Hi,

I'm trying to run it on Windows and using WSL to simulate Linux env. It have lot of errors.

Love ASVS. Love this project.

Would it be possible to start with the various requirements sections collapsed ?
My reasoning behind this is it may make introducing ASVS to our developers a little less daunting as they won't see a gigantic, scary wall of text. It'll also help them zero in on the section they require.

Example of Doom

Just a thought.

M

It would be super awesome to have the requirements in the project view be collapsible based on criteria.

1. Collapse all categories on page load (helps developers find a category they're interested in)
2. Collapse a category that has met all of the requirements

Kinda related, but it would also be useful to colour code the requirements based on status (red for unmet or green for completed)

Please add links to the project percentages to follow down to the relevant div

We should allow multiple answers for each security requirement

Ideally:

Complete
Not Complete
N/A

We should also take into consideration how this will change the status rings

Nice to have the option to export a project.

Links in descriptions should be a link, opening in another tab.

Description": "Verify that the application does not log other sensitive data as defined under local privacy laws or relevant security policy. (C9)",

These are links in the projects page, but not the levels page

I plan to deploy Scanroute in the kubernetes cluster, and due to the ingress setup I would need to add a base URL prefix to every route, link, static resource etc...

For example:
K8s ingress controller address: https://k8s.ingress.local/
App's url prefix: asvs
App's home page url: https://k8s.ingress.local/asvs

I am able to deploy and reach the app's home page, but all the CSS, static images, links are broken since the asvs/ part of the links are missing.

I am not proficient with Django, but I'd happily take the hints on how to do that and create a PR if I had any success with that.

As a user it would be helpful to have the ability to collapse all the expanded categories in the main project view.

We have different teams working on various parts of a project and it can be a little daunting to load a project page and be confronted by a huge list of expanded categories.

If we could either load it all without expanding or have the ability to quickly collapse all the categories, it would help the teams using ASVS.

Hi and first of all thanks!
I think that can be a good idea to add a field "Note" to write just one row of information for each points to use for example to remember why the test is Incomplete
Bye for now
Matteo

OS: macOS 11.3.1
Docker Desktop: 3.3.3 (64133)
Docker Engine: 20.10.6

Running docker build -t asvs . on my machine I get the following error:

 => ERROR [ 9/10] RUN python manage.py makemigrations                                                                                                                                                                                                              0.5s
------
 > [ 9/10] RUN python manage.py makemigrations:
#14 0.466 Traceback (most recent call last):
#14 0.466   File "/usr/lib/python3.9/site-packages/django/apps/config.py", line 244, in create
#14 0.466     app_module = import_module(app_name)
#14 0.466   File "/usr/lib/python3.9/importlib/__init__.py", line 127, in import_module
#14 0.467     return _bootstrap._gcd_import(name[level:], package, level)
#14 0.467   File "<frozen importlib._bootstrap>", line 1030, in _gcd_import
#14 0.468   File "<frozen importlib._bootstrap>", line 1007, in _find_and_load
#14 0.468   File "<frozen importlib._bootstrap>", line 984, in _find_and_load_unlocked
#14 0.468 ModuleNotFoundError: No module named 'requirements'
#14 0.468
#14 0.468 During handling of the above exception, another exception occurred:
#14 0.468
#14 0.468 Traceback (most recent call last):
#14 0.468   File "/app/manage.py", line 15, in <module>
#14 0.468     execute_from_command_line(sys.argv)
#14 0.468   File "/usr/lib/python3.9/site-packages/django/core/management/__init__.py", line 419, in execute_from_command_line
#14 0.469     utility.execute()
#14 0.469   File "/usr/lib/python3.9/site-packages/django/core/management/__init__.py", line 395, in execute
#14 0.469     django.setup()
#14 0.469   File "/usr/lib/python3.9/site-packages/django/__init__.py", line 24, in setup
#14 0.469     apps.populate(settings.INSTALLED_APPS)
#14 0.469   File "/usr/lib/python3.9/site-packages/django/apps/registry.py", line 91, in populate
#14 0.469     app_config = AppConfig.create(entry)
#14 0.469   File "/usr/lib/python3.9/site-packages/django/apps/config.py", line 246, in create
#14 0.470     raise ImproperlyConfigured(
#14 0.470 django.core.exceptions.ImproperlyConfigured: Cannot import 'requirements'. Check that 'levels.apps.RequirementsConfig.name' is correct.
------
executor failed running [/bin/sh -c python manage.py makemigrations]: exit code: 1

I'm not sure if there's anything else you need.

With 4.0.2 now the stable branch of the standard, we need to migrate all the variable names used previously. Attached is the new JSON for 4.0.2
asvs.json.zip

https://github.com/OWASP/ASVS/blob/v4.0.2/4.0/en/0x11-V2-Authentication.md

When creating or changing a user, if special chars such as asterisk or questionmarks, the application throws an error

this page should redirect to the projects page after sucessfully authenticationg OTP

Please enable a dark mode

Threat Modeling Cheat Sheet link (http://localhost:8000/help/1) points to out of date resource on OWASP site

Hey, we are thinking about using this as an awareness tool internal in the organization but we cant seem to get the % in each chapter. Is it a bug or am i doing it wrong? :)

Howdy

Attempting build on OS X

Docker version 18.05.0-ce, build f150324
docker-machine version 0.15.0, build b48dc28

The script errors out on step 6 with the following:

Step 6/8 : RUN python manage.py makemigrations
 ---> Running in 5a070da7960b
You are trying to add a non-nullable field 'project_level' to projects without a default; we can't do that (the database needs something to populate existing rows).
Please select a fix:
 1) Provide a one-off default now (will be set on all existing rows with a null value for this column)
 2) Quit, and let me add a default in models.py
Select an option: Traceback (most recent call last):
  File "manage.py", line 15, in <module>
    execute_from_command_line(sys.argv)
  File "/usr/lib/python3.6/site-packages/django/core/management/__init__.py", line 371, in execute_from_command_line
    utility.execute()
  File "/usr/lib/python3.6/site-packages/django/core/management/__init__.py", line 365, in execute
    self.fetch_command(subcommand).run_from_argv(self.argv)
  File "/usr/lib/python3.6/site-packages/django/core/management/base.py", line 288, in run_from_argv
    self.execute(*args, **cmd_options)
  File "/usr/lib/python3.6/site-packages/django/core/management/base.py", line 335, in execute
    output = self.handle(*args, **options)
  File "/usr/lib/python3.6/site-packages/django/core/management/commands/makemigrations.py", line 159, in handle
    migration_name=self.migration_name,
  File "/usr/lib/python3.6/site-packages/django/db/migrations/autodetector.py", line 44, in changes
    changes = self._detect_changes(convert_apps, graph)
  File "/usr/lib/python3.6/site-packages/django/db/migrations/autodetector.py", line 183, in _detect_changes
    self.generate_added_fields()
  File "/usr/lib/python3.6/site-packages/django/db/migrations/autodetector.py", line 824, in generate_added_fields
    self._generate_added_field(app_label, model_name, field_name)
  File "/usr/lib/python3.6/site-packages/django/db/migrations/autodetector.py", line 844, in _generate_added_field
    field.default = self.questioner.ask_not_null_addition(field_name, model_name)
  File "/usr/lib/python3.6/site-packages/django/db/migrations/questioner.py", line 151, in ask_not_null_addition
    "Quit, and let me add a default in models.py",
  File "/usr/lib/python3.6/site-packages/django/db/migrations/questioner.py", line 96, in _choice_input
    result = input("Select an option: ")
EOFError: EOF when reading a line
The command '/bin/sh -c python manage.py makemigrations' returned a non-zero code: 1

Let me know if you need any more information/testing from my side.

Update the release to the latest version of the ASVS Standard 4.0.2

Please help, I tried to build the docker image on Ubuntu 22.04 VM, but getting this error:

=> ERROR [2/9] RUN apk add --no-cache python3 &&     python3 -m ensurepip &&     pip3 install --upgrade pip setu  5.8s
------
> [2/9] RUN apk add --no-cache python3 &&     python3 -m ensurepip &&     pip3 install --upgrade pip setuptools &&     if [ ! -e /usr/bin/pip ]; then ln -s pip3 /usr/bin/pip ; fi &&     if [[ ! -e /usr/bin/python ]]; then ln -sf /usr/bin/python3 /usr/bin/python; fi:
0.298 fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/main/x86_64/APKINDEX.tar.gz
0.860 fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/community/x86_64/APKINDEX.tar.gz
1.500 (1/17) Installing libexpat (2.6.2-r0)
1.527 (2/17) Installing libbz2 (1.0.8-r6)
1.549 (3/17) Installing libffi (3.4.4-r3)
1.570 (4/17) Installing gdbm (1.23-r1)
1.595 (5/17) Installing xz-libs (5.4.5-r0)
1.630 (6/17) Installing libgcc (13.2.1_git20231014-r0)
1.657 (7/17) Installing libstdc++ (13.2.1_git20231014-r0)
1.760 (8/17) Installing mpdecimal (2.5.1-r2)
1.790 (9/17) Installing ncurses-terminfo-base (6.4_p20231125-r0)
1.821 (10/17) Installing libncursesw (6.4_p20231125-r0)
1.858 (11/17) Installing libpanelw (6.4_p20231125-r0)
1.878 (12/17) Installing readline (8.2.1-r2)
1.917 (13/17) Installing sqlite-libs (3.44.2-r0)
2.003 (14/17) Installing python3 (3.11.9-r0)
2.875 (15/17) Installing python3-pycache-pyc0 (3.11.9-r0)
3.339 (16/17) Installing pyc (3.11.9-r0)
3.357 (17/17) Installing python3-pyc (3.11.9-r0)
3.377 Executing busybox-1.36.1-r15.trigger
3.395 OK: 51 MiB in 32 packages
5.614 error: externally-managed-environment
5.614
5.614 × This environment is externally managed
5.614 ╰─>
5.614     The system-wide python installation should be maintained using the system
5.614     package manager (apk) only.
5.614
5.614     If the package in question is not packaged already (and hence installable via
5.614     "apk add py3-somepackage"), please consider installing it inside a virtual
5.614     environment, e.g.:
5.614
5.614     python3 -m venv /path/to/venv
5.614     . /path/to/venv/bin/activate
5.614     pip install mypackage
5.614
5.614     To exit the virtual environment, run:
5.614
5.614     deactivate
5.614
5.614     The virtual environment is not deleted, and can be re-entered by re-sourcing
5.614     the activate file.
5.614
5.614     To automatically manage virtual environments, consider using pipx (from the
5.614     pipx package).
5.614
5.614 note: If you believe this is a mistake, please contact your Python installation or OS distribution provider. You can override this, at the risk of breaking your Python installation or OS, by passing --break-system-packages.
5.614 hint: See PEP 668 for the detailed specification.
5.674 Traceback (most recent call last):
5.674   File "<frozen runpy>", line 198, in _run_module_as_main
5.674   File "<frozen runpy>", line 88, in _run_code
5.674   File "/usr/lib/python3.11/ensurepip/__main__.py", line 5, in <module>
5.675     sys.exit(ensurepip._main())
5.676              ^^^^^^^^^^^^^^^^^
5.677   File "/usr/lib/python3.11/ensurepip/__init__.py", line 286, in _main
5.677     return _bootstrap(
5.677            ^^^^^^^^^^^
5.677   File "/usr/lib/python3.11/ensurepip/__init__.py", line 202, in _bootstrap
5.678     return _run_pip([*args, *_PACKAGE_NAMES], additional_paths)
5.678            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
5.678   File "/usr/lib/python3.11/ensurepip/__init__.py", line 103, in _run_pip
5.679     return subprocess.run(cmd, check=True).returncode
5.679            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
5.680   File "/usr/lib/python3.11/subprocess.py", line 571, in run
5.681     raise CalledProcessError(retcode, process.args,
5.681 subprocess.CalledProcessError: Command '['/usr/bin/python3', '-W', 'ignore::DeprecationWarning', '-c', '\nimport runpy\nimport sys\nsys.path = [\'/tmp/tmpnp3av3re/setuptools-65.5.0-py3-none-any.whl\', \'/tmp/tmpnp3av3re/pip-24.0-py3-none-any.whl\'] + sys.path\nsys.argv[1:] = [\'install\', \'--no-cache-dir\', \'--no-index\', \'--find-links\', \'/tmp/tmpnp3av3re\', \'setuptools\', \'pip\']\nrunpy.run_module("pip", run_name="__main__", alter_sys=True)\n']' returned non-zero exit status 1.
------
Dockerfile:2
--------------------
  1 |     FROM alpine:latest
  2 | >>> RUN apk add --no-cache python3 && \
  3 | >>>     python3 -m ensurepip && \
  4 | >>>     pip3 install --upgrade pip setuptools && \
  5 | >>>     if [ ! -e /usr/bin/pip ]; then ln -s pip3 /usr/bin/pip ; fi && \
  6 | >>>     if [[ ! -e /usr/bin/python ]]; then ln -sf /usr/bin/python3 /usr/bin/python; fi
  7 |
--------------------
ERROR: failed to solve: process "/bin/sh -c apk add --no-cache python3 &&     python3 -m ensurepip &&     pip3 install --upgrade pip setuptools &&     if [ ! -e /usr/bin/pip ]; then ln -s pip3 /usr/bin/pip ; fi &&     if [[ ! -e /usr/bin/python ]]; then ln -sf /usr/bin/python3 /usr/bin/python; fi" did not complete successfully: exit code: 1

QR is not work, can we have 2FA disable option?

Hey team,
First of all - love the effort you've put in here.
I've found a slight bug in the setup for MFA. When creating a new user and you reach the MFA prompt, there are no other buttons on the screen and no way to get out of setting it up. If you click Submit Verification Code without entering a valid code, the page refreshes and the menu appears at the top. You can then bypass setting up MFA by just clicking out of the screen (by clicking on Projects or similar). I've attached some screenshots to demonstrate.

We use ASVS internally for some teams.

It would be awesome if we could "share" the project out to internal users so they can work on it.
Currently user A creates the project, does some work and then wants input from user B.
But user B cannot see the project for some reason.

Shout if I can help with anything here.

PDF generation needs to be sexier, some graphs etc.. (at the mo looks like a printable version)

Help menu 6 (crypto) causes an stack trace error, no other help page does!

The static css files are only served from the docker container when running with -e DEV=true. If this is not enabled then a 404 is returned by the web server.

Need to add error handling for invalid pages.

when registering or changing the username, if the username already exists, it causes a stack trace

When completing the account creation form and clicking "register", DB error is shown.

Manage the requirements in the levels in a way that it can be categorised in the categories. This will help developers easily find the requirements in their category.

Because people want to click on stuff..

Why the first test say
"(V2.1.1) Verify that user set passwords are at least 12 characters in length"
but if i check the OWASP project i found " at least 8 characters in length"?

https://github.com/OWASP/ASVS/blob/master/4.0/en/0x11-V2-Authentication.md#v21-password-security-requirements

On clicking login I am presented with an error: TemplateDoesNotExist at /auth/login

Template-loader postmortem
Django tried loading these templates, in this order:

Using engine django:

django.template.loaders.filesystem.Loader: /app/templates/bootstrap3/uni_form.html (Source does not exist)
django.template.loaders.app_directories.Loader: /usr/lib/python3.10/site-packages/django/contrib/admin/templates/bootstrap3/uni_form.html (Source does not exist)
django.template.loaders.app_directories.Loader: /usr/lib/python3.10/site-packages/django/contrib/auth/templates/bootstrap3/uni_form.html (Source does not exist)
django.template.loaders.app_directories.Loader: /usr/lib/python3.10/site-packages/django_otp/templates/bootstrap3/uni_form.html (Source does not exist)
django.template.loaders.app_directories.Loader: /usr/lib/python3.10/site-packages/django_otp/plugins/otp_totp/templates/bootstrap3/uni_form.html (Source does not exist)

=> ERROR [ 9/11] RUN pip3 install -r requirements.txt
executor failed running [/bin/sh -c pip3 install -r requirements.txt]: exit code: 1

asvs git:(master) docker build -t asvs .
[+] Building 4.5s (13/15)
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 37B 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load metadata for docker.io/library/alpine:latest 0.8s
=> [internal] load build context 0.0s
=> => transferring context: 8.43kB 0.0s
=> [ 1/11] FROM docker.io/library/alpine:latest@sha256:8914eb54f968791faf6a8638949e480fef81e697984fba772b3976835194c6d4 0.0s
=> CACHED [ 2/11] RUN apk add --no-cache python3 && python3 -m ensurepip && pip3 install --upgrade pip setuptools && if [ ! -e /usr/bin/pip ]; then ln -s pip3 /usr/bin/pip ; fi && if [[ ! -e /usr/bin 0.0s
=> CACHED [ 3/11] COPY . /app 0.0s
=> CACHED [ 4/11] WORKDIR /app 0.0s
=> CACHED [ 5/11] RUN apk update && apk add postgresql-dev gcc python3-dev musl-dev postgresql-libs zlib-dev jpeg-dev 0.0s
=> CACHED [ 6/11] RUN apk update 0.0s
=> CACHED [ 7/11] RUN apk add postgresql zlib jpeg 0.0s
=> CACHED [ 8/11] RUN pip install psycopg2 Pillow 0.0s
=> ERROR [ 9/11] RUN pip3 install -r requirements.txt 3.6s

[ 9/11] RUN pip3 install -r requirements.txt:
#13 0.708 Collecting django
#13 1.291 Downloading Django-4.1.3-py3-none-any.whl (8.1 MB)
#13 2.191 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 8.1/8.1 MB 9.1 MB/s eta 0:00:00
#13 2.262 Collecting django-crispy-forms
#13 2.363 Downloading django_crispy_forms-1.14.0-py3-none-any.whl (133 kB)
#13 2.371 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 133.3/133.3 kB 24.9 MB/s eta 0:00:00
#13 2.542 Collecting reportlab
#13 2.651 Downloading reportlab-3.6.12.tar.gz (4.5 MB)
#13 2.878 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 4.5/4.5 MB 20.2 MB/s eta 0:00:00
#13 3.277 Preparing metadata (setup.py): started
#13 3.501 Preparing metadata (setup.py): finished with status 'error'
#13 3.506 error: subprocess-exited-with-error
#13 3.506
#13 3.506 × python setup.py egg_info did not run successfully.
#13 3.506 │ exit code: 1
#13 3.506 ╰─> [10 lines of output]
#13 3.506 ##### setup-python-3.10.8-linux-x86_64: ================================================
#13 3.506 ##### setup-python-3.10.8-linux-x86_64: Attempting build of _rl_accel
#13 3.506 ##### setup-python-3.10.8-linux-x86_64: extensions from 'src/rl_addons/rl_accel'
#13 3.506 ##### setup-python-3.10.8-linux-x86_64: ================================================
#13 3.506 ##### setup-python-3.10.8-linux-x86_64: ===================================================
#13 3.506 ##### setup-python-3.10.8-linux-x86_64: Attempting build of _renderPM
#13 3.506 ##### setup-python-3.10.8-linux-x86_64: extensions from 'src/rl_addons/renderPM'
#13 3.506 ##### setup-python-3.10.8-linux-x86_64: ===================================================
#13 3.506 ##### setup-python-3.10.8-linux-x86_64: will use package libart 2.3.21
#13 3.506 !!!!! cannot find ft2build.h
#13 3.506 [end of output]
#13 3.506
#13 3.506 note: This error originates from a subprocess, and is likely not a problem with pip.
#13 3.508 error: metadata-generation-failed
#13 3.508
#13 3.508 × Encountered error while generating package metadata.
#13 3.508 ╰─> See above for output.
#13 3.508
#13 3.508 note: This is an issue with the package mentioned above, not pip.
#13 3.508 hint: See above for details.

executor failed running [/bin/sh -c pip3 install -r requirements.txt]: exit code: 1

When entering the password on a account creation, the JS cuts the keyboard presses out, so if i enter a passphrase quite fast, some of the characters will be missing! (Quality of life issue)

On the levels page as default, the width of the table div is half of what it is when clicked.

When clicked it expands out to full width

It would be better if the width didnt change

Add the ability to hide each section or minimise it, to reduce scrolling on the project view page

Following step is not being cached by the docker build process which takes a lot of time and storage both while building the container and while pushing it to the private registry:

RUN apk add --virtual build-deps --no-cache gcc python3-dev musl-dev zlib-dev postgresql-dev jpeg-dev

Steps to reproduce:

1. Build the image with docker build -t asvs .
2. Make any change, for example add new allowed host to asvs/settings.py
3. Build image again with docker build -t asvs .
4. Watch mentioned step being executed again

I guess it's because of --no-cache flag so I was wondering what is the reason for using it? Would there be a way to make this build step cacheable?

EDIT:

• --no-cache flag doesn't seem to be a cause here (I tried without it)
• Added steps to reproduce

Copyright (c) 2018 Banco Santander MIT

might be worth checking to see if this still fits our licence requirements

All external links should be noted with an icon and open in new tab

We are aware that the docker build process is ugly and slow and now looking at how to make this leaner and faster for all.

Hi!

I have no issues to build my docker image, but I do my docker run to the port 8000 and open my browser, my css styles are no more:

localhost/:7 GET http://localhost:8000/static/css/bootstrap.css net::ERR_ABORTED 404 (Not Found)
localhost/:8 GET http://localhost:8000/static/css/custom.css net::ERR_ABORTED 404 (Not Found)

I´m using a no proxy connection to internet (well, its a localhost GET XD). Also happends my other browsers like Firefox and IE.

Here is my docker build trace:

PS C:\Users\HiverLaver\Downloads\asvs-master> docker build -t asvs .
Sending build context to Docker daemon 2.737MB
Step 1/8 : FROM alpine:edge
---> de4761d9f037
Step 2/8 : RUN apk add --no-cache python3 && python3 -m ensurepip && rm -r /usr/lib/python*/ensurepip && pip3 install --upgrade pip setuptools && if [ ! -e /usr/bin/pip ]; then ln -s pip3 /usr/bin/pip ; fi && if [[ ! -e /usr/bin/python ]]; then ln -sf /usr/bin/python3 /usr/bin/python; fi && rm -r /root/.cache
---> Using cache
---> c17db08993ed
Step 3/8 : COPY . /app
---> Using cache
---> 19e617e3256b
Step 4/8 : WORKDIR /app
---> Using cache
---> 06bde36ad377
Step 5/8 : RUN pip3 install -r requirements.txt
---> Using cache
---> ba3fbe9ec1f4
Step 6/8 : RUN python manage.py makemigrations
---> Using cache
---> d2e463eb61c5
Step 7/8 : RUN python manage.py migrate
---> Using cache
---> 1bf9a2f9aff9
Step 8/8 : CMD ["python", "manage.py", "runserver", "0.0.0.0:8000"]
---> Using cache
---> 57f3f10f326b
Successfully built 57f3f10f326b
Successfully tagged asvs:latest
SECURITY WARNING: You are building a Docker image from Windows against a non-Windows Docker host. All files and directories added to build context will have '-rwxr-xr-x' permissions. It is recommended to double check and reset permissions for sensitive files and directories.

I was unable to build the ASVS with a latest Docker install on Mac OS X.

Changing {% load staticfiles %} to {% load static %} in the following files and rebuilding seemed to fix the issue for me.

tomwoj@Tom-Woj asvs-master % grep '{% load staticfiles %}' --recursive .
./templates/home/home.html:{% extends "base.html" %} {% load staticfiles %} {% block content %}
./templates/base.html:{% load staticfiles %}
./templates/projects/view.html:{% extends "base.html" %} {% load staticfiles %} {% block content %}
./templates/levels/levels.html:{% extends "base.html" %} {% load staticfiles %} {% block content %}
./templates/help/help.html:{% extends "base.html" %} {% load staticfiles %} {% block content %}

Ref: https://stackoverflow.com/questions/55929472/django-templatesyntaxerror-staticfiles-is-not-a-registered-tag-library

Cheers,
Tom

in this case we have two users, notadmin and administrator

notadmin has 4 projects, adminstrator has 1

when changing this username to another (case insensitive) (if an user with the exact username exists, see other bug, however if one character is changed case, this bug works)

Once changed, the other user can see the emulated users projects

Would be good to have different views for different teams (an idea from Joseph B. LeRoy @josephbleroy)

• Security team
• Developers
• Executives
• Auditors