diff --git a/Backend/src/controllers/userControllers.js b/Backend/src/controllers/userControllers.js
index 6130999..cecd9e8 100755
--- a/Backend/src/controllers/userControllers.js
+++ b/Backend/src/controllers/userControllers.js
@@ -7,6 +7,7 @@ const nodemailer = require("nodemailer");
 const tables = require("../tables");
 
 const secretKey = process.env.APP_SECRET;
+const resetTokenSecret = process.env.RESET_TOKEN_SECRET;
 const saltRounds = 10;
 
 const passwordSchema = Joi.string()
@@ -171,7 +172,7 @@ const login = async (req, res) => {
       return res.status(401).json({ message: "Mot de passe incorrect" });
     }
 
-    const token = jwt.sign({ user: user.id }, secretKey);
+    const token = jwt.sign({ user: user.id }, secretKey, { expiresIn: "7d" });
 
     return res.status(200).json({
       message: "Connexion réussie",
@@ -309,7 +310,7 @@ const edit = async (req, res) => {
 
 const add = async (req, res, next) => {
   try {
-    const { nickname, mail, password, confirmPassword } =
+    const { firstname, lastname, nickname, mail, password, confirmPassword } =
       req.body;
 
     const existingUserByMail = await tables.users.getByMail(mail);
@@ -353,7 +354,7 @@ const add = async (req, res, next) => {
 
     const insertId = await tables.users.create(user);
 
-    const token = jwt.sign({ user: user.id }, secretKey);
+    const token = jwt.sign({ user: user.id }, secretKey, { expiresIn: "7d" });
 
     res.status(201).json({ insertId, token });
     return insertId;
diff --git a/Backend/src/router.js b/Backend/src/router.js
index 12e886d..6ed2040 100755
--- a/Backend/src/router.js
+++ b/Backend/src/router.js
@@ -11,13 +11,21 @@ const userControllers = require("./controllers/userControllers");
 const verifyToken = require("./middlewares/verifyToken");
 
 
+// Vérifie que le token appartient au même utilisateur que :id
+const verifySelf = (req, res, next) => {
+  if (String(req.user) !== String(req.params.id)) {
+    return res.status(403).json({ message: "Forbidden." });
+  }
+  return next();
+};
+
 // User management
 router.get("/users", verifyToken, userControllers.browse);
-router.get("/users/:id", userControllers.read);
-router.get("/users/:id/field", userControllers.read);
-router.put("/users/:id", userControllers.edit);
+router.get("/users/:id", verifyToken, verifySelf, userControllers.read);
+router.get("/users/:id/field", verifyToken, verifySelf, userControllers.read);
+router.put("/users/:id", verifyToken, verifySelf, userControllers.edit);
 router.post("/users", userControllers.add);
-router.delete("/users/:id", userControllers.destroy);
+router.delete("/users/:id", verifyToken, verifySelf, userControllers.destroy);
 router.post("/login", userControllers.login);