diff --git a/admin/src/router/guards.js b/admin/src/router/guards.js
index f6d8058aa..d59234a25 100644
--- a/admin/src/router/guards.js
+++ b/admin/src/router/guards.js
@@ -3,7 +3,7 @@ import CONFIG from '../config'
 const addNavigationGuards = (router, store) => {
   // store token on `authenticate`
   router.beforeEach((to, from, next) => {
-    if (to.path === '/authenticate' && to.query.token) {
+    if (to.path === '/authenticate' && to.query && to.query.token) {
       // TODO verify user to get user data
       store.commit('token', to.query.token)
       next({ path: '/' })
diff --git a/admin/src/router/guards.test.js b/admin/src/router/guards.test.js
new file mode 100644
index 000000000..e69846aab
--- /dev/null
+++ b/admin/src/router/guards.test.js
@@ -0,0 +1,64 @@
+import addNavigationGuards from './guards'
+import router from './router'
+
+const storeCommitMock = jest.fn()
+
+const store = {
+  commit: storeCommitMock,
+  state: {
+    token: null,
+  },
+}
+
+addNavigationGuards(router, store)
+
+describe('navigation guards', () => {
+  beforeEach(() => {
+    jest.clearAllMocks()
+  })
+
+  describe('authenticate', () => {
+    const navGuard = router.beforeHooks[0]
+    const next = jest.fn()
+
+    describe('with valid token', () => {
+      it('commits the token to the store', async () => {
+        navGuard({ path: '/authenticate', query: { token: 'valid-token' } }, {}, next)
+        expect(storeCommitMock).toBeCalledWith('token', 'valid-token')
+      })
+
+      it('redirects to /', async () => {
+        navGuard({ path: '/authenticate', query: { token: 'valid-token' } }, {}, next)
+        expect(next).toBeCalledWith({ path: '/' })
+      })
+    })
+
+    describe('without valid token', () => {
+      it('does not commit the token to the store', async () => {
+        navGuard({ path: '/authenticate' }, {}, next)
+        expect(storeCommitMock).not.toBeCalledWith()
+      })
+
+      it('calls next withou arguments', async () => {
+        navGuard({ path: '/authenticate' }, {}, next)
+        expect(next).toBeCalledWith()
+      })
+    })
+  })
+
+  describe('protect all routes', () => {
+    const navGuard = router.beforeHooks[1]
+    const next = jest.fn()
+
+    it('redirects no not found with no token in store ', () => {
+      navGuard({ path: '/' }, {}, next)
+      expect(next).toBeCalledWith({ path: '/not-found' })
+    })
+
+    it('does not redirect when token in store', () => {
+      store.state.token = 'valid token'
+      navGuard({ path: '/' }, {}, next)
+      expect(next).toBeCalledWith()
+    })
+  })
+})
diff --git a/admin/src/router/router.test.js b/admin/src/router/router.test.js
index e9a622d18..eb9b646cb 100644
--- a/admin/src/router/router.test.js
+++ b/admin/src/router/router.test.js
@@ -44,13 +44,20 @@ describe('router', () => {
     })
 
     describe('routes', () => {
+      it('has seven routes defined', () => {
+        expect(routes).toHaveLength(7)
+      })
+
       it('has "/overview" as default', async () => {
         const component = await routes.find((r) => r.path === '/').component()
         expect(component.default.name).toBe('overview')
       })
 
-      it('has seven routes defined', () => {
-        expect(routes).toHaveLength(7)
+      describe('logout', () => {
+        it('loads the "NotFoundPage" component', async () => {
+          const component = await routes.find((r) => r.path === '/logout').component()
+          expect(component.default.name).toBe('not-found')
+        })
       })
 
       describe('user', () => {