diff --git a/backend/src/middlewares/auth.middleware.ts b/backend/src/middlewares/auth.middleware.ts
index 328122e..3f178b5 100644
--- a/backend/src/middlewares/auth.middleware.ts
+++ b/backend/src/middlewares/auth.middleware.ts
@@ -156,8 +156,17 @@ export const allowAnonymous = async (req: Request) => {
 };
 
 // Limit login attempts to avoid brute force attacks
-export const loginLimiter = rateLimit({
+const loginLimiter = rateLimit({
 	windowMs: ms('15m'),
 	limit: 5,
 	message: 'Too many login attempts, please try again later'
 });
+
+export const withLoginLimiter = (req: Request, res: Response, next: NextFunction) => {
+	// Bypass rate limiting in test environment
+	if (process.env.NODE_ENV === 'test') {
+		return next();
+	}
+
+	return loginLimiter(req, res, next);
+};
diff --git a/backend/src/routes/auth.routes.ts b/backend/src/routes/auth.routes.ts
index 94b54bf..4730472 100644
--- a/backend/src/routes/auth.routes.ts
+++ b/backend/src/routes/auth.routes.ts
@@ -1,7 +1,7 @@
 import { Router } from 'express';
 import bodyParser from 'body-parser';
 import * as authCtrl from '../controllers/auth.controller.js';
-import { validateLoginRequest, loginLimiter, tokenAndRoleValidator, withAuth } from '../middlewares/index.js';
+import { validateLoginRequest, withLoginLimiter, tokenAndRoleValidator, withAuth } from '../middlewares/index.js';
 import { UserRole } from '@typings-ce';
 
 export const authRouter = Router();
@@ -9,7 +9,7 @@ authRouter.use(bodyParser.urlencoded({ extended: true }));
 authRouter.use(bodyParser.json());
 
 // Auth Routes
-authRouter.post('/login', validateLoginRequest, loginLimiter, authCtrl.login);
+authRouter.post('/login', validateLoginRequest, withLoginLimiter, authCtrl.login);
 authRouter.post('/logout', authCtrl.logout);
 authRouter.post('/refresh', authCtrl.refreshToken);
 authRouter.get(