Ensembl · bilalebi · Jun 12, 2026 · Jun 11, 2026 · Jun 12, 2026 · Jun 12, 2026
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -2,8 +2,8 @@ workflow:
   rules:
     # Allow being triggered from thr_k8s parent pipeline
     - if: '$CI_PIPELINE_SOURCE == "pipeline"'
-    # Keep normal behavior for direct pushes / MRs
-    - if: '$CI_PIPELINE_SOURCE == "push"'
+    # Run for all branch pipelines, including mirrored GitHub updates
+    - if: '$CI_COMMIT_BRANCH'
     - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
     - when: never
 

diff --git a/package-lock.json b/package-lock.json
diff --git a/src/components/docs/apis/ApisDocsMenu.js b/src/components/docs/apis/ApisDocsMenu.js
@@ -288,7 +288,7 @@ export default function ApisDocsMenu() {
                                           underline="none">
                                     <ListItem button className={classes.nestedLvl2} key='login'>
                                         <ListItemIcon><HttpIcon/></ListItemIcon>
-                                        <ListItemText primary="GET /api/login"/>
+                                        <ListItemText primary="POST /api/user/login"/>
                                     </ListItem>
                                 </HashLink>
                                 <HashLink to="/docs/api/registration/reference#get_trackhub" className={classes.item}

diff --git a/src/components/docs/apis/RefApiDocs.js b/src/components/docs/apis/RefApiDocs.js
@@ -73,11 +73,11 @@ const RefApiDocs = () => {
                     <p>
                         In all the following examples, it is assumed the client has successfully logged in as
                         user <em>exampleuser</em> and password <em>examplepassword</em> and therefore obtained a valid
-                        access token. This token is used in all the following endpoint examples except /api/login.
+                        access token. This token is used in all the following endpoint examples except /api/user/login.
                     </p>
 
                     <Typography id="login" component="h4" variant="h6">
-                        GET /api/login
+                        POST /api/user/login
                     </Typography>
                     <p>
                         Authenticate the client and obtain an access token in order to make subsequent requests to the
@@ -99,7 +99,7 @@ const RefApiDocs = () => {
                                 </TableRow>
                                 <TableRow>
                                     <TableCell><strong>Authentication</strong></TableCell>
-                                    <TableCell>Basic, MIME Base64</TableCell>
+                                    <TableCell>Username and password</TableCell>
                                 </TableRow>
                                 <TableRow>
                                     <TableCell><strong>Rate Limited</strong></TableCell>
@@ -110,13 +110,37 @@ const RefApiDocs = () => {
                     </TableContainer>
 
                     <h4>Parameters</h4>
-                    <p>None.</p>
+                    <TableContainer component={Paper}>
+                        <Table className={classes.table} aria-label="simple table">
+                            <TableHead>
+                                <TableRow>
+                                    <TableCell><strong>Name</strong></TableCell>
+                                    <TableCell><strong>Description</strong></TableCell>
+                                </TableRow>
+                            </TableHead>
+                            <TableBody>
+                                <TableRow>
+                                    <TableCell>username</TableCell>
+                                    <TableCell>The user's login name</TableCell>
+                                </TableRow>
+                                <TableRow>
+                                    <TableCell>password</TableCell>
+                                    <TableCell>The user's password</TableCell>
+                                </TableRow>
+                            </TableBody>
+                        </Table>
+                    </TableContainer>
 
                     <h4>Example Request</h4>
                     <pre className={classes.codeBlock}>
                         {
-                            `    GET `+ window.location.origin +`/api/login
-    Authorization: Basic ZXhhbXBsZXVzZXI6ZXhhbXBsZXBhc3N3b3Jk`
+                            `    POST `+ window.location.origin +`/api/user/login
+    Content-Type: application/json
+
+    {
+      "username": "exampleuser",
+      "password": "examplepassword"
+    }`
                         }
                     </pre>
 
@@ -1439,4 +1463,4 @@ const RefApiDocs = () => {
 };
 
 
-export default RefApiDocs;
+export default RefApiDocs;
diff --git a/src/components/docs/apis/workflow/DeleteThWfDocs.js b/src/components/docs/apis/workflow/DeleteThWfDocs.js
@@ -81,7 +81,7 @@ logout($server, $user, $auth_token);
 sub login {
   my ($server, $user, $pass) = @_;
 
-  my $request = GET("$server/api/login");
+  my $request = GET("$server/api/user/login");
   $request->headers->authorization_basic($user, $pass);
 
   my $response = $ua->request($request);
@@ -120,7 +120,7 @@ user = 'exampleuser'
 password = 'examplepass'
 
 def login(server, user, password):
-    r = requests.get(server+'/api/login', auth=(user, password), verify=False)
+    r = requests.get(server+'/api/user/login', auth=(user, password), verify=False)
     if not r.ok:
         print "Couldn't login, reason: %s [%d]" % (r.text, r.status_code)
         sys.exit
@@ -154,7 +154,7 @@ user = 'exampleuser'
 password = 'examplepass'
 
 def login(server, user, password):
-    r = requests.get(server+'/api/login', auth=(user, password), verify=True)
+    r = requests.get(server+'/api/user/login', auth=(user, password), verify=True)
     if not r.ok:
         print("Couldn't login, reason: %s [%d]" % (r.text, r.status_code))
         sys.exit
@@ -192,7 +192,7 @@ user = 'exampleuser'
 pass = 'examplepass'
 
 def login(user, pass)
-  request = Net::HTTP::Get.new('/api/login')
+  request = Net::HTTP::Get.new('/api/user/login')
   request.basic_auth(user, pass)
   response = $http.request(request)
 

diff --git a/src/components/docs/apis/workflow/LoginWfDocs.js b/src/components/docs/apis/workflow/LoginWfDocs.js
@@ -63,7 +63,7 @@ use LWP::UserAgent; # install LWP::Protocol::https as well
 my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });
 my $payload = ['username' => 'exampleuser', 'password' => 'examplepass'];
 
-my $request = POST('` + window.location.origin + `/api/login', $payload);
+my $request = POST('` + window.location.origin + `/api/user/login', $payload);
 
 my $response = $ua->request($request);
 my $auth_token;
@@ -79,7 +79,7 @@ if ($response->is_success) {
             tabTitle: `Python2`,
             tabContent: `import requests, sys
 
-url = "` + window.location.origin + `/api/login"
+url = "` + window.location.origin + `/api/user/login"
 payload = {"username": "your_username", "password": "your_password"}
 
 response = requests.post(url, data=payload)
@@ -94,7 +94,7 @@ print 'Logged in [%s]' % auth_token`,
             tabTitle: `Python3`,
             tabContent: `import requests, sys
 
-url = "` + window.location.origin + `/api/login"
+url = "` + window.location.origin + `/api/user/login"
 payload = {"username": "your_username", "password": "your_password"}
 
 response = requests.post(url, data=payload)
@@ -111,7 +111,7 @@ print('Logged in [%s]' % auth_token)`,
 require 'uri'
 
 server='`+ window.location.origin +`'
-path = '/api/login'
+path = '/api/user/login'
 
 url = URI.parse(server)
 http = Net::HTTP.new(url.host, url.port)
@@ -136,14 +136,14 @@ puts "Logged in [#{result["auth_token"]}]"`,
         },
         {
             tabTitle: `Curl`,
-            tabContent: `curl -X POST ` + window.location.origin + `/api/login \\
+            tabContent: `curl -X POST ` + window.location.origin + `/api/user/login \\
   --header 'Content-Type: multipart/form-data' \\
   --form username=exampleuser \\
   --form password=examplepass      
 
 Another method:
 
-curl -X POST ` + window.location.origin + `/api/login \\
+curl -X POST ` + window.location.origin + `/api/user/login \\
      -H "Content-Type: application/json"  \\
      -d "{\\"username\\": \\"exampleuser\\", \\"password\\": \\"examplepass\\"}"`,
         },
@@ -177,10 +177,9 @@ curl -X POST ` + window.location.origin + `/api/login \\
                     </Typography>
                     <p>
                         <ol>
-                            <li>Make a GET request to the <a
-                                href="/docs/api/registration/reference#login">/api/login</a> endpoint
-                                that includes an Authorization header with your username and password in a MIME Base64
-                                encoding;
+                            <li>Make a POST request to the <a
+                                href="/docs/api/registration/reference#login">/api/user/login</a> endpoint
+                                with your username and password;
                             </li>
                             <li>Examine the response. The response code indicates whether the request succeeded, or how
                                 it failed;
@@ -196,17 +195,16 @@ curl -X POST ` + window.location.origin + `/api/login \\
                     </Typography>
                     <p>
                         A request to create a login session must supply the user's credentials in the following form:
-                        <pre className={classes.codeBlock}>user:password</pre>
+                        <pre className={classes.codeBlock}>username=exampleuser&password=examplepassword</pre>
                         <ul>
                             <li>
-                                <em>user</em> is the user's login name
+                                <em>username</em> is the user's login name
                             </li>
                             <li>
                                 <em>password</em> is the user's password
                             </li>
                         </ul>
-                        These credentials must be supplied in a MIME Base64 encoding with an Authorization header, as
-                        specified in RFC 1421.
+                        These credentials can be supplied as form data or JSON.
                     </p>
 
                     <p>
@@ -215,7 +213,7 @@ curl -X POST ` + window.location.origin + `/api/login \\
                         Request:
                         <pre className={classes.codeBlock}>
                         {
-                            `curl -X POST ` + window.location.origin + `/api/login \\
+                            `curl -X POST ` + window.location.origin + `/api/user/login \\
 -d "username=exampleuser" \\
 -d "password=examplepassword"`
                         }
@@ -266,4 +264,4 @@ Content-type: application/json; charset=utf-8
 };
 
 
-export default LoginWfDocs;
+export default LoginWfDocs;
diff --git a/src/components/docs/apis/workflow/RegisteringThWfDocs.js b/src/components/docs/apis/workflow/RegisteringThWfDocs.js
@@ -76,7 +76,7 @@ sub login {
     my ($server) = @_;
     my $ua = LWP::UserAgent->new;
     my $res = $ua->post(
-        "$server/api/login",
+        "$server/api/user/login",
         'Content-Type' => 'application/json',
         Content => to_json({ username => $USER, password => $PASSWORD })
     );
@@ -153,7 +153,7 @@ def login(server):
         "password": PASSWORD
     }
     headers = {"Content-Type": "application/json"}
-    r = requests.post(server+'/api/login', json=data, headers=headers, verify=True)
+    r = requests.post(server+'/api/user/login', json=data, headers=headers, verify=True)
     if not r.ok:
         print("Couldn't login, reason: %s [%d]" % (r.text, r.status_code))
         sys.exit()
@@ -215,7 +215,7 @@ def login(server):
         "password": PASSWORD
     }
     headers = {"Content-Type": "application/json"}
-    r = requests.post(server+'/api/login', json=data, headers=headers, verify=True)
+    r = requests.post(server+'/api/user/login', json=data, headers=headers, verify=True)
     if not r.ok:
         print("Couldn't login, reason: %s [%d]" % (r.text, r.status_code))
         sys.exit
@@ -273,7 +273,7 @@ ASSEMBLIES_MAPPING = {
 }
 
 def login(server)
-  uri = URI.parse("#{server}/api/login")
+  uri = URI.parse("#{server}/api/user/login")
   http = Net::HTTP.new(uri.host, uri.port)
   request = Net::HTTP::Post.new(uri.path, {'Content-Type' => 'application/json'})
   request.body = {username: USER, password: PASSWORD}.to_json

diff --git a/src/components/docs/apis/workflow/RetrieveThWfDocs.js b/src/components/docs/apis/workflow/RetrieveThWfDocs.js
@@ -84,7 +84,7 @@ logout($server, $user, $auth_token);
 sub login {
   my ($server, $user, $pass) = @_;
 
-  my $request = GET("$server/api/login");
+  my $request = GET("$server/api/user/login");
   $request->headers->authorization_basic($user, $pass);
 
   my $response = $ua->request($request);
@@ -123,7 +123,7 @@ user = 'exampleuser'
 password = 'examplepass'
 
 def login(server, user, password):
-    r = requests.get(server+'/api/login', auth=(user, password), verify=False)
+    r = requests.get(server+'/api/user/login', auth=(user, password), verify=False)
     if not r.ok:
         print "Couldn't login, reason: %s [%d]" % (r.text, r.status_code)
         sys.exit
@@ -157,7 +157,7 @@ user = 'exampleuser'
 password = 'examplepass'
 
 def login(server, user, password):
-    r = requests.get(server+'/api/login', auth=(user, password), verify=True)
+    r = requests.get(server+'/api/user/login', auth=(user, password), verify=True)
     if not r.ok:
         print("Couldn't login, reason: %s [%d]" % (r.text, r.status_code))
         sys.exit
@@ -195,7 +195,7 @@ user = 'exampleuser'
 pass = 'examplepass'
 
 def login(user, pass)
-  request = Net::HTTP::Get.new('/api/login')
+  request = Net::HTTP::Get.new('/api/user/login')
   request.basic_auth(user, pass)
   response = $http.request(request)