Skip to content

CKAN 2.11 support #92

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
markstuart wants to merge 3 commits into
base: master
Choose a base branch
from
Open

CKAN 2.11 support #92

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
535542e
Update for CKAN 2.11 compatibility
markstuart Feb 17, 2026
ecdbcf9
Restore 2.9+ compat code, keep only essential 2.11 fixes
markstuart Feb 18, 2026
46c2d31
Fix logout for CKAN 2.11: use session.clear() if invalidate() unavail…
markstuart Feb 18, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 9 additions & 6 deletions ckanext/security/model.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
from ckan.model import DomainObject, User
from ckan.model.meta import metadata, mapper
from ckan.plugins import toolkit
from sqlalchemy import Table, Column, types
from sqlalchemy import Table, Column, types, inspect

log = logging.getLogger(__name__)
user_security_totp = None
Expand All @@ -20,14 +20,17 @@ def db_setup():
if user_security_totp is None:
define_security_tables()

if not model.package_table.exists():
log.critical("Exiting: can not migrate security model \
if the database does not exist yet")
db_engine = model.meta.engine
inspector = inspect(db_engine)

if not inspector.has_table('package'):
Copy link
Copy Markdown
Contributor Author

@markstuart markstuart Feb 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Newer versions of SQLAlchemy have dropped the exists function, but all versions of SQLAlchemy that CKAN has used since 2.9+ have the has_table function available, so this will be backward compatible at least to there.

log.critical("Exiting: can not migrate security model "
"if the database does not exist yet")
sys.exit(1)
return

if not user_security_totp.exists():
user_security_totp.create()
if not inspector.has_table('user_security_totp'):
user_security_totp.create(db_engine)
print("Created security TOTP table")
else:
print("Security TOTP table already exists -- skipping")
Expand Down
6 changes: 5 additions & 1 deletion ckanext/security/plugin/flask_plugin.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,4 +30,8 @@ def authenticate(self, identity):

# Delete session cookie information
def logout(self):
session.invalidate()
# Beaker session (CKAN < 2.11) uses invalidate(); Flask-Session uses clear()
if hasattr(session, 'invalidate'):
session.invalidate()
else:
session.clear()
Copy link
Copy Markdown
Contributor Author

@markstuart markstuart Feb 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This has been raised by other contributors as well, thanks for that team 👍

2 changes: 1 addition & 1 deletion ckanext/security/templates/user/edit_user_form.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
{% if h.security_enable_totp() %}
<fieldset>
<legend>{{_('Two factor authentication')}}</legend>
{% link_for _('Manage two factor authentication'), controller='mfa_user', action='configure_mfa', id=data.id, class_='btn btn-default pull-left', icon='cog' %}
{% link_for _('Manage two factor authentication'), controller='mfa_user', action='configure_mfa', id=data.id, class_='btn btn-secondary float-start', icon='cog' %}
Copy link
Copy Markdown
Contributor Author

@markstuart markstuart Feb 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CKAN 2.10+ uses Bootstrap 5, and this makes it compatible with the BS5 styling.

</fieldset>
{% endif %}

Expand Down
9 changes: 5 additions & 4 deletions requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
# Required for CKAN < 2.11 (repoze.who-based auth)
Beaker~=1.11.0
beaker-redis~=1.1.0
pyotp~=2.6.0
python-magic~=0.4.24
redis~=4.1
repoze.who~=2.4
git+https://github.com/akissa/repoze.who-use_beaker@780379fd58b10264c0756feb6d3f232f797ba0cb#egg=repoze.who-use_beaker
six~=1.16.0
WebOb~=1.8.7
pyotp~=2.6.0
Copy link
Copy Markdown
Contributor

@ThrawnCA ThrawnCA Feb 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why was this moved downward?

Copy link
Copy Markdown
Contributor Author

@markstuart markstuart Feb 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the intent was that the 3 dependencies related to beaker and repoze are all essentially deprecated as per the comment, and grouped together for later removal.

python-magic~=0.4.24
redis>=4.1
six~=1.16.0