diff --git a/helpers/mailer.js b/helpers/mailer.js
index 39a0a3c2c55b4ca8ab2eda067043f7b352ba4ec2..b6d206e42437f1f39a06ae91ca7837bd7cbfb3c5 100644
--- a/helpers/mailer.js
+++ b/helpers/mailer.js
@@ -61,33 +61,6 @@ module.exports = {
         }
       });
 
-    } else if (config.get('mail_provider') === 'aws') {
-      /*
-      AWS.config.update({region: 'eu-west-1'});
-      var ses = new AWS.SES();
-
-      ses.sendEmail( {
-        Source: from,
-        Destination: { ToAddresses: [to_email] },
-        ReplyToAddresses: reply_to,
-        Message: {
-          Subject: {
-            Data: subject
-          },
-          Body: {
-            Text: {
-              Data: plaintext,
-            },
-            Html: {
-              Data: htmlText
-            }
-          }
-        }
-      }, function(err, data) {
-        if (err) console.error("Error sending email:", err);
-        else console.log("Email sent.");
-      });
-      */
     }
   }
 };
diff --git a/routes/api/users.js b/routes/api/users.js
index 77bba451af09d335b768b3b07a215caeab30e6c1..233b62df0fd48a789824078b0e11a3b104bcc0d8 100644
--- a/routes/api/users.js
+++ b/routes/api/users.js
@@ -89,28 +89,31 @@ router.post('/', function(req, res) {
               res.sendStatus(400);
             })
             .then(u => {
-              var homeSpace = {
+              var homeFolder = {
                 _id: uuidv4(),
                 name: req.i18n.__("home"),
                 space_type: "folder",
                 creator_id: u._id
               };
-              db.Space.create(homeSpace)
+              db.Space.create(homeFolder)
                 .error(err => {
                   res.sendStatus(400);
                 })
-                .then(homeSpace => {
-                  u.home_folder_id = homeSpace._id;
+                .then(homeFolder => {
+                  u.home_folder_id = homeFolder._id;
                   u.save()
                     .then(() => {
-                      res.status(201).json({});
-                      
-                      mailer.sendMail(u.email, req.i18n.__("confirm_subject"), req.i18n.__("confirm_body"), {
-                        action: {
-                          link: config.endpoint + "/confirm/" + u.confirmation_token,
-                          name: req.i18n.__("confirm_action")
+                      // home folder created,
+                      // auto accept pending invites
+                      db.Membership.update({
+                        "state": "active"
+                      }, {
+                        where: {
+                          "email_invited": u.email,
+                          "state": pending
                         }
                       });
+                      res.status(201).json({});          
                     })
                     .error(err => {
                       res.status(400).json(err);
@@ -174,36 +177,35 @@ router.post('/:id/password', function(req, res, next) {
           });
         });
       } else {
-        res.status(403).json({"error": "old password wrong"});
+        res.status(403).json({"error": "Please enter the correct current password."});
       }
     } else {
-      res.status(403).json({"error": "wrong user"});
+      res.status(403).json({"error": "Access denied."});
     }
   } else {
-    res.status(400).json({"error": "password_to_short"});
+    res.status(400).json({"error": "Please choose a new password with at least 6 characters."});
   }
 });
 
 router.delete('/:id',  (req, res, next) => {
   const user = req.user;
-  if(user._id == req.params.id) {
-    if (user.account_type == 'email') {
-      if (bcrypt.compareSync(req.query.password, user.password_hash)) {
-        user.remove((err) => {
-          if(err)res.status(400).json(err);
-          else res.sendStatus(204);
-        });
-      } else {
-        res.bad_request("password_incorrect");
-      }
-    } else {
-      user.remove((err) => {
-        if (err) res.status(400).json(err);
+  if (user._id == req.params.id) {
+    if (bcrypt.compareSync(req.query.password, user.password_hash)) {
+
+      // TODO: this doesn't currently work.
+      // all objects (indirectly) belonging to the user have
+      // to be walked and deleted first.
+      
+      user.destroy().then(err => {
+        if(err)res.status(400).json(err);
         else res.sendStatus(204);
       });
+    } else {
+      res.bad_request("Please enter the correct current password.");
     }
+  } else {
+    res.status(403).json({error: "Access denied."});
   }
-  else res.status(403).json({error: ""});
 });
 
 router.put('/:user_id/confirm', (req, res) => {