diff --git a/api.py b/api.py
index 0b08dd3..271e2b8 100644
--- a/api.py
+++ b/api.py
@@ -1,8 +1,6 @@
 # Imports
 from contextlib import asynccontextmanager
-
 from fastapi import FastAPI, HTTPException
-
 from functions import *
 
 
@@ -25,6 +23,7 @@ def create_hero(hero: HeroCreate, session: SessionDep):
     session.refresh(db_hero)
     return db_hero
 
+
 @app.get("/heroes/{id}", response_model=Hero)
 def get_hero(id: int, session: SessionDep):
     hero = session.get(Hero, id)
@@ -59,10 +58,12 @@ def delete_hero(id: int, session: SessionDep):
 @app.post("/verify")
 def verify_user(email: str, password: str, session: SessionDep):
     user = get_hero_by_email(email, session)
+    if not user:
+        return {"message": "Authentication failed", "continue": False}
     # check if the password is correct
     authenticate_user = verify_password(password, user.hash, user.salt)
 
     if authenticate_user:
         return {"message": "Authentication successful", "continue": True}
 
-    return {"message": "Authentication failed", "continue": False}
\ No newline at end of file
+    return {"message": "Authentication failed", "continue": False}