From 41f9bd9270cf2fa4dbe3d4bbe1d8ae7ef2dc1f79 Mon Sep 17 00:00:00 2001
From: Will Foster <wfoster@redhat.com>
Date: Mon, 25 May 2026 16:29:05 +0100
Subject: [PATCH] fix: don't call api.login() when using api_tokens.

---
 src/quads_lib/quads.py |  7 -------
 tests/test_quads.py    | 17 ++++-------------
 2 files changed, 4 insertions(+), 20 deletions(-)

diff --git a/src/quads_lib/quads.py b/src/quads_lib/quads.py
index e577a08..450020d 100644
--- a/src/quads_lib/quads.py
+++ b/src/quads_lib/quads.py
@@ -22,13 +22,6 @@ def register(self) -> dict:
         return json_response
 
     def login(self) -> dict:
-        if self.token and self.token.startswith("qat_"):
-            return {
-                "status_code": 201,
-                "status": "success",
-                "message": "Authenticated via API token",
-                "auth_token": self.token,
-            }
         endpoint = urljoin(self.base_url, "login")
         _response = self.session.post(endpoint, auth=self.auth, verify=self.verify)
         json_response = _response.json()
diff --git a/tests/test_quads.py b/tests/test_quads.py
index bbefc80..05eb153 100644
--- a/tests/test_quads.py
+++ b/tests/test_quads.py
@@ -2083,20 +2083,11 @@ def test_init_without_api_token(self):
         assert api.token is None
         assert api.auth is not None
 
-    def test_login_noop_with_qat_token(self):
-        """Test that login() returns synthetic success for qat_ tokens"""
+    def test_api_token_skips_login(self):
+        """Test that api_token users should not call login() - token is already on the session"""
         api = QuadsApi("", "", "http://example.com/", api_token="qat_abc123")
-        result = api.login()
-        assert result["status_code"] == 201
-        assert result["status"] == "success"
-        assert result["auth_token"] == "qat_abc123"
-
-    def test_login_noop_does_not_make_request(self):
-        """Test that login() with qat_ token makes no HTTP request"""
-        api = QuadsApi("", "", "http://example.com/", api_token="qat_abc123")
-        api.session.post = Mock(side_effect=AssertionError("should not be called"))
-        result = api.login()
-        assert result["status"] == "success"
+        assert api.token == "qat_abc123"
+        assert api.session.headers.get("Authorization") == "Bearer qat_abc123"
 
     @patch("requests.Session.request")
     def test_get_user(self, mock_request):