From e982579711da3c7e7015b3c9d7dc0fb37e03c1bf Mon Sep 17 00:00:00 2001
From: Christian Cueni <christian.cueni@iterativ.ch>
Date: Tue, 1 Oct 2019 14:41:36 +0200
Subject: [PATCH 01/18] Add public graphql endpoint

---
 server/api/public_schema.py   | 25 ++++++++++++++
 server/api/schema.py          |  8 +++--
 server/api/urls.py            |  8 +++++
 server/users/schema.py        | 46 +++----------------------
 server/users/schema_public.py | 63 +++++++++++++++++++++++++++++++++++
 5 files changed, 106 insertions(+), 44 deletions(-)
 create mode 100644 server/api/public_schema.py
 create mode 100644 server/users/schema_public.py

diff --git a/server/api/public_schema.py b/server/api/public_schema.py
new file mode 100644
index 00000000..f0c2abae
--- /dev/null
+++ b/server/api/public_schema.py
@@ -0,0 +1,25 @@
+import graphene
+from django.conf import settings
+from graphene import relay
+from graphene_django.debug import DjangoDebug
+
+
+from users.schema_public import UsersQuery
+from users.mutations import ProfileMutations
+
+
+class Query(UsersQuery, graphene.ObjectType):
+    node = relay.Node.Field()
+
+    if settings.DEBUG:
+        debug = graphene.Field(DjangoDebug, name='__debug')
+
+
+# class Mutation(BookMutations, RoomMutations, AssignmentMutations, ObjectiveMutations, CoreMutations, PortfolioMutations,
+#                ProfileMutations, SurveysMutations, graphene.ObjectType):
+
+    if settings.DEBUG:
+        debug = graphene.Field(DjangoDebug, name='__debug')
+
+
+schema = graphene.Schema(query=Query)
diff --git a/server/api/schema.py b/server/api/schema.py
index 68436053..24953121 100644
--- a/server/api/schema.py
+++ b/server/api/schema.py
@@ -19,12 +19,14 @@ from surveys.schema import SurveysQuery
 from surveys.mutations import SurveysMutations
 from rooms.mutations import RoomMutations
 from rooms.schema import RoomsQuery, ModuleRoomsQuery
-from users.schema import UsersQuery
+from users.schema_public import UsersQuery
+from users.schema import AllUsersQuery
 from users.mutations import ProfileMutations
 
 
-class Query(UsersQuery, ModuleRoomsQuery, RoomsQuery, ObjectivesQuery, BookQuery, AssignmentsQuery, StudentSubmissionQuery,
-            BasicKnowledgeQuery, PortfolioQuery, MyActivityQuery, SurveysQuery, graphene.ObjectType):
+class Query(UsersQuery, AllUsersQuery, ModuleRoomsQuery, RoomsQuery, ObjectivesQuery, BookQuery, AssignmentsQuery,
+            StudentSubmissionQuery,  BasicKnowledgeQuery, PortfolioQuery, MyActivityQuery, SurveysQuery,
+            graphene.ObjectType):
     node = relay.Node.Field()
 
     if settings.DEBUG:
diff --git a/server/api/urls.py b/server/api/urls.py
index 92f2eef5..b3002aea 100644
--- a/server/api/urls.py
+++ b/server/api/urls.py
@@ -1,13 +1,21 @@
 from django.conf import settings
 from django.conf.urls import url
 from django.views.decorators.csrf import csrf_exempt
+from graphene_django.views import GraphQLView
+
+from api.public_schema import schema
 
 from core.views import PrivateGraphQLView
 
 app_name = 'api'
 urlpatterns = [
+    url(r'^graphql-public', csrf_exempt(GraphQLView.as_view(schema=schema))),
     url(r'^graphql', csrf_exempt(PrivateGraphQLView.as_view())),
 ]
 
 if settings.DEBUG:
+    urlpatterns += [url(r'^graphiql-public', csrf_exempt(GraphQLView.as_view(schema=schema, graphiql=True,
+                                                                                 pretty=True)))]
     urlpatterns += [url(r'^graphiql', csrf_exempt(PrivateGraphQLView.as_view(graphiql=True, pretty=True)))]
+
+
diff --git a/server/users/schema.py b/server/users/schema.py
index 40aa2146..7b84653f 100644
--- a/server/users/schema.py
+++ b/server/users/schema.py
@@ -1,54 +1,18 @@
 import graphene
-from graphene import relay
-from graphene_django import DjangoObjectType
 from graphene_django.filter import DjangoFilterConnectionField
 
-from users.models import SchoolClass, User
+from users.models import User
+from users.schema_public import UserNode
 
 
-class SchoolClassNode(DjangoObjectType):
-    pk = graphene.Int()
-
-    class Meta:
-        model = SchoolClass
-        filter_fields = ['name']
-        interfaces = (relay.Node,)
-
-    def resolve_pk(self, *args, **kwargs):
-        return self.id
-
-
-class UserNode(DjangoObjectType):
-    pk = graphene.Int()
-    permissions = graphene.List(graphene.String)
-    selected_class = graphene.Field(SchoolClassNode)
-
-    class Meta:
-        model = User
-        filter_fields = ['username', 'email']
-        only_fields = ['username', 'email', 'first_name', 'last_name', 'school_classes', 'last_module', 'avatar_url',
-                       'selected_class']
-        interfaces = (relay.Node,)
-
-    def resolve_pk(self, info, **kwargs):
-        return self.id
-
-    def resolve_permissions(self, info):
-        return self.get_all_permissions()
-
-    def resolve_selected_class(self, info):
-        return self.selected_class()
-
-
-class UsersQuery(object):
+class AllUsersQuery(object):
     me = graphene.Field(UserNode)
     all_users = DjangoFilterConnectionField(UserNode)
 
-    def resolve_me(self, info, **kwargs):
-        return info.context.user
-
     def resolve_all_users(self, info, **kwargs):
         if not info.context.user.is_superuser:
             return User.objects.none()
         else:
             return User.objects.all()
+
+
diff --git a/server/users/schema_public.py b/server/users/schema_public.py
new file mode 100644
index 00000000..dfa23853
--- /dev/null
+++ b/server/users/schema_public.py
@@ -0,0 +1,63 @@
+# -*- coding: utf-8 -*-
+#
+# ITerativ GmbH
+# http://www.iterativ.ch/
+#
+# Copyright (c) 2019 ITerativ GmbH. All rights reserved.
+#
+# Created on 2019-10-01
+# @author: chrigu <christian.cueni@iterativ.ch>
+import graphene
+from graphene import relay
+from graphene_django import DjangoObjectType
+from graphene_django.filter import DjangoFilterConnectionField
+
+from users.models import User, SchoolClass
+
+
+class SchoolClassNode(DjangoObjectType):
+    pk = graphene.Int()
+
+    class Meta:
+        model = SchoolClass
+        filter_fields = ['name']
+        interfaces = (relay.Node,)
+
+    def resolve_pk(self, *args, **kwargs):
+        return self.id
+
+
+class UserNode(DjangoObjectType):
+    pk = graphene.Int()
+    permissions = graphene.List(graphene.String)
+    selected_class = graphene.Field(SchoolClassNode)
+
+    class Meta:
+        model = User
+        filter_fields = ['username', 'email']
+        only_fields = ['username', 'email', 'first_name', 'last_name', 'school_classes', 'last_module', 'avatar_url',
+                       'selected_class']
+        interfaces = (relay.Node,)
+
+    def resolve_pk(self, info, **kwargs):
+        return self.id
+
+    def resolve_permissions(self, info):
+        return self.get_all_permissions()
+
+    def resolve_selected_class(self, info):
+        return self.selected_class()
+
+
+class UsersQuery(object):
+    me = graphene.Field(UserNode)
+    all_users = DjangoFilterConnectionField(UserNode)
+
+    def resolve_me(self, info, **kwargs):
+        return info.context.user
+
+    def resolve_all_users(self, info, **kwargs):
+        if not info.context.user.is_superuser:
+            return User.objects.none()
+        else:
+            return User.objects.all()

From 7d6a03743c3dab4595e92ed379bbc767aa71497e Mon Sep 17 00:00:00 2001
From: Christian Cueni <christian.cueni@iterativ.ch>
Date: Tue, 1 Oct 2019 15:07:36 +0200
Subject: [PATCH 02/18] Add login endpoint

---
 .../{public_schema.py => schema_public.py}    |  7 ++-
 server/api/urls.py                            |  4 +-
 server/users/mutations_public.py              | 46 +++++++++++++++++++
 3 files changed, 51 insertions(+), 6 deletions(-)
 rename server/api/{public_schema.py => schema_public.py} (59%)
 create mode 100644 server/users/mutations_public.py

diff --git a/server/api/public_schema.py b/server/api/schema_public.py
similarity index 59%
rename from server/api/public_schema.py
rename to server/api/schema_public.py
index f0c2abae..69c972aa 100644
--- a/server/api/public_schema.py
+++ b/server/api/schema_public.py
@@ -5,7 +5,7 @@ from graphene_django.debug import DjangoDebug
 
 
 from users.schema_public import UsersQuery
-from users.mutations import ProfileMutations
+from users.mutations_public import UserMutations
 
 
 class Query(UsersQuery, graphene.ObjectType):
@@ -15,11 +15,10 @@ class Query(UsersQuery, graphene.ObjectType):
         debug = graphene.Field(DjangoDebug, name='__debug')
 
 
-# class Mutation(BookMutations, RoomMutations, AssignmentMutations, ObjectiveMutations, CoreMutations, PortfolioMutations,
-#                ProfileMutations, SurveysMutations, graphene.ObjectType):
+class Mutation(UserMutations, graphene.ObjectType):
 
     if settings.DEBUG:
         debug = graphene.Field(DjangoDebug, name='__debug')
 
 
-schema = graphene.Schema(query=Query)
+schema = graphene.Schema(query=Query, mutation=Mutation)
diff --git a/server/api/urls.py b/server/api/urls.py
index b3002aea..69beea15 100644
--- a/server/api/urls.py
+++ b/server/api/urls.py
@@ -3,7 +3,7 @@ from django.conf.urls import url
 from django.views.decorators.csrf import csrf_exempt
 from graphene_django.views import GraphQLView
 
-from api.public_schema import schema
+from api.schema_public import schema
 
 from core.views import PrivateGraphQLView
 
@@ -15,7 +15,7 @@ urlpatterns = [
 
 if settings.DEBUG:
     urlpatterns += [url(r'^graphiql-public', csrf_exempt(GraphQLView.as_view(schema=schema, graphiql=True,
-                                                                                 pretty=True)))]
+                                                                             pretty=True)))]
     urlpatterns += [url(r'^graphiql', csrf_exempt(PrivateGraphQLView.as_view(graphiql=True, pretty=True)))]
 
 
diff --git a/server/users/mutations_public.py b/server/users/mutations_public.py
new file mode 100644
index 00000000..0c186b4f
--- /dev/null
+++ b/server/users/mutations_public.py
@@ -0,0 +1,46 @@
+# -*- coding: utf-8 -*-
+#
+# ITerativ GmbH
+# http://www.iterativ.ch/
+#
+# Copyright (c) 2019 ITerativ GmbH. All rights reserved.
+#
+# Created on 2019-10-01
+# @author: chrigu <christian.cueni@iterativ.ch>
+import graphene
+from django.contrib.auth import authenticate, login
+from graphene import relay
+
+
+class FieldError(graphene.ObjectType):
+    code = graphene.String()
+
+
+class UpdateError(graphene.ObjectType):
+    field = graphene.String()
+    errors = graphene.List(FieldError)
+
+
+class Login(relay.ClientIDMutation):
+    class Input:
+        username_input = graphene.String()
+        password_input = graphene.String()
+
+    success = graphene.Boolean()
+    errors = graphene.List(UpdateError)  # todo: change for consistency
+
+    @classmethod
+    def mutate_and_get_payload(cls, root, info, **kwargs):
+
+        user = authenticate(username=kwargs.get('username_input'), password=kwargs.get('password_input'))
+        if user is not None:
+            login(info.context, user)
+            return cls(success=True, errors=[])
+        else:
+            return cls(success=False, errors=['invalid_credentials'])
+
+
+class UserMutations:
+    login = Login.Field()
+
+

From 46518a22f838aa8d00172fc07cf34432d36dc89e Mon Sep 17 00:00:00 2001
From: Christian Cueni <christian.cueni@iterativ.ch>
Date: Wed, 2 Oct 2019 10:30:04 +0200
Subject: [PATCH 03/18] Add password reset mutations

---
 server/users/mutations_public.py | 98 +++++++++++++++++++++++++++++++-
 1 file changed, 96 insertions(+), 2 deletions(-)

diff --git a/server/users/mutations_public.py b/server/users/mutations_public.py
index 0c186b4f..dd140a4f 100644
--- a/server/users/mutations_public.py
+++ b/server/users/mutations_public.py
@@ -9,14 +9,19 @@
 # @author: chrigu <christian.cueni@iterativ.ch>
 import graphene
 from django.contrib.auth import authenticate, login
+from django.contrib.auth.forms import PasswordResetForm
+from django.contrib.auth.views import PasswordResetView, PasswordResetConfirmView, INTERNAL_RESET_URL_TOKEN
 from graphene import relay
 
+from core import settings
+from users.models import User
+
 
 class FieldError(graphene.ObjectType):
     code = graphene.String()
 
 
-class UpdateError(graphene.ObjectType):
+class MutationError(graphene.ObjectType):
     field = graphene.String()
     errors = graphene.List(FieldError)
 
@@ -27,7 +32,7 @@ class Login(relay.ClientIDMutation):
         password_input = graphene.String()
 
     success = graphene.Boolean()
-    errors = graphene.List(UpdateError)  # todo: change for consistency
+    errors = graphene.List(MutationError)  # todo: change for consistency
 
     @classmethod
     def mutate_and_get_payload(cls, root, info, **kwargs):
@@ -40,7 +45,96 @@ class Login(relay.ClientIDMutation):
             return cls(success=False, errors=['invalid_credentials'])
 
 
+class PasswordReset(relay.ClientIDMutation):
+    class Input:
+        email_input = graphene.String()
+
+    success = graphene.Boolean()
+    errors = graphene.List(MutationError)
+
+    @classmethod
+    def mutate_and_get_payload(cls, root, info, **kwargs):
+        email = kwargs.get('email_input')
+        try:
+            user = User.objects.get(email=email)  # todo: make lowercase
+        except User.DoesNotExist:
+            return cls(success=False, errors=['invalid_email'])
+
+        try:
+            password_reset_view = PasswordResetView(request=info.context)
+            form = password_reset_view.form_class({'email': user.email})
+            form.is_valid()
+            password_reset_view.form_valid(form)
+        except Exception:
+            return cls(success=False, errors=['email_error'])
+
+        return cls(success=True, errors=[])
+
+
+class PasswordConfirm:
+    @classmethod
+    def verify_token_and_uidb64(cls, token, uidb64, request):
+        password_reset_confirm_view = PasswordResetConfirmView(request=request)
+        return password_reset_confirm_view.dispatch(uidb64=uidb64, token=token, request=request)
+
+
+class PasswordResetVerify(relay.ClientIDMutation, PasswordConfirm):
+    class Input:
+        token_input = graphene.String()
+        uidb64_input = graphene.String()
+
+    success = graphene.Boolean()
+    errors = graphene.List(MutationError)
+
+    @classmethod
+    def mutate_and_get_payload(cls, root, info, **kwargs):
+        uidb64 = kwargs.get('uidb64_input')
+        token = kwargs.get('token_input')
+
+        http_response = cls.verify_token_and_uidb64(token, uidb64, info.context)
+
+        # PasswordResetConfirmView returns a webpage if either token or uidb64 are invalid (HTTP 200)
+        # if token and uidb64 are correct a redirect is returned (HTTP302)
+
+        if http_response.status_code == 302:
+            return cls(success=True, errors=[])
+        else:
+            return cls(success=False, errors=['invalid_challenge'])
+
+
+class PasswordResetSetPassword(relay.ClientIDMutation, PasswordConfirm):
+    class Input:
+        new_password_input = graphene.String()
+        confirm_new_password_input = graphene.String()
+        uidb64_input = graphene.String()
+
+    success = graphene.Boolean()
+    errors = graphene.List(MutationError)
+
+    @classmethod
+    def mutate_and_get_payload(cls, root, info, **kwargs):
+        uidb64 = kwargs.get('uidb64_input')
+        new_password = kwargs.get('new_password_input')
+        confirm_new_password_input = kwargs.get('confirm_new_password_input')
+
+        # fake ordinary POST for view
+        info.context.POST = {
+                'new_password1': new_password,
+                'new_password2': confirm_new_password_input
+            }
+
+        http_response = cls.verify_token_and_uidb64(INTERNAL_RESET_URL_TOKEN, uidb64, info.context)
+
+        if http_response.status_code == 302:
+            return cls(success=True, errors=[])
+        else:
+            return cls(success=False, errors=['invalid_passwords'])  # todo: check error from form
+
+
 class UserMutations:
     login = Login.Field()
+    password_reset = PasswordReset.Field()
+    password_reset_verify = PasswordResetVerify.Field()
+    password_reset_set_password = PasswordResetSetPassword.Field()
 
 

From 7e927539777bf75a2db169399583622fa75bdc6c Mon Sep 17 00:00:00 2001
From: Christian Cueni <christian.cueni@iterativ.ch>
Date: Wed, 2 Oct 2019 13:06:16 +0200
Subject: [PATCH 04/18] Add password reset tests

---
 server/users/mutations_public.py          |  32 ++++-
 server/users/tests/test_password_reset.py | 136 ++++++++++++++++++++++
 2 files changed, 162 insertions(+), 6 deletions(-)
 create mode 100644 server/users/tests/test_password_reset.py

diff --git a/server/users/mutations_public.py b/server/users/mutations_public.py
index dd140a4f..2e43b0b5 100644
--- a/server/users/mutations_public.py
+++ b/server/users/mutations_public.py
@@ -7,6 +7,8 @@
 #
 # Created on 2019-10-01
 # @author: chrigu <christian.cueni@iterativ.ch>
+import re
+
 import graphene
 from django.contrib.auth import authenticate, login
 from django.contrib.auth.forms import PasswordResetForm
@@ -60,10 +62,14 @@ class PasswordReset(relay.ClientIDMutation):
         except User.DoesNotExist:
             return cls(success=False, errors=['invalid_email'])
 
+        password_reset_view = PasswordResetView()
+        password_reset_view.request = info.context
+        form = password_reset_view.form_class({'email': user.email})
+
+        if not form.is_valid():
+            return cls(success=False, errors=form.errors)
+
         try:
-            password_reset_view = PasswordResetView(request=info.context)
-            form = password_reset_view.form_class({'email': user.email})
-            form.is_valid()
             password_reset_view.form_valid(form)
         except Exception:
             return cls(success=False, errors=['email_error'])
@@ -119,9 +125,12 @@ class PasswordResetSetPassword(relay.ClientIDMutation, PasswordConfirm):
 
         # fake ordinary POST for view
         info.context.POST = {
-                'new_password1': new_password,
-                'new_password2': confirm_new_password_input
-            }
+            'new_password1': new_password,
+            'new_password2': confirm_new_password_input
+         }
+
+        if not cls.verify_strong_password(new_password):
+            return cls(success=False, errors=['invalid_passwords'])
 
         http_response = cls.verify_token_and_uidb64(INTERNAL_RESET_URL_TOKEN, uidb64, info.context)
 
@@ -130,6 +139,17 @@ class PasswordResetSetPassword(relay.ClientIDMutation, PasswordConfirm):
         else:
             return cls(success=False, errors=['invalid_passwords'])  # todo: check error from form
 
+    @classmethod
+    def verify_strong_password(cls, password):
+        if len(password) == 0:
+            return password
+
+        has_number = re.search('\d', password)
+        has_upper = re.search('[A-Z]', password)
+        has_lower = re.search('[a-z]', password)
+        has_special = re.search('[!@#$%^&*(),.?":{}|<>\+]', password)
+
+        return has_number and has_upper and has_lower and has_special
 
 class UserMutations:
     login = Login.Field()
diff --git a/server/users/tests/test_password_reset.py b/server/users/tests/test_password_reset.py
new file mode 100644
index 00000000..f9227177
--- /dev/null
+++ b/server/users/tests/test_password_reset.py
@@ -0,0 +1,136 @@
+# -*- coding: utf-8 -*-
+#
+# ITerativ GmbH
+# http://www.iterativ.ch/
+#
+# Copyright (c) 2019 ITerativ GmbH. All rights reserved.
+#
+# Created on 2019-10-02
+# @author: chrigu <christian.cueni@iterativ.ch>
+from django.contrib.auth.tokens import PasswordResetTokenGenerator
+from django.contrib.sessions.middleware import SessionMiddleware
+from django.core import mail
+from django.test import TestCase, RequestFactory
+from django.utils.encoding import force_bytes
+from django.utils.http import urlsafe_base64_encode
+from graphene.test import Client
+
+from api.schema_public import schema
+from core.factories import UserFactory
+
+
+class PasswordResetTests(TestCase):
+    def setUp(self):
+        self.user = UserFactory(username='aschi')
+
+        request = RequestFactory().post('/')
+
+        # adding session
+        middleware = SessionMiddleware()
+        middleware.process_request(request)
+        request.session.save()
+        self.client = Client(schema=schema, context_value=request)
+
+    def make_reset_mutation(self, email):
+        mutation = '''
+            mutation PasswordReset($input: PasswordResetInput!){
+              passwordReset(input: $input) {
+                success
+                errors {
+                  field
+                }
+              }
+            }
+        '''
+
+        return self.client.execute(mutation, variables={
+            'input': {
+                'emailInput': email
+            }
+        })
+
+    def make_set_verify_mutation(self, uidb64, token):
+        mutation = '''
+            mutation PasswordResetVerify($input: PasswordResetVerifyInput!){
+              passwordResetVerify(input: $input) {
+                success
+                errors {
+                  field
+                }
+              }
+            }
+        '''
+
+        return self.client.execute(mutation, variables={
+            'input': {
+                'uidb64Input': uidb64,
+                'tokenInput': token
+            }
+        })
+
+    def make_set_password_mutation(self, uidb64, new_password, new_password_confirm):
+        mutation = '''
+            mutation PasswordResetSetPassword($input: PasswordResetSetPasswordInput!){
+              passwordResetSetPassword(input: $input) {
+                success
+                errors {
+                  field
+                }
+              }
+            }
+        '''
+
+        return self.client.execute(mutation, variables={
+            'input': {
+                'uidb64Input': uidb64,
+                'newPasswordInput': new_password,
+                'confirmNewPasswordInput': new_password_confirm,
+            }
+        })
+
+    def test_user_can_initiate_password(self):
+        result = self.make_reset_mutation(self.user.email)
+        self.assertEqual(len(mail.outbox), 1)
+        self.assertEqual(mail.outbox[0].subject.startswith('Passwort auf'), True)
+        self.assertEqual(result.get('data').get('passwordReset').get('success'), True)
+
+    def test_user_can_verify_and_set_password(self):
+        token_generator = PasswordResetTokenGenerator()
+        token = token_generator.make_token(self.user)
+        uidb64 = urlsafe_base64_encode(force_bytes(self.user.pk)).decode()
+
+        result = self.make_set_verify_mutation(uidb64, token)
+        self.assertEqual(result.get('data').get('passwordResetVerify').get('success'), True)
+
+        new_password = 'Abcd1234!'
+
+        set_result = self.make_set_password_mutation(uidb64, new_password, new_password)
+        print(set_result)
+        self.assertEqual(set_result.get('data').get('passwordResetSetPassword').get('success'), True)
+
+    def test_user_cannot_use_unsafe_password(self):
+        token_generator = PasswordResetTokenGenerator()
+        token = token_generator.make_token(self.user)
+        uidb64 = urlsafe_base64_encode(force_bytes(self.user.pk)).decode()
+
+        result = self.make_set_verify_mutation(uidb64, token)
+        self.assertEqual(result.get('data').get('passwordResetVerify').get('success'), True)
+
+        new_password = 'test'
+
+        set_result = self.make_set_password_mutation(uidb64, new_password, new_password)
+        self.assertEqual(set_result.get('data').get('passwordResetSetPassword').get('success'), False)
+
+    def test_new_passwords_must_match(self):
+        token_generator = PasswordResetTokenGenerator()
+        token = token_generator.make_token(self.user)
+        uidb64 = urlsafe_base64_encode(force_bytes(self.user.pk)).decode()
+
+        result = self.make_set_verify_mutation(uidb64, token)
+        self.assertEqual(result.get('data').get('passwordResetVerify').get('success'), True)
+
+        new_password = 'Abcd1234!'
+        new_password_confirm = 'Abcd1234!1'
+
+        set_result = self.make_set_password_mutation(uidb64, new_password, new_password_confirm)
+        self.assertEqual(set_result.get('data').get('passwordResetSetPassword').get('success'), False)

From fb225b926d134c5a211062d8b08c3d83603deda3 Mon Sep 17 00:00:00 2001
From: Christian Cueni <christian.cueni@iterativ.ch>
Date: Wed, 2 Oct 2019 13:29:06 +0200
Subject: [PATCH 05/18] Add login tests

---
 server/users/mutations_public.py          |  2 +-
 server/users/tests/test_login.py          | 64 +++++++++++++++++++++++
 server/users/tests/test_password_reset.py | 17 +++---
 3 files changed, 73 insertions(+), 10 deletions(-)
 create mode 100644 server/users/tests/test_login.py

diff --git a/server/users/mutations_public.py b/server/users/mutations_public.py
index 2e43b0b5..d02b6bc8 100644
--- a/server/users/mutations_public.py
+++ b/server/users/mutations_public.py
@@ -10,7 +10,7 @@
 import re
 
 import graphene
-from django.contrib.auth import authenticate, login
+from django.contrib.auth import authenticate, login, logout
 from django.contrib.auth.forms import PasswordResetForm
 from django.contrib.auth.views import PasswordResetView, PasswordResetConfirmView, INTERNAL_RESET_URL_TOKEN
 from graphene import relay
diff --git a/server/users/tests/test_login.py b/server/users/tests/test_login.py
new file mode 100644
index 00000000..c24dbe4a
--- /dev/null
+++ b/server/users/tests/test_login.py
@@ -0,0 +1,64 @@
+# -*- coding: utf-8 -*-
+#
+# ITerativ GmbH
+# http://www.iterativ.ch/
+#
+# Copyright (c) 2019 ITerativ GmbH. All rights reserved.
+#
+# Created on 2019-10-02
+# @author: chrigu <christian.cueni@iterativ.ch>
+from django.contrib.sessions.middleware import SessionMiddleware
+from django.test import TestCase, RequestFactory
+from graphene.test import Client
+
+from api.schema_public import schema
+from core.factories import UserFactory
+
+
+class PasswordResetTests(TestCase):
+    def setUp(self):
+        self.user = UserFactory(username='aschi@iterativ.ch', email='aschi@iterativ.ch')
+
+        request = RequestFactory().post('/')
+
+        # adding session
+        middleware = SessionMiddleware()
+        middleware.process_request(request)
+        request.session.save()
+        self.client = Client(schema=schema, context_value=request)
+
+    def make_login_mutation(self, username, password):
+        mutation = '''
+            mutation Login($input: LoginInput!){
+              login(input: $input) {
+                success
+                errors {
+                  field
+                }
+              }
+            }
+        '''
+
+        return self.client.execute(mutation, variables={
+            'input': {
+                'usernameInput': username,
+                'passwordInput': password
+            }
+        })
+
+    def test_user_can_login(self):
+        password = 'test123'
+        self.user.set_password(password)
+        self.user.save()
+
+        result = self.make_login_mutation(self.user.email, password)
+        self.assertTrue(result.get('data').get('login').get('success'))
+        self.assertTrue(self.user.is_authenticated)
+
+    def test_user_cannot_login_with_invalid_password(self):
+        password = 'test123'
+        self.user.set_password(password)
+        self.user.save()
+
+        result = self.make_login_mutation(self.user.email, 'test1234')
+        self.assertFalse(result.get('data').get('login').get('success'))
diff --git a/server/users/tests/test_password_reset.py b/server/users/tests/test_password_reset.py
index f9227177..4bd9f1ee 100644
--- a/server/users/tests/test_password_reset.py
+++ b/server/users/tests/test_password_reset.py
@@ -91,8 +91,8 @@ class PasswordResetTests(TestCase):
     def test_user_can_initiate_password(self):
         result = self.make_reset_mutation(self.user.email)
         self.assertEqual(len(mail.outbox), 1)
-        self.assertEqual(mail.outbox[0].subject.startswith('Passwort auf'), True)
-        self.assertEqual(result.get('data').get('passwordReset').get('success'), True)
+        self.assertTrue(mail.outbox[0].subject.startswith('Passwort auf'))
+        self.assertTrue(result.get('data').get('passwordReset').get('success'))
 
     def test_user_can_verify_and_set_password(self):
         token_generator = PasswordResetTokenGenerator()
@@ -100,13 +100,12 @@ class PasswordResetTests(TestCase):
         uidb64 = urlsafe_base64_encode(force_bytes(self.user.pk)).decode()
 
         result = self.make_set_verify_mutation(uidb64, token)
-        self.assertEqual(result.get('data').get('passwordResetVerify').get('success'), True)
+        self.assertTrue(result.get('data').get('passwordResetVerify').get('success'))
 
         new_password = 'Abcd1234!'
 
         set_result = self.make_set_password_mutation(uidb64, new_password, new_password)
-        print(set_result)
-        self.assertEqual(set_result.get('data').get('passwordResetSetPassword').get('success'), True)
+        self.assertTrue(set_result.get('data').get('passwordResetSetPassword').get('success'))
 
     def test_user_cannot_use_unsafe_password(self):
         token_generator = PasswordResetTokenGenerator()
@@ -114,12 +113,12 @@ class PasswordResetTests(TestCase):
         uidb64 = urlsafe_base64_encode(force_bytes(self.user.pk)).decode()
 
         result = self.make_set_verify_mutation(uidb64, token)
-        self.assertEqual(result.get('data').get('passwordResetVerify').get('success'), True)
+        self.assertTrue(result.get('data').get('passwordResetVerify').get('success'))
 
         new_password = 'test'
 
         set_result = self.make_set_password_mutation(uidb64, new_password, new_password)
-        self.assertEqual(set_result.get('data').get('passwordResetSetPassword').get('success'), False)
+        self.assertFalse(set_result.get('data').get('passwordResetSetPassword').get('success'),)
 
     def test_new_passwords_must_match(self):
         token_generator = PasswordResetTokenGenerator()
@@ -127,10 +126,10 @@ class PasswordResetTests(TestCase):
         uidb64 = urlsafe_base64_encode(force_bytes(self.user.pk)).decode()
 
         result = self.make_set_verify_mutation(uidb64, token)
-        self.assertEqual(result.get('data').get('passwordResetVerify').get('success'), True)
+        self.assertTrue(result.get('data').get('passwordResetVerify').get('success'))
 
         new_password = 'Abcd1234!'
         new_password_confirm = 'Abcd1234!1'
 
         set_result = self.make_set_password_mutation(uidb64, new_password, new_password_confirm)
-        self.assertEqual(set_result.get('data').get('passwordResetSetPassword').get('success'), False)
+        self.assertFalse(set_result.get('data').get('passwordResetSetPassword').get('success'))

From 062269f030fcae132fdee7b566a1c26c90a0d0e7 Mon Sep 17 00:00:00 2001
From: Christian Cueni <christian.cueni@iterativ.ch>
Date: Wed, 2 Oct 2019 16:11:15 +0200
Subject: [PATCH 06/18] Add loggedIn guard, add basic login component

---
 client/src/App.vue                         |   2 +
 client/src/graphql/client.js               | 132 ++++++++---------
 client/src/graphql/gql/mutations/login.gql |   8 ++
 client/src/layouts/PublicLayout.vue        |  23 +++
 client/src/main.js                         |  32 ++++-
 client/src/pages/login.vue                 | 158 +++++++++++++++++++++
 client/src/router/index.js                 |  15 +-
 server/core/middleware.py                  |  20 +++
 server/core/settings.py                    |   1 +
 server/core/views.py                       |   2 -
 server/users/mutations_public.py           |   1 -
 11 files changed, 323 insertions(+), 71 deletions(-)
 create mode 100644 client/src/graphql/gql/mutations/login.gql
 create mode 100644 client/src/layouts/PublicLayout.vue
 create mode 100644 client/src/pages/login.vue

diff --git a/client/src/App.vue b/client/src/App.vue
index 1b99180e..479743b2 100644
--- a/client/src/App.vue
+++ b/client/src/App.vue
@@ -11,6 +11,7 @@
   import SimpleLayout from '@/layouts/SimpleLayout';
   import BlankLayout from '@/layouts/BlankLayout';
   import FullScreenLayout from '@/layouts/FullScreenLayout';
+  import PublicLayout from '@/layouts/PublicLayout';
   import Modal from '@/components/Modal';
   import MobileNavigation from '@/components/MobileNavigation';
   import NewContentBlockWizard from '@/components/content-block-form/NewContentBlockWizard';
@@ -36,6 +37,7 @@
       SimpleLayout,
       BlankLayout,
       FullScreenLayout,
+      PublicLayout,
       Modal,
       MobileNavigation,
       NewContentBlockWizard,
diff --git a/client/src/graphql/client.js b/client/src/graphql/client.js
index 84841780..6d0822b0 100644
--- a/client/src/graphql/client.js
+++ b/client/src/graphql/client.js
@@ -4,71 +4,73 @@ import {ApolloClient} from 'apollo-client/index'
 import {ApolloLink} from 'apollo-link'
 import fetch from 'unfetch'
 
-const httpLink = new HttpLink({
-  // uri: process.env.NODE_ENV !== 'production' ? 'http://localhost:8000/api/graphql/' : '/api/graphql/',
-  uri: '/api/graphql/',
-  credentials: 'include',
-  fetch: fetch,
-  headers: {
-    'X-CSRFToken': document.cookie.replace(/(?:(?:^|.*;\s*)csrftoken\s*=\s*([^;]*).*$)|^.*$/, '$1')
-  }
-});
-
-const consoleLink = new ApolloLink((operation, forward) => {
-  // console.log(`starting request for ${operation.operationName}`);
-
-  return forward(operation).map((data) => {
-    // console.log(`ending request for ${operation.operationName}`);
-
-    return data
-  })
-});
-
-// from https://github.com/apollographql/apollo-client/issues/1564#issuecomment-357492659
-const omitTypename = (key, value) => {
-  return key === '__typename' ? undefined : value
-};
-
-const createOmitTypenameLink = new ApolloLink((operation, forward) => {
-  if (operation.variables) {
-    operation.variables = JSON.parse(JSON.stringify(operation.variables), omitTypename)
-  }
-
-  return forward(operation)
-});
-
-const composedLink = ApolloLink.from([createOmitTypenameLink, consoleLink, httpLink]);
-
-const cache = new InMemoryCache({
-  cacheRedirects: {
-    Query: {
-      contentBlock: (_, args, {getCacheKey}) => getCacheKey({__typename: 'ContentBlockNode', id: args.id}),
-      chapter: (_, args, {getCacheKey}) => getCacheKey({__typename: 'ChapterNode', id: args.id}),
-      assignment: (_, args, {getCacheKey}) => getCacheKey({__typename: 'AssignmentNode', id: args.id}),
-      objective: (_, args, {getCacheKey}) => getCacheKey({__typename: 'ObjectiveNode', id: args.id}),
-      objectiveGroup: (_, args, {getCacheKey}) => getCacheKey({__typename: 'ObjectiveGroupNode', id: args.id}),
-      module: (_, args, {getCacheKey}) => getCacheKey({__typename: 'ModuleNode', id: args.id}),
-      projectEntry: (_, args, {getCacheKey}) => getCacheKey({__typename: 'ProjectEntryNode', id: args.id}),
+export default function (uri) {
+  const httpLink = new HttpLink({
+    // uri: process.env.NODE_ENV !== 'production' ? 'http://localhost:8000/api/graphql/' : '/api/graphql/',
+    uri,
+    credentials: 'include',
+    fetch: fetch,
+    headers: {
+      'X-CSRFToken': document.cookie.replace(/(?:(?:^|.*;\s*)csrftoken\s*=\s*([^;]*).*$)|^.*$/, '$1')
     }
-  }
-});
+  });
 
-// TODO: Monkey-patching in a fix for an open issue suggesting that
-// `readQuery` should return null or undefined if the query is not yet in the
-// cache: https://github.com/apollographql/apollo-feature-requests/issues/1
-cache.originalReadQuery = cache.readQuery;
-cache.readQuery = (...args) => {
-  try {
-    return cache.originalReadQuery(...args);
-  } catch (err) {
-    return undefined;
-  }
-};
+  const consoleLink = new ApolloLink((operation, forward) => {
+    // console.log(`starting request for ${operation.operationName}`);
 
-// Create the apollo client
-export default new ApolloClient({
-  link: composedLink,
-  // link: httpLink,
-  cache: cache,
-  connectToDevTools: true
-})
+    return forward(operation).map((data) => {
+      // console.log(`ending request for ${operation.operationName}`);
+
+      return data
+    })
+  });
+
+  // from https://github.com/apollographql/apollo-client/issues/1564#issuecomment-357492659
+  const omitTypename = (key, value) => {
+    return key === '__typename' ? undefined : value
+  };
+
+  const createOmitTypenameLink = new ApolloLink((operation, forward) => {
+    if (operation.variables) {
+      operation.variables = JSON.parse(JSON.stringify(operation.variables), omitTypename)
+    }
+
+    return forward(operation)
+  });
+
+  const composedLink = ApolloLink.from([createOmitTypenameLink, consoleLink, httpLink]);
+
+  const cache = new InMemoryCache({
+    cacheRedirects: {
+      Query: {
+        contentBlock: (_, args, {getCacheKey}) => getCacheKey({__typename: 'ContentBlockNode', id: args.id}),
+        chapter: (_, args, {getCacheKey}) => getCacheKey({__typename: 'ChapterNode', id: args.id}),
+        assignment: (_, args, {getCacheKey}) => getCacheKey({__typename: 'AssignmentNode', id: args.id}),
+        objective: (_, args, {getCacheKey}) => getCacheKey({__typename: 'ObjectiveNode', id: args.id}),
+        objectiveGroup: (_, args, {getCacheKey}) => getCacheKey({__typename: 'ObjectiveGroupNode', id: args.id}),
+        module: (_, args, {getCacheKey}) => getCacheKey({__typename: 'ModuleNode', id: args.id}),
+        projectEntry: (_, args, {getCacheKey}) => getCacheKey({__typename: 'ProjectEntryNode', id: args.id}),
+      }
+    }
+  });
+
+  // TODO: Monkey-patching in a fix for an open issue suggesting that
+  // `readQuery` should return null or undefined if the query is not yet in the
+  // cache: https://github.com/apollographql/apollo-feature-requests/issues/1
+  cache.originalReadQuery = cache.readQuery;
+  cache.readQuery = (...args) => {
+    try {
+      return cache.originalReadQuery(...args);
+    } catch (err) {
+      return undefined;
+    }
+  };
+
+  // Create the apollo client
+  return new ApolloClient({
+    link: composedLink,
+    // link: httpLink,
+    cache: cache,
+    connectToDevTools: true
+  })
+}
diff --git a/client/src/graphql/gql/mutations/login.gql b/client/src/graphql/gql/mutations/login.gql
new file mode 100644
index 00000000..ff107cce
--- /dev/null
+++ b/client/src/graphql/gql/mutations/login.gql
@@ -0,0 +1,8 @@
+mutation Login($input: LoginInput!) {
+  login(input: $input) {
+    success
+    errors {
+      field
+    }
+  }
+}
diff --git a/client/src/layouts/PublicLayout.vue b/client/src/layouts/PublicLayout.vue
new file mode 100644
index 00000000..82ee90a3
--- /dev/null
+++ b/client/src/layouts/PublicLayout.vue
@@ -0,0 +1,23 @@
+<template>
+  <div class="container skillbox">
+    <logo></logo>
+    <router-view class="skillbox__content"></router-view>
+    <footer class="skillbox__footer">Footer</footer>
+  </div>
+</template>
+
+<script>
+
+import Logo from '@/components/icons/Logo';
+
+  export default {
+    components: {Logo},
+  }
+</script>
+
+<style lang="scss" scoped>
+  @import "@/styles/_variables.scss";
+  @import "@/styles/_mixins.scss";
+  @import "@/styles/_default-layout.scss";
+
+</style>
diff --git a/client/src/main.js b/client/src/main.js
index 4f314738..45559d88 100644
--- a/client/src/main.js
+++ b/client/src/main.js
@@ -3,7 +3,7 @@ import Vue from 'vue'
 import axios from 'axios'
 import VueAxios from 'vue-axios'
 import VueVimeoPlayer from 'vue-vimeo-player'
-import apolloClient from './graphql/client'
+import apolloClientFactory from './graphql/client'
 import VueApollo from 'vue-apollo'
 import App from './App'
 import router from './router'
@@ -63,8 +63,14 @@ if (process.env.GOOGLE_ANALYTICS_ID) {
 Vue.directive('click-outside', clickOutside);
 Vue.directive('auto-grow', autoGrow);
 
+const publicApolloClient = apolloClientFactory('/api/graphql-public/');
+const privateApolloClient = apolloClientFactory('/api/graphql/');
+
 const apolloProvider = new VueApollo({
-  defaultClient: apolloClient
+  clients: {
+    publicClient: publicApolloClient
+  },
+  defaultClient: privateApolloClient
 });
 
 Validator.extend('required', required);
@@ -98,6 +104,28 @@ Vue.use(VeeValidate, {
 
 Vue.filter('date', dateFilter);
 
+/* logged in guard */
+
+const publicPages = ['login']
+
+function getCookieValue(a) {
+  var b = document.cookie.match('(^|[^;]+)\\s*' + a + '\\s*=\\s*([^;]+)');
+  return b ? b.pop() : '';
+}
+
+function redirectIfLoginRequird(nameOfPage) {
+  return publicPages.indexOf(nameOfPage) === -1 && getCookieValue('loginStatus') !== 'True';
+}
+
+router.beforeEach((to, from, next) => {
+  if (redirectIfLoginRequird(to.name)) {
+    next('/login');
+  } else {
+    next();
+  }
+  // todo handle public pages for user
+});
+
 /* eslint-disable no-new */
 new Vue({
   el: '#app',
diff --git a/client/src/pages/login.vue b/client/src/pages/login.vue
new file mode 100644
index 00000000..bc33bce7
--- /dev/null
+++ b/client/src/pages/login.vue
@@ -0,0 +1,158 @@
+<template>
+  <div class="login">
+    <h1 class="login__title">Login</h1>
+    <form class="login__form login-form" novalidate @submit.prevent="validateBeforeSubmit">
+      <div class="login-form__field sbform-input">
+        <label for="email" class="sbform-input__label">E-Mail</label>
+        <input
+          id="email"
+          name="email"
+          type="text"
+          v-model="email"
+          v-validate="'required'"
+          :class="{ 'sbform-input__input--error': errors.has('email') }"
+          class="change-form__email skillbox-input sbform-input__input"
+          autocomplete="off"
+          data-cy="email"
+        />
+        <small
+          v-if="errors.has('email') && submitted"
+          class="sbform-input__error"
+          data-cy="email-local-errors"
+        >{{ errors.first('email') }}</small>
+        <small
+          v-for="error in emailErrors"
+          :key="error"
+          class="sbform-input__error"
+          data-cy="email-remote-errors"
+        >{{ error }}</small>
+      </div>
+      <div class="change-form__field sbform-input">
+        <label for="pw" class="sbform-input__label">Passwort</label>
+        <input
+          id="pw"
+          name="password"
+          type="password"
+          v-model="password"
+          v-validate="'required'"
+          :class="{ 'sbform-input__input--error': errors.has('password') }"
+          class="change-form__new skillbox-input sbform-input__input"
+          autocomplete="off"
+          data-cy="password"
+        />
+        <small
+          v-if="errors.has('password') && submitted"
+          class="sbform-input__error"
+          data-cy="password-local-errors"
+        >{{ errors.first('password') }}</small>
+        <small
+          v-for="error in passwordErrors"
+          :key="error"
+          class="sbform-input__error"
+          data-cy="password-remote-errors"
+        >{{ error }}</small>
+      </div>
+      <div class="login-error">
+        <small class="sbform-input__error" v-if="loginError">{{loginError}}</small>
+      </div>
+      <button class="button button--primary change-form__submit" data-cy="change-password-button">Anmelden</button>
+    </form>
+  </div>
+</template>
+
+<script>
+import LOGIN_MUTATION from '@/graphql/gql/mutations/login.gql';
+
+export default {
+  components: {},
+
+  methods: {
+    validateBeforeSubmit() {
+      this.$validator.validate().then(result => {
+        this.submitted = true;
+        let that = this;
+        if (result) {
+          this.$apollo.mutate({
+            client: 'publicClient',
+            mutation: LOGIN_MUTATION,
+            variables: {
+              input: {
+                usernameInput: this.email,
+                passwordInput: this.password
+              }
+            },
+            update(
+              store,
+              {
+                data: {
+                  login: { success }
+                }
+              }
+            ) {
+              try {
+                console.log('success', success)
+                if (success) {
+                } else {
+                  that.loginError = 'Die E-Mail oder das Passwort ist falsch. Bitte versuchen Sie nochmals.';
+                }
+              } catch (e) {
+                that.loginError = 'Es ist ein Fehler aufgetreten. Bitte versuchen Sie nochmals.';
+              }
+            }
+          });
+        }
+      });
+    },
+    resetForm() {
+      this.email = '';
+      this.password = '';
+      this.submitted = false;
+      this.$validator.reset();
+    }
+  },
+
+  data() {
+    return {
+      email: '',
+      password: '',
+      emailErrors: [],
+      passwordErrors: [],
+      loginError: ''
+    };
+  }
+};
+</script>
+
+<style scoped lang="scss">
+@import "@/styles/_variables.scss";
+@import "@/styles/_buttons.scss";
+.sbform-input {
+  margin-bottom: 20px;
+  font-family: $sans-serif-font-family;
+
+  &__label {
+    margin-bottom: 10px;
+    display: inline-block;
+  }
+
+  &__input {
+    width: 100%;
+
+    &--error {
+      border-color: $color-error;
+    }
+  }
+
+  &__error {
+    margin-top: 10px;
+    color: $color-error;
+    display: inline-block;
+  }
+
+  &__hint {
+    margin-top: $small-spacing;
+    font-family: $sans-serif-font-family;
+    color: $color-silver-dark;
+  }
+}
+</style>
diff --git a/client/src/router/index.js b/client/src/router/index.js
index fac2196a..3a9b7533 100644
--- a/client/src/router/index.js
+++ b/client/src/router/index.js
@@ -27,11 +27,23 @@ import newProject from '@/pages/newProject'
 import surveyPage from '@/pages/survey'
 import styleGuidePage from '@/pages/styleguide'
 import moduleRoom from '@/pages/moduleRoom'
+import login from '@/pages/login'
 
 import store from '@/store/index';
 
 const routes = [
-  {path: '/', component: start, meta: {layout: 'blank'}},
+  {
+    path: '/',
+    name: 'home',
+    component: start,
+    meta: {layout: 'blank'}
+  },
+  {
+    path: '/login',
+    name: 'login',
+    component: login,
+    meta: {layout: 'public'}
+  },
   {
     path: '/module/:slug',
     component: moduleBase,
@@ -118,6 +130,7 @@ const router = new Router({
     return {x: 0, y: 0}
   }
 });
+
 router.afterEach((to, from) => {
   store.dispatch('showMobileNavigation', false);
 });
diff --git a/server/core/middleware.py b/server/core/middleware.py
index e6508116..c0b362c5 100644
--- a/server/core/middleware.py
+++ b/server/core/middleware.py
@@ -75,3 +75,23 @@ class CommonRedirectMiddleware(MiddlewareMixin):
                 # or dummy image: return 'http://via.placeholder.com/{}'.format(m.group('dimensions'))
             if '.png' in path or '.jpg' in path or '.svg' in path or 'not-found' in path:
                 return 'https://picsum.photos/400/400'
+
+
+# https://stackoverflow.com/questions/4898408/how-to-set-a-login-cookie-in-django
+class UserLoggedInCookieMiddleWare(MiddlewareMixin):
+    """
+    Middleware to set user cookie
+    If user is authenticated and there is no cookie, set the cookie,
+    If the user is not authenticated and the cookie remains, delete it
+    """
+
+    cookie_name = 'loginStatus'
+
+    def process_response(self, request, response):
+        #if user and no cookie, set cookie
+        if request.user.is_authenticated and not request.COOKIES.get(self.cookie_name):
+            response.set_cookie(self.cookie_name, 'true')
+        elif not request.user.is_authenticated and request.COOKIES.get(self.cookie_name):
+            #else if if no user and cookie remove user cookie, logout
+            response.delete_cookie(self.cookie_name)
+        return response
diff --git a/server/core/settings.py b/server/core/settings.py
index 8437b685..54738b93 100644
--- a/server/core/settings.py
+++ b/server/core/settings.py
@@ -116,6 +116,7 @@ MIDDLEWARE += [
 
     'core.middleware.ThreadLocalMiddleware',
     'core.middleware.CommonRedirectMiddleware',
+    'core.middleware.UserLoggedInCookieMiddleWare',
 ]
 
 ROOT_URLCONF = 'core.urls'
diff --git a/server/core/views.py b/server/core/views.py
index 3a103a86..1cece2c1 100644
--- a/server/core/views.py
+++ b/server/core/views.py
@@ -1,6 +1,5 @@
 import requests
 from django.conf import settings
-from django.contrib.auth.decorators import login_required
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib.auth.views import PasswordResetView, PasswordResetDoneView, PasswordResetConfirmView, \
     PasswordResetCompleteView
@@ -16,7 +15,6 @@ class PrivateGraphQLView(LoginRequiredMixin, GraphQLView):
     pass
 
 
-@login_required
 @ensure_csrf_cookie
 def home(request):
     if settings.DEBUG:
diff --git a/server/users/mutations_public.py b/server/users/mutations_public.py
index d02b6bc8..3ace25c6 100644
--- a/server/users/mutations_public.py
+++ b/server/users/mutations_public.py
@@ -15,7 +15,6 @@ from django.contrib.auth.forms import PasswordResetForm
 from django.contrib.auth.views import PasswordResetView, PasswordResetConfirmView, INTERNAL_RESET_URL_TOKEN
 from graphene import relay
 
-from core import settings
 from users.models import User
 
 

From 9783bd802a872bb421931926984197478e275d87 Mon Sep 17 00:00:00 2001
From: Christian Cueni <christian.cueni@iterativ.ch>
Date: Wed, 2 Oct 2019 16:28:29 +0200
Subject: [PATCH 07/18] Redirect user to visited page after login

---
 client/src/main.js         | 5 +++--
 client/src/pages/login.vue | 4 +++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/client/src/main.js b/client/src/main.js
index 45559d88..cdb59a5d 100644
--- a/client/src/main.js
+++ b/client/src/main.js
@@ -114,12 +114,13 @@ function getCookieValue(a) {
 }
 
 function redirectIfLoginRequird(nameOfPage) {
-  return publicPages.indexOf(nameOfPage) === -1 && getCookieValue('loginStatus') !== 'True';
+  return publicPages.indexOf(nameOfPage) === -1 && getCookieValue('loginStatus') !== 'true';
 }
 
 router.beforeEach((to, from, next) => {
   if (redirectIfLoginRequird(to.name)) {
-    next('/login');
+    const redirectUrl = `/login?redirect=${to.path}`;
+    next(redirectUrl);
   } else {
     next();
   }
diff --git a/client/src/pages/login.vue b/client/src/pages/login.vue
index bc33bce7..ec35d3ac 100644
--- a/client/src/pages/login.vue
+++ b/client/src/pages/login.vue
@@ -90,12 +90,14 @@ export default {
               }
             ) {
               try {
-                console.log('success', success)
                 if (success) {
+                  const redirectUrl = that.$route.query.redirect ? that.$route.query.redirect : '/'
+                  that.$router.push(redirectUrl);
                 } else {
                   that.loginError = 'Die E-Mail oder das Passwort ist falsch. Bitte versuchen Sie nochmals.';
                 }
               } catch (e) {
+                console.warn(e);
                 that.loginError = 'Es ist ein Fehler aufgetreten. Bitte versuchen Sie nochmals.';
               }
             }

From 57224d228a1b1ee2781cbf61b7bd49f429ddf244 Mon Sep 17 00:00:00 2001
From: Christian Cueni <christian.cueni@iterativ.ch>
Date: Wed, 2 Oct 2019 16:46:10 +0200
Subject: [PATCH 08/18] Style default layout, style login

---
 .../components/profile/PasswordChangeForm.vue | 31 ----------------
 client/src/layouts/PublicLayout.vue           |  7 +++-
 client/src/pages/login.vue                    | 35 ++-----------------
 client/src/styles/_password_forms.scss        | 30 ++++++++++++++++
 client/src/styles/main.scss                   |  1 +
 5 files changed, 40 insertions(+), 64 deletions(-)
 create mode 100644 client/src/styles/_password_forms.scss

diff --git a/client/src/components/profile/PasswordChangeForm.vue b/client/src/components/profile/PasswordChangeForm.vue
index 98749d10..f462abee 100644
--- a/client/src/components/profile/PasswordChangeForm.vue
+++ b/client/src/components/profile/PasswordChangeForm.vue
@@ -82,35 +82,4 @@
     }
   }
 
-  .sbform-input {
-
-    margin-bottom: 20px;
-    font-family: $sans-serif-font-family;
-
-    &__label {
-      margin-bottom: 10px;
-      display: inline-block;
-    }
-
-    &__input {
-      width: 100%;
-
-      &--error {
-        border-color: $color-error;
-      }
-    }
-
-    &__error {
-      margin-top: 10px;
-      color: $color-error;
-      display: inline-block;
-    }
-
-    &__hint {
-      margin-top: $small-spacing;
-      font-family: $sans-serif-font-family;
-      color: $color-silver-dark;
-    }
-  }
-
 </style>
diff --git a/client/src/layouts/PublicLayout.vue b/client/src/layouts/PublicLayout.vue
index 82ee90a3..9ce691b3 100644
--- a/client/src/layouts/PublicLayout.vue
+++ b/client/src/layouts/PublicLayout.vue
@@ -1,5 +1,5 @@
 <template>
-  <div class="container skillbox">
+  <div class="skillbox public">
     <logo></logo>
     <router-view class="skillbox__content"></router-view>
     <footer class="skillbox__footer">Footer</footer>
@@ -20,4 +20,9 @@ import Logo from '@/components/icons/Logo';
   @import "@/styles/_mixins.scss";
   @import "@/styles/_default-layout.scss";
 
+  .public {
+    max-width: 800px;
+    min-width: 320px;
+  }
+
 </style>
diff --git a/client/src/pages/login.vue b/client/src/pages/login.vue
index ec35d3ac..c2f96959 100644
--- a/client/src/pages/login.vue
+++ b/client/src/pages/login.vue
@@ -52,7 +52,7 @@
           data-cy="password-remote-errors"
         >{{ error }}</small>
       </div>
-      <div class="login-error">
+      <div class="sbform-input">
         <small class="sbform-input__error" v-if="loginError">{{loginError}}</small>
       </div>
       <button class="button button--primary change-form__submit" data-cy="change-password-button">Anmelden</button>
@@ -119,42 +119,13 @@ export default {
       password: '',
       emailErrors: [],
       passwordErrors: [],
-      loginError: ''
+      loginError: '',
+      submitted: false
     };
   }
 };
 </script>
 
 <style scoped lang="scss">
-@import "@/styles/_variables.scss";
-@import "@/styles/_buttons.scss";
-.sbform-input {
-  margin-bottom: 20px;
-  font-family: $sans-serif-font-family;
 
-  &__label {
-    margin-bottom: 10px;
-    display: inline-block;
-  }
-
-  &__input {
-    width: 100%;
-
-    &--error {
-      border-color: $color-error;
-    }
-  }
-
-  &__error {
-    margin-top: 10px;
-    color: $color-error;
-    display: inline-block;
-  }
-
-  &__hint {
-    margin-top: $small-spacing;
-    font-family: $sans-serif-font-family;
-    color: $color-silver-dark;
-  }
-}
 </style>
diff --git a/client/src/styles/_password_forms.scss b/client/src/styles/_password_forms.scss
new file mode 100644
index 00000000..8925f9b2
--- /dev/null
+++ b/client/src/styles/_password_forms.scss
@@ -0,0 +1,30 @@
+.sbform-input {
+
+  margin-bottom: 20px;
+  font-family: $sans-serif-font-family;
+
+  &__label {
+    margin-bottom: 10px;
+    display: inline-block;
+  }
+
+  &__input {
+    width: 100%;
+
+    &--error {
+      border-color: $color-error;
+    }
+  }
+
+  &__error {
+    margin-top: 10px;
+    color: $color-error;
+    display: inline-block;
+  }
+
+  &__hint {
+    margin-top: $small-spacing;
+    font-family: $sans-serif-font-family;
+    color: $color-silver-dark;
+  }
+}
diff --git a/client/src/styles/main.scss b/client/src/styles/main.scss
index 33a6b9a7..8720731c 100644
--- a/client/src/styles/main.scss
+++ b/client/src/styles/main.scss
@@ -18,3 +18,4 @@
 @import "survey";
 @import "visibility";
 @import "solutions";
+@import "password_forms";

From 13e3192776579332fea693da7b56dbba28db3d92 Mon Sep 17 00:00:00 2001
From: Christian Cueni <christian.cueni@iterativ.ch>
Date: Thu, 3 Oct 2019 16:58:05 +0200
Subject: [PATCH 09/18] Remove graphql password reset, style django pages

---
 server/api/schema.py                          |   3 +-
 server/api/schema_public.py                   |  12 +-
 server/core/static/styles/main.scss           |  61 +++++++-
 server/core/templates/base.html               |  28 ++++
 .../registration/password_reset_complete.html |   9 +-
 .../registration/password_reset_confirm.html  |   9 +-
 .../registration/password_reset_done.html     |   6 +-
 .../registration/password_reset_form.html     |  13 +-
 .../registration/set_password_complete.html   |   9 +-
 .../registration/set_password_confirm.html    |  12 +-
 .../registration/set_password_done.html       |  10 +-
 .../registration/set_password_form.html       |  11 +-
 server/users/mutations_public.py              | 114 +--------------
 server/users/schema.py                        |  53 ++++++-
 server/users/schema_public.py                 |  63 --------
 server/users/tests/test_password_reset.py     | 135 ------------------
 16 files changed, 173 insertions(+), 375 deletions(-)
 delete mode 100644 server/users/schema_public.py
 delete mode 100644 server/users/tests/test_password_reset.py

diff --git a/server/api/schema.py b/server/api/schema.py
index 24953121..f493adc4 100644
--- a/server/api/schema.py
+++ b/server/api/schema.py
@@ -19,8 +19,7 @@ from surveys.schema import SurveysQuery
 from surveys.mutations import SurveysMutations
 from rooms.mutations import RoomMutations
 from rooms.schema import RoomsQuery, ModuleRoomsQuery
-from users.schema_public import UsersQuery
-from users.schema import AllUsersQuery
+from users.schema import AllUsersQuery, UsersQuery
 from users.mutations import ProfileMutations
 
 
diff --git a/server/api/schema_public.py b/server/api/schema_public.py
index 69c972aa..337ec6ee 100644
--- a/server/api/schema_public.py
+++ b/server/api/schema_public.py
@@ -1,24 +1,14 @@
 import graphene
 from django.conf import settings
-from graphene import relay
 from graphene_django.debug import DjangoDebug
 
-
-from users.schema_public import UsersQuery
 from users.mutations_public import UserMutations
 
 
-class Query(UsersQuery, graphene.ObjectType):
-    node = relay.Node.Field()
-
-    if settings.DEBUG:
-        debug = graphene.Field(DjangoDebug, name='__debug')
-
-
 class Mutation(UserMutations, graphene.ObjectType):
 
     if settings.DEBUG:
         debug = graphene.Field(DjangoDebug, name='__debug')
 
 
-schema = graphene.Schema(query=Query, mutation=Mutation)
+schema = graphene.Schema(mutation=Mutation)
diff --git a/server/core/static/styles/main.scss b/server/core/static/styles/main.scss
index 814ae04c..c8dfa4ee 100644
--- a/server/core/static/styles/main.scss
+++ b/server/core/static/styles/main.scss
@@ -1,4 +1,4 @@
-@import "materialize/materialize";
+//@import "materialize/materialize";
 
 $white: #fff;
 
@@ -99,12 +99,59 @@ input[type=text], input[type=password], input[type=email], select {
 }
 
 .logo {
-  color: $brand;
-  font-size: 36px;
-  font-weight: 800;
-  font-family: Montserrat, Arial, sans-serif;
+  width: 250px;
+  height: 48px;
 }
 
-.reset-heading {
-  font-size: 2.4rem;
+/* reset forms */
+
+.reset__heading {
+  font-size: 2.125rem;
+  margin-bottom: 52px;
+  font-weight: 600;
+}
+
+.reset__text {
+  margin-bottom: 52px;
+}
+
+.reset__form label {
+  font-weight: 600;
+}
+
+.reset__form input {
+  display: flex;
+  padding: 16px;
+  box-shadow: inset 0 1px 4px 0 rgba(0, 0, 0, 0.15);
+  border-radius: 4px;
+  box-sizing: border-box;
+  border: 1px solid #f0f0f0;
+  max-width: 100%;
+  background-color: #ffffff;
+}
+
+.reset__form button {
+  background: transparent;
+  border: 2px solid #17A887;
+  padding: 5px 15px;
+  border-radius: 3px;
+  font-family: "Montserrat", Arial, sans-serif;
+  font-weight: 400;
+  display: inline-flex;
+  cursor: pointer;
+  font-size: 100%;
+}
+
+.reset__form label {
+  font-weight: 600;
+}
+
+.reset__form div {
+  margin-bottom: 20px;
+}
+
+.container {
+  max-width: 800px;
+  min-width: 320px;
+  margin: 0 auto;
 }
diff --git a/server/core/templates/base.html b/server/core/templates/base.html
index 86b86b1c..133abb7b 100644
--- a/server/core/templates/base.html
+++ b/server/core/templates/base.html
@@ -28,6 +28,34 @@
 
 <body class="{% block body_class %}{% endblock %}">
 <div class="container">
+      <svg class="logo" xmlns="http://www.w3.org/2000/svg"
+           viewBox="0 0 1350 250">
+        <path
+          d="M304.4,242.15a60,60,0,0,1-19.59-3.1,64.2,64.2,0,0,1-17.6-9.63l-2.94-2.22,21.17-34,3.58,3.21a21.91,21.91,0,0,0,6,4,15.21,15.21,0,0,0,5.81,1.09c4,0,6.51-1.44,8.08-4.68l1.15-2.19L263.73,85.72H313.8L334.27,143l17.38-57.3h48.8L353,208.39c-4.53,11.34-10.91,19.87-19,25.41h0C326,239.34,316,242.15,304.4,242.15Zm-29.33-17a53.63,53.63,0,0,0,12.38,6.3,51.94,51.94,0,0,0,17,2.66c10,0,18.42-2.33,25.12-6.94h0c6.71-4.62,12.1-11.92,16-21.71L388.67,93.79h-31l-22.74,75-26.79-75H275.94L319,195l-2.88,5.47c-2.87,5.92-8.18,9.11-15.29,9.11a23.28,23.28,0,0,1-8.88-1.69,24.83,24.83,0,0,1-4.58-2.53Z"
+          style="fill:#36c0a1"/>
+        <path
+          d="M458.66,113a12.63,12.63,0,0,0-6.43,1.39,4.55,4.55,0,0,0-2.36,4.18q0,3.22,4.4,5.25a93.59,93.59,0,0,0,14,4.61,178.08,178.08,0,0,1,21.33,7.29,40.28,40.28,0,0,1,14.79,11q6.32,7.39,6.33,19,0,17.8-14,28.19t-37.19,10.4A102.76,102.76,0,0,1,430,200.15a84.64,84.64,0,0,1-25.4-12.33l13.29-27.22a97.33,97.33,0,0,0,21.76,10.72A64.21,64.21,0,0,0,460.16,175a14.94,14.94,0,0,0,7.07-1.39,4.33,4.33,0,0,0,2.57-4q0-3.22-4.18-5.25a84.51,84.51,0,0,0-13.83-4.61A157.5,157.5,0,0,1,431,152.67a40,40,0,0,1-14.58-10.93q-6.22-7.29-6.22-18.86,0-18,13.72-28.51t36-10.5q26.79,0,51.23,14.15l-14.36,27.22Q473,113,458.66,113Z"
+          style="fill:#36c0a1"/>
+        <path d="M604.69,202.4l-21.22-40.51-8.79,9.22v31.3h-43.3V43.35h43.3v77.38l32.15-34.94h48.87l-42.66,45,42.87,71.6Z"
+              style="fill:#36c0a1"/>
+        <path
+          d="M712.25,36.49q6.22,6.22,6.22,16.08t-6.22,16.08q-6.22,6.22-16.08,6.22T680,68.64q-6.33-6.21-6.32-16.08T680,36.49q6.32-6.21,16.18-6.22T712.25,36.49Zm-37.51,49.3H718V202.4h-43.3Z"
+          style="fill:#36c0a1"/>
+        <path d="M748.47,43.35h43.3V202.4h-43.3Z" style="fill:#36c0a1"/>
+        <path d="M823.5,43.35h43.3V202.4H823.5Z" style="fill:#36c0a1"/>
+        <path
+          d="M1002.06,91.79A50.33,50.33,0,0,1,1021,113q6.75,13.72,6.75,31.73,0,17.8-6.54,31.19a48.35,48.35,0,0,1-18.54,20.69q-12,7.29-27.87,7.29A44,44,0,0,1,956.19,200a40.21,40.21,0,0,1-14.36-11.15v13.5h-43.3V43.35h43.3V99.29a38.85,38.85,0,0,1,13.93-11.15,41.53,41.53,0,0,1,18-3.86Q989.85,84.29,1002.06,91.79Zm-23.8,70.63q5.79-7.18,5.79-18.76t-5.79-18.76a18.82,18.82,0,0,0-15.43-7.18,18.59,18.59,0,0,0-15.22,7.18q-5.79,7.19-5.79,18.76t5.79,18.76a18.58,18.58,0,0,0,15.22,7.18A18.8,18.8,0,0,0,978.27,162.42Z"
+          style="fill:#36c0a1"/>
+        <path
+          d="M1142.8,91.69a54.24,54.24,0,0,1,22.62,20.9q8,13.5,8,31.51,0,17.8-8,31.4a54,54,0,0,1-22.62,21q-14.58,7.4-34.08,7.4t-34.19-7.4a53.86,53.86,0,0,1-22.73-21q-8-13.61-8-31.4,0-18,8-31.51a54.08,54.08,0,0,1,22.73-20.9q14.68-7.4,34.19-7.4T1142.8,91.69Zm-49.52,34.08q-5.79,7.18-5.79,18.76,0,11.79,5.79,18.86a18.92,18.92,0,0,0,15.43,7.07,18.7,18.7,0,0,0,15.22-7.07q5.79-7.07,5.79-18.86,0-11.58-5.79-18.76a18.6,18.6,0,0,0-15.22-7.18A18.81,18.81,0,0,0,1093.28,125.77Z"
+          style="fill:#36c0a1"/>
+        <path
+          d="M1176.45,85.79h49.73L1242.26,116l18-30.23h47.16L1271,142.6l39,59.81h-49.73l-18-33-20.58,33h-47.59l39-59.59Z"
+          style="fill:#36c0a1"/>
+        <path
+          d="M245,105.8A38.35,38.35,0,0,0,229.9,89.74h0a46.56,46.56,0,0,0-46.21,1.09A41.77,41.77,0,0,0,171.45,103a38.76,38.76,0,0,0-11.67-12,42.9,42.9,0,0,0-24.06-6.82,44.09,44.09,0,0,0-21.4,5.16,41.05,41.05,0,0,0-8.13,5.83v-9.4H58V201.83h48.19V144.37c0-5.32,1.23-9.42,3.77-12.55a11.7,11.7,0,0,1,9.27-4.46,9.48,9.48,0,0,1,7.75,3.35c2.09,2.45,3.11,5.75,3.11,10.09v61h48.19V144.37c0-5.26,1.24-9.49,3.69-12.59a11.44,11.44,0,0,1,9.15-4.43,9.48,9.48,0,0,1,7.75,3.35c2.09,2.45,3.11,5.75,3.11,10.09v61h48.19V129.28A51.17,51.17,0,0,0,245,105.8Zm-2.87,88h-32v-53c0-6.25-1.7-11.41-5-15.33a17.51,17.51,0,0,0-14-6.18h0a19.38,19.38,0,0,0-15.37,7.49c-3.61,4.55-5.44,10.48-5.44,17.6v49.39h-32v-53c0-6.25-1.7-11.41-5-15.33a17.53,17.53,0,0,0-14-6.18h0a19.66,19.66,0,0,0-15.44,7.45c-3.69,4.56-5.57,10.49-5.57,17.63v49.39h-32v-100h32v18.16h5.19l2.25-3.54a34.63,34.63,0,0,1,12.63-12,36.13,36.13,0,0,1,17.53-4.17,35,35,0,0,1,19.62,5.49,31.51,31.51,0,0,1,12.17,15.38l.46,1.18h6.52l.45-1a36.75,36.75,0,0,1,50.91-16.55,30,30,0,0,1,11.93,12.74,43.2,43.2,0,0,1,4.33,19.81Z"
+          style="fill:#36c0a1"/>
+      </svg>
     {% block body %}
     {% endblock %}
 </div>
diff --git a/server/core/templates/registration/password_reset_complete.html b/server/core/templates/registration/password_reset_complete.html
index e7894c0d..d5352950 100644
--- a/server/core/templates/registration/password_reset_complete.html
+++ b/server/core/templates/registration/password_reset_complete.html
@@ -4,10 +4,9 @@
 {% block title %}{% trans 'Passwort zurücksetzen abgeschlossen' %}{% endblock %}
 
 {% block body %}
-  <h1 class="logo">myskillbox</h1>
-    <h2 class="reset-heading">{% trans 'Passwort zurücksetzen abgeschlossen' %}</h2>
-    <p>{% trans 'Ihr Passwort wurde zurückgesetzt. Sie können sich nun auf der Loginseite anmelden.' %}</p>
-    <p><a href="{% url "login" %}">{% trans 'Einloggen' %}</a></p>
-
+<div class="reset">
+    <h2 class="reset__heading">{% trans 'Passwort zurücksetzen abgeschlossen' %}</h2>
+    <p class="reset__text">{% trans 'Ihr Passwort wurde zurückgesetzt. Sie können sich nun auf der Loginseite anmelden.' %}</p>
+    <p class="reset__text"><a href="{% url "login" %}">{% trans 'Einloggen' %}</a></p>
 </div>
 {% endblock %}
diff --git a/server/core/templates/registration/password_reset_confirm.html b/server/core/templates/registration/password_reset_confirm.html
index 65916cdd..9edfe96b 100644
--- a/server/core/templates/registration/password_reset_confirm.html
+++ b/server/core/templates/registration/password_reset_confirm.html
@@ -5,12 +5,13 @@
 {% block title %}{% trans 'Setzen Sie Ihr Passwort' %}{% endblock %}
 
 {% block body %}
-  <h1 class="logo">myskillbox</h1>
-  <h2 class="reset-heading">{% trans 'Setzen Sie Ihr neues Passwort' %}</h2>
-
-        <form method="post" class="mt-1">
+<div class="reset">
+    <h2 class="reset__heading">{% trans 'Setzen Sie Ihr neues Passwort' %}</h2>
+    <p class="reset__text">{% trans 'Kein Problem! Geben Sie Ihre E-Mail-Adresse ein und erhalten Sie weitere Anweisungen.' %}</p>
+        <form method="post" class="mt-1 reset__form">
         {% csrf_token %}
         {{ form.as_p }}
         <button class="btn mt-1" type="submit" name="action">{% trans 'Passwort zurücksetzen' %}</button>
     </form>
+</div>
 {% endblock %}
diff --git a/server/core/templates/registration/password_reset_done.html b/server/core/templates/registration/password_reset_done.html
index a633fd53..ce5a9b00 100644
--- a/server/core/templates/registration/password_reset_done.html
+++ b/server/core/templates/registration/password_reset_done.html
@@ -5,8 +5,8 @@
 {% block title %}{% trans 'Anweisungen versandt' %}{% endblock %}
 
 {% block body %}
-  <h1 class="logo">myskillbox</h1>
-    <h2 class="reset-heading">{% trans 'Schauen Sie in Ihr Postfach' %}</h2>
-    <p>{% trans 'Wir haben die Anweisungen, um Ihr Passwort zurückzusetzen, an Sie verschickt. Die E-Mail sollte in Kürze bei Ihnen ankommen.' %}</p>
+<div class="reset">
+    <h2 class="reset__heading">{% trans 'Schauen Sie in Ihr Postfach' %}</h2>
+    <p class="reset__text">{% trans 'Wir haben die Anweisungen, um Ihr Passwort zurückzusetzen, an Sie verschickt. Die E-Mail sollte in Kürze bei Ihnen ankommen.' %}</p>
 </div>
 {% endblock %}
diff --git a/server/core/templates/registration/password_reset_form.html b/server/core/templates/registration/password_reset_form.html
index 951543ce..3157033a 100644
--- a/server/core/templates/registration/password_reset_form.html
+++ b/server/core/templates/registration/password_reset_form.html
@@ -5,20 +5,17 @@
 {% block title %}{% trans 'Passwort vergessen?' %}{% endblock %}
 
 {% block body %}
-  <h1 class="logo">myskillbox</h1>
-    <h2 class="reset-heading">{% trans 'Passwort vergessen?' %}</h2>
-    <p>{% trans 'Kein Problem! Geben Sie Ihre E-Mail-Adresse ein und erhalten Sie weitere Anweisungen.' %}</p>
-
-        <form method="post" class="mt-1">
+<div class="reset">
+    <h2 class="reset__heading">{% trans 'Passwort vergessen?' %}</h2>
+    <p class="reset__text">{% trans 'Kein Problem! Geben Sie Ihre E-Mail-Adresse ein und erhalten Sie weitere Anweisungen.' %}</p>
+        <form method="post" class="mt-1 reset__form">
         {% csrf_token %}
-
         <div>
             {{ form.email.label_tag }}
             {{ form.email }}
         </div>
-        <button class="btn mt-1" type="submit" name="action">{% trans 'Passwort zurücksetzen' %}</button>
+        <button type="submit" name="action">{% trans 'Passwort zurücksetzen' %}</button>
         <input type="hidden" name="next" value="{{ next }}"/>
     </form>
-
 </div>
 {% endblock %}
diff --git a/server/core/templates/registration/set_password_complete.html b/server/core/templates/registration/set_password_complete.html
index 6c0f8c7b..52eb4d7c 100644
--- a/server/core/templates/registration/set_password_complete.html
+++ b/server/core/templates/registration/set_password_complete.html
@@ -4,10 +4,9 @@
 {% block title %}{% trans 'Sie haben es geschafft' %}{% endblock %}
 
 {% block body %}
-  <h1 class="logo">myskillbox</h1>
-    <h2 class="reset-heading">{% trans 'Sie haben es geschafft' %}</h2>
-    <p>{% trans 'Ihr Passwort wurde erfolgreich gespeichert. Sie können sich nun anmelden.' %}</p>
-    <p><a href="{% url "login" %}">{% trans 'Jetzt anmelden' %}</a></p>
-
+<div class="reset">
+    <h2 class="reset__heading">{% trans 'Sie haben es geschafft' %}</h2>
+    <p class="reset__text">% trans 'Ihr Passwort wurde erfolgreich gespeichert. Sie können sich nun anmelden.' %}</p>
+    <p class="reset__text"><a href="{% url "login" %}">{% trans 'Jetzt anmelden' %}</a></p>
 </div>
 {% endblock %}
diff --git a/server/core/templates/registration/set_password_confirm.html b/server/core/templates/registration/set_password_confirm.html
index a983722a..e5181163 100644
--- a/server/core/templates/registration/set_password_confirm.html
+++ b/server/core/templates/registration/set_password_confirm.html
@@ -5,13 +5,13 @@
 {% block title %}{% trans 'Setzen Sie Ihr Passwort' %}{% endblock %}
 
 {% block body %}
-  <h1 class="logo">myskillbox</h1>
-  <h2 class="reset-heading">{% trans 'Geben Sie ein persönliches Passwort ein:' %}</h2>
-
-        <form method="post" class="mt-1">
+<div class="reset">
+    <h2 class="reset__heading">{% trans 'Geben Sie ein persönliches Passwort ein:' %}</h2>
+    <p class="reset__text">{% trans 'Kein Problem! Geben Sie Ihre E-Mail-Adresse ein und erhalten Sie weitere Anweisungen.' %}</p>
+        <form method="post" class="mt-1 reset__form">
         {% csrf_token %}
         {{ form.as_p }}
-
-        <button class="btn mt-1" type="submit" name="action">{% trans 'Passwort speichern' %}</button>
+        <button type="submit" name="action">{% trans 'Passwort speichern' %}</button>
     </form>
+</div>
 {% endblock %}
diff --git a/server/core/templates/registration/set_password_done.html b/server/core/templates/registration/set_password_done.html
index 9b0c201f..76fcdf2a 100644
--- a/server/core/templates/registration/set_password_done.html
+++ b/server/core/templates/registration/set_password_done.html
@@ -5,9 +5,9 @@
 {% block title %}{% trans 'Schauen Sie in Ihr Postfach' %}{% endblock %}
 
 {% block body %}
-    <h1 class="logo">myskillbox</h1>
-    <h2 class="reset-heading">{% trans 'Schauen Sie in Ihr Postfach' %}</h2>
-    <p>{% trans 'Wir haben ein E-Mail mit allen weiteren Anweisungen an Sie verschickt. Die E-Mail sollte in Kürze bei Ihnen ankommen.' %}</p>
-    <p>{% trans 'Hinweis: Ihre persönlichen Angaben für Ihr Benutzerkonto wurden zuvor in mySkillbox importiert. Sie können ausschliesslich die importierte E-Mail-Adresse verwenden. Wenn Sie nicht wissen, welche E-Mail-Adresse für Sie importiert wurde, können Sie Ihre Lehrperson fragen.' %}</p>
-    </div>
+<div class="reset">
+    <h2 class="reset__heading">{% trans 'Schauen Sie in Ihr Postfach' %}</h2>
+    <p class="reset__text">{% trans 'Wir haben ein E-Mail mit allen weiteren Anweisungen an Sie verschickt. Die E-Mail sollte in Kürze bei Ihnen ankommen.' %}</p>
+    <p class="reset__text">{% trans 'Hinweis: Ihre persönlichen Angaben für Ihr Benutzerkonto wurden zuvor in mySkillbox importiert. Sie können ausschliesslich die importierte E-Mail-Adresse verwenden. Wenn Sie nicht wissen, welche E-Mail-Adresse für Sie importiert wurde, können Sie Ihre Lehrperson fragen.' %}</p>
+</div>
 {% endblock %}
diff --git a/server/core/templates/registration/set_password_form.html b/server/core/templates/registration/set_password_form.html
index f07086ed..4fba77cb 100644
--- a/server/core/templates/registration/set_password_form.html
+++ b/server/core/templates/registration/set_password_form.html
@@ -5,13 +5,11 @@
 {% block title %}{% trans 'Willkommen bei mySkillbox' %}{% endblock %}
 
 {% block body %}
-  <h1 class="logo">myskillbox</h1>
-    <h2 class="reset-heading">{% trans 'Willkommen bei Myskillbox' %}</h2>
-    <p>{% trans 'Bevor Sie mySkillbox verwenden können, müssen Sie Ihre E-Mail-Adresse bestätigen und ein persönliches Passwort festlegen.' %}</p>
-
-        <form method="post" class="mt-1">
+<div class="reset">
+    <h2 class="reset__heading">{% trans 'Willkommen bei Myskillbox' %}</h2>
+    <p class="reset__text">{% trans 'Bevor Sie mySkillbox verwenden können, müssen Sie Ihre E-Mail-Adresse bestätigen und ein persönliches Passwort festlegen.' %}</p>
+        <form method="post" class="mt-1 reset__form">
         {% csrf_token %}
-
         <div>
             <label for="id_email">{% trans 'Geben Sie als erstes hier Ihre E-Mail-Adresse ein:' %}</label>
             {{ form.email }}
@@ -19,6 +17,5 @@
         <button class="btn mt-1" type="submit" name="action">{% trans 'E-Mail bestätigen' %}</button>
         <input type="hidden" name="next" value="{{ next }}"/>
     </form>
-
 </div>
 {% endblock %}
diff --git a/server/users/mutations_public.py b/server/users/mutations_public.py
index 3ace25c6..6236a733 100644
--- a/server/users/mutations_public.py
+++ b/server/users/mutations_public.py
@@ -10,13 +10,9 @@
 import re
 
 import graphene
-from django.contrib.auth import authenticate, login, logout
-from django.contrib.auth.forms import PasswordResetForm
-from django.contrib.auth.views import PasswordResetView, PasswordResetConfirmView, INTERNAL_RESET_URL_TOKEN
+from django.contrib.auth import authenticate, login
 from graphene import relay
 
-from users.models import User
-
 
 class FieldError(graphene.ObjectType):
     code = graphene.String()
@@ -46,114 +42,8 @@ class Login(relay.ClientIDMutation):
             return cls(success=False, errors=['invalid_credentials'])
 
 
-class PasswordReset(relay.ClientIDMutation):
-    class Input:
-        email_input = graphene.String()
-
-    success = graphene.Boolean()
-    errors = graphene.List(MutationError)
-
-    @classmethod
-    def mutate_and_get_payload(cls, root, info, **kwargs):
-        email = kwargs.get('email_input')
-        try:
-            user = User.objects.get(email=email)  # todo: make lowercase
-        except User.DoesNotExist:
-            return cls(success=False, errors=['invalid_email'])
-
-        password_reset_view = PasswordResetView()
-        password_reset_view.request = info.context
-        form = password_reset_view.form_class({'email': user.email})
-
-        if not form.is_valid():
-            return cls(success=False, errors=form.errors)
-
-        try:
-            password_reset_view.form_valid(form)
-        except Exception:
-            return cls(success=False, errors=['email_error'])
-
-        return cls(success=True, errors=[])
-
-
-class PasswordConfirm:
-    @classmethod
-    def verify_token_and_uidb64(cls, token, uidb64, request):
-        password_reset_confirm_view = PasswordResetConfirmView(request=request)
-        return password_reset_confirm_view.dispatch(uidb64=uidb64, token=token, request=request)
-
-
-class PasswordResetVerify(relay.ClientIDMutation, PasswordConfirm):
-    class Input:
-        token_input = graphene.String()
-        uidb64_input = graphene.String()
-
-    success = graphene.Boolean()
-    errors = graphene.List(MutationError)
-
-    @classmethod
-    def mutate_and_get_payload(cls, root, info, **kwargs):
-        uidb64 = kwargs.get('uidb64_input')
-        token = kwargs.get('token_input')
-
-        http_response = cls.verify_token_and_uidb64(token, uidb64, info.context)
-
-        # PasswordResetConfirmView returns a webpage if either token or uidb64 are invalid (HTTP 200)
-        # if token and uidb64 are correct a redirect is returned (HTTP302)
-
-        if http_response.status_code == 302:
-            return cls(success=True, errors=[])
-        else:
-            return cls(success=False, errors=['invalid_challenge'])
-
-
-class PasswordResetSetPassword(relay.ClientIDMutation, PasswordConfirm):
-    class Input:
-        new_password_input = graphene.String()
-        confirm_new_password_input = graphene.String()
-        uidb64_input = graphene.String()
-
-    success = graphene.Boolean()
-    errors = graphene.List(MutationError)
-
-    @classmethod
-    def mutate_and_get_payload(cls, root, info, **kwargs):
-        uidb64 = kwargs.get('uidb64_input')
-        new_password = kwargs.get('new_password_input')
-        confirm_new_password_input = kwargs.get('confirm_new_password_input')
-
-        # fake ordinary POST for view
-        info.context.POST = {
-            'new_password1': new_password,
-            'new_password2': confirm_new_password_input
-         }
-
-        if not cls.verify_strong_password(new_password):
-            return cls(success=False, errors=['invalid_passwords'])
-
-        http_response = cls.verify_token_and_uidb64(INTERNAL_RESET_URL_TOKEN, uidb64, info.context)
-
-        if http_response.status_code == 302:
-            return cls(success=True, errors=[])
-        else:
-            return cls(success=False, errors=['invalid_passwords'])  # todo: check error from form
-
-    @classmethod
-    def verify_strong_password(cls, password):
-        if len(password) == 0:
-            return password
-
-        has_number = re.search('\d', password)
-        has_upper = re.search('[A-Z]', password)
-        has_lower = re.search('[a-z]', password)
-        has_special = re.search('[!@#$%^&*(),.?":{}|<>\+]', password)
-
-        return has_number and has_upper and has_lower and has_special
-
 class UserMutations:
     login = Login.Field()
-    password_reset = PasswordReset.Field()
-    password_reset_verify = PasswordResetVerify.Field()
-    password_reset_set_password = PasswordResetSetPassword.Field()
+
 
 
diff --git a/server/users/schema.py b/server/users/schema.py
index 7b84653f..2511b7c3 100644
--- a/server/users/schema.py
+++ b/server/users/schema.py
@@ -1,8 +1,57 @@
 import graphene
+from graphene import relay
+from graphene_django import DjangoObjectType
 from graphene_django.filter import DjangoFilterConnectionField
 
-from users.models import User
-from users.schema_public import UserNode
+from users.models import User, SchoolClass
+
+
+class SchoolClassNode(DjangoObjectType):
+    pk = graphene.Int()
+
+    class Meta:
+        model = SchoolClass
+        filter_fields = ['name']
+        interfaces = (relay.Node,)
+
+    def resolve_pk(self, *args, **kwargs):
+        return self.id
+
+
+class UserNode(DjangoObjectType):
+    pk = graphene.Int()
+    permissions = graphene.List(graphene.String)
+    selected_class = graphene.Field(SchoolClassNode)
+
+    class Meta:
+        model = User
+        filter_fields = ['username', 'email']
+        only_fields = ['username', 'email', 'first_name', 'last_name', 'school_classes', 'last_module', 'avatar_url',
+                       'selected_class']
+        interfaces = (relay.Node,)
+
+    def resolve_pk(self, info, **kwargs):
+        return self.id
+
+    def resolve_permissions(self, info):
+        return self.get_all_permissions()
+
+    def resolve_selected_class(self, info):
+        return self.selected_class()
+
+
+class UsersQuery(object):
+    me = graphene.Field(UserNode)
+    all_users = DjangoFilterConnectionField(UserNode)
+
+    def resolve_me(self, info, **kwargs):
+        return info.context.user
+
+    def resolve_all_users(self, info, **kwargs):
+        if not info.context.user.is_superuser:
+            return User.objects.none()
+        else:
+            return User.objects.all()
 
 
 class AllUsersQuery(object):
diff --git a/server/users/schema_public.py b/server/users/schema_public.py
deleted file mode 100644
index dfa23853..00000000
--- a/server/users/schema_public.py
+++ /dev/null
@@ -1,63 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-# ITerativ GmbH
-# http://www.iterativ.ch/
-#
-# Copyright (c) 2019 ITerativ GmbH. All rights reserved.
-#
-# Created on 2019-10-01
-# @author: chrigu <christian.cueni@iterativ.ch>
-import graphene
-from graphene import relay
-from graphene_django import DjangoObjectType
-from graphene_django.filter import DjangoFilterConnectionField
-
-from users.models import User, SchoolClass
-
-
-class SchoolClassNode(DjangoObjectType):
-    pk = graphene.Int()
-
-    class Meta:
-        model = SchoolClass
-        filter_fields = ['name']
-        interfaces = (relay.Node,)
-
-    def resolve_pk(self, *args, **kwargs):
-        return self.id
-
-
-class UserNode(DjangoObjectType):
-    pk = graphene.Int()
-    permissions = graphene.List(graphene.String)
-    selected_class = graphene.Field(SchoolClassNode)
-
-    class Meta:
-        model = User
-        filter_fields = ['username', 'email']
-        only_fields = ['username', 'email', 'first_name', 'last_name', 'school_classes', 'last_module', 'avatar_url',
-                       'selected_class']
-        interfaces = (relay.Node,)
-
-    def resolve_pk(self, info, **kwargs):
-        return self.id
-
-    def resolve_permissions(self, info):
-        return self.get_all_permissions()
-
-    def resolve_selected_class(self, info):
-        return self.selected_class()
-
-
-class UsersQuery(object):
-    me = graphene.Field(UserNode)
-    all_users = DjangoFilterConnectionField(UserNode)
-
-    def resolve_me(self, info, **kwargs):
-        return info.context.user
-
-    def resolve_all_users(self, info, **kwargs):
-        if not info.context.user.is_superuser:
-            return User.objects.none()
-        else:
-            return User.objects.all()
diff --git a/server/users/tests/test_password_reset.py b/server/users/tests/test_password_reset.py
deleted file mode 100644
index 4bd9f1ee..00000000
--- a/server/users/tests/test_password_reset.py
+++ /dev/null
@@ -1,135 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-# ITerativ GmbH
-# http://www.iterativ.ch/
-#
-# Copyright (c) 2019 ITerativ GmbH. All rights reserved.
-#
-# Created on 2019-10-02
-# @author: chrigu <christian.cueni@iterativ.ch>
-from django.contrib.auth.tokens import PasswordResetTokenGenerator
-from django.contrib.sessions.middleware import SessionMiddleware
-from django.core import mail
-from django.test import TestCase, RequestFactory
-from django.utils.encoding import force_bytes
-from django.utils.http import urlsafe_base64_encode
-from graphene.test import Client
-
-from api.schema_public import schema
-from core.factories import UserFactory
-
-
-class PasswordResetTests(TestCase):
-    def setUp(self):
-        self.user = UserFactory(username='aschi')
-
-        request = RequestFactory().post('/')
-
-        # adding session
-        middleware = SessionMiddleware()
-        middleware.process_request(request)
-        request.session.save()
-        self.client = Client(schema=schema, context_value=request)
-
-    def make_reset_mutation(self, email):
-        mutation = '''
-            mutation PasswordReset($input: PasswordResetInput!){
-              passwordReset(input: $input) {
-                success
-                errors {
-                  field
-                }
-              }
-            }
-        '''
-
-        return self.client.execute(mutation, variables={
-            'input': {
-                'emailInput': email
-            }
-        })
-
-    def make_set_verify_mutation(self, uidb64, token):
-        mutation = '''
-            mutation PasswordResetVerify($input: PasswordResetVerifyInput!){
-              passwordResetVerify(input: $input) {
-                success
-                errors {
-                  field
-                }
-              }
-            }
-        '''
-
-        return self.client.execute(mutation, variables={
-            'input': {
-                'uidb64Input': uidb64,
-                'tokenInput': token
-            }
-        })
-
-    def make_set_password_mutation(self, uidb64, new_password, new_password_confirm):
-        mutation = '''
-            mutation PasswordResetSetPassword($input: PasswordResetSetPasswordInput!){
-              passwordResetSetPassword(input: $input) {
-                success
-                errors {
-                  field
-                }
-              }
-            }
-        '''
-
-        return self.client.execute(mutation, variables={
-            'input': {
-                'uidb64Input': uidb64,
-                'newPasswordInput': new_password,
-                'confirmNewPasswordInput': new_password_confirm,
-            }
-        })
-
-    def test_user_can_initiate_password(self):
-        result = self.make_reset_mutation(self.user.email)
-        self.assertEqual(len(mail.outbox), 1)
-        self.assertTrue(mail.outbox[0].subject.startswith('Passwort auf'))
-        self.assertTrue(result.get('data').get('passwordReset').get('success'))
-
-    def test_user_can_verify_and_set_password(self):
-        token_generator = PasswordResetTokenGenerator()
-        token = token_generator.make_token(self.user)
-        uidb64 = urlsafe_base64_encode(force_bytes(self.user.pk)).decode()
-
-        result = self.make_set_verify_mutation(uidb64, token)
-        self.assertTrue(result.get('data').get('passwordResetVerify').get('success'))
-
-        new_password = 'Abcd1234!'
-
-        set_result = self.make_set_password_mutation(uidb64, new_password, new_password)
-        self.assertTrue(set_result.get('data').get('passwordResetSetPassword').get('success'))
-
-    def test_user_cannot_use_unsafe_password(self):
-        token_generator = PasswordResetTokenGenerator()
-        token = token_generator.make_token(self.user)
-        uidb64 = urlsafe_base64_encode(force_bytes(self.user.pk)).decode()
-
-        result = self.make_set_verify_mutation(uidb64, token)
-        self.assertTrue(result.get('data').get('passwordResetVerify').get('success'))
-
-        new_password = 'test'
-
-        set_result = self.make_set_password_mutation(uidb64, new_password, new_password)
-        self.assertFalse(set_result.get('data').get('passwordResetSetPassword').get('success'),)
-
-    def test_new_passwords_must_match(self):
-        token_generator = PasswordResetTokenGenerator()
-        token = token_generator.make_token(self.user)
-        uidb64 = urlsafe_base64_encode(force_bytes(self.user.pk)).decode()
-
-        result = self.make_set_verify_mutation(uidb64, token)
-        self.assertTrue(result.get('data').get('passwordResetVerify').get('success'))
-
-        new_password = 'Abcd1234!'
-        new_password_confirm = 'Abcd1234!1'
-
-        set_result = self.make_set_password_mutation(uidb64, new_password, new_password_confirm)
-        self.assertFalse(set_result.get('data').get('passwordResetSetPassword').get('success'))

From a1954e00c5ad081f26782ae1ecce22ac0635758f Mon Sep 17 00:00:00 2001
From: Christian Cueni <christian.cueni@iterativ.ch>
Date: Mon, 7 Oct 2019 15:38:35 +0200
Subject: [PATCH 10/18] Update integration tests

---
 .../integration/change-password-spec.js       | 35 +++-------------
 .../integration/current-module.spec.js        |  2 +-
 .../integration/home-page-logged-in.spec.js   |  2 +-
 client/cypress/integration/login-csrf.spec.js | 13 ------
 client/cypress/integration/login-page-spec.js | 42 ++++++++++++++++---
 .../cypress/integration/new-project.spec.js   |  2 +-
 .../cypress/integration/project-entry.spec.js |  2 +-
 client/cypress/integration/room-page.spec.js  |  2 +-
 client/cypress/integration/rooms-page.spec.js |  5 ++-
 client/cypress/integration/solutions.spec.js  |  4 +-
 client/cypress/support/commands.js            | 25 +++++------
 client/src/pages/login.vue                    |  8 ++--
 12 files changed, 68 insertions(+), 74 deletions(-)
 delete mode 100644 client/cypress/integration/login-csrf.spec.js

diff --git a/client/cypress/integration/change-password-spec.js b/client/cypress/integration/change-password-spec.js
index 7da2cdb2..0256583b 100644
--- a/client/cypress/integration/change-password-spec.js
+++ b/client/cypress/integration/change-password-spec.js
@@ -6,13 +6,17 @@ describe('Change Password Page', () => {
   const validationErrorMsg = 'Das Passwort muss Grossbuchstaben, Zahlen und Sonderzeichen beinhalten';
   const validationOldWrongMsg = 'Die Eingabe ist falsch';
 
+  beforeEach(function () {
+    cy.logout();
+    cy.visit('/me/profile');
+    cy.login('rahel.cueni', 'test');
+  });
+
   after(function () {
     cy.exec("python ../server/manage.py reset_testuser_password rahel.cueni");
   });
 
   it('shows an empty form', () => {
-    cy.login('rahel.cueni', 'test');
-    cy.visit('/me/profile');
 
     cy.get('[data-cy=password-change-success]').should('not.exist');
     cy.get('[data-cy=old-password]').should('have.value', '');
@@ -20,73 +24,46 @@ describe('Change Password Page', () => {
   });
 
   it('shows errors if old password is not entered', () => {
-    cy.login('rahel.cueni', 'test');
-    cy.visit('/me/profile');
-
     cy.changePassword('', validNewPassword);
     cy.get('[data-cy=old-password-local-errors]').should('contain', 'Dein aktuelles Passwort fehlt')
   });
 
   it('shows errors if new password is not entered', () => {
-    cy.login('rahel.cueni', 'test');
-    cy.visit('/me/profile');
-
     cy.changePassword(validOldPassword, '');
     cy.get('[data-cy=new-password-local-errors]').should('contain', 'Dein neues Passwort fehlt')
   });
 
   it('shows errors if new password is too short', () => {
-    cy.login('rahel.cueni', 'test');
-    cy.visit('/me/profile');
-
     cy.changePassword(validOldPassword, 'Abc1!');
     cy.get('[data-cy=new-password-local-errors]').should('contain', validationTooShort)
   });
 
   it('shows errors if new password has no uppercase letter', () => {
-    cy.login('rahel.cueni', 'test');
-    cy.visit('/me/profile');
-
     cy.changePassword(validOldPassword, 'aabdddedddbc1!');
     cy.get('[data-cy=new-password-local-errors]').should('contain', validationErrorMsg)
   });
 
   it('shows errors if new password has no lowercase letter', () => {
-    cy.login('rahel.cueni', 'test');
-    cy.visit('/me/profile');
-
     cy.changePassword(validOldPassword, 'ABCDDD334551!');
     cy.get('[data-cy=new-password-local-errors]').should('contain', validationErrorMsg)
   });
 
   it('shows errors if new password has no digit', () => {
-    cy.login('rahel.cueni', 'test');
-    cy.visit('/me/profile');
-
     cy.changePassword(validOldPassword, 'AbcdEEDE!');
     cy.get('[data-cy=new-password-local-errors]').should('contain', validationErrorMsg)
   });
 
   it('shows errors if new password has no special character', () => {
-    cy.login('rahel.cueni', 'test');
-    cy.visit('/me/profile');
-
     cy.changePassword(validOldPassword, 'AbcdEEDE09877');
     cy.get('[data-cy=new-password-local-errors]').should('contain', validationErrorMsg)
   });
 
   it('shows errors if old password does not match', () => {
-    cy.login('rahel.cueni', 'test');
-    cy.visit('/me/profile');
-
     cy.changePassword('test12345', validNewPassword);
     cy.get('[data-cy=old-password-remote-errors]').should('contain', validationOldWrongMsg)
   });
 
   it('shows success if change was successful', () => {
-    cy.login('rahel.cueni', 'test');
-    cy.visit('/me/profile');
-
     cy.changePassword(validOldPassword, validNewPassword);
     cy.get('[data-cy=password-change-success]').should('contain', 'Dein Password wurde erfolgreich geändert.');
     cy.get('[data-cy=old-password]').should('have.value', '');
diff --git a/client/cypress/integration/current-module.spec.js b/client/cypress/integration/current-module.spec.js
index 73c77c5b..8a71570e 100644
--- a/client/cypress/integration/current-module.spec.js
+++ b/client/cypress/integration/current-module.spec.js
@@ -4,8 +4,8 @@ describe('Current Module', () => {
     cy.startGraphQLCapture();
     cy.viewport('macbook-15');
 
-    cy.login('nico.zickgraf', 'test');
     cy.visit('/module/lohn-und-budget');
+    cy.login('nico.zickgraf', 'test');
 
     cy.get('[data-cy=module-title]').should('contain', 'Lohn und Budget')
 
diff --git a/client/cypress/integration/home-page-logged-in.spec.js b/client/cypress/integration/home-page-logged-in.spec.js
index ea7c5aaa..0a9ab58c 100644
--- a/client/cypress/integration/home-page-logged-in.spec.js
+++ b/client/cypress/integration/home-page-logged-in.spec.js
@@ -1,7 +1,7 @@
 describe('The Logged In Home Page', () => {
   it('successfully loads', () => {
-    cy.login('test', 'test');
     cy.visit('/');
+    cy.login('test', 'test');
 
     cy.get('.block-title__title').should('contain', 'Inhalte')
   })
diff --git a/client/cypress/integration/login-csrf.spec.js b/client/cypress/integration/login-csrf.spec.js
deleted file mode 100644
index 4250711e..00000000
--- a/client/cypress/integration/login-csrf.spec.js
+++ /dev/null
@@ -1,13 +0,0 @@
-describe('The Login CSRF Token', () => {
-
-  it('403 status without token', () => {
-    cy.loginByCsrf('some-token')
-      .its('status')
-      .should('eq', 403)
-  });
-
-  it('gets token from response body', () => {
-    cy.login('test', 'test')
-  })
-
-});
diff --git a/client/cypress/integration/login-page-spec.js b/client/cypress/integration/login-page-spec.js
index ee32a857..7435078d 100644
--- a/client/cypress/integration/login-page-spec.js
+++ b/client/cypress/integration/login-page-spec.js
@@ -1,15 +1,47 @@
 describe('The Login Page', () => {
-  it('sets auth cookie when logging in via form submission', () => {
+  it('login and redirect to main page', () => {
     const username = 'test';
     const password = 'test';
 
     cy.visit('/');
+    cy.login(username, password, true);
+    cy.get('body').contains('Neues Wissen erwerben');
+  });
 
-    cy.get('#id_username').type(username);
-    cy.get('#id_password').type(`${password}{enter}`);
+  it('user sees error message if username is omitted', () => {
+    const username = '';
+    const password = 'test';
 
-    cy.getCookie('sessionid').should('exist');
-    cy.get('.start-page__header').should('exist')
+    cy.visit('/');
+    cy.login(username, password);
+    cy.get('[data-cy=email-local-errors]').contains('ist ein Pflichtfeld');
+  });
+
+  it('user sees error message if password is omitted', () => {
+    const username = 'test';
+    const password = '';
+
+    cy.visit('/');
+    cy.login(username, password);
+    cy.get('[data-cy=password-local-errors]').contains('ist ein Pflichtfeld');
+  });
+
+  it('user sees error message if credentials are invalid', () => {
+    const username = 'test';
+    const password = '12345';
+
+    cy.visit('/');
+    cy.login(username, password);
+    cy.get('[data-cy=login-error]').contains('Die E-Mail oder das Passwort ist falsch. Bitte versuchen Sie nochmals.');
+  });
+
+  it('redirect after login', () => {
+    const username = 'test';
+    const password = 'test';
+
+    cy.visit('/book/topic/berufliche-grundbildung');
+    cy.login(username, password);
+    cy.get('body').contains('Berufliche Grundbildung');
   });
   // it('logs in programmatically without using the UI', () => {
   //   cy.visit('/accounts/login/'); // have to get a csrf token by getting the base page first
diff --git a/client/cypress/integration/new-project.spec.js b/client/cypress/integration/new-project.spec.js
index 986038b8..778e1d3e 100644
--- a/client/cypress/integration/new-project.spec.js
+++ b/client/cypress/integration/new-project.spec.js
@@ -1,9 +1,9 @@
 describe('New project', () => {
   it('creates a new project and displays it', () => {
     cy.viewport('macbook-15');
+    cy.visit('/portfolio');
     cy.login('rahel.cueni', 'test');
 
-    cy.visit('/portfolio');
     cy.get('[data-cy=add-project-button]').click();
     cy.get('[data-cy=page-form-input-titel]').type('Some random title');
     cy.get('[data-cy=page-form-input-beschreibung]').type('This description rocks');
diff --git a/client/cypress/integration/project-entry.spec.js b/client/cypress/integration/project-entry.spec.js
index ce687c8f..6e7a593a 100644
--- a/client/cypress/integration/project-entry.spec.js
+++ b/client/cypress/integration/project-entry.spec.js
@@ -4,7 +4,7 @@ describe('Project Entry', () => {
 
     cy.viewport('macbook-15');
     cy.startGraphQLCapture();
-    cy.login('rahel.cueni', 'test');
+    cy.login('rahel.cueni', 'test', true);
   });
 
   it('should create a new project entry', () => {
diff --git a/client/cypress/integration/room-page.spec.js b/client/cypress/integration/room-page.spec.js
index 038a41d1..dfa1d70d 100644
--- a/client/cypress/integration/room-page.spec.js
+++ b/client/cypress/integration/room-page.spec.js
@@ -1,9 +1,9 @@
 describe('The Room Page', () => {
   it('displays new room entry with author name', () => {
     cy.viewport('macbook-15');
+    cy.visit('/room/ein-historisches-festival');
     cy.login('rahel.cueni', 'test');
 
-    cy.visit('/room/ein-historisches-festival');
     cy.get('[data-cy=add-room-entry-button]').click();
     cy.get('.add-content-element:first-of-type').click();
     cy.get('[data-cy=choose-text-widget]').click();
diff --git a/client/cypress/integration/rooms-page.spec.js b/client/cypress/integration/rooms-page.spec.js
index 5f128480..755bc9d0 100644
--- a/client/cypress/integration/rooms-page.spec.js
+++ b/client/cypress/integration/rooms-page.spec.js
@@ -1,15 +1,16 @@
 describe('The Rooms Page', () => {
   it('goes to the rooms page', () => {
+    cy.visit('/rooms');
     cy.login('nico.zickgraf', 'test');
 
-    cy.visit('/rooms');
 
     cy.get('[data-cy=add-room]').should('exist');
   });
+
   it('add room should not exist for student', () => {
+    cy.visit('/rooms');
     cy.login('rahel.cueni', 'test');
 
-    cy.visit('/rooms');
 
     cy.get('[data-cy=add-room]').should('not.exist');
   });
diff --git a/client/cypress/integration/solutions.spec.js b/client/cypress/integration/solutions.spec.js
index bf6d9c97..f1dac617 100644
--- a/client/cypress/integration/solutions.spec.js
+++ b/client/cypress/integration/solutions.spec.js
@@ -21,8 +21,8 @@ describe('Solutions', () => {
     // cy.logout();
     cy.viewport('macbook-15');
 
-    cy.login('rahel.cueni', 'test');
     cy.visit('/module/lohn-und-budget');
+    cy.login('rahel.cueni', 'test');
     cy.get('[data-cy=toggle-enable-solutions]')
       .should('not.exist');
     cy.get('[data-cy=solution]').should('not.exist');
@@ -40,8 +40,8 @@ describe('Solutions', () => {
 
     cy.logout();
 
-    cy.login('rahel.cueni', 'test');
     cy.visit('/module/lohn-und-budget');
+    cy.login('rahel.cueni', 'test');
     // cy.get('[data-cy=solution]').should('exist');
     cy.get('[data-cy=solution]').first()
       .should('contain', 'anzeigen')
diff --git a/client/cypress/support/commands.js b/client/cypress/support/commands.js
index 820873dd..9ffdeae4 100644
--- a/client/cypress/support/commands.js
+++ b/client/cypress/support/commands.js
@@ -24,22 +24,19 @@
 // -- This is will overwrite an existing command --
 // Cypress.Commands.overwrite("visit", (originalFn, url, options) => { ... })
 
-Cypress.Commands.add("login", (username, password) => {
-  cy.request('/')
-    .its('body')
-    .then(body => {
-      console.log(body);
-      const $html = Cypress.$(body);
+Cypress.Commands.add("login", (username, password, visitLogin=false) => {
+  if (visitLogin) {
+    cy.visit('/login');
+  }
 
-      const csrf = $html.find('input[name=csrfmiddlewaretoken]').val();
-      console.log(csrf);
-      cy.loginByCsrf(username, password, csrf)
-        .then(resp => {
-          expect(resp.status).to.eq(200);
-          expect(resp.body).to.include('skillbox');
-        });
-    })
+  if (username != '') {
+    cy.get('[data-cy=email-input]').type(username);
+  }
 
+  if (password != '') {
+    cy.get('[data-cy=password-input]').type(password);
+  }
+  cy.get('[data-cy=login-button]').click();
 });
 
 Cypress.Commands.add("logout", () => {
diff --git a/client/src/pages/login.vue b/client/src/pages/login.vue
index c2f96959..4284b073 100644
--- a/client/src/pages/login.vue
+++ b/client/src/pages/login.vue
@@ -13,7 +13,7 @@
           :class="{ 'sbform-input__input--error': errors.has('email') }"
           class="change-form__email skillbox-input sbform-input__input"
           autocomplete="off"
-          data-cy="email"
+          data-cy="email-input"
         />
         <small
           v-if="errors.has('email') && submitted"
@@ -38,7 +38,7 @@
           :class="{ 'sbform-input__input--error': errors.has('password') }"
           class="change-form__new skillbox-input sbform-input__input"
           autocomplete="off"
-          data-cy="password"
+          data-cy="password-input"
         />
         <small
           v-if="errors.has('password') && submitted"
@@ -53,9 +53,9 @@
         >{{ error }}</small>
       </div>
       <div class="sbform-input">
-        <small class="sbform-input__error" v-if="loginError">{{loginError}}</small>
+        <small class="sbform-input__error" data-cy="login-error" v-if="loginError">{{loginError}}</small>
       </div>
-      <button class="button button--primary change-form__submit" data-cy="change-password-button">Anmelden</button>
+      <button class="button button--primary change-form__submit" data-cy="login-button">Anmelden</button>
     </form>
   </div>
 </template>

From 80b1d38b934311ec85fb6c68c6bd0e6d5d50aa5a Mon Sep 17 00:00:00 2001
From: Christian Cueni <christian.cueni@iterativ.ch>
Date: Mon, 7 Oct 2019 16:29:15 +0200
Subject: [PATCH 11/18] Style public pages, add links to login page

---
 client/src/layouts/PublicLayout.vue |  7 ++++-
 client/src/pages/login.vue          | 42 +++++++++++++++++++++++++++--
 client/src/styles/_buttons.scss     |  3 +++
 server/core/static/styles/main.scss | 11 ++++++--
 4 files changed, 58 insertions(+), 5 deletions(-)

diff --git a/client/src/layouts/PublicLayout.vue b/client/src/layouts/PublicLayout.vue
index 9ce691b3..a4e7b9a2 100644
--- a/client/src/layouts/PublicLayout.vue
+++ b/client/src/layouts/PublicLayout.vue
@@ -1,6 +1,6 @@
 <template>
   <div class="skillbox public">
-    <logo></logo>
+    <logo class="public__logo"></logo>
     <router-view class="skillbox__content"></router-view>
     <footer class="skillbox__footer">Footer</footer>
   </div>
@@ -23,6 +23,11 @@ import Logo from '@/components/icons/Logo';
   .public {
     max-width: 800px;
     min-width: 320px;
+
+    &__logo {
+      position: relative;
+      left: -10px;
+    }
   }
 
 </style>
diff --git a/client/src/pages/login.vue b/client/src/pages/login.vue
index 4284b073..673d5f10 100644
--- a/client/src/pages/login.vue
+++ b/client/src/pages/login.vue
@@ -1,6 +1,6 @@
 <template>
   <div class="login">
-    <h1 class="login__title">Login</h1>
+    <h1 class="login__title">Melden Sie sich jetzt an</h1>
     <form class="login__form login-form" novalidate @submit.prevent="validateBeforeSubmit">
       <div class="login-form__field sbform-input">
         <label for="email" class="sbform-input__label">E-Mail</label>
@@ -55,7 +55,14 @@
       <div class="sbform-input">
         <small class="sbform-input__error" data-cy="login-error" v-if="loginError">{{loginError}}</small>
       </div>
-      <button class="button button--primary change-form__submit" data-cy="login-button">Anmelden</button>
+      <div class="actions">
+        <button class="button button--primary button--big actions__submit" data-cy="login-button">Anmelden</button>
+        <a class="actions__reset text-link" href="/accounts/password_reset/">Passwort vergessen?</a>
+      </div>
+      <div class="registration">
+        <p class="registration__text">Haben Sie noch kein Konto?</p>
+        <a class="registration__link text-link" href="/accounts/password_reset/">Jetzt registrieren</a>
+      </div>
     </form>
   </div>
 </template>
@@ -127,5 +134,36 @@ export default {
 </script>
 
 <style scoped lang="scss">
+@import "@/styles/_variables.scss";
+@import "@/styles/_mixins.scss";
+
+.login {
+  &__title {
+    margin-top: 48px;
+    font-size: 2.75rem; // 44px
+    margin-bottom: 24px;
+    font-weight: 600;
+  }
+}
+
+.text-link {
+  font-family: $sans-serif-font-family;
+  color: $color-brand;
+}
+
+.actions {
+  &__reset {
+    display: inline-block;
+    margin-left: $large-spacing;
+  }
+}
+
+.registration {
+  margin-top: $large-spacing;
+  &__text {
+    font-family: $sans-serif-font-family;
+    margin-bottom: $small-spacing;
+  }
+}
 
 </style>
diff --git a/client/src/styles/_buttons.scss b/client/src/styles/_buttons.scss
index fccfe2ec..50c56420 100644
--- a/client/src/styles/_buttons.scss
+++ b/client/src/styles/_buttons.scss
@@ -23,6 +23,9 @@
     border: 2px solid $color-silver-light;
     background-color: $color-silver-light;
   }
+  &--big {
+    padding: 15px;
+  }
 }
 
 .icon-button {
diff --git a/server/core/static/styles/main.scss b/server/core/static/styles/main.scss
index c8dfa4ee..903bc1d1 100644
--- a/server/core/static/styles/main.scss
+++ b/server/core/static/styles/main.scss
@@ -101,13 +101,17 @@ input[type=text], input[type=password], input[type=email], select {
 .logo {
   width: 250px;
   height: 48px;
+  position: relative;
+  left: -10px;
 }
 
 /* reset forms */
 
 .reset__heading {
-  font-size: 2.125rem;
-  margin-bottom: 52px;
+  line-height: 4.5rem;
+  font-size: 44px;
+  margin-bottom: 24px;
+  margin-top: 52px;
   font-weight: 600;
 }
 
@@ -154,4 +158,7 @@ input[type=text], input[type=password], input[type=email], select {
   max-width: 800px;
   min-width: 320px;
   margin: 0 auto;
+  @media (max-width: 1023px) {
+    margin: 0 30px;
+  }
 }

From e93dde272d173f1a7fabc1fefdbc756da8a89c96 Mon Sep 17 00:00:00 2001
From: Christian Cueni <christian.cueni@iterativ.ch>
Date: Tue, 8 Oct 2019 06:47:53 +0200
Subject: [PATCH 12/18] Update tests

---
 client/cypress/integration/project-entry.spec.js | 1 +
 client/cypress/integration/solutions.spec.js     | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/client/cypress/integration/project-entry.spec.js b/client/cypress/integration/project-entry.spec.js
index 6e7a593a..7da598c9 100644
--- a/client/cypress/integration/project-entry.spec.js
+++ b/client/cypress/integration/project-entry.spec.js
@@ -5,6 +5,7 @@ describe('Project Entry', () => {
     cy.viewport('macbook-15');
     cy.startGraphQLCapture();
     cy.login('rahel.cueni', 'test', true);
+    cy.get('body').contains('Neues Wissen erwerben');
   });
 
   it('should create a new project entry', () => {
diff --git a/client/cypress/integration/solutions.spec.js b/client/cypress/integration/solutions.spec.js
index f1dac617..6e5b2b0a 100644
--- a/client/cypress/integration/solutions.spec.js
+++ b/client/cypress/integration/solutions.spec.js
@@ -28,8 +28,8 @@ describe('Solutions', () => {
     cy.get('[data-cy=solution]').should('not.exist');
     cy.logout();
 
-    cy.login('nico.zickgraf', 'test');
     cy.visit('/module/lohn-und-budget');
+    cy.login('nico.zickgraf', 'test');
     cy.get('[data-cy=toggle-enable-solutions]').click();
     cy.waitFor('UpdateSolutionVisibility');
     // cy.get('[data-cy=toggle-enable-solutions]').within(() => {
@@ -40,8 +40,8 @@ describe('Solutions', () => {
 
     cy.logout();
 
-    cy.visit('/module/lohn-und-budget');
     cy.login('rahel.cueni', 'test');
+    cy.visit('/module/lohn-und-budget');
     // cy.get('[data-cy=solution]').should('exist');
     cy.get('[data-cy=solution]').first()
       .should('contain', 'anzeigen')

From 31de68e3d0ebcaa9f81fa9a3792868626abb41f1 Mon Sep 17 00:00:00 2001
From: Christian Cueni <christian.cueni@iterativ.ch>
Date: Tue, 8 Oct 2019 09:12:32 +0200
Subject: [PATCH 13/18] Use app logout

---
 client/cypress/integration/change-password-spec.js | 2 +-
 client/cypress/integration/solutions.spec.js       | 2 +-
 client/cypress/integration/survey.spec.js          | 3 ++-
 client/cypress/support/commands.js                 | 7 ++++++-
 client/src/components/icons/UserIcon.vue           | 2 +-
 5 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/client/cypress/integration/change-password-spec.js b/client/cypress/integration/change-password-spec.js
index 0256583b..726267f4 100644
--- a/client/cypress/integration/change-password-spec.js
+++ b/client/cypress/integration/change-password-spec.js
@@ -7,7 +7,7 @@ describe('Change Password Page', () => {
   const validationOldWrongMsg = 'Die Eingabe ist falsch';
 
   beforeEach(function () {
-    cy.logout();
+    // cy.clearCookies();
     cy.visit('/me/profile');
     cy.login('rahel.cueni', 'test');
   });
diff --git a/client/cypress/integration/solutions.spec.js b/client/cypress/integration/solutions.spec.js
index 6e5b2b0a..273b6425 100644
--- a/client/cypress/integration/solutions.spec.js
+++ b/client/cypress/integration/solutions.spec.js
@@ -40,8 +40,8 @@ describe('Solutions', () => {
 
     cy.logout();
 
-    cy.login('rahel.cueni', 'test');
     cy.visit('/module/lohn-und-budget');
+    cy.login('rahel.cueni', 'test');
     // cy.get('[data-cy=solution]').should('exist');
     cy.get('[data-cy=solution]').first()
       .should('contain', 'anzeigen')
diff --git a/client/cypress/integration/survey.spec.js b/client/cypress/integration/survey.spec.js
index 58a36529..c1bd181a 100644
--- a/client/cypress/integration/survey.spec.js
+++ b/client/cypress/integration/survey.spec.js
@@ -4,7 +4,8 @@ describe('Survey', () => {
 
     cy.viewport('macbook-15');
     cy.startGraphQLCapture();
-    cy.login('rahel.cueni', 'test');
+    cy.login('rahel.cueni', 'test', true);
+    cy.get('body').contains('Neues Wissen erwerben');
   });
 
   it('should display and fill out the survey', () => {
diff --git a/client/cypress/support/commands.js b/client/cypress/support/commands.js
index 9ffdeae4..6b6335a7 100644
--- a/client/cypress/support/commands.js
+++ b/client/cypress/support/commands.js
@@ -39,10 +39,15 @@ Cypress.Commands.add("login", (username, password, visitLogin=false) => {
   cy.get('[data-cy=login-button]').click();
 });
 
-Cypress.Commands.add("logout", () => {
+Cypress.Commands.add("clearCookies", () => {
   cy.clearCookies();
 });
 
+Cypress.Commands.add("logout", () => {
+  cy.get('[data-cy=user-icon]').click();
+  cy.get('[data-cy=logout]').click();
+});
+
 Cypress.Commands.add('loginByCsrf', (username, password, csrftoken) => {
   cy.request({
     method: 'POST',
diff --git a/client/src/components/icons/UserIcon.vue b/client/src/components/icons/UserIcon.vue
index 77f3d933..7209e65c 100644
--- a/client/src/components/icons/UserIcon.vue
+++ b/client/src/components/icons/UserIcon.vue
@@ -1,5 +1,5 @@
 <template>
-  <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100">
+  <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100" data-cy="user-icon">
     <path
       d="M50,0A50.12,50.12,0,0,0,.07,46.65S0,48.23,0,50s.07,3.25.07,3.36A50,50,0,1,0,50,0ZM24.14,86V79.84A15.18,15.18,0,0,1,39.31,64.67H60.69A15.18,15.18,0,0,1,75.86,79.84V86a44.27,44.27,0,0,1-51.72,0Zm57.47-5V79.84A20.94,20.94,0,0,0,60.69,58.93H39.31A20.94,20.94,0,0,0,18.39,79.84v1.31a44.4,44.4,0,1,1,63.22-.06Z"/>
     <path

From c396c34be242c8778a60ed0bf02b7d61b2d34846 Mon Sep 17 00:00:00 2001
From: Christian Cueni <christian.cueni@iterativ.ch>
Date: Tue, 8 Oct 2019 10:14:57 +0200
Subject: [PATCH 14/18] Hide registration, redirect to correct page after
 reset, style reset

---
 client/src/pages/login.vue                                  | 4 ++--
 server/core/settings.py                                     | 6 ++++--
 server/core/static/styles/main.scss                         | 3 +++
 .../templates/registration/password_reset_complete.html     | 2 +-
 .../core/templates/registration/set_password_complete.html  | 2 +-
 5 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/client/src/pages/login.vue b/client/src/pages/login.vue
index 673d5f10..c4156ce0 100644
--- a/client/src/pages/login.vue
+++ b/client/src/pages/login.vue
@@ -59,10 +59,10 @@
         <button class="button button--primary button--big actions__submit" data-cy="login-button">Anmelden</button>
         <a class="actions__reset text-link" href="/accounts/password_reset/">Passwort vergessen?</a>
       </div>
-      <div class="registration">
+      <!--div class="registration">
         <p class="registration__text">Haben Sie noch kein Konto?</p>
         <a class="registration__link text-link" href="/accounts/password_reset/">Jetzt registrieren</a>
-      </div>
+      </div-->
     </form>
   </div>
 </template>
diff --git a/server/core/settings.py b/server/core/settings.py
index 54738b93..5c677317 100644
--- a/server/core/settings.py
+++ b/server/core/settings.py
@@ -173,8 +173,10 @@ else:
         },
     ]
 
-LOGOUT_REDIRECT_URL = '/'
-LOGIN_REDIRECT_URL = '/'
+LOGOUT_REDIRECT_URL = '/login'
+LOGIN_REDIRECT_URL = '/login'
+
+LOGIN_URL = LOGIN_REDIRECT_URL
 
 # Internationalization
 # https://docs.djangoproject.com/en/1.11/topics/i18n/
diff --git a/server/core/static/styles/main.scss b/server/core/static/styles/main.scss
index 903bc1d1..1ed62182 100644
--- a/server/core/static/styles/main.scss
+++ b/server/core/static/styles/main.scss
@@ -132,6 +132,9 @@ input[type=text], input[type=password], input[type=email], select {
   border: 1px solid #f0f0f0;
   max-width: 100%;
   background-color: #ffffff;
+  font-size: 16px;
+  font-family: "Montserrat", Arial, sans-serif;
+  font-weight: 400;
 }
 
 .reset__form button {
diff --git a/server/core/templates/registration/password_reset_complete.html b/server/core/templates/registration/password_reset_complete.html
index d5352950..ed9c6fd8 100644
--- a/server/core/templates/registration/password_reset_complete.html
+++ b/server/core/templates/registration/password_reset_complete.html
@@ -7,6 +7,6 @@
 <div class="reset">
     <h2 class="reset__heading">{% trans 'Passwort zurücksetzen abgeschlossen' %}</h2>
     <p class="reset__text">{% trans 'Ihr Passwort wurde zurückgesetzt. Sie können sich nun auf der Loginseite anmelden.' %}</p>
-    <p class="reset__text"><a href="{% url "login" %}">{% trans 'Einloggen' %}</a></p>
+    <p class="reset__text"><a href="/login">{% trans 'Einloggen' %}</a></p>
 </div>
 {% endblock %}
diff --git a/server/core/templates/registration/set_password_complete.html b/server/core/templates/registration/set_password_complete.html
index 52eb4d7c..b2ad19e7 100644
--- a/server/core/templates/registration/set_password_complete.html
+++ b/server/core/templates/registration/set_password_complete.html
@@ -7,6 +7,6 @@
 <div class="reset">
     <h2 class="reset__heading">{% trans 'Sie haben es geschafft' %}</h2>
     <p class="reset__text">% trans 'Ihr Passwort wurde erfolgreich gespeichert. Sie können sich nun anmelden.' %}</p>
-    <p class="reset__text"><a href="{% url "login" %}">{% trans 'Jetzt anmelden' %}</a></p>
+    <p class="reset__text"><a href="/login">{% trans 'Jetzt anmelden' %}</a></p>
 </div>
 {% endblock %}

From 61161407b68bac66d0e330eb9601857726d8c549 Mon Sep 17 00:00:00 2001
From: Christian Cueni <christian.cueni@iterativ.ch>
Date: Tue, 8 Oct 2019 10:44:45 +0200
Subject: [PATCH 15/18] Fix & add api test

---
 server/core/tests/test_api.py | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/server/core/tests/test_api.py b/server/core/tests/test_api.py
index 4efd1fb7..0e0e0858 100644
--- a/server/core/tests/test_api.py
+++ b/server/core/tests/test_api.py
@@ -17,7 +17,7 @@ class ApiAccessTestCase(TestCase):
     def test_graphqlEndpoint_shouldNotBeAccessibleWithoutLogin(self):
         c = Client()
         response = c.post('/api/graphql/', data=self.query, content_type='application/json')
-        self.assertRedirects(response, '/accounts/login/?next=/api/graphql/')
+        self.assertRedirects(response, '/login?next=/api/graphql/')
 
     def test_graphqlEndpoint_shouldBeAccessibleWithLogin(self):
         user = UserFactory(username='admin')
@@ -27,3 +27,28 @@ class ApiAccessTestCase(TestCase):
         response = c.post('/api/graphql/', data=self.query, content_type='application/json')
 
         self.assertEqual(200, response.status_code)
+
+    def test_publicGraphqlEndpoint_shouldBeAccessibleWithoutLogin(self):
+
+        query= json.dumps({
+            'operationName': 'Login',
+            'query': '''
+                mutation Login($input: LoginInput!){
+                  login(input: $input) {
+                    success
+                    errors {
+                      field
+                    }
+                  }
+                }
+            ''',
+            'variables': {
+                'input': {
+                    'usernameInput': 'test',
+                    'passwordInput': 'test'
+                }
+            },
+        })
+        c = Client()
+        response = c.post('/api/graphql-public/', data=query, content_type='application/json')
+        self.assertEqual(response.status_code, 200)

From 0694471270e28e47fb5d0af1528f310d616eaec5 Mon Sep 17 00:00:00 2001
From: Christian Cueni <christian.cueni@iterativ.ch>
Date: Tue, 8 Oct 2019 11:24:54 +0200
Subject: [PATCH 16/18] =?UTF-8?q?Fix=20test,=20cleanup=20=F0=9F=9B=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 client/cypress/integration/change-password-spec.js | 2 +-
 client/src/main.js                                 | 1 -
 server/core/settings_test.py                       | 1 +
 server/core/static/styles/main.scss                | 2 --
 server/core/tests/test_api.py                      | 5 ++++-
 5 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/client/cypress/integration/change-password-spec.js b/client/cypress/integration/change-password-spec.js
index 726267f4..708cb27d 100644
--- a/client/cypress/integration/change-password-spec.js
+++ b/client/cypress/integration/change-password-spec.js
@@ -7,7 +7,7 @@ describe('Change Password Page', () => {
   const validationOldWrongMsg = 'Die Eingabe ist falsch';
 
   beforeEach(function () {
-    // cy.clearCookies();
+    cy.clearCookies();
     cy.visit('/me/profile');
     cy.login('rahel.cueni', 'test');
   });
diff --git a/client/src/main.js b/client/src/main.js
index cdb59a5d..3a6da63c 100644
--- a/client/src/main.js
+++ b/client/src/main.js
@@ -124,7 +124,6 @@ router.beforeEach((to, from, next) => {
   } else {
     next();
   }
-  // todo handle public pages for user
 });
 
 /* eslint-disable no-new */
diff --git a/server/core/settings_test.py b/server/core/settings_test.py
index a480a60b..d7fef8b6 100644
--- a/server/core/settings_test.py
+++ b/server/core/settings_test.py
@@ -14,3 +14,4 @@ MIGRATION_MODULES = DisableMigrations()
 # Email Settings
 SENDGRID_API_KEY = ""
 EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend'
+LOGIN_REDIRECT_URL = '/accounts/login/'
diff --git a/server/core/static/styles/main.scss b/server/core/static/styles/main.scss
index 1ed62182..b6b95d6f 100644
--- a/server/core/static/styles/main.scss
+++ b/server/core/static/styles/main.scss
@@ -1,5 +1,3 @@
-//@import "materialize/materialize";
-
 $white: #fff;
 
 $grey-1: #F7F7F7;
diff --git a/server/core/tests/test_api.py b/server/core/tests/test_api.py
index 0e0e0858..643058d7 100644
--- a/server/core/tests/test_api.py
+++ b/server/core/tests/test_api.py
@@ -1,7 +1,9 @@
 import json
 
 from django.test import TestCase, Client
+from django.test.utils import override_settings
 
+from core import settings
 from core.factories import UserFactory
 
 
@@ -17,7 +19,8 @@ class ApiAccessTestCase(TestCase):
     def test_graphqlEndpoint_shouldNotBeAccessibleWithoutLogin(self):
         c = Client()
         response = c.post('/api/graphql/', data=self.query, content_type='application/json')
-        self.assertRedirects(response, '/login?next=/api/graphql/')
+        self.assertEqual(response.status_code, 302)
+        self.assertEqual(response.url, '/login?next=/api/graphql/')
 
     def test_graphqlEndpoint_shouldBeAccessibleWithLogin(self):
         user = UserFactory(username='admin')

From 2eae460b31f66fa332b74adba4fa049953fdbb33 Mon Sep 17 00:00:00 2001
From: Christian Cueni <christian.cueni@iterativ.ch>
Date: Tue, 8 Oct 2019 14:35:48 +0200
Subject: [PATCH 17/18] Fix integration test

---
 client/cypress/support/commands.js | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/client/cypress/support/commands.js b/client/cypress/support/commands.js
index 6b6335a7..faaebc76 100644
--- a/client/cypress/support/commands.js
+++ b/client/cypress/support/commands.js
@@ -39,10 +39,6 @@ Cypress.Commands.add("login", (username, password, visitLogin=false) => {
   cy.get('[data-cy=login-button]').click();
 });
 
-Cypress.Commands.add("clearCookies", () => {
-  cy.clearCookies();
-});
-
 Cypress.Commands.add("logout", () => {
   cy.get('[data-cy=user-icon]').click();
   cy.get('[data-cy=logout]').click();

From 81d89dae9a30d74d9fbc78ac8d06e5df16d60660 Mon Sep 17 00:00:00 2001
From: Christian Cueni <christian.cueni@iterativ.ch>
Date: Wed, 23 Oct 2019 08:33:37 +0200
Subject: [PATCH 18/18] Change css names, refactor login guard

---
 .../components/profile/PasswordChangeForm.vue | 26 ++++++++---------
 client/src/main.js                            | 16 +++++------
 client/src/pages/login.vue                    | 28 +++++++++----------
 client/src/router/index.js                    |  5 +++-
 client/src/styles/_password_forms.scss        |  2 +-
 5 files changed, 40 insertions(+), 37 deletions(-)

diff --git a/client/src/components/profile/PasswordChangeForm.vue b/client/src/components/profile/PasswordChangeForm.vue
index f462abee..4c33be61 100644
--- a/client/src/components/profile/PasswordChangeForm.vue
+++ b/client/src/components/profile/PasswordChangeForm.vue
@@ -1,34 +1,34 @@
 <template>
   <div class="pw-change">
     <form class="pw-change__form change-form" novalidate @submit.prevent="validateBeforeSubmit">
-      <div class="change-form__field sbform-input">
-        <label for="old-pw" class="sbform-input__label">Aktuelles Passwort</label>
+      <div class="change-form__field skillboxform-input">
+        <label for="old-pw" class="skillboxform-input__label">Aktuelles Passwort</label>
         <input id="old-pw"
                name="oldPassword"
                type="text"
                v-model="oldPassword"
                v-validate="'required'"
-               :class="{ 'sbform-input__input--error': errors.has('oldPassword') }"
-               class="change-form__old skillbox-input sbform-input__input"
+               :class="{ 'skillboxform-input__input--error': errors.has('oldPassword') }"
+               class="change-form__old skillbox-input skillboxform-input__input"
                autocomplete="off"
                data-cy="old-password">
-        <small v-if="errors.has('oldPassword') && submitted" class="sbform-input__error" data-cy="old-password-local-errors">{{ errors.first('oldPassword') }}</small>
-        <small v-for="error in oldPasswordErrors" :key="error" class=" sbform-input__error" data-cy="old-password-remote-errors">{{ error }}</small>
+        <small v-if="errors.has('oldPassword') && submitted" class="skillboxform-input__error" data-cy="old-password-local-errors">{{ errors.first('oldPassword') }}</small>
+        <small v-for="error in oldPasswordErrors" :key="error" class=" skillboxform-input__error" data-cy="old-password-remote-errors">{{ error }}</small>
       </div>
-      <div class="change-form__field sbform-input">
-        <label for="new-pw" class="sbform-input__label">Neues Passwort</label>
+      <div class="change-form__field skillboxform-input">
+        <label for="new-pw" class="skillboxform-input__label">Neues Passwort</label>
         <input id="new-pw"
                name="newPassword"
                type="text"
                v-model="newPassword"
                v-validate="'required|min:8|strongPassword'"
-               :class="{ 'sbform-input__input--error': errors.has('newPassword') }"
-               class="change-form__new skillbox-input sbform-input__input"
+               :class="{ 'skillboxform-input__input--error': errors.has('newPassword') }"
+               class="change-form__new skillbox-input skillboxform-input__input"
                autocomplete="off"
                data-cy="new-password">
-        <small v-if="errors.has('newPassword') && submitted" class=" sbform-input__error" data-cy="new-password-local-errors">{{ errors.first('newPassword') }}</small>
-        <small v-for="error in newPasswordErrors" :key="error" class=" sbform-input__error" data-cy="new-password-remote-errors">{{ error }}</small>
-        <p class="sbform-input__hint">Das Passwort muss mindestens 8 Zeichen lang sein und Grossbuchstaben, Zahlen und Sonderzeichen beinhalten.</p>
+        <small v-if="errors.has('newPassword') && submitted" class=" skillboxform-input__error" data-cy="new-password-local-errors">{{ errors.first('newPassword') }}</small>
+        <small v-for="error in newPasswordErrors" :key="error" class=" skillboxform-input__error" data-cy="new-password-remote-errors">{{ error }}</small>
+        <p class="skillboxform-input__hint">Das Passwort muss mindestens 8 Zeichen lang sein und Grossbuchstaben, Zahlen und Sonderzeichen beinhalten.</p>
       </div>
       <button class="button button--primary change-form__submit" data-cy="change-password-button">Speichern</button>
     </form>
diff --git a/client/src/main.js b/client/src/main.js
index 3a6da63c..c7d1cb77 100644
--- a/client/src/main.js
+++ b/client/src/main.js
@@ -106,19 +106,19 @@ Vue.filter('date', dateFilter);
 
 /* logged in guard */
 
-const publicPages = ['login']
-
-function getCookieValue(a) {
-  var b = document.cookie.match('(^|[^;]+)\\s*' + a + '\\s*=\\s*([^;]+)');
-  return b ? b.pop() : '';
+function getCookieValue(cookieName) {
+  // https://stackoverflow.com/questions/5639346/what-is-the-shortest-function-for-reading-a-cookie-by-name-in-javascript
+  let cookieValue = document.cookie.match('(^|[^;]+)\\s*' + cookieName + '\\s*=\\s*([^;]+)');
+  return cookieValue ? cookieValue.pop() : '';
 }
 
-function redirectIfLoginRequird(nameOfPage) {
-  return publicPages.indexOf(nameOfPage) === -1 && getCookieValue('loginStatus') !== 'true';
+function redirectIfLoginRequird(to) {
+  // public pages have the meta.public property set to true
+  return (!to.hasOwnProperty('meta') || !to.meta.hasOwnProperty('public') || !to.meta.public) && getCookieValue('loginStatus') !== 'true';
 }
 
 router.beforeEach((to, from, next) => {
-  if (redirectIfLoginRequird(to.name)) {
+  if (redirectIfLoginRequird(to)) {
     const redirectUrl = `/login?redirect=${to.path}`;
     next(redirectUrl);
   } else {
diff --git a/client/src/pages/login.vue b/client/src/pages/login.vue
index c4156ce0..a2eea1e3 100644
--- a/client/src/pages/login.vue
+++ b/client/src/pages/login.vue
@@ -2,58 +2,58 @@
   <div class="login">
     <h1 class="login__title">Melden Sie sich jetzt an</h1>
     <form class="login__form login-form" novalidate @submit.prevent="validateBeforeSubmit">
-      <div class="login-form__field sbform-input">
-        <label for="email" class="sbform-input__label">E-Mail</label>
+      <div class="login-form__field skillboxform-input">
+        <label for="email" class="skillboxform-input__label">E-Mail</label>
         <input
           id="email"
           name="email"
           type="text"
           v-model="email"
           v-validate="'required'"
-          :class="{ 'sbform-input__input--error': errors.has('email') }"
-          class="change-form__email skillbox-input sbform-input__input"
+          :class="{ 'skillboxform-input__input--error': errors.has('email') }"
+          class="change-form__email skillbox-input skillboxform-input__input"
           autocomplete="off"
           data-cy="email-input"
         />
         <small
           v-if="errors.has('email') && submitted"
-          class="sbform-input__error"
+          class="skillboxform-input__error"
           data-cy="email-local-errors"
         >{{ errors.first('email') }}</small>
         <small
           v-for="error in emailErrors"
           :key="error"
-          class="sbform-input__error"
+          class="skillboxform-input__error"
           data-cy="email-remote-errors"
         >{{ error }}</small>
       </div>
-      <div class="change-form__field sbform-input">
-        <label for="pw" class="sbform-input__label">Passwort</label>
+      <div class="change-form__field skillboxform-input">
+        <label for="pw" class="skillboxform-input__label">Passwort</label>
         <input
           id="pw"
           name="password"
           type="password"
           v-model="password"
           v-validate="'required'"
-          :class="{ 'sbform-input__input--error': errors.has('password') }"
-          class="change-form__new skillbox-input sbform-input__input"
+          :class="{ 'skillboxform-input__input--error': errors.has('password') }"
+          class="change-form__new skillbox-input skillboxform-input__input"
           autocomplete="off"
           data-cy="password-input"
         />
         <small
           v-if="errors.has('password') && submitted"
-          class="sbform-input__error"
+          class="skillboxform-input__error"
           data-cy="password-local-errors"
         >{{ errors.first('password') }}</small>
         <small
           v-for="error in passwordErrors"
           :key="error"
-          class="sbform-input__error"
+          class="skillboxform-input__error"
           data-cy="password-remote-errors"
         >{{ error }}</small>
       </div>
-      <div class="sbform-input">
-        <small class="sbform-input__error" data-cy="login-error" v-if="loginError">{{loginError}}</small>
+      <div class="skillboxform-input">
+        <small class="skillboxform-input__error" data-cy="login-error" v-if="loginError">{{loginError}}</small>
       </div>
       <div class="actions">
         <button class="button button--primary button--big actions__submit" data-cy="login-button">Anmelden</button>
diff --git a/client/src/router/index.js b/client/src/router/index.js
index 3a9b7533..7f6f410e 100644
--- a/client/src/router/index.js
+++ b/client/src/router/index.js
@@ -42,7 +42,10 @@ const routes = [
     path: '/login',
     name: 'login',
     component: login,
-    meta: {layout: 'public'}
+    meta: {
+      layout: 'public',
+      public: true
+    }
   },
   {
     path: '/module/:slug',
diff --git a/client/src/styles/_password_forms.scss b/client/src/styles/_password_forms.scss
index 8925f9b2..3159ff7a 100644
--- a/client/src/styles/_password_forms.scss
+++ b/client/src/styles/_password_forms.scss
@@ -1,4 +1,4 @@
-.sbform-input {
+.skillboxform-input {
 
   margin-bottom: 20px;
   font-family: $sans-serif-font-family;