@@ -144,7 +144,12 @@ describe('Authentication API (OIDC)', () => {
144144 expect ( cookie ) . to . match ( / S e c u r e / )
145145 } )
146146
147+ /* Reflecting https://github.com/solid/web-access-control-spec#referring-to-origins-ie-web-apps
148+ where the cookie implies that the user is logged in
149+ */
150+
147151 describe ( 'and performing a subsequent request' , ( ) => {
152+ // If the user is not logged on, then fail 401 Unauthenticated
148153 describe ( 'without that cookie' , ( ) => {
149154 let response
150155 before ( done => {
@@ -160,28 +165,32 @@ describe('Authentication API (OIDC)', () => {
160165 } )
161166 } )
162167
163- describe ( 'with that cookie and a non-matching origin' , ( ) => {
168+ // TODO User not authorized test here
169+
170+ // If the Origin header is not present, the succeed 200 OK
171+ describe ( 'with that cookie but without origin' , ( ) => {
164172 let response
165173 before ( done => {
166174 alice . get ( '/' )
167175 . set ( 'Cookie' , cookie )
168- . set ( 'Origin' , bobServerUri )
169176 . end ( ( err , res ) => {
170177 response = res
171178 done ( err )
172179 } )
173180 } )
174181
175- it ( 'should return a 401 ' , ( ) => {
176- expect ( response ) . to . have . property ( 'status' , 401 )
182+ it ( 'should return a 200 ' , ( ) => {
183+ expect ( response ) . to . have . property ( 'status' , 200 )
177184 } )
178185 } )
179186
180- describe ( 'with that cookie but without origin' , ( ) => {
187+ // Clear cut case
188+ describe ( 'with that cookie and a matching origin' , ( ) => {
181189 let response
182190 before ( done => {
183191 alice . get ( '/' )
184192 . set ( 'Cookie' , cookie )
193+ . set ( 'Origin' , aliceServerUri )
185194 . end ( ( err , res ) => {
186195 response = res
187196 done ( err )
@@ -193,11 +202,11 @@ describe('Authentication API (OIDC)', () => {
193202 } )
194203 } )
195204
196- describe ( 'with that cookie and a matching origin' , ( ) => {
205+ // If the Origin is allowed by the ACL, then succeed 200 OK
206+ describe ( 'without that cookie but with a matching origin' , ( ) => {
197207 let response
198208 before ( done => {
199209 alice . get ( '/' )
200- . set ( 'Cookie' , cookie )
201210 . set ( 'Origin' , aliceServerUri )
202211 . end ( ( err , res ) => {
203212 response = res
@@ -210,34 +219,38 @@ describe('Authentication API (OIDC)', () => {
210219 } )
211220 } )
212221
213- describe ( 'without that cookie but with a matching origin' , ( ) => {
222+ // Fail 403 Origin Unauthorized
223+ describe ( 'without that cookie and a matching origin' , ( ) => {
214224 let response
215225 before ( done => {
216226 alice . get ( '/' )
217- . set ( 'Origin' , aliceServerUri )
227+ . set ( 'Origin' , bobServerUri )
218228 . end ( ( err , res ) => {
219229 response = res
220230 done ( err )
221231 } )
222232 } )
223233
224- it ( 'should return a 401 ' , ( ) => {
225- expect ( response ) . to . have . property ( 'status' , 401 )
234+ it ( 'should return a 403 ' , ( ) => {
235+ expect ( response ) . to . have . property ( 'status' , 403 )
226236 } )
227237 } )
228- describe ( 'without that cookie and a matching origin' , ( ) => {
238+
239+ // TODO Does this really make sense?
240+ describe ( 'with that cookie and a non-matching origin' , ( ) => {
229241 let response
230242 before ( done => {
231243 alice . get ( '/' )
244+ . set ( 'Cookie' , cookie )
232245 . set ( 'Origin' , bobServerUri )
233246 . end ( ( err , res ) => {
234247 response = res
235248 done ( err )
236249 } )
237250 } )
238251
239- it ( 'should return a 401 ' , ( ) => {
240- expect ( response ) . to . have . property ( 'status' , 401 )
252+ it ( 'should return a 403 ' , ( ) => {
253+ expect ( response ) . to . have . property ( 'status' , 403 )
241254 } )
242255 } )
243256 } )
0 commit comments