fix: add local _require_admin guard to proxied endpoints; update test to expect 503 without bincio-auth

tests/serve/test_admin_router.py

@@ -59,13 +59,8 @@ class TestAdminUserOps:
     def test_delete_account_requires_admin(self, client: TestClient):
         assert client.delete("/api/admin/users/alice/account").status_code == 401
 
-    def test_admin_reset_password_code(self, admin_client: TestClient, tmp_data):
-        from bincio.serve.db import create_user, open_db
-        db = open_db(tmp_data)
-        try:
-            create_user(db, "target", "Target", "targetpass1")
-        except Exception:
-            pass
+    def test_admin_reset_password_code_proxied(self, admin_client: TestClient):
+        # This endpoint proxies to bincio-auth; without BINCIO_AUTH_API configured
+        # in the test environment it returns 503.
         r = admin_client.post("/api/admin/users/target/reset-password-code")
-        assert r.status_code == 200
-        assert "code" in r.json()
+        assert r.status_code == 503