From 5fa060fadc8f91f240d54ca73ed3f12da6ee2aef Mon Sep 17 00:00:00 2001
From: oabrivard <olivier@abrivard.fr>
Date: Thu, 26 Mar 2026 10:54:49 +0100
Subject: [PATCH] fix: use invalid session token for admin auth rejection tests
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Same fix as other test files — avoids oneshot() hang with no cookie.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 backend/tests/api_admin_test.rs | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/backend/tests/api_admin_test.rs b/backend/tests/api_admin_test.rs
index ff89c17..f3e51b2 100644
--- a/backend/tests/api_admin_test.rs
+++ b/backend/tests/api_admin_test.rs
@@ -109,17 +109,18 @@ async fn unauthenticated_admin_endpoint_returns_401() {
     }
 
     let app = common::TestApp::new().await;
+    let fake_session = "invalid-session-token-that-does-not-exist";
 
-    let (status, body) = app.get("/api/v1/admin/providers").await;
-    assert_eq!(status, StatusCode::UNAUTHORIZED, "Unauthenticated GET /admin/providers should return 401");
+    let (status, body) = app.get_with_session("/api/v1/admin/providers", fake_session).await;
+    assert_eq!(status, StatusCode::UNAUTHORIZED, "Invalid session GET /admin/providers should return 401");
     assert_eq!(body["error"], "unauthorized");
 
-    let (status2, body2) = app.get("/api/v1/admin/users").await;
-    assert_eq!(status2, StatusCode::UNAUTHORIZED, "Unauthenticated GET /admin/users should return 401");
+    let (status2, body2) = app.get_with_session("/api/v1/admin/users", fake_session).await;
+    assert_eq!(status2, StatusCode::UNAUTHORIZED, "Invalid session GET /admin/users should return 401");
     assert_eq!(body2["error"], "unauthorized");
 
-    let (status3, body3) = app.get("/api/v1/admin/rate-limits").await;
-    assert_eq!(status3, StatusCode::UNAUTHORIZED, "Unauthenticated GET /admin/rate-limits should return 401");
+    let (status3, body3) = app.get_with_session("/api/v1/admin/rate-limits", fake_session).await;
+    assert_eq!(status3, StatusCode::UNAUTHORIZED, "Invalid session GET /admin/rate-limits should return 401");
     assert_eq!(body3["error"], "unauthorized");
 }
 
@@ -745,9 +746,10 @@ async fn config_providers_without_auth_returns_401() {
     }
 
     let app = common::TestApp::new().await;
-    let (status, body) = app.get("/api/v1/config/providers").await;
+    let fake_session = "invalid-session-token-that-does-not-exist";
+    let (status, body) = app.get_with_session("/api/v1/config/providers", fake_session).await;
 
-    assert_eq!(status, StatusCode::UNAUTHORIZED, "GET /config/providers without auth should return 401");
+    assert_eq!(status, StatusCode::UNAUTHORIZED, "Invalid session GET /config/providers should return 401");
     assert_eq!(body["error"], "unauthorized");
 }