@@ -192,7 +192,7 @@ describe('Authentication API (OIDC)', () => {
192192 } )
193193 } )
194194
195- // Shouldn 't occur in the wild, so what to do?
195+ // Our origin isn 't trusted by default
196196 describe ( 'with that cookie and our origin' , ( ) => {
197197 let response
198198 before ( done => {
@@ -205,12 +205,12 @@ describe('Authentication API (OIDC)', () => {
205205 } )
206206 } )
207207
208- it ( 'Returns 403 but should it? ' , ( ) => {
208+ it ( 'should return a 403 ' , ( ) => {
209209 expect ( response ) . to . have . property ( 'status' , 403 )
210210 } )
211211 } )
212212
213- // Our own origin
213+ // Our own origin, no agent auth
214214 describe ( 'without that cookie but with our origin' , ( ) => {
215215 let response
216216 before ( done => {
@@ -222,8 +222,8 @@ describe('Authentication API (OIDC)', () => {
222222 } )
223223 } )
224224
225- it ( 'should return a 403 ' , ( ) => {
226- expect ( response ) . to . have . property ( 'status' , 403 )
225+ it ( 'should return a 401 ' , ( ) => {
226+ expect ( response ) . to . have . property ( 'status' , 401 )
227227 } )
228228 } )
229229
@@ -232,6 +232,7 @@ describe('Authentication API (OIDC)', () => {
232232 let response
233233 before ( done => {
234234 alice . get ( '/' )
235+ . set ( 'Cookie' , cookie )
235236 . set ( 'Origin' , 'https://test.apps.solid.invalid' )
236237 . end ( ( err , res ) => {
237238 response = res
@@ -244,7 +245,7 @@ describe('Authentication API (OIDC)', () => {
244245 } )
245246 } )
246247
247- // Fail 403 Origin Unauthorized
248+ // Not authenticated but also wrong origin, TODO 401 or 403?
248249 describe ( 'without that cookie and a matching origin' , ( ) => {
249250 let response
250251 before ( done => {
@@ -261,7 +262,7 @@ describe('Authentication API (OIDC)', () => {
261262 } )
262263 } )
263264
264- // Shouldn't occur in the wild, so what do we do?
265+ // Authenticated but origin not OK
265266 describe ( 'with that cookie and a non-matching origin' , ( ) => {
266267 let response
267268 before ( done => {
0 commit comments