diff --git a/core/src/error.rs b/core/src/error.rs
index 206d579..8c34271 100644
--- a/core/src/error.rs
+++ b/core/src/error.rs
@@ -8,6 +8,8 @@ pub enum ServiceError {
     InvalidApplicationId,
     #[error("Invalid credentials")]
     InvalidCredentials,
+    #[error("Unauthorized")]
+    Unauthorized,
     #[error("Forbidden")]
     Forbidden,
     #[error("Session expired, please login agai")]
@@ -65,6 +67,7 @@ impl ServiceError {
         match self {
             ServiceError::InvalidApplicationId => 400,
             ServiceError::InvalidCredentials => 401,
+            ServiceError::Unauthorized => 401,
             ServiceError::Forbidden => 403,
             ServiceError::ExpiredSession => 401,
             ServiceError::JwtError => 500,
diff --git a/core/src/services/admin_service.rs b/core/src/services/admin_service.rs
index 76c719a..9e23b65 100644
--- a/core/src/services/admin_service.rs
+++ b/core/src/services/admin_service.rs
@@ -41,7 +41,7 @@ impl AdminService {
     pub async fn auth(db: &DbConn, session_uuid: Uuid) -> Result<admin::Model, ServiceError> {
         match SessionService::auth_user_session(db, session_uuid).await? {
             AdminUser::Admin(admin) => Ok(admin),
-            AdminUser::Candidate(_) => unreachable!(),
+            AdminUser::Candidate(_) => Err(ServiceError::Unauthorized),
         }
     }
 }
diff --git a/core/src/services/candidate_service.rs b/core/src/services/candidate_service.rs
index 9c12b72..b5ca5e0 100644
--- a/core/src/services/candidate_service.rs
+++ b/core/src/services/candidate_service.rs
@@ -215,7 +215,7 @@ impl CandidateService {
         match SessionService::auth_user_session(db, session_uuid).await {
             Ok(user) => match user {
                 AdminUser::Candidate(candidate) => Ok(candidate),
-                AdminUser::Admin(_) => unreachable!(),
+                AdminUser::Admin(_) => Err(ServiceError::Unauthorized),
             },
             Err(e) => Err(e),
         }