private SecurityPolicyResult Evaluate(string scopes)
{
var identity = AuthenticationService.CreateIdentity(
new User("testUser"),
AuthenticationTypes.ApiKey,
new Claim(NuGetClaims.ApiKey, string.Empty));
if (!string.IsNullOrEmpty(scopes))
{
identity.AddClaim(new Claim(NuGetClaims.Scope, scopes));
}
var principal = new Mock <IPrincipal>();
principal.Setup(p => p.Identity).Returns(identity);
var httpContext = new Mock <HttpContextBase>();
httpContext.Setup(c => c.User).Returns(principal.Object);
var context = new UserSecurityPolicyContext(httpContext.Object,
new UserSecurityPolicy[] { new UserSecurityPolicy("RequireApiKeyWithPackageVerifyScopePolicy") });
return(new RequirePackageVerifyScopePolicy().Evaluate(context));
}
private SecurityPolicyResult Evaluate(string minClientVersions, string actualClientVersion)
{
var headers = new NameValueCollection();
if (!string.IsNullOrEmpty(actualClientVersion))
{
headers[Constants.ClientVersionHeaderName] = actualClientVersion;
}
;
var httpRequest = new Mock <HttpRequestBase>();
httpRequest.Setup(r => r.Headers).Returns(headers);
var httpContext = new Mock <HttpContextBase>();
httpContext.Setup(c => c.Request).Returns(httpRequest.Object);
var policies = minClientVersions.Split(',').Select(
v => CreateMinClientVersionForPushPolicy(v)
).ToArray();
var context = new UserSecurityPolicyContext(httpContext.Object, policies);
return(new RequireMinClientVersionForPushPolicy().Evaluate(context));
}
/// <summary>
/// Get the current client version from the request.
/// </summary>
private NuGetVersion GetClientVersion(UserSecurityPolicyContext context)
{
var clientVersionString = context.HttpContext.Request?.Headers[Constants.ClientVersionHeaderName];
NuGetVersion clientVersion;
return(NuGetVersion.TryParse(clientVersionString, out clientVersion) ? clientVersion : null);
}
/// <summary>
/// In case of multiple, select the max of the minimum required client versions.
/// </summary>
private NuGetVersion GetMaxOfMinClientVersions(UserSecurityPolicyContext context)
{
var policyStates = context.Policies
.Where(p => !string.IsNullOrEmpty(p.Value))
.Select(p => JsonConvert.DeserializeObject <State>(p.Value));
return(policyStates.Max(s => s.MinClientVersion));
}
public override SecurityPolicyResult Evaluate(UserSecurityPolicyContext context)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
var identity = context.HttpContext.User.Identity;
if (identity.HasPackageVerifyScopeClaim())
{
return(SecurityPolicyResult.SuccessResult);
}
return(SecurityPolicyResult.CreateErrorResult(Strings.SecurityPolicy_RequireApiKeyWithPackageVerifyScope));
}
public override SecurityPolicyResult Evaluate(UserSecurityPolicyContext context)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
var minClientVersion = GetMaxOfMinClientVersions(context);
var clientVersion = GetClientVersion(context);
if (clientVersion == null || clientVersion < minClientVersion)
{
return(SecurityPolicyResult.CreateErrorResult(string.Format(CultureInfo.CurrentCulture,
Strings.SecurityPolicy_RequireMinClientVersionForPush, minClientVersion)));
}
return(SecurityPolicyResult.SuccessResult);
}
public abstract SecurityPolicyResult Evaluate(UserSecurityPolicyContext context);
