diff --git a/src/app/Exceptions/Handler.php b/src/app/Exceptions/Handler.php
index 3b97f12b..0c9a4db9 100644
--- a/src/app/Exceptions/Handler.php
+++ b/src/app/Exceptions/Handler.php
@@ -1,53 +1,61 @@
 <?php
 
 namespace App\Exceptions;
 
 use Exception;
+use Illuminate\Auth\AuthenticationException;
 use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
 
 class Handler extends ExceptionHandler
 {
     /**
      * A list of the exception types that are not reported.
      *
      * @var array
      */
     protected $dontReport = [
         //
     ];
 
     /**
      * A list of the inputs that are never flashed for validation exceptions.
      *
      * @var array
      */
     protected $dontFlash = [
         'password',
         'password_confirmation',
     ];
 
     /**
      * Report or log an exception.
      *
      * @param \Exception $exception
      *
      * @return void
      */
     public function report(Exception $exception)
     {
         parent::report($exception);
     }
 
     /**
      * Render an exception into an HTTP response.
      *
      * @param \Illuminate\Http\Request $request
      * @param \Exception               $exception
      *
      * @return \Illuminate\Http\Response
      */
     public function render($request, Exception $exception)
     {
         return parent::render($request, $exception);
     }
+
+    protected function unauthenticated($request, AuthenticationException $exception)
+    {
+        return $request->expectsJson()
+            ? response()->json(['message' => $exception->getMessage()], 401)
+            : abort(401);
+    }
 }
diff --git a/src/app/Http/Middleware/Authenticate.php b/src/app/Http/Middleware/Authenticate.php
index 041b3cb2..712762e2 100644
--- a/src/app/Http/Middleware/Authenticate.php
+++ b/src/app/Http/Middleware/Authenticate.php
@@ -1,22 +1,26 @@
 <?php
 
 namespace App\Http\Middleware;
 
 use Illuminate\Auth\Middleware\Authenticate as Middleware;
 
 class Authenticate extends Middleware
 {
     /**
      * Get the path the user should be redirected to when they are not authenticated.
      *
      * @param \Illuminate\Http\Request $request
      *
      * @return string
      */
     protected function redirectTo($request)
     {
-        if (! $request->expectsJson()) {
-            return route('login');
-        }
+        // We might want to redirect the user to the login route,
+        // however, I think we should not, as we're using API routes only.
+        // Unauthenticated state response is handled in app/Exceptions/Handler.php
+
+        // if (! $request->expectsJson()) {
+        //     return route('login');
+        // }
     }
 }
diff --git a/src/tests/Feature/Controller/UsersTest.php b/src/tests/Feature/Controller/UsersTest.php
index fb04451e..a8c63ff9 100644
--- a/src/tests/Feature/Controller/UsersTest.php
+++ b/src/tests/Feature/Controller/UsersTest.php
@@ -1,174 +1,176 @@
 <?php
 
 namespace Tests\Feature\Controller;
 
 use App\Http\Controllers\API\UsersController;
 use App\Domain;
 use App\User;
 use Illuminate\Support\Str;
 use Tests\TestCase;
 
 class UsersTest extends TestCase
 {
     /**
      * {@inheritDoc}
      */
     public function setUp(): void
     {
         parent::setUp();
 
         User::where('email', 'UsersControllerTest1@userscontroller.com')->delete();
         Domain::where('namespace', 'userscontroller.com')->delete();
     }
 
     /**
      * Test fetching current user info
      */
     public function testInfo(): void
     {
         $user = $this->getTestUser('UsersControllerTest1@userscontroller.com');
         $domain = $this->getTestDomain('userscontroller.com', [
                 'status' => Domain::STATUS_NEW,
                 'type' => Domain::TYPE_PUBLIC,
         ]);
 
         $response = $this->actingAs($user)->get("api/auth/info");
         $json = $response->json();
 
         $response->assertStatus(200);
         $this->assertEquals($user->id, $json['id']);
         $this->assertEquals($user->email, $json['email']);
         $this->assertEquals(User::STATUS_NEW, $json['status']);
         $this->assertTrue(is_array($json['statusInfo']));
     }
 
     public function testIndex(): void
     {
         $userA = $this->getTestUser('UserEntitlement2A@UserEntitlement.com');
 
         $response = $this->actingAs($userA, 'api')->get("/api/v4/users/{$userA->id}");
 
         $response->assertStatus(200);
         $response->assertJson(['id' => $userA->id]);
 
         $user = factory(User::class)->create();
         $response = $this->actingAs($user)->get("/api/v4/users/{$userA->id}");
         $response->assertStatus(404);
     }
 
     public function testLogin(): string
     {
         $post = ['email' => 'john@kolab.org', 'password' => 'simple123'];
         $response = $this->post("api/auth/login", $post);
         $json = $response->json();
 
         $response->assertStatus(200);
         $this->assertTrue(!empty($json['access_token']));
         $this->assertEquals(\config('jwt.ttl') * 60, $json['expires_in']);
         $this->assertEquals('bearer', $json['token_type']);
 
         return $json['access_token'];
     }
 
     /**
      * Test /api/auth/logout
      *
      * @depends testLogin
      */
     public function testLogout($token): void
     {
         // Request with no token, testing that it requires auth
-        // TODO: This throws some errors and returns unexpected code 500
-        // $response = $this->post("api/auth/logout");
-        // $response->assertStatus(401);
+        $response = $this->post("api/auth/logout");
+        $response->assertStatus(401);
+
+        // Test the same using JSON mode
+        $response = $this->json('POST', "api/auth/logout", []);
+        $response->assertStatus(401);
 
         // Request with valid token
         $response = $this->withHeaders(['Authorization' => 'Bearer ' . $token])->post("api/auth/logout");
+        $response->assertStatus(200);
 
         $json = $response->json();
 
-        $response->assertStatus(200);
         $this->assertEquals('success', $json['status']);
         $this->assertEquals('Successfully logged out', $json['message']);
 
         // Check if it really destroyed the token?
-        // TODO: This throws some errors and returns unexpected code 500
-        // $response = $this->withHeaders(['Authorization' => 'Bearer ' . $token])->get("api/auth/info");
-        // $response->assertStatus(401);
+        $response = $this->withHeaders(['Authorization' => 'Bearer ' . $token])->get("api/auth/info");
+        $response->assertStatus(401);
     }
 
     public function testRefresh(): void
     {
         // TODO
         $this->markTestIncomplete();
     }
 
     public function testStatusInfo(): void
     {
         $user = $this->getTestUser('UsersControllerTest1@userscontroller.com');
         $domain = $this->getTestDomain('userscontroller.com', [
                 'status' => Domain::STATUS_NEW,
                 'type' => Domain::TYPE_PUBLIC,
         ]);
 
         $user->status = User::STATUS_NEW;
         $user->save();
 
         $result = UsersController::statusInfo($user);
 
         $this->assertSame('new', $result['status']);
         $this->assertCount(3, $result['process']);
         $this->assertSame('user-new', $result['process'][0]['label']);
         $this->assertSame(true, $result['process'][0]['state']);
         $this->assertSame('user-ldap-ready', $result['process'][1]['label']);
         $this->assertSame(false, $result['process'][1]['state']);
         $this->assertSame('user-imap-ready', $result['process'][2]['label']);
         $this->assertSame(false, $result['process'][2]['state']);
 
         $user->status |= User::STATUS_LDAP_READY | User::STATUS_IMAP_READY;
         $user->save();
 
         $result = UsersController::statusInfo($user);
 
         $this->assertSame('new', $result['status']);
         $this->assertCount(3, $result['process']);
         $this->assertSame('user-new', $result['process'][0]['label']);
         $this->assertSame(true, $result['process'][0]['state']);
         $this->assertSame('user-ldap-ready', $result['process'][1]['label']);
         $this->assertSame(true, $result['process'][1]['state']);
         $this->assertSame('user-imap-ready', $result['process'][2]['label']);
         $this->assertSame(true, $result['process'][2]['state']);
 
         $user->status |= User::STATUS_ACTIVE;
         $user->save();
 //        $domain->status |= Domain::STATUS_VERIFIED;
         $domain->type = Domain::TYPE_EXTERNAL;
         $domain->save();
 
         $result = UsersController::statusInfo($user);
 
         $this->assertSame('active', $result['status']);
         $this->assertCount(6, $result['process']);
         $this->assertSame('user-new', $result['process'][0]['label']);
         $this->assertSame(true, $result['process'][0]['state']);
         $this->assertSame('user-ldap-ready', $result['process'][1]['label']);
         $this->assertSame(true, $result['process'][1]['state']);
         $this->assertSame('user-imap-ready', $result['process'][2]['label']);
         $this->assertSame(true, $result['process'][2]['state']);
         $this->assertSame('domain-new', $result['process'][3]['label']);
         $this->assertSame(true, $result['process'][3]['state']);
         $this->assertSame('domain-ldap-ready', $result['process'][4]['label']);
         $this->assertSame(false, $result['process'][4]['state']);
 //        $this->assertSame('domain-verified', $result['process'][5]['label']);
 //        $this->assertSame(true, $result['process'][5]['state']);
         $this->assertSame('domain-confirmed', $result['process'][5]['label']);
         $this->assertSame(false, $result['process'][5]['state']);
 
         $user->status |= User::STATUS_DELETED;
         $user->save();
 
         $result = UsersController::statusInfo($user);
 
         $this->assertSame('deleted', $result['status']);
     }
 }