diff --git a/back-end/routes/authentication-routes.js b/back-end/routes/authentication-routes.js
index 16688dc..f083d20 100644
--- a/back-end/routes/authentication-routes.js
+++ b/back-end/routes/authentication-routes.js
@@ -66,20 +66,18 @@ const authenticationRouter = () => {
       const user = await User.findOne({ username: username }).exec()
       // check if user was found
       if (!user) {
-        console.error(`User not found: ${err}`)
-        res.status(500).json({
+        console.error(`User not found.`)
+        return res.status(401).json({
           success: false,
           message: "User not found in database.",
-          error: err,
         })
       }
       // if user exists, check if password is correct
-      if (!user.validPassword(password)) {
-        console.error(`Incorrect password: ${err}`)
-        res.status(500).json({
+      else if (!user.validPassword(password)) {
+        console.error(`Incorrect password.`)
+        return res.status(401).json({
           success: false,
           message: "Incorrect password.",
-          error: err,
         })
       }
       // user found and password is correct... send a success response
@@ -94,7 +92,7 @@ const authenticationRouter = () => {
     } catch (err) {
       // check error
       console.error(`Error looking up user: ${err}`)
-      res.status(500).json({
+      return res.status(500).json({
         success: false,
         message: "Error looking up user in database.",
         error: err,
diff --git a/back-end/test/get-cookie.test.js b/back-end/test/get-cookie.test.js
index 4372bdf..197d966 100644
--- a/back-end/test/get-cookie.test.js
+++ b/back-end/test/get-cookie.test.js
@@ -18,11 +18,11 @@ describe("Get cookie", () => {
    * test the GET /get-cookie route
    */
   const cookieData = "foo=bar" // mock cookie data
-  describe("GET /get-cookie with Cookies in request", () => {
+  describe("GET /cookie/get with Cookies in request", () => {
     it("it should return a 200 HTTP response code", done => {
       chai
         .request(server)
-        .get("/get-cookie")
+        .get("/cookie/get")
         .set("Cookie", cookieData) // set a cookie header with a valid cookie key/value pair our server is expecting
         .end((err, res) => {
           res.should.have.status(200) // use 'should' to make BDD-style assertions
@@ -33,7 +33,7 @@ describe("Get cookie", () => {
     it("it should return an object with specific properties", done => {
       chai
         .request(server)
-        .get("/get-cookie")
+        .get("/cookie/get")
         .set("Cookie", cookieData) // set a cookie header with a valid cookie key/value pair our server is expecting
         .end((err, res) => {
           res.body.should.be.a("object") // our route sends back an object
diff --git a/back-end/test/login.test.js b/back-end/test/login.test.js
index 3abf576..89d634e 100644
--- a/back-end/test/login.test.js
+++ b/back-end/test/login.test.js
@@ -18,11 +18,11 @@ describe("Login", () => {
    * test the POST /login route
    */
   const formData = { username: "bla", password: "wrong" } // mock form data with incorrect credentials
-  describe("POST /login with incorrect username/password", () => {
+  describe("POST /auth/login with incorrect username/password", () => {
     it("it should return a 401 HTTP response code", done => {
       chai
         .request(server)
-        .post("/login")
+        .post("/auth/login")
         .type("form")
         .send(formData)
         .end((err, res) => {
@@ -32,12 +32,12 @@ describe("Login", () => {
     })
   })
 
-  describe("POST /login with correct username/password", () => {
+  describe("POST /auth/login with correct username/password", () => {
     const formData = { username: "foo", password: "bar" } // mock form data with correct credentials
     it("it should return a 200 HTTP response code", done => {
       chai
         .request(server)
-        .post("/login")
+        .post("/auth/login")
         .type("form")
         .send(formData)
         .end((err, res) => {
diff --git a/back-end/test/logout.test.js b/back-end/test/logout.test.js
index 2d0bc31..dd0d220 100644
--- a/back-end/test/logout.test.js
+++ b/back-end/test/logout.test.js
@@ -17,11 +17,11 @@ describe("Logout", () => {
   /**
    * test the GET /logout route
    */
-  describe("GET /logout", () => {
+  describe("GET /auth/logout", () => {
     it("it should return a 200 HTTP response code", done => {
       chai
         .request(server)
-        .get("/logout")
+        .get("/auth/logout")
         .end((err, res) => {
           res.should.have.status(200) // use 'should' to make BDD-style assertions
           done() // resolve the Promise that these tests create so mocha can move on
@@ -33,7 +33,7 @@ describe("Logout", () => {
       // nevertheless, including this for example
       chai
         .request(server)
-        .get("/logout")
+        .get("/auth/logout")
         .end((err, res) => {
           res.body.should.be.a("object") // our route sends back an object
           res.body.should.have.property("success", true)
diff --git a/back-end/test/protected.test.js b/back-end/test/protected.test.js
index 97e2da1..0e52749 100644
--- a/back-end/test/protected.test.js
+++ b/back-end/test/protected.test.js
@@ -38,8 +38,9 @@ describe("Protected", () => {
 
     // let's first create a valid JWT token to use in the requests where we want to be logged in
     const jwt = require("jsonwebtoken")
-    const { jwtOptions, jwtStrategy } = require("../jwt-config.js") // import setup options for using JWT in passport
-    const token = jwt.sign({ id: 1 }, process.env.JWT_SECRET) // create a signed token simulating user #1
+    const User = require("../models/User")
+    const user = new User({ username: "test", password: "test" })
+    const token = user.generateJWT()
 
     it("it should return a 200 HTTP response code", done => {
       chai
diff --git a/back-end/test/set-cookie.test.js b/back-end/test/set-cookie.test.js
index 1f571ba..abea5fc 100644
--- a/back-end/test/set-cookie.test.js
+++ b/back-end/test/set-cookie.test.js
@@ -18,11 +18,11 @@ describe("Set cookie", () => {
    * test the GET /set-cookie route
    */
   const cookieData = "foo=bar" // mock cookie data
-  describe("GET /set-cookie", () => {
+  describe("GET /cookie/set", () => {
     it("it should return a 200 HTTP response code", done => {
       chai
         .request(server)
-        .get("/set-cookie")
+        .get("/cookie/set")
         .end((err, res) => {
           res.should.have.status(200) // use 'should' to make BDD-style assertions
           done() // resolve the Promise that these tests create so mocha can move on
@@ -34,7 +34,7 @@ describe("Set cookie", () => {
       // nevertheless, including this for example
       chai
         .request(server)
-        .get("/set-cookie")
+        .get("/cookie/set")
         .end((err, res) => {
           res.body.should.be.a("object") // our route sends back an object
           res.body.should.have.keys("success", "message") // a way to test the presence of an exact set of keys in the response object
@@ -47,7 +47,7 @@ describe("Set cookie", () => {
       // nevertheless, including this for example
       chai
         .request(server)
-        .get("/set-cookie")
+        .get("/cookie/set")
         .end((err, res) => {
           const [expectedKey, expectedValue] = cookieData.split("=") // get the expected cookie key/value pair
           expect(res).to.have.cookie(expectedKey, expectedValue) // check for expected cookie header key/value pair