diff --git a/tests/test_views.py b/tests/test_views.py
@@ -26,7 +26,10 @@ def test_request_login_code(self):
         self.assertEqual(login_code.next, '/private/')
         self.assertEqual(len(mail.outbox), 1)
         self.assertIn(
-            'http://testserver/accounts/login/code/?code={}'.format(login_code.code),
+            'http://testserver/accounts/login/code/?user={}&code={}'.format(
+                login_code.user.pk,
+                login_code.code
+            ),
             mail.outbox[0].body,
         )
 
@@ -62,9 +65,10 @@ def test_request_login_code_inactive_user(self):
         })
 
     def test_login_post(self):
-        login_code = LoginCode.objects.create(user=self.user, code='foobar', next='/private/')
+        login_code = LoginCode.objects.create(user=self.user, next='/private/')
 
         response = self.client.post('/accounts/login/code/', {
+            'user': login_code.user.pk,
             'code': login_code.code,
         })
 
@@ -74,22 +78,24 @@ def test_login_post(self):
         self.assertFalse(LoginCode.objects.filter(pk=login_code.pk).exists())
 
     def test_login_get(self):
-        login_code = LoginCode.objects.create(user=self.user, code='foobar')
+        login_code = LoginCode.objects.create(user=self.user)
 
         response = self.client.get('/accounts/login/code/', {
+            'user': login_code.user.pk,
             'code': login_code.code,
         })
 
         self.assertEqual(response.status_code, 200)
-        self.assertEqual(response.context['form'].cleaned_data['code'], login_code)
+        self.assertEqual(response.context['form'].cleaned_data['code'], login_code.code)
         self.assertTrue(response.wsgi_request.user.is_anonymous)
         self.assertTrue(LoginCode.objects.filter(pk=login_code.pk).exists())
 
     @override_settings(NOPASSWORD_LOGIN_ON_GET=True)
     def test_login_get_non_idempotent(self):
-        login_code = LoginCode.objects.create(user=self.user, code='foobar', next='/private/')
+        login_code = LoginCode.objects.create(user=self.user, next='/private/')
 
         response = self.client.get('/accounts/login/code/', {
+            'user': login_code.user.pk,
             'code': login_code.code,
         })
 
@@ -103,7 +109,9 @@ def test_login_missing_code_post(self):
 
         self.assertEqual(response.status_code, 200)
         self.assertEqual(response.context['form'].errors, {
+            'user': ['This field is required.'],
             'code': ['This field is required.'],
+            '__all__': ['Unable to log in with provided login code.']
         })
 
     def test_login_missing_code_get(self):
@@ -114,31 +122,33 @@ def test_login_missing_code_get(self):
 
     def test_login_unknown_code(self):
         response = self.client.post('/accounts/login/code/', {
+            'user': 1,
             'code': 'unknown',
         })
 
         self.assertEqual(response.status_code, 200)
         self.assertEqual(response.context['form'].errors, {
-            'code': ['Login code is invalid. It might have expired.'],
+            '__all__': ['Unable to log in with provided login code.'],
         })
 
     def test_login_inactive_user(self):
         self.user.is_active = False
         self.user.save()
 
-        login_code = LoginCode.objects.create(user=self.user, code='foobar')
+        login_code = LoginCode.objects.create(user=self.user)
 
         response = self.client.post('/accounts/login/code/', {
+            'user': login_code.user.pk,
             'code': login_code.code,
         })
 
         self.assertEqual(response.status_code, 200)
         self.assertEqual(response.context['form'].errors, {
-            'code': ['Unable to log in with provided login code.'],
+            '__all__': ['Unable to log in with provided login code.']
         })
 
     def test_logout_post(self):
-        login_code = LoginCode.objects.create(user=self.user, code='foobar')
+        login_code = LoginCode.objects.create(user=self.user)
 
         self.client.login(username=self.user.username, code=login_code.code)
 
@@ -149,7 +159,7 @@ def test_logout_post(self):
         self.assertTrue(response.wsgi_request.user.is_anonymous)
 
     def test_logout_get(self):
-        login_code = LoginCode.objects.create(user=self.user, code='foobar')
+        login_code = LoginCode.objects.create(user=self.user)
 
         self.client.login(username=self.user.username, code=login_code.code)
 

diff --git a/tests/urls.py b/tests/urls.py
@@ -1,7 +1,9 @@
 # -*- coding: utf8 -*-
 from django.conf.urls import include, url
+from django.contrib import admin
 
 urlpatterns = [
+    url(r'^admin/', admin.site.urls),
     url(r'^accounts/', include('nopassword.urls')),
     url(r'^accounts-rest/', include('nopassword.rest.urls')),
 ]
diff --git a/tox.ini b/tox.ini
@@ -3,7 +3,7 @@ envlist =
     flake8,
     isort,
     py2-{django1_11},
-    py3-{django1_11,django2_0,django2_1},
+    py3-{django1_11,django2_1,django2_2},
     coverage
 skipsdist = True
 
@@ -13,13 +13,14 @@ basepython =
     py2: python2
 setenv =
     PYTHONPATH = {toxinidir}:{toxinidir}
+    DB_NAME = :memory:
 commands =
     coverage run -p --source=nopassword runtests.py
 deps =
     -r{toxinidir}/requirements.txt
     django1_11: Django>=1.11,<1.12
-    django2_0: Django>=2.0,<2.1
     django2_1: Django>=2.1,<2.2
+    django2_2: Django>=2.2,<2.3
 
 [testenv:flake8]
 basepython = python3