diff --git a/test/unitTests/core/AuthenticationControllerTest.php b/test/unitTests/core/AuthenticationControllerTest.php
new file mode 100644
index 0000000000000000000000000000000000000000..916151962e888e76414d4faa59c28706863e7011
--- /dev/null
+++ b/test/unitTests/core/AuthenticationControllerTest.php
@@ -0,0 +1,79 @@
+<?php
+/**
+* Copyright Maarch since 2008 under licence GPLv3.
+* See LICENCE.txt file at the root folder for more details.
+* This file is part of Maarch software.
+
+* @brief   AuthenticationControllerTest
+* @author  dev <dev@maarch.org>
+* @ingroup core
+*/
+
+use PHPUnit\Framework\TestCase;
+
+class AuthenticationControllerTest extends TestCase
+{
+    public function testAuthentication()
+    {
+        $_SERVER['PHP_AUTH_USER'] = 'superadmin';
+        $_SERVER['PHP_AUTH_PW'] = 'superadmin';
+        $response = \SrcCore\controllers\AuthenticationController::authentication();
+
+        $this->assertNotEmpty($response);
+        $this->assertSame('superadmin', $response);
+    }
+
+    public function testIsRouteAvailable()
+    {
+        $response = \SrcCore\controllers\AuthenticationController::isRouteAvailable(['userId' => 'superadmin', 'currentRoute' => '/actions']);
+        $this->assertSame(true, $response['isRouteAvailable']);
+    }
+
+    public function testHandleFailedAuthentication()
+    {
+        $passwordController = new \SrcCore\controllers\PasswordController();
+
+        $environment    = \Slim\Http\Environment::mock(['REQUEST_METHOD' => 'GET']);
+        $request        = \Slim\Http\Request::createFromEnvironment($environment);
+
+        $response     = $passwordController->getRules($request, new \Slim\Http\Response());
+        $responseBody = json_decode((string)$response->getBody());
+
+        // reset rules
+        $rules = (array)$responseBody->rules;
+        foreach ($rules as $key => $rule) {
+            $rules[$key] = (array)$rule;
+            $rule = (array)$rule;
+            if ($rule['label'] == 'complexitySpecial' || $rule['label'] == 'complexityNumber' || $rule['label'] == 'complexityUpper') {
+                $rules[$key]['enabled'] = false;
+            }
+            if ($rule['label'] == 'minLength') {
+                $rules[$key]['value'] = 6;
+                $rules[$key]['enabled'] = true;
+            }
+            if ($rule['label'] == 'lockAttempts') {
+                $lockAttempts = $rule['value'];
+            }
+            if ($rule['label'] == 'lockTime') {
+                $lockTime = $rule['value'];
+            }
+        }
+
+        if (!empty($lockAttempts) && !empty($lockTime)) {
+            $fullRequest = \httpRequestCustom::addContentInBody(['rules' => $rules], $request);
+            $passwordController->updateRules($fullRequest, new \Slim\Http\Response());
+    
+            $response = \SrcCore\models\AuthenticationModel::resetFailedAuthentication(['userId' => 'superadmin']);
+            $this->assertSame(true, $response);
+    
+            for ($i = 1; $i < $lockAttempts; $i++) {
+                $response = \SrcCore\controllers\AuthenticationController::handleFailedAuthentication(['userId' => 'superadmin']);
+                $this->assertSame(_BAD_LOGIN_OR_PSW, $response);
+            }
+            $response = \SrcCore\controllers\AuthenticationController::handleFailedAuthentication(['userId' => 'superadmin']);
+            $this->assertSame(_ACCOUNT_LOCKED_FOR . " " . $lockTime . " mn", $response);
+
+            $response = \SrcCore\models\AuthenticationModel::resetFailedAuthentication(['userId' => 'superadmin']);
+        }
+    }
+}