diff --git a/source/api/actions/davina_event_list.ts b/source/api/actions/davina_event_list.ts
index 736e738..447cca4 100644
--- a/source/api/actions/davina_event_list.ts
+++ b/source/api/actions/davina_event_list.ts
@@ -50,7 +50,7 @@ namespace _zeitbild.api
 				"restriction": restriction_web_auth,
 				"execution": async (stuff) => {
 					const user : {id : _zeitbild.type_user_id; object : _zeitbild.type_user_object;} = await _zeitbild.api.user_from_web_auth(stuff);
-
+					
 					/**
 					 * @todo
 					 */
diff --git a/source/api/base.ts b/source/api/base.ts
index 31fa1fa..af76958 100644
--- a/source/api/base.ts
+++ b/source/api/base.ts
@@ -45,7 +45,7 @@ namespace _zeitbild.api
 		);
 		if (authorization_string === null)
 		{
-			return Promise.reject();
+			return Promise.reject(new Error("authorization header missing"));
 		}
 		else
 		{
@@ -62,7 +62,7 @@ namespace _zeitbild.api
 							"strategy": strategy,
 						}
 					);
-					return Promise.reject();
+					return Promise.reject(new Error("unhandled authorization strategy: " + strategy));
 					break;
 				}
 				case "Basic":
@@ -87,36 +87,34 @@ namespace _zeitbild.api
 					else
 					{
 						const user_object : _zeitbild.type_user_object = await _zeitbild.service.user.get(user_id);
-						const password_shall : string = (
-							(user_object.dav_token !== null)
-							?
-							user_object.dav_token
-							:
-							/**
-							 * @todo deprecate?
-							 */
-							lib_plankton.sha256.get(
-								username,
-								_zeitbild.conf.get()["misc"]["auth_salt"]
-							)
-						);
-						if (! (password_is === password_shall))
+						if (user_object.dav_token !== null)
 						{
-							/**
-							 * @todo remove
-							 */
 							lib_plankton.log.notice(
-								"zeitbild.web_auth.wrong_pasword",
+								"zeitbild.user_from_web_auth.dav_token_unset",
 								{
-									"shall": password_shall,
-									"is": password_is,
+									"user_id": user_id,
 								}
 							);
-							return Promise.reject();
+							return Promise.reject(new Error("DAV token unset"));
 						}
 						else
 						{
-							return Promise.resolve({"id": user_id, "object": user_object});
+							const password_shall : string = user_object.dav_token;
+							if (! (password_is === password_shall))
+							{
+								lib_plankton.log.notice(
+									"zeitbild.user_from_web_auth.wrong_password",
+									{
+										"user_id": user_id,
+										"password_is": password_is,
+									}
+								);
+								return Promise.reject(new Error("wrong password"));
+							}
+							else
+							{
+								return Promise.resolve({"id": user_id, "object": user_object});
+							}
 						}
 					}
 					break;