finos
diff --git a/‎cypress/e2e/login.cy.js
Lines changed: 10 additions & 0 deletions b/‎cypress/e2e/login.cy.js
Lines changed: 10 additions & 0 deletions
diff --git a/‎experimental/license-inventory/package-lock.json
Lines changed: 775 additions & 125 deletions b/‎experimental/license-inventory/package-lock.json
Lines changed: 775 additions & 125 deletions
diff --git a/‎experimental/license-inventory/package.json
Lines changed: 1 addition & 1 deletion b/‎experimental/license-inventory/package.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎package-lock.json
Lines changed: 14 additions & 14 deletions b/‎package-lock.json
Lines changed: 14 additions & 14 deletions
diff --git a/‎package.json
Lines changed: 3 additions & 2 deletions b/‎package.json
Lines changed: 3 additions & 2 deletions
diff --git a/‎proxy.config.json
Lines changed: 7 additions & 1 deletion b/‎proxy.config.json
Lines changed: 7 additions & 1 deletion
diff --git a/‎src/config/index.ts
Lines changed: 8 additions & 4 deletions b/‎src/config/index.ts
Lines changed: 8 additions & 4 deletions
diff --git a/‎src/proxy/routes/index.ts
Lines changed: 7 additions & 2 deletions b/‎src/proxy/routes/index.ts
Lines changed: 7 additions & 2 deletions
diff --git a/‎src/service/passport/activeDirectory.js
Lines changed: 6 additions & 5 deletions b/‎src/service/passport/activeDirectory.js
Lines changed: 6 additions & 5 deletions
diff --git a/‎src/service/passport/index.js
Lines changed: 0 additions & 1 deletion b/‎src/service/passport/index.js
Lines changed: 0 additions & 1 deletion
@@ -31,6 +31,16 @@ describe('Login page', () => {
     cy.url().should('include', '/dashboard/repo');
   })
 
+  it('should show an error snackbar on invalid login', () => {
+    cy.get('[data-test="username"]').type('wronguser');
+    cy.get('[data-test="password"]').type('wrongpass');
+    cy.get('[data-test="login"]').click();
+
+    cy.get('.MuiSnackbarContent-message')
+      .should('be.visible')
+      .and('contain', 'You entered an invalid username or password...');
+  });
+
   describe('OIDC login button', () => {
     it('should exist', () => {
       cy.get('[data-test="oidc-login"]').should('exist');
 
@@ -33,7 +33,7 @@
   "devDependencies": {
     "@eslint/compat": "^1.2.7",
     "@eslint/js": "^9.21.0",
-    "@jest/globals": "^29.7.0",
+    "@jest/globals": "^30.0.3",
     "@types/cors": "^2.8.17",
     "@types/express": "^5.0.0",
     "@types/mongoose": "^5.11.97",
 
@@ -1,6 +1,6 @@
 {
   "name": "@finos/git-proxy",
-  "version": "1.17.2",
+  "version": "1.18.0",
   "description": "Deploy custom push protections and policies on top of Git.",
   "scripts": {
     "cli": "node ./packages/git-proxy-cli/index.js",
@@ -9,6 +9,7 @@
     "server": "tsx index.ts",
     "start": "concurrently \"npm run server\" \"npm run client\"",
     "build": "npm run build-ui && npm run build-lib",
+    "build-ts": "tsc",
     "build-ui": "vite build",
     "build-lib": "./scripts/build-for-publish.sh",
     "restore-lib": "./scripts/undo-build.sh",
@@ -66,7 +67,7 @@
     "moment": "^2.29.4",
     "mongodb": "^5.0.0",
     "nodemailer": "^6.6.1",
-    "openid-client": "^6.3.1",
+    "openid-client": "^6.4.2",
     "parse-diff": "^0.11.1",
     "passport": "^0.7.0",
     "passport-activedirectory": "^1.0.4",
 
@@ -153,8 +153,14 @@
       "type": "jwt",
       "enabled": false,
       "jwtConfig": {
+        "authorityURL": "",
         "clientID": "",
-        "authorityURL": ""
+        "expectedAudience": "",
+        "roleMapping": {
+          "admin": {
+            "": ""
+          }
+        }
       }
     }
   ],
 
@@ -94,9 +94,9 @@ export const getDatabase = () => {
  * Get the list of enabled authentication methods
  * 
  * At least one authentication method must be enabled.
- * @return {Array} List of enabled authentication methods
+ * @return {Authentication[]} List of enabled authentication methods
  */
-export const getAuthMethods = () => {
+export const getAuthMethods = (): Authentication[] => {
   if (_userSettings !== null && _userSettings.authentication) {
     _authentication = _userSettings.authentication;
   }
@@ -114,15 +114,19 @@ export const getAuthMethods = () => {
  * Get the list of enabled authentication methods for API endpoints
  * 
  * If no API authentication methods are enabled, all endpoints are public.
- * @return {Array} List of enabled authentication methods
+ * @return {Authentication[]} List of enabled authentication methods
  */
-export const getAPIAuthMethods = () => {
+export const getAPIAuthMethods = (): Authentication[] => {
   if (_userSettings !== null && _userSettings.apiAuthentication) {
     _apiAuthentication = _userSettings.apiAuthentication;
   }
 
   const enabledAuthMethods = _apiAuthentication.filter(auth => auth.enabled);
 
+  if (enabledAuthMethods.length === 0) {
+    console.log("Warning: No authentication method enabled for API endpoints.");
+  }
+
   return enabledAuthMethods;
 };
 
 
@@ -34,15 +34,21 @@ const stripGitHubFromGitPath = (url: string): string | undefined => {
  */
 const validGitRequest = (url: string, headers: any): boolean => {
   const { 'user-agent': agent, accept } = headers;
+  if (!agent) {
+    return false;
+  }
   if (['/info/refs?service=git-upload-pack', '/info/refs?service=git-receive-pack'].includes(url)) {
     // https://www.git-scm.com/docs/http-protocol#_discovering_references
     // We can only filter based on User-Agent since the Accept header is not
     // sent in this request
     return agent.startsWith('git/');
   }
   if (['/git-upload-pack', '/git-receive-pack'].includes(url)) {
+    if (!accept) {
+      return false;
+    }
     // https://www.git-scm.com/docs/http-protocol#_uploading_data
-    return agent.startsWith('git/') && accept.startsWith('application/x-git-');
+    return agent.startsWith('git/') && accept.startsWith('application/x-git-') ;
   }
   return false;
 };
@@ -67,7 +73,6 @@ router.use(
 
         if (action.error || action.blocked) {
           res.set('content-type', 'application/x-git-receive-pack-result');
-          res.set('transfer-encoding', 'chunked');
           res.set('expires', 'Fri, 01 Jan 1980 00:00:00 GMT');
           res.set('pragma', 'no-cache');
           res.set('cache-control', 'no-cache, max-age=0, must-revalidate');
 
@@ -43,8 +43,9 @@ const configure = (passport) => {
               const message = `User it not a member of ${userGroup}`;
               return done(message, null);
             }
-          } catch (e) {
-            const message = `An error occurred while checking if the user is a member of the user group: ${JSON.stringify(e)}`;
+          } catch (err) {
+            console.log('ad test (isUser): e', err);
+            const message = `An error occurred while checking if the user is a member of the user group: ${err.message}`;
             return done(message, null);
           }
 
@@ -53,9 +54,9 @@ const configure = (passport) => {
           try {
             isAdmin = await ldaphelper.isUserInAdGroup(req, profile, ad, domain, adminGroup);
 
-          } catch (e) {
-            const message = `An error occurred while checking if the user is a member of the admin group: ${JSON.stringify(e)}`;
-            console.error(message, e); // don't return an error for this case as you may still be a user
+          } catch (err) {
+            const message = `An error occurred while checking if the user is a member of the admin group: ${err.message}`;
+            console.error(message, err); // don't return an error for this case as you may still be a user
           }
 
           profile.admin = isAdmin;
 
@@ -16,7 +16,6 @@ const configure = async () => {
   passport.initialize();
 
   const authMethods = config.getAuthMethods();
-  console.log(`authMethods: ${JSON.stringify(authMethods)}`);
 
   for (const auth of authMethods) {
     const strategy = authStrategies[auth.type.toLowerCase()];