diff --git a/source/models/user_model.js b/source/models/user_model.js
index d99740f..3d9c57b 100644
--- a/source/models/user_model.js
+++ b/source/models/user_model.js
@@ -141,6 +141,7 @@ module.exports = (sequelize, DataTypes) => {
             // Fetch the user
             user
               .findOne({
+                attributes: { exclude: ['resetToken'] },
                 where: {
                   id: decoded.data.id
                 }
@@ -161,6 +162,9 @@ module.exports = (sequelize, DataTypes) => {
                   reject(new Error('Invalid auth token.'));
                 }
 
+                // Remove password
+                user.password = undefined;
+
                 return resolve(user);
               })
               .catch(() => reject(new Error('Error fetching user from the database.')));