From 7c736bc7e924e1146d883e76ebc548b8168f87b1 Mon Sep 17 00:00:00 2001 From: Bruno Willenborg Date: Wed, 13 Sep 2023 14:31:47 +0200 Subject: [PATCH 01/26] install ckanext-password-policy --- sddi-base/Dockerfile | 23 +++++++++++++++++++++++ sddi-base/who.ini | 35 +++++++++++++++++++++++++++++++++++ sddi-social/Dockerfile | 2 +- sddi/Dockerfile | 2 +- 4 files changed, 60 insertions(+), 2 deletions(-) create mode 100644 sddi-base/who.ini diff --git a/sddi-base/Dockerfile b/sddi-base/Dockerfile index 57f0e71..7ffa262 100644 --- a/sddi-base/Dockerfile +++ b/sddi-base/Dockerfile @@ -87,6 +87,19 @@ RUN set -ex && \ pip wheel --wheel-dir=/wheels \ git+${CKANEXT_REPEATING_GITHUB_URL}.git@${CKANEXT_REPEATING_VERSION}#egg=ckanext-repeating +# ckanext-password-policy ##################################################### +ARG CKANEXT_PASSWORD_POLICY_VERSION="master" +ENV CKANEXT_PASSWORD_POLICY_VERSION=${CKANEXT_PASSWORD_POLICY_VERSION} +ENV CKANEXT_PASSWORD_POLICY_GITHUB_URL="https://github.com/keitaroinc/ckanext-password-policy" + +RUN set -ex && \ + pip install -r \ + https://raw.githubusercontent.com/keitaroinc/ckanext-password-policy/${CKANEXT_PASSWORD_POLICY_VERSION}/requirements.txt && \ + curl -o /wheels/ckanext-password-policy.txt \ + https://raw.githubusercontent.com/keitaroinc/ckanext-password-policy/${CKANEXT_PASSWORD_POLICY_VERSION}/requirements.txt && \ + pip wheel --wheel-dir=/wheels \ + git+${CKANEXT_PASSWORD_POLICY_GITHUB_URL}.git@${CKANEXT_PASSWORD_POLICY_VERSION}#egg=ckanext-password-policy + # ckanext-spatial ############################################################# FROM ghcr.io/keitaroinc/ckan:${CKAN_VERSION_BUILD_SPATIAL} as extbuild-spatial @@ -124,6 +137,7 @@ FROM ghcr.io/keitaroinc/ckan:${CKAN_VERSION_RUNTIME_STAGE} as runtime ENV CKAN__PLUGINS "image_view text_view recline_view datastore datapusher \ hierarchy_display hierarchy_form display_group relation \ spatial_metadata spatial_query datesearch repeating composite scheming_datasets \ + password_policy \ envvars" # Extra env for compatibility with ckan/base Docker images for downstream k8s @@ -182,8 +196,14 @@ RUN set -ex && \ RUN set -ex && \ pip install --no-index --find-links=${APP_DIR}/ext_wheels ckanext-repeating +# ckanext-password-policy ##################################################### +RUN set -ex && \ + pip install -r ${APP_DIR}/ext_wheels/ckanext-password-policy.txt && \ + pip install --no-index --find-links=${APP_DIR}/ext_wheels ckanext-password-policy + # Copy init scripts and additional files COPY --chown=ckan:ckan initScripts/ ${APP_DIR}/docker-afterinit.d +COPY --chown=ckan:ckan who.ini ${APP_DIR}/who.ini RUN set -ex && \ ckan config-tool "${CKAN_INI}" "ckan.plugins = ${CKAN__PLUGINS}" && \ @@ -193,6 +213,9 @@ RUN set -ex && \ ckan config-tool "${CKAN_INI}" "scheming.presets = ckanext.scheming:presets.json ckanext.repeating:presets.json ckanext.composite:presets.json" && \ ckan config-tool "${CKAN_INI}" "scheming.dataset_fallback = false" && \ ckan config-tool "${CKAN_INI}" "licenses_group_url = https://raw.githubusercontent.com/tum-gis/ckanext-grouphierarchy-sddi/main/ckanext/grouphierarchy/licenses_SDDI.json" && \ + ckan config-tool "${CKAN_INI}" "ckan.password_policy.password_length = 12" && \ + ckan config-tool "${CKAN_INI}" "ckan.password_policy.failed_logins = 3" && \ + ckan config-tool "${CKAN_INI}" "ckan.password_policy.user_locked_time = 600" && \ echo "${TZ}" > /etc/timezone && \ mkdir -p ${CKAN_STORAGE_PATH} && \ chown -R ckan:ckan ${APP_DIR} ${CKAN_STORAGE_PATH} && \ diff --git a/sddi-base/who.ini b/sddi-base/who.ini new file mode 100644 index 0000000..a366543 --- /dev/null +++ b/sddi-base/who.ini @@ -0,0 +1,35 @@ +[plugin:auth_tkt] +use = ckan.lib.repoze_plugins.auth_tkt:make_plugin +# If no secret key is defined here, beaker.session.secret will be used +#secret = somesecret + +# [plugin:friendlyform] +# use = ckan.lib.repoze_plugins.friendly_form:FriendlyFormPlugin + +[plugin:friendlyform] +use = ckanext.password_policy.views:FriendlyFormPlugin_ +login_form_url= /user/login +login_handler_path = /login_generic +logout_handler_path = /user/logout +rememberer_name = auth_tkt +post_login_url = /user/logged_in +post_logout_url = /user/logged_out +charset = utf-8 + +[general] +request_classifier = repoze.who.classifiers:default_request_classifier +challenge_decider = repoze.who.classifiers:default_challenge_decider + +[identifiers] +plugins = + friendlyform;browser + auth_tkt + +[authenticators] +plugins = + auth_tkt + ckan.lib.authenticator:UsernamePasswordAuthenticator + +[challengers] +plugins = + friendlyform;browser diff --git a/sddi-social/Dockerfile b/sddi-social/Dockerfile index 3d3a8c6..fed58d9 100644 --- a/sddi-social/Dockerfile +++ b/sddi-social/Dockerfile @@ -29,7 +29,7 @@ USER root ENV CKAN__PLUGINS "image_view text_view recline_view datastore datapusher \ hierarchy_display hierarchy_form display_group relation \ spatial_metadata spatial_query datesearch repeating composite scheming_datasets \ - resource_proxy geo_view geojson_view wmts_view shp_view \ + password_policy resource_proxy geo_view geojson_view wmts_view shp_view \ dcat dcat_json_interface structured_data \ restricted \ disqus \ diff --git a/sddi/Dockerfile b/sddi/Dockerfile index 69e444a..06fcf64 100644 --- a/sddi/Dockerfile +++ b/sddi/Dockerfile @@ -55,7 +55,7 @@ USER root ENV CKAN__PLUGINS "image_view text_view recline_view datastore datapusher \ hierarchy_display hierarchy_form display_group relation \ spatial_metadata spatial_query datesearch repeating composite scheming_datasets \ - resource_proxy geo_view geojson_view wmts_view shp_view \ + password_policy resource_proxy geo_view geojson_view wmts_view shp_view \ dcat dcat_json_interface structured_data \ restricted \ envvars" From 4f7ba4e73599f7b213dc1889e48aed06a38d5375 Mon Sep 17 00:00:00 2001 From: Bruno Willenborg Date: Wed, 13 Sep 2023 15:46:07 +0200 Subject: [PATCH 02/26] fixed config vars --- sddi-base/Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sddi-base/Dockerfile b/sddi-base/Dockerfile index 7ffa262..8647396 100644 --- a/sddi-base/Dockerfile +++ b/sddi-base/Dockerfile @@ -213,9 +213,9 @@ RUN set -ex && \ ckan config-tool "${CKAN_INI}" "scheming.presets = ckanext.scheming:presets.json ckanext.repeating:presets.json ckanext.composite:presets.json" && \ ckan config-tool "${CKAN_INI}" "scheming.dataset_fallback = false" && \ ckan config-tool "${CKAN_INI}" "licenses_group_url = https://raw.githubusercontent.com/tum-gis/ckanext-grouphierarchy-sddi/main/ckanext/grouphierarchy/licenses_SDDI.json" && \ - ckan config-tool "${CKAN_INI}" "ckan.password_policy.password_length = 12" && \ - ckan config-tool "${CKAN_INI}" "ckan.password_policy.failed_logins = 3" && \ - ckan config-tool "${CKAN_INI}" "ckan.password_policy.user_locked_time = 600" && \ + ckan config-tool "${CKAN_INI}" "ckanext.password_policy.password_length = 12" && \ + ckan config-tool "${CKAN_INI}" "ckanext.password_policy.failed_logins = 3" && \ + ckan config-tool "${CKAN_INI}" "ckanext.password_policy.user_locked_time = 600" && \ echo "${TZ}" > /etc/timezone && \ mkdir -p ${CKAN_STORAGE_PATH} && \ chown -R ckan:ckan ${APP_DIR} ${CKAN_STORAGE_PATH} && \ From 1e38b142de045e4d6e713c248981d7e6c1d9f604 Mon Sep 17 00:00:00 2001 From: Bruno Willenborg Date: Wed, 13 Sep 2023 18:00:42 +0200 Subject: [PATCH 03/26] test montreal branch --- sddi-base/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sddi-base/Dockerfile b/sddi-base/Dockerfile index 8647396..8a83e3e 100644 --- a/sddi-base/Dockerfile +++ b/sddi-base/Dockerfile @@ -88,7 +88,7 @@ RUN set -ex && \ git+${CKANEXT_REPEATING_GITHUB_URL}.git@${CKANEXT_REPEATING_VERSION}#egg=ckanext-repeating # ckanext-password-policy ##################################################### -ARG CKANEXT_PASSWORD_POLICY_VERSION="master" +ARG CKANEXT_PASSWORD_POLICY_VERSION="montreal" ENV CKANEXT_PASSWORD_POLICY_VERSION=${CKANEXT_PASSWORD_POLICY_VERSION} ENV CKANEXT_PASSWORD_POLICY_GITHUB_URL="https://github.com/keitaroinc/ckanext-password-policy" From 10d378acd08306717d0f8714ab0c6dd7e04e0648 Mon Sep 17 00:00:00 2001 From: Bruno Willenborg Date: Thu, 14 Sep 2023 10:54:05 +0200 Subject: [PATCH 04/26] Pin version --- sddi-base/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sddi-base/Dockerfile b/sddi-base/Dockerfile index 8a83e3e..5fb937d 100644 --- a/sddi-base/Dockerfile +++ b/sddi-base/Dockerfile @@ -88,7 +88,7 @@ RUN set -ex && \ git+${CKANEXT_REPEATING_GITHUB_URL}.git@${CKANEXT_REPEATING_VERSION}#egg=ckanext-repeating # ckanext-password-policy ##################################################### -ARG CKANEXT_PASSWORD_POLICY_VERSION="montreal" +ARG CKANEXT_PASSWORD_POLICY_VERSION="5618dc9" ENV CKANEXT_PASSWORD_POLICY_VERSION=${CKANEXT_PASSWORD_POLICY_VERSION} ENV CKANEXT_PASSWORD_POLICY_GITHUB_URL="https://github.com/keitaroinc/ckanext-password-policy" From 28b0d78fb82353a53fb81eeef3c8c6f24f22e82a Mon Sep 17 00:00:00 2001 From: Marija <93824048+MarijaKnezevic@users.noreply.github.com> Date: Sat, 14 Oct 2023 20:05:14 +0200 Subject: [PATCH 05/26] Update CHANGELOG.md --- CHANGELOG.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8eef97c..d515787 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,18 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). For releases `< 1.0.0` minor version steps may indicate breaking changes too. +## [1.2.1] - 2023-10-14 + +### Fixed +- Upstream bugfix for pentest in [ckanext-datesearch](https://github.com/tum-gis/ckanext-datesearch) extension tum-gis/ckanext-datesearch/issues/1 +- Upstream bugfix for pentest in [ckanext-grouphierarchy-sddi](https://github.com/tum-gis/ckanext-grouphierarchy-sddi) extension tum-gis/ckan-docker/pull/40 + - Reducing the number of emails sent for the "Forgot your password?" function + - Cross-Site-Scripting problems mentioned [here](https://github.com/tum-gis/ckan-docker/pull/40) + +### Added +- other other default basemap since the default basemap used in v1.2.0 is not going to be supported anymore ckan/ckanext-spatial/issues/317 + + ## [1.2.0] - 2023-08-21 ### Changed @@ -175,6 +187,7 @@ for production environments.** ### Known issues [Unreleased]: https://github.com/tum-gis/ckan-docker/compare/1.2.0...HEAD +[1.2.1]: https://github.com/tum-gis/ckan-docker/compare/1.2.0...1.2.1 [1.2.0]: https://github.com/tum-gis/ckan-docker/compare/1.1.3...1.2.0 [1.1.3]: https://github.com/tum-gis/ckan-docker/compare/1.1.2...1.1.3 [1.1.2]: https://github.com/tum-gis/ckan-docker/compare/1.1.1...1.1.2 From 908c3b4863a00bf18ef42fff97a9bf6fbd56f3d8 Mon Sep 17 00:00:00 2001 From: Marija <93824048+MarijaKnezevic@users.noreply.github.com> Date: Sat, 14 Oct 2023 20:16:28 +0200 Subject: [PATCH 06/26] Version pinning and adding password policy extension --- sddi-base/Dockerfile | 31 ++++++++++++++++++++++++++----- 1 file changed, 26 insertions(+), 5 deletions(-) diff --git a/sddi-base/Dockerfile b/sddi-base/Dockerfile index 57f0e71..c25a3ae 100644 --- a/sddi-base/Dockerfile +++ b/sddi-base/Dockerfile @@ -24,7 +24,7 @@ RUN set -ex && \ ls -lah /wheels # ckanext-grouphierarchy ###################################################### -ARG CKANEXT_SDDI_VERSION="1.1.2" +ARG CKANEXT_SDDI_VERSION="1.1.3" ENV CKANEXT_SDDI_VERSION=${CKANEXT_SDDI_VERSION} RUN set -ex && \ @@ -50,7 +50,7 @@ RUN set -ex && \ ls -lah /wheels # ckanext-scheming ############################################################ -ARG CKANEXT_SCHEMING_VERSION="5c30bba" +ARG CKANEXT_SCHEMING_VERSION="8548240" ENV CKANEXT_SCHEMING_VERSION=${CKANEXT_SCHEMING_VERSION} ENV CKANEXT_SCHEMING_GITHUB_URL="https://github.com/MarijaKnezevic/ckanext-scheming" @@ -59,7 +59,7 @@ RUN set -ex && \ git+${CKANEXT_SCHEMING_GITHUB_URL}.git@${CKANEXT_SCHEMING_VERSION}#egg=ckanext-scheming # ckanext datesearch ########################################################## -ARG CKANEXT_DATESEARCH_VERSION="1.0.1" +ARG CKANEXT_DATESEARCH_VERSION="1.0.2" ENV CKANEXT_DATESEARCH_VERSION=${CKANEXT_DATESEARCH_VERSION} ENV CKANEXT_DATESEARCH_VERSION_GITHUB_URL="https://github.com/MarijaKnezevic/ckanext-datesearch" @@ -87,10 +87,22 @@ RUN set -ex && \ pip wheel --wheel-dir=/wheels \ git+${CKANEXT_REPEATING_GITHUB_URL}.git@${CKANEXT_REPEATING_VERSION}#egg=ckanext-repeating +# ckanext-password-policy ##################################################### +ARG CKANEXT_PASSWORD_POLICY_VERSION="master" +ENV CKANEXT_PASSWORD_POLICY_VERSION=${CKANEXT_PASSWORD_POLICY_VERSION} +ENV CKANEXT_PASSWORD_POLICY_GITHUB_URL="https://github.com/keitaroinc/ckanext-password-policy" +RUN set -ex && \ + pip install -r \ + https://raw.githubusercontent.com/keitaroinc/ckanext-password-policy/${CKANEXT_PASSWORD_POLICY_VERSION}/requirements.txt && \ + curl -o /wheels/ckanext-password-policy.txt \ + https://raw.githubusercontent.com/keitaroinc/ckanext-password-policy/${CKANEXT_PASSWORD_POLICY_VERSION}/requirements.txt && \ + pip wheel --wheel-dir=/wheels \ + git+${CKANEXT_PASSWORD_POLICY_GITHUB_URL}.git@${CKANEXT_PASSWORD_POLICY_VERSION}#egg=ckanext-password-policy + # ckanext-spatial ############################################################# FROM ghcr.io/keitaroinc/ckan:${CKAN_VERSION_BUILD_SPATIAL} as extbuild-spatial -ARG CKANEXT_SPATIAL_VERSION="90ba354" +ARG CKANEXT_SPATIAL_VERSION="c2118b9" ENV CKANEXT_SPATIAL_VERSION=${CKANEXT_SPATIAL_VERSION} USER root @@ -123,7 +135,7 @@ FROM ghcr.io/keitaroinc/ckan:${CKAN_VERSION_RUNTIME_STAGE} as runtime ENV CKAN__PLUGINS "image_view text_view recline_view datastore datapusher \ hierarchy_display hierarchy_form display_group relation \ - spatial_metadata spatial_query datesearch repeating composite scheming_datasets \ + spatial_metadata spatial_query datesearch repeating composite scheming_datasets password_policy \ envvars" # Extra env for compatibility with ckan/base Docker images for downstream k8s @@ -182,8 +194,14 @@ RUN set -ex && \ RUN set -ex && \ pip install --no-index --find-links=${APP_DIR}/ext_wheels ckanext-repeating +# ckanext-password-policy ##################################################### +RUN set -ex && \ + pip install -r ${APP_DIR}/ext_wheels/ckanext-password-policy.txt && \ + pip install --no-index --find-links=${APP_DIR}/ext_wheels ckanext-password-policy + # Copy init scripts and additional files COPY --chown=ckan:ckan initScripts/ ${APP_DIR}/docker-afterinit.d +COPY --chown=ckan:ckan who.ini ${APP_DIR}/who.ini RUN set -ex && \ ckan config-tool "${CKAN_INI}" "ckan.plugins = ${CKAN__PLUGINS}" && \ @@ -193,6 +211,9 @@ RUN set -ex && \ ckan config-tool "${CKAN_INI}" "scheming.presets = ckanext.scheming:presets.json ckanext.repeating:presets.json ckanext.composite:presets.json" && \ ckan config-tool "${CKAN_INI}" "scheming.dataset_fallback = false" && \ ckan config-tool "${CKAN_INI}" "licenses_group_url = https://raw.githubusercontent.com/tum-gis/ckanext-grouphierarchy-sddi/main/ckanext/grouphierarchy/licenses_SDDI.json" && \ + ckan config-tool "${CKAN_INI}" "ckan.password_policy.password_length = 12" && \ + ckan config-tool "${CKAN_INI}" "ckan.password_policy.failed_logins = 3" && \ + ckan config-tool "${CKAN_INI}" "ckan.password_policy.user_locked_time = 600" && \ echo "${TZ}" > /etc/timezone && \ mkdir -p ${CKAN_STORAGE_PATH} && \ chown -R ckan:ckan ${APP_DIR} ${CKAN_STORAGE_PATH} && \ From de892996be53a99b7a8a74ca10ab0ef2054a15eb Mon Sep 17 00:00:00 2001 From: Marija <93824048+MarijaKnezevic@users.noreply.github.com> Date: Sat, 14 Oct 2023 20:17:38 +0200 Subject: [PATCH 07/26] Create who.ini --- sddi-base/who.ini | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 sddi-base/who.ini diff --git a/sddi-base/who.ini b/sddi-base/who.ini new file mode 100644 index 0000000..a366543 --- /dev/null +++ b/sddi-base/who.ini @@ -0,0 +1,35 @@ +[plugin:auth_tkt] +use = ckan.lib.repoze_plugins.auth_tkt:make_plugin +# If no secret key is defined here, beaker.session.secret will be used +#secret = somesecret + +# [plugin:friendlyform] +# use = ckan.lib.repoze_plugins.friendly_form:FriendlyFormPlugin + +[plugin:friendlyform] +use = ckanext.password_policy.views:FriendlyFormPlugin_ +login_form_url= /user/login +login_handler_path = /login_generic +logout_handler_path = /user/logout +rememberer_name = auth_tkt +post_login_url = /user/logged_in +post_logout_url = /user/logged_out +charset = utf-8 + +[general] +request_classifier = repoze.who.classifiers:default_request_classifier +challenge_decider = repoze.who.classifiers:default_challenge_decider + +[identifiers] +plugins = + friendlyform;browser + auth_tkt + +[authenticators] +plugins = + auth_tkt + ckan.lib.authenticator:UsernamePasswordAuthenticator + +[challengers] +plugins = + friendlyform;browser From a05ad1f357e504a472bda317f6c25dcb15ada43a Mon Sep 17 00:00:00 2001 From: Marija <93824048+MarijaKnezevic@users.noreply.github.com> Date: Sat, 14 Oct 2023 20:18:32 +0200 Subject: [PATCH 08/26] Update Dockerfile --- sddi-social/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sddi-social/Dockerfile b/sddi-social/Dockerfile index 3d3a8c6..fed58d9 100644 --- a/sddi-social/Dockerfile +++ b/sddi-social/Dockerfile @@ -29,7 +29,7 @@ USER root ENV CKAN__PLUGINS "image_view text_view recline_view datastore datapusher \ hierarchy_display hierarchy_form display_group relation \ spatial_metadata spatial_query datesearch repeating composite scheming_datasets \ - resource_proxy geo_view geojson_view wmts_view shp_view \ + password_policy resource_proxy geo_view geojson_view wmts_view shp_view \ dcat dcat_json_interface structured_data \ restricted \ disqus \ From 685fa91b63e3d47d6299692f252dd60d685a5f87 Mon Sep 17 00:00:00 2001 From: Marija <93824048+MarijaKnezevic@users.noreply.github.com> Date: Sat, 14 Oct 2023 20:18:51 +0200 Subject: [PATCH 09/26] Update Dockerfile --- sddi/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sddi/Dockerfile b/sddi/Dockerfile index 69e444a..06fcf64 100644 --- a/sddi/Dockerfile +++ b/sddi/Dockerfile @@ -55,7 +55,7 @@ USER root ENV CKAN__PLUGINS "image_view text_view recline_view datastore datapusher \ hierarchy_display hierarchy_form display_group relation \ spatial_metadata spatial_query datesearch repeating composite scheming_datasets \ - resource_proxy geo_view geojson_view wmts_view shp_view \ + password_policy resource_proxy geo_view geojson_view wmts_view shp_view \ dcat dcat_json_interface structured_data \ restricted \ envvars" From c4c7bcf7e7cc72c4ffbd3533e821a7971e58ef5b Mon Sep 17 00:00:00 2001 From: Marija <93824048+MarijaKnezevic@users.noreply.github.com> Date: Sat, 14 Oct 2023 20:24:00 +0200 Subject: [PATCH 10/26] Version pinning --- README.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 9ea1d58..442d22a 100644 --- a/README.md +++ b/README.md @@ -169,18 +169,19 @@ are alway pinned to a stable release number or commit hash. | Extension | Version | `sddi-base` | `sddi` | `sddi-social` | Description | |---|---|:---:|:---:|:---:|---| -| [`scheming`](https://github.com/MarijaKnezevic/ckanext-scheming) | `5c30bba` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Configure and share CKAN dataset metadata forms. | +| [`scheming`](https://github.com/MarijaKnezevic/ckanext-scheming) | `8548240` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Configure and share CKAN dataset metadata forms. | | [`hierarchy`](https://github.com/ckan/ckanext-hierarchy) | `v1.2.0` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Allows to organize organizations and groups in a hierarchy tree (nested groups/orgs). | -| [`grouphierarchysddi`](https://github.com/tum-gis/ckanext-grouphierarchy-sddi) | `1.1.2` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Extends `hierarchy` with pre-defined groups and topics of the SDDI concept. | +| [`grouphierarchysddi`](https://github.com/tum-gis/ckanext-grouphierarchy-sddi) | `1.1.3` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Extends `hierarchy` with pre-defined groups and topics of the SDDI concept. | | [`relation`](https://github.com/tum-gis/ckanext-relation-sddi) | `1.0.2` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Enables to create and visualize different types of relations (*realated_to*, *depends_on*, *part_of*) between catalog entries. | -| [`spatial`](https://github.com/MarijaKnezevic/ckanext-spatial) | `90ba354` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Provides the ability to search for datasets according to a given spatial extent. | -| [`datesearch`](https://github.com/MarijaKnezevic/ckanext-datesearch) | `1.0.1` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Provides the ability to search for datasets according to a given time frame. The search includes all datasets, in which the time of validity overlaps in at least one second with the search time frame. | +| [`spatial`](https://github.com/MarijaKnezevic/ckanext-spatial) | `c2118b9` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Provides the ability to search for datasets according to a given spatial extent. | +| [`datesearch`](https://github.com/MarijaKnezevic/ckanext-datesearch) | `1.0.2` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Provides the ability to search for datasets according to a given time frame. The search includes all datasets, in which the time of validity overlaps in at least one second with the search time frame. | | [`repeating`](https://github.com/MarijaKnezevic/ckanext-repeating) | `1.0.0` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | This extension provides a way to store repeating fields in CKAN datasets, resources, organizations and groups. | | [`composite`](https://github.com/EnviDat/ckanext-composite) | `1e6d7bb` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | The extension allows to store structured dataset metadata, single or multiple fields. Only one level of subfields is possible. The subfields can be basic text, date type or dropboxes. | | [`restricted`](https://github.com/MarijaKnezevic/ckanext-restricted) | `1.0.0` | | :heavy_check_mark: | :heavy_check_mark: | CKAN extension to restrict the accessibility to the resources of a dataset. This way the package metadata is accesible but not the data itself (resource). The resource access restriction level can be individualy defined for every package. | | [`dcat`](https://github.com/ckan/ckanext-dcat) | `v1.4.0` | | :heavy_check_mark: | :heavy_check_mark: | Allow CKAN to expose and consume metadata from other catalogs using RDF documents serialized using DCAT. | | [`geoview`](https://github.com/ckan/ckanext-geoview) | `v0.0.20` | | :heavy_check_mark: | :heavy_check_mark: | This extension contains view plugins to display geospatial files and services in CKAN. | | [`disqus`](https://github.com/ckan/ckanext-disqus) | | | | :heavy_check_mark: | The Disqus extension allows site visitors to comment on individual packages using an AJAX-based commenting system. The downsides of this plugin are that comments are not stored locally and user information is not shared between CKAN and the commenting system. | +| [`password_policy`](https://github.com/keitaroinc/ckanext-password-policy") | `master`|:heavy_check_mark: |:heavy_check_mark:| :heavy_check_mark: | CKAN extension that adds password policy for all the users. | ## :rocket: Usage From 10b95dabc4800740bee3ec14038b5c07e2828164 Mon Sep 17 00:00:00 2001 From: Bruno Willenborg Date: Sun, 15 Oct 2023 19:15:44 +0200 Subject: [PATCH 11/26] Drop ckanext-password-policy stuff --- sddi-base/Dockerfile | 20 -------------------- sddi-social/Dockerfile | 2 +- sddi/Dockerfile | 2 +- 3 files changed, 2 insertions(+), 22 deletions(-) diff --git a/sddi-base/Dockerfile b/sddi-base/Dockerfile index c25a3ae..5ac51ba 100644 --- a/sddi-base/Dockerfile +++ b/sddi-base/Dockerfile @@ -87,18 +87,6 @@ RUN set -ex && \ pip wheel --wheel-dir=/wheels \ git+${CKANEXT_REPEATING_GITHUB_URL}.git@${CKANEXT_REPEATING_VERSION}#egg=ckanext-repeating -# ckanext-password-policy ##################################################### -ARG CKANEXT_PASSWORD_POLICY_VERSION="master" -ENV CKANEXT_PASSWORD_POLICY_VERSION=${CKANEXT_PASSWORD_POLICY_VERSION} -ENV CKANEXT_PASSWORD_POLICY_GITHUB_URL="https://github.com/keitaroinc/ckanext-password-policy" -RUN set -ex && \ - pip install -r \ - https://raw.githubusercontent.com/keitaroinc/ckanext-password-policy/${CKANEXT_PASSWORD_POLICY_VERSION}/requirements.txt && \ - curl -o /wheels/ckanext-password-policy.txt \ - https://raw.githubusercontent.com/keitaroinc/ckanext-password-policy/${CKANEXT_PASSWORD_POLICY_VERSION}/requirements.txt && \ - pip wheel --wheel-dir=/wheels \ - git+${CKANEXT_PASSWORD_POLICY_GITHUB_URL}.git@${CKANEXT_PASSWORD_POLICY_VERSION}#egg=ckanext-password-policy - # ckanext-spatial ############################################################# FROM ghcr.io/keitaroinc/ckan:${CKAN_VERSION_BUILD_SPATIAL} as extbuild-spatial @@ -194,11 +182,6 @@ RUN set -ex && \ RUN set -ex && \ pip install --no-index --find-links=${APP_DIR}/ext_wheels ckanext-repeating -# ckanext-password-policy ##################################################### -RUN set -ex && \ - pip install -r ${APP_DIR}/ext_wheels/ckanext-password-policy.txt && \ - pip install --no-index --find-links=${APP_DIR}/ext_wheels ckanext-password-policy - # Copy init scripts and additional files COPY --chown=ckan:ckan initScripts/ ${APP_DIR}/docker-afterinit.d COPY --chown=ckan:ckan who.ini ${APP_DIR}/who.ini @@ -211,9 +194,6 @@ RUN set -ex && \ ckan config-tool "${CKAN_INI}" "scheming.presets = ckanext.scheming:presets.json ckanext.repeating:presets.json ckanext.composite:presets.json" && \ ckan config-tool "${CKAN_INI}" "scheming.dataset_fallback = false" && \ ckan config-tool "${CKAN_INI}" "licenses_group_url = https://raw.githubusercontent.com/tum-gis/ckanext-grouphierarchy-sddi/main/ckanext/grouphierarchy/licenses_SDDI.json" && \ - ckan config-tool "${CKAN_INI}" "ckan.password_policy.password_length = 12" && \ - ckan config-tool "${CKAN_INI}" "ckan.password_policy.failed_logins = 3" && \ - ckan config-tool "${CKAN_INI}" "ckan.password_policy.user_locked_time = 600" && \ echo "${TZ}" > /etc/timezone && \ mkdir -p ${CKAN_STORAGE_PATH} && \ chown -R ckan:ckan ${APP_DIR} ${CKAN_STORAGE_PATH} && \ diff --git a/sddi-social/Dockerfile b/sddi-social/Dockerfile index fed58d9..3d3a8c6 100644 --- a/sddi-social/Dockerfile +++ b/sddi-social/Dockerfile @@ -29,7 +29,7 @@ USER root ENV CKAN__PLUGINS "image_view text_view recline_view datastore datapusher \ hierarchy_display hierarchy_form display_group relation \ spatial_metadata spatial_query datesearch repeating composite scheming_datasets \ - password_policy resource_proxy geo_view geojson_view wmts_view shp_view \ + resource_proxy geo_view geojson_view wmts_view shp_view \ dcat dcat_json_interface structured_data \ restricted \ disqus \ diff --git a/sddi/Dockerfile b/sddi/Dockerfile index 06fcf64..69e444a 100644 --- a/sddi/Dockerfile +++ b/sddi/Dockerfile @@ -55,7 +55,7 @@ USER root ENV CKAN__PLUGINS "image_view text_view recline_view datastore datapusher \ hierarchy_display hierarchy_form display_group relation \ spatial_metadata spatial_query datesearch repeating composite scheming_datasets \ - password_policy resource_proxy geo_view geojson_view wmts_view shp_view \ + resource_proxy geo_view geojson_view wmts_view shp_view \ dcat dcat_json_interface structured_data \ restricted \ envvars" From 029115fdabeb414cd70a32bf1aac1000c2491643 Mon Sep 17 00:00:00 2001 From: Bruno Willenborg Date: Sun, 15 Oct 2023 19:15:59 +0200 Subject: [PATCH 12/26] Fixes and corrections --- CHANGELOG.md | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d515787..42124f5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,18 +6,21 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). For releases `< 1.0.0` minor version steps may indicate breaking changes too. -## [1.2.1] - 2023-10-14 - -### Fixed -- Upstream bugfix for pentest in [ckanext-datesearch](https://github.com/tum-gis/ckanext-datesearch) extension tum-gis/ckanext-datesearch/issues/1 -- Upstream bugfix for pentest in [ckanext-grouphierarchy-sddi](https://github.com/tum-gis/ckanext-grouphierarchy-sddi) extension tum-gis/ckan-docker/pull/40 - - Reducing the number of emails sent for the "Forgot your password?" function - - Cross-Site-Scripting problems mentioned [here](https://github.com/tum-gis/ckan-docker/pull/40) +## [1.3.0] - 2023-10-15 ### Added -- other other default basemap since the default basemap used in v1.2.0 is not going to be supported anymore ckan/ckanext-spatial/issues/317 - +- Changed default basemap in map views, see ckan/ckanext-spatial#317 + +### Changed + +- Upstream bugfix for pentest in [ckanext-datesearch](https://github.com/tum-gis/ckanext-datesearch) + extension tum-gis/ckanext-datesearch#1 +- Upstream bugfix for pentest in [ckanext-grouphierarchy-sddi](https://github.com/tum-gis/ckanext-grouphierarchy-sddi) + extension tum-gis/ckan-docker#40 + - Limit emails sent for the "Forgot your password?" function + - Cross-Site-Scripting problems mentioned [here](https://github.com/tum-gis/ckan-docker/pull/40) + ## [1.2.0] - 2023-08-21 ### Changed @@ -104,7 +107,7 @@ for production environments.** - Added `CKAN_INI` env var for CKAN config.ini file path for better compatibility with official CKAN images - Set timezone using `TZ` env var -- Allow setting runtime base image with ` BASEIMAGE_REPOSITORY` build arg +- Allow setting runtime base image with `BASEIMAGE_REPOSITORY` build arg ### Changed @@ -186,8 +189,8 @@ for production environments.** ### Known issues -[Unreleased]: https://github.com/tum-gis/ckan-docker/compare/1.2.0...HEAD -[1.2.1]: https://github.com/tum-gis/ckan-docker/compare/1.2.0...1.2.1 +[Unreleased]: https://github.com/tum-gis/ckan-docker/compare/1.3.0...HEAD +[1.3.0]: https://github.com/tum-gis/ckan-docker/compare/1.2.0...1.3.0 [1.2.0]: https://github.com/tum-gis/ckan-docker/compare/1.1.3...1.2.0 [1.1.3]: https://github.com/tum-gis/ckan-docker/compare/1.1.2...1.1.3 [1.1.2]: https://github.com/tum-gis/ckan-docker/compare/1.1.1...1.1.2 From 46514fb55ec86031de0ddb1c9ec0a65a67f61949 Mon Sep 17 00:00:00 2001 From: Bruno Willenborg Date: Thu, 19 Oct 2023 19:48:52 +0200 Subject: [PATCH 13/26] Update changelog --- CHANGELOG.md | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 091987a..a55543c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,20 +6,30 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). For releases `< 1.0.0` minor version steps may indicate breaking changes too. -## [1.3.0] - 2023-10-15 +## [2.0.0] - 2023-10-19 + +### Breaking + +- Added [ckanext-password-policy](https://github.com/keitaroinc/ckanext-password-policy/tree/montreal). + This may break existing installations. The default password policy settings are: + + - `ckanext.password_policy.password_length=12` + - `ckanext.password_policy.failed_logins=3` + - `ckanext.password_policy.user_locked_time=600` ### Added - Changed default basemap in map views, see ckan/ckanext-spatial#317 -### Changed +### Security + +This release contains several security relevant changes and fixes. +The issues are discussed in #40. -- Upstream bugfix for pentest in [ckanext-datesearch](https://github.com/tum-gis/ckanext-datesearch) - extension tum-gis/ckanext-datesearch#1 -- Upstream bugfix for pentest in [ckanext-grouphierarchy-sddi](https://github.com/tum-gis/ckanext-grouphierarchy-sddi) - extension tum-gis/ckan-docker#40 - - Limit emails sent for the "Forgot your password?" function - - Cross-Site-Scripting problems mentioned [here](https://github.com/tum-gis/ckan-docker/pull/40) +- Updated dependencies in [ckanext-datesearch](https://github.com/tum-gis/ckanext-datesearch), tum-gis/ckanext-datesearch#1 +- Several fixes in [ckanext-grouphierarchy-sddi](https://github.com/tum-gis/ckanext-grouphierarchy-sddi) +- Limit emails sent for the "Forgot your password?" function +- Added Cross-Site-Scripting protection ## [1.2.0] - 2023-08-21 @@ -201,8 +211,8 @@ for production environments.** ### Known issues -[Unreleased]: https://github.com/tum-gis/ckan-docker/compare/1.3.0...HEAD -[1.3.0]: https://github.com/tum-gis/ckan-docker/compare/1.2.0...1.3.0 +[Unreleased]: https://github.com/tum-gis/ckan-docker/compare/2.0.0...HEAD +[2.0.0]: https://github.com/tum-gis/ckan-docker/compare/1.2.0...2.0.0 [1.2.0]: https://github.com/tum-gis/ckan-docker/compare/1.1.3...1.2.0 [1.1.3]: https://github.com/tum-gis/ckan-docker/compare/1.1.2...1.1.3 [1.1.2]: https://github.com/tum-gis/ckan-docker/compare/1.1.1...1.1.2 From 25cbca2586e744f84059c23998ca427f2685c7da Mon Sep 17 00:00:00 2001 From: Marija <93824048+MarijaKnezevic@users.noreply.github.com> Date: Tue, 24 Oct 2023 14:29:50 +0200 Subject: [PATCH 14/26] Update Dockerfile --- sddi-base/Dockerfile | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/sddi-base/Dockerfile b/sddi-base/Dockerfile index 3ae3fb8..f92861f 100644 --- a/sddi-base/Dockerfile +++ b/sddi-base/Dockerfile @@ -37,7 +37,7 @@ RUN set -ex && \ ls -lah /wheels # ckanext-relation ############################################################ -ARG CKANEXT_RELATION_VERSION="1.0.2" +ARG CKANEXT_RELATION_VERSION="1.0.3" ENV CKANEXT_RELATION_VERSION=${CKANEXT_RELATION_VERSION} RUN set -ex && \ @@ -134,7 +134,7 @@ RUN set -ex && \ ############################################################################### FROM ghcr.io/keitaroinc/ckan:${CKAN_VERSION_RUNTIME_STAGE} as runtime -ENV CKAN__PLUGINS "image_view text_view recline_view datastore datapusher \ +ENV CKAN__PLUGINS "image_view text_view recline_view webpage_view datastore datapusher \ hierarchy_display hierarchy_form display_group relation \ spatial_metadata spatial_query datesearch repeating composite scheming_datasets \ password_policy \ @@ -216,6 +216,9 @@ RUN set -ex && \ ckan config-tool "${CKAN_INI}" "ckanext.password_policy.password_length = 12" && \ ckan config-tool "${CKAN_INI}" "ckanext.password_policy.failed_logins = 3" && \ ckan config-tool "${CKAN_INI}" "ckanext.password_policy.user_locked_time = 600" && \ + ckan config-tool "${CKAN_INI}" "ckanext.spatial.common_map.type = custom" && \ + ckan config-tool "${CKAN_INI}" "ckanext.spatial.common_map.custom.url = https://b.tiles.mapbox.com/styles/v1/mapbox/satellite-streets-v11/tiles/{z}/{x}/{y}?access_token=pk.eyJ1Ijoid2RlaWdlbGUiLCJhIjoiY2tiNWxhNmRxMHF0cTJ0bzI4Zjhua2JmZSJ9.UMGtDXPfs2z2Smc1N0p9Qw" && \ + ckan config-tool "${CKAN_INI}" "ckanext.spatial.common_map.attribution = Tiles by MapBox" && \ echo "${TZ}" > /etc/timezone && \ mkdir -p ${CKAN_STORAGE_PATH} && \ chown -R ckan:ckan ${APP_DIR} ${CKAN_STORAGE_PATH} && \ From 9494487882c4b1a0640b54aeec580f62294252e0 Mon Sep 17 00:00:00 2001 From: Marija <93824048+MarijaKnezevic@users.noreply.github.com> Date: Tue, 24 Oct 2023 14:30:29 +0200 Subject: [PATCH 15/26] Update Dockerfile --- sddi-social/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sddi-social/Dockerfile b/sddi-social/Dockerfile index fed58d9..6a59563 100644 --- a/sddi-social/Dockerfile +++ b/sddi-social/Dockerfile @@ -26,7 +26,7 @@ FROM ${BASEIMAGE_REPOSITORY}:${BASEIMAGE_VERSION} as runtime USER root -ENV CKAN__PLUGINS "image_view text_view recline_view datastore datapusher \ +ENV CKAN__PLUGINS "image_view text_view recline_view webpage_view datastore datapusher \ hierarchy_display hierarchy_form display_group relation \ spatial_metadata spatial_query datesearch repeating composite scheming_datasets \ password_policy resource_proxy geo_view geojson_view wmts_view shp_view \ From 4942ac47afc8e8a7eae1b778a583ac6da84d65fd Mon Sep 17 00:00:00 2001 From: Marija <93824048+MarijaKnezevic@users.noreply.github.com> Date: Tue, 24 Oct 2023 14:30:43 +0200 Subject: [PATCH 16/26] Update Dockerfile --- sddi/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sddi/Dockerfile b/sddi/Dockerfile index 06fcf64..5ce20f5 100644 --- a/sddi/Dockerfile +++ b/sddi/Dockerfile @@ -52,7 +52,7 @@ FROM ${BASEIMAGE_REPOSITORY}:${BASEIMAGE_VERSION} as runtime USER root -ENV CKAN__PLUGINS "image_view text_view recline_view datastore datapusher \ +ENV CKAN__PLUGINS "image_view text_view recline_view webpage_view datastore datapusher \ hierarchy_display hierarchy_form display_group relation \ spatial_metadata spatial_query datesearch repeating composite scheming_datasets \ password_policy resource_proxy geo_view geojson_view wmts_view shp_view \ From 7da7a0ae7df19bae9ba23fa9d57f61d5b11bb1fc Mon Sep 17 00:00:00 2001 From: Marija <93824048+MarijaKnezevic@users.noreply.github.com> Date: Tue, 24 Oct 2023 14:32:45 +0200 Subject: [PATCH 17/26] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a55543c..9794b7f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,7 @@ For releases `< 1.0.0` minor version steps may indicate breaking changes too. ### Added - Changed default basemap in map views, see ckan/ckanext-spatial#317 +- Added new resource preview - [webpage view](webpage_view) ### Security From 404e23d70e7dbe0bd12ddfdf1e4bff97b80ea5af Mon Sep 17 00:00:00 2001 From: Marija <93824048+MarijaKnezevic@users.noreply.github.com> Date: Tue, 24 Oct 2023 14:34:05 +0200 Subject: [PATCH 18/26] Version pinning --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4550911..bc2fdf2 100644 --- a/README.md +++ b/README.md @@ -182,7 +182,7 @@ are alway pinned to a stable release number or commit hash. | [`scheming`](https://github.com/MarijaKnezevic/ckanext-scheming) | `8548240` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Configure and share CKAN dataset metadata forms. | | [`hierarchy`](https://github.com/ckan/ckanext-hierarchy) | `v1.2.0` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Allows to organize organizations and groups in a hierarchy tree (nested groups/orgs). | | [`grouphierarchysddi`](https://github.com/tum-gis/ckanext-grouphierarchy-sddi) | `1.1.3` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Extends `hierarchy` with pre-defined groups and topics of the SDDI concept. | -| [`relation`](https://github.com/tum-gis/ckanext-relation-sddi) | `1.0.2` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Enables to create and visualize different types of relations (*realated_to*, *depends_on*, *part_of*) between catalog entries. | +| [`relation`](https://github.com/tum-gis/ckanext-relation-sddi) | `1.0.3` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Enables to create and visualize different types of relations (*realated_to*, *depends_on*, *part_of*) between catalog entries. | | [`spatial`](https://github.com/MarijaKnezevic/ckanext-spatial) | `c2118b9` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Provides the ability to search for datasets according to a given spatial extent. | | [`datesearch`](https://github.com/MarijaKnezevic/ckanext-datesearch) | `1.0.2` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Provides the ability to search for datasets according to a given time frame. The search includes all datasets, in which the time of validity overlaps in at least one second with the search time frame. | | [`repeating`](https://github.com/MarijaKnezevic/ckanext-repeating) | `1.0.0` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | This extension provides a way to store repeating fields in CKAN datasets, resources, organizations and groups. | From c7dc37fc4a6cdba327994967fced9937369f74b6 Mon Sep 17 00:00:00 2001 From: Marija <93824048+MarijaKnezevic@users.noreply.github.com> Date: Tue, 24 Oct 2023 15:47:28 +0200 Subject: [PATCH 19/26] Update Dockerfile --- sddi-base/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/sddi-base/Dockerfile b/sddi-base/Dockerfile index f92861f..54fa615 100644 --- a/sddi-base/Dockerfile +++ b/sddi-base/Dockerfile @@ -214,6 +214,7 @@ RUN set -ex && \ ckan config-tool "${CKAN_INI}" "scheming.dataset_fallback = false" && \ ckan config-tool "${CKAN_INI}" "licenses_group_url = https://raw.githubusercontent.com/tum-gis/ckanext-grouphierarchy-sddi/main/ckanext/grouphierarchy/licenses_SDDI.json" && \ ckan config-tool "${CKAN_INI}" "ckanext.password_policy.password_length = 12" && \ + ckan config-tool "${CKAN_INI}" "ckan.auth.public_user_details = False" && \ ckan config-tool "${CKAN_INI}" "ckanext.password_policy.failed_logins = 3" && \ ckan config-tool "${CKAN_INI}" "ckanext.password_policy.user_locked_time = 600" && \ ckan config-tool "${CKAN_INI}" "ckanext.spatial.common_map.type = custom" && \ From 6724b0d480549913a572a322aba17e571ec2ac2e Mon Sep 17 00:00:00 2001 From: Marija <93824048+MarijaKnezevic@users.noreply.github.com> Date: Tue, 24 Oct 2023 15:59:56 +0200 Subject: [PATCH 20/26] Update Dockerfile --- sddi-base/Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/sddi-base/Dockerfile b/sddi-base/Dockerfile index 54fa615..f92861f 100644 --- a/sddi-base/Dockerfile +++ b/sddi-base/Dockerfile @@ -214,7 +214,6 @@ RUN set -ex && \ ckan config-tool "${CKAN_INI}" "scheming.dataset_fallback = false" && \ ckan config-tool "${CKAN_INI}" "licenses_group_url = https://raw.githubusercontent.com/tum-gis/ckanext-grouphierarchy-sddi/main/ckanext/grouphierarchy/licenses_SDDI.json" && \ ckan config-tool "${CKAN_INI}" "ckanext.password_policy.password_length = 12" && \ - ckan config-tool "${CKAN_INI}" "ckan.auth.public_user_details = False" && \ ckan config-tool "${CKAN_INI}" "ckanext.password_policy.failed_logins = 3" && \ ckan config-tool "${CKAN_INI}" "ckanext.password_policy.user_locked_time = 600" && \ ckan config-tool "${CKAN_INI}" "ckanext.spatial.common_map.type = custom" && \ From 9c5b815d19a41b6fe1eea31a2a8ec63fe0e3e5d1 Mon Sep 17 00:00:00 2001 From: Marija <93824048+MarijaKnezevic@users.noreply.github.com> Date: Tue, 24 Oct 2023 17:13:46 +0200 Subject: [PATCH 21/26] Update Dockerfile --- sddi-base/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/sddi-base/Dockerfile b/sddi-base/Dockerfile index f92861f..1081733 100644 --- a/sddi-base/Dockerfile +++ b/sddi-base/Dockerfile @@ -216,6 +216,7 @@ RUN set -ex && \ ckan config-tool "${CKAN_INI}" "ckanext.password_policy.password_length = 12" && \ ckan config-tool "${CKAN_INI}" "ckanext.password_policy.failed_logins = 3" && \ ckan config-tool "${CKAN_INI}" "ckanext.password_policy.user_locked_time = 600" && \ + ckan config-tool "${CKAN_INI}" "ckan.auth.public_user_details = False" && \ ckan config-tool "${CKAN_INI}" "ckanext.spatial.common_map.type = custom" && \ ckan config-tool "${CKAN_INI}" "ckanext.spatial.common_map.custom.url = https://b.tiles.mapbox.com/styles/v1/mapbox/satellite-streets-v11/tiles/{z}/{x}/{y}?access_token=pk.eyJ1Ijoid2RlaWdlbGUiLCJhIjoiY2tiNWxhNmRxMHF0cTJ0bzI4Zjhua2JmZSJ9.UMGtDXPfs2z2Smc1N0p9Qw" && \ ckan config-tool "${CKAN_INI}" "ckanext.spatial.common_map.attribution = Tiles by MapBox" && \ From d3a5f2ea4f985e3a939edbd50135f67562027b45 Mon Sep 17 00:00:00 2001 From: Marija <93824048+MarijaKnezevic@users.noreply.github.com> Date: Tue, 24 Oct 2023 17:28:42 +0200 Subject: [PATCH 22/26] Update Dockerfile --- sddi-base/Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/sddi-base/Dockerfile b/sddi-base/Dockerfile index 1081733..f92861f 100644 --- a/sddi-base/Dockerfile +++ b/sddi-base/Dockerfile @@ -216,7 +216,6 @@ RUN set -ex && \ ckan config-tool "${CKAN_INI}" "ckanext.password_policy.password_length = 12" && \ ckan config-tool "${CKAN_INI}" "ckanext.password_policy.failed_logins = 3" && \ ckan config-tool "${CKAN_INI}" "ckanext.password_policy.user_locked_time = 600" && \ - ckan config-tool "${CKAN_INI}" "ckan.auth.public_user_details = False" && \ ckan config-tool "${CKAN_INI}" "ckanext.spatial.common_map.type = custom" && \ ckan config-tool "${CKAN_INI}" "ckanext.spatial.common_map.custom.url = https://b.tiles.mapbox.com/styles/v1/mapbox/satellite-streets-v11/tiles/{z}/{x}/{y}?access_token=pk.eyJ1Ijoid2RlaWdlbGUiLCJhIjoiY2tiNWxhNmRxMHF0cTJ0bzI4Zjhua2JmZSJ9.UMGtDXPfs2z2Smc1N0p9Qw" && \ ckan config-tool "${CKAN_INI}" "ckanext.spatial.common_map.attribution = Tiles by MapBox" && \ From 5089822e4f2ab40ce81d20f3de170565b9f6d9e8 Mon Sep 17 00:00:00 2001 From: Marija <93824048+MarijaKnezevic@users.noreply.github.com> Date: Fri, 27 Oct 2023 13:29:07 +0200 Subject: [PATCH 23/26] custom map tipe update --- sddi-base/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sddi-base/Dockerfile b/sddi-base/Dockerfile index f92861f..d0f5481 100644 --- a/sddi-base/Dockerfile +++ b/sddi-base/Dockerfile @@ -217,8 +217,8 @@ RUN set -ex && \ ckan config-tool "${CKAN_INI}" "ckanext.password_policy.failed_logins = 3" && \ ckan config-tool "${CKAN_INI}" "ckanext.password_policy.user_locked_time = 600" && \ ckan config-tool "${CKAN_INI}" "ckanext.spatial.common_map.type = custom" && \ - ckan config-tool "${CKAN_INI}" "ckanext.spatial.common_map.custom.url = https://b.tiles.mapbox.com/styles/v1/mapbox/satellite-streets-v11/tiles/{z}/{x}/{y}?access_token=pk.eyJ1Ijoid2RlaWdlbGUiLCJhIjoiY2tiNWxhNmRxMHF0cTJ0bzI4Zjhua2JmZSJ9.UMGtDXPfs2z2Smc1N0p9Qw" && \ - ckan config-tool "${CKAN_INI}" "ckanext.spatial.common_map.attribution = Tiles by MapBox" && \ + ckan config-tool "${CKAN_INI}" "ckanext.spatial.common_map.custom.url = https://tile.openstreetmap.de/{z}/{x}/{y}.png" && \ + ckan config-tool "${CKAN_INI}" "ckanext.spatial.common_map.attribution = OpenStreetMap contributors." && \ echo "${TZ}" > /etc/timezone && \ mkdir -p ${CKAN_STORAGE_PATH} && \ chown -R ckan:ckan ${APP_DIR} ${CKAN_STORAGE_PATH} && \ From 5ed44af9d27ffface410afcbc42055807b179363 Mon Sep 17 00:00:00 2001 From: Bruno Willenborg Date: Thu, 2 Nov 2023 10:54:43 +0100 Subject: [PATCH 24/26] Update Changelog --- CHANGELOG.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9794b7f..ccf1b71 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). For releases `< 1.0.0` minor version steps may indicate breaking changes too. -## [2.0.0] - 2023-10-19 +## [2.0.0] - 2023-11-02 ### Breaking @@ -32,6 +32,10 @@ The issues are discussed in #40. - Limit emails sent for the "Forgot your password?" function - Added Cross-Site-Scripting protection +### Known issues + +- Password's containing "@" are not accepted, see keitaroinc/ckanext-password-policy#6 + ## [1.2.0] - 2023-08-21 ### Added From 27d16359392a9888f91401fa445e4326bedd2050 Mon Sep 17 00:00:00 2001 From: Bruno Willenborg Date: Thu, 2 Nov 2023 12:00:34 +0100 Subject: [PATCH 25/26] minor fix --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ccf1b71..8c5b0cc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,7 +20,7 @@ For releases `< 1.0.0` minor version steps may indicate breaking changes too. ### Added - Changed default basemap in map views, see ckan/ckanext-spatial#317 -- Added new resource preview - [webpage view](webpage_view) +- Enabled new resource preview - [webpage view](webpage_view) ### Security From 5309a1db78cdf91bcf60ffb3169644a91ff8f04c Mon Sep 17 00:00:00 2001 From: Bruno Willenborg Date: Thu, 2 Nov 2023 12:18:07 +0100 Subject: [PATCH 26/26] Fixed version info --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index bc2fdf2..ca305f9 100644 --- a/README.md +++ b/README.md @@ -191,7 +191,7 @@ are alway pinned to a stable release number or commit hash. | [`dcat`](https://github.com/ckan/ckanext-dcat) | `v1.4.0` | | :heavy_check_mark: | :heavy_check_mark: | Allow CKAN to expose and consume metadata from other catalogs using RDF documents serialized using DCAT. | | [`geoview`](https://github.com/ckan/ckanext-geoview) | `v0.0.20` | | :heavy_check_mark: | :heavy_check_mark: | This extension contains view plugins to display geospatial files and services in CKAN. | | [`disqus`](https://github.com/ckan/ckanext-disqus) | | | | :heavy_check_mark: | The Disqus extension allows site visitors to comment on individual packages using an AJAX-based commenting system. The downsides of this plugin are that comments are not stored locally and user information is not shared between CKAN and the commenting system. | -| [`password_policy`](https://github.com/keitaroinc/ckanext-password-policy") | `master`|:heavy_check_mark: |:heavy_check_mark:| :heavy_check_mark: | CKAN extension that adds password policy for all the users. | +| [`password_policy`](https://github.com/keitaroinc/ckanext-password-policy) | `5618dc9`|:heavy_check_mark: |:heavy_check_mark:| :heavy_check_mark: | CKAN extension that adds password policy for all the users. | ## :rocket: Usage