diff --git a/package-lock.json b/package-lock.json
index 655911a1..0849b353 100644
Binary files a/package-lock.json and b/package-lock.json differ
diff --git a/package.json b/package.json
index a32769ea..53a39a09 100644
--- a/package.json
+++ b/package.json
@@ -32,7 +32,7 @@
 	},
 	"homepage": "https://github.com/fosscord/fosscord-api#readme",
 	"dependencies": {
-		"@fosscord/server-util": "^1.3.29",
+		"@fosscord/server-util": "^1.3.31",
 		"@types/jest": "^26.0.22",
 		"@types/json-schema": "^7.0.7",
 		"ajv": "^8.4.0",
diff --git a/src/routes/auth/login.ts b/src/routes/auth/login.ts
index 1c288716..82cefae8 100644
--- a/src/routes/auth/login.ts
+++ b/src/routes/auth/login.ts
@@ -47,15 +47,13 @@ router.post(
 		const user = await UserModel.findOne(
 			{ $or: query },
 			{
-				projection: {
-					user_data: {
-						hash: true
-					},
-					id: true,
-					user_settings: {
-						locale: true,
-						theme: true
-					}
+				user_data: {
+					hash: true
+				},
+				id: true,
+				user_settings: {
+					locale: true,
+					theme: true
 				}
 			}
 		)
@@ -65,7 +63,7 @@ router.post(
 			});
 
 		// the salt is saved in the password refer to bcrypt docs
-		const same_password = await bcrypt.compare(password, user.user_data.hash);
+		const same_password = await bcrypt.compare(password, user.user_data.hash || "");
 		if (!same_password) {
 			throw FieldErrors({ password: { message: req.t("auth:login.INVALID_PASSWORD"), code: "INVALID_PASSWORD" } });
 		}