From 7db18d9e20a62989059504bb3f132bea5828e050 Mon Sep 17 00:00:00 2001
From: Cedric <cedric.cordenier@smartcontract.com>
Date: Tue, 19 Sep 2023 16:15:18 +0100
Subject: [PATCH] [BCF-2488] Fix flake in TestShell_Autologin (and others)
 (#10677)

* [BCF-2488] Fix flakey TestShell_Autologin caused by lock timeout

* [BCF-2488] Fix flakey TestShell_Autologin caused by lock timeout
---
 core/cmd/renderer_test.go                     |  2 +-
 core/internal/cltest/cltest.go                | 43 +++++++++++++------
 .../testutils/configtest/v2/general_config.go |  1 +
 core/services/job/runner_integration_test.go  |  4 +-
 core/web/auth/auth_test.go                    | 17 +++-----
 core/web/bridge_types_controller_test.go      | 16 +++----
 core/web/build_info_controller_test.go        |  2 +-
 core/web/cors_test.go                         |  4 +-
 core/web/cosmos_chains_controller_test.go     |  2 +-
 core/web/cosmos_keys_controller_test.go       |  4 +-
 core/web/dkgencrypt_keys_controller_test.go   |  2 +-
 core/web/dkgsign_keys_controller_test.go      |  2 +-
 core/web/eth_keys_controller_test.go          | 40 ++++++++---------
 core/web/evm_chains_controller_test.go        |  2 +-
 core/web/evm_forwarders_controller_test.go    |  2 +-
 core/web/evm_transactions_controller_test.go  |  8 ++--
 core/web/evm_transfer_controller_test.go      | 16 +++----
 core/web/evm_tx_attempts_controller_test.go   |  4 +-
 .../external_initiators_controller_test.go    | 12 +++---
 core/web/features_controller_test.go          |  2 +-
 core/web/health_controller_test.go            |  2 +-
 core/web/jobs_controller_test.go              | 12 +++---
 core/web/log_controller_test.go               |  4 +-
 core/web/loop_registry_test.go                |  2 +-
 core/web/ocr2_keys_controller_test.go         |  2 +-
 core/web/ocr_keys_controller_test.go          |  2 +-
 core/web/p2p_keys_controller_test.go          |  4 +-
 core/web/ping_controller_test.go              |  2 +-
 core/web/pipeline_runs_controller_test.go     |  8 ++--
 core/web/router_test.go                       |  2 +-
 core/web/solana_chains_controller_test.go     |  2 +-
 core/web/solana_keys_controller_test.go       |  4 +-
 core/web/starknet_keys_controller_test.go     |  4 +-
 core/web/user_controller_test.go              | 22 +++++-----
 34 files changed, 138 insertions(+), 119 deletions(-)

diff --git a/core/cmd/renderer_test.go b/core/cmd/renderer_test.go
index 78de49ffed4..f617747953c 100644
--- a/core/cmd/renderer_test.go
+++ b/core/cmd/renderer_test.go
@@ -37,7 +37,7 @@ func TestRendererTable_RenderConfigurationV2(t *testing.T) {
 	app := cltest.NewApplicationEVMDisabled(t)
 	wantUser, wantEffective := app.Config.ConfigTOML()
 	require.NoError(t, app.Start(testutils.Context(t)))
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	t.Run("effective", func(t *testing.T) {
 		resp, cleanup := client.Get("/v2/config/v2")
diff --git a/core/internal/cltest/cltest.go b/core/internal/cltest/cltest.go
index 139d66b590f..1c5d1ed5bbb 100644
--- a/core/internal/cltest/cltest.go
+++ b/core/internal/cltest/cltest.go
@@ -595,10 +595,10 @@ func (ta *TestApplication) Stop() error {
 	return err
 }
 
-func (ta *TestApplication) MustSeedNewSession(roleFixtureUserAPIEmail string) (id string) {
+func (ta *TestApplication) MustSeedNewSession(email string) (id string) {
 	session := NewSession()
-	ta.Logger.Infof("TestApplication creating session (id: %s, email: %s, last used: %s)", session.ID, roleFixtureUserAPIEmail, session.LastUsed.String())
-	err := ta.GetSqlxDB().Get(&id, `INSERT INTO sessions (id, email, last_used, created_at) VALUES ($1, $2, $3, NOW()) RETURNING id`, session.ID, roleFixtureUserAPIEmail, session.LastUsed)
+	ta.Logger.Infof("TestApplication creating session (id: %s, email: %s, last used: %s)", session.ID, email, session.LastUsed.String())
+	err := ta.GetSqlxDB().Get(&id, `INSERT INTO sessions (id, email, last_used, created_at) VALUES ($1, $2, $3, NOW()) RETURNING id`, session.ID, email, session.LastUsed)
 	require.NoError(ta.t, err)
 	return id
 }
@@ -610,10 +610,29 @@ func (ta *TestApplication) Import(content string) {
 	require.NoError(ta.t, err)
 }
 
-func (ta *TestApplication) NewHTTPClient(roleFixtureUserAPIEmail string) HTTPClientCleaner {
+type User struct {
+	Email string
+	Role  clsessions.UserRole
+}
+
+func (ta *TestApplication) NewHTTPClient(user *User) HTTPClientCleaner {
 	ta.t.Helper()
 
-	sessionID := ta.MustSeedNewSession(roleFixtureUserAPIEmail)
+	if user.Email == "" {
+		user.Email = fmt.Sprintf("%s@chainlink.test", uuid.New())
+	}
+
+	if user.Role == "" {
+		user.Role = clsessions.UserRoleAdmin
+	}
+
+	u, err := clsessions.NewUser(user.Email, Password, user.Role)
+	require.NoError(ta.t, err)
+
+	err = ta.SessionORM().CreateUser(&u)
+	require.NoError(ta.t, err)
+
+	sessionID := ta.MustSeedNewSession(user.Email)
 
 	return HTTPClientCleaner{
 		HTTPClient: NewMockAuthenticatedHTTPClient(ta.Logger, ta.NewClientOpts(), sessionID),
@@ -627,7 +646,7 @@ func (ta *TestApplication) NewClientOpts() cmd.ClientOpts {
 
 // NewShellAndRenderer creates a new cmd.Shell for the test application
 func (ta *TestApplication) NewShellAndRenderer() (*cmd.Shell, *RendererMock) {
-	sessionID := ta.MustSeedNewSession(APIEmailAdmin)
+	hc := ta.NewHTTPClient(&User{})
 	r := &RendererMock{}
 	lggr := logger.TestLogger(ta.t)
 	client := &cmd.Shell{
@@ -637,7 +656,7 @@ func (ta *TestApplication) NewShellAndRenderer() (*cmd.Shell, *RendererMock) {
 		AppFactory:                     seededAppFactory{ta.ChainlinkApplication},
 		FallbackAPIInitializer:         NewMockAPIInitializer(ta.t),
 		Runner:                         EmptyRunner{},
-		HTTP:                           NewMockAuthenticatedHTTPClient(ta.Logger, ta.NewClientOpts(), sessionID),
+		HTTP:                           hc.HTTPClient,
 		CookieAuthenticator:            MockCookieAuthenticator{t: ta.t},
 		FileSessionRequestBuilder:      &MockSessionRequestBuilder{},
 		PromptingSessionRequestBuilder: &MockSessionRequestBuilder{},
@@ -789,7 +808,7 @@ func ParseJSONAPIResponseMetaCount(input []byte) (int, error) {
 func CreateJobViaWeb(t testing.TB, app *TestApplication, request []byte) job.Job {
 	t.Helper()
 
-	client := app.NewHTTPClient(APIEmailAdmin)
+	client := app.NewHTTPClient(&User{})
 	resp, cleanup := client.Post("/v2/jobs", bytes.NewBuffer(request))
 	defer cleanup()
 	AssertServerResponse(t, resp, http.StatusOK)
@@ -803,7 +822,7 @@ func CreateJobViaWeb(t testing.TB, app *TestApplication, request []byte) job.Job
 func CreateJobViaWeb2(t testing.TB, app *TestApplication, spec string) webpresenters.JobResource {
 	t.Helper()
 
-	client := app.NewHTTPClient(APIEmailAdmin)
+	client := app.NewHTTPClient(&User{})
 	resp, cleanup := client.Post("/v2/jobs", bytes.NewBufferString(spec))
 	defer cleanup()
 	AssertServerResponse(t, resp, http.StatusOK)
@@ -817,7 +836,7 @@ func CreateJobViaWeb2(t testing.TB, app *TestApplication, spec string) webpresen
 func DeleteJobViaWeb(t testing.TB, app *TestApplication, jobID int32) {
 	t.Helper()
 
-	client := app.NewHTTPClient(APIEmailAdmin)
+	client := app.NewHTTPClient(&User{})
 	resp, cleanup := client.Delete(fmt.Sprintf("/v2/jobs/%v", jobID))
 	defer cleanup()
 	AssertServerResponse(t, resp, http.StatusNoContent)
@@ -866,7 +885,7 @@ func CreateJobRunViaUser(
 	t.Helper()
 
 	bodyBuf := bytes.NewBufferString(body)
-	client := app.NewHTTPClient(APIEmailAdmin)
+	client := app.NewHTTPClient(&User{})
 	resp, cleanup := client.Post("/v2/jobs/"+jobID.String()+"/runs", bodyBuf)
 	defer cleanup()
 	AssertServerResponse(t, resp, 200)
@@ -885,7 +904,7 @@ func CreateExternalInitiatorViaWeb(
 ) *webpresenters.ExternalInitiatorAuthentication {
 	t.Helper()
 
-	client := app.NewHTTPClient(APIEmailAdmin)
+	client := app.NewHTTPClient(&User{})
 	resp, cleanup := client.Post(
 		"/v2/external_initiators",
 		bytes.NewBufferString(payload),
diff --git a/core/internal/testutils/configtest/v2/general_config.go b/core/internal/testutils/configtest/v2/general_config.go
index 34843c740d6..febbb367bd5 100644
--- a/core/internal/testutils/configtest/v2/general_config.go
+++ b/core/internal/testutils/configtest/v2/general_config.go
@@ -50,6 +50,7 @@ func overrides(c *chainlink.Config, s *chainlink.Secrets) {
 	c.Database.MaxIdleConns = ptr[int64](20)
 	c.Database.MaxOpenConns = ptr[int64](20)
 	c.Database.MigrateOnStartup = ptr(false)
+	c.Database.DefaultLockTimeout = models.MustNewDuration(1 * time.Minute)
 
 	c.JobPipeline.ReaperInterval = models.MustNewDuration(0)
 
diff --git a/core/services/job/runner_integration_test.go b/core/services/job/runner_integration_test.go
index da670f99a79..a886c52f283 100644
--- a/core/services/job/runner_integration_test.go
+++ b/core/services/job/runner_integration_test.go
@@ -911,7 +911,7 @@ func TestRunner_Success_Callback_AsyncJob(t *testing.T) {
 		{
 			url, err := url.Parse(responseURL)
 			require.NoError(t, err)
-			client := app.NewHTTPClient(cltest.APIEmailAdmin)
+			client := app.NewHTTPClient(&cltest.User{})
 			body := strings.NewReader(`{"value": {"data":{"result":"123.45"}}}`)
 			response, cleanup := client.Patch(url.Path, body)
 			defer cleanup()
@@ -1092,7 +1092,7 @@ func TestRunner_Error_Callback_AsyncJob(t *testing.T) {
 		{
 			url, err := url.Parse(responseURL)
 			require.NoError(t, err)
-			client := app.NewHTTPClient(cltest.APIEmailAdmin)
+			client := app.NewHTTPClient(&cltest.User{})
 			body := strings.NewReader(`{"error": "something exploded in EA"}`)
 			response, cleanup := client.Patch(url.Path, body)
 			defer cleanup()
diff --git a/core/web/auth/auth_test.go b/core/web/auth/auth_test.go
index 1adfeadfb17..ce369fce1b2 100644
--- a/core/web/auth/auth_test.go
+++ b/core/web/auth/auth_test.go
@@ -307,7 +307,7 @@ func TestRBAC_Routemap_Admin(t *testing.T) {
 
 	// Assert all admin routes
 	// no endpoint should return StatusUnauthorized
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	for _, route := range routesRolesMap {
 		func() {
 			var resp *http.Response
@@ -344,9 +344,8 @@ func TestRBAC_Routemap_Edit(t *testing.T) {
 	defer ts.Close()
 
 	// Create a test edit user to work with
-	testUser := cltest.CreateUserWithRole(t, sessions.UserRoleEdit)
-	require.NoError(t, app.SessionORM().CreateUser(&testUser))
-	client := app.NewHTTPClient(testUser.Email)
+	u := &cltest.User{Role: sessions.UserRoleEdit}
+	client := app.NewHTTPClient(u)
 
 	// Assert all edit routes
 	for _, route := range routesRolesMap {
@@ -392,9 +391,8 @@ func TestRBAC_Routemap_Run(t *testing.T) {
 	defer ts.Close()
 
 	// Create a test run user to work with
-	testUser := cltest.CreateUserWithRole(t, sessions.UserRoleRun)
-	require.NoError(t, app.SessionORM().CreateUser(&testUser))
-	client := app.NewHTTPClient(testUser.Email)
+	u := &cltest.User{Role: sessions.UserRoleRun}
+	client := app.NewHTTPClient(u)
 
 	// Assert all run routes
 	for _, route := range routesRolesMap {
@@ -440,9 +438,8 @@ func TestRBAC_Routemap_ViewOnly(t *testing.T) {
 	defer ts.Close()
 
 	// Create a test run user to work with
-	testUser := cltest.CreateUserWithRole(t, sessions.UserRoleView)
-	require.NoError(t, app.SessionORM().CreateUser(&testUser))
-	client := app.NewHTTPClient(testUser.Email)
+	u := &cltest.User{Role: sessions.UserRoleView}
+	client := app.NewHTTPClient(u)
 
 	// Assert all view only routes
 	for i, route := range routesRolesMap {
diff --git a/core/web/bridge_types_controller_test.go b/core/web/bridge_types_controller_test.go
index 75baa8b9b46..c875df94539 100644
--- a/core/web/bridge_types_controller_test.go
+++ b/core/web/bridge_types_controller_test.go
@@ -134,7 +134,7 @@ func TestValidateBridgeNotExist(t *testing.T) {
 
 func BenchmarkBridgeTypesController_Index(b *testing.B) {
 	app := cltest.NewApplication(b)
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	b.ResetTimer()
 	for n := 0; n < b.N; n++ {
@@ -149,7 +149,7 @@ func TestBridgeTypesController_Index(t *testing.T) {
 
 	app := cltest.NewApplication(t)
 	require.NoError(t, app.Start(testutils.Context(t)))
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	bt, err := setupBridgeControllerIndex(t, app.BridgeORM())
 	assert.NoError(t, err)
@@ -217,7 +217,7 @@ func TestBridgeTypesController_Create_Success(t *testing.T) {
 
 	app := cltest.NewApplication(t)
 	require.NoError(t, app.Start(testutils.Context(t)))
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	resp, cleanup := client.Post(
 		"/v2/bridge_types",
@@ -245,7 +245,7 @@ func TestBridgeTypesController_Update_Success(t *testing.T) {
 
 	app := cltest.NewApplication(t)
 	require.NoError(t, app.Start(testutils.Context(t)))
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	bridgeName := testutils.RandomizeName("BRidgea")
 	bt := &bridges.BridgeType{
@@ -271,7 +271,7 @@ func TestBridgeController_Show(t *testing.T) {
 	app := cltest.NewApplication(t)
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	bt := &bridges.BridgeType{
 		Name:          bridges.MustParseBridgeName(testutils.RandomizeName("showbridge")),
@@ -301,7 +301,7 @@ func TestBridgeTypesController_Create_AdapterExistsError(t *testing.T) {
 	app := cltest.NewApplication(t)
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	resp, cleanup := client.Post(
 		"/v2/bridge_types",
@@ -317,7 +317,7 @@ func TestBridgeTypesController_Create_BindJSONError(t *testing.T) {
 	app := cltest.NewApplication(t)
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	resp, cleanup := client.Post(
 		"/v2/bridge_types",
@@ -333,7 +333,7 @@ func TestBridgeTypesController_Create_DatabaseError(t *testing.T) {
 	app := cltest.NewApplication(t)
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	resp, cleanup := client.Post(
 		"/v2/bridge_types",
diff --git a/core/web/build_info_controller_test.go b/core/web/build_info_controller_test.go
index 96e7758363d..9a71951ed3d 100644
--- a/core/web/build_info_controller_test.go
+++ b/core/web/build_info_controller_test.go
@@ -18,7 +18,7 @@ func TestBuildInfoController_Show_APICredentials(t *testing.T) {
 	app := cltest.NewApplicationEVMDisabled(t)
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	resp, cleanup := client.Get("/v2/build_info")
 	defer cleanup()
diff --git a/core/web/cors_test.go b/core/web/cors_test.go
index 760b9066902..120a27c645b 100644
--- a/core/web/cors_test.go
+++ b/core/web/cors_test.go
@@ -29,7 +29,7 @@ func TestCors_DefaultOrigins(t *testing.T) {
 		t.Run(test.origin, func(t *testing.T) {
 			app := cltest.NewApplicationWithConfig(t, config)
 
-			client := app.NewHTTPClient(cltest.APIEmailAdmin)
+			client := app.NewHTTPClient(&cltest.User{})
 
 			headers := map[string]string{"Origin": test.origin}
 			resp, cleanup := client.Get("/v2/chains/evm", headers)
@@ -61,7 +61,7 @@ func TestCors_OverrideOrigins(t *testing.T) {
 			})
 			app := cltest.NewApplicationWithConfig(t, config)
 
-			client := app.NewHTTPClient(cltest.APIEmailAdmin)
+			client := app.NewHTTPClient(&cltest.User{})
 
 			headers := map[string]string{"Origin": test.origin}
 			resp, cleanup := client.Get("/v2/chains/evm", headers)
diff --git a/core/web/cosmos_chains_controller_test.go b/core/web/cosmos_chains_controller_test.go
index 3fc42f3d860..f443fb64228 100644
--- a/core/web/cosmos_chains_controller_test.go
+++ b/core/web/cosmos_chains_controller_test.go
@@ -185,7 +185,7 @@ func setupCosmosChainsControllerTestV2(t *testing.T, cfgs ...*cosmos.CosmosConfi
 	app := cltest.NewApplicationWithConfig(t, cfg)
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	return &TestCosmosChainsController{
 		app:    app,
diff --git a/core/web/cosmos_keys_controller_test.go b/core/web/cosmos_keys_controller_test.go
index b5f3ba82973..479ee686d57 100644
--- a/core/web/cosmos_keys_controller_test.go
+++ b/core/web/cosmos_keys_controller_test.go
@@ -41,7 +41,7 @@ func TestCosmosKeysController_Create_HappyPath(t *testing.T) {
 
 	app := cltest.NewApplicationEVMDisabled(t)
 	require.NoError(t, app.Start(testutils.Context(t)))
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	keyStore := app.GetKeyStore()
 
 	response, cleanup := client.Post("/v2/keys/cosmos", nil)
@@ -98,7 +98,7 @@ func setupCosmosKeysControllerTests(t *testing.T) (cltest.HTTPClientCleaner, key
 	require.NoError(t, app.Start(testutils.Context(t)))
 	require.NoError(t, app.KeyStore.Cosmos().Add(cltest.DefaultCosmosKey))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	return client, app.GetKeyStore()
 }
diff --git a/core/web/dkgencrypt_keys_controller_test.go b/core/web/dkgencrypt_keys_controller_test.go
index 605d6f00087..5d8b1ab2328 100644
--- a/core/web/dkgencrypt_keys_controller_test.go
+++ b/core/web/dkgencrypt_keys_controller_test.go
@@ -103,7 +103,7 @@ func setupDKGEncryptKeysControllerTests(t *testing.T) (cltest.HTTPClientCleaner,
 	require.NoError(t, app.Start(testutils.Context(t)))
 	require.NoError(t, app.KeyStore.DKGEncrypt().Add(cltest.DefaultDKGEncryptKey))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	return client, app.GetKeyStore()
 }
diff --git a/core/web/dkgsign_keys_controller_test.go b/core/web/dkgsign_keys_controller_test.go
index ee5be661fc1..0d6d167df99 100644
--- a/core/web/dkgsign_keys_controller_test.go
+++ b/core/web/dkgsign_keys_controller_test.go
@@ -103,7 +103,7 @@ func setupDKGSignKeysControllerTests(t *testing.T) (cltest.HTTPClientCleaner, ke
 	require.NoError(t, app.Start(testutils.Context(t)))
 	require.NoError(t, app.KeyStore.DKGSign().Add(cltest.DefaultDKGSignKey))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	return client, app.GetKeyStore()
 }
diff --git a/core/web/eth_keys_controller_test.go b/core/web/eth_keys_controller_test.go
index 104e487b207..c36ca0aeb5a 100644
--- a/core/web/eth_keys_controller_test.go
+++ b/core/web/eth_keys_controller_test.go
@@ -56,7 +56,7 @@ func TestETHKeysController_Index_Success(t *testing.T) {
 
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	resp, cleanup := client.Get("/v2/keys/evm")
 	defer cleanup()
 	require.Equal(t, http.StatusOK, resp.StatusCode)
@@ -100,7 +100,7 @@ func TestETHKeysController_Index_Errors(t *testing.T) {
 
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	resp, cleanup := client.Get("/v2/keys/eth")
 	defer cleanup()
 	require.Equal(t, http.StatusOK, resp.StatusCode)
@@ -134,7 +134,7 @@ func TestETHKeysController_Index_Disabled(t *testing.T) {
 
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	resp, cleanup := client.Get("/v2/keys/eth")
 	defer cleanup()
 	require.Equal(t, http.StatusOK, resp.StatusCode)
@@ -169,7 +169,7 @@ func TestETHKeysController_Index_NotDev(t *testing.T) {
 	app := cltest.NewApplicationWithConfigAndKey(t, cfg, ethClient)
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	resp, cleanup := client.Get("/v2/keys/eth")
 	defer cleanup()
 	require.Equal(t, http.StatusOK, resp.StatusCode)
@@ -194,7 +194,7 @@ func TestETHKeysController_Index_NoAccounts(t *testing.T) {
 	app := cltest.NewApplication(t)
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	resp, cleanup := client.Get("/v2/keys/eth")
 	defer cleanup()
@@ -224,7 +224,7 @@ func TestETHKeysController_CreateSuccess(t *testing.T) {
 	linkBalance := assets.NewLinkFromJuels(42)
 	ethClient.On("LINKBalance", mock.Anything, mock.Anything, mock.Anything).Return(linkBalance, nil)
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	require.NoError(t, app.Start(testutils.Context(t)))
 
@@ -266,7 +266,7 @@ func TestETHKeysController_ChainSuccess_UpdateNonce(t *testing.T) {
 
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	chainURL := url.URL{Path: "/v2/keys/evm/chain"}
 	query := chainURL.Query()
 
@@ -310,7 +310,7 @@ func TestETHKeysController_ChainSuccess_Disable(t *testing.T) {
 
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	chainURL := url.URL{Path: "/v2/keys/evm/chain"}
 	query := chainURL.Query()
 
@@ -354,7 +354,7 @@ func TestETHKeysController_ChainSuccess_Enable(t *testing.T) {
 
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	chainURL := url.URL{Path: "/v2/keys/evm/chain"}
 	query := chainURL.Query()
 
@@ -418,7 +418,7 @@ func TestETHKeysController_ChainSuccess_ResetWithAbandon(t *testing.T) {
 	require.NoError(t, err)
 	assert.Equal(t, 0, count)
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	chainURL := url.URL{Path: "/v2/keys/evm/chain"}
 	query := chainURL.Query()
 
@@ -463,7 +463,7 @@ func TestETHKeysController_ChainFailure_InvalidAbandon(t *testing.T) {
 
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	chainURL := url.URL{Path: "/v2/keys/evm/chain"}
 	query := chainURL.Query()
 
@@ -497,7 +497,7 @@ func TestETHKeysController_ChainFailure_InvalidEnabled(t *testing.T) {
 
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	chainURL := url.URL{Path: "/v2/keys/evm/chain"}
 	query := chainURL.Query()
 
@@ -528,7 +528,7 @@ func TestETHKeysController_ChainFailure_InvalidAddress(t *testing.T) {
 
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	chainURL := url.URL{Path: "/v2/keys/evm/chain"}
 	query := chainURL.Query()
 
@@ -558,7 +558,7 @@ func TestETHKeysController_ChainFailure_MissingAddress(t *testing.T) {
 
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	chainURL := url.URL{Path: "/v2/keys/evm/chain"}
 	query := chainURL.Query()
 
@@ -588,7 +588,7 @@ func TestETHKeysController_ChainFailure_InvalidChainID(t *testing.T) {
 
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	chainURL := url.URL{Path: "/v2/keys/evm/chain"}
 	query := chainURL.Query()
 
@@ -621,7 +621,7 @@ func TestETHKeysController_ChainFailure_MissingChainID(t *testing.T) {
 
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	chainURL := url.URL{Path: "/v2/keys/evm/chain"}
 	query := chainURL.Query()
 
@@ -654,7 +654,7 @@ func TestETHKeysController_ChainFailure_InvalidNonce(t *testing.T) {
 
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	chainURL := url.URL{Path: "/v2/keys/evm/chain"}
 	query := chainURL.Query()
 
@@ -690,7 +690,7 @@ func TestETHKeysController_DeleteSuccess(t *testing.T) {
 
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	chainURL := url.URL{Path: "/v2/keys/evm/" + addr0.Hex()}
 	resp, cleanup := client.Delete(chainURL.String())
 	defer cleanup()
@@ -732,7 +732,7 @@ func TestETHKeysController_DeleteFailure_InvalidAddress(t *testing.T) {
 
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	chainURL := url.URL{Path: "/v2/keys/evm" + "/bad_address"}
 
 	resp, cleanup := client.Delete(chainURL.String())
@@ -753,7 +753,7 @@ func TestETHKeysController_DeleteFailure_KeyMissing(t *testing.T) {
 
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	chainURL := url.URL{Path: "/v2/keys/evm/" + testutils.NewAddress().Hex()}
 
 	resp, cleanup := client.Delete(chainURL.String())
diff --git a/core/web/evm_chains_controller_test.go b/core/web/evm_chains_controller_test.go
index 6c779868d1b..02e493a43b2 100644
--- a/core/web/evm_chains_controller_test.go
+++ b/core/web/evm_chains_controller_test.go
@@ -204,7 +204,7 @@ func setupEVMChainsControllerTest(t *testing.T, cfg chainlink.GeneralConfig) *Te
 	app := cltest.NewApplicationWithConfig(t, cfg)
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	return &TestEVMChainsController{
 		app:    app,
diff --git a/core/web/evm_forwarders_controller_test.go b/core/web/evm_forwarders_controller_test.go
index 705fce05c02..8927c014022 100644
--- a/core/web/evm_forwarders_controller_test.go
+++ b/core/web/evm_forwarders_controller_test.go
@@ -32,7 +32,7 @@ func setupEVMForwardersControllerTest(t *testing.T, overrideFn func(c *chainlink
 	app := cltest.NewApplicationWithConfig(t, configtest.NewGeneralConfig(t, overrideFn))
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	return &TestEVMForwardersController{
 		app:    app,
diff --git a/core/web/evm_transactions_controller_test.go b/core/web/evm_transactions_controller_test.go
index 475bb778300..951d9d99259 100644
--- a/core/web/evm_transactions_controller_test.go
+++ b/core/web/evm_transactions_controller_test.go
@@ -27,7 +27,7 @@ func TestTransactionsController_Index_Success(t *testing.T) {
 	db := app.GetSqlxDB()
 	txStore := cltest.NewTestTxStore(t, app.GetSqlxDB(), app.GetConfig().Database())
 	ethKeyStore := cltest.NewKeyStore(t, db, app.Config.Database()).Eth()
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	_, from := cltest.MustInsertRandomKey(t, ethKeyStore, 0)
 
 	cltest.MustInsertConfirmedEthTxWithLegacyAttempt(t, txStore, 0, 1, from)        // tx1
@@ -69,7 +69,7 @@ func TestTransactionsController_Index_Error(t *testing.T) {
 	app := cltest.NewApplicationWithKey(t)
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	resp, cleanup := client.Get("/v2/transactions?size=TrainingDay")
 	t.Cleanup(cleanup)
 	cltest.AssertServerResponse(t, resp, 422)
@@ -82,7 +82,7 @@ func TestTransactionsController_Show_Success(t *testing.T) {
 	require.NoError(t, app.Start(testutils.Context(t)))
 
 	txStore := cltest.NewTestTxStore(t, app.GetSqlxDB(), app.GetConfig().Database())
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	_, from := cltest.MustInsertRandomKey(t, app.KeyStore.Eth(), 0)
 
 	tx := cltest.MustInsertUnconfirmedEthTxWithBroadcastLegacyAttempt(t, txStore, 1, from)
@@ -115,7 +115,7 @@ func TestTransactionsController_Show_NotFound(t *testing.T) {
 	require.NoError(t, app.Start(testutils.Context(t)))
 
 	txStore := cltest.NewTestTxStore(t, app.GetSqlxDB(), app.GetConfig().Database())
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	_, from := cltest.MustInsertRandomKey(t, app.KeyStore.Eth(), 0)
 	tx := cltest.MustInsertUnconfirmedEthTxWithBroadcastLegacyAttempt(t, txStore, 1, from)
 	require.Len(t, tx.TxAttempts, 1)
diff --git a/core/web/evm_transfer_controller_test.go b/core/web/evm_transfer_controller_test.go
index 70d4c7d5e0b..8b44b3eb6b6 100644
--- a/core/web/evm_transfer_controller_test.go
+++ b/core/web/evm_transfer_controller_test.go
@@ -45,7 +45,7 @@ func TestTransfersController_CreateSuccess_From(t *testing.T) {
 	app := cltest.NewApplicationWithKey(t, ethClient, key)
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	amount, err := assets.NewEthValueS("100")
 	require.NoError(t, err)
@@ -87,7 +87,7 @@ func TestTransfersController_CreateSuccess_From_WEI(t *testing.T) {
 	app := cltest.NewApplicationWithKey(t, ethClient, key)
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	amount := assets.NewEthValue(1000000000000000000)
 
@@ -132,7 +132,7 @@ func TestTransfersController_CreateSuccess_From_BalanceMonitorDisabled(t *testin
 	app := cltest.NewApplicationWithConfigAndKey(t, config, ethClient, key)
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	amount, err := assets.NewEthValueS("100")
 	require.NoError(t, err)
@@ -167,7 +167,7 @@ func TestTransfersController_TransferZeroAddressError(t *testing.T) {
 	amount, err := assets.NewEthValueS("100")
 	require.NoError(t, err)
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	request := models.SendEtherRequest{
 		DestinationAddress: common.HexToAddress("0xFA01FA015C8A5332987319823728982379128371"),
 		FromAddress:        common.HexToAddress("0x0000000000000000000000000000000000000000"),
@@ -197,7 +197,7 @@ func TestTransfersController_TransferBalanceToLowError(t *testing.T) {
 	app := cltest.NewApplicationWithKey(t, ethClient, key)
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	amount, err := assets.NewEthValueS("100")
 	require.NoError(t, err)
@@ -235,7 +235,7 @@ func TestTransfersController_TransferBalanceToLowError_ZeroBalance(t *testing.T)
 	app := cltest.NewApplicationWithKey(t, ethClient, key)
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	amount, err := assets.NewEthValueS("100")
 	require.NoError(t, err)
@@ -263,7 +263,7 @@ func TestTransfersController_JSONBindingError(t *testing.T) {
 	app := cltest.NewApplicationWithKey(t)
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	resp, cleanup := client.Post("/v2/transfers", bytes.NewBuffer([]byte(`{"address":""}`)))
 	t.Cleanup(cleanup)
@@ -297,7 +297,7 @@ func TestTransfersController_CreateSuccess_eip1559(t *testing.T) {
 	app := cltest.NewApplicationWithConfigAndKey(t, config, ethClient, key)
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	amount, err := assets.NewEthValueS("100")
 	require.NoError(t, err)
diff --git a/core/web/evm_tx_attempts_controller_test.go b/core/web/evm_tx_attempts_controller_test.go
index 9fd19cb10fe..abf80add213 100644
--- a/core/web/evm_tx_attempts_controller_test.go
+++ b/core/web/evm_tx_attempts_controller_test.go
@@ -21,7 +21,7 @@ func TestTxAttemptsController_Index_Success(t *testing.T) {
 	require.NoError(t, app.Start(testutils.Context(t)))
 
 	txStore := cltest.NewTestTxStore(t, app.GetSqlxDB(), app.GetConfig().Database())
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	_, from := cltest.MustInsertRandomKey(t, app.KeyStore.Eth(), 0)
 
@@ -51,7 +51,7 @@ func TestTxAttemptsController_Index_Error(t *testing.T) {
 	app := cltest.NewApplicationWithKey(t)
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	resp, cleanup := client.Get("/v2/tx_attempts?size=TrainingDay")
 	t.Cleanup(cleanup)
 	cltest.AssertServerResponse(t, resp, 422)
diff --git a/core/web/external_initiators_controller_test.go b/core/web/external_initiators_controller_test.go
index 5fb8969d265..bc7d46a4f91 100644
--- a/core/web/external_initiators_controller_test.go
+++ b/core/web/external_initiators_controller_test.go
@@ -74,7 +74,7 @@ func TestExternalInitiatorsController_Index(t *testing.T) {
 		}))
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	db := app.GetSqlxDB()
 	borm := bridges.NewORM(db, logger.TestLogger(t), app.GetConfig().Database())
@@ -140,7 +140,7 @@ func TestExternalInitiatorsController_Create_success(t *testing.T) {
 		}))
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	resp, cleanup := client.Post("/v2/external_initiators",
 		bytes.NewBufferString(`{"name":"bitcoin","url":"http://without.a.name"}`),
@@ -168,7 +168,7 @@ func TestExternalInitiatorsController_Create_without_URL(t *testing.T) {
 		}))
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	resp, cleanup := client.Post("/v2/external_initiators",
 		bytes.NewBufferString(`{"name":"no-url"}`),
@@ -196,7 +196,7 @@ func TestExternalInitiatorsController_Create_invalid(t *testing.T) {
 		}))
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	resp, cleanup := client.Post("/v2/external_initiators",
 		bytes.NewBufferString(`{"url":"http://without.a.name"}`),
@@ -220,7 +220,7 @@ func TestExternalInitiatorsController_Delete(t *testing.T) {
 	err := app.BridgeORM().CreateExternalInitiator(&exi)
 	require.NoError(t, err)
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	resp, cleanup := client.Delete("/v2/external_initiators/" + exi.Name)
 	t.Cleanup(cleanup)
@@ -236,7 +236,7 @@ func TestExternalInitiatorsController_DeleteNotFound(t *testing.T) {
 		}))
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	tests := []struct {
 		Name string
diff --git a/core/web/features_controller_test.go b/core/web/features_controller_test.go
index 82b68bcbac5..33520093347 100644
--- a/core/web/features_controller_test.go
+++ b/core/web/features_controller_test.go
@@ -21,7 +21,7 @@ func Test_FeaturesController_List(t *testing.T) {
 		c.Feature.UICSAKeys = &csa
 	}))
 	require.NoError(t, app.Start(testutils.Context(t)))
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	resp, cleanup := client.Get("/v2/features")
 	t.Cleanup(cleanup)
diff --git a/core/web/health_controller_test.go b/core/web/health_controller_test.go
index 020038b2f3f..5f915dfedce 100644
--- a/core/web/health_controller_test.go
+++ b/core/web/health_controller_test.go
@@ -40,7 +40,7 @@ func TestHealthController_Readyz(t *testing.T) {
 			app.HealthChecker = healthChecker
 			require.NoError(t, app.Start(testutils.Context(t)))
 
-			client := app.NewHTTPClient(cltest.APIEmailAdmin)
+			client := app.NewHTTPClient(&cltest.User{})
 			resp, cleanup := client.Get("/readyz")
 			t.Cleanup(cleanup)
 			assert.Equal(t, tc.status, resp.StatusCode)
diff --git a/core/web/jobs_controller_test.go b/core/web/jobs_controller_test.go
index d6d3f459a8a..f18fcdd8c29 100644
--- a/core/web/jobs_controller_test.go
+++ b/core/web/jobs_controller_test.go
@@ -359,7 +359,7 @@ func TestJobsController_Create_WebhookSpec(t *testing.T) {
 	_, fetchBridge := cltest.MustCreateBridge(t, app.GetSqlxDB(), cltest.BridgeOpts{}, app.GetConfig().Database())
 	_, submitBridge := cltest.MustCreateBridge(t, app.GetSqlxDB(), cltest.BridgeOpts{}, app.GetConfig().Database())
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	tomlStr := fmt.Sprintf(testspecs.WebhookSpecNoBody, fetchBridge.Name.String(), submitBridge.Name.String())
 	body, _ := json.Marshal(web.CreateJobRequest{
@@ -382,7 +382,7 @@ func TestJobsController_FailToCreate_EmptyJsonAttribute(t *testing.T) {
 	app := cltest.NewApplicationEVMDisabled(t)
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	tomlBytes := cltest.MustReadFile(t, "../testdata/tomlspecs/webhook-job-spec-with-empty-json.toml")
 	body, _ := json.Marshal(web.CreateJobRequest{
@@ -493,7 +493,7 @@ func TestJobsController_Update_HappyPath(t *testing.T) {
 	_, bridge := cltest.MustCreateBridge(t, app.GetSqlxDB(), cltest.BridgeOpts{}, app.GetConfig().Database())
 	_, bridge2 := cltest.MustCreateBridge(t, app.GetSqlxDB(), cltest.BridgeOpts{}, app.GetConfig().Database())
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	var jb job.Job
 	ocrspec := testspecs.GenerateOCRSpec(testspecs.OCRSpecParams{
@@ -555,7 +555,7 @@ func TestJobsController_Update_NonExistentID(t *testing.T) {
 	_, bridge := cltest.MustCreateBridge(t, app.GetSqlxDB(), cltest.BridgeOpts{}, app.GetConfig().Database())
 	_, bridge2 := cltest.MustCreateBridge(t, app.GetSqlxDB(), cltest.BridgeOpts{}, app.GetConfig().Database())
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	var jb job.Job
 	ocrspec := testspecs.GenerateOCRSpec(testspecs.OCRSpecParams{
@@ -635,7 +635,7 @@ func setupJobsControllerTests(t *testing.T) (ta *cltest.TestApplication, cc clte
 	app := cltest.NewApplicationWithConfigAndKey(t, cfg, cltest.DefaultP2PKey)
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	vrfKeyStore := app.GetKeyStore().VRF()
 	_, err := vrfKeyStore.Create()
 	require.NoError(t, err)
@@ -656,7 +656,7 @@ func setupJobSpecsControllerTestsWithJobs(t *testing.T) (*cltest.TestApplication
 	_, bridge := cltest.MustCreateBridge(t, app.GetSqlxDB(), cltest.BridgeOpts{}, app.GetConfig().Database())
 	_, bridge2 := cltest.MustCreateBridge(t, app.GetSqlxDB(), cltest.BridgeOpts{}, app.GetConfig().Database())
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	var jb job.Job
 	ocrspec := testspecs.GenerateOCRSpec(testspecs.OCRSpecParams{DS1BridgeName: bridge.Name.String(), DS2BridgeName: bridge2.Name.String(), EVMChainID: testutils.FixtureChainID.String()})
diff --git a/core/web/log_controller_test.go b/core/web/log_controller_test.go
index 7a427bcb8ea..029dc4e8d3f 100644
--- a/core/web/log_controller_test.go
+++ b/core/web/log_controller_test.go
@@ -41,7 +41,7 @@ func TestLogController_GetLogConfig(t *testing.T) {
 	app := cltest.NewApplicationWithConfig(t, cfg)
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	resp, err := client.HTTPClient.Get("/v2/log")
 	require.NoError(t, err)
@@ -112,7 +112,7 @@ func TestLogController_PatchLogConfig(t *testing.T) {
 		t.Run(tc.Description, func(t *testing.T) {
 			app := cltest.NewApplicationEVMDisabled(t)
 			require.NoError(t, app.Start(testutils.Context(t)))
-			client := app.NewHTTPClient(cltest.APIEmailAdmin)
+			client := app.NewHTTPClient(&cltest.User{})
 
 			request := web.LogPatchRequest{Level: tc.logLevel, SqlEnabled: tc.logSql}
 
diff --git a/core/web/loop_registry_test.go b/core/web/loop_registry_test.go
index 58a88dad21d..848579214f3 100644
--- a/core/web/loop_registry_test.go
+++ b/core/web/loop_registry_test.go
@@ -96,7 +96,7 @@ func TestLoopRegistry(t *testing.T) {
 	defer mockLoop.close()
 	mockLoop.run()
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	t.Run("discovery endpoint", func(t *testing.T) {
 		// under the covers this is routing thru the app into loop registry
diff --git a/core/web/ocr2_keys_controller_test.go b/core/web/ocr2_keys_controller_test.go
index 418510cea1d..f69ed41f9dd 100644
--- a/core/web/ocr2_keys_controller_test.go
+++ b/core/web/ocr2_keys_controller_test.go
@@ -101,7 +101,7 @@ func setupOCR2KeysControllerTests(t *testing.T) (cltest.HTTPClientCleaner, keyst
 
 	app := cltest.NewApplicationEVMDisabled(t)
 	require.NoError(t, app.Start(testutils.Context(t)))
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	require.NoError(t, app.KeyStore.OCR2().Add(cltest.DefaultOCR2Key))
 
diff --git a/core/web/ocr_keys_controller_test.go b/core/web/ocr_keys_controller_test.go
index 94a8ad8d079..911947fcb72 100644
--- a/core/web/ocr_keys_controller_test.go
+++ b/core/web/ocr_keys_controller_test.go
@@ -89,7 +89,7 @@ func setupOCRKeysControllerTests(t *testing.T) (cltest.HTTPClientCleaner, keysto
 
 	app := cltest.NewApplicationEVMDisabled(t)
 	require.NoError(t, app.Start(testutils.Context(t)))
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	require.NoError(t, app.KeyStore.OCR().Add(cltest.DefaultOCRKey))
 
diff --git a/core/web/p2p_keys_controller_test.go b/core/web/p2p_keys_controller_test.go
index 2eb3e4e95ff..4df5f4d91b2 100644
--- a/core/web/p2p_keys_controller_test.go
+++ b/core/web/p2p_keys_controller_test.go
@@ -43,7 +43,7 @@ func TestP2PKeysController_Create_HappyPath(t *testing.T) {
 
 	app := cltest.NewApplicationEVMDisabled(t)
 	require.NoError(t, app.Start(testutils.Context(t)))
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	keyStore := app.GetKeyStore()
 
 	response, cleanup := client.Post("/v2/keys/p2p", nil)
@@ -115,7 +115,7 @@ func setupP2PKeysControllerTests(t *testing.T) (cltest.HTTPClientCleaner, keysto
 	require.NoError(t, app.KeyStore.OCR().Add(cltest.DefaultOCRKey))
 	require.NoError(t, app.KeyStore.P2P().Add(cltest.DefaultP2PKey))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	return client, app.GetKeyStore()
 }
diff --git a/core/web/ping_controller_test.go b/core/web/ping_controller_test.go
index a8e6c2058f9..0040f7dfdad 100644
--- a/core/web/ping_controller_test.go
+++ b/core/web/ping_controller_test.go
@@ -22,7 +22,7 @@ func TestPingController_Show_APICredentials(t *testing.T) {
 	app := cltest.NewApplicationEVMDisabled(t)
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	resp, cleanup := client.Get("/v2/ping")
 	defer cleanup()
diff --git a/core/web/pipeline_runs_controller_test.go b/core/web/pipeline_runs_controller_test.go
index 4637b1836bf..8e53384856d 100644
--- a/core/web/pipeline_runs_controller_test.go
+++ b/core/web/pipeline_runs_controller_test.go
@@ -69,7 +69,7 @@ func TestPipelineRunsController_CreateWithBody_HappyPath(t *testing.T) {
 
 	// Make the request
 	{
-		client := app.NewHTTPClient(cltest.APIEmailAdmin)
+		client := app.NewHTTPClient(&cltest.User{})
 		body := strings.NewReader(`{"data":{"result":"123.45"}}`)
 		response, cleanup := client.Post("/v2/jobs/"+uuid.String()+"/runs", body)
 		defer cleanup()
@@ -130,7 +130,7 @@ func TestPipelineRunsController_CreateNoBody_HappyPath(t *testing.T) {
 
 	// Make the request (authorized as user)
 	{
-		client := app.NewHTTPClient(cltest.APIEmailAdmin)
+		client := app.NewHTTPClient(&cltest.User{})
 		response, cleanup := client.Post("/v2/jobs/"+uuid.String()+"/runs", nil)
 		defer cleanup()
 		cltest.AssertServerResponse(t, response, http.StatusOK)
@@ -243,7 +243,7 @@ func TestPipelineRunsController_ShowRun_InvalidID(t *testing.T) {
 	t.Parallel()
 	app := cltest.NewApplicationEVMDisabled(t)
 	require.NoError(t, app.Start(testutils.Context(t)))
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	response, cleanup := client.Get("/v2/jobs/1/runs/invalid-run-ID")
 	defer cleanup()
@@ -263,7 +263,7 @@ func setupPipelineRunsControllerTests(t *testing.T) (cltest.HTTPClientCleaner, i
 	app := cltest.NewApplicationWithConfigAndKey(t, cfg, ethClient, cltest.DefaultP2PKey)
 	require.NoError(t, app.Start(testutils.Context(t)))
 	require.NoError(t, app.KeyStore.OCR().Add(cltest.DefaultOCRKey))
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	key, _ := cltest.MustInsertRandomKey(t, app.KeyStore.Eth())
 
diff --git a/core/web/router_test.go b/core/web/router_test.go
index 05d8141f71a..424ef4296f4 100644
--- a/core/web/router_test.go
+++ b/core/web/router_test.go
@@ -39,7 +39,7 @@ func TestTokenAuthRequired_SessionCredentials(t *testing.T) {
 	ts := httptest.NewServer(router)
 	defer ts.Close()
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	resp, cleanup := client.Post("/v2/bridge_types/", nil)
 	defer cleanup()
 
diff --git a/core/web/solana_chains_controller_test.go b/core/web/solana_chains_controller_test.go
index e6055840804..3112c42856f 100644
--- a/core/web/solana_chains_controller_test.go
+++ b/core/web/solana_chains_controller_test.go
@@ -186,7 +186,7 @@ func setupSolanaChainsControllerTestV2(t *testing.T, cfgs ...*solana.SolanaConfi
 	app := cltest.NewApplicationWithConfig(t, cfg)
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	return &TestSolanaChainsController{
 		app:    app,
diff --git a/core/web/solana_keys_controller_test.go b/core/web/solana_keys_controller_test.go
index cd5f70857cd..b32a844a395 100644
--- a/core/web/solana_keys_controller_test.go
+++ b/core/web/solana_keys_controller_test.go
@@ -41,7 +41,7 @@ func TestSolanaKeysController_Create_HappyPath(t *testing.T) {
 
 	app := cltest.NewApplicationEVMDisabled(t)
 	require.NoError(t, app.Start(testutils.Context(t)))
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	keyStore := app.GetKeyStore()
 
 	response, cleanup := client.Post("/v2/keys/solana", nil)
@@ -99,7 +99,7 @@ func setupSolanaKeysControllerTests(t *testing.T) (cltest.HTTPClientCleaner, key
 	require.NoError(t, app.KeyStore.OCR().Add(cltest.DefaultOCRKey))
 	require.NoError(t, app.KeyStore.Solana().Add(cltest.DefaultSolanaKey))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	return client, app.GetKeyStore()
 }
diff --git a/core/web/starknet_keys_controller_test.go b/core/web/starknet_keys_controller_test.go
index d14216ed4aa..c3337e14d2d 100644
--- a/core/web/starknet_keys_controller_test.go
+++ b/core/web/starknet_keys_controller_test.go
@@ -41,7 +41,7 @@ func TestStarkNetKeysController_Create_HappyPath(t *testing.T) {
 
 	app := cltest.NewApplicationEVMDisabled(t)
 	require.NoError(t, app.Start(testutils.Context(t)))
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	keyStore := app.GetKeyStore()
 
 	response, cleanup := client.Post("/v2/keys/starknet", nil)
@@ -99,7 +99,7 @@ func setupStarkNetKeysControllerTests(t *testing.T) (cltest.HTTPClientCleaner, k
 	require.NoError(t, app.KeyStore.OCR().Add(cltest.DefaultOCRKey))
 	require.NoError(t, app.KeyStore.StarkNet().Add(cltest.DefaultStarkNetKey))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	return client, app.GetKeyStore()
 }
diff --git a/core/web/user_controller_test.go b/core/web/user_controller_test.go
index bde232b1bcf..cdb9c9953da 100644
--- a/core/web/user_controller_test.go
+++ b/core/web/user_controller_test.go
@@ -25,7 +25,8 @@ func TestUserController_UpdatePassword(t *testing.T) {
 	app := cltest.NewApplicationEVMDisabled(t)
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	u := cltest.User{}
+	client := app.NewHTTPClient(&u)
 
 	testCases := []struct {
 		name           string
@@ -56,10 +57,10 @@ func TestUserController_UpdatePassword(t *testing.T) {
 		},
 		{
 			name:           "New password includes api email",
-			reqBody:        fmt.Sprintf(`{"newPassword": "%slonglonglonglong", "oldPassword": "%s"}`, cltest.APIEmailAdmin, cltest.Password),
+			reqBody:        fmt.Sprintf(`{"newPassword": "%slonglonglonglong", "oldPassword": "%s"}`, u.Email, cltest.Password),
 			wantStatusCode: http.StatusUnprocessableEntity,
 			wantErrCount:   1,
-			wantErrMessage: fmt.Sprintf("%s	%s\n", utils.ErrMsgHeader, "password may not contain: \"apiuser@chainlink.test\""),
+			wantErrMessage: fmt.Sprintf("%s	%s%s\n", utils.ErrMsgHeader, "password may not contain: ", fmt.Sprintf(`"%s"`, u.Email)),
 		},
 		{
 			name:           "Success",
@@ -90,7 +91,7 @@ func TestUserController_CreateUser(t *testing.T) {
 	app := cltest.NewApplicationEVMDisabled(t)
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 
 	longPassword := strings.Repeat("x", sessions.MaxBcryptPasswordLength+1)
 
@@ -185,7 +186,8 @@ func TestUserController_UpdateRole(t *testing.T) {
 	app := cltest.NewApplicationEVMDisabled(t)
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	u := cltest.User{}
+	client := app.NewHTTPClient(&u)
 	user := cltest.MustRandomUser(t)
 	err := app.SessionORM().CreateUser(&user)
 	require.NoError(t, err)
@@ -232,7 +234,7 @@ func TestUserController_DeleteUser(t *testing.T) {
 	app := cltest.NewApplicationEVMDisabled(t)
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	user := cltest.MustRandomUser(t)
 	err := app.SessionORM().CreateUser(&user)
 	require.NoError(t, err)
@@ -258,7 +260,7 @@ func TestUserController_NewAPIToken(t *testing.T) {
 	app := cltest.NewApplicationEVMDisabled(t)
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	req, err := json.Marshal(sessions.ChangeAuthTokenRequest{
 		Password: cltest.Password,
 	})
@@ -280,7 +282,7 @@ func TestUserController_NewAPIToken_unauthorized(t *testing.T) {
 	app := cltest.NewApplicationEVMDisabled(t)
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	req, err := json.Marshal(sessions.ChangeAuthTokenRequest{
 		Password: "wrong-password",
 	})
@@ -296,7 +298,7 @@ func TestUserController_DeleteAPIKey(t *testing.T) {
 	app := cltest.NewApplicationEVMDisabled(t)
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	req, err := json.Marshal(sessions.ChangeAuthTokenRequest{
 		Password: cltest.Password,
 	})
@@ -313,7 +315,7 @@ func TestUserController_DeleteAPIKey_unauthorized(t *testing.T) {
 	app := cltest.NewApplicationEVMDisabled(t)
 	require.NoError(t, app.Start(testutils.Context(t)))
 
-	client := app.NewHTTPClient(cltest.APIEmailAdmin)
+	client := app.NewHTTPClient(&cltest.User{})
 	req, err := json.Marshal(sessions.ChangeAuthTokenRequest{
 		Password: "wrong-password",
 	})