diff --git a/CHANGELOG.md b/CHANGELOG.md index 8eef97c..ef5e540 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,24 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). For releases `< 1.0.0` minor version steps may indicate breaking changes too. +## [1.2.2-twinby-master] - 2023-10-14 + +### Added +- This version is just for purpose of the master catalog in [TwinBy](https://www.twinby.bayern/de/startseite) Project. + - in this version upload option is disabled + +## [1.2.1] - 2023-10-14 + +### Fixed +- Upstream bugfix for pentest in [ckanext-datesearch](https://github.com/tum-gis/ckanext-datesearch) extension tum-gis/ckanext-datesearch/issues/1 +- Upstream bugfix for pentest in [ckanext-grouphierarchy-sddi](https://github.com/tum-gis/ckanext-grouphierarchy-sddi) extension tum-gis/ckan-docker/pull/40 + - Reducing the number of emails sent for the "Forgot your password?" function + - Cross-Site-Scripting problems mentioned [here](https://github.com/tum-gis/ckan-docker/pull/40) + +### Added +- other other default basemap since the default basemap used in v1.2.0 is not going to be supported anymore ckan/ckanext-spatial/issues/317 + + ## [1.2.0] - 2023-08-21 ### Changed @@ -175,6 +193,8 @@ for production environments.** ### Known issues [Unreleased]: https://github.com/tum-gis/ckan-docker/compare/1.2.0...HEAD +[1.2.2-twinby-master]: https://github.com/tum-gis/ckan-docker/compare/1.2.1...1.2.2-twinby-master +[1.2.1]: https://github.com/tum-gis/ckan-docker/compare/1.2.0...1.2.1 [1.2.0]: https://github.com/tum-gis/ckan-docker/compare/1.1.3...1.2.0 [1.1.3]: https://github.com/tum-gis/ckan-docker/compare/1.1.2...1.1.3 [1.1.2]: https://github.com/tum-gis/ckan-docker/compare/1.1.1...1.1.2 diff --git a/README.md b/README.md index 9ea1d58..442d22a 100644 --- a/README.md +++ b/README.md @@ -169,18 +169,19 @@ are alway pinned to a stable release number or commit hash. | Extension | Version | `sddi-base` | `sddi` | `sddi-social` | Description | |---|---|:---:|:---:|:---:|---| -| [`scheming`](https://github.com/MarijaKnezevic/ckanext-scheming) | `5c30bba` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Configure and share CKAN dataset metadata forms. | +| [`scheming`](https://github.com/MarijaKnezevic/ckanext-scheming) | `8548240` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Configure and share CKAN dataset metadata forms. | | [`hierarchy`](https://github.com/ckan/ckanext-hierarchy) | `v1.2.0` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Allows to organize organizations and groups in a hierarchy tree (nested groups/orgs). | -| [`grouphierarchysddi`](https://github.com/tum-gis/ckanext-grouphierarchy-sddi) | `1.1.2` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Extends `hierarchy` with pre-defined groups and topics of the SDDI concept. | +| [`grouphierarchysddi`](https://github.com/tum-gis/ckanext-grouphierarchy-sddi) | `1.1.3` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Extends `hierarchy` with pre-defined groups and topics of the SDDI concept. | | [`relation`](https://github.com/tum-gis/ckanext-relation-sddi) | `1.0.2` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Enables to create and visualize different types of relations (*realated_to*, *depends_on*, *part_of*) between catalog entries. | -| [`spatial`](https://github.com/MarijaKnezevic/ckanext-spatial) | `90ba354` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Provides the ability to search for datasets according to a given spatial extent. | -| [`datesearch`](https://github.com/MarijaKnezevic/ckanext-datesearch) | `1.0.1` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Provides the ability to search for datasets according to a given time frame. The search includes all datasets, in which the time of validity overlaps in at least one second with the search time frame. | +| [`spatial`](https://github.com/MarijaKnezevic/ckanext-spatial) | `c2118b9` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Provides the ability to search for datasets according to a given spatial extent. | +| [`datesearch`](https://github.com/MarijaKnezevic/ckanext-datesearch) | `1.0.2` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Provides the ability to search for datasets according to a given time frame. The search includes all datasets, in which the time of validity overlaps in at least one second with the search time frame. | | [`repeating`](https://github.com/MarijaKnezevic/ckanext-repeating) | `1.0.0` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | This extension provides a way to store repeating fields in CKAN datasets, resources, organizations and groups. | | [`composite`](https://github.com/EnviDat/ckanext-composite) | `1e6d7bb` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | The extension allows to store structured dataset metadata, single or multiple fields. Only one level of subfields is possible. The subfields can be basic text, date type or dropboxes. | | [`restricted`](https://github.com/MarijaKnezevic/ckanext-restricted) | `1.0.0` | | :heavy_check_mark: | :heavy_check_mark: | CKAN extension to restrict the accessibility to the resources of a dataset. This way the package metadata is accesible but not the data itself (resource). The resource access restriction level can be individualy defined for every package. | | [`dcat`](https://github.com/ckan/ckanext-dcat) | `v1.4.0` | | :heavy_check_mark: | :heavy_check_mark: | Allow CKAN to expose and consume metadata from other catalogs using RDF documents serialized using DCAT. | | [`geoview`](https://github.com/ckan/ckanext-geoview) | `v0.0.20` | | :heavy_check_mark: | :heavy_check_mark: | This extension contains view plugins to display geospatial files and services in CKAN. | | [`disqus`](https://github.com/ckan/ckanext-disqus) | | | | :heavy_check_mark: | The Disqus extension allows site visitors to comment on individual packages using an AJAX-based commenting system. The downsides of this plugin are that comments are not stored locally and user information is not shared between CKAN and the commenting system. | +| [`password_policy`](https://github.com/keitaroinc/ckanext-password-policy") | `master`|:heavy_check_mark: |:heavy_check_mark:| :heavy_check_mark: | CKAN extension that adds password policy for all the users. | ## :rocket: Usage diff --git a/sddi-base/Dockerfile b/sddi-base/Dockerfile index 57f0e71..a8038f9 100644 --- a/sddi-base/Dockerfile +++ b/sddi-base/Dockerfile @@ -24,7 +24,7 @@ RUN set -ex && \ ls -lah /wheels # ckanext-grouphierarchy ###################################################### -ARG CKANEXT_SDDI_VERSION="1.1.2" +ARG CKANEXT_SDDI_VERSION="1.1.3" ENV CKANEXT_SDDI_VERSION=${CKANEXT_SDDI_VERSION} RUN set -ex && \ @@ -50,7 +50,7 @@ RUN set -ex && \ ls -lah /wheels # ckanext-scheming ############################################################ -ARG CKANEXT_SCHEMING_VERSION="5c30bba" +ARG CKANEXT_SCHEMING_VERSION="8548240" ENV CKANEXT_SCHEMING_VERSION=${CKANEXT_SCHEMING_VERSION} ENV CKANEXT_SCHEMING_GITHUB_URL="https://github.com/MarijaKnezevic/ckanext-scheming" @@ -59,7 +59,7 @@ RUN set -ex && \ git+${CKANEXT_SCHEMING_GITHUB_URL}.git@${CKANEXT_SCHEMING_VERSION}#egg=ckanext-scheming # ckanext datesearch ########################################################## -ARG CKANEXT_DATESEARCH_VERSION="1.0.1" +ARG CKANEXT_DATESEARCH_VERSION="1.0.2" ENV CKANEXT_DATESEARCH_VERSION=${CKANEXT_DATESEARCH_VERSION} ENV CKANEXT_DATESEARCH_VERSION_GITHUB_URL="https://github.com/MarijaKnezevic/ckanext-datesearch" @@ -87,10 +87,22 @@ RUN set -ex && \ pip wheel --wheel-dir=/wheels \ git+${CKANEXT_REPEATING_GITHUB_URL}.git@${CKANEXT_REPEATING_VERSION}#egg=ckanext-repeating +# ckanext-password-policy ##################################################### +ARG CKANEXT_PASSWORD_POLICY_VERSION="master" +ENV CKANEXT_PASSWORD_POLICY_VERSION=${CKANEXT_PASSWORD_POLICY_VERSION} +ENV CKANEXT_PASSWORD_POLICY_GITHUB_URL="https://github.com/keitaroinc/ckanext-password-policy" +RUN set -ex && \ + pip install -r \ + https://raw.githubusercontent.com/keitaroinc/ckanext-password-policy/${CKANEXT_PASSWORD_POLICY_VERSION}/requirements.txt && \ + curl -o /wheels/ckanext-password-policy.txt \ + https://raw.githubusercontent.com/keitaroinc/ckanext-password-policy/${CKANEXT_PASSWORD_POLICY_VERSION}/requirements.txt && \ + pip wheel --wheel-dir=/wheels \ + git+${CKANEXT_PASSWORD_POLICY_GITHUB_URL}.git@${CKANEXT_PASSWORD_POLICY_VERSION}#egg=ckanext-password-policy + # ckanext-spatial ############################################################# FROM ghcr.io/keitaroinc/ckan:${CKAN_VERSION_BUILD_SPATIAL} as extbuild-spatial -ARG CKANEXT_SPATIAL_VERSION="90ba354" +ARG CKANEXT_SPATIAL_VERSION="c2118b9" ENV CKANEXT_SPATIAL_VERSION=${CKANEXT_SPATIAL_VERSION} USER root @@ -123,7 +135,7 @@ FROM ghcr.io/keitaroinc/ckan:${CKAN_VERSION_RUNTIME_STAGE} as runtime ENV CKAN__PLUGINS "image_view text_view recline_view datastore datapusher \ hierarchy_display hierarchy_form display_group relation \ - spatial_metadata spatial_query datesearch repeating composite scheming_datasets \ + spatial_metadata spatial_query datesearch repeating composite scheming_datasets password_policy \ envvars" # Extra env for compatibility with ckan/base Docker images for downstream k8s @@ -182,8 +194,14 @@ RUN set -ex && \ RUN set -ex && \ pip install --no-index --find-links=${APP_DIR}/ext_wheels ckanext-repeating +# ckanext-password-policy ##################################################### +RUN set -ex && \ + pip install -r ${APP_DIR}/ext_wheels/ckanext-password-policy.txt && \ + pip install --no-index --find-links=${APP_DIR}/ext_wheels ckanext-password-policy + # Copy init scripts and additional files COPY --chown=ckan:ckan initScripts/ ${APP_DIR}/docker-afterinit.d +COPY --chown=ckan:ckan who.ini ${APP_DIR}/who.ini RUN set -ex && \ ckan config-tool "${CKAN_INI}" "ckan.plugins = ${CKAN__PLUGINS}" && \ @@ -193,6 +211,10 @@ RUN set -ex && \ ckan config-tool "${CKAN_INI}" "scheming.presets = ckanext.scheming:presets.json ckanext.repeating:presets.json ckanext.composite:presets.json" && \ ckan config-tool "${CKAN_INI}" "scheming.dataset_fallback = false" && \ ckan config-tool "${CKAN_INI}" "licenses_group_url = https://raw.githubusercontent.com/tum-gis/ckanext-grouphierarchy-sddi/main/ckanext/grouphierarchy/licenses_SDDI.json" && \ + ckan config-tool "${CKAN_INI}" "ckan.password_policy.password_length = 12" && \ + ckan config-tool "${CKAN_INI}" "ckan.password_policy.failed_logins = 3" && \ + ckan config-tool "${CKAN_INI}" "ckan.password_policy.user_locked_time = 600" && \ + ckan config-tool "${CKAN_INI}" "ckan.max_resource_size = 0" && \ echo "${TZ}" > /etc/timezone && \ mkdir -p ${CKAN_STORAGE_PATH} && \ chown -R ckan:ckan ${APP_DIR} ${CKAN_STORAGE_PATH} && \ diff --git a/sddi-base/who.ini b/sddi-base/who.ini new file mode 100644 index 0000000..a366543 --- /dev/null +++ b/sddi-base/who.ini @@ -0,0 +1,35 @@ +[plugin:auth_tkt] +use = ckan.lib.repoze_plugins.auth_tkt:make_plugin +# If no secret key is defined here, beaker.session.secret will be used +#secret = somesecret + +# [plugin:friendlyform] +# use = ckan.lib.repoze_plugins.friendly_form:FriendlyFormPlugin + +[plugin:friendlyform] +use = ckanext.password_policy.views:FriendlyFormPlugin_ +login_form_url= /user/login +login_handler_path = /login_generic +logout_handler_path = /user/logout +rememberer_name = auth_tkt +post_login_url = /user/logged_in +post_logout_url = /user/logged_out +charset = utf-8 + +[general] +request_classifier = repoze.who.classifiers:default_request_classifier +challenge_decider = repoze.who.classifiers:default_challenge_decider + +[identifiers] +plugins = + friendlyform;browser + auth_tkt + +[authenticators] +plugins = + auth_tkt + ckan.lib.authenticator:UsernamePasswordAuthenticator + +[challengers] +plugins = + friendlyform;browser diff --git a/sddi-social/Dockerfile b/sddi-social/Dockerfile index 3d3a8c6..fed58d9 100644 --- a/sddi-social/Dockerfile +++ b/sddi-social/Dockerfile @@ -29,7 +29,7 @@ USER root ENV CKAN__PLUGINS "image_view text_view recline_view datastore datapusher \ hierarchy_display hierarchy_form display_group relation \ spatial_metadata spatial_query datesearch repeating composite scheming_datasets \ - resource_proxy geo_view geojson_view wmts_view shp_view \ + password_policy resource_proxy geo_view geojson_view wmts_view shp_view \ dcat dcat_json_interface structured_data \ restricted \ disqus \ diff --git a/sddi/Dockerfile b/sddi/Dockerfile index 69e444a..06fcf64 100644 --- a/sddi/Dockerfile +++ b/sddi/Dockerfile @@ -55,7 +55,7 @@ USER root ENV CKAN__PLUGINS "image_view text_view recline_view datastore datapusher \ hierarchy_display hierarchy_form display_group relation \ spatial_metadata spatial_query datesearch repeating composite scheming_datasets \ - resource_proxy geo_view geojson_view wmts_view shp_view \ + password_policy resource_proxy geo_view geojson_view wmts_view shp_view \ dcat dcat_json_interface structured_data \ restricted \ envvars"