diff --git a/api/v1/admin/getUnverifiedUsers.js b/api/v1/admin/getUnverifiedUsers.js
index 3171b91..de37355 100644
--- a/api/v1/admin/getUnverifiedUsers.js
+++ b/api/v1/admin/getUnverifiedUsers.js
@@ -19,7 +19,7 @@ router.post('/', async (req, res) => {
             return res.status(400).send({error: "token expired"});
         }
 
-        if (!user.admin) {
+        if (!user.user.admin) {
             return res.status(400).send({error: "unauthorized"});
         }
     } catch {