@@ -143,12 +143,7 @@ describe('Authentication API (OIDC)', () => {
143143 expect ( cookie ) . to . match ( / S e c u r e / )
144144 } )
145145
146- /* Reflecting https://github.com/solid/web-access-control-spec#referring-to-origins-ie-web-apps
147- where the cookie implies that the user is logged in
148- */
149-
150146 describe ( 'and performing a subsequent request' , ( ) => {
151- // If the user is not logged on, then fail 401 Unauthenticated
152147 describe ( 'without that cookie' , ( ) => {
153148 let response
154149 before ( done => {
@@ -164,32 +159,28 @@ describe('Authentication API (OIDC)', () => {
164159 } )
165160 } )
166161
167- // TODO User not authorized test here
168-
169- // If the Origin header is not present, the succeed 200 OK
170- describe ( 'with that cookie but without origin' , ( ) => {
162+ describe ( 'with that cookie and a non-matching origin' , ( ) => {
171163 let response
172164 before ( done => {
173165 alice . get ( '/' )
174166 . set ( 'Cookie' , cookie )
167+ . set ( 'Origin' , bobServerUri )
175168 . end ( ( err , res ) => {
176169 response = res
177170 done ( err )
178171 } )
179172 } )
180173
181- it ( 'should return a 200 ' , ( ) => {
182- expect ( response ) . to . have . property ( 'status' , 200 )
174+ it ( 'should return a 401 ' , ( ) => {
175+ expect ( response ) . to . have . property ( 'status' , 401 )
183176 } )
184177 } )
185178
186- // Clear cut case
187- describe ( 'with that cookie and a matching origin' , ( ) => {
179+ describe ( 'with that cookie but without origin' , ( ) => {
188180 let response
189181 before ( done => {
190182 alice . get ( '/' )
191183 . set ( 'Cookie' , cookie )
192- . set ( 'Origin' , aliceServerUri )
193184 . end ( ( err , res ) => {
194185 response = res
195186 done ( err )
@@ -201,11 +192,11 @@ describe('Authentication API (OIDC)', () => {
201192 } )
202193 } )
203194
204- // If the Origin is allowed by the ACL, then succeed 200 OK
205- describe ( 'without that cookie but with a matching origin' , ( ) => {
195+ describe ( 'with that cookie and a matching origin' , ( ) => {
206196 let response
207197 before ( done => {
208198 alice . get ( '/' )
199+ . set ( 'Cookie' , cookie )
209200 . set ( 'Origin' , aliceServerUri )
210201 . end ( ( err , res ) => {
211202 response = res
@@ -249,29 +240,25 @@ describe('Authentication API (OIDC)', () => {
249240 } )
250241 } )
251242
252- // Fail 403 Origin Unauthorized
253- describe ( 'without that cookie and a matching origin' , ( ) => {
243+ describe ( 'without that cookie but with a matching origin' , ( ) => {
254244 let response
255245 before ( done => {
256246 alice . get ( '/' )
257- . set ( 'Origin' , bobServerUri )
247+ . set ( 'Origin' , aliceServerUri )
258248 . end ( ( err , res ) => {
259249 response = res
260250 done ( err )
261251 } )
262252 } )
263253
264- it ( 'should return a 403 ' , ( ) => {
265- expect ( response ) . to . have . property ( 'status' , 403 )
254+ it ( 'should return a 401 ' , ( ) => {
255+ expect ( response ) . to . have . property ( 'status' , 401 )
266256 } )
267257 } )
268-
269- // TODO Does this really make sense?
270- describe ( 'with that cookie and a non-matching origin' , ( ) => {
258+ describe ( 'without that cookie and a matching origin' , ( ) => {
271259 let response
272260 before ( done => {
273261 alice . get ( '/' )
274- . set ( 'Cookie' , cookie )
275262 . set ( 'Origin' , bobServerUri )
276263 . end ( ( err , res ) => {
277264 response = res
@@ -314,8 +301,8 @@ describe('Authentication API (OIDC)', () => {
314301 } )
315302 } )
316303
317- it ( 'should return a 403 ' , ( ) => {
318- expect ( response ) . to . have . property ( 'status' , 403 )
304+ it ( 'should return a 401 ' , ( ) => {
305+ expect ( response ) . to . have . property ( 'status' , 401 )
319306 } )
320307 } )
321308 } )
0 commit comments