diff --git a/package.json b/package.json
index d0ebe5e9c..964bb0151 100644
--- a/package.json
+++ b/package.json
@@ -24,7 +24,7 @@
   },
   "dependencies": {
     "ajv": "^5.2.3",
-    "bluebird": "^3.4.7",
+    "bluebird": "3.5.0",
     "body-parser": "^1.15.2",
     "connect-redis": "^3.3.0",
     "dovehash": "0.0.5",
diff --git a/server/src/lib/routes/firstfactor/post.ts b/server/src/lib/routes/firstfactor/post.ts
index 086700bbf..e32ffc58e 100644
--- a/server/src/lib/routes/firstfactor/post.ts
+++ b/server/src/lib/routes/firstfactor/post.ts
@@ -1,5 +1,5 @@
 
-import exceptions = require("../../Exceptions");
+import Exceptions = require("../../Exceptions");
 import objectPath = require("object-path");
 import BluebirdPromise = require("bluebird");
 import express = require("express");
@@ -21,19 +21,20 @@ export default function (req: express.Request, res: express.Response): BluebirdP
   const logger = ServerVariablesHandler.getLogger(req.app);
   const ldap = ServerVariablesHandler.getLdapAuthenticator(req.app);
   const config = ServerVariablesHandler.getConfiguration(req.app);
-
-  if (!username || !password) {
-    return BluebirdPromise.reject(new Error("No username or password."));
-  }
-
   const regulator = ServerVariablesHandler.getAuthenticationRegulator(req.app);
   const accessController = ServerVariablesHandler.getAccessController(req.app);
   const authenticationMethodsCalculator =
     ServerVariablesHandler.getAuthenticationMethodCalculator(req.app);
   let authSession: AuthenticationSession.AuthenticationSession;
 
-  logger.info(req, "Starting authentication of user \"%s\"", username);
-  return AuthenticationSession.get(req)
+  return BluebirdPromise.resolve()
+    .then(function () {
+      if (!username || !password) {
+        return BluebirdPromise.reject(new Error("No username or password."));
+      }
+      logger.info(req, "Starting authentication of user \"%s\"", username);
+      return AuthenticationSession.get(req);
+    })
     .then(function (_authSession: AuthenticationSession.AuthenticationSession) {
       authSession = _authSession;
       return regulator.regulate(username);
@@ -92,7 +93,7 @@ export default function (req: express.Request, res: express.Response): BluebirdP
       }
       return BluebirdPromise.resolve();
     })
-    .catch(exceptions.LdapBindError, function (err: Error) {
+    .catch(Exceptions.LdapBindError, function (err: Error) {
       regulator.mark(username, false);
       return ErrorReplies.replyWithError200(req, res, logger, UserMessages.OPERATION_FAILED)(err);
     })
diff --git a/server/test/routes/firstfactor/post.test.ts b/server/test/routes/firstfactor/post.test.ts
index 89c1d72e8..98de498bb 100644
--- a/server/test/routes/firstfactor/post.test.ts
+++ b/server/test/routes/firstfactor/post.test.ts
@@ -120,6 +120,7 @@ describe("test the first factor validation route", function () {
   it("should return error message when LDAP authenticator throws", function () {
     (serverVariables.ldapAuthenticator as any).authenticate.withArgs("username", "password")
       .returns(BluebirdPromise.reject(new exceptions.LdapBindError("Bad credentials")));
+
     return FirstFactorPost.default(req as any, res as any)
       .then(function () {
         Assert.equal(res.status.getCall(0).args[0], 200);
diff --git a/server/test/routes/secondfactor/totp/sign/post.test.ts b/server/test/routes/secondfactor/totp/sign/post.test.ts
index 21b9de366..22bfa5134 100644
--- a/server/test/routes/secondfactor/totp/sign/post.test.ts
+++ b/server/test/routes/secondfactor/totp/sign/post.test.ts
@@ -23,7 +23,7 @@ describe("test totp route", function () {
     const app_get = sinon.stub();
     req = {
       app: {
-        get: sinon.stub().returns({ logger:  winston })
+        get: sinon.stub().returns({ logger: winston })
       },
       body: {
         token: "abc"
@@ -66,13 +66,15 @@ describe("test totp route", function () {
       });
   });
 
-  it("should send status code 401 when totp is not valid", function () {
+  it("should send error message when totp is not valid", function () {
     totpValidator.validate.returns(BluebirdPromise.reject(new exceptions.InvalidTOTPError("Bad TOTP token")));
-    SignPost.default(req as any, res as any)
-      .then(function () { return BluebirdPromise.reject(new Error("It should fail")); })
-      .catch(function () {
+    return SignPost.default(req as any, res as any)
+      .then(function () {
         assert.equal(false, authSession.second_factor);
-        assert.equal(401, res.status.getCall(0).args[0]);
+        assert.equal(res.status.getCall(0).args[0], 200);
+        assert.deepEqual(res.send.getCall(0).args[0], {
+          error: "Operation failed."
+        });
         return BluebirdPromise.resolve();
       });
   });