From d6397626baaed2fbb15ad7782090784bb22974c2 Mon Sep 17 00:00:00 2001
From: Nuno Das Neves <ndasneves@gmail.com>
Date: Sat, 13 Oct 2018 16:32:00 +1100
Subject: [PATCH] S8 signup flow basic profile (#213)

* signup now in two stages; create firebase account, and create profile

* signup flow more logical now ... handles most edge cases pretty well

* basic profile page - still buggy, non functional update profile button

* local default picture

* update user backend added... no tests

* lint errors fixed

* working profile update

* fixed textarea stuff, watcher to fix refresh profile problem

* profile picture update added

* working password reset from login form

* nice error message for non-unique username

* made hasProfile dependent on isLoggedIn to alleviate some potential bad

* removed TODO

* fixed post review/question bug when logged in

* loading state for nav, split auth and profile get into two bits

* reverted some stuff ... working again

* better auth code, profile cache, global loading spinner in nav, reroutes

* lint

* page size fixaroo

* I'v messed something up

* protecting routes with guards

* fixed some PR things

* smol fixes

* removed preAuth route check - not needed rn

* smol fix to login page reroute
---
 backend/src/controllers/course.js             |  20 +-
 backend/src/controllers/question.js           |   8 +-
 backend/src/controllers/review.js             |   8 +-
 backend/src/controllers/user.js               |  27 ++-
 backend/src/models/constants.js               |   3 +
 backend/src/models/db/tables.js               |   9 +-
 backend/src/models/question.js                |   2 +-
 backend/src/models/user.js                    |  23 +-
 backend/src/routes/user.js                    |  17 +-
 backend/src/utils/helpers.js                  |   9 +-
 backend/tests/models/user.js                  |  45 ++++
 frontend/public/defaultpicture.png            | Bin 0 -> 4957 bytes
 frontend/src/App.vue                          |  17 ++
 frontend/src/components/AppNavBar.vue         |  33 ++-
 .../questions-answers/QuestionForm.vue        |  17 --
 .../components/reviews-replies/ReviewForm.vue |  17 --
 frontend/src/router/index.js                  |  18 ++
 frontend/src/{router.js => router/routes.js}  |  53 +++--
 frontend/src/store/auth/index.js              | 201 ++++++++++++++----
 frontend/src/store/root.js                    |  20 +-
 frontend/src/utils/api/auth.js                |  15 +-
 frontend/src/views/CreateProfile.vue          |  53 +++++
 frontend/src/views/ForgotPassword.vue         |  25 ++-
 frontend/src/views/Login.vue                  |  21 +-
 frontend/src/views/Onboarding.vue             |   4 -
 frontend/src/views/Profile.vue                | 133 +++++++++++-
 frontend/src/views/SignUp.vue                 |  19 +-
 27 files changed, 622 insertions(+), 195 deletions(-)
 create mode 100644 backend/tests/models/user.js
 create mode 100644 frontend/public/defaultpicture.png
 create mode 100644 frontend/src/router/index.js
 rename frontend/src/{router.js => router/routes.js} (65%)
 create mode 100644 frontend/src/views/CreateProfile.vue
 delete mode 100644 frontend/src/views/Onboarding.vue

diff --git a/backend/src/controllers/course.js b/backend/src/controllers/course.js
index 047f0938..d90abe89 100644
--- a/backend/src/controllers/course.js
+++ b/backend/src/controllers/course.js
@@ -1,4 +1,4 @@
-const { ANONYMOUS } = require('../models/constants')
+const { ANONYMOUS, PAGE_SIZE } = require('../models/constants')
 const courseModel = require('../models/course')()
 const questionModel = require('../models/question')()
 const reviewModel = require('../models/review')()
@@ -19,9 +19,9 @@ exports.getCourse = function ({ params }, res) {
 
 /* Get all questions for a course */
 exports.getCourseQuestions = function ({ params, query }, res) {
-    let p = parseInt(query.p)
-    const pageNumber = p || ANONYMOUS
-    const pageSize = 10
+    const pageNumber = parseInt(query.p) || 1
+    // TODO get page size from query
+    const pageSize = PAGE_SIZE
 
     const getCourseQuestions = Promise.all([
         questionModel.getQuestions(params.code, pageNumber, pageSize),
@@ -45,9 +45,9 @@ exports.getCourseQuestions = function ({ params, query }, res) {
 
 /* Get all reviews for a course */
 exports.getCourseReviews = function ({ params, query }, res) {
-    let p = parseInt(query.p)
-    const pageNumber = p || ANONYMOUS
-    const pageSize = 10
+    const pageNumber = parseInt(query.p) || 1
+    // TODO get page size from query
+    const pageSize = PAGE_SIZE
 
     const getCourseReviews = new Promise((resolve, reject) => {
         Promise.all([
@@ -59,7 +59,7 @@ exports.getCourseReviews = function ({ params, query }, res) {
                 'meta': {
                     'curr': pageNumber,
                     'last': lastPage,
-                    'pageSize': pageSize
+                    'pageSize':pageSize
                 },
                 'data': values[0]
             })
@@ -71,14 +71,14 @@ exports.getCourseReviews = function ({ params, query }, res) {
 }
 
 exports.postQuestion = function ({ user, params, body }, res) {
-    body.userID = user || ANONYMOUS
+    body.userID = user && user.id || ANONYMOUS
     responseHandler(questionModel.postQuestion(params.code, body), res)
         .catch(errorHandler(res))
 }
 
 /* POST new review */
 exports.postReview = function ({ user, params, body }, res) {
-    body.userID = user || ANONYMOUS
+    body.userID = user && user.id || ANONYMOUS
     responseHandler(reviewModel.postReview(params.code, body), res)
         .catch(errorHandler(res))
 }
diff --git a/backend/src/controllers/question.js b/backend/src/controllers/question.js
index b7132528..3572feb9 100644
--- a/backend/src/controllers/question.js
+++ b/backend/src/controllers/question.js
@@ -42,7 +42,7 @@ exports.getQuestionAnswers = function ({ params, query }, res) {
 
 /* POST new answer. */
 exports.postAnswer = function ({ user, params, query, body }, res) {
-    body.userID = user || ANONYMOUS
+    body.userID = user && user.id || ANONYMOUS
     commentModel.postComment({ questionID: params.id }, body)
         .then(exports.getQuestionAnswers({ params, query }, res))
         .catch(errorHandler(res))
@@ -56,7 +56,7 @@ exports.getQuestionLikes = function ({ params }, res) {
 
 /* PUT updated question likes value */
 exports.putQuestionLikes = function ({ user, params, body }, res) {
-    body.userID = user || ANONYMOUS
+    body.userID = user && user.id || ANONYMOUS
     responseHandler(likesModel.putLikes({ type: 'question', ...params, ...body }), res)
         .catch(errorHandler(res))
 }
@@ -69,7 +69,7 @@ exports.getAnswerLikes = function ({ params }, res) {
 
 /* PUT updated answer likes value */
 exports.putAnswerLikes = function ({ user, params, body, query }, res) {
-    body.userID = user || ANONYMOUS
+    body.userID = user && user.id || ANONYMOUS
     likesModel.putLikes({ type: 'answer', id: params.answerID, ...body })
         .then(exports.getQuestionAnswers({ params, query }, res))
-}
\ No newline at end of file
+}
diff --git a/backend/src/controllers/review.js b/backend/src/controllers/review.js
index 9e383947..4ebaf132 100644
--- a/backend/src/controllers/review.js
+++ b/backend/src/controllers/review.js
@@ -41,7 +41,7 @@ exports.getReviewComments = function ({ params, query }, res) {
 
 /* POST new comment. */
 exports.postComment = function ({ user, params, query, body }, res) {
-    body.userID = user || ANONYMOUS
+    body.userID = user && user.id || ANONYMOUS
     commentModel.postComment({ reviewID: params.id }, body)
         .then(exports.getReviewComments({ params, query }, res))
         .catch(errorHandler(res))
@@ -55,7 +55,7 @@ exports.getReviewLikes = function ({ params }, res) {
 
 /* PUT updated likes value */
 exports.putReviewLikes = function ({ user, params, body }, res) {
-    body.userID = user || ANONYMOUS
+    body.userID = user && user.id || ANONYMOUS
     responseHandler(likesModel.putLikes({ type: 'review', ...params, ...body }), res)
         .catch(errorHandler(res))
 }
@@ -68,7 +68,7 @@ exports.getReplyLikes = function ({ params }, res) {
 
 /* PUT updated reply likes value */
 exports.putReplyLikes = function ({ user, params, body, query }, res) {
-    body.userID = user || ANONYMOUS
+    body.userID = user && user.id || ANONYMOUS
     likesModel.putLikes({ type: 'reply', id: params.replyID, ...body })
         .then(exports.getReviewComments({ params, query }, res))
-}
\ No newline at end of file
+}
diff --git a/backend/src/controllers/user.js b/backend/src/controllers/user.js
index 03f6fb3f..f9062976 100644
--- a/backend/src/controllers/user.js
+++ b/backend/src/controllers/user.js
@@ -3,13 +3,9 @@ const userModel = require('../models/user')()
 const { responseHandler } = require('../utils/helpers')
 
 /* Get data for a specific user */
-exports.getUser = function(_, res) {
-    return res.json({
-        userID: 1,
-        firstName: 'Walker',
-        lastName: 'Francis',
-        email: 'alnuno-das-hinds@gmail.com'
-    })
+exports.getUser = function({id}, res) {
+    return responseHandler(userModel.getPublicProfile(id), res)
+        .catch(errorHandler(res))
 }
 
 /**
@@ -17,15 +13,16 @@ exports.getUser = function(_, res) {
  * provide frontend with any user specific data
  */
 exports.getSelf = function(req, res) {
-    const errorResponse = errorHandler(res)
-    if (!req.user) {
-        return errorResponse({ message: 'Invalid Credentials' })
-    }
-    // fine for now, should include profile data
-    return res.json(req.user)
+    return responseHandler(userModel.getProfile(req.user.id), res)
+        .catch(errorHandler(res))
+}
+
+exports.createUser = function({ authorized: { email, uid }, body: { displayName } }, res) {
+    return responseHandler(userModel.createUser({ email, uid, displayName }), res)
+        .catch(errorHandler(res))
 }
 
-exports.createUser = function({ authorized }, res) {
-    return responseHandler(userModel.createUser(authorized), res)
+exports.updateUser = function({ user: { id }, body: { degree, gradYear, description, picture } }, res) {
+    return responseHandler(userModel.updateUser(id, { degree, gradYear, description, picture }), res)
         .catch(errorHandler(res))
 }
diff --git a/backend/src/models/constants.js b/backend/src/models/constants.js
index f38481ba..6862d2b1 100644
--- a/backend/src/models/constants.js
+++ b/backend/src/models/constants.js
@@ -8,3 +8,6 @@ exports.MIN_ENJOY = 1
 exports.MAX_ENJOY = 5
 exports.MIN_OPTION = 0
 exports.MAX_OPTION = 3
+
+// Paging Constants
+exports.PAGE_SIZE = 10
diff --git a/backend/src/models/db/tables.js b/backend/src/models/db/tables.js
index d7263d33..387e816a 100644
--- a/backend/src/models/db/tables.js
+++ b/backend/src/models/db/tables.js
@@ -6,14 +6,15 @@ function createUserTable (db) {
     return new Promise((resolve, reject) => {
         db.run(`CREATE TABLE user (
             id INTEGER PRIMARY KEY AUTOINCREMENT,
-            uid TEXT NOT NULL,
-            displayName TEXT DEFAULT 'ANON',
+            uid TEXT UNIQUE NOT NULL,
+            displayName TEXT UNIQUE NOT NULL,
             email TEXT UNIQUE NOT NULL,
             joined TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
             reputation INTEGER DEFAULT '0',
             degree TEXT,
-            gradYear TIMESTAMP DEFAULT '2018',
-            description TEXT
+            gradYear TIMESTAMP,
+            description TEXT,
+            picture TEXT
             )`,
         (err) => err ? reject(err) : resolve('Created User Table'))
     })
diff --git a/backend/src/models/question.js b/backend/src/models/question.js
index 018e3140..8a354e9e 100644
--- a/backend/src/models/question.js
+++ b/backend/src/models/question.js
@@ -29,7 +29,7 @@ class Question {
 
     /**
      * Gets the total number of questions for a course
-     * @param   {string} code        The code of the course
+     * @param   {string} code        The code of the course duh
      * @returns {object}
      */
     getQuestionCount(code) {
diff --git a/backend/src/models/user.js b/backend/src/models/user.js
index 499dd220..6678eaf8 100644
--- a/backend/src/models/user.js
+++ b/backend/src/models/user.js
@@ -6,12 +6,12 @@ class User {
     }
 
     /**
-     * TODO Return specialsed information for auth'd user
+     * Return specialised information for auth'd user
      * @param {string} id The id of the auth'd user
      */
     getProfile(id) {
         return this.db
-            .query('SELECT * FROM user WHERE id=?', [id])
+            .query('SELECT id, email, displayName, degree, gradYear, description, picture, joined FROM user WHERE id=?', [id])
     }
 
     /**
@@ -20,13 +20,13 @@ class User {
      * @param   {number}  id   Required id param.
      * @returns {object}
      */
-    getUser(id) {
+    getPublicProfile(id) {
         return this.db
-            .query('SELECT * FROM user WHERE id=?', [id])
+            .query('SELECT id, displayName, degree, gradYear, description, picture, joined FROM user WHERE id=?', [id])
     }
 
     /**
-     * Alternative getter to get the relevant user's details
+     * Get all users details by UID. Used by authentication system
      * @param {uid} uid uid string
      * @returns {object} user object
      */
@@ -43,6 +43,19 @@ class User {
         return this.db
             .insert('user', { displayName, email, uid })
             .then(id => this.getProfile(id))
+            .catch(error => {
+                // kinda hacky
+                if (error.errno === 19 && error.message.includes("displayName")) {
+                    throw(Error("That display name is taken! Sorry!"))
+                }
+                throw(error)
+            })
+    }
+
+    updateUser(id, data) {
+        return this.db
+            .update('user', data, { id })
+            .then(() => this.getProfile(id))
     }
 }
 
diff --git a/backend/src/routes/user.js b/backend/src/routes/user.js
index e17bccc2..428b7d5f 100644
--- a/backend/src/routes/user.js
+++ b/backend/src/routes/user.js
@@ -1,20 +1,21 @@
 const express = require('express')
 const router = express.Router()
-const { isAuthorized } = require('../utils/helpers')
-const { getSelf, getUser, createUser } = require('../controllers/user')
+const { isAuthorized, isFirebaseAuthorized } = require('../utils/helpers')
+const { getSelf, getUser, createUser, updateUser } = require('../controllers/user')
 
-/* Get data for a specific user */
+/* Get public data for a specific user */
 router.get('/:id', getUser)
 
 /* no valid jwt then don't allow user to be created */
+router.use(isFirebaseAuthorized)
+router.post('/', createUser)
+
+/* full auth check */
 router.use(isAuthorized)
 
-/**
- * Both of these require an authorization header
- * provide frontend with any user specific data
- */
+/* provide frontend with any user specific data */
 router.get('/', getSelf)
+router.put('/', updateUser)
 
-router.post('/', createUser)
 
 module.exports = router
diff --git a/backend/src/utils/helpers.js b/backend/src/utils/helpers.js
index 4233bb9c..06d1455c 100644
--- a/backend/src/utils/helpers.js
+++ b/backend/src/utils/helpers.js
@@ -11,12 +11,19 @@ exports.responseHandler = function(fn, response) {
 
 exports.toLowerCase = str => str.toLowerCase()
 
-exports.isAuthorized = function(req, res, next) {
+exports.isFirebaseAuthorized = function(req, res, next) {
     if (!req.authorized) {
         return res.status(401).json({ code: 401, message: 'Unauthorized' })
     }
     next()
 }
+exports.isAuthorized = function(req, res, next) {
+    if (!req.user) {
+        return res.status(403).json({ code: 403, message: 'No user profile' })
+    }
+    next()
+}
+
 
 /**
  * Convert a string to utf8
diff --git a/backend/tests/models/user.js b/backend/tests/models/user.js
new file mode 100644
index 00000000..43ea77fb
--- /dev/null
+++ b/backend/tests/models/user.js
@@ -0,0 +1,45 @@
+const { expect } = require('chai')
+// use an actual database
+const userModel = require('../../src/models/user')(require('../../src/models/db'))
+
+describe('User Model', () => {
+
+    it('compiles', function () {
+        expect(userModel)
+    })
+
+    describe('User creation and retrieval', () => {
+        const addUserObj = { displayName: 'mickey', email: 'potato@potatoman.potato', uid: '1234' }
+        const retrieveUserObj = { email: addUserObj.email, displayName: addUserObj.displayName, degree:null, gradYear:null, description:null, picture:null }
+        it('it creates a user and retrieves the profile', () => {
+            return userModel
+                .createUser(addUserObj)
+                .then(({ displayName, email, id }) => {
+                      expect(displayName).to.equal(addUserObj.displayName)
+                      expect(email).to.equal(addUserObj.email)
+                      return userModel.getProfile(id)
+                    })
+                .then(({ email, displayName, degree, gradYear, description, picture }) => {
+                    const profile = { email, displayName, degree, gradYear, description, picture }
+                    expect(profile).to.deep.equal(retrieveUserObj)
+                })
+        })
+    })
+
+    describe('User update', () => {
+        const credsObj = { displayName: 'mickeyMoo', email: 'tomatoboy@hotmail.zomg' }
+        const addUserObj = { ...credsObj, uid: '4321' }
+        const updateObj = { degree: "BS in CS", gradYear: 2026, description: "testu", picture: "baaaaaa" }
+        it('it updates the profile correctly', () => {
+            return userModel
+                .createUser(addUserObj)
+                .then(({ id, description }) => {
+                    return userModel.updateUser(id, updateObj)
+                })
+                .then(({ email, displayName, degree, gradYear, description, picture }) => {
+                    const profile = { email, displayName, degree, gradYear, description, picture }
+                    expect(profile).to.deep.equal({ ...credsObj, ...updateObj })
+                })
+        })
+    })
+})
diff --git a/frontend/public/defaultpicture.png b/frontend/public/defaultpicture.png
new file mode 100644
index 0000000000000000000000000000000000000000..eda26dd39cf136dd561d2b773517f356f846cdae
GIT binary patch
literal 4957
zcmcgwdpy(a-=B1&QtVC%ZIq~+IlG(8F;T)&<Pa&RoXwCgMk6`Q9PUVxdzMtYby6hL
zY?6(fs};#+nH+MMSj-{weCzl0JWtQ-dH#H!Kfc%J`hKqKdws6&=XAY47r_~Qc=JZ(
zjSvWAv;C1nCm;}suiqb;bs*=^lOtS^D8<@(#JXV4#R9(3fe`Bej9;LdeS~jN;E6!r
zfCOw?pcw@6`<neBYuES>Q{2^KTJG@YLvdGbtk>9Qu;T=KZLKOa(%<-y#y+Jz;{lC<
zPX$~rT(W;gLPD8pXG9IRx4ARZC}>M_Rb5?OBjgo=unQs&K$tKHR@#aq0d{}VAFN-8
zn6Q6M`8oS1{W<F={T~(rS-;Hwb)o+Yu}5n$GQlbDLg&AIYw*?`?g_cx(zDpHSc(y+
zk#ZMp>IS$214OcY!Pi7{o1@&-L>w+m;h$ne2V7NEePq^XBg3bv4sTz&M_O9?_>#a*
zECu0j8IVg{t`j-7)oJtL<(6h<Ipl-+)Mj_v){0T#Qp2|!YkR(~ZoY@iLM3%3(#yKe
z5m`60G>Rka3qFmHk1sBIj6i|K5>NyjzI*ar38gVc*K&vK%{jMld0^4<xG*^Jiutk+
zk9U(db9iK!qNsqSOusSCP1EN!zLzz?Tbi5aw&So+;6tzlxi9j!Q5!-&LoTy<&+Kt)
zCaJfxm%<KlsS(rnt@QVoc$)Fi&9<-9C!J1RN*F^}{EpFqV=1ZC2;%*oF=20>RaGC6
z3D8bUOY+e+o#$#wOG{79T<X6%6lJ2Ei(sk?-g=?>d@posZRVq=_f8#;8~$>)>8v~f
znSPj4Sva4VoSYo-LOiN)!3>T|l;ESy5!;FP?rCdJ%@`}^qK_TR1=qdpL}B-bpWA7%
zM{}mIjrlvc)Hasu>fGF$6P;tRrlfINZb266UG=F4H>XZsIEa~FGSTLvYnkEZ?U9$0
zwQtTe54|!`6HL8NvS?&5_HXf0C=|`chwof`lYV2DRe!G5Il&jp{VfXZ+m$;x{i)YZ
zY2nJ>7_Tl&m!g!iP`9tryLtdbS7_}UfJrLoMCRCpB#V;ZOp;-{z=v#bm~&hy$Bdsh
zFCnJSxHZcIPZ1r4z(QQN%M~c_)UjXtg=7-QJmBm7z^$cxcd;{kIE`BK+ttK-EnRX<
z7;H9=NNu)UeA>{SjXX`9$wHAkGjA`nw=43%fA4O+6*5tOcAFxGUN(_U6&hH`d2T`?
zk=ujhfkExjw1T0C9azfo-IE5Y##_!`zEepu%0ivHxY?M5jtD)-St?=q4Sm+A-5Lly
zPNxc6cD_=3`#OAoOzC>;*m>cSx7tL<(<4k$pWd|7z@&IE+<r55tY|V3IpR171+MRp
zXr$4Mwwy1H+#$^*ttH0C>qlTRR#tFnDb(R;MhIuyVa{bq%)2a<?x)HP#PBQ>-h6+r
z4mE>Njr$<WAB=;45CqzCLPj+jtb@zu6Q{kNFi8v9M1WYM3I3;3jR!*ZVwfS5WJfqa
zqvDdGK<89cU<P%#vvmc@M=ynAFb#-~sS+q~$~|r+z?-~FU@}&zp>4!RPo5J<m2Y;t
zSL9%frRX47iRy<rAvaoE52wAl+eWjN2Tu9cdn>Ou0+=u(pn;QxddRLUKy)OruTqCy
zTL%vC^N6ub7`8Pb4~S)w4lW)cD#Adw4$l$ZR2M+9P@33yE)>jXB%LV#E{A+7+v+K^
z_NvY!{+1M~q}ulxU>JklpY#Xo$Ix5*sy-u`>Dc)AVEON<isGY}z_-Oz(COxBY69c_
zrlwTu;PS}2FmM#y+Bj$~LHuhd5Eq8W^VFVzu5KX1&lB#{Gv%YX?<WQi?yo1JMzQfM
zC@|6XkQzt&WWQU$M{9eO%tosVuGPC>7Ob;TccP8|qE+(q7{j%8oXVODjTrfcSK!hy
z@#RoJt7>5S13YLnkLr&;yc)YdCk^am7K4r>4q~(>AqURt>&x)bDliyK>C&BvSW}A!
znt~^9XJ;Q<>qmfkz3x*rmQe~sGGRhgLj)+4Hw2ospKy&=(tvXUtv2_MY2abbk^`pM
z#Q4({biq(m@J@NaaZqJseEek)TOJStyD%}fMt_%;DX(Y3j(^e2rB-Z;&jhzh0s~Qg
zBFtDh0cXcaNRKf3)1ok<z?!o}sHrhZb7qIooD8#2Yj+2xmt`EMV@+Y~I3}rX@62e*
zJpbGVem5$Qu;;Ofi#qo92zmoQ&nJGb9VbLo#9)<7pe!v#hPwnwRur~Uu3bxc`?5-l
z1a{0nqq#iJb%~3-GY!7Bp2SypAZ<8HFJ>?A0h5b~Yge#wbgK$>%whNL1%KD0jXY6`
zKIjKKwq#m7Jq6`P_MJfSyL*|R%&Yx&#w9(|B+%5dP+r~bELQscsons?+3iGX#Z0at
zJfC~Wmh;CUN0s?x_dsAk5=(i{7%+3GZpy$~asFudv&<mu2^3I}9?qdwpmz8&ruqg3
zyeghkZigf$B$Nb}l)rxn>VWrmW(f+#o}8Z|_dmP#NE>vQslm|NXV0ExlQa1DY94e2
zIh%(lVJTYG2wFpfBm1p$(kTjiR>_q~(z=eO)bw|nBpn2^bhX#VgPh8LmXhEEfH-dh
zY9T*km%x>zu_&r}nMZXox*9wf@P`yOXj89>9{xgNV*6TBe7wi2VJWsTox!-UR6MtO
zDcM+g+Y_F_!xFzw!lK8EigZpnc>cxIxp69!TisRi^YgI<W0v^2#+g{tv?jGvHS?YU
z-*A}7NXH@kwMY4_!#jiz)-1u3!=!?jgzVyV43CM$VlXE7L{!oCKh7Ywzn(4j95`$n
z+1=fp?Xi}-cI$I&=r)T%l>a4SJkviXBIgUG?xx+i`s^%wqLJ#d0XmzRnK=@zWLZ~h
zeVdvP*va$X&ijySjP(T%kh}N@h2$RXGfaaNsxX6P=bfQw+=K|WH92}^FXN=1+a*KI
zDcdL2uV~7b7l((3D=O6Ml2|0eI}^~>;KU8UAH>oZt@xy!@xRfHP9Dt}`usTrD!S)D
zD}e^)Gg>jeyY&PLetWGEu`Y*ewx03s#rMD7f9oJ#oq4(!U{}`E)LdL}Wnut49uEM0
z*J>A&c*m`qw^e}28NlfuX`t4m8`Ya?zconDuX#r0eH|Lwb)kP*@K0M^A&4Fn>yjRO
zARaz^c=wC02j}#9CVfe3@vp1ba?8kM#b-LEd^mx}A0<a0RrJ)0-RhfT7hul!sXSwL
zraFdplC$*uC~JQHe4r}XYg|FR;u-o+^vH^eM!05W_odZ$lSN?I6@lS5aw)lv5_?N$
zaEu?c4etLJ26n*A3=x!emc<)A6My$McxK!dMa~o@zdfs;<?`&wy}5m-10w6aTY3y_
zR2$FEU;;0ku<Y(q<_6_mE^*X!8)A`E-+eWxXC;@3yO1whTU%w4#qa-~?vAK%fmVJi
z*Ipt!h^IrBpGf8FZ3lb~l<4W{P0|z}Z5$Y$3-W2%G3xYf$TLLm7&8ZATZ>=J&nK^}
ztUzZ;mdM8vxV7P~!8#lfg(ny-EiXTlXgtz(&$!E_>ijjb>W1Oj_nWi?5tiiAuQ!VJ
zt+cffrm^JsG<;7*V%RO-44F(u$ujA;{ay^dl;Z)WBsQBpr^uh&=fpOVzSpQay7d`X
z0ERGwNUL^exIc;FKb-nqZ*n=0>fRo{zZ6Y*uw10UNcY6Qo)PUWBy2syQF&;9^S2-^
z#$8xy_IsR#oPQd)n!akpAN)obAmhdTbJj0`w+hQ&nG-L`as7`-`ec`Gb%MMI=JCLd
z$4CyFMrJV*Ykj^pD*!9eeS+Dmw!}8t?E_fMM_Ju=A6{mWBIQ!+jbh7_Rr6_|H_?M>
zRO<WbpcEEKC#+}T+A(6x1(Th<fUU(EWA3hbH2q>#br&dnrw#`$+_rk5v2T*qGto05
zOjwStfAVdvysvLm35!|hFny+EWTdF-17OVzyKd>nsHL4@yyVlU$R<_%H{YfC$+^}_
zRXALr^)=yD%;4R|ef9-B{2I5J$D+3=FL*zi=o~)-e+tL%3zk5x9sTQFhEgJQrnhl*
zp%g1GI+eYT`Gjk7MSpV+6WGu1Svr^VO^^32NT|2E7${Vmr%)(kV`K5}eBfeqx!Drk
zc_rh9iMzYIRQY<ZHBHTSsA6p`HNvOQK7ZG~EK>KEQCjus0KQLSMehkzLtCCYwyNY>
z{(EPMnb#l2#tFF9`)=B*cIm*Ws=n`OE(>RVXIe^PaAtJ0rRX8m{j_+O;xJ@JF%X%c
zD7q`Gmsq?+qoE1`EHXm65MXkjz#Ioz;DMr_pa?h)G<`bFDeXv;^wll|$WW*#6nkI;
zS_6yZLVW6cs*>d%P)oy7wr<4g<%FQZkBea*E!G?Wp}Px~b#_iyaA!J&eUx)gr^675
ze_o;?7*$Lubl|}7uiOk`L?I`!yj&3fXg?}9k&}~?0zdpH77wbWxHxi3TdvD0v}XWV
zUg~@XHs$6@q&$=Ex)74O)rq6>^1AGmtpM&ElWw-qW)%WLA<>+N^rbh5Vh0dRjGWd|
zUaudc2p9n$3#$<|8?^))MO+v>>H$LF<o}zzw>FVBEF1NPfEx+)95s<lRutVyNJ=u6
zakl6v=L=*cL3qT4N}<iMtx&0M3oH;W;pKnal|$tFM?bQ8YLrEzrfqfRBp^EsAK5U(
zj+{-G14|?~fl8x?+!v)%i8#r67r9Xn{-9NF!1K=294DoegQFe{Cu^|x+}MG0JTA&G
z8@EYMYV$f1B^Eb8;`{4}=cwe~3M%q1m9HNI6hu;Uu1ZlB*|d^%AFn8g+G|>*i}+=C
zshG?M?%x?wiHV7ZGHL?8;K;ha3;w<JVT_Fhr9q1Pnsca_R4<|Pp9_x&C@{s#S!|Nt
z_9;w{1y-0#(xQ<j!XJXopSC)J--BqaFBRtgk@;Pu=Y}Z1Y!Jc;Cgc_osxU>s9skM-
zzPv~91Jxl*r8}$w6B=^<1K;)KB>&~?`Sf7+%GlDC^(N-5|6b>clxr?;|GNy-#QrxI
z*)BgS;2(wRf7Y`1Zm~b_SRa*`O{<Uw+kXK_Op{p5uuciBMyLz&;NRK2{(%7_8RysW
z8gm)~^1JCcP<Q4m?i3`-S4VI@Dk|!%{C8EutWvhRa9}nm4xv~;R^r@gK7-`{(){E<
zAXp2MXL5blceT3}T&pL7Hgq|`!R|=~Td&=^5OdbLyA`|{mGxLaKeg>DRj4PGmTC<F
zEmDer=vJ`kTR>!BokA++f(AS-dyx$~K+LTIX6kP!g_yW7L%xrUw$aD+pcW_MXcp!Y
zx+E4o6)e;?ue&ny=@V1^8<TEj5K}iHtuYyE+8e;6M+F51Nl6@K`0bBS6d7tlD_*}e
zu?i{fa2sIJ_h8e<3l%<|^5m!>L+wGxlq;#A^ROUUFOyoFTsgi)PC=_W5`UdKGaCB(
z?{(QUi!w*e?_sCD#R557E(7KgK{#Qho7n_lvA#RcP8PE)oOcUQz0+}A?{pnyS*gfi
z0`6p<ZL)MwAr-Y-V(c;%rQ4)*iHb69s{e6!VdqQRPGr4%ck*gr#=1d&W96ks1=POg
z(AsQ9>oFS%OE1$S1wvsA4bGyY{YEWF=rLh^d5Zga8n-QgUwD-7<8U?j<H@UjO!@|w
z#c`bLptF^QuO)~)y*06zEMupts;a)p+VUH<1$zh^XvfIeILWRt;f^Q*CEe5VzyZR2
z+^aIGgV{?{zE2O6$Kz2#LiYvVLQ}Rnsme-K>k1+igrffNrydB$Pa&PIt3T?0YTu+1
zSg2L?n6tcnMk>#<S5)k5I0?zR<U60E>%q%}W305nmC^^f{BG$0&xOUs9p(At*`Q5d
zr`!~hFc`gK315azV1r8Mn60<OpFe+IX(TsF>`-O!Gt=j;m5#a0rKL%VY+0}rn9xo3
zzZ5%Q_m}!dO^^Zk^#bPq`EKT?xS#Y#u>HED|LscXhW8ruEX1yc&FGcuH309+AojNC
KLk|z0z4&hd$f$_`

literal 0
HcmV?d00001

diff --git a/frontend/src/App.vue b/frontend/src/App.vue
index 386c0385..5b86d104 100644
--- a/frontend/src/App.vue
+++ b/frontend/src/App.vue
@@ -131,4 +131,21 @@ input, textarea {
   border: none;
 }
 
+textarea {
+  border: var(--border);
+  border-radius: 2px;
+  font: inherit;
+  resize: none;
+  padding: 10px;
+  outline: none;
+  margin: 10px 0px;
+  width: calc(100% - 20px);
+  height: 100px;
+  transition: 0.2s border ease-in-out;
+}
+
+textarea:focus, textarea:active {
+  border: 1px solid #acc;
+}
+
 </style>
diff --git a/frontend/src/components/AppNavBar.vue b/frontend/src/components/AppNavBar.vue
index d17374c8..1fb83573 100644
--- a/frontend/src/components/AppNavBar.vue
+++ b/frontend/src/components/AppNavBar.vue
@@ -1,27 +1,40 @@
 <template>
     <div id="nav">
-      <router-link class="link-item" to="/">
+      <div class="logo-span">
+        <router-link class="link-item" to="/">
           <AppLogo :first="'S'" :last="'C'"/>
-      </router-link>
+        </router-link>
+        <!-- global loading state -->
+        <!--LoadingSpinner style="height:50px;width:auto;margin:10px;" v-if="loading" /-->
+      </div>
+
       <div class="links">
         <Search class="mini" v-if="$route.name !== 'home'"/>
         <!-- hacky padding div -->
         <div v-else/>
-        <h3 v-if="!isLoggedIn"><router-link class="link-item" to="/login">Login</router-link></h3>
-        <h3 v-if="!isLoggedIn"><router-link class="link-item" to="/signup">Sign Up</router-link></h3>
-        <h3 v-else @click="$store.dispatch('auth/logout')" class="link-item">Logout</h3>
+        <h3 v-if="!isFirebaseAuthorised"><router-link class="link-item" to="/login">Login</router-link></h3>
+        <h3 v-if="!isFirebaseAuthorised"><router-link class="link-item" to="/signup">Sign Up</router-link></h3>
+        <h3 v-if="isFirebaseAuthorised && !hasProfile"><router-link class="link-item" to="/create-profile">Profile</router-link></h3>
+        <h3 v-if="isLoggedIn"><router-link class="link-item" to="/profile">Profile</router-link></h3>
+        <h3 v-if="isFirebaseAuthorised" @click="logout()" class="link-item">Logout</h3>
       </div>
     </div>
 </template>
 
 <script>
 import Search from '@/components/AppSearch'
+import { mapGetters } from 'vuex'
 
 export default {
   components: { Search },
   computed: {
-    isLoggedIn() {
-      return this.$store.getters.isLoggedIn
+    ...mapGetters([ 'loading' ]),
+    ...mapGetters('auth', [ 'isFirebaseAuthorised', 'isLoggedIn', 'hasProfile' ])
+  },
+  methods: {
+    logout() {
+      this.$store.dispatch('auth/logout')
+      // .then(() => this.$router.push("/"))
     }
   }
 }
@@ -40,6 +53,12 @@ export default {
     font-size: var(--font-small);
 }
 
+.logo-span {
+    display: flex;
+    flex-direction: row;
+    justify-content: start;
+}
+
 .links {
     /* should be flex will require less hacks */
     display: flex;
diff --git a/frontend/src/components/questions-answers/QuestionForm.vue b/frontend/src/components/questions-answers/QuestionForm.vue
index bcbfcc45..dfbc134e 100644
--- a/frontend/src/components/questions-answers/QuestionForm.vue
+++ b/frontend/src/components/questions-answers/QuestionForm.vue
@@ -44,21 +44,4 @@ export default {
 .content {
   padding: 10px 20px;
 }
-
-textarea {
-  border: var(--border);
-  border-radius: 2px;
-  font: inherit;
-  resize: none;
-  padding: 10px;
-  outline: none;
-  margin: 10px 0px;
-  width: calc(100% - 20px);
-  height: 100px;
-  transition: 0.2s border ease-in-out;
-}
-
-textarea:focus, textarea:active {
-  border: 1px solid #acc;
-}
 </style>
diff --git a/frontend/src/components/reviews-replies/ReviewForm.vue b/frontend/src/components/reviews-replies/ReviewForm.vue
index 658f56a0..94d047f7 100644
--- a/frontend/src/components/reviews-replies/ReviewForm.vue
+++ b/frontend/src/components/reviews-replies/ReviewForm.vue
@@ -84,23 +84,6 @@ export default {
   padding: 10px 20px;
 }
 
-textarea {
-  border: var(--border);
-  border-radius: 2px;
-  font: inherit;
-  resize: none;
-  padding: 10px;
-  outline: none;
-  margin: 10px 0px;
-  width: calc(100% - 20px);
-  height: 100px;
-  transition: 0.2s border ease-in-out;
-}
-
-textarea:focus, textarea:active {
-  border: 1px solid #acc;
-}
-
 .submit {
   background-color: var(--black);
   width: 50%;
diff --git a/frontend/src/router/index.js b/frontend/src/router/index.js
new file mode 100644
index 00000000..bf1be5ee
--- /dev/null
+++ b/frontend/src/router/index.js
@@ -0,0 +1,18 @@
+import router from './routes'
+import store from '../store'
+
+router.beforeEach((to, from, next) => {
+  const authState = store.getters['auth/isLoggedIn']
+
+  if (to.matched.some(record => record.meta.requiresAuth)) {
+    if (authState) {
+      next()
+    } else {
+      next('/login')
+    }
+  } else {
+    next()
+  }
+})
+
+export default router
diff --git a/frontend/src/router.js b/frontend/src/router/routes.js
similarity index 65%
rename from frontend/src/router.js
rename to frontend/src/router/routes.js
index a5472d13..9391fdb6 100644
--- a/frontend/src/router.js
+++ b/frontend/src/router/routes.js
@@ -1,18 +1,18 @@
 import Vue from 'vue'
 import Router from 'vue-router'
-import Home from './views/Home'
+import Home from '../views/Home'
 
 Vue.use(Router)
 
-const questionView = () => import('./views/Question')
-const reviewView = () => import('./views/Review')
-const newQuestionView = () => import('./views/NewQuestion')
-const newReviewView = () => import('./views/NewReview')
-const courseQuestions = () => import('./views/course/CourseQuestions')
-const courseReviews = () => import('./views/course/CourseReviews')
-const subjectList = () => import('./views/SubjectList')
-const subjectCourses = () => import('./views/SubjectCourses')
-const ErrorPage = () => import('./views/404')
+const questionView = () => import('../views/Question')
+const reviewView = () => import('../views/Review')
+const newQuestionView = () => import('../views/NewQuestion')
+const newReviewView = () => import('../views/NewReview')
+const courseQuestions = () => import('../views/course/CourseQuestions')
+const courseReviews = () => import('../views/course/CourseReviews')
+const subjectList = () => import('../views/SubjectList')
+const subjectCourses = () => import('../views/SubjectCourses')
+const ErrorPage = () => import('../views/404')
 
 export default new Router({
   mode: 'history',
@@ -69,7 +69,7 @@ export default new Router({
       // route level code-splitting
       // this generates a separate chunk (course.[hash].js) for this route
       // which is lazy-loaded when the route is visited.
-      component: () => import('./views/course')
+      component: () => import('../views/course')
     },
     {
       path: '/course/:code([\\w]{8})/question/new',
@@ -77,7 +77,10 @@ export default new Router({
       props: ({ params: { code } }) => ({
         code
       }),
-      component: newQuestionView
+      component: newQuestionView,
+      meta: {
+        requiresAuth: true
+      }
     },
     {
       path: '/course/:code([\\w]{8})/question/:id',
@@ -94,7 +97,10 @@ export default new Router({
       props: ({ params: { code } }) => ({
         code
       }),
-      component: newReviewView
+      component: newReviewView,
+      meta: {
+        requiresAuth: true
+      }
     },
     {
       path: '/course/:code([\\w]{8})/review/:id',
@@ -108,21 +114,34 @@ export default new Router({
     {
       path: '/signup',
       name: 'Sign Up',
-      component: () => import('./views/SignUp')
+      component: () => import('../views/SignUp')
+    },
+    {
+      path: '/create-profile',
+      name: 'Create Profile',
+      component: () => import('../views/CreateProfile')
     },
     {
       path: '/login',
       name: 'Login',
-      component: () => import('./views/Login')
+      component: () => import('../views/Login')
+    },
+    {
+      path: '/profile',
+      name: 'Profile',
+      component: () => import('../views/Profile'),
+      meta: {
+        requiresAuth: true
+      }
     },
     {
       path: '/password-reset',
       name: 'Forgot Password',
-      component: () => import('./views/ForgotPassword')
+      component: () => import('../views/ForgotPassword')
     },
     {
       path: '/fonts',
-      component: () => import('./views/Design')
+      component: () => import('../views/Design')
     },
     {
       // match any other route
diff --git a/frontend/src/store/auth/index.js b/frontend/src/store/auth/index.js
index 1f2a591a..748f7114 100644
--- a/frontend/src/store/auth/index.js
+++ b/frontend/src/store/auth/index.js
@@ -1,40 +1,82 @@
 // firebase authentication class
 import auth from './config'
 
-import { createUser } from '@/utils/api/auth'
+import { createProfile, updateProfile, getSelf } from '@/utils/api/auth'
 
 const state = {
   loading: false,
-  error: ''
+  error: '',
+  // firebase authObject
+  userAuthObject: null,
+  // our own user data
+  profile: null
 }
 
 const getters = {
+// logged into firebase (authenticated account)
+  isFirebaseAuthorised: ({ userAuthObject }) => !!userAuthObject,
+  // TODO not sure if this is useful...
+  hasProfile: ({ profile, userAuthObject }) => !!profile,
+  // logged into backend (existing profile) and authed with firebase
+  isLoggedIn: ({ profile, userAuthObject }) => !!profile && !!userAuthObject,
+
+  profile: ({ profile }) => profile,
+  userAuthObject: ({ userAuthObject }) => userAuthObject,
   loading: ({ loading }) => loading,
   error: ({ error }) => error
 }
 
 const mutations = {
   ERROR(state, message) {
-    if (message) console.log('AUTH ERROR', message)
+    if (message) console.warn('AUTH ERROR', message)
     state.error = message
   },
   SET_LOADING(state, isLoading) {
     state.loading = isLoading
+  },
+  /**
+   * @param {*} state The root state
+   * @param {*} user  The logged in user object or null
+   */
+  SET_USER(state, user) {
+    state.userAuthObject = user
+  },
+  /**
+   * @param {*} state The root state
+   * @param {*} profile The user's profile object
+   */
+  SET_PROFILE(state, profile) {
+    // anytime we want to set the profile, we want to update the local storage too
+    if (profile) {
+      localStorage.setItem('PROFILE_KEY', JSON.stringify(profile))
+    } else {
+      localStorage.removeItem('PROFILE_KEY')
+    }
+    state.profile = profile
   }
 }
 
 /* TODO CHANGE THESE TO ASYNC */
 /* successful signIn returns an UserAuth object which has field user */
 const actions = {
-  signIn({ commit }, { email, password }) {
+  async signIn({ commit, dispatch, state }, { email, password }) {
     commit('SET_LOADING', true)
-    return auth.signInWithEmailAndPassword(email, password)
-      .then(({ user }) => commit('SET_USER', user, { root: true }))
-      .catch(error => {
-        commit('ERROR', error.message)
-        throw error
-      })
-      .finally(() => commit('SET_LOADING', false))
+    try {
+      // this returns the 'usercredential' which is not the user object -.-
+      const { user } = await auth.signInWithEmailAndPassword(email, password)
+      commit('SET_USER', user)
+    } catch (error) {
+      commit('ERROR', error.message)
+    }
+
+    // no firebase auth, just get outta here
+    if (!state.userAuthObject) {
+      commit('SET_LOADING', false)
+      return
+    }
+
+    await dispatch('getProfile')
+    commit('SET_LOADING', false)
   },
 
   /**
@@ -42,9 +84,13 @@ const actions = {
    * firebase for this.
    */
   logout({ commit }) {
+    commit('SET_LOADING', true)
     return auth.signOut()
-      .then(() => commit('SET_USER', null, { root: true }))
-      .catch(error => commit('ERROR', error.message))
+      .then(() => {
+        commit('SET_USER', null)
+        commit('SET_PROFILE', null)
+      })
+      .finally(() => commit('SET_LOADING', false))
   },
 
   /**
@@ -52,40 +98,119 @@ const actions = {
    * UserAuth obj has field user which is what we're interested in
    * Currently, successful signUp will automatically sign in user.
    **/
-  signUp({ commit }, { email, password }) {
+  createAccount({ commit }, { email, password }) {
     commit('SET_LOADING', true)
     return auth.createUserWithEmailAndPassword(email, password)
-      .then(({ user }) => {
-        /* TODO implement retry if failure occurs on server
-          Simultaneously:
-          1. Send off new user creds for backend creation,
-          2. Set user state in store.
-         */
-        return Promise.all([
-          createUser(user),
-          commit('SET_USER', user, { root: true })])
-      })
-      .catch(error => {
-        commit('ERROR', error.message)
-        throw error
-      })
+      .then(({ user }) => commit('SET_USER', user))
+      .catch(error => commit('ERROR', error.message))
       .finally(() => commit('SET_LOADING', false))
   },
 
+  /**
+  * Create user profile in the backend
+  * Assume existing user
+  **/
+  createProfile({ commit, state }, { displayName }) {
+    commit('SET_LOADING', true)
+    return createProfile(state.userAuthObject, { displayName })
+      .then((profile) => commit('SET_PROFILE', profile))
+      .catch(error => commit('ERROR', error.message))
+      .finally(() => commit('SET_LOADING', false))
+  },
+
+  /**
+  * Update user profile
+  * Assume existing user
+  **/
+  updateProfile({ commit }, { data }) {
+    commit('SET_LOADING', true)
+    return updateProfile(state.userAuthObject, data)
+      .then((profile) => commit('SET_PROFILE', profile))
+      .catch(error => commit('ERROR', error.message))
+      .finally(() => commit('SET_LOADING', false))
+  },
+
+  /*
+  * Get profile from backend and put it in the store.
+  * Assumes valid firebase token in the store
+  */
+  async getProfile({ commit, state }) {
+    const oldLoading = state.loading
+    commit('SET_LOADING', true)
+
+    try {
+      const profile = await getSelf(state.userAuthObject)
+      // success!
+      commit('SET_PROFILE', profile)
+    } catch (error) {
+      // abort! abort!
+      commit('ERROR', error.message)
+      commit('SET_PROFILE', null)
+      // if there's a 403 error code, it means it's a valid account but no profile exists yet
+      // otherwise, completely abort auth
+      if (!error.code || error.code !== 403) {
+        commit('SET_USER', null)
+        await auth.signOut()
+      }
+    } finally {
+      // restore loading state
+      commit('SET_LOADING', oldLoading)
+    }
+  },
+
   /**
    * Called on application boot once firebase has been initialised
+   * Logs into firebase and retrieves the profile
+   * If anything fails it clears everything
    */
-  checkAuth({ commit }) {
-    return new Promise((resolve, reject) => {
-      const unsubscribe = auth.onAuthStateChanged(user => {
-        unsubscribe()
-        resolve(user)
-      }, reject)
-    })
-      .then(user => commit('SET_USER', user, { root: true }))
-      .catch(error => {
-        commit('ERROR', error)
+  async checkAuth({ commit, dispatch, state }) {
+    commit('SET_LOADING', true)
+    try {
+      // returns user object
+      const user = await new Promise((resolve, reject) => {
+        // add a handler for change in signin state
+        const unsubscribe = auth.onAuthStateChanged(user => {
+          // unsubscribe this function, so it no longer handles the state change
+          unsubscribe()
+          // return the user auth object, or null if not authorized
+          resolve(user)
+        }, reject)
       })
+      // put it in the store
+      commit('SET_USER', user)
+    } catch (error) {
+      commit('ERROR', error.message)
+    }
+
+    // no firebase auth, just get outta here
+    if (!state.userAuthObject) {
+      commit('SET_LOADING', false)
+      return
+    }
+
+    // get existing profile information if cached
+    const existing = localStorage.getItem('PROFILE_KEY')
+    if (existing) {
+      const parsed = JSON.parse(existing)
+      // existing profile data means the user didn't log out
+      commit('SET_PROFILE', parsed)
+      commit('SET_LOADING', false)
+      return
+    }
+
+    // we're authorized with firebase but there's no valid profile info yet
+    await dispatch('getProfile')
+    commit('SET_LOADING', false)
+  },
+
+  /**
+   * simply send a password reset email... no need to be authorised or anything
+   */
+  sendPasswordResetEmail({ commit }, { email }) {
+    commit('SET_LOADING', true)
+    return auth.sendPasswordResetEmail(email)
+      .catch(error => commit('ERROR', error.message))
+      .finally(() => commit('SET_LOADING', false))
   }
 }
 
diff --git a/frontend/src/store/root.js b/frontend/src/store/root.js
index 50d67537..3247d800 100644
--- a/frontend/src/store/root.js
+++ b/frontend/src/store/root.js
@@ -2,18 +2,15 @@ import { get } from '../utils/api'
 
 /* root application state */
 const state = {
-  loading: false,
+  error: '',
   // cached courses
-  courses: [],
-  // fire authObject
-  userAuthObject: {},
-  // our own user data
-  profile: {}
+  courses: []
 }
 
 const getters = {
-  isLoggedIn: ({ userAuthObject }) => !!userAuthObject,
-  authObject: ({ userAuthObject }) => userAuthObject
+  loading: ({ auth, course, questions, reviews, subject }) =>
+    [auth.loading, course.loading, questions.loading, reviews.loading, subject.loading].reduce((acc, curr) => acc || curr, false),
+  error: ({ error }) => error
 }
 
 const actions = {
@@ -35,13 +32,6 @@ const mutations = {
   },
   POPULATE_SEARCH(state, data) {
     state.courses = data
-  },
-  /**
-   * @param {*} state The root state
-   * @param {*} user  The logged in user object or null
-   */
-  SET_USER(state, user) {
-    state.userAuthObject = user
   }
 }
 
diff --git a/frontend/src/utils/api/auth.js b/frontend/src/utils/api/auth.js
index afbbdfe4..559226dd 100644
--- a/frontend/src/utils/api/auth.js
+++ b/frontend/src/utils/api/auth.js
@@ -1,4 +1,4 @@
-import { get, post } from '.'
+import { get, post, put } from '.'
 
 /**
  * Add authtoken to request
@@ -23,9 +23,7 @@ export function getAuthHeaders(user) {
  */
 export function getSelf(user) {
   return getAuthHeaders(user)
-    .then(options =>
-      get('/user', options))
-    .catch(err => console.warn(err))
+    .then(options => get('/user', options))
 }
 
 /**
@@ -33,9 +31,14 @@ export function getSelf(user) {
  * entry for the user
  * @param {*} user The user object provided by firebase
  */
-export function createUser(user) {
+export function createProfile(user, data) {
   return getAuthHeaders(user)
-    .then(options => post('/user', options))
+    .then(options => post('/user', { ...options, data }))
+}
+
+export function updateProfile(user, data) {
+  return getAuthHeaders(user)
+    .then(options => put('/user', { ...options, data }))
 }
 
 /**
diff --git a/frontend/src/views/CreateProfile.vue b/frontend/src/views/CreateProfile.vue
new file mode 100644
index 00000000..2e81a63a
--- /dev/null
+++ b/frontend/src/views/CreateProfile.vue
@@ -0,0 +1,53 @@
+<template>
+  <div class="auth-page">
+    <AppAuthForm v-if="!loading"
+      :title="'Create Profile'"
+      :buttonText="'Create Profile'"
+      :error="error"
+      :clickHandler="createProfile"
+      :link="{
+        text: '',
+        name: ''
+      }"
+    >
+      <AuthInput spellcheck="false" type="text" v-model="displayName" placeholder="Choose a display name"/>
+    </AppAuthForm>
+    <LoadingSpinner v-else/>
+  </div>
+</template>
+
+<script>
+import { mapGetters } from 'vuex'
+import AppAuthForm from '@/components/Authentication/Form'
+import AuthInput from '@/components/Authentication/Input'
+
+export default {
+  name: 'createprofile',
+  data() {
+    return {
+      displayName: ''
+    }
+  },
+  components: { AppAuthForm, AuthInput },
+  computed: {
+    ...mapGetters('auth', [ 'loading', 'error', 'isFirebaseAuthorised', 'isLoggedIn', 'hasProfile' ])
+  },
+  // reroute whenever auth loading state changes
+  watch: {
+    loading() { this.reroute() }
+  },
+  methods: {
+    createProfile() {
+      const { displayName } = this
+      this.$store.dispatch('auth/createProfile', { displayName })
+    },
+    reroute() {
+      if (this.isLoggedIn) this.$router.push('/')
+      else if (!this.isFirebaseAuthorised) this.$router.push('/signup')
+    }
+  },
+  created() {
+    this.$store.commit('auth/ERROR', '')
+  }
+}
+</script>
diff --git a/frontend/src/views/ForgotPassword.vue b/frontend/src/views/ForgotPassword.vue
index 523df71a..4f1d0007 100644
--- a/frontend/src/views/ForgotPassword.vue
+++ b/frontend/src/views/ForgotPassword.vue
@@ -1,18 +1,20 @@
 <template>
     <div class="auth-page">
         <AuthForm
+            v-if="!loading"
             :clickHandler="resetPass"
-            :buttonText="'Reset Password'">
-            <h3><i class="material-icons">warning</i> Warning </h3>
-            <p>By clicking continue you will remove your previous password. This action cannot be undone.</p>
-            <p>Confirm your email address below and we'll send you a link to create a new password.</p>
-            <AuthInput placeholder="Write your email here" />
+            :buttonText="'Reset Password'"
+            :error="error"
+            >
+            <p>Confirm your email address below and we'll send you a link to reset your password.</p>
+            <AuthInput v-model="email" placeholder="Write your email here" />
         </AuthForm>
+        <LoadingSpinner v-else/>
     </div>
 </template>
 
 <script>
-
+import { mapGetters } from 'vuex'
 import AuthInput from '@/components/Authentication/Input'
 import AuthForm from '@/components/Authentication/Form'
 
@@ -21,10 +23,17 @@ export default {
     AuthForm,
     AuthInput
   },
+  data () {
+    return {
+      email: ''
+    }
+  },
+  computed: {
+    ...mapGetters('auth', [ 'loading', 'error' ])
+  },
   methods: {
     resetPass() {
-      /* implement logic eventually */
-
+      this.$store.dispatch('auth/sendPasswordResetEmail', { email: this.email })
     }
   }
 }
diff --git a/frontend/src/views/Login.vue b/frontend/src/views/Login.vue
index f495c0af..70d55b06 100644
--- a/frontend/src/views/Login.vue
+++ b/frontend/src/views/Login.vue
@@ -9,8 +9,7 @@
       :link="{
         text: 'Forgot your password?',
         name: 'Forgot Password'
-      }"
-    >
+      }">
       <AuthInput spellcheck="false" type="email" v-model="email" placeholder="Email"/>
       <AuthInput type="password" v-model="password" placeholder="Password"/>
     </AppAuthForm>
@@ -33,14 +32,26 @@ export default {
   },
   components: { AppAuthForm, AuthInput },
   computed: {
-    ...mapGetters('auth', [ 'error', 'loading' ])
+    ...mapGetters('auth', [ 'loading', 'error', 'isFirebaseAuthorised', 'isLoggedIn', 'hasProfile' ])
+  },
+  // reroute whenever auth loading state changes
+  watch: {
+    loading() { this.reroute() }
   },
   methods: {
     clickHandler() {
       const { email, password } = this
       this.$store.dispatch('auth/signIn', { email, password })
-        .then(() => this.$router.push('/'))
-        .catch(e => {})
+    },
+    reroute() {
+      // we need to check the store to determine state
+      if (this.isFirebaseAuthorised) {
+        if (this.hasProfile) {
+          this.$router.push('/')
+        } else {
+          this.$router.push('/create-profile')
+        }
+      }
     }
   },
   created() {
diff --git a/frontend/src/views/Onboarding.vue b/frontend/src/views/Onboarding.vue
deleted file mode 100644
index a8604d54..00000000
--- a/frontend/src/views/Onboarding.vue
+++ /dev/null
@@ -1,4 +0,0 @@
-<template>
-    <!-- TODO -->
-    <div></div>
-</template>
diff --git a/frontend/src/views/Profile.vue b/frontend/src/views/Profile.vue
index a8604d54..e1ae7cc0 100644
--- a/frontend/src/views/Profile.vue
+++ b/frontend/src/views/Profile.vue
@@ -1,4 +1,133 @@
 <template>
-    <!-- TODO -->
-    <div></div>
+    <section class="main-content">
+
+        <div class="profile">
+        <Card>
+            <div v-if="!loading">
+
+                <figure>
+                  <img class="avatar" :src="picture || '/defaultpicture.png'"/>
+                </figure>
+                <h2 class="name">{{ profile.displayName }}</h2>
+                <h3 class="email">{{ profile.email }}</h3>
+                <form class="form">
+                  Picture URL: <AppInput spellcheck="false" type="text" v-model="picture"/>
+                  Degree: <AppInput spellcheck="false" type="text" v-model="degree"/>
+                  Graduation Year: <AppInput spellcheck="false" type="text" v-model="gradYear"/>
+                  Description: <textarea v-model="description"></textarea>
+                  <AppButton class="button-spacing" @click.native="updateProfile()">
+                      Update Profile
+                  </AppButton>
+                </form>
+
+            </div>
+            <LoadingSpinner v-else/>
+        </Card>
+        </div>
+
+    </section>
 </template>
+
+<script>
+import AppButton from '@/components/AppButton'
+import AppInput from '@/components/AppInput'
+import Card from '@/components/Card'
+import { mapGetters } from 'vuex'
+
+export default {
+  components: { AppInput, AppButton, Card },
+  data() {
+    return {
+      picture: '',
+      degree: '',
+      gradYear: '',
+      description: ''
+    }
+  },
+  computed: {
+    ...mapGetters('auth', [ 'loading', 'error', 'isFirebaseAuthorised', 'isLoggedIn', 'hasProfile', 'profile' ])
+  },
+  watch: {
+    hasProfile (oldState, newState) {
+      if (this.hasProfile) {
+        this.picture = this.profile.picture
+        this.degree = this.profile.degree
+        this.gradYear = this.profile.gradYear
+        this.description = this.profile.description
+      }
+    },
+    loading() { this.reroute() }
+  },
+  methods: {
+    updateProfile() {
+      const data = { picture: this.picture, degree: this.degree, gradYear: this.gradYear, description: this.description }
+      this.$store.dispatch('auth/updateProfile', { data })
+    },
+    reroute() {
+      if (this.isFirebaseAuthorised) {
+        if (!this.hasProfile) {
+          this.$router.push('/create-profile')
+        }
+      } else {
+        this.$router.push('/login')
+      }
+    }
+  },
+  mounted() {
+    if (this.hasProfile) {
+      this.picture = this.profile.picture
+      this.degree = this.profile.degree
+      this.gradYear = this.profile.gradYear
+      this.description = this.profile.description
+    }
+  }
+}
+</script>
+
+<style scoped>
+
+.profile {
+    text-align: center;
+}
+
+.name, .description {
+    margin: 10px 0px;
+}
+
+p {
+    text-align: left;
+    font: inherit;
+}
+
+figure {
+    border-radius: 100%;
+    margin: auto;
+    width: 120px;
+    height: 120px;
+    overflow: hidden;
+    background-color: var(--theme-light);
+}
+
+.avatar {
+    /* TODO make this work properly... */
+    max-height:100%;
+    min-width:100%;
+    min-height:100%;
+    /*margin-left: -50%;
+    margin-top: -50%;*/
+}
+
+.form {
+  text-align:left;
+  font: var(--body-copy-1);
+  display: grid;
+  grid-auto-flow: row;
+  grid-gap: 20px;
+}
+
+.button-spacing {
+  width: 80%;
+  margin: auto;
+  margin-top: 30px;
+}
+</style>
diff --git a/frontend/src/views/SignUp.vue b/frontend/src/views/SignUp.vue
index 6b6456b4..3f601b55 100644
--- a/frontend/src/views/SignUp.vue
+++ b/frontend/src/views/SignUp.vue
@@ -4,13 +4,12 @@
       :title="'Sign Up'"
       :buttonText="'Sign Up'"
       :error="error"
-      :clickHandler="clickHandler"
+      :clickHandler="createAccount"
       :link="{
         text: 'Already have an account?',
         name: 'Login'
       }"
     >
-      <AuthInput type="text" placeholder="Display Name"/>
       <AuthInput spellcheck="false" type="email" v-model="email" placeholder="Email"/>
       <AuthInput type="password" v-model="password" placeholder="Password"/>
     </AppAuthForm>
@@ -33,14 +32,20 @@ export default {
   },
   components: { AppAuthForm, AuthInput },
   computed: {
-    ...mapGetters('auth', [ 'error', 'loading' ])
+    ...mapGetters('auth', [ 'loading', 'error', 'isFirebaseAuthorised', 'isLoggedIn', 'hasProfile' ])
+  },
+  // reroute whenever auth loading state changes
+  watch: {
+    loading() { this.reroute() }
   },
   methods: {
-    clickHandler() {
+    createAccount() {
       const { email, password } = this
-      this.$store.dispatch('auth/signUp', { email, password })
-        .then(() => this.$router.push('/'))
-        .catch(e => {})
+      this.$store.dispatch('auth/createAccount', { email, password })
+    },
+    reroute() {
+      if (this.isLoggedIn) this.$router.push('/')
+      if (this.isFirebaseAuthorised && !this.hasProfile) this.$router.push('/create-profile')
     }
   },
   created() {