diff --git a/models/models_test.go b/models/models_test.go
index c9bc9f5..c2ff6b4 100644
--- a/models/models_test.go
+++ b/models/models_test.go
@@ -44,7 +44,7 @@ func (ms *multiStore) SelectActionsByPlanID(plan *models.Plan) ([]*models.Action
 }
 
 func (ms *multiStore) SelectUserByID(id int) (*models.User, error) {
-	return nil, nil
+	return &models.User{UserID: int64(id), Username: "test", DisplayName: "Ted Est", Password: []byte("oh no")}, nil
 }
 
 func (ms *multiStore) ConnectionLive() error {
diff --git a/models/user.go b/models/user.go
index f3e1de3..03fa471 100644
--- a/models/user.go
+++ b/models/user.go
@@ -3,19 +3,31 @@ package models
 // User represents the full DB user field, for inserts and compares.
 // No reason to return the hashed pw on the route though.
 type User struct {
+	UserID      int64
+	Username    string
+	DisplayName string
+	Password    []byte
+}
+
+type UserNoPassword struct {
 	UserID      int64  `json:"user_id"`
 	Username    string `json:"username"`
 	DisplayName string `json:"display_name"`
-	Password    []byte `json:"password"`
 }
 
 // User returns a single plan from the store by plan_id.
-func (m *Model) User(id int) (*User, error) {
+func (m *Model) User(id int) (*UserNoPassword, error) {
 	user, err := m.SelectUserByID(id)
-	return user, wrapNotFound(err)
+	if user == nil {
+		return nil, wrapNotFound(err)
+	}
+	return user.NoPassword(), wrapNotFound(err)
 }
 
-// AddUser inserts a user into the store.
-// func (m *Model) AddUser(u *User) (int, error) {
-// 	return m.InsertUser(u)
-// }
+func (u *User) NoPassword() *UserNoPassword {
+	return &UserNoPassword{
+		UserID:      u.UserID,
+		Username:    u.Username,
+		DisplayName: u.DisplayName,
+	}
+}
diff --git a/models/user_test.go b/models/user_test.go
index b76f0ae..bab25c6 100644
--- a/models/user_test.go
+++ b/models/user_test.go
@@ -3,6 +3,7 @@ package models_test
 import (
 	"gitea.deepak.science/deepak/gogmagog/models"
 	"github.com/stretchr/testify/assert"
+	"fmt"
 	"testing"
 )
 
@@ -18,5 +19,28 @@ func TestModelUsers(t *testing.T) {
 
 	user, err := m.User(3)
 	assert.Nil(err)
-	assert.Nil(user)
+	assert.NotNil(user)
+}
+
+func TestErrorUsers(t *testing.T) {
+	assert := assert.New(t)
+	m := getErrorModel(fmt.Errorf("err"))
+
+	user, err := m.User(3)
+	assert.Nil(user)
+	assert.NotNil(err)
+}
+
+func TestUserNoPassword(t *testing.T) {
+	assert := assert.New(t)
+	id := int64(3)
+	username := "test"
+	displayName := "Ted Est"
+	pass := []byte("abc")
+	u := &models.User{UserID: id, Username: username, DisplayName: displayName, Password: pass}
+
+	unp := u.NoPassword()
+	assert.EqualValues(id, unp.UserID)
+	assert.Equal(username, unp.Username)
+	assert.Equal(displayName, unp.DisplayName)
 }