diff --git a/login_server/src/cpp/JSONInterface/JsonUpdateUserInfos.cpp b/login_server/src/cpp/JSONInterface/JsonUpdateUserInfos.cpp
index c4ab519fd..6756ca437 100644
--- a/login_server/src/cpp/JSONInterface/JsonUpdateUserInfos.cpp
+++ b/login_server/src/cpp/JSONInterface/JsonUpdateUserInfos.cpp
@@ -144,10 +144,15 @@ Poco::JSON::Object* JsonUpdateUserInfos::handle(Poco::Dynamic::Var params)
 					}
 				}
 			}
-			else if ("User.password" == name && value.size() > 0 && (ServerConfig::g_AllowUnsecureFlags & ServerConfig::UNSECURE_PASSWORD_REQUESTS) == ServerConfig::UNSECURE_PASSWORD_REQUESTS) {
+			else if ("User.password" == name && (ServerConfig::g_AllowUnsecureFlags & ServerConfig::UNSECURE_PASSWORD_REQUESTS) == ServerConfig::UNSECURE_PASSWORD_REQUESTS) {
+				
 				if (!value.isString()) {
 					jsonErrorsArray.add("User.password isn't string");
 				}
+				std::string value_str = value.toString();
+				if (!value_str.size()) {
+					jsonErrorsArray.add("User.password is empty");
+				}
 				else {
 					std::string old_password;
 					auto old_password_obj = updates->get("User.password_old");
@@ -171,20 +176,16 @@ Poco::JSON::Object* JsonUpdateUserInfos::handle(Poco::Dynamic::Var params)
 						}
 						else 
 						{
-							auto result = user->login(old_password);
-							if (result == 1) {
+							auto secret_key = user->createSecretKey(old_password);
+							if (secret_key->getKeyHashed() == user_model->getPasswordHashed()) {
 								old_password_valid = true;
 							}
-							else if (result == -3) {
+							else if (secret_key.isNull()) {
 								jsonErrorsArray.add("Password calculation for this user already running, please try again later");
 							}
 							else {
 								jsonErrorsArray.add("User.password_old didn't match");
 							}
-							
-							if (result == 2) {
-								Poco::Thread::sleep(ServerConfig::g_FakeLoginSleepTime);
-							}
 						}
 
 					}
@@ -228,7 +229,12 @@ Poco::JSON::Object* JsonUpdateUserInfos::handle(Poco::Dynamic::Var params)
 	}
 	result->set("errors", jsonErrorsArray);
 	result->set("valid_values", extractet_values);
-	result->set("state", "success");
+	if (!jsonErrorsArray.size()) {
+		result->set("state", "success");
+	}
+	else {
+		result->set("state", "error");
+	}
 
 	return result;
 }
\ No newline at end of file
diff --git a/login_server/src/cpp/test/JSONInterface/TestJsonUpdateUserInfos.cpp b/login_server/src/cpp/test/JSONInterface/TestJsonUpdateUserInfos.cpp
index 64891fb01..a1e2fbf79 100644
--- a/login_server/src/cpp/test/JSONInterface/TestJsonUpdateUserInfos.cpp
+++ b/login_server/src/cpp/test/JSONInterface/TestJsonUpdateUserInfos.cpp
@@ -11,7 +11,7 @@ void TestJsonUpdateUserInfos::SetUp()
 	//sm->init();	
 	mUserSession = sm->getNewSession();
 	auto user = controller::User::create();
-	user->getModel()->setEmail("Jeet_bb@gmail.com");
+	user->load("Jeet_bb@gmail.com");
 	mUserSession->setUser(user);
 }
 
@@ -41,7 +41,9 @@ TEST_F(TestJsonUpdateUserInfos, EmptyOldPassword)
 	update->set("User.password", "haLL1o_/%s");
 
 	auto params = chooseAccount(update);
+	Profiler timeUsed;
 	auto result = jsonCall.handle(params);
+	ASSERT_LE(timeUsed.millis(), 300);
 
 	auto errors = result->get("errors");
 	ASSERT_TRUE(errors.isArray());
@@ -56,6 +58,11 @@ TEST_F(TestJsonUpdateUserInfos, EmptyOldPassword)
 	ASSERT_EQ(error_array.size(), 1);
 	ASSERT_EQ(error_array.getElement<std::string>(0), "User.password_old not found");
 
+	auto state = result->get("state");
+	ASSERT_FALSE(state.isEmpty());
+	ASSERT_TRUE(state.isString());
+	ASSERT_EQ(state.toString(), "error");
+
 	delete result;
 }
 
@@ -67,7 +74,9 @@ TEST_F(TestJsonUpdateUserInfos, OnlyOldPassword)
 	update->set("User.password_old", "TestP4ssword&H");
 
 	auto params = chooseAccount(update);
+	Profiler timeUsed;
 	auto result = jsonCall.handle(params);
+	ASSERT_LE(timeUsed.millis(), 200);
 
 	auto errors = result->get("errors");
 	ASSERT_TRUE(errors.isArray());
@@ -79,13 +88,18 @@ TEST_F(TestJsonUpdateUserInfos, OnlyOldPassword)
 	Poco::JSON::Array error_array = errors.extract<Poco::JSON::Array>();
 	ASSERT_EQ(error_array.size(), 0);
 
+	auto state = result->get("state");
+	ASSERT_FALSE(state.isEmpty());
+	ASSERT_TRUE(state.isString());
+	ASSERT_EQ(state.toString(), "success");
+
 	delete result;
 }
 
 TEST_F(TestJsonUpdateUserInfos, WrongPassword)
 {
 	JsonUpdateUserInfos jsonCall;
-	mUserSession->loadUser("Jeet_bb@gmail.com", "TestP4ssword&H");
+	ASSERT_EQ(mUserSession->loadUser("Jeet_bb@gmail.com", "TestP4ssword&H"), USER_COMPLETE);
 	Poco::JSON::Object::Ptr update = new Poco::JSON::Object;
 
 	update->set("User.password", "newPassword");
@@ -94,7 +108,7 @@ TEST_F(TestJsonUpdateUserInfos, WrongPassword)
 	auto params = chooseAccount(update);
 	Profiler timeUsed;
 	auto result = jsonCall.handle(params);
-	ASSERT_GE(timeUsed.millis(), ServerConfig::g_FakeLoginSleepTime-200);
+	ASSERT_GE(timeUsed.millis(), ServerConfig::g_FakeLoginSleepTime * 0.75);
 
 	auto errors = result->get("errors");
 	ASSERT_TRUE(errors.isArray());
@@ -107,5 +121,76 @@ TEST_F(TestJsonUpdateUserInfos, WrongPassword)
 	ASSERT_EQ(error_array.size(), 1);
 	ASSERT_EQ(error_array.getElement<std::string>(0), "User.password_old didn't match");
 
+	auto state = result->get("state");
+	ASSERT_FALSE(state.isEmpty());
+	ASSERT_TRUE(state.isString());
+	ASSERT_EQ(state.toString(), "error");
+
+	delete result;
+}
+
+TEST_F(TestJsonUpdateUserInfos, EmptyPassword)
+{
+	JsonUpdateUserInfos jsonCall;
+	Poco::JSON::Object::Ptr update = new Poco::JSON::Object;
+
+	update->set("User.password", "");
+	update->set("User.password_old", "TestP4sswordH");
+
+	auto params = chooseAccount(update);
+	Profiler timeUsed;
+	auto result = jsonCall.handle(params);
+	ASSERT_LE(timeUsed.millis(), 200);
+
+	auto errors = result->get("errors");
+	ASSERT_TRUE(errors.isArray());
+	auto valid_values_obj = result->get("valid_values");
+	ASSERT_TRUE(valid_values_obj.isInteger());
+	int valid_values = 0;
+	valid_values_obj.convert(valid_values);
+	ASSERT_EQ(valid_values, 0);
+	Poco::JSON::Array error_array = errors.extract<Poco::JSON::Array>();
+	ASSERT_EQ(error_array.size(), 1);
+	ASSERT_EQ(error_array.getElement<std::string>(0), "User.password is empty");
+
+	auto state = result->get("state");
+	ASSERT_FALSE(state.isEmpty());
+	ASSERT_TRUE(state.isString());
+	ASSERT_EQ(state.toString(), "error");
+
+	delete result;
+}
+
+
+TEST_F(TestJsonUpdateUserInfos, CorrectPassword)
+{
+	JsonUpdateUserInfos jsonCall;
+	ASSERT_EQ(mUserSession->loadUser("Jeet_bb@gmail.com", "TestP4ssword&H"), USER_COMPLETE);
+
+	Poco::JSON::Object::Ptr update = new Poco::JSON::Object;
+
+	update->set("User.password", "newPassword");
+	update->set("User.password_old", "TestP4ssword&H");
+
+	auto params = chooseAccount(update);
+	Profiler timeUsed;
+	auto result = jsonCall.handle(params);
+	ASSERT_GE(timeUsed.millis(), ServerConfig::g_FakeLoginSleepTime * 0.75);
+
+	auto errors = result->get("errors");
+	ASSERT_TRUE(errors.isArray());
+	auto valid_values_obj = result->get("valid_values");
+	ASSERT_TRUE(valid_values_obj.isInteger());
+	int valid_values = 0;
+	valid_values_obj.convert(valid_values);
+	EXPECT_EQ(valid_values, 1);
+	Poco::JSON::Array error_array = errors.extract<Poco::JSON::Array>();
+	ASSERT_EQ(error_array.size(), 0);
+
+	auto state = result->get("state");
+	ASSERT_FALSE(state.isEmpty());
+	ASSERT_TRUE(state.isString());
+	ASSERT_EQ(state.toString(), "success");
+
 	delete result;
 }
\ No newline at end of file