it('should not serve JWT for invalid username', function() {
    return frisby
      .post(host + '/api/auth/token', {
        username: 'h4z0r',
        password: 'admin',