From d024d7df91dbac80237fa74e62bba1a8469ed463 Mon Sep 17 00:00:00 2001
From: Ulf Gebhardt <ulf.gebhardt@webcraft-media.de>
Date: Fri, 14 Jun 2019 14:03:21 +0200
Subject: [PATCH 01/62] fixed importing of urls - remove url prefix

---
 .../maintenance-worker/migration/neo4j/badges.cql         | 2 +-
 .../maintenance-worker/migration/neo4j/contributions.cql  | 6 +++---
 .../maintenance-worker/migration/neo4j/users.cql          | 8 ++++----
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/deployment/legacy-migration/maintenance-worker/migration/neo4j/badges.cql b/deployment/legacy-migration/maintenance-worker/migration/neo4j/badges.cql
index 62cd4a2cc..2d1548d4f 100644
--- a/deployment/legacy-migration/maintenance-worker/migration/neo4j/badges.cql
+++ b/deployment/legacy-migration/maintenance-worker/migration/neo4j/badges.cql
@@ -45,7 +45,7 @@ MERGE(b:Badge {id: badge._id["$oid"]})
 ON CREATE SET
 b.key       = badge.key,
 b.type      = badge.type,
-b.icon      = badge.image.path,
+b.icon      = substring(badge.image.path, 38),
 b.status    = badge.status,
 b.createdAt = badge.createdAt.`$date`,
 b.updatedAt = badge.updatedAt.`$date`
diff --git a/deployment/legacy-migration/maintenance-worker/migration/neo4j/contributions.cql b/deployment/legacy-migration/maintenance-worker/migration/neo4j/contributions.cql
index 98d8f24e9..70f09e035 100644
--- a/deployment/legacy-migration/maintenance-worker/migration/neo4j/contributions.cql
+++ b/deployment/legacy-migration/maintenance-worker/migration/neo4j/contributions.cql
@@ -28,7 +28,7 @@
 [?]     unique: true, // Unique value is not enforced in Nitro?
 [-]     index: true
       },
-[ ]   type: {
+[ ]   type: { // db.getCollection('contributions').distinct('type') -> 'DELETED', 'cando', 'post'
 [ ]     type: String,
 [ ]     required: true,
 [-]     index: true
@@ -50,7 +50,7 @@
 [?]     required: true // Not required in Nitro
       },
 [ ]   hasMore: { type: Boolean },
-[?]   teaserImg: { type: String }, // Path is incorrect in Nitro
+[X]   teaserImg: { type: String },
 [ ]   language: {
 [ ]     type: String,
 [ ]     required: true,
@@ -131,7 +131,7 @@ MERGE (p:Post {id: post._id["$oid"]})
 ON CREATE SET
 p.title          = post.title,
 p.slug           = post.slug,
-p.image          = post.teaserImg,
+p.image          = substring(post.teaserImg, 38),
 p.content        = post.content,
 p.contentExcerpt = post.contentExcerpt,
 p.visibility     = toLower(post.visibility),
diff --git a/deployment/legacy-migration/maintenance-worker/migration/neo4j/users.cql b/deployment/legacy-migration/maintenance-worker/migration/neo4j/users.cql
index aec5499fc..96251a9ce 100644
--- a/deployment/legacy-migration/maintenance-worker/migration/neo4j/users.cql
+++ b/deployment/legacy-migration/maintenance-worker/migration/neo4j/users.cql
@@ -49,8 +49,8 @@
         }
       },
 [ ]   timezone: { type: String },
-[?]   avatar: { type: String }, // Path is incorrect in Nitro
-[?]   coverImg: { type: String }, // Path is incorrect in Nitro, was not modeled in latest Nitro - do we want this?
+[X]   avatar: { type: String },
+[X]   coverImg: { type: String },
 [ ]   doiToken: { type: String },
 [ ]   confirmedAt: { type: Date },
 [?]   badgeIds: [], // Verify this is working properly
@@ -102,8 +102,8 @@ u.name       = user.name,
 u.slug       = user.slug,
 u.email      = user.email,
 u.password   = user.password,
-u.avatar     = user.avatar,
-u.coverImg   = user.coverImg,
+u.avatar     = substring(user.avatar, 38),
+u.coverImg   = substring(user.coverImg, 38),
 u.wasInvited = user.wasInvited,
 u.wasSeeded  = user.wasSeeded,
 u.role       = toLower(user.role),

From 89d630b1eb82914996e140e6c481b292611f800a Mon Sep 17 00:00:00 2001
From: Ulf Gebhardt <ulf.gebhardt@webcraft-media.de>
Date: Fri, 14 Jun 2019 14:03:37 +0200
Subject: [PATCH 02/62] removed fixImageUrlsMiddleware

---
 .../src/middleware/fixImageUrlsMiddleware.js  | 48 -------------------
 .../middleware/fixImageUrlsMiddleware.spec.js | 36 --------------
 2 files changed, 84 deletions(-)
 delete mode 100644 backend/src/middleware/fixImageUrlsMiddleware.js
 delete mode 100644 backend/src/middleware/fixImageUrlsMiddleware.spec.js

diff --git a/backend/src/middleware/fixImageUrlsMiddleware.js b/backend/src/middleware/fixImageUrlsMiddleware.js
deleted file mode 100644
index c930915bf..000000000
--- a/backend/src/middleware/fixImageUrlsMiddleware.js
+++ /dev/null
@@ -1,48 +0,0 @@
-const legacyUrls = [
-  'https://api-alpha.human-connection.org',
-  'https://staging-api.human-connection.org',
-  'http://localhost:3000',
-]
-
-export const fixUrl = url => {
-  legacyUrls.forEach(legacyUrl => {
-    url = url.replace(legacyUrl, '/api')
-  })
-  return url
-}
-
-const checkUrl = thing => {
-  return (
-    thing &&
-    typeof thing === 'string' &&
-    legacyUrls.find(legacyUrl => {
-      return thing.indexOf(legacyUrl) === 0
-    })
-  )
-}
-
-export const fixImageURLs = (result, recursive) => {
-  if (checkUrl(result)) {
-    result = fixUrl(result)
-  } else if (result && Array.isArray(result)) {
-    result.forEach((res, index) => {
-      result[index] = fixImageURLs(result[index], true)
-    })
-  } else if (result && typeof result === 'object') {
-    Object.keys(result).forEach(key => {
-      result[key] = fixImageURLs(result[key], true)
-    })
-  }
-  return result
-}
-
-export default {
-  Mutation: async (resolve, root, args, context, info) => {
-    const result = await resolve(root, args, context, info)
-    return fixImageURLs(result)
-  },
-  Query: async (resolve, root, args, context, info) => {
-    let result = await resolve(root, args, context, info)
-    return fixImageURLs(result)
-  },
-}
diff --git a/backend/src/middleware/fixImageUrlsMiddleware.spec.js b/backend/src/middleware/fixImageUrlsMiddleware.spec.js
deleted file mode 100644
index b2d808dd9..000000000
--- a/backend/src/middleware/fixImageUrlsMiddleware.spec.js
+++ /dev/null
@@ -1,36 +0,0 @@
-import { fixImageURLs } from './fixImageUrlsMiddleware'
-
-describe('fixImageURLs', () => {
-  describe('image url of legacy alpha', () => {
-    it('removes domain', () => {
-      const url =
-        'https://api-alpha.human-connection.org/uploads/4bfaf9172c4ba03d7645108bbbd16f0a696a37d01eacd025fb131e5da61b15d9.png'
-      expect(fixImageURLs(url)).toEqual(
-        '/api/uploads/4bfaf9172c4ba03d7645108bbbd16f0a696a37d01eacd025fb131e5da61b15d9.png',
-      )
-    })
-  })
-
-  describe('image url of legacy staging', () => {
-    it('removes domain', () => {
-      const url =
-        'https://staging-api.human-connection.org/uploads/1b3c39a24f27e2fb62b69074b2f71363b63b263f0c4574047d279967124c026e.jpeg'
-      expect(fixImageURLs(url)).toEqual(
-        '/api/uploads/1b3c39a24f27e2fb62b69074b2f71363b63b263f0c4574047d279967124c026e.jpeg',
-      )
-    })
-  })
-
-  describe('object', () => {
-    it('returns untouched', () => {
-      const object = { some: 'thing' }
-      expect(fixImageURLs(object)).toEqual(object)
-    })
-  })
-
-  describe('some string', () => {
-    it('returns untouched', () => {})
-    const string = "Yeah I'm a String"
-    expect(fixImageURLs(string)).toEqual(string)
-  })
-})

From 794bb08f141eeed293c9a59821dc506d87eba841 Mon Sep 17 00:00:00 2001
From: Ulf Gebhardt <ulf.gebhardt@webcraft-media.de>
Date: Fri, 14 Jun 2019 14:04:15 +0200
Subject: [PATCH 03/62] removed reference for fixImageUrls middleware

---
 backend/src/middleware/index.js | 2 --
 1 file changed, 2 deletions(-)

diff --git a/backend/src/middleware/index.js b/backend/src/middleware/index.js
index 75314abc0..aae2dcef3 100644
--- a/backend/src/middleware/index.js
+++ b/backend/src/middleware/index.js
@@ -3,7 +3,6 @@ import activityPub from './activityPubMiddleware'
 import password from './passwordMiddleware'
 import softDelete from './softDeleteMiddleware'
 import sluggify from './sluggifyMiddleware'
-import fixImageUrls from './fixImageUrlsMiddleware'
 import excerpt from './excerptMiddleware'
 import dateTime from './dateTimeMiddleware'
 import xss from './xssMiddleware'
@@ -25,7 +24,6 @@ export default schema => {
     excerpt: excerpt,
     notifications: notifications,
     xss: xss,
-    fixImageUrls: fixImageUrls,
     softDelete: softDelete,
     user: user,
     includedFields: includedFields,

From d558a4de370a36acbefba5e8c565a958f1780768 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Sat, 15 Jun 2019 11:09:09 +0200
Subject: [PATCH 04/62] Add mailserver for development

---
 docker-compose.override.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/docker-compose.override.yml b/docker-compose.override.yml
index a71418229..d7ee86bd6 100644
--- a/docker-compose.override.yml
+++ b/docker-compose.override.yml
@@ -1,6 +1,10 @@
 version: "3.4"
 
 services:
+  mailserver:
+    image: djfarrelly/maildev
+    ports:
+      - 1080:80
   webapp:
     build:
       context: webapp

From 64c5245f5a4f70bf9b63fe21f26a534d39e8db30 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Sat, 15 Jun 2019 11:25:01 +0200
Subject: [PATCH 05/62] Update date-fns manually to get passed this bug:
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

```
 ERROR  Failed to compile with 16 errors

This dependency was not found:

* date-fns/addSeconds in ./plugins/vue-filters.js

To install it, you can run: npm install --save date-fns/addSeconds

These relative modules were not found:

* ../../../../_lib/isSameUTCWeek/index.js in ./node_modules/date-fns/esm/locale/be/_lib/formatRelative/index.js, ./node_modules/date-fns/esm/locale/lv/_lib/formatRelative/index.js and 4 others
* ../_lib/format/formatters/index.js in ./node_modules/date-fns/format/index.js
* ../_lib/format/longFormatters/index.js in ./node_modules/date-fns/format/index.js
* ../_lib/getTimezoneOffsetInMilliseconds/index.js in ./node_modules/date-fns/format/index.js, ./node_modules/date-fns/formatRelative/index.js
* ../_lib/protectedTokens/index.js in ./node_modules/date-fns/format/index.js
* ../_lib/toInteger/index.js in ./node_modules/date-fns/format/index.js, ./node_modules/date-fns/subMilliseconds/index.js
* ../addMilliseconds/index.js in ./node_modules/date-fns/subMilliseconds/index.js
* ../differenceInCalendarDays/index.js in ./node_modules/date-fns/formatRelative/index.js
ℹ Waiting for file changes
```
---
 webapp/package.json | 2 +-
 webapp/yarn.lock    | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/webapp/package.json b/webapp/package.json
index 1abaf479b..5e42d0332 100644
--- a/webapp/package.json
+++ b/webapp/package.json
@@ -59,7 +59,7 @@
     "apollo-client": "~2.6.2",
     "cookie-universal-nuxt": "~2.0.16",
     "cross-env": "~5.2.0",
-    "date-fns": "2.0.0-alpha.33",
+    "date-fns": "2.0.0-alpha.34",
     "express": "~4.17.1",
     "graphql": "~14.3.1",
     "jsonwebtoken": "~8.5.1",
diff --git a/webapp/yarn.lock b/webapp/yarn.lock
index e5c1daf8a..de0d07924 100644
--- a/webapp/yarn.lock
+++ b/webapp/yarn.lock
@@ -3754,10 +3754,10 @@ data-urls@^1.0.0:
     whatwg-mimetype "^2.2.0"
     whatwg-url "^7.0.0"
 
-date-fns@2.0.0-alpha.33:
-  version "2.0.0-alpha.33"
-  resolved "https://registry.yarnpkg.com/date-fns/-/date-fns-2.0.0-alpha.33.tgz#c2f73c3cc50ac301c9217eb93603c9bc40e891bf"
-  integrity sha512-tqUVEk3oxnJuNIvwAMKHAMo4uFRG0zXvjxZQll+BonoPt+m4NMcUgO14NDxbHuy7uYcrVErd2GdSsw02EDZQ7w==
+date-fns@2.0.0-alpha.34:
+  version "2.0.0-alpha.34"
+  resolved "https://registry.yarnpkg.com/date-fns/-/date-fns-2.0.0-alpha.34.tgz#5d3ae7ca0d08915ccfc87a20545250af4e9c3cae"
+  integrity sha512-yjSYUHASHvzOZl++cEms+Tw7oQOFA+7Z6/lL7L3lRO9j6pMfT48N6oEyvCGo/MVlH08XWmydgf8X9Y1eedf9sQ==
 
 date-now@^0.1.4:
   version "0.1.4"

From f9d25828d520fd838e4cefa367de948908641f33 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Sat, 15 Jun 2019 11:47:24 +0200
Subject: [PATCH 06/62] Add reset password page

---
 webapp/locales/de.json          |  4 ++++
 webapp/locales/en.json          |  4 ++++
 webapp/nuxt.config.js           | 11 ++++++++++-
 webapp/pages/login.vue          |  5 +++++
 webapp/pages/password-reset.vue | 19 +++++++++++++++++++
 5 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 webapp/pages/password-reset.vue

diff --git a/webapp/locales/de.json b/webapp/locales/de.json
index efe05a472..d783f9e37 100644
--- a/webapp/locales/de.json
+++ b/webapp/locales/de.json
@@ -8,11 +8,15 @@
     "logout": "Ausloggen",
     "email": "Deine E-Mail",
     "password": "Dein Passwort",
+    "forgotPassword": "Passwort vergessen?",
     "moreInfo": "Was ist Human Connection?",
     "moreInfoURL": "https://human-connection.org",
     "moreInfoHint": "zur Präsentationsseite",
     "hello": "Hallo"
   },
+  "password-reset": {
+    "title": "Passwort zurücksetzen"
+  },
   "editor": {
     "placeholder": "Schreib etwas Inspirierendes..."
   },
diff --git a/webapp/locales/en.json b/webapp/locales/en.json
index 4fdcadedb..3a5405eec 100644
--- a/webapp/locales/en.json
+++ b/webapp/locales/en.json
@@ -8,11 +8,15 @@
     "logout": "Logout",
     "email": "Your Email",
     "password": "Your Password",
+    "forgotPassword": "Forgot Password?",
     "moreInfo": "What is Human Connection?",
     "moreInfoURL": "https://human-connection.org/en/",
     "moreInfoHint": "to the presentation page",
     "hello": "Hello"
   },
+  "password-reset": {
+    "title": "Reset your password"
+  },
   "editor": {
     "placeholder": "Leave your inspirational thoughts..."
   },
diff --git a/webapp/nuxt.config.js b/webapp/nuxt.config.js
index 49f2f5d0a..8af3dbb16 100644
--- a/webapp/nuxt.config.js
+++ b/webapp/nuxt.config.js
@@ -25,7 +25,16 @@ module.exports = {
 
   env: {
     // pages which do NOT require a login
-    publicPages: ['login', 'logout', 'register', 'signup', 'reset', 'reset-token', 'pages-slug'],
+    publicPages: [
+      'login',
+      'logout',
+      'password-reset',
+      'register',
+      'signup',
+      'reset',
+      'reset-token',
+      'pages-slug',
+    ],
     // pages to keep alive
     keepAlivePages: ['index'],
     // active locales
diff --git a/webapp/pages/login.vue b/webapp/pages/login.vue
index a96fbdbf1..94c974b29 100644
--- a/webapp/pages/login.vue
+++ b/webapp/pages/login.vue
@@ -45,6 +45,11 @@
                 name="password"
                 type="password"
               />
+              <ds-space class="password-reset-link" margin-bottom="large">
+                <nuxt-link to="/password-reset">
+                  {{ $t('login.forgotPassword') }}
+                </nuxt-link>
+              </ds-space>
               <ds-button
                 :loading="pending"
                 primary
diff --git a/webapp/pages/password-reset.vue b/webapp/pages/password-reset.vue
new file mode 100644
index 000000000..0205ea4f4
--- /dev/null
+++ b/webapp/pages/password-reset.vue
@@ -0,0 +1,19 @@
+<template>
+  <ds-container width="small">
+    <ds-flex>
+      <ds-flex-item :width="{ base: '100%' }" centered>
+        <ds-space style="text-align: center;" margin-top="small" margin-bottom="xxx-small" centered>
+          <ds-heading tag="h3">
+            {{ $t('password-reset.title') }}
+          </ds-heading>
+        </ds-space>
+      </ds-flex-item>
+    </ds-flex>
+  </ds-container>
+</template>
+
+<script>
+export default {
+  layout: 'default',
+}
+</script>

From e44ed7d281d5077786a56590dae11306681a9810 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Sat, 15 Jun 2019 15:42:17 +0200
Subject: [PATCH 07/62] Start writing a resolver for requestPasswordReset

---
 .../src/middleware/permissionsMiddleware.js   |  1 +
 backend/src/schema/resolvers/passwordReset.js | 10 ++++
 .../schema/resolvers/passwordReset.spec.js    | 46 +++++++++++++++++++
 .../src/schema/resolvers/user_management.js   |  2 +-
 backend/src/schema/types/schema.gql           |  2 +
 5 files changed, 60 insertions(+), 1 deletion(-)
 create mode 100644 backend/src/schema/resolvers/passwordReset.js
 create mode 100644 backend/src/schema/resolvers/passwordReset.spec.js

diff --git a/backend/src/middleware/permissionsMiddleware.js b/backend/src/middleware/permissionsMiddleware.js
index 10b777748..ad2787579 100644
--- a/backend/src/middleware/permissionsMiddleware.js
+++ b/backend/src/middleware/permissionsMiddleware.js
@@ -147,6 +147,7 @@ const permissions = shield(
       CreateComment: isAuthenticated,
       DeleteComment: isAuthor,
       DeleteUser: isDeletingOwnAccount,
+      requestPasswordReset: allow,
     },
     User: {
       email: isMyOwn,
diff --git a/backend/src/schema/resolvers/passwordReset.js b/backend/src/schema/resolvers/passwordReset.js
new file mode 100644
index 000000000..83a1080d0
--- /dev/null
+++ b/backend/src/schema/resolvers/passwordReset.js
@@ -0,0 +1,10 @@
+export default {
+  Mutation: {
+    requestPasswordReset: async (_, { email }, { driver }) => {
+      throw Error('Not Implemented')
+    },
+    resetPassword: async (_, { email, token, newPassword }, { driver }) => {
+      throw Error('Not Implemented')
+    }
+  }
+}
diff --git a/backend/src/schema/resolvers/passwordReset.spec.js b/backend/src/schema/resolvers/passwordReset.spec.js
new file mode 100644
index 000000000..d07ca4b09
--- /dev/null
+++ b/backend/src/schema/resolvers/passwordReset.spec.js
@@ -0,0 +1,46 @@
+import { GraphQLClient } from 'graphql-request'
+import Factory from '../../seed/factories'
+import { host, login } from '../../jest/helpers'
+import { getDriver } from '../../bootstrap/neo4j'
+
+const factory = Factory()
+let client
+const driver = getDriver()
+
+const getAllPasswordResets = async () => {
+  const session = driver.session()
+  let transactionRes = await session.run('MATCH (r:PasswordReset) RETURN r')
+  const resets = transactionRes.records.map(record => record.get('r'))
+  session.close()
+  return resets
+}
+
+describe('passwordReset', () => {
+  beforeEach(async () => {
+    client = new GraphQLClient(host)
+    await factory.create('User', {
+      email: 'user@example.org',
+      role: 'user',
+      password: '1234',
+    })
+  })
+
+  afterEach(async () => {
+    await factory.cleanDatabase()
+  })
+
+  describe('requestPasswordReset', () => {
+    const variables = { email: 'user@example.org' }
+    const mutation = `mutation($email: String!) { requestPasswordReset(email: $email) }`
+
+    it('resolves', async () => {
+      await expect(client.request(mutation, variables)).resolves.toEqual(true)
+    })
+
+    it('creates node with label `PasswordReset`', async () => {
+      await client.request(mutation, variables)
+      const resets = await getAllPasswordResets()
+      expect(resets).toHaveLength(1)
+    })
+  })
+})
diff --git a/backend/src/schema/resolvers/user_management.js b/backend/src/schema/resolvers/user_management.js
index eb07a07b3..e33314f7e 100644
--- a/backend/src/schema/resolvers/user_management.js
+++ b/backend/src/schema/resolvers/user_management.js
@@ -59,7 +59,7 @@ export default {
     changePassword: async (_, { oldPassword, newPassword }, { driver, user }) => {
       const session = driver.session()
       let result = await session.run(
-        `MATCH (user:User {email: $userEmail}) 
+        `MATCH (user:User {email: $userEmail})
          RETURN user {.id, .email, .password}`,
         {
           userEmail: user.email,
diff --git a/backend/src/schema/types/schema.gql b/backend/src/schema/types/schema.gql
index 2a8be9e09..358797631 100644
--- a/backend/src/schema/types/schema.gql
+++ b/backend/src/schema/types/schema.gql
@@ -25,6 +25,8 @@ type Mutation {
   login(email: String!, password: String!): String!
   signup(email: String!, password: String!): Boolean!
   changePassword(oldPassword: String!, newPassword: String!): String!
+  requestPasswordReset(email: String!): Boolean!
+  resetPassword(email: String!, resetToken: String!, newPassword: String!): String!
   report(id: ID!, description: String): Report
   disable(id: ID!): ID
   enable(id: ID!): ID

From c7ee0c8121c09a0ee2f25786a325266b968c6e7d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Sat, 15 Jun 2019 16:22:28 +0200
Subject: [PATCH 08/62] Implement tests for requestPasswordReset

---
 backend/src/schema/resolvers/passwordReset.js | 13 ++++++++++++-
 .../schema/resolvers/passwordReset.spec.js    | 19 ++++++++++++++++++-
 2 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/backend/src/schema/resolvers/passwordReset.js b/backend/src/schema/resolvers/passwordReset.js
index 83a1080d0..f3e1d32d2 100644
--- a/backend/src/schema/resolvers/passwordReset.js
+++ b/backend/src/schema/resolvers/passwordReset.js
@@ -1,7 +1,18 @@
 export default {
   Mutation: {
     requestPasswordReset: async (_, { email }, { driver }) => {
-      throw Error('Not Implemented')
+      const session = driver.session()
+      let validUntil = new Date()
+      validUntil += 3*60*1000
+      const cypher = `
+      MATCH(u:User) WHERE u.email = $email
+      CREATE(pr:PasswordReset {id: apoc.create.uuid(), validUntil: $validUntil, redeemedAt: NULL})
+      MERGE (u)-[:REQUESTED]->(pr)
+      RETURN u,pr
+      `
+      await session.run(cypher, { email, validUntil })
+      session.close()
+      return true
     },
     resetPassword: async (_, { email, token, newPassword }, { driver }) => {
       throw Error('Not Implemented')
diff --git a/backend/src/schema/resolvers/passwordReset.spec.js b/backend/src/schema/resolvers/passwordReset.spec.js
index d07ca4b09..3b0d39864 100644
--- a/backend/src/schema/resolvers/passwordReset.spec.js
+++ b/backend/src/schema/resolvers/passwordReset.spec.js
@@ -34,7 +34,7 @@ describe('passwordReset', () => {
     const mutation = `mutation($email: String!) { requestPasswordReset(email: $email) }`
 
     it('resolves', async () => {
-      await expect(client.request(mutation, variables)).resolves.toEqual(true)
+      await expect(client.request(mutation, variables)).resolves.toEqual({"requestPasswordReset": true})
     })
 
     it('creates node with label `PasswordReset`', async () => {
@@ -42,5 +42,22 @@ describe('passwordReset', () => {
       const resets = await getAllPasswordResets()
       expect(resets).toHaveLength(1)
     })
+
+    it('creates an id used as a reset token', async () => {
+      await client.request(mutation, variables)
+      const [reset] = await getAllPasswordResets()
+      const { id: token } = reset.properties
+      expect(token).toMatch(/^........-....-....-....-............$/)
+    })
+
+    it('created PasswordReset is valid for less than 4 minutes', async () => {
+      await client.request(mutation, variables)
+      const [reset] = await getAllPasswordResets()
+      let { validUntil } = reset.properties
+      validUntil = Date.parse(validUntil)
+      const now = (new Date()).getTime()
+      expect(validUntil).toBeGreaterThan(now - 60*1000)
+      expect(validUntil).toBeLessThan(now + 4*60*1000)
+    })
   })
 })

From 145a8d8bf65efa55fd53e5a70d711ed5241aa11f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Sat, 15 Jun 2019 23:01:22 +0200
Subject: [PATCH 09/62] Check invalid email

Sending a mail with further instructions even if the email is invalid
seems to be a good practice: A potential attacker will not now if a user
has an account under that email address. If a user does not remember the
email address, but has control over the other mail account, she will get
feedback that this mail account is incorrect.
---
 .../schema/resolvers/passwordReset.spec.js    | 61 ++++++++++++-------
 1 file changed, 39 insertions(+), 22 deletions(-)

diff --git a/backend/src/schema/resolvers/passwordReset.spec.js b/backend/src/schema/resolvers/passwordReset.spec.js
index 3b0d39864..4bd29c9c6 100644
--- a/backend/src/schema/resolvers/passwordReset.spec.js
+++ b/backend/src/schema/resolvers/passwordReset.spec.js
@@ -30,34 +30,51 @@ describe('passwordReset', () => {
   })
 
   describe('requestPasswordReset', () => {
-    const variables = { email: 'user@example.org' }
     const mutation = `mutation($email: String!) { requestPasswordReset(email: $email) }`
 
-    it('resolves', async () => {
-      await expect(client.request(mutation, variables)).resolves.toEqual({"requestPasswordReset": true})
+    describe('with invalid email', () => {
+      const variables = { email: 'non-existent@example.org' }
+
+      it('resolves anyways', async () => {
+        await expect(client.request(mutation, variables)).resolves.toEqual({"requestPasswordReset": true})
+      })
+
+      it('creates no node', async () => {
+        await client.request(mutation, variables)
+        const resets = await getAllPasswordResets()
+        expect(resets).toHaveLength(0)
+      })
     })
 
-    it('creates node with label `PasswordReset`', async () => {
-      await client.request(mutation, variables)
-      const resets = await getAllPasswordResets()
-      expect(resets).toHaveLength(1)
-    })
+    describe('with a valid email', () => {
+      const variables = { email: 'user@example.org' }
 
-    it('creates an id used as a reset token', async () => {
-      await client.request(mutation, variables)
-      const [reset] = await getAllPasswordResets()
-      const { id: token } = reset.properties
-      expect(token).toMatch(/^........-....-....-....-............$/)
-    })
+      it('resolves', async () => {
+        await expect(client.request(mutation, variables)).resolves.toEqual({"requestPasswordReset": true})
+      })
 
-    it('created PasswordReset is valid for less than 4 minutes', async () => {
-      await client.request(mutation, variables)
-      const [reset] = await getAllPasswordResets()
-      let { validUntil } = reset.properties
-      validUntil = Date.parse(validUntil)
-      const now = (new Date()).getTime()
-      expect(validUntil).toBeGreaterThan(now - 60*1000)
-      expect(validUntil).toBeLessThan(now + 4*60*1000)
+      it('creates node with label `PasswordReset`', async () => {
+        await client.request(mutation, variables)
+        const resets = await getAllPasswordResets()
+        expect(resets).toHaveLength(1)
+      })
+
+      it('creates an id used as a reset token', async () => {
+        await client.request(mutation, variables)
+        const [reset] = await getAllPasswordResets()
+        const { id: token } = reset.properties
+        expect(token).toMatch(/^........-....-....-....-............$/)
+      })
+
+      it('created PasswordReset is valid for less than 4 minutes', async () => {
+        await client.request(mutation, variables)
+        const [reset] = await getAllPasswordResets()
+        let { validUntil } = reset.properties
+        validUntil = Date.parse(validUntil)
+        const now = (new Date()).getTime()
+        expect(validUntil).toBeGreaterThan(now - 60*1000)
+        expect(validUntil).toBeLessThan(now + 4*60*1000)
+      })
     })
   })
 })

From c9ea956f858c631e0735cc93ab28f571ed55bedb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Sun, 16 Jun 2019 00:08:36 +0200
Subject: [PATCH 10/62] Test+Implement resetPassword

---
 .../src/middleware/permissionsMiddleware.js   |   1 +
 backend/src/schema/resolvers/passwordReset.js |  53 +++++--
 .../schema/resolvers/passwordReset.spec.js    | 143 ++++++++++++++++--
 backend/src/schema/types/schema.gql           |   2 +-
 4 files changed, 174 insertions(+), 25 deletions(-)

diff --git a/backend/src/middleware/permissionsMiddleware.js b/backend/src/middleware/permissionsMiddleware.js
index ad2787579..dbcde849c 100644
--- a/backend/src/middleware/permissionsMiddleware.js
+++ b/backend/src/middleware/permissionsMiddleware.js
@@ -148,6 +148,7 @@ const permissions = shield(
       DeleteComment: isAuthor,
       DeleteUser: isDeletingOwnAccount,
       requestPasswordReset: allow,
+      resetPassword: allow,
     },
     User: {
       email: isMyOwn,
diff --git a/backend/src/schema/resolvers/passwordReset.js b/backend/src/schema/resolvers/passwordReset.js
index f3e1d32d2..d6d2a6e6c 100644
--- a/backend/src/schema/resolvers/passwordReset.js
+++ b/backend/src/schema/resolvers/passwordReset.js
@@ -1,21 +1,46 @@
-export default {
-  Mutation: {
-    requestPasswordReset: async (_, { email }, { driver }) => {
-      const session = driver.session()
-      let validUntil = new Date()
-      validUntil += 3*60*1000
-      const cypher = `
-      MATCH(u:User) WHERE u.email = $email
-      CREATE(pr:PasswordReset {id: apoc.create.uuid(), validUntil: $validUntil, redeemedAt: NULL})
+import uuid from 'uuid/v4'
+import bcrypt from 'bcryptjs'
+
+export async function createPasswordReset({ driver, token, email, validUntil }) {
+  const session = driver.session()
+  const cypher = `
+      MATCH (u:User) WHERE u.email = $email
+      CREATE(pr:PasswordReset {token: $token, validUntil: $validUntil, redeemedAt: NULL})
       MERGE (u)-[:REQUESTED]->(pr)
       RETURN u,pr
       `
-      await session.run(cypher, { email, validUntil })
-      session.close()
+  const transactionRes = await session.run(cypher, { token, email, validUntil })
+  const resets = transactionRes.records.map(record => record.get('pr'))
+  session.close()
+  return resets
+}
+
+export default {
+  Mutation: {
+    requestPasswordReset: async (_, { email }, { driver }) => {
+      let validUntil = new Date()
+      validUntil += 3 * 60 * 1000
+      const token = uuid()
+      await createPasswordReset({ driver, token, email, validUntil })
       return true
     },
     resetPassword: async (_, { email, token, newPassword }, { driver }) => {
-      throw Error('Not Implemented')
-    }
-  }
+      const session = driver.session()
+      const now = new Date().getTime()
+      const newHashedPassword = await bcrypt.hashSync(newPassword, 10)
+      const cypher = `
+      MATCH (r:PasswordReset {token: $token})
+      MATCH (u:User {email: $email})-[:REQUESTED]->(r)
+      WHERE r.validUntil > $now AND r.redeemedAt IS NULL
+      SET r.redeemedAt = $now
+      SET u.password = $newHashedPassword
+      RETURN r
+      `
+      let transactionRes = await session.run(cypher, { now, email, token, newHashedPassword })
+      const [reset] = transactionRes.records.map(record => record.get('r'))
+      const result = !!(reset && reset.properties.redeemedAt)
+      session.close()
+      return result
+    },
+  },
 }
diff --git a/backend/src/schema/resolvers/passwordReset.spec.js b/backend/src/schema/resolvers/passwordReset.spec.js
index 4bd29c9c6..89b724fca 100644
--- a/backend/src/schema/resolvers/passwordReset.spec.js
+++ b/backend/src/schema/resolvers/passwordReset.spec.js
@@ -1,7 +1,8 @@
 import { GraphQLClient } from 'graphql-request'
 import Factory from '../../seed/factories'
-import { host, login } from '../../jest/helpers'
+import { host } from '../../jest/helpers'
 import { getDriver } from '../../bootstrap/neo4j'
+import { createPasswordReset } from './passwordReset'
 
 const factory = Factory()
 let client
@@ -36,7 +37,9 @@ describe('passwordReset', () => {
       const variables = { email: 'non-existent@example.org' }
 
       it('resolves anyways', async () => {
-        await expect(client.request(mutation, variables)).resolves.toEqual({"requestPasswordReset": true})
+        await expect(client.request(mutation, variables)).resolves.toEqual({
+          requestPasswordReset: true,
+        })
       })
 
       it('creates no node', async () => {
@@ -50,7 +53,9 @@ describe('passwordReset', () => {
       const variables = { email: 'user@example.org' }
 
       it('resolves', async () => {
-        await expect(client.request(mutation, variables)).resolves.toEqual({"requestPasswordReset": true})
+        await expect(client.request(mutation, variables)).resolves.toEqual({
+          requestPasswordReset: true,
+        })
       })
 
       it('creates node with label `PasswordReset`', async () => {
@@ -59,21 +64,139 @@ describe('passwordReset', () => {
         expect(resets).toHaveLength(1)
       })
 
-      it('creates an id used as a reset token', async () => {
+      it('creates a reset token', async () => {
         await client.request(mutation, variables)
-        const [reset] = await getAllPasswordResets()
-        const { id: token } = reset.properties
+        const resets = await getAllPasswordResets()
+        const [reset] = resets
+        const { token } = reset.properties
         expect(token).toMatch(/^........-....-....-....-............$/)
       })
 
       it('created PasswordReset is valid for less than 4 minutes', async () => {
         await client.request(mutation, variables)
-        const [reset] = await getAllPasswordResets()
+        const resets = await getAllPasswordResets()
+        const [reset] = resets
         let { validUntil } = reset.properties
         validUntil = Date.parse(validUntil)
-        const now = (new Date()).getTime()
-        expect(validUntil).toBeGreaterThan(now - 60*1000)
-        expect(validUntil).toBeLessThan(now + 4*60*1000)
+        const now = new Date().getTime()
+        expect(validUntil).toBeGreaterThan(now - 60 * 1000)
+        expect(validUntil).toBeLessThan(now + 4 * 60 * 1000)
+      })
+    })
+  })
+
+  describe('resetPassword', () => {
+    const setup = async (options = {}) => {
+      const {
+        email = 'user@example.org',
+        validUntil = new Date().getTime() + 3 * 60 * 1000,
+        token = 'abcdefgh-ijkl-mnop-qrst-uvwxyz123456',
+      } = options
+
+      const session = driver.session()
+      await createPasswordReset({ driver, email, validUntil, token })
+      session.close()
+    }
+
+    const mutation = `mutation($token: String!, $email: String!, $newPassword: String!) { resetPassword(token: $token, email: $email, newPassword: $newPassword) }`
+    let email = 'user@example.org'
+    let token = 'abcdefgh-ijkl-mnop-qrst-uvwxyz123456'
+    let newPassword = 'supersecret'
+    let variables
+
+    describe('invalid email', () => {
+      it('resolves to false', async () => {
+        await setup()
+        variables = { newPassword, email: 'non-existent@example.org', token }
+        await expect(client.request(mutation, variables)).resolves.toEqual({ resetPassword: false })
+      })
+    })
+
+    describe('valid email', () => {
+      describe('but invalid token', () => {
+        it('resolves to false', async () => {
+          await setup()
+          variables = { newPassword, email, token: 'slkdjfldsjflsdjfsjdfl' }
+          await expect(client.request(mutation, variables)).resolves.toEqual({
+            resetPassword: false,
+          })
+        })
+      })
+
+      describe('but invalid token', () => {
+        it('resolves to false', async () => {
+          variables = { newPassword, email: 'user@example.org', token: 'lksjdflksjdflksjdlkfjsf' }
+          await expect(client.request(mutation, variables)).resolves.toEqual({
+            resetPassword: false,
+          })
+        })
+      })
+
+      describe('and valid token', () => {
+        beforeEach(() => {
+          variables = {
+            newPassword,
+            email: 'user@example.org',
+            token: 'abcdefgh-ijkl-mnop-qrst-uvwxyz123456',
+          }
+        })
+
+        describe('and token not expired', () => {
+          beforeEach(async () => {
+            await setup()
+          })
+
+          it('resolves to true', async () => {
+            await expect(client.request(mutation, variables)).resolves.toEqual({
+              resetPassword: true,
+            })
+          })
+
+          it('updates PasswordReset `redeemedAt` property', async () => {
+            await client.request(mutation, variables)
+            const requests = await getAllPasswordResets()
+            const [request] = requests
+            const { redeemedAt } = request.properties
+            expect(redeemedAt).not.toBeNull()
+          })
+
+          it('updates password of the user', async () => {
+            await client.request(mutation, variables)
+            const checkLoginMutation = `
+            mutation($email: String!, $password: String!) {
+              login(email: $email, password: $password)
+            }
+            `
+            const expected = expect.objectContaining({ login: expect.any(String) })
+            await expect(
+              client.request(checkLoginMutation, {
+                email: 'user@example.org',
+                password: 'supersecret',
+              }),
+            ).resolves.toEqual(expected)
+          })
+        })
+
+        describe('but expired token', () => {
+          beforeEach(async () => {
+            const validUntil = new Date().getTime() - 1000
+            await setup({ validUntil })
+          })
+
+          it('resolves to false', async () => {
+            await expect(client.request(mutation, variables)).resolves.toEqual({
+              resetPassword: false,
+            })
+          })
+
+          it('does not update PasswordReset `redeemedAt` property', async () => {
+            await client.request(mutation, variables)
+            const requests = await getAllPasswordResets()
+            const [request] = requests
+            const { redeemedAt } = request.properties
+            expect(redeemedAt).toBeUndefined()
+          })
+        })
       })
     })
   })
diff --git a/backend/src/schema/types/schema.gql b/backend/src/schema/types/schema.gql
index 358797631..ae77ef8e8 100644
--- a/backend/src/schema/types/schema.gql
+++ b/backend/src/schema/types/schema.gql
@@ -26,7 +26,7 @@ type Mutation {
   signup(email: String!, password: String!): Boolean!
   changePassword(oldPassword: String!, newPassword: String!): String!
   requestPasswordReset(email: String!): Boolean!
-  resetPassword(email: String!, resetToken: String!, newPassword: String!): String!
+  resetPassword(email: String!, token: String!, newPassword: String!): Boolean!
   report(id: ID!, description: String): Report
   disable(id: ID!): ID
   enable(id: ID!): ID

From 65df4c5a20b9d05cd08cfd4a33cebab1ccc29461 Mon Sep 17 00:00:00 2001
From: Ulf Gebhardt <ulf.gebhardt@webcraft-media.de>
Date: Mon, 17 Jun 2019 12:16:15 +0200
Subject: [PATCH 11/62] use replace instead of substring

---
 .../maintenance-worker/migration/neo4j/badges.cql             | 2 +-
 .../maintenance-worker/migration/neo4j/contributions.cql      | 2 +-
 .../maintenance-worker/migration/neo4j/users.cql              | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/deployment/legacy-migration/maintenance-worker/migration/neo4j/badges.cql b/deployment/legacy-migration/maintenance-worker/migration/neo4j/badges.cql
index 2d1548d4f..027cea019 100644
--- a/deployment/legacy-migration/maintenance-worker/migration/neo4j/badges.cql
+++ b/deployment/legacy-migration/maintenance-worker/migration/neo4j/badges.cql
@@ -45,7 +45,7 @@ MERGE(b:Badge {id: badge._id["$oid"]})
 ON CREATE SET
 b.key       = badge.key,
 b.type      = badge.type,
-b.icon      = substring(badge.image.path, 38),
+b.icon      = replace(badge.image.path, 'https://api-alpha.human-connection.org', ''),
 b.status    = badge.status,
 b.createdAt = badge.createdAt.`$date`,
 b.updatedAt = badge.updatedAt.`$date`
diff --git a/deployment/legacy-migration/maintenance-worker/migration/neo4j/contributions.cql b/deployment/legacy-migration/maintenance-worker/migration/neo4j/contributions.cql
index 70f09e035..472354763 100644
--- a/deployment/legacy-migration/maintenance-worker/migration/neo4j/contributions.cql
+++ b/deployment/legacy-migration/maintenance-worker/migration/neo4j/contributions.cql
@@ -131,7 +131,7 @@ MERGE (p:Post {id: post._id["$oid"]})
 ON CREATE SET
 p.title          = post.title,
 p.slug           = post.slug,
-p.image          = substring(post.teaserImg, 38),
+p.image          = replace(post.teaserImg, 'https://api-alpha.human-connection.org', ''),
 p.content        = post.content,
 p.contentExcerpt = post.contentExcerpt,
 p.visibility     = toLower(post.visibility),
diff --git a/deployment/legacy-migration/maintenance-worker/migration/neo4j/users.cql b/deployment/legacy-migration/maintenance-worker/migration/neo4j/users.cql
index 96251a9ce..4d7c9aa9f 100644
--- a/deployment/legacy-migration/maintenance-worker/migration/neo4j/users.cql
+++ b/deployment/legacy-migration/maintenance-worker/migration/neo4j/users.cql
@@ -102,8 +102,8 @@ u.name       = user.name,
 u.slug       = user.slug,
 u.email      = user.email,
 u.password   = user.password,
-u.avatar     = substring(user.avatar, 38),
-u.coverImg   = substring(user.coverImg, 38),
+u.avatar     = replace(user.avatar, 'https://api-alpha.human-connection.org', ''),
+u.coverImg   = replace(user.coverImg, 'https://api-alpha.human-connection.org', ''),
 u.wasInvited = user.wasInvited,
 u.wasSeeded  = user.wasSeeded,
 u.role       = toLower(user.role),

From 5a806ca99e3fba3e178954d462c0f5b32610f078 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Mon, 17 Jun 2019 12:24:14 +0200
Subject: [PATCH 12/62] Remove duplicate test case

---
 backend/src/schema/resolvers/passwordReset.spec.js | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/backend/src/schema/resolvers/passwordReset.spec.js b/backend/src/schema/resolvers/passwordReset.spec.js
index 89b724fca..1fbd96b7a 100644
--- a/backend/src/schema/resolvers/passwordReset.spec.js
+++ b/backend/src/schema/resolvers/passwordReset.spec.js
@@ -123,15 +123,6 @@ describe('passwordReset', () => {
         })
       })
 
-      describe('but invalid token', () => {
-        it('resolves to false', async () => {
-          variables = { newPassword, email: 'user@example.org', token: 'lksjdflksjdflksjdlkfjsf' }
-          await expect(client.request(mutation, variables)).resolves.toEqual({
-            resetPassword: false,
-          })
-        })
-      })
-
       describe('and valid token', () => {
         beforeEach(() => {
           variables = {

From 7228d68149e10517be360f1f6db3a08285ffd633 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Mon, 17 Jun 2019 12:30:39 +0200
Subject: [PATCH 13/62] Write a nice form to reset your password

---
 webapp/locales/de.json          |  6 +++++-
 webapp/locales/en.json          |  6 +++++-
 webapp/pages/password-reset.vue | 23 ++++++++++++++++++++---
 3 files changed, 30 insertions(+), 5 deletions(-)

diff --git a/webapp/locales/de.json b/webapp/locales/de.json
index d783f9e37..14ab9d906 100644
--- a/webapp/locales/de.json
+++ b/webapp/locales/de.json
@@ -15,7 +15,11 @@
     "hello": "Hallo"
   },
   "password-reset": {
-    "title": "Passwort zurücksetzen"
+    "title": "Passwort zurücksetzen",
+    "form": {
+      "description": "Eine Mail zum Zurücksetzen des Passworts wird an die angegebene E-Mail Adresse geschickt.",
+      "submit": "Email anfordern"
+    }
   },
   "editor": {
     "placeholder": "Schreib etwas Inspirierendes..."
diff --git a/webapp/locales/en.json b/webapp/locales/en.json
index 3a5405eec..3c2b7c8d8 100644
--- a/webapp/locales/en.json
+++ b/webapp/locales/en.json
@@ -15,7 +15,11 @@
     "hello": "Hello"
   },
   "password-reset": {
-    "title": "Reset your password"
+    "title": "Reset your password",
+    "form": {
+      "description": "A password reset email will be sent to the given email address.",
+      "submit": "Request email"
+    }
   },
   "editor": {
     "placeholder": "Leave your inspirational thoughts..."
diff --git a/webapp/pages/password-reset.vue b/webapp/pages/password-reset.vue
index 0205ea4f4..bd7da49be 100644
--- a/webapp/pages/password-reset.vue
+++ b/webapp/pages/password-reset.vue
@@ -3,9 +3,26 @@
     <ds-flex>
       <ds-flex-item :width="{ base: '100%' }" centered>
         <ds-space style="text-align: center;" margin-top="small" margin-bottom="xxx-small" centered>
-          <ds-heading tag="h3">
-            {{ $t('password-reset.title') }}
-          </ds-heading>
+          <ds-card class="password-reset-card">
+            <ds-space margin="large">
+              <form>
+                <ds-input
+                  :placeholder="$t('login.email')"
+                  type="email"
+                  name="email"
+                  icon="envelope"
+                />
+                <ds-space margin-botton="large">
+                  <ds-text>
+                    {{ $t('password-reset.form.description') }}
+                  </ds-text>
+                </ds-space>
+                <ds-button primary fullwidth name="submit" type="submit" icon="sign-in">
+                  {{ $t('password-reset.form.submit') }}
+                </ds-button>
+              </form>
+            </ds-space>
+          </ds-card>
         </ds-space>
       </ds-flex-item>
     </ds-flex>

From c4eb2178f241a7119028888c028768176c71dbf4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Mon, 17 Jun 2019 12:39:36 +0200
Subject: [PATCH 14/62] Scaffold page component test for password reset

---
 webapp/pages/password-reset.spec.js | 41 +++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 webapp/pages/password-reset.spec.js

diff --git a/webapp/pages/password-reset.spec.js b/webapp/pages/password-reset.spec.js
new file mode 100644
index 000000000..3c1f5b286
--- /dev/null
+++ b/webapp/pages/password-reset.spec.js
@@ -0,0 +1,41 @@
+import { shallowMount, createLocalVue } from '@vue/test-utils'
+import PasswordResetPage from './password-reset.vue'
+import Styleguide from '@human-connection/styleguide'
+
+const localVue = createLocalVue()
+
+localVue.use(Styleguide)
+
+describe('ProfileSlug', () => {
+  let wrapper
+  let Wrapper
+  let mocks
+
+  beforeEach(() => {
+    mocks = {
+      $toast: {
+        success: jest.fn(),
+        error: jest.fn(),
+      },
+      $t: jest.fn(),
+      $apollo: {
+        loading: false,
+        mutate: jest.fn().mockResolvedValue(),
+      },
+    }
+  })
+
+  describe('shallowMount', () => {
+    Wrapper = () => {
+      return shallowMount(PasswordResetPage, {
+        mocks,
+        localVue,
+      })
+    }
+
+    it('renders a password reset form', () => {
+      wrapper = Wrapper()
+      expect(wrapper.find('.password-reset-card').exists()).toBe(true)
+    })
+  })
+})

From 4dde53f67d4dca075240c90466fd765c67e24d19 Mon Sep 17 00:00:00 2001
From: Ulf Gebhardt <ulf.gebhardt@webcraft-media.de>
Date: Mon, 17 Jun 2019 13:30:18 +0200
Subject: [PATCH 15/62] added coverage report text in oder to fix coverage

---
 webapp/package.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/webapp/package.json b/webapp/package.json
index 1abaf479b..4f203ef5c 100644
--- a/webapp/package.json
+++ b/webapp/package.json
@@ -29,6 +29,7 @@
       "!**/?(*.)+(spec|test).js?(x)"
     ],
     "coverageReporters": [
+      "text",
       "lcov"
     ],
     "transform": {
@@ -110,4 +111,4 @@
     "vue-jest": "~3.0.4",
     "vue-svg-loader": "~0.12.0"
   }
-}
+}
\ No newline at end of file

From a501e1145daf8ad8fe4200b19750963a2018a879 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Mon, 17 Jun 2019 14:02:25 +0200
Subject: [PATCH 16/62] Component test to call a mutation passes

---
 webapp/locales/de.json              |  8 +++-
 webapp/locales/en.json              |  8 +++-
 webapp/pages/password-reset.spec.js | 31 +++++++++++++--
 webapp/pages/password-reset.vue     | 59 +++++++++++++++++++++++++++--
 4 files changed, 96 insertions(+), 10 deletions(-)

diff --git a/webapp/locales/de.json b/webapp/locales/de.json
index 14ab9d906..7497648e1 100644
--- a/webapp/locales/de.json
+++ b/webapp/locales/de.json
@@ -18,7 +18,8 @@
     "title": "Passwort zurücksetzen",
     "form": {
       "description": "Eine Mail zum Zurücksetzen des Passworts wird an die angegebene E-Mail Adresse geschickt.",
-      "submit": "Email anfordern"
+      "submit": "Email anfordern",
+      "submitted": "Eine E-Mail zum Zurücksetzen wurde angefordert"
     }
   },
   "editor": {
@@ -201,7 +202,10 @@
     "name": "Name",
     "loadMore": "mehr laden",
     "loading": "wird geladen",
-    "reportContent": "Melden"
+    "reportContent": "Melden",
+    "validations": {
+      "email": "muss eine gültige E-Mail Adresse sein"
+    }
   },
   "actions": {
     "loading": "lade",
diff --git a/webapp/locales/en.json b/webapp/locales/en.json
index 3c2b7c8d8..fd7968428 100644
--- a/webapp/locales/en.json
+++ b/webapp/locales/en.json
@@ -18,7 +18,8 @@
     "title": "Reset your password",
     "form": {
       "description": "A password reset email will be sent to the given email address.",
-      "submit": "Request email"
+      "submit": "Request email",
+      "submitted": "Reset email was requested"
     }
   },
   "editor": {
@@ -201,7 +202,10 @@
     "name": "Name",
     "loadMore": "load more",
     "loading": "loading",
-    "reportContent": "Report"
+    "reportContent": "Report",
+    "validations": {
+      "email": "must be a valid email address"
+    }
   },
   "actions": {
     "loading": "loading",
diff --git a/webapp/pages/password-reset.spec.js b/webapp/pages/password-reset.spec.js
index 3c1f5b286..bba001614 100644
--- a/webapp/pages/password-reset.spec.js
+++ b/webapp/pages/password-reset.spec.js
@@ -1,4 +1,4 @@
-import { shallowMount, createLocalVue } from '@vue/test-utils'
+import { mount, createLocalVue } from '@vue/test-utils'
 import PasswordResetPage from './password-reset.vue'
 import Styleguide from '@human-connection/styleguide'
 
@@ -25,9 +25,9 @@ describe('ProfileSlug', () => {
     }
   })
 
-  describe('shallowMount', () => {
+  describe('mount', () => {
     Wrapper = () => {
-      return shallowMount(PasswordResetPage, {
+      return mount(PasswordResetPage, {
         mocks,
         localVue,
       })
@@ -37,5 +37,30 @@ describe('ProfileSlug', () => {
       wrapper = Wrapper()
       expect(wrapper.find('.password-reset-card').exists()).toBe(true)
     })
+
+    describe('submit', () => {
+      beforeEach(async () => {
+        wrapper = Wrapper()
+        wrapper.find('input#email').setValue('mail@example.org')
+        await wrapper.find('form').trigger('submit')
+      })
+
+      it('calls requestPasswordReset graphql mutation', () => {
+        expect(mocks.$apollo.mutate).toHaveBeenCalled()
+      })
+
+      it.todo('delivers email to backend')
+      it.todo('disables form to avoid re-submission')
+      it.todo('displays a message that a password email was requested')
+    })
+
+    describe('given password reset token as URL param', () => {
+      it.todo('displays a form to update your password')
+      describe('submitting new password', () => {
+        it.todo('calls resetPassword graphql mutation')
+        it.todo('delivers new password to backend')
+        it.todo('displays success message')
+      })
+    })
   })
 })
diff --git a/webapp/pages/password-reset.vue b/webapp/pages/password-reset.vue
index bd7da49be..0ad9b7997 100644
--- a/webapp/pages/password-reset.vue
+++ b/webapp/pages/password-reset.vue
@@ -5,10 +5,17 @@
         <ds-space style="text-align: center;" margin-top="small" margin-bottom="xxx-small" centered>
           <ds-card class="password-reset-card">
             <ds-space margin="large">
-              <form>
+              <ds-form
+                @input="handleInput"
+                @input-valid="handleInputValid"
+                v-model="formData"
+                :schema="formSchema"
+                @submit="handleSubmit">
                 <ds-input
                   :placeholder="$t('login.email')"
                   type="email"
+                  id="email"
+                  model="email"
                   name="email"
                   icon="envelope"
                 />
@@ -17,10 +24,12 @@
                     {{ $t('password-reset.form.description') }}
                   </ds-text>
                 </ds-space>
-                <ds-button primary fullwidth name="submit" type="submit" icon="sign-in">
+                <ds-button
+                  :disabled="disabled"
+                  :loading="$apollo.loading" primary fullwidth name="submit" type="submit" icon="envelope">
                   {{ $t('password-reset.form.submit') }}
                 </ds-button>
-              </form>
+              </ds-form>
             </ds-space>
           </ds-card>
         </ds-space>
@@ -30,7 +39,51 @@
 </template>
 
 <script>
+import gql from 'graphql-tag'
+
 export default {
   layout: 'default',
+  data() {
+    return {
+      formData: {
+        email: ''
+      },
+      formSchema: {
+        email: {
+          type: 'email',
+          required: true,
+          message: this.$t('common.validations.email'),
+        }
+      },
+      disabled: true,
+    }
+  },
+  methods: {
+    handleInput(data) {
+      this.disabled = true
+    },
+    handleInputValid(data) {
+      this.disabled = false
+    },
+    async handleSubmit() {
+      console.log('handleSubmit')
+      const mutation = gql`
+        mutation($email: String!) {
+          requestPasswordReset(email: $email)
+        }
+      `
+      const variables = this.formData
+
+      try {
+        const { data } = await this.$apollo.mutate({ mutation, variables })
+        this.$toast.success(this.$t('password-reset.form.submitted'))
+        this.formData = {
+          email: '',
+        }
+      } catch (err) {
+        this.$toast.error(err.message)
+      }
+    }
+  },
 }
 </script>

From de9ed55738f31442f81f19cbe9aa90c20c2947d0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Mon, 17 Jun 2019 14:29:24 +0200
Subject: [PATCH 17/62] Display nice success message on password reset

---
 webapp/locales/de.json              |  2 +-
 webapp/locales/en.json              |  2 +-
 webapp/pages/password-reset.spec.js | 18 ++++++++---
 webapp/pages/password-reset.vue     | 49 +++++++++++++++++++++--------
 4 files changed, 52 insertions(+), 19 deletions(-)

diff --git a/webapp/locales/de.json b/webapp/locales/de.json
index 7497648e1..88afa07e0 100644
--- a/webapp/locales/de.json
+++ b/webapp/locales/de.json
@@ -19,7 +19,7 @@
     "form": {
       "description": "Eine Mail zum Zurücksetzen des Passworts wird an die angegebene E-Mail Adresse geschickt.",
       "submit": "Email anfordern",
-      "submitted": "Eine E-Mail zum Zurücksetzen wurde angefordert"
+      "submitted": "E-Mail verschickt an <b>{email}</b>"
     }
   },
   "editor": {
diff --git a/webapp/locales/en.json b/webapp/locales/en.json
index fd7968428..53ad9fb40 100644
--- a/webapp/locales/en.json
+++ b/webapp/locales/en.json
@@ -19,7 +19,7 @@
     "form": {
       "description": "A password reset email will be sent to the given email address.",
       "submit": "Request email",
-      "submitted": "Reset email was requested"
+      "submitted": "Email sent to <b>{email}</b>"
     }
   },
   "editor": {
diff --git a/webapp/pages/password-reset.spec.js b/webapp/pages/password-reset.spec.js
index bba001614..e78ace4ba 100644
--- a/webapp/pages/password-reset.spec.js
+++ b/webapp/pages/password-reset.spec.js
@@ -20,7 +20,7 @@ describe('ProfileSlug', () => {
       $t: jest.fn(),
       $apollo: {
         loading: false,
-        mutate: jest.fn().mockResolvedValue(),
+        mutate: jest.fn().mockResolvedValue({ data: { reqestPasswordReset: true } }),
       },
     }
   })
@@ -49,9 +49,19 @@ describe('ProfileSlug', () => {
         expect(mocks.$apollo.mutate).toHaveBeenCalled()
       })
 
-      it.todo('delivers email to backend')
-      it.todo('disables form to avoid re-submission')
-      it.todo('displays a message that a password email was requested')
+      it('delivers email to backend', () => {
+        const expected = expect.objectContaining({ variables: { email: 'mail@example.org' } })
+        expect(mocks.$apollo.mutate).toHaveBeenCalledWith(expected)
+      })
+
+      it('hides form to avoid re-submission', () => {
+        expect(wrapper.find('form').exists()).not.toBeTruthy()
+      })
+
+      it('displays a message that a password email was requested', () => {
+        const expected = ['password-reset.form.submitted', { email: 'mail@example.org' }]
+        expect(mocks.$t).toHaveBeenCalledWith(...expected)
+      })
     })
 
     describe('given password reset token as URL param', () => {
diff --git a/webapp/pages/password-reset.vue b/webapp/pages/password-reset.vue
index 0ad9b7997..9e7d2d195 100644
--- a/webapp/pages/password-reset.vue
+++ b/webapp/pages/password-reset.vue
@@ -6,11 +6,13 @@
           <ds-card class="password-reset-card">
             <ds-space margin="large">
               <ds-form
+                v-if="!submitted"
                 @input="handleInput"
                 @input-valid="handleInputValid"
                 v-model="formData"
                 :schema="formSchema"
-                @submit="handleSubmit">
+                @submit="handleSubmit"
+              >
                 <ds-input
                   :placeholder="$t('login.email')"
                   type="email"
@@ -26,10 +28,24 @@
                 </ds-space>
                 <ds-button
                   :disabled="disabled"
-                  :loading="$apollo.loading" primary fullwidth name="submit" type="submit" icon="envelope">
+                  :loading="$apollo.loading"
+                  primary
+                  fullwidth
+                  name="submit"
+                  type="submit"
+                  icon="envelope"
+                >
                   {{ $t('password-reset.form.submit') }}
                 </ds-button>
               </ds-form>
+              <div v-else>
+                <transition name="ds-transition-fade">
+                  <ds-flex centered>
+                    <sweetalert-icon icon="success" />
+                  </ds-flex>
+                </transition>
+                <ds-text v-html="submitMessage" />
+              </div>
             </ds-space>
           </ds-card>
         </ds-space>
@@ -40,33 +56,43 @@
 
 <script>
 import gql from 'graphql-tag'
+import { SweetalertIcon } from 'vue-sweetalert-icons'
 
 export default {
   layout: 'default',
+  components: {
+    SweetalertIcon,
+  },
   data() {
     return {
       formData: {
-        email: ''
+        email: '',
       },
       formSchema: {
         email: {
           type: 'email',
           required: true,
           message: this.$t('common.validations.email'),
-        }
+        },
       },
       disabled: true,
+      submitted: false,
     }
   },
+  computed: {
+    submitMessage() {
+      const { email } = this.formData
+      return this.$t('password-reset.form.submitted', { email })
+    },
+  },
   methods: {
-    handleInput(data) {
+    handleInput() {
       this.disabled = true
     },
-    handleInputValid(data) {
+    handleInputValid() {
       this.disabled = false
     },
     async handleSubmit() {
-      console.log('handleSubmit')
       const mutation = gql`
         mutation($email: String!) {
           requestPasswordReset(email: $email)
@@ -75,15 +101,12 @@ export default {
       const variables = this.formData
 
       try {
-        const { data } = await this.$apollo.mutate({ mutation, variables })
-        this.$toast.success(this.$t('password-reset.form.submitted'))
-        this.formData = {
-          email: '',
-        }
+        await this.$apollo.mutate({ mutation, variables })
+        this.submitted = true
       } catch (err) {
         this.$toast.error(err.message)
       }
-    }
+    },
   },
 }
 </script>

From 0e3eb4327678f64ed47dd1d5c11e1cad3c4c829a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Mon, 17 Jun 2019 14:53:28 +0200
Subject: [PATCH 18/62] Split PasswordResetPage into subcomponents

---
 .../PasswordReset/PasswordReset.spec.js}      |   4 +-
 .../PasswordReset/PasswordReset.vue           | 103 ++++++++++++++++++
 webapp/pages/password-reset.vue               |  98 +----------------
 3 files changed, 109 insertions(+), 96 deletions(-)
 rename webapp/{pages/password-reset.spec.js => components/PasswordReset/PasswordReset.spec.js} (95%)
 create mode 100644 webapp/components/PasswordReset/PasswordReset.vue

diff --git a/webapp/pages/password-reset.spec.js b/webapp/components/PasswordReset/PasswordReset.spec.js
similarity index 95%
rename from webapp/pages/password-reset.spec.js
rename to webapp/components/PasswordReset/PasswordReset.spec.js
index e78ace4ba..e55b9273a 100644
--- a/webapp/pages/password-reset.spec.js
+++ b/webapp/components/PasswordReset/PasswordReset.spec.js
@@ -1,5 +1,5 @@
 import { mount, createLocalVue } from '@vue/test-utils'
-import PasswordResetPage from './password-reset.vue'
+import PasswordReset from './PasswordReset'
 import Styleguide from '@human-connection/styleguide'
 
 const localVue = createLocalVue()
@@ -27,7 +27,7 @@ describe('ProfileSlug', () => {
 
   describe('mount', () => {
     Wrapper = () => {
-      return mount(PasswordResetPage, {
+      return mount(PasswordReset, {
         mocks,
         localVue,
       })
diff --git a/webapp/components/PasswordReset/PasswordReset.vue b/webapp/components/PasswordReset/PasswordReset.vue
new file mode 100644
index 000000000..7a74bbe31
--- /dev/null
+++ b/webapp/components/PasswordReset/PasswordReset.vue
@@ -0,0 +1,103 @@
+<template>
+  <ds-card class="password-reset-card">
+    <ds-space margin="large">
+      <ds-form
+        v-if="!submitted"
+        @input="handleInput"
+        @input-valid="handleInputValid"
+        v-model="formData"
+        :schema="formSchema"
+        @submit="handleSubmit"
+        >
+        <ds-input
+          :placeholder="$t('login.email')"
+          type="email"
+          id="email"
+          model="email"
+          name="email"
+          icon="envelope"
+          />
+          <ds-space margin-botton="large">
+            <ds-text>
+              {{ $t('password-reset.form.description') }}
+            </ds-text>
+          </ds-space>
+          <ds-button
+            :disabled="disabled"
+            :loading="$apollo.loading"
+            primary
+            fullwidth
+            name="submit"
+            type="submit"
+            icon="envelope"
+            >
+            {{ $t('password-reset.form.submit') }}
+          </ds-button>
+      </ds-form>
+      <div v-else>
+        <transition name="ds-transition-fade">
+        <ds-flex centered>
+          <sweetalert-icon icon="success" />
+        </ds-flex>
+        </transition>
+        <ds-text v-html="submitMessage" />
+      </div>
+    </ds-space>
+  </ds-card>
+</template>
+
+<script>
+import gql from 'graphql-tag'
+import { SweetalertIcon } from 'vue-sweetalert-icons'
+
+export default {
+  components: {
+    SweetalertIcon,
+  },
+  data() {
+    return {
+      formData: {
+        email: '',
+      },
+      formSchema: {
+        email: {
+          type: 'email',
+          required: true,
+          message: this.$t('common.validations.email'),
+        },
+      },
+      disabled: true,
+      submitted: false,
+    }
+  },
+  computed: {
+    submitMessage() {
+      const { email } = this.formData
+      return this.$t('password-reset.form.submitted', { email })
+    },
+  },
+  methods: {
+    handleInput() {
+      this.disabled = true
+    },
+    handleInputValid() {
+      this.disabled = false
+    },
+    async handleSubmit() {
+      const mutation = gql`
+        mutation($email: String!) {
+          requestPasswordReset(email: $email)
+        }
+      `
+      const variables = this.formData
+
+      try {
+        await this.$apollo.mutate({ mutation, variables })
+        this.submitted = true
+      } catch (err) {
+        this.$toast.error(err.message)
+      }
+    },
+  },
+}
+</script>
diff --git a/webapp/pages/password-reset.vue b/webapp/pages/password-reset.vue
index 9e7d2d195..98642cfe8 100644
--- a/webapp/pages/password-reset.vue
+++ b/webapp/pages/password-reset.vue
@@ -3,51 +3,7 @@
     <ds-flex>
       <ds-flex-item :width="{ base: '100%' }" centered>
         <ds-space style="text-align: center;" margin-top="small" margin-bottom="xxx-small" centered>
-          <ds-card class="password-reset-card">
-            <ds-space margin="large">
-              <ds-form
-                v-if="!submitted"
-                @input="handleInput"
-                @input-valid="handleInputValid"
-                v-model="formData"
-                :schema="formSchema"
-                @submit="handleSubmit"
-              >
-                <ds-input
-                  :placeholder="$t('login.email')"
-                  type="email"
-                  id="email"
-                  model="email"
-                  name="email"
-                  icon="envelope"
-                />
-                <ds-space margin-botton="large">
-                  <ds-text>
-                    {{ $t('password-reset.form.description') }}
-                  </ds-text>
-                </ds-space>
-                <ds-button
-                  :disabled="disabled"
-                  :loading="$apollo.loading"
-                  primary
-                  fullwidth
-                  name="submit"
-                  type="submit"
-                  icon="envelope"
-                >
-                  {{ $t('password-reset.form.submit') }}
-                </ds-button>
-              </ds-form>
-              <div v-else>
-                <transition name="ds-transition-fade">
-                  <ds-flex centered>
-                    <sweetalert-icon icon="success" />
-                  </ds-flex>
-                </transition>
-                <ds-text v-html="submitMessage" />
-              </div>
-            </ds-space>
-          </ds-card>
+          <password-reset />
         </ds-space>
       </ds-flex-item>
     </ds-flex>
@@ -55,58 +11,12 @@
 </template>
 
 <script>
-import gql from 'graphql-tag'
-import { SweetalertIcon } from 'vue-sweetalert-icons'
+import PasswordReset from '~/components/PasswordReset/PasswordReset'
 
 export default {
   layout: 'default',
   components: {
-    SweetalertIcon,
-  },
-  data() {
-    return {
-      formData: {
-        email: '',
-      },
-      formSchema: {
-        email: {
-          type: 'email',
-          required: true,
-          message: this.$t('common.validations.email'),
-        },
-      },
-      disabled: true,
-      submitted: false,
-    }
-  },
-  computed: {
-    submitMessage() {
-      const { email } = this.formData
-      return this.$t('password-reset.form.submitted', { email })
-    },
-  },
-  methods: {
-    handleInput() {
-      this.disabled = true
-    },
-    handleInputValid() {
-      this.disabled = false
-    },
-    async handleSubmit() {
-      const mutation = gql`
-        mutation($email: String!) {
-          requestPasswordReset(email: $email)
-        }
-      `
-      const variables = this.formData
-
-      try {
-        await this.$apollo.mutate({ mutation, variables })
-        this.submitted = true
-      } catch (err) {
-        this.$toast.error(err.message)
-      }
-    },
-  },
+    PasswordReset,
+  }
 }
 </script>

From aa6855434de199fa68e09125d0ea5642db759249 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Mon, 17 Jun 2019 15:10:57 +0200
Subject: [PATCH 19/62] Emit `submitted` from PasswordReset component

---
 .../PasswordReset/PasswordReset.spec.js       | 19 +++----
 .../PasswordReset/PasswordReset.vue           |  6 ++-
 .../PasswordReset/VerifyCode.spec.js          | 50 +++++++++++++++++++
 .../components/PasswordReset/VerifyCode.vue   |  9 ++++
 webapp/locales/de.json                        |  5 ++
 webapp/locales/en.json                        |  5 ++
 6 files changed, 84 insertions(+), 10 deletions(-)
 create mode 100644 webapp/components/PasswordReset/VerifyCode.spec.js
 create mode 100644 webapp/components/PasswordReset/VerifyCode.vue

diff --git a/webapp/components/PasswordReset/PasswordReset.spec.js b/webapp/components/PasswordReset/PasswordReset.spec.js
index e55b9273a..6284fed36 100644
--- a/webapp/components/PasswordReset/PasswordReset.spec.js
+++ b/webapp/components/PasswordReset/PasswordReset.spec.js
@@ -6,7 +6,7 @@ const localVue = createLocalVue()
 
 localVue.use(Styleguide)
 
-describe('ProfileSlug', () => {
+describe('PasswordReset', () => {
   let wrapper
   let Wrapper
   let mocks
@@ -26,6 +26,8 @@ describe('ProfileSlug', () => {
   })
 
   describe('mount', () => {
+    beforeEach(jest.useFakeTimers)
+
     Wrapper = () => {
       return mount(PasswordReset, {
         mocks,
@@ -35,7 +37,7 @@ describe('ProfileSlug', () => {
 
     it('renders a password reset form', () => {
       wrapper = Wrapper()
-      expect(wrapper.find('.password-reset-card').exists()).toBe(true)
+      expect(wrapper.find('.password-reset').exists()).toBe(true)
     })
 
     describe('submit', () => {
@@ -62,14 +64,13 @@ describe('ProfileSlug', () => {
         const expected = ['password-reset.form.submitted', { email: 'mail@example.org' }]
         expect(mocks.$t).toHaveBeenCalledWith(...expected)
       })
-    })
 
-    describe('given password reset token as URL param', () => {
-      it.todo('displays a form to update your password')
-      describe('submitting new password', () => {
-        it.todo('calls resetPassword graphql mutation')
-        it.todo('delivers new password to backend')
-        it.todo('displays success message')
+      describe('after animation', () => {
+        beforeEach(jest.runAllTimers)
+
+        it('emits `submitted`', () => {
+          expect(wrapper.emitted('submitted')).toBeTruthy()
+        })
       })
     })
   })
diff --git a/webapp/components/PasswordReset/PasswordReset.vue b/webapp/components/PasswordReset/PasswordReset.vue
index 7a74bbe31..175207949 100644
--- a/webapp/components/PasswordReset/PasswordReset.vue
+++ b/webapp/components/PasswordReset/PasswordReset.vue
@@ -1,5 +1,5 @@
 <template>
-  <ds-card class="password-reset-card">
+  <ds-card class="password-reset">
     <ds-space margin="large">
       <ds-form
         v-if="!submitted"
@@ -94,6 +94,10 @@ export default {
       try {
         await this.$apollo.mutate({ mutation, variables })
         this.submitted = true
+
+        setTimeout(() => {
+          this.$emit('submitted')
+        }, 1000)
       } catch (err) {
         this.$toast.error(err.message)
       }
diff --git a/webapp/components/PasswordReset/VerifyCode.spec.js b/webapp/components/PasswordReset/VerifyCode.spec.js
new file mode 100644
index 000000000..92d6f8d07
--- /dev/null
+++ b/webapp/components/PasswordReset/VerifyCode.spec.js
@@ -0,0 +1,50 @@
+import { mount, createLocalVue } from '@vue/test-utils'
+import VerifyCode from './VerifyCode'
+import Styleguide from '@human-connection/styleguide'
+
+const localVue = createLocalVue()
+
+localVue.use(Styleguide)
+
+describe('VerifyCode ', () => {
+  let wrapper
+  let Wrapper
+  let mocks
+
+  beforeEach(() => {
+    mocks = {
+      $toast: {
+        success: jest.fn(),
+        error: jest.fn(),
+      },
+      $t: jest.fn(),
+      $apollo: {
+        loading: false,
+        mutate: jest.fn().mockResolvedValue({ data: { resetPassword: false } }),
+      },
+    }
+  })
+
+  describe('mount', () => {
+    Wrapper = () => {
+      return mount(VerifyCode, {
+        mocks,
+        localVue,
+      })
+    }
+
+    it('renders a verify code form', () => {
+      wrapper = Wrapper()
+      expect(wrapper.find('.verify-code').exists()).toBe(true)
+    })
+
+    describe('after verification code given', () => {
+      it.todo('displays a form to update your password')
+      describe('submitting new password', () => {
+        it.todo('calls resetPassword graphql mutation')
+        it.todo('delivers new password to backend')
+        it.todo('displays success message')
+      })
+    })
+  })
+})
diff --git a/webapp/components/PasswordReset/VerifyCode.vue b/webapp/components/PasswordReset/VerifyCode.vue
new file mode 100644
index 000000000..d6bea39df
--- /dev/null
+++ b/webapp/components/PasswordReset/VerifyCode.vue
@@ -0,0 +1,9 @@
+<template>
+  <ds-card class="verify-code">
+    <ds-space margin="large">
+      <h1>
+        {{ $t('verify-code.form.description') }}
+      </h1>
+    </ds-space>
+  </ds-card>
+</template>
diff --git a/webapp/locales/de.json b/webapp/locales/de.json
index 88afa07e0..5e2be98f8 100644
--- a/webapp/locales/de.json
+++ b/webapp/locales/de.json
@@ -22,6 +22,11 @@
       "submitted": "E-Mail verschickt an <b>{email}</b>"
     }
   },
+  "verify-code": {
+    "form": {
+      "description": "Öffne Deine E-Mail Postfach und gib den Code ein, den wir geschickt haben."
+    }
+  },
   "editor": {
     "placeholder": "Schreib etwas Inspirierendes..."
   },
diff --git a/webapp/locales/en.json b/webapp/locales/en.json
index 53ad9fb40..d7caa3cfb 100644
--- a/webapp/locales/en.json
+++ b/webapp/locales/en.json
@@ -22,6 +22,11 @@
       "submitted": "Email sent to <b>{email}</b>"
     }
   },
+  "verify-code": {
+    "form": {
+      "description": "Open your inbox and enter the code that we've sent to you."
+    }
+  },
   "editor": {
     "placeholder": "Leave your inspirational thoughts..."
   },

From edd6a3f0c3d6ee8aa3cf9aa1f082c0731fb75b47 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Mon, 17 Jun 2019 15:17:58 +0200
Subject: [PATCH 20/62] PW-Reset page switches password reset and verify

---
 .../PasswordReset/PasswordReset.spec.js       |  4 +-
 .../PasswordReset/PasswordReset.vue           | 46 +++++++++----------
 webapp/pages/password-reset.vue               | 17 ++++++-
 3 files changed, 40 insertions(+), 27 deletions(-)

diff --git a/webapp/components/PasswordReset/PasswordReset.spec.js b/webapp/components/PasswordReset/PasswordReset.spec.js
index 6284fed36..1adf68ee5 100644
--- a/webapp/components/PasswordReset/PasswordReset.spec.js
+++ b/webapp/components/PasswordReset/PasswordReset.spec.js
@@ -68,8 +68,8 @@ describe('PasswordReset', () => {
       describe('after animation', () => {
         beforeEach(jest.runAllTimers)
 
-        it('emits `submitted`', () => {
-          expect(wrapper.emitted('submitted')).toBeTruthy()
+        it('emits `handleSubmitted`', () => {
+          expect(wrapper.emitted('handleSubmitted')).toBeTruthy()
         })
       })
     })
diff --git a/webapp/components/PasswordReset/PasswordReset.vue b/webapp/components/PasswordReset/PasswordReset.vue
index 175207949..e34efc070 100644
--- a/webapp/components/PasswordReset/PasswordReset.vue
+++ b/webapp/components/PasswordReset/PasswordReset.vue
@@ -8,7 +8,7 @@
         v-model="formData"
         :schema="formSchema"
         @submit="handleSubmit"
-        >
+      >
         <ds-input
           :placeholder="$t('login.email')"
           type="email"
@@ -16,29 +16,29 @@
           model="email"
           name="email"
           icon="envelope"
-          />
-          <ds-space margin-botton="large">
-            <ds-text>
-              {{ $t('password-reset.form.description') }}
-            </ds-text>
-          </ds-space>
-          <ds-button
-            :disabled="disabled"
-            :loading="$apollo.loading"
-            primary
-            fullwidth
-            name="submit"
-            type="submit"
-            icon="envelope"
-            >
-            {{ $t('password-reset.form.submit') }}
-          </ds-button>
+        />
+        <ds-space margin-botton="large">
+          <ds-text>
+            {{ $t('password-reset.form.description') }}
+          </ds-text>
+        </ds-space>
+        <ds-button
+          :disabled="disabled"
+          :loading="$apollo.loading"
+          primary
+          fullwidth
+          name="submit"
+          type="submit"
+          icon="envelope"
+        >
+          {{ $t('password-reset.form.submit') }}
+        </ds-button>
       </ds-form>
       <div v-else>
         <transition name="ds-transition-fade">
-        <ds-flex centered>
-          <sweetalert-icon icon="success" />
-        </ds-flex>
+          <ds-flex centered>
+            <sweetalert-icon icon="success" />
+          </ds-flex>
         </transition>
         <ds-text v-html="submitMessage" />
       </div>
@@ -96,8 +96,8 @@ export default {
         this.submitted = true
 
         setTimeout(() => {
-          this.$emit('submitted')
-        }, 1000)
+          this.$emit('handleSubmitted')
+        }, 3000)
       } catch (err) {
         this.$toast.error(err.message)
       }
diff --git a/webapp/pages/password-reset.vue b/webapp/pages/password-reset.vue
index 98642cfe8..0ef12cd32 100644
--- a/webapp/pages/password-reset.vue
+++ b/webapp/pages/password-reset.vue
@@ -3,7 +3,8 @@
     <ds-flex>
       <ds-flex-item :width="{ base: '100%' }" centered>
         <ds-space style="text-align: center;" margin-top="small" margin-bottom="xxx-small" centered>
-          <password-reset />
+          <password-reset @handleSubmitted="handleSubmitted" v-if="!submitted" />
+          <verify-code v-else />
         </ds-space>
       </ds-flex-item>
     </ds-flex>
@@ -12,11 +13,23 @@
 
 <script>
 import PasswordReset from '~/components/PasswordReset/PasswordReset'
+import VerifyCode from '~/components/PasswordReset/VerifyCode'
 
 export default {
   layout: 'default',
+  data() {
+    return {
+      submitted: false,
+    }
+  },
   components: {
     PasswordReset,
-  }
+    VerifyCode,
+  },
+  methods: {
+    handleSubmitted() {
+      this.submitted = true
+    },
+  },
 }
 </script>

From 0da7b906bde543bc5552fbca27ac6bac2fe0419d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Mon, 17 Jun 2019 21:11:10 +0200
Subject: [PATCH 21/62] Start with verify code component

---
 .../components/PasswordReset/VerifyCode.vue   | 26 ++++++++++++++++---
 webapp/locales/de.json                        |  3 ++-
 webapp/locales/en.json                        |  4 ++-
 3 files changed, 28 insertions(+), 5 deletions(-)

diff --git a/webapp/components/PasswordReset/VerifyCode.vue b/webapp/components/PasswordReset/VerifyCode.vue
index d6bea39df..73bcfa6cd 100644
--- a/webapp/components/PasswordReset/VerifyCode.vue
+++ b/webapp/components/PasswordReset/VerifyCode.vue
@@ -1,9 +1,29 @@
 <template>
   <ds-card class="verify-code">
     <ds-space margin="large">
-      <h1>
-        {{ $t('verify-code.form.description') }}
-      </h1>
+      <ds-form v-model="formData" :schema="formSchema" @submit="handleSubmit">
+        <ds-input
+          :placeholder="$t('verify-code.form.input')"
+          model="token"
+          name="token"
+          icon="question-circle"
+        />
+        <ds-space margin-botton="large">
+          <ds-text>
+            {{ $t('verify-code.form.description') }}
+          </ds-text>
+        </ds-space>
+        <ds-button
+          :disabled="disabled"
+          :loading="$apollo.loading"
+          primary
+          fullwidth
+          name="submit"
+          type="submit"
+        >
+          {{ $t('verify-code.form.submit') }}
+        </ds-button>
+      </ds-form>
     </ds-space>
   </ds-card>
 </template>
diff --git a/webapp/locales/de.json b/webapp/locales/de.json
index 5e2be98f8..dece0fcff 100644
--- a/webapp/locales/de.json
+++ b/webapp/locales/de.json
@@ -24,7 +24,8 @@
   },
   "verify-code": {
     "form": {
-      "description": "Öffne Deine E-Mail Postfach und gib den Code ein, den wir geschickt haben."
+      "description": "Öffne Deine E-Mail Postfach und gib den Code ein, den wir geschickt haben.",
+      "submit": "Sicherheitscode überprüfen"
     }
   },
   "editor": {
diff --git a/webapp/locales/en.json b/webapp/locales/en.json
index d7caa3cfb..d18603278 100644
--- a/webapp/locales/en.json
+++ b/webapp/locales/en.json
@@ -24,7 +24,9 @@
   },
   "verify-code": {
     "form": {
-      "description": "Open your inbox and enter the code that we've sent to you."
+      "input": "Enter your code",
+      "description": "Open your inbox and enter the code that we've sent to you.",
+      "submit": "Check security code"
     }
   },
   "editor": {

From 21506335b551685d485a6450c45f429187637a7a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Mon, 17 Jun 2019 22:51:07 +0200
Subject: [PATCH 22/62] Add validations for the code

---
 .../PasswordReset/PasswordReset.vue           |  2 +-
 .../components/PasswordReset/VerifyCode.vue   | 25 +++++++++++++++++--
 webapp/locales/de.json                        |  6 ++++-
 webapp/locales/en.json                        |  5 +++-
 4 files changed, 33 insertions(+), 5 deletions(-)

diff --git a/webapp/components/PasswordReset/PasswordReset.vue b/webapp/components/PasswordReset/PasswordReset.vue
index e34efc070..e7d3a5f65 100644
--- a/webapp/components/PasswordReset/PasswordReset.vue
+++ b/webapp/components/PasswordReset/PasswordReset.vue
@@ -63,7 +63,7 @@ export default {
         email: {
           type: 'email',
           required: true,
-          message: this.$t('common.validations.email'),
+          message: this.$t('password-reset.form.validations.email'),
         },
       },
       disabled: true,
diff --git a/webapp/components/PasswordReset/VerifyCode.vue b/webapp/components/PasswordReset/VerifyCode.vue
index 73bcfa6cd..7df5395f0 100644
--- a/webapp/components/PasswordReset/VerifyCode.vue
+++ b/webapp/components/PasswordReset/VerifyCode.vue
@@ -4,8 +4,8 @@
       <ds-form v-model="formData" :schema="formSchema" @submit="handleSubmit">
         <ds-input
           :placeholder="$t('verify-code.form.input')"
-          model="token"
-          name="token"
+          model="code"
+          name="code"
           icon="question-circle"
         />
         <ds-space margin-botton="large">
@@ -27,3 +27,24 @@
     </ds-space>
   </ds-card>
 </template>
+
+<script>
+export default {
+  data() {
+    return {
+      formData: {
+        code: '',
+      },
+      formSchema: {
+        code: {
+          type: 'string',
+          min: 6,
+          max: 6,
+          required: true,
+          message: this.$t('verify-code.form.validations.code'),
+        },
+      },
+    }
+  },
+}
+</script>
diff --git a/webapp/locales/de.json b/webapp/locales/de.json
index dece0fcff..3610ff68b 100644
--- a/webapp/locales/de.json
+++ b/webapp/locales/de.json
@@ -24,8 +24,12 @@
   },
   "verify-code": {
     "form": {
+      "input": "Code eingeben",
       "description": "Öffne Deine E-Mail Postfach und gib den Code ein, den wir geschickt haben.",
-      "submit": "Sicherheitscode überprüfen"
+      "submit": "Sicherheitscode überprüfen",
+      "validations": {
+        "code": "muss genau 6 Buchstaben lang sein"
+      }
     }
   },
   "editor": {
diff --git a/webapp/locales/en.json b/webapp/locales/en.json
index d18603278..225c26391 100644
--- a/webapp/locales/en.json
+++ b/webapp/locales/en.json
@@ -26,7 +26,10 @@
     "form": {
       "input": "Enter your code",
       "description": "Open your inbox and enter the code that we've sent to you.",
-      "submit": "Check security code"
+      "submit": "Check security code",
+      "validations": {
+        "code": "must be 6 characters long"
+      }
     }
   },
   "editor": {

From 8fc74b9e14c2fea130865c14a246f7cd4032eff7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Tue, 18 Jun 2019 12:09:06 +0200
Subject: [PATCH 23/62] Put validation error translations together

---
 webapp/components/PasswordReset/PasswordReset.vue | 2 +-
 webapp/components/PasswordReset/VerifyCode.vue    | 2 +-
 webapp/locales/de.json                            | 8 +++-----
 webapp/locales/en.json                            | 8 +++-----
 4 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/webapp/components/PasswordReset/PasswordReset.vue b/webapp/components/PasswordReset/PasswordReset.vue
index e7d3a5f65..e34efc070 100644
--- a/webapp/components/PasswordReset/PasswordReset.vue
+++ b/webapp/components/PasswordReset/PasswordReset.vue
@@ -63,7 +63,7 @@ export default {
         email: {
           type: 'email',
           required: true,
-          message: this.$t('password-reset.form.validations.email'),
+          message: this.$t('common.validations.email'),
         },
       },
       disabled: true,
diff --git a/webapp/components/PasswordReset/VerifyCode.vue b/webapp/components/PasswordReset/VerifyCode.vue
index 7df5395f0..13415a5fa 100644
--- a/webapp/components/PasswordReset/VerifyCode.vue
+++ b/webapp/components/PasswordReset/VerifyCode.vue
@@ -41,7 +41,7 @@ export default {
           min: 6,
           max: 6,
           required: true,
-          message: this.$t('verify-code.form.validations.code'),
+          message: this.$t('common.validations.verification-code'),
         },
       },
     }
diff --git a/webapp/locales/de.json b/webapp/locales/de.json
index 3610ff68b..2c5f9a07e 100644
--- a/webapp/locales/de.json
+++ b/webapp/locales/de.json
@@ -26,10 +26,7 @@
     "form": {
       "input": "Code eingeben",
       "description": "Öffne Deine E-Mail Postfach und gib den Code ein, den wir geschickt haben.",
-      "submit": "Sicherheitscode überprüfen",
-      "validations": {
-        "code": "muss genau 6 Buchstaben lang sein"
-      }
+      "submit": "Sicherheitscode überprüfen"
     }
   },
   "editor": {
@@ -214,7 +211,8 @@
     "loading": "wird geladen",
     "reportContent": "Melden",
     "validations": {
-      "email": "muss eine gültige E-Mail Adresse sein"
+      "email": "muss eine gültige E-Mail Adresse sein",
+      "verification-code": "muss genau 6 Buchstaben lang sein"
     }
   },
   "actions": {
diff --git a/webapp/locales/en.json b/webapp/locales/en.json
index 225c26391..44d1153da 100644
--- a/webapp/locales/en.json
+++ b/webapp/locales/en.json
@@ -26,10 +26,7 @@
     "form": {
       "input": "Enter your code",
       "description": "Open your inbox and enter the code that we've sent to you.",
-      "submit": "Check security code",
-      "validations": {
-        "code": "must be 6 characters long"
-      }
+      "submit": "Check security code"
     }
   },
   "editor": {
@@ -214,7 +211,8 @@
     "loading": "loading",
     "reportContent": "Report",
     "validations": {
-      "email": "must be a valid email address"
+      "email": "must be a valid email address",
+      "verification-code": "must be 6 characters long"
     }
   },
   "actions": {

From de40499007529de22b8e8c756b8fa04a3f2e521d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Tue, 18 Jun 2019 12:41:58 +0200
Subject: [PATCH 24/62] Move to next step after verify code

---
 webapp/components/PasswordReset/VerifyCode.spec.js | 11 ++++++++++-
 webapp/components/PasswordReset/VerifyCode.vue     | 10 +++++++++-
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/webapp/components/PasswordReset/VerifyCode.spec.js b/webapp/components/PasswordReset/VerifyCode.spec.js
index 92d6f8d07..3904f62f2 100644
--- a/webapp/components/PasswordReset/VerifyCode.spec.js
+++ b/webapp/components/PasswordReset/VerifyCode.spec.js
@@ -39,7 +39,16 @@ describe('VerifyCode ', () => {
     })
 
     describe('after verification code given', () => {
-      it.todo('displays a form to update your password')
+      beforeEach(() => {
+        wrapper = Wrapper()
+        wrapper.find('input').setValue('123456')
+        wrapper.find('form').trigger('submit')
+      })
+
+      it('displays a form to update your password', () => {
+        expect(wrapper.find('.change-password').exists()).toBe(true)
+      })
+
       describe('submitting new password', () => {
         it.todo('calls resetPassword graphql mutation')
         it.todo('delivers new password to backend')
diff --git a/webapp/components/PasswordReset/VerifyCode.vue b/webapp/components/PasswordReset/VerifyCode.vue
index 13415a5fa..3defca13d 100644
--- a/webapp/components/PasswordReset/VerifyCode.vue
+++ b/webapp/components/PasswordReset/VerifyCode.vue
@@ -1,7 +1,7 @@
 <template>
   <ds-card class="verify-code">
     <ds-space margin="large">
-      <ds-form v-model="formData" :schema="formSchema" @submit="handleSubmit">
+      <ds-form v-if="!codeSubmitted" v-model="formData" :schema="formSchema" @submit="handleSubmit">
         <ds-input
           :placeholder="$t('verify-code.form.input')"
           model="code"
@@ -24,11 +24,13 @@
           {{ $t('verify-code.form.submit') }}
         </ds-button>
       </ds-form>
+      <div v-else class="change-password" />
     </ds-space>
   </ds-card>
 </template>
 
 <script>
+
 export default {
   data() {
     return {
@@ -44,7 +46,13 @@ export default {
           message: this.$t('common.validations.verification-code'),
         },
       },
+      codeSubmitted: false
     }
   },
+  methods: {
+    handleSubmit(){
+      this.codeSubmitted = true
+    }
+  }
 }
 </script>

From 5a781b0bc6c494509174c696cd233ae462aeb49d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Tue, 18 Jun 2019 12:58:43 +0200
Subject: [PATCH 25/62] Copy+Paste code form Password/Change, DRY later

---
 .../components/PasswordReset/VerifyCode.vue   | 122 ++++++++++++++----
 1 file changed, 97 insertions(+), 25 deletions(-)

diff --git a/webapp/components/PasswordReset/VerifyCode.vue b/webapp/components/PasswordReset/VerifyCode.vue
index 3defca13d..bd214bbef 100644
--- a/webapp/components/PasswordReset/VerifyCode.vue
+++ b/webapp/components/PasswordReset/VerifyCode.vue
@@ -1,7 +1,14 @@
 <template>
   <ds-card class="verify-code">
     <ds-space margin="large">
-      <ds-form v-if="!codeSubmitted" v-model="formData" :schema="formSchema" @submit="handleSubmit">
+      <ds-form
+        v-if="!codeSubmitted"
+        v-model="verification.formData"
+        :schema="verification.formSchema"
+        @submit="handleSubmitVerify"
+        @input="handleInput"
+        @input-valid="handleInputValid"
+      >
         <ds-input
           :placeholder="$t('verify-code.form.input')"
           model="code"
@@ -13,46 +20,111 @@
             {{ $t('verify-code.form.description') }}
           </ds-text>
         </ds-space>
-        <ds-button
-          :disabled="disabled"
-          :loading="$apollo.loading"
-          primary
-          fullwidth
-          name="submit"
-          type="submit"
-        >
+        <ds-button :disabled="disabled" primary fullwidth name="submit" type="submit">
           {{ $t('verify-code.form.submit') }}
         </ds-button>
       </ds-form>
-      <div v-else class="change-password" />
+      <ds-form
+        v-else
+        v-model="password.formData"
+        :schema="password.formSchema"
+        @submit="handleSubmitPassword"
+        @input="handleInput"
+        @input-valid="handleInputValid"
+        class="change-password"
+      >
+        <ds-input
+          id="newPassword"
+          model="newPassword"
+          type="password"
+          :label="$t('settings.security.change-password.label-new-password')"
+        />
+        <ds-input
+          id="confirmPassword"
+          model="confirmPassword"
+          type="password"
+          :label="$t('settings.security.change-password.label-new-password-confirm')"
+        />
+        <password-strength :password="password.formData.newPassword" />
+        <ds-space margin-top="base">
+          <ds-button :loading="$apollo.loading" :disabled="disabled" primary>
+            {{ $t('settings.security.change-password.button') }}
+          </ds-button>
+        </ds-space>
+      </ds-form>
     </ds-space>
   </ds-card>
 </template>
 
 <script>
-
+import PasswordStrength from '../Password/Strength'
 export default {
+  components: {
+    PasswordStrength,
+  },
   data() {
     return {
-      formData: {
-        code: '',
-      },
-      formSchema: {
-        code: {
-          type: 'string',
-          min: 6,
-          max: 6,
-          required: true,
-          message: this.$t('common.validations.verification-code'),
+      verification: {
+        formData: {
+          code: '',
+        },
+        formSchema: {
+          code: {
+            type: 'string',
+            min: 6,
+            max: 6,
+            required: true,
+            message: this.$t('common.validations.verification-code'),
+          },
         },
       },
-      codeSubmitted: false
+      password: {
+        formData: {
+          newPassword: '',
+          confirmPassword: '',
+        },
+        formSchema: {
+          newPassword: {
+            type: 'string',
+            required: true,
+            message: this.$t('settings.security.change-password.message-new-password-required'),
+          },
+          confirmPassword: [
+            { validator: this.matchPassword },
+            {
+              type: 'string',
+              required: true,
+              message: this.$t(
+                'settings.security.change-password.message-new-password-confirm-required',
+              ),
+            },
+          ],
+        },
+      },
+      codeSubmitted: false,
+      disabled: true,
     }
   },
   methods: {
-    handleSubmit(){
+    async handleInput(data) {
+      this.disabled = true
+    },
+    async handleInputValid(data) {
+      this.disabled = false
+    },
+    handleSubmitVerify() {
       this.codeSubmitted = true
-    }
-  }
+    },
+    handleSubmitPassword() {},
+    matchPassword(rule, value, callback, source, options) {
+      var errors = []
+      if (this.password.formData.newPassword !== value) {
+        errors.push(
+          new Error(this.$t('settings.security.change-password.message-new-password-missmatch')),
+        )
+      }
+      callback(errors)
+    },
+  },
 }
 </script>

From a641ab68840da4b6c2f848f2ba1f6664a4eb3b30 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Tue, 18 Jun 2019 13:01:19 +0200
Subject: [PATCH 26/62] Turn off autocomplete for all password fields

---
 webapp/components/Password/Change.vue          | 3 +++
 webapp/components/PasswordReset/VerifyCode.vue | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/webapp/components/Password/Change.vue b/webapp/components/Password/Change.vue
index 95da2a7be..63c797157 100644
--- a/webapp/components/Password/Change.vue
+++ b/webapp/components/Password/Change.vue
@@ -11,18 +11,21 @@
         id="oldPassword"
         model="oldPassword"
         type="password"
+        autocomplete="off"
         :label="$t('settings.security.change-password.label-old-password')"
       />
       <ds-input
         id="newPassword"
         model="newPassword"
         type="password"
+        autocomplete="off"
         :label="$t('settings.security.change-password.label-new-password')"
       />
       <ds-input
         id="confirmPassword"
         model="confirmPassword"
         type="password"
+        autocomplete="off"
         :label="$t('settings.security.change-password.label-new-password-confirm')"
       />
       <password-strength :password="formData.newPassword" />
diff --git a/webapp/components/PasswordReset/VerifyCode.vue b/webapp/components/PasswordReset/VerifyCode.vue
index bd214bbef..6e8f116ed 100644
--- a/webapp/components/PasswordReset/VerifyCode.vue
+++ b/webapp/components/PasswordReset/VerifyCode.vue
@@ -37,12 +37,14 @@
           id="newPassword"
           model="newPassword"
           type="password"
+          autocomplete="off"
           :label="$t('settings.security.change-password.label-new-password')"
         />
         <ds-input
           id="confirmPassword"
           model="confirmPassword"
           type="password"
+          autocomplete="off"
           :label="$t('settings.security.change-password.label-new-password-confirm')"
         />
         <password-strength :password="password.formData.newPassword" />

From 288e5002fd4dd21b98993a8fffd76f77e0fbf485 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Tue, 18 Jun 2019 13:13:13 +0200
Subject: [PATCH 27/62] Flesh out VerifyCode.spec.js

---
 .../PasswordReset/VerifyCode.spec.js          | 26 ++++++++++++++++---
 webapp/locales/de.json                        |  6 ++++-
 webapp/locales/en.json                        |  6 ++++-
 3 files changed, 32 insertions(+), 6 deletions(-)

diff --git a/webapp/components/PasswordReset/VerifyCode.spec.js b/webapp/components/PasswordReset/VerifyCode.spec.js
index 3904f62f2..63e8ce2b3 100644
--- a/webapp/components/PasswordReset/VerifyCode.spec.js
+++ b/webapp/components/PasswordReset/VerifyCode.spec.js
@@ -20,7 +20,7 @@ describe('VerifyCode ', () => {
       $t: jest.fn(),
       $apollo: {
         loading: false,
-        mutate: jest.fn().mockResolvedValue({ data: { resetPassword: false } }),
+        mutate: jest.fn().mockResolvedValue({ data: { resetPassword: true } }),
       },
     }
   })
@@ -50,9 +50,27 @@ describe('VerifyCode ', () => {
       })
 
       describe('submitting new password', () => {
-        it.todo('calls resetPassword graphql mutation')
-        it.todo('delivers new password to backend')
-        it.todo('displays success message')
+        beforeEach(() => {
+          wrapper.find('input#newPassword').setValue('supersecret')
+          wrapper.find('input#confirmPassword').setValue('supersecret')
+          wrapper.find('form').trigger('submit')
+        })
+
+        it('calls resetPassword graphql mutation', () => {
+          expect(mocks.$apollo.mutate).toHaveBeenCalled()
+        })
+
+        it('delivers new password to backend', () => {
+          const expected = expect.objectContaining({ variables: { newPassword: 'supersecret' } })
+          expect(mocks.$apollo.mutate).toHaveBeenCalledWith(expected)
+        })
+
+        describe('password reset successful', () => {
+          it('displays success message', () => {
+            const expected = 'verify-code.change-password.sucess'
+            expect(mocks.$t).toHaveBeenCalledWith(expected)
+          })
+        })
       })
     })
   })
diff --git a/webapp/locales/de.json b/webapp/locales/de.json
index 2c5f9a07e..cd04befe0 100644
--- a/webapp/locales/de.json
+++ b/webapp/locales/de.json
@@ -26,7 +26,11 @@
     "form": {
       "input": "Code eingeben",
       "description": "Öffne Deine E-Mail Postfach und gib den Code ein, den wir geschickt haben.",
-      "submit": "Sicherheitscode überprüfen"
+      "submit": "Sicherheitscode überprüfen",
+      "change-password":{
+        "success": "Änderung des Passworts war erfolgreich",
+        "failure": "Passwort Änderung fehlgeschlagen. Möglicherweise falscher Sicherheitscode."
+      }
     }
   },
   "editor": {
diff --git a/webapp/locales/en.json b/webapp/locales/en.json
index 44d1153da..b0dcc0f03 100644
--- a/webapp/locales/en.json
+++ b/webapp/locales/en.json
@@ -26,7 +26,11 @@
     "form": {
       "input": "Enter your code",
       "description": "Open your inbox and enter the code that we've sent to you.",
-      "submit": "Check security code"
+      "submit": "Check security code",
+      "change-password": {
+        "success": "Changing your password was successful",
+        "failure": "Changing your password failed. Probably the security code was not correct"
+      }
     }
   },
   "editor": {

From 559210d204bb2be26bed55aad00395160a7e65bf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Tue, 18 Jun 2019 13:23:37 +0200
Subject: [PATCH 28/62] Oh, forgot, you have to add the email again

Well, this is not good practice. If an attacker has access to the
mailbox then she knows also the email account as well. It's better to
ask the user for the unique username, e.g. `@username`.

https://stackoverflow.com/a/16018373
---
 .../PasswordReset/VerifyCode.spec.js          |  3 ++-
 .../components/PasswordReset/VerifyCode.vue   | 22 +++++++++++++++----
 webapp/locales/de.json                        |  2 +-
 webapp/locales/en.json                        |  2 +-
 4 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/webapp/components/PasswordReset/VerifyCode.spec.js b/webapp/components/PasswordReset/VerifyCode.spec.js
index 63e8ce2b3..0d198721b 100644
--- a/webapp/components/PasswordReset/VerifyCode.spec.js
+++ b/webapp/components/PasswordReset/VerifyCode.spec.js
@@ -41,7 +41,8 @@ describe('VerifyCode ', () => {
     describe('after verification code given', () => {
       beforeEach(() => {
         wrapper = Wrapper()
-        wrapper.find('input').setValue('123456')
+        wrapper.find('input#email').setValue('mail@example.org')
+        wrapper.find('input#code').setValue('123456')
         wrapper.find('form').trigger('submit')
       })
 
diff --git a/webapp/components/PasswordReset/VerifyCode.vue b/webapp/components/PasswordReset/VerifyCode.vue
index 6e8f116ed..67a164ba6 100644
--- a/webapp/components/PasswordReset/VerifyCode.vue
+++ b/webapp/components/PasswordReset/VerifyCode.vue
@@ -2,7 +2,7 @@
   <ds-card class="verify-code">
     <ds-space margin="large">
       <ds-form
-        v-if="!codeSubmitted"
+        v-if="!verificationSubmitted"
         v-model="verification.formData"
         :schema="verification.formSchema"
         @submit="handleSubmitVerify"
@@ -10,9 +10,17 @@
         @input-valid="handleInputValid"
       >
         <ds-input
-          :placeholder="$t('verify-code.form.input')"
+          :placeholder="$t('login.email')"
+          model="email"
+          id="email"
+          name="email"
+          icon="envelope"
+        />
+        <ds-input
+          :placeholder="$t('verify-code.form.code')"
           model="code"
           name="code"
+          id="code"
           icon="question-circle"
         />
         <ds-space margin-botton="large">
@@ -68,9 +76,15 @@ export default {
     return {
       verification: {
         formData: {
+          email: '',
           code: '',
         },
         formSchema: {
+          email: {
+            type: 'email',
+            required: true,
+            message: this.$t('common.validations.email'),
+          },
           code: {
             type: 'string',
             min: 6,
@@ -103,7 +117,7 @@ export default {
           ],
         },
       },
-      codeSubmitted: false,
+      verificationSubmitted: false,
       disabled: true,
     }
   },
@@ -115,7 +129,7 @@ export default {
       this.disabled = false
     },
     handleSubmitVerify() {
-      this.codeSubmitted = true
+      this.verificationSubmitted = true
     },
     handleSubmitPassword() {},
     matchPassword(rule, value, callback, source, options) {
diff --git a/webapp/locales/de.json b/webapp/locales/de.json
index cd04befe0..502f72607 100644
--- a/webapp/locales/de.json
+++ b/webapp/locales/de.json
@@ -24,7 +24,7 @@
   },
   "verify-code": {
     "form": {
-      "input": "Code eingeben",
+      "code": "Code eingeben",
       "description": "Öffne Deine E-Mail Postfach und gib den Code ein, den wir geschickt haben.",
       "submit": "Sicherheitscode überprüfen",
       "change-password":{
diff --git a/webapp/locales/en.json b/webapp/locales/en.json
index b0dcc0f03..2aac32ca6 100644
--- a/webapp/locales/en.json
+++ b/webapp/locales/en.json
@@ -24,7 +24,7 @@
   },
   "verify-code": {
     "form": {
-      "input": "Enter your code",
+      "code": "Enter your code",
       "description": "Open your inbox and enter the code that we've sent to you.",
       "submit": "Check security code",
       "change-password": {

From 3948cb8ace7f426840807f99b932a28b6dceb394 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Tue, 18 Jun 2019 13:48:30 +0200
Subject: [PATCH 29/62] VerifyCode.spec passes

---
 .../PasswordReset/VerifyCode.spec.js          |  16 ++-
 .../components/PasswordReset/VerifyCode.vue   | 107 ++++++++++++------
 webapp/locales/de.json                        |   2 +-
 webapp/locales/en.json                        |   2 +-
 4 files changed, 90 insertions(+), 37 deletions(-)

diff --git a/webapp/components/PasswordReset/VerifyCode.spec.js b/webapp/components/PasswordReset/VerifyCode.spec.js
index 0d198721b..217c58ce9 100644
--- a/webapp/components/PasswordReset/VerifyCode.spec.js
+++ b/webapp/components/PasswordReset/VerifyCode.spec.js
@@ -26,6 +26,8 @@ describe('VerifyCode ', () => {
   })
 
   describe('mount', () => {
+    beforeEach(jest.useFakeTimers)
+
     Wrapper = () => {
       return mount(VerifyCode, {
         mocks,
@@ -62,15 +64,25 @@ describe('VerifyCode ', () => {
         })
 
         it('delivers new password to backend', () => {
-          const expected = expect.objectContaining({ variables: { newPassword: 'supersecret' } })
+          const expected = expect.objectContaining({
+            variables: { token: '123456', email: 'mail@example.org', newPassword: 'supersecret' },
+          })
           expect(mocks.$apollo.mutate).toHaveBeenCalledWith(expected)
         })
 
         describe('password reset successful', () => {
           it('displays success message', () => {
-            const expected = 'verify-code.change-password.sucess'
+            const expected = 'verify-code.form.change-password.success'
             expect(mocks.$t).toHaveBeenCalledWith(expected)
           })
+
+          describe('after animation', () => {
+            beforeEach(jest.runAllTimers)
+
+            it('emits `change-password-sucess`', () => {
+              expect(wrapper.emitted('change-password-result')).toEqual([['success']])
+            })
+          })
         })
       })
     })
diff --git a/webapp/components/PasswordReset/VerifyCode.vue b/webapp/components/PasswordReset/VerifyCode.vue
index 67a164ba6..49f951324 100644
--- a/webapp/components/PasswordReset/VerifyCode.vue
+++ b/webapp/components/PasswordReset/VerifyCode.vue
@@ -32,42 +32,49 @@
           {{ $t('verify-code.form.submit') }}
         </ds-button>
       </ds-form>
-      <ds-form
-        v-else
-        v-model="password.formData"
-        :schema="password.formSchema"
-        @submit="handleSubmitPassword"
-        @input="handleInput"
-        @input-valid="handleInputValid"
-        class="change-password"
-      >
-        <ds-input
-          id="newPassword"
-          model="newPassword"
-          type="password"
-          autocomplete="off"
-          :label="$t('settings.security.change-password.label-new-password')"
-        />
-        <ds-input
-          id="confirmPassword"
-          model="confirmPassword"
-          type="password"
-          autocomplete="off"
-          :label="$t('settings.security.change-password.label-new-password-confirm')"
-        />
-        <password-strength :password="password.formData.newPassword" />
-        <ds-space margin-top="base">
-          <ds-button :loading="$apollo.loading" :disabled="disabled" primary>
-            {{ $t('settings.security.change-password.button') }}
-          </ds-button>
-        </ds-space>
-      </ds-form>
+      <template v-else>
+        <ds-form
+          v-if="!changePasswordResult"
+          v-model="password.formData"
+          :schema="password.formSchema"
+          @submit="handleSubmitPassword"
+          @input="handleInput"
+          @input-valid="handleInputValid"
+          class="change-password"
+        >
+          <ds-input
+            id="newPassword"
+            model="newPassword"
+            type="password"
+            autocomplete="off"
+            :label="$t('settings.security.change-password.label-new-password')"
+          />
+          <ds-input
+            id="confirmPassword"
+            model="confirmPassword"
+            type="password"
+            autocomplete="off"
+            :label="$t('settings.security.change-password.label-new-password-confirm')"
+          />
+          <password-strength :password="password.formData.newPassword" />
+          <ds-space margin-top="base">
+            <ds-button :loading="$apollo.loading" :disabled="disabled" primary>
+              {{ $t('settings.security.change-password.button') }}
+            </ds-button>
+          </ds-space>
+        </ds-form>
+        <ds-text v-else>
+          {{ changePasswordResultMessage }}
+        </ds-text>
+      </template>
     </ds-space>
   </ds-card>
 </template>
 
 <script>
 import PasswordStrength from '../Password/Strength'
+import gql from 'graphql-tag'
+
 export default {
   components: {
     PasswordStrength,
@@ -119,19 +126,53 @@ export default {
       },
       verificationSubmitted: false,
       disabled: true,
+      changePasswordResult: null,
     }
   },
+  computed: {
+    changePasswordResultMessage() {
+      if (!this.changePasswordResult) return ''
+      return this.$t(`verify-code.form.change-password.${this.changePasswordResult}`)
+    },
+  },
   methods: {
-    async handleInput(data) {
+    async handleInput() {
       this.disabled = true
     },
-    async handleInputValid(data) {
+    async handleInputValid() {
       this.disabled = false
     },
     handleSubmitVerify() {
       this.verificationSubmitted = true
     },
-    handleSubmitPassword() {},
+    async handleSubmitPassword() {
+      const mutation = gql`
+        mutation($token: String!, $email: String!, $newPassword: String!) {
+          resetPassword(token: $token, email: $email, newPassword: $newPassword)
+        }
+      `
+      const { newPassword } = this.password.formData
+      const { email, code: token } = this.verification.formData
+      const variables = { newPassword, email, token }
+      try {
+        const {
+          data: { resetPassword },
+        } = await this.$apollo.mutate({ mutation, variables })
+        const changePasswordResult = resetPassword ? 'success' : 'failure'
+        this.changePasswordResult = changePasswordResult
+        this.$emit('change-password-result', changePasswordResult)
+        this.verification.formData = {
+          code: '',
+          email: '',
+        }
+        this.password.formData = {
+          newPassword: '',
+          confirmPassword: '',
+        }
+      } catch (err) {
+        this.$toast.error(err.message)
+      }
+    },
     matchPassword(rule, value, callback, source, options) {
       var errors = []
       if (this.password.formData.newPassword !== value) {
diff --git a/webapp/locales/de.json b/webapp/locales/de.json
index 502f72607..1adebdaf8 100644
--- a/webapp/locales/de.json
+++ b/webapp/locales/de.json
@@ -29,7 +29,7 @@
       "submit": "Sicherheitscode überprüfen",
       "change-password":{
         "success": "Änderung des Passworts war erfolgreich",
-        "failure": "Passwort Änderung fehlgeschlagen. Möglicherweise falscher Sicherheitscode."
+        "failure": "Passwort Änderung fehlgeschlagen. Möglicherweise falscher Sicherheitscode?"
       }
     }
   },
diff --git a/webapp/locales/en.json b/webapp/locales/en.json
index 2aac32ca6..6a4c43613 100644
--- a/webapp/locales/en.json
+++ b/webapp/locales/en.json
@@ -29,7 +29,7 @@
       "submit": "Check security code",
       "change-password": {
         "success": "Changing your password was successful",
-        "failure": "Changing your password failed. Probably the security code was not correct"
+        "failure": "Changing your password failed. Maybe the security code was not correct?"
       }
     }
   },

From 69434cdc7fc8425eb8efd2d039d878506caf55f3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Tue, 18 Jun 2019 16:11:05 +0200
Subject: [PATCH 30/62] Nicer information messages

---
 webapp/components/PasswordReset/PasswordReset.vue | 2 +-
 webapp/components/PasswordReset/VerifyCode.vue    | 3 +++
 webapp/locales/de.json                            | 2 +-
 webapp/locales/en.json                            | 2 +-
 4 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/webapp/components/PasswordReset/PasswordReset.vue b/webapp/components/PasswordReset/PasswordReset.vue
index e34efc070..f183307e6 100644
--- a/webapp/components/PasswordReset/PasswordReset.vue
+++ b/webapp/components/PasswordReset/PasswordReset.vue
@@ -37,7 +37,7 @@
       <div v-else>
         <transition name="ds-transition-fade">
           <ds-flex centered>
-            <sweetalert-icon icon="success" />
+            <sweetalert-icon icon="info" />
           </ds-flex>
         </transition>
         <ds-text v-html="submitMessage" />
diff --git a/webapp/components/PasswordReset/VerifyCode.vue b/webapp/components/PasswordReset/VerifyCode.vue
index 49f951324..4743a4ed6 100644
--- a/webapp/components/PasswordReset/VerifyCode.vue
+++ b/webapp/components/PasswordReset/VerifyCode.vue
@@ -64,6 +64,7 @@
           </ds-space>
         </ds-form>
         <ds-text v-else>
+          <sweetalert-icon :icon="changePasswordResult" />
           {{ changePasswordResultMessage }}
         </ds-text>
       </template>
@@ -74,9 +75,11 @@
 <script>
 import PasswordStrength from '../Password/Strength'
 import gql from 'graphql-tag'
+import { SweetalertIcon } from 'vue-sweetalert-icons'
 
 export default {
   components: {
+    SweetalertIcon,
     PasswordStrength,
   },
   data() {
diff --git a/webapp/locales/de.json b/webapp/locales/de.json
index 1adebdaf8..a13b5620a 100644
--- a/webapp/locales/de.json
+++ b/webapp/locales/de.json
@@ -29,7 +29,7 @@
       "submit": "Sicherheitscode überprüfen",
       "change-password":{
         "success": "Änderung des Passworts war erfolgreich",
-        "failure": "Passwort Änderung fehlgeschlagen. Möglicherweise falscher Sicherheitscode?"
+        "error": "Passwort Änderung fehlgeschlagen. Möglicherweise falscher Sicherheitscode?"
       }
     }
   },
diff --git a/webapp/locales/en.json b/webapp/locales/en.json
index 6a4c43613..a4f958c87 100644
--- a/webapp/locales/en.json
+++ b/webapp/locales/en.json
@@ -29,7 +29,7 @@
       "submit": "Check security code",
       "change-password": {
         "success": "Changing your password was successful",
-        "failure": "Changing your password failed. Maybe the security code was not correct?"
+        "error": "Changing your password failed. Maybe the security code was not correct?"
       }
     }
   },

From 8984df937120c91bdcdb0892671066ccfe097b6a Mon Sep 17 00:00:00 2001
From: Ulf Gebhardt <ulf.gebhardt@webcraft-media.de>
Date: Tue, 18 Jun 2019 17:43:00 +0200
Subject: [PATCH 31/62] lint fixes

---
 backend/src/activitypub/NitroDataSource.js   | 8 ++++++--
 backend/src/middleware/notifications/spec.js | 4 +++-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/backend/src/activitypub/NitroDataSource.js b/backend/src/activitypub/NitroDataSource.js
index 0900bed6c..eea37337a 100644
--- a/backend/src/activitypub/NitroDataSource.js
+++ b/backend/src/activitypub/NitroDataSource.js
@@ -505,7 +505,9 @@ export default class NitroDataSource {
     const result2 = await this.client.mutate({
       mutation: gql`
           mutation {
-              AddCommentAuthor(from: {id: "${result.data.CreateComment.id}"}, to: {id: "${toUserId}"}) {
+              AddCommentAuthor(from: {id: "${
+                result.data.CreateComment.id
+              }"}, to: {id: "${toUserId}"}) {
                   id
               }
           }
@@ -517,7 +519,9 @@ export default class NitroDataSource {
     result = await this.client.mutate({
       mutation: gql`
           mutation {
-              AddCommentPost(from: { id: "${result.data.CreateComment.id}", to: { id: "${postId}" }}) {
+              AddCommentPost(from: { id: "${
+                result.data.CreateComment.id
+              }", to: { id: "${postId}" }}) {
                   id
               }
           }
diff --git a/backend/src/middleware/notifications/spec.js b/backend/src/middleware/notifications/spec.js
index 985654b0f..65212e544 100644
--- a/backend/src/middleware/notifications/spec.js
+++ b/backend/src/middleware/notifications/spec.js
@@ -87,7 +87,9 @@ describe('currentUser { notifications }', () => {
 
         describe('who mentions me again', () => {
           beforeEach(async () => {
-            const updatedContent = `${post.content} One more mention to <a href="/profile/you" class="mention">@al-capone</a>`
+            const updatedContent = `${
+              post.content
+            } One more mention to <a href="/profile/you" class="mention">@al-capone</a>`
             // The response `post.content` contains a link but the XSSmiddleware
             // should have the `mention` CSS class removed. I discovered this
             // during development and thought: A feature not a bug! This way we

From ba185bcb65c8d99d9295af2e432b7d0b1b8506ae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Tue, 18 Jun 2019 17:16:56 +0200
Subject: [PATCH 32/62] Refactor backend

---
 backend/src/schema/resolvers/passwordReset.js | 30 +++++-----
 .../schema/resolvers/passwordReset.spec.js    | 58 ++++++++-----------
 backend/src/schema/types/schema.gql           |  2 +-
 .../components/PasswordReset/VerifyCode.vue   | 10 ++--
 4 files changed, 45 insertions(+), 55 deletions(-)

diff --git a/backend/src/schema/resolvers/passwordReset.js b/backend/src/schema/resolvers/passwordReset.js
index d6d2a6e6c..e2fb1a80f 100644
--- a/backend/src/schema/resolvers/passwordReset.js
+++ b/backend/src/schema/resolvers/passwordReset.js
@@ -1,15 +1,16 @@
 import uuid from 'uuid/v4'
 import bcrypt from 'bcryptjs'
 
-export async function createPasswordReset({ driver, token, email, validUntil }) {
+export async function createPasswordReset(options) {
+  const { driver, code, email, issuedAt = new Date() } = options
   const session = driver.session()
   const cypher = `
       MATCH (u:User) WHERE u.email = $email
-      CREATE(pr:PasswordReset {token: $token, validUntil: $validUntil, redeemedAt: NULL})
+      CREATE(pr:PasswordReset {code: $code, issuedAt: datetime($issuedAt), usedAt: NULL})
       MERGE (u)-[:REQUESTED]->(pr)
-      RETURN u,pr
+      RETURN pr
       `
-  const transactionRes = await session.run(cypher, { token, email, validUntil })
+  const transactionRes = await session.run(cypher, { issuedAt: issuedAt.toISOString(), code, email })
   const resets = transactionRes.records.map(record => record.get('pr'))
   session.close()
   return resets
@@ -18,27 +19,26 @@ export async function createPasswordReset({ driver, token, email, validUntil })
 export default {
   Mutation: {
     requestPasswordReset: async (_, { email }, { driver }) => {
-      let validUntil = new Date()
-      validUntil += 3 * 60 * 1000
-      const token = uuid()
-      await createPasswordReset({ driver, token, email, validUntil })
+      const code = uuid().substring(0,6)
+      await createPasswordReset({ driver, code, email })
       return true
     },
-    resetPassword: async (_, { email, token, newPassword }, { driver }) => {
+    resetPassword: async (_, { email, code, newPassword }, { driver }) => {
       const session = driver.session()
-      const now = new Date().getTime()
+      const stillValid = new Date()
+      stillValid.setDate(stillValid.getDate() - 1)
       const newHashedPassword = await bcrypt.hashSync(newPassword, 10)
       const cypher = `
-      MATCH (r:PasswordReset {token: $token})
+      MATCH (r:PasswordReset {code: $code})
       MATCH (u:User {email: $email})-[:REQUESTED]->(r)
-      WHERE r.validUntil > $now AND r.redeemedAt IS NULL
-      SET r.redeemedAt = $now
+      WHERE duration.between(r.issuedAt, datetime()).days <= 0 AND r.usedAt IS NULL
+      SET r.usedAt = datetime()
       SET u.password = $newHashedPassword
       RETURN r
       `
-      let transactionRes = await session.run(cypher, { now, email, token, newHashedPassword })
+      let transactionRes = await session.run(cypher, { stillValid, email, code, newHashedPassword })
       const [reset] = transactionRes.records.map(record => record.get('r'))
-      const result = !!(reset && reset.properties.redeemedAt)
+      const result = !!(reset && reset.properties.usedAt)
       session.close()
       return result
     },
diff --git a/backend/src/schema/resolvers/passwordReset.spec.js b/backend/src/schema/resolvers/passwordReset.spec.js
index 1fbd96b7a..6d0347703 100644
--- a/backend/src/schema/resolvers/passwordReset.spec.js
+++ b/backend/src/schema/resolvers/passwordReset.spec.js
@@ -64,23 +64,12 @@ describe('passwordReset', () => {
         expect(resets).toHaveLength(1)
       })
 
-      it('creates a reset token', async () => {
+      it('creates a reset code', async () => {
         await client.request(mutation, variables)
         const resets = await getAllPasswordResets()
         const [reset] = resets
-        const { token } = reset.properties
-        expect(token).toMatch(/^........-....-....-....-............$/)
-      })
-
-      it('created PasswordReset is valid for less than 4 minutes', async () => {
-        await client.request(mutation, variables)
-        const resets = await getAllPasswordResets()
-        const [reset] = resets
-        let { validUntil } = reset.properties
-        validUntil = Date.parse(validUntil)
-        const now = new Date().getTime()
-        expect(validUntil).toBeGreaterThan(now - 60 * 1000)
-        expect(validUntil).toBeLessThan(now + 4 * 60 * 1000)
+        const { code } = reset.properties
+        expect(code).toHaveLength(6)
       })
     })
   })
@@ -89,50 +78,50 @@ describe('passwordReset', () => {
     const setup = async (options = {}) => {
       const {
         email = 'user@example.org',
-        validUntil = new Date().getTime() + 3 * 60 * 1000,
-        token = 'abcdefgh-ijkl-mnop-qrst-uvwxyz123456',
+        issuedAt = new Date(),
+        code = 'abcdef',
       } = options
 
       const session = driver.session()
-      await createPasswordReset({ driver, email, validUntil, token })
+      await createPasswordReset({ driver, email, issuedAt, code })
       session.close()
     }
 
-    const mutation = `mutation($token: String!, $email: String!, $newPassword: String!) { resetPassword(token: $token, email: $email, newPassword: $newPassword) }`
+    const mutation = `mutation($code: String!, $email: String!, $newPassword: String!) { resetPassword(code: $code, email: $email, newPassword: $newPassword) }`
     let email = 'user@example.org'
-    let token = 'abcdefgh-ijkl-mnop-qrst-uvwxyz123456'
+    let code = 'abcdef'
     let newPassword = 'supersecret'
     let variables
 
     describe('invalid email', () => {
       it('resolves to false', async () => {
         await setup()
-        variables = { newPassword, email: 'non-existent@example.org', token }
+        variables = { newPassword, email: 'non-existent@example.org', code }
         await expect(client.request(mutation, variables)).resolves.toEqual({ resetPassword: false })
       })
     })
 
     describe('valid email', () => {
-      describe('but invalid token', () => {
+      describe('but invalid code', () => {
         it('resolves to false', async () => {
           await setup()
-          variables = { newPassword, email, token: 'slkdjfldsjflsdjfsjdfl' }
+          variables = { newPassword, email, code: 'slkdjf' }
           await expect(client.request(mutation, variables)).resolves.toEqual({
             resetPassword: false,
           })
         })
       })
 
-      describe('and valid token', () => {
+      describe('and valid code', () => {
         beforeEach(() => {
           variables = {
             newPassword,
             email: 'user@example.org',
-            token: 'abcdefgh-ijkl-mnop-qrst-uvwxyz123456',
+            code: 'abcdef',
           }
         })
 
-        describe('and token not expired', () => {
+        describe('and code not expired', () => {
           beforeEach(async () => {
             await setup()
           })
@@ -143,12 +132,12 @@ describe('passwordReset', () => {
             })
           })
 
-          it('updates PasswordReset `redeemedAt` property', async () => {
+          it('updates PasswordReset `usedAt` property', async () => {
             await client.request(mutation, variables)
             const requests = await getAllPasswordResets()
             const [request] = requests
-            const { redeemedAt } = request.properties
-            expect(redeemedAt).not.toBeNull()
+            const { usedAt } = request.properties
+            expect(usedAt).not.toBeFalsy()
           })
 
           it('updates password of the user', async () => {
@@ -168,10 +157,11 @@ describe('passwordReset', () => {
           })
         })
 
-        describe('but expired token', () => {
+        describe('but expired code', () => {
           beforeEach(async () => {
-            const validUntil = new Date().getTime() - 1000
-            await setup({ validUntil })
+            const issuedAt = new Date()
+            issuedAt.setDate(issuedAt.getDate() - 1)
+            await setup({ issuedAt })
           })
 
           it('resolves to false', async () => {
@@ -180,12 +170,12 @@ describe('passwordReset', () => {
             })
           })
 
-          it('does not update PasswordReset `redeemedAt` property', async () => {
+          it('does not update PasswordReset `usedAt` property', async () => {
             await client.request(mutation, variables)
             const requests = await getAllPasswordResets()
             const [request] = requests
-            const { redeemedAt } = request.properties
-            expect(redeemedAt).toBeUndefined()
+            const { usedAt } = request.properties
+            expect(usedAt).toBeUndefined()
           })
         })
       })
diff --git a/backend/src/schema/types/schema.gql b/backend/src/schema/types/schema.gql
index ae77ef8e8..1ef83bac3 100644
--- a/backend/src/schema/types/schema.gql
+++ b/backend/src/schema/types/schema.gql
@@ -26,7 +26,7 @@ type Mutation {
   signup(email: String!, password: String!): Boolean!
   changePassword(oldPassword: String!, newPassword: String!): String!
   requestPasswordReset(email: String!): Boolean!
-  resetPassword(email: String!, token: String!, newPassword: String!): Boolean!
+  resetPassword(email: String!, code: String!, newPassword: String!): Boolean!
   report(id: ID!, description: String): Report
   disable(id: ID!): ID
   enable(id: ID!): ID
diff --git a/webapp/components/PasswordReset/VerifyCode.vue b/webapp/components/PasswordReset/VerifyCode.vue
index 4743a4ed6..4d7c161cf 100644
--- a/webapp/components/PasswordReset/VerifyCode.vue
+++ b/webapp/components/PasswordReset/VerifyCode.vue
@@ -150,18 +150,18 @@ export default {
     },
     async handleSubmitPassword() {
       const mutation = gql`
-        mutation($token: String!, $email: String!, $newPassword: String!) {
-          resetPassword(token: $token, email: $email, newPassword: $newPassword)
+        mutation($code: String!, $email: String!, $newPassword: String!) {
+          resetPassword(code: $code, email: $email, newPassword: $newPassword)
         }
       `
       const { newPassword } = this.password.formData
-      const { email, code: token } = this.verification.formData
-      const variables = { newPassword, email, token }
+      const { email, code } = this.verification.formData
+      const variables = { newPassword, email, code }
       try {
         const {
           data: { resetPassword },
         } = await this.$apollo.mutate({ mutation, variables })
-        const changePasswordResult = resetPassword ? 'success' : 'failure'
+        const changePasswordResult = resetPassword ? 'success' : 'error'
         this.changePasswordResult = changePasswordResult
         this.$emit('change-password-result', changePasswordResult)
         this.verification.formData = {

From 7446464d6c5a0fc4b74ee21f9a0d3420a57a15c6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Tue, 18 Jun 2019 19:08:59 +0200
Subject: [PATCH 33/62] Better translations

---
 webapp/components/PasswordReset/VerifyCode.vue | 2 +-
 webapp/locales/de.json                         | 4 ++--
 webapp/locales/en.json                         | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/webapp/components/PasswordReset/VerifyCode.vue b/webapp/components/PasswordReset/VerifyCode.vue
index 4d7c161cf..a69732b4c 100644
--- a/webapp/components/PasswordReset/VerifyCode.vue
+++ b/webapp/components/PasswordReset/VerifyCode.vue
@@ -29,7 +29,7 @@
           </ds-text>
         </ds-space>
         <ds-button :disabled="disabled" primary fullwidth name="submit" type="submit">
-          {{ $t('verify-code.form.submit') }}
+          {{ $t('verify-code.form.next') }}
         </ds-button>
       </ds-form>
       <template v-else>
diff --git a/webapp/locales/de.json b/webapp/locales/de.json
index a13b5620a..70762c85e 100644
--- a/webapp/locales/de.json
+++ b/webapp/locales/de.json
@@ -19,14 +19,14 @@
     "form": {
       "description": "Eine Mail zum Zurücksetzen des Passworts wird an die angegebene E-Mail Adresse geschickt.",
       "submit": "Email anfordern",
-      "submitted": "E-Mail verschickt an <b>{email}</b>"
+      "submitted": "Eine E-Mail mit weiteren Instruktionen wurde verschickt an <b>{email}</b>"
     }
   },
   "verify-code": {
     "form": {
       "code": "Code eingeben",
       "description": "Öffne Deine E-Mail Postfach und gib den Code ein, den wir geschickt haben.",
-      "submit": "Sicherheitscode überprüfen",
+      "next": "Weiter",
       "change-password":{
         "success": "Änderung des Passworts war erfolgreich",
         "error": "Passwort Änderung fehlgeschlagen. Möglicherweise falscher Sicherheitscode?"
diff --git a/webapp/locales/en.json b/webapp/locales/en.json
index a4f958c87..15743d571 100644
--- a/webapp/locales/en.json
+++ b/webapp/locales/en.json
@@ -19,14 +19,14 @@
     "form": {
       "description": "A password reset email will be sent to the given email address.",
       "submit": "Request email",
-      "submitted": "Email sent to <b>{email}</b>"
+      "submitted": "A mail with further instruction has been sent to <b>{email}</b>"
     }
   },
   "verify-code": {
     "form": {
       "code": "Enter your code",
       "description": "Open your inbox and enter the code that we've sent to you.",
-      "submit": "Check security code",
+      "next": "Continue",
       "change-password": {
         "success": "Changing your password was successful",
         "error": "Changing your password failed. Maybe the security code was not correct?"

From 506fe0fe9412add0004bd802b2071fd473708eb1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Tue, 18 Jun 2019 22:35:44 +0200
Subject: [PATCH 34/62] Add support instructions

---
 .../components/PasswordReset/VerifyCode.vue   | 27 +++++++++++--------
 webapp/locales/de.json                        |  3 ++-
 webapp/locales/en.json                        |  3 ++-
 3 files changed, 20 insertions(+), 13 deletions(-)

diff --git a/webapp/components/PasswordReset/VerifyCode.vue b/webapp/components/PasswordReset/VerifyCode.vue
index a69732b4c..e452d64e8 100644
--- a/webapp/components/PasswordReset/VerifyCode.vue
+++ b/webapp/components/PasswordReset/VerifyCode.vue
@@ -64,8 +64,20 @@
           </ds-space>
         </ds-form>
         <ds-text v-else>
-          <sweetalert-icon :icon="changePasswordResult" />
-          {{ changePasswordResultMessage }}
+          <template v-if="changePasswordResult === 'success'">
+            <sweetalert-icon icon="success" />
+            <ds-text>
+              {{ $t(`verify-code.form.change-password.success`) }}
+            </ds-text>
+          </template>
+          <template v-else>
+            <sweetalert-icon icon="error" />
+            <ds-text align="left">
+              {{ $t(`verify-code.form.change-password.error`) }}
+              {{ $t('verify-code.form.change-password.help') }}
+            </ds-text>
+            <a href="mailto:support@human-connection.org">support@human-connection.org</a>
+          </template>
         </ds-text>
       </template>
     </ds-space>
@@ -132,12 +144,6 @@ export default {
       changePasswordResult: null,
     }
   },
-  computed: {
-    changePasswordResultMessage() {
-      if (!this.changePasswordResult) return ''
-      return this.$t(`verify-code.form.change-password.${this.changePasswordResult}`)
-    },
-  },
   methods: {
     async handleInput() {
       this.disabled = true
@@ -161,9 +167,8 @@ export default {
         const {
           data: { resetPassword },
         } = await this.$apollo.mutate({ mutation, variables })
-        const changePasswordResult = resetPassword ? 'success' : 'error'
-        this.changePasswordResult = changePasswordResult
-        this.$emit('change-password-result', changePasswordResult)
+        this.changePasswordResult = resetPassword ? 'success' : 'error'
+        this.$emit('change-password-result', this.changePasswordResult)
         this.verification.formData = {
           code: '',
           email: '',
diff --git a/webapp/locales/de.json b/webapp/locales/de.json
index 70762c85e..0970877d4 100644
--- a/webapp/locales/de.json
+++ b/webapp/locales/de.json
@@ -29,7 +29,8 @@
       "next": "Weiter",
       "change-password":{
         "success": "Änderung des Passworts war erfolgreich",
-        "error": "Passwort Änderung fehlgeschlagen. Möglicherweise falscher Sicherheitscode?"
+        "error": "Passwort Änderung fehlgeschlagen. Möglicherweise falscher Sicherheitscode?",
+        "help": "Falls Probleme auftreten, schreib uns gerne eine Mail an:"
       }
     }
   },
diff --git a/webapp/locales/en.json b/webapp/locales/en.json
index 15743d571..41a806a7b 100644
--- a/webapp/locales/en.json
+++ b/webapp/locales/en.json
@@ -29,7 +29,8 @@
       "next": "Continue",
       "change-password": {
         "success": "Changing your password was successful",
-        "error": "Changing your password failed. Maybe the security code was not correct?"
+        "error": "Changing your password failed. Maybe the security code was not correct?",
+        "help": "In case of problems, feel free to ask for help by sending us a mail to:"
       }
     }
   },

From cc26d0be94a87fd4b409b4c2497847f6bed29b4e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Tue, 18 Jun 2019 22:48:53 +0200
Subject: [PATCH 35/62] Handle passwordReset response on reset page

---
 .../components/PasswordReset/VerifyCode.spec.js   |  2 +-
 webapp/components/PasswordReset/VerifyCode.vue    |  4 +++-
 webapp/pages/password-reset.vue                   | 15 ++++++++++-----
 3 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/webapp/components/PasswordReset/VerifyCode.spec.js b/webapp/components/PasswordReset/VerifyCode.spec.js
index 217c58ce9..cf12aacac 100644
--- a/webapp/components/PasswordReset/VerifyCode.spec.js
+++ b/webapp/components/PasswordReset/VerifyCode.spec.js
@@ -80,7 +80,7 @@ describe('VerifyCode ', () => {
             beforeEach(jest.runAllTimers)
 
             it('emits `change-password-sucess`', () => {
-              expect(wrapper.emitted('change-password-result')).toEqual([['success']])
+              expect(wrapper.emitted('passwordResetResponse')).toEqual([['success']])
             })
           })
         })
diff --git a/webapp/components/PasswordReset/VerifyCode.vue b/webapp/components/PasswordReset/VerifyCode.vue
index e452d64e8..d53d08bf2 100644
--- a/webapp/components/PasswordReset/VerifyCode.vue
+++ b/webapp/components/PasswordReset/VerifyCode.vue
@@ -168,7 +168,9 @@ export default {
           data: { resetPassword },
         } = await this.$apollo.mutate({ mutation, variables })
         this.changePasswordResult = resetPassword ? 'success' : 'error'
-        this.$emit('change-password-result', this.changePasswordResult)
+        setTimeout(() => {
+          this.$emit('passwordResetResponse', this.changePasswordResult)
+        }, 3000)
         this.verification.formData = {
           code: '',
           email: '',
diff --git a/webapp/pages/password-reset.vue b/webapp/pages/password-reset.vue
index 0ef12cd32..3c6100430 100644
--- a/webapp/pages/password-reset.vue
+++ b/webapp/pages/password-reset.vue
@@ -3,8 +3,8 @@
     <ds-flex>
       <ds-flex-item :width="{ base: '100%' }" centered>
         <ds-space style="text-align: center;" margin-top="small" margin-bottom="xxx-small" centered>
-          <password-reset @handleSubmitted="handleSubmitted" v-if="!submitted" />
-          <verify-code v-else />
+          <password-reset @handleSubmitted="handlePasswordResetRequested" v-if="!passwordResetRequested" />
+          <verify-code v-else @passwordResetResponse="handlePasswordResetResponse" />
         </ds-space>
       </ds-flex-item>
     </ds-flex>
@@ -19,7 +19,7 @@ export default {
   layout: 'default',
   data() {
     return {
-      submitted: false,
+      passwordResetRequested: false
     }
   },
   components: {
@@ -27,8 +27,13 @@ export default {
     VerifyCode,
   },
   methods: {
-    handleSubmitted() {
-      this.submitted = true
+    handlePasswordResetRequested() {
+      this.passwordResetRequested = true
+    },
+    handlePasswordResetResponse(response) {
+      if (response === 'success'){
+        this.$router.push('login')
+      }
     },
   },
 }

From 29b910cfb7b5338b5f344a46a5ef06628e18f50e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Tue, 18 Jun 2019 23:24:29 +0200
Subject: [PATCH 36/62] Really basic passwordReset flow works

---
 backend/package.json                          |  1 +
 backend/src/config/index.js                   |  8 +++++
 backend/src/schema/resolvers/passwordReset.js | 32 +++++++++++++++++--
 .../schema/resolvers/passwordReset.spec.js    |  6 +---
 backend/yarn.lock                             |  5 +++
 5 files changed, 45 insertions(+), 7 deletions(-)

diff --git a/backend/package.json b/backend/package.json
index c8537ae0b..45f47db44 100644
--- a/backend/package.json
+++ b/backend/package.json
@@ -72,6 +72,7 @@
     "neo4j-driver": "~1.7.4",
     "neo4j-graphql-js": "git+https://github.com/Human-Connection/neo4j-graphql-js.git#temporary_fixes",
     "node-fetch": "~2.6.0",
+    "nodemailer": "^6.2.1",
     "npm-run-all": "~4.1.5",
     "request": "~2.88.0",
     "sanitize-html": "~1.20.1",
diff --git a/backend/src/config/index.js b/backend/src/config/index.js
index aed6f7c1c..6931126e2 100644
--- a/backend/src/config/index.js
+++ b/backend/src/config/index.js
@@ -8,6 +8,13 @@ export const requiredConfigs = {
   PRIVATE_KEY_PASSPHRASE: process.env.PRIVATE_KEY_PASSPHRASE,
 }
 
+export const smtpConfigs = {
+  SMTP_HOST: process.env.SMTP_HOST || 'localhost',
+  SMTP_PORT: process.env.SMTP_PORT || 1025,
+  SMTP_USERNAME: process.env.SMTP_USERNAME,
+  SMTP_PASSWORD: process.env.SMTP_PASSWORD,
+}
+
 export const neo4jConfigs = {
   NEO4J_URI: process.env.NEO4J_URI || 'bolt://localhost:7687',
   NEO4J_USERNAME: process.env.NEO4J_USERNAME || 'neo4j',
@@ -29,6 +36,7 @@ export const developmentConfigs = {
 
 export default {
   ...requiredConfigs,
+  ...smtpConfigs,
   ...neo4jConfigs,
   ...serverConfigs,
   ...developmentConfigs,
diff --git a/backend/src/schema/resolvers/passwordReset.js b/backend/src/schema/resolvers/passwordReset.js
index e2fb1a80f..fe37187b5 100644
--- a/backend/src/schema/resolvers/passwordReset.js
+++ b/backend/src/schema/resolvers/passwordReset.js
@@ -1,5 +1,21 @@
 import uuid from 'uuid/v4'
 import bcrypt from 'bcryptjs'
+import CONFIG from '../../config'
+import nodemailer from 'nodemailer'
+
+const transporter = () => {
+  const { SMTP_HOST: host, SMTP_PORT: port, SMTP_USERNAME: user, SMTP_PASSWORD: pass } = CONFIG
+  const configs = {
+    host,
+    port,
+    ignoreTLS: true,
+    secure: false, // true for 465, false for other ports
+  }
+  if (user && pass) {
+    configs.auth = { user, pass }
+  }
+  return nodemailer.createTransport(configs)
+}
 
 export async function createPasswordReset(options) {
   const { driver, code, email, issuedAt = new Date() } = options
@@ -10,7 +26,11 @@ export async function createPasswordReset(options) {
       MERGE (u)-[:REQUESTED]->(pr)
       RETURN pr
       `
-  const transactionRes = await session.run(cypher, { issuedAt: issuedAt.toISOString(), code, email })
+  const transactionRes = await session.run(cypher, {
+    issuedAt: issuedAt.toISOString(),
+    code,
+    email,
+  })
   const resets = transactionRes.records.map(record => record.get('pr'))
   session.close()
   return resets
@@ -19,8 +39,16 @@ export async function createPasswordReset(options) {
 export default {
   Mutation: {
     requestPasswordReset: async (_, { email }, { driver }) => {
-      const code = uuid().substring(0,6)
+      const code = uuid().substring(0, 6)
       await createPasswordReset({ driver, code, email })
+      await transporter().sendMail({
+        from: '"Human Connection" <info@human-connection.org>', // sender address
+        to: email, // list of receivers
+        subject: 'Password Reset', // Subject line
+        text: `Code is ${code}`, // plain text body
+        html: `Code is <b>${code}</b>`, // plain text body
+      })
+
       return true
     },
     resetPassword: async (_, { email, code, newPassword }, { driver }) => {
diff --git a/backend/src/schema/resolvers/passwordReset.spec.js b/backend/src/schema/resolvers/passwordReset.spec.js
index 6d0347703..545945f51 100644
--- a/backend/src/schema/resolvers/passwordReset.spec.js
+++ b/backend/src/schema/resolvers/passwordReset.spec.js
@@ -76,11 +76,7 @@ describe('passwordReset', () => {
 
   describe('resetPassword', () => {
     const setup = async (options = {}) => {
-      const {
-        email = 'user@example.org',
-        issuedAt = new Date(),
-        code = 'abcdef',
-      } = options
+      const { email = 'user@example.org', issuedAt = new Date(), code = 'abcdef' } = options
 
       const session = driver.session()
       await createPasswordReset({ driver, email, issuedAt, code })
diff --git a/backend/yarn.lock b/backend/yarn.lock
index d2c5da176..eaee0a3f3 100644
--- a/backend/yarn.lock
+++ b/backend/yarn.lock
@@ -5693,6 +5693,11 @@ node-releases@^1.1.19:
   dependencies:
     semver "^5.3.0"
 
+nodemailer@^6.2.1:
+  version "6.2.1"
+  resolved "https://registry.yarnpkg.com/nodemailer/-/nodemailer-6.2.1.tgz#20d773925eb8f7a06166a0b62c751dc8290429f3"
+  integrity sha512-TagB7iuIi9uyNgHExo8lUDq3VK5/B0BpbkcjIgNvxbtVrjNqq0DwAOTuzALPVkK76kMhTSzIgHqg8X1uklVs6g==
+
 nodemon@~1.19.1:
   version "1.19.1"
   resolved "https://registry.yarnpkg.com/nodemon/-/nodemon-1.19.1.tgz#576f0aad0f863aabf8c48517f6192ff987cd5071"

From d8eca07c217604cc67adb6444e09da627fbc1076 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Tue, 18 Jun 2019 23:28:48 +0200
Subject: [PATCH 37/62] Fix lint

---
 webapp/pages/password-reset.vue | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/webapp/pages/password-reset.vue b/webapp/pages/password-reset.vue
index 3c6100430..61a1d0b84 100644
--- a/webapp/pages/password-reset.vue
+++ b/webapp/pages/password-reset.vue
@@ -3,7 +3,10 @@
     <ds-flex>
       <ds-flex-item :width="{ base: '100%' }" centered>
         <ds-space style="text-align: center;" margin-top="small" margin-bottom="xxx-small" centered>
-          <password-reset @handleSubmitted="handlePasswordResetRequested" v-if="!passwordResetRequested" />
+          <password-reset
+            @handleSubmitted="handlePasswordResetRequested"
+            v-if="!passwordResetRequested"
+          />
           <verify-code v-else @passwordResetResponse="handlePasswordResetResponse" />
         </ds-space>
       </ds-flex-item>
@@ -19,7 +22,7 @@ export default {
   layout: 'default',
   data() {
     return {
-      passwordResetRequested: false
+      passwordResetRequested: false,
     }
   },
   components: {
@@ -31,7 +34,7 @@ export default {
       this.passwordResetRequested = true
     },
     handlePasswordResetResponse(response) {
-      if (response === 'success'){
+      if (response === 'success') {
         this.$router.push('login')
       }
     },

From 38327ddf71d4529db23c1bb9273c84a3709825f0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Tue, 18 Jun 2019 23:49:38 +0200
Subject: [PATCH 38/62] Split password flow into different routes part 1

---
 webapp/nuxt.config.js                       |  4 ++-
 webapp/pages/login.vue                      |  2 +-
 webapp/pages/password-reset.vue             | 28 +--------------------
 webapp/pages/password-reset/request.vue     | 18 +++++++++++++
 webapp/pages/password-reset/verify-code.vue | 20 +++++++++++++++
 5 files changed, 43 insertions(+), 29 deletions(-)
 create mode 100644 webapp/pages/password-reset/request.vue
 create mode 100644 webapp/pages/password-reset/verify-code.vue

diff --git a/webapp/nuxt.config.js b/webapp/nuxt.config.js
index 8af3dbb16..7383f408a 100644
--- a/webapp/nuxt.config.js
+++ b/webapp/nuxt.config.js
@@ -28,7 +28,9 @@ module.exports = {
     publicPages: [
       'login',
       'logout',
-      'password-reset',
+      'password-reset-request',
+      'password-reset-verify-code',
+      'password-reset-change-password',
       'register',
       'signup',
       'reset',
diff --git a/webapp/pages/login.vue b/webapp/pages/login.vue
index 94c974b29..f858b931e 100644
--- a/webapp/pages/login.vue
+++ b/webapp/pages/login.vue
@@ -46,7 +46,7 @@
                 type="password"
               />
               <ds-space class="password-reset-link" margin-bottom="large">
-                <nuxt-link to="/password-reset">
+                <nuxt-link to="/password-reset/request">
                   {{ $t('login.forgotPassword') }}
                 </nuxt-link>
               </ds-space>
diff --git a/webapp/pages/password-reset.vue b/webapp/pages/password-reset.vue
index 61a1d0b84..ca826524e 100644
--- a/webapp/pages/password-reset.vue
+++ b/webapp/pages/password-reset.vue
@@ -3,11 +3,7 @@
     <ds-flex>
       <ds-flex-item :width="{ base: '100%' }" centered>
         <ds-space style="text-align: center;" margin-top="small" margin-bottom="xxx-small" centered>
-          <password-reset
-            @handleSubmitted="handlePasswordResetRequested"
-            v-if="!passwordResetRequested"
-          />
-          <verify-code v-else @passwordResetResponse="handlePasswordResetResponse" />
+          <nuxt-child />
         </ds-space>
       </ds-flex-item>
     </ds-flex>
@@ -15,29 +11,7 @@
 </template>
 
 <script>
-import PasswordReset from '~/components/PasswordReset/PasswordReset'
-import VerifyCode from '~/components/PasswordReset/VerifyCode'
-
 export default {
   layout: 'default',
-  data() {
-    return {
-      passwordResetRequested: false,
-    }
-  },
-  components: {
-    PasswordReset,
-    VerifyCode,
-  },
-  methods: {
-    handlePasswordResetRequested() {
-      this.passwordResetRequested = true
-    },
-    handlePasswordResetResponse(response) {
-      if (response === 'success') {
-        this.$router.push('login')
-      }
-    },
-  },
 }
 </script>
diff --git a/webapp/pages/password-reset/request.vue b/webapp/pages/password-reset/request.vue
new file mode 100644
index 000000000..7cf37f537
--- /dev/null
+++ b/webapp/pages/password-reset/request.vue
@@ -0,0 +1,18 @@
+<template>
+  <password-reset @handleSubmitted="handlePasswordResetRequested" />
+</template>
+
+<script>
+import PasswordReset from '~/components/PasswordReset/PasswordReset'
+
+export default {
+  components: {
+    PasswordReset,
+  },
+  methods: {
+    handlePasswordResetRequested() {
+      this.$router.push('verify-code')
+    },
+  },
+}
+</script>
diff --git a/webapp/pages/password-reset/verify-code.vue b/webapp/pages/password-reset/verify-code.vue
new file mode 100644
index 000000000..e331c673c
--- /dev/null
+++ b/webapp/pages/password-reset/verify-code.vue
@@ -0,0 +1,20 @@
+<template>
+  <verify-code @passwordResetResponse="handlePasswordResetResponse" />
+</template>
+
+<script>
+import VerifyCode from '~/components/PasswordReset/VerifyCode'
+
+export default {
+  components: {
+    VerifyCode,
+  },
+  methods: {
+    handlePasswordResetResponse(response) {
+      if (response === 'success') {
+        this.$router.push('login')
+      }
+    },
+  },
+}
+</script>

From 304fd028f0ccb1a49f2aecfb63bfe15e91ad7092 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Tue, 18 Jun 2019 23:51:54 +0200
Subject: [PATCH 39/62] Leftover token=>code

---
 webapp/components/PasswordReset/VerifyCode.spec.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapp/components/PasswordReset/VerifyCode.spec.js b/webapp/components/PasswordReset/VerifyCode.spec.js
index cf12aacac..6f489e55f 100644
--- a/webapp/components/PasswordReset/VerifyCode.spec.js
+++ b/webapp/components/PasswordReset/VerifyCode.spec.js
@@ -65,7 +65,7 @@ describe('VerifyCode ', () => {
 
         it('delivers new password to backend', () => {
           const expected = expect.objectContaining({
-            variables: { token: '123456', email: 'mail@example.org', newPassword: 'supersecret' },
+            variables: { code: '123456', email: 'mail@example.org', newPassword: 'supersecret' },
           })
           expect(mocks.$apollo.mutate).toHaveBeenCalledWith(expected)
         })

From 65471efb0d19a4f9130ef6e4aa2ac168758db2bc Mon Sep 17 00:00:00 2001
From: Ulf Gebhardt <ulf.gebhardt@webcraft-media.de>
Date: Wed, 19 Jun 2019 13:08:51 +0200
Subject: [PATCH 40/62] removed fixImageUrls reference

---
 backend/src/middleware/index.js | 1 -
 1 file changed, 1 deletion(-)

diff --git a/backend/src/middleware/index.js b/backend/src/middleware/index.js
index aae2dcef3..9b85bd340 100644
--- a/backend/src/middleware/index.js
+++ b/backend/src/middleware/index.js
@@ -40,7 +40,6 @@ export default schema => {
     'excerpt',
     'notifications',
     'xss',
-    'fixImageUrls',
     'softDelete',
     'user',
     'includedFields',

From 7613ddfc04c2e3f8fd62fc954f1c6486e5fdaeff Mon Sep 17 00:00:00 2001
From: Ulf Gebhardt <ulf.gebhardt@webcraft-media.de>
Date: Wed, 19 Jun 2019 13:36:14 +0200
Subject: [PATCH 41/62] lint fixes

---
 backend/src/activitypub/NitroDataSource.js   | 8 ++------
 backend/src/middleware/notifications/spec.js | 4 +---
 2 files changed, 3 insertions(+), 9 deletions(-)

diff --git a/backend/src/activitypub/NitroDataSource.js b/backend/src/activitypub/NitroDataSource.js
index eea37337a..0900bed6c 100644
--- a/backend/src/activitypub/NitroDataSource.js
+++ b/backend/src/activitypub/NitroDataSource.js
@@ -505,9 +505,7 @@ export default class NitroDataSource {
     const result2 = await this.client.mutate({
       mutation: gql`
           mutation {
-              AddCommentAuthor(from: {id: "${
-                result.data.CreateComment.id
-              }"}, to: {id: "${toUserId}"}) {
+              AddCommentAuthor(from: {id: "${result.data.CreateComment.id}"}, to: {id: "${toUserId}"}) {
                   id
               }
           }
@@ -519,9 +517,7 @@ export default class NitroDataSource {
     result = await this.client.mutate({
       mutation: gql`
           mutation {
-              AddCommentPost(from: { id: "${
-                result.data.CreateComment.id
-              }", to: { id: "${postId}" }}) {
+              AddCommentPost(from: { id: "${result.data.CreateComment.id}", to: { id: "${postId}" }}) {
                   id
               }
           }
diff --git a/backend/src/middleware/notifications/spec.js b/backend/src/middleware/notifications/spec.js
index 65212e544..985654b0f 100644
--- a/backend/src/middleware/notifications/spec.js
+++ b/backend/src/middleware/notifications/spec.js
@@ -87,9 +87,7 @@ describe('currentUser { notifications }', () => {
 
         describe('who mentions me again', () => {
           beforeEach(async () => {
-            const updatedContent = `${
-              post.content
-            } One more mention to <a href="/profile/you" class="mention">@al-capone</a>`
+            const updatedContent = `${post.content} One more mention to <a href="/profile/you" class="mention">@al-capone</a>`
             // The response `post.content` contains a link but the XSSmiddleware
             // should have the `mention` CSS class removed. I discovered this
             // during development and thought: A feature not a bug! This way we

From a7eced5f8e26c866472fee73271f62a8f8d0ca74 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Wed, 19 Jun 2019 13:40:08 +0200
Subject: [PATCH 42/62] Redirect to `/' if user is authenticated

---
 webapp/pages/password-reset.vue | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/webapp/pages/password-reset.vue b/webapp/pages/password-reset.vue
index ca826524e..a781bd3fb 100644
--- a/webapp/pages/password-reset.vue
+++ b/webapp/pages/password-reset.vue
@@ -13,5 +13,10 @@
 <script>
 export default {
   layout: 'default',
+  asyncData({ store, redirect }) {
+    if (store.getters['auth/isLoggedIn']) {
+      redirect('/')
+    }
+  },
 }
 </script>

From c85c94aa40c3d91a474f76d6908b84d232ce5b1c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Wed, 19 Jun 2019 14:07:35 +0200
Subject: [PATCH 43/62] Splitting components, better route navigation

This also allows us to generate a password reset link to quickly reset
your password without entering the code and email manually.
---
 .../PasswordReset/ChangePassword.spec.js      |  83 +++++++++
 .../PasswordReset/ChangePassword.vue          | 140 +++++++++++++++
 ...{PasswordReset.spec.js => Request.spec.js} |   6 +-
 .../{PasswordReset.vue => Request.vue}        |   0
 .../PasswordReset/VerifyCode.spec.js          |  47 +-----
 .../components/PasswordReset/VerifyCode.vue   | 159 +++---------------
 .../pages/password-reset/change-password.vue  |  28 +++
 webapp/pages/password-reset/request.vue       |   6 +-
 webapp/pages/password-reset/verify-code.vue   |   8 +-
 9 files changed, 282 insertions(+), 195 deletions(-)
 create mode 100644 webapp/components/PasswordReset/ChangePassword.spec.js
 create mode 100644 webapp/components/PasswordReset/ChangePassword.vue
 rename webapp/components/PasswordReset/{PasswordReset.spec.js => Request.spec.js} (94%)
 rename webapp/components/PasswordReset/{PasswordReset.vue => Request.vue} (100%)
 create mode 100644 webapp/pages/password-reset/change-password.vue

diff --git a/webapp/components/PasswordReset/ChangePassword.spec.js b/webapp/components/PasswordReset/ChangePassword.spec.js
new file mode 100644
index 000000000..88caa6c6d
--- /dev/null
+++ b/webapp/components/PasswordReset/ChangePassword.spec.js
@@ -0,0 +1,83 @@
+import { mount, createLocalVue } from '@vue/test-utils'
+import ChangePassword from './ChangePassword'
+import Styleguide from '@human-connection/styleguide'
+
+const localVue = createLocalVue()
+
+localVue.use(Styleguide)
+
+describe('ChangePassword ', () => {
+  let wrapper
+  let Wrapper
+  let mocks
+  let propsData
+
+  beforeEach(() => {
+    propsData = {}
+    mocks = {
+      $toast: {
+        success: jest.fn(),
+        error: jest.fn(),
+      },
+      $t: jest.fn(),
+      $apollo: {
+        loading: false,
+        mutate: jest.fn().mockResolvedValue({ data: { resetPassword: true } }),
+      },
+    }
+  })
+
+  describe('mount', () => {
+    beforeEach(jest.useFakeTimers)
+
+    Wrapper = () => {
+      return mount(ChangePassword, {
+        mocks,
+        propsData,
+        localVue,
+      })
+    }
+
+    describe('given email and verification code', () => {
+      beforeEach(() => {
+        propsData.email = 'mail@example.org'
+        propsData.code = '123456'
+      })
+
+      describe('submitting new password', () => {
+        beforeEach(() => {
+          wrapper = Wrapper()
+          wrapper.find('input#newPassword').setValue('supersecret')
+          wrapper.find('input#confirmPassword').setValue('supersecret')
+          wrapper.find('form').trigger('submit')
+        })
+
+        it('calls resetPassword graphql mutation', () => {
+          expect(mocks.$apollo.mutate).toHaveBeenCalled()
+        })
+
+        it('delivers new password to backend', () => {
+          const expected = expect.objectContaining({
+            variables: { code: '123456', email: 'mail@example.org', newPassword: 'supersecret' },
+          })
+          expect(mocks.$apollo.mutate).toHaveBeenCalledWith(expected)
+        })
+
+        describe('password reset successful', () => {
+          it('displays success message', () => {
+            const expected = 'verify-code.form.change-password.success'
+            expect(mocks.$t).toHaveBeenCalledWith(expected)
+          })
+
+          describe('after animation', () => {
+            beforeEach(jest.runAllTimers)
+
+            it('emits `change-password-sucess`', () => {
+              expect(wrapper.emitted('passwordResetResponse')).toEqual([['success']])
+            })
+          })
+        })
+      })
+    })
+  })
+})
diff --git a/webapp/components/PasswordReset/ChangePassword.vue b/webapp/components/PasswordReset/ChangePassword.vue
new file mode 100644
index 000000000..5a12f9938
--- /dev/null
+++ b/webapp/components/PasswordReset/ChangePassword.vue
@@ -0,0 +1,140 @@
+<template>
+  <ds-card class="verify-code">
+    <ds-space margin="large">
+      <template>
+        <ds-form
+          v-if="!changePasswordResult"
+          v-model="formData"
+          :schema="formSchema"
+          @submit="handleSubmitPassword"
+          @input="handleInput"
+          @input-valid="handleInputValid"
+          class="change-password"
+        >
+          <ds-input
+            id="newPassword"
+            model="newPassword"
+            type="password"
+            autocomplete="off"
+            :label="$t('settings.security.change-password.label-new-password')"
+          />
+          <ds-input
+            id="confirmPassword"
+            model="confirmPassword"
+            type="password"
+            autocomplete="off"
+            :label="$t('settings.security.change-password.label-new-password-confirm')"
+          />
+          <password-strength :password="formData.newPassword" />
+          <ds-space margin-top="base">
+            <ds-button :loading="$apollo.loading" :disabled="disabled" primary>
+              {{ $t('settings.security.change-password.button') }}
+            </ds-button>
+          </ds-space>
+        </ds-form>
+        <ds-text v-else>
+          <template v-if="changePasswordResult === 'success'">
+            <sweetalert-icon icon="success" />
+            <ds-text>
+              {{ $t(`verify-code.form.change-password.success`) }}
+            </ds-text>
+          </template>
+          <template v-else>
+            <sweetalert-icon icon="error" />
+            <ds-text align="left">
+              {{ $t(`verify-code.form.change-password.error`) }}
+              {{ $t('verify-code.form.change-password.help') }}
+            </ds-text>
+            <a href="mailto:support@human-connection.org">support@human-connection.org</a>
+          </template>
+        </ds-text>
+      </template>
+    </ds-space>
+  </ds-card>
+</template>
+
+<script>
+import PasswordStrength from '../Password/Strength'
+import gql from 'graphql-tag'
+import { SweetalertIcon } from 'vue-sweetalert-icons'
+
+export default {
+  components: {
+    SweetalertIcon,
+    PasswordStrength,
+  },
+  props: {
+    email: { type: String, required: true },
+    code: { type: String, required: true },
+  },
+  data() {
+    return {
+      formData: {
+        newPassword: '',
+        confirmPassword: '',
+      },
+      formSchema: {
+        newPassword: {
+          type: 'string',
+          required: true,
+          message: this.$t('settings.security.change-password.message-new-password-required'),
+        },
+        confirmPassword: [
+          { validator: this.matchPassword },
+          {
+            type: 'string',
+            required: true,
+            message: this.$t(
+              'settings.security.change-password.message-new-password-confirm-required',
+            ),
+          },
+        ],
+      },
+      disabled: true,
+      changePasswordResult: null,
+    }
+  },
+  methods: {
+    async handleInput() {
+      this.disabled = true
+    },
+    async handleInputValid() {
+      this.disabled = false
+    },
+    async handleSubmitPassword() {
+      const mutation = gql`
+        mutation($code: String!, $email: String!, $newPassword: String!) {
+          resetPassword(code: $code, email: $email, newPassword: $newPassword)
+        }
+      `
+      const { newPassword } = this.formData
+      const { email, code } = this
+      const variables = { newPassword, email, code }
+      try {
+        const {
+          data: { resetPassword },
+        } = await this.$apollo.mutate({ mutation, variables })
+        this.changePasswordResult = resetPassword ? 'success' : 'error'
+        setTimeout(() => {
+          this.$emit('passwordResetResponse', this.changePasswordResult)
+        }, 3000)
+        this.formData = {
+          newPassword: '',
+          confirmPassword: '',
+        }
+      } catch (err) {
+        this.$toast.error(err.message)
+      }
+    },
+    matchPassword(rule, value, callback, source, options) {
+      var errors = []
+      if (this.formData.newPassword !== value) {
+        errors.push(
+          new Error(this.$t('settings.security.change-password.message-new-password-missmatch')),
+        )
+      }
+      callback(errors)
+    },
+  },
+}
+</script>
diff --git a/webapp/components/PasswordReset/PasswordReset.spec.js b/webapp/components/PasswordReset/Request.spec.js
similarity index 94%
rename from webapp/components/PasswordReset/PasswordReset.spec.js
rename to webapp/components/PasswordReset/Request.spec.js
index 1adf68ee5..e7a1f6866 100644
--- a/webapp/components/PasswordReset/PasswordReset.spec.js
+++ b/webapp/components/PasswordReset/Request.spec.js
@@ -1,12 +1,12 @@
 import { mount, createLocalVue } from '@vue/test-utils'
-import PasswordReset from './PasswordReset'
+import Request from './Request'
 import Styleguide from '@human-connection/styleguide'
 
 const localVue = createLocalVue()
 
 localVue.use(Styleguide)
 
-describe('PasswordReset', () => {
+describe('Request', () => {
   let wrapper
   let Wrapper
   let mocks
@@ -29,7 +29,7 @@ describe('PasswordReset', () => {
     beforeEach(jest.useFakeTimers)
 
     Wrapper = () => {
-      return mount(PasswordReset, {
+      return mount(Request, {
         mocks,
         localVue,
       })
diff --git a/webapp/components/PasswordReset/PasswordReset.vue b/webapp/components/PasswordReset/Request.vue
similarity index 100%
rename from webapp/components/PasswordReset/PasswordReset.vue
rename to webapp/components/PasswordReset/Request.vue
diff --git a/webapp/components/PasswordReset/VerifyCode.spec.js b/webapp/components/PasswordReset/VerifyCode.spec.js
index 6f489e55f..062e7e8f7 100644
--- a/webapp/components/PasswordReset/VerifyCode.spec.js
+++ b/webapp/components/PasswordReset/VerifyCode.spec.js
@@ -13,15 +13,7 @@ describe('VerifyCode ', () => {
 
   beforeEach(() => {
     mocks = {
-      $toast: {
-        success: jest.fn(),
-        error: jest.fn(),
-      },
       $t: jest.fn(),
-      $apollo: {
-        loading: false,
-        mutate: jest.fn().mockResolvedValue({ data: { resetPassword: true } }),
-      },
     }
   })
 
@@ -48,42 +40,9 @@ describe('VerifyCode ', () => {
         wrapper.find('form').trigger('submit')
       })
 
-      it('displays a form to update your password', () => {
-        expect(wrapper.find('.change-password').exists()).toBe(true)
-      })
-
-      describe('submitting new password', () => {
-        beforeEach(() => {
-          wrapper.find('input#newPassword').setValue('supersecret')
-          wrapper.find('input#confirmPassword').setValue('supersecret')
-          wrapper.find('form').trigger('submit')
-        })
-
-        it('calls resetPassword graphql mutation', () => {
-          expect(mocks.$apollo.mutate).toHaveBeenCalled()
-        })
-
-        it('delivers new password to backend', () => {
-          const expected = expect.objectContaining({
-            variables: { code: '123456', email: 'mail@example.org', newPassword: 'supersecret' },
-          })
-          expect(mocks.$apollo.mutate).toHaveBeenCalledWith(expected)
-        })
-
-        describe('password reset successful', () => {
-          it('displays success message', () => {
-            const expected = 'verify-code.form.change-password.success'
-            expect(mocks.$t).toHaveBeenCalledWith(expected)
-          })
-
-          describe('after animation', () => {
-            beforeEach(jest.runAllTimers)
-
-            it('emits `change-password-sucess`', () => {
-              expect(wrapper.emitted('passwordResetResponse')).toEqual([['success']])
-            })
-          })
-        })
+      it('emits `verifyCode`', () => {
+        const expected = [[{ code: '123456', email: 'mail@example.org' }]]
+        expect(wrapper.emitted('verification')).toEqual(expected)
       })
     })
   })
diff --git a/webapp/components/PasswordReset/VerifyCode.vue b/webapp/components/PasswordReset/VerifyCode.vue
index d53d08bf2..410a027af 100644
--- a/webapp/components/PasswordReset/VerifyCode.vue
+++ b/webapp/components/PasswordReset/VerifyCode.vue
@@ -2,9 +2,8 @@
   <ds-card class="verify-code">
     <ds-space margin="large">
       <ds-form
-        v-if="!verificationSubmitted"
-        v-model="verification.formData"
-        :schema="verification.formSchema"
+        v-model="formData"
+        :schema="formSchema"
         @submit="handleSubmitVerify"
         @input="handleInput"
         @input-valid="handleInputValid"
@@ -32,116 +31,33 @@
           {{ $t('verify-code.form.next') }}
         </ds-button>
       </ds-form>
-      <template v-else>
-        <ds-form
-          v-if="!changePasswordResult"
-          v-model="password.formData"
-          :schema="password.formSchema"
-          @submit="handleSubmitPassword"
-          @input="handleInput"
-          @input-valid="handleInputValid"
-          class="change-password"
-        >
-          <ds-input
-            id="newPassword"
-            model="newPassword"
-            type="password"
-            autocomplete="off"
-            :label="$t('settings.security.change-password.label-new-password')"
-          />
-          <ds-input
-            id="confirmPassword"
-            model="confirmPassword"
-            type="password"
-            autocomplete="off"
-            :label="$t('settings.security.change-password.label-new-password-confirm')"
-          />
-          <password-strength :password="password.formData.newPassword" />
-          <ds-space margin-top="base">
-            <ds-button :loading="$apollo.loading" :disabled="disabled" primary>
-              {{ $t('settings.security.change-password.button') }}
-            </ds-button>
-          </ds-space>
-        </ds-form>
-        <ds-text v-else>
-          <template v-if="changePasswordResult === 'success'">
-            <sweetalert-icon icon="success" />
-            <ds-text>
-              {{ $t(`verify-code.form.change-password.success`) }}
-            </ds-text>
-          </template>
-          <template v-else>
-            <sweetalert-icon icon="error" />
-            <ds-text align="left">
-              {{ $t(`verify-code.form.change-password.error`) }}
-              {{ $t('verify-code.form.change-password.help') }}
-            </ds-text>
-            <a href="mailto:support@human-connection.org">support@human-connection.org</a>
-          </template>
-        </ds-text>
-      </template>
     </ds-space>
   </ds-card>
 </template>
 
 <script>
-import PasswordStrength from '../Password/Strength'
-import gql from 'graphql-tag'
-import { SweetalertIcon } from 'vue-sweetalert-icons'
-
 export default {
-  components: {
-    SweetalertIcon,
-    PasswordStrength,
-  },
   data() {
     return {
-      verification: {
-        formData: {
-          email: '',
-          code: '',
+      formData: {
+        email: '',
+        code: '',
+      },
+      formSchema: {
+        email: {
+          type: 'email',
+          required: true,
+          message: this.$t('common.validations.email'),
         },
-        formSchema: {
-          email: {
-            type: 'email',
-            required: true,
-            message: this.$t('common.validations.email'),
-          },
-          code: {
-            type: 'string',
-            min: 6,
-            max: 6,
-            required: true,
-            message: this.$t('common.validations.verification-code'),
-          },
+        code: {
+          type: 'string',
+          min: 6,
+          max: 6,
+          required: true,
+          message: this.$t('common.validations.verification-code'),
         },
       },
-      password: {
-        formData: {
-          newPassword: '',
-          confirmPassword: '',
-        },
-        formSchema: {
-          newPassword: {
-            type: 'string',
-            required: true,
-            message: this.$t('settings.security.change-password.message-new-password-required'),
-          },
-          confirmPassword: [
-            { validator: this.matchPassword },
-            {
-              type: 'string',
-              required: true,
-              message: this.$t(
-                'settings.security.change-password.message-new-password-confirm-required',
-              ),
-            },
-          ],
-        },
-      },
-      verificationSubmitted: false,
       disabled: true,
-      changePasswordResult: null,
     }
   },
   methods: {
@@ -152,45 +68,8 @@ export default {
       this.disabled = false
     },
     handleSubmitVerify() {
-      this.verificationSubmitted = true
-    },
-    async handleSubmitPassword() {
-      const mutation = gql`
-        mutation($code: String!, $email: String!, $newPassword: String!) {
-          resetPassword(code: $code, email: $email, newPassword: $newPassword)
-        }
-      `
-      const { newPassword } = this.password.formData
-      const { email, code } = this.verification.formData
-      const variables = { newPassword, email, code }
-      try {
-        const {
-          data: { resetPassword },
-        } = await this.$apollo.mutate({ mutation, variables })
-        this.changePasswordResult = resetPassword ? 'success' : 'error'
-        setTimeout(() => {
-          this.$emit('passwordResetResponse', this.changePasswordResult)
-        }, 3000)
-        this.verification.formData = {
-          code: '',
-          email: '',
-        }
-        this.password.formData = {
-          newPassword: '',
-          confirmPassword: '',
-        }
-      } catch (err) {
-        this.$toast.error(err.message)
-      }
-    },
-    matchPassword(rule, value, callback, source, options) {
-      var errors = []
-      if (this.password.formData.newPassword !== value) {
-        errors.push(
-          new Error(this.$t('settings.security.change-password.message-new-password-missmatch')),
-        )
-      }
-      callback(errors)
+      const { email, code } = this.formData
+      this.$emit('verification', { email, code })
     },
   },
 }
diff --git a/webapp/pages/password-reset/change-password.vue b/webapp/pages/password-reset/change-password.vue
new file mode 100644
index 000000000..12ccc192a
--- /dev/null
+++ b/webapp/pages/password-reset/change-password.vue
@@ -0,0 +1,28 @@
+<template>
+  <change-password
+    :email="email"
+    :code="code"
+    @passwordResetResponse="handlePasswordResetResponse"
+  />
+</template>
+
+<script>
+import ChangePassword from '~/components/PasswordReset/ChangePassword'
+
+export default {
+  data() {
+    const { email = '', code = '' } = this.$route.query
+    return { email, code }
+  },
+  components: {
+    ChangePassword,
+  },
+  methods: {
+    handlePasswordResetResponse(response) {
+      if (response === 'success') {
+        this.$router.push('/login')
+      }
+    },
+  },
+}
+</script>
diff --git a/webapp/pages/password-reset/request.vue b/webapp/pages/password-reset/request.vue
index 7cf37f537..9148b4ed4 100644
--- a/webapp/pages/password-reset/request.vue
+++ b/webapp/pages/password-reset/request.vue
@@ -1,13 +1,13 @@
 <template>
-  <password-reset @handleSubmitted="handlePasswordResetRequested" />
+  <request @handleSubmitted="handlePasswordResetRequested" />
 </template>
 
 <script>
-import PasswordReset from '~/components/PasswordReset/PasswordReset'
+import Request from '~/components/PasswordReset/Request'
 
 export default {
   components: {
-    PasswordReset,
+    Request,
   },
   methods: {
     handlePasswordResetRequested() {
diff --git a/webapp/pages/password-reset/verify-code.vue b/webapp/pages/password-reset/verify-code.vue
index e331c673c..f733eaa66 100644
--- a/webapp/pages/password-reset/verify-code.vue
+++ b/webapp/pages/password-reset/verify-code.vue
@@ -1,5 +1,5 @@
 <template>
-  <verify-code @passwordResetResponse="handlePasswordResetResponse" />
+  <verify-code @verification="handleVerification" />
 </template>
 
 <script>
@@ -10,10 +10,8 @@ export default {
     VerifyCode,
   },
   methods: {
-    handlePasswordResetResponse(response) {
-      if (response === 'success') {
-        this.$router.push('login')
-      }
+    handleVerification({ email, code }) {
+      this.$router.push({ path: 'change-password', query: { email, code } })
     },
   },
 }

From 3f5e9a21ccbc6ce3e5989bc99c385ac2090f2970 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Wed, 19 Jun 2019 14:47:10 +0200
Subject: [PATCH 44/62] Disable SEND_MAILS for local development and test

.. but enable it by default for `docker-compose.override.yml`. If the developer
uses `docker-compose` we can safely assume that a local smtp server for
development is running.
---
 backend/.env.template                         |  4 ++++
 backend/src/config/index.js                   |  1 +
 backend/src/schema/resolvers/passwordReset.js | 16 +++++++++-------
 docker-compose.override.yml                   |  6 ++++++
 4 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/backend/.env.template b/backend/.env.template
index e905d1eb6..5bbf65e3b 100644
--- a/backend/.env.template
+++ b/backend/.env.template
@@ -5,6 +5,10 @@ GRAPHQL_PORT=4000
 GRAPHQL_URI=http://localhost:4000
 CLIENT_URI=http://localhost:3000
 MOCKS=false
+SMTP_HOST=localhost
+SMTP_PORT=1025
+SMTP_USERNAME=
+SMTP_PASSWORD=
 
 JWT_SECRET="b/&&7b78BF&fv/Vd"
 MAPBOX_TOKEN="pk.eyJ1IjoiaHVtYW4tY29ubmVjdGlvbiIsImEiOiJjajl0cnBubGoweTVlM3VwZ2lzNTNud3ZtIn0.KZ8KK9l70omjXbEkkbHGsQ"
diff --git a/backend/src/config/index.js b/backend/src/config/index.js
index 6931126e2..f0959ab53 100644
--- a/backend/src/config/index.js
+++ b/backend/src/config/index.js
@@ -28,6 +28,7 @@ export const serverConfigs = {
 }
 
 export const developmentConfigs = {
+  SEND_MAILS: process.env.SEND_MAILS || false,
   DEBUG: process.env.NODE_ENV !== 'production' && process.env.DEBUG === 'true',
   MOCKS: process.env.MOCKS === 'true',
   DISABLED_MIDDLEWARES:
diff --git a/backend/src/schema/resolvers/passwordReset.js b/backend/src/schema/resolvers/passwordReset.js
index fe37187b5..ed9ec7ea1 100644
--- a/backend/src/schema/resolvers/passwordReset.js
+++ b/backend/src/schema/resolvers/passwordReset.js
@@ -41,13 +41,15 @@ export default {
     requestPasswordReset: async (_, { email }, { driver }) => {
       const code = uuid().substring(0, 6)
       await createPasswordReset({ driver, code, email })
-      await transporter().sendMail({
-        from: '"Human Connection" <info@human-connection.org>', // sender address
-        to: email, // list of receivers
-        subject: 'Password Reset', // Subject line
-        text: `Code is ${code}`, // plain text body
-        html: `Code is <b>${code}</b>`, // plain text body
-      })
+      if (CONFIG.SEND_MAILS) {
+        await transporter().sendMail({
+          from: '"Human Connection" <info@human-connection.org>', // sender address
+          to: email, // list of receivers
+          subject: 'Password Reset', // Subject line
+          text: `Code is ${code}`, // plain text body
+          html: `Code is <b>${code}</b>`, // plain text body
+        })
+      }
 
       return true
     },
diff --git a/docker-compose.override.yml b/docker-compose.override.yml
index d7ee86bd6..9c82a8df5 100644
--- a/docker-compose.override.yml
+++ b/docker-compose.override.yml
@@ -5,6 +5,8 @@ services:
     image: djfarrelly/maildev
     ports:
       - 1080:80
+    networks:
+      - hc-network
   webapp:
     build:
       context: webapp
@@ -24,6 +26,10 @@ services:
       - backend_node_modules:/nitro-backend/node_modules
       - uploads:/nitro-backend/public/uploads
     command: yarn run dev
+    environment:
+      - SEND_MAILS=true
+      - SMTP_HOST=mailserver
+      - SMTP_PORT=25
   neo4j:
     environment:
       - NEO4J_AUTH=none

From 61ad100bfbf53539ebcea743a38d3e4a2745591e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Thu, 20 Jun 2019 00:09:26 +0200
Subject: [PATCH 45/62] Get rid of unnecessary .env var - document it

---
 backend/.env.template                         |  4 ++--
 backend/README.md                             |  3 +++
 backend/src/config/index.js                   | 23 +++++++++----------
 backend/src/schema/resolvers/passwordReset.js |  2 +-
 4 files changed, 17 insertions(+), 15 deletions(-)

diff --git a/backend/.env.template b/backend/.env.template
index 5bbf65e3b..273ad7e64 100644
--- a/backend/.env.template
+++ b/backend/.env.template
@@ -5,8 +5,8 @@ GRAPHQL_PORT=4000
 GRAPHQL_URI=http://localhost:4000
 CLIENT_URI=http://localhost:3000
 MOCKS=false
-SMTP_HOST=localhost
-SMTP_PORT=1025
+SMTP_HOST=
+SMTP_PORT=
 SMTP_USERNAME=
 SMTP_PASSWORD=
 
diff --git a/backend/README.md b/backend/README.md
index 3cce123ac..cd56e231f 100644
--- a/backend/README.md
+++ b/backend/README.md
@@ -44,6 +44,9 @@ or start the backend in production environment with:
 yarn run start
 ```
 
+For e-mail delivery, please configure at least `SMTP_HOST` and `SMTP_PORT` in
+your `.env` configuration file.
+
 Your backend is up and running at [http://localhost:4000/](http://localhost:4000/)
 This will start the GraphQL service \(by default on localhost:4000\) where you
 can issue GraphQL requests or access GraphQL Playground in the browser.
diff --git a/backend/src/config/index.js b/backend/src/config/index.js
index f0959ab53..e376c51e3 100644
--- a/backend/src/config/index.js
+++ b/backend/src/config/index.js
@@ -2,18 +2,18 @@ import dotenv from 'dotenv'
 
 dotenv.config()
 
-export const requiredConfigs = {
-  MAPBOX_TOKEN: process.env.MAPBOX_TOKEN,
-  JWT_SECRET: process.env.JWT_SECRET,
-  PRIVATE_KEY_PASSPHRASE: process.env.PRIVATE_KEY_PASSPHRASE,
-}
+const {
+MAPBOX_TOKEN,
+JWT_SECRET,
+PRIVATE_KEY_PASSPHRASE,
+SMTP_HOST,
+SMTP_PORT,
+SMTP_USERNAME,
+SMTP_PASSWORD,
+} = process.env
 
-export const smtpConfigs = {
-  SMTP_HOST: process.env.SMTP_HOST || 'localhost',
-  SMTP_PORT: process.env.SMTP_PORT || 1025,
-  SMTP_USERNAME: process.env.SMTP_USERNAME,
-  SMTP_PASSWORD: process.env.SMTP_PASSWORD,
-}
+export const requiredConfigs = { MAPBOX_TOKEN, JWT_SECRET, PRIVATE_KEY_PASSPHRASE }
+export const smtpConfigs = { SMTP_HOST, SMTP_PORT, SMTP_USERNAME, SMTP_PASSWORD }
 
 export const neo4jConfigs = {
   NEO4J_URI: process.env.NEO4J_URI || 'bolt://localhost:7687',
@@ -28,7 +28,6 @@ export const serverConfigs = {
 }
 
 export const developmentConfigs = {
-  SEND_MAILS: process.env.SEND_MAILS || false,
   DEBUG: process.env.NODE_ENV !== 'production' && process.env.DEBUG === 'true',
   MOCKS: process.env.MOCKS === 'true',
   DISABLED_MIDDLEWARES:
diff --git a/backend/src/schema/resolvers/passwordReset.js b/backend/src/schema/resolvers/passwordReset.js
index ed9ec7ea1..baf6c1339 100644
--- a/backend/src/schema/resolvers/passwordReset.js
+++ b/backend/src/schema/resolvers/passwordReset.js
@@ -41,7 +41,7 @@ export default {
     requestPasswordReset: async (_, { email }, { driver }) => {
       const code = uuid().substring(0, 6)
       await createPasswordReset({ driver, code, email })
-      if (CONFIG.SEND_MAILS) {
+      if (CONFIG.SMTP_HOST && CONFIG.SMTP_PORT) {
         await transporter().sendMail({
           from: '"Human Connection" <info@human-connection.org>', // sender address
           to: email, // list of receivers

From 9dd340c69b794b4aa8b59d0d94827f536f64849a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Thu, 20 Jun 2019 01:29:50 +0200
Subject: [PATCH 46/62] Template emails based on postmark-templates

Credit: https://github.com/wildbit/postmark-templates/

Also we distinguish now if a user has been found and if not. The
password reset link brings us directly to the last step in the flow.
---
 backend/src/config/index.js                   | 14 +--
 backend/src/schema/resolvers/passwordReset.js | 20 ++---
 .../resolvers/passwordReset/emailTemplates.js | 85 +++++++++++++++++++
 3 files changed, 100 insertions(+), 19 deletions(-)
 create mode 100644 backend/src/schema/resolvers/passwordReset/emailTemplates.js

diff --git a/backend/src/config/index.js b/backend/src/config/index.js
index e376c51e3..7b254c044 100644
--- a/backend/src/config/index.js
+++ b/backend/src/config/index.js
@@ -3,13 +3,13 @@ import dotenv from 'dotenv'
 dotenv.config()
 
 const {
-MAPBOX_TOKEN,
-JWT_SECRET,
-PRIVATE_KEY_PASSPHRASE,
-SMTP_HOST,
-SMTP_PORT,
-SMTP_USERNAME,
-SMTP_PASSWORD,
+  MAPBOX_TOKEN,
+  JWT_SECRET,
+  PRIVATE_KEY_PASSPHRASE,
+  SMTP_HOST,
+  SMTP_PORT,
+  SMTP_USERNAME,
+  SMTP_PASSWORD,
 } = process.env
 
 export const requiredConfigs = { MAPBOX_TOKEN, JWT_SECRET, PRIVATE_KEY_PASSPHRASE }
diff --git a/backend/src/schema/resolvers/passwordReset.js b/backend/src/schema/resolvers/passwordReset.js
index baf6c1339..b80e3d6aa 100644
--- a/backend/src/schema/resolvers/passwordReset.js
+++ b/backend/src/schema/resolvers/passwordReset.js
@@ -2,6 +2,7 @@ import uuid from 'uuid/v4'
 import bcrypt from 'bcryptjs'
 import CONFIG from '../../config'
 import nodemailer from 'nodemailer'
+import { resetPasswordMail, wrongAccountMail } from './passwordReset/emailTemplates'
 
 const transporter = () => {
   const { SMTP_HOST: host, SMTP_PORT: port, SMTP_USERNAME: user, SMTP_PASSWORD: pass } = CONFIG
@@ -24,33 +25,28 @@ export async function createPasswordReset(options) {
       MATCH (u:User) WHERE u.email = $email
       CREATE(pr:PasswordReset {code: $code, issuedAt: datetime($issuedAt), usedAt: NULL})
       MERGE (u)-[:REQUESTED]->(pr)
-      RETURN pr
+      RETURN u
       `
   const transactionRes = await session.run(cypher, {
     issuedAt: issuedAt.toISOString(),
     code,
     email,
   })
-  const resets = transactionRes.records.map(record => record.get('pr'))
+  const users = transactionRes.records.map(record => record.get('u'))
   session.close()
-  return resets
+  return users
 }
 
 export default {
   Mutation: {
     requestPasswordReset: async (_, { email }, { driver }) => {
       const code = uuid().substring(0, 6)
-      await createPasswordReset({ driver, code, email })
+      const [user] = await createPasswordReset({ driver, code, email })
       if (CONFIG.SMTP_HOST && CONFIG.SMTP_PORT) {
-        await transporter().sendMail({
-          from: '"Human Connection" <info@human-connection.org>', // sender address
-          to: email, // list of receivers
-          subject: 'Password Reset', // Subject line
-          text: `Code is ${code}`, // plain text body
-          html: `Code is <b>${code}</b>`, // plain text body
-        })
+        const name = (user && user.name) || ''
+        const mailTemplate = user ? resetPasswordMail : wrongAccountMail
+        await transporter().sendMail(mailTemplate({ email, code, name }))
       }
-
       return true
     },
     resetPassword: async (_, { email, code, newPassword }, { driver }) => {
diff --git a/backend/src/schema/resolvers/passwordReset/emailTemplates.js b/backend/src/schema/resolvers/passwordReset/emailTemplates.js
new file mode 100644
index 000000000..10d9c4ed5
--- /dev/null
+++ b/backend/src/schema/resolvers/passwordReset/emailTemplates.js
@@ -0,0 +1,85 @@
+import CONFIG from '../../../config'
+
+export const from = '"Human Connection" <info@human-connection.org>'
+
+export const resetPasswordMail = options => {
+  const {
+    name,
+    email,
+    code,
+    subject = 'Use this link to reset your password. The link is only valid for 24 hours.',
+    supportUrl = 'https://human-connection.org/en/contact/',
+  } = options
+  const actionUrl = new URL('/password-reset/change-password', CONFIG.CLIENT_URI)
+  actionUrl.searchParams.set('code', code)
+  actionUrl.searchParams.set('email', email)
+
+  return {
+    to: email,
+    subject,
+    text: `
+Hi ${name}!
+
+You recently requested to reset your password for your Human Connection account.
+Use the button below to reset it. This password reset is only valid for the next
+24 hours.
+
+${actionUrl}
+
+If you did not request a password reset, please ignore this email or contact
+support if you have questions:
+
+${supportUrl}
+
+Thanks,
+The Human Connection Team
+
+If you’re having trouble with the link above, you can manually copy and
+paste the following code into your browser window:
+
+${code}
+
+Human Connection gemeinnützige GmbH
+Bahnhofstr. 11
+73235 Weilheim / Teck
+Deutschland
+    `,
+  }
+}
+
+export const wrongAccountMail = options => {
+  const {
+    email,
+    subject = `We received a request to reset your password with this email address (${email})`,
+    supportUrl = 'https://human-connection.org/en/contact/',
+  } = options
+  const actionUrl = new URL('/password-reset/request', CONFIG.CLIENT_URI)
+  return {
+    to: email,
+    subject,
+    text: `
+We received a request to reset the password to access Human Connection with your
+email address, but we were unable to find an account associated with this
+address.
+
+If you use Human Connection and were expecting this email, consider trying to
+request a password reset using the email address associated with your account.
+Try a different email:
+
+${actionUrl}
+
+If you do not use Human Connection or did not request a password reset, please
+ignore this email. Feel free to contact support if you have further questions:
+
+${supportUrl}
+
+Thanks,
+The Human Connection Team
+
+Human Connection gemeinnützige GmbH
+Bahnhofstr. 11
+73235 Weilheim / Teck
+Deutschland
+  `,
+  }
+}

From c1ca7c6e5846f9d9dddf3a45fb0a2dbef06f8936 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <dependabot-preview[bot]@users.noreply.github.com>
Date: Thu, 20 Jun 2019 04:34:36 +0000
Subject: [PATCH 47/62] Bump graphql-yoga from 1.17.4 to 1.18.0 in /backend

Bumps [graphql-yoga](https://github.com/prisma/graphql-yoga) from 1.17.4 to 1.18.0.
- [Release notes](https://github.com/prisma/graphql-yoga/releases)
- [Commits](https://github.com/prisma/graphql-yoga/compare/v1.17.4...v1.18.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 backend/package.json |  2 +-
 backend/yarn.lock    | 57 ++++++++++++++++++++++++++------------------
 2 files changed, 35 insertions(+), 24 deletions(-)

diff --git a/backend/package.json b/backend/package.json
index e6c6f7cc3..4637769b9 100644
--- a/backend/package.json
+++ b/backend/package.json
@@ -63,7 +63,7 @@
     "graphql-middleware": "~3.0.2",
     "graphql-shield": "~5.3.8",
     "graphql-tag": "~2.10.1",
-    "graphql-yoga": "~1.17.4",
+    "graphql-yoga": "~1.18.0",
     "helmet": "~3.18.0",
     "jsonwebtoken": "~8.5.1",
     "linkifyjs": "~2.1.8",
diff --git a/backend/yarn.lock b/backend/yarn.lock
index ea5891a1f..ec14eeadf 100644
--- a/backend/yarn.lock
+++ b/backend/yarn.lock
@@ -1020,16 +1020,7 @@
     "@types/node" "*"
     "@types/range-parser" "*"
 
-"@types/express@*", "@types/express@^4.11.1":
-  version "4.16.0"
-  resolved "https://registry.yarnpkg.com/@types/express/-/express-4.16.0.tgz#6d8bc42ccaa6f35cf29a2b7c3333cb47b5a32a19"
-  integrity sha512-TtPEYumsmSTtTetAPXlJVf3kEqb6wZK0bZojpJQrnD/djV4q1oB6QQ8aKvKqwNPACoe02GNiy5zDzcYivR5Z2w==
-  dependencies:
-    "@types/body-parser" "*"
-    "@types/express-serve-static-core" "*"
-    "@types/serve-static" "*"
-
-"@types/express@4.17.0":
+"@types/express@*", "@types/express@4.17.0", "@types/express@^4.11.1":
   version "4.17.0"
   resolved "https://registry.yarnpkg.com/@types/express/-/express-4.17.0.tgz#49eaedb209582a86f12ed9b725160f12d04ef287"
   integrity sha512-CjaMu57cjgjuZbh9DpkloeGxV45CnMGlVd+XpG7Gm9QgVrd7KFq+X4HY0vM+2v0bczS48Wg7bvnMY5TN+Xmcfw==
@@ -2070,6 +2061,13 @@ busboy@^0.2.14:
     dicer "0.2.5"
     readable-stream "1.1.x"
 
+busboy@^0.3.1:
+  version "0.3.1"
+  resolved "https://registry.yarnpkg.com/busboy/-/busboy-0.3.1.tgz#170899274c5bf38aae27d5c62b71268cd585fd1b"
+  integrity sha512-y7tTxhGKXcyBxRKAni+awqx8uqaJKrSFSNFSeRG5CsWNdmy2BIK+6VGWEW7TZnIO/533mtMEA4rOevQV815YJw==
+  dependencies:
+    dicer "0.3.0"
+
 bytes@3.1.0:
   version "3.1.0"
   resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.1.0.tgz#f6cf7933a360e0588fa9fde85651cdc7f805d1f6"
@@ -2721,6 +2719,13 @@ dicer@0.2.5:
     readable-stream "1.1.x"
     streamsearch "0.1.2"
 
+dicer@0.3.0:
+  version "0.3.0"
+  resolved "https://registry.yarnpkg.com/dicer/-/dicer-0.3.0.tgz#eacd98b3bfbf92e8ab5c2fdb71aaac44bb06b872"
+  integrity sha512-MdceRRWqltEG2dZqO769g27N/3PXfcKl04VhYnBlo2YhH7zPi88VebsjTKclaOyiuMaGU72hTfw3VkUitGcVCA==
+  dependencies:
+    streamsearch "0.1.2"
+
 diff-sequences@^24.3.0:
   version "24.3.0"
   resolved "https://registry.yarnpkg.com/diff-sequences/-/diff-sequences-24.3.0.tgz#0f20e8a1df1abddaf4d9c226680952e64118b975"
@@ -3535,6 +3540,11 @@ fs-capacitor@^1.0.0:
   resolved "https://registry.yarnpkg.com/fs-capacitor/-/fs-capacitor-1.0.1.tgz#ff9dbfa14dfaf4472537720f19c3088ed9278df0"
   integrity sha512-XdZK0Q78WP29Vm3FGgJRhRhrBm51PagovzWtW2kJ3Q6cYJbGtZqWSGTSPwvtEkyjIirFd7b8Yes/dpOYjt4RRQ==
 
+fs-capacitor@^2.0.4:
+  version "2.0.4"
+  resolved "https://registry.yarnpkg.com/fs-capacitor/-/fs-capacitor-2.0.4.tgz#5a22e72d40ae5078b4fe64fe4d08c0d3fc88ad3c"
+  integrity sha512-8S4f4WsCryNw2mJJchi46YgB6CR5Ze+4L1h8ewl9tEpL4SJ3ZO+c/bS4BWhB8bK+O3TMqhuZarTitd0S0eh2pA==
+
 fs-minipass@^1.2.5:
   version "1.2.5"
   resolved "https://registry.yarnpkg.com/fs-minipass/-/fs-minipass-1.2.5.tgz#06c277218454ec288df77ada54a03b8702aacb9d"
@@ -3812,20 +3822,20 @@ graphql-tools@^4.0.0, graphql-tools@^4.0.4:
     iterall "^1.1.3"
     uuid "^3.1.0"
 
-graphql-upload@^8.0.2:
-  version "8.0.2"
-  resolved "https://registry.yarnpkg.com/graphql-upload/-/graphql-upload-8.0.2.tgz#1c1f116f15b7f8485cf40ff593a21368f0f58856"
-  integrity sha512-u8a5tKPfJ0rU4MY+B3skabL8pEjMkm3tUzq25KBx6nT0yEWmqUO7Z5tdwvwYLFpkLwew94Gue0ARbZtar3gLTw==
+graphql-upload@^8.0.0, graphql-upload@^8.0.2:
+  version "8.0.7"
+  resolved "https://registry.yarnpkg.com/graphql-upload/-/graphql-upload-8.0.7.tgz#8644264e241529552ea4b3797e7ee15809cf01a3"
+  integrity sha512-gi2yygbDPXbHPC7H0PNPqP++VKSoNoJO4UrXWq4T0Bi4IhyUd3Ycop/FSxhx2svWIK3jdXR/i0vi91yR1aAF0g==
   dependencies:
-    busboy "^0.2.14"
-    fs-capacitor "^1.0.0"
-    http-errors "^1.7.1"
+    busboy "^0.3.1"
+    fs-capacitor "^2.0.4"
+    http-errors "^1.7.2"
     object-path "^0.11.4"
 
-graphql-yoga@~1.17.4:
-  version "1.17.4"
-  resolved "https://registry.yarnpkg.com/graphql-yoga/-/graphql-yoga-1.17.4.tgz#6d325a6270399edf0776fb5f60a2e9e19512e63c"
-  integrity sha512-zOXFtmS43xDLoECKiuA3xVWH/wLDvLH1D/5fBKcaMFdF43ifDfnA9N6dlGggqAoOhqBnrqHwDpoKlJ6sI1LuxA==
+graphql-yoga@~1.18.0:
+  version "1.18.0"
+  resolved "https://registry.yarnpkg.com/graphql-yoga/-/graphql-yoga-1.18.0.tgz#2668278e94a0bd1b2ff8c60f928c4e18d62e381a"
+  integrity sha512-WEibitQA2oFTmD7XBO8/ps8DWeVpkzOzgbB3EvtM2oIpyGhPCzRZYrC7OS9MmijvRwLRXsgHImHWUm82ZrIOWA==
   dependencies:
     "@types/cors" "^2.8.4"
     "@types/express" "^4.11.1"
@@ -3847,6 +3857,7 @@ graphql-yoga@~1.17.4:
     graphql-playground-middleware-lambda "1.7.12"
     graphql-subscriptions "^0.5.8"
     graphql-tools "^4.0.0"
+    graphql-upload "^8.0.0"
     subscriptions-transport-ws "^0.9.8"
 
 "graphql@^0.11.0 || ^0.12.0 || ^0.13.0 || ^14.0.0", graphql@^14.2.1, graphql@~14.3.1:
@@ -4045,7 +4056,7 @@ htmlparser2@^3.10.0, htmlparser2@^3.9.1:
     inherits "^2.0.1"
     readable-stream "^3.0.6"
 
-http-errors@1.7.2, http-errors@~1.7.2:
+http-errors@1.7.2, http-errors@^1.7.2, http-errors@~1.7.2:
   version "1.7.2"
   resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.7.2.tgz#4f5029cf13239f31036e5b2e55292bcfbcc85c8f"
   integrity sha512-uUQBt3H/cSIVfch6i1EuPNy/YsRSOUBXTVfZ+yR7Zjez3qjBz6i9+i4zjNaoqcoFVI4lQJ5plg63TvGfRSDCRg==
@@ -4056,7 +4067,7 @@ http-errors@1.7.2, http-errors@~1.7.2:
     statuses ">= 1.5.0 < 2"
     toidentifier "1.0.0"
 
-http-errors@^1.7.0, http-errors@^1.7.1:
+http-errors@^1.7.0:
   version "1.7.1"
   resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.7.1.tgz#6a4ffe5d35188e1c39f872534690585852e1f027"
   integrity sha512-jWEUgtZWGSMba9I1N3gc1HmvpBUaNC9vDdA46yScAdp+C5rdEuKWUBLWTQpW9FwSWSbYYs++b6SDCxf9UEJzfw==

From 37b913620f208f122410a68ffc387d6e634e742c Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <dependabot-preview[bot]@users.noreply.github.com>
Date: Thu, 20 Jun 2019 04:35:38 +0000
Subject: [PATCH 48/62] Bump graphql-shield from 5.3.8 to 5.6.1 in /backend

Bumps [graphql-shield](https://github.com/maticzav/graphql-shield) from 5.3.8 to 5.6.1.
- [Release notes](https://github.com/maticzav/graphql-shield/releases)
- [Commits](https://github.com/maticzav/graphql-shield/compare/v5.3.8...v5.6.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 backend/package.json | 2 +-
 backend/yarn.lock    | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/backend/package.json b/backend/package.json
index e6c6f7cc3..c8c44af71 100644
--- a/backend/package.json
+++ b/backend/package.json
@@ -61,7 +61,7 @@
     "graphql-custom-directives": "~0.2.14",
     "graphql-iso-date": "~3.6.1",
     "graphql-middleware": "~3.0.2",
-    "graphql-shield": "~5.3.8",
+    "graphql-shield": "~5.6.1",
     "graphql-tag": "~2.10.1",
     "graphql-yoga": "~1.17.4",
     "helmet": "~3.18.0",
diff --git a/backend/yarn.lock b/backend/yarn.lock
index ea5891a1f..b7ec8a57d 100644
--- a/backend/yarn.lock
+++ b/backend/yarn.lock
@@ -3772,10 +3772,10 @@ graphql-request@~1.8.2:
   dependencies:
     cross-fetch "2.2.2"
 
-graphql-shield@~5.3.8:
-  version "5.3.8"
-  resolved "https://registry.yarnpkg.com/graphql-shield/-/graphql-shield-5.3.8.tgz#f9e7ad2285f6cfbe20a8a49154ce6c1b184e3893"
-  integrity sha512-33rQ8U5jMurHIapctHk7hBcUg3nxC7fmMIMtyWiomJXhBmztFq/SG7jNaapnL5M7Q/0BmoaSQd3FLSpelP9KPw==
+graphql-shield@~5.6.1:
+  version "5.6.1"
+  resolved "https://registry.yarnpkg.com/graphql-shield/-/graphql-shield-5.6.1.tgz#f4c9fb5ed329f823a738ad974b300d4a982691ca"
+  integrity sha512-Zrxrvx1Ep/nDdfQh/wN5PrH9JE4OEFdUmLzuyZSIGIAQWyXDk8FAl0cuNulnqI+zqrDzZ9TUj/zO3oV4hNKqCA==
   dependencies:
     "@types/yup" "0.26.16"
     lightercollective "^0.3.0"

From ff46740e90812db7e723384316975c347c741437 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Thu, 20 Jun 2019 15:12:26 +0200
Subject: [PATCH 49/62] Follow @mattwr18 suggetions don't enter mail twice

---
 .../components/PasswordReset/Request.spec.js  |  2 +-
 webapp/components/PasswordReset/Request.vue   |  6 +++---
 .../components/PasswordReset/VerifyCode.vue   | 19 +++++--------------
 webapp/pages/password-reset/request.vue       |  4 ++--
 webapp/pages/password-reset/verify-code.vue   |  6 +++++-
 5 files changed, 16 insertions(+), 21 deletions(-)

diff --git a/webapp/components/PasswordReset/Request.spec.js b/webapp/components/PasswordReset/Request.spec.js
index e7a1f6866..c9128a70e 100644
--- a/webapp/components/PasswordReset/Request.spec.js
+++ b/webapp/components/PasswordReset/Request.spec.js
@@ -69,7 +69,7 @@ describe('Request', () => {
         beforeEach(jest.runAllTimers)
 
         it('emits `handleSubmitted`', () => {
-          expect(wrapper.emitted('handleSubmitted')).toBeTruthy()
+          expect(wrapper.emitted('handleSubmitted')).toEqual([[{ email: 'mail@example.org' }]])
         })
       })
     })
diff --git a/webapp/components/PasswordReset/Request.vue b/webapp/components/PasswordReset/Request.vue
index f183307e6..8ca2da89b 100644
--- a/webapp/components/PasswordReset/Request.vue
+++ b/webapp/components/PasswordReset/Request.vue
@@ -89,14 +89,14 @@ export default {
           requestPasswordReset(email: $email)
         }
       `
-      const variables = this.formData
+      const { email } = this.formData
 
       try {
-        await this.$apollo.mutate({ mutation, variables })
+        await this.$apollo.mutate({ mutation, variables: { email } })
         this.submitted = true
 
         setTimeout(() => {
-          this.$emit('handleSubmitted')
+          this.$emit('handleSubmitted', { email })
         }, 3000)
       } catch (err) {
         this.$toast.error(err.message)
diff --git a/webapp/components/PasswordReset/VerifyCode.vue b/webapp/components/PasswordReset/VerifyCode.vue
index 410a027af..de1495e36 100644
--- a/webapp/components/PasswordReset/VerifyCode.vue
+++ b/webapp/components/PasswordReset/VerifyCode.vue
@@ -8,13 +8,6 @@
         @input="handleInput"
         @input-valid="handleInputValid"
       >
-        <ds-input
-          :placeholder="$t('login.email')"
-          model="email"
-          id="email"
-          name="email"
-          icon="envelope"
-        />
         <ds-input
           :placeholder="$t('verify-code.form.code')"
           model="code"
@@ -37,18 +30,15 @@
 
 <script>
 export default {
+  props: {
+    email: { type: String, required: true },
+  },
   data() {
     return {
       formData: {
-        email: '',
         code: '',
       },
       formSchema: {
-        email: {
-          type: 'email',
-          required: true,
-          message: this.$t('common.validations.email'),
-        },
         code: {
           type: 'string',
           min: 6,
@@ -68,7 +58,8 @@ export default {
       this.disabled = false
     },
     handleSubmitVerify() {
-      const { email, code } = this.formData
+      const { code } = this.formData
+      const email = this.email
       this.$emit('verification', { email, code })
     },
   },
diff --git a/webapp/pages/password-reset/request.vue b/webapp/pages/password-reset/request.vue
index 9148b4ed4..b7e5fe21a 100644
--- a/webapp/pages/password-reset/request.vue
+++ b/webapp/pages/password-reset/request.vue
@@ -10,8 +10,8 @@ export default {
     Request,
   },
   methods: {
-    handlePasswordResetRequested() {
-      this.$router.push('verify-code')
+    handlePasswordResetRequested({ email }) {
+      this.$router.push({ path: 'verify-code', query: { email } })
     },
   },
 }
diff --git a/webapp/pages/password-reset/verify-code.vue b/webapp/pages/password-reset/verify-code.vue
index f733eaa66..c814ea9ba 100644
--- a/webapp/pages/password-reset/verify-code.vue
+++ b/webapp/pages/password-reset/verify-code.vue
@@ -1,5 +1,5 @@
 <template>
-  <verify-code @verification="handleVerification" />
+  <verify-code :email="email" @verification="handleVerification" />
 </template>
 
 <script>
@@ -9,6 +9,10 @@ export default {
   components: {
     VerifyCode,
   },
+  data() {
+    const { email = '' } = this.$route.query
+    return { email }
+  },
   methods: {
     handleVerification({ email, code }) {
       this.$router.push({ path: 'change-password', query: { email, code } })

From 9ec9034ea5f935c460d62bc3fd1ad5356e834bb0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Thu, 20 Jun 2019 15:25:59 +0200
Subject: [PATCH 50/62] Fix translatios as suggested by @Tirokk

---
 backend/src/schema/resolvers/passwordReset/emailTemplates.js | 4 ++--
 webapp/locales/de.json                                       | 4 ++--
 webapp/locales/en.json                                       | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/backend/src/schema/resolvers/passwordReset/emailTemplates.js b/backend/src/schema/resolvers/passwordReset/emailTemplates.js
index 10d9c4ed5..8508adccc 100644
--- a/backend/src/schema/resolvers/passwordReset/emailTemplates.js
+++ b/backend/src/schema/resolvers/passwordReset/emailTemplates.js
@@ -21,7 +21,7 @@ export const resetPasswordMail = options => {
 Hi ${name}!
 
 You recently requested to reset your password for your Human Connection account.
-Use the button below to reset it. This password reset is only valid for the next
+Use the link below to reset it. This password reset is only valid for the next
 24 hours.
 
 ${actionUrl}
@@ -34,7 +34,7 @@ ${supportUrl}
 Thanks,
 The Human Connection Team
 
-If you’re having trouble with the link above, you can manually copy and
+If you're having trouble with the link above, you can manually copy and
 paste the following code into your browser window:
 
 ${code}
diff --git a/webapp/locales/de.json b/webapp/locales/de.json
index aa44dcbbd..041539acd 100644
--- a/webapp/locales/de.json
+++ b/webapp/locales/de.json
@@ -25,10 +25,10 @@
   "verify-code": {
     "form": {
       "code": "Code eingeben",
-      "description": "Öffne Deine E-Mail Postfach und gib den Code ein, den wir geschickt haben.",
+      "description": "Öffne dein E-Mail Postfach und gib den Code ein, den wir geschickt haben.",
       "next": "Weiter",
       "change-password":{
-        "success": "Änderung des Passworts war erfolgreich",
+        "success": "Änderung des Passworts war erfolgreich!",
         "error": "Passwort Änderung fehlgeschlagen. Möglicherweise falscher Sicherheitscode?",
         "help": "Falls Probleme auftreten, schreib uns gerne eine Mail an:"
       }
diff --git a/webapp/locales/en.json b/webapp/locales/en.json
index 90229d09d..2442dc202 100644
--- a/webapp/locales/en.json
+++ b/webapp/locales/en.json
@@ -28,7 +28,7 @@
       "description": "Open your inbox and enter the code that we've sent to you.",
       "next": "Continue",
       "change-password": {
-        "success": "Changing your password was successful",
+        "success": "Changing your password was successful!",
         "error": "Changing your password failed. Maybe the security code was not correct?",
         "help": "In case of problems, feel free to ask for help by sending us a mail to:"
       }

From 1ed338542c5cb7fdca882dd255ec6b88abacabda Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Thu, 20 Jun 2019 15:29:19 +0200
Subject: [PATCH 51/62] Another suggestion by @Tirokk

---
 backend/src/schema/resolvers/passwordReset.js | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/backend/src/schema/resolvers/passwordReset.js b/backend/src/schema/resolvers/passwordReset.js
index b80e3d6aa..e822c4649 100644
--- a/backend/src/schema/resolvers/passwordReset.js
+++ b/backend/src/schema/resolvers/passwordReset.js
@@ -55,15 +55,15 @@ export default {
       stillValid.setDate(stillValid.getDate() - 1)
       const newHashedPassword = await bcrypt.hashSync(newPassword, 10)
       const cypher = `
-      MATCH (r:PasswordReset {code: $code})
-      MATCH (u:User {email: $email})-[:REQUESTED]->(r)
-      WHERE duration.between(r.issuedAt, datetime()).days <= 0 AND r.usedAt IS NULL
-      SET r.usedAt = datetime()
+      MATCH (pr:PasswordReset {code: $code})
+      MATCH (u:User {email: $email})-[:REQUESTED]->(pr)
+      WHERE duration.between(pr.issuedAt, datetime()).days <= 0 AND pr.usedAt IS NULL
+      SET pr.usedAt = datetime()
       SET u.password = $newHashedPassword
-      RETURN r
+      RETURN pr
       `
       let transactionRes = await session.run(cypher, { stillValid, email, code, newHashedPassword })
-      const [reset] = transactionRes.records.map(record => record.get('r'))
+      const [reset] = transactionRes.records.map(record => record.get('pr'))
       const result = !!(reset && reset.properties.usedAt)
       session.close()
       return result

From da30001ba885551a07d3821e028cac249e96d48c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Thu, 20 Jun 2019 15:51:28 +0200
Subject: [PATCH 52/62] Testing mail delivery with a remote SMTP server

---
 backend/.env.template                         |  1 +
 backend/src/config/index.js                   | 27 ++++++++++---------
 backend/src/schema/resolvers/passwordReset.js |  8 +++---
 docker-compose.override.yml                   |  2 +-
 4 files changed, 21 insertions(+), 17 deletions(-)

diff --git a/backend/.env.template b/backend/.env.template
index 273ad7e64..0c80529a1 100644
--- a/backend/.env.template
+++ b/backend/.env.template
@@ -7,6 +7,7 @@ CLIENT_URI=http://localhost:3000
 MOCKS=false
 SMTP_HOST=
 SMTP_PORT=
+SMTP_IGNORE_TLS=true
 SMTP_USERNAME=
 SMTP_PASSWORD=
 
diff --git a/backend/src/config/index.js b/backend/src/config/index.js
index 7b254c044..320b636e9 100644
--- a/backend/src/config/index.js
+++ b/backend/src/config/index.js
@@ -6,26 +6,29 @@ const {
   MAPBOX_TOKEN,
   JWT_SECRET,
   PRIVATE_KEY_PASSPHRASE,
+  SMTP_IGNORE_TLS = true,
   SMTP_HOST,
   SMTP_PORT,
   SMTP_USERNAME,
   SMTP_PASSWORD,
+  NEO4J_URI = 'bolt://localhost:7687',
+  NEO4J_USERNAME = 'neo4j',
+  NEO4J_PASSWORD = 'neo4j',
+  GRAPHQL_PORT = 4000,
+  CLIENT_URI = 'http://localhost:3000',
+  GRAPHQL_URI = 'http://localhost:4000',
 } = process.env
 
 export const requiredConfigs = { MAPBOX_TOKEN, JWT_SECRET, PRIVATE_KEY_PASSPHRASE }
-export const smtpConfigs = { SMTP_HOST, SMTP_PORT, SMTP_USERNAME, SMTP_PASSWORD }
-
-export const neo4jConfigs = {
-  NEO4J_URI: process.env.NEO4J_URI || 'bolt://localhost:7687',
-  NEO4J_USERNAME: process.env.NEO4J_USERNAME || 'neo4j',
-  NEO4J_PASSWORD: process.env.NEO4J_PASSWORD || 'neo4j',
-}
-
-export const serverConfigs = {
-  GRAPHQL_PORT: process.env.GRAPHQL_PORT || 4000,
-  CLIENT_URI: process.env.CLIENT_URI || 'http://localhost:3000',
-  GRAPHQL_URI: process.env.GRAPHQL_URI || 'http://localhost:4000',
+export const smtpConfigs = {
+  SMTP_HOST,
+  SMTP_PORT,
+  SMTP_IGNORE_TLS,
+  SMTP_USERNAME,
+  SMTP_PASSWORD,
 }
+export const neo4jConfigs = { NEO4J_URI, NEO4J_USERNAME, NEO4J_PASSWORD }
+export const serverConfigs = { GRAPHQL_PORT, CLIENT_URI, GRAPHQL_URI }
 
 export const developmentConfigs = {
   DEBUG: process.env.NODE_ENV !== 'production' && process.env.DEBUG === 'true',
diff --git a/backend/src/schema/resolvers/passwordReset.js b/backend/src/schema/resolvers/passwordReset.js
index e822c4649..13789662b 100644
--- a/backend/src/schema/resolvers/passwordReset.js
+++ b/backend/src/schema/resolvers/passwordReset.js
@@ -5,13 +5,13 @@ import nodemailer from 'nodemailer'
 import { resetPasswordMail, wrongAccountMail } from './passwordReset/emailTemplates'
 
 const transporter = () => {
-  const { SMTP_HOST: host, SMTP_PORT: port, SMTP_USERNAME: user, SMTP_PASSWORD: pass } = CONFIG
   const configs = {
-    host,
-    port,
-    ignoreTLS: true,
+    host: CONFIG.SMTP_HOST,
+    port: CONFIG.SMTP_PORT,
+    ignoreTLS: CONFIG.SMTP_IGNORE_TLS,
     secure: false, // true for 465, false for other ports
   }
+  const { SMTP_USERNAME: user, SMTP_PASSWORD: pass } = CONFIG
   if (user && pass) {
     configs.auth = { user, pass }
   }
diff --git a/docker-compose.override.yml b/docker-compose.override.yml
index 9c82a8df5..016984d3b 100644
--- a/docker-compose.override.yml
+++ b/docker-compose.override.yml
@@ -27,9 +27,9 @@ services:
       - uploads:/nitro-backend/public/uploads
     command: yarn run dev
     environment:
-      - SEND_MAILS=true
       - SMTP_HOST=mailserver
       - SMTP_PORT=25
+      - SMTP_IGNORE_TLS=true
   neo4j:
     environment:
       - NEO4J_AUTH=none

From 8a77fcff150b3925c6ad03567ce9f2fd4fca0cae Mon Sep 17 00:00:00 2001
From: Matt Rider <mattwr18@gmail.com>
Date: Thu, 20 Jun 2019 11:57:52 -0300
Subject: [PATCH 53/62] Fix failing test, console.errors

---
 webapp/components/FilterMenu/FilterMenu.spec.js    | 2 ++
 webapp/components/PasswordReset/VerifyCode.spec.js | 6 +++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/webapp/components/FilterMenu/FilterMenu.spec.js b/webapp/components/FilterMenu/FilterMenu.spec.js
index 030ad20da..e345531d0 100644
--- a/webapp/components/FilterMenu/FilterMenu.spec.js
+++ b/webapp/components/FilterMenu/FilterMenu.spec.js
@@ -1,10 +1,12 @@
 import { mount, createLocalVue } from '@vue/test-utils'
 import FilterMenu from './FilterMenu.vue'
 import Styleguide from '@human-connection/styleguide'
+import VTooltip from 'v-tooltip'
 
 const localVue = createLocalVue()
 
 localVue.use(Styleguide)
+localVue.use(VTooltip)
 
 describe('FilterMenu.vue', () => {
   let wrapper
diff --git a/webapp/components/PasswordReset/VerifyCode.spec.js b/webapp/components/PasswordReset/VerifyCode.spec.js
index 062e7e8f7..22cdfd885 100644
--- a/webapp/components/PasswordReset/VerifyCode.spec.js
+++ b/webapp/components/PasswordReset/VerifyCode.spec.js
@@ -10,11 +10,15 @@ describe('VerifyCode ', () => {
   let wrapper
   let Wrapper
   let mocks
+  let propsData
 
   beforeEach(() => {
     mocks = {
       $t: jest.fn(),
     }
+    propsData = {
+      email: 'mail@example.org',
+    }
   })
 
   describe('mount', () => {
@@ -24,6 +28,7 @@ describe('VerifyCode ', () => {
       return mount(VerifyCode, {
         mocks,
         localVue,
+        propsData,
       })
     }
 
@@ -35,7 +40,6 @@ describe('VerifyCode ', () => {
     describe('after verification code given', () => {
       beforeEach(() => {
         wrapper = Wrapper()
-        wrapper.find('input#email').setValue('mail@example.org')
         wrapper.find('input#code').setValue('123456')
         wrapper.find('form').trigger('submit')
       })

From 11bb5f37c36313da40c42f245f88d4ed4bb142c6 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Fri, 21 Jun 2019 04:27:18 +0000
Subject: [PATCH 54/62] Bump date-fns from 2.0.0-alpha.34 to 2.0.0-alpha.35 in
 /backend

Bumps [date-fns](https://github.com/date-fns/date-fns) from 2.0.0-alpha.34 to 2.0.0-alpha.35.
- [Release notes](https://github.com/date-fns/date-fns/releases)
- [Changelog](https://github.com/date-fns/date-fns/blob/master/CHANGELOG.md)
- [Commits](https://github.com/date-fns/date-fns/compare/v2.0.0-alpha.34...v2.0.0-alpha.35)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 backend/package.json | 2 +-
 backend/yarn.lock    | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/backend/package.json b/backend/package.json
index e51851fd2..d8ed873f6 100644
--- a/backend/package.json
+++ b/backend/package.json
@@ -52,7 +52,7 @@
     "cheerio": "~1.0.0-rc.3",
     "cors": "~2.8.5",
     "cross-env": "~5.2.0",
-    "date-fns": "2.0.0-alpha.34",
+    "date-fns": "2.0.0-alpha.35",
     "debug": "~4.1.1",
     "dotenv": "~8.0.0",
     "express": "~4.17.1",
diff --git a/backend/yarn.lock b/backend/yarn.lock
index 17510b6c0..ddd55d1a8 100644
--- a/backend/yarn.lock
+++ b/backend/yarn.lock
@@ -2584,10 +2584,10 @@ data-urls@^1.0.0:
     whatwg-mimetype "^2.2.0"
     whatwg-url "^7.0.0"
 
-date-fns@2.0.0-alpha.34:
-  version "2.0.0-alpha.34"
-  resolved "https://registry.yarnpkg.com/date-fns/-/date-fns-2.0.0-alpha.34.tgz#5d3ae7ca0d08915ccfc87a20545250af4e9c3cae"
-  integrity sha512-yjSYUHASHvzOZl++cEms+Tw7oQOFA+7Z6/lL7L3lRO9j6pMfT48N6oEyvCGo/MVlH08XWmydgf8X9Y1eedf9sQ==
+date-fns@2.0.0-alpha.35:
+  version "2.0.0-alpha.35"
+  resolved "https://registry.yarnpkg.com/date-fns/-/date-fns-2.0.0-alpha.35.tgz#185813cdc51b05cc1468a95116494bb3f3440934"
+  integrity sha512-dAY1ujqRtyUsa9mVeupyMzUluWo1d7kAMwyXTQHFImKYSHKvxDw/dipiY6fdswQOs8CwpGoiKysGfaaRP5r3bA==
 
 debug@2.6.9, debug@^2.1.2, debug@^2.2.0, debug@^2.3.3, debug@^2.6.8, debug@^2.6.9:
   version "2.6.9"

From 3f8dc10fabce0f35cd7837fb331016ed01ef4e8f Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Fri, 21 Jun 2019 04:28:28 +0000
Subject: [PATCH 55/62] Bump date-fns from 2.0.0-alpha.34 to 2.0.0-alpha.35 in
 /webapp

Bumps [date-fns](https://github.com/date-fns/date-fns) from 2.0.0-alpha.34 to 2.0.0-alpha.35.
- [Release notes](https://github.com/date-fns/date-fns/releases)
- [Changelog](https://github.com/date-fns/date-fns/blob/master/CHANGELOG.md)
- [Commits](https://github.com/date-fns/date-fns/compare/v2.0.0-alpha.34...v2.0.0-alpha.35)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 webapp/package.json | 2 +-
 webapp/yarn.lock    | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/webapp/package.json b/webapp/package.json
index 0fdc9b31f..aeafeb3ff 100644
--- a/webapp/package.json
+++ b/webapp/package.json
@@ -59,7 +59,7 @@
     "apollo-client": "~2.6.3",
     "cookie-universal-nuxt": "~2.0.16",
     "cross-env": "~5.2.0",
-    "date-fns": "2.0.0-alpha.34",
+    "date-fns": "2.0.0-alpha.35",
     "express": "~4.17.1",
     "graphql": "~14.3.1",
     "jsonwebtoken": "~8.5.1",
diff --git a/webapp/yarn.lock b/webapp/yarn.lock
index 5af08d403..c26035f8e 100644
--- a/webapp/yarn.lock
+++ b/webapp/yarn.lock
@@ -3754,10 +3754,10 @@ data-urls@^1.0.0:
     whatwg-mimetype "^2.2.0"
     whatwg-url "^7.0.0"
 
-date-fns@2.0.0-alpha.34:
-  version "2.0.0-alpha.34"
-  resolved "https://registry.yarnpkg.com/date-fns/-/date-fns-2.0.0-alpha.34.tgz#5d3ae7ca0d08915ccfc87a20545250af4e9c3cae"
-  integrity sha512-yjSYUHASHvzOZl++cEms+Tw7oQOFA+7Z6/lL7L3lRO9j6pMfT48N6oEyvCGo/MVlH08XWmydgf8X9Y1eedf9sQ==
+date-fns@2.0.0-alpha.35:
+  version "2.0.0-alpha.35"
+  resolved "https://registry.yarnpkg.com/date-fns/-/date-fns-2.0.0-alpha.35.tgz#185813cdc51b05cc1468a95116494bb3f3440934"
+  integrity sha512-dAY1ujqRtyUsa9mVeupyMzUluWo1d7kAMwyXTQHFImKYSHKvxDw/dipiY6fdswQOs8CwpGoiKysGfaaRP5r3bA==
 
 date-now@^0.1.4:
   version "0.1.4"

From 4ed9b4c8ad58367c02884379f6e5fa8657cd747d Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Fri, 21 Jun 2019 04:29:13 +0000
Subject: [PATCH 56/62] Bump apollo-server-testing from 2.6.3 to 2.6.4 in
 /backend

Bumps [apollo-server-testing](https://github.com/apollographql/apollo-server) from 2.6.3 to 2.6.4.
- [Release notes](https://github.com/apollographql/apollo-server/releases)
- [Changelog](https://github.com/apollographql/apollo-server/blob/master/CHANGELOG.md)
- [Commits](https://github.com/apollographql/apollo-server/compare/apollo-server-testing@2.6.3...apollo-server-testing@2.6.4)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 backend/package.json |  2 +-
 backend/yarn.lock    | 68 ++++++++++++++++++++++++++++++++++++++++----
 2 files changed, 64 insertions(+), 6 deletions(-)

diff --git a/backend/package.json b/backend/package.json
index e51851fd2..801ede36a 100644
--- a/backend/package.json
+++ b/backend/package.json
@@ -87,7 +87,7 @@
     "@babel/plugin-proposal-throw-expressions": "^7.2.0",
     "@babel/preset-env": "~7.4.5",
     "@babel/register": "~7.4.4",
-    "apollo-server-testing": "~2.6.3",
+    "apollo-server-testing": "~2.6.4",
     "babel-core": "~7.0.0-0",
     "babel-eslint": "~10.0.2",
     "babel-jest": "~24.8.0",
diff --git a/backend/yarn.lock b/backend/yarn.lock
index 17510b6c0..e638ec8eb 100644
--- a/backend/yarn.lock
+++ b/backend/yarn.lock
@@ -1354,6 +1354,18 @@ apollo-engine-reporting@1.3.1:
     async-retry "^1.2.1"
     graphql-extensions "0.7.2"
 
+apollo-engine-reporting@1.3.2:
+  version "1.3.2"
+  resolved "https://registry.yarnpkg.com/apollo-engine-reporting/-/apollo-engine-reporting-1.3.2.tgz#b2569f79eb1a7a7380f49340db61465f449284fe"
+  integrity sha512-Q9XUZ3CTqddjCswlbn+OD2oYxZ5p4lCAnsWOGMfYnSmCXLagyNK28UFFQodjFOy73p6nlTAg9cwaJ9yMOBeeXA==
+  dependencies:
+    apollo-engine-reporting-protobuf "0.3.1"
+    apollo-graphql "^0.3.2"
+    apollo-server-core "2.6.4"
+    apollo-server-env "2.4.0"
+    async-retry "^1.2.1"
+    graphql-extensions "0.7.3"
+
 apollo-env@0.5.1:
   version "0.5.1"
   resolved "https://registry.yarnpkg.com/apollo-env/-/apollo-env-0.5.1.tgz#b9b0195c16feadf0fe9fd5563edb0b9b7d9e97d3"
@@ -1379,6 +1391,14 @@ apollo-graphql@^0.3.0:
     apollo-env "0.5.1"
     lodash.sortby "^4.7.0"
 
+apollo-graphql@^0.3.2:
+  version "0.3.2"
+  resolved "https://registry.yarnpkg.com/apollo-graphql/-/apollo-graphql-0.3.2.tgz#8881a87f1d5fcf80837b34dba90737e664eabe9a"
+  integrity sha512-YbzYGR14GV0023m//EU66vOzZ3i7c04V/SF8Qk+60vf1sOWyKgO6mxZJ4BKhw10qWUayirhSDxq3frYE+qSG0A==
+  dependencies:
+    apollo-env "0.5.1"
+    lodash.sortby "^4.7.0"
+
 apollo-link-context@~1.0.18:
   version "1.0.18"
   resolved "https://registry.yarnpkg.com/apollo-link-context/-/apollo-link-context-1.0.18.tgz#9e700e3314da8ded50057fee0a18af2bfcedbfc3"
@@ -1448,6 +1468,32 @@ apollo-server-core@2.6.3:
     subscriptions-transport-ws "^0.9.11"
     ws "^6.0.0"
 
+apollo-server-core@2.6.4:
+  version "2.6.4"
+  resolved "https://registry.yarnpkg.com/apollo-server-core/-/apollo-server-core-2.6.4.tgz#0372e3a28f221b9db83bdfbb0fd0b2960cd29bab"
+  integrity sha512-GBF+tQoJ/ysaY2CYMkuuAwJM1nk1yLJumrsBTFfcvalSzS64VdS5VN/zox1eRI+LHQQzHM18HYEAgDGa/EX+gw==
+  dependencies:
+    "@apollographql/apollo-tools" "^0.3.6"
+    "@apollographql/graphql-playground-html" "1.6.20"
+    "@types/ws" "^6.0.0"
+    apollo-cache-control "0.7.2"
+    apollo-datasource "0.5.0"
+    apollo-engine-reporting "1.3.2"
+    apollo-server-caching "0.4.0"
+    apollo-server-env "2.4.0"
+    apollo-server-errors "2.3.0"
+    apollo-server-plugin-base "0.5.3"
+    apollo-tracing "0.7.2"
+    fast-json-stable-stringify "^2.0.0"
+    graphql-extensions "0.7.3"
+    graphql-subscriptions "^1.0.0"
+    graphql-tag "^2.9.2"
+    graphql-tools "^4.0.0"
+    graphql-upload "^8.0.2"
+    sha.js "^2.4.11"
+    subscriptions-transport-ws "^0.9.11"
+    ws "^6.0.0"
+
 apollo-server-core@^1.3.6, apollo-server-core@^1.4.0:
   version "1.4.0"
   resolved "https://registry.yarnpkg.com/apollo-server-core/-/apollo-server-core-1.4.0.tgz#4faff7f110bfdd6c3f47008302ae24140f94c592"
@@ -1514,12 +1560,17 @@ apollo-server-plugin-base@0.5.2:
   resolved "https://registry.yarnpkg.com/apollo-server-plugin-base/-/apollo-server-plugin-base-0.5.2.tgz#f97ba983f1e825fec49cba8ff6a23d00e1901819"
   integrity sha512-j81CpadRLhxikBYHMh91X4aTxfzFnmmebEiIR9rruS6dywWCxV2aLW87l9ocD1MiueNam0ysdwZkX4F3D4csNw==
 
-apollo-server-testing@~2.6.3:
-  version "2.6.3"
-  resolved "https://registry.yarnpkg.com/apollo-server-testing/-/apollo-server-testing-2.6.3.tgz#a0199a5d42000e60ecf0dea44b851f5f581e280e"
-  integrity sha512-LTkegcGVSkM+pA0FINDSYVl3TiFYKZyfjlKrEr/LN6wLiL6gbRgy6LMtk2j+qli/bnTDqqQREX8OEqmV8FKUoQ==
+apollo-server-plugin-base@0.5.3:
+  version "0.5.3"
+  resolved "https://registry.yarnpkg.com/apollo-server-plugin-base/-/apollo-server-plugin-base-0.5.3.tgz#234c6330c412a2e83ff49305a0c2f991fb40a266"
+  integrity sha512-Ax043vQTzPgFeJk6m6hmPm9NMfogO3LlTKJfrWHuyZhPNeTLweHNK30vpdzzgPalcryyDMDfLYFzxuDm0W+rRQ==
+
+apollo-server-testing@~2.6.4:
+  version "2.6.4"
+  resolved "https://registry.yarnpkg.com/apollo-server-testing/-/apollo-server-testing-2.6.4.tgz#615dfaa6ea840b6ea3ce4fd2297b28402f2d5208"
+  integrity sha512-s9AeZnnndhz4WRBmgFM388BFKqD2H90L6ax0e6uNEmtZk3/iODqd16RbTNHbx+PkxFvZ8BQbX1/4rbvQn6r9CA==
   dependencies:
-    apollo-server-core "2.6.3"
+    apollo-server-core "2.6.4"
 
 apollo-server@~2.6.3:
   version "2.6.3"
@@ -3728,6 +3779,13 @@ graphql-extensions@0.7.2:
   dependencies:
     "@apollographql/apollo-tools" "^0.3.6"
 
+graphql-extensions@0.7.3:
+  version "0.7.3"
+  resolved "https://registry.yarnpkg.com/graphql-extensions/-/graphql-extensions-0.7.3.tgz#2ab7331c72ae657e4cbfa4ff004c400b19f56cdf"
+  integrity sha512-D+FZM0t5gFntJUizeRCurZuUqsyVP13CRejRX+cDJivyGkE6OMWYkCWlzHcbye79q+hYN1m6a3NhlrJRaD9D0w==
+  dependencies:
+    "@apollographql/apollo-tools" "^0.3.6"
+
 graphql-extensions@^0.0.x, graphql-extensions@~0.0.9:
   version "0.0.10"
   resolved "https://registry.yarnpkg.com/graphql-extensions/-/graphql-extensions-0.0.10.tgz#34bdb2546d43f6a5bc89ab23c295ec0466c6843d"

From 872562029d8e5bb920f2d826070da14fdfcdbcff Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Fri, 21 Jun 2019 04:29:58 +0000
Subject: [PATCH 57/62] Bump eslint-plugin-jest from 22.6.4 to 22.7.0 in
 /backend

Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 22.6.4 to 22.7.0.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v22.6.4...v22.7.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 backend/package.json | 2 +-
 backend/yarn.lock    | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/backend/package.json b/backend/package.json
index e51851fd2..d2a292e32 100644
--- a/backend/package.json
+++ b/backend/package.json
@@ -97,7 +97,7 @@
     "eslint-config-prettier": "~5.0.0",
     "eslint-config-standard": "~12.0.0",
     "eslint-plugin-import": "~2.17.3",
-    "eslint-plugin-jest": "~22.6.4",
+    "eslint-plugin-jest": "~22.7.0",
     "eslint-plugin-node": "~9.1.0",
     "eslint-plugin-prettier": "~3.1.0",
     "eslint-plugin-promise": "~4.1.1",
diff --git a/backend/yarn.lock b/backend/yarn.lock
index 17510b6c0..ec55dac68 100644
--- a/backend/yarn.lock
+++ b/backend/yarn.lock
@@ -3053,10 +3053,10 @@ eslint-plugin-import@~2.17.3:
     read-pkg-up "^2.0.0"
     resolve "^1.11.0"
 
-eslint-plugin-jest@~22.6.4:
-  version "22.6.4"
-  resolved "https://registry.yarnpkg.com/eslint-plugin-jest/-/eslint-plugin-jest-22.6.4.tgz#2895b047dd82f90f43a58a25cf136220a21c9104"
-  integrity sha512-36OqnZR/uMCDxXGmTsqU4RwllR0IiB/XF8GW3ODmhsjiITKuI0GpgultWFt193ipN3HARkaIcKowpE6HBvRHNg==
+eslint-plugin-jest@~22.7.0:
+  version "22.7.0"
+  resolved "https://registry.yarnpkg.com/eslint-plugin-jest/-/eslint-plugin-jest-22.7.0.tgz#a1d325bccb024b04f5354c56fe790baba54a454c"
+  integrity sha512-0U9nBd9V6+GKpM/KvRDcmMuPsewSsdM7NxCozgJkVAh8IrwHmQ0aw44/eYuVkhT8Fcdhsz0zYiyPtKg147eXMQ==
 
 eslint-plugin-node@~9.1.0:
   version "9.1.0"

From 4f9127a9f99f510cd6ecebbefb58abd478e8ec53 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Fri, 21 Jun 2019 09:53:10 +0000
Subject: [PATCH 58/62] Bump graphql-shield from 5.6.1 to 5.7.1 in /backend

Bumps [graphql-shield](https://github.com/maticzav/graphql-shield) from 5.6.1 to 5.7.1.
- [Release notes](https://github.com/maticzav/graphql-shield/releases)
- [Commits](https://github.com/maticzav/graphql-shield/compare/v5.6.1...v5.7.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 backend/package.json |  2 +-
 backend/yarn.lock    | 18 +++++++++---------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/backend/package.json b/backend/package.json
index d2a292e32..acf6e88e0 100644
--- a/backend/package.json
+++ b/backend/package.json
@@ -61,7 +61,7 @@
     "graphql-custom-directives": "~0.2.14",
     "graphql-iso-date": "~3.6.1",
     "graphql-middleware": "~3.0.2",
-    "graphql-shield": "~5.6.1",
+    "graphql-shield": "~5.7.1",
     "graphql-tag": "~2.10.1",
     "graphql-yoga": "~1.18.0",
     "helmet": "~3.18.0",
diff --git a/backend/yarn.lock b/backend/yarn.lock
index ec55dac68..f890d8b6c 100644
--- a/backend/yarn.lock
+++ b/backend/yarn.lock
@@ -1110,10 +1110,10 @@
   resolved "https://registry.yarnpkg.com/@types/yargs/-/yargs-12.0.9.tgz#693e76a52f61a2f1e7fb48c0eef167b95ea4ffd0"
   integrity sha512-sCZy4SxP9rN2w30Hlmg5dtdRwgYQfYRiLo9usw8X9cxlf+H4FqM1xX7+sNH7NNKVdbXMJWqva7iyy+fxh/V7fA==
 
-"@types/yup@0.26.16":
-  version "0.26.16"
-  resolved "https://registry.yarnpkg.com/@types/yup/-/yup-0.26.16.tgz#75c428236207c48d9f8062dd1495cda8c5485a15"
-  integrity sha512-E2RNc7DSeQ+2EIJ1H3+yFjYu6YiyQBUJ7yNpIxomrYJ3oFizLZ5yDS3T1JTUNBC2OCRkgnhLS0smob5UuCHfNA==
+"@types/yup@0.26.17":
+  version "0.26.17"
+  resolved "https://registry.yarnpkg.com/@types/yup/-/yup-0.26.17.tgz#5cb7cfc211d8e985b21d88289542591c92cad9dc"
+  integrity sha512-MN7VHlPsZQ2MTBxLE2Gl+Qfg2WyKsoz+vIr8xN0OSZ4AvJDrrKBlxc8b59UXCCIG9tPn9XhxTXh3j/htHbzC2Q==
 
 "@types/zen-observable@^0.5.3":
   version "0.5.4"
@@ -3782,12 +3782,12 @@ graphql-request@~1.8.2:
   dependencies:
     cross-fetch "2.2.2"
 
-graphql-shield@~5.6.1:
-  version "5.6.1"
-  resolved "https://registry.yarnpkg.com/graphql-shield/-/graphql-shield-5.6.1.tgz#f4c9fb5ed329f823a738ad974b300d4a982691ca"
-  integrity sha512-Zrxrvx1Ep/nDdfQh/wN5PrH9JE4OEFdUmLzuyZSIGIAQWyXDk8FAl0cuNulnqI+zqrDzZ9TUj/zO3oV4hNKqCA==
+graphql-shield@~5.7.1:
+  version "5.7.1"
+  resolved "https://registry.yarnpkg.com/graphql-shield/-/graphql-shield-5.7.1.tgz#04095fb8148a463997f7c509d4aeb2a6abf79f98"
+  integrity sha512-UZ0K1uAqRAoGA1U2DsUu4vIZX2Vents4Xim99GFEUBTgvSDkejiE+k/Dywqfu76lJFEE8qu3vG5fhJN3SmnKbA==
   dependencies:
-    "@types/yup" "0.26.16"
+    "@types/yup" "0.26.17"
     lightercollective "^0.3.0"
     object-hash "^1.3.1"
     yup "^0.27.0"

From ba9092fa75b07d08499b174c3bc2d4e590dc57a7 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Fri, 21 Jun 2019 09:53:14 +0000
Subject: [PATCH 59/62] Bump eslint-plugin-jest from 22.6.4 to 22.7.0 in
 /webapp

Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 22.6.4 to 22.7.0.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v22.6.4...v22.7.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 webapp/package.json | 2 +-
 webapp/yarn.lock    | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/webapp/package.json b/webapp/package.json
index 0fdc9b31f..7e9da0674 100644
--- a/webapp/package.json
+++ b/webapp/package.json
@@ -94,7 +94,7 @@
     "eslint-config-standard": "~12.0.0",
     "eslint-loader": "~2.1.2",
     "eslint-plugin-import": "~2.17.3",
-    "eslint-plugin-jest": "~22.6.4",
+    "eslint-plugin-jest": "~22.7.0",
     "eslint-plugin-node": "~9.1.0",
     "eslint-plugin-prettier": "~3.1.0",
     "eslint-plugin-promise": "~4.1.1",
diff --git a/webapp/yarn.lock b/webapp/yarn.lock
index 5af08d403..9446d4829 100644
--- a/webapp/yarn.lock
+++ b/webapp/yarn.lock
@@ -4300,10 +4300,10 @@ eslint-plugin-import@~2.17.3:
     read-pkg-up "^2.0.0"
     resolve "^1.11.0"
 
-eslint-plugin-jest@~22.6.4:
-  version "22.6.4"
-  resolved "https://registry.yarnpkg.com/eslint-plugin-jest/-/eslint-plugin-jest-22.6.4.tgz#2895b047dd82f90f43a58a25cf136220a21c9104"
-  integrity sha512-36OqnZR/uMCDxXGmTsqU4RwllR0IiB/XF8GW3ODmhsjiITKuI0GpgultWFt193ipN3HARkaIcKowpE6HBvRHNg==
+eslint-plugin-jest@~22.7.0:
+  version "22.7.0"
+  resolved "https://registry.yarnpkg.com/eslint-plugin-jest/-/eslint-plugin-jest-22.7.0.tgz#a1d325bccb024b04f5354c56fe790baba54a454c"
+  integrity sha512-0U9nBd9V6+GKpM/KvRDcmMuPsewSsdM7NxCozgJkVAh8IrwHmQ0aw44/eYuVkhT8Fcdhsz0zYiyPtKg147eXMQ==
 
 eslint-plugin-node@~9.1.0:
   version "9.1.0"

From e0e31d46fdbdd9f368e0714e175592d3b67ef8e1 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Fri, 21 Jun 2019 09:53:57 +0000
Subject: [PATCH 60/62] Bump apollo-server from 2.6.3 to 2.6.4 in /backend

Bumps [apollo-server](https://github.com/apollographql/apollo-server) from 2.6.3 to 2.6.4.
- [Release notes](https://github.com/apollographql/apollo-server/releases)
- [Changelog](https://github.com/apollographql/apollo-server/blob/master/CHANGELOG.md)
- [Commits](https://github.com/apollographql/apollo-server/compare/apollo-server@2.6.3...apollo-server@2.6.4)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 backend/package.json |  2 +-
 backend/yarn.lock    | 73 +++++++-------------------------------------
 2 files changed, 12 insertions(+), 63 deletions(-)

diff --git a/backend/package.json b/backend/package.json
index cb8725310..236691412 100644
--- a/backend/package.json
+++ b/backend/package.json
@@ -47,7 +47,7 @@
     "apollo-client": "~2.6.3",
     "apollo-link-context": "~1.0.18",
     "apollo-link-http": "~1.5.15",
-    "apollo-server": "~2.6.3",
+    "apollo-server": "~2.6.4",
     "bcryptjs": "~2.4.3",
     "cheerio": "~1.0.0-rc.3",
     "cors": "~2.8.5",
diff --git a/backend/yarn.lock b/backend/yarn.lock
index 07dd7c430..940b70e25 100644
--- a/backend/yarn.lock
+++ b/backend/yarn.lock
@@ -1342,18 +1342,6 @@ apollo-engine-reporting-protobuf@0.3.1:
   dependencies:
     protobufjs "^6.8.6"
 
-apollo-engine-reporting@1.3.1:
-  version "1.3.1"
-  resolved "https://registry.yarnpkg.com/apollo-engine-reporting/-/apollo-engine-reporting-1.3.1.tgz#f2c2c63f865871a57c15cdbb2a3bcd4b4af28115"
-  integrity sha512-e0Xp+0yite8DH/xm9fnJt42CxfWAcY6waiq3icCMAgO9T7saXzVOPpl84SkuA+hIJUBtfaKrTnC+7Jxi/I7OrQ==
-  dependencies:
-    apollo-engine-reporting-protobuf "0.3.1"
-    apollo-graphql "^0.3.0"
-    apollo-server-core "2.6.3"
-    apollo-server-env "2.4.0"
-    async-retry "^1.2.1"
-    graphql-extensions "0.7.2"
-
 apollo-engine-reporting@1.3.2:
   version "1.3.2"
   resolved "https://registry.yarnpkg.com/apollo-engine-reporting/-/apollo-engine-reporting-1.3.2.tgz#b2569f79eb1a7a7380f49340db61465f449284fe"
@@ -1383,14 +1371,6 @@ apollo-errors@^1.9.0:
     assert "^1.4.1"
     extendable-error "^0.1.5"
 
-apollo-graphql@^0.3.0:
-  version "0.3.1"
-  resolved "https://registry.yarnpkg.com/apollo-graphql/-/apollo-graphql-0.3.1.tgz#d13b80cc0cae3fe7066b81b80914c6f983fac8d7"
-  integrity sha512-tbhtzNAAhNI34v4XY9OlZGnH7U0sX4BP1cJrUfSiNzQnZRg1UbQYZ06riHSOHpi5RSndFcA9LDM5C1ZKKOUeBg==
-  dependencies:
-    apollo-env "0.5.1"
-    lodash.sortby "^4.7.0"
-
 apollo-graphql@^0.3.2:
   version "0.3.2"
   resolved "https://registry.yarnpkg.com/apollo-graphql/-/apollo-graphql-0.3.2.tgz#8881a87f1d5fcf80837b34dba90737e664eabe9a"
@@ -1442,32 +1422,6 @@ apollo-server-caching@0.4.0:
   dependencies:
     lru-cache "^5.0.0"
 
-apollo-server-core@2.6.3:
-  version "2.6.3"
-  resolved "https://registry.yarnpkg.com/apollo-server-core/-/apollo-server-core-2.6.3.tgz#786c8251c82cf29acb5cae9635a321f0644332ae"
-  integrity sha512-tfC0QO1NbJW3ShkB5pRCnUaYEkW2AwnswaTeedkfv//EO3yiC/9LeouCK5F22T8stQG+vGjvCqf0C8ldI/XsIA==
-  dependencies:
-    "@apollographql/apollo-tools" "^0.3.6"
-    "@apollographql/graphql-playground-html" "1.6.20"
-    "@types/ws" "^6.0.0"
-    apollo-cache-control "0.7.2"
-    apollo-datasource "0.5.0"
-    apollo-engine-reporting "1.3.1"
-    apollo-server-caching "0.4.0"
-    apollo-server-env "2.4.0"
-    apollo-server-errors "2.3.0"
-    apollo-server-plugin-base "0.5.2"
-    apollo-tracing "0.7.2"
-    fast-json-stable-stringify "^2.0.0"
-    graphql-extensions "0.7.2"
-    graphql-subscriptions "^1.0.0"
-    graphql-tag "^2.9.2"
-    graphql-tools "^4.0.0"
-    graphql-upload "^8.0.2"
-    sha.js "^2.4.11"
-    subscriptions-transport-ws "^0.9.11"
-    ws "^6.0.0"
-
 apollo-server-core@2.6.4:
   version "2.6.4"
   resolved "https://registry.yarnpkg.com/apollo-server-core/-/apollo-server-core-2.6.4.tgz#0372e3a28f221b9db83bdfbb0fd0b2960cd29bab"
@@ -1516,10 +1470,10 @@ apollo-server-errors@2.3.0:
   resolved "https://registry.yarnpkg.com/apollo-server-errors/-/apollo-server-errors-2.3.0.tgz#700622b66a16dffcad3b017e4796749814edc061"
   integrity sha512-rUvzwMo2ZQgzzPh2kcJyfbRSfVKRMhfIlhY7BzUfM4x6ZT0aijlgsf714Ll3Mbf5Fxii32kD0A/DmKsTecpccw==
 
-apollo-server-express@2.6.3:
-  version "2.6.3"
-  resolved "https://registry.yarnpkg.com/apollo-server-express/-/apollo-server-express-2.6.3.tgz#62034c978f84207615c0430fb37ab006f71146fe"
-  integrity sha512-8ca+VpKArgNzFar0D3DesWnn0g9YDtFLhO56TQprHh2Spxu9WxTnYNjsYs2MCCNf+iV/uy7vTvEknErvnIcZaQ==
+apollo-server-express@2.6.4:
+  version "2.6.4"
+  resolved "https://registry.yarnpkg.com/apollo-server-express/-/apollo-server-express-2.6.4.tgz#fc1d661be73fc1880aa53a56e1abe3733d08eada"
+  integrity sha512-U6hiZxty/rait39V5d+QeueNHlwfl68WbYtsutDUVxnq2Jws2ZDrvIkaWWN6HQ77+nBy5gGVxycvWIyoHHfi+g==
   dependencies:
     "@apollographql/graphql-playground-html" "1.6.20"
     "@types/accepts" "^1.3.5"
@@ -1527,7 +1481,7 @@ apollo-server-express@2.6.3:
     "@types/cors" "^2.8.4"
     "@types/express" "4.17.0"
     accepts "^1.3.5"
-    apollo-server-core "2.6.3"
+    apollo-server-core "2.6.4"
     body-parser "^1.18.3"
     cors "^2.8.4"
     graphql-subscriptions "^1.0.0"
@@ -1555,11 +1509,6 @@ apollo-server-module-graphiql@^1.3.4, apollo-server-module-graphiql@^1.4.0:
   resolved "https://registry.yarnpkg.com/apollo-server-module-graphiql/-/apollo-server-module-graphiql-1.4.0.tgz#c559efa285578820709f1769bb85d3b3eed3d8ec"
   integrity sha512-GmkOcb5he2x5gat+TuiTvabnBf1m4jzdecal3XbXBh/Jg+kx4hcvO3TTDFQ9CuTprtzdcVyA11iqG7iOMOt7vA==
 
-apollo-server-plugin-base@0.5.2:
-  version "0.5.2"
-  resolved "https://registry.yarnpkg.com/apollo-server-plugin-base/-/apollo-server-plugin-base-0.5.2.tgz#f97ba983f1e825fec49cba8ff6a23d00e1901819"
-  integrity sha512-j81CpadRLhxikBYHMh91X4aTxfzFnmmebEiIR9rruS6dywWCxV2aLW87l9ocD1MiueNam0ysdwZkX4F3D4csNw==
-
 apollo-server-plugin-base@0.5.3:
   version "0.5.3"
   resolved "https://registry.yarnpkg.com/apollo-server-plugin-base/-/apollo-server-plugin-base-0.5.3.tgz#234c6330c412a2e83ff49305a0c2f991fb40a266"
@@ -1572,13 +1521,13 @@ apollo-server-testing@~2.6.4:
   dependencies:
     apollo-server-core "2.6.4"
 
-apollo-server@~2.6.3:
-  version "2.6.3"
-  resolved "https://registry.yarnpkg.com/apollo-server/-/apollo-server-2.6.3.tgz#71235325449c6d3881a5143975ca44c07a07d2d7"
-  integrity sha512-pTIXE5xEMAikKLTIBIqLNvimMETiZbzmiqDb6BGzIUicAz4Rxa1/+bDi1ZeJWrZQjE/TfBLd2Si3qam7dZGrjw==
+apollo-server@~2.6.4:
+  version "2.6.4"
+  resolved "https://registry.yarnpkg.com/apollo-server/-/apollo-server-2.6.4.tgz#34b3a50135e20b8df8c194a14e4636eb9c2898b2"
+  integrity sha512-f0TZOc969XNNlSm8sVsU34D8caQfPNwS0oqmWUxb8xXl88HlFzB+HBmOU6ZEKdpMCksTNDbqYo0jXiGJ0rL/0g==
   dependencies:
-    apollo-server-core "2.6.3"
-    apollo-server-express "2.6.3"
+    apollo-server-core "2.6.4"
+    apollo-server-express "2.6.4"
     express "^4.0.0"
     graphql-subscriptions "^1.0.0"
     graphql-tools "^4.0.0"

From 6e1d334671dc36f0d74c7fd589eb107681b65c0b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Fri, 21 Jun 2019 14:06:20 +0200
Subject: [PATCH 61/62] Add env to deployment

---
 deployment/human-connection/templates/secrets.template.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/deployment/human-connection/templates/secrets.template.yaml b/deployment/human-connection/templates/secrets.template.yaml
index 8f18dbf46..9f59b948a 100644
--- a/deployment/human-connection/templates/secrets.template.yaml
+++ b/deployment/human-connection/templates/secrets.template.yaml
@@ -5,6 +5,11 @@ data:
   MONGODB_PASSWORD: "TU9OR09EQl9QQVNTV09SRA=="
   PRIVATE_KEY_PASSPHRASE: "YTdkc2Y3OHNhZGc4N2FkODdzZmFnc2FkZzc4"
   MAPBOX_TOKEN: "cGsuZXlKMUlqb2lhSFZ0WVc0dFkyOXVibVZqZEdsdmJpSXNJbUVpT2lKamFqbDBjbkJ1Ykdvd2VUVmxNM1Z3WjJsek5UTnVkM1p0SW4wLktaOEtLOWw3MG9talhiRWtrYkhHc1EK"
+  SMTP_HOST:
+  SMTP_PORT: 587
+  SMTP_USERNAME:
+  SMTP_PASSWORD:
+  SMTP_IGNORE_TLS:
 metadata:
   name: human-connection
   namespace: human-connection

From 3076f9f455ec470238a4d9d354fb8ef7b9a75688 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Fri, 21 Jun 2019 22:11:41 +0200
Subject: [PATCH 62/62] Get rid of console.errors in tests of FilterMenu

---
 webapp/components/FilterMenu/FilterMenu.spec.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/webapp/components/FilterMenu/FilterMenu.spec.js b/webapp/components/FilterMenu/FilterMenu.spec.js
index 030ad20da..e345531d0 100644
--- a/webapp/components/FilterMenu/FilterMenu.spec.js
+++ b/webapp/components/FilterMenu/FilterMenu.spec.js
@@ -1,10 +1,12 @@
 import { mount, createLocalVue } from '@vue/test-utils'
 import FilterMenu from './FilterMenu.vue'
 import Styleguide from '@human-connection/styleguide'
+import VTooltip from 'v-tooltip'
 
 const localVue = createLocalVue()
 
 localVue.use(Styleguide)
+localVue.use(VTooltip)
 
 describe('FilterMenu.vue', () => {
   let wrapper