public Task OnSubscribeAsync(UserSecurityPolicySubscriptionContext context)
 {
     // Todo:
     // Maybe we should enumerate through the user's packages and add Microsoft as a package owner if the package passes the metadata requirements when a user is onboarded to this policy.
     // We should also unlock the package if it is locked as part of adding Microsoft as co-owner.
     return(Task.CompletedTask);
 }
Beispiel #2
0
        /// <summary>
        /// On subscribe, set API keys with push capability to expire in <see cref="PushKeysExpirationInDays" /> days.
        /// </summary>
        /// <param name="context"></param>
        public async Task OnSubscribeAsync(UserSecurityPolicySubscriptionContext context)
        {
            var pushKeys = context.User.Credentials.Where(c =>
                                                          CredentialTypes.IsApiKey(c.Type) &&
                                                          (
                                                              c.Scopes.Count == 0 ||
                                                              c.Scopes.Any(s =>
                                                                           s.AllowedAction.Equals(NuGetScopes.PackagePush, StringComparison.OrdinalIgnoreCase) ||
                                                                           s.AllowedAction.Equals(NuGetScopes.PackagePushVersion, StringComparison.OrdinalIgnoreCase)
                                                                           ))
                                                          );

            var expires     = DateTime.UtcNow.AddDays(PushKeysExpirationInDays);
            var expireTasks = new List <Task>();

            foreach (var key in pushKeys)
            {
                if (!key.Expires.HasValue || key.Expires > expires)
                {
                    expireTasks.Add(_auditing.SaveAuditRecordAsync(
                                        new UserAuditRecord(context.User, AuditedUserAction.ExpireCredential, key)));

                    key.Expires = expires;
                }
            }
            await Task.WhenAll(expireTasks);

            _diagnostics.Information($"Expiring {pushKeys.Count()} keys with push capability for user '{context.User.Username}'.");
        }
 public Task OnUnsubscribeAsync(UserSecurityPolicySubscriptionContext context)
 {
     return(Task.CompletedTask);
 }
 public Task OnUnsubscribeAsync(UserSecurityPolicySubscriptionContext context)
 {
     throw new NotSupportedException();
 }