diff --git a/src/tests/authentication.rs b/src/tests/authentication.rs
index 91b8774af09..ed564ee9c64 100644
--- a/src/tests/authentication.rs
+++ b/src/tests/authentication.rs
@@ -1,6 +1,7 @@
 use crate::tests::TestApp;
-use crate::tests::util::{MockRequestExt, RequestHelper, Response};
+use crate::tests::util::{MockRequestExt, MockTokenUser, RequestHelper, Response};
 
+use crate::tests::builders::PublishBuilder;
 use crate::tests::util::encode_session_header;
 use http::{Method, StatusCode, header};
 use insta::assert_snapshot;
@@ -18,11 +19,11 @@ async fn anonymous_user_unauthorized() {
 
 #[tokio::test(flavor = "multi_thread")]
 async fn token_auth_cannot_find_token() {
-    let (_, anon) = TestApp::init().empty().await;
-    let mut request = anon.request_builder(Method::GET, URL);
-    request.header(header::AUTHORIZATION, "cio1tkfake-token");
-    let response: Response<()> = anon.run(request).await;
+    let (app, _anon) = TestApp::full().empty().await;
 
+    let client = MockTokenUser::with_auth_header("cio1tkfake-token".to_string(), app.clone());
+    let pb = PublishBuilder::new("foo", "1.0.0");
+    let response = client.publish_crate(pb).await;
     assert_snapshot!(response.status(), @"403 Forbidden");
     assert_snapshot!(response.text(), @r#"{"errors":[{"detail":"authentication failed"}]}"#);
 }
diff --git a/src/tests/token.rs b/src/tests/token.rs
index 5ce01593067..f5aed1bc124 100644
--- a/src/tests/token.rs
+++ b/src/tests/token.rs
@@ -1,9 +1,9 @@
-use crate::tests::util::MockRequestExt;
+use crate::tests::builders::PublishBuilder;
+use crate::tests::util::MockTokenUser;
 use crate::tests::{RequestHelper, TestApp};
 use crate::{models::ApiToken, views::EncodableMe};
 use diesel::prelude::*;
 use diesel_async::RunQueryDsl;
-use http::header;
 use insta::assert_snapshot;
 
 #[tokio::test(flavor = "multi_thread")]
@@ -35,12 +35,11 @@ async fn using_token_updates_last_used_at() {
 
 #[tokio::test(flavor = "multi_thread")]
 async fn old_tokens_give_specific_error_message() {
-    let url = "/api/v1/me";
-    let (_, anon) = TestApp::init().empty().await;
+    let (app, _anon) = TestApp::full().empty().await;
 
-    let mut request = anon.get_request(url);
-    request.header(header::AUTHORIZATION, "oldtoken");
-    let response = anon.run::<()>(request).await;
+    let client = MockTokenUser::with_auth_header("oldtoken".to_string(), app.clone());
+    let pb = PublishBuilder::new("foo", "1.0.0");
+    let response = client.publish_crate(pb).await;
     assert_snapshot!(response.status(), @"401 Unauthorized");
     assert_snapshot!(response.text(), @r#"{"errors":[{"detail":"The given API token does not match the format used by crates.io. Tokens generated before 2020-07-14 were generated with an insecure random number generator, and have been revoked. You can generate a new token at https://crates.io/me. For more information please see https://blog.rust-lang.org/2020/07/14/crates-io-security-advisory.html. We apologize for any inconvenience."}]}"#);
 }