diff --git a/app/assets/javascripts/user_avatar.js.coffee b/app/assets/javascripts/user_avatar.js.coffee
new file mode 100644
index 0000000..24f83d1
--- /dev/null
+++ b/app/assets/javascripts/user_avatar.js.coffee
@@ -0,0 +1,3 @@
+# Place all the behaviors and hooks related to the matching controller here.
+# All this logic will automatically be available in application.js.
+# You can use CoffeeScript in this file: http://coffeescript.org/
diff --git a/app/assets/stylesheets/user_avatar.css.scss b/app/assets/stylesheets/user_avatar.css.scss
new file mode 100644
index 0000000..d7e24de
--- /dev/null
+++ b/app/assets/stylesheets/user_avatar.css.scss
@@ -0,0 +1,3 @@
+// Place all the styles related to the user_avatar controller here.
+// They will automatically be included in application.css.
+// You can use Sass (SCSS) here: http://sass-lang.com/
diff --git a/app/controllers/callbacks_controller.rb b/app/controllers/callbacks_controller.rb
index ab0d9fe..e0beaa2 100644
--- a/app/controllers/callbacks_controller.rb
+++ b/app/controllers/callbacks_controller.rb
@@ -1,8 +1,15 @@
 class CallbacksController < Devise::OmniauthCallbacksController
   def zeuswpi
     @user = User.from_omniauth(request.env["omniauth.auth"])
-    flash[:success] = "Logged in successfuly"
-    sign_in_and_redirect @user
+    @user.save!(validate: false)
+    if @user.valid?
+      flash[:success] = "You are now logged in."
+      sign_in_and_redirect @user
+    else
+      flash[:error] = "Please complete your profile first."
+      session[:id] = @user.id
+      redirect_to new_user_avatar_path
+    end
   end
 
   def after_omniauth_failure_path_for(scope)
diff --git a/app/controllers/user_avatar_controller.rb b/app/controllers/user_avatar_controller.rb
new file mode 100644
index 0000000..4209f3e
--- /dev/null
+++ b/app/controllers/user_avatar_controller.rb
@@ -0,0 +1,26 @@
+class UserAvatarController < ApplicationController
+  before_action :authenticate_session_user!
+
+  def new
+  end
+
+  def create
+    if @user.update_attributes(user_params)
+      flash[:success] = "Your profile is complete. You are now logged in."
+      sign_in_and_redirect @user
+    else
+      render 'new'
+    end
+  end
+
+  private
+
+  def authenticate_session_user!
+    redirect_to root_path unless session[:id]
+    @user = User.find session[:id]
+  end
+
+  def user_params
+    params.require(:user).permit(:avatar)
+  end
+end
diff --git a/app/helpers/user_avatar_helper.rb b/app/helpers/user_avatar_helper.rb
new file mode 100644
index 0000000..52a0ddd
--- /dev/null
+++ b/app/helpers/user_avatar_helper.rb
@@ -0,0 +1,2 @@
+module UserAvatarHelper
+end
diff --git a/app/models/user.rb b/app/models/user.rb
index 0add1a3..0b0fc17 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -36,9 +36,9 @@ class User < ActiveRecord::Base
   has_many :products, through: :orders
   belongs_to :dagschotel, class_name: 'Product'
 
-  # validates_attachment :avatar,
-    # presence: true,
-    # content_type: { content_type: ["image/jpeg", "image/gif", "image/png"] }
+  validates_attachment :avatar,
+    presence: true,
+    content_type: { content_type: ["image/jpeg", "image/gif", "image/png"] }
 
   scope :members, -> { where koelkast: false }
 
diff --git a/app/views/user_avatar/new.html.erb b/app/views/user_avatar/new.html.erb
new file mode 100644
index 0000000..605dd68
--- /dev/null
+++ b/app/views/user_avatar/new.html.erb
@@ -0,0 +1,10 @@
+<h2>Add avatar to <%= @user.uid %></h2>
+<%= render 'flash' %>
+
+<%= f_form_for @user, url: '/user_avatar', method: :post do |f| %>
+  <%= f.error_messages %>
+
+  <%= f.file_field :avatar %>
+
+  <%= f.submit "Update" %>
+<% end %>
diff --git a/config/routes.rb b/config/routes.rb
index 7e68b34..c08a024 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -22,6 +22,8 @@ Rails.application.routes.draw do
     get 'dagschotel/:product_id' => 'users#update_dagschotel', as: 'dagschotel'
   end
 
+  resources :user_avatar
+
   resources :products do
     collection do
       get  'stock' => 'products#stock', as: 'stock'
diff --git a/config/secrets.yml b/config/secrets.yml
new file mode 100644
index 0000000..f939db0
--- /dev/null
+++ b/config/secrets.yml
@@ -0,0 +1,26 @@
+# Be sure to restart your server when you modify this file.
+
+# Your secret key is used for verifying the integrity of signed cookies.
+# If you change this key, all old signed cookies will become invalid!
+
+# Make sure the secret is at least 30 characters and all random,
+# no regular words or you'll be exposed to dictionary attacks.
+# You can use `rake secret` to generate a secure secret key.
+
+# Make sure the secrets in this file are kept private
+# if you're sharing your code publicly.
+
+development:
+  secret_key_base: 5d40610321e19e4f71ee2ba8af4f426fe15096c405da3800c6b33bed6779f2d11f55a0edc455974b19a01fd71f6cd508dba980305dbc55ff82521a2d12f891d8
+  omniauth_client_id: tomtest
+  omniauth_client_secret: blargh
+
+test:
+  secret_key_base: 961437e28e7d6055ffaad9cf1f8d614354f57f10cb2d7601c9d6ede72a03b9c9535ad9e63507e3eb31252c4895970a63117493408f2e9a46c7a0c4a5a7836b81
+
+# Do not keep production secrets in the repository,
+# instead read values from the environment.
+production:
+  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
+  omniauth_client_id: ""
+  omniauth_client_secret: ""
diff --git a/test/controllers/user_avatar_controller_test.rb b/test/controllers/user_avatar_controller_test.rb
new file mode 100644
index 0000000..8647cce
--- /dev/null
+++ b/test/controllers/user_avatar_controller_test.rb
@@ -0,0 +1,7 @@
+require 'test_helper'
+
+class UserAvatarControllerTest < ActionController::TestCase
+  # test "the truth" do
+  #   assert true
+  # end
+end