diff --git a/routes/plans.go b/routes/plans.go
index 8d9c373..c1a26ae 100644
--- a/routes/plans.go
+++ b/routes/plans.go
@@ -6,7 +6,6 @@ import (
 	"gitea.deepak.science/deepak/gogmagog/tokens"
 	"github.com/go-chi/chi"
 	"io"
-	"log"
 	"net/http"
 	"strconv"
 )
@@ -24,7 +23,6 @@ func getAllPlansFunc(m *models.Model) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		userID, err := tokens.GetUserID(r.Context())
 		if err != nil {
-			log.Print(err)
 			unauthorizedHandler(w, r)
 			return
 		}
@@ -45,7 +43,6 @@ func getPlanByIDFunc(m *models.Model) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		userID, err := tokens.GetUserID(r.Context())
 		if err != nil {
-			log.Print(err)
 			unauthorizedHandler(w, r)
 			return
 		}
@@ -82,7 +79,6 @@ func postPlanFunc(m *models.Model) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		userID, err := tokens.GetUserID(r.Context())
 		if err != nil {
-			log.Print(err)
 			unauthorizedHandler(w, r)
 			return
 		}
diff --git a/routes/plans_unauthorized_test.go b/routes/plans_unauthorized_test.go
new file mode 100644
index 0000000..763daa1
--- /dev/null
+++ b/routes/plans_unauthorized_test.go
@@ -0,0 +1,95 @@
+package routes_test
+
+import (
+	"bytes"
+	"context"
+	"gitea.deepak.science/deepak/gogmagog/models"
+	"gitea.deepak.science/deepak/gogmagog/routes"
+	"github.com/stretchr/testify/assert"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+	"time"
+)
+
+func TestEmptyPlanEmptyContext(t *testing.T) {
+	// set up
+	assert := assert.New(t)
+	m := getEmptyModel()
+	router := routes.NewPlanRouter(m)
+	req, _ := http.NewRequestWithContext(context.Background(), "GET", "/", nil)
+
+	rr := httptest.NewRecorder()
+
+	// function under test
+	router.ServeHTTP(rr, req)
+
+	// check results
+	status := rr.Code
+	assert.Equal(http.StatusUnauthorized, status)
+
+}
+
+func TestOnePlanEmptyContext(t *testing.T) {
+	// set up
+	assert := assert.New(t)
+	planDate, _ := time.Parse("2006-01-02", "2021-01-01")
+	p := &models.Plan{PlanID: 6, PlanDate: &planDate, UserID: 3}
+	m := getEmptyModel()
+	m.AddPlan(p, 3)
+	router := routes.NewPlanRouter(m)
+	req, _ := http.NewRequestWithContext(context.Background(), "GET", "/", nil)
+
+	rr := httptest.NewRecorder()
+
+	// function under test
+	router.ServeHTTP(rr, req)
+
+	// check results
+	status := rr.Code
+	assert.Equal(http.StatusUnauthorized, status)
+
+}
+
+func TestOnePlanByIDEmptyContext(t *testing.T) {
+	// set up
+	assert := assert.New(t)
+	planDate, _ := time.Parse("2006-01-02", "2021-01-01")
+	p := &models.Plan{PlanID: 6, PlanDate: &planDate, UserID: 3}
+	m := getEmptyModel()
+	m.AddPlan(p, 3)
+	router := routes.NewPlanRouter(m)
+	req, _ := http.NewRequestWithContext(context.Background(), "GET", "/1", nil)
+
+	rr := httptest.NewRecorder()
+
+	// function under test
+	router.ServeHTTP(rr, req)
+
+	// check results
+	status := rr.Code
+	assert.Equal(http.StatusUnauthorized, status)
+
+}
+
+func TestPureJSONEmptyContext(t *testing.T) {
+	// set up
+	assert := assert.New(t)
+	m := getEmptyModel()
+	router := routes.NewPlanRouter(m)
+	data := []byte(`{
+			"plan_date": "2021-01-01T00:00:00Z",
+			"plan_id": 1,
+			"user_id": 3
+		}`)
+	req, _ := http.NewRequestWithContext(context.Background(), "POST", "/", bytes.NewBuffer(data))
+	req.Header.Set("Content-Type", "application/json")
+
+	rr := httptest.NewRecorder()
+	// function under test
+	router.ServeHTTP(rr, req)
+
+	// check results
+	status := rr.Code
+	assert.Equal(http.StatusUnauthorized, status)
+}