owncloud · 2403905 · Nov 29, 2023 · Nov 22, 2023
diff --git a/changelog/unreleased/add-banned-list-to-deployements.md b/changelog/unreleased/add-banned-list-to-deployements.md
@@ -0,0 +1,6 @@
+Enhancement: Add banned password list to the default deployments
+
+We add banned password list to the default deployments
+
+https://github.com/owncloud/ocis/pull/7784
+https://github.com/owncloud/ocis/issues/7724
diff --git a/deployments/examples/oc10_ocis_parallel/config/ocis/banned-password-list.txt b/deployments/examples/oc10_ocis_parallel/config/ocis/banned-password-list.txt
@@ -0,0 +1,5 @@
+password
+12345678
+123
+ownCloud
+ownCloud-1
diff --git a/deployments/examples/oc10_ocis_parallel/docker-compose.yml b/deployments/examples/oc10_ocis_parallel/docker-compose.yml
@@ -124,7 +124,10 @@ services:
       OCIS_INSECURE: "${INSECURE:-false}"
       # basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect)
       PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}"
+      # password policies
+      FRONTEND_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: "banned-password-list.txt"
     volumes:
+      - ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt
       - ./config/ocis/proxy.yaml:/etc/ocis/proxy.yaml
       - ocis-config:/etc/ocis
       - ocis-data:/var/lib/ocis

diff --git a/deployments/examples/ocis_hello/config/ocis/banned-password-list.txt b/deployments/examples/ocis_hello/config/ocis/banned-password-list.txt
@@ -0,0 +1,5 @@
+password
+12345678
+123
+ownCloud
+ownCloud-1
diff --git a/deployments/examples/ocis_hello/docker-compose.yml b/deployments/examples/ocis_hello/docker-compose.yml
@@ -71,7 +71,10 @@ services:
       IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}" # this overrides the admin password from the configuration file
       # demo users
       IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}"
+      # password policies
+      FRONTEND_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: "banned-password-list.txt"
     volumes:
+      - ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt
       - ./config/ocis/proxy.yaml:/etc/ocis/proxy.yaml
       - ./config/ocis/web.yaml:/etc/ocis/web.yaml
       - ocis-config:/etc/ocis

diff --git a/deployments/examples/ocis_keycloak/config/ocis/banned-password-list.txt b/deployments/examples/ocis_keycloak/config/ocis/banned-password-list.txt
@@ -0,0 +1,5 @@
+password
+12345678
+123
+ownCloud
+ownCloud-1
diff --git a/deployments/examples/ocis_keycloak/docker-compose.yml b/deployments/examples/ocis_keycloak/docker-compose.yml
@@ -77,7 +77,10 @@ services:
       OCIS_EXCLUDE_RUN_SERVICES: "idp"
       GRAPH_ASSIGN_DEFAULT_USER_ROLE: "false"
       GRAPH_USERNAME_MATCH: "none"
+      # password policies
+      FRONTEND_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: "banned-password-list.txt"
     volumes:
+      - ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt
       - ocis-config:/etc/ocis
       - ocis-data:/var/lib/ocis
     labels:

diff --git a/deployments/examples/ocis_ldap/config/ocis/banned-password-list.txt b/deployments/examples/ocis_ldap/config/ocis/banned-password-list.txt
@@ -0,0 +1,5 @@
+password
+12345678
+123
+ownCloud
+ownCloud-1
diff --git a/deployments/examples/ocis_ldap/docker-compose.yml b/deployments/examples/ocis_ldap/docker-compose.yml
@@ -88,8 +88,10 @@ services:
       OCIS_INSECURE: "${INSECURE:-false}"
       # basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect)
       PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}"
-      # admin user password
+      # password policies
+      FRONTEND_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: "banned-password-list.txt"
     volumes:
+      - ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt
       - ocis-config:/etc/ocis
       - ocis-data:/var/lib/ocis
     labels:

diff --git a/deployments/examples/ocis_s3/docker-compose.yml b/deployments/examples/ocis_s3/docker-compose.yml
@@ -78,7 +78,10 @@ services:
       IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}" # this overrides the admin password from the configuration file
       # demo users
       IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}"
+      # password policies
+      FRONTEND_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: "banned-password-list.txt"
     volumes:
+      - ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt
       - ocis-config:/etc/ocis
       - ocis-data:/var/lib/ocis
     labels:

diff --git a/deployments/examples/ocis_traefik/config/ocis/banned-password-list.txt b/deployments/examples/ocis_traefik/config/ocis/banned-password-list.txt
@@ -0,0 +1,5 @@
+password
+12345678
+123
+ownCloud
+ownCloud-1
diff --git a/deployments/examples/ocis_traefik/docker-compose.yml b/deployments/examples/ocis_traefik/docker-compose.yml
@@ -74,7 +74,10 @@ services:
       NOTIFICATIONS_SMTP_SENDER: oCIS notifications <notifications@${OCIS_DOMAIN:-ocis.owncloud.test}>
       NOTIFICATIONS_SMTP_USERNAME: notifications@${OCIS_DOMAIN:-ocis.owncloud.test}
       NOTIFICATIONS_SMTP_INSECURE: "true" # the mail catcher uses self signed certificates
+      # password policies
+      FRONTEND_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: "banned-password-list.txt"
     volumes:
+      - ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt
       - ocis-config:/etc/ocis
       - ocis-data:/var/lib/ocis
     labels:

diff --git a/deployments/examples/ocis_wopi/config/ocis/banned-password-list.txt b/deployments/examples/ocis_wopi/config/ocis/banned-password-list.txt
@@ -0,0 +1,5 @@
+password
+12345678
+123
+ownCloud
+ownCloud-1