summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--server/api/authentication.js42
-rw-r--r--server/lib/authentication.js206
-rw-r--r--server/lib/external-backends/backends/idoit-backend.js4
-rw-r--r--server/router.js7
-rw-r--r--webapp/src/components/DashboardPage.vue2
-rw-r--r--webapp/src/components/StartPage.vue53
-rw-r--r--webapp/src/components/StartPageLogin.vue (renamed from webapp/src/components/LoginPage.vue)57
-rw-r--r--webapp/src/components/StartPageSetup.vue156
-rw-r--r--webapp/src/main.js2
-rw-r--r--webapp/src/router.js13
10 files changed, 393 insertions, 149 deletions
diff --git a/server/api/authentication.js b/server/api/authentication.js
new file mode 100644
index 0000000..02b295b
--- /dev/null
+++ b/server/api/authentication.js
@@ -0,0 +1,42 @@
+/* global __appdir */
+const path = require('path')
+var db = require(path.join(__appdir, 'lib', 'sequelize'))
+var express = require('express')
+var noAuthRouter = express.Router()
+var authentication = require(path.join(__appdir, 'lib', 'authentication'))
+
+noAuthRouter.post('/token', (req, res) => {
+ authentication.loginToken(req, res)
+})
+
+noAuthRouter.post('/login', (req, res) => {
+ authentication.loginCookie(req, res)
+})
+
+noAuthRouter.post('/logout', (req, res) => {
+ authentication.logout(req, res)
+})
+
+// Setup method for creating the initial root account.
+noAuthRouter.post('/setup', (req, res) => {
+ db.user.findAll().then(users => {
+ if (users.length > 0) res.send({ status: 'USERTABLE_NOT_EMPTY', error_message: 'The user table is not empty, unauthorized creation is forbidden.' })
+ else if (req.body.username) authentication.signup(req, res)
+ else res.send({ status: 'SUCCESS' })
+ })
+})
+
+module.exports.noAuthRouter = noAuthRouter
+
+/* USERS API
+var authentication = require(path.join(__appdir, 'lib', 'authentication'))
+router.post('/', (req, res) => {
+ authentication.signup(req, res)
+})
+
+router.post('/:id/password', (req, res) => {
+ authentication.changepassword(req, res)
+})
+
+module.exports.router = router
+*/
diff --git a/server/lib/authentication.js b/server/lib/authentication.js
index 58d5e10..76e8b60 100644
--- a/server/lib/authentication.js
+++ b/server/lib/authentication.js
@@ -6,110 +6,121 @@ var db = require(path.join(__appdir, 'lib', 'sequelize'))
var securePassword = require('secure-password')
var pwd = securePassword()
-module.exports = {
- // Authentifivation method for the frontend using secure httpOnly cookies. (POST)
- login: function (req, res) {
- var params = req.body
-
- verifyUser(res, params.username, params.password, function (token) {
- // The token has the form header.payload.signature
- // We split the cookie in header.payload and signature in two seperate cookies.
- // The signature cookie is httpOnly so JavaScript never has access to the full cookie.
- // Read more at: https://medium.com/lightrail/getting-token-authentication-right-in-a-stateless-single-page-application-57d0c6474e3
- const split = token.split('.')
- const headerPayload = split[0] + '.' + split[1]
- const signature = split[2]
- res.cookie('jwt_hp', headerPayload, { secure: true, httpOnly: false, sameSite: 'strict' })
- res.cookie('jwt_s', signature, { secure: true, httpOnly: true, sameSite: 'strict' })
- return res.status(200).send({ auth: true, status: 'VALID' })
- })
- },
- // Authentification method for the API using the authorization header. (GET)
- auth: function (req, res) {
- var query = req.query
+module.exports = { loginCookie, loginToken, logout, verifyToken, signup, changePassword }
+
+// Authentifivation method for the frontend using secure httpOnly cookies. (POST)
+function loginCookie (req, res) {
+ var params = req.body
+ verifyUser(res, params.username, params.password, function (token) {
+ // The token has the form header.payload.signature
+ // We split the cookie in header.payload and signature in two seperate cookies.
+ // The signature cookie is httpOnly so JavaScript never has access to the full cookie.
+ // Read more at: https://medium.com/lightrail/getting-token-authentication-right-in-a-stateless-single-page-application-57d0c6474e3
+ const split = token.split('.')
+ const headerPayload = split[0] + '.' + split[1]
+ const signature = split[2]
+ res.cookie('jwt_hp', headerPayload, { secure: true, httpOnly: false, sameSite: 'strict' })
+ res.cookie('jwt_s', signature, { secure: true, httpOnly: true, sameSite: 'strict' })
+ return res.status(200).send({ auth: true, status: 'VALID' })
+ })
+}
- verifyUser(res, query.username, query.password, function (token) {
- return res.status(200).send({ auth: true, token })
- })
- },
-
- signup: function (req, res) {
- // TODO: Implement some security stuff. Not every user who call this request should be able to sign up.
-
- var params = req.body
- if (!params.username) return res.status(500).send({ auth: false, status: 'USER_MISSING', error_message: 'This service requires an username.' })
- if (!params.password) return res.status(500).send({ auth: false, status: 'PASSWORD_MISSING', error_message: 'This services requires a password.' })
- if (!params.email) return res.status(500).send({ auth: false, status: 'EMAIL_MISSING', error_message: 'This services requires an email.' })
- // Database and user validation.
- db.user.findOne({ where: { username: params.username } }).then(userDb => {
- // User exists validation.
- if (userDb) return res.status(500).send({ auth: false, status: 'USER_ALREADY_EXISTS', error_message: 'The provided username already exists.' })
-
- // Password requirements validation.
- if (!validatePassword(params.password)) return res.status(500).send({ auth: false, status: 'PASSWORD_REQUIREMENTS', error_message: 'The password requirements are not fullfilled.' })
- // Email validation.
- if (!validateEmail(params.email)) return res.status(500).send({ auth: false, status: 'EMAIL_INVALID', error_message: 'The provided email is invalid.' })
- var userPassword = Buffer.from(params.password)
- // Register user
- pwd.hash(userPassword, function (err, hash) {
- if (err) return res.status(500).send({ auth: false, status: 'PASSWORD_HASH_ERROR', error_message: 'Hashing the password failed.' })
- // Saving the non improved hash and creating the user in the db.
- db.user.create({ username: params.username, password: hash, email: params.email, name: params.name }).then((userDb) => {
- // TODO: Username could also be used because those are unique as well.
- var userId = userDb.id
-
- // Verify & improving the hash.
- verifyHash(res, userPassword, hash, userId, function () {
- return res.status(200).send({ auth: true, status: 'VALID' })
- })
+// Authentification method for the API using the authorization header. (GET)
+function loginToken (req, res) {
+ var body = req.body
+ verifyUser(res, body.username, body.password, function (token) {
+ return res.status(200).send({ auth: true, token })
+ })
+}
+
+// Method for creating a new user.
+function signup (req, res) {
+ // TODO: Implement some security stuff. Not every user who call this request should be able to sign up.
+ var params = req.body
+ if (!params.username) return res.status(500).send({ auth: false, status: 'USER_MISSING', error_message: 'This service requires an username.' })
+ if (!params.password) return res.status(500).send({ auth: false, status: 'PASSWORD_MISSING', error_message: 'This services requires a password.' })
+ if (!params.email) return res.status(500).send({ auth: false, status: 'EMAIL_MISSING', error_message: 'This services requires an email.' })
+
+ // Database and user validation.
+ db.user.findOne({ where: { username: params.username } }).then(userDb => {
+ // User exists validation.
+ if (userDb) return res.status(500).send({ auth: false, status: 'USER_ALREADY_EXISTS', error_message: 'The provided username already exists.' })
+ // Password requirements validation.
+ if (!validatePassword(params.password)) return res.status(500).send({ auth: false, status: 'PASSWORD_REQUIREMENTS', error_message: 'The password requirements are not fullfilled.' })
+ // Email validation.
+ if (!validateEmail(params.email)) return res.status(500).send({ auth: false, status: 'EMAIL_INVALID', error_message: 'The provided email is invalid.' })
+ var userPassword = Buffer.from(params.password)
+
+ // Register user
+ pwd.hash(userPassword, function (err, hash) {
+ if (err) return res.status(500).send({ auth: false, status: 'PASSWORD_HASH_ERROR', error_message: 'Hashing the password failed.' })
+ // Saving the non improved hash and creating the user in the db.
+ db.user.create({ username: params.username, password: hash, email: params.email, name: params.name }).then((userDb) => {
+ // TODO: Username could also be used because those are unique as well.
+ var userId = userDb.id
+ // Verify & improving the hash.
+ verifyHash(res, userPassword, hash, userId, function () {
+ return res.status(200).send({ auth: true, status: 'VALID' })
})
})
})
- },
-
- // Logout method for the frontend. Deleting the cookies by overwriting them.
- logout: function (req, res) {
- // End session properly.
- res.clearCookie('jwt_hp')
- res.clearCookie('jwt_s')
- return res.status(200).send()
- // TODO: Implement.. blacklisting for jwt's and destroy the cookies..
- // Maybe use express-jwt and use the rewoke function.
- },
-
- changePassword: function (req, res) {
- // TODO: IMPLEMENT
- },
- verifyToken: function (req, res, next) {
- var token = ''
- // Check for the token in the authorization header or in the cookies. Else return with auth: false.
- if (req.headers['authorization']) {
- var authorization = req.headers['authorization']
- // Authorization: Bearer <token>
- // Split the bearer token.
- const bearer = authorization.split(' ')
- token = bearer[1]
- } else if (req.cookies.jwt_hp && req.cookies.jwt_s) {
- token = req.cookies.jwt_hp + '.' + req.cookies.jwt_s
- } else {
- if (res) return res.status(403).send({ auth: false, status: 'TOKEN_MISSING', error_message: 'This service requires a token.' })
- else return next(new Error('TOKEN_MISSING'))
+ })
+}
+
+// Logout method for the frontend. Deleting the cookies by overwriting them.
+function logout (req, res) {
+ // End session properly.
+ res.clearCookie('jwt_hp')
+ res.clearCookie('jwt_s')
+ return res.status(200).send()
+ // TODO: Implement.. blacklisting for jwt's and destroy the cookies..
+ // Maybe use express-jwt and use the rewoke function.
+}
+
+function changePassword (req, res) {
+ // TODO: IMPLEMENT
+}
+
+// Middleware function.
+// Verifies the token given in the request either by the authorization header or jwt cookies.
+function verifyToken (req, res, next) {
+ var token = ''
+ // Check for the token in the authorization header or in the cookies. Else return with auth: false.
+ if (req.headers['authorization']) {
+ var authorization = req.headers['authorization']
+ // Authorization: Bearer <token>
+ // Split the bearer token.
+ const bearer = authorization.split(' ')
+ token = bearer[1]
+ } else if (req.cookies.jwt_hp && req.cookies.jwt_s) {
+ token = req.cookies.jwt_hp + '.' + req.cookies.jwt_s
+ } else {
+ if (res) return res.status(403).send({ auth: false, status: 'TOKEN_MISSING', error_message: 'This service requires a token.' })
+ else return next(new Error('TOKEN_MISSING'))
+ }
+
+ // Verify the token with the secret.
+ jwt.verify(token, config.secret, function (err) {
+ if (err) {
+ if (res) return res.status(500).send({ auth: false, status: 'TOKEN_INVALID', error_message: 'The provided token is invalid.' })
+ else return next(new Error('TOKEN_INVALID'))
}
- // Verify the token with the secret.
- jwt.verify(token, config.secret, function (err) {
- if (err) {
- if (res) return res.status(500).send({ auth: false, status: 'TOKEN_INVALID', error_message: 'The provided token is invalid.' })
- else return next(new Error('TOKEN_INVALID'))
- }
- req.token = token
- const decodedToken = jwt.decode(token, { complete: true })
- req.user = { id: decodedToken.payload.user.id }
-
- next()
+ req.token = token
+ const decodedToken = jwt.decode(token, { complete: true })
+ req.user = { id: decodedToken.payload.user.id }
+
+ // Check weather the user exists.
+ db.user.findOne({ where: { id: req.user.id } }).then(user => {
+ if (user) next()
+ else return res.status(500).send({ auth: false, status: 'TOKEN_INVALID', error_message: 'The token is from an invalid userid.' })
})
- }
+ })
}
+// ################################################
+// ############## Helper function #################
+// ################################################
+
// The function for verifying a user. Callback only gets called if the user gets verified.
function verifyUser (res, username, password, callback) {
if (!username) return res.status(500).send({ auth: false, status: 'USER_MISSING', error_message: 'This service requires an username.' })
@@ -175,6 +186,7 @@ function validateEmail (email) {
// Function for validating the password. Password requirements are implemented here.
function validatePassword (password) {
- // TODO: implement pw requirements like in the frontend.
+ // TODO: implement pw requirements like in the frontend. (SetupPage)
+ if (password.length < 8) return false
return true
}
diff --git a/server/lib/external-backends/backends/idoit-backend.js b/server/lib/external-backends/backends/idoit-backend.js
index db8ffd1..1aab693 100644
--- a/server/lib/external-backends/backends/idoit-backend.js
+++ b/server/lib/external-backends/backends/idoit-backend.js
@@ -726,7 +726,7 @@ class IdoitBackend extends ExternalBackends {
let files = await axios.post(c.url, body, config)
let fileObjId = files.data.result.find(x => x.file.title === filename).file.id
- var body = {
+ var body2 = {
'version': '2.0',
'method': 'cmdb.category.read',
'params': {
@@ -737,7 +737,7 @@ class IdoitBackend extends ExternalBackends {
},
'id': 1
}
- let result = await axios.post(c.url, body, config)
+ let result = await axios.post(c.url, body2, config)
result = result.data.result[0]
return { filename: result.file_title, value: result.file_content.value, md5: result.md5_hash }
diff --git a/server/router.js b/server/router.js
index 1eadc48..b00f164 100644
--- a/server/router.js
+++ b/server/router.js
@@ -3,14 +3,7 @@ var router = express.Router()
var path = require('path')
var fs = require('fs')
var permUtil = require(path.join(__dirname, 'lib', 'permissions', 'permissionutil'))
-
-// Authentication routes
var auth = require(path.join(__dirname, 'lib', 'authentication'))
-router.get('/auth', auth.auth)
-router.post('/login', auth.login)
-router.post('/signup', auth.signup)
-router.post('/logout', auth.logout)
-router.post('/changepassword', auth.changePassword)
// Forward routing to every api module with /<api>/...
fs.readdirSync(path.join(__dirname, 'api')).forEach(filename => {
diff --git a/webapp/src/components/DashboardPage.vue b/webapp/src/components/DashboardPage.vue
index 4b92de4..5836cf3 100644
--- a/webapp/src/components/DashboardPage.vue
+++ b/webapp/src/components/DashboardPage.vue
@@ -189,7 +189,7 @@ export default {
}
},
logout () {
- this.$http.post('/api/logout').then(response => {
+ this.$http.post('/api/authentication/logout').then(response => {
this.setLoginRedirect(this.$route.fullPath)
this.$router.push('/login')
this.$socket.close()
diff --git a/webapp/src/components/StartPage.vue b/webapp/src/components/StartPage.vue
new file mode 100644
index 0000000..fa5da86
--- /dev/null
+++ b/webapp/src/components/StartPage.vue
@@ -0,0 +1,53 @@
+<i18n>
+{
+ "en": {
+ },
+ "de": {
+ }
+}
+</i18n>
+
+<template>
+ <v-app dark class="grey darken-4 non-selectable">
+ <div class="start-page">
+ <img class="logo non-draggable" src="@/assets/logo.svg" />
+ <router-view></router-view>
+ </div>
+ <notifications-snackbars></notifications-snackbars>
+ </v-app>
+</template>
+
+<script>
+import NotificationsSnackbars from '@/components/NotificationsSnackbars'
+import StartPageLogin from '@/components/StartPageLogin'
+import StartPageSetup from '@/components/StartPageSetup'
+export default {
+ name: 'StartPage',
+ routes () {
+ return [
+ { name: 'login', path: 'login', component: StartPageLogin },
+ { name: 'setup', path: 'setup', component: StartPageSetup }
+ ]
+ },
+ components: {
+ NotificationsSnackbars
+ }
+}
+</script>
+
+<style scoped>
+.start-page {
+ height: 100%;
+ width: 100%;
+ min-height: 500px;
+ display: flex;
+ flex-direction: column;
+ align-items: center;
+ justify-content: center;
+}
+
+.logo {
+ height: 180px;
+ margin-bottom: 60px;
+}
+</style>
diff --git a/webapp/src/components/LoginPage.vue b/webapp/src/components/StartPageLogin.vue
index 40b08ee..b9ed5ca 100644
--- a/webapp/src/components/LoginPage.vue
+++ b/webapp/src/components/StartPageLogin.vue
@@ -22,35 +22,31 @@
</i18n>
<template>
- <v-app dark class="grey darken-4 non-selectable">
- <div class="login-page">
- <img class="logo non-draggable" src="@/assets/logo.svg" />
- <v-form class="login-form" ref="form" v-model="valid" lazy-validation @submit.prevent="login">
- <v-text-field
- v-model="username"
- :rules="usernameRules"
- :label="$t('username')"
- autocomplete="off"
- @input="clearErrors"
- ></v-text-field>
- <v-text-field
- type="password"
- v-model="password"
- :rules="passwordRules"
- :label="$t('password')"
- autocomplete="off"
- @input="passwordError = false"
- ></v-text-field>
- <v-btn type="submit" class="login-button primary" raised>{{ $t('login') }}</v-btn>
- </v-form>
- </div>
- </v-app>
+ <div class="login-page">
+ <v-form class="login-form" ref="form" v-model="valid" lazy-validation @submit.prevent="login">
+ <v-text-field
+ v-model="username"
+ :rules="usernameRules"
+ :label="$t('username')"
+ autocomplete="off"
+ @input="clearErrors"
+ ></v-text-field>
+ <v-text-field
+ type="password"
+ v-model="password"
+ :rules="passwordRules"
+ :label="$t('password')"
+ autocomplete="off"
+ @input="passwordError = false"
+ ></v-text-field>
+ <v-btn type="submit" class="login-button primary" raised>{{ $t('login') }}</v-btn>
+ </v-form>
+ </div>
</template>
<script>
-
export default {
- name: 'LoginPage',
+ name: 'StartPageLogin',
data () {
return {
loginRedirect: null,
@@ -79,7 +75,7 @@ export default {
},
login () {
if (this.$refs.form.validate()) {
- this.$http.post('/api/login', { username: this.username, password: this.password })
+ this.$http.post('/api/authentication/login', { username: this.username, password: this.password })
.then(response => {
const nextRoute = this.$store.state.loginRedirect
if (nextRoute) this.$router.replace(nextRoute)
@@ -103,18 +99,9 @@ export default {
<style scoped>
.login-page {
- height: 100%;
- width: 100%;
- min-height: 500px;
display: flex;
flex-direction: column;
align-items: center;
- justify-content: center;
-}
-
-.logo {
- height: 180px;
- margin-bottom: 60px;
}
.login-form {
diff --git a/webapp/src/components/StartPageSetup.vue b/webapp/src/components/StartPageSetup.vue
new file mode 100644
index 0000000..71ead8f
--- /dev/null
+++ b/webapp/src/components/StartPageSetup.vue
@@ -0,0 +1,156 @@
+<i18n>
+{
+ "en": {
+ "confirmPassword": "Confirm Password",
+ "createRoot": "There are no users yet, create the root account.",
+ "email": "E-Mail",
+ "emailError": "E-mail must be valid.",
+ "name": "Name",
+ "password": "Password",
+ "passwordEmptyError": "Password can not be empty.",
+ "passwordLengthError": "Minimum 8 characters required.",
+ "passwordMatchError": "Passwords do not match.",
+ "rootCreated": "Root account successfully created.",
+ "username": "Username",
+ "usernameEmptyError": "Username can not be empty."
+ },
+ "de": {
+ "confirmPassword": "Passwort bestätigen",
+ "createRoot": "Es gibt noch keine Benutzer, erstelle den Root-Account.",
+ "email": "E-Mail",
+ "emailError": "Keine gültige E-Mail.",
+ "name": "Name",
+ "password": "Passwort",
+ "passwordEmptyError": "Passwort kann nicht leer sein.",
+ "passwordLengthError": "Es sind mindestens 8 Zeichen erforderlich.",
+ "passwordMatchError": "Passwörter stimmen nicht überein.",
+ "rootCreated": "Der Root Account wurde erfolgreich erstellt.",
+ "username": "Benutzername",
+ "usernameEmptyError": "Benutzername kann nicht leer sein."
+ }
+}
+</i18n>
+
+<template>
+ <div class="setup-page">
+ <label style="color: red; font-size: large">{{ $t('createRoot') }}</label>
+ <v-form class="setup-form" ref="form" v-model="valid" lazy-validation @submit.prevent="setup">
+ <v-text-field
+ validate-on-blur
+ :label="$t('username')"
+ v-model="username"
+ :rules="usernameRules"
+ autocomplete="off"
+ ></v-text-field>
+ <v-text-field
+ validate-on-blur
+ type="password"
+ :label="$t('password')"
+ v-model="password"
+ :rules="passwordRules"
+ autocomplete="off"
+ ></v-text-field>
+ <v-text-field
+ validate-on-blur
+ type="password"
+ :label="$t('confirmPassword')"
+ v-model="confirmPassword"
+ :rules="confirmPasswordRules"
+ autocomplete="off"
+ ></v-text-field>
+ <v-text-field
+ :label="$t('name')"
+ autocomplete="off"
+ v-model="name"
+ ></v-text-field>
+ <v-text-field
+ validate-on-blur
+ :label="$t('email')"
+ :rules="emailRules"
+ autocomplete="off"
+ v-model="email"
+ ></v-text-field>
+ <v-btn type="submit" class="setup-button primary" raised>{{ $t('signup') }}</v-btn>
+ </v-form>
+ </div>
+</template>
+
+<script>
+import Vue from 'vue'
+
+export default {
+ name: 'StartPageSetup',
+ data () {
+ return {
+ valid: true,
+ username: '',
+ usernameError: false,
+ usernameRules: [
+ v => !!v || this.$t('usernameEmptyError'),
+ v => !this.usernameError || this.$t('usernameError')
+ ],
+ password: '',
+ passwordError: false,
+ passwordRules: [
+ v => !!v || this.$t('passwordEmptyError'),
+ v => v.length >= 8 || this.$t('passwordLengthError'),
+ v => !this.passwordError || this.$t('passwordError')
+ ],
+ confirmPassword: '',
+ confirmPasswordRules: [
+ v => !!v || this.$t('passwordEmptyError'),
+ v => v === this.password || this.$t('passwordMatchError')
+ ],
+ confirmPasswordError: false,
+ email: '',
+ emailRules: [
+ v => this.validateEmail(v) || this.$t('emailError')
+ ],
+ name: ''
+ }
+ },
+ methods: {
+ // Function for validating the e-mail.
+ validateEmail (email) {
+ // Removed escape before [ because eslint told me so.
+ var re = /^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/
+ return re.test(String(email).toLowerCase())
+ },
+ setup () {
+ if (this.$refs.form.validate()) {
+ this.$http.post('/api/authentication/setup', { username: this.username, password: this.password, name: this.name, email: this.email }).then(response => {
+ this.$snackbar({ color: 'success', text: this.$t('rootCreated'), timeout: 15000 })
+ this.$router.replace({ name: 'login' })
+ })
+ }
+ }
+ },
+ beforeRouteEnter (to, from, next) {
+ // If there are already users in the db, redirect to the login page.
+ Vue.prototype.$http.post('/api/authentication/setup').then(result => {
+ if (result.data.status !== 'SUCCESS') {
+ next({ name: 'login' })
+ } else {
+ next()
+ }
+ })
+ }
+}
+</script>
+
+<style scoped>
+.setup-page {
+ display: flex;
+ flex-direction: column;
+ align-items: center;
+}
+
+.setup-form {
+ width: 300px;
+}
+
+.setup-button {
+ margin-top: 20px;
+ float: right;
+}
+</style>
diff --git a/webapp/src/main.js b/webapp/src/main.js
index 53064ca..4eb4636 100644
--- a/webapp/src/main.js
+++ b/webapp/src/main.js
@@ -60,7 +60,7 @@ Vue.use(VueTouch)
axios.interceptors.response.use(null, error => {
if (error && (error.response.data.status === 'TOKEN_INVALID' || error.response.data.status === 'TOKEN_MISSING')) {
- axios.post('/api/logout').then(response => { router.push('/login') })
+ axios.post('/api/authentication/logout').then(response => { router.push('/login') })
}
return Promise.reject(error)
})
diff --git a/webapp/src/router.js b/webapp/src/router.js
index 7a6e6d4..2af8d0d 100644
--- a/webapp/src/router.js
+++ b/webapp/src/router.js
@@ -1,8 +1,8 @@
import Vue from 'vue'
import Router from 'vue-router'
-import LoginPage from '@/components/LoginPage'
import DashboardPage from '@/components/DashboardPage'
import dashboardModules from '@/config/dashboard'
+import StartPage from '@/components/StartPage'
function setChildren (routes, parentName) {
routes.forEach(route => {
@@ -21,9 +21,10 @@ var router = new Router({
mode: 'history',
routes: [
{
- path: '/login',
- name: 'login',
- component: LoginPage
+ path: '/',
+ name: 'start',
+ component: StartPage,
+ children: StartPage.routes()
},
{
path: '/dashboard',
@@ -41,10 +42,10 @@ var router = new Router({
const registerRouterGuards = function (store) {
router.beforeEach((to, from, next) => {
const loggedIn = document.cookie.indexOf('jwt_hp') >= 0
- if (to.name === 'login') {
+ if (to.name === 'login' || to.name === 'start') {
if (loggedIn) next({ name: 'dashboard' })
else next()
- } else if (!loggedIn) {
+ } else if (!loggedIn && to.name !== 'setup') {
store.commit('setLoginRedirect', to.fullPath)
next({ name: 'login' })
} else {