diff --git a/test/integration/api/users.js b/test/integration/api/users.js
index 1fca11e56..6b9a62935 100644
--- a/test/integration/api/users.js
+++ b/test/integration/api/users.js
@@ -96,8 +96,9 @@ describe('api: /users', () => {
         asAlice.post('/v1/users')
           .send({ email: 'david@getodk.org', password: '' })
           .expect(200) // treats a blank password as no password provided
-          .then(() => service.login({ email: 'david@getodk.org', password: '' }, (failed) =>
-            failed.get('/v1/users/current').expect(401))))));
+          .then(() => service.post('/v1/sessions')
+            .send({ email: 'david@getodk.org', password: '' })
+            .expect(400)))));
 
     it('should not accept a password that is too short', testService((service) =>
       service.login('alice', (asAlice) =>
diff --git a/test/integration/setup.js b/test/integration/setup.js
index 3edc64829..a3bf55e0f 100644
--- a/test/integration/setup.js
+++ b/test/integration/setup.js
@@ -131,7 +131,9 @@ const augment = (service) => {
       const credentials = (typeof user === 'string')
         ? { email: `${user}@getodk.org`, password: user }
         : user;
-      const { body } = await service.post('/v1/sessions').send(credentials);
+      const { body } = await service.post('/v1/sessions')
+        .send(credentials)
+        .expect(200);
       return body.token;
     }));
     const proxies = tokens.map((token) => new Proxy(service, authProxy(token)));