diff --git a/server/app/auth_test.go b/server/app/auth_test.go
index 26f377d3a..5643cc6cd 100644
--- a/server/app/auth_test.go
+++ b/server/app/auth_test.go
@@ -16,35 +16,67 @@ import (
 )
 
 var _ = Describe("Auth", func() {
-	Describe("CreateAdmin", func() {
+	Describe("Public functions", func() {
 		var ds model.DataStore
 		var req *http.Request
 		var resp *httptest.ResponseRecorder
 
 		BeforeEach(func() {
 			ds = &tests.MockDataStore{}
-			req = httptest.NewRequest("POST", "/createAdmin", strings.NewReader(`{"username":"johndoe", "password":"secret"}`))
-			resp = httptest.NewRecorder()
-			CreateAdmin(ds)(resp, req)
 		})
 
-		It("creates an admin user with the specified password", func() {
-			usr := ds.User(context.TODO())
-			u, err := usr.FindByUsername("johndoe")
-			Expect(err).To(BeNil())
-			Expect(u.Password).ToNot(BeEmpty())
-			Expect(u.IsAdmin).To(BeTrue())
-		})
+		Describe("CreateAdmin", func() {
+			BeforeEach(func() {
+				req = httptest.NewRequest("POST", "/createAdmin", strings.NewReader(`{"username":"johndoe", "password":"secret"}`))
+				resp = httptest.NewRecorder()
+				CreateAdmin(ds)(resp, req)
+			})
 
-		It("returns the expected payload", func() {
-			Expect(resp.Code).To(Equal(http.StatusOK))
-			var parsed map[string]interface{}
-			Expect(json.Unmarshal(resp.Body.Bytes(), &parsed)).To(BeNil())
-			Expect(parsed["isAdmin"]).To(Equal(true))
-			Expect(parsed["username"]).To(Equal("johndoe"))
-			Expect(parsed["name"]).To(Equal("Johndoe"))
-			Expect(parsed["id"]).ToNot(BeEmpty())
-			Expect(parsed["token"]).ToNot(BeEmpty())
+			It("creates an admin user with the specified password", func() {
+				usr := ds.User(context.TODO())
+				u, err := usr.FindByUsername("johndoe")
+				Expect(err).To(BeNil())
+				Expect(u.Password).ToNot(BeEmpty())
+				Expect(u.IsAdmin).To(BeTrue())
+			})
+
+			It("returns the expected payload", func() {
+				Expect(resp.Code).To(Equal(http.StatusOK))
+				var parsed map[string]interface{}
+				Expect(json.Unmarshal(resp.Body.Bytes(), &parsed)).To(BeNil())
+				Expect(parsed["isAdmin"]).To(Equal(true))
+				Expect(parsed["username"]).To(Equal("johndoe"))
+				Expect(parsed["name"]).To(Equal("Johndoe"))
+				Expect(parsed["id"]).ToNot(BeEmpty())
+				Expect(parsed["token"]).ToNot(BeEmpty())
+			})
+		})
+		Describe("Login", func() {
+			BeforeEach(func() {
+				req = httptest.NewRequest("POST", "/login", strings.NewReader(`{"username":"janedoe", "password":"abc123"}`))
+				resp = httptest.NewRecorder()
+			})
+
+			It("fails if user does not exist", func() {
+				Login(ds)(resp, req)
+				Expect(resp.Code).To(Equal(http.StatusUnauthorized))
+			})
+
+			It("logs in successfully if user exists", func() {
+				usr := ds.User(context.TODO())
+				_ = usr.Put(&model.User{ID: "111", UserName: "janedoe", NewPassword: "abc123", Name: "Jane", IsAdmin: false})
+
+				Login(ds)(resp, req)
+				Expect(resp.Code).To(Equal(http.StatusOK))
+
+				var parsed map[string]interface{}
+				Expect(json.Unmarshal(resp.Body.Bytes(), &parsed)).To(BeNil())
+				Expect(parsed["isAdmin"]).To(Equal(false))
+				Expect(parsed["username"]).To(Equal("janedoe"))
+				Expect(parsed["name"]).To(Equal("Jane"))
+				Expect(parsed["id"]).ToNot(BeEmpty())
+				Expect(parsed["token"]).ToNot(BeEmpty())
+			})
 		})
 	})