From 63c69e5c6acd640e7fc26838bd5915c81455c253 Mon Sep 17 00:00:00 2001
From: Herculino Trotta <hello@herculino.com>
Date: Sat, 2 May 2026 16:16:08 -0300
Subject: [PATCH] test(api): expect unauthorized for anonymous requests

---
 app/apps/api/tests/test_accounts.py |  4 ++--
 app/apps/api/tests/test_imports.py  | 12 ++++++------
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/app/apps/api/tests/test_accounts.py b/app/apps/api/tests/test_accounts.py
index 50e7a94..9da60c9 100644
--- a/app/apps/api/tests/test_accounts.py
+++ b/app/apps/api/tests/test_accounts.py
@@ -90,10 +90,10 @@ class AccountBalanceAPITests(TestCase):
         self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
 
     def test_get_balance_unauthenticated(self):
-        """Test unauthenticated request returns 403"""
+        """Test unauthenticated request returns 401"""
         unauthenticated_client = APIClient()
         response = unauthenticated_client.get(
             f"/api/accounts/{self.account.id}/balance/"
         )
 
-        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
diff --git a/app/apps/api/tests/test_imports.py b/app/apps/api/tests/test_imports.py
index 9509e4d..4b41cd1 100644
--- a/app/apps/api/tests/test_imports.py
+++ b/app/apps/api/tests/test_imports.py
@@ -159,7 +159,7 @@ column_mapping:
         self.assertIn("import_run_id", response.data)
 
     def test_unauthenticated_request(self):
-        """Test unauthenticated request returns 403"""
+        """Test unauthenticated request returns 401"""
         unauthenticated_client = APIClient()
 
         csv_content = b"date,description,amount\n2025-01-01,Test,100"
@@ -173,7 +173,7 @@ column_mapping:
             format="multipart",
         )
 
-        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
 
 
 @override_settings(
@@ -266,11 +266,11 @@ column_mapping:
         self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
 
     def test_profiles_unauthenticated(self):
-        """Test unauthenticated request returns 403"""
+        """Test unauthenticated request returns 401"""
         unauthenticated_client = APIClient()
         response = unauthenticated_client.get("/api/import/profiles/")
 
-        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
 
 
 @override_settings(
@@ -397,8 +397,8 @@ column_mapping:
         self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
 
     def test_runs_unauthenticated(self):
-        """Test unauthenticated request returns 403"""
+        """Test unauthenticated request returns 401"""
         unauthenticated_client = APIClient()
         response = unauthenticated_client.get("/api/import/runs/")
 
-        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)