diff --git a/lib/auth_web/controllers/auth_controller.ex b/lib/auth_web/controllers/auth_controller.ex
index 1a2e8aaf..de756ab5 100644
--- a/lib/auth_web/controllers/auth_controller.ex
+++ b/lib/auth_web/controllers/auth_controller.ex
@@ -291,7 +291,7 @@ defmodule AuthWeb.AuthController do
   see:
   """
   def password_create(conn, params) do
-    IO.inspect(params, label: "password_create > params:271")
+    # IO.inspect(params, label: "password_create > params:271")
     p = params["person"]
     email = Auth.Person.decrypt_email(p["email"])
     person = Auth.Person.upsert_person(%{email: email, password: p["password"]})
@@ -305,10 +305,12 @@ defmodule AuthWeb.AuthController do
   TODO:
   """
   def password_prompt(conn, params) do # verify the password
-    IO.inspect(params, label: "password_prompt params:294")
+    # IO.inspect(params, label: "password_prompt params:294")
     p = params["person"]
     email = Auth.Person.decrypt_email(p["email"])
+    # IO.inspect(email, label: "email:311")
     person = Auth.Person.get_person_by_email(email)
+    # IO.inspect(person, label: "person:312")
 
     case Argon2.verify_pass(p["password"], person.password_hash) do
       true ->
diff --git a/test/auth_web/controllers/auth_controller_test.exs b/test/auth_web/controllers/auth_controller_test.exs
index f1148c8a..a90d330d 100644
--- a/test/auth_web/controllers/auth_controller_test.exs
+++ b/test/auth_web/controllers/auth_controller_test.exs
@@ -223,4 +223,45 @@ defmodule AuthWeb.AuthControllerTest do
     conn = get(conn, link, %{})
     assert html_response(conn, 302) =~ "redirected"
   end
+
+  test "password_prompt/2 verify VALID password", %{conn: conn} do
+    data = %{
+      email: "ana@mail.com",
+      auth_provider: "email",
+      status: 1,
+      password: "thiswillbehashed"
+    }
+    Auth.Person.upsert_person(data)
+    state = AuthPlug.Helpers.get_baseurl_from_conn(conn)
+      <> "/profile?auth_client_id=" <> AuthPlug.Token.client_id()
+
+    params = %{ "person" => %{
+      "email" => AuthWeb.ApikeyController.encrypt_encode(data.email),
+      "password" => "thiswillbehashed",
+      "state" => state
+    }}
+    conn = post(conn, "/auth/password/verify", params)
+    # IO.inspect(conn, label: "conn")
+    assert html_response(conn, 302) =~ "redirected"
+  end
+
+  test "password_prompt/2 verify INVALID password", %{conn: conn} do
+    data = %{
+      email: "ana@mail.com",
+      auth_provider: "email",
+      status: 1,
+      password: "thiswillbehashed"
+    }
+    Auth.Person.upsert_person(data)
+    state = AuthPlug.Helpers.get_baseurl_from_conn(conn)
+      <> "/profile?auth_client_id=" <> AuthPlug.Token.client_id()
+
+    params = %{ "person" => %{
+      "email" => AuthWeb.ApikeyController.encrypt_encode(data.email),
+      "password" => "fail",
+      "state" => state
+    }}
+    conn = post(conn, "/auth/password/verify", params)
+    assert html_response(conn, 200) =~ "password is incorrect"
+  end
 end