diff --git a/src/Application/Model/d3backupcode.php b/src/Application/Model/d3backupcode.php
index 71dd39d..7c68a6b 100644
--- a/src/Application/Model/d3backupcode.php
+++ b/src/Application/Model/d3backupcode.php
@@ -20,8 +20,6 @@ use OxidEsales\Eshop\Core\DatabaseProvider;
 use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
 use OxidEsales\Eshop\Core\Model\BaseModel;
 use OxidEsales\Eshop\Core\Registry;
-use RandomLib\Factory;
-use RandomLib\Generator;
 
 class d3backupcode extends BaseModel
 {
diff --git a/src/Modules/Application/Controller/d3_totp_getUserTrait.php b/src/Modules/Application/Controller/d3_totp_getUserTrait.php
index c4c5f99..52c89e5 100644
--- a/src/Modules/Application/Controller/d3_totp_getUserTrait.php
+++ b/src/Modules/Application/Controller/d3_totp_getUserTrait.php
@@ -20,6 +20,7 @@ use Doctrine\DBAL\DBALException;
 use OxidEsales\Eshop\Application\Model\User;
 use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
 use OxidEsales\Eshop\Core\Registry;
+use OxidEsales\Eshop\Core\Session;
 
 trait d3_totp_getUserTrait
 {
@@ -33,11 +34,11 @@ trait d3_totp_getUserTrait
         $oUser = parent::getUser();
 
         if ($oUser && $oUser->getId()) {
-            $totp = oxNew(d3totp::class);
+            $totp = $this->d3GetTotpObject();
             $totp->loadByUserId($oUser->getId());
 
             if ($totp->isActive()
-                && false == Registry::getSession()->getVariable(d3totp::TOTP_SESSION_VARNAME)
+                && false == $this->d3GetSessionObject()->getVariable(d3totp::TOTP_SESSION_VARNAME)
             ) {
                 return false;
             }
@@ -45,4 +46,20 @@ trait d3_totp_getUserTrait
 
         return $oUser;
     }
+
+    /**
+     * @return d3totp
+     */
+    public function d3GetTotpObject()
+    {
+        return oxNew(d3totp::class);
+    }
+
+    /**
+     * @return Session
+     */
+    public function d3GetSessionObject()
+    {
+        return Registry::getSession();
+    }
 }
\ No newline at end of file
diff --git a/src/Modules/Application/Model/d3_totp_user.php b/src/Modules/Application/Model/d3_totp_user.php
index eefce77..2525d55 100644
--- a/src/Modules/Application/Model/d3_totp_user.php
+++ b/src/Modules/Application/Model/d3_totp_user.php
@@ -19,6 +19,7 @@ use D3\Totp\Application\Model\d3totp;
 use Doctrine\DBAL\DBALException;
 use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
 use OxidEsales\Eshop\Core\Registry;
+use OxidEsales\Eshop\Core\Session;
 
 class d3_totp_user extends d3_totp_user_parent
 {
@@ -26,7 +27,7 @@ class d3_totp_user extends d3_totp_user_parent
     {
         $return = parent::logout();
 
-        Registry::getSession()->deleteVariable(d3totp::TOTP_SESSION_VARNAME);
+        $this->d3GetSession()->deleteVariable(d3totp::TOTP_SESSION_VARNAME);
 
         return $return;
     }
@@ -43,4 +44,12 @@ class d3_totp_user extends d3_totp_user_parent
 
         return $oTotp;
     }
+
+    /**
+     * @return Session
+     */
+    public function d3GetSession()
+    {
+        return Registry::getSession();
+    }
 }
\ No newline at end of file
diff --git a/src/Modules/Core/d3_totp_utils.php b/src/Modules/Core/d3_totp_utils.php
index b22c56e..d6f2640 100644
--- a/src/Modules/Core/d3_totp_utils.php
+++ b/src/Modules/Core/d3_totp_utils.php
@@ -19,6 +19,7 @@ use D3\Totp\Application\Model\d3totp;
 use Doctrine\DBAL\DBALException;
 use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
 use OxidEsales\Eshop\Core\Registry;
+use OxidEsales\Eshop\Core\Session;
 
 class d3_totp_utils extends d3_totp_utils_parent
 {
@@ -31,17 +32,35 @@ class d3_totp_utils extends d3_totp_utils_parent
     {
         $blAuth = parent::checkAccessRights();
 
-        $userID = Registry::getSession()->getVariable("auth");
-        $totpAuth = (bool) Registry::getSession()->getVariable(d3totp::TOTP_SESSION_VARNAME);
+        $userID = $this->d3GetSessionObject()->getVariable("auth");
+        $totpAuth = (bool) $this->d3GetSessionObject()->getVariable(d3totp::TOTP_SESSION_VARNAME);
         /** @var d3totp $totp */
-        $totp = oxNew(d3totp::class);
+        $totp = $this->d3GetTotpObject();
         $totp->loadByUserId($userID);
 
         if ($blAuth && $totp->isActive() && false === $totpAuth) {
-            Registry::getUtils()->redirect('index.php?cl=login', true, 302);
-            exit;
+            $this->redirect('index.php?cl=login', true, 302);
+            if (false == defined('OXID_PHP_UNIT')) {
+                exit;
+            }
         }
 
         return $blAuth;
     }
+
+    /**
+     * @return Session
+     */
+    public function d3GetSessionObject()
+    {
+        return Registry::getSession();
+    }
+
+    /**
+     * @return d3totp
+     */
+    public function d3GetTotpObject()
+    {
+        return oxNew(d3totp::class);
+    }
 }
\ No newline at end of file
diff --git a/src/tests/unit/Application/Controller/Admin/d3user_totpTest.php b/src/tests/unit/Application/Controller/Admin/d3user_totpTest.php
index 772153c..8ea91e6 100644
--- a/src/tests/unit/Application/Controller/Admin/d3user_totpTest.php
+++ b/src/tests/unit/Application/Controller/Admin/d3user_totpTest.php
@@ -21,11 +21,8 @@ use D3\Totp\Application\Controller\Admin\d3user_totp;
 use D3\Totp\Application\Model\d3backupcodelist;
 use D3\Totp\Application\Model\d3totp;
 use D3\Totp\tests\unit\d3TotpUnitTestCase;
-use Doctrine\DBAL\DBALException;
 use Exception;
 use OxidEsales\Eshop\Application\Model\User;
-use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
-use OxidEsales\Eshop\Core\Exception\DatabaseErrorException;
 use PHPUnit_Framework_MockObject_MockObject;
 use ReflectionException;
 
@@ -36,9 +33,6 @@ class d3user_totpTest extends d3TotpUnitTestCase
 
     /**
      * setup basic requirements
-     * @throws DBALException
-     * @throws DatabaseConnectionException
-     * @throws DatabaseErrorException
      */
     public function setUp()
     {
diff --git a/src/tests/unit/Application/Controller/d3_account_totpTest.php b/src/tests/unit/Application/Controller/d3_account_totpTest.php
index 2aa72b4..37384da 100644
--- a/src/tests/unit/Application/Controller/d3_account_totpTest.php
+++ b/src/tests/unit/Application/Controller/d3_account_totpTest.php
@@ -21,11 +21,8 @@ use D3\Totp\Application\Controller\d3_account_totp;
 use D3\Totp\Application\Model\d3backupcodelist;
 use D3\Totp\Application\Model\d3totp;
 use D3\Totp\tests\unit\d3TotpUnitTestCase;
-use Doctrine\DBAL\DBALException;
 use Exception;
 use OxidEsales\Eshop\Application\Model\User;
-use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
-use OxidEsales\Eshop\Core\Exception\DatabaseErrorException;
 use PHPUnit_Framework_MockObject_MockObject;
 use ReflectionException;
 
@@ -36,9 +33,6 @@ class d3_account_totpTest extends d3TotpUnitTestCase
 
     /**
      * setup basic requirements
-     * @throws DBALException
-     * @throws DatabaseConnectionException
-     * @throws DatabaseErrorException
      */
     public function setUp()
     {
diff --git a/src/tests/unit/Application/Controller/d3totploginTest.php b/src/tests/unit/Application/Controller/d3totploginTest.php
index c905217..f67298c 100644
--- a/src/tests/unit/Application/Controller/d3totploginTest.php
+++ b/src/tests/unit/Application/Controller/d3totploginTest.php
@@ -21,9 +21,6 @@ use D3\Totp\Application\Controller\d3totplogin;
 use D3\Totp\Application\Model\d3backupcodelist;
 use D3\Totp\Application\Model\d3totp;
 use D3\Totp\tests\unit\d3TotpUnitTestCase;
-use Doctrine\DBAL\DBALException;
-use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
-use OxidEsales\Eshop\Core\Exception\DatabaseErrorException;
 use OxidEsales\Eshop\Core\Registry;
 use OxidEsales\Eshop\Core\Utils;
 use PHPUnit_Framework_MockObject_MockObject;
@@ -36,9 +33,6 @@ class d3totploginTest extends d3TotpUnitTestCase
 
     /**
      * setup basic requirements
-     * @throws DBALException
-     * @throws DatabaseConnectionException
-     * @throws DatabaseErrorException
      */
     public function setUp()
     {
diff --git a/src/tests/unit/Modules/Application/Controller/d3_totp_OrderControllerTest.php b/src/tests/unit/Modules/Application/Controller/d3_totp_OrderControllerTest.php
new file mode 100644
index 0000000..4a2732b
--- /dev/null
+++ b/src/tests/unit/Modules/Application/Controller/d3_totp_OrderControllerTest.php
@@ -0,0 +1,48 @@
+<?php
+
+/**
+ * This Software is the property of Data Development and is protected
+ * by copyright law - it is NOT Freeware.
+ *
+ * Any unauthorized use of this software without a valid license
+ * is a violation of the license agreement and will be prosecuted by
+ * civil and criminal law.
+ *
+ * http://www.shopmodule.com
+ *
+ * @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
+ * @author    D3 Data Development - Daniel Seifert <support@shopmodule.com>
+ * @link      http://www.oxidmodule.com
+ */
+
+namespace D3\Totp\tests\unit\Modules\Application\Controller;
+
+use D3\Totp\Modules\Application\Controller\d3_totp_OrderController;
+use D3\Totp\tests\unit\d3TotpUnitTestCase;
+
+class d3_totp_OrderControllerTest extends d3TotpUnitTestCase
+{
+    use d3_totp_getUserTestTrait;
+
+    /** @var d3_totp_OrderController */
+    protected $_oController;
+
+    protected $sControllerClass = d3_totp_OrderController::class;
+
+    /**
+     * setup basic requirements
+     */
+    public function setUp()
+    {
+        parent::setUp();
+
+        $this->_oController = oxNew(d3_totp_OrderController::class);
+    }
+
+    public function tearDown()
+    {
+        parent::tearDown();
+
+        unset($this->_oController);
+    }
+}
\ No newline at end of file
diff --git a/src/tests/unit/Modules/Application/Controller/d3_totp_PaymentControllerTest.php b/src/tests/unit/Modules/Application/Controller/d3_totp_PaymentControllerTest.php
new file mode 100644
index 0000000..6bdad7e
--- /dev/null
+++ b/src/tests/unit/Modules/Application/Controller/d3_totp_PaymentControllerTest.php
@@ -0,0 +1,48 @@
+<?php
+
+/**
+ * This Software is the property of Data Development and is protected
+ * by copyright law - it is NOT Freeware.
+ *
+ * Any unauthorized use of this software without a valid license
+ * is a violation of the license agreement and will be prosecuted by
+ * civil and criminal law.
+ *
+ * http://www.shopmodule.com
+ *
+ * @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
+ * @author    D3 Data Development - Daniel Seifert <support@shopmodule.com>
+ * @link      http://www.oxidmodule.com
+ */
+
+namespace D3\Totp\tests\unit\Modules\Application\Controller;
+
+use D3\Totp\Modules\Application\Controller\d3_totp_PaymentController;
+use D3\Totp\tests\unit\d3TotpUnitTestCase;
+
+class d3_totp_PaymentControllerTest extends d3TotpUnitTestCase
+{
+    use d3_totp_getUserTestTrait;
+
+    /** @var d3_totp_PaymentController */
+    protected $_oController;
+
+    protected $sControllerClass = d3_totp_PaymentController::class;
+
+    /**
+     * setup basic requirements
+     */
+    public function setUp()
+    {
+        parent::setUp();
+
+        $this->_oController = oxNew(d3_totp_PaymentController::class);
+    }
+
+    public function tearDown()
+    {
+        parent::tearDown();
+
+        unset($this->_oController);
+    }
+}
\ No newline at end of file
diff --git a/src/tests/unit/Modules/Application/Controller/d3_totp_UserControllerTest.php b/src/tests/unit/Modules/Application/Controller/d3_totp_UserControllerTest.php
new file mode 100644
index 0000000..f1f469d
--- /dev/null
+++ b/src/tests/unit/Modules/Application/Controller/d3_totp_UserControllerTest.php
@@ -0,0 +1,48 @@
+<?php
+
+/**
+ * This Software is the property of Data Development and is protected
+ * by copyright law - it is NOT Freeware.
+ *
+ * Any unauthorized use of this software without a valid license
+ * is a violation of the license agreement and will be prosecuted by
+ * civil and criminal law.
+ *
+ * http://www.shopmodule.com
+ *
+ * @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
+ * @author    D3 Data Development - Daniel Seifert <support@shopmodule.com>
+ * @link      http://www.oxidmodule.com
+ */
+
+namespace D3\Totp\tests\unit\Modules\Application\Controller;
+
+use D3\Totp\Modules\Application\Controller\d3_totp_UserController;
+use D3\Totp\tests\unit\d3TotpUnitTestCase;
+
+class d3_totp_UserControllerTest extends d3TotpUnitTestCase
+{
+    use d3_totp_getUserTestTrait;
+
+    /** @var d3_totp_UserController */
+    protected $_oController;
+
+    protected $sControllerClass = d3_totp_UserController::class;
+
+    /**
+     * setup basic requirements
+     */
+    public function setUp()
+    {
+        parent::setUp();
+
+        $this->_oController = oxNew(d3_totp_UserController::class);
+    }
+
+    public function tearDown()
+    {
+        parent::tearDown();
+
+        unset($this->_oController);
+    }
+}
\ No newline at end of file
diff --git a/src/tests/unit/Modules/Application/Controller/d3_totp_getUserTestTrait.php b/src/tests/unit/Modules/Application/Controller/d3_totp_getUserTestTrait.php
new file mode 100644
index 0000000..e03e69c
--- /dev/null
+++ b/src/tests/unit/Modules/Application/Controller/d3_totp_getUserTestTrait.php
@@ -0,0 +1,195 @@
+<?php
+
+/**
+ * This Software is the property of Data Development and is protected
+ * by copyright law - it is NOT Freeware.
+ *
+ * Any unauthorized use of this software without a valid license
+ * is a violation of the license agreement and will be prosecuted by
+ * civil and criminal law.
+ *
+ * http://www.shopmodule.com
+ *
+ * @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
+ * @author    D3 Data Development - Daniel Seifert <support@shopmodule.com>
+ * @link      http://www.oxidmodule.com
+ */
+
+namespace D3\Totp\tests\unit\Modules\Application\Controller;
+
+use D3\Totp\Application\Model\d3totp;
+use D3\Totp\Modules\Application\Controller\d3_totp_OrderController;
+use OxidEsales\Eshop\Application\Model\User;
+use OxidEsales\Eshop\Core\Session;
+use PHPUnit_Framework_MockObject_MockObject;
+
+trait d3_totp_getUserTestTrait
+{
+    /**
+     * @test
+     */
+    public function getUserHasNoUser()
+    {
+        /** @var d3_totp_orderController|PHPUnit_Framework_MockObject_MockObject $oControllerMock */
+        $oControllerMock = $this->getMock($this->sControllerClass, array(
+            'd3GetTotpObject',
+        ));
+        $oControllerMock->expects($this->never())->method('d3GetTotpObject');
+
+        $this->_oController = $oControllerMock;
+
+        $this->assertFalse(
+            $this->callMethod($this->_oController, 'getUser')
+        );
+    }
+
+    /**
+     * @test
+     */
+    public function getUserTotpNotActive()
+    {
+        /** @var User|PHPUnit_Framework_MockObject_MockObject $oUserMock */
+        $oUserMock = $this->getMock(User::class, array(
+            'getId'
+        ));
+        $oUserMock->method('getId')->willReturn('foo');
+
+        /** @var Session|PHPUnit_Framework_MockObject_MockObject $oSessionMock */
+        $oSessionMock = $this->getMock(Session::class, array(
+            'getVariable',
+        ));
+        $oSessionMock->method('getVariable')->willReturn(true);
+
+        /** @var d3totp|PHPUnit_Framework_MockObject_MockObject $oTotpMock */
+        $oTotpMock = $this->getMock(d3totp::class, array(
+            'isActive',
+            'loadByUserId'
+        ));
+        $oTotpMock->method('isActive')->willReturn(false);
+        $oTotpMock->method('loadByUserId')->willReturn(true);
+
+        /** @var d3_totp_orderController|PHPUnit_Framework_MockObject_MockObject $oControllerMock */
+        $oControllerMock = $this->getMock($this->sControllerClass, array(
+            'd3GetTotpObject',
+            'd3GetSessionObject'
+        ));
+        $oControllerMock->expects($this->once())->method('d3GetTotpObject')->willReturn($oTotpMock);
+        $oControllerMock->method('d3GetSessionObject')->willReturn($oSessionMock);
+
+        $this->_oController = $oControllerMock;
+
+        $this->setValue($this->_oController, '_oActUser', $oUserMock);
+
+        $this->assertSame(
+            $oUserMock,
+            $this->callMethod($this->_oController, 'getUser')
+        );
+    }
+
+    /**
+     * @test
+     */
+    public function getUserTotpFinished()
+    {
+        /** @var User|PHPUnit_Framework_MockObject_MockObject $oUserMock */
+        $oUserMock = $this->getMock(User::class, array(
+            'getId'
+        ));
+        $oUserMock->method('getId')->willReturn('foo');
+
+        /** @var Session|PHPUnit_Framework_MockObject_MockObject $oSessionMock */
+        $oSessionMock = $this->getMock(Session::class, array(
+            'getVariable',
+        ));
+        $oSessionMock->method('getVariable')->willReturn(true);
+
+        /** @var d3totp|PHPUnit_Framework_MockObject_MockObject $oTotpMock */
+        $oTotpMock = $this->getMock(d3totp::class, array(
+            'isActive',
+            'loadByUserId'
+        ));
+        $oTotpMock->method('isActive')->willReturn(true);
+        $oTotpMock->method('loadByUserId')->willReturn(true);
+
+        /** @var d3_totp_orderController|PHPUnit_Framework_MockObject_MockObject $oControllerMock */
+        $oControllerMock = $this->getMock($this->sControllerClass, array(
+            'd3GetTotpObject',
+            'd3GetSessionObject'
+        ));
+        $oControllerMock->expects($this->once())->method('d3GetTotpObject')->willReturn($oTotpMock);
+        $oControllerMock->method('d3GetSessionObject')->willReturn($oSessionMock);
+
+        $this->_oController = $oControllerMock;
+
+        $this->setValue($this->_oController, '_oActUser', $oUserMock);
+
+        $this->assertSame(
+            $oUserMock,
+            $this->callMethod($this->_oController, 'getUser')
+        );
+    }
+
+    /**
+     * @test
+     */
+    public function getUserTotpNotFinished()
+    {
+        /** @var User|PHPUnit_Framework_MockObject_MockObject $oUserMock */
+        $oUserMock = $this->getMock(User::class, array(
+            'getId'
+        ));
+        $oUserMock->method('getId')->willReturn('foo');
+
+        /** @var Session|PHPUnit_Framework_MockObject_MockObject $oSessionMock */
+        $oSessionMock = $this->getMock(Session::class, array(
+            'getVariable',
+        ));
+        $oSessionMock->method('getVariable')->willReturn(false);
+
+        /** @var d3totp|PHPUnit_Framework_MockObject_MockObject $oTotpMock */
+        $oTotpMock = $this->getMock(d3totp::class, array(
+            'isActive',
+            'loadByUserId'
+        ));
+        $oTotpMock->method('isActive')->willReturn(true);
+        $oTotpMock->method('loadByUserId')->willReturn(true);
+
+        /** @var d3_totp_orderController|PHPUnit_Framework_MockObject_MockObject $oControllerMock */
+        $oControllerMock = $this->getMock($this->sControllerClass, array(
+            'd3GetTotpObject',
+            'd3GetSessionObject'
+        ));
+        $oControllerMock->expects($this->once())->method('d3GetTotpObject')->willReturn($oTotpMock);
+        $oControllerMock->method('d3GetSessionObject')->willReturn($oSessionMock);
+
+        $this->_oController = $oControllerMock;
+
+        $this->setValue($this->_oController, '_oActUser', $oUserMock);
+
+        $this->assertFalse(
+            $this->callMethod($this->_oController, 'getUser')
+        );
+    }
+
+    /**
+     * @test
+     */
+    public function d3GetTotpObjectReturnsRightObject()
+    {
+        $this->assertInstanceOf(
+            d3totp::class,
+            $this->callMethod($this->_oController, 'd3GetTotpObject')
+        );
+    }
+
+    /**
+     * @test
+     */
+    public function d3GetSessionObjectReturnsRightObject()
+    {
+        $this->assertInstanceOf(
+            Session::class,
+            $this->callMethod($this->_oController, 'd3GetSessionObject')
+        );
+    }
+}
\ No newline at end of file
diff --git a/src/tests/unit/Modules/Application/Model/d3_totp_userTest.php b/src/tests/unit/Modules/Application/Model/d3_totp_userTest.php
new file mode 100644
index 0000000..1eba8c7
--- /dev/null
+++ b/src/tests/unit/Modules/Application/Model/d3_totp_userTest.php
@@ -0,0 +1,101 @@
+<?php
+
+/**
+ * This Software is the property of Data Development and is protected
+ * by copyright law - it is NOT Freeware.
+ *
+ * Any unauthorized use of this software without a valid license
+ * is a violation of the license agreement and will be prosecuted by
+ * civil and criminal law.
+ *
+ * http://www.shopmodule.com
+ *
+ * @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
+ * @author    D3 Data Development - Daniel Seifert <support@shopmodule.com>
+ * @link      http://www.oxidmodule.com
+ */
+
+namespace D3\Totp\tests\unit\Modules\Application\Model;
+
+use D3\Totp\Application\Model\d3totp;
+use D3\Totp\Modules\Application\Model\d3_totp_user;
+use D3\Totp\tests\unit\d3TotpUnitTestCase;
+use OxidEsales\Eshop\Application\Model\User;
+use OxidEsales\Eshop\Core\Session;
+use PHPUnit_Framework_MockObject_MockObject;
+use ReflectionException;
+
+class d3_totp_userTest extends d3TotpUnitTestCase
+{
+    /** @var d3_totp_user */
+    protected $_oModel;
+
+    /**
+     * setup basic requirements
+     */
+    public function setUp()
+    {
+        parent::setUp();
+
+        $this->_oModel = oxNew(User::class);
+    }
+
+    public function tearDown()
+    {
+        parent::tearDown();
+
+        unset($this->_oModel);
+    }
+
+    /**
+     * @test
+     * @throws ReflectionException
+     */
+    public function logout()
+    {
+        /** @var Session|PHPUnit_Framework_MockObject_MockObject $oSessionMock */
+        $oSessionMock = $this->getMock(Session::class, array(
+            'deleteVariable'
+        ));
+        $oSessionMock->expects($this->once())->method('deleteVariable')->willReturn(true);
+
+        /** @var d3_totp_user|PHPUnit_Framework_MockObject_MockObject $oModelMock */
+        $oModelMock = $this->getMock(User::class, array(
+            'd3GetSession'
+        ));
+        $oModelMock->method('d3GetSession')->willReturn($oSessionMock);
+
+        $this->_oModel = $oModelMock;
+
+        $this->assertTrue(
+            $this->callMethod(
+                $this->_oModel,
+                'logout'
+            )
+        );
+    }
+
+    /**
+     * @test
+     * @throws ReflectionException
+     */
+    public function d3getTotpReturnsRightInstance()
+    {
+        $this->assertInstanceOf(
+            d3totp::class,
+            $this->callMethod($this->_oModel, 'd3getTotp')
+        );
+    }
+
+    /**
+     * @test
+     * @throws ReflectionException
+     */
+    public function d3GetSessionReturnsRightInstance()
+    {
+        $this->assertInstanceOf(
+            Session::class,
+            $this->callMethod($this->_oModel, 'd3GetSession')
+        );
+    }
+}
\ No newline at end of file
diff --git a/src/tests/unit/Modules/Core/d3_totp_utilsTest.php b/src/tests/unit/Modules/Core/d3_totp_utilsTest.php
new file mode 100644
index 0000000..5ea193f
--- /dev/null
+++ b/src/tests/unit/Modules/Core/d3_totp_utilsTest.php
@@ -0,0 +1,224 @@
+<?php
+
+/**
+ * This Software is the property of Data Development and is protected
+ * by copyright law - it is NOT Freeware.
+ *
+ * Any unauthorized use of this software without a valid license
+ * is a violation of the license agreement and will be prosecuted by
+ * civil and criminal law.
+ *
+ * http://www.shopmodule.com
+ *
+ * @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
+ * @author    D3 Data Development - Daniel Seifert <support@shopmodule.com>
+ * @link      http://www.oxidmodule.com
+ */
+
+namespace D3\Totp\tests\unit\Modules\Core;
+
+use D3\Totp\Application\Model\d3totp;
+use D3\Totp\Modules\Core\d3_totp_utils;
+use D3\Totp\tests\unit\d3TotpUnitTestCase;
+use OxidEsales\Eshop\Core\Registry;
+use OxidEsales\Eshop\Core\Session;
+use OxidEsales\Eshop\Core\Utils;
+use PHPUnit_Framework_MockObject_MockObject;
+use ReflectionException;
+
+class d3_totp_utilsTest extends d3TotpUnitTestCase
+{
+    /** @var d3_totp_utils */
+    protected $_oCoreClass;
+
+    /**
+     * setup basic requirements
+     */
+    public function setUp()
+    {
+        parent::setUp();
+
+        $this->_oCoreClass = oxNew(Utils::class);
+    }
+
+    public function tearDown()
+    {
+        parent::tearDown();
+
+        unset($this->_oCoreClass);
+    }
+
+    /**
+     * @test
+     * @throws ReflectionException
+     */
+    public function checkAccessRightsNoAuth()
+    {
+        Registry::getSession()->setVariable("auth", false);
+
+        /** @var d3totp|PHPUnit_Framework_MockObject_MockObject $oTotpMock */
+        $oTotpMock = $this->getMock(d3totp::class, array(
+            'loadByUserId',
+            'isActive',
+        ));
+        $oTotpMock->method('loadByUserId')->willReturn(true);
+        $oTotpMock->method('isActive')->willReturn(false);
+
+        /** @var d3_totp_utils|PHPUnit_Framework_MockObject_MockObject $oCoreMock */
+        $oCoreMock = $this->getMock(Utils::class, array(
+            'd3GetTotpObject',
+            'd3GetUtilsObject'
+        ));
+        $oCoreMock->method('d3GetTotpObject')->willReturn($oTotpMock);
+        $oCoreMock->expects($this->never())->method('d3GetUtilsObject');
+
+        $this->_oCoreClass = $oCoreMock;
+
+        $this->assertFalse(
+            $this->callMethod($this->_oCoreClass, 'checkAccessRights')
+        );
+    }
+
+    /**
+     * @test
+     * @throws ReflectionException
+     */
+    public function checkAccessRightsTotpNotActive()
+    {
+        Registry::getSession()->setVariable("auth", 'foo');
+
+        /** @var d3totp|PHPUnit_Framework_MockObject_MockObject $oTotpMock */
+        $oTotpMock = $this->getMock(d3totp::class, array(
+            'loadByUserId',
+            'isActive',
+        ));
+        $oTotpMock->method('loadByUserId')->willReturn(true);
+        $oTotpMock->method('isActive')->willReturn(false);
+
+        /** @var d3_totp_utils|PHPUnit_Framework_MockObject_MockObject $oCoreMock */
+        $oCoreMock = $this->getMock(Utils::class, array(
+            'd3GetTotpObject',
+            'd3GetUtilsObject',
+            'fetchRightsForUser'
+        ));
+        $oCoreMock->method('d3GetTotpObject')->willReturn($oTotpMock);
+        $oCoreMock->expects($this->never())->method('d3GetUtilsObject');
+        $oCoreMock->method('fetchRightsForUser')->willReturn('malladmin');
+
+        $this->_oCoreClass = $oCoreMock;
+
+        $this->assertTrue(
+            $this->callMethod($this->_oCoreClass, 'checkAccessRights')
+        );
+    }
+
+    /**
+     * @test
+     * @throws ReflectionException
+     */
+    public function checkAccessRightsTotpFinished()
+    {
+        Registry::getSession()->setVariable("auth", 'foo');
+
+        /** @var Session|PHPUnit_Framework_MockObject_MockObject $oSessionMock */
+        $oSessionMock = $this->getMock(Session::class, array(
+            'getVariable',
+        ));
+        $oSessionMock->method('getVariable')->will($this->onConsecutiveCalls('foo', true));
+
+        /** @var d3totp|PHPUnit_Framework_MockObject_MockObject $oTotpMock */
+        $oTotpMock = $this->getMock(d3totp::class, array(
+            'loadByUserId',
+            'isActive',
+        ));
+        $oTotpMock->method('loadByUserId')->willReturn(true);
+        $oTotpMock->method('isActive')->willReturn(true);
+
+        /** @var d3_totp_utils|PHPUnit_Framework_MockObject_MockObject $oCoreMock */
+        $oCoreMock = $this->getMock(Utils::class, array(
+            'd3GetTotpObject',
+            'd3GetSessionObject',
+            'fetchRightsForUser',
+            'redirect'
+        ));
+        $oCoreMock->method('d3GetTotpObject')->willReturn($oTotpMock);
+        $oCoreMock->method('d3GetSessionObject')->willReturn($oSessionMock);
+        $oCoreMock->method('fetchRightsForUser')->willReturn('malladmin');
+        $oCoreMock->expects($this->never())->method('redirect')->willReturn(true);
+
+        $this->_oCoreClass = $oCoreMock;
+
+        $this->assertTrue(
+            $this->callMethod($this->_oCoreClass, 'checkAccessRights')
+        );
+    }
+
+    /**
+     * @test
+     * @throws ReflectionException
+     */
+    public function checkAccessRightsTotpUnfinished()
+    {
+        Registry::getSession()->setVariable("auth", 'foo');
+
+        /** @var Session|PHPUnit_Framework_MockObject_MockObject $oSessionMock */
+        $oSessionMock = $this->getMock(Session::class, array(
+            'getVariable',
+        ));
+        $oSessionMock->method('getVariable')->will($this->onConsecutiveCalls('foo', false));
+
+        /** @var Session|PHPUnit_Framework_MockObject_MockObject $oSessionMock */
+        $oSessionMock = $this->getMock(Session::class, array(
+            'getVariable',
+        ));
+        $oSessionMock->method('getVariable')->will($this->onConsecutiveCalls('foo', false));
+
+        /** @var d3totp|PHPUnit_Framework_MockObject_MockObject $oTotpMock */
+        $oTotpMock = $this->getMock(d3totp::class, array(
+            'loadByUserId',
+            'isActive',
+        ));
+        $oTotpMock->method('loadByUserId')->willReturn(true);
+        $oTotpMock->method('isActive')->willReturn(true);
+
+        /** @var d3_totp_utils|PHPUnit_Framework_MockObject_MockObject $oCoreMock */
+        $oCoreMock = $this->getMock(Utils::class, array(
+            'd3GetTotpObject',
+            'd3GetSessionObject',
+            'fetchRightsForUser',
+            'redirect'
+        ));
+        $oCoreMock->method('d3GetTotpObject')->willReturn($oTotpMock);
+        $oCoreMock->method('d3GetSessionObject')->willReturn($oSessionMock);
+        $oCoreMock->method('fetchRightsForUser')->willReturn('malladmin');
+        $oCoreMock->expects($this->once())->method('redirect')->willReturn(true);
+
+        $this->_oCoreClass = $oCoreMock;
+
+        $this->callMethod($this->_oCoreClass, 'checkAccessRights');
+    }
+
+    /**
+     * @test
+     * @throws ReflectionException
+     */
+    public function d3GetSessionObjectReturnsRightInstance()
+    {
+        $this->assertInstanceOf(
+            Session::class,
+            $this->callMethod($this->_oCoreClass, 'd3GetSessionObject')
+        );
+    }
+
+    /**
+     * @test
+     * @throws ReflectionException
+     */
+    public function d3GetTotpObjectReturnsRightInstance()
+    {
+        $this->assertInstanceOf(
+            d3totp::class,
+            $this->callMethod($this->_oCoreClass, 'd3GetTotpObject')
+        );
+    }
+}
\ No newline at end of file