diff --git a/src/rest/auth.rs b/src/rest/auth.rs
index 84da633..e42f80a 100644
--- a/src/rest/auth.rs
+++ b/src/rest/auth.rs
@@ -41,7 +41,6 @@ async fn login(
 ) -> Flash<Redirect> {
     let user = User::login(db, login.name.clone(), login.password.clone()).await;
 
-    //TODO: be able to use ? for login. This would get rid of the following match clause.
     let user = match user {
         Ok(user) => user,
         Err(LoginError::NoPasswordSet(user)) => {
diff --git a/src/rest/cox.rs b/src/rest/cox.rs
index ce49e5e..b2715da 100644
--- a/src/rest/cox.rs
+++ b/src/rest/cox.rs
@@ -14,11 +14,12 @@ use crate::model::{
     user::CoxUser,
 };
 
-//TODO: add constraints (e.g. planned_amount_cox > 0)
 #[derive(FromForm)]
 struct AddTripForm {
     day: String,
+    //TODO: properly parse `planned_starting_time`
     planned_starting_time: String,
+    #[field(validate = range(1..))]
     max_people: i32,
     notes: Option<String>,
     trip_type: Option<i64>,