From 4eb63b8adda4559df3dadcf721e2bb0d1f65a01f Mon Sep 17 00:00:00 2001
From: Owen Jacobson <owen@grimoire.ca>
Date: Sun, 24 Aug 2025 03:48:17 -0400
Subject: Stop returning body data from `POST /api/auth/login`.

As with `/api/setup`, the response was an ad-hoc choice, which we are not using and which constrains future development just by existing.
---
 src/user/handlers/password/test.rs | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'src/user/handlers/password')

diff --git a/src/user/handlers/password/test.rs b/src/user/handlers/password/test.rs
index 42e41d8..278d27b 100644
--- a/src/user/handlers/password/test.rs
+++ b/src/user/handlers/password/test.rs
@@ -58,10 +58,15 @@ async fn password_change() {
     assert!(matches!(login_err, LoginError::Rejected));
 
     // Verify that our new password is valid
-    let (login, _) = app
+    let secret = app
         .tokens()
         .login(&name, &to, &fixtures::now())
         .await
         .expect("logging in with the new password should succeed");
+    let (_, login) = app
+        .tokens()
+        .validate(&secret, &fixtures::now())
+        .await
+        .expect("validating a newly-issued token secret succeeds");
     assert_eq!(identity.user, login);
 }
-- 
cgit v1.2.3