diff --git a/app/codes/user.py b/app/codes/user.py
index 4ef0774..7d733cc 100644
--- a/app/codes/user.py
+++ b/app/codes/user.py
@@ -13,14 +13,14 @@ def login():
     username = data.get('username')
     password = data.get('password')
 
-    # Aquí se validan las credenciales (en este caso un ejemplo simple)
-    if username == 'admin' and password == 'password':
-        # Generar token
-        token = jwt.encode({
-            'username': username,
-            'exp': datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(hours=1)
-        }, current_app.config['SECRET_KEY'], algorithm='HS256')  # Usamos current_app para acceder a la configuración
-        return jsonify({'token': token})
+    if username and password:
+        user = User.query.filter_by(username=username).first()
+        if user and user.check_password(password):
+            token = jwt.encode({
+                'username': username,
+                'exp': datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(hours=1)
+            }, current_app.config['SECRET_KEY'], algorithm='HS256')
+            return jsonify({'token': token})
 
     return jsonify({'message': 'Credenciales inválidas'}), 401