diff --git a/browserid/lib/db.js b/browserid/lib/db.js
index 3ec55a06e723747709bba6a94f0b5e8fe55f11cb..dc890736bc1279fa71503036271839e1f8d8cf17 100644
--- a/browserid/lib/db.js
+++ b/browserid/lib/db.js
@@ -46,6 +46,8 @@ exports.onReady = function(f) {
   }, 0);
 };
 
+// XXX: g_staged and g_stagedEmails should be moved into persistent/fast storage.
+
 // half created user accounts (pending email verification)
 // OR
 // half added emails (pending verification)
@@ -101,6 +103,7 @@ exports.emailKnown = function(email, cb) {
     });
 };
 
+// XXX: should be moved to async.
 exports.isStaged = function(email) {
   return g_stagedEmails.hasOwnProperty(email);
 };
@@ -187,6 +190,7 @@ exports.stageUser = function(obj) {
 };
 
 /* takes an argument object including email, pass, and pubkey. */
+// XXX: change to async
 exports.stageEmail = function(existing_email, new_email, pubkey) {
   var secret = generateSecret();
   // overwrite previously staged users
@@ -264,7 +268,7 @@ exports.checkAuth = function(email, cb) {
   db.execute("SELECT users.password FROM emails, users WHERE users.id = emails.user AND emails.address = ?",
              [ email ],
              function (error, rows) {
-                 cb(rows.length !== 1 ? undefined : rows[0].password);
+               cb(rows.length !== 1 ? undefined : rows[0].password);
              });
 };
 
diff --git a/browserid/tests/db-test.js b/browserid/tests/db-test.js
index c749770c8d97e2ea2a4e20077f3698dc77c15da7..45e19f3eb2d4c9a1a10888e536933f654f82a205 100755
--- a/browserid/tests/db-test.js
+++ b/browserid/tests/db-test.js
@@ -1,13 +1,16 @@
 #!/usr/bin/env node
 
-const assert = require('assert'),
-        vows = require('vows'),
-          db = require('../lib/db.js'),
-        temp = require('temp'),
-          fs = require('fs'),
-        path = require('path');
+const
+assert = require('assert'),
+vows = require('vows'),
+db = require('../lib/db.js'),
+temp = require('temp'),
+fs = require('fs'),
+path = require('path');
 
 var suite = vows.describe('db');
+// disable vows (often flakey?) async error behavior
+suite.options.error = false;
 
 db.dbPath = temp.path({suffix: '.sqlite'});
 
@@ -51,7 +54,7 @@ suite.addBatch({
       return secret = db.stageUser({
         email: 'lloyd@nowhe.re',
         pubkey: 'fakepublickey',
-        pass: 'fakepasswordhash'
+        hash: 'fakepasswordhash'
       });
     },
     "staging returns a valid secret": function(r) {
@@ -137,18 +140,58 @@ suite.addBatch({
     topic: function() {
       db.pubkeysForEmail('lloyd@nowhe.re', this.callback);
     },
-    "returns all public keys properly": function(r, e) {
+    "returns all public keys properly": function(r) {
       assert.isArray(r);
       assert.strictEqual(r.length, 3);
     }
   }
 });
 
+suite.addBatch({
+  "checkAuth returns": {
+    topic: function() {
+      db.checkAuth('lloyd@nowhe.re', this.callback);
+    },
+    "the correct password": function(r) {
+      assert.strictEqual(r, "fakepasswordhash");
+    }
+  }
+});
+
+suite.addBatch({
+  "staging an email": {
+    topic: function() {
+      return db.stageEmail('lloyd@nowhe.re', 'lloyd@somewhe.re', 'fakepubkey4');
+    },
+    "yields a valid secret": function(secret) {
+      assert.isString(secret);
+      assert.strictEqual(secret.length, 48);
+    },
+    "makes email addr via isStaged": {
+      topic: function() { return db.isStaged('lloyd@somewhe.re'); },
+      "visible": function(r) { assert.isTrue(r); }
+    },
+    "and verifying it": {
+      topic: function(secret) {
+        db.gotVerificationSecret(secret, this.callback);
+      },
+      "returns no error": function(r) {
+        assert.isUndefined(r);
+      },
+      "makes email addr via knownEmail": {
+        topic: function() { db.emailKnown('lloyd@somewhe.re', this.callback); },
+        "visible": function(r) { assert.isTrue(r); }
+      },
+      "makes email addr via isStaged": {
+        topic: function() { return db.isStaged('lloyd@somewhe.re'); },
+        "not visible": function(r) { assert.isFalse(r); }
+      }
+    }
+  }
+});
+
 // XXX: remaining APIs to test
-// exports.addEmailToAccount
 // exports.cancelAccount
-// exports.checkAuth
-// exports.checkAuthHash
 // exports.emailsBelongToSameAccount
 // exports.getSyncResponse
 // exports.removeEmail
@@ -160,8 +203,8 @@ suite.addBatch({
       fs.unlink(db.dbPath, this.callback);
     },
     "and unlink should not error": function(err) {
-      assert.strictEqual(err, undefined);
-     },
+      assert.isNull(err);
+    },
     "and the file": {
       topic: function() {
         path.exists(db.dbPath, this.callback);
diff --git a/browserid/tests/lib/wsapi.js b/browserid/tests/lib/wsapi.js
index f6ba8b174b764d43025c29580e51924b55d0dfe4..dc3a9c93c2cdc720ddab5f156984b66af2f0fb15 100644
--- a/browserid/tests/lib/wsapi.js
+++ b/browserid/tests/lib/wsapi.js
@@ -1,5 +1,6 @@
-const http = require('http'),
-      querystring = require('querystring');
+const
+http = require('http'),
+querystring = require('querystring');
 
 // wsapi abstractions trivial cookie jar
 var cookieJar = {};