finos · JamieSlome · Jun 29, 2025 · Apr 13, 2025 · Apr 13, 2025 · Apr 13, 2025
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -21,6 +21,6 @@ jobs:
         with:
           comment-summary-in-pr: always
           fail-on-severity: high
-          allow-licenses: MIT, MIT-0, Apache-2.0, BSD-3-Clause, BSD-3-Clause-Clear, ISC, BSD-2-Clause, Unlicense, CC0-1.0, 0BSD, X11, MPL-2.0, MPL-1.0, MPL-1.1, MPL-2.0, Zlib
+          allow-licenses: MIT, MIT-0, Apache-2.0, BSD-3-Clause, BSD-3-Clause-Clear, ISC, BSD-2-Clause, Unlicense, CC0-1.0, 0BSD, X11, MPL-2.0, MPL-1.0, MPL-1.1, MPL-2.0, OFL-1.1, Zlib
           fail-on-scopes: development, runtime
           allow-dependencies-licenses: 'pkg:npm/caniuse-lite'
diff --git a/config.schema.json b/config.schema.json
@@ -79,6 +79,13 @@
         }
       }
     },
+    "apiAuthentication": {
+      "description": "List of authentication sources for API endpoints. May be empty, in which case all endpoints are public.",
+      "type": "array",
+      "items": {
+        "$ref": "#/definitions/authentication"
+      }
+    },
     "tls": {
       "description": "TLS configuration for secure connections",
       "type": "object",

diff --git a/cypress/e2e/autoApproved.cy.js b/cypress/e2e/autoApproved.cy.js
@@ -2,6 +2,8 @@ import moment from 'moment';
 
 describe('Auto-Approved Push Test', () => {
   beforeEach(() => {
+    cy.login('admin', 'admin');
+
     cy.intercept('GET', '/api/v1/push/123', {
       statusCode: 200,
       body: {
@@ -45,7 +47,7 @@ describe('Auto-Approved Push Test', () => {
   });
 
   it('should display auto-approved message and verify tooltip contains the expected timestamp', () => {
-    cy.visit('/admin/push/123');
+    cy.visit('/dashboard/push/123');
 
     cy.wait('@getPush');
 

diff --git a/cypress/e2e/login.cy.js b/cypress/e2e/login.cy.js
@@ -19,6 +19,18 @@ describe('Login page', () => {
     cy.get('[data-test="login"]').should('exist');
   });
 
+  it('should redirect to repo list on valid login', () => {
+    cy.intercept('GET', '**/api/auth/me').as('getUser');
+
+    cy.get('[data-test="username"]').type('admin');
+    cy.get('[data-test="password"]').type('admin');
+    cy.get('[data-test="login"]').click();
+
+    cy.wait('@getUser');
+
+    cy.url().should('include', '/dashboard/repo');
+  })
+
   describe('OIDC login button', () => {
     it('should exist', () => {
       cy.get('[data-test="oidc-login"]').should('exist');

diff --git a/cypress/e2e/repo.cy.js b/cypress/e2e/repo.cy.js
@@ -1,6 +1,8 @@
 describe('Repo', () => {
   beforeEach(() => {
-    cy.visit('/admin/repo');
+    cy.login('admin', 'admin');
+
+    cy.visit('/dashboard/repo');
 
     // prevent failures on 404 request and uncaught promises
     cy.on('uncaught:exception', () => false);
@@ -18,7 +20,7 @@ describe('Repo', () => {
 
       cy
         // find the entry for finos/test-repo
-        .get('a[href="/admin/repo/test-repo"]')
+        .get('a[href="/dashboard/repo/test-repo"]')
         // take it's parent row
         .closest('tr')
         // find the nearby span containing Code we can click to open the tooltip

diff --git a/cypress/support/commands.js b/cypress/support/commands.js
@@ -29,9 +29,13 @@
 Cypress.Commands.add('login', (username, password) => {
   cy.session([username, password], () => {
     cy.visit('/login');
+    cy.intercept('GET', '**/api/auth/me').as('getUser');
+
     cy.get('[data-test=username]').type(username);
     cy.get('[data-test=password]').type(password);
     cy.get('[data-test=login]').click();
-    cy.url().should('contain', '/admin/profile');
+
+    cy.wait('@getUser');
+    cy.url().should('include', '/dashboard/repo');
   });
 });
diff --git a/package-lock.json b/package-lock.json