} else if (user) {
          const json = <IUser>user.toJSON();
          delete json.password;
          // if user is found and password is right create a token
          const token = jwt.sign(json, secretKey, {