diff --git a/api/controllers/sessions.js b/api/controllers/sessions.js
index 7566bec..dbcfa8a 100644
--- a/api/controllers/sessions.js
+++ b/api/controllers/sessions.js
@@ -1,12 +1,16 @@
 'use strict';
 
 const util = require('util');
+var dbservice = require('../service/dbService');
 
 module.exports = {
   login: (req, res) => {
-    res.header('Set-Cookie', 'UID=0; PATH=/;');
-    res.json(200, {
-      hello: 'world'
+    dbservice.User.login(req.username,req.password).then(function(data){
+        res.setHeader('Set-Cookie', ' PATH=/;',' UID = ' + data.uid);
+        res.json(200, {
+            UID: data.uid,
     });
+    })
+
   }
 };
\ No newline at end of file
diff --git a/api/controllers/users.js b/api/controllers/users.js
index 41c5d91..b7e0eae 100644
--- a/api/controllers/users.js
+++ b/api/controllers/users.js
@@ -2,11 +2,14 @@
 
 const util = require('util');
 const apiwrap = require('./apibase').apiwrap;
+var dbservice = require('../service/dbService');
 
 module.exports = {
   getAllUsers: apiwrap((req, res) => {
-    res.json(200, {
-      hello: 'world'
+    dbservice.User.getAllUsers().then(function(data){
+        res.json(200, {
+            users: data,
     });
+    })
   })
 };
\ No newline at end of file
diff --git a/test/api/controllers/apiUsersTest.js b/test/api/controllers/apiUsersTest.js
new file mode 100644
index 0000000..c5b8601
--- /dev/null
+++ b/test/api/controllers/apiUsersTest.js
@@ -0,0 +1,47 @@
+var should = require('should');
+var request = require('supertest');
+var server = require('../../../app');
+
+describe('controllers', function() {
+
+  describe('getAllUsersTest', function() {
+
+    describe('GET /getAllUsers', function() {
+
+      it('login first', function(done) {
+
+
+        request(server)
+          .post('/api/sessions')
+          .set('Content-Type', 'application/json')
+          .set('Accept', 'application/json')
+          .send({ username: "1233" , password : "1111111" })
+          .expect('Content-Type', /json/)
+          .expect(200)
+          .end(function(err, res) {
+            should.not.exist(err);
+            done();
+          });
+      });
+
+      it('get all users', function(done) {
+
+
+        request(server)
+          .get('/api/users')
+          .set('Accept', 'application/json')
+          .set('Cookie',1)
+          .expect('Content-Type', /json/)
+          .expect(200)
+          .end(function(err, res) {
+            should.not.exist(err);
+            res.body.should.not.empty;
+            done();
+          });
+      });
+
+    });
+
+  });
+
+});