diff --git a/middlewares/login.js b/middlewares/login.js
index 4ec39388..f493aea2 100644
--- a/middlewares/login.js
+++ b/middlewares/login.js
@@ -13,7 +13,7 @@ module.exports.login = async (req, res) => {
     });
 
     if (!user) {
-        return errors.makeNotFoundError(res, 'User is not found.');
+        return errors.makeUnauthorizedError(res, 'User is not found.');
     }
 
     if (!await user.checkPassword(req.body.password)) {
diff --git a/migrations/20200128175455-create-users.js b/migrations/20200128175455-create-users.js
index 58d574f9..0a2d1080 100644
--- a/migrations/20200128175455-create-users.js
+++ b/migrations/20200128175455-create-users.js
@@ -23,8 +23,7 @@ module.exports = {
         },
         mail_confirmed_at: {
             type: Sequelize.DATE,
-            allowNull: true,
-            defaultValue: Sequelize.NOW
+            allowNull: true
         },
         active: {
             type: Sequelize.BOOLEAN,
diff --git a/models/User.js b/models/User.js
index f69f70fb..e5d8cbc5 100644
--- a/models/User.js
+++ b/models/User.js
@@ -38,8 +38,7 @@ const User = sequelize.define('user', {
     },
     mail_confirmed_at: {
         type: Sequelize.DATE,
-        allowNull: false,
-        defaultValue: Sequelize.NOW
+        allowNull: true
     },
     active: {
         type: Sequelize.BOOLEAN,
diff --git a/test/api/authorization.test.js b/test/api/authorization.test.js
new file mode 100644
index 00000000..25ea7b56
--- /dev/null
+++ b/test/api/authorization.test.js
@@ -0,0 +1,88 @@
+const { startServer, stopServer } = require('../../lib/server.js');
+const { request } = require('../scripts/helpers');
+const generator = require('../scripts/generator');
+
+describe('Authorization', () => {
+    beforeAll(async () => {
+        await startServer();
+    });
+
+    afterAll(async () => {
+        await stopServer();
+    });
+
+    afterEach(async () => {
+        await generator.clearAll();
+    });
+
+    test('should fail if the user is not found', async () => {
+        const res = await request({
+            uri: '/login/',
+            method: 'POST',
+            headers: { 'X-Auth-Token': 'blablabla' },
+            body: {
+                username: 'non-existant@test.io',
+                password: 'aaaa'
+            }
+        });
+
+        expect(res.statusCode).toEqual(401);
+        expect(res.body.success).toEqual(false);
+        expect(res.body).not.toHaveProperty('data');
+        expect(res.body).toHaveProperty('message');
+    });
+
+    test('should fail if the password is wrong', async () => {
+        const user = await generator.createUser({ password: 'test' })
+        const res = await request({
+            uri: '/login/',
+            method: 'POST',
+            headers: { 'X-Auth-Token': 'blablabla' },
+            body: {
+                username: user.email,
+                password: 'test2'
+            }
+        });
+
+        expect(res.statusCode).toEqual(401);
+        expect(res.body.success).toEqual(false);
+        expect(res.body).not.toHaveProperty('data');
+        expect(res.body).toHaveProperty('message');
+    });
+
+    test('should fail if the email is not confirmed', async () => {
+        const user = await generator.createUser({ password: 'test', mail_confirmed_at: null })
+        const res = await request({
+            uri: '/login/',
+            method: 'POST',
+            headers: { 'X-Auth-Token': 'blablabla' },
+            body: {
+                username: user.email,
+                password: 'test'
+            }
+        });
+
+        expect(res.statusCode).toEqual(401);
+        expect(res.body.success).toEqual(false);
+        expect(res.body).not.toHaveProperty('data');
+        expect(res.body).toHaveProperty('message');
+    });
+
+    test('should succeed if everything is okay', async () => {
+        const user = await generator.createUser({ password: 'test', mail_confirmed_at: new Date() })
+        const res = await request({
+            uri: '/login/',
+            method: 'POST',
+            headers: { 'X-Auth-Token': 'blablabla' },
+            body: {
+                username: user.email,
+                password: 'test'
+            }
+        });
+
+        expect(res.statusCode).toEqual(200);
+        expect(res.body.success).toEqual(true);
+        expect(res.body).toHaveProperty('data');
+        expect(res.body).not.toHaveProperty('errors');
+    });
+});
diff --git a/test/scripts/generator.js b/test/scripts/generator.js
index 0dd01d51..527a0e9f 100644
--- a/test/scripts/generator.js
+++ b/test/scripts/generator.js
@@ -1,6 +1,12 @@
 const faker = require('faker');
 
-const { User, Campaign, MailConfirmation } = require('../../models');
+const {
+    User,
+    Campaign,
+    MailConfirmation,
+    AccessToken,
+    RefreshToken,
+} = require('../../models');
 
 const notSet = (field) => typeof field === 'undefined';
 
@@ -36,6 +42,8 @@ exports.createCampaign = (options = {}) => {
 };
 
 exports.clearAll = async () => {
+    await AccessToken.destroy({ where: {}, truncate: { cascade: true } });
+    await RefreshToken.destroy({ where: {}, truncate: { cascade: true } });
     await MailConfirmation.destroy({ where: {}, truncate: { cascade: true } });
     await User.destroy({ where: {}, truncate: { cascade: true } });
     await Campaign.destroy({ where: {}, truncate: { cascade: true } });