diff --git a/app/routes/auth/index.js b/app/routes/auth/index.js
index 61ba948..a70e6fc 100644
--- a/app/routes/auth/index.js
+++ b/app/routes/auth/index.js
@@ -2,8 +2,10 @@ const auth = require('express').Router();
 
 const register = require('./register');
 const login = require('./login');
+const reset = require('./reset');
 
-const UserSchema = require('../../schemas/user');
+const RegisterValidation = require.main.require('./app/validation/register');
+const LoginValidation = require.main.require('./app/validation/login');
 
 /**
  * @api {post} /auth/register Register
@@ -12,25 +14,33 @@ const UserSchema = require('../../schemas/user');
  *
  * @apiParam {String} firstname Firstname of the user.
  * @apiParam {String} lastname Lastname of the user.
- * @apiParam {String} username username of the user.
+ * @apiParam {String} email email of the user.
  * @apiParam {String} password password of the user.
  *
  * @apiSuccess {Array} Array Array of Note objects.
  */
-auth.post('/register', UserSchema, register);
+auth.post('/register', RegisterValidation, register);
 
 /**
  * @api {post} /auth/login Get access token
  * @apiName Login
  * @apiGroup Auth
  *
- * @apiParam {String} username username of the user.
+ * @apiParam {String} email email of the user.
  * @apiParam {String} password password of the user.
  *
  * @apiSuccess {string} access_token Access token.
  */
-auth.post('/login', login);
+auth.post('/login', LoginValidation, login);
 
-// note.post('/rester-password', reset)
+/**
+ * @api {post} /auth/reset-password Reset password
+ * @apiName ResetPass
+ * @apiGroup Auth
+ *
+ * @apiParam {String} email email of the user.
+ * @apiParam {String} password password of the user.
+ */
+auth.post('/rester-password', reset);
 
 module.exports = auth;
diff --git a/app/routes/auth/login.js b/app/routes/auth/login.js
index 1e40d51..bff4b7c 100644
--- a/app/routes/auth/login.js
+++ b/app/routes/auth/login.js
@@ -2,28 +2,45 @@ const mongoose = require('mongoose');
 const jwt = require('jsonwebtoken');
 const bcrypt = require('bcrypt-nodejs');
 
+const secret = require.main.require('./config/secret');
+
 module.exports = (req, res, next) => {
   const User = mongoose.model('User');
 
   User.findOne({
-    username: req.body.username,
+    email: req.body.email,
   }, (err, user) => {
     if (err) throw err;
 
     if (!user) {
-      next({ status: 400, message: 'Authentication failed. User not found.' });
-    } else {
-      // check if password matches
-      const isMatch = bcrypt.compare(req.body.password, User.password);
-      if (isMatch && !err) {
-        // if user is found and password is right create a token
-        const token = 'test';
-        // return the information including token as JSON
-        res.json({ success: true, access_token: `JWT ${token}` });
-      } else {
-        next({ status: 401, message: 'Authentication failed. User not found.' });
-        res.status(401).send({ success: false, msg: 'Authentication failed. Wrong password.' });
-      }
+      return next({ status: 400, message: 'Authentication failed. User not found.' });
     }
+
+    // check if password matches
+    return bcrypt.compare(req.body.password, user.password, (error, result) => {
+      if (result && !error) {
+        // if user is found and password is right create a token
+        const dataUser = {
+          id: user.id,
+          email: user.email,
+        };
+
+        const token = jwt.sign({ user: dataUser }, secret, { expiresIn: '12h' });
+
+        // return the information including token as JSON
+        return res.json({
+          success: true,
+          access_token: token,
+          user: {
+            _id: user.id,
+            firstname: user.firstname,
+            lastname: user.lastname,
+            email: user.email,
+          },
+        });
+      }
+
+      return next({ status: 401, message: 'Authentication failed. Wrong password.' });
+    });
   });
 };
diff --git a/app/routes/auth/register.js b/app/routes/auth/register.js
index 0025e93..aaa4f02 100644
--- a/app/routes/auth/register.js
+++ b/app/routes/auth/register.js
@@ -9,21 +9,21 @@ module.exports = (req, res, next) => {
   const User = new UserModel({
     firstname: req.body.firstname,
     lastname: req.body.lastname,
-    username: req.body.username,
+    email: req.body.email,
     password: passwordHash,
   });
 
-  UserModel.findOne({
-    username: req.body.username,
-  }, (err, user) => {
-    next({ status: 401, message: 'Username is already taken.' });
-  });
-
-  return User.save((saveErr) => {
-    if (saveErr) {
-      return next({ status: 500, message: 'Database error', error: [] });
+  UserModel.countDocuments({ email: req.body.email }, (err, c) => {
+    if (c !== 0) {
+      return next({ status: 401, message: 'Email is already taken by another user.' });
     }
 
-    return res.status(200).json(User);
+    return User.save((saveErr) => {
+      if (saveErr) {
+        return next({ status: 500, message: 'Database error', error: [saveErr] });
+      }
+
+      return res.status(201).json({ success: true, message: 'Success' });
+    });
   });
 };
diff --git a/app/routes/auth/reset.js b/app/routes/auth/reset.js
new file mode 100644
index 0000000..0e97c8b
--- /dev/null
+++ b/app/routes/auth/reset.js
@@ -0,0 +1,5 @@
+module.exports = (req, res) => {
+  const user = {};
+
+  res.status(200).json({ user });
+};