Merge branch 'MLAB-56' into 'master'

Mlab 56 See merge request !2

Merge branch 'MLAB-56' into 'master'
Mlab 56 See merge request !2
62880f10 · Wolfgang Knopki · 393920ba · 0ac2db14 · 62880f10 · 62880f10
Commit 62880f10 authored Apr 06, 2020 by Wolfgang Knopki
--- a/.gitignore
+++ b/.gitignore
 /node_modules
 sp-account-metadata.xml
+.idea
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
+pages-devel:    
+  stage: deploy
+  script:
+    - npm install
+    - "pm2 delete --silent account || :"
+    - pm2 start ./app.js --name=account
+    - pm2 save
+  tags: 
+    - testing
+  only: 
+    - testing
+    - test_logoutbutton
\ No newline at end of file
--- a/app.js
+++ b/app.js
@@ -8,6 +8,11 @@ const bodyParser = require('body-parser');
 const session = require('express-session');
 const errorhandler = require('errorhandler');
 const flash = require('express-flash');
+const i18n = require('i18n'); // internationalization
+i18n.configure({
+  locales:['de', 'en'],
+  directory: './locales'
+});

 var env = process.env.NODE_ENV || 'development';
 const config = require('./config/config')[env];
@@ -23,6 +28,12 @@ app.use(bodyParser.json());
 app.use(bodyParser.urlencoded({extended: false}));
 app.use(express.static(path.join(__dirname, 'public')));

+app.use(i18n.init);
+app.use((req, res, next) => {
+  res.setLocale('de');
+  next();
+});
+
 app.use(session(
  {
    resave: true,
@@ -47,10 +58,24 @@ app.use(function(req, res, next) {
  next();
 });

-require('./routes/routes')(app, config, passport);
-//require('./routes/dbconn')(app, config);
+require('./routes/routes-account')(app, config, passport, i18n);
+require('./routes/routes-project')(app, config, passport);
 require('./routes/api')(app, config, passport);

+// Handle 404
+app.use(function (req, res, next) {
+  //res.status(404).send('404: Page not Found', 404)
+  res.status(404).render('./DE/404')
+})
+
+// Handle 500 - any server error
+app.use(function (err, req, res, next) {
+  console.error(err.stack)
+  res.status(500).render('./DE/500', {
+    error: err
+  })
+})
+
 app.listen(app.get('port'), function () {
  console.log('Express server listening on port ' + app.get('port'));
-});
+});
\ No newline at end of file
--- a/config/config.js
+++ b/config/config.js
@@ -8,18 +8,21 @@ module.exports = {
      strategy: 'saml',
      saml: {
        path: process.env.SAML_PATH || '/saml/SSO',
-        entryPoint: process.env.SAML_ENTRY_POINT || 'https://transfer.hft-stuttgart.de/idp/saml2/idp/SSOService.php',
-        issuer: 'sp-account.m4lab.hft-stuttgart.de',
-        logoutUrl: 'https://transfer.hft-stuttgart.de/idp/saml2/idp/SingleLogoutService.php'
+        entryPoint: process.env.SAML_ENTRY_POINT || 'https://m4lab.hft-stuttgart.de/idp/saml2/idp/SSOService.php',
+        //issuer: 'sp-account.m4lab.hft-stuttgart.de', //local metadata
+        issuer: 'sp-account-testing.m4lab.hft-stuttgart.de', //testing metadata
+        //issuer: 'sp-account-prod.m4lab.hft-stuttgart.de', //production metadata
+        logoutUrl: 'https://m4lab.hft-stuttgart.de/idp/saml2/idp/SingleLogoutService.php'
      }
    },
    database: {
-      host: 'localhost',      	  // DB host
+      host: 'transfer.hft-stuttgart.de',      	  // DB host
      user: 'DBManager',          // DB username
      password: 'Stuttgart2019',  // DB password
      port: 3306,                 // MySQL port
      dbUser: 'userdb',           // User DB
-      dbProject: 'projectdb'     // Project DB
+      host_project: 'm4lab.hft-stuttgart.de', // DB host project db
+      dbProject: 'projectDB'     // Project DB
    },
    mailer: {
      host: 'mail.hft-stuttgart.de',  // hostname
@@ -32,4 +35,3 @@ module.exports = {
    }
  }
 }
-  
--- a/database/userdb_role.sql
+++ b/database/userdb_role.sql
+-- MySQL dump 10.13  Distrib 8.0.15, for Win64 (x86_64)
+--
+-- Host: localhost    Database: userdb
+-- ------------------------------------------------------
+-- Server version	8.0.15
+
+/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
+/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
+/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
+ SET NAMES utf8 ;
+/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
+/*!40103 SET TIME_ZONE='+00:00' */;
+/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
+/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
+/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
+/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
+
+--
+-- Table structure for table `role`
+--
+
+DROP TABLE IF EXISTS `role`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+ SET character_set_client = utf8mb4 ;
+CREATE TABLE `role` (
+  `id` int(11) NOT NULL,
+  `name` varchar(45) NOT NULL,
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=latin1;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `role`
+--
+
+LOCK TABLES `role` WRITE;
+/*!40000 ALTER TABLE `role` DISABLE KEYS */;
+INSERT INTO `role` VALUES (1,'ADMIN'),(2,'USER'),(3,'OVERVIEW_CREATOR');
+/*!40000 ALTER TABLE `role` ENABLE KEYS */;
+UNLOCK TABLES;
+/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
+
+/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
+/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
+/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
+/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
+/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
+/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
+/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
+
+-- Dump completed on 2020-03-19  9:21:39
--- a/locales/de.json
+++ b/locales/de.json
+{
+	"Hello World": "Hallo Welt",
+	"Hello": "Hallo"
+}
\ No newline at end of file
--- a/locales/en.json
+++ b/locales/en.json
+{
+	"Hello World": "Hello World",
+	"Hello": "Hello",
+}
\ No newline at end of file
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -23,20 +23,21 @@
  "dependencies": {
    "async": "^3.1.0",
    "bcryptjs": "^2.4.3",
-    "body-parser": "1.15.1",
+    "body-parser": "^1.19.0",
    "cookie-parser": "1.4.3",
    "crypto": "^1.0.1",
    "errorhandler": "1.4.3",
-    "express": "4.13.4",
+    "express": "^4.17.1",
    "express-flash": "0.0.2",
-    "express-session": "1.13.0",
+    "express-session": "^1.17.0",
    "fs": "0.0.1-security",
-    "morgan": "1.7.0",
+    "i18n": "^0.8.5",
+    "morgan": "^1.9.1",
    "mysql": "^2.17.1",
    "nodemailer": "^6.3.1",
-    "nodemon": "1.9.2",
+    "nodemon": "^2.0.1",
    "passport": "0.3.2",
-    "passport-saml": "0.15.0",
+    "passport-saml": "^1.2.0",
    "pug": "^2.0.4"
  },
  "devDependencies": {},

--- a/public/js/headfootLogout.js
+++ b/public/js/headfootLogout.js
+var menu = [{'name':'Informationen', 'combos':[{'name':'Projekte', 'link':'/project'}, {'name':'Über das M4_LAB', 'link':'/projectoverview?projectID=1'}], 'type':'dropdown', 'link':'#'},{'name':'Zusammenarbeit', 'combos':[{'name':'Mailinglisten', 'link':'/mailinglists'},{'name':'Videokonferenzen', 'link':'/videoconference.html'},/* {'name':'...', 'link':'#'}*/], 'type':'dropdown', 'link':'#'},{'name':'Events', 'combos':[{'name':'Veranstaltungen der HfT', 'link':'http://www.hft-stuttgart.de/Aktuell/Veranstaltungen/'}/*,{'name':'...', 'link':'#'}*/], 'type':'dropdown', 'link':'#'},/*{'name':'Bürgerbeteiligung', 'combos':[{'name':'...', 'link':'#'}, {'name':'...', 'link':'#'}], 'type':'dropdown', 'link':'#'},*/{'name':'Logout', 'combos':[], 'type':'logoutbutton', 'link':'/logout'}];
+
+
+var hft_links = [{'url':'http://www.hft-stuttgart.de/Forschung/M4-Lab/Team/index.html/de', 'name':'Kontakt'},{'url':'http://www.hft-stuttgart.de/Hochschule/Impressum.html/de', 'name':'Impressum'},{'url':'http://www.hft-stuttgart.de/Einrichtungen/Datenschutz/Datenschutz-Homepage', 'name':'Datenschutz'}]
+
+var socialmedias = [{'url':'https://twitter.com/InnolabM4', 'name': 'fa-twitter'}, {'url':'https://www.facebook.com/HfTStuttgart/', 'name': 'fa-facebook-square'}, {'url':'https://www.instagram.com/m4_lab/', 'name': 'fa-instagram'}, {'url':'https://de.linkedin.com/school/hochschule-f%C3%BCr-technik-stuttgart-%E2%80%93-university-of-applied-sciences/', 'name': 'fa-linkedin'}, {'url':'https://www.youtube.com/channel/UCi0_JfF2qMZbOhOnNH5PyHA', 'name': 'fa-youtube'}];
+
+var footer_images = [/*{'src':'/images/demo/bbf_logo.png', 'alt':'BMBF'},*/ {'src':'/images/demo/Innovative_Hochschule_Initiative_BMBF_GWK_RGB.jpg', 'alt':'Innovative Hochschule'}]
+
+function prependChild(parent,child){
+    parent.insertBefore(child, parent.childNodes[0]);
+}
+
+function userAuthenticated(){
+    let params = new URLSearchParams(window.location.search);
+    if(params.get('isAuthenticatedUser')){
+        return true;
+    }else if(document.getElementById('loginswitch')){   //relikt login via OAuth
+        if(document.getElementById('loginswitch').getAttribute('authenticated') == '1'){
+            return true;
+        }
+    }else{
+        return false;
+    }
+}
+
+
+function readCookie(cname) {
+  var name = cname + "=";
+  var decodedCookie = decodeURIComponent(document.cookie);
+  var ca = decodedCookie.split(';');
+  for(var i = 0; i <ca.length; i++) {
+    var c = ca[i];
+    while (c.charAt(0) == ' ') {
+      c = c.substring(1);
+    }
+    if (c.indexOf(name) == 0) {
+      return c.substring(name.length, c.length);
+    }
+  }
+  return "";
+}
+
+function sendRequest(URL){
+    console.log(document.cookie);
+    let xhr = new XMLHttpRequest();
+    xhr.open("POST", URL, true);
+    let token = readCookie("XSRF-TOKEN");
+    //Send the proper header information along with the request
+    xhr.setRequestHeader('X-CSRF-TOKEN', token);
+    xhr.send();
+}
+
+
+/* function head()
+ * creates header and prepends it to the documents body
+ */
+
+function head(){
+    let headerdiv = document.createElement('div');
+    let alertdiv = document.createElement('div');
+    headerdiv.classList.add("wrapper","row1");
+    let navheader = document.createElement('header');
+    navheader.id = "header";
+    navheader.classList.add("clear");
+    let alertbutton = document.createElement('button');
+    alertbutton.type = "button";
+    alertbutton.classList.add("close");
+    alertbutton.setAttribute("data-dismiss", "alert");
+    alertbutton.innerHTML = "&times;";
+    alertdiv.innerHTML="<strong>Disclaimer</strong> This website is under construction and in prototype-phase. It is not for public use."
+    prependChild(alertdiv, alertbutton);
+    alertdiv.classList.add('alert','alert-danger', 'alert-dismissible', 'fade','show');
+    alertdiv.style = "text-align:center;";
+    navheader.appendChild(alertdiv);
+    let navbar = document.createElement('nav');
+    navbar.classList.add("navbar", "navbar-default");
+    let fluiddiv = document.createElement('div');
+    fluiddiv.classList.add("container-fluid");
+    let navbardiv = document.createElement('div');
+    navbardiv.classList.add("navbar-header");
+    let navelements = document.createElement('ul');
+    navelements.id="navelemente";
+    let logos = document.createElement('li');
+    let link_m4lab = document.createElement('a');
+    link_m4lab.href = "/";
+    link_m4lab.innerHTML = "<img src='/images/demo/m4lab_logo.jpg' alt='Logo Innovationslabor M4_LAB'>";
+    logos.appendChild(link_m4lab);
+    navelements.appendChild(logos);
+    for(let j = 0; j<menu.length; j++){
+        let headitem = document.createElement('li');
+        let itemtype = menu[j].type;
+        headitem.classList.add("nav-item")
+        let headlink = document.createElement('a');
+        headlink.href=menu[j].link;
+        headlink.id="navbarDropdown" + j;
+        headlink.classList.add('nav-link');
+        headlink.setAttribute("role", "button");
+        if(itemtype=='dropdown'){
+            headitem.classList.add("dropdown");
+            headlink.classList.add('dropdown-toggle');
+            headlink.setAttribute("data-toggle", "dropdown");
+            headlink.setAttribute("aria-haspopup", "true");
+            headlink.setAttribute("aria-expanded", "false");
+        }
+        headlink.innerHTML=menu[j].name;
+        if(itemtype=='dropdown'){
+            let combodiv = document.createElement('div');
+            combodiv.id=headlink.id+"_par";
+            combodiv.setAttribute("aria-labelledby",headlink.id);
+            combodiv.classList.add("dropdown-menu");
+            for(let k = 0; k< menu[j].combos.length; k++){
+                let combolink = document.createElement('a');
+                combolink.classList.add("dropdown-item");
+                if(userAuthenticated() || typeof user !== 'undefined'){ //either logged in the old way or logged in using SAML
+                    if(menu[j].combos[k].link.includes('?')){
+                        combolink.href = menu[j].combos[k].link + "&isAuthenticatedUser=true";
+                    }else{    
+                        combolink.href = menu[j].combos[k].link + "?isAuthenticatedUser=true";
+                    }
+                }else{
+                    combolink.href = menu[j].combos[k].link;
+                }
+                combolink.innerHTML = menu[j].combos[k].name;
+                combodiv.appendChild(combolink);
+            }
+            headitem.appendChild(combodiv);
+        }else if(itemtype=='logoutbutton'){
+        /*    if(userAuthenticated()){
+                headlink.innerHTML="Account";
+                headlink.href="/account/";
+            } */
+            headlink.innerHTML="Logout";
+            headlink.href="/logout";
+            headlink.classList.remove("nav-link");
+            headlink.classList.add("btn");
+            headlink.classList.add("btn-outline-danger");
+        }
+        headitem.appendChild(headlink);
+        navelements.appendChild(headitem);
+    }
+/*    let searchitem = document.createElement('li');
+    searchitem.classList.add("nav-item");
+    let searchinput = document.createElement('input');
+    searchinput.value='Suche...'
+    searchinput.type="text";
+    searchinput.classList.add("nav-item-suchfeld");
+    searchinput.setAttribute('onFocus', "this.value=(this.value=='search...')? '' : this.value");
+    searchitem.appendChild(searchinput);
+    let magnifier = document.createElement('input');
+    magnifier.type="image"
+    magnifier.src="/images/Lupe_grau.png";
+    magnifier.width="25";
+    magnifier.height="25";
+    magnifier.alt="";
+    magnifier.id="sf_submit";
+    magnifier.value="search";
+    searchitem.appendChild(magnifier);
+    navelements.appendChild(searchitem);*/
+    navbardiv.appendChild(navelements);
+    fluiddiv.appendChild(navbardiv);
+    navbar.appendChild(fluiddiv);
+    navheader.appendChild(navbar);
+    headerdiv.appendChild(navheader);
+    prependChild(document.body, headerdiv);
+};
+
+/* function foot()
+ * creates footer and appends it to the documents body
+ */
+
+function foot(){
+    let footerdiv = document.createElement('div');
+    footerdiv.id="homepage";
+    footerdiv.classList.add("last", "clear");
+    footerdiv.innerHTML = "<hr>";
+    let containerdiv = document.createElement('div');
+    containerdiv.classList.add('flex-container');
+    let hftlink = document.createElement('a');
+    hftlink.classList.add("col-md-3");
+    hftlink.setAttribute('style','flex-basis: 400px;');
+    hftlink.href="https://www.hft-stuttgart.de";
+    let hftimage = document.createElement('img');
+    hftimage.src="/images/demo/hft_logo.jpg"; 
+    hftimage.alt="Logo der Hochschule für Technik Stuttgart";
+    hftimage.height= '75';
+    hftlink.appendChild(hftimage);
+    containerdiv.appendChild(hftlink);
+    let contactdiv = document.createElement('div');
+    contactdiv.classList.add("col-md-3", "footer-unten")
+    contactdiv.setAttribute('style',"flex-basis:400px");
+    contactdiv.innerHTML="Hochschule für Technik Stuttgart";
+    let rowdiv = document.createElement('div');
+    rowdiv.classList.add("row");
+    for(let i = 0; i<hft_links.length; i++){
+        let coldiv = document.createElement('div');
+        coldiv.classList.add("contactrow", "footer-unten");
+        let collink = document.createElement('a');
+        collink.innerHTML = hft_links[i].name;
+        collink.classList.add("contact-lower")
+        collink.href = hft_links[i].url;
+        coldiv.appendChild(collink)
+        rowdiv.appendChild(coldiv);
+    }
+    contactdiv.appendChild(rowdiv);
+    containerdiv.appendChild(contactdiv);
+    let socialdiv = document.createElement('div');
+    socialdiv.classList.add("col-md-3");
+    socialdiv.setAttribute('style','flex-basis: 400px;');
+    let socialrow = document.createElement('div');
+    socialrow.id="socialmediabuttons";
+    for(let j = 0; j< socialmedias.length; j++){
+        let sociallink = document.createElement('a');
+        sociallink.href = socialmedias[j].url;
+        let socialcontent = document.createElement('i');
+        socialcontent.classList.add("fab", socialmedias[j].name);
+        sociallink.appendChild(socialcontent);
+        socialrow.appendChild(sociallink);
+        socialrow.innerHTML+="&nbsp;";
+    }
+    socialdiv.appendChild(socialrow);
+    containerdiv.appendChild(socialdiv);
+    let imagediv = document.createElement('div');
+    imagediv.classList.add("col-md-3");
+    imagediv.setAttribute("style", "flex-basis:400px;");
+    for (let k = 0; k< footer_images.length; k++){
+        let image = document.createElement('img');
+        image.src = footer_images[k].src;
+        image.width="300";
+        image.height= "73";
+        image.alt = footer_images[k].alt;
+        imagediv.appendChild(image);
+    }
+    containerdiv.appendChild(imagediv);
+    footerdiv.appendChild(containerdiv);
+    document.body.appendChild(footerdiv);
+};
+
+
+head();
+foot();
\ No newline at end of file
--- a/public/js/jquery-ui/i18n/datepicker-de.js
+++ b/public/js/jquery-ui/i18n/datepicker-de.js
+/* German initialisation for the jQuery UI date picker plugin. */
+/* Written by Milian Wolff (mail@milianw.de). */
+( function( factory ) {
+	if ( typeof define === "function" && define.amd ) {
+
+		// AMD. Register as an anonymous module.
+		define( [ "../widgets/datepicker" ], factory );
+	} else {
+
+		// Browser globals
+		factory( jQuery.datepicker );
+	}
+}( function( datepicker ) {
+
+datepicker.regional.de = {
+	closeText: "Schließen",
+	prevText: "&#x3C;Zurück",
+	nextText: "Vor&#x3E;",
+	currentText: "Heute",
+	monthNames: [ "Januar","Februar","März","April","Mai","Juni",
+	"Juli","August","September","Oktober","November","Dezember" ],
+	monthNamesShort: [ "Jan","Feb","Mär","Apr","Mai","Jun",
+	"Jul","Aug","Sep","Okt","Nov","Dez" ],
+	dayNames: [ "Sonntag","Montag","Dienstag","Mittwoch","Donnerstag","Freitag","Samstag" ],
+	dayNamesShort: [ "So","Mo","Di","Mi","Do","Fr","Sa" ],
+	dayNamesMin: [ "So","Mo","Di","Mi","Do","Fr","Sa" ],
+	weekHeader: "KW",
+	dateFormat: "dd.mm.yy",
+	firstDay: 1,
+	isRTL: false,
+	showMonthAfterYear: false,
+	yearSuffix: "" };
+datepicker.setDefaults( datepicker.regional.de );
+
+return datepicker.regional.de;
+
+} ) );
\ No newline at end of file
--- a/public/js/registration.js
+++ b/public/js/registration.js
@@ -22,7 +22,8 @@ $('#inputPassword').on('keyup', function () {
    isPasswordValid = checkPasswordReq($('#inputPassword').val())
    $('#passwordWarning').empty();
    if (!isPasswordValid) {
-        $('#passwordWarning').html('Must be at least 8 characters')
+        //$('#passwordWarning').html('Must be at least 8 characters')
+        $('#passwordWarning').html('Das Passwort muss mindestens 8 Zeichen haben')
    }
    switchSubmitButton()
 });

--- a/public/js/security.js
+++ b/public/js/security.js
 // check password and password confirmation input fields
+// used in Security and Reset Password
 $('#inputNewPwd, #inputConfirm').on('keyup', function () {
    var isBest, isMatch;

    isBest = checkPasswordReq($('#inputNewPwd').val())
    $('#recommendation').empty();
    if (!isBest) {
-        $('#recommendation').html('Must be at least 8 characters').css('color', 'red');
+        //$('#recommendation').html('Must be at least 8 characters').css('color', 'red');
+        $('#recommendation').html('Das Passwort muss mindestens 8 Zeichen haben').css('color', 'red');
    }

    // match or not?
    if ($('#inputNewPwd').val() == $('#inputConfirm').val()) {
-        $('#message').html('Matching').css('color', 'green');
+        //$('#message').html('Matching').css('color', 'green');
+        $('#message').html('Übereinstimmend').css('color', 'green');
        isMatch = true;
    } else {
-        $('#message').html('Not Matching').css('color', 'red');
+        //$('#message').html('Not Matching').css('color', 'red');
+        $('#message').html('Nicht übereinstimmend').css('color', 'red');
        isMatch = false;
    }
    

--- a/public/views_TBD/404.jade
+++ b/public/views_TBD/404.jade
-extends error
-
-block content
-  h2 Cannot find #{url}
\ No newline at end of file
--- a/public/views_TBD/500.jade
+++ b/public/views_TBD/500.jade
-extends error
-
-block content
-  h1 Error: #{error.message}
-  if settings['verbose errors']
-    pre= error.stack
-  else
-    p An error ocurred!
\ No newline at end of file
--- a/public/views_TBD/error.jade
+++ b/public/views_TBD/error.jade
-html
-  head 
-    title Error
-  body
-    h1 An error occurred!
-    block content
\ No newline at end of file
--- a/public/views_TBD/home.jade
+++ b/public/views_TBD/home.jade
-extends layout
-
-block content
-	if user !== null
-		h1 Hello, #{user.firstName}
-		a(href="/profile") Profile
-		br
-		a(href="/logout") Logout
-	else
-		h1 Welcome
-		br
-		a(href="/login") Login
--- a/public/views_TBD/profile.html
+++ b/public/views_TBD/profile.html
-<!DOCTYPE html>
-<html lang="en">
-	<head>
-	    <title>User Profile</title>
-	    <meta charset="UTF-8"/>
-	    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" />
-	    <link rel="stylesheet" type="text/css" href="https://transfer.hft-stuttgart.de/css/bootstrap/bootstrap.css" />
-	    <link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.8.2/css/all.css" integrity="sha384-oS3vJWv+0UjzBfQzYUhtDYW+Pj2yciDJxpsK1OYPAYjqT085Qq/1cq5FLXAZQ7Ay" crossorigin="anonymous" />
-	    <style>
-			.collapse {
-				display: none;
-			}
-			.collapse.in {
-				display: block;
-			}
-			.collapsing {
-				position: relative;
-				height: 0;
-				overflow: hidden;
-				-webkit-transition-timing-function: ease;
-				-o-transition-timing-function: ease;
-				transition-timing-function: ease;
-				-webkit-transition-duration: .35s;
-				-o-transition-duration: .35s;
-				transition-duration: .35s;
-				-webkit-transition-property: height,visibility;
-				-o-transition-property: height,visibility;
-				transition-property: height,visibility;
-			}	    
-		</style>
-	    
-	    <script src="https://code.jquery.com/jquery-3.3.1.slim.min.js" integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo" crossorigin="anonymous"></script>
-		<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js" integrity="sha384-UO2eT0CpHqdSJQ6hJty5KVphtPhzWj9WO1clHTMGa3JDZwrnQq4sF86dIHNDz0W1" crossorigin="anonymous"></script>
-        <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js" integrity="sha384-JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf/nJGzIxFDsf4x0xIM+B07jRM" crossorigin="anonymous"></script>
-        <script>
-            $(function(){
-                $("#header").load("fragment/header.html"); 
-                $("#footer").load("fragment/footer.html"); 
-            });
-        </script> 
-	</head>
-	
-	<body>
-		
-		<!-- CONTENT -->
-		<div class="container-fluid">
-		  <div class="row">
-		    <!-- https://getbootstrap.com/docs/4.3/components/navs/ -->
-		    <div class="col-3">
-		    	<h5>
-                    <!-- TODO: Firstname + Lastname-->
-			    	<span>TODO: Firstname + Lastname</span>
-			    </h5>
-			    <div class="nav flex-column nav-pills" id="v-pills-tab" role="tablist" aria-orientation="vertical">
-			      <a class="nav-link" href="#" aria-selected="true">Profile</a>
-			      <a class="nav-link" href="#" aria-selected="false">Security</a>
-			      <a class="nav-link" href="#" aria-selected="false">Services</a>
-			    </div>
-			  </div>
-		
-		    <div class="col-sm-9">
-				<form>
-		            <p><input type="hidden" th:value="${id}"/></p>
-		                	
-		            <table class="table table-borderless">
-						<tr>
-						    <th><label for="title">Title</label></th>
-						    <td><input type="text" placeholder="Title"></td> 
-						</tr>
-						<tr>
-						    <th><label for="firstname">Vorname</label></th>
-						    <td><input type="text" placeholder="Vorname"></td>
-					    </tr>
-						<tr>
-						    <th><label for="lastname">Nachname</label></th>
-						    <td><input type="text" placeholder="Nachname"></td>
-					    </tr>
-						<tr>
-						    <th><label for="email">Email</label></th>
-						    <td><input type="text" placeholder="Email"></td>
-						</tr>
-						<tr>
-						    <th><label for="email">Unternehmen</label></th>
-						    <td><input type="text" placeholder="Unternehmen"></td>
-						</tr>
-					    <tr>
-							<th><label for="email">Branche</label></th>
-						    <td><input type="text" placeholder="Branche"></td>
-						</tr>
-						<tr>
-							<th><label for="email">Fachgebiete</label></th>
-						    <td><input type="text" placeholder="Fachgebiete"></td>
-						</tr>
-					</table>
-						    
-					<p><input type="submit" class="btn btn-primary" value="Update" disabled></p>   
-				</form>	      
-		    </div>
-		  </div>
-		</div>
-		
-		<!-- HEADER & FOOTER -->
-        <script src="https://transfer.hft-stuttgart.de/js/headfoot.js"></script>
-	</body>
-</html>
\ No newline at end of file
--- a/public/views_TBD/profile.jade
+++ b/public/views_TBD/profile.jade
-include profile.html
\ No newline at end of file
--- a/routes/api.js
+++ b/routes/api.js
@@ -7,13 +7,13 @@ module.exports = function (app) {
    
    app.get('/api/v1/profile', function (req, res) {
        if (req.isAuthenticated()) {
-            // read data based on ID
-            dbconn.user.query('SELECT title, firstname, lastname, email, industry, organisation, speciality FROM user WHERE email="'+req.user.email+'"', function (err, rows, fields) {
+            // read data based on email
+            dbconn.user.query('SELECT * FROM user WHERE email="'+req.user.email+'"', function (err, rows, fields) {
                if (err) throw err
                res.send(rows[0])
            })
        } else {
-          res.redirect('/');
+          res.send('authentication required');
        }
    });