diff --git a/DjangoFiles/AuthBillet/email.py b/DjangoFiles/AuthBillet/email.py
index faa369b..4c7ceea 100644
--- a/DjangoFiles/AuthBillet/email.py
+++ b/DjangoFiles/AuthBillet/email.py
@@ -5,7 +5,7 @@ from django.utils.translation import ugettext_lazy as _
 
 from djoser import utils
 from djoser.conf import settings
-
+from TiBillet.settings import DEBUG
 
 
 class ActivationEmail(BaseEmailMessage):
@@ -21,6 +21,10 @@ class ActivationEmail(BaseEmailMessage):
         user = context.get("user")
         context["site_name"] = self.request.tenant.name
         context["domain"] = self.request.tenant.domain_url
+
+        if DEBUG :
+            context["domain"] += ":8002"
+
         context["uid"] = utils.encode_uid(user.pk)
         context["token"] = default_token_generator.make_token(user)
         context["url"] = settings.ACTIVATION_URL.format(**context)
diff --git a/DjangoFiles/AuthBillet/views.py b/DjangoFiles/AuthBillet/views.py
index 9ec0e21..cf94a87 100644
--- a/DjangoFiles/AuthBillet/views.py
+++ b/DjangoFiles/AuthBillet/views.py
@@ -1,3 +1,5 @@
+from django.contrib.auth import get_user_model
+from django.contrib.auth.tokens import PasswordResetTokenGenerator
 from django.shortcuts import render
 
 # Create your views here.
@@ -9,6 +11,8 @@ from djoser.views import UserViewSet
 import requests
 from django.db import connection
 from TiBillet import settings
+from djoser import utils
+User = get_user_model()
 
 class activate(APIView):
     permission_classes = [AllowAny]
@@ -18,6 +22,15 @@ class activate(APIView):
         print(uid)
         print(token)
 
+        import ipdb; ipdb.set_trace()
+        user = User.objects.get(pk=utils.decode_uid(uid))
+
+        PR = PasswordResetTokenGenerator()
+        is_token_valid = PR.check_token( user, token )
+
+        if is_token_valid :
+            #TODO POUR DEMAIN JOJO : DEMANDER LE MOT DE PASSE ICI !
+
         domain = self.request.tenant.domain_url
         protocol = "https"
 
diff --git a/DjangoFiles/BaseBillet/views.py b/DjangoFiles/BaseBillet/views.py
index 4c38591..9719d48 100644
--- a/DjangoFiles/BaseBillet/views.py
+++ b/DjangoFiles/BaseBillet/views.py
@@ -131,8 +131,15 @@ class event(APIView):
 
                 request.user = user
 
-            if not request.user.is_active:
-                print(f"{request.user} not active")
+            if not request.user.is_active or not request.user.password :
+
+                print(f"{request.user} not active or no password")
+                # on retire les commande non validé pour éviter les doublons
+                # et on le remet non actif si pas de mot de passe :
+                asupr = Reservation.objects.filter(user_commande=request.user, status=Reservation.MAIL_NON_VALIDEE, event=event)
+                asupr.delete()
+                request.user.is_active = False
+                request.user.save()
 
                 email_activation = ActivationEmail(request)