diff --git a/package.json b/package.json
index 42c3bff9..5a45d3a9 100644
--- a/package.json
+++ b/package.json
@@ -48,11 +48,11 @@
   },
   "devDependencies": {
     "loopback-datasource-juggler": ">=1.4.0 <1.6.0",
-    "mocha": "~1.18.0",
+    "mocha": "~1.20.1",
     "strong-task-emitter": "0.0.x",
     "supertest": "~0.12.1",
     "chai": "~1.9.1",
-    "loopback-testing": "~0.1.2",
+    "loopback-testing": "~0.2.0",
     "browserify": "~4.1.5",
     "grunt": "~0.4.5",
     "grunt-browserify": "~2.1.0",
diff --git a/test/access-control.integration.js b/test/access-control.integration.js
index 1abb320e..c0705adc 100644
--- a/test/access-control.integration.js
+++ b/test/access-control.integration.js
@@ -69,8 +69,11 @@ describe('access control - integration', function () {
     lt.it.shouldBeDeniedWhenCalledUnauthenticated('GET', urlForUser);
     lt.it.shouldBeDeniedWhenCalledByUser(CURRENT_USER,'GET', urlForUser);
 
-    lt.it.shouldBeAllowedWhenCalledAnonymously('POST', '/api/users');
-    lt.it.shouldBeAllowedWhenCalledByUser(CURRENT_USER, 'POST', '/api/users');
+    lt.it.shouldBeAllowedWhenCalledAnonymously(
+      'POST', '/api/users', newUserData());
+
+    lt.it.shouldBeAllowedWhenCalledByUser(
+      CURRENT_USER, 'POST', '/api/users', newUserData());
 
     lt.it.shouldBeAllowedWhenCalledByUser(CURRENT_USER, 'POST', '/api/users/logout');
 
@@ -112,6 +115,15 @@ describe('access control - integration', function () {
     function urlForUser() {
       return '/api/users/' + this.randomUser.id;
     }
+
+    var userCounter;
+    function newUserData() {
+      userCounter = userCounter ? ++userCounter : 1;
+      return {
+        email: 'new-' + userCounter + '@test.test',
+        password: 'test'
+      };
+    }
   });
 
   describe('/banks', function () {