diff --git a/modules/utenti/actions.php b/modules/utenti/actions.php
index 694c0894f..08d4ff6cc 100755
--- a/modules/utenti/actions.php
+++ b/modules/utenti/actions.php
@@ -112,16 +112,26 @@ switch (filter('op')) {
 
     // Abilita API utente
     case 'token_enable':
-         if ($dbo->query('UPDATE zz_tokens SET enabled = 1 WHERE id_utente = '.prepare($id_utente))) {
-             flash()->info(tr('Token abilitato!'));
-         }
+        $utente = User::find($id_utente);
+        $tokens = $utente->getApiTokens();
+
+        foreach ($tokens as $token){
+            $dbo->query('UPDATE zz_tokens SET enabled = 1 WHERE id = '.prepare($token['id']));
+        }
+
+        flash()->info(tr('Token abilitato!'));
         break;
 
     // Disabilita API utente
     case 'token_disable':
-        if ($dbo->query('UPDATE zz_tokens SET enabled = 0 WHERE id_utente = '.prepare($id_utente))) {
-            flash()->info(tr('Token disabilitato!'));
+        $utente = User::find($id_utente);
+        $tokens = $utente->getApiTokens();
+
+        foreach ($tokens as $token){
+            $dbo->query('UPDATE zz_tokens SET enabled = 0 WHERE id = '.prepare($token['id']));
         }
+
+        flash()->info(tr('Token abilitato!'));
         break;
 
     // Elimina gruppo
diff --git a/src/Auth.php b/src/Auth.php
index 61ee0d9de..69cf918a7 100755
--- a/src/Auth.php
+++ b/src/Auth.php
@@ -200,22 +200,8 @@ class Auth extends \Util\Singleton
         if ($this->isAuthenticated()) {
             $user = self::user();
 
-            $database = database();
-            $tokens = $database->fetchArray('SELECT `token` FROM `zz_tokens` WHERE `enabled` = 1 AND `id_utente` = :user_id', [
-                ':user_id' => $user->id,
-            ]);
-
-            // Generazione del token per l'utente
-            if (empty($tokens)) {
-                $token = secure_random_string();
-
-                $database->insert('zz_tokens', [
-                    'id_utente' => $user->id,
-                    'token' => $token,
-                ]);
-            } else {
-                $token = $tokens[0]['token'];
-            }
+            $tokens = $user->getApiTokens();
+            $token = $tokens[0]['token'];
         }
 
         return $token;
diff --git a/src/Models/User.php b/src/Models/User.php
index 38c14bee0..2091e4722 100755
--- a/src/Models/User.php
+++ b/src/Models/User.php
@@ -172,6 +172,24 @@ class User extends Model
         return $anagrafica->ragione_sociale.' ('.$this->username.')';
     }
 
+    public function getApiTokens(){
+        $query = 'SELECT * FROM `zz_tokens` WHERE `enabled` = 1 AND `id_utente` = '.prepare($this->id);
+        $database = database();
+
+        // Generazione del token per l'utente
+        $tokens = $database->fetchArray($query);
+        if (empty($tokens)) {
+            $token = secure_random_string();
+
+            $database->insert('zz_tokens', [
+                'id_utente' => $this->id,
+                'token' => $token,
+            ]);
+        }
+
+        return $database->fetchArray($query);
+    }
+
     /* Relazioni Eloquent */
 
     public function group()