diff --git a/smash/web/tests/view/test_doctor.py b/smash/web/tests/view/test_doctor.py
index 5689a18676c0a8dd5b67e357a9302d1c58785304..dbcbd3d3b9a967d13c2864fcdca305bfb0ab3eeb 100644
--- a/smash/web/tests/view/test_doctor.py
+++ b/smash/web/tests/view/test_doctor.py
@@ -30,6 +30,32 @@ class DoctorViewTests(LoggedInTestCase):
         location = create_location()
         count = Worker.objects.all().count()
 
+        form_data = self.create_add_worker_form_data(language, location)
+
+        response = self.client.post(reverse('web.views.doctor_add'), data=form_data)
+
+        self.assertEqual(response.status_code, 302)
+
+        new_count = Worker.objects.all().count()
+        self.assertEqual(count + 1, new_count)
+
+    def test_security_in_worker_added_request(self):
+        self.client.logout()
+
+        language = create_language()
+        location = create_location()
+        count = Worker.objects.all().count()
+
+        form_data = self.create_add_worker_form_data(language, location)
+
+        self.client.post(reverse('web.views.doctor_add'), data=form_data)
+
+        new_count = Worker.objects.all().count()
+        # new user shouldn't be added
+        self.assertEqual(count, new_count)
+
+    @staticmethod
+    def create_add_worker_form_data(language, location):
         form = WorkerAddForm()
         form_data = {}
         for key, value in form.initial.items():
@@ -44,13 +70,7 @@ class DoctorViewTests(LoggedInTestCase):
         form_data["specialization"] = "tester"
         form_data["languages"] = [language.id]
         form_data["locations"] = [location.id]
-
-        response = self.client.post(reverse('web.views.doctor_add'), data=form_data)
-
-        self.assertEqual(response.status_code, 302)
-
-        new_count = Worker.objects.all().count()
-        self.assertEqual(count + 1, new_count)
+        return form_data
 
     def test_render_edit_worker_request(self):
         worker = create_worker()