add banned password list to the default deployments

2026-02-05 11:38:50 -06:00 · 2023-11-22 15:24:24 +01:00
parent 90f186a3d0
commit 5c549469f8
13 changed files with 54 additions and 1 deletions
--- a/changelog/unreleased/add-banned-list-to-deployements.md
+++ b/changelog/unreleased/add-banned-list-to-deployements.md
@@ -0,0 +1,6 @@
+Enhancement: Add banned password list to the default deployments
+
+We add banned password list to the default deployments
+
+https://github.com/owncloud/ocis/pull/7784
+https://github.com/owncloud/ocis/issues/7724
--- a/deployments/examples/oc10_ocis_parallel/config/ocis/banned-password-list.txt
+++ b/deployments/examples/oc10_ocis_parallel/config/ocis/banned-password-list.txt
@@ -0,0 +1,5 @@
+password
+12345678
+123
+ownCloud
+ownCloud-1
--- a/deployments/examples/oc10_ocis_parallel/docker-compose.yml
+++ b/deployments/examples/oc10_ocis_parallel/docker-compose.yml
@@ -124,7 +124,10 @@ services:
      OCIS_INSECURE: "${INSECURE:-false}"
      # basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect)
      PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}"
+      # password policies
+      FRONTEND_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: "banned-password-list.txt"
    volumes:
+      - ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt
      - ./config/ocis/proxy.yaml:/etc/ocis/proxy.yaml
      - ocis-config:/etc/ocis
      - ocis-data:/var/lib/ocis
--- a/deployments/examples/ocis_hello/config/ocis/banned-password-list.txt
+++ b/deployments/examples/ocis_hello/config/ocis/banned-password-list.txt
@@ -0,0 +1,5 @@
+password
+12345678
+123
+ownCloud
+ownCloud-1
--- a/deployments/examples/ocis_hello/docker-compose.yml
+++ b/deployments/examples/ocis_hello/docker-compose.yml
@@ -71,7 +71,10 @@ services:
      IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}" # this overrides the admin password from the configuration file
      # demo users
      IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}"
+      # password policies
+      FRONTEND_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: "banned-password-list.txt"
    volumes:
+      - ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt
      - ./config/ocis/proxy.yaml:/etc/ocis/proxy.yaml
      - ./config/ocis/web.yaml:/etc/ocis/web.yaml
      - ocis-config:/etc/ocis
--- a/deployments/examples/ocis_keycloak/config/ocis/banned-password-list.txt
+++ b/deployments/examples/ocis_keycloak/config/ocis/banned-password-list.txt
@@ -0,0 +1,5 @@
+password
+12345678
+123
+ownCloud
+ownCloud-1
--- a/deployments/examples/ocis_keycloak/docker-compose.yml
+++ b/deployments/examples/ocis_keycloak/docker-compose.yml
@@ -77,7 +77,10 @@ services:
      OCIS_EXCLUDE_RUN_SERVICES: "idp"
      GRAPH_ASSIGN_DEFAULT_USER_ROLE: "false"
      GRAPH_USERNAME_MATCH: "none"
+      # password policies
+      FRONTEND_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: "banned-password-list.txt"
    volumes:
+      - ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt
      - ocis-config:/etc/ocis
      - ocis-data:/var/lib/ocis
    labels:
--- a/deployments/examples/ocis_ldap/config/ocis/banned-password-list.txt
+++ b/deployments/examples/ocis_ldap/config/ocis/banned-password-list.txt
@@ -0,0 +1,5 @@
+password
+12345678
+123
+ownCloud
+ownCloud-1
--- a/deployments/examples/ocis_ldap/docker-compose.yml
+++ b/deployments/examples/ocis_ldap/docker-compose.yml
@@ -88,8 +88,10 @@ services:
      OCIS_INSECURE: "${INSECURE:-false}"
      # basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect)
      PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}"
-      # admin user password
+      # password policies
+      FRONTEND_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: "banned-password-list.txt"
    volumes:
+      - ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt
      - ocis-config:/etc/ocis
      - ocis-data:/var/lib/ocis
    labels:
--- a/deployments/examples/ocis_s3/docker-compose.yml
+++ b/deployments/examples/ocis_s3/docker-compose.yml
@@ -78,7 +78,10 @@ services:
      IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}" # this overrides the admin password from the configuration file
      # demo users
      IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}"
+      # password policies
+      FRONTEND_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: "banned-password-list.txt"
    volumes:
+      - ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt
      - ocis-config:/etc/ocis
      - ocis-data:/var/lib/ocis
    labels:
--- a/deployments/examples/ocis_traefik/config/ocis/banned-password-list.txt
+++ b/deployments/examples/ocis_traefik/config/ocis/banned-password-list.txt
@@ -0,0 +1,5 @@
+password
+12345678
+123
+ownCloud
+ownCloud-1
--- a/deployments/examples/ocis_traefik/docker-compose.yml
+++ b/deployments/examples/ocis_traefik/docker-compose.yml
@@ -74,7 +74,10 @@ services:
      NOTIFICATIONS_SMTP_SENDER: oCIS notifications <notifications@${OCIS_DOMAIN:-ocis.owncloud.test}>
      NOTIFICATIONS_SMTP_USERNAME: notifications@${OCIS_DOMAIN:-ocis.owncloud.test}
      NOTIFICATIONS_SMTP_INSECURE: "true" # the mail catcher uses self signed certificates
+      # password policies
+      FRONTEND_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: "banned-password-list.txt"
    volumes:
+      - ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt
      - ocis-config:/etc/ocis
      - ocis-data:/var/lib/ocis
    labels:
--- a/deployments/examples/ocis_wopi/config/ocis/banned-password-list.txt
+++ b/deployments/examples/ocis_wopi/config/ocis/banned-password-list.txt
@@ -0,0 +1,5 @@
+password
+12345678
+123
+ownCloud
+ownCloud-1