MLAB-129: add user verification mechanism

e7931881 · Rosanny Sihombing · 3bfcbafc · e7931881 · e7931881 · e7931881
Commit e7931881 authored May 26, 2020 by Rosanny Sihombing
--- a/routes/methods.js
+++ b/routes/methods.js
@@ -42,14 +42,26 @@ var methods = {
                                throw err
                            });
                        }
-                        // COMMIT
-                        dbconn.user.commit(function(err) {
+                        // MLAB-129: INSERT verification token
+                        let verificationData = {
+                            user_id: newUserId,
+                            token: data.verificationToken
+                        }
+                        dbconn.user.query('INSERT INTO verification SET ?', verificationData, function (err, results, fields) {
                            if (err) {
                                return dbconn.user.rollback(function() {
                                    throw err
                                });
                            }
-                        });
+                            // COMMIT
+                            dbconn.user.commit(function(err) {
+                                if (err) {
+                                    return dbconn.user.rollback(function() {
+                                        throw err
+                                    })
+                                }
+                            })
+                        })
                    })
                });
            });
@@ -57,7 +69,7 @@ var methods = {
        })
    },
    getUserByEmail: function(email, callback) {
-        dbconn.user.query('SELECT salutation, title, firstname, lastname, industry, organisation, speciality FROM user WHERE email = "' +email+'"', function (err, rows, fields) {
+        dbconn.user.query('SELECT verificationStatus, salutation, title, firstname, lastname, industry, organisation, speciality FROM user WHERE email = "' +email+'"', function (err, rows, fields) {
            if (err) {
                throw err;
            }
@@ -70,7 +82,7 @@ var methods = {
        });
    },
 	checkUserEmail: function(email, callback) {
-        var user;
+        let user
        dbconn.user.query('SELECT id, email FROM user WHERE email = "' +email+'"', function (err, rows, fields) {
            if (err) {
                throw err;
@@ -84,7 +96,7 @@ var methods = {
        });
    },
    getUserByToken: function(token, callback) {
-        var user;
+        let user
        dbconn.user.query('SELECT t1.user_id, t2.email FROM userdb.credential AS t1 INNER JOIN userdb.user AS t2 ON t1.user_id = t2.id AND t1.resetPasswordToken = "'
            +token+'" and resetPasswordExpires > '+Date.now(), function (err, rows, fields) {
                if (err) {
@@ -100,42 +112,92 @@ var methods = {
            }
        );
    },
-	updateUser: function(userData, callback) {
-		dbconn.user.query('UPDATE user SET ? WHERE email = "' +userData.email+'"', userData, function (err, rows, fields) {
-            if (err) throw err;
-            callback(err);
+	updateUserById: function(userData, callback) {
+		dbconn.user.query('UPDATE user SET ? WHERE id = ' +userData.id, userData, function (err, rows, fields) {
+            if (err) throw err
+            callback(err)
        })
    },
    updateCredential: function(data, callback) {
        dbconn.user.query('UPDATE credential SET ? WHERE user_id = ' +data.user_id, data, function (err, rows, fields) {
-            if (err) throw err;
-            callback(err);
+            if (err) throw err
+            callback(err)
        })
    },
    getUserIdByEmail: function(email, callback) {
-        var userId
+        let userId
        dbconn.user.query('SELECT id FROM user WHERE email = "' +email+'"', function (err, rows, fields) {
            if (err) {
-                throw err;
+                throw err
            }
            else {
                if ( rows.length > 0) {
-                    userId = rows[0].id;
+                    userId = rows[0].id
                }
            }
-            callback(userId, err);
+            callback(userId, err)
        });
    },
    getUserProjectRole: function(userId, callback) {
        dbconn.user.query('SELECT project_id, role_id FROM user_project_role WHERE user_id = "' +userId+'"', function (err, rows, fields) {
-            if (err) throw err;
-            callback(rows, err);
+            if (err) throw err
+            callback(rows, err)
        });
    },
    addUserProjectRole: function(data, callback) {
        dbconn.user.query('INSERT INTO user_project_role SET ?', data, function (err, results, fields){
-            if (err) throw err;
-            callback(err);
+            if (err) throw err
+            callback(err)
+        })
+    },
+    getVerificationTokenByUserId: function(userId, callback) {
+        let token
+        dbconn.user.query('SELECT token FROM verification WHERE user_id = "' +userId+'"', function (err, rows, fields) {
+            if (err) {
+                throw err
+            }
+            else {
+                if (rows.length > 0) {
+                    token = rows[0].token
+                }
+            }
+            callback(token, err)
+        })
+    },
+    getUserIdByVerificationToken: function(token, callback) {
+        let userId
+        dbconn.user.query('SELECT user_id FROM verification WHERE token = "' +token+'"', function (err, rows, fields) {
+            if (err) {
+                throw err
+            }
+            else if(rows[0]) {
+                userId = rows[0].user_id
+            }
+            callback(userId, err)
+        })
+    },
+    verifyUserAccount: function(userData, callback) {
+        dbconn.user.beginTransaction(function(err) { // START TRANSACTION
+            if (err) { throw err }
+            // update user status
+            dbconn.user.query('UPDATE user SET ? WHERE id =' +userData.id, userData, function (err, rows, fields) {
+                if (err) {
+                    return dbconn.user.rollback(function() { throw err })
+                }
+                // delete verification token
+                dbconn.user.query('DELETE FROM verification WHERE user_id = '+userData.id, function (err, rows, fields) {
+                    if (err) {
+                        return dbconn.user.rollback(function() { throw err })
+                    }
+                    // COMMIT
+                    dbconn.user.commit(function(err) {
+                        if (err) {
+                            return dbconn.user.rollback(function() { throw err })
+                        }
+                    })
+                })
+            })
+            callback(err)
        })
    },
    // ======================= project db =======================

--- a/routes/routes-account.js
+++ b/routes/routes-account.js
@@ -142,10 +142,18 @@ module.exports = function (app, config, passport, i18n) {
    if (req.isAuthenticated()) {
      methods.getUserByEmail(req.user.email, function(data, err){
        if (!err) {
-          res.render(lang+'/account/profile', {
-            user: data,
-            email: req.user.email
-          });
+          if (data.verificationStatus == 1) {
+            console.log(data)
+            res.render(lang+'/account/profile', {
+              user: data,
+              email: req.user.email
+            })
+          }
+          else {
+            res.render(lang+'/account/home', {
+              user: data
+            });
+          }
        }
      })
    } else {
@@ -155,63 +163,74 @@ module.exports = function (app, config, passport, i18n) {

  app.get('/services', function (req, res) {
    if (req.isAuthenticated()) {
-      async.waterfall([
-        // get userId by email from userdb
-        function(done) {
-          methods.getUserIdByEmail(req.user.email, function(userId, err) {
-            if (!err) {
-              done(err, userId)
-            }
-          })
-        },
-        // get user-project-role from userdb
-        function(userId, done) {
-          methods.getUserProjectRole(userId, function(userProjects, err) {
-            if (!err) {
-              done(err, userProjects)
-            }
-          })
-        },
-        // get all projects from projectdb
-        function(userProjects, done) {
-          methods.getAllProjects(function(projectsOverview, err) {
-            if (!err) {
-              done(err, userProjects, projectsOverview)
-            }
-          })
-        },
-        // create JSON object of projects and user status for front-end
-        function(userProjects, projectsOverview, done) {
-          var allProjects = []  // JSON object
-
-          var userProjectId = []  // array of user's project_id
-          for (var i = 0; i < userProjects.length; i++) {
-            userProjectId.push(userProjects[i].project_id)
+      methods.getUserByEmail(req.user.email, function(data, err){
+        if (!err) {
+          if (data.verificationStatus == 1) {
+            async.waterfall([
+              // get userId by email from userdb
+              function(done) {
+                methods.getUserIdByEmail(req.user.email, function(userId, err) {
+                  if (!err) {
+                    done(err, userId)
+                  }
+                })
+              },
+              // get user-project-role from userdb
+              function(userId, done) {
+                methods.getUserProjectRole(userId, function(userProjects, err) {
+                  if (!err) {
+                    done(err, userProjects)
+                  }
+                })
+              },
+              // get all projects from projectdb
+              function(userProjects, done) {
+                methods.getAllProjects(function(projectsOverview, err) {
+                  if (!err) {
+                    done(err, userProjects, projectsOverview)
+                  }
+                })
+              },
+              // create JSON object of projects and user status for front-end
+              function(userProjects, projectsOverview, done) {
+                var allProjects = []  // JSON object
+      
+                var userProjectId = []  // array of user's project_id
+                for (var i = 0; i < userProjects.length; i++) {
+                  userProjectId.push(userProjects[i].project_id)
+                }
+      
+                for (var i = 0; i < projectsOverview.length; i++) {
+                  // check if projectId is exist in userProjectId[]
+                  var status = false
+                  if (userProjectId.indexOf(projectsOverview[i].id) > -1) {
+                    status = true
+                  }
+                  // add data to JSON object
+                  allProjects.push({
+                    id: projectsOverview[i].id,
+                    title: projectsOverview[i].title,
+                    summary: projectsOverview[i].onelinesummary,
+                    cp: projectsOverview[i].contact_email,
+                    userStatus: status
+                  });
+                }
+      
+                // render the page
+                res.render(lang+'/account/services', {
+                  user: data,
+                  project: allProjects
+                });
+              }
+            ])
          }
-
-          for (var i = 0; i < projectsOverview.length; i++) {
-            // check if projectId is exist in userProjectId[]
-            var status = false
-            if (userProjectId.indexOf(projectsOverview[i].id) > -1) {
-              status = true
-            }
-            // add data to JSON object
-            allProjects.push({
-              id: projectsOverview[i].id,
-              title: projectsOverview[i].title,
-              summary: projectsOverview[i].onelinesummary,
-              cp: projectsOverview[i].contact_email,
-              userStatus: status
+          else {
+            res.render(lang+'/account/home', {
+              user: data
            });
          }
-
-          // render the page
-          res.render(lang+'/account/services', {
-            user: req.user,
-            project: allProjects
-          });
        }
-      ])
+      })
    } else {
      res.redirect('/login');
    }
@@ -219,9 +238,21 @@ module.exports = function (app, config, passport, i18n) {

  app.get('/security', function (req, res) {
    if (req.isAuthenticated()) {
-      res.render(lang+'/account/security', {
-        user: req.user // useful for view engine, useless for HTML
-      });
+      methods.getUserByEmail(req.user.email, function(data, err){
+        if (!err) {
+          if (data.verificationStatus == 1) {
+            console.log(data)
+            res.render(lang+'/account/security', {
+              user: data
+            })
+          }
+          else {
+            res.render(lang+'/account/home', {
+              user: data
+            });
+          }
+        }        
+      })
    } else {
      res.redirect('/login');
    }
@@ -474,16 +505,11 @@ module.exports = function (app, config, passport, i18n) {

  });

-  // todo: user registration with captcha
+  // ============= NEW USERS REGISTRATION ===========================
  app.get('/registration', function(req, res) {
    res.render(lang+'/account/registration')
  })
-
  app.post('/registration', function(req, res) {
-    // TODO:
-    // create gitlab account?
-    // send email to activate profile?
-
    // user data
    var curDate = new Date()
    var userData = {
@@ -497,27 +523,132 @@ module.exports = function (app, config, passport, i18n) {
      speciality: req.body.inputSpeciality,
      createdDate: curDate.toISOString().slice(0,10)
    }
-    // encrypt password
-    bcrypt.genSalt(saltRounds, function(err, salt) {
-      bcrypt.hash(req.body.inputPassword, salt, function(err, hash) {
-        // create account
-        var newAccount = {
-          profile: userData,
-          password: hash
-        }
+
+    let token
+    async.waterfall([
+      function(done) {
+        crypto.randomBytes(20, function(err, buf) {
+          token = buf.toString('hex');
+          done(err, token);
+        });
+      },
+      // encrypt password
+      function(token, done) {
+        bcrypt.genSalt(saltRounds, function(err, salt) {
+          bcrypt.hash(req.body.inputPassword, salt, function(err, hash) {
+            var newAccount = {
+              profile: userData,
+              password: hash,
+              verificationToken: token
+            }
+            done(err, newAccount)
+          });
+        });
+      },
+      // save data
+      function(newAccount, err) {
        methods.registerNewUser(newAccount, function(err){
          if (err) {
-            //req.flash('error', "Failed")
            req.flash('error', "Fehlgeschlagen")
          }
          else {
-            //req.flash('success', 'Your account has been created. Please log in.')
-            req.flash('success', 'Ihr Benutzerkonto wurde angelegt. Bitte melden Sie sich an.')
+            // send email
+            var emailSubject = "Bitte bestätigen Sie Ihr M4_LAB Benutzerkonto"
+            var emailContent = "Lieber Nutzer,\n\n"+
+                "vielen Dank für Ihre Anmeldung am Transferportal der HFT Stuttgart. "+ 
+                "\nUm Ihre Anmeldung zu bestätigen, klicken Sie bitte diesen Link: "+config.app.host+"/verifyAccount?token="+token+
+                "\n\nOhne Bestätigung Ihres Kontos müssen wir Ihr Konto leider nach 7 Tagen löschen.\n\n"+mailSignature
+            
+            mailer.options.to = req.body.inputEmail;
+            mailer.options.subject = emailSubject;
+            mailer.options.text = emailContent;
+            mailer.transport.sendMail(mailer.options, function(err) {
+              if (err) {
+                console.log('cannot send email')
+                throw err
+              }
+            })
+            // user feedback
+            req.flash('success', 'Wir haben Ihnen eine E-Mail an Ihre verwendete Adresse gesendet. Diese enthält einen Link zur Bestätigung Ihres Accounts.\r\n' +
+              'Wenn Sie die Mail nicht in ihrem Postfach vorfinden, prüfen Sie bitte auch Ihren Spam-Ordner.\r\n \r\n'+
+              'Ohne Bestätigung Ihres Kontos müssen wir Ihr Konto leider nach 7 Tagen löschen.')
          }
-          res.redirect('/account/registration');
+          res.redirect('/account/registration')
        })
-      });
-    });
+      }
+    ])
+  })
+
+  // ============= USER VERIFICATION ================================
+  app.get("/verifyAccount", function(req, res){
+    methods.getUserIdByVerificationToken(req.query.token, function(userId, err){
+      console.log(err)
+      console.log(userId)
+      if (userId) {
+        let userData = {
+          id: userId,
+          verificationStatus: 1
+        }
+        methods.verifyUserAccount(userData, function(err){
+          if (err) {
+            console.log("Error: "+err)
+            res.render(lang+'/account/verification', {
+              status: false
+            });
+          }
+          else {
+            res.render(lang+'/account/verification', {
+              status: true
+            });
+          }
+        })
+      }
+      else {
+        res.render(lang+'/account/verification', {
+          status: null
+        });
+      }
+    })
+  })
+  app.get("/resendVerificationEmail", function(req, res){
+    if (req.isAuthenticated()) {
+      var emailAddress = req.user.email
+      
+      methods.getUserIdByEmail(req.user.email, function(userId, err) {
+        if (!err) {
+          // get token
+          methods.getVerificationTokenByUserId(userId, function(token, err){
+            if (!err) {
+              if (token) {
+                // send email
+                var emailSubject = "Bitte bestätigen Sie Ihr M4_LAB Benutzerkonto"
+                var emailContent = "Lieber Nutzer,\n\n"+
+                    "vielen Dank für Ihre Anmeldung am Transferportal der HFT Stuttgart. "+ 
+                    "\nUm Ihre Anmeldung zu bestätigen, klicken Sie bitte diesen Link: "+config.app.host+"/verifyAccount?token="+token+
+                    "\n\nOhne Bestätigung Ihres Kontos müssen wir Ihr Konto leider nach 7 Tagen löschen.\n\n"+mailSignature
+                
+                mailer.options.to = emailAddress;
+                mailer.options.subject = emailSubject;
+                mailer.options.text = emailContent;
+                mailer.transport.sendMail(mailer.options, function(err) {
+                  if (err) {
+                    console.log('cannot send email')
+                    throw err
+                  }
+                })
+                res.send(true)
+              }
+              else {
+                res.send(false)
+              }
+            }
+            else {
+              console.log(err)
+            }
+          })
+        }
+      })
+    }
  })

  app.get('/email/:email', function(req, res) {

--- a/views/DE/account/home.pug
+++ b/views/DE/account/home.pug
@@ -7,35 +7,44 @@ html(lang="de")
    link(rel="stylesheet", type="text/css", href="https://transfer.hft-stuttgart.de/css/bootstrap/bootstrap.css")
    link(rel="stylesheet", href="https://use.fontawesome.com/releases/v5.8.2/css/all.css", integrity="sha384-oS3vJWv+0UjzBfQzYUhtDYW+Pj2yciDJxpsK1OYPAYjqT085Qq/1cq5FLXAZQ7Ay", crossorigin="anonymous")
  body
-    div(class="container-fluid")
-        div(class="row min-vh-100 flex-column flex-md-row")
-            aside(class="col-12 col-md-2 p-0 flex-shrink-1")
-                nav(class="navbar navbar-expand flex-md-column flex-row align-items-start py-2")
-                    div(class="collapse navbar-collapse")
-                        ul(class="flex-md-column flex-row navbar-nav w-100 justify-content-between")
-                            li(class="nav-item")
-                                a(class="nav-link pl-0 text-nowrap" href="#")
-                                    span(class="font-weight-bold" style="color:black;") #{user.firstname} #{user.lastname}
-                            li(class="nav-item")
-                                a(class="nav-link pl-0" href="/account/profile")
-                                    i(class="fa fa-user fa-fw")
-                                    span(class="d-none d-md-inline") Benutzerprofil
-                            li(class="nav-item")
-                                a(class="nav-link pl-0" href="/account/security")
-                                    i(class="fa fa-lock fa-fw")
-                                    span(class="d-none d-md-inline") Sicherheitseinstellungen
-                            li(class="nav-item")
-                                a(class="nav-link pl-0" href="/account/services")
-                                    i(class="fa fa-tasks fa-fw")
-                                    span(class="d-none d-md-inline") Projekte und Dienste
-                            li(class="nav-item")
-                                a(class="nav-link pl-0" href="/logout")
-                                    i(class="fa fa-sign-out-alt fa-fw")
-                                    span(class="d-none d-md-inline") Logout
-            main(class="col bg-faded py-3 flex-grow-1")
-                p Willkommen im Benutzerkonto-Bereich des HFT Transferportals
-                p In diesem Bereich können Sie Ihr Benutzerkonto pflegen.<br/> Dazu finden Sie auf der linken Seite verschiedene Menüs.
-                p Bei Rückfragen kontaktieren Sie uns bitte unter: <a href="mailto:support-transfer@hft-stuttgart.de">support-transfer@hft-stuttgart.de</a>
+    div(class="container")
+        if user.verificationStatus == 0
+            div.alert.alert-warning.alert-dismissible
+                | Willkommen im Benutzerkonto-Bereich des HFT Transferportals
+                | <br/><br/>
+                | Wir haben Ihnen eine E-Mail an Ihre verwendete Adresse gesendet. Diese enthält einen Link zur Bestätigung Ihres Accounts.
+                | Wenn Sie die Mail nicht in ihrem Postfach vorfinden, prüfen Sie bitte auch Ihren Spam-Ordner.
+                | <br >Falls Sie keine E-Mail von uns erhalten haben, können Sie <a href="javascript:void(0);" onclick="verify();">diese hier</a> erneut anfordern.
+                div(class="spinner-border text-secondary", role="status", style="display: none")
+        else
+            div(class="row min-vh-100 flex-column flex-md-row")
+                aside(class="col-12 col-md-3 p-0 flex-shrink-1")
+                    nav(class="navbar navbar-expand flex-md-column flex-row align-items-start py-2")
+                        div(class="collapse navbar-collapse")
+                            ul(class="flex-md-column flex-row navbar-nav w-100 justify-content-between")
+                                li(class="nav-item")
+                                    a(class="nav-link pl-0 text-nowrap" href="#")
+                                        span(class="font-weight-bold" style="color:black;") #{user.firstname} #{user.lastname}
+                                li(class="nav-item")
+                                    a(class="nav-link pl-0" href="/profile")
+                                        i(class="fa fa-user fa-fw")
+                                        span(class="d-none d-md-inline") Benutzerprofil
+                                li(class="nav-item")
+                                    a(class="nav-link pl-0" href="/security")
+                                        i(class="fa fa-lock fa-fw")
+                                        span(class="d-none d-md-inline") Sicherheitseinstellungen
+                                li(class="nav-item")
+                                    a(class="nav-link pl-0" href="/services")
+                                        i(class="fa fa-tasks fa-fw")
+                                        span(class="d-none d-md-inline") Projekte und Dienste
+                                li(class="nav-item")
+                                    a(class="nav-link pl-0" href="/logout" style="color:red;")
+                                        i(class="fa fa-sign-out-alt fa-fw")
+                                        span(class="d-none d-md-inline") Logout
+                main(class="col bg-faded py-3 flex-grow-1")
+                    p Willkommen im Benutzerkonto-Bereich des HFT Transferportals
+                    p In diesem Bereich können Sie Ihr Benutzerkonto pflegen.<br/> Dazu finden Sie auf der linken Seite verschiedene Menüs.
+                    p Bei Rückfragen kontaktieren Sie uns bitte unter: <a href="mailto:support-transfer@hft-stuttgart.de">support-transfer@hft-stuttgart.de</a>
                
    // jQuery
    script(src="https://code.jquery.com/jquery-3.3.1.min.js")
@@ -43,4 +52,25 @@ html(lang="de")
    // Bootstrap
    script(src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js" integrity="sha384-JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf/nJGzIxFDsf4x0xIM+B07jRM" crossorigin="anonymous")
    // M4_LAB
-    script(src="/js/headfoot.js")
\ No newline at end of file
+    script(src="https://m4lab.hft-stuttgart.de/js/headfoot.js")
+    script.
+        // call verifyAccount
+        function verify() {
+            $(".spinner-border").show()
+            $.get( "/resendVerificationEmail", function( data ) {
+                console.log(data)
+                if (data) {
+                    alert( "Email sent!" )
+                }
+                else {
+                    alert("Please contact support-transfer@hft-stuttgart.de to verify your account.")
+                }
+            })
+            .fail(function() {
+                alert( "Something went wrong. Please try again." ) // todo: to DE
+            })
+            .always(function() {
+                $(".spinner-border").hide()
+            })
+            
+        }
\ No newline at end of file
--- a/views/DE/account/profile.pug
+++ b/views/DE/account/profile.pug
@@ -7,29 +7,29 @@ html(lang="de")
    link(rel="stylesheet", type="text/css", href="https://transfer.hft-stuttgart.de/css/bootstrap/bootstrap.css")
    link(rel="stylesheet", href="https://use.fontawesome.com/releases/v5.8.2/css/all.css", integrity="sha384-oS3vJWv+0UjzBfQzYUhtDYW+Pj2yciDJxpsK1OYPAYjqT085Qq/1cq5FLXAZQ7Ay", crossorigin="anonymous")
  body
-    div(class="container-fluid")
+    div(class="container")
        div(class="row min-vh-100 flex-column flex-md-row")
-            aside(class="col-12 col-md-2 p-0 flex-shrink-1")
+            aside(class="col-12 col-md-3 p-0 flex-shrink-1")
                nav(class="navbar navbar-expand flex-md-column flex-row align-items-start py-2")
                    div(class="collapse navbar-collapse")
                        ul(class="flex-md-column flex-row navbar-nav w-100 justify-content-between")
                            li(class="nav-item")
-                                a(class="nav-link pl-0 text-nowrap" href="#")
+                                a(class="nav-link pl-0 text-nowrap" href="/")
                                    span(class="font-weight-bold" style="color:black;") #{user.firstname} #{user.lastname}
                            li(class="nav-item")
-                                a(class="nav-link pl-0" href="/account/profile")
+                                a(class="nav-link pl-0" href="/profile")
                                    i(class="fa fa-user fa-fw" style="color:black;")
                                    span(class="d-none d-md-inline" style="color:black;") Benutzerprofil
                            li(class="nav-item")
-                                a(class="nav-link pl-0" href="/account/security")
+                                a(class="nav-link pl-0" href="/security")
                                    i(class="fa fa-lock fa-fw")
                                    span(class="d-none d-md-inline") Sicherheitseinstellungen
                            li(class="nav-item")
-                                a(class="nav-link pl-0" href="/account/services")
+                                a(class="nav-link pl-0" href="/services")
                                    i(class="fa fa-tasks fa-fw")
                                    span(class="d-none d-md-inline") Projekte und Dienste
                            li(class="nav-item")
-                                a(class="nav-link pl-0" href="/logout")
+                                a(class="nav-link pl-0" href="/logout" style="color:red;")
                                    i(class="fa fa-sign-out-alt fa-fw")
                                    span(class="d-none d-md-inline") Logout
            main(class="col bg-faded py-3 flex-grow-1")
@@ -45,7 +45,7 @@ html(lang="de")
                    div(class="form-row")
                        div(class='form-group col-md-2')
                            label(for="title") Anrede
-                            select#inputSalutation(name="inputSalutation", class="form-control", , value=user.salutation)
+                            select#inputSalutation(name="inputSalutation", class="form-control", value=user.salutation)
                                option(value="") - Anrede -
                                option(value="Herr") Herr
                                option(value="Frau") Frau
@@ -99,4 +99,4 @@ html(lang="de")
    // Bootstrap
    script(src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js" integrity="sha384-JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf/nJGzIxFDsf4x0xIM+B07jRM" crossorigin="anonymous")
    // M4_LAB
-    script(src="/js/headfoot.js")
\ No newline at end of file
+    script(src="https://m4lab.hft-stuttgart.de/js/headfoot.js")
\ No newline at end of file
--- a/views/DE/account/registration.pug
+++ b/views/DE/account/registration.pug
@@ -7,26 +7,6 @@ html(lang="de")
    link(rel="stylesheet", type="text/css", href="https://transfer.hft-stuttgart.de/css/bootstrap/bootstrap.css")
    link(rel="stylesheet", href="https://use.fontawesome.com/releases/v5.8.2/css/all.css", integrity="sha384-oS3vJWv+0UjzBfQzYUhtDYW+Pj2yciDJxpsK1OYPAYjqT085Qq/1cq5FLXAZQ7Ay", crossorigin="anonymous")
    style.
-        .collapse {
-            display: none;
-        }
-        .collapse.in {
-            display: block;
-        }
-        .collapsing {
-            position: relative;
-            height: 0;
-            overflow: hidden;
-            -webkit-transition-timing-function: ease;
-            -o-transition-timing-function: ease;
-            transition-timing-function: ease;
-            -webkit-transition-duration: .35s;
-            -o-transition-duration: .35s;
-            transition-duration: .35s;
-            -webkit-transition-property: height,visibility;
-            -o-transition-property: height,visibility;
-            transition-property: height,visibility;
-        }
        .warning {
            color: red;
            font-size: 11px;
@@ -94,4 +74,4 @@ html(lang="de")
    // M4_LAB
    script(src="/js/generalFunction.js")
    script(src="/js/registration.js")
-    script(src="/js/headfoot.js")
\ No newline at end of file
+    script(src="https://m4lab.hft-stuttgart.de/js/headfoot.js")
\ No newline at end of file
--- a/views/DE/account/security.pug
+++ b/views/DE/account/security.pug
@@ -11,29 +11,29 @@ html(lang="de")
            font-size: 11px;
        }
  body
-    div(class="container-fluid")
+    div(class="container")
        div(class="row min-vh-100 flex-column flex-md-row")
-            aside(class="col-12 col-md-2 p-0 flex-shrink-1")
+            aside(class="col-12 col-md-3 p-0 flex-shrink-1")
                nav(class="navbar navbar-expand flex-md-column flex-row align-items-start py-2")
                    div(class="collapse navbar-collapse")
                        ul(class="flex-md-column flex-row navbar-nav w-100 justify-content-between")
                            li(class="nav-item")
-                                a(class="nav-link pl-0 text-nowrap" href="#")
+                                a(class="nav-link pl-0 text-nowrap" href="/")
                                    span(class="font-weight-bold" style="color:black;") #{user.firstname} #{user.lastname}
                            li(class="nav-item")
-                                a(class="nav-link pl-0" href="/account/profile")
+                                a(class="nav-link pl-0" href="/profile")
                                    i(class="fa fa-user fa-fw")
                                    span(class="d-none d-md-inline") Benutzerprofil
                            li(class="nav-item")
-                                a(class="nav-link pl-0" href="/account/security")
+                                a(class="nav-link pl-0" href="/security")
                                    i(class="fa fa-lock fa-fw" style="color:black;")
                                    span(class="d-none d-md-inline" style="color:black;") Sicherheitseinstellungen
                            li(class="nav-item")
-                                a(class="nav-link pl-0" href="/account/services")
+                                a(class="nav-link pl-0" href="/services")
                                    i(class="fa fa-tasks fa-fw")
                                    span(class="d-none d-md-inline") Projekte und Dienste
                            li(class="nav-item")
-                                a(class="nav-link pl-0" href="/logout")
+                                a(class="nav-link pl-0" href="/logout" style="color:red;")
                                    i(class="fa fa-sign-out-alt fa-fw")
                                    span(class="d-none d-md-inline") Logout
            main(class="col bg-faded py-3 flex-grow-1")
@@ -64,7 +64,7 @@ html(lang="de")
                            span#message
                            div(class="invalid-feedback") Bitte füllen Sie dieses Feld aus.
                    input#updateBtn(type="submit", class="btn btn-primary", value="Passwort ändern" disabled)
-                    
+                        
    // jQuery
    script(src="https://code.jquery.com/jquery-3.3.1.min.js")
    script(src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js", integrity="sha384-UO2eT0CpHqdSJQ6hJty5KVphtPhzWj9WO1clHTMGa3JDZwrnQq4sF86dIHNDz0W1", crossorigin="anonymous")
@@ -73,7 +73,7 @@ html(lang="de")
    // M4_LAB
    script(src="/js/security.js")
    script(src="/js/generalFunction.js")
-    script(src="/js/headfoot.js")
+    script(src="https://m4lab.hft-stuttgart.de/js/headfoot.js")
    script.
        // check input fields
        'use strict';

--- a/views/DE/account/services.pug
+++ b/views/DE/account/services.pug
@@ -7,29 +7,29 @@ html(lang="de")
    link(rel="stylesheet", type="text/css", href="https://transfer.hft-stuttgart.de/css/bootstrap/bootstrap.css")
    link(rel="stylesheet", href="https://use.fontawesome.com/releases/v5.8.2/css/all.css", integrity="sha384-oS3vJWv+0UjzBfQzYUhtDYW+Pj2yciDJxpsK1OYPAYjqT085Qq/1cq5FLXAZQ7Ay", crossorigin="anonymous")
  body
-    div(class="container-fluid")
+    div(class="container")
        div(class="row min-vh-100 flex-column flex-md-row")
-            aside(class="col-12 col-md-2 p-0 flex-shrink-1")
+            aside(class="col-12 col-md-3 p-0 flex-shrink-1")
                nav(class="navbar navbar-expand flex-md-column flex-row align-items-start py-2")
                    div(class="collapse navbar-collapse")
                        ul(class="flex-md-column flex-row navbar-nav w-100 justify-content-between")
                            li(class="nav-item")
-                                a(class="nav-link pl-0 text-nowrap" href="#")
+                                a(class="nav-link pl-0 text-nowrap" href="/")
                                    span(class="font-weight-bold" style="color:black;") #{user.firstname} #{user.lastname}
                            li(class="nav-item")
-                                a(class="nav-link pl-0" href="/account/profile")
+                                a(class="nav-link pl-0" href="/profile")
                                    i(class="fa fa-user fa-fw")
                                    span(class="d-none d-md-inline") Benutzerprofil
                            li(class="nav-item")
-                                a(class="nav-link pl-0" href="/account/security")
+                                a(class="nav-link pl-0" href="/security")
                                    i(class="fa fa-lock fa-fw")
                                    span(class="d-none d-md-inline") Sicherheitseinstellungen
                            li(class="nav-item")
-                                a(class="nav-link pl-0" href="/account/services")
+                                a(class="nav-link pl-0" href="/services")
                                    i(class="fa fa-tasks fa-fw" style="color:black;")
                                    span(class="d-none d-md-inline" style="color:black;") Projekte und Dienste
                            li(class="nav-item")
-                                a(class="nav-link pl-0" href="/logout")
+                                a(class="nav-link pl-0" href="/logout" style="color:red;")
                                    i(class="fa fa-sign-out-alt fa-fw")
                                    span(class="d-none d-md-inline") Logout
            main(class="col bg-faded py-3 flex-grow-1")
@@ -41,4 +41,4 @@ html(lang="de")
    // Bootstrap
    script(src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js" integrity="sha384-JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf/nJGzIxFDsf4x0xIM+B07jRM" crossorigin="anonymous")
    // M4_LAB
-    script(src="/js/headfoot.js")
\ No newline at end of file
+    script(src="https://m4lab.hft-stuttgart.de/js/headfoot.js")
\ No newline at end of file
--- a/views/DE/account/verification.pug
+++ b/views/DE/account/verification.pug
+doctype html
+html(lang="de")
+  head
+    title= "User Verification"
+    meta(charset="UTF-8")
+    meta(name="viewport", content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no")
+    link(rel="stylesheet", type="text/css", href="https://transfer.hft-stuttgart.de/css/bootstrap/bootstrap.css")
+    style.
+      .container { 
+        height: 400px;
+        position: relative;
+      }
+      .center {
+        margin: 0;
+        position: absolute;
+        top: 50%;
+        left: 50%;
+        -ms-transform: translate(-50%, -50%);
+        transform: translate(-50%, -50%);
+      }
+  body
+    div(class="container")
+      div(class="center", align="center")
+        a(href="https://m4lab.hft-stuttgart.de")
+          img(src="https://transfer.hft-stuttgart.de/images/demo/m4lab_logo.jpg", class="img-responsive center-block", width="185", height="192")
+        br
+        br
+        if status == true
+          p(class="h5") Ihr Benutzerkonto wurde bestätigt. Bitte <a href="https://m4lab.hft-stuttgart.de/account/">melden Sie sich an</a>.
+        else if status == false
+          p(class="h5") Ihr Benutzerkonto konnte nicht bestätigt werden, bitte versuchen Sie es erneut.
+        else
+          p(class="h5") Ihr Benutzerkonto wude nicht gefunden.
+    // Bootstrap
+    script(src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js" integrity="sha384-JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf/nJGzIxFDsf4x0xIM+B07jRM" crossorigin="anonymous")
\ No newline at end of file