diff --git a/flaschengeist/decorator.py b/flaschengeist/decorator.py
index 9e2bbfd..822000e 100644
--- a/flaschengeist/decorator.py
+++ b/flaschengeist/decorator.py
@@ -1,11 +1,25 @@
 from functools import wraps
-from flask import request
 from werkzeug.exceptions import Unauthorized
 
 from flaschengeist import logger
 from flaschengeist.controller import sessionController
 
 
+def extract_session(permission=None):
+    from flask import request
+    try:
+        token = list(filter(None, request.headers.get("Authorization").split(" ")))[-1]
+    except AttributeError:
+        logger.debug("Missing Authorization header or ill-formed")
+        raise Unauthorized
+
+    session = sessionController.validate_token(token, request.user_agent, permission)
+    if not session:
+        logger.debug("token {{ {} }} is invalid".format(token))
+        raise Unauthorized
+    return session
+
+
 def login_required(permission=None):
     """Decorator use to make a route only accessible by logged in users.
         Sets ``current_session`` into kwargs of wrapped function with session identified by Authorization header.
@@ -16,23 +30,13 @@ def login_required(permission=None):
     Returns:
         Wrapped function with login (and permission) guard
     """
-
     def wrap(func):
         @wraps(func)
         def wrapped_f(*args, **kwargs):
-            try:
-                token = list(filter(None, request.headers.get("Authorization").split(" ")))[-1]
-            except AttributeError:
-                raise Unauthorized
-
-            session = sessionController.validate_token(token, request.user_agent, permission)
-            if session:
-                kwargs["current_session"] = session
-                logger.debug("token {{ {} }} is valid".format(token))
-                return func(*args, **kwargs)
-            else:
-                logger.info("token {{ {} }} is not valid".format(token))
-                raise Unauthorized
+            session = extract_session(permission)
+            kwargs["current_session"] = session
+            logger.debug("token {{ {} }} is valid".format(session.token))
+            return func(*args, **kwargs)
 
         return wrapped_f
 
diff --git a/flaschengeist/models/session.py b/flaschengeist/models/session.py
index 0d49c8b..05da44c 100644
--- a/flaschengeist/models/session.py
+++ b/flaschengeist/models/session.py
@@ -32,8 +32,11 @@ class Session(db.Model, ModelSerializeMixin):
 
         Update the Timestamp to the current Time.
         """
-        logger.debug("update timestamp from session with token {{ {} }}".format(self))
+        logger.debug("update timestamp from session with token {{ {} }}".format(self.token))
         self.expires = datetime.now(timezone.utc) + timedelta(seconds=self.lifetime)
 
     def __eq__(self, token):
-        return compare_digest(self.token, token)
+        if isinstance(token, str):
+            return compare_digest(self.token, token)
+        else:
+            return super(Session, self).__eq__(token)
diff --git a/flaschengeist/models/user.py b/flaschengeist/models/user.py
index dc68ddb..4166cc7 100644
--- a/flaschengeist/models/user.py
+++ b/flaschengeist/models/user.py
@@ -48,7 +48,7 @@ class User(db.Model, ModelSerializeMixin):
     """
 
     __tablename__ = "user"
-    userid: str = db.Column(db.String(30))
+    userid: str = db.Column(db.String(30), nullable=False)
     display_name: str = db.Column(db.String(30))
     firstname: str = db.Column(db.String(30))
     lastname: str = db.Column(db.String(30))