diff --git a/zerver/decorator.py b/zerver/decorator.py
index feed2de62c..e0375fd9e4 100644
--- a/zerver/decorator.py
+++ b/zerver/decorator.py
@@ -898,7 +898,7 @@ def authenticated_json_view(
         *args: ParamT.args,
         **kwargs: ParamT.kwargs,
     ) -> HttpResponse:
-        if not request.user.is_authenticated:  # nocoverage
+        if not request.user.is_authenticated:
             raise UnauthorizedError
 
         user_profile = request.user
@@ -907,7 +907,7 @@ def authenticated_json_view(
 
         validate_account_and_subdomain(request, user_profile)
 
-        if user_profile.is_incoming_webhook:  # nocoverage
+        if user_profile.is_incoming_webhook:
             raise JsonableError(_("Webhook bots can only access webhooks"))
 
         process_client(request, user_profile, is_browser_view=True, query=view_func.__name__)
diff --git a/zerver/tests/test_decorators.py b/zerver/tests/test_decorators.py
index 5de42a014b..4cd3a5150e 100644
--- a/zerver/tests/test_decorators.py
+++ b/zerver/tests/test_decorators.py
@@ -1141,6 +1141,14 @@ class TestAuthenticatedRequirePostDecorator(ZulipTestCase):
 
 
 class TestAuthenticatedJsonViewDecorator(ZulipTestCase):
+    def test_authenticated_json_view_if_user_not_logged_in(self) -> None:
+        user = self.example_user("hamlet")
+        self.assert_json_error_contains(
+            self._do_test(user.delivery_email),
+            "Not logged in: API authentication or user session required",
+            status_code=401,
+        )
+
     def test_authenticated_json_view_if_subdomain_is_invalid(self) -> None:
         user = self.example_user("hamlet")
         email = user.delivery_email
@@ -1176,6 +1184,36 @@ class TestAuthenticatedJsonViewDecorator(ZulipTestCase):
             ],
         )
 
+    def test_authenticated_json_view_if_user_is_incoming_webhook(self) -> None:
+        bot = self.example_user("webhook_bot")
+        bot.set_password("test")
+        bot.save()
+        self.login_by_email(bot.email, password="test")
+        self.assert_json_error_contains(
+            self._do_test(bot.delivery_email), "Webhook bots can only access webhooks"
+        )
+
+    def test_authenticated_json_view_if_user_is_not_active(self) -> None:
+        user_profile = self.example_user("hamlet")
+        self.login_user(user_profile)
+        # we deactivate user manually because do_deactivate_user removes user session
+        change_user_is_active(user_profile, False)
+        self.assert_json_error_contains(
+            self._do_test(user_profile.delivery_email), "Account is deactivated", status_code=401
+        )
+
+    def test_authenticated_json_view_if_user_realm_is_deactivated(self) -> None:
+        user_profile = self.example_user("hamlet")
+        self.login_user(user_profile)
+        # we deactivate user's realm manually because do_deactivate_user removes user session
+        user_profile.realm.deactivated = True
+        user_profile.realm.save()
+        self.assert_json_error_contains(
+            self._do_test(user_profile.delivery_email),
+            "This organization has been deactivated",
+            status_code=401,
+        )
+
     def _do_test(self, user_email: str) -> "TestHttpResponse":
         data = {"password": initial_password(user_email)}
         return self.client_post(r"/accounts/webathena_kerberos_login/", data)