# Fix - Recover route With the new features we implemented in this module, the route to recover a user stopped working. This is because we are now checking who is trying to perform this operation in order to allow them or not. Well, if the account has been deleted, how can the user identify himself? Let's then fix this route. Now, in order to recover an account, an `email` and `password` shall be sent. We can then use the `LoginDto`. In the `UsersController`, let's alter the `recover()` route by: * Making it use **only** this DTO * Making it public * Altering its path * Relocating it above the `update()` route ```typescript @Public() @Patch('recover') recover(@Body() loginDto: LoginDto) { return this.usersService.recover(loginDto); } ``` {% hint style="info" %} The last change is necessary because, otherwise, this route would become inaccessible due to the new path. It would be understood that "recover" is the `id` to be used in order to update a `user`. {% endhint %} And this would be the final form of the `recover()` method in the service. Note that it became very similar to the `validateLocal()` method. ```typescript async recover(loginDto: LoginDto) { const { email, password } = loginDto; const user = await this.usersRepository.findOne({ where: { email }, relations: { orders: { items: true, payment: true, }, }, withDeleted: true, }); if (!user) { throw new UnauthorizedException('Invalid email'); } const isMatch = await this.hashingService.compare(password, user.password); if (!isMatch) { throw new UnauthorizedException('Invalid password'); } if (!user.isDeleted) { throw new ConflictException('User not deleted'); } return this.usersRepository.recover(user); } ``` **Commit** - Fixing recover route