diff --git a/.rubocop.yml b/.rubocop.yml
index 2271d0d..928fd6f 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -27,9 +27,9 @@ Metrics/BlockLength:
     - config/initializers/doorkeeper_openid_connect.rb
     - lib/tasks/*
     - app/admin/*
-    - spec/models/*.rb
-    - spec/controllers/*.rb
-    - spec/controllers/admin/*.rb
+    - 'Rakefile'
+    - '**/*.rake'
+    - 'spec/**/*.rb'
 
 Style/GlobalVars:
   AllowedVariables:
diff --git a/app/controllers/admin/custom_group_data_types_controller.rb b/app/controllers/admin/custom_group_data_types_controller.rb
new file mode 100644
index 0000000..1c6b6ec
--- /dev/null
+++ b/app/controllers/admin/custom_group_data_types_controller.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+class Admin::CustomGroupDataTypesController < AdminController
+  private
+
+  def model
+    CustomGroupDataType
+  end
+
+  def model_params
+    params.require(:custom_group_data_type).permit(
+      :name, :custom_type
+    )
+  end
+
+  def whitelist_attributes
+    %w[name custom_type]
+  end
+end
diff --git a/app/controllers/admin/custom_userdata_types_controller.rb b/app/controllers/admin/custom_userdata_types_controller.rb
new file mode 100644
index 0000000..5836481
--- /dev/null
+++ b/app/controllers/admin/custom_userdata_types_controller.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+class Admin::CustomUserdataTypesController < AdminController
+  private
+
+  def model
+    CustomUserdataType
+  end
+
+  def model_params
+    params.require(:custom_userdata_type).permit(
+      :name, :custom_type
+    )
+  end
+
+  def whitelist_attributes
+    %w[name custom_type]
+  end
+end
diff --git a/app/controllers/admin/groups_controller.rb b/app/controllers/admin/groups_controller.rb
index a7ac94a..4eb7e2e 100644
--- a/app/controllers/admin/groups_controller.rb
+++ b/app/controllers/admin/groups_controller.rb
@@ -6,6 +6,24 @@ def email
     render :email, layout: nil
   end
 
+  def update_custom_attributes # rubocop:disable Metrics/MethodLength
+    @model = Group.find(params[:group_id])
+    custom_groupdata_params.each do |name, value|
+      custom_type = CustomGroupDataType.where(name: name).first
+      custom_datum = CustomGroupdatum.where(
+        group_id: @model.id,
+        custom_group_data_type: custom_type
+      ).first_or_initialize
+      begin
+        custom_datum.value = value
+        custom_datum.save
+      rescue RuntimeError
+        flash[:error] = 'Failed to update group data, invalid value'
+      end
+    end
+    redirect_to [:edit, :admin, @model]
+  end
+
   private
 
   def whitelist_attributes
@@ -53,4 +71,8 @@ def model_params
   def sort_whitelist
     %w[created_at name]
   end
+
+  def custom_groupdata_params
+    params.require(:custom_data).permit!
+  end
 end
diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb
index 06cbc6d..31b9cd7 100644
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -25,6 +25,24 @@ def reset_password
     end
   end
 
+  def update_custom_attributes # rubocop:disable Metrics/MethodLength
+    @model = User.find(params[:user_id])
+    custom_userdata_params.each do |name, value|
+      custom_type = CustomUserdataType.where(name: name).first
+      custom_datum = CustomUserdatum.where(
+        user_id: @model.id,
+        custom_userdata_type: custom_type
+      ).first_or_initialize
+      begin
+        custom_datum.value = value
+        custom_datum.save
+      rescue RuntimeError
+        flash[:error] = 'Failed to update userdata, invalid value'
+      end
+    end
+    redirect_to [:edit, :admin, @model]
+  end
+
   private
 
   def can_destroy?
@@ -78,4 +96,8 @@ def filter(rel) # rubocop:disable Metrics/AbcSize
       rel
     end
   end
+
+  def custom_userdata_params
+    params.require(:custom_data).permit!
+  end
 end
diff --git a/app/controllers/profile/additional_properties_controller.rb b/app/controllers/profile/additional_properties_controller.rb
new file mode 100644
index 0000000..156317c
--- /dev/null
+++ b/app/controllers/profile/additional_properties_controller.rb
@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+class Profile::AdditionalPropertiesController < ApplicationController
+  def index; end
+
+  def update # rubocop:disable Metrics/MethodLength
+    custom_userdata_params.each do |name, value|
+      custom_type = CustomUserdataType.where(name: name).first
+      custom_datum = CustomUserdatum.where(
+        user_id: current_user.id,
+        custom_userdata_type: custom_type
+      ).first_or_initialize
+      begin
+        custom_datum.value = value
+        custom_datum.save
+      rescue RuntimeError
+        flash[:error] = 'Failed to update userdata, invalid value'
+      end
+    end
+    redirect_to profile_additional_properties_path
+  end
+
+  protected
+
+  def custom_userdata_params
+    params.require(:custom_data).permit!
+  end
+end
diff --git a/app/models/concerns/deserializable.rb b/app/models/concerns/deserializable.rb
new file mode 100644
index 0000000..7f7558f
--- /dev/null
+++ b/app/models/concerns/deserializable.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Deserializable
+  SEPARATOR_REGEXP = /[\n,;]+/.freeze
+
+  # takes a string and returns a typed thing
+  def deserialize(value, custom_type)
+    case custom_type
+    when 'boolean'
+      ['t', 'true', '1', 1, true, :true].include?(value) #  rubocop:disable Lint/BooleanSymbol
+    when 'array'
+      (value || '').split(SEPARATOR_REGEXP).map(&:strip).reject(&:empty?)
+    when 'integer'
+      value.to_i
+    else
+      value
+    end
+  end
+end
diff --git a/app/models/custom_group_data_type.rb b/app/models/custom_group_data_type.rb
new file mode 100644
index 0000000..faca96f
--- /dev/null
+++ b/app/models/custom_group_data_type.rb
@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+class CustomGroupDataType < ApplicationRecord
+  has_many :custom_groupdata, dependent: :destroy
+end
diff --git a/app/models/custom_groupdatum.rb b/app/models/custom_groupdatum.rb
new file mode 100644
index 0000000..05a7439
--- /dev/null
+++ b/app/models/custom_groupdatum.rb
@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+class CustomGroupdatum < ApplicationRecord
+  belongs_to :group
+  belongs_to :custom_group_data_type
+
+  serialize :value_raw, JSON
+
+  delegate :name, to: :custom_group_data_type
+
+  include Deserializable
+
+  def value
+    value_raw
+  end
+
+  def type
+    custom_group_data_type.custom_type
+  end
+
+  def value=(new_value) # rubocop:disable Metrics/MethodLength
+    new_value = deserialize(new_value, custom_group_data_type.custom_type)
+    if custom_group_data_type
+      valid = case custom_group_data_type.custom_type
+              when 'boolean'
+                new_value.is_a?(TrueClass) || new_value.is_a?(FalseClass)
+              when 'array'
+                new_value.is_a?(Array)
+              when 'integer'
+                new_value.is_a?(Integer)
+              else
+                true
+              end
+      raise "Invalid User Data: #{new_value} isn't an #{custom_group_data_type.custom_type}" unless valid
+    end
+    self.value_raw = new_value
+  end
+end
diff --git a/app/models/custom_userdata_type.rb b/app/models/custom_userdata_type.rb
new file mode 100644
index 0000000..647dc59
--- /dev/null
+++ b/app/models/custom_userdata_type.rb
@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+class CustomUserdataType < ApplicationRecord
+  has_many :custom_userdata, dependent: :destroy
+end
diff --git a/app/models/custom_userdatum.rb b/app/models/custom_userdatum.rb
new file mode 100644
index 0000000..7d43efc
--- /dev/null
+++ b/app/models/custom_userdatum.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+class CustomUserdatum < ApplicationRecord
+  belongs_to :user
+  belongs_to :custom_userdata_type
+  serialize :value_raw, JSON
+
+  delegate :name, to: :custom_userdata_type
+
+  include Deserializable
+
+  def value
+    value_raw
+  end
+
+  def type
+    custom_userdata_type.custom_type
+  end
+
+  def value=(new_value) # rubocop:disable Metrics/MethodLength
+    new_value = deserialize(new_value, custom_userdata_type.custom_type)
+    if custom_userdata_type
+      valid = case custom_userdata_type.custom_type
+              when 'boolean'
+                new_value.is_a?(TrueClass) || new_value.is_a?(FalseClass)
+              when 'array'
+                new_value.is_a?(Array)
+              when 'integer'
+                new_value.is_a?(Integer)
+              else
+                true
+              end
+      raise "Invalid User Data: #{new_value} isn't an #{custom_userdata_type.custom_type}" unless valid
+    end
+    self.value_raw = new_value
+  end
+end
diff --git a/app/models/group.rb b/app/models/group.rb
index 77d2984..bdf4dbb 100644
--- a/app/models/group.rb
+++ b/app/models/group.rb
@@ -42,6 +42,8 @@ class Group < ApplicationRecord
   has_many :user_groups, dependent: :destroy
   has_many :users, through: :user_groups
 
+  has_many :custom_groupdata, dependent: :destroy
+
   def to_s
     name
   end
diff --git a/app/models/setting.rb b/app/models/setting.rb
index 0e36366..0e1a897 100644
--- a/app/models/setting.rb
+++ b/app/models/setting.rb
@@ -17,6 +17,8 @@
 
 # RailsSettings Model
 class Setting < ApplicationRecord
+
+  SEPARATOR_REGEXP = /[\n,;]+/.freeze
   # cache_prefix { "v1" }
 
   # Define your fields
diff --git a/app/models/user.rb b/app/models/user.rb
index 86ea1ef..1612057 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -56,6 +56,8 @@ class User < ApplicationRecord # rubocop:disable Metrics/ClassLength
 
   has_many :logins, dependent: :destroy
 
+  has_many :custom_userdata, dependent: :destroy
+
   validates :username, presence: true, uniqueness: { case_sensitive: false } # rubocop:disable Rails/UniqueValidationWithoutIndex
 
   validate :validate_username
diff --git a/app/views/admin/custom_group_data_types/_form.html.erb b/app/views/admin/custom_group_data_types/_form.html.erb
new file mode 100644
index 0000000..aa77a37
--- /dev/null
+++ b/app/views/admin/custom_group_data_types/_form.html.erb
@@ -0,0 +1,39 @@
+<%= form_with(model: [:admin, model], local: true, class: 'form') do |form| %>
+  <% if model.errors.any? %>
+    <div id="error_explanation">
+      <h2><%= pluralize(model.errors.count, "error") %> prohibited this model from being saved:</h2>
+
+      <ul>
+      <% model.errors.full_messages.each do |message| %>
+        <li><%= message %></li>
+      <% end %>
+      </ul>
+    </div>
+  <% end %>
+
+    <div class="form-group">
+      <div class="row">
+        <div class="col-sm-2">
+          <%= form.label :name %>
+        </div>
+        <div class="col-sm-10">
+            <%= form.text_field :name, class: 'form-control' %>
+        </div>
+      </div>
+    </div>
+
+    <div class="form-group">
+      <div class="row">
+        <div class="col-sm-2">
+          <%= form.label :custom_type %>
+        </div>
+        <div class="col-sm-10">
+            <%= form.select :custom_type, [[:boolean, :boolean], [:string, :string], [:array, :array]], class: 'form-control' %>
+        </div>
+      </div>
+    </div>
+
+  <div class="actions">
+    <%= form.submit %>
+  </div>
+<% end %>
diff --git a/app/views/admin/custom_userdata_types/_form.html.erb b/app/views/admin/custom_userdata_types/_form.html.erb
new file mode 100644
index 0000000..aa77a37
--- /dev/null
+++ b/app/views/admin/custom_userdata_types/_form.html.erb
@@ -0,0 +1,39 @@
+<%= form_with(model: [:admin, model], local: true, class: 'form') do |form| %>
+  <% if model.errors.any? %>
+    <div id="error_explanation">
+      <h2><%= pluralize(model.errors.count, "error") %> prohibited this model from being saved:</h2>
+
+      <ul>
+      <% model.errors.full_messages.each do |message| %>
+        <li><%= message %></li>
+      <% end %>
+      </ul>
+    </div>
+  <% end %>
+
+    <div class="form-group">
+      <div class="row">
+        <div class="col-sm-2">
+          <%= form.label :name %>
+        </div>
+        <div class="col-sm-10">
+            <%= form.text_field :name, class: 'form-control' %>
+        </div>
+      </div>
+    </div>
+
+    <div class="form-group">
+      <div class="row">
+        <div class="col-sm-2">
+          <%= form.label :custom_type %>
+        </div>
+        <div class="col-sm-10">
+            <%= form.select :custom_type, [[:boolean, :boolean], [:string, :string], [:array, :array]], class: 'form-control' %>
+        </div>
+      </div>
+    </div>
+
+  <div class="actions">
+    <%= form.submit %>
+  </div>
+<% end %>
diff --git a/app/views/admin/groups/_form.html.erb b/app/views/admin/groups/_form.html.erb
new file mode 100644
index 0000000..ba88d73
--- /dev/null
+++ b/app/views/admin/groups/_form.html.erb
@@ -0,0 +1,95 @@
+<%= form_with(model: [:admin, model], local: true, class: 'form') do |form| %>
+  <% if model.errors.any? %>
+    <div id="error_explanation">
+      <h2><%= pluralize(model.errors.count, "error") %> prohibited this model from being saved:</h2>
+
+      <ul>
+      <% model.errors.full_messages.each do |message| %>
+        <li><%= message %></li>
+      <% end %>
+      </ul>
+    </div>
+  <% end %>
+  <% attributes = new_model ? new_fields : edit_fields %>
+  <% attributes.each do |attribute| %>
+    <div class="form-group">
+      <div class="row">
+        <div class="col-sm-2">
+          <%= form.label attribute %>
+        </div>
+        <div class="col-sm-10">
+          <%- if [true, false].include? model.send(attribute) %>
+            <%= form.check_box attribute, class: 'form-check' %>
+          <%- else %>
+            <%= form.text_field attribute, class: 'form-control' %>
+          <%- end %>
+        </div>
+      </div>
+    </div>
+  <%- end %>
+  <%- form_relations.each do |relation_name, info| %>
+
+    <div class="form-group">
+      <div class="row">
+        <div class="col-sm-2">
+          <%= form.label relation_name %>
+        </div>
+        <div class="col-sm-10">
+          <%= form.send(info[:type], relation_name, info[:finder].call, info[:options] || {}, (info[:html_options] || {}).merge({class: 'form-control'}) ) %>
+        </div>
+      </div>
+    </div>
+  <%- end %>
+
+  <div class="form-group">
+    <div class="row">
+      <div class="col-sm-2">
+        <%= form.label :groups %>
+      </div>
+      <div class="col-sm-10">
+      <%= form.collection_check_boxes :permission_ids, Permission.all, :id, :name do |group| %>
+        <div>
+          <%= group.check_box %><%= group.label %>
+        </div>
+      <% end %>
+      </div>
+    </div>
+  </div>
+
+  <div class="form-group">
+    <div class="row">
+      <div class="col-sm-2">
+        <%= form.label :welcome_email %>
+      </div>
+      <div class="col-sm-10">
+          <%= form.text_area :welcome_email, class: 'form-control' %>
+      </div>
+    </div>
+    <%- unless new_model %>
+    <hr />
+    <p class="small">Preview refreshes after save.</p>
+    <iframe class="col-sm-12" src="email" sandbox></iframe>
+    <%- end %>
+  </div>
+
+
+  <div class="actions">
+    <%= form.submit _('Update Group'), class: 'btn btn-success' %>
+  </div>
+<% end %>
+
+<%- unless new_model %>
+<div class="col-md-9 col-lg-10">
+  <h2>Additional Properties</h2>
+  <%= link_to "Manage Group Data Types", admin_custom_group_data_types_path, class: 'btn btn-info' %>
+  <%= form_with(url: admin_group_custom_attributes_path(group_id: @model.id), local: true, class: 'form') do |f| %>
+    <%- custom_groupdata = @model.custom_groupdata.includes([:custom_group_data_type]).group_by(&:custom_group_data_type_id) %>
+    <%- CustomGroupDataType.all.each do |data_type| %>
+      <%- custom_groupdatum = custom_groupdata[data_type.id].try(:first) || CustomGroupdatum.new(group: @model, custom_group_data_type: data_type) %>
+      <%= render partial: 'custom_datum', locals: { data_type: data_type, custom_datum: custom_groupdatum, disabled: false } %>
+    <%- end %>
+    <hr />
+    <%= f.submit _('Save Changes'), class: 'btn btn-success' %>
+  <%- end %>
+</div>
+<%- end %>
diff --git a/app/views/admin/groups/_show.html.erb b/app/views/admin/groups/_show.html.erb
index aeced32..6436215 100644
--- a/app/views/admin/groups/_show.html.erb
+++ b/app/views/admin/groups/_show.html.erb
@@ -1,2 +1,16 @@
+<div class="col-md-12 col-lg-12">
+  <h2>Additional Properties</h2>
+  <%= form_with(url: admin_group_custom_attributes_path(group_id: @model.id), local: true, class: 'form') do |f| %>
+    <%- custom_groupdata = @model.custom_groupdata.includes([:custom_group_data_type]).group_by(&:custom_group_data_type_id) %>
+    <%- CustomGroupDataType.all.each do |data_type| %>
+      <%- custom_groupdatum = custom_groupdata[data_type.id].try(:first) || CustomGroupdatum.new(group: @model, custom_group_data_type: data_type) %>
+      <%= render partial: 'custom_datum', locals: { data_type: data_type, custom_datum: custom_groupdatum, disabled: true } %>
+    <%- end %>
+    <hr />
+    <%= f.submit _('Save Changes'), class: 'btn btn-success' %>
+  <%- end %>
+</div>
+
+
 <h4>Welcome Email Preview</h4>
 <iframe class="col-sm-12" src="<%= @model.id %>/email" sandbox></iframe>
diff --git a/app/views/admin/groups/_sub_form.html.erb b/app/views/admin/groups/_sub_form.html.erb
deleted file mode 100644
index cf4bc01..0000000
--- a/app/views/admin/groups/_sub_form.html.erb
+++ /dev/null
@@ -1,28 +0,0 @@
-<div class="form-group">
-  <div class="row">
-    <div class="col-sm-2">
-      <%= form.label :groups %>
-    </div>
-    <div class="col-sm-10">
-    <%= form.collection_check_boxes :permission_ids, Permission.all, :id, :name do |group| %>
-      <div>
-        <%= group.check_box %><%= group.label %>
-      </div>
-    <% end %>
-    </div>
-  </div>
-</div>
-
-<div class="form-group">
-  <div class="row">
-    <div class="col-sm-2">
-      <%= form.label :welcome_email %>
-    </div>
-    <div class="col-sm-10">
-        <%= form.text_area :welcome_email, class: 'form-control' %>
-    </div>
-  </div>
-  <hr />
-  <p class="small">Preview refreshes after save.</p>
-  <iframe class="col-sm-12" src="email" sandbox></iframe>
-</div>
diff --git a/app/views/admin/show.html.erb b/app/views/admin/show.html.erb
index 93d5e34..7bdfb64 100644
--- a/app/views/admin/show.html.erb
+++ b/app/views/admin/show.html.erb
@@ -1,5 +1,10 @@
 <h2><%= @model.class.name %> <%= @model %></h2>
 <%= render partial: 'sub_heading' %>
+<div class="row">
+  <%= link_to 'Edit', ['edit', :admin, @model] %> |
+  <%= link_to 'Back', [:admin, @model.class] %>
+</div>
+
 <div class="row">
   <dl>
     <%- model_attributes.each do |attribute| %>
@@ -28,7 +33,3 @@
 <% rescue ActionView::MissingTemplate %>
 <% end %>
 
-<div class="row">
-  <%= link_to 'Edit', ['edit', :admin, @model] %> |
-  <%= link_to 'Back', [:admin, @model.class] %>
-</div>
diff --git a/app/views/admin/users/_form.html.erb b/app/views/admin/users/_form.html.erb
index 79dc710..2e16924 100644
--- a/app/views/admin/users/_form.html.erb
+++ b/app/views/admin/users/_form.html.erb
@@ -119,10 +119,24 @@
   <%- end %>
 
   <div class="actions">
-    <%= form.submit %>
+    <%= form.submit _('Update User'), class: 'btn btn-success' %>
   </div>
 <% end %>
 
+  <div class="col-md-9 col-lg-10">
+    <h2>Additional Properties</h2>
+    <%= link_to "Manage User Data Types", admin_custom_userdata_types_path, class: 'btn btn-info' %>
+    <%= form_with(url: admin_user_custom_attributes_path(user_id: @model.id), local: true, class: 'form') do |f| %>
+      <%- custom_userdata = current_user.custom_userdata.includes([:custom_userdata_type]).group_by(&:custom_userdata_type_id) %>
+      <%- CustomUserdataType.all.each do |data_type| %>
+        <%- custom_userdatum = custom_userdata[data_type.id].try(:first) || CustomUserdatum.new(user: current_user, custom_userdata_type: data_type) %>
+        <%= render partial: 'custom_datum', locals: { data_type: data_type, custom_datum: custom_userdatum, disabled: false } %>
+      <%- end %>
+      <hr />
+      <%= f.submit _('Save Changes'), class: 'btn btn-success' %>
+    <%- end %>
+  </div>
+
 <script>
 
 function expire_now() {
diff --git a/app/views/admin/users/_show.html.erb b/app/views/admin/users/_show.html.erb
index 4a6815a..0e2c402 100644
--- a/app/views/admin/users/_show.html.erb
+++ b/app/views/admin/users/_show.html.erb
@@ -1,3 +1,13 @@
+
+<div class="col-md-9 col-lg-10">
+  <h2>Custom Properties</h2>
+  <%- custom_userdata = @model.custom_userdata.includes([:custom_userdata_type]).group_by(&:custom_userdata_type_id) %>
+  <%- CustomUserdataType.all.each do |data_type| %>
+    <%- custom_userdatum = custom_userdata[data_type.id].try(:first) || CustomUserdatum.new(user: @model, custom_userdata_type: data_type) %>
+    <%= render partial: 'custom_datum', locals: { data_type: data_type, custom_datum: custom_userdatum, disabled: true } %>
+  <%- end %>
+</div>
+
 <div class="col-md-9 col-lg-10">
   <h2>Account Activity</h2>
 
diff --git a/app/views/application/_custom_datum.html.erb b/app/views/application/_custom_datum.html.erb
new file mode 100644
index 0000000..e0e2725
--- /dev/null
+++ b/app/views/application/_custom_datum.html.erb
@@ -0,0 +1,18 @@
+<div class="form-group">
+  <%= label_tag(custom_datum.name, custom_datum.name) %>
+  <%- case custom_datum.type %>
+  <%- when 'boolean' %>
+    <%= hidden_field_tag "custom_data[#{custom_datum.name}]", custom_datum.value || false %>
+    <%= check_box_tag "custom_data[#{custom_datum.name}]", true, custom_datum.value, disabled: disabled %>
+  <%- when 'array' %>
+    <%= text_field_tag "custom_data[#{custom_datum.name}]", custom_datum.value.try(:join, '; '), class: 'form-control', disabled: disabled %>
+    <p class="small">Please separate multiple values with a semicolon (";")</p>
+  <%- when 'integer' %>
+    <%= number_field_tag "custom_data[#{custom_datum.name}]", custom_datum.value, class: 'form-control', disabled: disabled %>
+  <%- else %>
+    <%= text_field_tag "custom_data[#{custom_datum.name}]", custom_datum.value, class: 'form-control', disabled: disabled %>
+  <%- end %>
+</div>
+
+
+
diff --git a/app/views/layouts/_admin_nav.html.erb b/app/views/layouts/_admin_nav.html.erb
index 8fe8ed7..e87ba21 100644
--- a/app/views/layouts/_admin_nav.html.erb
+++ b/app/views/layouts/_admin_nav.html.erb
@@ -6,6 +6,8 @@
   <%= nav_link "#{fa_icon("lock")} Saml Service Providers".html_safe, admin_saml_service_providers_path %>
   <%= nav_link "#{fa_icon("gear")} Settings".html_safe, admin_settings_path %>
     <%= nav_link "- Branding", admin_settings_branding_path %>
+    <%= nav_link "- Custom User Data", admin_custom_userdata_types_path %>
+    <%= nav_link "- Custom Group Data", admin_custom_group_data_types_path %>
     <%= nav_link "- Templates", admin_settings_templates_path %>
     <%= nav_link "- OpenID Connect", admin_settings_openid_connect_path %>
     <%= nav_link "- SAML", admin_settings_saml_path %>
diff --git a/app/views/profile/_profile_nav.html.erb b/app/views/profile/_profile_nav.html.erb
index b82e93c..b5a7852 100644
--- a/app/views/profile/_profile_nav.html.erb
+++ b/app/views/profile/_profile_nav.html.erb
@@ -1,6 +1,9 @@
 <div class="col-md-3 col-lg-2 profile-nav">
   <ul class="nav flex-column">
     <%= nav_link _("Personal Details"), root_path %>
+    <%- if CustomUserdataType.any? %>
+    <%= nav_link _("Additional Properties"), profile_additional_properties_path %>
+    <%- end %>
     <%= nav_link _("Authentication devices"), profile_authentication_devices_path %>
     <%= nav_link _("Account activity"), profile_account_activity_path %>
   </ul>
diff --git a/app/views/profile/additional_properties/index.html.erb b/app/views/profile/additional_properties/index.html.erb
new file mode 100644
index 0000000..f60d661
--- /dev/null
+++ b/app/views/profile/additional_properties/index.html.erb
@@ -0,0 +1,17 @@
+<h1 class="flex justify-center">Welcome, <%= current_user.username || current_user.email %></h1>
+<hr />
+<div class="row">
+  <%= render partial: 'profile/profile_nav' %>
+  <div class="col-md-9 col-lg-10">
+    <h2>Additional Properties</h2>
+    <%= bootstrap_form_for(current_user, as: 'user', url: profile_additional_properties_path, html: { method: :post }) do |f| %>
+      <%- custom_userdata = current_user.custom_userdata.includes([:custom_userdata_type]).group_by(&:custom_userdata_type_id) %>
+      <%- CustomUserdataType.all.each do |data_type| %>
+        <%- custom_userdatum = custom_userdata[data_type.id].try(:first) || CustomUserdatum.new(user: current_user, custom_userdata_type: data_type) %>
+        <%= render partial: 'custom_datum', locals: { data_type: data_type, custom_datum: custom_userdatum, disabled: false } %>
+      <%- end %>
+      <hr />
+      <%= f.submit _('Save Changes'), class: 'btn btn-success', style: "float: left" %>
+    <%- end %>
+  </div>
+</div>
diff --git a/config/brakeman.ignore b/config/brakeman.ignore
index da45c33..538f02d 100644
--- a/config/brakeman.ignore
+++ b/config/brakeman.ignore
@@ -31,6 +31,26 @@
       "confidence": "Weak",
       "note": "Setting.home_template is only configurable by an admin"
     },
+    {
+      "warning_type": "Mass Assignment",
+      "warning_code": 70,
+      "fingerprint": "86776df2032c54b0deebbb7b7a31742c34c687854582b7dafa13348fac94fdd3",
+      "check_name": "MassAssignment",
+      "message": "Specify exact keys allowed for mass assignment instead of using `permit!` which allows any keys",
+      "file": "app/controllers/profile/additional_properties_controller.rb",
+      "line": 26,
+      "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
+      "code": "params.require(:custom_data).permit!",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "Profile::AdditionalPropertiesController",
+        "method": "custom_userdata_params"
+      },
+      "user_input": null,
+      "confidence": "Medium",
+      "note": "This iuses additional checks elsewhere to restrict the assignment."
+    },
     {
       "warning_type": "Cross-Site Scripting",
       "warning_code": 2,
@@ -93,6 +113,46 @@
       "confidence": "Weak",
       "note": "Setting.registered_home_template is only configurable by an admin."
     },
+    {
+      "warning_type": "Mass Assignment",
+      "warning_code": 70,
+      "fingerprint": "d620a3a379b4a94f3a8002091aef9f0527f2528a77da432685b22c17843a1430",
+      "check_name": "MassAssignment",
+      "message": "Specify exact keys allowed for mass assignment instead of using `permit!` which allows any keys",
+      "file": "app/controllers/admin/groups_controller.rb",
+      "line": 76,
+      "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
+      "code": "params.require(:custom_data).permit!",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "Admin::GroupsController",
+        "method": "custom_groupdata_params"
+      },
+      "user_input": null,
+      "confidence": "Medium",
+      "note": "This is an admin only controller, and is restricted by a whitelist of acceptable options"
+    },
+    {
+      "warning_type": "Mass Assignment",
+      "warning_code": 70,
+      "fingerprint": "db893cc6b6b379ddeff2ffed97d2ad8c33afb1d9ba6f351c354efe668545b0b6",
+      "check_name": "MassAssignment",
+      "message": "Specify exact keys allowed for mass assignment instead of using `permit!` which allows any keys",
+      "file": "app/controllers/admin/users_controller.rb",
+      "line": 101,
+      "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
+      "code": "params.require(:custom_data).permit!",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "Admin::UsersController",
+        "method": "custom_userdata_params"
+      },
+      "user_input": null,
+      "confidence": "Medium",
+      "note": "This is an admin only controller, and is restricted by a whitelist of acceptable options"
+    },
     {
       "warning_type": "SQL Injection",
       "warning_code": 0,
@@ -111,9 +171,9 @@
       },
       "user_input": "params[:filter_by]",
       "confidence": "Medium",
-      "note": "This is an admin only controller, and is restricted by a whitelist of acceptable options'"
+      "note": "This is an admin only controller, and is restricted by a whitelist of acceptable options"
     }
   ],
-  "updated": "2020-12-07 10:28:05 +0100",
+  "updated": "2020-12-09 14:50:51 +0100",
   "brakeman_version": "4.10.0"
 }
diff --git a/config/initializers/rails_erd.rb b/config/initializers/rails_erd.rb
new file mode 100644
index 0000000..32e6153
--- /dev/null
+++ b/config/initializers/rails_erd.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+if Rails.env.development?
+  require 'rails_erd/domain'
+
+  module RailsERD
+    class Domain
+      def name
+        return unless defined?(Rails) && Rails.application
+
+        if Rails.application.class.respond_to?(:module_parent)
+          Rails.application.class.module_parent.name
+        else
+          Rails.application.class.parent.name
+        end
+      end
+    end
+  end
+end
diff --git a/config/routes.rb b/config/routes.rb
index 495774d..ad64f8d 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -12,10 +12,14 @@
     # get 'dashboard/index'
     resources :groups do
       get :email, to: 'groups#email'
+      post :custom_attributes, to: 'groups#update_custom_attributes'
     end
     resources :users do
       post :reset_password, to: 'users#reset_password'
+      post :custom_attributes, to: 'users#update_custom_attributes'
     end
+    resources :custom_userdata_types
+    resources :custom_group_data_types
     resources :permissions
     resources :applications
     resources :saml_service_providers
@@ -55,7 +59,9 @@
   get 'auth/basic/:permission_name', to: 'basic_auth#create'
 
   namespace :profile do
-    get 'authentication_devices', to: 'authentication_devices#index', as: 'authentication_devices'
-    get 'account_activity', to: 'account_activity#index', as: 'account_activity'
+    get 'authentication_devices', to: 'authentication_devices#index'
+    get 'account_activity', to: 'account_activity#index'
+    get 'additional_properties', to: 'additional_properties#index'
+    post 'additional_properties', to: 'additional_properties#update'
   end
 end
diff --git a/db/migrate/20201208075517_create_custom_userdata_types.rb b/db/migrate/20201208075517_create_custom_userdata_types.rb
new file mode 100644
index 0000000..fdba7c6
--- /dev/null
+++ b/db/migrate/20201208075517_create_custom_userdata_types.rb
@@ -0,0 +1,11 @@
+class CreateCustomUserdataTypes < ActiveRecord::Migration[6.0]
+  def change
+    create_table :custom_userdata_types, id: :uuid do |t|
+      t.text :name
+      t.text :custom_type
+      t.boolean :visible, default: true
+
+      t.timestamps
+    end
+  end
+end
diff --git a/db/migrate/20201208075557_create_custom_userdata.rb b/db/migrate/20201208075557_create_custom_userdata.rb
new file mode 100644
index 0000000..44f7e30
--- /dev/null
+++ b/db/migrate/20201208075557_create_custom_userdata.rb
@@ -0,0 +1,11 @@
+class CreateCustomUserdata < ActiveRecord::Migration[6.0]
+  def change
+    create_table :custom_userdata, id: :uuid do |t|
+      t.references :user, null: false, foreign_key: true, type: :uuid
+      t.references :custom_userdata_type, null: false, foreign_key: true, type: :uuid
+      t.text :value_raw
+
+      t.timestamps
+    end
+  end
+end
diff --git a/db/migrate/20201209125521_create_custom_group_data_types.rb b/db/migrate/20201209125521_create_custom_group_data_types.rb
new file mode 100644
index 0000000..7619603
--- /dev/null
+++ b/db/migrate/20201209125521_create_custom_group_data_types.rb
@@ -0,0 +1,10 @@
+class CreateCustomGroupDataTypes < ActiveRecord::Migration[6.0]
+  def change
+    create_table :custom_group_data_types, id: :uuid do |t|
+      t.text :name
+      t.text :custom_type
+
+      t.timestamps
+    end
+  end
+end
diff --git a/db/migrate/20201209125609_create_custom_groupdata.rb b/db/migrate/20201209125609_create_custom_groupdata.rb
new file mode 100644
index 0000000..f0ccabf
--- /dev/null
+++ b/db/migrate/20201209125609_create_custom_groupdata.rb
@@ -0,0 +1,11 @@
+class CreateCustomGroupdata < ActiveRecord::Migration[6.0]
+  def change
+    create_table :custom_groupdata, id: :uuid do |t|
+      t.references :group, null: false, foreign_key: true, type: :uuid
+      t.references :custom_group_data_type, null: false, foreign_key: true, type: :uuid
+      t.text :value_raw
+
+      t.timestamps
+    end
+  end
+end
diff --git a/db/migrate/20201210152506_add_unique_constraints_to_custom_types.rb b/db/migrate/20201210152506_add_unique_constraints_to_custom_types.rb
new file mode 100644
index 0000000..45cc5ea
--- /dev/null
+++ b/db/migrate/20201210152506_add_unique_constraints_to_custom_types.rb
@@ -0,0 +1,6 @@
+class AddUniqueConstraintsToCustomTypes < ActiveRecord::Migration[6.0]
+  def change
+    add_index :custom_userdata, [ :user_id, :custom_userdata_type_id ], :unique => true, name: :custom_userdata_unique
+    add_index :custom_groupdata, [ :group_id, :custom_group_data_type_id ], :unique => true, name: :custom_groupdata_unique
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 767af0e..27c22fb 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -2,8 +2,8 @@
 # of editing this file, please use the migrations feature of Active Record to
 # incrementally modify your database, and then regenerate this schema definition.
 #
-# This file is the source Rails uses to define your schema when running `rails
-# db:schema:load`. When creating a new database, `rails db:schema:load` tends to
+# This file is the source Rails uses to define your schema when running `bin/rails
+# db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to
 # be faster and is potentially less error prone than running all of your
 # migrations from scratch. Old migrations may fail to apply correctly if those
 # migrations use external dependencies or application code.
@@ -66,7 +66,7 @@
     t.datetime "updated_at", null: false
     t.index ["key_handle"], name: "index_fido_usf_devices_on_key_handle"
     t.index ["last_authenticated_at"], name: "index_fido_usf_devices_on_last_authenticated_at"
-    t.index ["user_type", "user_id"], name: "index_fido_usf_devices_on_user_type_and_user_id"
+    t.index ["user_type", "user_id"], name: "index_fido_usf_devices_on_user"
   end
 
   create_table "friendly_id_slugs", force: :cascade do |t|
@@ -109,7 +109,7 @@
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
     t.text "auth_type", default: "New Login"
-    t.index ["service_provider_type", "service_provider_id"], name: "index_logins_on_service_provider_type_and_service_provider_id"
+    t.index ["service_provider_type", "service_provider_id"], name: "index_logins_on_service_provider"
     t.index ["user_id"], name: "index_logins_on_user_id"
   end
 
diff --git a/spec/controllers/admin/groups_controller_spec.rb b/spec/controllers/admin/groups_controller_spec.rb
index ad98041..b91a713 100644
--- a/spec/controllers/admin/groups_controller_spec.rb
+++ b/spec/controllers/admin/groups_controller_spec.rb
@@ -69,6 +69,26 @@
           users_group.reload
           expect(users_group.requires_2fa).to be false
         end
+
+        context 'Show' do
+          render_views
+          it "Can see a group's custom attributes" do
+            CustomGroupDataType.create(name: 'alias', custom_type: 'string')
+            get(:show, params: { id: group.id })
+            # The chewckbox below has a value of true, but is not checked, indicating that it is false
+            expect(response.body).to match(/id="custom_data_alias".+disabled="disabled"/)
+          end
+        end
+
+        context 'update' do
+          it "Can update a group's custom attributes" do
+            CustomGroupDataType.create(name: 'alias', custom_type: 'string')
+            post :update_custom_attributes, params: { group_id: group.id, custom_data: { 'alias': 'ahoy' } }
+            data = group.custom_groupdata.first
+            expect(data.name).to eq('alias')
+            expect(data.value).to eq('ahoy')
+          end
+        end
       end
     end
 
diff --git a/spec/controllers/admin/users_controller_spec.rb b/spec/controllers/admin/users_controller_spec.rb
index 5ed4fc0..9e4dc05 100644
--- a/spec/controllers/admin/users_controller_spec.rb
+++ b/spec/controllers/admin/users_controller_spec.rb
@@ -65,6 +65,13 @@
           get(:show, params: { id: user.id })
           expect(response.body).to match(%r{<dt>two_factor_enabled\?</dt>\s+<dd>\s+false})
         end
+
+        it "Can see a user's custom attributes" do
+          CustomUserdataType.create(name: 'Has pets', custom_type: 'boolean')
+          get(:show, params: { id: user.id })
+          # The chewckbox below has a value of true, but is not checked, indicating that it is false
+          expect(response.body).to include('id="custom_data_Has_pets" value="true" disabled="disabled"')
+        end
       end
 
       context 'Edit' do
@@ -121,6 +128,14 @@
           user.reload
           expect(user.groups.last.name).to eq 'administrators'
         end
+
+        it "Can update a user's custom attributes" do
+          CustomUserdataType.create(name: 'Has pets', custom_type: 'boolean')
+          post :update_custom_attributes, params: { user_id: user.id, custom_data: { 'Has pets': true } }
+          data = user.custom_userdata.first
+          expect(data.name).to eq('Has pets')
+          expect(data.value).to be true
+        end
       end
     end
 
diff --git a/spec/controllers/profile/account_activity_spec.rb b/spec/controllers/profile/account_activity_spec.rb
index 3da2ffa..7767f9f 100644
--- a/spec/controllers/profile/account_activity_spec.rb
+++ b/spec/controllers/profile/account_activity_spec.rb
@@ -2,7 +2,7 @@
 
 require 'rails_helper'
 
-RSpec.describe Profile::AccountActivityController, type: :controller do # rubocop:disable Metrics/BlockLength
+RSpec.describe Profile::AccountActivityController, type: :controller do
   let(:user) { User.create!(username: 'example', email: 'test@localhost', password: 'test1234') }
   let(:app) do
     Application.create!(
diff --git a/spec/controllers/profile/additional_properties_spec.rb b/spec/controllers/profile/additional_properties_spec.rb
new file mode 100644
index 0000000..6d738fa
--- /dev/null
+++ b/spec/controllers/profile/additional_properties_spec.rb
@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe Profile::AdditionalPropertiesController, type: :controller do
+  let(:user) do
+    User.create!(
+      username: 'example',
+      email: 'test@localhost',
+      password: 'test1234'
+    )
+  end
+  let(:custom_bool) { CustomUserdataType.create(name: 'Has pets', custom_type: 'boolean') }
+
+  before do
+    sign_in(user)
+  end
+
+  context 'index' do
+    render_views
+
+    it 'shows custom attributes' do
+      custom_bool
+      get :index
+      expect(response.body).to include('id="custom_data_Has_pets" value="false" />')
+    end
+  end
+
+  context 'update' do
+    it 'updates custom attributes' do
+      custom_bool
+      post :update, params: { custom_data: { 'Has pets': true } }
+      data = user.custom_userdata.first
+      expect(data.name).to eq('Has pets')
+      expect(data.value).to be true
+    end
+  end
+end
diff --git a/spec/controllers/profile/authentication_devices_spec.rb b/spec/controllers/profile/authentication_devices_spec.rb
index 0bae55c..ce4df76 100644
--- a/spec/controllers/profile/authentication_devices_spec.rb
+++ b/spec/controllers/profile/authentication_devices_spec.rb
@@ -2,7 +2,7 @@
 
 require 'rails_helper'
 
-RSpec.describe Profile::AuthenticationDevicesController, type: :controller do # rubocop:disable Metrics/BlockLength
+RSpec.describe Profile::AuthenticationDevicesController, type: :controller do
   let(:user) do
     User.create!(
       username: 'example',
diff --git a/spec/mailers/user_mailer_spec.rb b/spec/mailers/user_mailer_spec.rb
index 23ff566..f0fff2e 100644
--- a/spec/mailers/user_mailer_spec.rb
+++ b/spec/mailers/user_mailer_spec.rb
@@ -2,7 +2,7 @@
 
 require 'rails_helper'
 
-RSpec.describe UserMailer, type: :mailer do # rubocop:disable Metrics/BlockLength
+RSpec.describe UserMailer, type: :mailer do
   context 'group_welcome_email' do
     let(:user) { User.create!(username: 'user', email: 'user@localhost', password: 'test1234') }
     let(:group) { Group.create!(name: 'administrators', admin: true) }
diff --git a/spec/models/concerns/deserializable_spec.rb b/spec/models/concerns/deserializable_spec.rb
new file mode 100644
index 0000000..70855d6
--- /dev/null
+++ b/spec/models/concerns/deserializable_spec.rb
@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Deserializable do
+  before do
+    stub_const('Example', Class.new)
+    Example.class_eval do
+      include Deserializable
+    end
+  end
+  context 'deserialize' do
+    let(:deserializable) { Example.new }
+
+    describe 'boolean' do
+      it '"t"' do
+        expect(deserializable.deserialize('t', 'boolean')).to eq(true)
+      end
+
+      it 'true' do
+        expect(deserializable.deserialize(true, 'boolean')).to eq(true)
+      end
+
+      it '"true"' do
+        expect(deserializable.deserialize('true', 'boolean')).to eq(true)
+      end
+
+      it '"1"' do
+        expect(deserializable.deserialize('1', 'boolean')).to eq(true)
+      end
+
+      it '1' do
+        expect(deserializable.deserialize(1, 'boolean')).to eq(true)
+      end
+
+      it ':true' do
+        expect(deserializable.deserialize(:true, 'boolean')).to eq(true) #  rubocop:disable Lint/BooleanSymbol
+      end
+    end
+
+    describe 'array' do
+      it 'comma' do
+        expect(deserializable.deserialize('1,2', 'array')).to eq %w[1 2]
+      end
+
+      it 'semicolon' do
+        expect(deserializable.deserialize('1;2', 'array')).to eq %w[1 2]
+      end
+
+      it 'newline' do
+        expect(deserializable.deserialize("1\n2", 'array')).to eq %w[1 2]
+      end
+    end
+
+    it 'integer' do
+      expect(deserializable.deserialize('3', 'integer')).to eq 3
+    end
+  end
+end
diff --git a/spec/models/custom_groupdata_spec.rb b/spec/models/custom_groupdata_spec.rb
new file mode 100644
index 0000000..aad1eb3
--- /dev/null
+++ b/spec/models/custom_groupdata_spec.rb
@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe CustomGroupdatum, type: :model do
+  let(:custom_type) { CustomGroupDataType.create(name: 'alias', custom_type: 'string') }
+  let(:group) { Group.create!(name: 'root') }
+
+  it 'A user can have a custom user data' do
+    data = CustomGroupdatum.create!(group: group, custom_group_data_type: custom_type, value: 'ahoy')
+    expect(data.name).to eq('alias')
+    expect(data.value).to eq('ahoy')
+  end
+end
diff --git a/spec/models/custom_userdata_spec.rb b/spec/models/custom_userdata_spec.rb
new file mode 100644
index 0000000..eb22241
--- /dev/null
+++ b/spec/models/custom_userdata_spec.rb
@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe CustomUserdatum, type: :model do
+  let(:custom_bool) { CustomUserdataType.create(name: 'has_pets', custom_type: 'boolean') }
+  let(:user) { User.create!(username: 'example', email: 'test@localhost', password: 'test1234') }
+
+  it 'A user can have a custom user data' do
+    data = CustomUserdatum.create!(user: user, custom_userdata_type: custom_bool, value: false)
+    expect(data.name).to eq('has_pets')
+    expect(data.value).to be false
+  end
+end