diff --git a/src/middleware/permissionsMiddleware.spec.js b/src/middleware/permissionsMiddleware.spec.js
index 88f095d8c..3ea3f9e55 100644
--- a/src/middleware/permissionsMiddleware.spec.js
+++ b/src/middleware/permissionsMiddleware.spec.js
@@ -5,12 +5,12 @@ describe('authorization', () => {
   describe('given two existing users', () => {
     beforeEach(async () => {
       await create('user', {
-        email: 'test@example.org',
-        password: '1234'
+        email: 'owner@example.org',
+        password: 'iamtheowner'
       })
       await create('user', {
         email: 'someone@example.org',
-        password: 'hello'
+        password: 'else'
       })
     })
 
@@ -18,28 +18,43 @@ describe('authorization', () => {
       await cleanDatabase()
     })
 
-    describe('logged in', () => {
+    describe('access email address', () => {
       let headers = {}
-
-      beforeEach(async () => {
-        // headers = authenticatedHeaders({
-        //   email: 'test@example.org',
-        //   password: '1234'
-        // })
-      })
-
-      describe('query email', async () => {
-        it('exposes the owner\'s email address', async () => {
-          const options = {
-            headers,
-            query: `{
-                    User(email: "test@example.org") {
+      const action = async (headers) => {
+        const options = {
+          headers,
+          query: `{
+                    User(email: "owner@example.org") {
                       email
                     }
                   }`
-          }
-          const json = await queryServer(options)
-          expect(json).toEqual({ User: [ { email: 'test@example.org' } ] })
+        }
+        return await queryServer(options)
+      }
+
+      describe('not logged in', async () => {
+        it('does not expose the owner\'s email address', async () => {
+          expect(await action(headers)).toEqual({ User: [ { email: null } ] })
+        })
+      })
+
+      describe('as owner', () => {
+        it('exposes the owner\'s email address', async () => {
+          headers = await authenticatedHeaders({
+            email: 'owner@example.org',
+            password: 'iamtheowner'
+          })
+          expect(await action(headers)).toEqual({ User: [ { email: 'owner@example.org' } ] })
+        })
+      })
+
+      describe('as someone else', () => {
+        it('does not expose the owner\'s email address', async () => {
+          headers = await authenticatedHeaders({
+            email: 'someone@example.org',
+            password: 'else'
+          })
+          expect(await action(headers)).toEqual({ User: [ { email: null } ] })
         })
       })
     })
diff --git a/src/seed/factories/index.js b/src/seed/factories/index.js
index 93985407f..89a462531 100644
--- a/src/seed/factories/index.js
+++ b/src/seed/factories/index.js
@@ -31,17 +31,16 @@ const create = (model, parameters) => {
   return client.mutate({ mutation: gql(buildMutation(model, parameters)) })
 }
 
-const cleanDatabase = () => {
+const cleanDatabase = async () => {
   const session = driver.session()
   const cypher = 'MATCH (n) DETACH DELETE n'
-  return session
-    .run(cypher)
-    .then(function (result) {
-      session.close()
-    })
-    .catch(function (error) {
-      console.log(error)
-    })
+  try {
+    const result = await session.run(cypher)
+    session.close()
+    return result
+  } catch (error) {
+    console.log(error)
+  }
 }
 
 export {