogEntryKind.create(name='org_team_member_invite_accepted')
+  LogEntryKind.create(name='org_team_member_invite_declined')
   LogEntryKind.create(name='org_remove_team_member')
   LogEntryKind.create(name='org_set_team_description')
   LogEntryKind.create(name='org_set_team_role')
@@ -229,13 +235,15 @@ def initialize_database():
   LogEntryKind.create(name='delete_application')
   LogEntryKind.create(name='reset_application_client_secret')
 
-  # Note: These are deprecated.
+  # Note: These next two are deprecated.
   LogEntryKind.create(name='add_repo_webhook')
   LogEntryKind.create(name='delete_repo_webhook')
 
   LogEntryKind.create(name='add_repo_notification')
   LogEntryKind.create(name='delete_repo_notification')
 
+  LogEntryKind.create(name='regenerate_robot_token')
+
   ImageStorageLocation.create(name='local_eu')
   ImageStorageLocation.create(name='local_us')
 
@@ -251,6 +259,10 @@ def initialize_database():
   ExternalNotificationMethod.create(name='email')
   ExternalNotificationMethod.create(name='webhook')
 
+  ExternalNotificationMethod.create(name='flowdock')
+  ExternalNotificationMethod.create(name='hipchat')
+  ExternalNotificationMethod.create(name='slack')
+
   NotificationKind.create(name='repo_push')
   NotificationKind.create(name='build_queued')
   NotificationKind.create(name='build_start')
@@ -261,6 +273,7 @@ def initialize_database():
   NotificationKind.create(name='over_private_usage')
   NotificationKind.create(name='expiring_license')
   NotificationKind.create(name='maintenance')
+  NotificationKind.create(name='org_team_invite')
 
   NotificationKind.create(name='test_notification')
 
@@ -292,7 +305,7 @@ def populate_database():
   new_user_2.verified = True
   new_user_2.save()
 
-  new_user_3 = model.create_user('freshuser', 'password', 'no@thanks.com')
+  new_user_3 = model.create_user('freshuser', 'password', 'jschorr+test@devtable.com')
   new_user_3.verified = True
   new_user_3.save()
 
@@ -313,7 +326,8 @@ def populate_database():
   outside_org.verified = True
   outside_org.save()
 
-  model.create_notification('test_notification', new_user_1, metadata={'some': 'value', 'arr': [1,2,3], 'obj': {'a': 1, 'b': 2}})
+  model.create_notification('test_notification', new_user_1,
+                            metadata={'some':'value', 'arr':[1, 2, 3], 'obj':{'a':1, 'b':2}})
 
   from_date = datetime.utcnow()
   to_date = from_date + timedelta(hours=1)
@@ -377,18 +391,20 @@ def populate_database():
   })
   trigger.save()
 
-  repo = 'ci.devtable.com:5000/%s/%s' % (building.namespace, building.name)
+  repo = 'ci.devtable.com:5000/%s/%s' % (building.namespace_user.username, building.name)
   job_config = {
     'repository': repo,
     'docker_tags': ['latest'],
     'build_subdir': '',
   }
 
-  record = model.create_email_authorization_for_repo(new_user_1.username, 'simple', 'jschorr@devtable.com')
+  record = model.create_email_authorization_for_repo(new_user_1.username, 'simple',
+                                                     'jschorr@devtable.com')
   record.confirmed = True
   record.save()
 
-  model.create_email_authorization_for_repo(new_user_1.username, 'simple', 'jschorr+other@devtable.com')
+  model.create_email_authorization_for_repo(new_user_1.username, 'simple',
+                                            'jschorr+other@devtable.com')
 
   build2 = model.create_repository_build(building, token, job_config,
                                         '68daeebd-a5b9-457f-80a0-4363b882f8ea',
@@ -415,12 +431,12 @@ def populate_database():
 
   model.create_robot('coolrobot', org)
 
-  oauth.create_application(org, 'Some Test App', 'http://localhost:8000', 'http://localhost:8000/o2c.html',
-                           client_id='deadbeef')
+  oauth.create_application(org, 'Some Test App', 'http://localhost:8000',
+                           'http://localhost:8000/o2c.html', client_id='deadbeef')
 
-  oauth.create_application(org, 'Some Other Test App', 'http://quay.io', 'http://localhost:8000/o2c.html',
-                           client_id='deadpork',
-                           description = 'This is another test application')
+  oauth.create_application(org, 'Some Other Test App', 'http://quay.io',
+                           'http://localhost:8000/o2c.html', client_id='deadpork',
+                           description='This is another test application')
 
   model.oauth.create_access_token_for_testing(new_user_1, 'deadbeef', 'repo:admin')
 
@@ -442,8 +458,8 @@ def populate_database():
 
   reader_team = model.create_team('readers', org, 'member',
                                   'Readers of orgrepo.')
-  model.set_team_repo_permission(reader_team.name, org_repo.namespace,
-                                 org_repo.name, 'read')
+  model.set_team_repo_permission(reader_team.name, org_repo.namespace_user.username, org_repo.name,
+                                 'read')
   model.add_user_to_team(new_user_2, reader_team)
   model.add_user_to_team(reader, reader_team)
 
@@ -465,12 +481,9 @@ def populate_database():
                               (2, [], 'latest17'),
                               (2, [], 'latest18'),])
 
-  model.add_prototype_permission(org, 'read', activating_user=new_user_1,
-                                 delegate_user=new_user_2)
-  model.add_prototype_permission(org, 'read', activating_user=new_user_1,
-                                 delegate_team=reader_team)
-  model.add_prototype_permission(org, 'write', activating_user=new_user_2,
-                                 delegate_user=new_user_1)
+  model.add_prototype_permission(org, 'read', activating_user=new_user_1, delegate_user=new_user_2)
+  model.add_prototype_permission(org, 'read', activating_user=new_user_1, delegate_team=reader_team)
+  model.add_prototype_permission(org, 'write', activating_user=new_user_2, delegate_user=new_user_1)
 
   today = datetime.today()
   week_ago = today - timedelta(6)
diff --git a/license.py b/license.py
deleted file mode 100644
index b45d90cf8..000000000
--- a/license.py
+++ /dev/null
@@ -1,13 +0,0 @@
-import pickle
-
-from Crypto.PublicKey import RSA
-
-n = 24311791124264168943780535074639421876317270880681911499019414944027362498498429776192966738844514582251884695124256895677070273097239290537016363098432785034818859765271229653729724078304186025013011992335454557504431888746007324285000011384941749613875855493086506022340155196030616409545906383713728780211095701026770053812741971198465120292345817928060114890913931047021503727972067476586739126160044293621653486418983183727572502888923949587290840425930251185737996066354726953382305020440374552871209809125535533731995494145421279907938079885061852265339259634996180877443852561265066616143910755505151318370667L
-e = 65537L
-
-def load_license(license_path):
-  decryptor = RSA.construct((n, e))
-  with open(license_path, 'rb') as encrypted_license:
-    decrypted_data = decryptor.encrypt(encrypted_license.read(), 0)
-
-  return pickle.loads(decrypted_data[0])
diff --git a/license.pyc b/license.pyc
deleted file mode 100644
index 83687adfa..000000000
Binary files a/license.pyc and /dev/null differ
diff --git a/requirements-nover.txt b/requirements-nover.txt
index c0979629b..a3c74e89b 100644
--- a/requirements-nover.txt
+++ b/requirements-nover.txt
@@ -32,5 +32,7 @@ raven
 python-ldap
 pycrypto
 logentries
+psycopg2
+pyyaml
 git+https://github.com/DevTable/aniso8601-fake.git
 git+https://github.com/DevTable/anunidecode.git
diff --git a/requirements.txt b/requirements.txt
index 090ade690..e454e6846 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -12,6 +12,7 @@ Pillow==2.5.1
 PyGithub==1.25.0
 PyMySQL==0.6.2
 PyPDF2==1.22
+PyYAML==3.11
 SQLAlchemy==0.9.7
 Werkzeug==0.9.6
 alembic==0.6.5
@@ -44,6 +45,7 @@ python-dateutil==2.2
 python-ldap==2.4.15
 python-magic==0.4.6
 pytz==2014.4
+psycopg2==2.5.3
 raven==5.0.0
 redis==2.10.1
 reportlab==2.7
diff --git a/static/css/quay.css b/static/css/quay.css
index 01fe84e60..5ec050200 100644
--- a/static/css/quay.css
+++ b/static/css/quay.css
@@ -21,8 +21,7 @@
 
 
 #quay-logo {
-  width: 80px;
-  margin-right: 30px;
+  width: 100px;
 }
 
 #padding-container {
@@ -145,6 +144,15 @@ nav.navbar-default .navbar-nav>li>a.active {
   max-width: 320px;
 }
 
+.notification-view-element .right-controls button {
+  margin-left: 10px;
+}
+
+.notification-view-element .message i.fa {
+  margin-right: 6px;
+}
+
+
 .notification-view-element .orginfo {
   margin-top: 8px;
   float: left;
@@ -464,6 +472,22 @@ i.toggle-icon:hover {
 
 .docker-auth-dialog .token-dialog-body .well {
   margin-bottom: 0px;
+  position: relative;
+  padding-right: 24px;
+}
+
+.docker-auth-dialog .token-dialog-body .well i.fa-refresh {
+  position: absolute;
+  top: 9px;
+  right: 9px;
+  font-size: 20px;
+  color: gray;
+  transition: all 0.5s ease-in-out;
+  cursor: pointer;
+}
+
+.docker-auth-dialog .token-dialog-body .well i.fa-refresh:hover {
+  color: black;
 }
 
 .docker-auth-dialog .token-view {
@@ -729,7 +753,7 @@ i.toggle-icon:hover {
 }
 
 .user-notification.notification-animated {
-  width: 21px;
+  min-width: 21px;
 
   transform: scale(0);
   -moz-transform: scale(0);
@@ -2257,6 +2281,14 @@ p.editable:hover i {
   position: relative;
 }
 
+.copy-box-element.disabled .input-group-addon {
+  display: none;
+}
+
+.copy-box-element.disabled input {
+  border-radius: 4px !important;
+}
+
 .global-zeroclipboard-container embed {
   cursor: pointer;
 }
@@ -2535,7 +2567,7 @@ p.editable:hover i {
   margin-top: 10px;
 }
 
-.repo-build .build-log-error-element {
+.repo-build .build-log-error-element .error-message-container {
   position: relative;
   display: inline-block;
   margin: 10px;
@@ -2545,7 +2577,7 @@ p.editable:hover i {
   margin-left: 22px;
 }
 
-.repo-build .build-log-error-element i.fa {
+.repo-build .build-log-error-element .error-message-container i.fa {
   color: red;
   position: absolute;
   top: 13px;
@@ -3535,6 +3567,12 @@ p.editable:hover i {
   white-space: nowrap;
 }
 
+.tt-message {
+  padding: 10px;
+  font-size: 12px;
+  white-space: nowrap;
+}
+
 .tt-suggestion p {
   margin: 0;
 }
@@ -4226,7 +4264,7 @@ pre.command:before {
 }
 
 .user-row.super-user td {
-  background-color: #d9edf7;
+  background-color: #eeeeee;
 }
 
 .user-row .user-class {
@@ -4559,6 +4597,27 @@ i.quay-icon {
   height: 16px;
 }
 
+i.flowdock-icon {
+  background-image: url(/static/img/flowdock.ico);
+  background-size: 16px;
+  width: 16px;
+  height: 16px;
+}
+
+i.hipchat-icon {
+  background-image: url(/static/img/hipchat.png);
+  background-size: 16px;
+  width: 16px;
+  height: 16px;
+}
+
+i.slack-icon {
+  background-image: url(/static/img/slack.ico);
+  background-size: 16px;
+  width: 16px;
+  height: 16px;
+}
+
 .external-notification-view-element {
   margin: 10px;
   padding: 6px; 
@@ -4593,4 +4652,68 @@ i.quay-icon {
 
 .external-notification-view-element:hover .side-controls button {
   border: 1px solid #eee;
+}
+
+.member-listing {
+  width: 100%;
+}
+
+.member-listing .section-header {
+  color: #ccc;
+  margin-top: 20px;
+  margin-bottom: 10px;
+}
+
+.member-listing .gravatar {
+  vertical-align: middle;
+  margin-right: 10px;
+}
+
+.member-listing .entity-reference {
+  margin-bottom: 10px;
+  display: inline-block;
+}
+
+.member-listing .invite-listing {
+  margin-bottom: 10px;
+  display: inline-block;
+}
+
+.team-view .organization-header .popover {
+  max-width: none !important;
+}
+
+.team-view .organization-header .popover.bottom-right .arrow:after {
+  border-bottom-color: #f7f7f7;
+  top: 2px;
+}
+
+.team-view .organization-header .popover-content {
+  font-size: 14px;
+  padding-top: 6px;
+}
+
+.team-view .organization-header .popover-content input {
+  background: white;
+}
+
+.team-view .team-view-add-element .help-text {
+  font-size: 13px;
+  color: #ccc;
+  margin-top: 10px;
+}
+
+.team-view .organization-header .popover-content {
+  min-width: 500px;
+}
+
+#startTriggerDialog .trigger-description {
+  margin-bottom: 20px;
+  padding-bottom: 20px;
+  border-bottom: 1px solid #eee;
+}
+
+#startTriggerDialog #runForm .field-title {
+  width: 120px;
+  padding-right: 10px;
 }
\ No newline at end of file
diff --git a/static/directives/build-log-error.html b/static/directives/build-log-error.html
index 095f8edd0..13b399bb9 100644
--- a/static/directives/build-log-error.html
+++ b/static/directives/build-log-error.html
@@ -1,4 +1,23 @@
-<span bindonce class="build-log-error-element">
-  <i class="fa fa-exclamation-triangle"></i>
-  <span class="error-message" bo-text="error.message"></span>
-</span>
+<div bindonce class="build-log-error-element">
+  <span class="error-message-container">
+    <i class="fa fa-exclamation-triangle"></i>
+    <span class="error-message" bo-text="error.message"></span>
+    <span ng-if="error.message == 'HTTP code: 403' && getLocalPullInfo().isLocal">
+      caused by attempting to pull private repository <a href="/repository/{{ getLocalPullInfo().repo }}">{{ getLocalPullInfo().repo }}</a>
+      <span ng-if="getLocalPullInfo().login">with inaccessible crdentials</span>
+      <span ng-if="!getLocalPullInfo().login">without credentials</span>
+    </span>
+  </span>
+
+  
+  <div class="alert alert-danger" ng-if="error.message == 'HTTP code: 403' && getLocalPullInfo().isLocal">
+    <div ng-if="getLocalPullInfo().login">
+      Note: The credentials <b>{{ getLocalPullInfo().login.username }}</b> for registry <b>{{ getLocalPullInfo().login.registry }}</b> cannot
+      access repository <a href="/repository/{{ getLocalPullInfo().repo }}">{{ getLocalPullInfo().repo }}</a>.
+    </div>
+    <div ng-if="!getLocalPullInfo().login">
+      Note: No robot account is specified for this build. Without such credentials, this pull will always fail. Please setup a new
+      build trigger with a robot account that has access to <a href="/repository/{{ getLocalPullInfo().repo }}">{{ getLocalPullInfo().repo }}</a> or make that repository public.
+    </div>
+  </div>
+</div>
diff --git a/static/directives/copy-box.html b/static/directives/copy-box.html
index 1d996cc31..07dea7407 100644
--- a/static/directives/copy-box.html
+++ b/static/directives/copy-box.html
@@ -1,4 +1,4 @@
-<div class="copy-box-element">
+<div class="copy-box-element" ng-class="disabled ? 'disabled' : ''">
   <div class="id-container">
     <div class="input-group">
       <input type="text" class="form-control" value="{{ value }}" readonly>
diff --git a/static/directives/create-external-notification-dialog.html b/static/directives/create-external-notification-dialog.html
index d384f3f59..bf0c5da03 100644
--- a/static/directives/create-external-notification-dialog.html
+++ b/static/directives/create-external-notification-dialog.html
@@ -73,7 +73,7 @@
             <tr ng-if="currentMethod.fields.length"><td colspan="2"><hr></td></tr>
 
             <tr ng-repeat="field in currentMethod.fields">
-              <td>{{ field.title }}:</td>
+              <td valign="top">{{ field.title }}:</td>
               <td>
                 <div ng-switch on="field.type">
                   <span ng-switch-when="email">
@@ -86,7 +86,11 @@
                        current-entity="currentConfig[field.name]"
                        ng-model="currentConfig[field.name]"
                        allowed-entities="['user', 'team', 'org']"
-                       ng-switch-when="entity">
+                       ng-switch-when="entity"></div>
+
+                  <div ng-if="getHelpUrl(field, currentConfig)" style="margin-top: 10px">
+                    See: <a href="{{ getHelpUrl(field, currentConfig) }}" target="_blank">{{ getHelpUrl(field, currentConfig) }}</a>
+                  </div>
                 </div>                  
               </td>
             </tr>
diff --git a/static/directives/docker-auth-dialog.html b/static/directives/docker-auth-dialog.html
index dcb71a25b..e45b8967d 100644
--- a/static/directives/docker-auth-dialog.html
+++ b/static/directives/docker-auth-dialog.html
@@ -10,19 +10,33 @@
        </div>
        <div class="modal-body token-dialog-body">
          <div class="alert alert-info">The docker <u>username</u> is <b>{{ username }}</b> and the <u>password</u> is the token below. You may use any value for email.</div>
-         <div class="well well-sm">
+
+         <div class="well well-sm" ng-show="regenerating">
+           Regenerating Token...
+           <i class="fa fa-refresh fa-spin"></i>
+         </div>
+         
+         <div class="well well-sm" ng-show="!regenerating">
            <input id="token-view" class="token-view" type="text" value="{{ token }}" onClick="this.select();" readonly>
+           <i class="fa fa-refresh" ng-show="supportsRegenerate" ng-click="askRegenerate()"
+              data-title="Regenerate Token"
+              data-placement="left"
+              bs-tooltip></i>
          </div>
        </div>
-       <div class="modal-footer">
+       <div class="modal-footer" ng-show="regenerating">
+         <button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
+       </div>
+       <div class="modal-footer" ng-show="!regenerating">
          <span class="download-cfg" ng-show="isDownloadSupported()">
            <i class="fa fa-download"></i>
            <a href="javascript:void(0)" ng-click="downloadCfg(shownRobot)">Download .dockercfg file</a>
          </span>
-         <div id="clipboardCopied" style="display: none">
-           Copied to clipboard
+         <div class="clipboard-copied-message" style="display: none">
+           Copied
          </div>
-         <button id="copyClipboard" type="button" class="btn btn-primary" data-clipboard-target="token-view">Copy to clipboard</button>
+         <input type="hidden" name="command-data" id="command-data" value="{{ command }}">
+         <button id="copyClipboard" type="button" class="btn btn-primary" data-clipboard-target="command-data">Copy Login Command</button>
          <button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
        </div>
      </div><!-- /.modal-content -->
diff --git a/static/directives/dropdown-select.html b/static/directives/dropdown-select.html
index c1157e3d0..69404e161 100644
--- a/static/directives/dropdown-select.html
+++ b/static/directives/dropdown-select.html
@@ -2,7 +2,7 @@
   <div class="current-item">
     <div class="dropdown-select-icon-transclude"></div>
     <input type="text" class="lookahead-input form-control" placeholder="{{ placeholder }}"
-           ng-readonly="!lookaheadItems || !lookaheadItems.length"></input>
+           ng-readonly="!allowCustomInput"></input>
   </div>
   <div class="dropdown">
     <button class="btn btn-default dropdown-toggle" type="button" data-toggle="dropdown">
diff --git a/static/directives/entity-reference.html b/static/directives/entity-reference.html
index d01b100ee..ea65db875 100644
--- a/static/directives/entity-reference.html
+++ b/static/directives/entity-reference.html
@@ -7,15 +7,19 @@
     </span>
   </span>
   <span ng-if="entity.kind == 'org'">
-    <img src="//www.gravatar.com/avatar/{{ entity.gravatar }}?s=16&amp;d=identicon">
+    <img ng-src="//www.gravatar.com/avatar/{{ entity.gravatar }}?s={{ gravatarSize || '16' }}&amp;d=identicon">
     <span class="entity-name">
       <span ng-if="!getIsAdmin(entity.name)">{{entity.name}}</span>
       <span ng-if="getIsAdmin(entity.name)"><a href="/organization/{{ entity.name }}">{{entity.name}}</a></span>
     </span>
   </span>
   <span ng-if="entity.kind != 'team' && entity.kind != 'org'">
-    <i class="fa fa-user" ng-show="!entity.is_robot" data-title="User" bs-tooltip="tooltip.title" data-container="body"></i>
-    <i class="fa fa-wrench" ng-show="entity.is_robot" data-title="Robot Account" bs-tooltip="tooltip.title" data-container="body"></i> 
+    <img class="gravatar" ng-if="showGravatar == 'true' && entity.gravatar" ng-src="//www.gravatar.com/avatar/{{ entity.gravatar }}?s={{ gravatarSize || '16' }}&amp;d=identicon">
+    <span ng-if="showGravatar != 'true' || !entity.gravatar">
+      <i class="fa fa-user" ng-show="!entity.is_robot" data-title="User" bs-tooltip="tooltip.title" data-container="body"></i>
+      <i class="fa fa-wrench" ng-show="entity.is_robot" data-title="Robot Account" bs-tooltip="tooltip.title" data-container="body"></i>
+    </span>
+
     <span class="entity-name" ng-if="entity.is_robot">
       <a href="{{ getRobotUrl(entity.name) }}" ng-if="getIsAdmin(getPrefix(entity.name))">
         <span class="prefix">{{ getPrefix(entity.name) }}+</span><span>{{ getShortenedName(entity.name) }}</span>
diff --git a/static/directives/entity-search.html b/static/directives/entity-search.html
index fec00b393..63abb1528 100644
--- a/static/directives/entity-search.html
+++ b/static/directives/entity-search.html
@@ -5,7 +5,7 @@
             ng-click="lazyLoad()">
       <span class="caret"></span>
     </button>
-    <ul class="dropdown-menu" role="menu" aria-labelledby="entityDropdownMenu">
+    <ul class="dropdown-menu" ng-class="pullRight == 'true' ? 'pull-right': ''" role="menu" aria-labelledby="entityDropdownMenu">
       <li ng-show="lazyLoading" style="padding: 10px"><div class="quay-spinner"></div></li>
 
       <li role="presentation" class="dropdown-header" ng-show="!lazyLoading && !robots && !isAdmin && !teams">
diff --git a/static/directives/external-login-button.html b/static/directives/external-login-button.html
new file mode 100644
index 000000000..d241089d6
--- /dev/null
+++ b/static/directives/external-login-button.html
@@ -0,0 +1,17 @@
+<span class="external-login-button-element">
+  <span ng-if="provider == 'github'">
+    <a href="javascript:void(0)" class="btn btn-primary btn-block" quay-require="['GITHUB_LOGIN']" ng-click="startSignin('github')" style="margin-bottom: 10px" ng-disabled="signingIn">
+      <i class="fa fa-github fa-lg"></i> 
+      <span ng-if="action != 'attach'">Sign In with GitHub</span>
+      <span ng-if="action == 'attach'">Attach to GitHub Account</span>
+    </a>
+  </span>
+  
+  <span ng-if="provider == 'google'">
+    <a href="javascript:void(0)" class="btn btn-primary btn-block" quay-require="['GOOGLE_LOGIN']"  ng-click="startSignin('google')" ng-disabled="signingIn">
+      <i class="fa fa-google fa-lg"></i> 
+      <span ng-if="action != 'attach'">Sign In with Google</span>
+      <span ng-if="action == 'attach'">Attach to Google Account</span>
+    </a>
+  </span>
+</span>
diff --git a/static/directives/header-bar.html b/static/directives/header-bar.html
index d440e3a86..fe154341f 100644
--- a/static/directives/header-bar.html
+++ b/static/directives/header-bar.html
@@ -4,7 +4,7 @@
     &equiv;
   </button>
   <a class="navbar-brand" href="/" target="{{ appLinkTarget() }}">
-    <img id="quay-logo" src="/static/img/black-horizontal.svg">
+    <img id="quay-logo" src="/static/img/quay-logo.png">
   </a>
 </div>
 
@@ -37,15 +37,7 @@
       <a href="javascript:void(0)" class="dropdown-toggle user-dropdown user-view" data-toggle="dropdown">
         <img src="//www.gravatar.com/avatar/{{ user.gravatar }}?s=32&d=identicon" />
         {{ user.username }}
-        <span class="badge user-notification notification-animated"
-              ng-show="notificationService.notifications.length"
-              ng-class="notificationService.notificationClasses"
-              bs-tooltip=""
-              data-title="User Notifications"
-              data-placement="left"
-              data-container="body">
-          {{ notificationService.notifications.length }}
-        </span>
+        <span class="notifications-bubble"></span>
         <b class="caret"></b>
       </a>
       <ul class="dropdown-menu">
@@ -58,11 +50,7 @@
           <a href="javascript:void(0)" data-template="/static/directives/notification-bar.html"
              data-animation="am-slide-right" bs-aside="aside" data-container="body">
             Notifications
-            <span class="badge user-notification"
-                  ng-class="notificationService.notificationClasses"
-                  ng-show="notificationService.notifications.length">
-              {{ notificationService.notifications.length }}
-            </span>
+            <span class="notifications-bubble"></span>
           </a>
         </li>
         <li><a ng-href="/organizations/" target="{{ appLinkTarget() }}">Organizations</a></li>
diff --git a/static/directives/logs-view.html b/static/directives/logs-view.html
index 5ccea2f3f..28509b897 100644
--- a/static/directives/logs-view.html
+++ b/static/directives/logs-view.html
@@ -3,7 +3,7 @@
   <div class="container header">
     <span class="header-text">
       <span ng-show="!performer">Usage Logs</span>
-      <span class="entity-reference" name="performer.username" isrobot="performer.is_robot" ng-show="performer"></span>
+      <span class="entity-reference" entity="performer" ng-show="performer"></span>
       <span id="logs-range" class="mini">
         From
         <input type="text" class="logs-date-picker input-sm" name="start" ng-model="logStartDate" data-max-date="{{ logEndDate }}" data-container="body" bs-datepicker/>
diff --git a/static/directives/manual-trigger-build-dialog.html b/static/directives/manual-trigger-build-dialog.html
new file mode 100644
index 000000000..e82879e8a
--- /dev/null
+++ b/static/directives/manual-trigger-build-dialog.html
@@ -0,0 +1,38 @@
+<!-- Modal message dialog -->
+<div class="modal fade" id="startTriggerDialog">
+  <div class="modal-dialog">
+    <div class="modal-content">
+      <div class="modal-header">
+        <button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
+        <h4 class="modal-title">Manully Start Build Trigger</h4>
+      </div>
+      <div class="modal-body">
+        <div class="trigger-description" trigger="trigger"></div>
+        
+        <form name="runForm" id="runForm">
+          <table width="100%">
+            <tr ng-repeat="field in runParameters">
+                <td class="field-title" valign="top">{{ field.title }}:</td>
+                <td>
+                  <div ng-switch on="field.type">
+                    <span ng-switch-when="option">
+                      <span class="quay-spinner" ng-show="!fieldOptions[field.name]"></span>
+                      <select ng-model="parameters[field.name]" ng-show="fieldOptions[field.name]"
+                              ng-options="value for value  in fieldOptions[field.name]"
+                              required>
+                      </select>
+                    </span>
+                    <input type="text" class="form-control" ng-model="parameters[field.name]"  ng-switch-when="string" required>
+                  </div>
+                </td>
+              </tr>
+          </table>
+        </form>
+      </div>
+      <div class="modal-footer">
+        <button type="button" class="btn btn-primary"  ng-disabled="runForm.$invalid" ng-click="startTrigger()">Start Build</button>
+        <button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
+      </div>
+    </div><!-- /.modal-content -->
+  </div><!-- /.modal-dialog -->
+</div><!-- /.modal -->
\ No newline at end of file
diff --git a/static/directives/notification-bar.html b/static/directives/notification-bar.html
index 5d25a40b4..c6841a7f5 100644
--- a/static/directives/notification-bar.html
+++ b/static/directives/notification-bar.html
@@ -3,7 +3,10 @@
     <div class="aside-content">
       <div class="aside-header">
         <button type="button" class="close" ng-click="$hide()">&times;</button>
-        <h4 class="aside-title">Notifications</h4>
+        <h4 class="aside-title">
+          Notifications
+          <span class="notifications-bubble"></span>
+        </h4>
       </div>
       <div class="aside-body">
         <div ng-repeat="notification in notificationService.notifications">
diff --git a/static/directives/notification-view.html b/static/directives/notification-view.html
index f03133e55..fbdb4b419 100644
--- a/static/directives/notification-view.html
+++ b/static/directives/notification-view.html
@@ -7,10 +7,13 @@
       <span class="orgname">{{ notification.organization }}</span>
     </div>
   </div>
-  <div class="datetime">{{ parseDate(notification.created) | date:'medium'}}</div>
   <div class="right-controls">
     <a href="javascript:void(0)" ng-if="canDismiss(notification)" ng-click="dismissNotification(notification)">
       Dismiss Notification
     </a>
+    <button class="btn" ng-class="'btn-' + action.kind" ng-repeat="action in getActions(notification)" ng-click="action.handler(notification)">
+      {{ action.title }}
+    </button>
   </div>
+  <div class="datetime">{{ parseDate(notification.created) | date:'medium'}}</div>
 </div>
diff --git a/static/directives/notifications-bubble.html b/static/directives/notifications-bubble.html
new file mode 100644
index 000000000..cf10cccf2
--- /dev/null
+++ b/static/directives/notifications-bubble.html
@@ -0,0 +1,7 @@
+<span class="notifications-bubble-element">
+  <span class="badge user-notification notification-animated"
+        ng-show="notificationService.notifications.length"
+        ng-class="notificationService.notificationClasses">
+    {{ notificationService.notifications.length }}<span ng-if="notificationService.additionalNotifications">+</span>
+  </span>
+</span>
diff --git a/static/directives/robots-manager.html b/static/directives/robots-manager.html
index c696937d2..c11c07cf8 100644
--- a/static/directives/robots-manager.html
+++ b/static/directives/robots-manager.html
@@ -31,7 +31,7 @@
   </div>
 
   <div class="docker-auth-dialog" username="shownRobot.name" token="shownRobot.token"
-       shown="!!shownRobot" counter="showRobotCounter">
+       shown="!!shownRobot" counter="showRobotCounter" supports-regenerate="true" regenerate="regenerateToken(username)">
     <i class="fa fa-wrench"></i> {{ shownRobot.name }}
   </div>
 </div>
diff --git a/static/directives/signin-form.html b/static/directives/signin-form.html
index f56b8f8db..59551b51c 100644
--- a/static/directives/signin-form.html
+++ b/static/directives/signin-form.html
@@ -1,21 +1,27 @@
 <div class="signin-form-element">
-  <form class="form-signin" ng-submit="signin();">
+  <span class="quay-spinner" ng-show="signingIn"></span>
+  <form class="form-signin" ng-submit="signin();" ng-show="!signingIn">
     <input type="text" class="form-control input-lg" name="username"
            placeholder="Username or E-mail Address" ng-model="user.username" autofocus>
     <input type="password" class="form-control input-lg" name="password"
            placeholder="Password" ng-model="user.password">
-    <button class="btn btn-lg btn-primary btn-block" type="submit">Sign In</button>  
-    
-    <span class="social-alternate" quay-require="['GITHUB_LOGIN']">
-      <i class="fa fa-circle"></i>
-      <span class="inner-text">OR</span>
-    </span>
 
-    <a id="github-signin-link" class="btn btn-primary btn-lg btn-block" href="javascript:void(0)" ng-click="showGithub()"
-       quay-require="['GITHUB_LOGIN']">
-      <i class="fa fa-github fa-lg"></i> Sign In with GitHub
-    </a>
-  </form> 
+    <div class="alert alert-warning" ng-show="tryAgainSoon > 0">
+      Too many attempts have been made to login. Please try again in {{ tryAgainSoon }} second<span ng-if="tryAgainSoon != 1">s</span>.
+    </div>
+
+    <span ng-show="tryAgainSoon == 0">
+      <button class="btn btn-lg btn-primary btn-block" type="submit">Sign In</button>  
+      
+      <span class="social-alternate" quay-show="Features.GITHUB_LOGIN || Features.GOOGLE_LOGIN">
+        <i class="fa fa-circle"></i>
+        <span class="inner-text">OR</span>
+      </span>
+
+      <div class="external-login-button" provider="github" redirect-url="redirectUrl" sign-in-started="markStarted()"></div>
+      <div class="external-login-button" provider="google" redirect-url="redirectUrl" sign-in-started="markStarted()"></div>
+    </span>
+  </form>
 
   <div class="alert alert-danger" ng-show="invalidCredentials">Invalid username or password.</div>
   <div class="alert alert-danger" ng-show="needsEmailVerification">
diff --git a/static/directives/signup-form.html b/static/directives/signup-form.html
index e6bd400b4..9117e880a 100644
--- a/static/directives/signup-form.html
+++ b/static/directives/signup-form.html
@@ -1,5 +1,5 @@
-<div class="signup-form-element">
-  <form class="form-signup" name="signupForm" ng-submit="register()" ngshow="!awaitingConfirmation && !registering">
+<div class="signup-form-element" quay-show="Features.USER_CREATION">
+  <form class="form-signup" name="signupForm" ng-submit="register()" ng-show="!awaitingConfirmation && !registering">
     <input type="text" class="form-control" placeholder="Create a username" name="username" ng-model="newUser.username" autofocus required ng-pattern="/^[a-z0-9_]{4,30}$/">
     <input type="email" class="form-control" placeholder="Email address" ng-model="newUser.email" required>
     <input type="password" class="form-control" placeholder="Create a password" ng-model="newUser.password" required
@@ -18,10 +18,8 @@
         <i class="fa fa-circle"></i>
         <span class="inner-text">OR</span>
       </span>
-      <a href="https://github.com/login/oauth/authorize?client_id={{ githubClientId }}&scope=user:email{{ github_state_clause }}"
-         class="btn btn-primary btn-block" quay-require="['GITHUB_LOGIN']">
-        <i class="fa fa-github fa-lg"></i> Sign In with GitHub
-      </a>
+      <div class="external-login-button" provider="github"></div>
+      <div class="external-login-button" provider="google"></div>
     </div>
   </form>
   <div ng-show="registering" style="text-align: center">
diff --git a/static/directives/team-view-add.html b/static/directives/team-view-add.html
new file mode 100644
index 000000000..9129c7031
--- /dev/null
+++ b/static/directives/team-view-add.html
@@ -0,0 +1,17 @@
+<div class="team-view-add-element" focusable-popover-content>
+  <div class="entity-search"
+       namespace="orgname" placeholder="'Add a registered user or robot...'"
+       entity-selected="addNewMember(entity)"
+       email-selected="inviteEmail(email)"
+       current-entity="selectedMember"
+       auto-clear="true"
+       allowed-entities="['user', 'robot']"
+       pull-right="true"
+       allow-emails="allowEmail"
+       email-message="Press enter to invite the entered e-mail address to this team"
+       ng-show="!addingMember"></div>
+  <div class="quay-spinner" ng-show="addingMember"></div>
+  <div class="help-text" ng-show="!addingMember">
+    Search by Quay.io username or robot account name
+  </div>
+</div>
diff --git a/static/directives/trigger-setup-github.html b/static/directives/trigger-setup-github.html
index 9b0e194ab..48ac359f9 100644
--- a/static/directives/trigger-setup-github.html
+++ b/static/directives/trigger-setup-github.html
@@ -29,7 +29,8 @@
     <div class="slideinout" ng-show="currentRepo">
       <div style="margin-top: 10px">Dockerfile Location:</div>
       <div class="dropdown-select" placeholder="'(Repository Root)'" selected-item="currentLocation"
-           lookahead-items="locations" handle-input="handleLocationInput(input)" handle-item-selected="handleLocationSelected(datum)">
+           lookahead-items="locations" handle-input="handleLocationInput(input)" handle-item-selected="handleLocationSelected(datum)"
+           allow-custom-input="true">
         <!-- Icons -->
         <i class="dropdown-select-icon none-icon fa fa-folder-o fa-lg" ng-show="isInvalidLocation"></i>
         <i class="dropdown-select-icon none-icon fa fa-folder fa-lg" style="color: black;" ng-show="!isInvalidLocation"></i>
diff --git a/static/directives/user-setup.html b/static/directives/user-setup.html
index d7cc12cbd..cd9778981 100644
--- a/static/directives/user-setup.html
+++ b/static/directives/user-setup.html
@@ -14,7 +14,7 @@
         </div>
       </div>
     </div>
-    <div class="panel panel-default">
+    <div class="panel panel-default" quay-show="Features.USER_CREATION">
       <div class="panel-heading">
         <h6 class="panel-title accordion-title">
           <a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion" data-target="#collapseRegister">
@@ -24,11 +24,11 @@
       </div>
       <div id="collapseRegister" class="panel-collapse collapse" ng-class="hasSignedIn() ? 'out' : 'in'">
         <div class="panel-body">
-          <div class="signup-form"></div>
+          <div class="signup-form" user-registered="handleUserRegistered(username)" invite-code="inviteCode"></div>
         </div>
       </div>
     </div>
-    <div class="panel panel-default">
+    <div class="panel panel-default" quay-show="Features.MAILING">
       <div class="panel-heading">
         <h6 class="panel-title accordion-title">
           <a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion" data-target="#collapseForgot">
@@ -37,7 +37,8 @@
         </h6>
       </div>
       <div id="collapseForgot" class="panel-collapse collapse out">
-        <div class="panel-body">
+        <div class="quay-spinner" ng-show="sendingRecovery"></div>
+        <div class="panel-body" ng-show="!sendingRecovery">
           <form class="form-signin" ng-submit="sendRecovery();">
             <input type="text" class="form-control input-lg" placeholder="Email" ng-model="recovery.email">
             <button class="btn btn-lg btn-primary btn-block" type="submit">Send Recovery Email</button>
diff --git a/static/img/flowdock.ico b/static/img/flowdock.ico
new file mode 100644
index 000000000..e3d92799b
Binary files /dev/null and b/static/img/flowdock.ico differ
diff --git a/static/img/hipchat.png b/static/img/hipchat.png
new file mode 100644
index 000000000..afdef551e
Binary files /dev/null and b/static/img/hipchat.png differ
diff --git a/static/img/slack.ico b/static/img/slack.ico
new file mode 100644
index 000000000..d32c25280
Binary files /dev/null and b/static/img/slack.ico differ
diff --git a/static/js/app.js b/static/js/app.js
index ad6527fc1..27b086bab 100644
--- a/static/js/app.js
+++ b/static/js/app.js
@@ -1,6 +1,46 @@
 var TEAM_PATTERN = '^[a-zA-Z][a-zA-Z0-9]+$';
 var ROBOT_PATTERN = '^[a-zA-Z][a-zA-Z0-9]{3,29}$';
 
+$.fn.clipboardCopy = function() { 
+  if (zeroClipboardSupported) {
+    (new ZeroClipboard($(this)));
+    return true;
+  }
+
+  this.hide();
+  return false;
+};
+
+var zeroClipboardSupported = true;
+ZeroClipboard.config({
+  'swfPath': 'static/lib/ZeroClipboard.swf'
+});
+
+ZeroClipboard.on("error", function(e) {
+  zeroClipboardSupported = false;  
+});
+
+ZeroClipboard.on('aftercopy', function(e) {
+  var container = e.target.parentNode.parentNode.parentNode;
+  var message = $(container).find('.clipboard-copied-message')[0];
+
+  // Resets the animation.
+  var elem = message;
+  elem.style.display = 'none';
+  elem.classList.remove('animated');
+
+  // Show the notification.
+  setTimeout(function() {
+    elem.style.display = 'inline-block';
+    elem.classList.add('animated');
+  }, 10);
+
+  // Reset the notification.
+  setTimeout(function() {
+    elem.style.display = 'none';
+  }, 5000);
+});
+
 function getRestUrl(args) {
   var url = '';
   for (var i = 0; i < arguments.length; ++i) {
@@ -113,6 +153,14 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading
         this.currentIndex_ = 0;
       }
 
+      _ViewArray.prototype.length = function() {
+        return this.entries.length;
+      };
+
+      _ViewArray.prototype.get = function(index) {
+        return this.entries[index];
+      };
+
       _ViewArray.prototype.push = function(elem) {
         this.entries.push(elem);
         this.hasEntries = true;
@@ -175,6 +223,78 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading
       return service;
     }]);
 
+    /**
+     * Specialized class for conducting an HTTP poll, while properly preventing multiple calls.
+     */
+    $provide.factory('AngularPollChannel', ['ApiService', '$timeout', function(ApiService, $timeout) {
+      var _PollChannel = function(scope, requester, opt_sleeptime) {
+        this.scope_ = scope;
+        this.requester_ = requester;
+        this.sleeptime_ = opt_sleeptime || (60 * 1000 /* 60s */);
+        this.timer_ = null;
+
+        this.working = false;
+        this.polling = false;
+
+        var that = this;
+        scope.$on('$destroy', function() {
+          that.stop();
+        });
+      };
+
+      _PollChannel.prototype.stop = function() {
+        if (this.timer_) {
+          $timeout.cancel(this.timer_);
+          this.timer_ = null;
+          this.polling_ = false;
+        }
+
+        this.working = false;
+      };
+
+      _PollChannel.prototype.start = function() {
+        // Make sure we invoke call outside the normal digest cycle, since
+        // we'll call $scope.$apply ourselves.
+        var that = this;
+        setTimeout(function() { that.call_(); }, 0);
+      };
+
+      _PollChannel.prototype.call_ = function() {
+        if (this.working) { return; }
+
+        var that = this;
+        this.working = true;
+        this.scope_.$apply(function() {
+          that.requester_(function(status) {
+            if (status) {
+              that.working = false;
+              that.setupTimer_();
+            } else {
+              that.stop();
+            }
+          });
+        });
+      };
+
+      _PollChannel.prototype.setupTimer_ = function() {
+        if (this.timer_) { return; }
+
+        var that = this;
+        this.polling = true;
+        this.timer_ = $timeout(function() {
+          that.timer_ = null;
+          that.call_();
+        }, this.sleeptime_)
+      };
+    
+      var service = {
+        'create': function(scope, requester, opt_sleeptime) {
+          return new _PollChannel(scope, requester, opt_sleeptime);
+        }
+      };
+
+      return service;
+    }]);
 
     $provide.factory('DataFileService', [function() {
       var dataFileService = {};
@@ -344,7 +464,7 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading
       var uiService = {};
       
       uiService.hidePopover = function(elem) {
-        var popover = $('#signupButton').data('bs.popover');
+        var popover = $(elem).data('bs.popover');
         if (popover) {
           popover.hide();
         }
@@ -379,6 +499,11 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading
     $provide.factory('UtilService', ['$sanitize', function($sanitize) {
       var utilService = {};
 
+      utilService.isEmailAddress = function(val) {
+        var emailRegex = /^[a-zA-Z0-9.!#$%&’*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/;
+        return emailRegex.test(val);
+      };
+
       utilService.escapeHtmlString = function(text) {
         var adjusted = text.replace(/&/g, "&amp;")
           .replace(/</g, "&lt;")
@@ -401,6 +526,29 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading
       var pingService = {};
       var pingCache = {};
 
+      var invokeCallback = function($scope, pings, callback) {
+        if (pings[0] == -1) {
+          setTimeout(function() {
+            $scope.$apply(function() {
+              callback(-1, false, -1);
+            });
+          }, 0);
+          return;
+        }
+
+        var sum = 0;
+        for (var i = 0; i < pings.length; ++i) {
+          sum += pings[i];
+        }
+
+        // Report the average ping.
+        setTimeout(function() {
+          $scope.$apply(function() {
+            callback(Math.floor(sum / pings.length), true, pings.length);
+          });
+        }, 0);
+      };
+
       var reportPingResult = function($scope, url, ping, callback) {
         // Lookup the cached ping data, if any.
         var cached = pingCache[url];
@@ -413,28 +561,15 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading
         // If an error occurred, report it and done.
         if (ping < 0) {
           cached['pings'] = [-1];
-          setTimeout(function() {
-            $scope.$apply(function() {
-              callback(-1, false, -1);
-            });
-          }, 0);
+          invokeCallback($scope, [-1], callback);
           return;
         }
 
         // Otherwise, add the current ping and determine the average.
         cached['pings'].push(ping);
 
-        var sum = 0;
-        for (var i = 0; i < cached['pings'].length; ++i) {
-          sum += cached['pings'][i];
-        }
-
-        // Report the average ping.
-        setTimeout(function() {
-          $scope.$apply(function() {
-            callback(Math.floor(sum / cached['pings'].length), true, cached['pings'].length);
-          });
-        }, 0);
+        // Invoke the callback.
+        invokeCallback($scope, cached['pings'], callback);
 
         // Schedule another check if we've done less than three.
         if (cached['pings'].length < 3) {
@@ -470,12 +605,7 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading
 
       pingService.pingUrl = function($scope, url, callback) {
         if (pingCache[url]) {
-          cached = pingCache[url];
-          setTimeout(function() {
-            $scope.$apply(function() {
-              callback(cached.result, cached.success);
-            });
-          }, 0);
+          invokeCallback($scope, pingCache[url]['pings'], callback);          
           return;
         }
 
@@ -490,32 +620,92 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading
     }]);
 
 
-    $provide.factory('TriggerDescriptionBuilder', ['UtilService', '$sanitize', function(UtilService, $sanitize) {
-      var builderService = {};
+    $provide.factory('TriggerService', ['UtilService', '$sanitize', function(UtilService, $sanitize) {
+      var triggerService = {};
 
-      builderService.getDescription = function(name, config) {
-        switch (name) {
-          case 'github':
+      var triggerTypes = {
+        'github': {
+          'description': function(config) {
             var source = UtilService.textToSafeHtml(config['build_source']);
             var desc = '<i class="fa fa-github fa-lg" style="margin-left: 2px; margin-right: 2px"></i> Push to Github Repository ';
             desc += '<a href="https://github.com/' + source  + '" target="_blank">' + source + '</a>';
             desc += '<br>Dockerfile folder: //' + UtilService.textToSafeHtml(config['subdir']);
             return desc;
+          },
 
-          default:
-            return 'Unknown';
+          'run_parameters': [
+            {
+              'title': 'Branch',
+              'type': 'option',
+              'name': 'branch_name'
+            }
+          ]
         }
+      }
+
+      triggerService.getDescription = function(name, config) {
+        var type = triggerTypes[name];
+        if (!type) {
+          return 'Unknown';
+        }
+        return type['description'](config);
       };
 
-      return builderService;
+      triggerService.getRunParameters = function(name, config) {
+        var type = triggerTypes[name];
+        if (!type) {
+          return [];
+        }
+        return type['run_parameters'];
+      }
+
+      return triggerService;
     }]);
 
     $provide.factory('StringBuilderService', ['$sce', 'UtilService', function($sce, UtilService) {
       var stringBuilderService = {};
 
+      stringBuilderService.buildUrl = function(value_or_func, metadata) {
+        var url = value_or_func;
+        if (typeof url != 'string') {
+          url = url(metadata);
+        }
+
+        // Find the variables to be replaced.
+        var varNames = [];
+        for (var i = 0; i < url.length; ++i) {
+          var c = url[i];
+          if (c == '{') {
+            for (var j = i + 1; j < url.length; ++j) {
+              var d = url[j];
+              if (d == '}') {
+                varNames.push(url.substring(i + 1, j));
+                i = j;
+                break;
+              }
+            }
+          }
+        }
+
+        // Replace all variables found.
+        for (var i = 0; i < varNames.length; ++i) {
+          var varName = varNames[i];
+          if (!metadata[varName]) {
+            return null;
+          }
+
+          url = url.replace('{' + varName + '}', metadata[varName]);
+        }
+
+        return url;
+      };
+
       stringBuilderService.buildString = function(value_or_func, metadata) {
          var fieldIcons = {
+          'inviter': 'user',
           'username': 'user',
+          'user': 'user',
+          'email': 'envelope',
           'activating_username': 'user',
           'delegate_user': 'user',
           'delegate_team': 'group',
@@ -668,7 +858,7 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading
       return config;
     }]);
 
-    $provide.factory('ApiService', ['Restangular', function(Restangular) {
+  $provide.factory('ApiService', ['Restangular', '$q', function(Restangular, $q) {
       var apiService = {};
 
       var getResource = function(path, opt_background) {
@@ -716,6 +906,8 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading
         // We already have /api/v1/ on the URLs, so remove them from the paths.
         path = path.substr('/api/v1/'.length, path.length);
 
+        // Build the path, adjusted with the inline parameters.
+        var used = {};
         var url = '';
         for (var i = 0; i < path.length; ++i) {
           var c = path[i];
@@ -727,6 +919,7 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading
               throw new Error('Missing parameter: ' + varName);
             }
 
+            used[varName] = true;
             url += parameters[varName];
             i = end;
             continue;
@@ -735,6 +928,20 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading
           url += c;
         }
 
+        // Append any query parameters.
+        var isFirst = true;
+        for (var paramName in parameters) {
+          if (!parameters.hasOwnProperty(paramName)) { continue; }
+          if (used[paramName]) { continue; }
+
+          var value = parameters[paramName];
+          if (value) {
+            url += isFirst ? '?' : '&';
+            url += paramName + '=' + encodeURIComponent(value)
+            isFirst = false;
+          }
+        }
+
         return url;
       };
 
@@ -765,6 +972,77 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading
         }
       };
 
+      var freshLoginFailCheck = function(opName, opArgs) {
+        return function(resp) {
+          var deferred = $q.defer();
+          
+          // If the error is a fresh login required, show the dialog.
+          if (resp.status == 401 && resp.data['error_type'] == 'fresh_login_required') {
+            var verifyNow = function() {
+              var info = {
+                'password': $('#freshPassword').val()
+              };
+
+              $('#freshPassword').val('');
+
+              // Conduct the sign in of the user.
+              apiService.verifyUser(info).then(function() {
+                // On success, retry the operation. if it succeeds, then resolve the
+                // deferred promise with the result. Otherwise, reject the same.
+                apiService[opName].apply(apiService, opArgs).then(function(resp) {
+                  deferred.resolve(resp);
+                }, function(resp) {
+                  deferred.reject(resp);
+                });
+              }, function(resp) {
+                // Reject with the sign in error.
+                deferred.reject({'data': {'message': 'Invalid verification credentials'}});
+              });
+            };
+           
+            var box = bootbox.dialog({
+              "message": 'It has been more than a few minutes since you last logged in, ' +
+                'so please verify your password to perform this sensitive operation:' + 
+                '<form style="margin-top: 10px" action="javascript:void(0)">' +
+                '<input id="freshPassword" class="form-control" type="password" placeholder="Current Password">' + 
+                '</form>',
+              "title": 'Please Verify',
+              "buttons": {
+                "verify": {
+                  "label": "Verify",
+                  "className": "btn-success",
+                  "callback": verifyNow
+                },
+                "close": {
+                  "label": "Cancel",
+                  "className": "btn-default",
+                  "callback": function() {
+                    deferred.reject({'data': {'message': 'Verification canceled'}});
+                  }
+                }
+              }
+            });
+
+            box.bind('shown.bs.modal', function(){
+              box.find("input").focus();
+              box.find("form").submit(function() {
+                if (!$('#freshPassword').val()) { return; }
+                
+                box.modal('hide');
+                verifyNow();
+              });
+            });
+
+            // Return a new promise. We'll accept or reject it based on the result
+            // of the login.
+            return deferred.promise;
+          }
+
+          // Otherwise, we just 'raise' the error via the reject method on the promise.
+          return $q.reject(resp);
+        };
+      };
+
       var buildMethodsForOperation = function(operation, resource, resourceMap) {
         var method = operation['method'].toLowerCase();
         var operationName = operation['nickname'];
@@ -778,7 +1056,15 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading
               'ignoreLoadingBar': true
             });
           }
-          return one['custom' + method.toUpperCase()](opt_options);
+          
+          var opObj = one['custom' + method.toUpperCase()](opt_options);
+
+          // If the operation requires_fresh_login, then add a specialized error handler that
+          // will defer the operation's result if sudo is requested.
+          if (operation['requires_fresh_login']) {
+            opObj = opObj.catch(freshLoginFailCheck(operationName, arguments));
+          }
+          return opObj;
         };
 
         // If the method for the operation is a GET, add an operationAsResource method.
@@ -1009,7 +1295,7 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading
       return userService;
     }]);
 
-  $provide.factory('ExternalNotificationData', ['Config', function(Config) {
+  $provide.factory('ExternalNotificationData', ['Config', 'Features', function(Config, Features) {
     var externalNotificationData = {};
 
     var events = [
@@ -1063,7 +1349,8 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading
             'type': 'email',
             'title': 'E-mail address'
           }
-        ]
+        ],
+        'enabled': Features.MAILING
       },
       {
         'id': 'webhook',
@@ -1076,6 +1363,54 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading
             'title': 'Webhook URL'
           }
         ]
+      },
+      {
+        'id': 'flowdock',
+        'title': 'Flowdock Team Notification',
+        'icon': 'flowdock-icon',
+        'fields': [
+          {
+            'name': 'flow_api_token',
+            'type': 'string',
+            'title': 'Flow API Token',
+            'help_url': 'https://www.flowdock.com/account/tokens'
+          }
+        ]
+      },
+      {
+        'id': 'hipchat',
+        'title': 'HipChat Room Notification',
+        'icon': 'hipchat-icon',
+        'fields': [
+          {
+            'name': 'room_id',
+            'type': 'string',
+            'title': 'Room ID #'
+          },
+          {
+            'name': 'notification_token',
+            'type': 'string',
+            'title': 'Notification Token'
+          }
+        ]
+      },
+      {
+        'id': 'slack',
+        'title': 'Slack Room Notification',
+        'icon': 'slack-icon',
+        'fields': [
+          {
+            'name': 'subdomain',
+            'type': 'string',
+            'title': 'Slack Subdomain'
+          },
+          {
+            'name': 'token',
+            'type': 'string',
+            'title': 'Token',
+            'help_url': 'https://{subdomain}.slack.com/services/new/incoming-webhook'
+          }
+        ]
       }
     ];
 
@@ -1095,7 +1430,13 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading
     };
 
     externalNotificationData.getSupportedMethods = function() {
-      return methods;
+      var filtered = [];
+      for (var i = 0; i < methods.length; ++i) {
+        if (methods[i].enabled !== false) {
+          filtered.push(methods[i]);
+        }
+      }
+      return filtered;
     };
 
     externalNotificationData.getEventInfo = function(event) {
@@ -1109,13 +1450,14 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading
     return externalNotificationData;
   }]);
 
-  $provide.factory('NotificationService', ['$rootScope', '$interval', 'UserService', 'ApiService', 'StringBuilderService', 'PlanService', 'UserService', 'Config',
-    function($rootScope, $interval, UserService, ApiService, StringBuilderService, PlanService, UserService, Config) {
+  $provide.factory('NotificationService', ['$rootScope', '$interval', 'UserService', 'ApiService', 'StringBuilderService', 'PlanService', 'UserService', 'Config', '$location',
+                                           function($rootScope, $interval, UserService, ApiService, StringBuilderService, PlanService, UserService, Config, $location) {
       var notificationService = {
         'user': null,
         'notifications': [],
         'notificationClasses': [],
-        'notificationSummaries': []
+        'notificationSummaries': [],
+        'additionalNotifications': false
       };
 
       var pollTimerHandle = null;
@@ -1127,6 +1469,28 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading
           'page': '/about/',
           'dismissable': true
         },
+        'org_team_invite': {
+          'level': 'primary',
+          'message': '{inviter} is inviting you to join team {team} under organization {org}',
+          'actions': [
+            {
+              'title': 'Join team',
+              'kind': 'primary',
+              'handler': function(notification) {
+                window.location = '/confirminvite?code=' + notification.metadata['code'];
+              }
+            },
+            {
+              'title': 'Decline',
+              'kind': 'default',
+              'handler': function(notification) {
+                ApiService.declineOrganizationTeamInvite(null, {'code': notification.metadata['code']}).then(function() {
+                  notificationService.update();
+                });
+              }
+            }
+          ]
+        },
         'password_required': {
           'level': 'error',
           'message': 'In order to begin pushing and pulling repositories, a password must be set for your account',
@@ -1211,7 +1575,9 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading
           'uuid': notification.id
         };
         
-        ApiService.updateUserNotification(notification, params);
+        ApiService.updateUserNotification(notification, params, function() {
+          notificationService.update();
+        }, ApiService.errorDisplay('Could not update notification'));
 
         var index = $.inArray(notification, notificationService.notifications);
         if (index >= 0) {
@@ -1219,6 +1585,15 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading
         }
       };
 
+      notificationService.getActions = function(notification) {
+        var kindInfo = notificationKinds[notification['kind']];
+        if (!kindInfo) {
+          return [];
+        }
+
+        return kindInfo['actions'] || [];
+      };
+
       notificationService.canDismiss = function(notification) {
         var kindInfo = notificationKinds[notification['kind']];
         if (!kindInfo) {
@@ -1228,11 +1603,16 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading
       };
 
       notificationService.getPage = function(notification) {
-        var page = notificationKinds[notification['kind']]['page'];
-        if (typeof page != 'string') {
+        var kindInfo = notificationKinds[notification['kind']];
+        if (!kindInfo) {
+          return null;
+        }
+
+        var page = kindInfo['page'];
+        if (page != null && typeof page != 'string') {
           page = page(notification['metadata']);
         }
-        return page;
+        return page || '';
       };
 
       notificationService.getMessage = function(notification) {
@@ -1268,6 +1648,7 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading
 
         ApiService.listUserNotifications().then(function(resp) {
           notificationService.notifications = resp['notifications'];
+          notificationService.additionalNotifications = resp['additional'];
           notificationService.notificationClasses = notificationService.getClasses(notificationService.notifications);
         });
       };
@@ -1296,10 +1677,41 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading
       var keyService = {}
 
       keyService['stripePublishableKey'] = Config['STRIPE_PUBLISHABLE_KEY'];
+
       keyService['githubClientId'] = Config['GITHUB_CLIENT_ID'];
       keyService['githubLoginClientId'] = Config['GITHUB_LOGIN_CLIENT_ID'];
       keyService['githubRedirectUri'] = Config.getUrl('/oauth2/github/callback');
 
+      keyService['googleLoginClientId'] = Config['GOOGLE_LOGIN_CLIENT_ID'];
+      keyService['googleRedirectUri'] = Config.getUrl('/oauth2/google/callback');
+
+      keyService['googleLoginUrl'] = 'https://accounts.google.com/o/oauth2/auth?response_type=code&';
+      keyService['githubLoginUrl'] = 'https://github.com/login/oauth/authorize?';
+
+      keyService['googleLoginScope'] = 'openid email';
+      keyService['githubLoginScope'] = 'user:email';
+
+      keyService.getExternalLoginUrl = function(service, action) {
+        var state_clause = '';
+        if (Config.MIXPANEL_KEY && window.mixpanel) {
+          if (mixpanel.get_distinct_id !== undefined) {
+            state_clause = "&state=" + encodeURIComponent(mixpanel.get_distinct_id());
+          }
+        }
+
+        var client_id = keyService[service + 'LoginClientId'];
+        var scope = keyService[service + 'LoginScope'];
+        var redirect_uri = keyService[service + 'RedirectUri'];
+        if (action == 'attach') {
+          redirect_uri += '/attach';
+        }
+
+        var url = keyService[service + 'LoginUrl'] + 'client_id=' + client_id + '&scope=' + scope +
+          '&redirect_uri=' + redirect_uri + state_clause;
+
+        return url;
+      };
+
       return keyService;
     }]);
   
@@ -1499,7 +1911,7 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading
         });
       };
 
-      planService.changePlan = function($scope, orgname, planId, callbacks) {
+      planService.changePlan = function($scope, orgname, planId, callbacks, opt_async) {
         if (!Features.BILLING) { return; }
 
         if (callbacks['started']) {
@@ -1512,7 +1924,7 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading
           planService.getCardInfo(orgname, function(cardInfo) {
             if (plan.price > 0 && (previousSubscribeFailure || !cardInfo.last4)) {
               var title = cardInfo.last4 ? 'Subscribe' : 'Start Trial ({{amount}} plan)';
-              planService.showSubscribeDialog($scope, orgname, planId, callbacks, title);
+              planService.showSubscribeDialog($scope, orgname, planId, callbacks, title, /* async */true);
               return;
             }
         
@@ -1585,9 +1997,34 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading
         return email;
       };
 
-      planService.showSubscribeDialog = function($scope, orgname, planId, callbacks, opt_title) {
+      planService.showSubscribeDialog = function($scope, orgname, planId, callbacks, opt_title, opt_async) {
         if (!Features.BILLING) { return; }
 
+        // If the async parameter is true and this is a browser that does not allow async popup of the
+        // Stripe dialog (such as Mobile Safari or IE), show a bootbox to show the dialog instead.
+        var isIE = navigator.appName.indexOf("Internet Explorer") != -1;
+        var isMobileSafari = navigator.userAgent.match(/(iPod|iPhone|iPad)/) && navigator.userAgent.match(/AppleWebKit/);
+
+        if (opt_async && (isIE || isMobileSafari)) {
+          bootbox.dialog({
+            "message": "Please click 'Subscribe' to continue",
+            "buttons": {
+              "subscribe": {
+                "label": "Subscribe",
+                "className": "btn-primary",
+                "callback": function() {
+                  planService.showSubscribeDialog($scope, orgname, planId, callbacks, opt_title, false);
+                }
+              },
+              "close": {
+                "label": "Cancel",
+                "className": "btn-default"
+              }
+            }
+          });          
+          return;
+        }
+
         if (callbacks['opening']) {
           callbacks['opening']();
         }
@@ -1680,7 +2117,7 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading
       when('/repository/:namespace/:name/build', {templateUrl: '/static/partials/repo-build.html', controller:RepoBuildCtrl, reloadOnSearch: false}).
       when('/repository/:namespace/:name/build/:buildid/buildpack', {templateUrl: '/static/partials/build-package.html', controller:BuildPackageCtrl, reloadOnSearch: false}).
       when('/repository/', {title: 'Repositories', description: 'Public and private docker repositories list',
-                            templateUrl: '/static/partials/repo-list.html', controller: RepoListCtrl}).
+                            templateUrl: '/static/partials/repo-list.html', controller: RepoListCtrl, reloadOnSearch: false}).
       when('/user/', {title: 'Account Settings', description:'Account settings for ' + title, templateUrl: '/static/partials/user-admin.html',
                       reloadOnSearch: false, controller: UserAdminCtrl}).
       when('/superuser/', {title: 'Superuser Admin Panel', description:'Admin panel for ' + title, templateUrl: '/static/partials/super-user.html',
@@ -1697,7 +2134,7 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading
                        templateUrl: '/static/partials/plans.html', controller: PlansCtrl}).
       when('/security/', {title: 'Security', description: 'Security features used when transmitting and storing data',
                        templateUrl: '/static/partials/security.html'}).
-      when('/signin/', {title: 'Sign In', description: 'Sign into ' + title, templateUrl: '/static/partials/signin.html'}).
+      when('/signin/', {title: 'Sign In', description: 'Sign into ' + title, templateUrl: '/static/partials/signin.html', controller: SignInCtrl, reloadOnSearch: false}).
       when('/new/', {title: 'Create new repository', description: 'Create a new public or private docker repository, optionally constructing from a dockerfile',
                      templateUrl: '/static/partials/new-repo.html', controller: NewRepoCtrl}).
       when('/organizations/', {title: 'Organizations', description: 'Private docker repository hosting for businesses and organizations',
@@ -1718,6 +2155,8 @@ quayApp = angular.module('quay', quayDependencies, function($provide, cfpLoading
       when('/tour/features', {title: title + ' Features', templateUrl: '/static/partials/tour.html', controller: TourCtrl}).
       when('/tour/enterprise', {title: 'Enterprise Edition', templateUrl: '/static/partials/tour.html', controller: TourCtrl}).
 
+      when('/confirminvite', {title: 'Confirm Invite', templateUrl: '/static/partials/confirm-invite.html', controller: ConfirmInviteCtrl, reloadOnSearch: false}).
+
       when('/', {title: 'Hosted Private Docker Registry', templateUrl: '/static/partials/landing.html', controller: LandingCtrl,
                  pageClass: 'landing-page'}).
       otherwise({redirectTo: '/'});
@@ -1806,6 +2245,19 @@ quayApp.directive('quayShow', function($animate, Features, Config) {
 });
 
 
+quayApp.directive('ngIfMedia', function ($animate) {
+  return {
+    transclude: 'element',
+    priority: 600,
+    terminal: true,
+    restrict: 'A',
+    link: buildConditionalLinker($animate, 'ngIfMedia', function(value) {
+      return window.matchMedia(value).matches;
+    })
+  };
+});
+
+
 quayApp.directive('quaySection', function($animate, $location, $rootScope) {
   return {
     priority: 590,
@@ -1939,7 +2391,9 @@ quayApp.directive('entityReference', function () {
     restrict: 'C',
     scope: {
       'entity': '=entity',
-      'namespace': '=namespace'
+      'namespace': '=namespace',
+      'showGravatar': '@showGravatar',
+      'gravatarSize': '@gravatarSize'
     },
     controller: function($scope, $element, UserService, UtilService) {
       $scope.getIsAdmin = function(namespace) {
@@ -2076,6 +2530,36 @@ quayApp.directive('repoBreadcrumb', function () {
   return directiveDefinitionObject;
 });
 
+quayApp.directive('focusablePopoverContent', ['$timeout', '$popover', function ($timeout, $popover) {
+  return {
+    restrict: "A",
+    link: function (scope, element, attrs) {
+      $body = $('body');
+      var hide = function() {
+        $body.off('click');
+        scope.$apply(function() {
+          scope.$hide();
+        });
+      };
+
+      scope.$on('$destroy', function() {
+        $body.off('click');        
+      });
+
+      $timeout(function() {
+        $body.on('click', function(evt) {
+          var target = evt.target;
+          var isPanelMember = $(element).has(target).length > 0 || target == element;
+          if (!isPanelMember) {
+            hide();
+          }
+        });
+
+        $(element).find('input').focus();
+      }, 100);
+    }
+  };
+}]);
 
 quayApp.directive('repoCircle', function () {
   var directiveDefinitionObject = {
@@ -2106,6 +2590,8 @@ quayApp.directive('copyBox', function () {
       'hoveringMessage': '=hoveringMessage'
     },
     controller: function($scope, $element, $rootScope) {
+      $scope.disabled = false;
+
       var number = $rootScope.__copyBoxIdCounter || 0;
       $rootScope.__copyBoxIdCounter = number + 1;
       $scope.inputId = "copy-box-input-" + number;
@@ -2115,27 +2601,7 @@ quayApp.directive('copyBox', function () {
 
       input.attr('id', $scope.inputId);
       button.attr('data-clipboard-target', $scope.inputId);
-
-      var clip = new ZeroClipboard($(button),  { 'moviePath': 'static/lib/ZeroClipboard.swf' });  
-      clip.on('complete', function(e) {
-        var message = $(this.parentNode.parentNode.parentNode).find('.clipboard-copied-message')[0];
-
-        // Resets the animation.
-        var elem = message;
-        elem.style.display = 'none';
-        elem.classList.remove('animated');
-
-        // Show the notification.
-        setTimeout(function() {
-          elem.style.display = 'inline-block';
-          elem.classList.add('animated');
-        }, 10);
-
-        // Reset the notification.
-        setTimeout(function() {
-          elem.style.display = 'none';
-        }, 5000);
-      });
+      $scope.disabled = !button.clipboardCopy();
     }
   };
   return directiveDefinitionObject;
@@ -2152,22 +2618,34 @@ quayApp.directive('userSetup', function () {
     restrict: 'C',
     scope: {
       'redirectUrl': '=redirectUrl',
+
+      'inviteCode': '=inviteCode',
+
       'signInStarted': '&signInStarted',
-      'signedIn': '&signedIn'
+      'signedIn': '&signedIn',
+      'userRegistered': '&userRegistered'
     },
     controller: function($scope, $location, $timeout, ApiService, KeyService, UserService) {
       $scope.sendRecovery = function() {
+        $scope.sendingRecovery = true;
+
         ApiService.requestRecoveryEmail($scope.recovery).then(function() {
           $scope.invalidRecovery = false;
           $scope.errorMessage = '';
           $scope.sent = true;
+          $scope.sendingRecovery = false;
         }, function(result) {
           $scope.invalidRecovery = true;
           $scope.errorMessage = result.data;
           $scope.sent = false;
+          $scope.sendingRecovery = false;
         });
       };
 
+      $scope.handleUserRegistered = function(username) {
+        $scope.userRegistered({'username': username});
+      };
+
       $scope.hasSignedIn = function() {
         return UserService.hasEverLoggedIn();
       };
@@ -2177,6 +2655,43 @@ quayApp.directive('userSetup', function () {
 });
 
 
+quayApp.directive('externalLoginButton', function () {
+  var directiveDefinitionObject = {
+    priority: 0,
+    templateUrl: '/static/directives/external-login-button.html',
+    replace: false,
+    transclude: true,
+    restrict: 'C',
+    scope: {
+      'signInStarted': '&signInStarted',
+      'redirectUrl': '=redirectUrl',
+      'provider': '@provider',
+      'action': '@action'
+    },
+    controller: function($scope, $timeout, $interval, ApiService, KeyService, CookieService, Features, Config) {
+      $scope.signingIn = false;
+      $scope.startSignin = function(service) {
+        $scope.signInStarted({'service': service});
+
+        var url = KeyService.getExternalLoginUrl(service, $scope.action || 'login');
+        
+        // Save the redirect URL in a cookie so that we can redirect back after the service returns to us.
+        var redirectURL = $scope.redirectUrl || window.location.toString();
+        CookieService.putPermanent('quay.redirectAfterLoad', redirectURL);
+
+        // Needed to ensure that UI work done by the started callback is finished before the location
+        // changes.
+        $scope.signingIn = true;
+        $timeout(function() {
+          document.location = url;
+        }, 250);
+      };
+    }
+  };
+  return directiveDefinitionObject;
+});
+
+
 quayApp.directive('signinForm', function () {
   var directiveDefinitionObject = {
     priority: 0,
@@ -2189,61 +2704,84 @@ quayApp.directive('signinForm', function () {
       'signInStarted': '&signInStarted',
       'signedIn': '&signedIn'
     },
-    controller: function($scope, $location, $timeout, ApiService, KeyService, UserService, CookieService, Features, Config) {
-      $scope.showGithub = function() {
-        if (!Features.GITHUB_LOGIN) { return; }
-
-        $scope.markStarted();
-
-        var mixpanelDistinctIdClause = '';
-        if (Config.MIXPANEL_KEY && mixpanel.get_distinct_id !== undefined) {
-          $scope.mixpanelDistinctIdClause = "&state=" + encodeURIComponent(mixpanel.get_distinct_id());
-        }
-
-        // Save the redirect URL in a cookie so that we can redirect back after GitHub returns to us.
-        var redirectURL = $scope.redirectUrl || window.location.toString();
-        CookieService.putPermanent('quay.redirectAfterLoad', redirectURL);
-        
-        // Needed to ensure that UI work done by the started callback is finished before the location
-        // changes.
-        $timeout(function() {
-          var url = 'https://github.com/login/oauth/authorize?client_id=' + encodeURIComponent(KeyService.githubLoginClientId) +
-                '&scope=user:email' + mixpanelDistinctIdClause;
-          document.location = url;
-        }, 250);
-      };
+    controller: function($scope, $location, $timeout, $interval, ApiService, KeyService, UserService, CookieService, Features, Config) {
+      $scope.tryAgainSoon = 0;
+      $scope.tryAgainInterval = null;
+      $scope.signingIn = false;
 
       $scope.markStarted = function() {
+       $scope.signingIn = true;
        if ($scope.signInStarted != null) {
          $scope.signInStarted();
        }
       };
 
+      $scope.cancelInterval = function() {
+        $scope.tryAgainSoon = 0;
+
+        if ($scope.tryAgainInterval) {
+          $interval.cancel($scope.tryAgainInterval);
+        }
+
+        $scope.tryAgainInterval = null;
+      };
+
+      $scope.$watch('user.username', function() {
+        $scope.cancelInterval();
+      });
+
+      $scope.$on('$destroy', function() {
+        $scope.cancelInterval();
+      });
+
       $scope.signin = function() {
+        if ($scope.tryAgainSoon > 0) { return; }
+
         $scope.markStarted();
+        $scope.cancelInterval();
 
         ApiService.signinUser($scope.user).then(function() {
+          $scope.signingIn = false;
           $scope.needsEmailVerification = false;
           $scope.invalidCredentials = false;
 
           if ($scope.signedIn != null) {
             $scope.signedIn();
           }
-            
+
+          // Load the newly created user.
           UserService.load();
 
           // Redirect to the specified page or the landing page
           // Note: The timeout of 500ms is needed to ensure dialogs containing sign in
           // forms get removed before the location changes.
           $timeout(function() {
-           if ($scope.redirectUrl == $location.path()) {
-             return;
-           }
-           $location.path($scope.redirectUrl ? $scope.redirectUrl : '/');
+            var redirectUrl = $scope.redirectUrl;
+            if (redirectUrl == $location.path() || redirectUrl == null) {
+              return;
+            }
+            window.location = (redirectUrl ? redirectUrl : '/');
           }, 500);
         }, function(result) {
-          $scope.needsEmailVerification = result.data.needsEmailVerification;
-          $scope.invalidCredentials = result.data.invalidCredentials;
+          $scope.signingIn = false;
+
+          if (result.status == 429 /* try again later */) {
+            $scope.needsEmailVerification = false;
+            $scope.invalidCredentials = false;
+
+            $scope.cancelInterval();
+
+            $scope.tryAgainSoon = result.headers('Retry-After');
+            $scope.tryAgainInterval = $interval(function() {              
+              $scope.tryAgainSoon--;
+              if ($scope.tryAgainSoon <= 0) {
+                $scope.cancelInterval();
+              }
+            }, 1000, $scope.tryAgainSoon);
+          } else {
+            $scope.needsEmailVerification = result.data.needsEmailVerification;
+            $scope.invalidCredentials = result.data.invalidCredentials;
+          }
         });
       };
     }
@@ -2260,34 +2798,37 @@ quayApp.directive('signupForm', function () {
     transclude: true,
     restrict: 'C',
     scope: {
+      'inviteCode': '=inviteCode',
 
+      'userRegistered': '&userRegistered'
     },
-    controller: function($scope, $location, $timeout, ApiService, KeyService, UserService, Config, UIService) {      
+    controller: function($scope, $location, $timeout, ApiService, KeyService, UserService, Config, UIService) {   
       $('.form-signup').popover();
 
-      if (Config.MIXPANEL_KEY) {
-        angulartics.waitForVendorApi(mixpanel, 500, function(loadedMixpanel) {
-          var mixpanelId = loadedMixpanel.get_distinct_id();
-          $scope.github_state_clause = '&state=' + mixpanelId;    
-        });
-      }
-
-      $scope.githubClientId = KeyService.githubLoginClientId;
-
-      $scope.awaitingConfirmation = false;
+      $scope.awaitingConfirmation = false;      
       $scope.registering = false;
 
       $scope.register = function() {
         UIService.hidePopover('#signupButton');
         $scope.registering = true;
 
-        ApiService.createNewUser($scope.newUser).then(function() {
+        if ($scope.inviteCode) {
+          $scope.newUser['inviteCode'] = $scope.inviteCode;
+        }
+
+        ApiService.createNewUser($scope.newUser).then(function(resp) {
           $scope.registering  = false;
-          $scope.awaitingConfirmation = true;
+          $scope.awaitingConfirmation = !!resp['awaiting_verification'];
           
           if (Config.MIXPANEL_KEY) {
             mixpanel.alias($scope.newUser.username);
           }
+
+          $scope.userRegistered({'username': $scope.newUser.username});
+
+          if (!$scope.awaitingConfirmation) {
+            document.location = '/';
+          }
         }, function(result) {
           $scope.registering  = false;
           UIService.showFormError('#signupButton', result);
@@ -2363,18 +2904,49 @@ quayApp.directive('dockerAuthDialog', function (Config) {
       'username': '=username',
       'token': '=token',
       'shown': '=shown',
-      'counter': '=counter'
+      'counter': '=counter',
+      'supportsRegenerate': '@supportsRegenerate',
+      'regenerate': '&regenerate'
     },
-    controller: function($scope, $element) {     
+    controller: function($scope, $element) {
+      var updateCommand = function() {
+        var escape = function(v) {
+          if (!v) { return v; }
+          return v.replace('$', '\\$');
+        };
+        $scope.command = 'docker login -e="." -u="' + escape($scope.username) +
+          '" -p="' + $scope.token + '" ' + Config['SERVER_HOSTNAME'];
+      };
+
+      $scope.$watch('username', updateCommand);
+      $scope.$watch('token', updateCommand);
+
+      $scope.regenerating = true;
+
+      $scope.askRegenerate = function() {
+        bootbox.confirm('Are you sure you want to regenerate the token? All existing login credentials will become invalid', function(resp) {
+          if (resp) {
+            $scope.regenerating = true;
+            $scope.regenerate({'username': $scope.username, 'token': $scope.token});
+          }
+        });
+      };
+
       $scope.isDownloadSupported = function() {
-        try { return !!new Blob(); } catch(e){}
+        var isSafari = /^((?!chrome).)*safari/i.test(navigator.userAgent);
+        if (isSafari) {
+          // Doesn't work properly in Safari, sadly.
+          return false;
+        }
+
+        try { return !!new Blob(); } catch(e) {}
         return false;
       };
 
       $scope.downloadCfg = function() {
         var auth = $.base64.encode($scope.username + ":" + $scope.token);
         config = {}
-        config[Config.getUrl('/v1/')] = {
+        config[Config['SERVER_HOSTNAME']] = {
           "auth": auth,
           "email": ""
         };
@@ -2385,6 +2957,8 @@ quayApp.directive('dockerAuthDialog', function (Config) {
       };
 
       var show = function(r) {
+        $scope.regenerating = false;
+
         if (!$scope.shown || !$scope.username || !$scope.token) {
           $('#dockerauthmodal').modal('hide');
           return;
@@ -2499,9 +3073,10 @@ quayApp.directive('logsView', function () {
       'user': '=user',
       'makevisible': '=makevisible',
       'repository': '=repository',
-      'performer': '=performer'
+      'performer': '=performer',
+      'allLogs': '@allLogs'
     },
-    controller: function($scope, $element, $sce, Restangular, ApiService, TriggerDescriptionBuilder,
+    controller: function($scope, $element, $sce, Restangular, ApiService, TriggerService,
                          StringBuilderService, ExternalNotificationData) {
       $scope.loading = true;
       $scope.logs = null;
@@ -2566,7 +3141,7 @@ quayApp.directive('logsView', function () {
           'set_repo_description': 'Change description for repository {repo}: {description}',
           'build_dockerfile': function(metadata) {
             if (metadata.trigger_id) {
-              var triggerDescription = TriggerDescriptionBuilder.getDescription(
+              var triggerDescription = TriggerService.getDescription(
                 metadata['service'], metadata['config']);
               return 'Build image from Dockerfile for repository {repo} triggered by ' + triggerDescription;
             }
@@ -2576,6 +3151,24 @@ quayApp.directive('logsView', function () {
           'org_delete_team': 'Delete team: {team}',
           'org_add_team_member': 'Add member {member} to team {team}',
           'org_remove_team_member': 'Remove member {member} from team {team}',
+          'org_invite_team_member': function(metadata) {
+            if (metadata.user) {
+              return 'Invite {user} to team {team}';
+            } else {
+              return 'Invite {email} to team {team}';
+            }
+          },
+          'org_delete_team_member_invite': function(metadata) {
+            if (metadata.user) {
+              return 'Rescind invite of {user} to team {team}';
+            } else {
+              return 'Rescind invite of {email} to team {team}';
+            }
+          },
+
+          'org_team_member_invite_accepted': 'User {member}, invited by {inviter}, joined team {team}',
+          'org_team_member_invite_declined': 'User {member}, invited by {inviter}, declined to join team {team}',
+
           'org_set_team_description': 'Change description of team {team}: {description}',
           'org_set_team_role': 'Change permission of team {team} to {role}',
           'create_prototype_permission': function(metadata) {
@@ -2600,12 +3193,12 @@ quayApp.directive('logsView', function () {
             }
           },
           'setup_repo_trigger': function(metadata) {
-            var triggerDescription = TriggerDescriptionBuilder.getDescription(
+            var triggerDescription = TriggerService.getDescription(
               metadata['service'], metadata['config']);
             return 'Setup build trigger - ' + triggerDescription;
           },
           'delete_repo_trigger': function(metadata) {
-            var triggerDescription = TriggerDescriptionBuilder.getDescription(
+            var triggerDescription = TriggerService.getDescription(
               metadata['service'], metadata['config']);
             return 'Delete build trigger - ' + triggerDescription;
           },
@@ -2625,6 +3218,8 @@ quayApp.directive('logsView', function () {
             return 'Delete notification of event "' + eventData['title'] + '" for repository {repo}';
           },
 
+          'regenerate_robot_token': 'Regenerated token for robot {robot}',
+
           // Note: These are deprecated.
           'add_repo_webhook': 'Add webhook in repository {repo}',
           'delete_repo_webhook': 'Delete webhook in repository {repo}'
@@ -2654,7 +3249,11 @@ quayApp.directive('logsView', function () {
         'org_create_team': 'Create team',
         'org_delete_team': 'Delete team',
         'org_add_team_member': 'Add team member',
+        'org_invite_team_member': 'Invite team member',
+        'org_delete_team_member_invite': 'Rescind team member invitation',
         'org_remove_team_member': 'Remove team member',
+        'org_team_member_invite_accepted': 'Team invite accepted',
+        'org_team_member_invite_declined': 'Team invite declined',
         'org_set_team_description': 'Change team description',
         'org_set_team_role': 'Change team permission',
         'create_prototype_permission': 'Create default permission',
@@ -2668,6 +3267,7 @@ quayApp.directive('logsView', function () {
         'reset_application_client_secret': 'Reset Client Secret',
         'add_repo_notification': 'Add repository notification',
         'delete_repo_notification': 'Delete repository notification',
+        'regenerate_robot_token': 'Regenerate Robot Token',
 
         // Note: these are deprecated.
         'add_repo_webhook': 'Add webhook',
@@ -2686,7 +3286,7 @@ quayApp.directive('logsView', function () {
         var hasValidUser = !!$scope.user;
         var hasValidOrg = !!$scope.organization;
         var hasValidRepo = $scope.repository && $scope.repository.namespace;
-        var isValid = hasValidUser || hasValidOrg || hasValidRepo;
+        var isValid = hasValidUser || hasValidOrg || hasValidRepo || $scope.allLogs;
 
         if (!$scope.makevisible || !isValid) {
           return;
@@ -2709,11 +3309,15 @@ quayApp.directive('logsView', function () {
           url = getRestUrl('repository', $scope.repository.namespace, $scope.repository.name, 'logs');
         }
 
+        if ($scope.allLogs) {
+          url = getRestUrl('superuser', 'logs')
+        }
+
         url += '?starttime=' + encodeURIComponent(getDateString($scope.logStartDate));
         url += '&endtime=' + encodeURIComponent(getDateString($scope.logEndDate));
 
         if ($scope.performer) {
-          url += '&performer=' + encodeURIComponent($scope.performer.username);
+          url += '&performer=' + encodeURIComponent($scope.performer.name);
         }
 
         var loadLogs = Restangular.one(url);
@@ -2839,6 +3443,20 @@ quayApp.directive('robotsManager', function () {
       $scope.shownRobot = null;
       $scope.showRobotCounter = 0;
 
+      $scope.regenerateToken = function(username) {
+        if (!username) { return; }
+
+        var shortName = $scope.getShortenedName(username);
+        ApiService.regenerateRobotToken($scope.organization, null, {'robot_shortname': shortName}).then(function(updated) {
+          var index = $scope.findRobotIndexByName(username);
+          if (index >= 0) {
+            $scope.robots.splice(index, 1);
+            $scope.robots.push(updated);
+          }
+          $scope.shownRobot = updated;
+        }, ApiService.errorDisplay('Cannot regenerate robot account token'));
+      };
+
       $scope.showRobot = function(info) {
         $scope.shownRobot = info;
         $scope.showRobotCounter++;
@@ -3348,7 +3966,9 @@ quayApp.directive('entitySearch', function () {
       'allowedEntities': '=allowedEntities',
 
       'currentEntity': '=currentEntity',
+
       'entitySelected': '&entitySelected',
+      'emailSelected': '&emailSelected',
 
       // When set to true, the contents of the control will be cleared as soon
       // as an entity is selected.
@@ -3356,8 +3976,15 @@ quayApp.directive('entitySearch', function () {
 
       // Set this property to immediately clear the contents of the control.
       'clearValue': '=clearValue',
+
+      // Whether e-mail addresses are allowed.
+      'allowEmails': '=allowEmails',
+      'emailMessage': '@emailMessage',
+
+      // True if the menu should pull right.
+      'pullRight': '@pullRight'
     },
-    controller: function($rootScope, $scope, $element, Restangular, UserService, ApiService, Config) {
+    controller: function($rootScope, $scope, $element, Restangular, UserService, ApiService, UtilService, Config) {
       $scope.lazyLoading = true;
 
       $scope.teams = null;
@@ -3554,8 +4181,12 @@ quayApp.directive('entitySearch', function () {
                   return null;
                 }
 
-                if (val.indexOf('@') > 0) {
-                  return '<div class="tt-empty">A ' + Config.REGISTRY_TITLE_SHORT + ' username (not an e-mail address) must be specified</div>';
+                if (UtilService.isEmailAddress(val)) {
+                  if ($scope.allowEmails) {
+                    return '<div class="tt-message">' + $scope.emailMessage + '</div>';
+                  } else {
+                    return '<div class="tt-empty">A ' + Config.REGISTRY_TITLE_SHORT + ' username (not an e-mail address) must be specified</div>';
+                  }
                 }
 
                 var classes = [];
@@ -3611,6 +4242,16 @@ quayApp.directive('entitySearch', function () {
             }}
         });
 
+        $(input).on('keypress', function(e) {
+          var val = $(input).val();
+          var code = e.keyCode || e.which;
+          if (code == 13 && $scope.allowEmails && UtilService.isEmailAddress(val)) {
+            $scope.$apply(function() {
+              $scope.emailSelected({'email': val});
+            });
+          }
+        });
+
         $(input).on('input', function(e) {
           $scope.$apply(function() {
             $scope.clearEntityInternal();
@@ -3778,9 +4419,11 @@ quayApp.directive('billingOptions', function () {
 
       var save = function() {
         $scope.working = true;
+
+        var errorHandler = ApiService.errorDisplay('Could not change user details');
         ApiService.changeDetails($scope.organization, $scope.obj).then(function(resp) {
           $scope.working = false;
-        });
+        }, errorHandler);
       };
 
       var checkSave = function() {
@@ -3832,7 +4475,7 @@ quayApp.directive('planManager', function () {
         return true;
       };
 
-      $scope.changeSubscription = function(planId) {
+      $scope.changeSubscription = function(planId, opt_async) {
         if ($scope.planChanging) { return; }
 
         var callbacks = {
@@ -3846,7 +4489,7 @@ quayApp.directive('planManager', function () {
           }
         };
 
-        PlanService.changePlan($scope, $scope.organization, planId, callbacks);
+        PlanService.changePlan($scope, $scope.organization, planId, callbacks, opt_async);
       };
 
       $scope.cancelSubscription = function() {
@@ -3909,7 +4552,7 @@ quayApp.directive('planManager', function () {
           if ($scope.readyForPlan) {
             var planRequested = $scope.readyForPlan();
             if (planRequested && planRequested != PlanService.getFreePlan()) {
-              $scope.changeSubscription(planRequested);
+              $scope.changeSubscription(planRequested, /* async */true);
             }
           }
         });
@@ -3940,7 +4583,7 @@ quayApp.directive('namespaceSelector', function () {
       'namespace': '=namespace',
       'requireCreate': '=requireCreate'
     },
-    controller: function($scope, $element, $routeParams, CookieService) {
+    controller: function($scope, $element, $routeParams, $location, CookieService) {
       $scope.namespaces = {};
 
       $scope.initialize = function(user) {
@@ -3977,6 +4620,10 @@ quayApp.directive('namespaceSelector', function () {
 
         if (newNamespace) {
           CookieService.putPermanent('quay.namespace', newNamespace);
+
+          if ($routeParams['namespace'] && $routeParams['namespace'] != newNamespace) {
+            $location.search({'namespace': newNamespace});
+          }
         }
       };
 
@@ -4021,9 +4668,48 @@ quayApp.directive('buildLogError', function () {
     transclude: false,
     restrict: 'C',
     scope: {
-      'error': '=error'
+      'error': '=error',
+      'entries': '=entries'
     },
-    controller: function($scope, $element) {
+    controller: function($scope, $element, Config) {
+      $scope.getLocalPullInfo = function() {
+        if ($scope.entries.__localpull !== undefined) {
+          return $scope.entries.__localpull;
+        }
+
+        var localInfo = {
+          'isLocal': false
+        };
+
+        // Find the 'pulling' phase entry, and then extra any metadata found under
+        // it.
+        for (var i = 0; i < $scope.entries.length; ++i) {
+          var entry = $scope.entries[i];
+          if (entry.type == 'phase' && entry.message == 'pulling') {
+            for (var j = 0; j < entry.logs.length(); ++j) {
+              var log = entry.logs.get(j);
+              if (log.data && log.data.phasestep == 'login') {
+                localInfo['login'] = log.data;
+              }
+
+              if (log.data && log.data.phasestep == 'pull') {
+                var repo_url = log.data['repo_url'];
+                var repo_and_tag = repo_url.substring(Config.SERVER_HOSTNAME.length + 1);
+                var tagIndex = repo_and_tag.lastIndexOf(':');
+                var repo = repo_and_tag.substring(0, tagIndex);
+
+                localInfo['repo_url'] = repo_url;
+                localInfo['repo'] = repo;                
+
+                localInfo['isLocal'] = repo_url.indexOf(Config.SERVER_HOSTNAME + '/') == 0;
+              }
+            }
+            break;
+          }
+        }
+
+        return $scope.entries.__localpull = localInfo;
+      };
     }
   };
   return directiveDefinitionObject;
@@ -4059,6 +4745,9 @@ quayApp.directive('dropdownSelect', function ($compile) {
       'selectedItem': '=selectedItem',
       'placeholder': '=placeholder',
       'lookaheadItems': '=lookaheadItems',
+
+      'allowCustomInput': '@allowCustomInput',
+
       'handleItemSelected': '&handleItemSelected',
       'handleInput': '&handleInput',
 
@@ -4211,6 +4900,66 @@ quayApp.directive('dropdownSelectMenu', function () {
 });
 
 
+quayApp.directive('manualTriggerBuildDialog', function () {
+  var directiveDefinitionObject = {
+    templateUrl: '/static/directives/manual-trigger-build-dialog.html',
+    replace: false,
+    transclude: false,
+    restrict: 'C',
+    scope: {
+      'repository': '=repository',
+      'counter': '=counter',
+      'trigger': '=trigger',
+      'startBuild': '&startBuild'
+    },
+    controller: function($scope, $element, ApiService, TriggerService) {
+      $scope.parameters = {};
+      $scope.fieldOptions = {};
+
+      $scope.startTrigger = function() {
+        $('#startTriggerDialog').modal('hide');
+        $scope.startBuild({
+          'trigger': $scope.trigger,
+          'parameters': $scope.parameters
+        });
+      };
+
+      $scope.show = function() {
+        $scope.parameters = {};
+        $scope.fieldOptions = {};
+
+        var parameters = TriggerService.getRunParameters($scope.trigger.service);
+        for (var i = 0; i < parameters.length; ++i) {
+          var parameter = parameters[i];
+          if (parameter['type'] == 'option') {
+            // Load the values for this parameter.
+            var params = {
+              'repository': $scope.repository.namespace + '/' + $scope.repository.name,
+              'trigger_uuid': $scope.trigger.id,
+              'field_name': parameter['name']
+            };
+
+            ApiService.listTriggerFieldValues(null, params).then(function(resp) {
+              $scope.fieldOptions[parameter['name']] = resp['values'];
+            });
+          }
+        }
+        $scope.runParameters = parameters;
+
+        $('#startTriggerDialog').modal('show');
+      };
+
+      $scope.$watch('counter', function(counter) {
+        if (counter) {
+          $scope.show();
+        }
+      });
+    }
+  };
+  return directiveDefinitionObject;
+});
+
+
 quayApp.directive('setupTriggerDialog', function () {
   var directiveDefinitionObject = {
     templateUrl: '/static/directives/setup-trigger-dialog.html',
@@ -4817,7 +5566,7 @@ quayApp.directive('createExternalNotificationDialog', function () {
       'counter': '=counter',
       'notificationCreated': '&notificationCreated'
     },
-    controller: function($scope, $element, ExternalNotificationData, ApiService, $timeout) {
+    controller: function($scope, $element, ExternalNotificationData, ApiService, $timeout, StringBuilderService) {
       $scope.currentEvent = null;
       $scope.currentMethod = null;
       $scope.status = '';
@@ -4917,6 +5666,15 @@ quayApp.directive('createExternalNotificationDialog', function () {
         }, 1000);
       };
 
+      $scope.getHelpUrl = function(field, config) {
+        var helpUrl = field['help_url'];
+        if (!helpUrl) {
+          return null;
+        }
+
+        return StringBuilderService.buildUrl(helpUrl, config);
+      };
+
       $scope.$watch('counter', function(counter) {
         if (counter) {
           $scope.clearCounter++;
@@ -4955,6 +5713,23 @@ quayApp.directive('twitterView', function () {
 });
 
 
+quayApp.directive('notificationsBubble', function () {
+  var directiveDefinitionObject = {
+    priority: 0,
+    templateUrl: '/static/directives/notifications-bubble.html',
+    replace: false,
+    transclude: false,
+    restrict: 'C',
+    scope: {
+    },
+    controller: function($scope, UserService, NotificationService) {
+      $scope.notificationService = NotificationService;
+    }
+  };
+  return directiveDefinitionObject;
+});
+
+
 quayApp.directive('notificationView', function () {
   var directiveDefinitionObject = {
     priority: 0,
@@ -5013,6 +5788,10 @@ quayApp.directive('notificationView', function () {
       $scope.getClass = function(notification) {
         return NotificationService.getClass(notification);
       };
+
+      $scope.getActions = function(notification) {
+        return NotificationService.getActions(notification);
+      };
     }
   };
   return directiveDefinitionObject;
@@ -5228,7 +6007,7 @@ quayApp.directive('dockerfileBuildForm', function () {
         var data = {
           'mimeType': mimeType
         };
-        
+      
         var getUploadUrl = ApiService.getFiledropUrl(data).then(function(resp) {
           conductUpload(file, resp.url, resp.file_id, mimeType);
         }, function() {
@@ -5283,7 +6062,9 @@ quayApp.directive('locationView', function () {
 
       $scope.getLocationTooltip = function(location, ping) {
 	var tip = $scope.getLocationTitle(location) + '<br>';
-	if (ping < 0) {
+        if (ping == null) {
+	  tip += '(Loading)';
+        } else if (ping < 0) {
 	  tip += '<br><b>Note: Could not contact server</b>';
 	} else {
 	  tip += 'Estimated Ping: ' + (ping ? ping + 'ms' : '(Loading)');
@@ -5379,7 +6160,7 @@ quayApp.directive('tagSpecificImagesView', function () {
         }
  
         var currentTag = $scope.repository.tags[$scope.tag];
-        if (image.dbid == currentTag.dbid) {
+        if (image.id == currentTag.image_id) {
           classes += 'tag-image ';
         }
         
@@ -5389,15 +6170,15 @@ quayApp.directive('tagSpecificImagesView', function () {
       var forAllTagImages = function(tag, callback, opt_cutoff) {
         if (!tag) { return; }
 
-        if (!$scope.imageByDBID) {
-          $scope.imageByDBID = [];
+        if (!$scope.imageByDockerId) {
+          $scope.imageByDockerId = [];
           for (var i = 0; i < $scope.images.length; ++i) {
             var currentImage = $scope.images[i];
-            $scope.imageByDBID[currentImage.dbid] = currentImage;
+            $scope.imageByDockerId[currentImage.id] = currentImage;
           }
         }
 
-        var tag_image = $scope.imageByDBID[tag.dbid];
+        var tag_image = $scope.imageByDockerId[tag.image_id];
         if (!tag_image) {
           return;
         }
@@ -5406,7 +6187,7 @@ quayApp.directive('tagSpecificImagesView', function () {
 
         var ancestors = tag_image.ancestors.split('/').reverse();
         for (var i = 0; i < ancestors.length; ++i) {
-          var image = $scope.imageByDBID[ancestors[i]];
+          var image = $scope.imageByDockerId[ancestors[i]];
           if (image) {
             if (image == opt_cutoff) {
               return;
@@ -5432,7 +6213,7 @@ quayApp.directive('tagSpecificImagesView', function () {
         var getIdsForTag = function(currentTag) {
           var ids = {};
           forAllTagImages(currentTag, function(image) {
-            ids[image.dbid] = true;
+            ids[image.id] = true;
           }, $scope.imageCutoff);
           return ids;
         };
@@ -5442,8 +6223,8 @@ quayApp.directive('tagSpecificImagesView', function () {
         for (var currentTagName in $scope.repository.tags) {
           var currentTag = $scope.repository.tags[currentTagName];
           if (currentTag != tag) {
-            for (var dbid in getIdsForTag(currentTag)) {
-              delete toDelete[dbid];
+            for (var id in getIdsForTag(currentTag)) {
+              delete toDelete[id];
             }
           }
         }
@@ -5452,7 +6233,7 @@ quayApp.directive('tagSpecificImagesView', function () {
         var images = [];
         for (var i = 0; i < $scope.images.length; ++i) {
           var image = $scope.images[i];
-          if (toDelete[image.dbid]) {
+          if (toDelete[image.id]) {
             images.push(image);
           }
         }
@@ -5463,7 +6244,7 @@ quayApp.directive('tagSpecificImagesView', function () {
             return result;
           }
 
-          return b.dbid - a.dbid;
+          return b.sort_index - a.sort_index;
         });
 
         $scope.tagSpecificImages = images;
@@ -5531,15 +6312,14 @@ quayApp.run(['$location', '$rootScope', 'Restangular', 'UserService', 'PlanServi
 
   // Handle session expiration.
   Restangular.setErrorInterceptor(function(response) {
-    if (response.status == 401) {
-      if (response.data['session_required'] == null || response.data['session_required'] === true) {
-        $('#sessionexpiredModal').modal({});
-        return false;
-      }
+    if (response.status == 401 && response.data['error_type'] == 'invalid_token' &&
+        response.data['session_required'] !== false) {
+      $('#sessionexpiredModal').modal({});
+      return false;
     }
 
-    if (!Features.BILLING && response.status == 402) {
-      $('#overlicenseModal').modal({});
+    if (response.status == 503) {
+      $('#cannotContactService').modal({});
       return false;
     }
 
diff --git a/static/js/controllers.js b/static/js/controllers.js
index aa18c1b40..908918631 100644
--- a/static/js/controllers.js
+++ b/static/js/controllers.js
@@ -1,24 +1,6 @@
-$.fn.clipboardCopy = function() { 
-  var clip = new ZeroClipboard($(this),  { 'moviePath': 'static/lib/ZeroClipboard.swf' });  
-
-  clip.on('complete', function() {
-    // Resets the animation.
-    var elem = $('#clipboardCopied')[0];
-    if (!elem) {
-      return;
-    }
-
-    elem.style.display = 'none';
-    elem.classList.remove('animated');
-
-    // Show the notification.
-    setTimeout(function() {
-      if (!elem) { return; }
-      elem.style.display = 'inline-block';
-      elem.classList.add('animated');
-    }, 10);
-  });
-};
+function SignInCtrl($scope, $location) {
+  $scope.redirectUrl = '/';
+}
 
 function GuideCtrl() {
 }
@@ -515,7 +497,7 @@ function RepoCtrl($scope, $sanitize, Restangular, ImageMetadataService, ApiServi
   };
 
   $scope.findImageForTag = function(tag) {
-    return tag && $scope.imageByDBID && $scope.imageByDBID[tag.dbid];
+    return tag && $scope.imageByDockerId && $scope.imageByDockerId[tag.image_id];
   };
 
   $scope.createOrMoveTag = function(image, tagName, opt_invalid) {
@@ -545,16 +527,24 @@ function RepoCtrl($scope, $sanitize, Restangular, ImageMetadataService, ApiServi
 
   $scope.deleteTag = function(tagName) {
     if (!$scope.repo.can_admin) { return; }
-    $('#confirmdeleteTagModal').modal('hide');
 
     var params = {
       'repository': namespace + '/' + name,
       'tag': tagName
     };
 
+    var errorHandler = ApiService.errorDisplay('Cannot delete tag', function() {
+      $('#confirmdeleteTagModal').modal('hide');
+      $scope.deletingTag = false;
+    });
+
+    $scope.deletingTag = true;
+
     ApiService.deleteFullTag(null, params).then(function() {
       loadViewInfo();
-    }, ApiService.errorDisplay('Cannot delete tag'));
+      $('#confirmdeleteTagModal').modal('hide');
+      $scope.deletingTag = false;
+    }, errorHandler);
   };
 
   $scope.getImagesForTagBySize = function(tag) {
@@ -579,6 +569,8 @@ function RepoCtrl($scope, $sanitize, Restangular, ImageMetadataService, ApiServi
   };
 
   $scope.setImage = function(imageId, opt_updateURL) {
+    if (!$scope.images) { return; }
+    
     var image = null;
     for (var i = 0; i < $scope.images.length; ++i) {
       var currentImage = $scope.images[i];
@@ -695,9 +687,9 @@ function RepoCtrl($scope, $sanitize, Restangular, ImageMetadataService, ApiServi
   };
 
   var forAllTagImages = function(tag, callback) {
-    if (!tag || !$scope.imageByDBID) { return; }
+    if (!tag || !$scope.imageByDockerId) { return; }
 
-    var tag_image =  $scope.imageByDBID[tag.dbid];
+    var tag_image =  $scope.imageByDockerId[tag.image_id];
     if (!tag_image) { return; }
 
     // Callback the tag's image itself.
@@ -707,7 +699,7 @@ function RepoCtrl($scope, $sanitize, Restangular, ImageMetadataService, ApiServi
     if (!tag_image.ancestors) { return; }
     var ancestors = tag_image.ancestors.split('/');
     for (var i = 0; i < ancestors.length; ++i) {
-      var image = $scope.imageByDBID[ancestors[i]];
+      var image = $scope.imageByDockerId[ancestors[i]];
       if (image) {
         callback(image);
       }
@@ -733,8 +725,6 @@ function RepoCtrl($scope, $sanitize, Restangular, ImageMetadataService, ApiServi
 
       // Load the builds for this repository. If none are active it will cancel the poll.
       startBuildInfoTimer(repo);
-
-      $('#copyClipboard').clipboardCopy();
     });
   };
 
@@ -798,10 +788,10 @@ function RepoCtrl($scope, $sanitize, Restangular, ImageMetadataService, ApiServi
       $scope.specificImages = [];
 
       // Build various images for quick lookup of images.
-      $scope.imageByDBID = {};
+      $scope.imageByDockerId = {};
       for (var i = 0; i < $scope.images.length; ++i) {
         var currentImage = $scope.images[i];
-        $scope.imageByDBID[currentImage.dbid] = currentImage;
+        $scope.imageByDockerId[currentImage.id] = currentImage;
       }
 
       // Dispose of any existing tree.
@@ -994,14 +984,9 @@ function BuildPackageCtrl($scope, Restangular, ApiService, DataFileService, $rou
 }
 
 function RepoBuildCtrl($scope, Restangular, ApiService, $routeParams, $rootScope, $location, $interval, $sanitize,
-                       ansi2html, AngularViewArray) {
+                       ansi2html, AngularViewArray, AngularPollChannel) {
   var namespace = $routeParams.namespace;
   var name = $routeParams.name;
-  var pollTimerHandle = null;
-
-  $scope.$on('$destroy', function() {
-    stopPollTimer();
-  });
 
   // Watch for changes to the current parameter.
   $scope.$on('$routeUpdate', function(){
@@ -1011,8 +996,7 @@ function RepoBuildCtrl($scope, Restangular, ApiService, $routeParams, $rootScope
   });
 
   $scope.builds = null;
-  $scope.polling = false;
-
+  $scope.pollChannel = null;
   $scope.buildDialogShowCounter = 0;
 
   $scope.showNewBuildDialog = function() {
@@ -1097,8 +1081,6 @@ function RepoBuildCtrl($scope, Restangular, ApiService, $routeParams, $rootScope
   $scope.setCurrentBuildInternal = function(index, build, opt_updateURL) {
     if (build == $scope.currentBuild) { return; }
 
-    stopPollTimer();
-
     $scope.logEntries = null;
     $scope.logStartIndex = null;
     $scope.currentParentEntry = null;
@@ -1119,47 +1101,35 @@ function RepoBuildCtrl($scope, Restangular, ApiService, $routeParams, $rootScope
       $scope.adjustLogHeight();
     }, 1);
 
-    // Load the first set of logs.
-    getBuildStatusAndLogs();
-
-    // If the build is currently processing, start the build timer.
-    checkPollTimer();
-  };
-
-  var checkPollTimer = function() {
-    var build = $scope.currentBuild;
-    if (!build) {
-      stopPollTimer();
-      return;
+    // Stop any existing polling.
+    if ($scope.pollChannel) {
+      $scope.pollChannel.stop();
     }
+    
+    // Create a new channel for polling the build status and logs.
+    var conductStatusAndLogRequest = function(callback) {
+      getBuildStatusAndLogs(build, callback);
+    };
 
-    if (build['phase'] != 'complete' && build['phase'] != 'error') {
-      startPollTimer();
-      return true;
-    } else {
-      stopPollTimer();
-      return false;
-    }
+    $scope.pollChannel = AngularPollChannel.create($scope, conductStatusAndLogRequest, 5 * 1000 /* 5s */);
+    $scope.pollChannel.start();
   };
 
-  var stopPollTimer = function() {    
-    $interval.cancel(pollTimerHandle);
-  };
-
-  var startPollTimer = function() {
-    stopPollTimer();
-    pollTimerHandle = $interval(getBuildStatusAndLogs, 2000);
-  };
-
-  var processLogs = function(logs, startIndex) {
+  var processLogs = function(logs, startIndex, endIndex) {
     if (!$scope.logEntries) { $scope.logEntries = []; }
 
+    // If the start index given is less than that requested, then we've received a larger
+    // pool of logs, and we need to only consider the new ones.
+    if (startIndex < $scope.logStartIndex) {
+      logs = logs.slice($scope.logStartIndex - startIndex);
+    }
+
     for (var i = 0; i < logs.length; ++i) {
       var entry = logs[i];
       var type = entry['type'] || 'entry';
       if (type == 'command' || type == 'phase' || type == 'error') {
         entry['logs'] = AngularViewArray.create();
-        entry['index'] = startIndex + i;
+        entry['index'] = $scope.logStartIndex + i;
 
         $scope.logEntries.push(entry);
         $scope.currentParentEntry = entry;
@@ -1167,18 +1137,19 @@ function RepoBuildCtrl($scope, Restangular, ApiService, $routeParams, $rootScope
         $scope.currentParentEntry['logs'].push(entry);
       }
     }
+
+    return endIndex;
   };
 
-  var getBuildStatusAndLogs = function() {
-    if (!$scope.currentBuild || $scope.polling) { return; }
-    $scope.polling = true;
-    
+  var getBuildStatusAndLogs = function(build, callback) {    
     var params = {
       'repository': namespace + '/' + name,
-      'build_uuid': $scope.currentBuild.id
+      'build_uuid': build.id
     };
 
     ApiService.getRepoBuildStatus(null, params, true).then(function(resp) {
+      if (build != $scope.currentBuild) { callback(false); return; }
+      
       // Note: We use extend here rather than replacing as Angular is depending on the
       // root build object to remain the same object.
       var matchingBuilds = $.grep($scope.builds, function(elem) {
@@ -1193,22 +1164,16 @@ function RepoBuildCtrl($scope, Restangular, ApiService, $routeParams, $rootScope
         $scope.builds.push(currentBuild);
       }
 
-      checkPollTimer();
-
       // Load the updated logs for the build.
       var options = {
         'start': $scope.logStartIndex
       };
 
-      ApiService.getRepoBuildLogsAsResource(params, true).withOptions(options).get(function(resp) {       
-        if ($scope.logStartIndex != null && resp['start'] != $scope.logStartIndex) {
-          $scope.polling = false;
-          return;
-        }
+      ApiService.getRepoBuildLogsAsResource(params, true).withOptions(options).get(function(resp) {        
+        if (build != $scope.currentBuild) { callback(false); return; }
         
-        processLogs(resp['logs'], resp['start']);
-        $scope.logStartIndex = resp['total'];
-        $scope.polling = false;
+        // Process the logs we've received.
+        $scope.logStartIndex = processLogs(resp['logs'], resp['start'], resp['total']);
 
         // If the build status is an error, open the last two log entries.
         if (currentBuild['phase'] == 'error' && $scope.logEntries.length > 1) {
@@ -1221,9 +1186,15 @@ function RepoBuildCtrl($scope, Restangular, ApiService, $routeParams, $rootScope
           openLogEntries($scope.logEntries[$scope.logEntries.length - 2]);
           openLogEntries($scope.logEntries[$scope.logEntries.length - 1]);
         }
+
+        // If the build phase is an error or a complete, then we mark the channel
+        // as closed.
+        callback(currentBuild['phase'] != 'error' && currentBuild['phase'] != 'complete');
       }, function() {
-        $scope.polling = false;
+        callback(false);
       });
+    }, function() {
+      callback(false);
     });
   };
 
@@ -1263,7 +1234,9 @@ function RepoBuildCtrl($scope, Restangular, ApiService, $routeParams, $rootScope
   fetchRepository();
 }
 
-function RepoAdminCtrl($scope, Restangular, ApiService, KeyService, $routeParams, $rootScope, $location, UserService, Config, Features, ExternalNotificationData) {
+function RepoAdminCtrl($scope, Restangular, ApiService, KeyService, TriggerService, $routeParams, 
+  $rootScope, $location, UserService, Config, Features, ExternalNotificationData) {
+
   var namespace = $routeParams.namespace;
   var name = $routeParams.name;
 
@@ -1568,14 +1541,22 @@ function RepoAdminCtrl($scope, Restangular, ApiService, KeyService, $routeParams
     $scope.deleteTrigger(trigger);
   };
 
-  $scope.startTrigger = function(trigger) {
+  $scope.showManualBuildDialog = 0;
+  
+  $scope.startTrigger = function(trigger, opt_custom) {
+    var parameters = TriggerService.getRunParameters(trigger.service);
+    if (parameters.length && !opt_custom) {
+      $scope.currentStartTrigger = trigger;
+      $scope.showManualBuildDialog++;
+      return;
+    }
+
     var params = {
       'repository': namespace + '/' + name,
       'trigger_uuid': trigger.id
     };
 
-    ApiService.manuallyStartBuildTrigger(null, params).then(function(resp) {
-      window.console.log(resp);
+    ApiService.manuallyStartBuildTrigger(opt_custom || {}, params).then(function(resp) {
       var url = '/repository/' + namespace + '/' + name + '/build?current=' + resp['id'];
       document.location = url;
     }, ApiService.errorDisplay('Could not start build'));
@@ -1661,13 +1642,19 @@ function UserAdminCtrl($scope, $timeout, $location, ApiService, PlanService, Use
   UserService.updateUserIn($scope, function(user) {
     $scope.cuser = jQuery.extend({}, user);
 
-    if (Features.GITHUB_LOGIN && $scope.cuser.logins) {
+    if ($scope.cuser.logins) {
       for (var i = 0; i < $scope.cuser.logins.length; i++) {
-        if ($scope.cuser.logins[i].service == 'github') {
-          var githubId = $scope.cuser.logins[i].service_identifier;
-          $http.get('https://api.github.com/user/' + githubId).success(function(resp) {
-            $scope.githubLogin = resp.login;
-          });
+        var login = $scope.cuser.logins[i];
+        login.metadata = login.metadata || {};
+
+        if (login.service == 'github') {
+          $scope.hasGithubLogin = true;
+          $scope.githubLogin = login.metadata['service_username'];
+        }
+
+        if (login.service == 'google') {
+          $scope.hasGoogleLogin = true;
+          $scope.googleLogin = login.metadata['service_username'];
         }
       }
     }
@@ -1685,7 +1672,6 @@ function UserAdminCtrl($scope, $timeout, $location, ApiService, PlanService, Use
   $scope.convertStep = 0;
   $scope.org = {};
   $scope.githubRedirectUri = KeyService.githubRedirectUri;
-  $scope.githubClientId = KeyService.githubLoginClientId;
   $scope.authorizedApps = null;
 
   $scope.logsShown = 0;
@@ -1715,7 +1701,6 @@ function UserAdminCtrl($scope, $timeout, $location, ApiService, PlanService, Use
   };
 
   $scope.loadInvoices = function() {
-    if (!$scope.hasPaidBusinessPlan) { return; }
     $scope.invoicesShown++;
   };
 
@@ -1784,7 +1769,7 @@ function UserAdminCtrl($scope, $timeout, $location, ApiService, PlanService, Use
       $scope.changeEmailForm.$setPristine();
     }, function(result) {
       $scope.updatingUser = false;
-      UIService.showFormError('#changeEmailForm', result);      
+      UIService.showFormError('#changeEmailForm', result);
     });
   };
 
@@ -1794,7 +1779,8 @@ function UserAdminCtrl($scope, $timeout, $location, ApiService, PlanService, Use
     $scope.updatingUser = true;
     $scope.changePasswordSuccess = false;
 
-    ApiService.changeUserDetails($scope.cuser).then(function() {
+    ApiService.changeUserDetails($scope.cuser).then(function(resp) {
+
       $scope.updatingUser = false;
       $scope.changePasswordSuccess = true;
 
@@ -1811,6 +1797,18 @@ function UserAdminCtrl($scope, $timeout, $location, ApiService, PlanService, Use
       UIService.showFormError('#changePasswordForm', result);      
     });
   };
+
+  $scope.detachExternalLogin = function(kind) {
+    var params = {
+      'servicename': kind
+    };
+
+    ApiService.detachExternalLogin(null, params).then(function() {
+      $scope.hasGithubLogin = false;
+      $scope.hasGoogleLogin = false;
+      UserService.load();
+    }, ApiService.errorDisplay('Count not detach service'));
+  };
 }
 
 function ImageViewCtrl($scope, $routeParams, $rootScope, $timeout, ApiService, ImageMetadataService) {  
@@ -1901,9 +1899,6 @@ function ImageViewCtrl($scope, $routeParams, $rootScope, $timeout, ApiService, I
 
       // Fetch the image's changes.
       fetchChanges();
-
-      $('#copyClipboard').clipboardCopy();
-
       return image;
     });
   };
@@ -2300,29 +2295,92 @@ function OrgAdminCtrl($rootScope, $scope, $timeout, Restangular, $routeParams, U
   loadOrganization();
 }
 
-function TeamViewCtrl($rootScope, $scope, Restangular, ApiService, $routeParams) {
+function TeamViewCtrl($rootScope, $scope, $timeout, Features, Restangular, ApiService, $routeParams) {
   var teamname = $routeParams.teamname;
   var orgname = $routeParams.orgname;
 
   $scope.orgname = orgname;
   $scope.teamname = teamname;
+  $scope.addingMember = false;
+  $scope.memberMap = null;
+  $scope.allowEmail = Features.MAILING;
 
   $rootScope.title = 'Loading...';
 
-  $scope.addNewMember = function(member) {
-    if (!member || $scope.members[member.name]) { return; }
+  $scope.filterFunction = function(invited, robots) {
+    return function(item) {
+      // Note: The !! is needed because is_robot will be undefined for invites.
+      var robot_check = (!!item.is_robot == robots);
+      return robot_check && item.invited == invited;
+    };
+  };
 
+  $scope.inviteEmail = function(email) {
+    if (!email || $scope.memberMap[email]) { return; }
+
+    $scope.addingMember = true;
+
+    var params = {
+      'orgname': orgname,
+      'teamname': teamname,
+      'email': email
+    };
+
+    var errorHandler = ApiService.errorDisplay('Cannot invite team member', function() {
+      $scope.addingMember = false;
+    });
+
+    ApiService.inviteTeamMemberEmail(null, params).then(function(resp) {
+      $scope.members.push(resp);
+      $scope.memberMap[resp.email] = resp;
+      $scope.addingMember = false;
+    }, errorHandler);
+  };
+
+  $scope.addNewMember = function(member) {
+    if (!member || $scope.memberMap[member.name]) { return; }
+          
     var params = {
       'orgname': orgname,
       'teamname': teamname,
       'membername': member.name
     };
 
-    ApiService.updateOrganizationTeamMember(null, params).then(function(resp) {
-      $scope.members[member.name] = resp;
-    }, function() {
-      $('#cannotChangeMembersModal').modal({});
+    var errorHandler = ApiService.errorDisplay('Cannot add team member', function() {
+      $scope.addingMember = false;
     });
+
+    $scope.addingMember = true;
+    ApiService.updateOrganizationTeamMember(null, params).then(function(resp) {
+      $scope.members.push(resp);
+      $scope.memberMap[resp.name] = resp;
+      $scope.addingMember = false;
+    }, errorHandler);
+  };
+
+  $scope.revokeInvite = function(inviteInfo) {
+    if (inviteInfo.kind == 'invite') {
+      // E-mail invite.
+      $scope.revokeEmailInvite(inviteInfo.email);
+    } else {
+      // User invite.
+      $scope.removeMember(inviteInfo.name);
+    }
+  };
+
+  $scope.revokeEmailInvite = function(email) {
+    var params = {
+      'orgname': orgname,
+      'teamname': teamname,
+      'email': email
+    };
+
+    ApiService.deleteTeamMemberEmailInvite(null, params).then(function(resp) {
+      if (!$scope.memberMap[email]) { return; }
+      var index = $.inArray($scope.memberMap[email], $scope.members);
+      $scope.members.splice(index, 1);
+      delete $scope.memberMap[email];
+    }, ApiService.errorDisplay('Cannot revoke team invite'));
   };
 
   $scope.removeMember = function(username) {
@@ -2333,10 +2391,11 @@ function TeamViewCtrl($rootScope, $scope, Restangular, ApiService, $routeParams)
     };
 
     ApiService.deleteOrganizationTeamMember(null, params).then(function(resp) {
-      delete $scope.members[username];
-    }, function() {
-      $('#cannotChangeMembersModal').modal({});
-    });
+      if (!$scope.memberMap[username]) { return; }
+      var index = $.inArray($scope.memberMap[username], $scope.members);
+      $scope.members.splice(index, 1);
+      delete $scope.memberMap[username];
+    }, ApiService.errorDisplay('Cannot remove team member'));
   };
 
   $scope.updateForDescription = function(content) {
@@ -2368,7 +2427,8 @@ function TeamViewCtrl($rootScope, $scope, Restangular, ApiService, $routeParams)
   var loadMembers = function() {
     var params = {
       'orgname': orgname,
-      'teamname': teamname
+      'teamname': teamname,
+      'includePending': true
     };
 
     $scope.membersResource = ApiService.getOrganizationTeamMembersAsResource(params).get(function(resp) {
@@ -2380,6 +2440,12 @@ function TeamViewCtrl($rootScope, $scope, Restangular, ApiService, $routeParams)
         'html': true
       });
 
+      $scope.memberMap = {};
+      for (var i = 0; i < $scope.members.length; ++i) {
+        var current = $scope.members[i];
+        $scope.memberMap[current.name || current.email] = current;
+      }
+
       return resp.members;
     });
   };
@@ -2507,7 +2573,7 @@ function OrgMemberLogsCtrl($scope, $routeParams, $rootScope, $timeout, Restangul
     $scope.memberResource = ApiService.getOrganizationMemberAsResource(params).get(function(resp) {
       $scope.memberInfo = resp.member;
 
-      $rootScope.title = 'Logs for ' + $scope.memberInfo.username + ' (' + $scope.orgname + ')';
+      $rootScope.title = 'Logs for ' + $scope.memberInfo.name + ' (' + $scope.orgname + ')';
       $rootScope.description = 'Shows all the actions of ' + $scope.memberInfo.username +
          ' under organization ' + $scope.orgname;
 
@@ -2630,6 +2696,14 @@ function SuperUserAdminCtrl($scope, ApiService, Features, UserService) {
   // Monitor any user changes and place the current user into the scope.
   UserService.updateUserIn($scope);
 
+  $scope.logsCounter = 0;
+  $scope.newUser = {};
+  $scope.createdUsers = [];
+
+  $scope.loadLogs = function() {
+    $scope.logsCounter++;
+  };
+
   $scope.loadUsers = function() {
     if ($scope.users) {
       return;
@@ -2641,6 +2715,7 @@ function SuperUserAdminCtrl($scope, ApiService, Features, UserService) {
   $scope.loadUsersInternal = function() {
     ApiService.listAllUsers().then(function(resp) {
       $scope.users = resp['users'];
+      $scope.showInterface = true;
     }, function(resp) {
       $scope.users = [];
       $scope.usersError = resp['data']['message'] || resp['data']['error_description'];
@@ -2652,6 +2727,19 @@ function SuperUserAdminCtrl($scope, ApiService, Features, UserService) {
     $('#changePasswordModal').modal({});
   };
 
+  $scope.createUser = function() {
+    $scope.creatingUser = true;
+    var errorHandler = ApiService.errorDisplay('Cannot create user', function() {
+      $scope.creatingUser = false;
+    });
+
+    ApiService.createInstallUser($scope.newUser, null).then(function(resp) {
+      $scope.creatingUser = false;
+      $scope.newUser = {};
+      $scope.createdUsers.push(resp);
+    }, errorHandler)
+  };
+
   $scope.showDeleteUser = function(user) {
     if (user.username == UserService.currentUser().username) {
       bootbox.dialog({
@@ -2699,37 +2787,58 @@ function SuperUserAdminCtrl($scope, ApiService, Features, UserService) {
     }, ApiService.errorDisplay('Cannot delete user'));
   };
 
-  var seatUsageLoaded = function(usage) {
-    $scope.usageLoading = false;
+  $scope.sendRecoveryEmail = function(user) {
+    var params = {
+      'username': user.username
+    };
 
-    if (usage.count > usage.allowed) {
-      $scope.limit = 'over';
-    } else if (usage.count == usage.allowed) {
-      $scope.limit = 'at';
-    } else if (usage.count >= usage.allowed * 0.7) {
-      $scope.limit = 'near';
-    } else {
-      $scope.limit = 'none';
-    }
-    
-    if (!$scope.chart) {
-      $scope.chart = new UsageChart();
-      $scope.chart.draw('seat-usage-chart');
-    }
+    ApiService.sendInstallUserRecoveryEmail(null, params).then(function(resp) {
+      bootbox.dialog({
+        "message": "A recovery email has been sent to " + resp['email'],
+        "title": "Recovery email sent",
+        "buttons": {
+          "close": {
+            "label": "Close",
+            "className": "btn-primary"
+          }
+        }
+      });
 
-    $scope.chart.update(usage.count, usage.allowed);
+    }, ApiService.errorDisplay('Cannot send recovery email'))
   };
 
-  var loadSeatUsage = function() {
-    $scope.usageLoading = true;
-    ApiService.getSeatCount().then(function(resp) {
-      seatUsageLoaded(resp);
-    });
-  };
-
-  loadSeatUsage();
+  $scope.loadUsers();
 }
 
 function TourCtrl($scope, $location) {
   $scope.kind = $location.path().substring('/tour/'.length);
 }
+
+function ConfirmInviteCtrl($scope, $location, UserService, ApiService, NotificationService) {
+  // Monitor any user changes and place the current user into the scope.
+  $scope.loading = false;
+  $scope.inviteCode = $location.search()['code'] || '';
+
+  UserService.updateUserIn($scope, function(user) {
+    if (!user.anonymous && !$scope.loading) {
+      // Make sure to not redirect now that we have logged in. We'll conduct the redirect
+      // manually.
+      $scope.redirectUrl = null;
+      $scope.loading = true;
+
+      var params = {
+        'code': $location.search()['code']
+      };
+
+      ApiService.acceptOrganizationTeamInvite(null, params).then(function(resp) {
+        NotificationService.update();
+        $location.path('/organization/' + resp.org + '/teams/' + resp.team);
+      }, function(resp) {
+        $scope.loading = false;
+        $scope.invalid = ApiService.getErrorMessage(resp, 'Invalid confirmation code');
+      });
+    }
+  });
+
+  $scope.redirectUrl = window.location.href;
+}
diff --git a/static/js/graphing.js b/static/js/graphing.js
index b18e5ddbe..d1b3b92b5 100644
--- a/static/js/graphing.js
+++ b/static/js/graphing.js
@@ -262,6 +262,9 @@ ImageHistoryTree.prototype.draw = function(container) {
 
   // Update the dimensions of the tree.
   var dimensions = this.updateDimensions_();
+  if (!dimensions) {
+    return this;
+  }
 
   // Populate the tree.
   this.root_.x0 = dimensions.cw / 2;
@@ -307,8 +310,8 @@ ImageHistoryTree.prototype.setHighlightedPath_ = function(image) {
     this.markPath_(this.currentNode_, false);
   }
 
-  var imageByDBID = this.imageByDBID_;
-  var currentNode = imageByDBID[image.dbid];
+  var imageByDockerId = this.imageByDockerId_;
+  var currentNode = imageByDockerId[image.id];
   if (currentNode) {
     this.markPath_(currentNode, true);
     this.currentNode_ = currentNode;
@@ -386,7 +389,7 @@ ImageHistoryTree.prototype.buildRoot_ = function() {
   var formatted = {"name": "No images found"};
 
   // Build a node for each image.
-  var imageByDBID = {};
+  var imageByDockerId = {};
   for (var i = 0; i < this.images_.length; ++i) {
     var image = this.images_[i];
     var imageNode = {
@@ -395,9 +398,9 @@ ImageHistoryTree.prototype.buildRoot_ = function() {
       "image": image,
       "tags": image.tags
     };
-    imageByDBID[image.dbid] = imageNode;
+    imageByDockerId[image.id] = imageNode;
   }
-  this.imageByDBID_ = imageByDBID;
+  this.imageByDockerId_ = imageByDockerId;
 
   // For each node, attach it to its immediate parent. If there is no immediate parent,
   // then the node is the root.
@@ -408,10 +411,10 @@ ImageHistoryTree.prototype.buildRoot_ = function() {
     // Skip images that are currently uploading.
     if (image.uploading) { continue; }
 
-    var imageNode = imageByDBID[image.dbid];
+    var imageNode = imageByDockerId[image.id];
     var ancestors = this.getAncestors_(image);
-    var immediateParent = ancestors[ancestors.length - 1] * 1;
-    var parent = imageByDBID[immediateParent];
+    var immediateParent = ancestors[ancestors.length - 1];
+    var parent = imageByDockerId[immediateParent];
     if (parent) {	   
       // Add a reference to the parent. This makes walking the tree later easier.
       imageNode.parent = parent;
@@ -442,7 +445,7 @@ ImageHistoryTree.prototype.buildRoot_ = function() {
     // Skip images that are currently uploading.
     if (image.uploading) { continue; }
 
-    var imageNode = imageByDBID[image.dbid];
+    var imageNode = imageByDockerId[image.id];
     maxChildCount = Math.max(maxChildCount, this.determineMaximumChildCount_(imageNode));
   }
 
@@ -573,7 +576,7 @@ ImageHistoryTree.prototype.setTag_ = function(tagName) {
     return;
   }
 
-  var imageByDBID = this.imageByDBID_;
+  var imageByDockerId = this.imageByDockerId_;
   
   // Save the current tag.
   var previousTagName = this.currentTag_;
@@ -596,10 +599,10 @@ ImageHistoryTree.prototype.setTag_ = function(tagName) {
     // Skip images that are currently uploading.
     if (image.uploading) { continue; }
 
-    var imageNode = this.imageByDBID_[image.dbid];
+    var imageNode = this.imageByDockerId_[image.id];
     var ancestors = this.getAncestors_(image);
-    var immediateParent = ancestors[ancestors.length - 1] * 1;
-    var parent = imageByDBID[immediateParent];
+    var immediateParent = ancestors[ancestors.length - 1];
+    var parent = imageByDockerId[immediateParent];
     if (parent && imageNode.highlighted) {
       var arr = parent.children;
       if (parent._children) {
diff --git a/static/lib/ZeroClipboard.min.js b/static/lib/ZeroClipboard.min.js
old mode 100755
new mode 100644
index bfea72566..e8a4a7152
--- a/static/lib/ZeroClipboard.min.js
+++ b/static/lib/ZeroClipboard.min.js
@@ -1,9 +1,10 @@
 /*!
-* ZeroClipboard
-* The ZeroClipboard library provides an easy way to copy text to the clipboard using an invisible Adobe Flash movie and a JavaScript interface.
-* Copyright (c) 2013 Jon Rohan, James M. Greene
-* Licensed MIT
-* http://zeroclipboard.org/
-* v1.2.3
-*/
-!function(){"use strict";var a,b=function(){var a=/\-([a-z])/g,b=function(a,b){return b.toUpperCase()};return function(c){return c.replace(a,b)}}(),c=function(a,c){var d,e,f,g,h,i;if(window.getComputedStyle?d=window.getComputedStyle(a,null).getPropertyValue(c):(e=b(c),d=a.currentStyle?a.currentStyle[e]:a.style[e]),"cursor"===c&&(!d||"auto"===d))for(f=a.tagName.toLowerCase(),g=["a"],h=0,i=g.length;i>h;h++)if(f===g[h])return"pointer";return d},d=function(a){if(p.prototype._singleton){a||(a=window.event);var b;this!==window?b=this:a.target?b=a.target:a.srcElement&&(b=a.srcElement),p.prototype._singleton.setCurrent(b)}},e=function(a,b,c){a.addEventListener?a.addEventListener(b,c,!1):a.attachEvent&&a.attachEvent("on"+b,c)},f=function(a,b,c){a.removeEventListener?a.removeEventListener(b,c,!1):a.detachEvent&&a.detachEvent("on"+b,c)},g=function(a,b){if(a.addClass)return a.addClass(b),a;if(b&&"string"==typeof b){var c=(b||"").split(/\s+/);if(1===a.nodeType)if(a.className){for(var d=" "+a.className+" ",e=a.className,f=0,g=c.length;g>f;f++)d.indexOf(" "+c[f]+" ")<0&&(e+=" "+c[f]);a.className=e.replace(/^\s+|\s+$/g,"")}else a.className=b}return a},h=function(a,b){if(a.removeClass)return a.removeClass(b),a;if(b&&"string"==typeof b||void 0===b){var c=(b||"").split(/\s+/);if(1===a.nodeType&&a.className)if(b){for(var d=(" "+a.className+" ").replace(/[\n\t]/g," "),e=0,f=c.length;f>e;e++)d=d.replace(" "+c[e]+" "," ");a.className=d.replace(/^\s+|\s+$/g,"")}else a.className=""}return a},i=function(){var a,b,c,d=1;return"function"==typeof document.body.getBoundingClientRect&&(a=document.body.getBoundingClientRect(),b=a.right-a.left,c=document.body.offsetWidth,d=Math.round(100*(b/c))/100),d},j=function(a){var b={left:0,top:0,width:0,height:0,zIndex:999999999},d=c(a,"z-index");if(d&&"auto"!==d&&(b.zIndex=parseInt(d,10)),a.getBoundingClientRect){var e,f,g,h=a.getBoundingClientRect();"pageXOffset"in window&&"pageYOffset"in window?(e=window.pageXOffset,f=window.pageYOffset):(g=i(),e=Math.round(document.documentElement.scrollLeft/g),f=Math.round(document.documentElement.scrollTop/g));var j=document.documentElement.clientLeft||0,k=document.documentElement.clientTop||0;b.left=h.left+e-j,b.top=h.top+f-k,b.width="width"in h?h.width:h.right-h.left,b.height="height"in h?h.height:h.bottom-h.top}return b},k=function(a,b){var c=!(b&&b.useNoCache===!1);return c?(-1===a.indexOf("?")?"?":"&")+"nocache="+(new Date).getTime():""},l=function(a){var b=[],c=[];return a.trustedOrigins&&("string"==typeof a.trustedOrigins?c.push(a.trustedOrigins):"object"==typeof a.trustedOrigins&&"length"in a.trustedOrigins&&(c=c.concat(a.trustedOrigins))),a.trustedDomains&&("string"==typeof a.trustedDomains?c.push(a.trustedDomains):"object"==typeof a.trustedDomains&&"length"in a.trustedDomains&&(c=c.concat(a.trustedDomains))),c.length&&b.push("trustedOrigins="+encodeURIComponent(c.join(","))),"string"==typeof a.amdModuleId&&a.amdModuleId&&b.push("amdModuleId="+encodeURIComponent(a.amdModuleId)),"string"==typeof a.cjsModuleId&&a.cjsModuleId&&b.push("cjsModuleId="+encodeURIComponent(a.cjsModuleId)),b.join("&")},m=function(a,b){if(b.indexOf)return b.indexOf(a);for(var c=0,d=b.length;d>c;c++)if(b[c]===a)return c;return-1},n=function(a){if("string"==typeof a)throw new TypeError("ZeroClipboard doesn't accept query strings.");return a.length?a:[a]},o=function(a,b,c,d,e){e?window.setTimeout(function(){a.call(b,c,d)},0):a.call(b,c,d)},p=function(a,b){if(a&&(p.prototype._singleton||this).glue(a),p.prototype._singleton)return p.prototype._singleton;p.prototype._singleton=this,this.options={};for(var c in s)this.options[c]=s[c];for(var d in b)this.options[d]=b[d];this.handlers={},p.detectFlashSupport()&&v()},q=[];p.prototype.setCurrent=function(b){a=b,this.reposition();var d=b.getAttribute("title");d&&this.setTitle(d);var e=this.options.forceHandCursor===!0||"pointer"===c(b,"cursor");return r.call(this,e),this},p.prototype.setText=function(a){return a&&""!==a&&(this.options.text=a,this.ready()&&this.flashBridge.setText(a)),this},p.prototype.setTitle=function(a){return a&&""!==a&&this.htmlBridge.setAttribute("title",a),this},p.prototype.setSize=function(a,b){return this.ready()&&this.flashBridge.setSize(a,b),this},p.prototype.setHandCursor=function(a){return a="boolean"==typeof a?a:!!a,r.call(this,a),this.options.forceHandCursor=a,this};var r=function(a){this.ready()&&this.flashBridge.setHandCursor(a)};p.version="1.2.3";var s={moviePath:"ZeroClipboard.swf",trustedOrigins:null,text:null,hoverClass:"zeroclipboard-is-hover",activeClass:"zeroclipboard-is-active",allowScriptAccess:"sameDomain",useNoCache:!0,forceHandCursor:!1};p.setDefaults=function(a){for(var b in a)s[b]=a[b]},p.destroy=function(){p.prototype._singleton.unglue(q);var a=p.prototype._singleton.htmlBridge;a.parentNode.removeChild(a),delete p.prototype._singleton},p.detectFlashSupport=function(){var a=!1;if("function"==typeof ActiveXObject)try{new ActiveXObject("ShockwaveFlash.ShockwaveFlash")&&(a=!0)}catch(b){}return!a&&navigator.mimeTypes["application/x-shockwave-flash"]&&(a=!0),a};var t=null,u=null,v=function(){var a,b,c=p.prototype._singleton,d=document.getElementById("global-zeroclipboard-html-bridge");if(!d){var e={};for(var f in c.options)e[f]=c.options[f];e.amdModuleId=t,e.cjsModuleId=u;var g=l(e),h='      <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" id="global-zeroclipboard-flash-bridge" width="100%" height="100%">         <param name="movie" value="'+c.options.moviePath+k(c.options.moviePath,c.options)+'"/>         <param name="allowScriptAccess" value="'+c.options.allowScriptAccess+'"/>         <param name="scale" value="exactfit"/>         <param name="loop" value="false"/>         <param name="menu" value="false"/>         <param name="quality" value="best" />         <param name="bgcolor" value="#ffffff"/>         <param name="wmode" value="transparent"/>         <param name="flashvars" value="'+g+'"/>         <embed src="'+c.options.moviePath+k(c.options.moviePath,c.options)+'"           loop="false" menu="false"           quality="best" bgcolor="#ffffff"           width="100%" height="100%"           name="global-zeroclipboard-flash-bridge"           allowScriptAccess="always"           allowFullScreen="false"           type="application/x-shockwave-flash"           wmode="transparent"           pluginspage="http://www.macromedia.com/go/getflashplayer"           flashvars="'+g+'"           scale="exactfit">         </embed>       </object>';d=document.createElement("div"),d.id="global-zeroclipboard-html-bridge",d.setAttribute("class","global-zeroclipboard-container"),d.setAttribute("data-clipboard-ready",!1),d.style.position="absolute",d.style.left="-9999px",d.style.top="-9999px",d.style.width="15px",d.style.height="15px",d.style.zIndex="9999",d.innerHTML=h,document.body.appendChild(d)}c.htmlBridge=d,a=document["global-zeroclipboard-flash-bridge"],a&&(b=a.length)&&(a=a[b-1]),c.flashBridge=a||d.children[0].lastElementChild};p.prototype.resetBridge=function(){return this.htmlBridge.style.left="-9999px",this.htmlBridge.style.top="-9999px",this.htmlBridge.removeAttribute("title"),this.htmlBridge.removeAttribute("data-clipboard-text"),h(a,this.options.activeClass),a=null,this.options.text=null,this},p.prototype.ready=function(){var a=this.htmlBridge.getAttribute("data-clipboard-ready");return"true"===a||a===!0},p.prototype.reposition=function(){if(!a)return!1;var b=j(a);return this.htmlBridge.style.top=b.top+"px",this.htmlBridge.style.left=b.left+"px",this.htmlBridge.style.width=b.width+"px",this.htmlBridge.style.height=b.height+"px",this.htmlBridge.style.zIndex=b.zIndex+1,this.setSize(b.width,b.height),this},p.dispatch=function(a,b){p.prototype._singleton.receiveEvent(a,b)},p.prototype.on=function(a,b){for(var c=a.toString().split(/\s/g),d=0;d<c.length;d++)a=c[d].toLowerCase().replace(/^on/,""),this.handlers[a]||(this.handlers[a]=b);return this.handlers.noflash&&!p.detectFlashSupport()&&this.receiveEvent("onNoFlash",null),this},p.prototype.addEventListener=p.prototype.on,p.prototype.off=function(a,b){for(var c=a.toString().split(/\s/g),d=0;d<c.length;d++){a=c[d].toLowerCase().replace(/^on/,"");for(var e in this.handlers)e===a&&this.handlers[e]===b&&delete this.handlers[e]}return this},p.prototype.removeEventListener=p.prototype.off,p.prototype.receiveEvent=function(b,c){b=b.toString().toLowerCase().replace(/^on/,"");var d=a,e=!0;switch(b){case"load":if(c&&parseFloat(c.flashVersion.replace(",",".").replace(/[^0-9\.]/gi,""))<10)return this.receiveEvent("onWrongFlash",{flashVersion:c.flashVersion}),void 0;this.htmlBridge.setAttribute("data-clipboard-ready",!0);break;case"mouseover":g(d,this.options.hoverClass);break;case"mouseout":h(d,this.options.hoverClass),this.resetBridge();break;case"mousedown":g(d,this.options.activeClass);break;case"mouseup":h(d,this.options.activeClass);break;case"datarequested":var f=d.getAttribute("data-clipboard-target"),i=f?document.getElementById(f):null;if(i){var j=i.value||i.textContent||i.innerText;j&&this.setText(j)}else{var k=d.getAttribute("data-clipboard-text");k&&this.setText(k)}e=!1;break;case"complete":this.options.text=null}if(this.handlers[b]){var l=this.handlers[b];"string"==typeof l&&"function"==typeof window[l]&&(l=window[l]),"function"==typeof l&&o(l,d,this,c,e)}},p.prototype.glue=function(a){a=n(a);for(var b=0;b<a.length;b++)-1==m(a[b],q)&&(q.push(a[b]),e(a[b],"mouseover",d));return this},p.prototype.unglue=function(a){a=n(a);for(var b=0;b<a.length;b++){f(a[b],"mouseover",d);var c=m(a[b],q);-1!=c&&q.splice(c,1)}return this},"function"==typeof define&&define.amd?define(["require","exports","module"],function(a,b,c){return t=c&&c.id||null,p}):"object"==typeof module&&module&&"object"==typeof module.exports&&module.exports?(u=module.id||null,module.exports=p):window.ZeroClipboard=p}();
\ No newline at end of file
+ * ZeroClipboard
+ * The ZeroClipboard library provides an easy way to copy text to the clipboard using an invisible Adobe Flash movie and a JavaScript interface.
+ * Copyright (c) 2014 Jon Rohan, James M. Greene
+ * Licensed MIT
+ * http://zeroclipboard.org/
+ * v2.1.6
+ */
+!function(a,b){"use strict";var c,d,e=a,f=e.document,g=e.navigator,h=e.setTimeout,i=e.encodeURIComponent,j=e.ActiveXObject,k=e.Error,l=e.Number.parseInt||e.parseInt,m=e.Number.parseFloat||e.parseFloat,n=e.Number.isNaN||e.isNaN,o=e.Math.round,p=e.Date.now,q=e.Object.keys,r=e.Object.defineProperty,s=e.Object.prototype.hasOwnProperty,t=e.Array.prototype.slice,u=function(){var a=function(a){return a};if("function"==typeof e.wrap&&"function"==typeof e.unwrap)try{var b=f.createElement("div"),c=e.unwrap(b);1===b.nodeType&&c&&1===c.nodeType&&(a=e.unwrap)}catch(d){}return a}(),v=function(a){return t.call(a,0)},w=function(){var a,c,d,e,f,g,h=v(arguments),i=h[0]||{};for(a=1,c=h.length;c>a;a++)if(null!=(d=h[a]))for(e in d)s.call(d,e)&&(f=i[e],g=d[e],i!==g&&g!==b&&(i[e]=g));return i},x=function(a){var b,c,d,e;if("object"!=typeof a||null==a)b=a;else if("number"==typeof a.length)for(b=[],c=0,d=a.length;d>c;c++)s.call(a,c)&&(b[c]=x(a[c]));else{b={};for(e in a)s.call(a,e)&&(b[e]=x(a[e]))}return b},y=function(a,b){for(var c={},d=0,e=b.length;e>d;d++)b[d]in a&&(c[b[d]]=a[b[d]]);return c},z=function(a,b){var c={};for(var d in a)-1===b.indexOf(d)&&(c[d]=a[d]);return c},A=function(a){if(a)for(var b in a)s.call(a,b)&&delete a[b];return a},B=function(a,b){if(a&&1===a.nodeType&&a.ownerDocument&&b&&(1===b.nodeType&&b.ownerDocument&&b.ownerDocument===a.ownerDocument||9===b.nodeType&&!b.ownerDocument&&b===a.ownerDocument))do{if(a===b)return!0;a=a.parentNode}while(a);return!1},C=function(a){var b;return"string"==typeof a&&a&&(b=a.split("#")[0].split("?")[0],b=a.slice(0,a.lastIndexOf("/")+1)),b},D=function(a){var b,c;return"string"==typeof a&&a&&(c=a.match(/^(?:|[^:@]*@|.+\)@(?=http[s]?|file)|.+?\s+(?: at |@)(?:[^:\(]+ )*[\(]?)((?:http[s]?|file):\/\/[\/]?.+?\/[^:\)]*?)(?::\d+)(?::\d+)?/),c&&c[1]?b=c[1]:(c=a.match(/\)@((?:http[s]?|file):\/\/[\/]?.+?\/[^:\)]*?)(?::\d+)(?::\d+)?/),c&&c[1]&&(b=c[1]))),b},E=function(){var a,b;try{throw new k}catch(c){b=c}return b&&(a=b.sourceURL||b.fileName||D(b.stack)),a},F=function(){var a,c,d;if(f.currentScript&&(a=f.currentScript.src))return a;if(c=f.getElementsByTagName("script"),1===c.length)return c[0].src||b;if("readyState"in c[0])for(d=c.length;d--;)if("interactive"===c[d].readyState&&(a=c[d].src))return a;return"loading"===f.readyState&&(a=c[c.length-1].src)?a:(a=E())?a:b},G=function(){var a,c,d,e=f.getElementsByTagName("script");for(a=e.length;a--;){if(!(d=e[a].src)){c=null;break}if(d=C(d),null==c)c=d;else if(c!==d){c=null;break}}return c||b},H=function(){var a=C(F())||G()||"";return a+"ZeroClipboard.swf"},I={bridge:null,version:"0.0.0",pluginType:"unknown",disabled:null,outdated:null,unavailable:null,deactivated:null,overdue:null,ready:null},J="11.0.0",K={},L={},M=null,N={ready:"Flash communication is established",error:{"flash-disabled":"Flash is disabled or not installed","flash-outdated":"Flash is too outdated to support ZeroClipboard","flash-unavailable":"Flash is unable to communicate bidirectionally with JavaScript","flash-deactivated":"Flash is too outdated for your browser and/or is configured as click-to-activate","flash-overdue":"Flash communication was established but NOT within the acceptable time limit"}},O={swfPath:H(),trustedDomains:a.location.host?[a.location.host]:[],cacheBust:!0,forceEnhancedClipboard:!1,flashLoadTimeout:3e4,autoActivate:!0,bubbleEvents:!0,containerId:"global-zeroclipboard-html-bridge",containerClass:"global-zeroclipboard-container",swfObjectId:"global-zeroclipboard-flash-bridge",hoverClass:"zeroclipboard-is-hover",activeClass:"zeroclipboard-is-active",forceHandCursor:!1,title:null,zIndex:999999999},P=function(a){if("object"==typeof a&&null!==a)for(var b in a)if(s.call(a,b))if(/^(?:forceHandCursor|title|zIndex|bubbleEvents)$/.test(b))O[b]=a[b];else if(null==I.bridge)if("containerId"===b||"swfObjectId"===b){if(!cb(a[b]))throw new Error("The specified `"+b+"` value is not valid as an HTML4 Element ID");O[b]=a[b]}else O[b]=a[b];{if("string"!=typeof a||!a)return x(O);if(s.call(O,a))return O[a]}},Q=function(){return{browser:y(g,["userAgent","platform","appName"]),flash:z(I,["bridge"]),zeroclipboard:{version:Fb.version,config:Fb.config()}}},R=function(){return!!(I.disabled||I.outdated||I.unavailable||I.deactivated)},S=function(a,b){var c,d,e,f={};if("string"==typeof a&&a)e=a.toLowerCase().split(/\s+/);else if("object"==typeof a&&a&&"undefined"==typeof b)for(c in a)s.call(a,c)&&"string"==typeof c&&c&&"function"==typeof a[c]&&Fb.on(c,a[c]);if(e&&e.length){for(c=0,d=e.length;d>c;c++)a=e[c].replace(/^on/,""),f[a]=!0,K[a]||(K[a]=[]),K[a].push(b);if(f.ready&&I.ready&&Fb.emit({type:"ready"}),f.error){var g=["disabled","outdated","unavailable","deactivated","overdue"];for(c=0,d=g.length;d>c;c++)if(I[g[c]]===!0){Fb.emit({type:"error",name:"flash-"+g[c]});break}}}return Fb},T=function(a,b){var c,d,e,f,g;if(0===arguments.length)f=q(K);else if("string"==typeof a&&a)f=a.split(/\s+/);else if("object"==typeof a&&a&&"undefined"==typeof b)for(c in a)s.call(a,c)&&"string"==typeof c&&c&&"function"==typeof a[c]&&Fb.off(c,a[c]);if(f&&f.length)for(c=0,d=f.length;d>c;c++)if(a=f[c].toLowerCase().replace(/^on/,""),g=K[a],g&&g.length)if(b)for(e=g.indexOf(b);-1!==e;)g.splice(e,1),e=g.indexOf(b,e);else g.length=0;return Fb},U=function(a){var b;return b="string"==typeof a&&a?x(K[a])||null:x(K)},V=function(a){var b,c,d;return a=db(a),a&&!jb(a)?"ready"===a.type&&I.overdue===!0?Fb.emit({type:"error",name:"flash-overdue"}):(b=w({},a),ib.call(this,b),"copy"===a.type&&(d=pb(L),c=d.data,M=d.formatMap),c):void 0},W=function(){if("boolean"!=typeof I.ready&&(I.ready=!1),!Fb.isFlashUnusable()&&null===I.bridge){var a=O.flashLoadTimeout;"number"==typeof a&&a>=0&&h(function(){"boolean"!=typeof I.deactivated&&(I.deactivated=!0),I.deactivated===!0&&Fb.emit({type:"error",name:"flash-deactivated"})},a),I.overdue=!1,nb()}},X=function(){Fb.clearData(),Fb.blur(),Fb.emit("destroy"),ob(),Fb.off()},Y=function(a,b){var c;if("object"==typeof a&&a&&"undefined"==typeof b)c=a,Fb.clearData();else{if("string"!=typeof a||!a)return;c={},c[a]=b}for(var d in c)"string"==typeof d&&d&&s.call(c,d)&&"string"==typeof c[d]&&c[d]&&(L[d]=c[d])},Z=function(a){"undefined"==typeof a?(A(L),M=null):"string"==typeof a&&s.call(L,a)&&delete L[a]},$=function(a){return"undefined"==typeof a?x(L):"string"==typeof a&&s.call(L,a)?L[a]:void 0},_=function(a){if(a&&1===a.nodeType){c&&(xb(c,O.activeClass),c!==a&&xb(c,O.hoverClass)),c=a,wb(a,O.hoverClass);var b=a.getAttribute("title")||O.title;if("string"==typeof b&&b){var d=mb(I.bridge);d&&d.setAttribute("title",b)}var e=O.forceHandCursor===!0||"pointer"===yb(a,"cursor");Cb(e),Bb()}},ab=function(){var a=mb(I.bridge);a&&(a.removeAttribute("title"),a.style.left="0px",a.style.top="-9999px",a.style.width="1px",a.style.top="1px"),c&&(xb(c,O.hoverClass),xb(c,O.activeClass),c=null)},bb=function(){return c||null},cb=function(a){return"string"==typeof a&&a&&/^[A-Za-z][A-Za-z0-9_:\-\.]*$/.test(a)},db=function(a){var b;if("string"==typeof a&&a?(b=a,a={}):"object"==typeof a&&a&&"string"==typeof a.type&&a.type&&(b=a.type),b){!a.target&&/^(copy|aftercopy|_click)$/.test(b.toLowerCase())&&(a.target=d),w(a,{type:b.toLowerCase(),target:a.target||c||null,relatedTarget:a.relatedTarget||null,currentTarget:I&&I.bridge||null,timeStamp:a.timeStamp||p()||null});var e=N[a.type];return"error"===a.type&&a.name&&e&&(e=e[a.name]),e&&(a.message=e),"ready"===a.type&&w(a,{target:null,version:I.version}),"error"===a.type&&(/^flash-(disabled|outdated|unavailable|deactivated|overdue)$/.test(a.name)&&w(a,{target:null,minimumVersion:J}),/^flash-(outdated|unavailable|deactivated|overdue)$/.test(a.name)&&w(a,{version:I.version})),"copy"===a.type&&(a.clipboardData={setData:Fb.setData,clearData:Fb.clearData}),"aftercopy"===a.type&&(a=qb(a,M)),a.target&&!a.relatedTarget&&(a.relatedTarget=eb(a.target)),a=fb(a)}},eb=function(a){var b=a&&a.getAttribute&&a.getAttribute("data-clipboard-target");return b?f.getElementById(b):null},fb=function(a){if(a&&/^_(?:click|mouse(?:over|out|down|up|move))$/.test(a.type)){var c=a.target,d="_mouseover"===a.type&&a.relatedTarget?a.relatedTarget:b,g="_mouseout"===a.type&&a.relatedTarget?a.relatedTarget:b,h=Ab(c),i=e.screenLeft||e.screenX||0,j=e.screenTop||e.screenY||0,k=f.body.scrollLeft+f.documentElement.scrollLeft,l=f.body.scrollTop+f.documentElement.scrollTop,m=h.left+("number"==typeof a._stageX?a._stageX:0),n=h.top+("number"==typeof a._stageY?a._stageY:0),o=m-k,p=n-l,q=i+o,r=j+p,s="number"==typeof a.movementX?a.movementX:0,t="number"==typeof a.movementY?a.movementY:0;delete a._stageX,delete a._stageY,w(a,{srcElement:c,fromElement:d,toElement:g,screenX:q,screenY:r,pageX:m,pageY:n,clientX:o,clientY:p,x:o,y:p,movementX:s,movementY:t,offsetX:0,offsetY:0,layerX:0,layerY:0})}return a},gb=function(a){var b=a&&"string"==typeof a.type&&a.type||"";return!/^(?:(?:before)?copy|destroy)$/.test(b)},hb=function(a,b,c,d){d?h(function(){a.apply(b,c)},0):a.apply(b,c)},ib=function(a){if("object"==typeof a&&a&&a.type){var b=gb(a),c=K["*"]||[],d=K[a.type]||[],f=c.concat(d);if(f&&f.length){var g,h,i,j,k,l=this;for(g=0,h=f.length;h>g;g++)i=f[g],j=l,"string"==typeof i&&"function"==typeof e[i]&&(i=e[i]),"object"==typeof i&&i&&"function"==typeof i.handleEvent&&(j=i,i=i.handleEvent),"function"==typeof i&&(k=w({},a),hb(i,j,[k],b))}return this}},jb=function(a){var b=a.target||c||null,e="swf"===a._source;delete a._source;var f=["flash-disabled","flash-outdated","flash-unavailable","flash-deactivated","flash-overdue"];switch(a.type){case"error":-1!==f.indexOf(a.name)&&w(I,{disabled:"flash-disabled"===a.name,outdated:"flash-outdated"===a.name,unavailable:"flash-unavailable"===a.name,deactivated:"flash-deactivated"===a.name,overdue:"flash-overdue"===a.name,ready:!1});break;case"ready":var g=I.deactivated===!0;w(I,{disabled:!1,outdated:!1,unavailable:!1,deactivated:!1,overdue:g,ready:!g});break;case"beforecopy":d=b;break;case"copy":var h,i,j=a.relatedTarget;!L["text/html"]&&!L["text/plain"]&&j&&(i=j.value||j.outerHTML||j.innerHTML)&&(h=j.value||j.textContent||j.innerText)?(a.clipboardData.clearData(),a.clipboardData.setData("text/plain",h),i!==h&&a.clipboardData.setData("text/html",i)):!L["text/plain"]&&a.target&&(h=a.target.getAttribute("data-clipboard-text"))&&(a.clipboardData.clearData(),a.clipboardData.setData("text/plain",h));break;case"aftercopy":Fb.clearData(),b&&b!==vb()&&b.focus&&b.focus();break;case"_mouseover":Fb.focus(b),O.bubbleEvents===!0&&e&&(b&&b!==a.relatedTarget&&!B(a.relatedTarget,b)&&kb(w({},a,{type:"mouseenter",bubbles:!1,cancelable:!1})),kb(w({},a,{type:"mouseover"})));break;case"_mouseout":Fb.blur(),O.bubbleEvents===!0&&e&&(b&&b!==a.relatedTarget&&!B(a.relatedTarget,b)&&kb(w({},a,{type:"mouseleave",bubbles:!1,cancelable:!1})),kb(w({},a,{type:"mouseout"})));break;case"_mousedown":wb(b,O.activeClass),O.bubbleEvents===!0&&e&&kb(w({},a,{type:a.type.slice(1)}));break;case"_mouseup":xb(b,O.activeClass),O.bubbleEvents===!0&&e&&kb(w({},a,{type:a.type.slice(1)}));break;case"_click":d=null,O.bubbleEvents===!0&&e&&kb(w({},a,{type:a.type.slice(1)}));break;case"_mousemove":O.bubbleEvents===!0&&e&&kb(w({},a,{type:a.type.slice(1)}))}return/^_(?:click|mouse(?:over|out|down|up|move))$/.test(a.type)?!0:void 0},kb=function(a){if(a&&"string"==typeof a.type&&a){var b,c=a.target||null,d=c&&c.ownerDocument||f,g={view:d.defaultView||e,canBubble:!0,cancelable:!0,detail:"click"===a.type?1:0,button:"number"==typeof a.which?a.which-1:"number"==typeof a.button?a.button:d.createEvent?0:1},h=w(g,a);c&&d.createEvent&&c.dispatchEvent&&(h=[h.type,h.canBubble,h.cancelable,h.view,h.detail,h.screenX,h.screenY,h.clientX,h.clientY,h.ctrlKey,h.altKey,h.shiftKey,h.metaKey,h.button,h.relatedTarget],b=d.createEvent("MouseEvents"),b.initMouseEvent&&(b.initMouseEvent.apply(b,h),b._source="js",c.dispatchEvent(b)))}},lb=function(){var a=f.createElement("div");return a.id=O.containerId,a.className=O.containerClass,a.style.position="absolute",a.style.left="0px",a.style.top="-9999px",a.style.width="1px",a.style.height="1px",a.style.zIndex=""+Db(O.zIndex),a},mb=function(a){for(var b=a&&a.parentNode;b&&"OBJECT"===b.nodeName&&b.parentNode;)b=b.parentNode;return b||null},nb=function(){var a,b=I.bridge,c=mb(b);if(!b){var d=ub(e.location.host,O),g="never"===d?"none":"all",h=sb(O),i=O.swfPath+rb(O.swfPath,O);c=lb();var j=f.createElement("div");c.appendChild(j),f.body.appendChild(c);var k=f.createElement("div"),l="activex"===I.pluginType;k.innerHTML='<object id="'+O.swfObjectId+'" name="'+O.swfObjectId+'" width="100%" height="100%" '+(l?'classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"':'type="application/x-shockwave-flash" data="'+i+'"')+">"+(l?'<param name="movie" value="'+i+'"/>':"")+'<param name="allowScriptAccess" value="'+d+'"/><param name="allowNetworking" value="'+g+'"/><param name="menu" value="false"/><param name="wmode" value="transparent"/><param name="flashvars" value="'+h+'"/></object>',b=k.firstChild,k=null,u(b).ZeroClipboard=Fb,c.replaceChild(b,j)}return b||(b=f[O.swfObjectId],b&&(a=b.length)&&(b=b[a-1]),!b&&c&&(b=c.firstChild)),I.bridge=b||null,b},ob=function(){var a=I.bridge;if(a){var b=mb(a);b&&("activex"===I.pluginType&&"readyState"in a?(a.style.display="none",function c(){if(4===a.readyState){for(var d in a)"function"==typeof a[d]&&(a[d]=null);a.parentNode&&a.parentNode.removeChild(a),b.parentNode&&b.parentNode.removeChild(b)}else h(c,10)}()):(a.parentNode&&a.parentNode.removeChild(a),b.parentNode&&b.parentNode.removeChild(b))),I.ready=null,I.bridge=null,I.deactivated=null}},pb=function(a){var b={},c={};if("object"==typeof a&&a){for(var d in a)if(d&&s.call(a,d)&&"string"==typeof a[d]&&a[d])switch(d.toLowerCase()){case"text/plain":case"text":case"air:text":case"flash:text":b.text=a[d],c.text=d;break;case"text/html":case"html":case"air:html":case"flash:html":b.html=a[d],c.html=d;break;case"application/rtf":case"text/rtf":case"rtf":case"richtext":case"air:rtf":case"flash:rtf":b.rtf=a[d],c.rtf=d}return{data:b,formatMap:c}}},qb=function(a,b){if("object"!=typeof a||!a||"object"!=typeof b||!b)return a;var c={};for(var d in a)if(s.call(a,d)){if("success"!==d&&"data"!==d){c[d]=a[d];continue}c[d]={};var e=a[d];for(var f in e)f&&s.call(e,f)&&s.call(b,f)&&(c[d][b[f]]=e[f])}return c},rb=function(a,b){var c=null==b||b&&b.cacheBust===!0;return c?(-1===a.indexOf("?")?"?":"&")+"noCache="+p():""},sb=function(a){var b,c,d,f,g="",h=[];if(a.trustedDomains&&("string"==typeof a.trustedDomains?f=[a.trustedDomains]:"object"==typeof a.trustedDomains&&"length"in a.trustedDomains&&(f=a.trustedDomains)),f&&f.length)for(b=0,c=f.length;c>b;b++)if(s.call(f,b)&&f[b]&&"string"==typeof f[b]){if(d=tb(f[b]),!d)continue;if("*"===d){h.length=0,h.push(d);break}h.push.apply(h,[d,"//"+d,e.location.protocol+"//"+d])}return h.length&&(g+="trustedOrigins="+i(h.join(","))),a.forceEnhancedClipboard===!0&&(g+=(g?"&":"")+"forceEnhancedClipboard=true"),"string"==typeof a.swfObjectId&&a.swfObjectId&&(g+=(g?"&":"")+"swfObjectId="+i(a.swfObjectId)),g},tb=function(a){if(null==a||""===a)return null;if(a=a.replace(/^\s+|\s+$/g,""),""===a)return null;var b=a.indexOf("//");a=-1===b?a:a.slice(b+2);var c=a.indexOf("/");return a=-1===c?a:-1===b||0===c?null:a.slice(0,c),a&&".swf"===a.slice(-4).toLowerCase()?null:a||null},ub=function(){var a=function(a){var b,c,d,e=[];if("string"==typeof a&&(a=[a]),"object"!=typeof a||!a||"number"!=typeof a.length)return e;for(b=0,c=a.length;c>b;b++)if(s.call(a,b)&&(d=tb(a[b]))){if("*"===d){e.length=0,e.push("*");break}-1===e.indexOf(d)&&e.push(d)}return e};return function(b,c){var d=tb(c.swfPath);null===d&&(d=b);var e=a(c.trustedDomains),f=e.length;if(f>0){if(1===f&&"*"===e[0])return"always";if(-1!==e.indexOf(b))return 1===f&&b===d?"sameDomain":"always"}return"never"}}(),vb=function(){try{return f.activeElement}catch(a){return null}},wb=function(a,b){if(!a||1!==a.nodeType)return a;if(a.classList)return a.classList.contains(b)||a.classList.add(b),a;if(b&&"string"==typeof b){var c=(b||"").split(/\s+/);if(1===a.nodeType)if(a.className){for(var d=" "+a.className+" ",e=a.className,f=0,g=c.length;g>f;f++)d.indexOf(" "+c[f]+" ")<0&&(e+=" "+c[f]);a.className=e.replace(/^\s+|\s+$/g,"")}else a.className=b}return a},xb=function(a,b){if(!a||1!==a.nodeType)return a;if(a.classList)return a.classList.contains(b)&&a.classList.remove(b),a;if("string"==typeof b&&b){var c=b.split(/\s+/);if(1===a.nodeType&&a.className){for(var d=(" "+a.className+" ").replace(/[\n\t]/g," "),e=0,f=c.length;f>e;e++)d=d.replace(" "+c[e]+" "," ");a.className=d.replace(/^\s+|\s+$/g,"")}}return a},yb=function(a,b){var c=e.getComputedStyle(a,null).getPropertyValue(b);return"cursor"!==b||c&&"auto"!==c||"A"!==a.nodeName?c:"pointer"},zb=function(){var a,b,c,d=1;return"function"==typeof f.body.getBoundingClientRect&&(a=f.body.getBoundingClientRect(),b=a.right-a.left,c=f.body.offsetWidth,d=o(b/c*100)/100),d},Ab=function(a){var b={left:0,top:0,width:0,height:0};if(a.getBoundingClientRect){var c,d,g,h=a.getBoundingClientRect();"pageXOffset"in e&&"pageYOffset"in e?(c=e.pageXOffset,d=e.pageYOffset):(g=zb(),c=o(f.documentElement.scrollLeft/g),d=o(f.documentElement.scrollTop/g));var i=f.documentElement.clientLeft||0,j=f.documentElement.clientTop||0;b.left=h.left+c-i,b.top=h.top+d-j,b.width="width"in h?h.width:h.right-h.left,b.height="height"in h?h.height:h.bottom-h.top}return b},Bb=function(){var a;if(c&&(a=mb(I.bridge))){var b=Ab(c);w(a.style,{width:b.width+"px",height:b.height+"px",top:b.top+"px",left:b.left+"px",zIndex:""+Db(O.zIndex)})}},Cb=function(a){I.ready===!0&&(I.bridge&&"function"==typeof I.bridge.setHandCursor?I.bridge.setHandCursor(a):I.ready=!1)},Db=function(a){if(/^(?:auto|inherit)$/.test(a))return a;var b;return"number"!=typeof a||n(a)?"string"==typeof a&&(b=Db(l(a,10))):b=a,"number"==typeof b?b:"auto"},Eb=function(a){function b(a){var b=a.match(/[\d]+/g);return b.length=3,b.join(".")}function c(a){return!!a&&(a=a.toLowerCase())&&(/^(pepflashplayer\.dll|libpepflashplayer\.so|pepperflashplayer\.plugin)$/.test(a)||"chrome.plugin"===a.slice(-13))}function d(a){a&&(i=!0,a.version&&(l=b(a.version)),!l&&a.description&&(l=b(a.description)),a.filename&&(k=c(a.filename)))}var e,f,h,i=!1,j=!1,k=!1,l="";if(g.plugins&&g.plugins.length)e=g.plugins["Shockwave Flash"],d(e),g.plugins["Shockwave Flash 2.0"]&&(i=!0,l="2.0.0.11");else if(g.mimeTypes&&g.mimeTypes.length)h=g.mimeTypes["application/x-shockwave-flash"],e=h&&h.enabledPlugin,d(e);else if("undefined"!=typeof a){j=!0;try{f=new a("ShockwaveFlash.ShockwaveFlash.7"),i=!0,l=b(f.GetVariable("$version"))}catch(n){try{f=new a("ShockwaveFlash.ShockwaveFlash.6"),i=!0,l="6.0.21"}catch(o){try{f=new a("ShockwaveFlash.ShockwaveFlash"),i=!0,l=b(f.GetVariable("$version"))}catch(p){j=!1}}}}I.disabled=i!==!0,I.outdated=l&&m(l)<m(J),I.version=l||"0.0.0",I.pluginType=k?"pepper":j?"activex":i?"netscape":"unknown"};Eb(j);var Fb=function(){return this instanceof Fb?void("function"==typeof Fb._createClient&&Fb._createClient.apply(this,v(arguments))):new Fb};r(Fb,"version",{value:"2.1.6",writable:!1,configurable:!0,enumerable:!0}),Fb.config=function(){return P.apply(this,v(arguments))},Fb.state=function(){return Q.apply(this,v(arguments))},Fb.isFlashUnusable=function(){return R.apply(this,v(arguments))},Fb.on=function(){return S.apply(this,v(arguments))},Fb.off=function(){return T.apply(this,v(arguments))},Fb.handlers=function(){return U.apply(this,v(arguments))},Fb.emit=function(){return V.apply(this,v(arguments))},Fb.create=function(){return W.apply(this,v(arguments))},Fb.destroy=function(){return X.apply(this,v(arguments))},Fb.setData=function(){return Y.apply(this,v(arguments))},Fb.clearData=function(){return Z.apply(this,v(arguments))},Fb.getData=function(){return $.apply(this,v(arguments))},Fb.focus=Fb.activate=function(){return _.apply(this,v(arguments))},Fb.blur=Fb.deactivate=function(){return ab.apply(this,v(arguments))},Fb.activeElement=function(){return bb.apply(this,v(arguments))};var Gb=0,Hb={},Ib=0,Jb={},Kb={};w(O,{autoActivate:!0});var Lb=function(a){var b=this;b.id=""+Gb++,Hb[b.id]={instance:b,elements:[],handlers:{}},a&&b.clip(a),Fb.on("*",function(a){return b.emit(a)}),Fb.on("destroy",function(){b.destroy()}),Fb.create()},Mb=function(a,b){var c,d,e,f={},g=Hb[this.id]&&Hb[this.id].handlers;if("string"==typeof a&&a)e=a.toLowerCase().split(/\s+/);else if("object"==typeof a&&a&&"undefined"==typeof b)for(c in a)s.call(a,c)&&"string"==typeof c&&c&&"function"==typeof a[c]&&this.on(c,a[c]);if(e&&e.length){for(c=0,d=e.length;d>c;c++)a=e[c].replace(/^on/,""),f[a]=!0,g[a]||(g[a]=[]),g[a].push(b);if(f.ready&&I.ready&&this.emit({type:"ready",client:this}),f.error){var h=["disabled","outdated","unavailable","deactivated","overdue"];for(c=0,d=h.length;d>c;c++)if(I[h[c]]){this.emit({type:"error",name:"flash-"+h[c],client:this});break}}}return this},Nb=function(a,b){var c,d,e,f,g,h=Hb[this.id]&&Hb[this.id].handlers;if(0===arguments.length)f=q(h);else if("string"==typeof a&&a)f=a.split(/\s+/);else if("object"==typeof a&&a&&"undefined"==typeof b)for(c in a)s.call(a,c)&&"string"==typeof c&&c&&"function"==typeof a[c]&&this.off(c,a[c]);if(f&&f.length)for(c=0,d=f.length;d>c;c++)if(a=f[c].toLowerCase().replace(/^on/,""),g=h[a],g&&g.length)if(b)for(e=g.indexOf(b);-1!==e;)g.splice(e,1),e=g.indexOf(b,e);else g.length=0;return this},Ob=function(a){var b=null,c=Hb[this.id]&&Hb[this.id].handlers;return c&&(b="string"==typeof a&&a?c[a]?c[a].slice(0):[]:x(c)),b},Pb=function(a){if(Ub.call(this,a)){"object"==typeof a&&a&&"string"==typeof a.type&&a.type&&(a=w({},a));var b=w({},db(a),{client:this});Vb.call(this,b)}return this},Qb=function(a){a=Wb(a);for(var b=0;b<a.length;b++)if(s.call(a,b)&&a[b]&&1===a[b].nodeType){a[b].zcClippingId?-1===Jb[a[b].zcClippingId].indexOf(this.id)&&Jb[a[b].zcClippingId].push(this.id):(a[b].zcClippingId="zcClippingId_"+Ib++,Jb[a[b].zcClippingId]=[this.id],O.autoActivate===!0&&Xb(a[b]));var c=Hb[this.id]&&Hb[this.id].elements;-1===c.indexOf(a[b])&&c.push(a[b])}return this},Rb=function(a){var b=Hb[this.id];if(!b)return this;var c,d=b.elements;a="undefined"==typeof a?d.slice(0):Wb(a);for(var e=a.length;e--;)if(s.call(a,e)&&a[e]&&1===a[e].nodeType){for(c=0;-1!==(c=d.indexOf(a[e],c));)d.splice(c,1);var f=Jb[a[e].zcClippingId];if(f){for(c=0;-1!==(c=f.indexOf(this.id,c));)f.splice(c,1);0===f.length&&(O.autoActivate===!0&&Yb(a[e]),delete a[e].zcClippingId)}}return this},Sb=function(){var a=Hb[this.id];return a&&a.elements?a.elements.slice(0):[]},Tb=function(){this.unclip(),this.off(),delete Hb[this.id]},Ub=function(a){if(!a||!a.type)return!1;if(a.client&&a.client!==this)return!1;var b=Hb[this.id]&&Hb[this.id].elements,c=!!b&&b.length>0,d=!a.target||c&&-1!==b.indexOf(a.target),e=a.relatedTarget&&c&&-1!==b.indexOf(a.relatedTarget),f=a.client&&a.client===this;return d||e||f?!0:!1},Vb=function(a){if("object"==typeof a&&a&&a.type){var b=gb(a),c=Hb[this.id]&&Hb[this.id].handlers["*"]||[],d=Hb[this.id]&&Hb[this.id].handlers[a.type]||[],f=c.concat(d);if(f&&f.length){var g,h,i,j,k,l=this;for(g=0,h=f.length;h>g;g++)i=f[g],j=l,"string"==typeof i&&"function"==typeof e[i]&&(i=e[i]),"object"==typeof i&&i&&"function"==typeof i.handleEvent&&(j=i,i=i.handleEvent),"function"==typeof i&&(k=w({},a),hb(i,j,[k],b))}return this}},Wb=function(a){return"string"==typeof a&&(a=[]),"number"!=typeof a.length?[a]:a},Xb=function(a){if(a&&1===a.nodeType){var b=function(a){(a||(a=e.event))&&("js"!==a._source&&(a.stopImmediatePropagation(),a.preventDefault()),delete a._source)},c=function(c){(c||(c=e.event))&&(b(c),Fb.focus(a))};a.addEventListener("mouseover",c,!1),a.addEventListener("mouseout",b,!1),a.addEventListener("mouseenter",b,!1),a.addEventListener("mouseleave",b,!1),a.addEventListener("mousemove",b,!1),Kb[a.zcClippingId]={mouseover:c,mouseout:b,mouseenter:b,mouseleave:b,mousemove:b}}},Yb=function(a){if(a&&1===a.nodeType){var b=Kb[a.zcClippingId];if("object"==typeof b&&b){for(var c,d,e=["move","leave","enter","out","over"],f=0,g=e.length;g>f;f++)c="mouse"+e[f],d=b[c],"function"==typeof d&&a.removeEventListener(c,d,!1);delete Kb[a.zcClippingId]}}};Fb._createClient=function(){Lb.apply(this,v(arguments))},Fb.prototype.on=function(){return Mb.apply(this,v(arguments))},Fb.prototype.off=function(){return Nb.apply(this,v(arguments))},Fb.prototype.handlers=function(){return Ob.apply(this,v(arguments))},Fb.prototype.emit=function(){return Pb.apply(this,v(arguments))},Fb.prototype.clip=function(){return Qb.apply(this,v(arguments))},Fb.prototype.unclip=function(){return Rb.apply(this,v(arguments))},Fb.prototype.elements=function(){return Sb.apply(this,v(arguments))},Fb.prototype.destroy=function(){return Tb.apply(this,v(arguments))},Fb.prototype.setText=function(a){return Fb.setData("text/plain",a),this},Fb.prototype.setHtml=function(a){return Fb.setData("text/html",a),this},Fb.prototype.setRichText=function(a){return Fb.setData("application/rtf",a),this},Fb.prototype.setData=function(){return Fb.setData.apply(this,v(arguments)),this},Fb.prototype.clearData=function(){return Fb.clearData.apply(this,v(arguments)),this},Fb.prototype.getData=function(){return Fb.getData.apply(this,v(arguments))},"function"==typeof define&&define.amd?define(function(){return Fb}):"object"==typeof module&&module&&"object"==typeof module.exports&&module.exports?module.exports=Fb:a.ZeroClipboard=Fb}(function(){return this||window}());
+window.ZeroClipboard = ZeroClipboard;
\ No newline at end of file
diff --git a/static/lib/ZeroClipboard.swf b/static/lib/ZeroClipboard.swf
old mode 100755
new mode 100644
index 880e64ee7..d4e2561b3
Binary files a/static/lib/ZeroClipboard.swf and b/static/lib/ZeroClipboard.swf differ
diff --git a/static/partials/confirm-invite.html b/static/partials/confirm-invite.html
new file mode 100644
index 000000000..e3d883e53
--- /dev/null
+++ b/static/partials/confirm-invite.html
@@ -0,0 +1,15 @@
+<div class="confirm-invite">
+  <div class="container signin-container">
+    <div class="row">
+      <div class="col-sm-6 col-sm-offset-3">
+        <div class="user-setup" ng-show="user.anonymous" redirect-url="redirectUrl"
+             invite-code="inviteCode">
+        </div>        
+        <div class="quay-spinner" ng-show="!user.anonymous && loading"></div>
+        <div class="alert alert-danger" ng-show="!user.anonymous && invalid">
+          {{ invalid }}
+        </div>
+      </div>
+    </div>
+  </div>
+</div>
diff --git a/static/partials/landing-login.html b/static/partials/landing-login.html
index e2500815a..0a3046d2a 100644
--- a/static/partials/landing-login.html
+++ b/static/partials/landing-login.html
@@ -24,7 +24,7 @@
                   <a ng-href="/repository/{{ repository.namespace }}/{{ repository.name }}">{{repository.namespace}}/{{repository.name}}</a>
                   <div class="markdown-view description" content="repository.description" first-line-only="true"></div>
                 </div>
-                <a href="/repository/?namespace={{ user.username }}">See All Repositories</a>
+                <a href="/repository/?namespace={{ namespace }}">See All Repositories</a>
               </div>
 
               <!-- No Repos -->
diff --git a/static/partials/landing-normal.html b/static/partials/landing-normal.html
index 8a0badad1..6b9b6e42e 100644
--- a/static/partials/landing-normal.html
+++ b/static/partials/landing-normal.html
@@ -34,7 +34,7 @@
                   <a ng-href="/repository/{{ repository.namespace }}/{{ repository.name }}">{{repository.namespace}}/{{repository.name}}</a>
                   <div class="markdown-view description" content="repository.description" first-line-only="true"></div>
                 </div>
-                <a href="/repository/?namespace={{ user.username }}">See All Repositories</a>
+                <a href="/repository/?namespace={{ namespace }}">See All Repositories</a>
               </div>
 
               <!-- No Repos -->
diff --git a/static/partials/org-member-logs.html b/static/partials/org-member-logs.html
index 140a17346..a2d2b1823 100644
--- a/static/partials/org-member-logs.html
+++ b/static/partials/org-member-logs.html
@@ -1,6 +1,7 @@
 <div class="resource-view" resource="memberResource" error-message="'Member not found'">
   <div class="org-member-logs container">
     <div class="organization-header" organization="organization" clickable="true"></div>
-    <div class="logs-view" organization="organization" performer="memberInfo" makevisible="organization && memberInfo && ready"></div>
+    <div class="logs-view" organization="organization" performer="memberInfo"
+         makevisible="organization && memberInfo && ready"></div>
   </div>
 </div>
diff --git a/static/partials/plans.html b/static/partials/plans.html
index 2265f8155..18c7deebb 100644
--- a/static/partials/plans.html
+++ b/static/partials/plans.html
@@ -34,6 +34,13 @@
             </span>
             <i class="fa fa-upload visible-lg"></i>
           </div>
+          <div class="feature">
+            <span class="context-tooltip" bs-tooltip="tooltip.title" data-container="body" data-placement="right"
+                  data-title="Administrators can view and download the full invoice history for their organization">
+              Invoice History
+            </span>
+            <i class="fa fa-calendar visible-lg"></i>
+          </div>
           <div class="feature">
             <span class="context-tooltip" bs-tooltip="tooltip.title" data-container="body" data-placement="right"
                   data-title="Grant subsets of users in an organization their own permissions, either on a global basis or a per-repository basis">
@@ -48,13 +55,6 @@
             </span>
             <i class="fa fa-bar-chart-o visible-lg"></i>
           </div>
-          <div class="feature">
-            <span class="context-tooltip" bs-tooltip="tooltip.title" data-container="body" data-placement="right"
-                  data-title="Administrators can view and download the full invoice history for their organization">
-              Invoice History
-            </span>
-            <i class="fa fa-calendar visible-lg"></i>
-          </div>
           <div class="feature">
             <span class="context-tooltip" bs-tooltip="tooltip.title" data-container="body" data-placement="right"
                   data-title="All plans have a free trial">
@@ -81,7 +81,7 @@
           <div class="feature present"></div>
           <div class="feature present"></div>
           <div class="feature present"></div>
-          <div class="feature" ng-class="plan.bus_features ? 'present' : ''"></div>
+          <div class="feature present"></div>
           <div class="feature" ng-class="plan.bus_features ? 'present' : ''"></div>
           <div class="feature" ng-class="plan.bus_features ? 'present' : ''"></div>
           <div class="feature present"></div>
@@ -93,9 +93,9 @@
           <div class="feature present">SSL Encryption</div>
           <div class="feature present">Robot accounts</div>
           <div class="feature present">Dockerfile Build</div>
+          <div class="feature present">Invoice History</div>
           <div class="feature" ng-class="plan.bus_features ? 'present' : 'notpresent'">Teams</div>
           <div class="feature" ng-class="plan.bus_features ? 'present' : 'notpresent'">Logging</div>
-          <div class="feature" ng-class="plan.bus_features ? 'present' : 'notpresent'">Invoice History</div>
           <div class="feature present">Free Trial</div>
         </div>
 
diff --git a/static/partials/repo-admin.html b/static/partials/repo-admin.html
index b3ef4b51b..f22431232 100644
--- a/static/partials/repo-admin.html
+++ b/static/partials/repo-admin.html
@@ -18,7 +18,8 @@
     <div class="col-md-2">
       <ul class="nav nav-pills nav-stacked">
         <li class="active"><a href="javascript:void(0)" data-toggle="tab" data-target="#permissions">Permissions</a></li>
-        <li><a href="javascript:void(0)" data-toggle="tab" data-target="#trigger" ng-click="loadTriggers()">Build Triggers</a></li>
+        <li><a href="javascript:void(0)" data-toggle="tab" data-target="#trigger" ng-click="loadTriggers()"
+               quay-show="Features.BUILD_SUPPORT">Build Triggers</a></li>
         <li><a href="javascript:void(0)" data-toggle="tab" data-target="#badge">Status Badge</a></li>
         <li><a href="javascript:void(0)" data-toggle="tab" data-target="#notification" ng-click="loadNotifications()">Notifications</a></li>
         <li><a href="javascript:void(0)" data-toggle="tab" data-target="#publicprivate">Public/Private</a></li>
@@ -225,7 +226,7 @@
         </div>
 
         <!-- Triggers tab -->
-        <div id="trigger" class="tab-pane">
+        <div id="trigger" class="tab-pane" quay-show="['BUILD_SUPPORT']">
           <div class="panel panel-default">
             <div class="panel-heading">Build Triggers
               <i class="info-icon fa fa-info-circle" data-placement="left" data-content="Triggers from various services (such as GitHub) which tell the repository to be built and updated."></i>
@@ -377,6 +378,12 @@
      counter="showNewNotificationCounter"
      notification-created="handleNotificationCreated(notification)"></div>
 
+<!-- Manual trigger dialog -->
+<div class="manual-trigger-build-dialog" repository="repo"
+     trigger="currentStartTrigger"
+     counter="showManualBuildDialog"
+     start-build="startTrigger(trigger, parameters)"></div>
+
 <!-- Modal message dialog -->
 <div class="modal fade" id="makepublicModal">
   <div class="modal-dialog">
diff --git a/static/partials/repo-build.html b/static/partials/repo-build.html
index 3afe87508..c8a352b5f 100644
--- a/static/partials/repo-build.html
+++ b/static/partials/repo-build.html
@@ -77,7 +77,7 @@
                   <span class="container-content build-log-phase" phase="container"></span>
                 </div>
                 <div ng-switch-when="error">
-                  <span class="container-content build-log-error" error="container"></span>
+                  <span class="container-content build-log-error" error="container" entries="logEntries"></span>
                 </div>
                 <div ng-switch-when="command">
                   <span class="container-content build-log-command" command="container"></span>
@@ -94,7 +94,7 @@
             </div>
           </div>
           <div style="margin-top: 10px">
-            <span class="quay-spinner" ng-show="polling"></span>
+            <span class="quay-spinner" ng-show="pollChannel.working"></span>
             <button class="btn" ng-show="(build.phase == 'error' || build.phase == 'complete') && build.resource_key"
                     ng-class="build.phase == 'error' ? 'btn-success' : 'btn-default'"
                     ng-click="askRestartBuild(build)">
diff --git a/static/partials/signin.html b/static/partials/signin.html
index 4aac6cb7e..2a1a9563d 100644
--- a/static/partials/signin.html
+++ b/static/partials/signin.html
@@ -1,7 +1,7 @@
 <div class="container signin-container">
   <div class="row">
     <div class="col-sm-6 col-sm-offset-3">
-      <div class="user-setup" redirect-url="'/'"></div>
+      <div class="user-setup" redirect-url="redirectUrl"></div>
     </div>
   </div>
 </div>
diff --git a/static/partials/super-user.html b/static/partials/super-user.html
index 64b043331..a12f9f5b2 100644
--- a/static/partials/super-user.html
+++ b/static/partials/super-user.html
@@ -1,4 +1,4 @@
-<div class="container" quay-show="Features.SUPER_USERS">
+<div class="container" quay-show="Features.SUPER_USERS && showInterface">
   <div class="alert alert-info">
     This panel provides administrator access to <strong>super users of this installation of the registry</strong>. Super users can be managed in the configuration for this installation.
   </div>
@@ -8,10 +8,13 @@
     <div class="col-md-2">
       <ul class="nav nav-pills nav-stacked">
         <li class="active">
-          <a href="javascript:void(0)" data-toggle="tab" data-target="#license">License and Usage</a>
+          <a href="javascript:void(0)" data-toggle="tab" data-target="#users" ng-click="loadUsers()">Users</a>
         </li>
         <li>
-          <a href="javascript:void(0)" data-toggle="tab" data-target="#users" ng-click="loadUsers()">Users</a>
+          <a href="javascript:void(0)" data-toggle="tab" data-target="#create-user">Create User</a>
+        </li>
+        <li>
+          <a href="javascript:void(0)" data-toggle="tab" data-target="#logs" ng-click="loadLogs()">System Logs</a>
         </li>
       </ul>
     </div>
@@ -19,23 +22,52 @@
     <!-- Content -->
     <div class="col-md-10">
       <div class="tab-content">
-        <!-- License tab -->
-        <div id="license" class="tab-pane active">
-          <div class="quay-spinner 3x" ng-show="usageLoading"></div>
-           <!-- Chart -->
-           <div>
-             <div id="seat-usage-chart" class="usage-chart limit-{{limit}}"></div>
-             <span class="usage-caption" ng-show="chart">Seat Usage</span>
-           </div>
+        <!-- Logs tab -->
+        <div id="logs" class="tab-pane">
+          <div class="logsView" makevisible="logsCounter" all-logs="true"></div>
+        </div>
 
+        <!-- Create user tab -->
+        <div id="create-user" class="tab-pane">
+          <span class="quay-spinner" ng-show="creatingUser"></span>
+          <form name="createUserForm" ng-submit="createUser()" ng-show="!creatingUser">
+            <div class="form-group">
+              <label>Username</label>
+              <input class="form-control" type="text" ng-model="newUser.username" ng-pattern="/^[a-z0-9_]{4,30}$/" required>
+            </div>
+
+            <div class="form-group">
+              <label>Email address</label>
+              <input class="form-control" type="email" ng-model="newUser.email" required>
+            </div>
+
+            <button class="btn btn-primary" type="submit" ng-disabled="!createUserForm.$valid">Create User</button>
+          </form> 
+
+          <div style="margin-top: 20px; padding-top: 20px; border-top: 1px solid #eee;" ng-show="createdUsers.length">
+            <table class="table">
+              <thead>
+                <th>Username</th>
+                <th>E-mail address</th>
+                <th>Temporary Password</th>
+              </thead>
+
+              <tr ng-repeat="created_user in createdUsers"
+                  class="user-row">
+                  <td>{{ created_user.username }}</td>
+                  <td>{{ created_user.email }}</td>
+                  <td>{{ created_user.password }}</td>
+              </tr>
+            </table>            
+          </div>  
         </div>
 
         <!-- Users tab -->
-        <div id="users" class="tab-pane">
+        <div id="users" class="tab-pane active">
           <div class="quay-spinner" ng-show="!users"></div>
           <div class="alert alert-error" ng-show="usersError">
             {{ usersError }}
-          </div>
+          </div>          
           <div ng-show="users">
             <div class="side-controls">      
               <div class="result-count">
@@ -51,8 +83,7 @@
               <thead>
                 <th>Username</th>
                 <th>E-mail address</th>
-                <th></th>
-                <th></th>
+                <th style="width: 24px;"></th>
               </thead>
               
               <tr ng-repeat="current_user in (users | filter:search | orderBy:'username' | limitTo:100)"
@@ -65,19 +96,20 @@
                 <td>
                   <a href="mailto:{{ current_user.email }}">{{ current_user.email }}</a>
                 </td>
-                <td class="user-class">
-                  <span ng-if="current_user.super_user">Super user</span>
-                </td>
-                <td>
-                  <div class="dropdown" ng-if="user.username != current_user.username && !user.super_user">
+                <td style="text-align: center;">
+                  <i class="fa fa-ge fa-lg" ng-if="current_user.super_user" data-title="Super User" bs-tooltip></i>
+                  <div class="dropdown" style="text-align: left;" ng-if="user.username != current_user.username && !current_user.super_user">
                     <button class="btn btn-default dropdown-toggle" data-toggle="dropdown">
-                      <i class="fa fa-ellipsis-h"></i>
+                      <i class="caret"></i>
                     </button>
-                    <ul class="dropdown-menu">
+                    <ul class="dropdown-menu pull-right">
                       <li>
                         <a href="javascript:void(0)" ng-click="showChangePassword(current_user)">
                           <i class="fa fa-key"></i> Change Password
                         </a>
+                        <a href="javascript:void(0)" ng-click="sendRecoveryEmail(current_user)" quay-show="Features.MAILING">
+                          <i class="fa fa-envelope"></i> Send Recovery Email
+                        </a>
                         <a href="javascript:void(0)" ng-click="showDeleteUser(current_user)">
                           <i class="fa fa-times"></i> Delete User
                         </a>
diff --git a/static/partials/team-view.html b/static/partials/team-view.html
index b55721455..90ef77696 100644
--- a/static/partials/team-view.html
+++ b/static/partials/team-view.html
@@ -1,40 +1,92 @@
 <div class="resource-view" resource="orgResource" error-message="'No matching organization'">
   <div class="team-view container">
-    <div class="organization-header" organization="organization" team-name="teamname"></div>
+    <div class="organization-header" organization="organization" team-name="teamname">
+      <div ng-show="canEditMembers" class="side-controls">
+        <div class="hidden-sm hidden-xs">
+        <button class="btn btn-success"
+                id="showAddMember"
+                data-title="Add Team Member"
+                data-content-template="/static/directives/team-view-add.html" 
+                data-placement="bottom-right"                
+                bs-popover="bs-popover">
+          <i class="fa fa-plus"></i>
+          Add Team Member
+        </button>
+        </div>
+      </div>
+    </div>
     
     <div class="resource-view" resource="membersResource" error-message="'No matching team found'">
       <div class="description markdown-input" content="team.description" can-write="organization.is_admin"
            content-changed="updateForDescription" field-title="'team description'"></div>       
 
-      <div class="panel panel-default">
-        <div class="panel-heading">Team Members
-          <i class="info-icon fa fa-info-circle" data-placement="left" data-content="Users that inherit all permissions delegated to this team"></i>
-        </div>
-        <div class="panel-body">
-          <table class="permissions">        
-            <tr ng-repeat="(name, member) in members">
-              <td class="user entity">
-                <span class="entity-reference" entity="member" namespace="organization.name"></span>
-              </td>
-              <td>
-                <span class="delete-ui" delete-title="'Remove User From Team'" button-title="'Remove'"
-                      perform-delete="removeMember(member.name)" ng-if="canEditMembers"></span>
-              </td>
-            </tr>
-            
-            <tr ng-show="canEditMembers">
-              <td colspan="3">
-                <div class="entity-search" style="width: 100%"
-                     namespace="orgname" placeholder="'Add a registered user or robot...'"
-                     entity-selected="addNewMember(entity)"
-                     current-entity="selectedMember"
-                     auto-clear="true"
-                     allowed-entities="['user', 'robot']"></div>
-              </td>
-            </tr>
-          </table>
+      <div class="empty-message" ng-if="!members.length">
+        This team has no members
+      </div>
+
+      <div class="empty-message" ng-if="members.length && !(members | filter:search).length">
+        No matching team members found
+      </div>
+      
+      <table class="member-listing" style="margin-top: -20px" ng-show="members.length">
+        <!-- Members -->
+        <tr ng-if="(members | filter:search | filter: filterFunction(false, false)).length">
+          <td colspan="2"><div class="section-header">Team Members</div></td>
+        </tr>
+
+        <tr ng-repeat="member in members | filter:search | filter: filterFunction(false, false) | orderBy: 'name'">
+          <td class="user entity">
+            <span class="entity-reference" entity="member" namespace="organization.name" show-gravatar="true" gravatar-size="32"></span>
+          </td>
+          <td>
+            <span class="delete-ui" delete-title="'Remove ' + member.name  + ' from team'" button-title="'Remove'"
+                  perform-delete="removeMember(member.name)" ng-if="canEditMembers"></span>
+          </td>
+        </tr>     
+        
+        <!-- Robots -->
+        <tr ng-if="(members | filter:search | filter: filterFunction(false, true)).length">
+          <td colspan="2"><div class="section-header">Robot Accounts</div></td>
+        </tr>
+
+        <tr ng-repeat="member in members | filter:search | filter: filterFunction(false, true) | orderBy: 'name'">
+          <td class="user entity">
+            <span class="entity-reference" entity="member" namespace="organization.name"></span>
+          </td>
+          <td>
+            <span class="delete-ui" delete-title="'Remove ' + member.name  + ' from team'" button-title="'Remove'"
+                  perform-delete="removeMember(member.name)" ng-if="canEditMembers"></span>
+          </td>
+        </tr>
+
+        <!-- Invited -->
+        <tr ng-if="(members | filter:search | filter: filterFunction(true, false)).length">
+          <td colspan="2"><div class="section-header">Invited To Join</div></td>
+        </tr>
+
+        <tr ng-repeat="member in members | filter:search | filter: filterFunction(true, false) | orderBy: 'name'">
+          <td class="user entity">
+            <span ng-if="member.kind != 'invite'">
+              <span class="entity-reference" entity="member" namespace="organization.name" show-gravatar="true" gravatar-size="32"></span>
+            </span>
+            <span class="invite-listing" ng-if="member.kind == 'invite'">
+              <img class="gravatar"ng-src="//www.gravatar.com/avatar/{{ member.gravatar  }}?s=32&amp;d=identicon">
+              {{ member.email }}
+            </span>
+          </td>
+          <td>
+            <span class="delete-ui" delete-title="'Revoke invite to join team'" button-title="'Revoke'"
+                  perform-delete="revokeInvite(member)" ng-if="canEditMembers"></span>
+          </td>
+        </tr>
+      </table>
+
+      <div ng-show="canEditMembers">
+        <div ng-if-media="'(max-width: 560px)'">
+          <div ng-include="'/static/directives/team-view-add.html'"></div>
         </div>
       </div>
+
     </div>
   </div>
 </div>
diff --git a/static/partials/user-admin.html b/static/partials/user-admin.html
index 783c5f87a..a51119531 100644
--- a/static/partials/user-admin.html
+++ b/static/partials/user-admin.html
@@ -25,7 +25,7 @@
         <li ng-show="hasPaidPlan" quay-require="['BILLING']">
           <a href="javascript:void(0)" data-toggle="tab" data-target="#billingoptions">Billing Options</a>
         </li>
-        <li ng-show="hasPaidBusinessPlan" quay-require="['BILLING']">
+        <li ng-show="hasPaidPlan" quay-require="['BILLING']">
           <a href="javascript:void(0)" data-toggle="tab" data-target="#billing" ng-click="loadInvoices()">Billing History</a>
         </li>
 
@@ -33,7 +33,7 @@
         <li quay-classes="{'!Features.BILLING': 'active'}"><a href="javascript:void(0)" data-toggle="tab" data-target="#email">Account E-mail</a></li>
         <li><a href="javascript:void(0)" data-toggle="tab" data-target="#robots">Robot Accounts</a></li>
         <li><a href="javascript:void(0)" data-toggle="tab" data-target="#password">Change Password</a></li>
-        <li><a href="javascript:void(0)" data-toggle="tab" data-target="#github" quay-require="['GITHUB_LOGIN']">GitHub Login</a></li>
+        <li><a href="javascript:void(0)" data-toggle="tab" data-target="#external" quay-show="Features.GITHUB_LOGIN || Features.GOOGLE_LOGIN">External Logins</a></li>
         <li><a href="javascript:void(0)" data-toggle="tab" data-target="#authorized" ng-click="loadAuthedApps()">Authorized Applications</a></li>
         <li quay-show="Features.USER_LOG_ACCESS || hasPaidBusinessPlan">
           <a href="javascript:void(0)" data-toggle="tab" data-target="#logs" ng-click="loadLogs()">Usage Logs</a>
@@ -122,7 +122,7 @@
               </div>
             </div>
 
-            <div class="panel" ng-show="!updatingUser" >
+            <div class="panel" ng-show="!updatingUser" quay-show="Features.MAILING">
               <div class="panel-title">Change e-mail address</div>
 
               <div class="panel-body">
@@ -138,13 +138,14 @@
 
         <!-- Change password tab -->
         <div id="password" class="tab-pane">
-          <div class="loading" ng-show="updatingUser">
-            <div class="quay-spinner 3x"></div>
-          </div>
           <div class="row">
             <div class="panel">
               <div class="panel-title">Change Password</div>
 
+              <div class="loading" ng-show="updatingUser">
+                <div class="quay-spinner 3x"></div>
+              </div>
+
               <span class="help-block" ng-show="changePasswordSuccess">Password changed successfully</span>
 
               <div ng-show="!updatingUser" class="panel-body">
@@ -162,25 +163,60 @@
           </div>
         </div>
 
-        <!-- Github tab -->
-        <div id="github" class="tab-pane" quay-require="['GITHUB_LOGIN']">
+        <!-- External Login tab -->
+        <div id="external" class="tab-pane" quay-show="Features.GITHUB_LOGIN || Features.GOOGLE_LOGIN">
           <div class="loading" ng-show="!cuser">
             <div class="quay-spinner 3x"></div>
           </div>
-          <div class="row" ng-show="cuser">
+          
+          <!-- Github -->
+          <div class="row" quay-show="cuser && Features.GITHUB_LOGIN">
             <div class="panel">
               <div class="panel-title">GitHub Login:</div>
               <div class="panel-body">
-                <div ng-show="githubLogin" class="lead col-md-8">
+                <div ng-show="hasGithubLogin && githubLogin" class="lead col-md-8">
                   <i class="fa fa-github fa-lg" style="margin-right: 6px;" data-title="GitHub" bs-tooltip="tooltip.title"></i>
                   <b><a href="https://github.com/{{githubLogin}}" target="_blank">{{githubLogin}}</a></b>
+                  <span class="delete-ui" button-title="'Detach'" delete-title="'Detach Account'" style="margin-left: 10px"
+                        perform-delete="detachExternalLogin('github')"></span>
                 </div>
-                <div ng-show="!githubLogin" class="col-md-8">
-                  <a href="https://github.com/login/oauth/authorize?client_id={{ githubClientId }}&scope=user:email{{ github_state_clause }}&redirect_uri={{ githubRedirectUri }}/attach" class="btn btn-primary"><i class="fa fa-github fa-lg"></i> Connect with GitHub</a>
+                <div ng-show="hasGithubLogin && !githubLogin" class="lead col-md-8">
+                  <i class="fa fa-github fa-lg" style="margin-right: 6px;" data-title="GitHub" bs-tooltip="tooltip.title"></i>
+                  Account attached to Github Account
+                  <span class="delete-ui" button-title="'Detach'" delete-title="'Detach Account'" style="margin-left: 10px"
+                        perform-delete="detachExternalLogin('github')"></span>
+                </div>
+                <div ng-show="!hasGithubLogin" class="col-md-4">
+                  <span class="external-login-button" provider="github" action="attach"></span>
                 </div>
               </div>
             </div>
           </div>
+
+          <!-- Google -->
+          <div class="row" quay-show="cuser && Features.GOOGLE_LOGIN">
+            <div class="panel">
+              <div class="panel-title">Google Login:</div>
+              <div class="panel-body">
+                <div ng-show="hasGoogleLogin && googleLogin" class="lead col-md-8">
+                  <i class="fa fa-google fa-lg" style="margin-right: 6px;" data-title="Google" bs-tooltip="tooltip.title"></i>
+                  <b>{{ googleLogin }}</b>
+                  <span class="delete-ui" button-title="'Detach'" delete-title="'Detach Account'" style="margin-left: 10px"
+                        perform-delete="detachExternalLogin('google')"></span>
+                </div>
+                <div ng-show="hasGoogleLogin && !googleLogin" class="lead col-md-8">
+                  <i class="fa fa-google fa-lg" style="margin-right: 6px;" data-title="Google" bs-tooltip="tooltip.title"></i>
+                  Account attached to Google Account
+                  <span class="delete-ui" button-title="'Detach'" delete-title="'Detach Account'" style="margin-left: 10px"
+                        perform-delete="detachExternalLogin('google')"></span>
+                </div>
+                <div ng-show="!hasGoogleLogin" class="col-md-4">
+                  <span class="external-login-button" provider="google" action="attach"></span>
+                </div>
+              </div>
+            </div>
+          </div>
+
         </div>
         
         <!-- Robot accounts tab -->
diff --git a/static/partials/view-repo.html b/static/partials/view-repo.html
index 9e9e83702..e5f2cecc6 100644
--- a/static/partials/view-repo.html
+++ b/static/partials/view-repo.html
@@ -18,7 +18,7 @@
         <div class="dropdown" data-placement="top" style="display: inline-block" 
              bs-tooltip=""
              data-title="{{ runningBuilds.length ? 'Dockerfile Builds Running: ' + (runningBuilds.length) : 'Dockerfile Build' }}"
-             ng-show="repo.can_write || buildHistory.length">
+             quay-show="Features.BUILD_SUPPORT && (repo.can_write || buildHistory.length)">
           <button class="btn btn-default dropdown-toggle" data-toggle="dropdown">
             <i class="fa fa-tasks fa-lg"></i>
             <span class="count" ng-class="runningBuilds.length ? 'visible' : ''"><span>{{ runningBuilds.length ? runningBuilds.length : '' }}</span></span>
@@ -58,16 +58,9 @@
         <span class="pull-command visible-md-inline">
           <div class="pull-container" data-title="Pull repository" bs-tooltip="tooltip.title">
             <div class="input-group">
-              <input id="pull-text" type="text" class="form-control" value="{{ 'docker pull ' + Config.getDomain() + '/' + repo.namespace + '/' + repo.name }}" readonly>
-              <span id="copyClipboard" class="input-group-addon" data-title="Copy to Clipboard" data-clipboard-target="pull-text">
-                <i class="fa fa-copy"></i>
-              </span>
+              <div class="copy-box" hovering-message="true" value="'docker pull ' + Config.getDomain() + '/' + repo.namespace + '/' + repo.name"></div>
             </div>
           </div>
-          
-          <div id="clipboardCopied" class="hovering" style="display: none">
-            Copied to clipboard
-          </div>
         </span>
       </div>
     </div>
@@ -398,7 +391,10 @@
           </span>?
         </h4>
       </div>
-      <div class="modal-body">
+      <div class="modal-body" ng-show="deletingTag">
+        <div class="quay-spinner"></div>
+      </div>
+      <div class="modal-body" ng-show="!deletingTag">
         Are you sure you want to delete tag
         <span class="label tag" ng-class="tagToDelete == currentTag.name ? 'label-success' : 'label-default'">
           {{ tagToDelete  }}
@@ -408,7 +404,7 @@
           The following images and any other images not referenced by a tag will be deleted:          
         </div>
       </div>
-      <div class="modal-footer">
+      <div class="modal-footer" ng-show="!deletingTag">
         <button type="button" class="btn btn-primary" ng-click="deleteTag(tagToDelete)">Delete Tag</button>
         <button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
       </div>
diff --git a/storage/__init__.py b/storage/__init__.py
index 6700dab0b..4d1134d4b 100644
--- a/storage/__init__.py
+++ b/storage/__init__.py
@@ -1,5 +1,5 @@
 from storage.local import LocalStorage
-from storage.cloud import S3Storage, GoogleCloudStorage
+from storage.cloud import S3Storage, GoogleCloudStorage, RadosGWStorage
 from storage.fakestorage import FakeStorage
 from storage.distributedstorage import DistributedStorage
 
@@ -8,6 +8,7 @@ STORAGE_DRIVER_CLASSES = {
   'LocalStorage': LocalStorage,
   'S3Storage': S3Storage,
   'GoogleCloudStorage': GoogleCloudStorage,
+  'RadosGWStorage': RadosGWStorage,
 }
 
 
diff --git a/storage/basestorage.py b/storage/basestorage.py
index 2d3727a5b..675c3a738 100644
--- a/storage/basestorage.py
+++ b/storage/basestorage.py
@@ -54,10 +54,13 @@ class BaseStorage(StoragePaths):
   # Set the IO buffer to 64kB
   buffer_size = 64 * 1024
 
-  def get_direct_download_url(self, path, expires_in=60):
+  def get_direct_download_url(self, path, expires_in=60, requires_cors=False):
     return None
 
-  def get_supports_resumeable_downloads(self):
+  def get_direct_upload_url(self, path, mime_type, requires_cors=True):
+    return None
+
+  def get_supports_resumable_downloads(self):
     return False
 
   def get_content(self, path):
@@ -72,7 +75,7 @@ class BaseStorage(StoragePaths):
   def stream_read_file(self, path):
     raise NotImplementedError
 
-  def stream_write(self, path, fp):
+  def stream_write(self, path, fp, content_type=None, content_encoding=None):
     raise NotImplementedError
 
   def list_directory(self, path=None):
@@ -83,3 +86,6 @@ class BaseStorage(StoragePaths):
 
   def remove(self, path):
     raise NotImplementedError
+
+  def get_checksum(self, path):
+    raise NotImplementedError
\ No newline at end of file
diff --git a/storage/cloud.py b/storage/cloud.py
index d64415410..06dd8a2a9 100644
--- a/storage/cloud.py
+++ b/storage/cloud.py
@@ -7,36 +7,39 @@ import boto.gs.connection
 import boto.s3.key
 import boto.gs.key
 
+from io import BufferedIOBase
+
 from storage.basestorage import BaseStorage
 
 
 logger = logging.getLogger(__name__)
 
 
-class StreamReadKeyAsFile(object):
+class StreamReadKeyAsFile(BufferedIOBase):
   def __init__(self, key):
     self._key = key
-    self._finished = False
-
-  def __enter__(self):
-    return self
-
-  def __exit__(self, type, value, tb):
-    self._key.close(fast=True)
 
   def read(self, amt=None):
-    if self._finished:
+    if self.closed:
       return None
 
     resp = self._key.read(amt)
-    if not resp:
-      self._finished = True
     return resp
 
+  def readable(self):
+    return True
+
+  @property
+  def closed(self):
+    return self._key.closed
+
+  def close(self):
+    self._key.close(fast=True)
+
 
 class _CloudStorage(BaseStorage):
-  def __init__(self, connection_class, key_class, upload_params, storage_path, access_key,
-               secret_key, bucket_name):
+  def __init__(self, connection_class, key_class, connect_kwargs, upload_params, storage_path,
+               access_key, secret_key, bucket_name):
     self._initialized = False
     self._bucket_name = bucket_name
     self._access_key = access_key
@@ -45,12 +48,14 @@ class _CloudStorage(BaseStorage):
     self._connection_class = connection_class
     self._key_class = key_class
     self._upload_params = upload_params
+    self._connect_kwargs = connect_kwargs
     self._cloud_conn = None
     self._cloud_bucket = None
 
   def _initialize_cloud_conn(self):
     if not self._initialized:
-      self._cloud_conn = self._connection_class(self._access_key, self._secret_key)
+      self._cloud_conn = self._connection_class(self._access_key, self._secret_key,
+                                                **self._connect_kwargs)
       self._cloud_bucket = self._cloud_conn.get_bucket(self._bucket_name)
       self._initialized = True
 
@@ -87,15 +92,22 @@ class _CloudStorage(BaseStorage):
     key.set_contents_from_string(content, **self._upload_params)
     return path
 
-  def get_supports_resumeable_downloads(self):
+  def get_supports_resumable_downloads(self):
     return True
 
-  def get_direct_download_url(self, path, expires_in=60):
+  def get_direct_download_url(self, path, expires_in=60, requires_cors=False):
     self._initialize_cloud_conn()
     path = self._init_path(path)
     k = self._key_class(self._cloud_bucket, path)
     return k.generate_url(expires_in)
 
+  def get_direct_upload_url(self, path, mime_type, requires_cors=True):
+    self._initialize_cloud_conn()
+    path = self._init_path(path)
+    key = self._key_class(self._cloud_bucket, path)
+    url = key.generate_url(300, 'PUT', headers={'Content-Type': mime_type}, encrypt_key=True)
+    return url
+
   def stream_read(self, path):
     self._initialize_cloud_conn()
     path = self._init_path(path)
@@ -116,14 +128,23 @@ class _CloudStorage(BaseStorage):
       raise IOError('No such key: \'{0}\''.format(path))
     return StreamReadKeyAsFile(key)
 
-  def stream_write(self, path, fp):
+  def stream_write(self, path, fp, content_type=None, content_encoding=None):
     # Minimum size of upload part size on S3 is 5MB
     self._initialize_cloud_conn()
     buffer_size = 5 * 1024 * 1024
     if self.buffer_size > buffer_size:
       buffer_size = self.buffer_size
     path = self._init_path(path)
-    mp = self._cloud_bucket.initiate_multipart_upload(path, **self._upload_params)
+
+    metadata = {}
+    if content_type is not None:
+      metadata['Content-Type'] = content_type
+
+    if content_encoding is not None:
+      metadata['Content-Encoding'] = content_encoding
+
+    mp = self._cloud_bucket.initiate_multipart_upload(path, metadata=metadata,
+                                                      **self._upload_params)
     num_part = 1
     while True:
       try:
@@ -179,25 +200,73 @@ class _CloudStorage(BaseStorage):
     for key in self._cloud_bucket.list(prefix=path):
       key.delete()
 
+  def get_checksum(self, path):
+    self._initialize_cloud_conn()
+    path = self._init_path(path)
+    key = self._key_class(self._cloud_bucket, path)
+    k = self._cloud_bucket.lookup(key)
+    if k is None:
+      raise IOError('No such key: \'{0}\''.format(path))
+
+    return k.etag[1:-1][:7]
+
 
 class S3Storage(_CloudStorage):
   def __init__(self, storage_path, s3_access_key, s3_secret_key, s3_bucket):
     upload_params = {
       'encrypt_key': True,
     }
+    connect_kwargs = {}
     super(S3Storage, self).__init__(boto.s3.connection.S3Connection, boto.s3.key.Key,
-                                    upload_params, storage_path, s3_access_key, s3_secret_key,
-                                    s3_bucket)
+                                    connect_kwargs, upload_params, storage_path, s3_access_key,
+                                    s3_secret_key, s3_bucket)
 
 
 class GoogleCloudStorage(_CloudStorage):
   def __init__(self, storage_path, access_key, secret_key, bucket_name):
-    super(GoogleCloudStorage, self).__init__(boto.gs.connection.GSConnection, boto.gs.key.Key, {},
-                                             storage_path, access_key, secret_key, bucket_name)
+    upload_params = {}
+    connect_kwargs = {}
+    super(GoogleCloudStorage, self).__init__(boto.gs.connection.GSConnection, boto.gs.key.Key,
+                                             connect_kwargs, upload_params, storage_path,
+                                             access_key, secret_key, bucket_name)
 
-  def stream_write(self, path, fp):
+  def stream_write(self, path, fp, content_type=None, content_encoding=None):
     # Minimum size of upload part size on S3 is 5MB
     self._initialize_cloud_conn()
     path = self._init_path(path)
     key = self._key_class(self._cloud_bucket, path)
+
+    if content_type is not None:
+      key.set_metadata('Content-Type', content_type)
+
+    if content_encoding is not None:
+      key.set_metadata('Content-Encoding', content_encoding)
+
     key.set_contents_from_stream(fp)
+
+
+class RadosGWStorage(_CloudStorage):
+  def __init__(self, hostname, is_secure, storage_path, access_key, secret_key, bucket_name):
+    upload_params = {}
+    connect_kwargs = {
+      'host': hostname,
+      'is_secure': is_secure,
+      'calling_format': boto.s3.connection.OrdinaryCallingFormat(),
+    }
+    super(RadosGWStorage, self).__init__(boto.s3.connection.S3Connection, boto.s3.key.Key,
+                                         connect_kwargs, upload_params, storage_path, access_key,
+                                         secret_key, bucket_name)
+
+  # TODO remove when radosgw supports cors: http://tracker.ceph.com/issues/8718#change-38624
+  def get_direct_download_url(self, path, expires_in=60, requires_cors=False):
+    if requires_cors:
+      return None
+
+    return super(RadosGWStorage, self).get_direct_download_url(path, expires_in, requires_cors)
+
+  # TODO remove when radosgw supports cors: http://tracker.ceph.com/issues/8718#change-38624
+  def get_direct_upload_url(self, path, mime_type, requires_cors=True):
+    if requires_cors:
+      return None
+
+    return super(RadosGWStorage, self).get_direct_upload_url(path, mime_type, requires_cors)
diff --git a/storage/distributedstorage.py b/storage/distributedstorage.py
index 9941f0fa5..1544d9725 100644
--- a/storage/distributedstorage.py
+++ b/storage/distributedstorage.py
@@ -31,6 +31,7 @@ class DistributedStorage(StoragePaths):
     self.preferred_locations = list(preferred_locations)
 
   get_direct_download_url = _location_aware(BaseStorage.get_direct_download_url)
+  get_direct_upload_url = _location_aware(BaseStorage.get_direct_upload_url)  
   get_content = _location_aware(BaseStorage.get_content)
   put_content = _location_aware(BaseStorage.put_content)
   stream_read = _location_aware(BaseStorage.stream_read)
@@ -39,4 +40,5 @@ class DistributedStorage(StoragePaths):
   list_directory = _location_aware(BaseStorage.list_directory)
   exists = _location_aware(BaseStorage.exists)
   remove = _location_aware(BaseStorage.remove)
-  get_supports_resumeable_downloads = _location_aware(BaseStorage.get_supports_resumeable_downloads)
+  get_checksum = _location_aware(BaseStorage.get_checksum)
+  get_supports_resumable_downloads = _location_aware(BaseStorage.get_supports_resumable_downloads)
diff --git a/storage/fakestorage.py b/storage/fakestorage.py
index 597d22af4..cebed1e80 100644
--- a/storage/fakestorage.py
+++ b/storage/fakestorage.py
@@ -14,7 +14,7 @@ class FakeStorage(BaseStorage):
   def stream_read(self, path):
     yield ''
 
-  def stream_write(self, path, fp):
+  def stream_write(self, path, fp, content_type=None, content_encoding=None):
     pass
 
   def remove(self, path):
@@ -22,3 +22,6 @@ class FakeStorage(BaseStorage):
 
   def exists(self, path):
     return False
+
+  def get_checksum(self, path):
+    return 'abcdefg'
\ No newline at end of file
diff --git a/storage/local.py b/storage/local.py
index 361d76403..056c68c05 100644
--- a/storage/local.py
+++ b/storage/local.py
@@ -1,6 +1,7 @@
-
 import os
 import shutil
+import hashlib
+import io
 
 from storage.basestorage import BaseStorage
 
@@ -40,9 +41,9 @@ class LocalStorage(BaseStorage):
 
   def stream_read_file(self, path):
     path = self._init_path(path)
-    return open(path, mode='rb')
+    return io.open(path, mode='rb')
 
-  def stream_write(self, path, fp):
+  def stream_write(self, path, fp, content_type=None, content_encoding=None):
     # Size is mandatory
     path = self._init_path(path, create=True)
     with open(path, mode='wb') as f:
@@ -80,3 +81,14 @@ class LocalStorage(BaseStorage):
       os.remove(path)
     except OSError:
       pass
+
+  def get_checksum(self, path):
+    path = self._init_path(path)
+    sha_hash = hashlib.sha256()
+    with open(path, 'r') as to_hash:
+      while True:
+        buf = to_hash.read(self.buffer_size)
+        if not buf:
+          break
+        sha_hash.update(buf)
+    return sha_hash.hexdigest()[:7]
diff --git a/templates/githuberror.html b/templates/githuberror.html
deleted file mode 100644
index acb803f57..000000000
--- a/templates/githuberror.html
+++ /dev/null
@@ -1,26 +0,0 @@
-{% extends "base.html" %}
-
-{% block title %}
-  <title>Error Logging in with GitHub · Quay.io</title>
-{% endblock %}
-
-{% block body_content %}
-  <div class="container">
-    <div class="row">
-      <div class="col-md-12">
-        <h2>There was an error logging in with GitHub.</h2>
-
-        {% if error_message %}
-          <div class="alert alert-danger">{{ error_message }}</div>
-        {% endif %}
-
-        <div>
-          Please register using the <a href="/">registration form</a> to continue.
-          You will be able to connect your github account to your Quay.io account
-          in the user settings.
-        </div>
-      </div>
-    </div>
-
-  </div>
-{% endblock %}
\ No newline at end of file
diff --git a/templates/index.html b/templates/index.html
index f69251514..51d687770 100644
--- a/templates/index.html
+++ b/templates/index.html
@@ -35,23 +35,18 @@
     </div><!-- /.modal-dialog -->
   </div><!-- /.modal -->
 
-{% if not has_billing %}
   <!-- Modal message dialog -->
-  <div class="modal fade" id="overlicenseModal" data-backdrop="static">
+  <div class="modal fade" id="cannotContactService" data-backdrop="static">
     <div class="modal-dialog">
       <div class="modal-content">
         <div class="modal-header">
-          <h4 class="modal-title">Cannot create user</h4>
+          <h4 class="modal-title">Cannot Contact External Service</h4>
         </div>
         <div class="modal-body">
-          A new user cannot be created as this organization has reached its licensed seat count. Please contact your administrator.
-        </div>
-        <div class="modal-footer">
-          <a href="javascript:void(0)" class="btn btn-primary" data-dismiss="modal" onclick="location = '/signin'">Sign In</a>
+          A connection to an external service has failed. Please reload the page to try again.
         </div>
       </div><!-- /.modal-content -->
     </div><!-- /.modal-dialog -->
   </div><!-- /.modal -->
-{% endif %}
 
 {% endblock %}
diff --git a/templates/ologinerror.html b/templates/ologinerror.html
new file mode 100644
index 000000000..74f51987e
--- /dev/null
+++ b/templates/ologinerror.html
@@ -0,0 +1,28 @@
+{% extends "base.html" %}
+
+{% block title %}
+  <title>Error Logging in with {{ service_name }} · Quay.io</title>
+{% endblock %}
+
+{% block body_content %}
+  <div class="container">
+    <div class="row">
+      <div class="col-md-12">
+        <h2 style="margin-bottom: 20px;">There was an error logging in with {{ service_name }}.</h2>
+
+        {% if error_message %}
+          <div class="alert alert-danger">{{ error_message }}</div>
+        {% endif %}
+
+        {% if user_creation %}
+        <div>
+          Please register using the <a ng-href="{{ service_url }}/signin" target="_self">registration form</a> to continue.
+          You will be able to connect your account to your Quay.io account
+          in the user settings.
+        </div>
+        {% endif %}
+      </div>
+    </div>
+
+  </div>
+{% endblock %}
diff --git a/test/data/test.db b/test/data/test.db
index 4d0428331..4be5d0b90 100644
Binary files a/test/data/test.db and b/test/data/test.db differ
diff --git a/test/specs.py b/test/specs.py
index 33db0493e..8749a025e 100644
--- a/test/specs.py
+++ b/test/specs.py
@@ -196,7 +196,7 @@ def build_index_specs():
     IndexTestSpec(url_for('index.put_repository_auth', repository=PUBLIC_REPO),
                   NO_REPO, 501, 501, 501, 501).set_method('PUT'),
 
-    IndexTestSpec(url_for('index.get_search'), NO_REPO, 501, 501, 501, 501),
+    IndexTestSpec(url_for('index.get_search'), NO_REPO, 200, 200, 200, 200),
 
     IndexTestSpec(url_for('index.ping'), NO_REPO, 200, 200, 200, 200),
 
diff --git a/test/test_api_security.py b/test/test_api_security.py
index 5b3e5612d..b0d9c271c 100644
--- a/test/test_api_security.py
+++ b/test/test_api_security.py
@@ -1,27 +1,32 @@
 import unittest
 import json
+import datetime
 
 from urllib import urlencode
 from urlparse import urlparse, urlunparse, parse_qs
 
 from app import app
+from data import model
 from initdb import setup_database_for_testing, finished_database_for_testing
 from endpoints.api import api_bp, api
 
-from endpoints.api.team import TeamMember, TeamMemberList, OrganizationTeam
+from endpoints.api.team import TeamMember, TeamMemberList, OrganizationTeam, TeamMemberInvite
 from endpoints.api.tag import RepositoryTagImages, RepositoryTag
 from endpoints.api.search import FindRepositories, EntitySearch
 from endpoints.api.image import RepositoryImageChanges, RepositoryImage, RepositoryImageList
 from endpoints.api.build import (FileDropResource, RepositoryBuildStatus, RepositoryBuildLogs,
                                  RepositoryBuildList)
-from endpoints.api.robot import UserRobotList, OrgRobot, OrgRobotList, UserRobot
+from endpoints.api.robot import (UserRobotList, OrgRobot, OrgRobotList, UserRobot,
+                                 RegenerateOrgRobot, RegenerateUserRobot)
+
 from endpoints.api.trigger import (BuildTriggerActivate, BuildTriggerSources, BuildTriggerSubdirs,
                                    TriggerBuildList, ActivateBuildTrigger, BuildTrigger,
-                                   BuildTriggerList, BuildTriggerAnalyze)
+                                   BuildTriggerList, BuildTriggerAnalyze, BuildTriggerFieldValues)
 from endpoints.api.repoemail import RepositoryAuthorizedEmail
 from endpoints.api.repositorynotification import RepositoryNotification, RepositoryNotificationList
 from endpoints.api.user import (PrivateRepositories, ConvertToOrganization, Recovery, Signout,
-                                Signin, User, UserAuthorizationList, UserAuthorization, UserNotification)
+                                Signin, User, UserAuthorizationList, UserAuthorization, UserNotification,
+                                VerifyUser, DetachExternal)
 from endpoints.api.repotoken import RepositoryToken, RepositoryTokenList
 from endpoints.api.prototype import PermissionPrototype, PermissionPrototypeList
 from endpoints.api.logs import UserLogs, OrgLogs, RepositoryLogs
@@ -37,7 +42,8 @@ from endpoints.api.repository import RepositoryList, RepositoryVisibility, Repos
 from endpoints.api.permission import (RepositoryUserPermission, RepositoryTeamPermission,
                                       RepositoryTeamPermissionList, RepositoryUserPermissionList)
 
-from endpoints.api.superuser import SuperUserLogs, SeatUsage, SuperUserList, SuperUserManagement
+from endpoints.api.superuser import (SuperUserLogs, SuperUserList, SuperUserManagement,
+                                     SuperUserSendRecoveryEmail)
 
 
 try:
@@ -72,7 +78,9 @@ class ApiTestCase(unittest.TestCase):
 
       with client.session_transaction() as sess:
         if auth_username:
-          sess['user_id'] = auth_username
+          loaded = model.get_user(auth_username)
+          sess['user_id'] = loaded.id
+          sess['login_time'] = datetime.datetime.now()
         sess[CSRF_TOKEN_KEY] = CSRF_TOKEN
 
       # Restore the teardown functions
@@ -432,6 +440,42 @@ class TestSignin(ApiTestCase):
     self._run_test('POST', 403, 'devtable', {u'username': 'E9RY', u'password': 'LQ0N'})
 
 
+class TestDetachExternal(ApiTestCase):
+  def setUp(self):
+    ApiTestCase.setUp(self)
+    self._set_url(DetachExternal, servicename='someservice')
+
+  def test_post_anonymous(self):
+    self._run_test('POST', 401, None, {})
+
+  def test_post_freshuser(self):
+    self._run_test('POST', 200, 'freshuser', {})
+
+  def test_post_reader(self):
+    self._run_test('POST', 200, 'reader', {})
+
+  def test_post_devtable(self):
+    self._run_test('POST', 200, 'devtable', {})
+
+
+class TestVerifyUser(ApiTestCase):
+  def setUp(self):
+    ApiTestCase.setUp(self)
+    self._set_url(VerifyUser)
+
+  def test_post_anonymous(self):
+    self._run_test('POST', 401, None, {u'password': 'LQ0N'})
+
+  def test_post_freshuser(self):
+    self._run_test('POST', 403, 'freshuser', {u'password': 'LQ0N'})
+
+  def test_post_reader(self):
+    self._run_test('POST', 403, 'reader', {u'password': 'LQ0N'})
+
+  def test_post_devtable(self):
+    self._run_test('POST', 200, 'devtable', {u'password': 'password'})
+
+
 class TestListPlans(ApiTestCase):
   def setUp(self):
     ApiTestCase.setUp(self)
@@ -1022,6 +1066,62 @@ class TestBuildTriggerActivateSwo1BuynlargeOrgrepo(ApiTestCase):
   def test_post_devtable(self):
     self._run_test('POST', 404, 'devtable', {'config': {}})
 
+class TestBuildTriggerFieldValuesSwo1PublicPublicrepo(ApiTestCase):
+  def setUp(self):
+    ApiTestCase.setUp(self)
+    self._set_url(BuildTriggerFieldValues, trigger_uuid="SWO1", repository="public/publicrepo", 
+                                           field_name="test_field")
+
+  def test_get_anonymous(self):
+    self._run_test('GET', 401, None, {})
+
+  def test_get_freshuser(self):
+    self._run_test('GET', 403, 'freshuser', {})
+
+  def test_get_reader(self):
+    self._run_test('GET', 403, 'reader', {})
+
+  def test_get_devtable(self):
+    self._run_test('GET', 403, 'devtable', {})
+
+
+class TestBuildTriggerFieldValuesSwo1DevtableShared(ApiTestCase):
+  def setUp(self):
+    ApiTestCase.setUp(self)
+    self._set_url(BuildTriggerFieldValues, trigger_uuid="SWO1", repository="devtable/shared", 
+                                           field_name="test_field")
+
+  def test_get_anonymous(self):
+    self._run_test('GET', 401, None, {})
+
+  def test_get_freshuser(self):
+    self._run_test('GET', 403, 'freshuser', {})
+
+  def test_get_reader(self):
+    self._run_test('GET', 403, 'reader', {})
+
+  def test_get_devtable(self):
+    self._run_test('GET', 404, 'devtable', {'config': {}})
+
+
+class TestBuildTriggerFieldValuesSwo1BuynlargeOrgrepo(ApiTestCase):
+  def setUp(self):
+    ApiTestCase.setUp(self)
+    self._set_url(BuildTriggerFieldValues, trigger_uuid="SWO1", repository="buynlarge/orgrepo", 
+                                           field_name="test_field")
+
+  def test_get_anonymous(self):
+    self._run_test('GET', 401, None, {})
+
+  def test_get_freshuser(self):
+    self._run_test('GET', 403, 'freshuser', {})
+
+  def test_get_reader(self):
+    self._run_test('GET', 403, 'reader', {})
+
+  def test_get_devtable(self):
+    self._run_test('GET', 404, 'devtable', {'config': {}})
+
 
 class TestBuildTriggerSources831cPublicPublicrepo(ApiTestCase):
   def setUp(self):
@@ -1253,7 +1353,7 @@ class TestActivateBuildTrigger0byeDevtableShared(ApiTestCase):
     self._run_test('POST', 403, 'reader', None)
 
   def test_post_devtable(self):
-    self._run_test('POST', 404, 'devtable', None)
+    self._run_test('POST', 404, 'devtable', {})
 
 
 class TestActivateBuildTrigger0byeBuynlargeOrgrepo(ApiTestCase):
@@ -1271,7 +1371,7 @@ class TestActivateBuildTrigger0byeBuynlargeOrgrepo(ApiTestCase):
     self._run_test('POST', 403, 'reader', None)
 
   def test_post_devtable(self):
-    self._run_test('POST', 404, 'devtable', None)
+    self._run_test('POST', 404, 'devtable', {})
 
 
 class TestBuildTriggerAnalyze0byePublicPublicrepo(ApiTestCase):
@@ -1632,6 +1732,19 @@ class TestOrgRobotBuynlargeZ7pd(ApiTestCase):
     ApiTestCase.setUp(self)
     self._set_url(OrgRobot, orgname="buynlarge", robot_shortname="Z7PD")
 
+  def test_get_anonymous(self):
+    self._run_test('GET', 401, None, None)
+
+  def test_get_freshuser(self):
+    self._run_test('GET', 403, 'freshuser', None)
+
+  def test_get_reader(self):
+    self._run_test('GET', 403, 'reader', None)
+
+  def test_get_devtable(self):
+    self._run_test('GET', 400, 'devtable', None)
+
+
   def test_put_anonymous(self):
     self._run_test('PUT', 401, None, None)
 
@@ -1644,6 +1757,7 @@ class TestOrgRobotBuynlargeZ7pd(ApiTestCase):
   def test_put_devtable(self):
     self._run_test('PUT', 400, 'devtable', None)
 
+
   def test_delete_anonymous(self):
     self._run_test('DELETE', 401, None, None)
 
@@ -3040,6 +3154,19 @@ class TestUserRobot5vdy(ApiTestCase):
     ApiTestCase.setUp(self)
     self._set_url(UserRobot, robot_shortname="robotname")
 
+  def test_get_anonymous(self):
+    self._run_test('GET', 401, None, None)
+
+  def test_get_freshuser(self):
+    self._run_test('GET', 400, 'freshuser', None)
+
+  def test_get_reader(self):
+    self._run_test('GET', 400, 'reader', None)
+
+  def test_get_devtable(self):
+    self._run_test('GET', 400, 'devtable', None)
+
+
   def test_put_anonymous(self):
     self._run_test('PUT', 401, None, None)
 
@@ -3052,6 +3179,7 @@ class TestUserRobot5vdy(ApiTestCase):
   def test_put_devtable(self):
     self._run_test('PUT', 201, 'devtable', None)
 
+
   def test_delete_anonymous(self):
     self._run_test('DELETE', 401, None, None)
 
@@ -3065,6 +3193,42 @@ class TestUserRobot5vdy(ApiTestCase):
     self._run_test('DELETE', 400, 'devtable', None)
 
 
+class TestRegenerateUserRobot(ApiTestCase):
+  def setUp(self):
+    ApiTestCase.setUp(self)
+    self._set_url(RegenerateUserRobot, robot_shortname="robotname")
+
+  def test_post_anonymous(self):
+    self._run_test('POST', 401, None, None)
+
+  def test_post_freshuser(self):
+    self._run_test('POST', 400, 'freshuser', None)
+
+  def test_post_reader(self):
+    self._run_test('POST', 400, 'reader', None)
+
+  def test_post_devtable(self):
+    self._run_test('POST', 400, 'devtable', None)
+
+
+class TestRegenerateOrgRobot(ApiTestCase):
+  def setUp(self):
+    ApiTestCase.setUp(self)
+    self._set_url(RegenerateOrgRobot, orgname="buynlarge", robot_shortname="robotname")
+
+  def test_post_anonymous(self):
+    self._run_test('POST', 401, None, None)
+
+  def test_post_freshuser(self):
+    self._run_test('POST', 403, 'freshuser', None)
+
+  def test_post_reader(self):
+    self._run_test('POST', 403, 'reader', None)
+
+  def test_post_devtable(self):
+    self._run_test('POST', 400, 'devtable', None)
+
+
 class TestOrganizationBuynlarge(ApiTestCase):
   def setUp(self):
     ApiTestCase.setUp(self)
@@ -3424,13 +3588,61 @@ class TestSuperUserLogs(ApiTestCase):
     self._run_test('GET', 200, 'devtable', None)
 
 
+class TestSuperUserSendRecoveryEmail(ApiTestCase):
+  def setUp(self):
+    ApiTestCase.setUp(self)
+    self._set_url(SuperUserSendRecoveryEmail, username='someuser')
+
+  def test_post_anonymous(self):
+    self._run_test('POST', 401, None, None)
+
+  def test_post_freshuser(self):
+    self._run_test('POST', 403, 'freshuser', None)
+
+  def test_post_reader(self):
+    self._run_test('POST', 403, 'reader', None)
+
+  def test_post_devtable(self):
+    self._run_test('POST', 404, 'devtable', None)
+
+
+class TestTeamMemberInvite(ApiTestCase):
+  def setUp(self):
+    ApiTestCase.setUp(self)
+    self._set_url(TeamMemberInvite, code='foobarbaz')
+
+  def test_put_anonymous(self):
+    self._run_test('PUT', 401, None, None)
+
+  def test_put_freshuser(self):
+    self._run_test('PUT', 400, 'freshuser', None)
+
+  def test_put_reader(self):
+    self._run_test('PUT', 400, 'reader', None)
+
+  def test_put_devtable(self):
+    self._run_test('PUT', 400, 'devtable', None)
+
+  def test_delete_anonymous(self):
+    self._run_test('DELETE', 401, None, None)
+
+  def test_delete_freshuser(self):
+    self._run_test('DELETE', 400, 'freshuser', None)
+
+  def test_delete_reader(self):
+    self._run_test('DELETE', 400, 'reader', None)
+
+  def test_delete_devtable(self):
+    self._run_test('DELETE', 400, 'devtable', None)
+
+
 class TestSuperUserList(ApiTestCase):
   def setUp(self):
     ApiTestCase.setUp(self)
     self._set_url(SuperUserList)
 
   def test_get_anonymous(self):
-    self._run_test('GET', 403, None, None)
+    self._run_test('GET', 401, None, None)
 
   def test_get_freshuser(self):
     self._run_test('GET', 403, 'freshuser', None)
@@ -3442,14 +3654,13 @@ class TestSuperUserList(ApiTestCase):
     self._run_test('GET', 200, 'devtable', None)
 
 
-
 class TestSuperUserManagement(ApiTestCase):
   def setUp(self):
     ApiTestCase.setUp(self)
     self._set_url(SuperUserManagement, username='freshuser')
 
   def test_get_anonymous(self):
-    self._run_test('GET', 403, None, None)
+    self._run_test('GET', 401, None, None)
 
   def test_get_freshuser(self):
     self._run_test('GET', 403, 'freshuser', None)
@@ -3462,7 +3673,7 @@ class TestSuperUserManagement(ApiTestCase):
 
 
   def test_put_anonymous(self):
-    self._run_test('PUT', 403, None, {})
+    self._run_test('PUT', 401, None, {})
 
   def test_put_freshuser(self):
     self._run_test('PUT', 403, 'freshuser', {})
@@ -3475,7 +3686,7 @@ class TestSuperUserManagement(ApiTestCase):
 
 
   def test_delete_anonymous(self):
-    self._run_test('DELETE', 403, None, None)
+    self._run_test('DELETE', 401, None, None)
 
   def test_delete_freshuser(self):
     self._run_test('DELETE', 403, 'freshuser', None)
diff --git a/test/test_api_usage.py b/test/test_api_usage.py
index c91005c5c..2d73008f0 100644
--- a/test/test_api_usage.py
+++ b/test/test_api_usage.py
@@ -1,3 +1,5 @@
+# coding=utf-8
+
 import unittest
 import json as py_json
 
@@ -11,15 +13,16 @@ from app import app
 from initdb import setup_database_for_testing, finished_database_for_testing
 from data import model, database
 
-from endpoints.api.team import TeamMember, TeamMemberList, OrganizationTeam
+from endpoints.api.team import TeamMember, TeamMemberList, TeamMemberInvite, OrganizationTeam
 from endpoints.api.tag import RepositoryTagImages, RepositoryTag
 from endpoints.api.search import FindRepositories, EntitySearch
 from endpoints.api.image import RepositoryImage, RepositoryImageList
 from endpoints.api.build import RepositoryBuildStatus, RepositoryBuildLogs, RepositoryBuildList
-from endpoints.api.robot import UserRobotList, OrgRobot, OrgRobotList, UserRobot
+from endpoints.api.robot import (UserRobotList, OrgRobot, OrgRobotList, UserRobot,
+                                 RegenerateUserRobot, RegenerateOrgRobot)
 from endpoints.api.trigger import (BuildTriggerActivate, BuildTriggerSources, BuildTriggerSubdirs,
                                    TriggerBuildList, ActivateBuildTrigger, BuildTrigger,
-                                   BuildTriggerList, BuildTriggerAnalyze)
+                                   BuildTriggerList, BuildTriggerAnalyze, BuildTriggerFieldValues)
 from endpoints.api.repoemail import RepositoryAuthorizedEmail
 from endpoints.api.repositorynotification import RepositoryNotification, RepositoryNotificationList
 from endpoints.api.user import (PrivateRepositories, ConvertToOrganization, Signout, Signin, User,
@@ -40,7 +43,7 @@ from endpoints.api.organization import (OrganizationList, OrganizationMember,
 from endpoints.api.repository import RepositoryList, RepositoryVisibility, Repository
 from endpoints.api.permission import (RepositoryUserPermission, RepositoryTeamPermission,
                                       RepositoryTeamPermissionList, RepositoryUserPermissionList)
-from endpoints.api.superuser import SuperUserLogs, SeatUsage, SuperUserList, SuperUserManagement
+from endpoints.api.superuser import SuperUserLogs, SuperUserList, SuperUserManagement
 
 try:
   app.register_blueprint(api_bp, url_prefix='/api')
@@ -130,6 +133,10 @@ class ApiTestCase(unittest.TestCase):
 
   def deleteResponse(self, resource_name, params={}, expected_code=204):
     rv = self.app.delete(self.url_for(resource_name, params))
+
+    if rv.status_code != expected_code:
+      print 'Mismatch data for resource DELETE %s: %s' % (resource_name, rv.data)
+
     self.assertEquals(rv.status_code, expected_code)
     return rv.data
 
@@ -161,6 +168,13 @@ class ApiTestCase(unittest.TestCase):
     parsed = py_json.loads(data)
     return parsed
 
+  def assertInTeam(self, data, membername):
+    for memberData in data['members']:
+      if memberData['name'] == membername:
+        return
+
+    self.fail(membername + ' not found in team: ' + json.dumps(data))
+
   def login(self, username, password='password'):
     return self.postJsonResponse(Signin, data=dict(username=username, password=password))
 
@@ -326,7 +340,19 @@ class TestChangeUserDetails(ApiTestCase):
     self.putJsonResponse(User,
                          data=dict(password='newpasswordiscool'))
     self.login(READ_ACCESS_USER, password='newpasswordiscool')
-    
+
+  def test_changepassword_unicode(self):
+    self.login(READ_ACCESS_USER)
+    self.putJsonResponse(User,
+                         data=dict(password=u'someunicode北京市pass'))
+    self.login(READ_ACCESS_USER, password=u'someunicode北京市pass')
+
+  def test_changeeemail(self):
+    self.login(READ_ACCESS_USER)
+
+    self.putJsonResponse(User,
+                         data=dict(email='test+foo@devtable.com'))
+
   def test_changeinvoiceemail(self):
     self.login(READ_ACCESS_USER)
 
@@ -368,10 +394,30 @@ class TestCreateNewUser(ApiTestCase):
     self.assertEquals('Invalid username auserName: Username must match expression [a-z0-9_]+', json['error_description'])
     
   def test_createuser(self):
-    data = self.postResponse(User,
+    data = self.postJsonResponse(User,
                              data=NEW_USER_DETAILS,
-                             expected_code=201)
-    self.assertEquals('"Created"', data)
+                             expected_code=200)
+    self.assertEquals(True, data['awaiting_verification'])
+
+  def test_createuser_withteaminvite(self):
+    inviter = model.get_user(ADMIN_ACCESS_USER)
+    team = model.get_organization_team(ORGANIZATION, 'owners')
+    invite = model.add_or_invite_to_team(inviter, team, None, 'foo@example.com')
+     
+    details = {
+      'inviteCode': invite.invite_token
+    }
+    details.update(NEW_USER_DETAILS);
+
+    data = self.postJsonResponse(User, data=details, expected_code=200)
+    self.assertEquals(True, data['awaiting_verification'])
+
+    # Make sure the user was added to the team.
+    self.login(ADMIN_ACCESS_USER)
+    json = self.getJsonResponse(TeamMemberList,
+                                params=dict(orgname=ORGANIZATION,
+                                            teamname='owners'))
+    self.assertInTeam(json, NEW_USER_DETAILS['username'])
 
 
 class TestSignout(ApiTestCase):
@@ -734,16 +780,43 @@ class TestGetOrganizationTeamMembers(ApiTestCase):
                                 params=dict(orgname=ORGANIZATION,
                                             teamname='readers'))
 
-    assert READ_ACCESS_USER in json['members']
+    self.assertEquals(READ_ACCESS_USER, json['members'][1]['name'])
 
 
 class TestUpdateOrganizationTeamMember(ApiTestCase):
-  def test_addmember(self):
+  def test_addmember_alreadyteammember(self):
     self.login(ADMIN_ACCESS_USER)
 
+    membername = READ_ACCESS_USER
+    self.putResponse(TeamMember,
+                     params=dict(orgname=ORGANIZATION, teamname='readers',
+                                 membername=membername),
+                     expected_code=400)
+     
+
+  def test_addmember_orgmember(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    membername = READ_ACCESS_USER
+    self.putJsonResponse(TeamMember,
+                         params=dict(orgname=ORGANIZATION, teamname='owners',
+                                     membername=membername))
+     
+    # Verify the user was added to the team.
+    json = self.getJsonResponse(TeamMemberList,
+                                params=dict(orgname=ORGANIZATION,
+                                            teamname='owners'))
+
+    self.assertInTeam(json, membername)
+
+
+  def test_addmember_robot(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    membername = ORGANIZATION + '+coolrobot'
     self.putJsonResponse(TeamMember,
                          params=dict(orgname=ORGANIZATION, teamname='readers',
-                                     membername=NO_ACCESS_USER))
+                                     membername=membername))
      
 
     # Verify the user was added to the team.
@@ -751,10 +824,168 @@ class TestUpdateOrganizationTeamMember(ApiTestCase):
                                 params=dict(orgname=ORGANIZATION,
                                             teamname='readers'))
 
-    assert NO_ACCESS_USER in json['members']
+    self.assertInTeam(json, membername)
+
+
+  def test_addmember_invalidrobot(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    membername = 'freshuser+anotherrobot'
+    self.putResponse(TeamMember,
+                     params=dict(orgname=ORGANIZATION, teamname='readers',
+                                 membername=membername),
+                     expected_code=400)
+  
+   
+  def test_addmember_nonorgmember(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    membername = NO_ACCESS_USER
+    response = self.putJsonResponse(TeamMember,
+                                    params=dict(orgname=ORGANIZATION, teamname='owners',
+                                                membername=membername))
+     
+
+    self.assertEquals(True, response['invited'])
+
+    # Make sure the user is not (yet) part of the team.
+    json = self.getJsonResponse(TeamMemberList,
+                                params=dict(orgname=ORGANIZATION,
+                                            teamname='readers'))
+
+    for member in json['members']:
+      self.assertNotEqual(membername, member['name'])
+
+
+class TestAcceptTeamMemberInvite(ApiTestCase):
+  def assertInTeam(self, data, membername):
+    for memberData in data['members']:
+      if memberData['name'] == membername:
+        return
+
+    self.fail(membername + ' not found in team: ' + json.dumps(data))
+
+  def test_accept(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    # Create the invite.
+    membername = NO_ACCESS_USER
+    response = self.putJsonResponse(TeamMember,
+                                    params=dict(orgname=ORGANIZATION, teamname='owners',
+                                                membername=membername))
+    
+    self.assertEquals(True, response['invited'])
+
+    # Login as the user.
+    self.login(membername)
+
+    # Accept the invite.
+    user = model.get_user(membername)
+    invites = list(model.lookup_team_invites(user))
+    self.assertEquals(1, len(invites))
+
+    self.putJsonResponse(TeamMemberInvite,
+                         params=dict(code=invites[0].invite_token))
+
+    # Verify the user is now on the team.
+    json = self.getJsonResponse(TeamMemberList,
+                                params=dict(orgname=ORGANIZATION,
+                                            teamname='owners'))
+
+    self.assertInTeam(json, membername)
+    
+    # Verify the accept now fails.
+    self.putResponse(TeamMemberInvite,
+                     params=dict(code=invites[0].invite_token),
+                     expected_code=400)
+
+
+
+class TestDeclineTeamMemberInvite(ApiTestCase):
+  def test_decline_wronguser(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    # Create the invite.
+    membername = NO_ACCESS_USER
+    response = self.putJsonResponse(TeamMember,
+                                    params=dict(orgname=ORGANIZATION, teamname='owners',
+                                                membername=membername))
+    
+    self.assertEquals(True, response['invited'])
+
+    # Try to decline the invite.
+    user = model.get_user(membername)
+    invites = list(model.lookup_team_invites(user))
+    self.assertEquals(1, len(invites))
+
+    self.deleteResponse(TeamMemberInvite,
+                        params=dict(code=invites[0].invite_token),
+                        expected_code=400)
+
+
+  def test_decline(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    # Create the invite.
+    membername = NO_ACCESS_USER
+    response = self.putJsonResponse(TeamMember,
+                                    params=dict(orgname=ORGANIZATION, teamname='owners',
+                                                membername=membername))
+    
+    self.assertEquals(True, response['invited'])
+
+    # Login as the user.
+    self.login(membername)
+
+    # Decline the invite.
+    user = model.get_user(membername)
+    invites = list(model.lookup_team_invites(user))
+    self.assertEquals(1, len(invites))
+
+    self.deleteResponse(TeamMemberInvite,
+                        params=dict(code=invites[0].invite_token))
+
+    # Make sure the invite was deleted.
+    self.deleteResponse(TeamMemberInvite,
+                        params=dict(code=invites[0].invite_token),
+                        expected_code=400)
 
 
 class TestDeleteOrganizationTeamMember(ApiTestCase):
+  def test_deletememberinvite(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    membername = NO_ACCESS_USER
+    response = self.putJsonResponse(TeamMember,
+                                    params=dict(orgname=ORGANIZATION, teamname='readers',
+                                                membername=membername))
+     
+
+    self.assertEquals(True, response['invited'])
+
+    # Verify the invite was added.
+    json = self.getJsonResponse(TeamMemberList,
+                                params=dict(orgname=ORGANIZATION,
+                                            teamname='readers',
+                                            includePending=True))
+
+    assert len(json['members']) == 3
+
+    # Delete the invite.
+    self.deleteResponse(TeamMember,
+                        params=dict(orgname=ORGANIZATION, teamname='readers',
+                                    membername=membername))
+    
+
+    # Verify the user was removed from the team.
+    json = self.getJsonResponse(TeamMemberList,
+                                params=dict(orgname=ORGANIZATION,
+                                            teamname='readers',
+                                            includePending=True))
+
+    assert len(json['members']) == 2
+
+
   def test_deletemember(self):
     self.login(ADMIN_ACCESS_USER)
 
@@ -768,7 +999,7 @@ class TestDeleteOrganizationTeamMember(ApiTestCase):
                                 params=dict(orgname=ORGANIZATION,
                                             teamname='readers'))
 
-    assert not READ_ACCESS_USER in json['members']
+    assert len(json['members']) == 1
 
 
 class TestCreateRepo(ApiTestCase):
@@ -1198,6 +1429,7 @@ class TestListAndGetImage(ApiTestCase):
                                 params=dict(repository=ADMIN_ACCESS_USER + '/simple'))
 
     assert len(json['images']) > 0
+
     for image in json['images']:
       assert 'id' in image
       assert 'tags' in image
@@ -1205,7 +1437,6 @@ class TestListAndGetImage(ApiTestCase):
       assert 'comment' in image
       assert 'command' in image
       assert 'ancestors' in image
-      assert 'dbid' in image
       assert 'size' in image
 
       ijson = self.getJsonResponse(RepositoryImage,
@@ -1572,6 +1803,30 @@ class TestUserRobots(ApiTestCase):
     robots = self.getRobotNames()
     assert not NO_ACCESS_USER + '+bender' in robots
 
+  def test_regenerate(self):
+    self.login(NO_ACCESS_USER)
+
+    # Create a robot.
+    json = self.putJsonResponse(UserRobot,
+                                params=dict(robot_shortname='bender'),
+                                expected_code=201)
+
+    token = json['token']
+
+    # Regenerate the robot.
+    json = self.postJsonResponse(RegenerateUserRobot,
+                                params=dict(robot_shortname='bender'),
+                                expected_code=200)
+
+    # Verify the token changed.
+    self.assertNotEquals(token, json['token'])
+
+    json2 = self.getJsonResponse(UserRobot,
+                                 params=dict(robot_shortname='bender'),
+                                 expected_code=200)
+
+    self.assertEquals(json['token'], json2['token'])
+
 
 class TestOrgRobots(ApiTestCase):
   def getRobotNames(self):
@@ -1601,6 +1856,31 @@ class TestOrgRobots(ApiTestCase):
     assert not ORGANIZATION + '+bender' in robots
 
 
+  def test_regenerate(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    # Create a robot.
+    json = self.putJsonResponse(OrgRobot,
+                                params=dict(orgname=ORGANIZATION, robot_shortname='bender'),
+                                expected_code=201)
+
+    token = json['token']
+
+    # Regenerate the robot.
+    json = self.postJsonResponse(RegenerateOrgRobot,
+                                params=dict(orgname=ORGANIZATION, robot_shortname='bender'),
+                                expected_code=200)
+
+    # Verify the token changed.
+    self.assertNotEquals(token, json['token'])
+
+    json2 = self.getJsonResponse(OrgRobot,
+                                 params=dict(orgname=ORGANIZATION, robot_shortname='bender'),
+                                 expected_code=200)
+
+    self.assertEquals(json['token'], json2['token'])
+
+
 class TestLogs(ApiTestCase):
   def test_user_logs(self):
     self.login(ADMIN_ACCESS_USER)
@@ -1754,7 +2034,7 @@ class FakeBuildTrigger(BuildTriggerBase):
     config['active'] = False
     return config    
 
-  def manual_start(self, auth_token, config):
+  def manual_start(self, auth_token, config, run_parameters=None):
     return ('foo', ['bar'], 'build-name', 'subdir')
 
   def dockerfile_url(self, auth_token, config):
@@ -1766,6 +2046,12 @@ class FakeBuildTrigger(BuildTriggerBase):
 
     return config['dockerfile']
 
+  def list_field_values(self, auth_token, config, field_name):
+    if field_name == 'test_field':
+      return [1, 2, 3]
+
+    return None
+
 
 class TestBuildTriggers(ApiTestCase):
   def test_list_build_triggers(self):
@@ -1938,9 +2224,22 @@ class TestBuildTriggers(ApiTestCase):
                       data={'config': trigger_config},
                       expected_code=400)
 
+    # Retrieve values for a field.
+    result = self.getJsonResponse(BuildTriggerFieldValues,
+                                  params=dict(repository=ADMIN_ACCESS_USER + '/simple', 
+                                              trigger_uuid=trigger.uuid, field_name="test_field"))
+
+    self.assertEquals(result['values'], [1, 2, 3])
+
+    self.getResponse(BuildTriggerFieldValues,
+                      params=dict(repository=ADMIN_ACCESS_USER + '/simple', 
+                                  trigger_uuid=trigger.uuid, field_name="another_field"),
+                      expected_code = 404)
+
     # Start a manual build.
     start_json = self.postJsonResponse(ActivateBuildTrigger,
                                        params=dict(repository=ADMIN_ACCESS_USER + '/simple', trigger_uuid=trigger.uuid),
+                                       data=dict(),
                                        expected_code=201)
 
     assert 'id' in start_json
@@ -2005,6 +2304,7 @@ class TestBuildTriggers(ApiTestCase):
     # Start a manual build.
     start_json = self.postJsonResponse(ActivateBuildTrigger,
                                        params=dict(repository=ADMIN_ACCESS_USER + '/simple', trigger_uuid=trigger.uuid),
+                                       data=dict(),
                                        expected_code=201)
 
     assert 'id' in start_json
@@ -2064,7 +2364,7 @@ class TestSuperUserManagement(ApiTestCase):
 
     json = self.getJsonResponse(SuperUserManagement, params=dict(username = 'freshuser'))
     self.assertEquals('freshuser', json['username'])
-    self.assertEquals('no@thanks.com', json['email'])
+    self.assertEquals('jschorr+test@devtable.com', json['email'])
     self.assertEquals(False, json['super_user'])    
 
   def test_delete_user(self):
@@ -2087,7 +2387,7 @@ class TestSuperUserManagement(ApiTestCase):
     # Verify the user exists.
     json = self.getJsonResponse(SuperUserManagement, params=dict(username = 'freshuser'))
     self.assertEquals('freshuser', json['username'])
-    self.assertEquals('no@thanks.com', json['email'])
+    self.assertEquals('jschorr+test@devtable.com', json['email'])
 
     # Update the user.
     self.putJsonResponse(SuperUserManagement, params=dict(username='freshuser'), data=dict(email='foo@bar.com'))
diff --git a/test/test_image_sharing.py b/test/test_image_sharing.py
index ab278f9f4..ef2458ccc 100644
--- a/test/test_image_sharing.py
+++ b/test/test_image_sharing.py
@@ -46,25 +46,30 @@ class TestImageSharing(unittest.TestCase):
     preferred = storage.preferred_locations[0]
     image = model.find_create_or_link_image(docker_image_id, repository_obj, username, {},
                                             preferred)
-    return image.storage.id
+    image.storage.uploading = False
+    image.storage.save()
+    return image.storage
 
-  def assertSameStorage(self, docker_image_id, storage_id, repository=REPO, username=ADMIN_ACCESS_USER):
-    new_storage_id = self.createStorage(docker_image_id, repository, username)
-    self.assertEquals(storage_id, new_storage_id)
+  def assertSameStorage(self, docker_image_id, existing_storage, repository=REPO,
+                        username=ADMIN_ACCESS_USER):
+    new_storage = self.createStorage(docker_image_id, repository, username)
+    self.assertEquals(existing_storage.id, new_storage.id)
 
-  def assertDifferentStorage(self, docker_image_id, storage_id, repository=REPO, username=ADMIN_ACCESS_USER):
-    new_storage_id = self.createStorage(docker_image_id, repository, username)
-    self.assertNotEquals(storage_id, new_storage_id)
+  def assertDifferentStorage(self, docker_image_id, existing_storage, repository=REPO,
+                             username=ADMIN_ACCESS_USER):
+    new_storage = self.createStorage(docker_image_id, repository, username)
+    self.assertNotEquals(existing_storage.id, new_storage.id)
 
 
   def test_same_user(self):
-    """ The same user creates two images, each which should be shared in the same repo. This is a sanity check. """
+    """ The same user creates two images, each which should be shared in the same repo. This is a
+      sanity check. """
 
     # Create a reference to a new docker ID => new image.
-    first_storage_id = self.createStorage('first-image')
+    first_storage = self.createStorage('first-image')
     
     # Create a reference to the same docker ID => same image.
-    self.assertSameStorage('first-image', first_storage_id)
+    self.assertSameStorage('first-image', first_storage)
 
     # Create a reference to another new docker ID => new image.
     second_storage_id = self.createStorage('second-image')
@@ -73,68 +78,68 @@ class TestImageSharing(unittest.TestCase):
     self.assertSameStorage('second-image', second_storage_id)
 
     # Make sure the images are different.
-    self.assertNotEquals(first_storage_id, second_storage_id)
+    self.assertNotEquals(first_storage, second_storage_id)
 
 
   def test_no_user_private_repo(self):
     """ If no user is specified (token case usually), then no sharing can occur on a private repo. """
     # Create a reference to a new docker ID => new image.
-    first_storage_id = self.createStorage('the-image', username=None, repository=SHARED_REPO)
+    first_storage = self.createStorage('the-image', username=None, repository=SHARED_REPO)
 
     # Create a areference to the same docker ID, but since no username => new image.
-    self.assertDifferentStorage('the-image', first_storage_id, username=None, repository=RANDOM_REPO)
+    self.assertDifferentStorage('the-image', first_storage, username=None, repository=RANDOM_REPO)
 
 
   def test_no_user_public_repo(self):
     """ If no user is specified (token case usually), then no sharing can occur on a private repo except when the image is first public. """
     # Create a reference to a new docker ID => new image.
-    first_storage_id = self.createStorage('the-image', username=None, repository=PUBLIC_REPO)
+    first_storage = self.createStorage('the-image', username=None, repository=PUBLIC_REPO)
 
     # Create a areference to the same docker ID. Since no username, we'd expect different but the first image is public so => shaed image.
-    self.assertSameStorage('the-image', first_storage_id, username=None, repository=RANDOM_REPO)
+    self.assertSameStorage('the-image', first_storage, username=None, repository=RANDOM_REPO)
 
 
   def test_different_user_same_repo(self):
     """ Two different users create the same image in the same repo. """
 
     # Create a reference to a new docker ID under the first user => new image.
-    first_storage_id = self.createStorage('the-image', username=PUBLIC_USER, repository=SHARED_REPO)
+    first_storage = self.createStorage('the-image', username=PUBLIC_USER, repository=SHARED_REPO)
 
     # Create a reference to the *same* docker ID under the second user => same image.
-    self.assertSameStorage('the-image', first_storage_id, username=ADMIN_ACCESS_USER, repository=SHARED_REPO)
+    self.assertSameStorage('the-image', first_storage, username=ADMIN_ACCESS_USER, repository=SHARED_REPO)
 
 
   def test_different_repo_no_shared_access(self):
     """ Neither user has access to the other user's repository. """
 
     # Create a reference to a new docker ID under the first user => new image.
-    first_storage_id = self.createStorage('the-image', username=RANDOM_USER, repository=RANDOM_REPO)
+    first_storage = self.createStorage('the-image', username=RANDOM_USER, repository=RANDOM_REPO)
 
     # Create a reference to the *same* docker ID under the second user => new image.
     second_storage_id = self.createStorage('the-image', username=ADMIN_ACCESS_USER, repository=REPO)
 
     # Verify that the users do not share storage.
-    self.assertNotEquals(first_storage_id, second_storage_id)
+    self.assertNotEquals(first_storage, second_storage_id)
 
 
   def test_public_than_private(self):
     """ An image is created publicly then used privately, so it should be shared. """
 
     # Create a reference to a new docker ID under the first user => new image.
-    first_storage_id = self.createStorage('the-image', username=PUBLIC_USER, repository=PUBLIC_REPO)
+    first_storage = self.createStorage('the-image', username=PUBLIC_USER, repository=PUBLIC_REPO)
 
     # Create a reference to the *same* docker ID under the second user => same image, since the first was public.
-    self.assertSameStorage('the-image', first_storage_id, username=ADMIN_ACCESS_USER, repository=REPO)
+    self.assertSameStorage('the-image', first_storage, username=ADMIN_ACCESS_USER, repository=REPO)
 
 
   def test_private_than_public(self):
     """ An image is created privately then used publicly, so it should *not* be shared. """
 
     # Create a reference to a new docker ID under the first user => new image.
-    first_storage_id = self.createStorage('the-image', username=ADMIN_ACCESS_USER, repository=REPO)
+    first_storage = self.createStorage('the-image', username=ADMIN_ACCESS_USER, repository=REPO)
 
     # Create a reference to the *same* docker ID under the second user => new image, since the first was private.
-    self.assertDifferentStorage('the-image', first_storage_id, username=PUBLIC_USER, repository=PUBLIC_REPO)
+    self.assertDifferentStorage('the-image', first_storage, username=PUBLIC_USER, repository=PUBLIC_REPO)
 
 
   def test_different_repo_with_access(self):
@@ -143,64 +148,71 @@ class TestImageSharing(unittest.TestCase):
         be shared since the user has access.
     """
     # Create the image in the shared repo => new image.
-    first_storage_id = self.createStorage('the-image', username=ADMIN_ACCESS_USER, repository=SHARED_REPO)
+    first_storage = self.createStorage('the-image', username=ADMIN_ACCESS_USER, repository=SHARED_REPO)
 
     # Create the image in the other user's repo, but since the user (PUBLIC) still has access to the shared
     # repository, they should reuse the storage.
-    self.assertSameStorage('the-image', first_storage_id, username=PUBLIC_USER, repository=PUBLIC_REPO)
+    self.assertSameStorage('the-image', first_storage, username=PUBLIC_USER, repository=PUBLIC_REPO)
 
 
   def test_org_access(self):
     """ An image is accessible by being a member of the organization. """
 
     # Create the new image under the org's repo => new image.
-    first_storage_id = self.createStorage('the-image', username=ADMIN_ACCESS_USER, repository=ORG_REPO)
+    first_storage = self.createStorage('the-image', username=ADMIN_ACCESS_USER, repository=ORG_REPO)
 
     # Create an image under the user's repo, but since the user has access to the organization => shared image.
-    self.assertSameStorage('the-image', first_storage_id, username=ADMIN_ACCESS_USER, repository=REPO)
+    self.assertSameStorage('the-image', first_storage, username=ADMIN_ACCESS_USER, repository=REPO)
 
     # Ensure that the user's robot does not have access, since it is not on the permissions list for the repo.
-    self.assertDifferentStorage('the-image', first_storage_id, username=ADMIN_ROBOT_USER, repository=SHARED_REPO)
+    self.assertDifferentStorage('the-image', first_storage, username=ADMIN_ROBOT_USER, repository=SHARED_REPO)
 
 
   def test_org_access_different_user(self):
     """ An image is accessible by being a member of the organization. """
 
     # Create the new image under the org's repo => new image.
-    first_storage_id = self.createStorage('the-image', username=ADMIN_ACCESS_USER, repository=ORG_REPO)
+    first_storage = self.createStorage('the-image', username=ADMIN_ACCESS_USER, repository=ORG_REPO)
 
     # Create an image under a user's repo, but since the user has access to the organization => shared image.
-    self.assertSameStorage('the-image', first_storage_id, username=PUBLIC_USER, repository=PUBLIC_REPO)
+    self.assertSameStorage('the-image', first_storage, username=PUBLIC_USER, repository=PUBLIC_REPO)
 
     # Also verify for reader.
-    self.assertSameStorage('the-image', first_storage_id, username=READ_ACCESS_USER, repository=PUBLIC_REPO)
+    self.assertSameStorage('the-image', first_storage, username=READ_ACCESS_USER, repository=PUBLIC_REPO)
 
 
   def test_org_no_access(self):
     """ An image is not accessible if not a member of the organization. """
 
     # Create the new image under the org's repo => new image.
-    first_storage_id = self.createStorage('the-image', username=ADMIN_ACCESS_USER, repository=ORG_REPO)
+    first_storage = self.createStorage('the-image', username=ADMIN_ACCESS_USER, repository=ORG_REPO)
 
     # Create an image under a user's repo. Since the user is not a member of the organization => new image.
-    self.assertDifferentStorage('the-image', first_storage_id, username=RANDOM_USER, repository=RANDOM_REPO)
+    self.assertDifferentStorage('the-image', first_storage, username=RANDOM_USER, repository=RANDOM_REPO)
 
 
   def test_org_not_team_member_with_access(self):
     """ An image is accessible to a user specifically listed as having permission on the org repo. """
 
     # Create the new image under the org's repo => new image.
-    first_storage_id = self.createStorage('the-image', username=ADMIN_ACCESS_USER, repository=ORG_REPO)
+    first_storage = self.createStorage('the-image', username=ADMIN_ACCESS_USER, repository=ORG_REPO)
 
     # Create an image under a user's repo. Since the user has read access on that repo, they can see the image => shared image.
-    self.assertSameStorage('the-image', first_storage_id, username=OUTSIDE_ORG_USER, repository=OUTSIDE_ORG_REPO)
+    self.assertSameStorage('the-image', first_storage, username=OUTSIDE_ORG_USER, repository=OUTSIDE_ORG_REPO)
 
 
   def test_org_not_team_member_with_no_access(self):
     """ A user that has access to one org repo but not another and is not a team member. """
 
     # Create the new image under the org's repo => new image.
-    first_storage_id = self.createStorage('the-image', username=ADMIN_ACCESS_USER, repository=ANOTHER_ORG_REPO)
+    first_storage = self.createStorage('the-image', username=ADMIN_ACCESS_USER, repository=ANOTHER_ORG_REPO)
 
     # Create an image under a user's repo. The user doesn't have access to the repo (ANOTHER_ORG_REPO) so => new image.
-    self.assertDifferentStorage('the-image', first_storage_id, username=OUTSIDE_ORG_USER, repository=OUTSIDE_ORG_REPO)
+    self.assertDifferentStorage('the-image', first_storage, username=OUTSIDE_ORG_USER, repository=OUTSIDE_ORG_REPO)
+
+  def test_no_link_to_uploading(self):
+    still_uploading = self.createStorage('an-image', repository=PUBLIC_REPO)
+    still_uploading.uploading = True
+    still_uploading.save()
+
+    self.assertDifferentStorage('an-image', still_uploading)
diff --git a/test/testconfig.py b/test/testconfig.py
index c74e5712a..46288de7e 100644
--- a/test/testconfig.py
+++ b/test/testconfig.py
@@ -30,10 +30,11 @@ class TestConfig(DefaultConfig):
   BUILDLOGS_MODULE_AND_CLASS = ('test.testlogs', 'testlogs.TestBuildLogs')
   BUILDLOGS_OPTIONS = ['devtable', 'building', 'deadbeef-dead-beef-dead-beefdeadbeef', False]
 
-  USERFILES_TYPE = 'FakeUserfiles'
+  USERFILES_LOCATION = 'local_us'
 
   FEATURE_SUPER_USERS = True
   FEATURE_BILLING = True
+  FEATURE_MAILING = True
   SUPER_USERS = ['devtable']
 
   LICENSE_USER_LIMIT = 500
diff --git a/test/testlogs.py b/test/testlogs.py
index 27fe7c47b..cd4ea6c9d 100644
--- a/test/testlogs.py
+++ b/test/testlogs.py
@@ -45,8 +45,8 @@ class TestBuildLogs(RedisBuildLogs):
     'pull_completion': 0.0,
   }
 
-  def __init__(self, redis_host, namespace, repository, test_build_id, allow_delegate=True):
-    super(TestBuildLogs, self).__init__(redis_host)
+  def __init__(self, redis_config, namespace, repository, test_build_id, allow_delegate=True):
+    super(TestBuildLogs, self).__init__(redis_config)
     self.namespace = namespace
     self.repository = repository
     self.test_build_id = test_build_id
@@ -198,3 +198,11 @@ class TestBuildLogs(RedisBuildLogs):
       return None
     else:
       return super(TestBuildLogs, self).get_status(build_id)
+
+  def expire_log_entries(self, build_id):
+    if build_id == self.test_build_id:
+      return
+    if not self.allow_delegate:
+      return None
+    else:
+      return super(TestBuildLogs, self).expire_log_entries(build_id)
diff --git a/tools/auditancestry.py b/tools/auditancestry.py
index dce445e4e..59d636836 100644
--- a/tools/auditancestry.py
+++ b/tools/auditancestry.py
@@ -1,7 +1,7 @@
 import logging
 import json
 
-from data.database import Image, ImageStorage, Repository, configure
+from data.database import Image, ImageStorage, Repository, User, configure
 from data import model
 from app import app, storage as store
 
@@ -16,17 +16,18 @@ logging.getLogger('boto').setLevel(logging.CRITICAL)
 
 
 query = (Image
-  .select(Image, ImageStorage, Repository)
-  .join(ImageStorage)
-  .switch(Image)
-  .join(Repository)
-  .where(Repository.name == 'userportal', Repository.namespace == 'crsinc'))
+         .select(Image, ImageStorage, Repository, User)
+         .join(ImageStorage)
+         .switch(Image)
+         .join(Repository)
+         .join(User)
+         .where(ImageStorage.uploading == False))
 
 bad_count = 0
 good_count = 0
 
 def resolve_or_create(repo, docker_image_id, new_ancestry):
-  existing = model.get_repo_image(repo.namespace, repo.name, docker_image_id)
+  existing = model.get_repo_image(repo.namespace_user.username, repo.name, docker_image_id)
   if existing:
     logger.debug('Found existing image: %s, %s', existing.id, docker_image_id)
     return existing
@@ -45,7 +46,7 @@ def resolve_or_create(repo, docker_image_id, new_ancestry):
       return created
     except ImageStorage.DoesNotExist:
       msg = 'No image available anywhere for storage: %s in namespace: %s'
-      logger.error(msg, docker_image_id, repo.namespace)
+      logger.error(msg, docker_image_id, repo.namespace_user.username)
       raise RuntimeError()
 
 
@@ -62,20 +63,19 @@ def all_ancestors_exist(ancestors):
 cant_fix = []
 for img in query:
   try:
-    with_locations = model.get_repo_image(img.repository.namespace, img.repository.name,
-                                          img.docker_image_id)
+    with_locations = model.get_repo_image(img.repository.namespace_user.username,
+                                          img.repository.name, img.docker_image_id)
     ancestry_storage = store.image_ancestry_path(img.storage.uuid)
     if store.exists(with_locations.storage.locations, ancestry_storage):
-      full_ancestry = json.loads(store.get_content(with_locations.storage.locations, ancestry_storage))[1:]
+      full_ancestry = json.loads(store.get_content(with_locations.storage.locations,
+                                                   ancestry_storage))[1:]
       full_ancestry.reverse()
 
-      ancestor_dbids = [int(anc_id) 
-                        for anc_id in img.ancestors.split('/')[1:-1]]
+      ancestor_dbids = [int(anc_id) for anc_id in img.ancestors.split('/')[1:-1]]
 
       if len(full_ancestry) != len(ancestor_dbids) or not all_ancestors_exist(ancestor_dbids):
-        logger.error('Image has incomplete ancestry: %s, %s, %s, %s' %
-                     (img.id, img.docker_image_id, full_ancestry,
-                      ancestor_dbids))
+        logger.error('Image has incomplete ancestry: %s, %s, %s, %s', img.id, img.docker_image_id,
+                     full_ancestry, ancestor_dbids)
 
         fixed_ancestry = '/'
         for ancestor in full_ancestry:
@@ -99,5 +99,5 @@ for img in query:
                len(cant_fix))
 
 for cant in cant_fix:
-  logger.error('Unable to fix %s in repo %s/%s', cant.id,
-               cant.repository.namespace, cant.repository.name)
\ No newline at end of file
+  logger.error('Unable to fix %s in repo %s/%s', cant.id, cant.repository.namespace_user.username,
+               cant.repository.name)
diff --git a/tools/createlicense.py b/tools/createlicense.py
deleted file mode 100644
index 53700d4f4..000000000
--- a/tools/createlicense.py
+++ /dev/null
@@ -1,38 +0,0 @@
-import argparse
-import pickle
-
-from Crypto.PublicKey import RSA
-from datetime import datetime, timedelta
-
-def encrypt(message, output_filename):
-  private_key_file = 'conf/stack/license_key'
-  with open(private_key_file, 'r') as private_key:
-    encryptor = RSA.importKey(private_key)
-
-  encrypted_data = encryptor.decrypt(message)
-
-  with open(output_filename, 'wb') as encrypted_file:
-    encrypted_file.write(encrypted_data)
-
-parser = argparse.ArgumentParser(description='Create a license file.')
-parser.add_argument('--users', type=int, default=20,
-                    help='Number of users allowed by the license')
-parser.add_argument('--days', type=int, default=30,
-                    help='Number of days for which the license is valid')
-parser.add_argument('--warn', type=int, default=7,
-                    help='Number of days prior to expiration to warn users')
-parser.add_argument('--output', type=str, required=True,
-                    help='File in which to store the license')
-
-if __name__ == "__main__":
-  args = parser.parse_args()
-  print ('Creating license for %s users for %s days in file: %s' %
-         (args.users, args.days, args.output))
-
-  license_data = {
-    'LICENSE_EXPIRATION': datetime.utcnow() + timedelta(days=args.days),
-    'LICENSE_USER_LIMIT': args.users,
-    'LICENSE_EXPIRATION_WARNING': datetime.utcnow() + timedelta(days=(args.days - args.warn)),
-  }
-
-  encrypt(pickle.dumps(license_data, 2), args.output)
diff --git a/tools/emailinvoice.py b/tools/emailinvoice.py
index 63a5bd712..e9c9d0861 100644
--- a/tools/emailinvoice.py
+++ b/tools/emailinvoice.py
@@ -1,4 +1,4 @@
-from app import stripe
+import stripe
 from app import app
 
 from util.invoice import renderInvoiceToHtml
diff --git a/tools/orphans.py b/tools/orphans.py
index 17babf31a..a8990f79b 100644
--- a/tools/orphans.py
+++ b/tools/orphans.py
@@ -1,22 +1,15 @@
-from data.database import Image
-from app import app, storage as store
+from data.database import Image, ImageStorage
+from peewee import JOIN_LEFT_OUTER, fn
+from app import app
 
-live_image_id_set = set()
+orphaned = (ImageStorage
+            .select()
+            .where(ImageStorage.uploading == False)
+            .join(Image, JOIN_LEFT_OUTER)
+            .group_by(ImageStorage)
+            .having(fn.Count(Image.id) == 0))
 
-for image in Image.select():
-  live_image_id_set.add(image.docker_image_id)
-
-storage_image_id_set = set()
-for customer in store.list_directory('images/'):
-  for repo in store.list_directory(customer):
-    for image in store.list_directory(repo):
-      storage_image_id_set.add(image.split('/')[-1])
-
-orphans = storage_image_id_set.difference(live_image_id_set)
-missing_image_data = live_image_id_set.difference(storage_image_id_set)
-
-for orphan in orphans:
-  print "Orphan: %s" % orphan
-
-for missing in missing_image_data:
-  print "Missing: %s" % missing
+counter = 0
+for orphan in orphaned:
+  counter += 1
+  print orphan.uuid
diff --git a/tools/relationships.py b/tools/relationships.py
index d701a18ce..c2cad5de5 100644
--- a/tools/relationships.py
+++ b/tools/relationships.py
@@ -9,7 +9,7 @@ with open('outfile.dot', 'w') as outfile:
   outfile.write('digraph relationships {\n')
 
   for repo in Repository.select():
-    ns = fix_ident(repo.namespace)
+    ns = fix_ident(repo.namespace_user.username)
     outfile.write('%s_%s -> %s\n' % (ns, fix_ident(repo.name), ns))
 
   teams_in_orgs = set()
diff --git a/tools/reparsedockerfile.py b/tools/reparsedockerfile.py
new file mode 100644
index 000000000..09ac3955f
--- /dev/null
+++ b/tools/reparsedockerfile.py
@@ -0,0 +1,23 @@
+from util.dockerfileparse import parse_dockerfile, ParsedDockerfile, serialize_dockerfile
+
+with open('Dockerfile.test', 'r') as dockerfileobj:
+  parsed_dockerfile = parse_dockerfile(dockerfileobj.read())
+
+quay_reponame = 'something'
+env_command = {
+  'command': 'ENV',
+  'parameters': 'QUAY_REPOSITORY %s' % quay_reponame
+}
+
+for index, command in reversed(list(enumerate(parsed_dockerfile.commands))):
+  if command['command'] == 'FROM':
+    new_command_index = index + 1
+    parsed_dockerfile.commands.insert(new_command_index, env_command)
+    break
+
+image_and_tag_tuple = parsed_dockerfile.get_image_and_tag()
+print image_and_tag_tuple
+if image_and_tag_tuple is None or image_and_tag_tuple[0] is None:
+  raise Exception('Missing FROM command in Dockerfile')
+
+print serialize_dockerfile(parsed_dockerfile)
diff --git a/tools/sendconfirmemail.py b/tools/sendconfirmemail.py
index e9333a181..94345c573 100644
--- a/tools/sendconfirmemail.py
+++ b/tools/sendconfirmemail.py
@@ -1,4 +1,3 @@
-from app import stripe
 from app import app
 
 from util.useremails import send_confirmation_email
diff --git a/tools/uncompressedsize.py b/tools/uncompressedsize.py
new file mode 100644
index 000000000..56a22756b
--- /dev/null
+++ b/tools/uncompressedsize.py
@@ -0,0 +1,107 @@
+import json
+import logging
+
+from data import model
+from data.database import ImageStorage
+from app import app, storage as store
+from data.database import db
+from gzip import GzipFile
+from tempfile import SpooledTemporaryFile
+
+
+logger = logging.getLogger(__name__)
+
+
+def backfill_sizes_from_json():
+  query = (ImageStorage
+           .select()
+           .where(ImageStorage.uncompressed_size == None, ImageStorage.uploading == False)
+           .limit(100))
+
+  total = 0
+  missing = 0
+  batch_processed = 1
+
+  while batch_processed > 0:
+    batch_processed = 0
+    with app.config['DB_TRANSACTION_FACTORY'](db):
+      for image_storage in query.clone():
+        total += 1
+        batch_processed += 1
+
+        if (total - 1) % 100 == 0:
+          logger.debug('Storing entry: %s', total)
+
+        # Lookup the JSON for the image.
+        uuid = image_storage.uuid
+        with_locations = model.get_storage_by_uuid(uuid)
+
+        try:
+          json_string = store.get_content(with_locations.locations, store.image_json_path(uuid))
+          json_data = json.loads(json_string)
+          size = json_data.get('Size', json_data.get('size', -1))
+        except IOError:
+          logger.debug('Image storage with no json %s', uuid)
+          size = -1
+
+        if size == -1:
+          missing += 1
+
+          logger.debug('Missing entry %s (%s/%s)', uuid, missing, total)
+
+        image_storage.uncompressed_size = size
+        image_storage.save()
+
+
+def backfill_sizes_from_data():
+  storage_ids = list(ImageStorage
+           .select(ImageStorage.uuid)
+           .where(ImageStorage.uncompressed_size == -1, ImageStorage.uploading == False))
+
+  counter = 0
+  for uuid in [s.uuid for s in storage_ids]:
+    counter += 1
+
+    # Load the storage with locations.
+    logger.debug('Loading entry: %s (%s/%s)', uuid, counter, len(storage_ids))
+    with_locations = model.get_storage_by_uuid(uuid)
+    layer_size = -2
+
+    # Read the layer from backing storage and calculate the uncompressed size. 
+    try:
+      logger.debug('Loading data: %s (%s bytes)', uuid, with_locations.image_size)
+      CHUNK_SIZE = 512 * 1024
+      with SpooledTemporaryFile(CHUNK_SIZE) as tarball:
+        layer_data = store.get_content(with_locations.locations, store.image_layer_path(uuid))
+        tarball.write(layer_data)
+        tarball.seek(0)
+
+        with GzipFile(fileobj=tarball, mode='rb') as gzip_file:
+          gzip_file.read()
+          layer_size = gzip_file.size
+
+    except Exception as ex:
+      logger.debug('Could not gunzip entry: %s. Reason: %s', uuid, ex)
+      continue
+    
+    # Write the size to the image storage. We do so under a transaction AFTER checking to
+    # make sure the image storage still exists and has not changed.
+    logger.debug('Writing entry: %s. Size: %s', uuid, layer_size)
+    with app.config['DB_TRANSACTION_FACTORY'](db):
+      try:  
+        current_record = model.get_storage_by_uuid(uuid)
+      except:
+        # Record no longer exists.
+        continue
+
+      if not current_record.uploading and current_record.uncompressed_size == -1:
+        current_record.uncompressed_size = layer_size
+        current_record.save()
+
+
+if __name__ == "__main__":
+  logging.basicConfig(level=logging.DEBUG)
+  logging.getLogger('boto').setLevel(logging.CRITICAL)
+
+  backfill_sizes_from_json()
+  backfill_sizes_from_data()
diff --git a/util/analytics.py b/util/analytics.py
index 6dfdf923c..a7608aed8 100644
--- a/util/analytics.py
+++ b/util/analytics.py
@@ -30,7 +30,11 @@ class SendToMixpanel(Process):
     while True:
       mp_request = self._mp_queue.get()
       logger.debug('Got queued mixpanel reqeust.')
-      self._consumer.send(*json.loads(mp_request))
+      try:
+        self._consumer.send(*json.loads(mp_request))
+      except:
+        # Make sure we don't crash if Mixpanel request fails.
+        pass
 
 
 class FakeMixpanel(object):
diff --git a/util/backoff.py b/util/backoff.py
new file mode 100644
index 000000000..15429936e
--- /dev/null
+++ b/util/backoff.py
@@ -0,0 +1,5 @@
+def exponential_backoff(attempts, scaling_factor, base):
+  backoff = 5 * (pow(2, attempts) - 1)
+  backoff_time = backoff * scaling_factor
+  retry_at = backoff_time/10 + base
+  return retry_at
diff --git a/util/dockerfileparse.py b/util/dockerfileparse.py
index cabaf6b16..398673a5d 100644
--- a/util/dockerfileparse.py
+++ b/util/dockerfileparse.py
@@ -1,6 +1,6 @@
 import re
 
-LINE_CONTINUATION_REGEX = re.compile('\s*\\\s*\n')
+LINE_CONTINUATION_REGEX = re.compile(r'(\s)*\\(\s)*\n')
 COMMAND_REGEX = re.compile('([A-Za-z]+)\s(.*)')
 
 COMMENT_CHARACTER = '#'
diff --git a/util/expiration.py b/util/expiration.py
deleted file mode 100644
index 3a58885c9..000000000
--- a/util/expiration.py
+++ /dev/null
@@ -1,55 +0,0 @@
-import calendar
-import sys
-
-from email.utils import formatdate
-from apscheduler.schedulers.background import BackgroundScheduler
-from datetime import datetime, timedelta
-
-from data import model
-
-
-class ExpirationScheduler(object):
-  def __init__(self, utc_create_notifications_date, utc_terminate_processes_date):
-    self._scheduler = BackgroundScheduler()
-    self._termination_date = utc_terminate_processes_date
-
-    soon = datetime.now() + timedelta(seconds=1)
-
-    if utc_create_notifications_date > datetime.utcnow():
-      self._scheduler.add_job(model.delete_all_notifications_by_kind, 'date', run_date=soon,
-                              args=['expiring_license'])
-
-      local_notifications_date = self._utc_to_local(utc_create_notifications_date)
-      self._scheduler.add_job(self._generate_notifications, 'date',
-                              run_date=local_notifications_date)
-    else:
-      self._scheduler.add_job(self._generate_notifications, 'date', run_date=soon)
-
-    local_termination_date = self._utc_to_local(utc_terminate_processes_date)
-    self._scheduler.add_job(self._terminate, 'date', run_date=local_termination_date)
-
-  @staticmethod
-  def _format_date(date):
-    """ Output an RFC822 date format. """
-    if date is None:
-      return None
-    return formatdate(calendar.timegm(date.utctimetuple()))
-
-  @staticmethod
-  def _utc_to_local(utc_dt):
-    # get integer timestamp to avoid precision lost
-    timestamp = calendar.timegm(utc_dt.timetuple())
-    local_dt = datetime.fromtimestamp(timestamp)
-    return local_dt.replace(microsecond=utc_dt.microsecond)
-
-  def _generate_notifications(self):
-    for user in model.get_active_users():
-      model.create_unique_notification('expiring_license', user,
-                                       {'expires_at': self._format_date(self._termination_date)})
-
-  @staticmethod
-  def _terminate():
-    sys.exit(1)
-
-  def start(self):
-    self._scheduler.start()
diff --git a/util/gzipstream.py b/util/gzipstream.py
new file mode 100644
index 000000000..8f5aa9f6d
--- /dev/null
+++ b/util/gzipstream.py
@@ -0,0 +1,28 @@
+"""
+Defines utility methods for working with gzip streams.
+"""
+
+import zlib
+
+# Window size for decompressing GZIP streams.
+# This results in ZLIB automatically detecting the GZIP headers.
+# http://stackoverflow.com/questions/3122145/zlib-error-error-3-while-decompressing-incorrect-header-check/22310760#22310760
+ZLIB_GZIP_WINDOW = zlib.MAX_WBITS | 32
+
+class SizeInfo(object):
+  def __init__(self):
+    self.size = 0
+
+def calculate_size_handler():
+  """ Returns an object and a SocketReader handler. The handler will gunzip the data it receives,
+      adding the size found to the object.
+  """
+
+  size_info = SizeInfo()
+
+  decompressor = zlib.decompressobj(ZLIB_GZIP_WINDOW)
+
+  def fn(buf):
+    size_info.size += len(decompressor.decompress(buf))
+
+  return size_info, fn
diff --git a/util/morecollections.py b/util/morecollections.py
new file mode 100644
index 000000000..b34dc00ed
--- /dev/null
+++ b/util/morecollections.py
@@ -0,0 +1,12 @@
+class AttrDict(dict):
+  def __init__(self, *args, **kwargs):
+    super(AttrDict, self).__init__(*args, **kwargs)
+    self.__dict__ = self
+
+  @classmethod
+  def deep_copy(cls, attr_dict):
+    copy = AttrDict(attr_dict)
+    for key, value in copy.items():
+      if isinstance(value, AttrDict):
+        copy[key] = cls.deep_copy(value)
+    return copy
\ No newline at end of file
diff --git a/util/names.py b/util/names.py
index 2eb622737..31546d450 100644
--- a/util/names.py
+++ b/util/names.py
@@ -34,6 +34,27 @@ def parse_robot_username(robot_username):
   return robot_username.split('+', 2)
 
 
+def parse_urn(urn):
+  """ Parses a URN, returning a pair that contains a list of URN
+      namespace parts, followed by the URN's unique ID.
+  """
+  if not urn.startswith('urn:'):
+    return None
+
+  parts = urn[len('urn:'):].split(':')
+  return (parts[0:len(parts) - 1], parts[len(parts) - 1])
+
+
+def parse_single_urn(urn):
+  """ Parses a URN, returning a pair that contains the first
+      namespace part, followed by the URN's unique ID.
+  """
+  result = parse_urn(urn)
+  if result is None or not len(result[0]):
+    return None
+
+  return (result[0][0], result[1])
+
 uuid_generator = lambda: str(uuid4())
 
 
diff --git a/util/streamingjsonencoder.py b/util/streamingjsonencoder.py
new file mode 100644
index 000000000..f51a4ec9b
--- /dev/null
+++ b/util/streamingjsonencoder.py
@@ -0,0 +1,267 @@
+# Adapted from https://gist.github.com/akaihola/1415730#file-streamingjson-py
+
+# Copyright (c) Django Software Foundation and individual contributors.
+# All rights reserved.
+ 
+# Redistribution and use in source and binary forms, with or without modification,
+# are permitted provided that the following conditions are met:
+ 
+#     1. Redistributions of source code must retain the above copyright notice, 
+#        this list of conditions and the following disclaimer.
+  
+#     2. Redistributions in binary form must reproduce the above copyright 
+#        notice, this list of conditions and the following disclaimer in the
+#        documentation and/or other materials provided with the distribution.
+ 
+#     3. Neither the name of Django nor the names of its contributors may be used
+#        to endorse or promote products derived from this software without
+#        specific prior written permission.
+ 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+# ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+import collections
+import json
+from json.encoder import encode_basestring, encode_basestring_ascii, FLOAT_REPR, INFINITY
+from types import GeneratorType
+
+
+class StreamingJSONEncoder(json.JSONEncoder):
+  def iterencode(self, o, _one_shot=False):
+    """Encode the given object and yield each string
+    representation as available.
+
+    For example::
+
+      for chunk in StreamingJSONEncoder().iterencode(bigobject):
+        mysocket.write(chunk)
+
+    This method is a verbatim copy of
+    :meth:`json.JSONEncoder.iterencode`.  It is
+    needed because we need to call our patched
+    :func:`streamingjsonencoder._make_iterencode`.
+    """
+    if self.check_circular:
+      markers = {}
+    else:
+      markers = None
+    if self.ensure_ascii:
+      _encoder = encode_basestring_ascii
+    else:
+      _encoder = encode_basestring
+    if self.encoding != 'utf-8':
+      def _encoder(o, _orig_encoder=_encoder, _encoding=self.encoding):
+        if isinstance(o, str):
+          o = o.decode(_encoding)
+        return _orig_encoder(o)
+
+    def floatstr(o, allow_nan=self.allow_nan, _repr=FLOAT_REPR, _inf=INFINITY, _neginf=-INFINITY):
+      # Check for specials.  Note that this type of test is processor- and/or
+      # platform-specific, so do tests which don't depend on the internals.
+
+      if o != o:
+        text = 'NaN'
+      elif o == _inf:
+        text = 'Infinity'
+      elif o == _neginf:
+        text = '-Infinity'
+      else:
+        return _repr(o)
+
+      if not allow_nan:
+        raise ValueError("Out of range float values are not JSON compliant: %r"
+          % (o,))
+
+      return text
+
+    _iterencode = _make_iterencode(
+      markers, self.default, _encoder, self.indent, floatstr,
+      self.key_separator, self.item_separator, self.sort_keys,
+      self.skipkeys, _one_shot)
+    return _iterencode(o, 0)
+
+
+def _make_iterencode(markers, _default, _encoder, _indent, _floatstr, _key_separator,
+                     _item_separator, _sort_keys, _skipkeys, _one_shot, False=False, True=True,
+                    ValueError=ValueError, basestring=basestring, dict=dict, float=float,
+                    GeneratorType=GeneratorType, id=id, int=int, isinstance=isinstance, list=list,
+                    long=long, str=str, tuple=tuple):
+  """
+  This is a patched version of
+  :func:`django.utils.simplejson.encoder.iterencode`.  Whenever it encounters
+  a generator in the data structure, it encodes it as a JSON list.
+  """
+  def _iterencode_list(lst, _current_indent_level):
+    if not lst:
+      # note: empty generators aren't caught here, see below
+      yield '[]'
+      return
+    if markers is not None:
+      markerid = id(lst)
+      if markerid in markers:
+        raise ValueError("Circular reference detected")
+      markers[markerid] = lst
+    buf = '['
+    if _indent is not None:
+      _current_indent_level += 1
+      newline_indent = '\n' + (' ' * (_indent * _current_indent_level))
+      separator = _item_separator + newline_indent
+      buf += newline_indent
+    else:
+      newline_indent = None
+      separator = _item_separator
+    first = True
+    for value in lst:
+      if first:
+        first = False
+      else:
+        buf = separator
+      if isinstance(value, basestring):
+        yield buf + _encoder(value)
+      elif value is None:
+        yield buf + 'null'
+      elif value is True:
+        yield buf + 'true'
+      elif value is False:
+        yield buf + 'false'
+      elif isinstance(value, (int, long)):
+        yield buf + str(value)
+      elif isinstance(value, float):
+        yield buf + _floatstr(value)
+      else:
+        yield buf
+        if isinstance(value, (list, tuple, GeneratorType)):
+          chunks = _iterencode_list(value, _current_indent_level)
+        elif isinstance(value, dict):
+          chunks = _iterencode_dict(value, _current_indent_level)
+        else:
+          chunks = _iterencode(value, _current_indent_level)
+        for chunk in chunks:
+          yield chunk
+    if first:
+      # we had an empty generator
+      yield buf
+    if newline_indent is not None:
+      _current_indent_level -= 1
+      yield '\n' + (' ' * (_indent * _current_indent_level))
+    yield ']'
+    if markers is not None:
+      del markers[markerid]
+
+  def _iterencode_dict(dct, _current_indent_level):
+    if not dct:
+      yield '{}'
+      return
+    if markers is not None:
+      markerid = id(dct)
+      if markerid in markers:
+        raise ValueError("Circular reference detected")
+      markers[markerid] = dct
+    yield '{'
+    if _indent is not None:
+      _current_indent_level += 1
+      newline_indent = '\n' + (' ' * (_indent * _current_indent_level))
+      item_separator = _item_separator + newline_indent
+      yield newline_indent
+    else:
+      newline_indent = None
+      item_separator = _item_separator
+    first = True
+    if _sort_keys:
+      items = dct.items()
+      items.sort(key=lambda kv: kv[0])
+    else:
+      items = dct.iteritems()
+    for key, value in items:
+      if isinstance(key, basestring):
+        pass
+      # JavaScript is weakly typed for these, so it makes sense to
+      # also allow them.  Many encoders seem to do something like this.
+      elif isinstance(key, float):
+        key = _floatstr(key)
+      elif isinstance(key, (int, long)):
+        key = str(key)
+      elif key is True:
+        key = 'true'
+      elif key is False:
+        key = 'false'
+      elif key is None:
+        key = 'null'
+      elif _skipkeys:
+        continue
+      else:
+        raise TypeError("key %r is not a string" % (key,))
+      if first:
+        first = False
+      else:
+        yield item_separator
+      yield _encoder(key)
+      yield _key_separator
+      if isinstance(value, basestring):
+        yield _encoder(value)
+      elif value is None:
+        yield 'null'
+      elif value is True:
+        yield 'true'
+      elif value is False:
+        yield 'false'
+      elif isinstance(value, (int, long)):
+        yield str(value)
+      elif isinstance(value, float):
+        yield _floatstr(value)
+      else:
+        if isinstance(value, collections.Mapping):
+          chunks = _iterencode_dict(value, _current_indent_level)
+        elif isinstance(value, collections.Iterable):
+          chunks = _iterencode_list(value, _current_indent_level)
+        else:
+          chunks = _iterencode(value, _current_indent_level)
+        for chunk in chunks:
+          yield chunk
+    if newline_indent is not None:
+      _current_indent_level -= 1
+      yield '\n' + (' ' * (_indent * _current_indent_level))
+    yield '}'
+    if markers is not None:
+      del markers[markerid]
+
+  def _iterencode(o, _current_indent_level):
+    if isinstance(o, basestring):
+      yield _encoder(o)
+    elif o is None:
+      yield 'null'
+    elif o is True:
+      yield 'true'
+    elif o is False:
+      yield 'false'
+    elif isinstance(o, (int, long)):
+      yield str(o)
+    elif isinstance(o, float):
+      yield _floatstr(o)
+    elif isinstance(o, collections.Mapping):
+      for chunk in _iterencode_dict(o, _current_indent_level):
+        yield chunk
+    elif isinstance(o, collections.Iterable):
+      for chunk in _iterencode_list(o, _current_indent_level):
+        yield chunk
+    else:
+      if markers is not None:
+        markerid = id(o)
+        if markerid in markers:
+          raise ValueError("Circular reference detected")
+        markers[markerid] = o
+      o = _default(o)
+      for chunk in _iterencode(o, _current_indent_level):
+        yield chunk
+      if markers is not None:
+        del markers[markerid]
+
+  return _iterencode
\ No newline at end of file
diff --git a/util/useremails.py b/util/useremails.py
index 0a78da7e3..ca0fd896a 100644
--- a/util/useremails.py
+++ b/util/useremails.py
@@ -1,116 +1,158 @@
 from flask.ext.mail import Message
 
 from app import mail, app, get_app_url
+from jinja2 import Template, Environment, FileSystemLoader, contextfilter
+from data import model
+from util.gravatar import compute_hash
+
+def user_reference(username):
+  user = model.get_user_or_org(username)
+  if not user:
+    return username
+
+  return """
+  <span>
+  <img src="http://www.gravatar.com/avatar/%s?s=16&amp;d=identicon" style="vertical-align: middle; margin-left: 6px; margin-right: 4px;">
+  <b>%s</b>
+  </span>""" % (compute_hash(user.email), username)
 
 
-CONFIRM_MESSAGE = """
-This email address was recently used to register the username '%s'
-at <a href="%s">Quay.io</a>.<br>
-<br>
-To confirm this email address, please click the following link:<br>
-<a href="%s/confirm?code=%s">%s/confirm?code=%s</a>
-"""
+def repository_reference(pair):
+  (namespace, repository) = pair
+
+  owner = model.get_user(namespace)
+  if not owner:
+    return "%s/%s" % (namespace, repository)
+
+  return """
+  <span style="white-space: nowrap;">
+  <img src="http://www.gravatar.com/avatar/%s?s=16&amp;d=identicon" style="vertical-align: middle; margin-left: 6px; margin-right: 4px;">
+  <a href="%s/repository/%s/%s">%s/%s</a>
+  </span>
+  """ % (compute_hash(owner.email), get_app_url(), namespace, repository, namespace, repository)
 
 
-CHANGE_MESSAGE = """
-This email address was recently asked to become the new e-mail address for username '%s'
-at <a href="%s">Quay.io</a>.<br>
-<br>
-To confirm this email address, please click the following link:<br>
-<a href="%s/confirm?code=%s">%s/confirm?code=%s</a>
-"""
+def admin_reference(username):
+  user = model.get_user(username)
+  if not user:
+    return 'account settings'
+
+  if user.organization:
+    return """
+    <a href="%s/organization/%s/admin">organization's admin setting</a>
+    """ % (get_app_url(), username)
+  else:
+    return """
+    <a href="%s/user/">account settings</a>
+    """ % (get_app_url())
 
 
-RECOVERY_MESSAGE = """
-A user at <a href="%s">Quay.io</a> has attempted to recover their account
-using this email address.<br>
-<br>
-If you made this request, please click the following link to recover your account and
-change your password:
-<a href="%s/recovery?code=%s">%s/recovery?code=%s</a><br>
-<br>
-If you did not make this request, your account has not been compromised and the user was
-not given access. Please disregard this email.<br>
-"""
+template_loader = FileSystemLoader(searchpath="emails")
+template_env = Environment(loader=template_loader)
+template_env.filters['user_reference'] = user_reference
+template_env.filters['admin_reference'] = admin_reference
+template_env.filters['repository_reference'] = repository_reference
 
 
-SUBSCRIPTION_CHANGE = """
-Change: {0}<br>
-Customer id: <a href="https://manage.stripe.com/customers/{1}">{1}</a><br>
-Customer email: <a href="mailto:{2}">{2}</a><br>
-Quay user or org name: {3}<br>
-"""
+def send_email(recipient, subject, template_file, parameters):
+  app_title = app.config['REGISTRY_TITLE_SHORT']
+  app_url = get_app_url()
+
+  def app_link_handler(url=None, title=None):
+    real_url = app_url + '/' + url if url else app_url
+    if not title:
+      title = real_url if url else app_title
+
+    return '<a href="%s">%s</a>' % (real_url, title)
+
+  parameters.update({    
+    'subject': subject,
+    'app_logo': 'https://quay.io/static/img/quay-logo.png', # TODO: make this pull from config
+    'app_url': app_url,
+    'app_title': app_title,
+    'app_link': app_link_handler
+  })
+
+  rendered_html = template_env.get_template(template_file + '.html').render(parameters)
+
+  msg = Message('[%s] %s' % (app_title, subject), sender='support@quay.io', recipients=[recipient])
+  msg.html = rendered_html
+  mail.send(msg)
 
 
-PAYMENT_FAILED = """
-Hi {0},<br>
-<br>
-Your recent payment for Quay.io failed, which usually results in our payments processorcanceling
-your subscription automatically. If you would like to continue to use Quay.io without interruption,
-please add a new card to Quay.io and re-subscribe to your plan.<br>
-<br>
-You can find the card and subscription management features under your account settings.<br>
-<br>
-Thanks and have a great day!<br>
-<br>
--Quay.io Support<br>
-"""
-
-
-AUTH_FORREPO_MESSAGE = """
-A request has been made to send notifications to this email address for the
-<a href="%s">Quay.io</a> repository <a href="%s/repository/%s/%s">%s/%s</a>.
-<br>
-To confirm this email address, please click the following link:<br>
-<a href="%s/authrepoemail?code=%s">%s/authrepoemail?code=%s</a>
-"""
-
-
-SUBSCRIPTION_CHANGE_TITLE = 'Subscription Change - {0} {1}'
+def send_password_changed(username, email):
+  send_email(email, 'Account password changed', 'passwordchanged', {
+    'username': username
+  })
 
+def send_email_changed(username, old_email, new_email):
+  send_email(old_email, 'Account e-mail address changed', 'emailchanged', {
+    'username': username,
+    'new_email': new_email
+  })  
 
 def send_change_email(username, email, token):
-  msg = Message('Quay.io email change. Please confirm your email.',
-                sender='support@quay.io',  # Why do I need this?
-                recipients=[email])
-  msg.html = CHANGE_MESSAGE % (username, get_app_url(), get_app_url(), token, get_app_url(), token)
-  mail.send(msg)
-
+  send_email(email, 'E-mail address change requested', 'changeemail', {
+    'username': username,
+    'token': token
+  })
 
 def send_confirmation_email(username, email, token):
-  msg = Message('Welcome to Quay.io! Please confirm your email.',
-                sender='support@quay.io',  # Why do I need this?
-                recipients=[email])
-  msg.html = CONFIRM_MESSAGE % (username, get_app_url(), get_app_url(), token, get_app_url(), token)
-  mail.send(msg)
-
+  send_email(email, 'Please confirm your e-mail address', 'confirmemail', {
+    'username': username,
+    'token': token
+  })
 
 def send_repo_authorization_email(namespace, repository, email, token):
-  msg = Message('Quay.io Notification: Please confirm your email.',
-                sender='support@quay.io',  # Why do I need this?
-                recipients=[email])
-  msg.html = AUTH_FORREPO_MESSAGE % (get_app_url(), get_app_url(), namespace, repository, namespace,
-                                     repository, get_app_url(), token, get_app_url(), token)
-  mail.send(msg)
-
+  subject = 'Please verify your e-mail address for repository %s/%s' % (namespace, repository)
+  send_email(email, subject, 'repoauthorizeemail', {
+    'namespace': namespace,
+    'repository': repository,
+    'token': token
+  })
 
 def send_recovery_email(email, token):
-  msg = Message('Quay.io account recovery.',
-                sender='support@quay.io',  # Why do I need this?
-                recipients=[email])
-  msg.html = RECOVERY_MESSAGE % (get_app_url(), get_app_url(), token, get_app_url(), token)
-  mail.send(msg)
+  subject = 'Account recovery'
+  send_email(email, subject, 'recovery', {
+    'email': email,
+    'token': token
+  })
+
+def send_payment_failed(email, username):
+  send_email(email, 'Subscription Payment Failure', 'paymentfailure', {
+    'username': username
+  })
+
+def send_org_invite_email(member_name, member_email, orgname, team, adder, code):
+  send_email(member_email, 'Invitation to join team', 'teaminvite', {
+    'inviter': adder,
+    'token': code,
+    'organization': orgname,
+    'teamname': team
+  })
 
 
 def send_invoice_email(email, contents):
+  # Note: This completely generates the contents of the email, so we don't use the
+  # normal template here.
   msg = Message('Quay.io payment received - Thank you!',
-                sender='support@quay.io',  # Why do I need this?
+                sender='support@quay.io',
                 recipients=[email])
   msg.html = contents
   mail.send(msg)
 
 
+# INTERNAL EMAILS BELOW
+
 def send_subscription_change(change_description, customer_id, customer_email, quay_username):
+  SUBSCRIPTION_CHANGE_TITLE = 'Subscription Change - {0} {1}'
+  SUBSCRIPTION_CHANGE = """
+  Change: {0}<br>
+  Customer id: <a href="https://manage.stripe.com/customers/{1}">{1}</a><br>
+  Customer email: <a href="mailto:{2}">{2}</a><br>
+  Quay user or org name: {3}<br>
+  """
+  
   title = SUBSCRIPTION_CHANGE_TITLE.format(quay_username, change_description)
   msg = Message(title, sender='support@quay.io', recipients=['stripe@quay.io'])
   msg.html = SUBSCRIPTION_CHANGE.format(change_description, customer_id, customer_email,
@@ -118,8 +160,3 @@ def send_subscription_change(change_description, customer_id, customer_email, qu
   mail.send(msg)
 
 
-def send_payment_failed(customer_email, quay_username):
-  msg = Message('Quay.io Subscription Payment Failure', sender='support@quay.io',
-                recipients=[customer_email])
-  msg.html = PAYMENT_FAILED.format(quay_username)
-  mail.send(msg)
diff --git a/workers/buildlogsarchiver.py b/workers/buildlogsarchiver.py
new file mode 100644
index 000000000..460fd7f4e
--- /dev/null
+++ b/workers/buildlogsarchiver.py
@@ -0,0 +1,56 @@
+import logging
+
+from apscheduler.schedulers.blocking import BlockingScheduler
+from peewee import fn
+from tempfile import SpooledTemporaryFile
+from gzip import GzipFile
+
+from data import model
+from data.archivedlogs import JSON_MIMETYPE
+from data.database import RepositoryBuild, db_random_func
+from app import build_logs, log_archive
+from util.streamingjsonencoder import StreamingJSONEncoder
+
+POLL_PERIOD_SECONDS = 30
+MEMORY_TEMPFILE_SIZE = 64 * 1024  # Large enough to handle approximately 99% of builds in memory
+
+logger = logging.getLogger(__name__)
+sched = BlockingScheduler()
+
+@sched.scheduled_job(trigger='interval', seconds=30)
+def archive_redis_buildlogs():
+  """ Archive a single build, choosing a candidate at random. This process must be idempotent to
+      avoid needing two-phase commit. """
+  try:
+    # Get a random build to archive
+    to_archive = model.archivable_buildlogs_query().order_by(db_random_func()).get()
+    logger.debug('Archiving: %s', to_archive.uuid)
+
+    length, entries = build_logs.get_log_entries(to_archive.uuid, 0)
+    to_encode = {
+      'start': 0,
+      'total': length,
+      'logs': entries,
+    }
+
+    with SpooledTemporaryFile(MEMORY_TEMPFILE_SIZE) as tempfile:
+      with GzipFile('testarchive', fileobj=tempfile) as zipstream:
+        for chunk in StreamingJSONEncoder().iterencode(to_encode):
+          zipstream.write(chunk)
+
+      tempfile.seek(0)
+      log_archive.store_file(tempfile, JSON_MIMETYPE, content_encoding='gzip',
+                             file_id=to_archive.uuid)
+
+    to_archive.logs_archived = True
+    to_archive.save()
+
+    build_logs.expire_log_entries(to_archive.uuid)
+
+  except RepositoryBuild.DoesNotExist:
+    logger.debug('No more builds to archive')
+
+
+if __name__ == "__main__":
+  logging.basicConfig(level=logging.DEBUG)
+  sched.start()
diff --git a/workers/diffsworker.py b/workers/diffsworker.py
index 70f74f1db..563c61352 100644
--- a/workers/diffsworker.py
+++ b/workers/diffsworker.py
@@ -33,7 +33,8 @@ class DiffsWorker(Worker):
 
     return True
 
-logging.config.fileConfig('conf/logging.conf', disable_existing_loggers=False)  
+if __name__ == "__main__":
+  logging.config.fileConfig('conf/logging.conf', disable_existing_loggers=False)  
 
-worker = DiffsWorker(image_diff_queue)
-worker.start()
+  worker = DiffsWorker(image_diff_queue)
+  worker.start()
diff --git a/workers/dockerfilebuild.py b/workers/dockerfilebuild.py
index a4de1cc47..a45d82b67 100644
--- a/workers/dockerfilebuild.py
+++ b/workers/dockerfilebuild.py
@@ -1,6 +1,7 @@
 import logging.config
 
-logging.config.fileConfig('conf/logging.conf', disable_existing_loggers=False)  
+if __name__ == "__main__":
+  logging.config.fileConfig('conf/logging.conf', disable_existing_loggers=False)  
 
 import logging
 import argparse
@@ -23,6 +24,7 @@ from collections import defaultdict
 from requests.exceptions import ConnectionError
 
 from data import model
+from data.database import BUILD_PHASE
 from workers.worker import Worker, WorkerUnhealthyException, JobException
 from app import userfiles as user_files, build_logs, sentry, dockerfile_build_queue
 from endpoints.notificationhelper import spawn_notification
@@ -36,6 +38,8 @@ TIMEOUT_PERIOD_MINUTES = 20
 CACHE_EXPIRATION_PERIOD_HOURS = 24
 NO_TAGS = ['<none>:<none>']
 RESERVATION_TIME = (TIMEOUT_PERIOD_MINUTES + 5) * 60
+DOCKER_BASE_URL = None # Set this if you want to use a different docker URL/socket.
+
 
 def matches_system_error(status_str):
   """ Returns true if the given status string matches a known system error in the
@@ -44,9 +48,9 @@ def matches_system_error(status_str):
   KNOWN_MATCHES = ['lxc-start: invalid', 'lxc-start: failed to', 'lxc-start: Permission denied']
 
   for match in KNOWN_MATCHES:
-    # 4 because we might have a Unix control code at the start.
-    found = status_str.find(match[0:len(match) + 4])
-    if found >= 0 and found <= 4: 
+    # 10 because we might have a Unix control code at the start.
+    found = status_str.find(match[0:len(match) + 10])
+    if found >= 0 and found <= 10: 
       return True
 
   return False
@@ -126,8 +130,8 @@ class DockerfileBuildContext(object):
     # Note: We have two different clients here because we (potentially) login
     # with both, but with different credentials that we do not want shared between
     # the build and push operations.
-    self._push_cl = StreamingDockerClient(timeout=1200)
-    self._build_cl = StreamingDockerClient(timeout=1200)
+    self._push_cl = StreamingDockerClient(timeout=1200, base_url = DOCKER_BASE_URL)
+    self._build_cl = StreamingDockerClient(timeout=1200, base_url = DOCKER_BASE_URL)
 
     dockerfile_path = os.path.join(self._build_dir, dockerfile_subdir,
                                    'Dockerfile')
@@ -223,6 +227,13 @@ class DockerfileBuildContext(object):
     if self._pull_credentials:
       logger.debug('Logging in with pull credentials: %s@%s',
                    self._pull_credentials['username'], self._pull_credentials['registry'])
+      
+      self._build_logger('Pulling base image: %s' % image_and_tag, log_data = {
+        'phasestep': 'login',
+        'username': self._pull_credentials['username'],
+        'registry': self._pull_credentials['registry']
+      })
+
       self._build_cl.login(self._pull_credentials['username'], self._pull_credentials['password'],
                            registry=self._pull_credentials['registry'], reauth=True)
 
@@ -233,7 +244,12 @@ class DockerfileBuildContext(object):
       raise JobException('Missing FROM command in Dockerfile')
 
     image_and_tag = ':'.join(image_and_tag_tuple)
-    self._build_logger('Pulling base image: %s' % image_and_tag)
+
+    self._build_logger('Pulling base image: %s' % image_and_tag, log_data = {
+      'phasestep': 'pull',
+      'repo_url': image_and_tag
+    })
+
     pull_status = self._build_cl.pull(image_and_tag, stream=True)
 
     self.__monitor_completion(pull_status, 'Downloading', self._status, 'pull_completion')
@@ -464,9 +480,8 @@ class DockerfileBuildWorker(Worker):
 
   def watchdog(self):
     logger.debug('Running build watchdog code.')
-
     try:
-      docker_cl = Client()
+      docker_cl = Client(base_url = DOCKER_BASE_URL)
     
       # Iterate the running containers and kill ones that have been running more than 20 minutes
       for container in docker_cl.containers():
@@ -477,6 +492,7 @@ class DockerfileBuildWorker(Worker):
                          container['Id'], container['Command'])
           docker_cl.kill(container['Id'])
           self._timeout.set()
+
     except ConnectionError as exc:
       raise WorkerUnhealthyException(exc.message)
 
@@ -494,7 +510,7 @@ class DockerfileBuildWorker(Worker):
 
     job_config = json.loads(repository_build.job_config)
 
-    resource_url = user_files.get_file_url(repository_build.resource_key)
+    resource_url = user_files.get_file_url(repository_build.resource_key, requires_cors=False)
     tag_names = job_config['docker_tags']
     build_subdir = job_config['build_subdir']
     repo = job_config['repository']
@@ -504,7 +520,20 @@ class DockerfileBuildWorker(Worker):
     log_appender = partial(build_logs.append_log_message,
                            repository_build.uuid)
 
-    log_appender('initializing', build_logs.PHASE)
+    # Lookup and save the version of docker being used.
+    docker_cl = Client(base_url = DOCKER_BASE_URL)
+    docker_version = docker_cl.version().get('Version', '')
+    dash = docker_version.find('-')
+
+    # Strip any -tutum or whatever off of the version.
+    if dash > 0:
+      docker_version = docker_version[:dash]
+
+    log_appender('initializing', build_logs.PHASE, log_data = {
+      'docker_version': docker_version
+    })
+
+    log_appender('Docker version: %s' % docker_version)
 
     start_msg = ('Starting job with resource url: %s repo: %s' % (resource_url,
                                                                   repo))
@@ -544,7 +573,7 @@ class DockerfileBuildWorker(Worker):
 
     if c_type not in self._mime_processors:
       log_appender('error', build_logs.PHASE)
-      repository_build.phase = 'error'
+      repository_build.phase = BUILD_PHASE.ERROR
       repository_build.save()
       message = 'Unknown mime-type: %s' % c_type
       log_appender(message, build_logs.ERROR)
@@ -553,7 +582,7 @@ class DockerfileBuildWorker(Worker):
 
     # Try to build the build directory package from the buildpack.
     log_appender('unpacking', build_logs.PHASE)
-    repository_build.phase = 'unpacking'
+    repository_build.phase = BUILD_PHASE.UNPACKING
     repository_build.save()
 
     build_dir = None
@@ -571,20 +600,20 @@ class DockerfileBuildWorker(Worker):
                                   repository_build.uuid, self._cache_size_gb,
                                   pull_credentials) as build_ctxt:
         log_appender('pulling', build_logs.PHASE)
-        repository_build.phase = 'pulling'
+        repository_build.phase = BUILD_PHASE.PULLING
         repository_build.save()
         build_ctxt.pull()
 
         self.extend_processing(RESERVATION_TIME)
 
         log_appender('building', build_logs.PHASE)
-        repository_build.phase = 'building'
+        repository_build.phase = BUILD_PHASE.BUILDING
         repository_build.save()
         built_image = build_ctxt.build(self.extend_processing)
 
         if not built_image:
           log_appender('error', build_logs.PHASE)
-          repository_build.phase = 'error'
+          repository_build.phase = BUILD_PHASE.ERROR
           repository_build.save()
 
           message = 'Unable to build dockerfile.'
@@ -597,13 +626,13 @@ class DockerfileBuildWorker(Worker):
         self.extend_processing(RESERVATION_TIME)
 
         log_appender('pushing', build_logs.PHASE)
-        repository_build.phase = 'pushing'
+        repository_build.phase = BUILD_PHASE.PUSHING
         repository_build.save()
 
         build_ctxt.push(built_image)
 
         log_appender('complete', build_logs.PHASE)
-        repository_build.phase = 'complete'
+        repository_build.phase = BUILD_PHASE.COMPLETE
         repository_build.save()
 
         # Spawn a notification that the build has completed.
@@ -613,6 +642,7 @@ class DockerfileBuildWorker(Worker):
 
     except WorkerUnhealthyException as exc:
       # Spawn a notification that the build has failed.
+      log_appender('Worker has become unhealthy. Will retry shortly.', build_logs.ERROR)
       spawn_failure(exc.message, event_data)
       
       # Raise the exception to the queue.
@@ -639,20 +669,20 @@ class DockerfileBuildWorker(Worker):
       sentry.client.captureException()
       log_appender('error', build_logs.PHASE)
       logger.exception('Exception when processing request.')
-      repository_build.phase = 'error'
+      repository_build.phase = BUILD_PHASE.ERROR
       repository_build.save()
       log_appender(str(exc), build_logs.ERROR)
 
       # Raise the exception to the queue.
       raise JobException(str(exc))
 
+if __name__ == "__main__":
+  desc = 'Worker daemon to monitor dockerfile build'
+  parser = argparse.ArgumentParser(description=desc)
+  parser.add_argument('--cachegb', default=20, type=float,
+                      help='Maximum cache size in gigabytes.')
+  args = parser.parse_args()
 
-desc = 'Worker daemon to monitor dockerfile build'
-parser = argparse.ArgumentParser(description=desc)
-parser.add_argument('--cachegb', default=20, type=float,
-                    help='Maximum cache size in gigabytes.')
-args = parser.parse_args()
-
-worker = DockerfileBuildWorker(args.cachegb, dockerfile_build_queue,
-                               reservation_seconds=RESERVATION_TIME)
-worker.start(start_status_server_port=8000)
+  worker = DockerfileBuildWorker(args.cachegb, dockerfile_build_queue,
+                                 reservation_seconds=RESERVATION_TIME)
+  worker.start(start_status_server_port=8000)
diff --git a/workers/notificationworker.py b/workers/notificationworker.py
index 2af0954f9..a176d46c8 100644
--- a/workers/notificationworker.py
+++ b/workers/notificationworker.py
@@ -8,6 +8,7 @@ from workers.worker import Worker
 
 from endpoints.notificationmethod import NotificationMethod, InvalidNotificationMethodException
 from endpoints.notificationevent import NotificationEvent, InvalidNotificationEventException
+from workers.worker import JobException
 
 from data import model
 
@@ -29,7 +30,7 @@ class NotificationWorker(Worker):
     notification = model.get_repo_notification(repo_namespace, repo_name, notification_uuid)
     if not notification:
       # Probably deleted.
-      return True
+      return
 
     event_name = notification.event.name
     method_name = notification.method.name
@@ -39,15 +40,17 @@ class NotificationWorker(Worker):
       method_handler = NotificationMethod.get_method(method_name)
     except InvalidNotificationMethodException as ex:
       logger.exception('Cannot find notification method: %s' % ex.message)
-      return False
+      raise JobException('Cannot find notification method: %s' % ex.message)
     except InvalidNotificationEventException as ex:
-      logger.exception('Cannot find notification method: %s' % ex.message)
-      return False
+      logger.exception('Cannot find notification event: %s' % ex.message)
+      raise JobException('Cannot find notification event: %s' % ex.message)
 
-    return method_handler.perform(notification, event_handler, job_details)
+    method_handler.perform(notification, event_handler, job_details)
 
-logging.config.fileConfig('conf/logging.conf', disable_existing_loggers=False)  
 
-worker = NotificationWorker(notification_queue, poll_period_seconds=15,
-                            reservation_seconds=3600)
-worker.start()
+if __name__ == "__main__":
+  logging.config.fileConfig('conf/logging.conf', disable_existing_loggers=False)  
+
+  worker = NotificationWorker(notification_queue, poll_period_seconds=10, reservation_seconds=30,
+                              retry_after_seconds=30)
+  worker.start()
diff --git a/workers/webhookworker.py b/workers/webhookworker.py
deleted file mode 100644
index ccff884c2..000000000
--- a/workers/webhookworker.py
+++ /dev/null
@@ -1,41 +0,0 @@
-import logging
-import argparse
-import requests
-import json
-
-from app import webhook_queue
-from workers.worker import Worker
-
-
-root_logger = logging.getLogger('')
-root_logger.setLevel(logging.DEBUG)
-
-FORMAT = '%(asctime)-15s - %(levelname)s - %(pathname)s - %(funcName)s - %(message)s'
-formatter = logging.Formatter(FORMAT)
-
-logger = logging.getLogger(__name__)
-
-
-class WebhookWorker(Worker):
-  def process_queue_item(self, job_details):
-    url = job_details['url']
-    payload = job_details['payload']
-    headers = {'Content-type': 'application/json'}
-
-    try:
-      resp = requests.post(url, data=json.dumps(payload), headers=headers)
-      if resp.status_code/100 != 2:
-        logger.error('%s response for webhook to url: %s' % (resp.status_code,
-                                                             url))
-        return False
-    except requests.exceptions.RequestException as ex:
-      logger.exception('Webhook was unable to be sent: %s' % ex.message)
-      return False
-
-    return True
-
-logging.config.fileConfig('conf/logging.conf', disable_existing_loggers=False)  
-
-worker = WebhookWorker(webhook_queue, poll_period_seconds=15,
-                       reservation_seconds=3600)
-worker.start()
\ No newline at end of file
diff --git a/workers/worker.py b/workers/worker.py
index e7750c232..03066dc6e 100644
--- a/workers/worker.py
+++ b/workers/worker.py
@@ -63,11 +63,12 @@ class WorkerStatusHandler(BaseHTTPRequestHandler):
 
 class Worker(object):
   def __init__(self, queue, poll_period_seconds=30, reservation_seconds=300,
-               watchdog_period_seconds=60):
+               watchdog_period_seconds=60, retry_after_seconds=300):
     self._sched = BackgroundScheduler()
     self._poll_period_seconds = poll_period_seconds
     self._reservation_seconds = reservation_seconds
     self._watchdog_period_seconds = watchdog_period_seconds
+    self._retry_after_seconds = retry_after_seconds
     self._stop = Event()
     self._terminated = Event()
     self._queue = queue
@@ -102,8 +103,9 @@ class Worker(object):
     logger.debug('Running watchdog.')
     try:
       self.watchdog()
-    except WorkerUnhealthyException:
-      logger.error('The worker has encountered an error and will not take new jobs.')
+    except WorkerUnhealthyException as exc:
+      logger.error('The worker has encountered an error via watchdog and will not take new jobs')
+      logger.error(exc.message)
       self.mark_current_incomplete(restore_retry=True)
       self._stop.set()
 
@@ -111,7 +113,7 @@ class Worker(object):
     logger.debug('Getting work item from queue.')
 
     with self._current_item_lock:
-      self.current_queue_item = self._queue.get()
+      self.current_queue_item = self._queue.get(processing_time=self._reservation_seconds)
 
     while True:
       # Retrieve the current item in the queue over which to operate. We do so under
@@ -129,14 +131,16 @@ class Worker(object):
         self.process_queue_item(job_details)
         self.mark_current_complete()
 
-      except JobException:
+      except JobException as jex:
         logger.warning('An error occurred processing request: %s', current_queue_item.body)
+        logger.warning('Job exception: %s' % jex)
         self.mark_current_incomplete(restore_retry=False)
 
-      except WorkerUnhealthyException:
-        logger.error('The worker has encountered an error and will not take new jobs. Job is being requeued.')
-        self._stop.set()
+      except WorkerUnhealthyException as exc:
+        logger.error('The worker has encountered an error via the job and will not take new jobs')
+        logger.error(exc.message)
         self.mark_current_incomplete(restore_retry=True)
+        self._stop.set()
 
       finally:
         # Close the db handle periodically
@@ -190,7 +194,8 @@ class Worker(object):
   def mark_current_incomplete(self, restore_retry=False):
     with self._current_item_lock:
       if self.current_queue_item is not None:
-        self._queue.incomplete(self.current_queue_item, restore_retry=restore_retry)
+        self._queue.incomplete(self.current_queue_item, restore_retry=restore_retry,
+                               retry_after=self._retry_after_seconds)
         self.current_queue_item = None
 
   def mark_current_complete(self):