--- a/pkg/controllers/token.go	Fri Aug 24 10:50:58 2018 +0200
+++ b/pkg/controllers/token.go	Fri Aug 24 11:36:11 2018 +0200
@@ -47,9 +47,8 @@
 }
 
 func logout(rw http.ResponseWriter, req *http.Request) {
-	token, _ := auth.GetToken(req)
-	deleted := auth.ConnPool.Delete(token)
-	if !deleted {
+	token, ok := auth.GetToken(req)
+	if !ok || !auth.ConnPool.Delete(token) {
 		http.NotFound(rw, req)
 		return
 	}
@@ -59,19 +58,27 @@
 
 func login(rw http.ResponseWriter, req *http.Request) {
 
-	var (
-		user     = req.FormValue("user")
-		password = req.FormValue("password")
-	)
+	var input struct {
+		User     models.UserName `json:"user"`
+		Password string          `json:"password"`
+	}
+	defer req.Body.Close()
+	if err := json.NewDecoder(req.Body).Decode(&input); err != nil {
+		log.Printf("%v\n", err)
+		http.Error(rw, "error: "+err.Error(), http.StatusBadRequest)
+		return
+	}
 
-	if !models.UserName(user).IsValid() || password == "" {
+	if input.Password == "" {
 		http.Error(rw, "Invalid credentials", http.StatusBadRequest)
 		return
 	}
 
-	token, session, err := auth.GenerateSession(user, password)
+	token, session, err := auth.GenerateSession(
+		string(input.User),
+		input.Password)
 	if err != nil {
-		http.Error(rw, fmt.Sprintf("error: %v", err), http.StatusUnauthorized)
+		http.Error(rw, "error: "+err.Error(), http.StatusUnauthorized)
 		return
 	}