diff --git a/apps/fg_http/coveralls.json b/apps/fg_http/coveralls.json
new file mode 100644
index 000000000..3d771278d
--- /dev/null
+++ b/apps/fg_http/coveralls.json
@@ -0,0 +1,5 @@
+{
+  "skip_files": [
+    "test"
+  ]
+}
diff --git a/apps/fg_http/lib/fg_http/devices.ex b/apps/fg_http/lib/fg_http/devices.ex
index bc8fa3944..94286b018 100644
--- a/apps/fg_http/lib/fg_http/devices.ex
+++ b/apps/fg_http/lib/fg_http/devices.ex
@@ -8,50 +8,10 @@ defmodule FgHttp.Devices do
 
   alias FgHttp.Devices.Device
 
-  @doc """
-  Returns the list of devices.
-
-  ## Examples
-
-      iex> list_devices()
-      [%Device{}, ...]
-
-  """
-  def list_devices, do: Repo.all(Device)
-
   def list_devices(user_id) do
     Repo.all(from d in Device, where: d.user_id == ^user_id)
   end
 
-  @doc """
-  Returns a new device with an initialized configuration.
-
-  ## Examples
-
-      iex> new_device()
-      %Device{
-        "conf" => "new_conf"
-      }
-  """
-  def new_device(attrs \\ %{}) do
-    device = %Device{}
-    Map.merge(device, attrs)
-  end
-
-  @doc """
-  Gets a single device.
-
-  Raises `Ecto.NoResultsError` if the Device does not exist.
-
-  ## Examples
-
-      iex> get_device!(123)
-      %Device{}
-
-      iex> get_device!(456)
-      ** (Ecto.NoResultsError)
-
-  """
   def get_device!(id), do: Repo.get!(Device, id)
 
   def get_device!(id, with_rules: true) do
@@ -62,67 +22,22 @@ defmodule FgHttp.Devices do
     )
   end
 
-  @doc """
-  Creates a device.
-
-  ## Examples
-
-      iex> create_device(%{field: value})
-      {:ok, %Device{}}
-
-      iex> create_device(%{field: bad_value})
-      {:error, %Ecto.Changeset{}}
-
-  """
   def create_device(attrs \\ %{}) do
     %Device{}
     |> Device.changeset(attrs)
     |> Repo.insert()
   end
 
-  @doc """
-  Updates a device.
-
-  ## Examples
-
-      iex> update_device(device, %{field: new_value})
-      {:ok, %Device{}}
-
-      iex> update_device(device, %{field: bad_value})
-      {:error, %Ecto.Changeset{}}
-
-  """
   def update_device(%Device{} = device, attrs) do
     device
     |> Device.changeset(attrs)
     |> Repo.update()
   end
 
-  @doc """
-  Deletes a device.
-
-  ## Examples
-
-      iex> delete_device(device)
-      {:ok, %Device{}}
-
-      iex> delete_device(device)
-      {:error, %Ecto.Changeset{}}
-
-  """
   def delete_device(%Device{} = device) do
     Repo.delete(device)
   end
 
-  @doc """
-  Returns an `%Ecto.Changeset{}` for tracking device changes.
-
-  ## Examples
-
-      iex> change_device(device)
-      %Ecto.Changeset{source: %Device{}}
-
-  """
   def change_device(%Device{} = device) do
     Device.changeset(device, %{})
   end
diff --git a/apps/fg_http/lib/fg_http/devices/device.ex b/apps/fg_http/lib/fg_http/devices/device.ex
index 1e93550ed..c93b60c2b 100644
--- a/apps/fg_http/lib/fg_http/devices/device.ex
+++ b/apps/fg_http/lib/fg_http/devices/device.ex
@@ -20,7 +20,6 @@ defmodule FgHttp.Devices.Device do
     timestamps(type: :utc_datetime_usec)
   end
 
-  @doc false
   def changeset(device, attrs) do
     device
     |> cast(attrs, [:last_ip, :ifname, :user_id, :name, :public_key])
diff --git a/apps/fg_http/lib/fg_http/rules.ex b/apps/fg_http/lib/fg_http/rules.ex
index fd426adae..0a1b57d23 100644
--- a/apps/fg_http/lib/fg_http/rules.ex
+++ b/apps/fg_http/lib/fg_http/rules.ex
@@ -8,15 +8,6 @@ defmodule FgHttp.Rules do
 
   alias FgHttp.Rules.Rule
 
-  @doc """
-  Returns the list of rules.
-
-  ## Examples
-
-      iex> list_rules()
-      [%Rule{}, ...]
-
-  """
   def list_rules(device_id) do
     Repo.all(from r in Rule, where: r.device_id == ^device_id)
   end
@@ -25,83 +16,24 @@ defmodule FgHttp.Rules do
     Repo.all(Rule)
   end
 
-  @doc """
-  Gets a single rule.
-
-  Raises `Ecto.NoResultsError` if the Rule does not exist.
-
-  ## Examples
-
-      iex> get_rule!(123)
-      %Rule{}
-
-      iex> get_rule!(456)
-      ** (Ecto.NoResultsError)
-
-  """
   def get_rule!(id), do: Repo.get!(Rule, id)
 
-  @doc """
-  Creates a rule.
-
-  ## Examples
-
-      iex> create_rule(%{field: value})
-      {:ok, %Rule{}}
-
-      iex> create_rule(%{field: bad_value})
-      {:error, %Ecto.Changeset{}}
-
-  """
   def create_rule(attrs \\ %{}) do
     %Rule{}
     |> Rule.changeset(attrs)
     |> Repo.insert()
   end
 
-  @doc """
-  Updates a rule.
-
-  ## Examples
-
-      iex> update_rule(rule, %{field: new_value})
-      {:ok, %Rule{}}
-
-      iex> update_rule(rule, %{field: bad_value})
-      {:error, %Ecto.Changeset{}}
-
-  """
   def update_rule(%Rule{} = rule, attrs) do
     rule
     |> Rule.changeset(attrs)
     |> Repo.update()
   end
 
-  @doc """
-  Deletes a rule.
-
-  ## Examples
-
-      iex> delete_rule(rule)
-      {:ok, %Rule{}}
-
-      iex> delete_rule(rule)
-      {:error, %Ecto.Changeset{}}
-
-  """
   def delete_rule(%Rule{} = rule) do
     Repo.delete(rule)
   end
 
-  @doc """
-  Returns an `%Ecto.Changeset{}` for tracking rule changes.
-
-  ## Examples
-
-      iex> change_rule(rule)
-      %Ecto.Changeset{source: %Rule{}}
-
-  """
   def change_rule(%Rule{} = rule) do
     Rule.changeset(rule, %{})
   end
diff --git a/apps/fg_http/lib/fg_http/rules/rule.ex b/apps/fg_http/lib/fg_http/rules/rule.ex
index 6be9a535e..13bb981c7 100644
--- a/apps/fg_http/lib/fg_http/rules/rule.ex
+++ b/apps/fg_http/lib/fg_http/rules/rule.ex
@@ -21,7 +21,6 @@ defmodule FgHttp.Rules.Rule do
     timestamps(type: :utc_datetime_usec)
   end
 
-  @doc false
   def changeset(rule, attrs) do
     rule
     |> cast(attrs, [:device_id, :priority, :action, :destination, :port, :protocol, :enabled])
diff --git a/apps/fg_http/lib/fg_http/sessions.ex b/apps/fg_http/lib/fg_http/sessions.ex
index 0f34da247..98f623bf8 100644
--- a/apps/fg_http/lib/fg_http/sessions.ex
+++ b/apps/fg_http/lib/fg_http/sessions.ex
@@ -24,6 +24,8 @@ defmodule FgHttp.Sessions do
   """
   def get_session!(email: email), do: Repo.get_by!(Session, email: email)
   def get_session!(id), do: Repo.get!(Session, id)
+  def get_session(email: email), do: Repo.get_by(Session, email: email)
+  def get_session(id), do: Repo.get(Session, id)
 
   @doc """
   Creates a session.
diff --git a/apps/fg_http/lib/fg_http/users.ex b/apps/fg_http/lib/fg_http/users.ex
index 08f0a2b85..49ddb0b1a 100644
--- a/apps/fg_http/lib/fg_http/users.ex
+++ b/apps/fg_http/lib/fg_http/users.ex
@@ -8,100 +8,32 @@ defmodule FgHttp.Users do
 
   alias FgHttp.Users.User
 
-  @doc """
-  Returns the list of users.
-
-  ## Examples
-
-      iex> list_users()
-      [%User{}, ...]
-
-  """
   def list_users do
     Repo.all(User)
   end
 
-  @doc """
-  Gets a single user.
-
-  Raises `Ecto.NoResultsError` if the User does not exist.
-
-  ## Examples
-
-      iex> get_user!(123)
-      %User{}
-
-      iex> get_user!(456)
-      ** (Ecto.NoResultsError)
-
-  """
   def get_user!(email: email) do
     Repo.get_by!(User, email: email)
   end
 
   def get_user!(id), do: Repo.get!(User, id)
 
-  @doc """
-  Creates a user.
-
-  ## Examples
-
-      iex> create_user(%{field: value})
-      {:ok, %User{}}
-
-      iex> create_user(%{field: bad_value})
-      {:error, %Ecto.Changeset{}}
-
-  """
   def create_user(attrs \\ %{}) do
     %User{}
     |> User.create_changeset(attrs)
     |> Repo.insert()
   end
 
-  @doc """
-  Updates a user.
-
-  ## Examples
-
-      iex> update_user(user, %{field: new_value})
-      {:ok, %User{}}
-
-      iex> update_user(user, %{field: bad_value})
-      {:error, %Ecto.Changeset{}}
-
-  """
   def update_user(%User{} = user, attrs) do
     user
     |> User.update_changeset(attrs)
     |> Repo.update()
   end
 
-  @doc """
-  Deletes a user.
-
-  ## Examples
-
-      iex> delete_user(user)
-      {:ok, %User{}}
-
-      iex> delete_user(user)
-      {:error, %Ecto.Changeset{}}
-
-  """
   def delete_user(%User{} = user) do
     Repo.delete(user)
   end
 
-  @doc """
-  Returns an `%Ecto.Changeset{}` for tracking user changes.
-
-  ## Examples
-
-      iex> change_user(user)
-      %Ecto.Changeset{source: %User{}}
-
-  """
   def change_user(%User{} = user) do
     User.changeset(user, %{})
   end
diff --git a/apps/fg_http/lib/fg_http/users/password_reset.ex b/apps/fg_http/lib/fg_http/users/password_reset.ex
index 4444648a3..11cc51c78 100644
--- a/apps/fg_http/lib/fg_http/users/password_reset.ex
+++ b/apps/fg_http/lib/fg_http/users/password_reset.ex
@@ -20,19 +20,16 @@ defmodule FgHttp.Users.PasswordReset do
     field :email, :string
   end
 
-  @doc false
   def changeset do
     %__MODULE__{}
     |> cast(%{}, [:password, :password_confirmation, :reset_token])
   end
 
-  @doc false
   def changeset(%__MODULE__{} = password_reset, attrs \\ %{}) do
     password_reset
     |> cast(attrs, [:password, :password_confirmation, :reset_token])
   end
 
-  @doc false
   def create_changeset(%__MODULE__{} = password_reset, attrs) do
     password_reset
     |> cast(attrs, [:email, :reset_sent_at, :reset_token])
@@ -44,7 +41,6 @@ defmodule FgHttp.Users.PasswordReset do
     |> validate_required([:reset_sent_at])
   end
 
-  @doc false
   def update_changeset(%__MODULE__{} = password_reset, attrs) do
     password_reset
     |> cast(attrs, [
diff --git a/apps/fg_http/lib/fg_http/users/session.ex b/apps/fg_http/lib/fg_http/users/session.ex
index c44ef2021..ff701f423 100644
--- a/apps/fg_http/lib/fg_http/users/session.ex
+++ b/apps/fg_http/lib/fg_http/users/session.ex
@@ -16,12 +16,16 @@ defmodule FgHttp.Users.Session do
 
   def create_changeset(session, attrs \\ %{}) do
     session
-    |> cast(attrs, [:email, :password])
-    |> validate_required([:email, :password])
+    |> cast(attrs, [:email, :password, :last_signed_in_at])
+    |> log_it()
     |> authenticate_user()
     |> set_last_signed_in_at()
   end
 
+  defp log_it(changeset) do
+    changeset
+  end
+
   defp set_last_signed_in_at(%Ecto.Changeset{valid?: true} = changeset) do
     last_signed_in_at = DateTime.utc_now()
     change(changeset, last_signed_in_at: last_signed_in_at)
@@ -32,22 +36,24 @@ defmodule FgHttp.Users.Session do
   defp authenticate_user(
          %Ecto.Changeset{
            valid?: true,
-           changes: %{email: email, password: password}
+           changes: %{
+             password: password
+           }
          } = changeset
        ) do
-    user = Users.get_user!(email: email)
+    session = changeset.data
+    user = Users.get_user!(email: session.email)
 
     case User.authenticate_user(user, password) do
       {:ok, _} ->
-        # Remove the user's password so it doesn't accidentally end up somewhere
         changeset
-        |> delete_change(:password)
-        |> change(%{id: user.id})
 
       {:error, error_msg} ->
-        raise("There was an issue with your password: #{error_msg}")
+        add_error(changeset, :password, "invalid: #{error_msg}")
     end
   end
 
-  defp authenticate_user(changeset), do: delete_change(changeset, :password)
+  defp authenticate_user(changeset) do
+    changeset
+  end
 end
diff --git a/apps/fg_http/lib/fg_http/users/user.ex b/apps/fg_http/lib/fg_http/users/user.ex
index b8b3dcf25..e79599eb3 100644
--- a/apps/fg_http/lib/fg_http/users/user.ex
+++ b/apps/fg_http/lib/fg_http/users/user.ex
@@ -7,7 +7,7 @@ defmodule FgHttp.Users.User do
   import Ecto.Changeset
   import FgHttp.Users.PasswordHelpers
 
-  alias FgHttp.Devices.Device
+  alias FgHttp.{Devices.Device, Util.FgMap}
 
   schema "users" do
     field :email, :string
@@ -25,11 +25,11 @@ defmodule FgHttp.Users.User do
     timestamps(type: :utc_datetime_usec)
   end
 
-  @doc false
   def create_changeset(user, attrs \\ %{}) do
     user
     |> cast(attrs, [:email, :password_hash, :password, :password_confirmation])
     |> validate_required([:email, :password, :password_confirmation])
+    |> validate_password_equality()
     |> unique_constraint(:email)
     |> put_password_hash()
     |> validate_required([:password_hash])
@@ -39,17 +39,26 @@ defmodule FgHttp.Users.User do
   def update_changeset(
         user,
         %{
-          user: %{
-            password: _password,
-            password_confirmation: _password_confirmation,
-            current_password: _current_password
-          }
+          "password" => nil,
+          "password_confirmation" => nil,
+          "current_password" => nil
+        } = attrs
+      ) do
+    update_changeset(user, FgMap.compact(attrs))
+  end
+
+  def update_changeset(
+        user,
+        %{
+          "password" => _password,
+          "password_confirmation" => _password_confirmation,
+          "current_password" => _current_password
         } = attrs
       ) do
     user
     |> cast(attrs, [:email, :password, :password_confirmation, :current_password])
-    |> verify_current_password(attrs[:current_password])
     |> validate_required([:password, :password_confirmation, :current_password])
+    |> verify_current_password(user)
     |> validate_password_equality()
     |> put_password_hash()
     |> validate_required([:password_hash])
@@ -59,10 +68,8 @@ defmodule FgHttp.Users.User do
   def update_changeset(
         user,
         %{
-          user: %{
-            password: _password,
-            password_confirmation: _password_confirmation
-          }
+          "password" => _password,
+          "password_confirmation" => _password_confirmation
         } = attrs
       ) do
     user
@@ -74,22 +81,30 @@ defmodule FgHttp.Users.User do
   end
 
   # Only email being updated
-  def update_changeset(user, %{user: %{email: _email}} = attrs) do
+  def update_changeset(user, %{"email" => _email} = attrs) do
     user
     |> cast(attrs, [:email])
     |> validate_required([:email])
   end
 
-  def changeset(%__MODULE__{} = _user, _attrs \\ %{}) do
-    change(%__MODULE__{})
+  def changeset(user, attrs) do
+    user
+    |> cast(attrs, [:email, :confirmed_at, :last_signed_in_at])
   end
 
   def authenticate_user(user, password_candidate) do
     Argon2.check_pass(user, password_candidate)
   end
 
-  defp verify_current_password(user, current_password) do
-    {:ok, user} = authenticate_user(user, current_password)
-    user
+  defp verify_current_password(changeset, user) do
+    case authenticate_user(user, changeset.changes.current_password) do
+      {:ok, _user} ->
+        changeset
+        |> delete_change(:current_password)
+
+      {:error, error_msg} ->
+        changeset
+        |> add_error(:current_password, "is invalid: #{error_msg}")
+    end
   end
 end
diff --git a/apps/fg_http/lib/fg_http/util/fg_map.ex b/apps/fg_http/lib/fg_http/util/fg_map.ex
new file mode 100644
index 000000000..1e39ebb64
--- /dev/null
+++ b/apps/fg_http/lib/fg_http/util/fg_map.ex
@@ -0,0 +1,12 @@
+defmodule FgHttp.Util.FgMap do
+  @moduledoc """
+  Utilities for working with Maps
+  """
+
+  @doc """
+  Removes key, value pairs from a Map if the value is nil
+  """
+  def compact(%{} = map) do
+    for {k, v} <- map, v != nil, into: %{}, do: {k, v}
+  end
+end
diff --git a/apps/fg_http/lib/fg_http_web/controllers/device_controller.ex b/apps/fg_http/lib/fg_http_web/controllers/device_controller.ex
index 0d26a9198..f6643d3cd 100644
--- a/apps/fg_http/lib/fg_http_web/controllers/device_controller.ex
+++ b/apps/fg_http/lib/fg_http_web/controllers/device_controller.ex
@@ -28,8 +28,8 @@ defmodule FgHttpWeb.DeviceController do
     all_params = Map.merge(device_params, our_params)
 
     case Devices.create_device(all_params) do
-      {:ok, device} ->
-        redirect(conn, to: Routes.device_path(conn, :show, device))
+      {:ok, _device} ->
+        redirect(conn, to: Routes.device_path(conn, :index))
 
       {:error, %Ecto.Changeset{} = changeset} ->
         render(conn, "new.html", changeset: changeset)
diff --git a/apps/fg_http/lib/fg_http_web/controllers/rule_controller.ex b/apps/fg_http/lib/fg_http_web/controllers/rule_controller.ex
index deb6df527..7f2d440fc 100644
--- a/apps/fg_http/lib/fg_http_web/controllers/rule_controller.ex
+++ b/apps/fg_http/lib/fg_http_web/controllers/rule_controller.ex
@@ -28,9 +28,9 @@ defmodule FgHttpWeb.RuleController do
       {:ok, rule} ->
         conn
         |> put_flash(:info, "Rule created successfully.")
-        |> redirect(to: Routes.rule_path(conn, :show, rule))
+        |> redirect(to: Routes.device_rule_path(conn, :index, rule.device_id))
 
-      {:error, %Ecto.Changeset{} = changeset} ->
+      {:error, changeset} ->
         device = Devices.get_device!(device_id)
         render(conn, "new.html", device: device, changeset: changeset)
     end
@@ -55,19 +55,20 @@ defmodule FgHttpWeb.RuleController do
       {:ok, rule} ->
         conn
         |> put_flash(:info, "Rule updated successfully.")
-        |> redirect(to: Routes.rule_path(conn, :show, rule))
+        |> redirect(to: Routes.device_rule_path(conn, :index, rule.device_id))
 
-      {:error, %Ecto.Changeset{} = changeset} ->
+      {:error, changeset} ->
         render(conn, "edit.html", rule: rule, changeset: changeset)
     end
   end
 
   def delete(conn, %{"id" => id}) do
     rule = Rules.get_rule!(id)
+    device_id = rule.device_id
     {:ok, _rule} = Rules.delete_rule(rule)
 
     conn
     |> put_flash(:info, "Rule deleted successfully.")
-    |> redirect(to: Routes.rule_path(conn, :index, rule.device))
+    |> redirect(to: Routes.device_rule_path(conn, :index, device_id))
   end
 end
diff --git a/apps/fg_http/lib/fg_http_web/controllers/session_controller.ex b/apps/fg_http/lib/fg_http_web/controllers/session_controller.ex
index 5b42e7e65..6ff135490 100644
--- a/apps/fg_http/lib/fg_http_web/controllers/session_controller.ex
+++ b/apps/fg_http/lib/fg_http_web/controllers/session_controller.ex
@@ -16,7 +16,7 @@ defmodule FgHttpWeb.SessionController do
 
   # POST /sessions
   def create(conn, %{"session" => %{"email" => email} = session_params}) do
-    case Sessions.get_session!(email: email) do
+    case Sessions.get_session(email: email) do
       %Session{} = session ->
         case Sessions.create_session(session, session_params) do
           {:ok, session} ->
diff --git a/apps/fg_http/lib/fg_http_web/controllers/user_controller.ex b/apps/fg_http/lib/fg_http_web/controllers/user_controller.ex
index 1892dea81..de12f65fc 100644
--- a/apps/fg_http/lib/fg_http_web/controllers/user_controller.ex
+++ b/apps/fg_http/lib/fg_http_web/controllers/user_controller.ex
@@ -4,9 +4,10 @@ defmodule FgHttpWeb.UserController do
   """
 
   use FgHttpWeb, :controller
-  alias FgHttp.{Users, Users.Session, Users.User}
+  alias FgHttp.{Sessions, Users, Users.User}
 
   plug FgHttpWeb.Plugs.SessionLoader when action in [:show, :edit, :update, :delete]
+  plug :scrub_params, "user" when action in [:update]
 
   # GET /users/new
   def new(conn, _params) do
@@ -18,9 +19,12 @@ defmodule FgHttpWeb.UserController do
   def create(conn, %{"user" => user_params}) do
     case Users.create_user(user_params) do
       {:ok, user} ->
+        # XXX: Cast the user to a session struct to prevent this db call
+        session = Sessions.get_session!(user.id)
+
         conn
         |> put_session(:user_id, user.id)
-        |> assign(:session, %Session{id: user.id, email: user.email})
+        |> assign(:session, session)
         |> put_flash(:info, "User created successfully.")
         |> redirect(to: Routes.device_path(conn, :index))
 
@@ -33,7 +37,8 @@ defmodule FgHttpWeb.UserController do
 
   # GET /user/edit
   def edit(conn, _params) do
-    user = conn.current_user
+    # XXX: Cast the session to a user struct to prevent this db call
+    user = Users.get_user!(conn.assigns.session.id)
     changeset = Users.change_user(user)
 
     render(conn, "edit.html", changeset: changeset)
@@ -41,18 +46,26 @@ defmodule FgHttpWeb.UserController do
 
   # GET /user
   def show(conn, _params) do
+    # XXX: Cast the session to a user struct to prevent this db call
+    user = Users.get_user!(conn.assigns.session.id)
+
     conn
-    |> render("show.html", user: conn.current_user)
+    |> render("show.html", user: user, session: conn.assigns.session)
   end
 
   # PATCH /user
-  def update(conn, params) do
-    case Users.update_user(conn.current_user, params) do
+  def update(conn, %{"user" => user_params}) do
+    user = Users.get_user!(conn.assigns.session.id)
+
+    case Users.update_user(user, user_params) do
       {:ok, user} ->
+        # XXX: Cast the user to a session struct to prevent this db call
+        session = Sessions.get_session!(user.id)
+
         conn
-        |> assign(:current_user, user)
+        |> assign(:session, session)
         |> put_flash(:info, "User updated successfully.")
-        |> redirect(to: Routes.user_path(conn, :show, conn.current_user))
+        |> redirect(to: Routes.user_path(conn, :show))
 
       {:error, changeset} ->
         conn
@@ -63,17 +76,20 @@ defmodule FgHttpWeb.UserController do
 
   # DELETE /user
   def delete(conn, _params) do
-    case Users.delete_user(conn.current_user) do
+    user = Users.get_user!(conn.assigns.session.id)
+
+    case Users.delete_user(user) do
       {:ok, _user} ->
         conn
-        |> assign(:current_user, nil)
+        |> clear_session()
+        |> assign(:session, nil)
         |> put_flash(:info, "User deleted successfully.")
         |> redirect(to: "/")
 
-      {:error, _changeset} ->
+      {:error, changeset} ->
         conn
         |> put_flash(:error, "Error deleting User.")
-        |> redirect(to: Routes.user_path(:show, conn.current_user))
+        |> render("edit.html", changeset: changeset)
     end
   end
 end
diff --git a/apps/fg_http/lib/fg_http_web/plugs/redirect_authenticated.ex b/apps/fg_http/lib/fg_http_web/plugs/redirect_authenticated.ex
index 433838ee7..ce5b7e41f 100644
--- a/apps/fg_http/lib/fg_http_web/plugs/redirect_authenticated.ex
+++ b/apps/fg_http/lib/fg_http_web/plugs/redirect_authenticated.ex
@@ -5,17 +5,17 @@ defmodule FgHttpWeb.Plugs.RedirectAuthenticated do
 
   import Plug.Conn
   import Phoenix.Controller, only: [redirect: 2]
+  alias FgHttpWeb.Router.Helpers, as: Routes
 
   def init(default), do: default
 
   def call(conn, _default) do
-    if get_session(conn, :email) do
+    if get_session(conn, :user_id) do
       conn
-      |> redirect(to: "/")
+      |> redirect(to: Routes.device_path(conn, :index))
       |> halt()
     else
       conn
-      |> assign(:session, nil)
     end
   end
 end
diff --git a/apps/fg_http/lib/fg_http_web/plugs/session_loader.ex b/apps/fg_http/lib/fg_http_web/plugs/session_loader.ex
index 0c1a66857..37a5121ab 100644
--- a/apps/fg_http/lib/fg_http_web/plugs/session_loader.ex
+++ b/apps/fg_http/lib/fg_http_web/plugs/session_loader.ex
@@ -10,16 +10,13 @@ defmodule FgHttpWeb.Plugs.SessionLoader do
 
   def init(default), do: default
 
-  # Don't load an already loaded session
-  def call(%Plug.Conn{assigns: %{session: %Session{}}} = conn, _default), do: conn
-
   def call(conn, _default) do
     case get_session(conn, :user_id) do
       nil ->
         unauthed(conn)
 
       user_id ->
-        case Sessions.get_session!(user_id) do
+        case Sessions.get_session(user_id) do
           %Session{} = session ->
             conn
             |> assign(:session, session)
@@ -32,6 +29,7 @@ defmodule FgHttpWeb.Plugs.SessionLoader do
 
   defp unauthed(conn) do
     conn
+    |> clear_session()
     |> put_flash(:error, "Please sign in to access that page.")
     |> redirect(to: Routes.session_path(conn, :new))
     |> halt()
diff --git a/apps/fg_http/lib/fg_http_web/router.ex b/apps/fg_http/lib/fg_http_web/router.ex
index ff9841bb3..7169ea690 100644
--- a/apps/fg_http/lib/fg_http_web/router.ex
+++ b/apps/fg_http/lib/fg_http_web/router.ex
@@ -37,7 +37,8 @@ defmodule FgHttpWeb.Router do
 
     resources "/rules", RuleController, only: [:show, :update, :delete, :edit]
 
-    resources "/sessions", SessionController, only: [:new, :create, :delete]
+    resources "/session", SessionController, singleton: true, only: [:delete]
+    resources "/sessions", SessionController, only: [:new, :create]
 
     get "/", SessionController, :new
   end
diff --git a/apps/fg_http/lib/fg_http_web/templates/layout/app.html.eex b/apps/fg_http/lib/fg_http_web/templates/layout/app.html.eex
index a2aa2d9cf..9a0bf8344 100644
--- a/apps/fg_http/lib/fg_http_web/templates/layout/app.html.eex
+++ b/apps/fg_http/lib/fg_http_web/templates/layout/app.html.eex
@@ -16,8 +16,9 @@
         </nav>
         <nav class="f6 fw6 ttu tracked fr">
           <%= if assigns[:session] do %>
+            <%= link("Your Account", to: Routes.user_path(@conn, :show), class: "link dim white dib mr3") %>
             <%= link("Devices", to: Routes.device_path(@conn, :index), class: "link dim white dib mr3") %>
-            <%= link("Sign out", to: Routes.session_path(@conn, :delete, @session), method: :delete, class: "link dim white dib mr3") %>
+            <%= link("Sign out", to: Routes.session_path(@conn, :delete), method: :delete, class: "link dim white dib mr3") %>
           <% else %>
             <%= link("Sign in", to: Routes.session_path(@conn, :new), class: "link dim white dib mr3") %>
           <% end %>
diff --git a/apps/fg_http/lib/fg_http_web/templates/session/new.html.eex b/apps/fg_http/lib/fg_http_web/templates/session/new.html.eex
index 0dc5d9030..160786e63 100644
--- a/apps/fg_http/lib/fg_http_web/templates/session/new.html.eex
+++ b/apps/fg_http/lib/fg_http_web/templates/session/new.html.eex
@@ -9,10 +9,12 @@
       <div class="mt3">
         <%= label(:session_user, :email, class: "db fw6 lh-copy f6") %>
         <%= text_input(f, :email, class: "pa2 input-reset ba bg-transparent hover-bg-black hover-white w-100") %>
+        <%= error_tag f, :email %>
       </div>
       <div class="mv3">
         <%= label(:session_user, :password, class: "db fw6 lh-copy f6") %>
         <%= password_input(f, :password, class: "pa2 input-reset ba bg-transparent hover-bg-black hover-white w-100") %>
+        <%= error_tag f, :password %>
       </div>
       <label class="pa0 ma0 lh-copy f6 pointer"><input type="checkbox"> Remember me</label>
     </fieldset>
diff --git a/apps/fg_http/lib/fg_http_web/templates/user/edit.html.eex b/apps/fg_http/lib/fg_http_web/templates/user/edit.html.eex
index aa341db86..eb2dd7f2c 100644
--- a/apps/fg_http/lib/fg_http_web/templates/user/edit.html.eex
+++ b/apps/fg_http/lib/fg_http_web/templates/user/edit.html.eex
@@ -1 +1,34 @@
-<h3>Account</h3>
+<%= form_for @changeset, Routes.user_path(@conn, :update), fn f -> %>
+  <%= if @changeset.action do %>
+    <div>
+      <p>Oops, something went wrong! Please check the errors below.</p>
+    </div>
+  <% end %>
+
+  <fieldset id="edit_account" class="ba b--transparent ph0 mh0">
+    <legend class="f4 fw6 ph0 mh0">Edit Account</legend>
+    <div class="mt3">
+      <%= label(f, :email, class: "db fw6 lh-copy f6") %>
+      <%= text_input(f, :email, class: "pa2 input-reset ba bg-transparent hover-bg-black hover-white w-100") %>
+      <%= error_tag f, :email %>
+    </div>
+    <div class="mv3">
+      <%= label(f, :password, class: "db fw6 lh-copy f6") %>
+      <%= password_input(f, :password, class: "pa2 input-reset ba bg-transparent hover-bg-black hover-white w-100") %>
+      <%= error_tag f, :password %>
+    </div>
+    <div class="mv3">
+      <%= label(f, :password_confirmation, class: "db fw6 lh-copy f6") %>
+      <%= password_input(f, :password_confirmation, class: "pa2 input-reset ba bg-transparent hover-bg-black hover-white w-100") %>
+      <%= error_tag f, :password_confirmation %>
+    </div>
+    <div class="mv3">
+      <%= label(f, :current_password, class: "db fw6 lh-copy f6") %>
+      <%= password_input(f, :current_password, class: "pa2 input-reset ba bg-transparent hover-bg-black hover-white w-100") %>
+      <%= error_tag f, :current_password %>
+    </div>
+  </fieldset>
+  <div>
+    <%= submit "Save", class: "b ph3 pv2 input-reset ba b--black bg-transparent grow pointer f6 dib" %>
+  </div>
+<% end %>
diff --git a/apps/fg_http/lib/fg_http_web/templates/user/new.html.eex b/apps/fg_http/lib/fg_http_web/templates/user/new.html.eex
index 26b21e4f4..866217ad0 100644
--- a/apps/fg_http/lib/fg_http_web/templates/user/new.html.eex
+++ b/apps/fg_http/lib/fg_http_web/templates/user/new.html.eex
@@ -1,8 +1,10 @@
 <h3>Sign Up</h3>
 
-<%= form_for @changeset, Routes.user_path(@conn, :create), fn f -> %>
-  <%= if f.errors do %>
-
+<%= form_for @changeset, Routes.user_path(@conn, :new), fn f -> %>
+  <%= if @changeset.action do %>
+    <div>
+      <p>Oops, something went wrong! Please check the errors below.</p>
+    </div>
   <% end %>
 
   <label>
diff --git a/apps/fg_http/lib/fg_http_web/templates/user/show.html.eex b/apps/fg_http/lib/fg_http_web/templates/user/show.html.eex
index e69de29bb..254707c97 100644
--- a/apps/fg_http/lib/fg_http_web/templates/user/show.html.eex
+++ b/apps/fg_http/lib/fg_http_web/templates/user/show.html.eex
@@ -0,0 +1,15 @@
+<h3>Your Account</h3>
+
+<dl>
+  <dt>Email</dt>
+  <dd><%= @user.email %></dd>
+
+  <dt>Last signed in at</dt>
+  <dd><%= @session.last_signed_in_at %></dd>
+</dl>
+
+<%= link("Edit", to: Routes.user_path(@conn, :edit)) %>
+
+|
+
+<%= link("Delete your account", to: Routes.user_path(@conn, :delete)) %>
diff --git a/apps/fg_http/mix.exs b/apps/fg_http/mix.exs
index e59c47477..5752d766e 100644
--- a/apps/fg_http/mix.exs
+++ b/apps/fg_http/mix.exs
@@ -45,6 +45,7 @@ defmodule FgHttp.MixProject do
   defp deps do
     [
       {:phoenix, "~> 1.5.1"},
+      {:excoveralls, "~> 0.13", only: :test},
       {:argon2_elixir, "~> 2.0"},
       {:phoenix_pubsub, "~> 2.0"},
       {:phoenix_ecto, "~> 4.0"},
diff --git a/apps/fg_http/test/fg_http/util/fg_map_test.exs b/apps/fg_http/test/fg_http/util/fg_map_test.exs
new file mode 100644
index 000000000..d3e379707
--- /dev/null
+++ b/apps/fg_http/test/fg_http/util/fg_map_test.exs
@@ -0,0 +1,13 @@
+defmodule FgHttp.Util.FgMapTest do
+  use ExUnit.Case, async: true
+
+  alias FgHttp.Util.FgMap
+
+  describe "compact" do
+    test "it compacts the map" do
+      data = %{foo: nil, bar: "hello"}
+
+      assert FgMap.compact(data) == %{bar: "hello"}
+    end
+  end
+end
diff --git a/apps/fg_http/test/fg_http_web/controllers/device_controller_test.exs b/apps/fg_http/test/fg_http_web/controllers/device_controller_test.exs
index 6fa1d658f..0bc88925d 100644
--- a/apps/fg_http/test/fg_http_web/controllers/device_controller_test.exs
+++ b/apps/fg_http/test/fg_http_web/controllers/device_controller_test.exs
@@ -9,22 +9,22 @@ defmodule FgHttpWeb.DeviceControllerTest do
 
   describe "index" do
     test "lists all devices", %{authed_conn: conn} do
-      conn = get(conn, Routes.device_path(conn, :index))
-      assert html_response(conn, 200) =~ "Listing Devices"
+      test_conn = get(conn, Routes.device_path(conn, :index))
+      assert html_response(test_conn, 200) =~ "Listing Devices"
     end
   end
 
   describe "new device" do
     test "renders form", %{authed_conn: conn} do
-      conn = get(conn, Routes.device_path(conn, :new))
-      assert html_response(conn, 200) =~ "New Device"
+      test_conn = get(conn, Routes.device_path(conn, :new))
+      assert html_response(test_conn, 200) =~ "New Device"
     end
   end
 
   describe "create device" do
     test "redirects when data is valid", %{authed_conn: conn} do
-      conn = post(conn, Routes.device_path(conn, :create), device: @create_attrs)
-      assert html_response(conn, 302) =~ "redirected"
+      test_conn = post(conn, Routes.device_path(conn, :create), device: @create_attrs)
+      assert redirected_to(test_conn) == Routes.device_path(test_conn, :index)
     end
 
     test "renders errors when data is invalid", %{authed_conn: conn} do
diff --git a/apps/fg_http/test/fg_http_web/controllers/rule_controller_test.exs b/apps/fg_http/test/fg_http_web/controllers/rule_controller_test.exs
index 1c082df85..5b5b1f684 100644
--- a/apps/fg_http/test/fg_http_web/controllers/rule_controller_test.exs
+++ b/apps/fg_http/test/fg_http_web/controllers/rule_controller_test.exs
@@ -1,21 +1,116 @@
 defmodule FgHttpWeb.RuleControllerTest do
   use FgHttpWeb.ConnCase, async: true
 
+  alias FgHttp.Fixtures
+
+  @valid_create_attrs %{
+    destination: "1.1.1.1",
+    port: "53",
+    protocol: "udp",
+    action: "accept"
+  }
+  @invalid_create_attrs %{
+    destination: "problem"
+  }
+  @valid_update_attrs @valid_create_attrs
+  @invalid_update_attrs @invalid_create_attrs
+
   describe "index" do
+    setup [:create_device]
+
+    test "list all rules", %{authed_conn: conn, device: device} do
+      test_conn = get(conn, Routes.device_rule_path(conn, :index, device))
+
+      assert html_response(test_conn, 200) =~ "Listing Rules"
+    end
   end
 
-  describe "new rule" do
+  describe "new" do
+    setup [:create_device]
+
+    test "renders form", %{authed_conn: conn, device: device} do
+      test_conn = get(conn, Routes.device_rule_path(conn, :new, device))
+
+      assert html_response(test_conn, 200) =~ "New Rule"
+    end
   end
 
-  describe "create rule" do
+  describe "create" do
+    setup [:create_device]
+
+    test "redirects when data is valid", %{authed_conn: conn, device: device} do
+      test_conn =
+        post(conn, Routes.device_rule_path(conn, :create, device), rule: @valid_create_attrs)
+
+      assert redirected_to(test_conn) == Routes.device_rule_path(test_conn, :index, device)
+    end
+
+    test "renders edit when data is invalid", %{authed_conn: conn, device: device} do
+      test_conn =
+        post(conn, Routes.device_rule_path(conn, :create, device), rule: @invalid_create_attrs)
+
+      assert html_response(test_conn, 200) =~ "New Rule"
+    end
   end
 
-  describe "edit rule" do
+  describe "edit" do
+    setup [:create_rule]
+
+    test "renders form", %{authed_conn: conn, rule: rule} do
+      test_conn = get(conn, Routes.rule_path(conn, :edit, rule))
+
+      assert html_response(test_conn, 200) =~ "Edit Rule"
+    end
   end
 
-  describe "update rule" do
+  describe "show" do
+    setup [:create_rule]
+
+    test "renders the rule", %{authed_conn: conn, rule: rule} do
+      test_conn = get(conn, Routes.rule_path(conn, :show, rule))
+
+      assert html_response(test_conn, 200) =~ "Show Rule"
+    end
   end
 
-  describe "delete rule" do
+  describe "update" do
+    setup [:create_rule]
+
+    test "redirects to index with valid attrs", %{authed_conn: conn, rule: rule} do
+      test_conn = put(conn, Routes.rule_path(conn, :update, rule), rule: @valid_update_attrs)
+
+      assert redirected_to(test_conn) ==
+               Routes.device_rule_path(test_conn, :index, rule.device_id)
+    end
+
+    test "renders edit form with invalid attrs", %{authed_conn: conn, rule: rule} do
+      test_conn = put(conn, Routes.rule_path(conn, :update, rule), rule: @invalid_update_attrs)
+
+      assert html_response(test_conn, 200) =~ "Edit Rule"
+    end
+  end
+
+  describe "delete" do
+    setup [:create_rule]
+
+    test "deletes chosen rule", %{authed_conn: conn, rule: rule} do
+      test_conn = delete(conn, Routes.rule_path(conn, :delete, rule))
+
+      assert redirected_to(test_conn) == Routes.device_rule_path(conn, :index, rule.device_id)
+
+      assert_error_sent 404, fn ->
+        get(conn, Routes.rule_path(conn, :show, rule))
+      end
+    end
+  end
+
+  defp create_device(_) do
+    device = Fixtures.device()
+    {:ok, device: device}
+  end
+
+  defp create_rule(_) do
+    rule = Fixtures.rule()
+    {:ok, rule: rule}
   end
 end
diff --git a/apps/fg_http/test/fg_http_web/controllers/session_controller_test.exs b/apps/fg_http/test/fg_http_web/controllers/session_controller_test.exs
new file mode 100644
index 000000000..d3fcfa6bc
--- /dev/null
+++ b/apps/fg_http/test/fg_http_web/controllers/session_controller_test.exs
@@ -0,0 +1,88 @@
+defmodule FgHttpWeb.SessionControllerTest do
+  use FgHttpWeb.ConnCase, async: true
+
+  alias FgHttp.{Fixtures, Repo, Users.User}
+
+  @valid_attrs %{email: "test", password: "test"}
+  @invalid_attrs %{email: "test", password: "wrong"}
+
+  describe "new when a user is already signed in" do
+    test "redirects to authenticated root", %{authed_conn: conn} do
+      test_conn = get(conn, Routes.session_path(conn, :new))
+
+      assert redirected_to(test_conn) == Routes.device_path(test_conn, :index)
+    end
+  end
+
+  describe "new when a user is not signed in" do
+    test "renders sign in form", %{unauthed_conn: conn} do
+      test_conn = get(conn, Routes.session_path(conn, :new))
+
+      assert html_response(test_conn, 200) =~ "Sign In"
+    end
+  end
+
+  describe "create when user exists" do
+    setup [:create_user]
+
+    test "creates session when credentials are valid", %{unauthed_conn: conn, user: user} do
+      test_conn = post(conn, Routes.session_path(conn, :create), session: @valid_attrs)
+
+      assert redirected_to(test_conn) == Routes.device_path(test_conn, :index)
+      assert get_flash(test_conn, :info) == "Session created successfully"
+      assert get_session(test_conn, :user_id) == user.id
+    end
+
+    test "displays error if credentials are invalid", %{unauthed_conn: conn} do
+      test_conn = post(conn, Routes.session_path(conn, :create), session: @invalid_attrs)
+
+      assert html_response(test_conn, 200) =~ "Sign In"
+      assert get_flash(test_conn, :error) == "Error creating session."
+    end
+  end
+
+  describe "create when user doesn't exist" do
+    setup [:clear_users]
+
+    test "renders sign in form", %{unauthed_conn: conn} do
+      test_conn = post(conn, Routes.session_path(conn, :create), session: @valid_attrs)
+
+      assert html_response(test_conn, 200) =~ "Sign In"
+      assert get_flash(test_conn, :error) == "Email not found."
+    end
+  end
+
+  describe "delete when user exists" do
+    setup [:create_user]
+
+    test "removes session", %{authed_conn: conn} do
+      test_conn = delete(conn, Routes.session_path(conn, :delete))
+
+      assert redirected_to(test_conn) == "/"
+      assert get_flash(test_conn, :info) == "Signed out successfully."
+      assert is_nil(get_session(test_conn, :user_id))
+    end
+  end
+
+  describe "delete when user doesn't exist" do
+    setup [:clear_users]
+
+    test "renders flash error", %{authed_conn: conn} do
+      test_conn = delete(conn, Routes.session_path(conn, :delete))
+
+      assert redirected_to(test_conn) == Routes.session_path(test_conn, :new)
+      assert get_flash(test_conn, :error) == "Please sign in to access that page."
+      assert is_nil(get_session(test_conn, :user_id))
+    end
+  end
+
+  defp create_user(_) do
+    user = Fixtures.user()
+    {:ok, user: user}
+  end
+
+  defp clear_users(_) do
+    {count, _result} = Repo.delete_all(User)
+    {:ok, count: count}
+  end
+end
diff --git a/apps/fg_http/test/fg_http_web/controllers/user_controller_test.exs b/apps/fg_http/test/fg_http_web/controllers/user_controller_test.exs
new file mode 100644
index 000000000..b660e5a4f
--- /dev/null
+++ b/apps/fg_http/test/fg_http_web/controllers/user_controller_test.exs
@@ -0,0 +1,112 @@
+defmodule FgHttpWeb.UserControllerTest do
+  use FgHttpWeb.ConnCase, async: true
+
+  alias FgHttp.Users.Session
+
+  @valid_create_attrs %{
+    email: "fixure",
+    password: "password",
+    password_confirmation: "password"
+  }
+  @invalid_create_attrs %{
+    email: "fixture",
+    password: "password",
+    password_confirmation: "wrong_password"
+  }
+  @valid_update_attrs %{
+    email: "new-email",
+    password: "new_password",
+    password_confirmation: "new_password"
+  }
+  @valid_update_password_attrs %{
+    email: "fixture",
+    password: "new_password",
+    password_confirmation: "new_password",
+    current_password: "test"
+  }
+  @invalid_update_password_attrs %{
+    email: "fixture",
+    password: "new_password",
+    password_confirmation: "new_password",
+    current_password: "wrong current password"
+  }
+  @invalid_update_attrs %{
+    email: "new-email",
+    password: "new_password",
+    password_confirmation: "wrong_password"
+  }
+
+  describe "new" do
+    test "renders sign up form", %{unauthed_conn: conn} do
+      test_conn = get(conn, Routes.user_path(conn, :new))
+
+      assert html_response(test_conn, 200) =~ "Sign Up"
+    end
+  end
+
+  describe "create" do
+    test "creates user when params are valid", %{unauthed_conn: conn} do
+      test_conn = post(conn, Routes.user_path(conn, :create), user: @valid_create_attrs)
+
+      assert redirected_to(test_conn) == "/devices"
+      assert %Session{} = test_conn.assigns.session
+    end
+
+    test "renders errors when params are invalid", %{unauthed_conn: conn} do
+      test_conn = post(conn, Routes.user_path(conn, :create), user: @invalid_create_attrs)
+
+      assert html_response(test_conn, 200) =~ "Sign Up"
+    end
+  end
+
+  describe "edit" do
+    test "renders edit user form", %{authed_conn: conn} do
+      test_conn = get(conn, Routes.user_path(conn, :edit))
+
+      assert html_response(test_conn, 200) =~ "Edit Account"
+    end
+  end
+
+  describe "show" do
+    test "renders user details", %{authed_conn: conn} do
+      test_conn = get(conn, Routes.user_path(conn, :show))
+
+      assert html_response(test_conn, 200) =~ "Your Account"
+    end
+  end
+
+  describe "update password" do
+    test "updates password when params are valid", %{authed_conn: conn} do
+      test_conn = put(conn, Routes.user_path(conn, :update), user: @valid_update_password_attrs)
+
+      assert redirected_to(test_conn) == Routes.user_path(test_conn, :show)
+    end
+
+    test "renders errors when params are invalid", %{authed_conn: conn} do
+      test_conn = put(conn, Routes.user_path(conn, :update), user: @invalid_update_password_attrs)
+
+      assert html_response(test_conn, 200) =~ "is invalid: invalid password"
+    end
+  end
+
+  describe "update" do
+    test "updates user when params are valid", %{authed_conn: conn} do
+      test_conn = put(conn, Routes.user_path(conn, :update), user: @valid_update_attrs)
+
+      assert redirected_to(test_conn) == Routes.user_path(test_conn, :show)
+    end
+
+    test "renders errors when params are invalid", %{authed_conn: conn} do
+      test_conn = put(conn, Routes.user_path(conn, :update), user: @invalid_update_attrs)
+
+      assert html_response(test_conn, 200) =~ "does not match password confirmation"
+    end
+  end
+
+  describe "delete" do
+    test "deletes user", %{authed_conn: conn} do
+      test_conn = delete(conn, Routes.user_path(conn, :delete))
+      assert redirected_to(test_conn) == "/"
+    end
+  end
+end
diff --git a/apps/fg_http/test/support/conn_case.ex b/apps/fg_http/test/support/conn_case.ex
index fbe5f094d..f8bbc84c2 100644
--- a/apps/fg_http/test/support/conn_case.ex
+++ b/apps/fg_http/test/support/conn_case.ex
@@ -41,7 +41,7 @@ defmodule FgHttpWeb.ConnCase do
     session = Fixtures.session()
 
     new_conn()
-    |> Plug.Conn.assign(:session, session)
+    |> Plug.Test.init_test_session(%{user_id: session.id})
   end
 
   setup tags do
diff --git a/apps/fg_http/test/support/fixtures.ex b/apps/fg_http/test/support/fixtures.ex
index 9bca64f70..9b564f35b 100644
--- a/apps/fg_http/test/support/fixtures.ex
+++ b/apps/fg_http/test/support/fixtures.ex
@@ -2,7 +2,7 @@ defmodule FgHttp.Fixtures do
   @moduledoc """
   Convenience helpers for inserting records
   """
-  alias FgHttp.{Devices, PasswordResets, Repo, Sessions, Users, Users.User}
+  alias FgHttp.{Devices, PasswordResets, Repo, Rules, Sessions, Users, Users.User}
 
   def user(attrs \\ %{}) do
     case Repo.get_by(User, email: "test") do
@@ -29,6 +29,16 @@ defmodule FgHttp.Fixtures do
     device
   end
 
+  def rule(attrs \\ %{}) do
+    attrs =
+      attrs
+      |> Enum.into(%{device_id: device().id})
+      |> Enum.into(%{destination: "0.0.0.0/0"})
+
+    {:ok, rule} = Rules.create_rule(attrs)
+    rule
+  end
+
   def session(_attrs \\ %{}) do
     email = user().email
     record = Sessions.get_session!(email: email)
diff --git a/apps/fg_vpn/mix.exs b/apps/fg_vpn/mix.exs
index e7f9f9963..0ed3b762c 100644
--- a/apps/fg_vpn/mix.exs
+++ b/apps/fg_vpn/mix.exs
@@ -33,7 +33,8 @@ defmodule FgVpn.MixProject do
   # Run "mix help deps" to learn about dependencies.
   defp deps do
     [
-      {:credo, "~> 1.4", only: [:dev, :test], runtime: false}
+      {:credo, "~> 1.4", only: [:dev, :test], runtime: false},
+      {:excoveralls, "~> 0.13", only: :test}
       # {:dep_from_hexpm, "~> 0.3.0"},
       # {:dep_from_git, git: "https://github.com/elixir-lang/my_dep.git", tag: "0.1.0"},
       # {:sibling_app_in_umbrella, in_umbrella: true}
diff --git a/apps/fg_wall/mix.exs b/apps/fg_wall/mix.exs
index 2faab890f..e55def960 100644
--- a/apps/fg_wall/mix.exs
+++ b/apps/fg_wall/mix.exs
@@ -33,7 +33,8 @@ defmodule FgWall.MixProject do
   # Run "mix help deps" to learn about dependencies.
   defp deps do
     [
-      {:credo, "~> 1.4", only: [:dev, :test], runtime: false}
+      {:credo, "~> 1.4", only: [:dev, :test], runtime: false},
+      {:excoveralls, "~> 0.13", only: :test}
       # {:dep_from_hexpm, "~> 0.3.0"},
       # {:dep_from_git, git: "https://github.com/elixir-lang/my_dep.git", tag: "0.1.0"},
       # {:sibling_app_in_umbrella, in_umbrella: true}
diff --git a/mix.lock b/mix.lock
index f8cf066b6..a8a3875b9 100644
--- a/mix.lock
+++ b/mix.lock
@@ -32,10 +32,10 @@
   "phoenix_live_reload": {:hex, :phoenix_live_reload, "1.2.2", "38d94c30df5e2ef11000697a4fbe2b38d0fbf79239d492ff1be87bbc33bc3a84", [:mix], [{:file_system, "~> 0.2.1 or ~> 0.3", [hex: :file_system, repo: "hexpm", optional: false]}, {:phoenix, "~> 1.4", [hex: :phoenix, repo: "hexpm", optional: false]}], "hexpm", "a3dec3d28ddb5476c96a7c8a38ea8437923408bc88da43e5c45d97037b396280"},
   "phoenix_live_view": {:hex, :phoenix_live_view, "0.12.1", "42f591c781edbf9fab921319076b7ac635d43aa23e6748d2644563326236d7e4", [:mix], [{:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:phoenix, "~> 1.4.16 or ~> 1.5.0", [hex: :phoenix, repo: "hexpm", optional: false]}, {:phoenix_html, "~> 2.14", [hex: :phoenix_html, repo: "hexpm", optional: false]}], "hexpm", "585321e98df1cd5943e370b9784e950a37ca073744eb534660c9048967c52ab6"},
   "phoenix_pubsub": {:hex, :phoenix_pubsub, "2.0.0", "a1ae76717bb168cdeb10ec9d92d1480fec99e3080f011402c0a2d68d47395ffb", [:mix], [], "hexpm", "c52d948c4f261577b9c6fa804be91884b381a7f8f18450c5045975435350f771"},
-  "plug": {:hex, :plug, "1.10.1", "c56a6d9da7042d581159bcbaef873ba9d87f15dce85420b0d287bca19f40f9bd", [:mix], [{:mime, "~> 1.0", [hex: :mime, repo: "hexpm", optional: false]}, {:plug_crypto, "~> 1.1.1 or ~> 1.2", [hex: :plug_crypto, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: true]}], "hexpm", "b5cd52259817eb8a31f2454912ba1cff4990bca7811918878091cb2ab9e52cb8"},
+  "plug": {:hex, :plug, "1.10.2", "0079345cfdf9e17da3858b83eb46bc54beb91554c587b96438f55c1477af5a86", [:mix], [{:mime, "~> 1.0", [hex: :mime, repo: "hexpm", optional: false]}, {:plug_crypto, "~> 1.1.1 or ~> 1.2", [hex: :plug_crypto, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "7898d0eb4767efb3b925fd7f9d1870d15e66e9c33b89c58d8d2ad89aa75ab3c1"},
   "plug_cowboy": {:hex, :plug_cowboy, "2.2.2", "7a09aa5d10e79b92d332a288f21cc49406b1b994cbda0fde76160e7f4cc890ea", [:mix], [{:cowboy, "~> 2.7", [hex: :cowboy, repo: "hexpm", optional: false]}, {:plug, "~> 1.7", [hex: :plug, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "e82364b29311dbad3753d588febd7e5ef05062cd6697d8c231e0e007adab3727"},
   "plug_crypto": {:hex, :plug_crypto, "1.1.2", "bdd187572cc26dbd95b87136290425f2b580a116d3fb1f564216918c9730d227", [:mix], [], "hexpm", "6b8b608f895b6ffcfad49c37c7883e8df98ae19c6a28113b02aa1e9c5b22d6b5"},
-  "postgrex": {:hex, :postgrex, "0.15.4", "5d691c25fc79070705a2ff0e35ce0822b86a0ee3c6fdb7a4fb354623955e1aed", [:mix], [{:connection, "~> 1.0", [hex: :connection, repo: "hexpm", optional: false]}, {:db_connection, "~> 2.1", [hex: :db_connection, repo: "hexpm", optional: false]}, {:decimal, "~> 1.5", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}], "hexpm", "306515b9d975fcb2478dc337a1d27dc3bf8af7cd71017c333fe9db3a3d211b0a"},
+  "postgrex": {:hex, :postgrex, "0.15.5", "aec40306a622d459b01bff890fa42f1430dac61593b122754144ad9033a2152f", [:mix], [{:connection, "~> 1.0", [hex: :connection, repo: "hexpm", optional: false]}, {:db_connection, "~> 2.1", [hex: :db_connection, repo: "hexpm", optional: false]}, {:decimal, "~> 1.5", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}], "hexpm", "ed90c81e1525f65a2ba2279dbcebf030d6d13328daa2f8088b9661eb9143af7f"},
   "ranch": {:hex, :ranch, "1.7.1", "6b1fab51b49196860b733a49c07604465a47bdb78aa10c1c16a3d199f7f8c881", [:rebar3], [], "hexpm", "451d8527787df716d99dc36162fca05934915db0b6141bbdac2ea8d3c7afc7d7"},
   "ssl_verify_fun": {:hex, :ssl_verify_fun, "1.1.6", "cf344f5692c82d2cd7554f5ec8fd961548d4fd09e7d22f5b62482e5aeaebd4b0", [:make, :mix, :rebar3], [], "hexpm", "bdb0d2471f453c88ff3908e7686f86f9be327d065cc1ec16fa4540197ea04680"},
   "telemetry": {:hex, :telemetry, "0.4.1", "ae2718484892448a24470e6aa341bc847c3277bfb8d4e9289f7474d752c09c7f", [:rebar3], [], "hexpm", "4738382e36a0a9a2b6e25d67c960e40e1a2c95560b9f936d8e29de8cd858480f"},