Remove warnings #441

2026-03-13 00:07:22 +00:00 · 2023-04-19 15:32:30 +02:00 · 2023-04-19 15:32:30 +02:00 · 84882971b6
commit 84882971b6
parent 9b70a1fd63
107 changed files with 59280 additions and 326 deletions
--- a/.dcignore
+++ b/.dcignore
--- a/cypress/e2e/event.cy.js
+++ b/cypress/e2e/event.cy.js
@ -1,6 +1,6 @@
 describe("Event", () => {
  [{ recurrence: false }, { recurrence: true }].forEach(function (test) {
-    it.only("creates event with recurrence=" + test.recurrence, () => {
+    it("creates event with recurrence=" + test.recurrence, () => {
      cy.login();
      cy.createAdminUnit().then(function (adminUnitId) {
        cy.visit("/admin_unit/" + adminUnitId + "/events/create");
@ -48,7 +48,7 @@ describe("Event", () => {
    });
  });

-  it.only("saves draft", () => {
+  it("saves draft", () => {
    cy.login();
    cy.createAdminUnit().then(function (adminUnitId) {
      cy.visit("/admin_unit/" + adminUnitId + "/events/create");
--- a/doc/development.md
+++ b/doc/development.md
@ -57,7 +57,7 @@ flask db upgrade

 ## i18n

-<https://pythonhosted.org/Flask-BabelEx/>
+<https://python-babel.github.io/flask-babel/>

 ### Init

--- a/migrations/versions/30650020b4b7_.py
+++ b/migrations/versions/30650020b4b7_.py
@ -0,0 +1,73 @@
+"""empty message
+
+Revision ID: 30650020b4b7
+Revises: 421660a4a792
+Create Date: 2023-04-18 23:52:37.520530
+
+"""
+import sqlalchemy as sa
+import sqlalchemy_utils
+from alembic import op
+from sqlalchemy.dialects import postgresql
+
+from project import dbtypes
+
+# revision identifiers, used by Alembic.
+revision = "30650020b4b7"
+down_revision = "421660a4a792"
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    with op.batch_alter_table("user", schema=None) as batch_op:
+        batch_op.drop_column("current_login_at")
+        batch_op.drop_column("current_login_ip")
+        batch_op.drop_column("last_login_at")
+        batch_op.drop_column("login_count")
+        batch_op.drop_column("last_login_ip")
+
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    with op.batch_alter_table("user", schema=None) as batch_op:
+        batch_op.add_column(
+            sa.Column(
+                "last_login_ip",
+                sa.VARCHAR(length=100),
+                autoincrement=False,
+                nullable=True,
+            )
+        )
+        batch_op.add_column(
+            sa.Column("login_count", sa.INTEGER(), autoincrement=False, nullable=True)
+        )
+        batch_op.add_column(
+            sa.Column(
+                "last_login_at",
+                postgresql.TIMESTAMP(),
+                autoincrement=False,
+                nullable=True,
+            )
+        )
+        batch_op.add_column(
+            sa.Column(
+                "current_login_ip",
+                sa.VARCHAR(length=100),
+                autoincrement=False,
+                nullable=True,
+            )
+        )
+        batch_op.add_column(
+            sa.Column(
+                "current_login_at",
+                postgresql.TIMESTAMP(),
+                autoincrement=False,
+                nullable=True,
+            )
+        )
+
+    # ### end Alembic commands ###
--- a/project/init.py
+++ b/project/init.py
@ -3,7 +3,7 @@ import os
 from datetime import timedelta

 from flask import Flask
-from flask_babelex import Babel
+from flask_babel import Babel
 from flask_cors import CORS
 from flask_gzip import Gzip
 from flask_mail import Mail, email_dispatched
@ -36,7 +36,6 @@ app.config["REDIS_URL"] = os.getenv("REDIS_URL")
 app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False
 app.config["SECURITY_CONFIRMABLE"] = True
 app.config["SECURITY_POST_LOGIN_VIEW"] = "manage_after_login"
-app.config["SECURITY_TRACKABLE"] = True
 app.config["SECURITY_REGISTERABLE"] = True
 app.config["SECURITY_SEND_REGISTER_EMAIL"] = True
 app.config["SECURITY_RECOVERABLE"] = True
@ -62,6 +61,9 @@ app.config["FLASK_DEBUG"] = getenv_bool("FLASK_DEBUG", "False")
 if os.getenv("PREFERRED_URL_SCHEME"):  # pragma: no cover
    app.config["PREFERRED_URL_SCHEME"] = os.getenv("PREFERRED_URL_SCHEME")

+    if app.config["PREFERRED_URL_SCHEME"] == "https":
+        app.config["SESSION_COOKIE_SECURE"] = True
+
 from project.reverse_proxied import ReverseProxied

 app.wsgi_app = ReverseProxied(app.wsgi_app)
@ -134,9 +136,11 @@ sitemap_path = os.path.join(cache_path, sitemap_file)
 robots_txt_path = os.path.join(cache_path, robots_txt_file)

 # i18n
+from project.i10n import get_locale
+
 app.config["BABEL_DEFAULT_LOCALE"] = "de"
 app.config["BABEL_DEFAULT_TIMEZONE"] = "Europe/Berlin"
-babel = Babel(app)
+babel = Babel(app, locale_selector=get_locale)

 # cors
 cors = CORS(
@ -188,9 +192,9 @@ from project.api import RestApi
 QRcode(app)

 # JSON
-from project.jsonld import DateTimeEncoder
+from project.jsonld import CustomJsonProvider

-app.json_encoder = DateTimeEncoder
+app.json_provider_class = CustomJsonProvider

 from project.forms.security import ExtendedConfirmRegisterForm, ExtendedLoginForm

@ -228,7 +232,7 @@ if getenv_bool("TESTING"):  # pragma: no cover
    app.config["SECURITY_EMAIL_VALIDATOR_ARGS"] = {"check_deliverability": False}

 import project.cli.user
-from project import i10n, init_data, jinja_filters, requests
+from project import init_data, jinja_filters, requests

 # Routes
 from project.views import (
--- a/project/api/init.py
+++ b/project/api/init.py
@ -3,7 +3,7 @@ from apispec.exceptions import DuplicateComponentNameError
 from apispec.ext.marshmallow import MarshmallowPlugin
 from flask import url_for
 from flask_apispec.extension import FlaskApiSpec
-from flask_babelex import gettext
+from flask_babel import gettext
 from flask_marshmallow import Marshmallow
 from flask_restful import Api
 from marshmallow import ValidationError
--- a/project/api/organization/resources.py
+++ b/project/api/organization/resources.py
@ -1,6 +1,6 @@
 from flask import abort, request
 from flask_apispec import doc, marshal_with, use_kwargs
-from flask_babelex import gettext
+from flask_babel import gettext
 from sqlalchemy import and_

 from project import db
@ -198,6 +198,7 @@ class OrganizationEventImportResource(BaseResource):
            importer = EventImporter(admin_unit.id)

            with db.session.no_autoflush:
+                # deepcode ignore Ssrf: url sanitized in importer
                event = importer.load_event_from_url(import_request["url"])
        except Exception:
            abort(422)
--- a/project/cli/test.py
+++ b/project/cli/test.py
@ -445,8 +445,8 @@ def create_event_suggestion(admin_unit_id, freetext):


 def _add_event_to_list(event_list_id, event_id):
-    event = Event.query.get(event_id)
-    event_list = EventList.query.get(event_list_id)
+    event = db.session.get(Event, event_id)
+    event_list = db.session.get(EventList, event_list_id)
    event_list.events.append(event)
    db.session.commit()

--- a/project/forms/admin.py
+++ b/project/forms/admin.py
@ -1,4 +1,4 @@
-from flask_babelex import lazy_gettext
+from flask_babel import lazy_gettext
 from flask_wtf import FlaskForm
 from wtforms import BooleanField, RadioField, StringField, SubmitField, TextAreaField
 from wtforms.fields import EmailField
--- a/project/forms/admin_unit.py
+++ b/project/forms/admin_unit.py
@ -1,4 +1,4 @@
-from flask_babelex import lazy_gettext
+from flask_babel import lazy_gettext
 from flask_wtf import FlaskForm
 from wtforms import DecimalField, FormField, StringField, SubmitField, TextAreaField
 from wtforms.fields import BooleanField, EmailField, TelField, URLField
--- a/project/forms/admin_unit_member.py
+++ b/project/forms/admin_unit_member.py
@ -1,4 +1,4 @@
-from flask_babelex import lazy_gettext
+from flask_babel import lazy_gettext
 from flask_wtf import FlaskForm
 from wtforms import SubmitField
 from wtforms.fields import EmailField
--- a/project/forms/common.py
+++ b/project/forms/common.py
@ -1,5 +1,5 @@
 from flask import url_for
-from flask_babelex import lazy_gettext
+from flask_babel import lazy_gettext
 from flask_wtf import FlaskForm
 from markupsafe import Markup
 from wtforms import HiddenField, StringField
--- a/project/forms/event.py
+++ b/project/forms/event.py
@ -1,6 +1,6 @@
 from dateutil.relativedelta import relativedelta
 from flask import request
-from flask_babelex import gettext, lazy_gettext
+from flask_babel import gettext, lazy_gettext
 from flask_wtf import FlaskForm
 from wtforms import (
    BooleanField,
--- a/project/forms/event_date.py
+++ b/project/forms/event_date.py
@ -1,5 +1,5 @@
 from flask import request
-from flask_babelex import lazy_gettext
+from flask_babel import lazy_gettext
 from flask_wtf import FlaskForm
 from wtforms import HiddenField, SelectField, StringField, SubmitField
 from wtforms.validators import Optional
--- a/project/forms/event_place.py
+++ b/project/forms/event_place.py
@ -1,4 +1,4 @@
-from flask_babelex import lazy_gettext
+from flask_babel import lazy_gettext
 from flask_wtf import FlaskForm
 from wtforms import DecimalField, FormField, StringField, SubmitField, TextAreaField
 from wtforms.fields import URLField
--- a/project/forms/event_suggestion.py
+++ b/project/forms/event_suggestion.py
@ -1,4 +1,4 @@
-from flask_babelex import lazy_gettext
+from flask_babel import lazy_gettext
 from flask_wtf import FlaskForm
 from wtforms import (
    BooleanField,
--- a/project/forms/oauth2_client.py
+++ b/project/forms/oauth2_client.py
@ -1,6 +1,6 @@
 import os

-from flask_babelex import lazy_gettext
+from flask_babel import lazy_gettext
 from flask_wtf import FlaskForm
 from wtforms import StringField, SubmitField, TextAreaField
 from wtforms.validators import DataRequired
--- a/project/forms/oauth2_token.py
+++ b/project/forms/oauth2_token.py
@ -1,4 +1,4 @@
-from flask_babelex import lazy_gettext
+from flask_babel import lazy_gettext
 from flask_wtf import FlaskForm
 from wtforms import SubmitField

--- a/project/forms/organizer.py
+++ b/project/forms/organizer.py
@ -1,4 +1,4 @@
-from flask_babelex import lazy_gettext
+from flask_babel import lazy_gettext
 from flask_wtf import FlaskForm
 from wtforms import DecimalField, FormField, StringField, SubmitField
 from wtforms.fields import EmailField, TelField, URLField
--- a/project/forms/planing.py
+++ b/project/forms/planing.py
@ -1,4 +1,4 @@
-from flask_babelex import lazy_gettext
+from flask_babel import lazy_gettext
 from flask_wtf import FlaskForm
 from wtforms import HiddenField, SelectField, SubmitField
 from wtforms.validators import Optional
--- a/project/forms/reference.py
+++ b/project/forms/reference.py
@ -1,4 +1,4 @@
-from flask_babelex import lazy_gettext
+from flask_babel import lazy_gettext
 from flask_wtf import FlaskForm
 from wtforms import SelectField, SubmitField
 from wtforms.validators import DataRequired
--- a/project/forms/reference_request.py
+++ b/project/forms/reference_request.py
@ -1,4 +1,4 @@
-from flask_babelex import lazy_gettext
+from flask_babel import lazy_gettext
 from flask_wtf import FlaskForm
 from wtforms import SelectField, StringField, SubmitField
 from wtforms.fields import BooleanField
--- a/project/forms/security.py
+++ b/project/forms/security.py
@ -1,4 +1,4 @@
-from flask_babelex import gettext, lazy_gettext
+from flask_babel import gettext, lazy_gettext
 from flask_security import url_for_security
 from flask_security.forms import (
    ConfirmRegisterForm,
--- a/project/forms/user.py
+++ b/project/forms/user.py
@ -1,4 +1,4 @@
-from flask_babelex import lazy_gettext
+from flask_babel import lazy_gettext
 from flask_wtf import FlaskForm
 from wtforms import BooleanField, SubmitField
 from wtforms.validators import Optional
--- a/project/forms/widgets.py
+++ b/project/forms/widgets.py
@ -1,6 +1,6 @@
 from datetime import datetime

-from flask_babelex import gettext, to_user_timezone
+from flask_babel import gettext, to_user_timezone
 from markupsafe import Markup
 from wtforms import DateTimeField, SelectField, SelectMultipleField
 from wtforms.fields import StringField
--- a/project/i10n.py
+++ b/project/i10n.py
@ -1,11 +1,13 @@
 from flask import request
-from flask_babelex import gettext
+from flask_babel import gettext

-from project import app, babel
+from project import app


-@babel.localeselector
 def get_locale():
+    if not request:
+        return app.config["LANGUAGES"][0]
+
    return request.accept_languages.best_match(app.config["LANGUAGES"])


--- a/project/jinja_filters.py
+++ b/project/jinja_filters.py
@ -44,7 +44,7 @@ app.jinja_env.filters["is_list"] = is_list
 app.jinja_env.filters["any_dict_value_true"] = any_dict_value_true
 app.jinja_env.filters["ensure_link_scheme"] = lambda s: ensure_link_scheme(s)
 app.jinja_env.filters["place_str"] = lambda p: get_place_str(p)
-app.jinja_env.filters["location_str"] = lambda l: get_location_str(l)
+app.jinja_env.filters["location_str"] = lambda location: get_location_str(location)


 def get_base_url():
--- a/project/jsonld.py
+++ b/project/jsonld.py
@ -1,21 +1,24 @@
 import datetime
-from json import JSONEncoder

 from flask import url_for
+from flask.json.provider import DefaultJSONProvider

 from project.dateutils import berlin_tz
 from project.jinja_filters import url_for_image
 from project.models import EventAttendanceMode, EventStatus


-class DateTimeEncoder(JSONEncoder):
-    # Override the default method
-    def default(self, obj):
+class CustomJsonProvider(DefaultJSONProvider):
+    @staticmethod
+    def default(obj):
        if isinstance(obj, datetime.datetime):
            return (obj.astimezone(berlin_tz)).isoformat()
        elif isinstance(obj, datetime.date):
            return obj.isoformat()

+        # pragma: no cover
+        return super(CustomJsonProvider, CustomJsonProvider).default(obj)
+

 def get_sd_for_admin_unit(admin_unit):
    result = {}
--- a/project/models/init.py
+++ b/project/models/init.py
@ -38,4 +38,4 @@ from project.models.legacy import (
 from project.models.location import Location
 from project.models.oauth import OAuth2AuthorizationCode, OAuth2Client, OAuth2Token
 from project.models.settings import Settings
-from project.models.user import Role, User, UserFavoriteEvents
+from project.models.user import OAuth, Role, User, UserFavoriteEvents
--- a/project/models/user.py
+++ b/project/models/user.py
@ -40,11 +40,6 @@ class User(db.Model, UserMixin):
    email = Column(String(255), unique=True)
    username = Column(String(255))
    password = Column(String(255))
-    last_login_at = Column(DateTime())
-    current_login_at = Column(DateTime())
-    last_login_ip = Column(String(100))
-    current_login_ip = Column(String(100))
-    login_count = Column(Integer)
    active = Column(Boolean())
    fs_uniquifier = Column(String(255))
    confirmed_at = Column(DateTime())
--- a/project/oauth2.py
+++ b/project/oauth2.py
@ -68,7 +68,7 @@ class AuthorizationCodeGrant(grants.AuthorizationCodeGrant):
        db.session.commit()

    def authenticate_user(self, authorization_code):
-        return User.query.get(authorization_code.user_id)
+        return db.session.get(User, authorization_code.user_id)


 class OpenIDCode(_OpenIDCode):
@ -97,7 +97,7 @@ class RefreshTokenGrant(grants.RefreshTokenGrant):
            return token

    def authenticate_user(self, credential):
-        return User.query.get(credential.user_id)
+        return db.session.get(User, credential.user_id)

    def revoke_old_credential(self, credential):
        credential.revoked = True
--- a/project/requests.py
+++ b/project/requests.py
@ -1,6 +1,6 @@
 from datetime import datetime, timedelta

-from flask import g
+from flask import g, request
 from flask_login.utils import encode_cookie

 from project import app
@ -16,6 +16,21 @@ def set_manage_admin_unit_cookie(response):
            "manage_admin_unit_id",
            value=encoded,
            expires=datetime.utcnow() + timedelta(days=365),
+            secure=app.config["SESSION_COOKIE_SECURE"],
        )

    return response
+
+
+@app.after_request
+def set_response_headers(response):
+    if request and request.endpoint:
+        if request.endpoint != "static" and request.endpoint != "widget_event_dates":
+            response.headers["X-Frame-Options"] = "SAMEORIGIN"
+
+    response.headers["X-Content-Type-Options"] = "nosniff"
+    response.headers["Referrer-Policy"] = "no-referrer"
+    response.headers[
+        "Content-Security-Policy"
+    ] = "default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-eval' 'unsafe-inline'; img-src 'self' data: *.openstreetmap.org;"
+    return response
--- a/project/services/dump.py
+++ b/project/services/dump.py
@ -5,7 +5,7 @@ import shutil
 from sqlalchemy import and_
 from sqlalchemy.orm import joinedload

-from project import app, dump_path
+from project import app, db, dump_path
 from project.api.event.schemas import EventDumpSchema
 from project.api.event_category.schemas import EventCategoryDumpSchema
 from project.api.event_reference.schemas import EventReferenceDumpSchema
@ -163,7 +163,7 @@ class AdminUnitDumper(Dumper):  # pragma: no cover
            self.dump_image(organizer.logo)

        # Organizations
-        organization = AdminUnit.query.get(self.admin_unit_id)
+        organization = db.session.get(AdminUnit, self.admin_unit_id)
        self.dump_item(organization, OrganizationDumpSchema(), "organization")
        self.dump_image(organization.logo)

--- a/project/services/event.py
+++ b/project/services/event.py
@ -4,7 +4,7 @@ from datetime import datetime
 import icalendar
 from dateutil.relativedelta import relativedelta
 from flask import url_for
-from flask_babelex import format_date, format_time, gettext
+from flask_babel import format_date, format_time, gettext
 from icalendar.prop import vDDDLists
 from sqlalchemy import and_, case, func, or_
 from sqlalchemy.orm import (
--- a/project/static/ext/bootstrap.4.4.1.min.css
+++ b/project/static/ext/bootstrap.4.4.1.min.css
--- a/project/static/ext/bootstrap.4.4.1.min.js
+++ b/project/static/ext/bootstrap.4.4.1.min.js
--- a/project/static/ext/bootstrap.4.6.2.min.css
+++ b/project/static/ext/bootstrap.4.6.2.min.css
--- a/project/static/ext/bootstrap.4.6.2.min.js
+++ b/project/static/ext/bootstrap.4.6.2.min.js
--- a/project/static/ext/jquery-1.12.4.min.js
+++ b/project/static/ext/jquery-1.12.4.min.js
--- a/project/static/ext/jquery-3.6.4.js
+++ b/project/static/ext/jquery-3.6.4.js
--- a/project/static/ext/jquery-3.6.4.min.js
+++ b/project/static/ext/jquery-3.6.4.min.js
--- a/project/static/ext/materialdesignicons.6.5.95.min.css
+++ b/project/static/ext/materialdesignicons.6.5.95.min.css
--- a/project/static/ext/vuetify.2.6.2.js
+++ b/project/static/ext/vuetify.2.6.2.js
--- a/project/static/ext/vuetify.2.6.2.min.css
+++ b/project/static/ext/vuetify.2.6.2.min.css
--- a/project/static/fonts/materialdesignicons-webfont.eot
+++ b/project/static/fonts/materialdesignicons-webfont.eot
--- a/project/static/fonts/materialdesignicons-webfont.ttf
+++ b/project/static/fonts/materialdesignicons-webfont.ttf
--- a/project/static/fonts/materialdesignicons-webfont.woff
+++ b/project/static/fonts/materialdesignicons-webfont.woff
--- a/project/static/fonts/materialdesignicons-webfont.woff2
+++ b/project/static/fonts/materialdesignicons-webfont.woff2
--- a/project/static/jquery.recurrenceinput.js
+++ b/project/static/jquery.recurrenceinput.js
@ -1035,7 +1035,7 @@
                    for (d = 0; d < conf.weekdays.length; d++) {
                        day = conf.weekdays[d];
                        input = field.find('input[name=riweeklyweekdays' + day + ']');
-                        input.attr('checked', $.inArray(day, byday) !== -1);
+                        input.prop('checked', $.inArray(day, byday) !== -1);
                    }
                    break;

@ -1077,7 +1077,7 @@
                    selectors = field.find('input[name=rimonthlytype]');
                    for (index = 0; index < selectors.length; index++) {
                        radiobutton = selectors[index];
-                        $(radiobutton).attr('checked', radiobutton.value === monthlyType);
+                        $(radiobutton).prop('checked', radiobutton.value === monthlyType);
                    }
                    break;

@ -1120,7 +1120,7 @@
                    selectors = field.find('input[name=riyearlyType]');
                    for (index = 0; index < selectors.length; index++) {
                        radiobutton = selectors[index];
-                        $(radiobutton).attr('checked', radiobutton.value === yearlyType);
+                        $(radiobutton).prop('checked', radiobutton.value === yearlyType);
                    }
                    break;

@ -1145,7 +1145,7 @@
                    selectors = field.find('input[name=rirangetype]');
                    for (index = 0; index <  selectors.length; index++) {
                        radiobutton = selectors[index];
-                        $(radiobutton).attr('checked', radiobutton.value === rangeType);
+                        $(radiobutton).prop('checked', radiobutton.value === rangeType);
                    }
                    break;
                }
--- a/project/static/widget/calendar.html
+++ b/project/static/widget/calendar.html
@ -3,8 +3,8 @@
 <head>
  <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no, minimal-ui">
  <link rel="stylesheet" type="text/css" href="/static/widget/calendar.css">
-  <link href="https://cdn.jsdelivr.net/npm/@mdi/font@6.5.95/css/materialdesignicons.min.css" rel="stylesheet">
-  <link href="https://cdn.jsdelivr.net/npm/vuetify@2.6.2/dist/vuetify.min.css" rel="stylesheet">
+  <link href="/static/ext/materialdesignicons.6.5.95.min.css" rel="stylesheet">
+  <link href="/static/ext/vuetify.2.6.2.min.css" rel="stylesheet">
  <style>
    [v-cloak] {
       display: none;
@ -90,10 +90,10 @@
    </template>
  </div>

-  <script src="https://cdn.jsdelivr.net/npm/vue@2.6.14/dist/vue.js"></script>
-  <script src="https://cdn.jsdelivr.net/npm/vuetify@2.6.2/dist/vuetify.js"></script>
-  <script src="https://unpkg.com/axios@0.21.1/dist/axios.min.js"></script>
-  <script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.24.0/moment-with-locales.min.js" integrity="sha256-AdQN98MVZs44Eq2yTwtoKufhnU+uZ7v2kXnD5vqzZVo=" crossorigin="anonymous"></script>
+  <script src="/static/ext/vue.2.6.14.js"></script>
+  <script src="/static/ext/vuetify.2.6.2.js"></script>
+  <script src="/static/ext/axios.0.21.1.min.js"></script>
+  <script src="/static/ext/moment.2.24.0.with-locales.min.js"></script>
  <script>
      axios.defaults.baseURL = window.location.origin;
      moment.locale("de");
@ -268,6 +268,6 @@ Vue.component('event-warning-pills', {
        }
    }
  </script>
-  <script src="https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.3.2/iframeResizer.contentWindow.min.js" integrity="sha512-14SY6teTzhrLWeL55Q4uCyxr6GQOxF3pEoMxo2mBxXwPRikdMtzKMYWy2B5Lqjr6PHHoGOxZgPaxUYKQrSmu0A==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
+  <script src="/static/ext/iframeResizer.4.3.2.contentWindow.min.js"></script>
 </body>
 </html>
--- a/project/static/widget/search.html
+++ b/project/static/widget/search.html
@ -5,20 +5,20 @@
    <meta name="viewport" content="width=device-width,initial-scale=1.0">
    <title>Event calendar widget</title>

-    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css" integrity="sha384-Vkoo8x4CGsO3+Hhxv8T/Q5PaXtkKtu6ug5TOeNV6gBiFeWPGFN9MuhOf23Q9Ifjh" crossorigin="anonymous">
-    <link type="text/css" rel="stylesheet" href="https://unpkg.com/bootstrap-vue@2.21.2/dist/bootstrap-vue.min.css" />
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.1/css/all.min.css">
+    <link rel="stylesheet" href="/static/ext/bootstrap.4.6.2.min.css">
+    <link type="text/css" rel="stylesheet" href="/static/ext/bootstrap-vue.2.21.2.min.css" />
+    <link rel="stylesheet" href="/static/ext/font-awesome.5.13.1/css/all.min.css">
    <style>
        [v-cloak] {
           display: none;
        }
    </style>

-    <script src="https://unpkg.com/vue@2.6.14/dist/vue.js"></script>
-    <script src="https://unpkg.com/vue-i18n@8.25.0/dist/vue-i18n.min.js"></script>
-    <script src="https://unpkg.com/axios@0.21.1/dist/axios.min.js"></script>
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.24.0/moment-with-locales.min.js" integrity="sha256-AdQN98MVZs44Eq2yTwtoKufhnU+uZ7v2kXnD5vqzZVo=" crossorigin="anonymous"></script>
-    <script src="https://unpkg.com/bootstrap-vue@2.21.2/dist/bootstrap-vue.min.js"></script>
+    <script src="/static/ext/vue.2.6.14.min.js"></script>
+    <script src="/static/ext/vue-i18n.8.25.0.min.js"></script>
+    <script src="/static/ext/axios.0.21.1.min.js"></script>
+    <script src="/static/ext/moment.2.24.0.with-locales.min.js"></script>
+    <script src="/static/ext/bootstrap-vue.2.21.2.min.js"></script>
  </head>
  <body>
    <div id="app" v-cloak>
@ -527,6 +527,6 @@ window.iFrameResizer = {
 }
    </script>

-    <script src="https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.3.2/iframeResizer.contentWindow.min.js" integrity="sha512-14SY6teTzhrLWeL55Q4uCyxr6GQOxF3pEoMxo2mBxXwPRikdMtzKMYWy2B5Lqjr6PHHoGOxZgPaxUYKQrSmu0A==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
+    <script src="/static/ext/iframeResizer.4.3.2.contentWindow.min.js"></script>
  </body>
 </html>
--- a/project/templates/admin/users.html
+++ b/project/templates/admin/users.html
@ -19,7 +19,6 @@
                <th>{{ _('Email') }}</th>
                <th>created_at</th>
                <th>confirmed_at</th>
-                <th>current_login_at</th>
                <th></th>
            </tr>
        </thead>
@ -29,7 +28,6 @@
                    <td>{{ user.email }}</td>
                    <td>{% if user.created_at %}{{ user.created_at | dateformat }}{% endif %}</td>
                    <td>{% if user.confirmed_at %}{{ user.confirmed_at | dateformat }}{% endif %}</td>
-                    <td>{% if user.current_login_at %}{{ user.current_login_at | dateformat }}{% endif %}</td>
                    <td>
                        <a href="{{ url_for('admin_user_update', id=user.id) }}">{{ _('Edit') }}</a>
                        <a href="{{ url_for('admin_user_delete', id=user.id) }}">{{ _('Delete') }}</a>
--- a/project/templates/layout.html
+++ b/project/templates/layout.html
@ -43,14 +43,19 @@
    <link rel="icon" type="image/png" sizes="16x16" href="{{ url_for('static', filename='apple-touch-icon.png')}}">
    <link rel="manifest" href="{{ url_for('static', filename='site.webmanifest')}}">

-    <link rel="stylesheet" href="{{ url_for('static', filename='ext/bootstrap.4.4.1.min.css')}}">
+    <link rel="stylesheet" href="{{ url_for('static', filename='ext/bootstrap.4.6.2.min.css')}}">
    <link rel="stylesheet" href="{{ url_for('static', filename='ext/font-awesome.5.13.1/css/all.min.css')}}">
    <link rel="stylesheet" type="text/css" href="{{ url_for('static', filename='site.css')}}" />

    {%- block styles %}
    {%- endblock styles %}

-    <script src="{{ url_for('static', filename='ext/jquery-1.12.4.min.js')}}"></script>
+    {% if False | env_override('FLASK_DEBUG') %}
+    <script src="{{ url_for('static', filename='ext/jquery-3.6.4.js')}}"></script>
+    {% else %}
+    <script src="{{ url_for('static', filename='ext/jquery-3.6.4.min.js')}}"></script>
+    {% endif %}
+
    <script src="{{ url_for('static', filename='ext/moment.2.24.0.with-locales.min.js')}}"></script>

    {% block header_before_site_js %}
@ -319,7 +324,7 @@
      </div>

      <script src="{{ url_for('static', filename='ext/popper.1.16.0.min.js')}}"></script>
-      <script src="{{ url_for('static', filename='ext/bootstrap.4.4.1.min.js')}}"></script>
+      <script src="{{ url_for('static', filename='ext/bootstrap.4.6.2.min.js')}}"></script>
      {% block scripts %}
      {%- endblock scripts %}
    {%- endblock body %}
--- a/project/utils.py
+++ b/project/utils.py
@ -1,7 +1,7 @@
 import os
 import pathlib

-from flask_babelex import lazy_gettext
+from flask_babel import lazy_gettext
 from psycopg2.errorcodes import CHECK_VIOLATION, UNIQUE_VIOLATION
 from sqlalchemy.exc import IntegrityError
 from sqlalchemy.orm.base import NO_CHANGE, object_state
--- a/project/views/admin.py
+++ b/project/views/admin.py
@ -1,6 +1,6 @@
 from celery import group
 from flask import flash, redirect, render_template, request, url_for
-from flask_babelex import gettext
+from flask_babel import gettext
 from flask_security import roles_required
 from sqlalchemy.exc import SQLAlchemyError
 from sqlalchemy.sql import func
--- a/project/views/admin_unit.py
+++ b/project/views/admin_unit.py
@ -1,5 +1,5 @@
 from flask import flash, redirect, render_template, request, url_for
-from flask_babelex import gettext
+from flask_babel import gettext
 from flask_security import auth_required, current_user
 from sqlalchemy.exc import SQLAlchemyError

--- a/project/views/admin_unit_member.py
+++ b/project/views/admin_unit_member.py
@ -1,5 +1,5 @@
 from flask import flash, redirect, render_template, url_for
-from flask_babelex import gettext
+from flask_babel import gettext
 from flask_security import auth_required
 from sqlalchemy.exc import SQLAlchemyError

--- a/project/views/admin_unit_member_invitation.py
+++ b/project/views/admin_unit_member_invitation.py
@ -1,5 +1,5 @@
 from flask import flash, redirect, render_template, url_for
-from flask_babelex import gettext
+from flask_babel import gettext
 from flask_security import auth_required, current_user
 from sqlalchemy.exc import SQLAlchemyError

--- a/project/views/event.py
+++ b/project/views/event.py
@ -1,8 +1,7 @@
-import json
 from datetime import datetime

 from flask import Response, flash, jsonify, redirect, render_template, request, url_for
-from flask_babelex import gettext
+from flask_babel import gettext
 from flask_security import auth_required, current_user
 from sqlalchemy.exc import SQLAlchemyError

@ -17,7 +16,7 @@ from project.access import (
 )
 from project.dateutils import create_icalendar, get_next_full_hour
 from project.forms.event import CreateEventForm, DeleteEventForm, UpdateEventForm
-from project.jsonld import DateTimeEncoder, get_sd_for_event_date
+from project.jsonld import get_sd_for_event_date
 from project.models import (
    AdminUnit,
    Event,
@ -64,9 +63,7 @@ def event(event_id):

    structured_datas = list()
    for event_date in dates:
-        structured_data = json.dumps(
-            get_sd_for_event_date(event_date), indent=2, cls=DateTimeEncoder
-        )
+        structured_data = app.json.dumps(get_sd_for_event_date(event_date), indent=2)
        structured_datas.append(structured_data)

    return render_template(
@ -294,7 +291,7 @@ def get_event_category_choices():

 def prepare_event_place(form):
    if form.event_place_id.data and form.event_place_id.data > 0:
-        place = EventPlace.query.get(form.event_place_id.data)
+        place = db.session.get(EventPlace, form.event_place_id.data)

        if place:
            form.event_place_id.choices = [(place.id, get_place_str(place))]
@ -305,7 +302,7 @@ def prepare_event_place(form):

 def prepare_organizer(form):
    if form.organizer_id.data and form.organizer_id.data > 0:
-        organizer = EventOrganizer.query.get(form.organizer_id.data)
+        organizer = db.session.get(EventOrganizer, form.organizer_id.data)

        if organizer:
            form.organizer_id.choices = [(organizer.id, organizer.name)]
--- a/project/views/event_date.py
+++ b/project/views/event_date.py
@ -1,5 +1,3 @@
-import json
-
 from flask import render_template, request, url_for
 from flask.wrappers import Response

@ -7,7 +5,7 @@ from project import app
 from project.access import can_read_event_or_401
 from project.dateutils import create_icalendar
 from project.forms.event_date import FindEventDateForm
-from project.jsonld import DateTimeEncoder, get_sd_for_event_date
+from project.jsonld import get_sd_for_event_date
 from project.services.event import (
    create_ical_event_for_date,
    get_event_date_with_details_or_404,
@ -50,9 +48,7 @@ def event_date(id):
    event_date = get_event_date_with_details_or_404(id)
    can_read_event_or_401(event_date.event)

-    structured_data = json.dumps(
-        get_sd_for_event_date(event_date), indent=2, cls=DateTimeEncoder
-    )
+    structured_data = app.json.dumps(get_sd_for_event_date(event_date), indent=2)

    url = url_for("event_date", id=id, _external=True)
    share_links = get_share_links(url, event_date.event.name)
--- a/project/views/event_place.py
+++ b/project/views/event_place.py
@ -1,5 +1,5 @@
 from flask import flash, redirect, render_template, url_for
-from flask_babelex import gettext
+from flask_babel import gettext
 from flask_security import auth_required
 from sqlalchemy.exc import SQLAlchemyError

--- a/project/views/event_suggestion.py
+++ b/project/views/event_suggestion.py
@ -1,5 +1,5 @@
 from flask import flash, redirect, render_template, url_for
-from flask_babelex import gettext
+from flask_babel import gettext
 from flask_security import auth_required
 from sqlalchemy.exc import SQLAlchemyError

--- a/project/views/image.py
+++ b/project/views/image.py
@ -42,7 +42,7 @@ def image(id, hash=None):
    # Save from database to disk
    make_dir(img_path)
    img = get_image_from_bytes(image.data)
-    img.thumbnail((width, height), PIL.Image.ANTIALIAS)
+    img.thumbnail((width, height), PIL.Image.Resampling.LANCZOS)
    img.save(file_path)

    # Load from disk
--- a/project/views/js.py
+++ b/project/views/js.py
@ -1,6 +1,6 @@
 from flask import request
 from flask.json import jsonify
-from flask_babelex import gettext
+from flask_babel import gettext
 from flask_security import url_for_security
 from flask_security.utils import localize_callback

--- a/project/views/manage.py
+++ b/project/views/manage.py
@ -1,5 +1,5 @@
 from flask import flash, redirect, render_template, request, url_for
-from flask_babelex import gettext
+from flask_babel import gettext
 from flask_security import auth_required, current_user
 from sqlalchemy.exc import SQLAlchemyError
 from sqlalchemy.sql import desc, func
--- a/project/views/oauth2_client.py
+++ b/project/views/oauth2_client.py
@ -1,5 +1,5 @@
 from flask import flash, redirect, render_template, url_for
-from flask_babelex import gettext
+from flask_babel import gettext
 from flask_security import current_user, permissions_required
 from sqlalchemy.exc import SQLAlchemyError

--- a/project/views/oauth2_token.py
+++ b/project/views/oauth2_token.py
@ -1,5 +1,5 @@
 from flask import flash, redirect, render_template, url_for
-from flask_babelex import gettext
+from flask_babel import gettext
 from flask_security import auth_required, current_user
 from sqlalchemy.exc import SQLAlchemyError

--- a/project/views/organizer.py
+++ b/project/views/organizer.py
@ -1,5 +1,5 @@
 from flask import Response, flash, redirect, render_template, url_for
-from flask_babelex import gettext
+from flask_babel import gettext
 from flask_security import auth_required
 from sqlalchemy.exc import SQLAlchemyError

--- a/project/views/reference.py
+++ b/project/views/reference.py
@ -1,5 +1,5 @@
 from flask import abort, flash, redirect, render_template, url_for
-from flask_babelex import gettext
+from flask_babel import gettext
 from flask_security import auth_required
 from sqlalchemy.exc import SQLAlchemyError
 from sqlalchemy.sql import desc
--- a/project/views/reference_request.py
+++ b/project/views/reference_request.py
@ -1,5 +1,5 @@
 from flask import abort, flash, redirect, render_template, url_for
-from flask_babelex import gettext
+from flask_babel import gettext
 from flask_security import auth_required
 from sqlalchemy.exc import SQLAlchemyError
 from sqlalchemy.sql import desc
--- a/project/views/reference_request_review.py
+++ b/project/views/reference_request_review.py
@ -1,5 +1,5 @@
 from flask import abort, flash, redirect, render_template, url_for
-from flask_babelex import gettext
+from flask_babel import gettext
 from flask_security import auth_required
 from sqlalchemy.exc import SQLAlchemyError

--- a/project/views/root.py
+++ b/project/views/root.py
@ -2,7 +2,7 @@ import json
 import os.path

 from flask import render_template, request, send_from_directory, url_for
-from flask_babelex import gettext
+from flask_babel import gettext
 from markupsafe import Markup
 from sqlalchemy import text

--- a/project/views/user.py
+++ b/project/views/user.py
@ -1,5 +1,5 @@
 from flask import flash, redirect, render_template, url_for
-from flask_babelex import gettext
+from flask_babel import gettext
 from flask_security import auth_required, current_user
 from sqlalchemy.exc import SQLAlchemyError

--- a/project/views/utils.py
+++ b/project/views/utils.py
@ -1,7 +1,7 @@
 from urllib.parse import quote_plus

 from flask import Markup, flash, g, redirect, render_template, request, url_for
-from flask_babelex import gettext
+from flask_babel import gettext
 from flask_login.utils import decode_cookie
 from flask_mail import Message
 from flask_security import current_user
--- a/project/views/widget.py
+++ b/project/views/widget.py
@ -1,7 +1,5 @@
-import json
-
 from flask import flash, redirect, render_template, request, url_for
-from flask_babelex import gettext
+from flask_babel import gettext
 from flask_security import current_user
 from sqlalchemy.exc import SQLAlchemyError
 from sqlalchemy.sql import func
@ -15,7 +13,7 @@ from project.access import (
 from project.dateutils import get_next_full_hour
 from project.forms.event_date import FindEventDateForm
 from project.forms.event_suggestion import CreateEventSuggestionForm
-from project.jsonld import DateTimeEncoder, get_sd_for_event_date
+from project.jsonld import get_sd_for_event_date
 from project.models import AdminUnit, EventOrganizer, EventReviewStatus, EventSuggestion
 from project.services.event import (
    get_event_date_with_details_or_404,
@ -75,9 +73,7 @@ def widget_event_date(au_short_name, id):

    event_date = get_event_date_with_details_or_404(id)
    can_read_event_or_401(event_date.event)
-    structured_data = json.dumps(
-        get_sd_for_event_date(event_date), indent=2, cls=DateTimeEncoder
-    )
+    structured_data = app.json.dumps(get_sd_for_event_date(event_date), indent=2)

    url = url_for("event_date", id=id, _external=True)
    share_links = get_share_links(url, event_date.event.name)
--- a/pytest.ini
+++ b/pytest.ini
@ -0,0 +1,5 @@
+[pytest]
+filterwarnings =
+    ignore
+    default:::project
+    ignore::sqlalchemy.exc.LegacyAPIWarning
--- a/requirements.txt
+++ b/requirements.txt
@ -10,7 +10,7 @@ arrow==1.2.3
 async-timeout==4.0.2
 attrs==20.3.0
 Authlib==1.2.0
-Babel==2.9.1
+Babel==2.12.1
 bcrypt==4.0.1
 beautifulsoup4==4.12.2
 billiard==3.6.4.0
@ -42,7 +42,7 @@ filelock==3.11.0
 flake8==6.0.0
 Flask==2.2.3
 flask-apispec==0.11.4
-Flask-BabelEx==0.9.4
+flask-babel==3.1.0
 Flask-Bootstrap==3.3.7.1
 Flask-Cors==3.0.10
 Flask-Dance==6.2.0
--- a/tests/api/test_custom_widget.py
+++ b/tests/api/test_custom_widget.py
@ -8,7 +8,7 @@ def test_read(client, seeder, utils):
    assert response.json["settings"]["color"] == "black"


-def test_put(client, seeder, utils, app):
+def test_put(client, seeder, utils, app, db):
    _, admin_unit_id = seeder.setup_api_access()
    custom_widget_id = seeder.insert_event_custom_widget(admin_unit_id)

@ -19,12 +19,12 @@ def test_put(client, seeder, utils, app):
    with app.app_context():
        from project.models import CustomWidget

-        custom_widget = CustomWidget.query.get(custom_widget_id)
+        custom_widget = db.session.get(CustomWidget, custom_widget_id)
        assert custom_widget.name == "Neuer Name"
        assert custom_widget.widget_type == "search"


-def test_patch(client, seeder, utils, app):
+def test_patch(client, seeder, utils, app, db):
    _, admin_unit_id = seeder.setup_api_access()
    custom_widget_id = seeder.insert_event_custom_widget(admin_unit_id)

@ -35,12 +35,12 @@ def test_patch(client, seeder, utils, app):
    with app.app_context():
        from project.models import CustomWidget

-        custom_widget = CustomWidget.query.get(custom_widget_id)
+        custom_widget = db.session.get(CustomWidget, custom_widget_id)
        assert custom_widget.name == "Neuer Name"
        assert custom_widget.widget_type == "search"


-def test_delete(client, seeder, utils, app):
+def test_delete(client, seeder, utils, app, db):
    _, admin_unit_id = seeder.setup_api_access()
    custom_widget_id = seeder.insert_event_custom_widget(admin_unit_id)

@ -51,5 +51,5 @@ def test_delete(client, seeder, utils, app):
    with app.app_context():
        from project.models import CustomWidget

-        custom_widget = CustomWidget.query.get(custom_widget_id)
+        custom_widget = db.session.get(CustomWidget, custom_widget_id)
        assert custom_widget is None
--- a/tests/api/test_event.py
+++ b/tests/api/test_event.py
@ -13,7 +13,7 @@ def test_read(client, app, db, seeder, utils):
        from project.models import Event, EventStatus
        from project.services.event import update_event

-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        event.status = EventStatus.scheduled

        update_event(event)
@ -180,7 +180,7 @@ def create_put(
@pytest.mark.parametrize(
    "variant", ["normal", "legacy", "recurrence", "two_date_definitions"]
 )
-def test_put(client, seeder, utils, app, mocker, variant):
+def test_put(client, seeder, utils, app, db, mocker, variant):
    user_id, admin_unit_id = seeder.setup_api_access()
    event_id = seeder.create_event(admin_unit_id)
    place_id = seeder.upsert_default_event_place(admin_unit_id)
@ -227,7 +227,7 @@ def test_put(client, seeder, utils, app, mocker, variant):
            EventTargetGroupOrigin,
        )

-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        assert event.name == "Neuer Name"
        assert event.event_place_id == place_id
        assert event.organizer_id == organizer_id
@ -353,7 +353,7 @@ def test_put_organizerFromAnotherAdminUnit(client, seeder, utils, app):
    utils.assert_response_api_error(response, "Check Violation")


-def test_put_co_organizers(client, seeder, utils, app):
+def test_put_co_organizers(client, seeder, utils, app, db):
    user_id, admin_unit_id = seeder.setup_api_access()
    event_id = seeder.create_event(admin_unit_id)
    place_id = seeder.upsert_default_event_place(admin_unit_id)
@ -374,7 +374,7 @@ def test_put_co_organizers(client, seeder, utils, app):
    with app.app_context():
        from project.models import Event

-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        assert len(event.co_organizers) == 2
        assert event.co_organizers[0].id == organizer_a_id
        assert event.co_organizers[1].id == organizer_b_id
@ -443,7 +443,7 @@ def test_put_durationMoreThanMaxAllowedDuration(client, seeder, utils, app):
    utils.assert_response_bad_request(response)


-def test_put_categories(client, seeder, utils, app):
+def test_put_categories(client, seeder, utils, app, db):
    user_id, admin_unit_id = seeder.setup_api_access()
    event_id = seeder.create_event(admin_unit_id)
    place_id = seeder.upsert_default_event_place(admin_unit_id)
@ -460,11 +460,11 @@ def test_put_categories(client, seeder, utils, app):
    with app.app_context():
        from project.models import Event

-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        assert event.category.name == "Art"


-def test_put_dateWithTimezone(client, seeder, utils, app):
+def test_put_dateWithTimezone(client, seeder, utils, app, db):
    from project.dateutils import create_berlin_date

    user_id, admin_unit_id = seeder.setup_api_access()
@ -483,11 +483,11 @@ def test_put_dateWithTimezone(client, seeder, utils, app):

        expected = create_berlin_date(2030, 12, 31, 14, 30)

-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        assert event.date_definitions[0].start == expected


-def test_put_dateWithoutTimezone(client, seeder, utils, app):
+def test_put_dateWithoutTimezone(client, seeder, utils, app, db):
    from project.dateutils import create_berlin_date

    user_id, admin_unit_id = seeder.setup_api_access()
@ -506,7 +506,7 @@ def test_put_dateWithoutTimezone(client, seeder, utils, app):

        expected = create_berlin_date(2030, 12, 31, 14, 30)

-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        assert event.date_definitions[0].start == expected


@ -552,7 +552,7 @@ def test_put_referencedEventNonDirtyUpdate_doesNotSendMail(
    mail_mock.assert_not_called()


-def test_patch(client, seeder, utils, app):
+def test_patch(client, seeder, utils, app, db):
    user_id, admin_unit_id = seeder.setup_api_access()
    event_id = seeder.create_event(admin_unit_id)

@ -563,12 +563,12 @@ def test_patch(client, seeder, utils, app):
    with app.app_context():
        from project.models import Event

-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        assert event.name == "Name"
        assert event.description == "Neu"


-def test_patch_startAfterEnd(client, seeder, utils, app):
+def test_patch_startAfterEnd(client, seeder, utils, app, db):
    user_id, admin_unit_id = seeder.setup_api_access()
    event_id = seeder.create_event(admin_unit_id)

@ -601,7 +601,7 @@ def test_patch_referencedEventUpdate_sendsMail(client, seeder, utils, app, mocke
    utils.assert_send_mail_called(mail_mock, "other@test.de")


-def test_patch_photo(client, seeder, utils, app, requests_mock):
+def test_patch_photo(client, seeder, utils, app, db, requests_mock):
    user_id, admin_unit_id = seeder.setup_api_access()
    event_id = seeder.create_event(admin_unit_id)

@ -619,7 +619,7 @@ def test_patch_photo(client, seeder, utils, app, requests_mock):
    with app.app_context():
        from project.models import Event

-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        assert event.photo is not None
        assert event.photo.encoding_format == "image/png"

@ -640,7 +640,7 @@ def test_patch_photo_copyright(client, db, seeder, utils, app):
    with app.app_context():
        from project.models import Event

-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        assert event.photo.id == image_id
        assert event.photo.data is not None
        assert event.photo.copyright_text == "Heiner"
@ -662,14 +662,14 @@ def test_patch_photo_delete(client, db, seeder, utils, app):
    with app.app_context():
        from project.models import Event, Image

-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        assert event.photo_id is None

-        image = Image.query.get(image_id)
+        image = db.session.get(Image, image_id)
        assert image is None


-def test_delete(client, seeder, utils, app):
+def test_delete(client, seeder, utils, app, db):
    user_id, admin_unit_id = seeder.setup_api_access()
    event_id = seeder.create_event(admin_unit_id)

@ -680,7 +680,7 @@ def test_delete(client, seeder, utils, app):
    with app.app_context():
        from project.models import Event

-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        assert event is None


--- a/tests/api/test_event_date.py
+++ b/tests/api/test_event_date.py
@ -102,7 +102,7 @@ def test_search(client, seeder, utils, app, db):
    with app.app_context():
        from project.models import Event, EventStatus

-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        event.status = EventStatus.cancelled
        db.session.commit()

--- a/tests/api/test_event_list.py
+++ b/tests/api/test_event_list.py
@ -7,7 +7,7 @@ def test_read(client, app, db, seeder, utils):
    assert response.json["id"] == event_list_id


-def test_put(client, seeder, utils, app):
+def test_put(client, seeder, utils, app, db):
    _, admin_unit_id = seeder.setup_api_access()
    event_list_id = seeder.create_event_list(admin_unit_id)

@ -18,11 +18,11 @@ def test_put(client, seeder, utils, app):
    with app.app_context():
        from project.models import EventList

-        event_list = EventList.query.get(event_list_id)
+        event_list = db.session.get(EventList, event_list_id)
        assert event_list.name == "Neuer Name"


-def test_patch(client, seeder, utils, app):
+def test_patch(client, seeder, utils, app, db):
    _, admin_unit_id = seeder.setup_api_access()
    event_list_id = seeder.create_event_list(admin_unit_id)

@ -33,11 +33,11 @@ def test_patch(client, seeder, utils, app):
    with app.app_context():
        from project.models import EventList

-        event_list = EventList.query.get(event_list_id)
+        event_list = db.session.get(EventList, event_list_id)
        assert event_list.name == "Neuer Name"


-def test_delete(client, seeder, utils, app):
+def test_delete(client, seeder, utils, app, db):
    _, admin_unit_id = seeder.setup_api_access()
    event_list_id = seeder.create_event_list(admin_unit_id)

@ -48,7 +48,7 @@ def test_delete(client, seeder, utils, app):
    with app.app_context():
        from project.models import EventList

-        event_list = EventList.query.get(event_list_id)
+        event_list = db.session.get(EventList, event_list_id)
        assert event_list is None


@ -63,7 +63,7 @@ def test_events(client, seeder, utils):
    assert response.json["items"][0]["id"] == event_id


-def test_events_put(client, seeder, utils, app):
+def test_events_put(client, seeder, utils, app, db):
    _, admin_unit_id = seeder.setup_api_access()
    event_id = seeder.create_event(admin_unit_id)
    event_list_id = seeder.create_event_list(admin_unit_id)
@ -77,12 +77,12 @@ def test_events_put(client, seeder, utils, app):
    with app.app_context():
        from project.models import EventList

-        event_list = EventList.query.get(event_list_id)
+        event_list = db.session.get(EventList, event_list_id)
        assert len(event_list.events) == 1
        assert event_list.events[0].id == event_id


-def test_events_delete(client, seeder, utils, app):
+def test_events_delete(client, seeder, utils, app, db):
    _, admin_unit_id = seeder.setup_api_access()
    event_id = seeder.create_event(admin_unit_id)
    event_list_id = seeder.create_event_list(admin_unit_id, event_id)
@ -96,8 +96,8 @@ def test_events_delete(client, seeder, utils, app):
    with app.app_context():
        from project.models import Event, EventList

-        event_list = EventList.query.get(event_list_id)
+        event_list = db.session.get(EventList, event_list_id)
        assert len(event_list.events) == 0

-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        assert event is not None
--- a/tests/api/test_organization.py
+++ b/tests/api/test_organization.py
@ -215,7 +215,7 @@ def test_events_post(client, seeder, utils, app, variant):
            assert len(event.date_definitions) == 1


-def test_events_post_co_organizers(client, seeder, utils, app):
+def test_events_post_co_organizers(client, seeder, utils, app, db):
    url, data, admin_unit_id, place_id, organizer_id = prepare_events_post_data(
        seeder, utils
    )
@ -233,7 +233,7 @@ def test_events_post_co_organizers(client, seeder, utils, app):
    with app.app_context():
        from project.models import Event

-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        assert len(event.co_organizers) == 2
        assert event.co_organizers[0].id == organizer_a_id
        assert event.co_organizers[1].id == organizer_b_id
@ -267,7 +267,7 @@ def test_events_post_photo_too_small(client, seeder, utils, app):
    assert error["message"] == "Image is too small (1x1px). At least 320x320px."


-def test_events_import(client, seeder, utils, app, shared_datadir):
+def test_events_import(client, seeder, utils, app, db, shared_datadir):
    external_url = "https://www.harzinfo.de/event/xy"
    utils.mock_get_request_with_file(
        external_url, shared_datadir, "harzinfo_biathlon.html"
@ -284,7 +284,7 @@ def test_events_import(client, seeder, utils, app, shared_datadir):
    with app.app_context():
        from project.models import Event

-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        assert "lädt" in event.description

    # 422
@ -459,7 +459,7 @@ def test_outgoing_relation_list_notAuthenticated(client, seeder, utils):
    utils.assert_response_unauthorized(response)


-def test_outgoing_relation_post(client, app, seeder, utils):
+def test_outgoing_relation_post(client, app, seeder, utils, db):
    user_id, admin_unit_id = seeder.setup_api_access()
    other_user_id = seeder.create_user("other@test.de")
    other_admin_unit_id = seeder.create_admin_unit(other_user_id, "Other Crew")
@ -480,7 +480,7 @@ def test_outgoing_relation_post(client, app, seeder, utils):
    with app.app_context():
        from project.models import AdminUnitRelation

-        relation = AdminUnitRelation.query.get(int(response.json["id"]))
+        relation = db.session.get(AdminUnitRelation, int(response.json["id"]))
        assert relation is not None
        assert relation.source_admin_unit_id == admin_unit_id
        assert relation.target_admin_unit_id == other_admin_unit_id
@ -535,7 +535,7 @@ def test_organization_invitation_list(client, seeder, utils):
    assert response.json["items"][0]["organization_name"] == "Invited Organization"


-def test_organization_invitation_list_post(client, app, seeder, utils, mocker):
+def test_organization_invitation_list_post(client, app, seeder, db, utils, mocker):
    mail_mock = utils.mock_send_mails(mocker)
    _, admin_unit_id = seeder.setup_api_access()

@ -558,7 +558,7 @@ def test_organization_invitation_list_post(client, app, seeder, utils, mocker):
    with app.app_context():
        from project.models import AdminUnitInvitation

-        invitation = AdminUnitInvitation.query.get(invitation_id)
+        invitation = db.session.get(AdminUnitInvitation, invitation_id)
        assert invitation is not None
        assert invitation.admin_unit_id == admin_unit_id
        assert invitation.email == "invited@test.de"
--- a/tests/api/test_organization_invitation.py
+++ b/tests/api/test_organization_invitation.py
@ -16,7 +16,7 @@ def test_read(client, seeder, utils):
    assert response.json["relation_verify"] is False


-def test_put(client, app, seeder, utils):
+def test_put(client, app, seeder, utils, db):
    _, admin_unit_id = seeder.setup_api_access()
    invitation_id = seeder.create_admin_unit_invitation(admin_unit_id)

@ -36,7 +36,7 @@ def test_put(client, app, seeder, utils):
    with app.app_context():
        from project.models import AdminUnitInvitation

-        invitation = AdminUnitInvitation.query.get(invitation_id)
+        invitation = db.session.get(AdminUnitInvitation, invitation_id)
        assert invitation is not None
        assert invitation.admin_unit_id == admin_unit_id
        assert invitation.email == "invited@test.de"
@ -45,7 +45,7 @@ def test_put(client, app, seeder, utils):
        assert invitation.relation_verify


-def test_patch(client, app, seeder, utils):
+def test_patch(client, app, seeder, utils, db):
    _, admin_unit_id = seeder.setup_api_access()
    invitation_id = seeder.create_admin_unit_invitation(admin_unit_id)

@ -63,13 +63,13 @@ def test_patch(client, app, seeder, utils):
    with app.app_context():
        from project.models import AdminUnitInvitation

-        invitation = AdminUnitInvitation.query.get(invitation_id)
+        invitation = db.session.get(AdminUnitInvitation, invitation_id)
        assert invitation is not None
        assert invitation.admin_unit_id == admin_unit_id
        assert invitation.relation_auto_verify_event_reference_requests


-def test_delete(client, app, seeder, utils):
+def test_delete(client, app, seeder, utils, db):
    _, admin_unit_id = seeder.setup_api_access()
    invitation_id = seeder.create_admin_unit_invitation(admin_unit_id)

@ -83,5 +83,5 @@ def test_delete(client, app, seeder, utils):
    with app.app_context():
        from project.models import AdminUnitInvitation

-        invitation = AdminUnitInvitation.query.get(invitation_id)
+        invitation = db.session.get(AdminUnitInvitation, invitation_id)
        assert invitation is None
--- a/tests/api/test_organization_relation.py
+++ b/tests/api/test_organization_relation.py
@ -47,7 +47,7 @@ def test_put(client, app, seeder, utils, db):
    with app.app_context():
        from project.models import AdminUnit

-        admin_unit = AdminUnit.query.get(admin_unit_id)
+        admin_unit = db.session.get(AdminUnit, admin_unit_id)
        admin_unit.can_verify_other = True
        db.session.commit()

@ -66,7 +66,7 @@ def test_put(client, app, seeder, utils, db):
    with app.app_context():
        from project.models import AdminUnitRelation

-        relation = AdminUnitRelation.query.get(relation_id)
+        relation = db.session.get(AdminUnitRelation, relation_id)
        assert relation is not None
        assert relation.source_admin_unit_id == admin_unit_id
        assert relation.target_admin_unit_id == other_admin_unit_id
@ -74,7 +74,7 @@ def test_put(client, app, seeder, utils, db):
        assert relation.verify


-def test_patch(client, app, seeder, utils):
+def test_patch(client, app, seeder, utils, db):
    user_id, admin_unit_id = seeder.setup_api_access()
    (
        other_user_id,
@ -96,14 +96,14 @@ def test_patch(client, app, seeder, utils):
    with app.app_context():
        from project.models import AdminUnitRelation

-        relation = AdminUnitRelation.query.get(relation_id)
+        relation = db.session.get(AdminUnitRelation, relation_id)
        assert relation is not None
        assert relation.source_admin_unit_id == admin_unit_id
        assert relation.target_admin_unit_id == other_admin_unit_id
        assert relation.auto_verify_event_reference_requests


-def test_delete(client, app, seeder, utils):
+def test_delete(client, app, seeder, utils, db):
    user_id, admin_unit_id = seeder.setup_api_access()
    (
        other_user_id,
@ -121,5 +121,5 @@ def test_delete(client, app, seeder, utils):
    with app.app_context():
        from project.models import AdminUnitRelation

-        relation = AdminUnitRelation.query.get(relation_id)
+        relation = db.session.get(AdminUnitRelation, relation_id)
        assert relation is None
--- a/tests/api/test_organizer.py
+++ b/tests/api/test_organizer.py
@ -6,7 +6,7 @@ def test_read(client, seeder, utils):
    utils.get_ok(url)


-def test_put(client, seeder, utils, app):
+def test_put(client, seeder, utils, app, db):
    user_id, admin_unit_id = seeder.setup_api_access()
    organizer_id = seeder.upsert_default_event_organizer(admin_unit_id)

@ -17,11 +17,11 @@ def test_put(client, seeder, utils, app):
    with app.app_context():
        from project.models import EventOrganizer

-        organizer = EventOrganizer.query.get(organizer_id)
+        organizer = db.session.get(EventOrganizer, organizer_id)
        assert organizer.name == "Neuer Name"


-def test_patch(client, seeder, utils, app):
+def test_patch(client, seeder, utils, app, db):
    user_id, admin_unit_id = seeder.setup_api_access()
    organizer_id = seeder.upsert_default_event_organizer(admin_unit_id)

@ -32,12 +32,12 @@ def test_patch(client, seeder, utils, app):
    with app.app_context():
        from project.models import EventOrganizer

-        organizer = EventOrganizer.query.get(organizer_id)
+        organizer = db.session.get(EventOrganizer, organizer_id)
        assert organizer.name == "Meine Crew"
        assert organizer.phone == "55555"


-def test_delete(client, seeder, utils, app):
+def test_delete(client, seeder, utils, app, db):
    user_id, admin_unit_id = seeder.setup_api_access()
    organizer_id = seeder.upsert_default_event_organizer(admin_unit_id)

@ -48,5 +48,5 @@ def test_delete(client, seeder, utils, app):
    with app.app_context():
        from project.models import EventOrganizer

-        organizer = EventOrganizer.query.get(organizer_id)
+        organizer = db.session.get(EventOrganizer, organizer_id)
        assert organizer is None
--- a/tests/api/test_place.py
+++ b/tests/api/test_place.py
@ -6,7 +6,7 @@ def test_read(client, app, db, seeder, utils):
    utils.get_ok(url)


-def test_put(client, seeder, utils, app):
+def test_put(client, seeder, utils, app, db):
    user_id, admin_unit_id = seeder.setup_api_access()
    place_id = seeder.upsert_default_event_place(admin_unit_id)

@ -17,7 +17,7 @@ def test_put(client, seeder, utils, app):
    with app.app_context():
        from project.models import EventPlace

-        place = EventPlace.query.get(place_id)
+        place = db.session.get(EventPlace, place_id)
        assert place.name == "Neuer Name"


@ -28,7 +28,7 @@ def test_put_nonActiveReturnsUnauthorized(client, seeder, db, utils, app):
    with app.app_context():
        from project.models import User

-        user = User.query.get(user_id)
+        user = db.session.get(User, user_id)
        user.active = False
        db.session.commit()

@ -37,7 +37,7 @@ def test_put_nonActiveReturnsUnauthorized(client, seeder, db, utils, app):
    utils.assert_response_unauthorized(response)


-def test_patch(client, seeder, utils, app):
+def test_patch(client, seeder, utils, app, db):
    user_id, admin_unit_id = seeder.setup_api_access()
    place_id = seeder.upsert_default_event_place(admin_unit_id)

@ -48,7 +48,7 @@ def test_patch(client, seeder, utils, app):
    with app.app_context():
        from project.models import EventPlace

-        place = EventPlace.query.get(place_id)
+        place = db.session.get(EventPlace, place_id)
        assert place.name == "Meine Crew"
        assert place.description == "Klasse"

@ -64,7 +64,7 @@ def test_patch_location(db, seeder, utils, app):
        location.postalCode = "12345"
        location.city = "City"

-        event = EventPlace.query.get(place_id)
+        event = db.session.get(EventPlace, place_id)
        event.location = location
        db.session.commit()

@ -80,12 +80,12 @@ def test_patch_location(db, seeder, utils, app):
    with app.app_context():
        from project.models import EventPlace

-        place = EventPlace.query.get(place_id)
+        place = db.session.get(EventPlace, place_id)
        assert place.location.id == location_id
        assert place.location.postalCode == "54321"


-def test_delete(client, seeder, utils, app):
+def test_delete(client, seeder, utils, app, db):
    user_id, admin_unit_id = seeder.setup_api_access()
    place_id = seeder.upsert_default_event_place(admin_unit_id)

@ -96,5 +96,5 @@ def test_delete(client, seeder, utils, app):
    with app.app_context():
        from project.models import EventPlace

-        place = EventPlace.query.get(place_id)
+        place = db.session.get(EventPlace, place_id)
        assert place is None
--- a/tests/api/test_user.py
+++ b/tests/api/test_user.py
@ -44,7 +44,7 @@ def test_organization_invitation_read_wrongEmail(client, seeder, utils):
    utils.assert_response_unauthorized(response)


-def test_organization_invitation_delete(client, app, seeder, utils):
+def test_organization_invitation_delete(client, app, seeder, utils, db):
    _, admin_unit_id = seeder.setup_base(log_in=False)
    invitation_id = seeder.create_admin_unit_invitation(admin_unit_id)

@ -61,7 +61,7 @@ def test_organization_invitation_delete(client, app, seeder, utils):
    with app.app_context():
        from project.models import AdminUnitInvitation

-        invitation = AdminUnitInvitation.query.get(invitation_id)
+        invitation = db.session.get(AdminUnitInvitation, invitation_id)
        assert invitation is None


--- a/tests/seeder.py
+++ b/tests/seeder.py
@ -292,7 +292,7 @@ class Seeder(object):
        with self._app.app_context():
            from project.models import OAuth2Client

-            oauth2_client = OAuth2Client.query.get(oauth2_client_id)
+            oauth2_client = self._db.session.get(OAuth2Client, oauth2_client_id)
            client_id = oauth2_client.client_id
            client_secret = oauth2_client.client_secret
            scope = oauth2_client.scope
@ -314,7 +314,7 @@ class Seeder(object):
        from project.models import Event

        with self._app.app_context():
-            event = Event.query.get(event_id)
+            event = self._db.session.get(Event, event_id)
            event_date_id = event.dates[0].id

        return event_date_id
@ -400,7 +400,7 @@ class Seeder(object):
        from project.services.event import update_event

        with self._app.app_context():
-            event = Event.query.get(event_id)
+            event = self._db.session.get(Event, event_id)

            date_definition = self.create_event_date_definition(
                start, end, allday, recurrence_rule
@ -501,7 +501,7 @@ class Seeder(object):
        with self._app.app_context():
            from project.models import Event

-            event = Event.query.get(event_id)
+            event = self._db.session.get(Event, event_id)
            event.photo_id = image_id
            self._db.session.commit()

@ -542,8 +542,8 @@ class Seeder(object):
        from project.models import Event, EventList

        with self._app.app_context():
-            event = Event.query.get(event_id)
-            event_list = EventList.query.get(event_list_id)
+            event = self._db.session.get(Event, event_id)
+            event_list = self._db.session.get(EventList, event_list_id)
            event_list.events.append(event)
            self._db.session.commit()

--- a/tests/services/test_event.py
+++ b/tests/services/test_event.py
@ -1,7 +1,7 @@
 import pytest


-def test_update_event_dates_with_recurrence_rule(client, seeder, utils, app):
+def test_update_event_dates_with_recurrence_rule(client, seeder, utils, app, db):
    user_id, admin_unit_id = seeder.setup_base()
    event_id = seeder.create_event(admin_unit_id)

@ -10,7 +10,7 @@ def test_update_event_dates_with_recurrence_rule(client, seeder, utils, app):
        from project.models import Event
        from project.services.event import update_event_dates_with_recurrence_rule

-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        date_definition = event.date_definitions[0]
        date_definition.start = create_berlin_date(2030, 12, 31, 14, 30)
        date_definition.end = create_berlin_date(2030, 12, 31, 16, 30)
@ -55,7 +55,7 @@ def test_update_event_dates_with_recurrence_rule(client, seeder, utils, app):


 def test_update_event_dates_with_recurrence_rule_past(
-    client, seeder, utils, app, mocker
+    client, seeder, utils, app, db, mocker
 ):
    user_id, admin_unit_id = seeder.setup_base()
    event_id = seeder.create_event(admin_unit_id)
@ -67,7 +67,7 @@ def test_update_event_dates_with_recurrence_rule_past(

        utils.mock_now(mocker, 2020, 1, 3)

-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        date_definition = event.date_definitions[0]
        date_definition.start = create_berlin_date(2020, 1, 2, 14, 30)
        date_definition.end = create_berlin_date(2020, 1, 2, 16, 30)
@ -87,7 +87,7 @@ def test_update_event_dates_with_recurrence_rule_past(


 def test_update_event_dates_with_recurrence_rule_past_forever(
-    client, seeder, utils, app, mocker
+    client, seeder, utils, app, db, mocker
 ):
    user_id, admin_unit_id = seeder.setup_base()
    event_id = seeder.create_event(admin_unit_id)
@ -99,7 +99,7 @@ def test_update_event_dates_with_recurrence_rule_past_forever(

        utils.mock_now(mocker, 2020, 1, 3)

-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        date_definition = event.date_definitions[0]
        date_definition.start = create_berlin_date(2019, 1, 1, 14, 30)
        date_definition.end = create_berlin_date(2019, 1, 1, 16, 30)
@ -124,7 +124,7 @@ def test_update_event_dates_with_recurrence_rule_past_forever(


 def test_update_event_dates_with_recurrence_rule_exdate(
-    client, seeder, utils, app, mocker
+    client, seeder, utils, app, db, mocker
 ):
    user_id, admin_unit_id = seeder.setup_base()
    event_id = seeder.create_event(admin_unit_id)
@ -136,7 +136,7 @@ def test_update_event_dates_with_recurrence_rule_exdate(

        utils.mock_now(mocker, 2021, 6, 1)

-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        date_definition = event.date_definitions[0]
        date_definition.start = create_berlin_date(2021, 4, 21, 17, 0)
        date_definition.end = create_berlin_date(2021, 4, 21, 18, 0)
@ -160,7 +160,7 @@ def test_get_meta_data(seeder, app, db):
        from project.models import Event, EventAttendanceMode, Location
        from project.services.event import get_meta_data

-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        event.attendance_mode = EventAttendanceMode.offline

        location = Location()
@ -282,7 +282,7 @@ def test_create_ical_events_for_event(client, app, db, utils, seeder):
        from project.models import Event, EventStatus, Location
        from project.services.event import create_ical_events_for_event

-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        event.description = "This is a fantastic event. Watch out!"
        event.status = EventStatus.cancelled

--- a/tests/test_access.py
+++ b/tests/test_access.py
@ -5,7 +5,7 @@ def test_has_admin_unit_member_role(client, app, db, seeder):
        from project.access import has_admin_unit_member_role
        from project.models import AdminUnitMember

-        member = AdminUnitMember.query.get(member_id)
+        member = db.session.get(AdminUnitMember, member_id)
        assert has_admin_unit_member_role(member, "admin") is False


@ -19,7 +19,7 @@ def test_has_current_user_member_role_for_admin_unit(client, app, db, seeder):
            from project.access import has_current_user_member_role_for_admin_unit
            from project.models import AdminUnitMember

-            member = AdminUnitMember.query.get(member_id)
+            member = db.session.get(AdminUnitMember, member_id)
            login_user(member.user)

            assert (
--- a/tests/test_jsonld.py
+++ b/tests/test_jsonld.py
@ -8,7 +8,7 @@ def test_get_sd_for_admin_unit(client, app, db, seeder):
        from project.jsonld import get_sd_for_admin_unit
        from project.models import AdminUnit

-        admin_unit = AdminUnit.query.get(admin_unit_id)
+        admin_unit = db.session.get(AdminUnit, admin_unit_id)
        admin_unit.url = "http://www.goslar.de"

        result = get_sd_for_admin_unit(admin_unit)
@ -23,7 +23,7 @@ def test_get_sd_for_organizer(client, app, db, seeder):
        from project.jsonld import get_sd_for_organizer
        from project.models import EventOrganizer

-        organizer = EventOrganizer.query.get(organizer_id)
+        organizer = db.session.get(EventOrganizer, organizer_id)
        organizer.email = "info@goslar.de"
        organizer.phone = "12345"
        organizer.fax = "67890"
@ -46,7 +46,7 @@ def test_get_sd_for_place(client, app, db, utils, seeder):
        from project.jsonld import get_sd_for_place
        from project.models import EventPlace, Image, Location

-        place = EventPlace.query.get(place_id)
+        place = db.session.get(EventPlace, place_id)
        place.url = "http://www.goslar.de"

        photo = Image()
@ -83,7 +83,7 @@ def test_get_sd_for_place_noCoordinates(client, app, db, utils, seeder):
        from project.jsonld import get_sd_for_place
        from project.models import EventPlace, Location

-        place = EventPlace.query.get(place_id)
+        place = db.session.get(EventPlace, place_id)

        location = Location()
        location.street = "Markt 7"
@ -107,7 +107,7 @@ def test_get_sd_for_event_date(client, app, db, seeder, utils):
        from project.models import Event, Image
        from project.services.event import update_event

-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        date_definition = event.date_definitions[0]
        date_definition.start = create_berlin_date(2030, 12, 31, 14, 30)
        date_definition.end = create_berlin_date(2030, 12, 31, 16, 30)
@ -142,14 +142,12 @@ def test_get_sd_for_event_date_allday(client, app, db, seeder, utils):
    event_id = seeder.create_event(admin_unit_id)

    with app.app_context():
-        import json
-
        from project.dateutils import create_berlin_date
-        from project.jsonld import DateTimeEncoder, get_sd_for_event_date
+        from project.jsonld import get_sd_for_event_date
        from project.models import Event
        from project.services.event import update_event

-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        date_definition = event.date_definitions[0]
        date_definition.start = create_berlin_date(2030, 12, 31, 14, 30)
        date_definition.end = create_berlin_date(2030, 12, 31, 16, 30)
@ -160,8 +158,8 @@ def test_get_sd_for_event_date_allday(client, app, db, seeder, utils):
        event_date = event.dates[0]

        with app.test_request_context():
-            structured_data = json.dumps(
-                get_sd_for_event_date(event_date), indent=2, cls=DateTimeEncoder
+            structured_data = app.json.dumps(
+                get_sd_for_event_date(event_date), indent=2
            )

        assert '"startDate": "2030-12-31"' in structured_data
@ -178,7 +176,7 @@ def test_get_sd_for_event_date_with_co_organizer(client, app, db, seeder, utils)
        from project.jsonld import get_sd_for_event_date
        from project.models import Event

-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        event_date = event.dates[0]

        with app.test_request_context():
@ -202,7 +200,7 @@ def test_get_sd_for_event_date_ageRange(
        from project.models import Event
        from project.services.event import update_event

-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        event.age_from = age_from
        event.age_to = age_to

@ -235,7 +233,7 @@ def test_get_sd_for_event_date_eventAttendanceMode(
        from project.models import Event, EventAttendanceMode
        from project.services.event import update_event

-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        event.attendance_mode = EventAttendanceMode(attendance_mode)

        update_event(event)
@ -269,7 +267,7 @@ def test_get_sd_for_event_date_eventStatus(
        from project.models import Event, EventStatus
        from project.services.event import update_event

-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        event.status = EventStatus(status)

        update_event(event)
--- a/tests/test_models.py
+++ b/tests/test_models.py
@ -21,7 +21,7 @@ def test_event_category(client, app, db, seeder):
    with app.app_context():
        from project.models import Event

-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        event.categories = []
        db.session.commit()

@ -69,7 +69,7 @@ def test_event_allday(client, app, db, seeder):
        from project.models import Event

        # With Start
-        event = Event.query.get(event_with_start_id)
+        event = db.session.get(Event, event_with_start_id)
        date_definition = event.date_definitions[0]
        assert date_definition.allday
        assert date_definition.start == create_berlin_date(2030, 12, 31, 0, 0)
@ -81,7 +81,7 @@ def test_event_allday(client, app, db, seeder):
        assert event_date.end == create_berlin_date(2030, 12, 31, 23, 59, 59)

        # With Start and End
-        event = Event.query.get(event_with_start_and_end_id)
+        event = db.session.get(Event, event_with_start_and_end_id)
        date_definition = event.date_definitions[0]
        assert date_definition.allday
        assert date_definition.start == create_berlin_date(2030, 12, 31, 0, 0)
@ -103,10 +103,10 @@ def test_event_has_multiple_dates(client, app, db, seeder):
    with app.app_context():
        from project.models import Event

-        event_with_recc = Event.query.get(event_with_recc_id)
+        event_with_recc = db.session.get(Event, event_with_recc_id)
        assert event_with_recc.has_multiple_dates() is True

-        event_without_recc = Event.query.get(event_without_recc_id)
+        event_without_recc = db.session.get(Event, event_without_recc_id)
        assert event_without_recc.has_multiple_dates() is False


@ -153,7 +153,7 @@ def test_event_date_defintion_deletion(client, app, db, seeder):
        from project.models import Event

        # Initial eine Definition
-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        assert len(event.date_definitions) == 1
        date_definition1 = event.date_definitions[0]

@ -163,7 +163,7 @@ def test_event_date_defintion_deletion(client, app, db, seeder):
        event.date_definitions = [date_definition1, date_definition2]
        db.session.commit()

-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        assert len(event.date_definitions) == 2
        assert len(EventDateDefinition.query.all()) == 2

@ -174,7 +174,7 @@ def test_event_date_defintion_deletion(client, app, db, seeder):
        db.session.delete(date_definition1)
        db.session.commit()

-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        assert len(event.date_definitions) == 1
        assert len(EventDateDefinition.query.all()) == 1
        assert event.date_definitions[0].id == date_definition2_id
@ -226,7 +226,7 @@ def test_admin_unit_deletion(client, app, db, seeder):

        admin_unit = get_admin_unit_by_id(admin_unit_id)
        other_admin_unit = get_admin_unit_by_id(other_admin_unit_id)
-        my_event = Event.query.get(my_event_id)
+        my_event = db.session.get(Event, my_event_id)
        date_id = my_event.dates[0].id
        date_definition_id = my_event.date_definitions[0].id

@ -234,23 +234,27 @@ def test_admin_unit_deletion(client, app, db, seeder):
        db.session.commit()
        assert len(other_admin_unit.outgoing_relations) == 0

-        assert Event.query.get(my_event_id) is None
-        assert EventDate.query.get(date_id) is None
-        assert EventDateDefinition.query.get(date_definition_id) is None
-        assert AdminUnitRelation.query.get(incoming_relation_id) is None
-        assert AdminUnitRelation.query.get(outgoing_relation_id) is None
-        assert EventReference.query.get(incoming_reference_id) is None
-        assert EventReference.query.get(outgoing_reference_id) is None
-        assert EventReferenceRequest.query.get(incoming_reference_request_id) is None
-        assert EventReferenceRequest.query.get(outgoing_reference_request_id) is None
-        assert EventSuggestion.query.get(suggestion_id) is None
-        assert EventPlace.query.get(event_place_id) is None
-        assert EventOrganizer.query.get(organizer_id) is None
-        assert AdminUnitMemberInvitation.query.get(invitation_id) is None
-        assert EventList.query.get(event_list_id) is None
+        assert db.session.get(Event, my_event_id) is None
+        assert db.session.get(EventDate, date_id) is None
+        assert db.session.get(EventDateDefinition, date_definition_id) is None
+        assert db.session.get(AdminUnitRelation, incoming_relation_id) is None
+        assert db.session.get(AdminUnitRelation, outgoing_relation_id) is None
+        assert db.session.get(EventReference, incoming_reference_id) is None
+        assert db.session.get(EventReference, outgoing_reference_id) is None
+        assert (
+            db.session.get(EventReferenceRequest, incoming_reference_request_id) is None
+        )
+        assert (
+            db.session.get(EventReferenceRequest, outgoing_reference_request_id) is None
+        )
+        assert db.session.get(EventSuggestion, suggestion_id) is None
+        assert db.session.get(EventPlace, event_place_id) is None
+        assert db.session.get(EventOrganizer, organizer_id) is None
+        assert db.session.get(AdminUnitMemberInvitation, invitation_id) is None
+        assert db.session.get(EventList, event_list_id) is None

-        assert AdminUnit.query.get(other_admin_unit_id) is not None
-        assert Event.query.get(other_event_id) is not None
+        assert db.session.get(AdminUnit, other_admin_unit_id) is not None
+        assert db.session.get(Event, other_event_id) is not None


 def test_event_co_organizers_deletion(client, app, db, seeder):
@ -262,12 +266,12 @@ def test_event_co_organizers_deletion(client, app, db, seeder):
    with app.app_context():
        from project.models import Event, EventOrganizer

-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        assert len(event.co_organizers) == 2
        assert event.co_organizers[0].id == organizer_a_id
        assert event.co_organizers[1].id == organizer_b_id

-        organizer_a = EventOrganizer.query.get(organizer_a_id)
+        organizer_a = db.session.get(EventOrganizer, organizer_a_id)
        db.session.delete(organizer_a)
        db.session.commit()
        assert len(event.co_organizers) == 1
@ -275,7 +279,7 @@ def test_event_co_organizers_deletion(client, app, db, seeder):

        db.session.delete(event)
        db.session.commit()
-        assert EventOrganizer.query.get(organizer_b_id).id is not None
+        assert db.session.get(EventOrganizer, organizer_b_id).id is not None


 def test_admin_unit_verification(client, app, db, seeder):
@ -289,7 +293,7 @@ def test_admin_unit_verification(client, app, db, seeder):
        new_admin_unit = AdminUnit()
        assert not new_admin_unit.is_verified

-        admin_unit = AdminUnit.query.get(admin_unit_id)
+        admin_unit = db.session.get(AdminUnit, admin_unit_id)
        admin_unit.can_verify_other = True
        db.session.commit()

@ -300,18 +304,18 @@ def test_admin_unit_verification(client, app, db, seeder):
        all_verified = AdminUnit.query.filter(AdminUnit.is_verified).all()
        assert len(all_verified) == 0

-        relation = AdminUnitRelation.query.get(relation_id)
+        relation = db.session.get(AdminUnitRelation, relation_id)
        relation.verify = True
        db.session.commit()

-        other_admin_unit = AdminUnit.query.get(other_admin_unit_id)
+        other_admin_unit = db.session.get(AdminUnit, other_admin_unit_id)
        assert other_admin_unit.is_verified

        all_verified = AdminUnit.query.filter(AdminUnit.is_verified).all()
        assert len(all_verified) == 1
        assert all_verified[0].id == other_admin_unit_id

-        admin_unit = AdminUnit.query.get(admin_unit_id)
+        admin_unit = db.session.get(AdminUnit, admin_unit_id)
        admin_unit.can_verify_other = False
        db.session.commit()

@ -334,7 +338,7 @@ def test_admin_unit_invitations(client, app, db, seeder):
        db.session.commit()

        assert len(admin_unit.admin_unit_invitations) == 0
-        invitation = AdminUnitInvitation.query.get(invitation_id)
+        invitation = db.session.get(AdminUnitInvitation, invitation_id)
        assert invitation is None


@ -347,33 +351,33 @@ def test_event_list_deletion(client, app, db, seeder):
    with app.app_context():
        from project.models import Event, EventList

-        event_list_a = EventList.query.get(event_list_a_id)
+        event_list_a = db.session.get(EventList, event_list_a_id)
        assert len(event_list_a.events) == 1
        assert event_list_a.events[0].id == event_id

-        event_list_b = EventList.query.get(event_list_b_id)
+        event_list_b = db.session.get(EventList, event_list_b_id)
        assert len(event_list_b.events) == 1
        assert event_list_b.events[0].id == event_id

-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        assert len(event.event_lists) == 2
        assert event.event_lists[0].id == event_list_a_id
        assert event.event_lists[1].id == event_list_b_id

-        event_list_a = EventList.query.get(event_list_a_id)
+        event_list_a = db.session.get(EventList, event_list_a_id)
        db.session.delete(event_list_a)
        db.session.commit()
        assert len(event.event_lists) == 1
        assert event.event_lists[0].id == event_list_b_id

-        event_list_b = EventList.query.get(event_list_b_id)
+        event_list_b = db.session.get(EventList, event_list_b_id)
        assert len(event_list_b.events) == 1
        assert event_list_b.events[0].id == event_id

        db.session.delete(event)
        db.session.commit()

-        event_list_b = EventList.query.get(event_list_b_id)
+        event_list_b = db.session.get(EventList, event_list_b_id)
        assert len(event_list_b.events) == 0


@ -384,5 +388,5 @@ def test_event_is_favored_by_current_user(client, app, db, seeder):
    with app.app_context():
        from project.models import Event

-        event = Event.query.get(event_id)
+        event = db.session.get(Event, event_id)
        assert event.is_favored_by_current_user() is False
--- a/tests/utils.py
+++ b/tests/utils.py
@ -238,10 +238,11 @@ class UtilActions(object):
        return url

    def get_image_url_for_id(self, image_id, **values):
+        from project import db
        from project.models import Image

        with self._app.app_context():
-            image = Image.query.get(image_id)
+            image = db.session.get(Image, image_id)
            url = self.get_image_url(image, **values)
        return url

--- a/tests/views/test_admin.py
+++ b/tests/views/test_admin.py
@ -152,7 +152,7 @@ def test_admin_user_update(client, seeder, utils, app, mocker, db, db_error):

@pytest.mark.parametrize("db_error", [True, False])
@pytest.mark.parametrize("non_match", [True, False])
-def test_user_delete(client, seeder, utils, app, mocker, db_error, non_match):
+def test_user_delete(client, seeder, utils, app, db, mocker, db_error, non_match):
    user_id, admin_unit_id = seeder.setup_base(True)
    other_user_id = seeder.create_user("other@test.de")

@ -190,7 +190,7 @@ def test_user_delete(client, seeder, utils, app, mocker, db_error, non_match):
    with app.app_context():
        from project.models import User

-        user = User.query.get(other_user_id)
+        user = db.session.get(User, other_user_id)
        assert user is None


@ -246,7 +246,7 @@ def test_admin_admin_unit_update(client, seeder, utils, app, mocker, db, db_erro

@pytest.mark.parametrize("db_error", [True, False])
@pytest.mark.parametrize("non_match", [True, False])
-def test_admin_unit_delete(client, seeder, utils, app, mocker, db_error, non_match):
+def test_admin_unit_delete(client, seeder, utils, app, db, mocker, db_error, non_match):
    user_id, admin_unit_id = seeder.setup_base(True)

    url = utils.get_url("admin_admin_unit_delete", id=admin_unit_id)
@ -283,5 +283,5 @@ def test_admin_unit_delete(client, seeder, utils, app, mocker, db_error, non_mat
    with app.app_context():
        from project.models import AdminUnit

-        admin_unit = AdminUnit.query.get(admin_unit_id)
+        admin_unit = db.session.get(AdminUnit, admin_unit_id)
        assert admin_unit is None
--- a/tests/views/test_admin_unit.py
+++ b/tests/views/test_admin_unit.py
@ -134,7 +134,7 @@ def test_create_requiresAdmin_memberOfOrgWithFlag(client, app, utils, seeder):
    assert response.status_code == 302


-def test_create_from_invitation(client, app, utils, seeder, mocker):
+def test_create_from_invitation(client, app, db, utils, seeder, mocker):
    mail_mock = utils.mock_send_mails(mocker)
    user_id = seeder.create_user()
    admin_unit_id = seeder.create_admin_unit(
@ -176,7 +176,7 @@ def test_create_from_invitation(client, app, utils, seeder, mocker):
        assert relation.invited
        relation_id = relation.id

-        invitation = AdminUnitInvitation.query.get(invitation_id)
+        invitation = db.session.get(AdminUnitInvitation, invitation_id)
        assert invitation is None

    invitation_url = utils.get_url(
--- a/tests/views/test_event.py
+++ b/tests/views/test_event.py
@ -379,7 +379,9 @@ def test_duplicate(client, app, utils, seeder, mocker, allday):

@pytest.mark.parametrize("free_text", [True, False])
@pytest.mark.parametrize("allday", [True, False])
-def test_create_fromSuggestion(client, app, utils, seeder, mocker, free_text, allday):
+def test_create_fromSuggestion(
+    client, app, db, utils, seeder, mocker, free_text, allday
+):
    user_id, admin_unit_id = seeder.setup_base()
    suggestion_id = seeder.create_event_suggestion(admin_unit_id, free_text, allday)

@ -404,7 +406,7 @@ def test_create_fromSuggestion(client, app, utils, seeder, mocker, free_text, al
        assert event is not None
        assert event.date_definitions[0].allday == allday

-        suggestion = EventSuggestion.query.get(suggestion_id)
+        suggestion = db.session.get(EventSuggestion, suggestion_id)
        assert suggestion is not None
        assert suggestion.verified
        assert suggestion.event_id == event.id
--- a/tests/views/test_event_place.py
+++ b/tests/views/test_event_place.py
@ -39,7 +39,7 @@ def test_create(client, app, utils, seeder, mocker, db_error):


@pytest.mark.parametrize("db_error", [True, False])
-def test_update(client, seeder, utils, app, mocker, db_error):
+def test_update(client, seeder, utils, app, db, mocker, db_error):
    user_id, admin_unit_id = seeder.setup_base()
    place_id = seeder.upsert_default_event_place(admin_unit_id)

@ -68,13 +68,13 @@ def test_update(client, seeder, utils, app, mocker, db_error):
    with app.app_context():
        from project.models import EventPlace

-        place = EventPlace.query.get(place_id)
+        place = db.session.get(EventPlace, place_id)
        assert place.name == "Neuer Name"


@pytest.mark.parametrize("db_error", [True, False])
@pytest.mark.parametrize("non_match", [True, False])
-def test_delete(client, seeder, utils, app, mocker, db_error, non_match):
+def test_delete(client, seeder, utils, app, db, mocker, db_error, non_match):
    user_id, admin_unit_id = seeder.setup_base()
    place_id = seeder.upsert_event_place(admin_unit_id, "Mein Ort")

@ -114,7 +114,7 @@ def test_delete(client, seeder, utils, app, mocker, db_error, non_match):
    with app.app_context():
        from project.models import EventPlace

-        place = EventPlace.query.get(place_id)
+        place = db.session.get(EventPlace, place_id)
        assert place is None


--- a/tests/views/test_event_suggestion.py
+++ b/tests/views/test_event_suggestion.py
@ -35,7 +35,7 @@ def test_reject(client, app, utils, seeder, mocker, db, db_error, is_verified):
        with app.app_context():
            from project.models import EventReviewStatus, EventSuggestion

-            suggestion = EventSuggestion.query.get(event_suggestion_id)
+            suggestion = db.session.get(EventSuggestion, event_suggestion_id)
            suggestion.review_status = EventReviewStatus.verified
            db.session.commit()

@ -71,6 +71,6 @@ def test_reject(client, app, utils, seeder, mocker, db, db_error, is_verified):
    with app.app_context():
        from project.models import EventReviewStatus, EventSuggestion

-        suggestion = EventSuggestion.query.get(event_suggestion_id)
+        suggestion = db.session.get(EventSuggestion, event_suggestion_id)
        assert suggestion.review_status == EventReviewStatus.rejected
        assert suggestion.rejection_resaon is None
--- a/tests/views/test_oauth2_client.py
+++ b/tests/views/test_oauth2_client.py
@ -64,7 +64,7 @@ def test_create_authorization_code(client, app, utils, seeder, mocker, db_error)


@pytest.mark.parametrize("db_error", [True, False])
-def test_update(client, seeder, utils, app, mocker, db_error):
+def test_update(client, seeder, utils, app, db, mocker, db_error):
    user_id, admin_unit_id = seeder.setup_base(True)
    oauth2_client_id = seeder.insert_default_oauth2_client(user_id)

@ -92,14 +92,14 @@ def test_update(client, seeder, utils, app, mocker, db_error):
    with app.app_context():
        from project.models import OAuth2Client

-        oauth2_client = OAuth2Client.query.get(oauth2_client_id)
+        oauth2_client = db.session.get(OAuth2Client, oauth2_client_id)
        assert oauth2_client.client_name == "Neuer Name"
        assert oauth2_client.redirect_uris == ["localhost:1337", "localhost:1338"]


@pytest.mark.parametrize("db_error", [True, False])
@pytest.mark.parametrize("non_match", [True, False])
-def test_delete(client, seeder, utils, app, mocker, db_error, non_match):
+def test_delete(client, seeder, utils, app, db, mocker, db_error, non_match):
    user_id, admin_unit_id = seeder.setup_base(True)
    oauth2_client_id = seeder.insert_default_oauth2_client(user_id)

@ -135,5 +135,5 @@ def test_delete(client, seeder, utils, app, mocker, db_error, non_match):
    with app.app_context():
        from project.models import OAuth2Client

-        oauth2_client = OAuth2Client.query.get(oauth2_client_id)
+        oauth2_client = db.session.get(OAuth2Client, oauth2_client_id)
        assert oauth2_client is None
--- a/tests/views/test_oauth2_token.py
+++ b/tests/views/test_oauth2_token.py
@ -10,7 +10,7 @@ def test_list(client, seeder, utils):


@pytest.mark.parametrize("db_error", [True, False])
-def test_revoke(client, seeder, utils, app, mocker, db_error):
+def test_revoke(client, seeder, utils, app, db, mocker, db_error):
    user_id, admin_unit_id = seeder.setup_api_access()
    utils.login()

@ -41,7 +41,7 @@ def test_revoke(client, seeder, utils, app, mocker, db_error):
    with app.app_context():
        from project.models import OAuth2Token

-        oauth2_token = OAuth2Token.query.get(oauth2_token_id)
+        oauth2_token = db.session.get(OAuth2Token, oauth2_token_id)
        assert oauth2_token.is_revoked() > 0

    # Kann nicht zweimal revoked werden
--- a/Show More
+++ b/Show More