Merge pull request #393 from multinet-app/no-403

Don't use HTTP 403 to indicate that no one is logged in

multinet/auth/__init__.py

@@ -3,6 +3,7 @@
 from flasgger import swag_from
 from flask import make_response, session
 from flask.blueprints import Blueprint
+import json
 from werkzeug.wrappers import Response as ResponseWrapper
 
 from multinet.user import load_user_from_cookie, filtered_user, delete_user_cookie
@@ -17,16 +18,16 @@
 def user_info() -> ResponseWrapper:
     """Return the filtered user object."""
 
-    forbidden = make_response("null", 403)
+    logged_out = make_response(json.dumps(None), 200)
 
     cookie = session.get(MULTINET_COOKIE)
     if cookie is None:
-        return forbidden
+        return logged_out
 
     user = load_user_from_cookie(cookie)
     if user is None:
         session.pop(MULTINET_COOKIE, None)
-        return forbidden
+        return logged_out
 
     return make_response(asdict(filtered_user(user)))