diff --git a/containers/api/src/app.controller.ts b/containers/api/src/app.controller.ts
index afef9106..9183cb2b 100644
--- a/containers/api/src/app.controller.ts
+++ b/containers/api/src/app.controller.ts
@@ -6,7 +6,7 @@
 /*   By: apommier <apommier@student.42.fr>          +#+  +:+       +#+        */
 /*                                                +#+#+#+#+#+   +#+           */
 /*   Created: 2023/06/17 01:00:00 by apommier          #+#    #+#             */
-/*   Updated: 2023/06/18 13:16:23 by apommier         ###   ########.fr       */
+/*   Updated: 2023/06/18 13:30:50 by apommier         ###   ########.fr       */
 /*                                                                            */
 /* ************************************************************************** */
 
@@ -314,10 +314,10 @@ export class AppController {
 	  console.log(`user in auth/login= ${user.username}`);
 	  const data = await this.authService.login(user);
 	  console.log(`all data in api = ${data}`)
-	  
+
 	  const myJSON = JSON.stringify(data);
 	  console.log(`all data json version= ${myJSON}`)
-	  
+
 	  console.log(`data in api = ${(await data).access_token}`)
 	//   console.log(`data i = ${(await data).access_token}`)
 	  const token = (await data).access_token;
@@ -353,6 +353,8 @@ export class AppController {
   {
 	const user = await this.userService.findOne(req.user.username);
 	const res = await VerifyOTP(user, data.token)
+	console.log('token in verify=', data.token)
+	console.log('res in verify=', res)
 	await this.userService.save(user);
 	return res
   }
@@ -367,6 +369,18 @@ export class AppController {
 	return res
   }
 
+  @UseGuards(JwtAuthGuard)
+  @Post('/deleteOtp')
+  async deleteOTP(@Request() req, @Body() data: any)
+  {
+	const user = await this.userService.findOne(req.user.username);
+	user.otp_verified = false;
+	await this.userService.save(user);
+	// const res = await ValidateOTP(user, data.token)
+	// await this.userService.save(user);
+	// return res
+  }
+
 //   @UseGuards(JwtAuthGuard)
 //   @Get('/QRcode')
 //   async createQrCode(@Request() req)
@@ -396,18 +410,16 @@ export class AppController {
   @Post('/conv')
   async createConv(@Request() req, @Body() data: any) {
 	///create conv and return it ? id?
-	// console.log(`data post /conv= ${data}`);
-	// console.log(`data post /conv= ${data.members}`);
+	console.log(`data post /conv= ${data}`);
+	console.log(`data post /conv= ${data.members}`);
 	// console.log(`data post /conv= ${data.name}`);
 
 	// const param = data;
 	const amIhere = data.members.includes(req.user.username);
 	if (!amIhere)
-		data.members.push(req.user.username);
-	data.admin = [];
-	data.admin.push(req.user.username);
+		data.members.push(req.user.username)
 	// let test = {id: 2, members: "cc"};
-	data.owner = req.user.username;
+	data.owner = req.user.username
 	data.group = true;
 	return await this.chatService.createConv(data);
 	// res.json(messages);
diff --git a/containers/api/src/users/2fa.ts b/containers/api/src/users/2fa.ts
index 38a0924e..e89b9d2d 100644
--- a/containers/api/src/users/2fa.ts
+++ b/containers/api/src/users/2fa.ts
@@ -85,12 +85,13 @@ export const generateOTP = async (user) => {
 
 	  if (delta === null) {
 		console.log("error verify token")
-		return ("error verify token")
+		return (0)
 	  }
 	  else
 	  {
 		user.otp_verified = true;
 		console.log("token verified")
+		return (1)
 	  }
 	} catch (error) {
 		console.log(error)
@@ -111,12 +112,13 @@ export const generateOTP = async (user) => {
 
 	  if (delta === null) {
 		console.log("error validate token")
-		return ("error validate token")
+		return (0);
 	  }
 	  else
 	  {
 		// user.otp_verified = true;
 		console.log("token validated")
+		return (1);
 	  }
 	} catch (error) {
 		console.log(error)
diff --git a/containers/react/src/components/Messages/Modal.tsx b/containers/react/src/components/Messages/Modal.tsx
index 50c5e39f..62b50811 100644
--- a/containers/react/src/components/Messages/Modal.tsx
+++ b/containers/react/src/components/Messages/Modal.tsx
@@ -87,6 +87,7 @@ const Modal = ({handleClose}) => {
 			members: selectedOptions,
 		}
 		try{
+			// test
 			api.post("/conv", data);
 			handleClose();
 		} catch(err) {
diff --git a/containers/react/src/script/axiosApi.tsx b/containers/react/src/script/axiosApi.tsx
index 8a9c80b9..2ae297d4 100644
--- a/containers/react/src/script/axiosApi.tsx
+++ b/containers/react/src/script/axiosApi.tsx
@@ -12,13 +12,13 @@ function getToken() {
 console.log(`getToken = ${getToken()}`)
 console.log(`Bearer ${localStorage.getItem("token")}`)
 
-const test = "192.168.1.19"
+// const test = "192.168.1.19"
 // const url = 'http://' + process.env.REACT_APP_BASE_URL + '/api'
 // const url = 'http://' + test + '/api'
 
 // console.log("url= ", url)
-console.log("test= ", test)
-console.log("env= ", process.env.REACT_APP_BASE_URL)
+// console.log("test= ", test)
+// console.log("env= ", process.env.REACT_APP_BASE_URL)
 
 let api = axios.create({
 //   baseURL: 'http://localhost/api', 
diff --git a/containers/react/src/script/tokenSuccess.tsx b/containers/react/src/script/tokenSuccess.tsx
index 503e2118..5eb24530 100644
--- a/containers/react/src/script/tokenSuccess.tsx
+++ b/containers/react/src/script/tokenSuccess.tsx
@@ -1,13 +1,247 @@
 import { useLocation } from 'react-router-dom';
+import { useState, useEffect } from 'react'
 import queryString from 'query-string';
+import api from "./axiosApi.tsx";
+import axios from 'axios';
 
 function SuccessToken() {
-  const location = useLocation();
-  const { data } = queryString.parse(location.search);
-  const cleanData = data.slice(1, -1);
-  localStorage.setItem('token', `${cleanData}`);
-  console.log(`token= ${localStorage.getItem('token')}`)
-  window.location.replace("http://" + process.env.REACT_APP_BASE_URL + "/pong");
-}
+	const location = useLocation();
+	const { data } = queryString.parse(location.search);
+	const [code, setCode] = useState('');
+	const [user, setUser] = useState(false);
+  
+	useEffect(() => {
+	  if (!data) {
+		console.log("No data");
+		return;
+	  }
+  
+	  const cleanData = data.slice(1, -1); // Declare cleanData here
+  
+	  const getUser = async () => {
+		try {
+		  const tmpUser = await axios({
+			method: 'GET',
+			url: 'http://' + process.env.REACT_APP_BASE_URL + '/api/profile',
+			headers: {
+			  Authorization: `Bearer ${cleanData}`,
+			},
+			withCredentials: true,
+		  });
+		  setUser(tmpUser.data);
+		} catch (err) {
+		  console.log(err);
+		}
+	  };
+  
+	  getUser();
+	}, [data]);
+  
+	const handleKeyPress = async (e)=>{
+		// console.log(`e in press= ${e.key}`)
+		if (e.key !== "Enter")
+			return ;
+		try{
+			console.log("code= ", code)
+			// const res = await api.post("/verifyOtp", {token: code})
 
-export default SuccessToken;
\ No newline at end of file
+
+			const res = await axios({
+				method: 'POST',
+				url: 'http://' + process.env.REACT_APP_BASE_URL + '/api/verifyOtp',
+				headers: {
+				  Authorization: `Bearer ${cleanData}`,
+				},
+				withCredentials: true,
+				data: { token: code }
+			  });
+
+			console.log("res= ", res.data)
+			console.log("res= ", res)
+			if (res.data === 1)
+			{
+				console.log("registered")
+				// history.push('/login')
+	
+				localStorage.setItem('token', `${cleanData}`);
+				console.log(`prout token2= ${localStorage.getItem('token')}`);
+				window.location.replace("http://" + process.env.REACT_APP_BASE_URL + "/pong");
+
+				// const path = 'http://' + process.env.REACT_APP_BASE_URL + '/'; 
+				// window.history.pushState({}, null, path);
+				// window.location.reload(false);
+	
+			}
+			else
+			{
+				console.log("bad code")
+				//alert ?? retry
+			}
+			// redirect('/test')
+		} 
+		catch(err){
+			 console.log(err)
+		}
+	}
+
+
+  
+	if (!user) {
+	  // Render a loading indicator or return null while user is being fetched
+	  return <h1>Loading...</h1>;
+	}
+  
+	const cleanData = data.slice(1, -1); // Declare cleanData here as well
+  
+	if (!user.otp_verified) {
+	  console.log("false");
+	  localStorage.setItem('token', `${cleanData}`);
+	  console.log(`prout token2= ${localStorage.getItem('token')}`);
+	  window.location.replace("http://" + process.env.REACT_APP_BASE_URL + "/pong");
+	  return null; // or return a message or component indicating not verified
+	}
+  
+	return (
+		<>
+		  <h1>Double Auth</h1>
+		  <input
+			onKeyDown={handleKeyPress}
+			type="text"
+			className="qr"
+			placeholder="6 Digits Code"
+			value={code}
+			onChange={(e) => setCode(e.target.value)}
+		  />
+		</>
+	  );
+	}
+	
+	export default SuccessToken;
+
+// function SuccessToken() {
+
+//   const location = useLocation();
+//   const { data } = queryString.parse(location.search);
+
+//   if ( !data)
+//   {
+// 	console.log("no data")
+//   	return ;
+//   }
+//   const cleanData = data.slice(1, -1);
+
+
+//   const [code, setCode] = useState('');
+//   const [user, setUser] = useState(false);
+
+//   useEffect(()=> {
+
+// 	const getUser = async ()=>{
+// 		try {
+// 			// const tmpUser = await api.get("/profile");
+
+// 			const tmpUser = await axios({
+// 				method: 'GET',
+// 				url: 'http://' + process.env.REACT_APP_BASE_URL + '/api/profile',
+// 				headers: {
+// 				  Authorization: `Bearer ${cleanData}`,
+// 				},
+// 				withCredentials: true,
+// 			  });
+// 			  setUser(tmpUser.data);
+
+// 			// setUser(tmpUser.data);
+// 			// if (tmpUser.data.otp_verified)
+// 			// {
+// 			// 	console.log("true");
+// 			// 	return (
+// 			// 		<>
+// 			// 		<h1>Double Auth</h1>
+// 			// 		<input
+// 			// 		  onKeyDown={handleKeyPress}
+// 			// 		  type="text"
+// 			// 		  className="qr"
+// 			// 		  placeholder="6 Digits Code"
+// 			// 		  value={code}
+// 			// 		  onChange={(e) => setCode(e.target.value)}
+// 			// 		/>
+// 			// 	  </>
+// 			// 	)
+// 			// }
+// 			// else 
+// 			// {
+// 			// 	console.log("false");
+// 			// 	localStorage.setItem('token', `${cleanData}`);
+// 			// 	console.log(`prout token2= ${localStorage.getItem('token')}`)
+// 			// 	window.location.replace("http://" + process.env.REACT_APP_BASE_URL + "/pong");
+// 			// }
+// 		} catch(err) {
+// 			console.log(err)
+// 		}
+// 	}
+// 	getUser();
+//   }, []);
+
+//   const handleKeyPress = async (e)=>{
+// 	// console.log(`e in press= ${e.key}`)
+// 	if (e.key !== "Enter")
+// 		return ;
+// 	try{
+// 		console.log("code= ", code)
+// 		const res = await api.post("/verifyOtp", {token: code})
+// 		console.log("res= ", res.data)
+// 		console.log("res= ", res)
+// 		if (res.data === 1)
+// 		{
+// 			console.log("registered")
+// 			// history.push('/login')
+
+// 			const path = 'http://' + process.env.REACT_APP_BASE_URL + '/'; 
+// 			window.history.pushState({}, null, path);
+// 			window.location.reload(false);
+
+// 		}
+// 		else
+// 		{
+// 			console.log("bad code")
+// 			//alert ?? retry
+// 		}
+// 		// redirect('/test')
+// 	} 
+// 	catch(err){
+// 		 console.log(err)
+// 	}
+//   }
+
+
+//   console.log("start while...")
+//   while(user === false)
+//   	;
+//   console.log("end while")
+//   if (!user.otp_verified)
+//   {
+// 	console.log("false");
+// 	localStorage.setItem('token', `${cleanData}`);
+// 	console.log(`prout token2= ${localStorage.getItem('token')}`)
+// 	window.location.replace("http://" + process.env.REACT_APP_BASE_URL + "/pong");
+// 	return ;
+//   }
+  
+//   return (
+// 	  <>
+// 		<h1>Double Auth</h1>
+// 		<input
+// 		  onKeyDown={handleKeyPress}
+// 		  type="text"
+// 		  className="qr"
+// 		  placeholder="6 Digits Code"
+// 		  value={code}
+// 		  onChange={(e) => setCode(e.target.value)}
+// 		/>
+// 	  </>
+//   )
+
+
+// }
+
+// export default SuccessToken;