diff --git a/tokens/middleware_http_test.go b/tokens/middleware_http_test.go
new file mode 100644
index 0000000..4ec0f17
--- /dev/null
+++ b/tokens/middleware_http_test.go
@@ -0,0 +1,78 @@
+package tokens_test
+
+import (
+	"gitea.deepak.science/deepak/gogmagog/models"
+	"gitea.deepak.science/deepak/gogmagog/tokens"
+	"github.com/stretchr/testify/assert"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+var middlewareURL string = "/"
+
+func mwRequestAuth(header string) *http.Request {
+	req, _ := http.NewRequest("GET", middlewareURL, nil)
+	req.Header.Add(authKey, header)
+
+	return req
+}
+
+func verifyingHandler(t *testing.T, username string, userID int) http.Handler {
+	assert := assert.New(t)
+	toker := tokens.New("secret")
+	dummyHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		ctx := r.Context()
+		receivedID, _ := tokens.GetUserID(ctx)
+		receivedUsername, _ := tokens.GetUsername(ctx)
+		assert.EqualValues(userID, receivedID)
+		assert.Equal(username, receivedUsername)
+	})
+	return toker.Authenticator(dummyHandler)
+}
+
+func TestMiddlewareNoToken(t *testing.T) {
+	assert := assert.New(t)
+
+	req := httptest.NewRequest(http.MethodGet, middlewareURL, nil)
+	rr := httptest.NewRecorder()
+
+	middlewareHandler := verifyingHandler(t, "", 0)
+	middlewareHandler.ServeHTTP(rr, req)
+
+	status := rr.Code
+	assert.Equal(http.StatusUnauthorized, status)
+}
+
+func TestMiddlewareBadToken(t *testing.T) {
+	assert := assert.New(t)
+
+	req := mwRequestAuth("Bearer bad")
+	rr := httptest.NewRecorder()
+
+	middlewareHandler := verifyingHandler(t, "", 0)
+	middlewareHandler.ServeHTTP(rr, req)
+
+	status := rr.Code
+	assert.Equal(http.StatusUnauthorized, status)
+}
+
+func TestMiddlewareGoodToken(t *testing.T) {
+	assert := assert.New(t)
+
+	idToUse := 3
+	username := "username"
+	displayName := "display name"
+	user := &models.UserNoPassword{UserID: int64(idToUse), Username: username, DisplayName: displayName}
+
+	toker := tokens.New("secret")
+	validToken := toker.EncodeUser(user)
+	req := mwRequestAuth("Bearer " + validToken)
+	rr := httptest.NewRecorder()
+
+	middlewareHandler := verifyingHandler(t, username, idToUse)
+	middlewareHandler.ServeHTTP(rr, req)
+
+	status := rr.Code
+	assert.Equal(http.StatusOK, status)
+}