Skip to content

Commit

Permalink
Merge pull request #50 from tum-gis/release/2.0.0
Browse files Browse the repository at this point in the history
v2.0.0
  • Loading branch information
BWibo authored Nov 2, 2023
2 parents 0005ae2 + 5309a1d commit 7922f77
Show file tree
Hide file tree
Showing 6 changed files with 110 additions and 17 deletions.
35 changes: 33 additions & 2 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,36 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
For releases `< 1.0.0` minor version steps may indicate breaking changes too.

## [2.0.0] - 2023-11-02

### Breaking

- Added [ckanext-password-policy](https://github.com/keitaroinc/ckanext-password-policy/tree/montreal).
This may break existing installations. The default password policy settings are:

- `ckanext.password_policy.password_length=12`
- `ckanext.password_policy.failed_logins=3`
- `ckanext.password_policy.user_locked_time=600`

### Added

- Changed default basemap in map views, see ckan/ckanext-spatial#317
- Enabled new resource preview - [webpage view](webpage_view)

### Security

This release contains several security relevant changes and fixes.
The issues are discussed in #40.

- Updated dependencies in [ckanext-datesearch](https://github.com/tum-gis/ckanext-datesearch), tum-gis/ckanext-datesearch#1
- Several fixes in [ckanext-grouphierarchy-sddi](https://github.com/tum-gis/ckanext-grouphierarchy-sddi)
- Limit emails sent for the "Forgot your password?" function
- Added Cross-Site-Scripting protection

### Known issues

- Password's containing "@" are not accepted, see keitaroinc/ckanext-password-policy#6

## [1.2.0] - 2023-08-21

### Added
Expand Down Expand Up @@ -104,7 +134,7 @@ for production environments.**
- Added `CKAN_INI` env var for CKAN config.ini file path for better compatibility with
official CKAN images
- Set timezone using `TZ` env var
- Allow setting runtime base image with ` BASEIMAGE_REPOSITORY` build arg
- Allow setting runtime base image with `BASEIMAGE_REPOSITORY` build arg

### Changed

Expand Down Expand Up @@ -186,7 +216,8 @@ for production environments.**

### Known issues

[Unreleased]: https://github.com/tum-gis/ckan-docker/compare/1.2.0...HEAD
[Unreleased]: https://github.com/tum-gis/ckan-docker/compare/2.0.0...HEAD
[2.0.0]: https://github.com/tum-gis/ckan-docker/compare/1.2.0...2.0.0
[1.2.0]: https://github.com/tum-gis/ckan-docker/compare/1.1.3...1.2.0
[1.1.3]: https://github.com/tum-gis/ckan-docker/compare/1.1.2...1.1.3
[1.1.2]: https://github.com/tum-gis/ckan-docker/compare/1.1.1...1.1.2
Expand Down
11 changes: 6 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -179,18 +179,19 @@ are alway pinned to a stable release number or commit hash.
| Extension | Version | `sddi-base` | `sddi` | `sddi-social` | Description |
|---|---|:---:|:---:|:---:|---|
| [`scheming`](https://github.com/MarijaKnezevic/ckanext-scheming) | `5c30bba` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Configure and share CKAN dataset metadata forms. |
| [`scheming`](https://github.com/MarijaKnezevic/ckanext-scheming) | `8548240` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Configure and share CKAN dataset metadata forms. |
| [`hierarchy`](https://github.com/ckan/ckanext-hierarchy) | `v1.2.0` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Allows to organize organizations and groups in a hierarchy tree (nested groups/orgs). |
| [`grouphierarchysddi`](https://github.com/tum-gis/ckanext-grouphierarchy-sddi) | `1.1.2` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Extends `hierarchy` with pre-defined groups and topics of the SDDI concept. |
| [`relation`](https://github.com/tum-gis/ckanext-relation-sddi) | `1.0.2` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Enables to create and visualize different types of relations (*realated_to*, *depends_on*, *part_of*) between catalog entries. |
| [`spatial`](https://github.com/MarijaKnezevic/ckanext-spatial) | `90ba354` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Provides the ability to search for datasets according to a given spatial extent. |
| [`datesearch`](https://github.com/MarijaKnezevic/ckanext-datesearch) | `1.0.1` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Provides the ability to search for datasets according to a given time frame. The search includes all datasets, in which the time of validity overlaps in at least one second with the search time frame. |
| [`grouphierarchysddi`](https://github.com/tum-gis/ckanext-grouphierarchy-sddi) | `1.1.3` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Extends `hierarchy` with pre-defined groups and topics of the SDDI concept. |
| [`relation`](https://github.com/tum-gis/ckanext-relation-sddi) | `1.0.3` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Enables to create and visualize different types of relations (*realated_to*, *depends_on*, *part_of*) between catalog entries. |
| [`spatial`](https://github.com/MarijaKnezevic/ckanext-spatial) | `c2118b9` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Provides the ability to search for datasets according to a given spatial extent. |
| [`datesearch`](https://github.com/MarijaKnezevic/ckanext-datesearch) | `1.0.2` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Provides the ability to search for datasets according to a given time frame. The search includes all datasets, in which the time of validity overlaps in at least one second with the search time frame. |
| [`repeating`](https://github.com/MarijaKnezevic/ckanext-repeating) | `1.0.0` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | This extension provides a way to store repeating fields in CKAN datasets, resources, organizations and groups. |
| [`composite`](https://github.com/EnviDat/ckanext-composite) | `1e6d7bb` | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | The extension allows to store structured dataset metadata, single or multiple fields. Only one level of subfields is possible. The subfields can be basic text, date type or dropboxes. |
| [`restricted`](https://github.com/MarijaKnezevic/ckanext-restricted) | `1.0.0` | | :heavy_check_mark: | :heavy_check_mark: | CKAN extension to restrict the accessibility to the resources of a dataset. This way the package metadata is accesible but not the data itself (resource). The resource access restriction level can be individualy defined for every package. |
| [`dcat`](https://github.com/ckan/ckanext-dcat) | `v1.4.0` | | :heavy_check_mark: | :heavy_check_mark: | Allow CKAN to expose and consume metadata from other catalogs using RDF documents serialized using DCAT. |
| [`geoview`](https://github.com/ckan/ckanext-geoview) | `v0.0.20` | | :heavy_check_mark: | :heavy_check_mark: | This extension contains view plugins to display geospatial files and services in CKAN. |
| [`disqus`](https://github.com/ckan/ckanext-disqus) | | | | :heavy_check_mark: | The Disqus extension allows site visitors to comment on individual packages using an AJAX-based commenting system. The downsides of this plugin are that comments are not stored locally and user information is not shared between CKAN and the commenting system. |
| [`password_policy`](https://github.com/keitaroinc/ckanext-password-policy) | `5618dc9`|:heavy_check_mark: |:heavy_check_mark:| :heavy_check_mark: | CKAN extension that adds password policy for all the users. |

## :rocket: Usage

Expand Down
38 changes: 32 additions & 6 deletions sddi-base/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ RUN set -ex && \
ls -lah /wheels

# ckanext-grouphierarchy ######################################################
ARG CKANEXT_SDDI_VERSION="1.1.2"
ARG CKANEXT_SDDI_VERSION="1.1.3"
ENV CKANEXT_SDDI_VERSION=${CKANEXT_SDDI_VERSION}

RUN set -ex && \
Expand All @@ -37,7 +37,7 @@ RUN set -ex && \
ls -lah /wheels

# ckanext-relation ############################################################
ARG CKANEXT_RELATION_VERSION="1.0.2"
ARG CKANEXT_RELATION_VERSION="1.0.3"
ENV CKANEXT_RELATION_VERSION=${CKANEXT_RELATION_VERSION}

RUN set -ex && \
Expand All @@ -50,7 +50,7 @@ RUN set -ex && \
ls -lah /wheels

# ckanext-scheming ############################################################
ARG CKANEXT_SCHEMING_VERSION="5c30bba"
ARG CKANEXT_SCHEMING_VERSION="8548240"
ENV CKANEXT_SCHEMING_VERSION=${CKANEXT_SCHEMING_VERSION}
ENV CKANEXT_SCHEMING_GITHUB_URL="https://github.com/MarijaKnezevic/ckanext-scheming"

Expand All @@ -59,7 +59,7 @@ RUN set -ex && \
git+${CKANEXT_SCHEMING_GITHUB_URL}.git@${CKANEXT_SCHEMING_VERSION}#egg=ckanext-scheming

# ckanext datesearch ##########################################################
ARG CKANEXT_DATESEARCH_VERSION="1.0.1"
ARG CKANEXT_DATESEARCH_VERSION="1.0.2"
ENV CKANEXT_DATESEARCH_VERSION=${CKANEXT_DATESEARCH_VERSION}
ENV CKANEXT_DATESEARCH_VERSION_GITHUB_URL="https://github.com/MarijaKnezevic/ckanext-datesearch"

Expand Down Expand Up @@ -87,10 +87,23 @@ RUN set -ex && \
pip wheel --wheel-dir=/wheels \
git+${CKANEXT_REPEATING_GITHUB_URL}.git@${CKANEXT_REPEATING_VERSION}#egg=ckanext-repeating

# ckanext-password-policy #####################################################
ARG CKANEXT_PASSWORD_POLICY_VERSION="5618dc9"
ENV CKANEXT_PASSWORD_POLICY_VERSION=${CKANEXT_PASSWORD_POLICY_VERSION}
ENV CKANEXT_PASSWORD_POLICY_GITHUB_URL="https://github.com/keitaroinc/ckanext-password-policy"

RUN set -ex && \
pip install -r \
https://raw.githubusercontent.com/keitaroinc/ckanext-password-policy/${CKANEXT_PASSWORD_POLICY_VERSION}/requirements.txt && \
curl -o /wheels/ckanext-password-policy.txt \
https://raw.githubusercontent.com/keitaroinc/ckanext-password-policy/${CKANEXT_PASSWORD_POLICY_VERSION}/requirements.txt && \
pip wheel --wheel-dir=/wheels \
git+${CKANEXT_PASSWORD_POLICY_GITHUB_URL}.git@${CKANEXT_PASSWORD_POLICY_VERSION}#egg=ckanext-password-policy

# ckanext-spatial #############################################################
FROM ghcr.io/keitaroinc/ckan:${CKAN_VERSION_BUILD_SPATIAL} as extbuild-spatial

ARG CKANEXT_SPATIAL_VERSION="90ba354"
ARG CKANEXT_SPATIAL_VERSION="c2118b9"
ENV CKANEXT_SPATIAL_VERSION=${CKANEXT_SPATIAL_VERSION}

USER root
Expand Down Expand Up @@ -121,9 +134,10 @@ RUN set -ex && \
###############################################################################
FROM ghcr.io/keitaroinc/ckan:${CKAN_VERSION_RUNTIME_STAGE} as runtime

ENV CKAN__PLUGINS "image_view text_view recline_view datastore datapusher \
ENV CKAN__PLUGINS "image_view text_view recline_view webpage_view datastore datapusher \
hierarchy_display hierarchy_form display_group relation \
spatial_metadata spatial_query datesearch repeating composite scheming_datasets \
password_policy \
envvars"

# Extra env for compatibility with ckan/base Docker images for downstream k8s
Expand Down Expand Up @@ -182,8 +196,14 @@ RUN set -ex && \
RUN set -ex && \
pip install --no-index --find-links=${APP_DIR}/ext_wheels ckanext-repeating

# ckanext-password-policy #####################################################
RUN set -ex && \
pip install -r ${APP_DIR}/ext_wheels/ckanext-password-policy.txt && \
pip install --no-index --find-links=${APP_DIR}/ext_wheels ckanext-password-policy

# Copy init scripts and additional files
COPY --chown=ckan:ckan initScripts/ ${APP_DIR}/docker-afterinit.d
COPY --chown=ckan:ckan who.ini ${APP_DIR}/who.ini

RUN set -ex && \
ckan config-tool "${CKAN_INI}" "ckan.plugins = ${CKAN__PLUGINS}" && \
Expand All @@ -193,6 +213,12 @@ RUN set -ex && \
ckan config-tool "${CKAN_INI}" "scheming.presets = ckanext.scheming:presets.json ckanext.repeating:presets.json ckanext.composite:presets.json" && \
ckan config-tool "${CKAN_INI}" "scheming.dataset_fallback = false" && \
ckan config-tool "${CKAN_INI}" "licenses_group_url = https://raw.githubusercontent.com/tum-gis/ckanext-grouphierarchy-sddi/main/ckanext/grouphierarchy/licenses_SDDI.json" && \
ckan config-tool "${CKAN_INI}" "ckanext.password_policy.password_length = 12" && \
ckan config-tool "${CKAN_INI}" "ckanext.password_policy.failed_logins = 3" && \
ckan config-tool "${CKAN_INI}" "ckanext.password_policy.user_locked_time = 600" && \
ckan config-tool "${CKAN_INI}" "ckanext.spatial.common_map.type = custom" && \
ckan config-tool "${CKAN_INI}" "ckanext.spatial.common_map.custom.url = https://tile.openstreetmap.de/{z}/{x}/{y}.png" && \
ckan config-tool "${CKAN_INI}" "ckanext.spatial.common_map.attribution = <a href="https://www.openstreetmap.org/copyright">OpenStreetMap</a> contributors." && \
echo "${TZ}" > /etc/timezone && \
mkdir -p ${CKAN_STORAGE_PATH} && \
chown -R ckan:ckan ${APP_DIR} ${CKAN_STORAGE_PATH} && \
Expand Down
35 changes: 35 additions & 0 deletions sddi-base/who.ini
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
[plugin:auth_tkt]
use = ckan.lib.repoze_plugins.auth_tkt:make_plugin
# If no secret key is defined here, beaker.session.secret will be used
#secret = somesecret

# [plugin:friendlyform]
# use = ckan.lib.repoze_plugins.friendly_form:FriendlyFormPlugin

[plugin:friendlyform]
use = ckanext.password_policy.views:FriendlyFormPlugin_
login_form_url= /user/login
login_handler_path = /login_generic
logout_handler_path = /user/logout
rememberer_name = auth_tkt
post_login_url = /user/logged_in
post_logout_url = /user/logged_out
charset = utf-8

[general]
request_classifier = repoze.who.classifiers:default_request_classifier
challenge_decider = repoze.who.classifiers:default_challenge_decider

[identifiers]
plugins =
friendlyform;browser
auth_tkt

[authenticators]
plugins =
auth_tkt
ckan.lib.authenticator:UsernamePasswordAuthenticator

[challengers]
plugins =
friendlyform;browser
4 changes: 2 additions & 2 deletions sddi-social/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,10 @@ FROM ${BASEIMAGE_REPOSITORY}:${BASEIMAGE_VERSION} as runtime

USER root

ENV CKAN__PLUGINS "image_view text_view recline_view datastore datapusher \
ENV CKAN__PLUGINS "image_view text_view recline_view webpage_view datastore datapusher \
hierarchy_display hierarchy_form display_group relation \
spatial_metadata spatial_query datesearch repeating composite scheming_datasets \
resource_proxy geo_view geojson_view wmts_view shp_view \
password_policy resource_proxy geo_view geojson_view wmts_view shp_view \
dcat dcat_json_interface structured_data \
restricted \
disqus \
Expand Down
4 changes: 2 additions & 2 deletions sddi/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -52,10 +52,10 @@ FROM ${BASEIMAGE_REPOSITORY}:${BASEIMAGE_VERSION} as runtime

USER root

ENV CKAN__PLUGINS "image_view text_view recline_view datastore datapusher \
ENV CKAN__PLUGINS "image_view text_view recline_view webpage_view datastore datapusher \
hierarchy_display hierarchy_form display_group relation \
spatial_metadata spatial_query datesearch repeating composite scheming_datasets \
resource_proxy geo_view geojson_view wmts_view shp_view \
password_policy resource_proxy geo_view geojson_view wmts_view shp_view \
dcat dcat_json_interface structured_data \
restricted \
envvars"
Expand Down

0 comments on commit 7922f77

Please sign in to comment.