diff --git a/test/Authentication.test.ts b/test/Authentication.test.ts
index ee889f1..96ee48d 100644
--- a/test/Authentication.test.ts
+++ b/test/Authentication.test.ts
@@ -10,6 +10,7 @@ import UserNameComponent from "../src/auth/models/UserNameComponent";
 import UserPasswordComponent from "../src/auth/password/UserPasswordComponent";
 import {popEmail} from "./_mail_server";
 import AuthComponent from "../src/auth/AuthComponent";
+import {log} from "../src/Logger";
 
 let app: TestApp;
 useApp(async (addr, port) => {
@@ -55,6 +56,20 @@ async function followMagicLinkFromMail(cookies: string[]): Promise<void> {
         .expect('Location', '/');
 }
 
+async function testLogout(cookies: string[], csrf: string): Promise<void> {
+    // Authenticated
+    await agent.get('/is-auth').set('Cookie', cookies).expect(200);
+
+    // Logout
+    await agent.post('/auth/logout')
+        .set('Cookie', cookies)
+        .send({csrf: csrf})
+        .expect(302);
+
+    // Not authenticated
+    await agent.get('/is-auth').set('Cookie', cookies).expect(401);
+}
+
 let agent: supertest.SuperTest<supertest.Test>;
 
 beforeAll(() => {
@@ -305,7 +320,163 @@ describe('Register with email (magic_link)', () => {
     });
 });
 
-describe('Authenticating with email (magic_link)', () => {
+describe('Authenticate with username and password', () => {
+    test('Force auth_method', async () => {
+        let res = await agent.get('/csrf').expect(200);
+        const cookies = res.get('Set-Cookie');
+        const csrf = res.text;
+
+        // Not authenticated
+        await agent.get('/is-auth').set('Cookie', cookies).expect(401);
+
+        // Bad password
+        res = await agent.post('/auth/login')
+            .set('Cookie', cookies)
+            .send({
+                csrf: csrf,
+                identifier: 'entrapta',
+                password: 'darla_is_not_cute',
+                auth_method: 'password',
+            })
+            .expect(400);
+        expect(res.body.messages?.password?.name).toStrictEqual('InvalidFormatValidationError');
+
+        // Authenticate
+        await agent.post('/auth/login')
+            .set('Cookie', cookies)
+            .send({
+                csrf: csrf,
+                identifier: 'entrapta',
+                password: 'darla_is_cute',
+                auth_method: 'password',
+            })
+            .expect(302)
+            .expect('Location', '/');
+
+        await testLogout(cookies, csrf);
+    });
+
+    test('Automatic auth_method', async () => {
+        let res = await agent.get('/csrf').expect(200);
+        const cookies = res.get('Set-Cookie');
+        const csrf = res.text;
+
+        // Not authenticated
+        await agent.get('/is-auth').set('Cookie', cookies).expect(401);
+
+        // Bad password
+        res = await agent.post('/auth/login')
+            .set('Cookie', cookies)
+            .send({
+                csrf: csrf,
+                identifier: 'entrapta',
+                password: 'darla_is_not_cute',
+            })
+            .expect(400);
+        expect(res.body.messages?.password?.name).toStrictEqual('InvalidFormatValidationError');
+
+        // Authenticate
+        await agent.post('/auth/login')
+            .set('Cookie', cookies)
+            .send({
+                csrf: csrf,
+                identifier: 'entrapta',
+                password: 'darla_is_cute',
+            })
+            .expect(302)
+            .expect('Location', '/');
+
+        await testLogout(cookies, csrf);
+    });
+
+    test('Non-existing username', async () => {
+        let res = await agent.get('/csrf').expect(200);
+        const cookies = res.get('Set-Cookie');
+        const csrf = res.text;
+
+        // Not authenticated
+        await agent.get('/is-auth').set('Cookie', cookies).expect(401);
+
+        // Authenticate
+        res = await agent.post('/auth/login')
+            .set('Cookie', cookies)
+            .send({
+                csrf: csrf,
+                identifier: 'i_do_not_exist',
+                password: 'there_is_no_point',
+                auth_method: 'password',
+            })
+            .expect(400);
+        expect(res.body.messages?.identifier?.name).toStrictEqual('UnknownRelationValidationError');
+
+        // Authenticate (automatic method)
+        res = await agent.post('/auth/login')
+            .set('Cookie', cookies)
+            .send({
+                csrf: csrf,
+                identifier: 'i_do_not_exist',
+                password: 'there_is_no_point',
+                auth_method: 'password',
+            })
+            .expect(400);
+        expect(res.body.messages?.identifier?.name).toStrictEqual('UnknownRelationValidationError');
+    });
+
+    test('No password user', async () => {
+        let res = await agent.get('/csrf').expect(200);
+        const cookies = res.get('Set-Cookie');
+        const csrf = res.text;
+
+        // Not authenticated
+        await agent.get('/is-auth').set('Cookie', cookies).expect(401);
+
+        // Authenticate
+        res = await agent.post('/auth/login')
+            .set('Cookie', cookies)
+            .send({
+                csrf: csrf,
+                identifier: 'glimmer',
+                password: '',
+                auth_method: 'password',
+            })
+            .expect(400);
+        expect(res.body.messages?.password?.name).toStrictEqual('InvalidFormatValidationError');
+
+        // Authenticate (automatic method)
+        res = await agent.post('/auth/login')
+            .set('Cookie', cookies)
+            .send({
+                csrf: csrf,
+                identifier: 'glimmer',
+                password: '',
+            })
+            .expect(400);
+        expect(res.body.messages?.password?.name).toStrictEqual('InvalidFormatValidationError');
+
+        // Authenticate without password
+        res = await agent.post('/auth/login')
+            .set('Cookie', cookies)
+            .send({
+                csrf: csrf,
+                identifier: 'angella',
+                auth_method: 'password',
+            })
+            .expect(400);
+        expect(res.body.messages?.password?.name).toStrictEqual('InvalidFormatValidationError');
+
+        // Authenticate without password (automatic method)
+        res = await agent.post('/auth/login')
+            .set('Cookie', cookies)
+            .send({
+                csrf: csrf,
+                identifier: 'angella',
+            })
+            .expect(400);
+        expect(res.body.messages?.password?.name).toStrictEqual('InvalidFormatValidationError');
+    });
+});
+
+describe('Authenticate with email (magic_link)', () => {
     test('Force auth_method', async () => {
         const res = await agent.get('/csrf').expect(200);
         const cookies = res.get('Set-Cookie');
@@ -327,17 +498,7 @@ describe('Authenticating with email (magic_link)', () => {
 
         await followMagicLinkFromMail(cookies);
 
-        // Authenticated
-        await agent.get('/is-auth').set('Cookie', cookies).expect(200);
-
-        // Logout
-        await agent.post('/auth/logout')
-            .set('Cookie', cookies)
-            .send({csrf: csrf})
-            .expect(302);
-
-        // Not authenticated
-        await agent.get('/is-auth').set('Cookie', cookies).expect(401);
+        await testLogout(cookies, csrf);
     });
 
     test('Automatic auth_method', async () => {
@@ -360,17 +521,7 @@ describe('Authenticating with email (magic_link)', () => {
 
         await followMagicLinkFromMail(cookies);
 
-        // Authenticated
-        await agent.get('/is-auth').set('Cookie', cookies).expect(200);
-
-        // Logout
-        await agent.post('/auth/logout')
-            .set('Cookie', cookies)
-            .send({csrf: csrf})
-            .expect(302);
-
-        // Not authenticated
-        await agent.get('/is-auth').set('Cookie', cookies).expect(401);
+        await testLogout(cookies, csrf);
     });
 
     test('Non-existing email (forced auth_method)', async () => {