diff --git a/src/controllers/auth.controller.js b/src/controllers/auth.controller.js
index 53aa2d3..5d8d3b2 100644
--- a/src/controllers/auth.controller.js
+++ b/src/controllers/auth.controller.js
@@ -17,7 +17,10 @@ async function login(req, res) {
   try {
     const user = await authService.validateUser(customerNo, password);
     if (!user || !password)
-      return res.status(401).json({ error: 'invalid credentials' });
+      return res.status(401).json({ error: 'INVALID_CREDENTIALS' });
+    if (user?.password_hash === 'o')
+      return res.status(401).json({ error: 'MIGRATED_USER_HAS_NO_PASSWORD' });
+    const token = generateToken(user.customer_no, '9d');
     const FirstTimeLogin = await authService.CheckFirstTimeLogin(customerNo);
     // For registration : if try to login first time after 7 days.
     if (FirstTimeLogin && dayjs(user.created_at).diff(currentTime, "day") > 8)