Merging latest staging to master

scripts/scripts.d/12_python3.sh

@@ -4,4 +4,4 @@
 
 info "Installing Python3 ..."
 
-yum --assumeyes install python3
+yum --assumeyes install python3 python3-devel python3-pip gcc-c++

scripts/scripts.d/21_eoxs_gdal.sh

@@ -12,9 +12,20 @@
 
 info "Installing GDAL library ... "
 
-yum --assumeyes install gdal gdal-libs proj-epsg gdal-devel gcc-c++ python3-devel
+yum --assumeyes install gdal gdal-libs proj-epsg gdal-devel
 
 activate_venv "$VIRES_VENV_ROOT"
 
-# build gdal dependencies from source
-pip3 install $PIP_OPTIONS pygdal=="`gdal-config --version`.*"
+if [ -n "`pip3 list | grep pygdal`" ]
+then
+    pip3 uninstall pygdal -y
+fi
+
+# Current version of GDAL requires setuptools<58 (2to3 removed in 58.0.0)
+pip3 install $PIP_OPTIONS "setuptools<58"
+
+# NOTE: gdal-python virenv installation requires numpy to be installed!
+[ -z "$CONTRIB_DIR" ] && error "Missing the required CONTRIB_DIR variable!"
+PACKAGE="`lookup_package "$CONTRIB_DIR/GDAL-*.tar.gz"`"
+[ -n "$PACKAGE" ] || error "Source distribution package not found!"
+pip3 install $PIP_OPTIONS "$PACKAGE"

scripts/scripts.d/22_eoxs_mapserver.sh

@@ -13,11 +13,16 @@
 info "Installing mapserver packages ..."
 
 [ -z "`rpm -qa | grep swig-2`" ] || yum --assumeyes remove swig
-yum --assumeyes install mapserver mapserver-devel gdal-devel proj-devel libxml2-devel python3-devel swig3 gcc-c++
+yum --assumeyes install mapserver mapserver-devel gdal-devel proj-devel libxml2-devel swig3
 
 activate_venv "$VIRES_VENV_ROOT"
 
+if [ -n "`pip3 list | grep python-mapscript`" ]
+then
+    pip3 uninstall python-mapscript -y
+fi
+
 [ -z "$CONTRIB_DIR" ] && error "Missing the required CONTRIB_DIR variable!"
-PACKAGE="`lookup_package "$CONTRIB_DIR/python-mapscript-*.tar.gz"`"
+PACKAGE="`lookup_package "$CONTRIB_DIR/mapscript-*.tar.gz"`"
 [ -n "$PACKAGE" ] || error "Source distribution package not found!"
 pip3 install $PIP_OPTIONS "$PACKAGE"

scripts/scripts.d/23_apache_config.sh

@@ -115,9 +115,10 @@ then
     TransferLog logs/ssl_access_log
     LogLevel warn
     SSLEngine on
-    SSLProtocol all -SSLv2 -SSLv3
-    SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
+    SSLProtocol  all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
+    SSLCipherSuite  ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
     SSLHonorCipherOrder on
+    SSLOptions +StrictRequire
     SSLCertificateFile $SSL_CERTIFICATE_FILE
     SSLCertificateKeyFile $SSL_CERTIFICATE_KEYFILE
     $SSL_CACERTIFICATE_FILE_LINE

scripts/scripts.d/25_oauth_django_oauth.sh

@@ -13,4 +13,4 @@ info "Installing Django OAuth Toolkit ..."
 
 activate_venv "$OAUTH_VENV_ROOT"
 
-pip3 install $PIP_OPTIONS 'django-oauth-toolkit<2.0' # FIXME implement proper support for django-oauth-toolkit >= 2.0.0
+pip3 install $PIP_OPTIONS 'django-oauth-toolkit>=2.0'

scripts/scripts.d/26_eoxs_coda.sh

@@ -23,7 +23,7 @@ pip3 install $PIP_OPTIONS "$PACKAGE"
 
 
 # download Aeolus product definition file
-VERSION="20220211"
+VERSION="20230313"
 FILENAME="AEOLUS-${VERSION}.codadef"
 SOURCE_URL="https://github.com/stcorp/codadef-aeolus/releases/download/${VERSION}/${FILENAME}"
 TARGET_DIR="$VENV_ROOT/share/coda/definitions/"

scripts/scripts.d/50_oauth_instance.sh

@@ -278,29 +278,11 @@ INSTALLED_APPS += [
     'allauth',
     'allauth.account',
     'allauth.socialaccount',
-    #'allauth.socialaccount.providers.facebook',
-    #'allauth.socialaccount.providers.twitter',
-    #'allauth.socialaccount.providers.linkedin_oauth2',
-    #'allauth.socialaccount.providers.google',
-    #'allauth.socialaccount.providers.github',
     'django_countries',
     'oauth2_provider',
 ]
 
 SOCIALACCOUNT_PROVIDERS = {
-    'linkedin_oauth2': {
-        'SCOPE': [
-            'r_emailaddress',
-            'r_liteprofile',
-        ],
-       'PROFILE_FIELDS': [
-            'id',
-            'firstName',
-            'lastName',
-            'profilePicture',
-            'emailAddress',
-        ],
-    },
 }
 
 # OAUTH APPS - END - Do not edit or remove this line!
@@ -335,6 +317,7 @@ AUTHENTICATION_BACKENDS = [
 OAUTH2_PROVIDER = {
     'SCOPES_BACKEND_CLASS': 'vires_oauth.scopes.ViresScopes',
     'ALLOWED_REDIRECT_URI_SCHEMES': ['http'], # change to 'https' in production!
+    'PKCE_REQUIRED': False,
 }
 
 # Django allauth
@@ -367,8 +350,7 @@ SOCIALACCOUNT_EMAIL_VERIFICATION = ACCOUNT_EMAIL_VERIFICATION
 SOCIALACCOUNT_QUERY_EMAIL = True
 SOCIALACCOUNT_LOGIN_ON_GET = False
 ACCOUNT_SIGNUP_FORM_CLASS = 'vires_oauth.forms.SignupForm'
-#ACCOUNT_SIGNUP_FORM_CLASS = 'eoxs_allauth.forms.ESASignupForm' #FIXME
-ACCOUNT_SIGNUP_EMAIL_ENTER_TWICE = True
+#ACCOUNT_SIGNUP_EMAIL_ENTER_TWICE = True
 
 VIRES_OAUTH_DEFAULT_GROUPS = ["default", "vre"]
 VIRES_SERVICE_TERMS_VERSION = "AEOLUS_2019-09-30_V1.0.0"

scripts/scripts.d/50_oauth_instance_production.sh

@@ -24,6 +24,7 @@ OAUTH_SERVER_NTHREAD=${OAUTH_SERVER_NTHREAD:-2}
 
 DEBUG="${DEBUG:-False}"
 
+#required_variables EOIAM_HOST EOIAM_REF_HOST
 required_variables VIRES_OPS_DIR
 required_variables OAUTH_VENV_ROOT
 activate_venv "$OAUTH_VENV_ROOT"
@@ -318,6 +319,29 @@ END
 
 
 # extending settings.py
+#
+_print_comment_if_empty() {
+    if [ -z "$1" ]
+    then
+        echo -n "#"
+    fi
+}
+
+_print_eoiam_configuration() {
+    if [ -n "$2" ]
+    then
+    cat - <<END
+    '$1': {
+        'SERVER_URL': 'https://$2/oauth2',
+        'TRUST_EMAILS': True,
+        'REQUIRED_GROUP_PERMISSIONS': {
+            'privileged': [('AEOLUS_PRODUCTS_RESTRICTED',)],
+        }
+    },
+END
+    fi
+}
+
 ex "$SETTINGS" <<END
 /^INSTALLED_APPS\s*=/
 /^]$/
@@ -329,29 +353,15 @@ INSTALLED_APPS += [
     'allauth',
     'allauth.account',
     'allauth.socialaccount',
-    #'allauth.socialaccount.providers.facebook',
-    #'allauth.socialaccount.providers.twitter',
-    #'allauth.socialaccount.providers.linkedin_oauth2',
-    #'allauth.socialaccount.providers.google',
-    #'allauth.socialaccount.providers.github',
+    `_print_comment_if_empty "$EOIAM_HOST"`'vires_oauth.providers.eoiam',
+    `_print_comment_if_empty "$EOIAM_REF_HOST"`'vires_oauth.providers.eoiam_ref',
     'django_countries',
     'oauth2_provider',
 ]
 
 SOCIALACCOUNT_PROVIDERS = {
-    'linkedin_oauth2': {
-        'SCOPE': [
-            'r_emailaddress',
-            'r_liteprofile',
-        ],
-       'PROFILE_FIELDS': [
-            'id',
-            'firstName',
-            'lastName',
-            'profilePicture',
-            'emailAddress',
-        ],
-    },
+`_print_eoiam_configuration "eoiam" "$EOIAM_HOST"`
+`_print_eoiam_configuration "eoiam_ref" "$EOIAM_REF_HOST"`
 }
 
 # OAUTH APPS - END - Do not edit or remove this line!
@@ -387,6 +397,7 @@ AUTHENTICATION_BACKENDS = [
 OAUTH2_PROVIDER = {
     'SCOPES_BACKEND_CLASS': 'vires_oauth.scopes.ViresScopes',
     'ALLOWED_REDIRECT_URI_SCHEMES': ['https'],
+    'PKCE_REQUIRED': False,
 }
 
 # Django allauth
@@ -417,7 +428,7 @@ SOCIALACCOUNT_EMAIL_VERIFICATION = 'mandatory'
 SOCIALACCOUNT_QUERY_EMAIL = True
 SOCIALACCOUNT_LOGIN_ON_GET = False
 ACCOUNT_SIGNUP_FORM_CLASS = 'vires_oauth.forms.SignupForm'
-ACCOUNT_SIGNUP_EMAIL_ENTER_TWICE = True
+#ACCOUNT_SIGNUP_EMAIL_ENTER_TWICE = True
 
 EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
 EMAIL_USE_TLS = $_SMTP_USE_TLS