diff --git a/migrations/env.py b/migrations/env.py
index 6a10e6d..4742e14 100755
--- a/migrations/env.py
+++ b/migrations/env.py
@@ -19,7 +19,7 @@ logger = logging.getLogger('alembic.env')
 # target_metadata = mymodel.Base.metadata
 from flask import current_app
 config.set_main_option('sqlalchemy.url',
-                       current_app.config.get('SQLALCHEMY_DATABASE_URI'))
+                       current_app.config.get('SQLALCHEMY_DATABASE_URI').replace("%","%%"))
 target_metadata = current_app.extensions['migrate'].db.metadata
 
 # other values from the config, defined by the needs of env.py,
diff --git a/powerdnsadmin/lib/helper.py b/powerdnsadmin/lib/helper.py
index a5925ef..1b5a082 100644
--- a/powerdnsadmin/lib/helper.py
+++ b/powerdnsadmin/lib/helper.py
@@ -14,9 +14,9 @@ def forward_request():
     msg_str = "Sending request to powerdns API {0}"
 
     if request.method != 'GET' and request.method != 'DELETE':
-        msg = msg_str.format(request.get_json(force=True))
+        msg = msg_str.format(request.get_json(force=True, silent=True))
         current_app.logger.debug(msg)
-        data = request.get_json(force=True)
+        data = request.get_json(force=True, silent=True)
 
     verify = False
 
diff --git a/powerdnsadmin/models/api_key.py b/powerdnsadmin/models/api_key.py
index 4c26cd2..7bd0fda 100644
--- a/powerdnsadmin/models/api_key.py
+++ b/powerdnsadmin/models/api_key.py
@@ -60,31 +60,31 @@ class ApiKey(db.Model):
 
     def update(self, role_name=None, description=None, domains=None, accounts=None):
         try:
-            if role_name:
-                role = Role.query.filter(Role.name == role_name).first()
-                self.role_id = role.id
+          if role_name:
+              role = Role.query.filter(Role.name == role_name).first()
+              self.role_id = role.id
 
-            if description:
-                self.description = description
+          if description:
+              self.description = description
 
-            if domains is not None:
-                domain_object_list = Domain.query \
-                                           .filter(Domain.name.in_(domains)) \
-                                           .all()
-                self.domains[:] = domain_object_list
+          if domains is not None:
+              domain_object_list = Domain.query \
+                                       .filter(Domain.name.in_(domains)) \
+                                       .all()
+              self.domains[:] = domain_object_list
 
-            if accounts is not None:
-                account_object_list = Account.query \
-                                           .filter(Account.name.in_(accounts)) \
-                                           .all()
-                self.accounts[:] = account_object_list
+          if accounts is not None:
+              account_object_list = Account.query \
+                                       .filter(Account.name.in_(accounts)) \
+                                       .all()
+              self.accounts[:] = account_object_list
 
-            db.session.commit()
+          db.session.commit()
         except Exception as e:
-            msg_str = 'Update of apikey failed. Error: {0}'
-            current_app.logger.error(msg_str.format(e))
-            db.session.rollback
-            raise e
+          msg_str = 'Update of apikey failed. Error: {0}'
+          current_app.logger.error(msg_str.format(e))
+          db.session.rollback()  # fixed line
+          raise e
 
     def get_hashed_password(self, plain_text_password=None):
         # Hash a password for the first time
diff --git a/powerdnsadmin/models/user.py b/powerdnsadmin/models/user.py
index 2f8b87c..66669b7 100644
--- a/powerdnsadmin/models/user.py
+++ b/powerdnsadmin/models/user.py
@@ -94,7 +94,7 @@ class User(db.Model):
 
     def verify_totp(self, token):
         totp = pyotp.TOTP(self.otp_secret)
-        return totp.verify(token)
+        return totp.verify(token, valid_window = 5)
 
     def get_hashed_password(self, plain_text_password=None):
         # Hash a password for the first time
@@ -107,7 +107,7 @@ class User(db.Model):
 
     def check_password(self, hashed_password):
         # Check hashed password. Using bcrypt, the salt is saved into the hash itself
-        if (self.plain_text_password):
+        if hasattr(self, "plain_text_password"):
             return bcrypt.checkpw(self.plain_text_password.encode('utf-8'),
                                   hashed_password.encode('utf-8'))
         return False
@@ -423,7 +423,7 @@ class User(db.Model):
                 name='Administrator').first().id
 
         self.password = self.get_hashed_password(
-            self.plain_text_password) if self.plain_text_password else '*'
+            self.plain_text_password) if hasattr(self, "plain_text_password") else '*'
 
         if self.password and self.password != '*':
             self.password = self.password.decode("utf-8")
@@ -459,7 +459,7 @@ class User(db.Model):
         user.email = self.email
 
         # store new password hash (only if changed)
-        if self.plain_text_password:
+        if hasattr(self, "plain_text_password"):
             user.password = self.get_hashed_password(
                 self.plain_text_password).decode("utf-8")
 
@@ -478,7 +478,7 @@ class User(db.Model):
         user.lastname = self.lastname if self.lastname else user.lastname
         user.password = self.get_hashed_password(
             self.plain_text_password).decode(
-                "utf-8") if self.plain_text_password else user.password
+                "utf-8") if hasattr(self, "plain_text_password") else user.password
 
         if self.email:
             # Can not update to a new email that