Release for twinby masterkatalog

CHANGELOG.md

@@ -6,6 +6,24 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 For releases `< 1.0.0` minor version steps may indicate breaking changes too.
 
+## [1.2.2-twinby-master] - 2023-10-14
+
+### Added
+- This version is just for purpose of the master catalog in [TwinBy](https://www.twinby.bayern/de/startseite) Project.
+  - in this version upload option is disabled
+
+## [1.2.1] - 2023-10-14
+
+### Fixed
+- Upstream bugfix for pentest in [ckanext-datesearch](https://github.com/tum-gis/ckanext-datesearch) extension tum-gis/ckanext-datesearch/issues/1
+- Upstream bugfix for pentest in [ckanext-grouphierarchy-sddi](https://github.com/tum-gis/ckanext-grouphierarchy-sddi) extension tum-gis/ckan-docker/pull/40
+    - Reducing the number of emails sent for the "Forgot your password?" function
+    - Cross-Site-Scripting problems mentioned [here](https://github.com/tum-gis/ckan-docker/pull/40)
+
+### Added
+- other other default basemap since the default basemap used in v1.2.0 is not going to be supported anymore ckan/ckanext-spatial/issues/317
+
+
 ## [1.2.0] - 2023-08-21
 
 ### Changed
@@ -175,6 +193,8 @@ for production environments.**
 ### Known issues
 
 [Unreleased]: https://github.com/tum-gis/ckan-docker/compare/1.2.0...HEAD
+[1.2.2-twinby-master]: https://github.com/tum-gis/ckan-docker/compare/1.2.1...1.2.2-twinby-master
+[1.2.1]: https://github.com/tum-gis/ckan-docker/compare/1.2.0...1.2.1
 [1.2.0]: https://github.com/tum-gis/ckan-docker/compare/1.1.3...1.2.0
 [1.1.3]: https://github.com/tum-gis/ckan-docker/compare/1.1.2...1.1.3
 [1.1.2]: https://github.com/tum-gis/ckan-docker/compare/1.1.1...1.1.2

README.md

@@ -169,18 +169,19 @@ are alway pinned to a stable release number or commit hash.
 
 | Extension | Version | `sddi-base` | `sddi` | `sddi-social` | Description |
 |---|---|:---:|:---:|:---:|---|
-| [`scheming`](https://github.com/MarijaKnezevic/ckanext-scheming) | `5c30bba` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Configure and share CKAN dataset metadata forms. |
+| [`scheming`](https://github.com/MarijaKnezevic/ckanext-scheming) | `8548240` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Configure and share CKAN dataset metadata forms. |
 | [`hierarchy`](https://github.com/ckan/ckanext-hierarchy) | `v1.2.0` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Allows to organize organizations and groups in a hierarchy tree (nested groups/orgs). |
-| [`grouphierarchysddi`](https://github.com/tum-gis/ckanext-grouphierarchy-sddi) |  `1.1.2` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Extends `hierarchy` with pre-defined groups and topics of the SDDI concept. |
+| [`grouphierarchysddi`](https://github.com/tum-gis/ckanext-grouphierarchy-sddi) |  `1.1.3` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Extends `hierarchy` with pre-defined groups and topics of the SDDI concept. |
 | [`relation`](https://github.com/tum-gis/ckanext-relation-sddi) | `1.0.2` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Enables to create and visualize different types of relations (*realated_to*, *depends_on*, *part_of*) between catalog entries. |
-| [`spatial`](https://github.com/MarijaKnezevic/ckanext-spatial) | `90ba354` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Provides the ability to search for datasets according to a given spatial extent. |
-| [`datesearch`](https://github.com/MarijaKnezevic/ckanext-datesearch) | `1.0.1` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Provides the ability to search for datasets according to a given time frame. The search includes all datasets, in which the time of validity overlaps in at least one second with the search time frame. |
+| [`spatial`](https://github.com/MarijaKnezevic/ckanext-spatial) | `c2118b9` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Provides the ability to search for datasets according to a given spatial extent. |
+| [`datesearch`](https://github.com/MarijaKnezevic/ckanext-datesearch) | `1.0.2` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Provides the ability to search for datasets according to a given time frame. The search includes all datasets, in which the time of validity overlaps in at least one second with the search time frame. |
 | [`repeating`](https://github.com/MarijaKnezevic/ckanext-repeating) | `1.0.0` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | This extension provides a way to store repeating fields in CKAN datasets, resources, organizations and groups. |
 | [`composite`](https://github.com/EnviDat/ckanext-composite) | `1e6d7bb` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | The extension allows to store structured dataset metadata, single or multiple fields. Only one level of subfields is possible. The subfields can be basic text, date type or dropboxes. |
 | [`restricted`](https://github.com/MarijaKnezevic/ckanext-restricted) | `1.0.0` |  | :heavy_check_mark: | :heavy_check_mark: | CKAN extension to restrict the accessibility to the resources of a dataset. This way the package metadata is accesible but not the data itself (resource). The resource access restriction level can be individualy defined for every package. |
 | [`dcat`](https://github.com/ckan/ckanext-dcat) | `v1.4.0` |  | :heavy_check_mark: | :heavy_check_mark: | Allow CKAN to expose and consume metadata from other catalogs using RDF documents serialized using DCAT. |
 | [`geoview`](https://github.com/ckan/ckanext-geoview) | `v0.0.20` |  | :heavy_check_mark: | :heavy_check_mark: | This extension contains view plugins to display geospatial files and services in CKAN. |
 | [`disqus`](https://github.com/ckan/ckanext-disqus) |  |  |  | :heavy_check_mark: | The Disqus extension allows site visitors to comment on individual packages using an AJAX-based commenting system. The downsides of this plugin are that comments are not stored locally and user information is not shared between CKAN and the commenting system. |
+| [`password_policy`](https://github.com/keitaroinc/ckanext-password-policy") | `master`|:heavy_check_mark:  |:heavy_check_mark:| :heavy_check_mark: | CKAN extension that adds password policy for all the users. |
 
 ## :rocket: Usage
 

sddi-base/Dockerfile

@@ -24,7 +24,7 @@ RUN set -ex && \
   ls -lah /wheels
 
 # ckanext-grouphierarchy ######################################################
-ARG CKANEXT_SDDI_VERSION="1.1.2"
+ARG CKANEXT_SDDI_VERSION="1.1.3"
 ENV CKANEXT_SDDI_VERSION=${CKANEXT_SDDI_VERSION}
 
 RUN set -ex && \
@@ -50,7 +50,7 @@ RUN set -ex && \
   ls -lah /wheels
 
 # ckanext-scheming ############################################################
-ARG CKANEXT_SCHEMING_VERSION="5c30bba"
+ARG CKANEXT_SCHEMING_VERSION="8548240"
 ENV CKANEXT_SCHEMING_VERSION=${CKANEXT_SCHEMING_VERSION}
 ENV CKANEXT_SCHEMING_GITHUB_URL="https://github.com/MarijaKnezevic/ckanext-scheming"
 
@@ -59,7 +59,7 @@ RUN set -ex && \
     git+${CKANEXT_SCHEMING_GITHUB_URL}.git@${CKANEXT_SCHEMING_VERSION}#egg=ckanext-scheming
 
 # ckanext datesearch ##########################################################
-ARG CKANEXT_DATESEARCH_VERSION="1.0.1"
+ARG CKANEXT_DATESEARCH_VERSION="1.0.2"
 ENV CKANEXT_DATESEARCH_VERSION=${CKANEXT_DATESEARCH_VERSION}
 ENV CKANEXT_DATESEARCH_VERSION_GITHUB_URL="https://github.com/MarijaKnezevic/ckanext-datesearch"
 
@@ -87,10 +87,22 @@ RUN set -ex && \
   pip wheel --wheel-dir=/wheels \
     git+${CKANEXT_REPEATING_GITHUB_URL}.git@${CKANEXT_REPEATING_VERSION}#egg=ckanext-repeating
 
+# ckanext-password-policy #####################################################
+ARG CKANEXT_PASSWORD_POLICY_VERSION="master"
+ENV CKANEXT_PASSWORD_POLICY_VERSION=${CKANEXT_PASSWORD_POLICY_VERSION}
+ENV CKANEXT_PASSWORD_POLICY_GITHUB_URL="https://github.com/keitaroinc/ckanext-password-policy"
+RUN set -ex && \
+  pip install -r \
+    https://raw.githubusercontent.com/keitaroinc/ckanext-password-policy/${CKANEXT_PASSWORD_POLICY_VERSION}/requirements.txt && \
+  curl -o /wheels/ckanext-password-policy.txt \
+    https://raw.githubusercontent.com/keitaroinc/ckanext-password-policy/${CKANEXT_PASSWORD_POLICY_VERSION}/requirements.txt && \
+  pip wheel --wheel-dir=/wheels \
+    git+${CKANEXT_PASSWORD_POLICY_GITHUB_URL}.git@${CKANEXT_PASSWORD_POLICY_VERSION}#egg=ckanext-password-policy
+
 # ckanext-spatial #############################################################
 FROM ghcr.io/keitaroinc/ckan:${CKAN_VERSION_BUILD_SPATIAL} as extbuild-spatial
 
-ARG CKANEXT_SPATIAL_VERSION="90ba354"
+ARG CKANEXT_SPATIAL_VERSION="c2118b9"
 ENV CKANEXT_SPATIAL_VERSION=${CKANEXT_SPATIAL_VERSION}
 
 USER root
@@ -123,7 +135,7 @@ FROM ghcr.io/keitaroinc/ckan:${CKAN_VERSION_RUNTIME_STAGE} as runtime
 
 ENV CKAN__PLUGINS "image_view text_view recline_view datastore datapusher \
   hierarchy_display hierarchy_form display_group relation \
-  spatial_metadata spatial_query datesearch repeating composite scheming_datasets \
+  spatial_metadata spatial_query datesearch repeating composite scheming_datasets password_policy \
   envvars"
 
 # Extra env for compatibility with ckan/base Docker images for downstream k8s
@@ -182,8 +194,14 @@ RUN set -ex && \
 RUN set -ex && \
   pip install --no-index --find-links=${APP_DIR}/ext_wheels ckanext-repeating
 
+# ckanext-password-policy #####################################################
+RUN set -ex && \
+  pip install -r ${APP_DIR}/ext_wheels/ckanext-password-policy.txt && \
+  pip install --no-index --find-links=${APP_DIR}/ext_wheels ckanext-password-policy
+
 # Copy init scripts and additional files
 COPY --chown=ckan:ckan initScripts/ ${APP_DIR}/docker-afterinit.d
+COPY --chown=ckan:ckan who.ini ${APP_DIR}/who.ini
 
 RUN set -ex && \
   ckan config-tool "${CKAN_INI}" "ckan.plugins = ${CKAN__PLUGINS}" && \
@@ -193,6 +211,10 @@ RUN set -ex && \
   ckan config-tool "${CKAN_INI}" "scheming.presets = ckanext.scheming:presets.json ckanext.repeating:presets.json ckanext.composite:presets.json" && \
   ckan config-tool "${CKAN_INI}" "scheming.dataset_fallback = false" && \
   ckan config-tool "${CKAN_INI}" "licenses_group_url = https://raw.githubusercontent.com/tum-gis/ckanext-grouphierarchy-sddi/main/ckanext/grouphierarchy/licenses_SDDI.json" && \
+  ckan config-tool "${CKAN_INI}" "ckan.password_policy.password_length = 12" && \
+  ckan config-tool "${CKAN_INI}" "ckan.password_policy.failed_logins = 3" && \
+  ckan config-tool "${CKAN_INI}" "ckan.password_policy.user_locked_time = 600" && \
+  ckan config-tool "${CKAN_INI}" "ckan.max_resource_size = 0" && \
   echo "${TZ}" > /etc/timezone && \
   mkdir -p ${CKAN_STORAGE_PATH} && \
   chown -R ckan:ckan ${APP_DIR} ${CKAN_STORAGE_PATH} && \

sddi-base/who.ini

@@ -0,0 +1,35 @@
+[plugin:auth_tkt]
+use = ckan.lib.repoze_plugins.auth_tkt:make_plugin
+# If no secret key is defined here, beaker.session.secret will be used
+#secret = somesecret
+
+# [plugin:friendlyform]
+# use = ckan.lib.repoze_plugins.friendly_form:FriendlyFormPlugin
+
+[plugin:friendlyform]
+use = ckanext.password_policy.views:FriendlyFormPlugin_
+login_form_url= /user/login
+login_handler_path = /login_generic
+logout_handler_path = /user/logout
+rememberer_name = auth_tkt
+post_login_url = /user/logged_in
+post_logout_url = /user/logged_out
+charset = utf-8
+
+[general]
+request_classifier = repoze.who.classifiers:default_request_classifier
+challenge_decider = repoze.who.classifiers:default_challenge_decider
+
+[identifiers]
+plugins =
+    friendlyform;browser
+    auth_tkt
+
+[authenticators]
+plugins =
+    auth_tkt
+    ckan.lib.authenticator:UsernamePasswordAuthenticator
+
+[challengers]
+plugins =
+    friendlyform;browser

sddi-social/Dockerfile

@@ -29,7 +29,7 @@ USER root
 ENV CKAN__PLUGINS "image_view text_view recline_view datastore datapusher \
   hierarchy_display hierarchy_form display_group relation \
   spatial_metadata spatial_query datesearch repeating composite scheming_datasets \
-  resource_proxy geo_view geojson_view wmts_view shp_view \
+  password_policy resource_proxy geo_view geojson_view wmts_view shp_view \
   dcat dcat_json_interface structured_data \
   restricted \
   disqus \

sddi/Dockerfile

@@ -55,7 +55,7 @@ USER root
 ENV CKAN__PLUGINS "image_view text_view recline_view datastore datapusher \
   hierarchy_display hierarchy_form display_group relation \
   spatial_metadata spatial_query datesearch repeating composite scheming_datasets \
-  resource_proxy geo_view geojson_view wmts_view shp_view \
+  password_policy resource_proxy geo_view geojson_view wmts_view shp_view \
   dcat dcat_json_interface structured_data \
   restricted \
   envvars"