diff --git a/ensysmod/api/endpoints/authentication.py b/ensysmod/api/endpoints/authentication.py
index f3af4a0..822549e 100644
--- a/ensysmod/api/endpoints/authentication.py
+++ b/ensysmod/api/endpoints/authentication.py
@@ -48,7 +48,7 @@ def register(
     return user
 
 
-@router.post("/test-token", response_model=schemas.User)
+@router.get("/test-token", response_model=schemas.User)
 def test_token(
         current_user: model.User = Depends(deps.get_current_user)
 ) -> schemas.User:
diff --git a/ensysmod/model/energy_source.py b/ensysmod/model/energy_source.py
index 639f4f8..32de7db 100644
--- a/ensysmod/model/energy_source.py
+++ b/ensysmod/model/energy_source.py
@@ -7,3 +7,4 @@ class EnergySource(Base):
     id = Column(Integer, primary_key=True, index=True)
     name = Column(String, unique=True, index=True, nullable=False)
     description = Column(String, nullable=True)
+    # Wirkungsgrad in %
diff --git a/tests/api/test_authentication.py b/tests/api/test_authentication.py
index d264dad..117b512 100644
--- a/tests/api/test_authentication.py
+++ b/tests/api/test_authentication.py
@@ -31,3 +31,54 @@ def test_register_twice_endpoint(client: TestClient):
 
     r2 = client.post("/auth/register", json=payload)
     assert r2.status_code == status.HTTP_400_BAD_REQUEST
+
+
+def test_login_endpoint(client: TestClient, db: Session):
+    payload = get_register_payload()
+    r = client.post("/auth/register", json=payload)
+    assert r.status_code == status.HTTP_200_OK
+
+    r2 = client.post("/auth/login", data=payload, headers={"content-type": "application/x-www-form-urlencoded"})
+    assert r2.status_code == status.HTTP_200_OK
+    assert r2.json()['access_token']
+    assert r2.json()['token_type'] == 'bearer'
+
+
+def test_login_unknown_user_endpoint(client: TestClient, db: Session):
+    payload = get_register_payload()
+    r = client.post("/auth/login", data=payload, headers={"content-type": "application/x-www-form-urlencoded"})
+    assert r.status_code == status.HTTP_401_UNAUTHORIZED
+
+
+def test_test_token_endpoint(client: TestClient):
+    payload = get_register_payload()
+    r = client.post("/auth/register", json=payload)
+    assert r.status_code == status.HTTP_200_OK
+
+    r2 = client.post("/auth/login", data=payload, headers={"content-type": "application/x-www-form-urlencoded"})
+    assert r2.status_code == status.HTTP_200_OK
+
+    r3 = client.get("/auth/test-token", headers={"Authorization": f"Bearer {r2.json()['access_token']}"})
+    user = r3.json()
+    assert r3.status_code == status.HTTP_200_OK
+    assert user['username'] == payload['username']
+
+
+def test_test_token_unknown_access_token_endpoint(client: TestClient):
+    r = client.get("/auth/test-token", headers={"Authorization": "Bearer unknown"})
+    assert r.status_code == status.HTTP_403_FORBIDDEN
+
+
+def test_test_token_user_deleted(client: TestClient, db: Session):
+    payload = get_register_payload()
+    r = client.post("/auth/register", json=payload)
+    assert r.status_code == status.HTTP_200_OK
+
+    r2 = client.post("/auth/login", data=payload, headers={"content-type": "application/x-www-form-urlencoded"})
+    assert r2.status_code == status.HTTP_200_OK
+
+    user_id = crud.user.get_by_username(db=db, username=payload['username']).id
+    crud.user.remove(db=db, id=user_id)
+
+    r3 = client.get("/auth/test-token", headers={"Authorization": f"Bearer {r2.json()['access_token']}"})
+    assert r3.status_code == status.HTTP_401_UNAUTHORIZED