diff --git a/controllers/userAuth.controller.js b/controllers/userAuth.controller.js
index 37eebcb..160400b 100644
--- a/controllers/userAuth.controller.js
+++ b/controllers/userAuth.controller.js
@@ -21,6 +21,7 @@ const {
   ACCESS_DENIED_ERR,
   EMAIL_NOT_FOUND_ERR,
   OTP_EXPIRED_ERR,
+  USER_NOT_VERIFIED,
 } = require("../errors");
 
 const { createJwtToken } = require("../utils/token.util");
@@ -31,6 +32,7 @@ exports.verifyOtp = async (req, res, next) => {
     const currentDateTime = new Date();
 
     const user = await User.findOne({ email });
+    const userCredentials = await UserCredentials.findOne({ email });
     if (!user) {
       next({ status: 400, message: USER_NOT_FOUND_ERR });
       console.log("user not found");
@@ -47,10 +49,13 @@ exports.verifyOtp = async (req, res, next) => {
     }
     if (otp.expiresAt < currentDateTime) {
       next({ status: 400, message: OTP_EXPIRED_ERR });
+      await user.deleteOne();
+      await userCredentials.deleteOne();
       return;
     }
 
     const token = createJwtToken({ userId: user._id });
+    await userCredentials.updateOne({ is_verified: true });
 
     res.status(201).json({
       type: "success",
@@ -160,6 +165,10 @@ exports.login = async (req, res, next) => {
       return;
     }
 
+    if(!user.is_verified){
+      next({ status: 401, message: USER_NOT_VERIFIED });
+    }
+
     const passwordMatch = password === user.password ? 1 : 0;
 
     if (passwordMatch) {
diff --git a/errors.js b/errors.js
index bfef295..88ce8ff 100644
--- a/errors.js
+++ b/errors.js
@@ -10,6 +10,8 @@ exports.JWT_DECODE_ERR = "incorrect token";
 
 exports.USER_NOT_FOUND_ERR = "User not found";
 
+exports.USER_NOT_VERIFIED = 'Please complete email verification'
+
 exports.ACCESS_DENIED_ERR = "Access deny for normal user";
 
 exports.Email_NOT_FOUND_ERR = "email not found";
@@ -23,6 +25,6 @@ exports.INCORRECT_CRED_ERR =
 exports.EMAIL_NOT_FOUND_ERR = "Email not found";
 
 exports.ADMIN_NOT_FOUND = "Admin not found";
-exports.OTP_EXPIRED_ERR = "OTP has expired";
+exports.OTP_EXPIRED_ERR = "OTP has expired. Re-Register to continue";
 
 exports.VENDOR_NOT_PERMITTED = "Vendor is not verified or has been debarred"
\ No newline at end of file
diff --git a/models/user.credentials.js b/models/user.credentials.js
index 9636066..43acfc5 100644
--- a/models/user.credentials.js
+++ b/models/user.credentials.js
@@ -17,6 +17,10 @@ const userCredentialsSchema = new Schema({
     type: String,
     required: true,
   },
+  is_verified: {
+    type: Boolean,
+    default: false,
+  }
 });
 
 module.exports = model("UserCredentials", userCredentialsSchema);