diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index f0e6574..16975c4 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -12,7 +12,7 @@ jobs:
 
     strategy:
       matrix:
-        node-version: [14]
+        node-version: [16]
 
     steps:
       - uses: actions/checkout@v2
diff --git a/src/api/api.controller.ts b/src/api/api.controller.ts
index 6b818a7..e0a0afc 100644
--- a/src/api/api.controller.ts
+++ b/src/api/api.controller.ts
@@ -20,7 +20,7 @@ import { FusionauthService } from './fusionauth/fusionauth.service';
 import { OtpService } from './otp/otp.service';
 import { SMSResponse } from './sms/sms.interface';
 import { RefreshRequest } from '@fusionauth/typescript-client/build/src/FusionAuthClient';
-import { ChangePasswordDTO } from '../user/dto/changePassword.dto';
+import { ChangePasswordDTO } from './dto/changePassword.dto';
 import { SentryInterceptor } from '../interceptors/sentry.interceptor';
 import * as Sentry from '@sentry/node';
 import { LoginDto } from './dto/login.dto';
@@ -99,8 +99,12 @@ export class ApiController {
         encodedBase64Key === undefined
           ? CryptoJS.enc.Base64.parse('bla')
           : CryptoJS.enc.Base64.parse(encodedBase64Key);
-      user.loginId = this.apiService.decrypt(user.loginId, parsedBase64Key);
-      user.password = this.apiService.decrypt(user.password, parsedBase64Key);
+      const loginId = this.apiService.decrypt(user.loginId, parsedBase64Key);
+      const password = this.apiService.decrypt(user.password, parsedBase64Key);
+
+      // if we are not able to decrypt, we'll try to authenticate with the original creds
+      user.loginId = loginId ? loginId : user.loginId;
+      user.password = password ? password : user.password;
     }
     return await this.apiService.login(user, authHeader);
   }
@@ -230,7 +234,6 @@ export class ApiController {
     @Headers('authorization') authHeader,
     @Headers('x-application-id') applicationId,
   ): Promise<UsersResponse> {
-    console.log(query.numberOfResults);
     return await this.apiService.fetchUsersByString(
       query.queryString,
       query.startRow,
diff --git a/src/api/api.module.ts b/src/api/api.module.ts
index cd3b8d0..483be52 100644
--- a/src/api/api.module.ts
+++ b/src/api/api.module.ts
@@ -56,7 +56,7 @@ const otpServiceFactory = {
     ConfigResolverService,
     {
       provide: APP_PIPE,
-      useValue: new ValidationPipe(),
+      useValue: new ValidationPipe({ transform: true }),
     },
   ],
 })
diff --git a/src/api/dto/changePassword.dto.ts b/src/api/dto/changePassword.dto.ts
new file mode 100644
index 0000000..8320e81
--- /dev/null
+++ b/src/api/dto/changePassword.dto.ts
@@ -0,0 +1,15 @@
+import { IsNotEmpty, IsString } from 'class-validator';
+
+export class ChangePasswordDTO {
+  @IsString()
+  @IsNotEmpty()
+  username: string;
+
+  @IsString()
+  @IsNotEmpty()
+  password: string;
+
+  @IsString()
+  @IsNotEmpty()
+  OTP: string;
+}