tests: accept both 401 and 403 as errors

tests/test_api.py

@@ -50,7 +50,7 @@ def user():
 
 
 def test_get_newsletters(app, categories, announces, user):
-    resp = app.get(reverse('newsletters'), status=403)
+    resp = app.get(reverse('newsletters'), status=(401, 403))
     app.authorization = ('Basic', ('john.doe', 'password'))
     resp = app.get(reverse('newsletters'))
     data = resp.json
@@ -65,9 +65,9 @@ def test_get_newsletters(app, categories, announces, user):
 
 
 def test_get_subscriptions(app, categories, announces, user):
-    resp = app.get(reverse('subscriptions'), status=403)
+    resp = app.get(reverse('subscriptions'), status=(401, 403))
     uuid = str(uuid4())
-    resp = app.get(reverse('subscriptions'), params={'uuid': uuid}, status=403)
+    resp = app.get(reverse('subscriptions'), params={'uuid': uuid}, status=(401, 403))
     app.authorization = ('Basic', ('john.doe', 'password'))
 
     for identifier, name in channel_choices:
@@ -105,7 +105,7 @@ def test_update_subscriptions(app, categories, announces, user):
 def test_delete_subscriptions(app, categories, announces, user):
     params = urlencode({'uuid': str(uuid4())})
     subscriptions_url = reverse('subscriptions') + '?' + params
-    resp = app.delete(subscriptions_url, status=403)
+    resp = app.delete(subscriptions_url, status=(401, 403))
     app.authorization = ('Basic', ('john.doe', 'password'))
     resp = app.delete(subscriptions_url)
     if resp.json['data']:
@@ -119,7 +119,7 @@ def test_simple_email_subscription(app, categories, user):
     url = '/api/subscribe/?uuid=%s&email=john@example.net' % uuid
 
     # anonymous
-    resp = app.post_json(url, params=payload, status=403)
+    resp = app.post_json(url, params=payload, status=(401, 403))
     assert resp.json['detail'] == 'Authentication credentials were not provided.'
 
     # authenticated