diff --git a/src/models/entities/User.ts b/src/models/entities/User.ts
index 57bdf5c..a176934 100644
--- a/src/models/entities/User.ts
+++ b/src/models/entities/User.ts
@@ -106,7 +106,7 @@ export class User extends Principal {
   * The user's profile picture.
   * We haven't decided yet if this will be a bas64 encoded image or just a link to the profile picture.
   */
-  @Column({ nullable: true, unique: true })
+  @Column({ nullable: true, unique: false })
   @IsString()
   @IsOptional()
   profilePic?: string;
@@ -115,7 +115,7 @@ export class User extends Principal {
   * The last time the user requested a password reset.
   * Used to prevent spamming of the password reset route.
   */
-  @Column({ nullable: true, unique: true })
+  @Column({ nullable: true, unique: false })
   @IsString()
   @IsOptional()
   resetRequestedTimestamp?: number;
diff --git a/src/tests/auth/auth_login.spec.ts b/src/tests/auth/auth_login.spec.ts
new file mode 100644
index 0000000..f0c49a9
--- /dev/null
+++ b/src/tests/auth/auth_login.spec.ts
@@ -0,0 +1,56 @@
+import axios from 'axios';
+import { config } from '../../config';
+const base = "http://localhost:" + config.internal_port
+
+let axios_config;
+
+beforeAll(async () => {
+    axios_config = {
+        validateStatus: undefined
+    };
+});
+
+describe('POST /api/auth/login valid', () => {
+    it('valid login should return 200', async () => {
+        const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" }, axios_config);
+        expect(res.status).toEqual(200);
+        expect(res.headers['content-type']).toContain("application/json")
+    });
+});
+// ---------------
+describe('POST /api/auth/login invalid body', () => {
+    it('Loging without a body should return 400', async () => {
+        const res = await axios.post(base + '/api/auth/login', null, axios_config);
+        expect(res.status).toEqual(400);
+    });
+    it('Loging without a password should return 400', async () => {
+        const res = await axios.post(base + '/api/auth/login', { username: "demo" }, axios_config);
+        expect(res.status).toEqual(400);
+    });
+    it('Loging with invalid mail format should return 400', async () => {
+        const res = await axios.post(base + '/api/auth/login', { email: "demo", password: "demo" }, axios_config);
+        expect(res.status).toEqual(400);
+    });
+    it('Loging without a username/mail should return 404', async () => {
+        const res = await axios.post(base + '/api/auth/login', { password: "demo" }, axios_config);
+        expect(res.status).toEqual(404);
+    });
+});
+// ---------------
+describe('POST /api/auth/login nonexistant user', () => {
+    it('login with nonexistant username should return 404', async () => {
+        const res = await axios.post(base + '/api/auth/login', { username: "-1", password: "demo" }, axios_config);
+        expect(res.status).toEqual(404);
+    });
+    it('login with nonexistant mail should return 404', async () => {
+        const res = await axios.post(base + '/api/auth/login', { email: "test@example.com", password: "demo" }, axios_config);
+        expect(res.status).toEqual(404);
+    });
+});
+// ---------------
+describe('POST /api/auth/login wrong password', () => {
+    it('login with wrong password should return 401', async () => {
+        const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "totallynotthecorrectpassword" }, axios_config);
+        expect(res.status).toEqual(401);
+    });
+});
\ No newline at end of file
diff --git a/src/tests/auth/auth_logout.spec.ts b/src/tests/auth/auth_logout.spec.ts
new file mode 100644
index 0000000..7c846c1
--- /dev/null
+++ b/src/tests/auth/auth_logout.spec.ts
@@ -0,0 +1,58 @@
+import axios from 'axios';
+import { config } from '../../config';
+
+const base = "http://localhost:" + config.internal_port
+
+const axios_config = {
+    validateStatus: undefined
+};;
+
+beforeAll(async () => {
+    const res_login = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
+    await axios.post(base + '/api/users', {
+        "firstname": "demo_logout",
+        "middlename": "demo_logout",
+        "lastname": "demo_logout",
+        "username": "demo_logout",
+        "password": "demo_logout"
+    }, {
+        headers: { "authorization": "Bearer " + res_login.data["access_token"] },
+        validateStatus: undefined
+    });
+});
+
+describe('POST /api/auth/logout valid', () => {
+    let refresh_coookie;
+    it('valid logout with token in cookie should return 200', async () => {
+        const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logout", password: "demo_logout" });
+        refresh_coookie = res_login.headers["set-cookie"];
+        const res = await axios.post(base + '/api/auth/logout', null, {
+            headers: { "Cookie": refresh_coookie },
+            validateStatus: undefined
+        });
+        expect(res.status).toEqual(200);
+    });
+    it('valid logout with token in body should return 200', async () => {
+        const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logout", password: "demo_logout" });
+        const res = await axios.post(base + '/api/auth/logout', { token: res_login.data["refresh_token"] }, axios_config);
+        expect(res.status).toEqual(200);
+    });
+    it('getting users after valid logout should return 401', async () => {
+        const res = await axios.get(base + '/api/users', {
+            headers: { "Cookie": refresh_coookie },
+            validateStatus: undefined
+        });
+        expect(res.status).toEqual(401);
+    });
+});
+// ---------------
+describe('POST /api/auth/logout ivalid', () => {
+    it('invalid logout without token should return 406', async () => {
+        const res = await axios.post(base + '/api/auth/logout', null, axios_config);
+        expect(res.status).toEqual(406);
+    });
+    it('invalid logout with invalid token in body should return 401', async () => {
+        const res = await axios.post(base + '/api/auth/logout', { token: "1" }, axios_config);
+        expect(res.status).toEqual(401);
+    });
+});
\ No newline at end of file
diff --git a/src/tests/auth/auth_refresh.spec.ts b/src/tests/auth/auth_refresh.spec.ts
new file mode 100644
index 0000000..02d2a02
--- /dev/null
+++ b/src/tests/auth/auth_refresh.spec.ts
@@ -0,0 +1,49 @@
+import axios from 'axios';
+import { config } from '../../config';
+
+const base = "http://localhost:" + config.internal_port
+
+const axios_config = {
+    validateStatus: undefined
+};;
+
+beforeAll(async () => {
+    const res_login = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
+    await axios.post(base + '/api/users', {
+        "firstname": "demo_refresh",
+        "middlename": "demo_refresh",
+        "lastname": "demo_refresh",
+        "username": "demo_refresh",
+        "password": "demo_refresh"
+    }, {
+        headers: { "authorization": "Bearer " + res_login.data["access_token"] },
+        validateStatus: undefined
+    });
+});
+
+describe('POST /api/auth/refresh valid', () => {
+    it('valid refresh with token in cookie should return 200', async () => {
+        const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refresh", password: "demo_refresh" });
+        const res = await axios.post(base + '/api/auth/refresh', null, {
+            headers: { "Cookie": res_login.headers["set-cookie"] },
+            validateStatus: undefined
+        });
+        expect(res.status).toEqual(200);
+    });
+    it('valid refresh with token in body should return 200', async () => {
+        const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refresh", password: "demo_refresh" });
+        const res = await axios.post(base + '/api/auth/refresh', { token: res_login.data["refresh_token"] }, axios_config);
+        expect(res.status).toEqual(200);
+    });
+});
+// ---------------
+describe('POST /api/auth/refresh ivalid', () => {
+    it('invalid refresh without token should return 406', async () => {
+        const res = await axios.post(base + '/api/auth/refresh', null, axios_config);
+        expect(res.status).toEqual(406);
+    });
+    it('invalid refresh with invalid token in body should return 401', async () => {
+        const res = await axios.post(base + '/api/auth/refresh', { token: "1" }, axios_config);
+        expect(res.status).toEqual(401);
+    });
+});
\ No newline at end of file
diff --git a/src/tests/auth/auth_reset.spec.ts b/src/tests/auth/auth_reset.spec.ts
new file mode 100644
index 0000000..2ebb8ed
--- /dev/null
+++ b/src/tests/auth/auth_reset.spec.ts
@@ -0,0 +1,75 @@
+import axios from 'axios';
+import { config } from '../../config';
+
+const base = "http://localhost:" + config.internal_port
+
+const axios_config = {
+    validateStatus: undefined
+};;
+
+beforeAll(async () => {
+    const res_login = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
+    await axios.post(base + '/api/users', {
+        "firstname": "demo_reset",
+        "middlename": "demo_reset",
+        "lastname": "demo_reset",
+        "username": "demo_reset",
+        "password": "demo_reset"
+    }, {
+        headers: { "authorization": "Bearer " + res_login.data["access_token"] },
+        validateStatus: undefined
+    });
+    await axios.post(base + '/api/users', {
+        "firstname": "demo_reset2",
+        "middlename": "demo_reset2",
+        "lastname": "demo_reset2",
+        "username": "demo_reset2",
+        "password": "demo_reset2"
+    }, {
+        headers: { "authorization": "Bearer " + res_login.data["access_token"] },
+        validateStatus: undefined
+    });
+});
+
+describe('POST /api/auth/reset valid', () => {
+    let reset_token;
+    it('valid reset token request should return 200', async () => {
+        const res1 = await axios.post(base + '/api/auth/reset', { username: "demo_reset" });
+        reset_token = res1.data.resetToken;
+        expect(res1.status).toEqual(200);
+    });
+    it('valid password reset should return 200', async () => {
+        const res2 = await axios.post(base + '/api/auth/reset/' + reset_token, { password: "demo" }, axios_config);
+        expect(res2.status).toEqual(200);
+    });
+    it('valid login after reset should return 200', async () => {
+        const res = await axios.post(base + '/api/auth/login', { username: "demo_reset", password: "demo" });
+        expect(res.status).toEqual(200);
+    });
+});
+// ---------------
+describe('POST /api/auth/reset invalid requests', () => {
+    it('request another password reset before the timeout should return 406', async () => {
+        const res1 = await axios.post(base + '/api/auth/reset', { username: "demo_reset2" }, axios_config);
+        const res2 = await axios.post(base + '/api/auth/reset', { username: "demo_reset2" }, axios_config);
+        expect(res2.status).toEqual(406);
+    });
+});
+// ---------------
+describe('POST /api/auth/reset invalid token', () => {
+    it('providing a invalid reset token should return 401', async () => {
+        const res2 = await axios.post(base + '/api/auth/reset/' + "123123", { password: "demo" }, axios_config);
+        expect(res2.status).toEqual(401);
+    });
+    it('providing no reset token should return 404', async () => {
+        const res2 = await axios.post(base + '/api/auth/reset/' + "", { password: "demo" }, axios_config);
+        expect(res2.status).toEqual(404);
+    });
+});
+// ---------------
+describe('POST /api/auth/reset invalid body', () => {
+    it('providing no password should return 400', async () => {
+        const res2 = await axios.post(base + '/api/auth/reset/' + "123123", null, axios_config);
+        expect(res2.status).toEqual(400);
+    });
+});
\ No newline at end of file