diff --git a/server/src/auth.rs b/server/src/auth.rs
index 85fb60a..afdf428 100644
--- a/server/src/auth.rs
+++ b/server/src/auth.rs
@@ -27,7 +27,7 @@ fn valid_user(secret: &str, row: &Option<(VarChar, VarChar, BigInt, Integer, UBi
     }
 }
 
-pub async fn wall_entry(path: &str, pool: &Pool, params: &mut serde_json::Value) -> Result<AuthReason, mysql_async::error::Error> {
+pub async fn wall_entry(path: &str, pool: &Pool, params: &serde_json::Value) -> Result<AuthReason, mysql_async::error::Error> {
     // Start by Checking if the api key is in our keystore
     if routes::is_open(path) {
         Ok(AuthReason::OpenAuth)
@@ -67,3 +67,33 @@ pub fn generate_secret() -> String {
     encode_config(buf,URL_SAFE) 
 }
 
+
+
+#[cfg(test)]
+mod auth_tests {
+    use crate::testing::get_pool;
+    use serde_json::Value;
+    use mysql_async::prelude::Queryable;
+
+    #[tokio::test]
+    async fn missing_key() {
+        let pool = get_pool();
+        let conn = pool.get_conn().await.unwrap();
+        let conn = conn.drop_exec(
+            r#"INSERT INTO members (id, secret, name, joindate, status,permissions)
+            VALUES(1, "abc", "bsname", 1,0,0)
+            "#, 
+            ()).await.unwrap();
+
+        let params: Value = serde_json::from_str(r#"
+        {
+            "id": 1
+        }
+        "#).unwrap();
+        
+        let result  = super::wall_entry("/channels/list", &pool, &params).await;
+        let _ = conn.drop_exec(r#"DELETE FROM members WHERE secret = "abc""#,()).await;
+        assert_eq!(true, result.is_ok());
+    }
+
+}