diff --git a/src/server/middleware/authenticate.js b/src/server/middleware/authenticate.js
index cf0e0a4..b3411c0 100755
--- a/src/server/middleware/authenticate.js
+++ b/src/server/middleware/authenticate.js
@@ -16,6 +16,17 @@ const authenticate = (req, res, next) => {
 
   // console.log('authenticate... ');
 
+  let noaut = false;
+
+  if (req.body.hasOwnProperty('noaut')) {
+    noaut = req.body.noaut;
+  }
+
+  if (noaut) {
+    next();
+    return;
+  }
+
   const access = 'auth';
 
   User.findByToken(token, access).then((user) => {
diff --git a/src/server/models/sendnotif.js b/src/server/models/sendnotif.js
index 83216f2..86fc57a 100755
--- a/src/server/models/sendnotif.js
+++ b/src/server/models/sendnotif.js
@@ -101,6 +101,9 @@ const sendNotifSchema = new Schema({
 sendNotifSchema.statics.setNotifAsRead = function (idapp, username, idnotif) {
   const SendNotif = this;
 
+  if (!username)
+    return null;
+
   try {
 
     if (idnotif) {
diff --git a/src/server/models/user.js b/src/server/models/user.js
index 9636915..6bc00a6 100755
--- a/src/server/models/user.js
+++ b/src/server/models/user.js
@@ -2695,6 +2695,15 @@ UserSchema.statics.getAskedFriendsByUsername = async function (idapp, username)
 
 UserSchema.statics.getFriendsByUsername = async function (idapp, username) {
 
+  if (!username) {
+    return {
+      listFriends: [],
+      listRequestFriends: [],
+      listTrusted: [],
+      listSentRequestFriends: [],
+    }
+  }
+
   try {
     const whatToShow = getWhatToShow(idapp, username);
     const whatToShow_Unknown = getWhatToShow_Unknown(idapp, username);
diff --git a/src/server/router/index_router.js b/src/server/router/index_router.js
index 1ee6e2d..c2be703 100755
--- a/src/server/router/index_router.js
+++ b/src/server/router/index_router.js
@@ -558,7 +558,7 @@ router.post('/setsubrec', authenticate, (req, res) => {
 
 router.post('/gettable', authenticate, (req, res) => {
   const params = req.body;
-  let idapp = req.user.idapp;
+  let idapp = req.user ? req.user.idapp : params.idapp;
   const mytable = globalTables.getTableByTableName(params.table);
   // console.log('mytable', mytable);
   if (!mytable) {
diff --git a/src/server/router/users_router.js b/src/server/router/users_router.js
index 318f804..6534e9a 100755
--- a/src/server/router/users_router.js
+++ b/src/server/router/users_router.js
@@ -395,8 +395,9 @@ router.patch('/:id', authenticate, (req, res) => {
   });
 });
 
-router.post('/profile', authenticate, (req, res) => {
-  const usernameOrig = req.user.username;
+router.post('/profile', (req, res) => {
+  const usernameOrig = req.user ? req.user.username : '';
+  const perm = req.user ? req.user.perm : tools.Perm.PERM_NONE;
   const username = req.body['username'];
   const idapp = req.body.idapp;
   const locale = req.body.locale;
@@ -409,11 +410,11 @@ router.post('/profile', authenticate, (req, res) => {
     const idnotif = req.body['idnotif'] ? req.body['idnotif'] : '';
     SendNotif.setNotifAsRead(idapp, usernameOrig, idnotif);
 
-    return User.getUserProfileByUsername(idapp, username, req.user.username,
-      false, req.user.perm).
+    return User.getUserProfileByUsername(idapp, username, usernameOrig,
+      false, perm).
       then((ris) => {
 
-        return User.getFriendsByUsername(idapp, req.user.username).
+        return User.getFriendsByUsername(idapp, usernameOrig).
           then((friends) => {
             res.send({ user: ris, friends });
           });