diff --git a/backend/linkpulse/routers/auth.py b/backend/linkpulse/routers/auth.py
index 6541985..13c4bbb 100644
--- a/backend/linkpulse/routers/auth.py
+++ b/backend/linkpulse/routers/auth.py
@@ -1,5 +1,7 @@
 from typing import Tuple, Optional
 
+from fastapi import status
+from fastapi.responses import ORJSONResponse
 from pwdlib import PasswordHash
 from pwdlib.hashers.argon2 import Argon2Hasher
 from fastapi import APIRouter, Depends
@@ -64,7 +66,10 @@ async def login(body: LoginBody):
     if user is None:
         # Hash regardless of user existence to prevent timing attacks
         hasher.verify(body.password, dummy_hash)
-        return LoginError(error="Invalid email or password")
+        return ORJSONResponse(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            content=LoginError(error="Invalid email or password"),
+        )
 
     # valid, updated_hash = hasher.verify_and_update(body.password, existing_hash)
 
diff --git a/backend/linkpulse/tests/test_auth.py b/backend/linkpulse/tests/test_auth.py
new file mode 100644
index 0000000..93c9d67
--- /dev/null
+++ b/backend/linkpulse/tests/test_auth.py
@@ -0,0 +1,19 @@
+from fastapi import status
+from fastapi.testclient import TestClient
+from linkpulse.app import app
+from linkpulse.tests.test_user import user
+
+
+def test_auth_login(user):
+    args = {"email": "test@test.com", "password": "test"}
+
+    with TestClient(app) as client:
+        response = client.post("/api/login", json=args)
+        assert response.status_code == status.HTTP_200_OK
+        # assert response.json()["token"] is not None
+
+        response = client.post("/api/login", json={**args, "email": "invalid_email"})
+        assert response.status_code == status.HTTP_422_UNPROCESSABLE_ENTITY
+
+        response = client.post("/api/login", json={**args, "password": "invalid_password"})
+        assert response.status_code == status.HTTP_401_UNAUTHORIZED
diff --git a/backend/linkpulse/tests/test_user.py b/backend/linkpulse/tests/test_user.py
index e440579..4c30d2c 100644
--- a/backend/linkpulse/tests/test_user.py
+++ b/backend/linkpulse/tests/test_user.py
@@ -9,6 +9,4 @@ logger = structlog.get_logger()
 
 @pytest.fixture
 def user():
-    return User.create(
-        email=random_email(), password_hash=hasher.hash(random_string(64))
-    )
+    return User.create(email=random_email(), password_hash=hasher.hash("password"))