diff --git a/controllers/Auth.js b/controllers/Auth.js
index 852d6415300a509ffaa323df1f8735c62160e47c..5998bca7d4af40fb81593e9ac79cad666172adea 100644
--- a/controllers/Auth.js
+++ b/controllers/Auth.js
@@ -78,6 +78,9 @@ export const login = async (req, res, next) => {
       // remember document but remove confidential info
       const user = hideConfidentialFields(User, foundUser);
 
+      console.log("🚀 ~ login ~ user:", user);
+
+
       // create jsonwebtoken
       performance.mark('createAccessToken:start');
       const accessToken = createAccessToken({ id: user._id, role: user.role });
@@ -135,7 +138,6 @@ export const renewAccessToken = async (req, res, next) => {
 export const logout = async (req, res, next) => {
   try {
     // delete 
-    console.log("🚀 ~ logout ~ req.cookies.refreshToken:", req.cookies.refreshToken);
     if (req.cookies.refreshToken) await deleteRefreshToken(req.cookies.refreshToken);
     // return msg
     return res.status(200).json({ message: 'See you soon.' });
diff --git a/routes/users.js b/routes/users.js
index 39ac37aef7770278ad5a0fbd8e238c654ec0b291..d9cb5e37ef336dff811451cde85a6e666c68a48e 100644
--- a/routes/users.js
+++ b/routes/users.js
@@ -51,8 +51,8 @@ router.patch('/:id', verifyAccessToken, validate(updateUserSchema), prefetchUser
  * DELETE ONE
  * @header  {authorization}  Bearer       [required] access token
  * 
- * @prop    {string}          id          [required] id of the user to fetch 
+ * @prop    {string}          id          [required] id of the user to delete
  */
-router.delete('/:id', verifyAccessToken, prefetchUser, deleteUser);
+router.delete('/:id', verifyAccessToken, deleteUser);
 
 export default router;
\ No newline at end of file
diff --git a/utils/handleSchemes.js b/utils/handleSchemes.js
index bcb360b755456a685cf86c84ddbbd136b5a37b88..5f95dc1a2ca76f6bdae237baf0294e3d4a59a511 100644
--- a/utils/handleSchemes.js
+++ b/utils/handleSchemes.js
@@ -25,17 +25,20 @@ export const getConfidentialFields = (model) => {
  *
  * @return  {object}          cleansed object
  */
-export const hideConfidentialFields = (model, object) => {
+export const hideConfidentialFields = (model, record) => {
   performance.mark('hideConfidentialFields:start');
+  // turn mongoose record into js object
+  const object = record.toObject();
+  // get confidential fields from model
   const confidentialFields = getConfidentialFields(model);
-  // delete from object
-  confidentialFields.forEach(field => {
-    delete object[field];
-  });
+  // delete confidential fields from object
+  confidentialFields.forEach(field => delete object[field]);
   performance.mark('hideConfidentialFields:end');
   return object;
 };
 
+
+
 /**
  * get array of all field names from a given model
  *