@@ -143,7 +143,12 @@ describe('Authentication API (OIDC)', () => {
143143 expect ( cookie ) . to . match ( / S e c u r e / )
144144 } )
145145
146+ /* Reflecting https://github.com/solid/web-access-control-spec#referring-to-origins-ie-web-apps
147+ where the cookie implies that the user is logged in
148+ */
149+
146150 describe ( 'and performing a subsequent request' , ( ) => {
151+ // If the user is not logged on, then fail 401 Unauthenticated
147152 describe ( 'without that cookie' , ( ) => {
148153 let response
149154 before ( done => {
@@ -159,28 +164,32 @@ describe('Authentication API (OIDC)', () => {
159164 } )
160165 } )
161166
162- describe ( 'with that cookie and a non-matching origin' , ( ) => {
167+ // TODO User not authorized test here
168+
169+ // If the Origin header is not present, the succeed 200 OK
170+ describe ( 'with that cookie but without origin' , ( ) => {
163171 let response
164172 before ( done => {
165173 alice . get ( '/' )
166174 . set ( 'Cookie' , cookie )
167- . set ( 'Origin' , bobServerUri )
168175 . end ( ( err , res ) => {
169176 response = res
170177 done ( err )
171178 } )
172179 } )
173180
174- it ( 'should return a 401 ' , ( ) => {
175- expect ( response ) . to . have . property ( 'status' , 401 )
181+ it ( 'should return a 200 ' , ( ) => {
182+ expect ( response ) . to . have . property ( 'status' , 200 )
176183 } )
177184 } )
178185
179- describe ( 'with that cookie but without origin' , ( ) => {
186+ // Clear cut case
187+ describe ( 'with that cookie and a matching origin' , ( ) => {
180188 let response
181189 before ( done => {
182190 alice . get ( '/' )
183191 . set ( 'Cookie' , cookie )
192+ . set ( 'Origin' , aliceServerUri )
184193 . end ( ( err , res ) => {
185194 response = res
186195 done ( err )
@@ -192,12 +201,11 @@ describe('Authentication API (OIDC)', () => {
192201 } )
193202 } )
194203
195- // TODO: Are the next two tests correct?
196- describe ( 'with that cookie and a this origin' , ( ) => {
204+ // If the Origin is allowed by the ACL, then succeed 200 OK
205+ describe ( 'without that cookie but with a matching origin' , ( ) => {
197206 let response
198207 before ( done => {
199208 alice . get ( '/' )
200- . set ( 'Cookie' , cookie )
201209 . set ( 'Origin' , aliceServerUri )
202210 . end ( ( err , res ) => {
203211 response = res
@@ -241,34 +249,38 @@ describe('Authentication API (OIDC)', () => {
241249 } )
242250 } )
243251
244- describe ( 'without that cookie but with a matching origin' , ( ) => {
252+ // Fail 403 Origin Unauthorized
253+ describe ( 'without that cookie and a matching origin' , ( ) => {
245254 let response
246255 before ( done => {
247256 alice . get ( '/' )
248- . set ( 'Origin' , aliceServerUri )
257+ . set ( 'Origin' , bobServerUri )
249258 . end ( ( err , res ) => {
250259 response = res
251260 done ( err )
252261 } )
253262 } )
254263
255- it ( 'should return a 401 ' , ( ) => {
256- expect ( response ) . to . have . property ( 'status' , 401 )
264+ it ( 'should return a 403 ' , ( ) => {
265+ expect ( response ) . to . have . property ( 'status' , 403 )
257266 } )
258267 } )
259- describe ( 'without that cookie and a matching origin' , ( ) => {
268+
269+ // TODO Does this really make sense?
270+ describe ( 'with that cookie and a non-matching origin' , ( ) => {
260271 let response
261272 before ( done => {
262273 alice . get ( '/' )
274+ . set ( 'Cookie' , cookie )
263275 . set ( 'Origin' , bobServerUri )
264276 . end ( ( err , res ) => {
265277 response = res
266278 done ( err )
267279 } )
268280 } )
269281
270- it ( 'should return a 401 ' , ( ) => {
271- expect ( response ) . to . have . property ( 'status' , 401 )
282+ it ( 'should return a 403 ' , ( ) => {
283+ expect ( response ) . to . have . property ( 'status' , 403 )
272284 } )
273285 } )
274286 } )
0 commit comments