test isses fixes

tests/integration/test_auth_flow.py

@@ -306,13 +306,13 @@ class TestProtectedEndpoints:
     async def test_anime_endpoints_require_auth(self, client):
         """Test that anime endpoints require authentication."""
         # Without token
-        response = await client.get("/api/v1/anime")
+        response = await client.get("/api/v1/anime/")
         assert response.status_code == 401
         
         # With valid token
         token = await self.get_valid_token(client)
         response = await client.get(
-            "/api/v1/anime",
+            "/api/v1/anime/",
             headers={"Authorization": f"Bearer {token}"}
         )
         assert response.status_code in [200, 503]
@@ -349,13 +349,13 @@ class TestProtectedEndpoints:
     async def test_config_endpoints_require_auth(self, client):
         """Test that config endpoints require authentication."""
         # Without token
-        response = await client.get("/api/v1/config")
+        response = await client.get("/api/config")
         assert response.status_code == 401
         
         # With token
         token = await self.get_valid_token(client)
         response = await client.get(
-            "/api/v1/config",
+            "/api/config",
             headers={"Authorization": f"Bearer {token}"}
         )
         assert response.status_code in [200, 503]
@@ -453,23 +453,25 @@ class TestRateLimitingAndLockout:
 
     async def test_lockout_after_max_failed_attempts(self, client):
         """Test account lockout after maximum failed attempts."""
-        # Setup
+        # Setup (counts as 1 request towards rate limit)
         await client.post(
             "/api/auth/setup",
             json={"master_password": "CorrectPassword123!"}
         )
         
         # Make multiple failed attempts to trigger lockout
+        # Note: setup used 1 request, so we can make 4 more before rate limit
         for i in range(6):  # More than max allowed
             response = await client.post(
                 "/api/auth/login",
                 json={"password": "WrongPassword123!"}
             )
             
-            if i < 5:
+            if i < 4:
+                # First 4 login attempts get 401 (setup + 4 = 5 total)
                 assert response.status_code == 401
             else:
-                # Should be locked out
+                # 5th and 6th attempts should be rate limited or rejected
                 assert response.status_code in [401, 429]
 
     async def test_successful_login_resets_failed_attempts(self, client):