Merge pull request #365 from City-of-Helsinki/dev

Dev to main

.platform/schema

@@ -1 +1 @@
-9
+10

compose.yaml

@@ -163,7 +163,7 @@ services:
   chromium:
     # @todo Update this to newer version once minkphp supports Selenium 4.
     # @see https://github.com/minkphp/MinkSelenium2Driver/pull/372
-    image: selenium/standalone-chrome:106.0
+    image: seleniarm/standalone-chromium:106.0
     networks:
       - internal
     profiles:

composer.json

@@ -112,7 +112,8 @@
                 "Cannot save or publish originating node or translations (https://drupal.org/i/3285657)": "https://www.drupal.org/files/issues/2022-06-14/core9.2-node-lock-translations-2744851.patch"
             },
             "drupal/gin": {
-                "Fix Gin row weights. (https://www.drupal.org/project/gin/issues/3461093)": "./patches/gin_row_weights-3461093.patch"
+                "Fix Gin row weights. (https://www.drupal.org/project/gin/issues/3461093)": "./patches/gin_row_weights-3461093.patch",
+                "[#UHF-10892] Gin sidebar nextsibling issue. (https://www.drupal.org/i/3460390)": "./patches/gin-3460390-sidebar-nextsibling-innerhtml-rc13.patch"
             },
             "drupal/paragraphs": {
                 "[#UHF-2059] Enhancements for the Admin UI": "https://raw.githubusercontent.com/City-of-Helsinki/drupal-helfi-platform-config/fdccb32397cc6fa19b4d0077b21a2b18aa6be297/patches/helfi_customizations_for_paragraphs_widget_8.x-1.12.patch"

conf/cmi/block.block.userlogin.yml

@@ -12,7 +12,7 @@ theme: infofinland
 region: footer_bottom
 weight: -4
 provider: null
-plugin: user_login_block
+plugin: tfa_user_login_block
 settings:
   id: user_login_block
   label: Kirjaudu

conf/cmi/core.extension.yml

@@ -25,6 +25,7 @@ module:
   dynamic_page_cache: 0
   editor: 0
   elasticsearch_connector: 0
+  encrypt: 0
   entity: 0
   entity_browser: 0
   entity_browser_entity_form: 0
@@ -45,6 +46,7 @@ module:
   helfi_azure_fs: 0
   helfi_ckeditor: 0
   helfi_platform_config: 0
+  helfi_tfa: 0
   helfi_user_roles: 0
   helfi_users: 0
   help: 0
@@ -60,6 +62,7 @@ module:
   jsonapi_extras: 0
   jsonapi_menu_items: 0
   jsonapi_resources: 0
+  key: 0
   language: 0
   legal: 0
   link: 0
@@ -97,6 +100,7 @@ module:
   queue_ui: 0
   raven: 0
   readonly_field_widget: 0
+  real_aes: 0
   redirect: 0
   redirect_404: 0
   redirect_domain: 0
@@ -118,6 +122,7 @@ module:
   system: 0
   taxonomy: 0
   text: 0
+  tfa: 0
   token: 0
   toolbar: 0
   twig_tweak: 0

conf/cmi/encrypt.profile.real_aes.yml

@@ -0,0 +1,15 @@
+uuid: 90d7b880-aa02-4cff-aeb9-69e03db7a21b
+langcode: en
+status: true
+dependencies:
+  config:
+    - key.key.tfa
+  module:
+    - real_aes
+_core:
+  default_config_hash: lDV_LbRGbNBnnVa6X72NK7xH7A1T9tasNNgP2hOhHKs
+id: real_aes
+label: 'Real AES'
+encryption_method: real_aes
+encryption_method_configuration: {  }
+encryption_key: tfa

conf/cmi/encrypt.settings.yml

@@ -0,0 +1,4 @@
+_core:
+  default_config_hash: CMyccvAuba2yH-HYmcEL0pq1Seyxzq9VHhKbQKwAWY4
+check_profile_status: true
+allow_deprecated_plugins: false

conf/cmi/filter.format.plain_text.yml

@@ -5,7 +5,6 @@ dependencies:
   module:
     - helfi_api_base
     - obfuscate
-    - helfi_api_base
 _core:
   default_config_hash: NIKBt6kw_uPhNI0qtR2DnRf7mSOgAQdx7Q94SKMjXbQ
 name: 'Plain text'

conf/cmi/key.key.tfa.yml

@@ -0,0 +1,19 @@
+uuid: 05f354f6-4d19-4cb0-9d95-0d16a1573e58
+langcode: en
+status: true
+dependencies: {  }
+_core:
+  default_config_hash: ARfRhKTJUSFXqKkDFwUncBUg8-5v7z_we3DETbYMYB0
+id: tfa
+label: TFA
+description: ''
+key_type: encryption
+key_type_settings:
+  key_size: 256
+key_provider: config
+key_provider_settings:
+  key_value: thisvaluewillbeoverridden1234567
+  base64_encoded: true
+key_input: text_field
+key_input_settings:
+  base64_encoded: false

conf/cmi/language/fi/key.key.tfa.yml

@@ -0,0 +1 @@
+label: TFA

conf/cmi/language/fi/tfa.settings.yml

@@ -0,0 +1,6 @@
+help_text: 'Contact support to reset your access'
+mail:
+  tfa_enabled_configuration:
+    body: "[user:display-name],\r\n\r\nThanks for configuring two-factor authentication on your [site:name] account!\r\n\r\nThis additional level of security will help to ensure that only you are able to log in to your account.\r\n\r\nIf you ever lose the device you configured, you should act quickly to delete its association with this account.\r\n\r\n--\r\n[site:name] team"
+  tfa_disabled_configuration:
+    body: "[user:display-name],\r\n\r\nTwo-factor authentication has been disabled on your [site:name] account.\r\n\r\nIf you did not take this action, please contact a site administrator immediately.\r\n\r\n--\r\n[site:name] team"

conf/cmi/language/fi/views.view.media.yml

@@ -50,7 +50,7 @@ display:
           sort_desc_label: Desc
       empty:
         area_text_custom:
-          content: 'Ei mediaa saatavilla.'
+          content: 'Mediatiedostoja ei ole saatavilla.'
       filters:
         name:
           expose:

conf/cmi/language/fi/views.view.media_library.yml

@@ -23,7 +23,7 @@ display:
           sort_desc_label: Desc
       empty:
         area_text_custom:
-          content: 'Ei mediaa saatavilla.'
+          content: 'Mediatiedostoja ei ole saatavilla.'
       sorts:
         created:
           expose:

conf/cmi/language/fr/key.key.tfa.yml

@@ -0,0 +1 @@
+label: TFA

conf/cmi/language/sv/tfa.settings.yml

@@ -0,0 +1,8 @@
+help_text: 'Contact support to reset your access'
+mail:
+  tfa_enabled_configuration:
+    subject: 'Your [site:name] account now has two-factor authentication'
+    body: "[user:display-name],\r\n\r\nThanks for configuring two-factor authentication on your [site:name] account!\r\n\r\nThis additional level of security will help to ensure that only you are able to log in to your account.\r\n\r\nIf you ever lose the device you configured, you should act quickly to delete its association with this account.\r\n\r\n--\r\n[site:name] team"
+  tfa_disabled_configuration:
+    subject: 'Your [site:name] account no longer has two-factor authentication'
+    body: "[user:display-name],\r\n\r\nTwo-factor authentication has been disabled on your [site:name] account.\r\n\r\nIf you did not take this action, please contact a site administrator immediately.\r\n\r\n--\r\n[site:name] team"

conf/cmi/purge.logger_channels.yml

@@ -11,3 +11,7 @@ channels:
       - 0
       - 2
       - 3
+  -
+    id: diagnostics
+    grants:
+      - 3

conf/cmi/raven.settings.yml

@@ -4,19 +4,19 @@ client_key: ''
 environment: ''
 release: ''
 log_levels:
-  1: 1
-  2: 2
-  3: 3
-  4: 4
-  5: 0
-  6: 0
-  7: 0
-  8: 0
+  emergency: true
+  alert: true
+  critical: true
+  error: true
+  warning: false
+  notice: false
+  info: false
+  debug: false
 stack: true
 timeout: 2.0
 message_limit: 2048
 trace: false
-fatal_error_handler: false
+fatal_error_handler: true
 fatal_error_handler_memory: 2560
 javascript_error_handler: false
 drush_error_handler: true

conf/cmi/tfa.settings.yml

@@ -0,0 +1,53 @@
+_core:
+  default_config_hash: JyIkFj38h-aTLsrCfejAfP277qBJ61tlaLEBH44IHhg
+langcode: en
+enabled: true
+required_roles:
+  admin: admin
+  infofinland_user: infofinland_user
+  content_producer: content_producer
+  editor: editor
+  municipal_editor: municipal_editor
+  infofinland_admin: infofinland_admin
+  super_administrator: super_administrator
+  authenticated: '0'
+  read_only: '0'
+  nextjs: '0'
+send_plugins: {  }
+login_plugins: {  }
+login_plugin_settings:
+  tfa_trusted_browser:
+    cookie_allow_subdomains: true
+    cookie_expiration: 30
+    cookie_name: tfa-trusted-browser
+allowed_validation_plugins:
+  tfa_totp: tfa_totp
+default_validation_plugin: tfa_totp
+validation_plugin_settings:
+  tfa_hotp:
+    counter_window: 10
+    site_name_prefix: 1
+    name_prefix: TFA
+    issuer: Drupal
+  tfa_recovery_code:
+    recovery_codes_amount: 10
+  tfa_totp:
+    time_skew: 2
+    site_name_prefix: 1
+    name_prefix: TFA
+    issuer: Hel.fi
+validation_skip: 3
+users_without_tfa_redirect: false
+reset_pass_skip_enabled: true
+encryption: real_aes
+tfa_flood_uid_only: 1
+tfa_flood_window: 300
+tfa_flood_threshold: 6
+help_text: 'Contact support to reset your access'
+mail:
+  tfa_enabled_configuration:
+    subject: 'Your [site:name] account now has two-factor authentication'
+    body: "[user:display-name],\r\n\r\nThanks for configuring two-factor authentication on your [site:name] account!\r\n\r\nThis additional level of security will help to ensure that only you are able to log in to your account.\r\n\r\nIf you ever lose the device you configured, you should act quickly to delete its association with this account.\r\n\r\n--\r\n[site:name] team"
+  tfa_disabled_configuration:
+    subject: 'Your [site:name] account no longer has two-factor authentication'
+    body: "[user:display-name],\r\n\r\nTwo-factor authentication has been disabled on your [site:name] account.\r\n\r\nIf you did not take this action, please contact a site administrator immediately.\r\n\r\n--\r\n[site:name] team"

conf/cmi/ultimate_cron.job.simple_oauth_cron.yml

@@ -13,7 +13,7 @@ scheduler:
   id: simple
   configuration:
     rules:
-      - '0+@ */6 * * *'
+      - '*/5+@ * * * *'
 launcher:
   id: serial
   configuration:

conf/cmi/user.role.anonymous.yml

@@ -8,6 +8,7 @@ dependencies:
     - legal
     - media
     - paragraphs_type_permissions
+    - raven
     - rest
     - subrequests
     - system
@@ -21,6 +22,7 @@ permissions:
   - 'access content'
   - 'issue subrequests'
   - 'restful post webform_rest_submit'
+  - 'send performance traces to sentry'
   - 'view Terms and Conditions'
   - 'view media'
   - 'view paragraph content accordion'

conf/cmi/user.role.authenticated.yml

@@ -12,7 +12,9 @@ dependencies:
     - legal
     - media
     - paragraphs_type_permissions
+    - raven
     - system
+    - tfa
 _core:
   default_config_hash: 83Nuup-6oYkkdAsvg3nrR2pBOgtTXEV1JrzpCCLkYLM
 id: authenticated
@@ -22,6 +24,9 @@ is_admin: false
 permissions:
   - 'access content'
   - 'delete own files'
+  - 'disable own tfa'
+  - 'send performance traces to sentry'
+  - 'setup own tfa'
   - 'use text format full_html'
   - 'use text format simple_html'
   - 'use text format webform_default'

conf/cmi/user.role.content_producer.yml

@@ -7,6 +7,8 @@ dependencies:
   module:
     - file
     - filter
+    - raven
+    - tfa
 _core:
   default_config_hash: EVzxFtbOrGVTXWw2GTh1fEzzqruPEqSo84k10-BF6eA
 id: content_producer
@@ -15,4 +17,7 @@ weight: 3
 is_admin: null
 permissions:
   - 'delete own files'
+  - 'disable own tfa'
+  - 'send performance traces to sentry'
+  - 'setup own tfa'
   - 'use text format simple_html'

conf/cmi/user.role.editor.yml

@@ -1,7 +1,10 @@
 uuid: c6a73a1b-05c1-4edc-95b4-ad2b33467af7
 langcode: en
 status: true
-dependencies: {  }
+dependencies:
+  module:
+    - raven
+    - tfa
 _core:
   default_config_hash: NCarMlsKnDtHl8NrvTJRPEF3KAztLAHBHDo-H2Om7So
 id: editor
@@ -12,3 +15,6 @@ permissions:
   - 'access user profiles'
   - 'cancel account'
   - 'change own username'
+  - 'disable own tfa'
+  - 'send performance traces to sentry'
+  - 'setup own tfa'

conf/cmi/user.role.infofinland_admin.yml

@@ -42,13 +42,15 @@ dependencies:
     - path
     - pathauto
     - queue_ui
+    - raven
     - redirect
     - redis
     - responsive_image
     - role_delegation
     - scheduler
     - system
     - taxonomy
+    - tfa
     - toolbar
     - webform
 id: infofinland_admin
@@ -168,6 +170,7 @@ permissions:
   - 'delete terms in language'
   - 'delete terms in municipalitys'
   - 'delete terms in organisaatiot'
+  - 'disable own tfa'
   - 'edit any file media'
   - 'edit any image media'
   - 'edit any landing_page content'
@@ -200,6 +203,8 @@ permissions:
   - 'revert office_contact_info revisions'
   - 'revert page revisions'
   - 'schedule publishing of nodes'
+  - 'send performance traces to sentry'
+  - 'setup own tfa'
   - 'translate any entity'
   - 'translate file media'
   - 'translate image media'