Example #1
0
        public virtual async Task <ActionResult> VerifyPackage()
        {
            var currentUser = GetCurrentUser();

            PackageMetadata packageMetadata;

            using (Stream uploadFile = await _uploadFileService.GetUploadFileAsync(currentUser.Key))
            {
                if (uploadFile == null)
                {
                    return(RedirectToRoute(RouteName.UploadPackage));
                }

                var package = await SafeCreatePackage(currentUser, uploadFile);

                if (package == null)
                {
                    return(Redirect(Url.UploadPackage()));
                }

                try
                {
                    packageMetadata = PackageMetadata.FromNuspecReader(
                        package.GetNuspecReader());
                }
                catch (Exception ex)
                {
                    TempData["Message"] = ex.GetUserSafeMessage();
                    return(Redirect(Url.UploadPackage()));
                }
            }

            var model = new VerifyPackageRequest
            {
                Id         = packageMetadata.Id,
                Version    = packageMetadata.Version.ToNormalizedStringSafe(),
                LicenseUrl = packageMetadata.LicenseUrl.ToEncodedUrlStringOrNull(),
                Listed     = true,
                Edit       = new EditPackageVersionRequest
                {
                    Authors      = packageMetadata.Authors.Flatten(),
                    Copyright    = packageMetadata.Copyright,
                    Description  = packageMetadata.Description,
                    IconUrl      = packageMetadata.IconUrl.ToEncodedUrlStringOrNull(),
                    LicenseUrl   = packageMetadata.LicenseUrl.ToEncodedUrlStringOrNull(),
                    ProjectUrl   = packageMetadata.ProjectUrl.ToEncodedUrlStringOrNull(),
                    ReleaseNotes = packageMetadata.ReleaseNotes,
                    RequiresLicenseAcceptance = packageMetadata.RequireLicenseAcceptance,
                    Summary      = packageMetadata.Summary,
                    Tags         = PackageHelper.ParseTags(packageMetadata.Tags),
                    VersionTitle = packageMetadata.Title,
                }
            };

            return(View(model));
        }
        public virtual async Task <ActionResult> VerifyPackage()
        {
            var currentUser = GetCurrentUser();

            IPackageMetadata packageMetadata;

            using (Stream uploadFile = await _uploadFileService.GetUploadFileAsync(currentUser.Key))
            {
                if (uploadFile == null)
                {
                    return(RedirectToRoute(RouteName.UploadPackage));
                }

                try
                {
                    using (INupkg package = CreatePackage(uploadFile))
                    {
                        packageMetadata = package.Metadata;
                    }
                }
                catch (InvalidDataException e)
                {
                    // Log the exception in case we get support requests about it.
                    QuietLog.LogHandledException(e);

                    return(View("UnverifiablePackage"));
                }
            }

            var model = new VerifyPackageRequest
            {
                Id         = packageMetadata.Id,
                Version    = packageMetadata.Version.ToNormalizedStringSafe(),
                LicenseUrl = packageMetadata.LicenseUrl.ToEncodedUrlStringOrNull(),
                Listed     = true,
                Edit       = new EditPackageVersionRequest
                {
                    Authors      = packageMetadata.Authors.Flatten(),
                    Copyright    = packageMetadata.Copyright,
                    Description  = packageMetadata.Description,
                    IconUrl      = packageMetadata.IconUrl.ToEncodedUrlStringOrNull(),
                    LicenseUrl   = packageMetadata.LicenseUrl.ToEncodedUrlStringOrNull(),
                    ProjectUrl   = packageMetadata.ProjectUrl.ToEncodedUrlStringOrNull(),
                    ReleaseNotes = packageMetadata.ReleaseNotes,
                    RequiresLicenseAcceptance = packageMetadata.RequireLicenseAcceptance,
                    Summary      = packageMetadata.Summary,
                    Tags         = PackageHelper.ParseTags(packageMetadata.Tags),
                    VersionTitle = packageMetadata.Title,
                }
            };

            return(View(model));
        }
        [ValidateInput(false)] // Security note: Disabling ASP.Net input validation which does things like disallow angle brackets in submissions. See http://go.microsoft.com/fwlink/?LinkID=212874
        public virtual async Task<ActionResult> VerifyPackage(VerifyPackageRequest formData)
        {
            var currentUser = GetCurrentUser();

            Package package;
            using (Stream uploadFile = await _uploadFileService.GetUploadFileAsync(currentUser.Key))
            {
                if (uploadFile == null)
                {
                    TempData["Message"] = "Your attempt to verify the package submission failed, because we could not find the uploaded package file. Please try again.";
                    return new RedirectResult(Url.UploadPackage());
                }

                INupkg nugetPackage = await SafeCreatePackage(currentUser, uploadFile);
                if (nugetPackage == null)
                {
                    // Send the user back
                    return new RedirectResult(Url.UploadPackage());
                }
                Debug.Assert(nugetPackage != null);

                // Rule out problem scenario with multiple tabs - verification request (possibly with edits) was submitted by user
                // viewing a different package to what was actually most recently uploaded
                if (!(String.IsNullOrEmpty(formData.Id) || String.IsNullOrEmpty(formData.Version)))
                {
                    if (!(String.Equals(nugetPackage.Metadata.Id, formData.Id, StringComparison.OrdinalIgnoreCase)
                        && String.Equals(nugetPackage.Metadata.Version.ToNormalizedString(), formData.Version, StringComparison.OrdinalIgnoreCase)))
                    {
                        TempData["Message"] = "Your attempt to verify the package submission failed, because the package file appears to have changed. Please try again.";
                        return new RedirectResult(Url.VerifyPackage());
                    }
                }

                bool pendEdit = false;
                if (formData.Edit != null)
                {
                    pendEdit = pendEdit || formData.Edit.RequiresLicenseAcceptance != nugetPackage.Metadata.RequireLicenseAcceptance;

                    pendEdit = pendEdit || IsDifferent(formData.Edit.IconUrl, nugetPackage.Metadata.IconUrl.ToEncodedUrlStringOrNull());
                    pendEdit = pendEdit || IsDifferent(formData.Edit.ProjectUrl, nugetPackage.Metadata.ProjectUrl.ToEncodedUrlStringOrNull());

                    pendEdit = pendEdit || IsDifferent(formData.Edit.Authors, nugetPackage.Metadata.Authors.Flatten());
                    pendEdit = pendEdit || IsDifferent(formData.Edit.Copyright, nugetPackage.Metadata.Copyright);
                    pendEdit = pendEdit || IsDifferent(formData.Edit.Description, nugetPackage.Metadata.Description);
                    pendEdit = pendEdit || IsDifferent(formData.Edit.ReleaseNotes, nugetPackage.Metadata.ReleaseNotes);
                    pendEdit = pendEdit || IsDifferent(formData.Edit.Summary, nugetPackage.Metadata.Summary);
                    pendEdit = pendEdit || IsDifferent(formData.Edit.Tags, nugetPackage.Metadata.Tags);
                    pendEdit = pendEdit || IsDifferent(formData.Edit.VersionTitle, nugetPackage.Metadata.Title);
                }

                // update relevant database tables
                package = _packageService.CreatePackage(nugetPackage, currentUser, commitChanges: false);
                Debug.Assert(package.PackageRegistration != null);

                _packageService.PublishPackage(package, commitChanges: false);

                if (pendEdit)
                {
                    // Add the edit request to a queue where it will be processed in the background.
                    _editPackageService.StartEditPackageRequest(package, formData.Edit, currentUser);
                }

                if (!formData.Listed)
                {
                    _packageService.MarkPackageUnlisted(package, commitChanges: false);
                }

                _autoCuratedPackageCmd.Execute(package, nugetPackage, commitChanges: false);

                // save package to blob storage
                uploadFile.Position = 0;
                await _packageFileService.SavePackageFileAsync(package, uploadFile);

                // commit all changes to database as an atomic transaction
                _entitiesContext.SaveChanges();

                // tell Lucene to update index for the new package
                _indexingService.UpdateIndex();
            }

            // delete the uploaded binary in the Uploads container
            await _uploadFileService.DeleteUploadFileAsync(currentUser.Key);

            TempData["Message"] = String.Format(
                CultureInfo.CurrentCulture, Strings.SuccessfullyUploadedPackage, package.PackageRegistration.Id, package.Version);

            return RedirectToRoute(RouteName.DisplayPackage, new { package.PackageRegistration.Id, package.Version });
        }
        public virtual async Task<ActionResult> VerifyPackage()
        {
            var currentUser = GetCurrentUser();

            IPackageMetadata packageMetadata;
            using (Stream uploadFile = await _uploadFileService.GetUploadFileAsync(currentUser.Key))
            {
                if (uploadFile == null)
                {
                    return RedirectToRoute(RouteName.UploadPackage);
                }

                using (INupkg package = await SafeCreatePackage(currentUser, uploadFile))
                {
                    if (package == null)
                    {
                        return Redirect(Url.UploadPackage());
                    }
                    packageMetadata = package.Metadata;
                }
            }

            var model = new VerifyPackageRequest
            {
                Id = packageMetadata.Id,
                Version = packageMetadata.Version.ToNormalizedStringSafe(),
                LicenseUrl = packageMetadata.LicenseUrl.ToEncodedUrlStringOrNull(),
                Listed = true,
                Edit = new EditPackageVersionRequest
                {
                    Authors = packageMetadata.Authors.Flatten(),
                    Copyright = packageMetadata.Copyright,
                    Description = packageMetadata.Description,
                    IconUrl = packageMetadata.IconUrl.ToEncodedUrlStringOrNull(),
                    LicenseUrl = packageMetadata.LicenseUrl.ToEncodedUrlStringOrNull(),
                    ProjectUrl = packageMetadata.ProjectUrl.ToEncodedUrlStringOrNull(),
                    ReleaseNotes = packageMetadata.ReleaseNotes,
                    RequiresLicenseAcceptance = packageMetadata.RequireLicenseAcceptance,
                    Summary = packageMetadata.Summary,
                    Tags = PackageHelper.ParseTags(packageMetadata.Tags),
                    VersionTitle = packageMetadata.Title,
                }
            };
            return View(model);
        }
Example #5
0
        [ValidateInput(false)] // Security note: Disabling ASP.Net input validation which does things like disallow angle brackets in submissions. See http://go.microsoft.com/fwlink/?LinkID=212874
        public virtual async Task <ActionResult> VerifyPackage(VerifyPackageRequest formData)
        {
            var currentUser = GetCurrentUser();

            Package package;

            using (Stream uploadFile = await _uploadFileService.GetUploadFileAsync(currentUser.Key))
            {
                if (uploadFile == null)
                {
                    TempData["Message"] = "Your attempt to verify the package submission failed, because we could not find the uploaded package file. Please try again.";
                    return(new RedirectResult(Url.UploadPackage()));
                }

                INupkg nugetPackage = await SafeCreatePackage(currentUser, uploadFile);

                if (nugetPackage == null)
                {
                    // Send the user back
                    return(new RedirectResult(Url.UploadPackage()));
                }
                Debug.Assert(nugetPackage != null);

                // Rule out problem scenario with multiple tabs - verification request (possibly with edits) was submitted by user
                // viewing a different package to what was actually most recently uploaded
                if (!(String.IsNullOrEmpty(formData.Id) || String.IsNullOrEmpty(formData.Version)))
                {
                    if (!(String.Equals(nugetPackage.Metadata.Id, formData.Id, StringComparison.OrdinalIgnoreCase) &&
                          String.Equals(nugetPackage.Metadata.Version.ToNormalizedString(), formData.Version, StringComparison.OrdinalIgnoreCase)))
                    {
                        TempData["Message"] = "Your attempt to verify the package submission failed, because the package file appears to have changed. Please try again.";
                        return(new RedirectResult(Url.VerifyPackage()));
                    }
                }

                bool pendEdit = false;
                if (formData.Edit != null)
                {
                    pendEdit = pendEdit || formData.Edit.RequiresLicenseAcceptance != nugetPackage.Metadata.RequireLicenseAcceptance;

                    pendEdit = pendEdit || IsDifferent(formData.Edit.IconUrl, nugetPackage.Metadata.IconUrl.ToEncodedUrlStringOrNull());
                    pendEdit = pendEdit || IsDifferent(formData.Edit.ProjectUrl, nugetPackage.Metadata.ProjectUrl.ToEncodedUrlStringOrNull());

                    pendEdit = pendEdit || IsDifferent(formData.Edit.Authors, nugetPackage.Metadata.Authors.Flatten());
                    pendEdit = pendEdit || IsDifferent(formData.Edit.Copyright, nugetPackage.Metadata.Copyright);
                    pendEdit = pendEdit || IsDifferent(formData.Edit.Description, nugetPackage.Metadata.Description);
                    pendEdit = pendEdit || IsDifferent(formData.Edit.ReleaseNotes, nugetPackage.Metadata.ReleaseNotes);
                    pendEdit = pendEdit || IsDifferent(formData.Edit.Summary, nugetPackage.Metadata.Summary);
                    pendEdit = pendEdit || IsDifferent(formData.Edit.Tags, nugetPackage.Metadata.Tags);
                    pendEdit = pendEdit || IsDifferent(formData.Edit.VersionTitle, nugetPackage.Metadata.Title);
                }

                // update relevant database tables
                package = _packageService.CreatePackage(nugetPackage, currentUser, commitChanges: false);
                Debug.Assert(package.PackageRegistration != null);

                _packageService.PublishPackage(package, commitChanges: false);

                if (pendEdit)
                {
                    // Add the edit request to a queue where it will be processed in the background.
                    _editPackageService.StartEditPackageRequest(package, formData.Edit, currentUser);
                }

                if (!formData.Listed)
                {
                    _packageService.MarkPackageUnlisted(package, commitChanges: false);
                }

                _autoCuratedPackageCmd.Execute(package, nugetPackage, commitChanges: false);

                // save package to blob storage
                uploadFile.Position = 0;
                await _packageFileService.SavePackageFileAsync(package, uploadFile);

                // commit all changes to database as an atomic transaction
                _entitiesContext.SaveChanges();

                // tell Lucene to update index for the new package
                _indexingService.UpdateIndex();
            }

            // delete the uploaded binary in the Uploads container
            await _uploadFileService.DeleteUploadFileAsync(currentUser.Key);

            TempData["Message"] = String.Format(
                CultureInfo.CurrentCulture, Strings.SuccessfullyUploadedPackage, package.PackageRegistration.Id, package.Version);

            return(RedirectToRoute(RouteName.DisplayPackage, new { package.PackageRegistration.Id, package.Version }));
        }
        public virtual async Task<ActionResult> VerifyPackage()
        {
            var currentUser = GetCurrentUser();

            IPackageMetadata packageMetadata;
            using (Stream uploadFile = await _uploadFileService.GetUploadFileAsync(currentUser.Key))
            {
                if (uploadFile == null)
                {
                    return RedirectToRoute(RouteName.UploadPackage);
                }

                try
                {
                    using (INupkg package = CreatePackage(uploadFile))
                    {
                        packageMetadata = package.Metadata;
                    }
                }
                catch (InvalidDataException e)
                {
                    // Log the exception in case we get support requests about it.
                    QuietLog.LogHandledException(e);

                    return View("UnverifiablePackage");
                }
            }

            var model = new VerifyPackageRequest
            {
                Id = packageMetadata.Id,
                Version = packageMetadata.Version.ToNormalizedStringSafe(),
                LicenseUrl = packageMetadata.LicenseUrl.ToEncodedUrlStringOrNull(),
                Listed = true,
                Edit = new EditPackageVersionRequest
                {
                    Authors = packageMetadata.Authors.Flatten(),
                    Copyright = packageMetadata.Copyright,
                    Description = packageMetadata.Description,
                    IconUrl = packageMetadata.IconUrl.ToEncodedUrlStringOrNull(),
                    LicenseUrl = packageMetadata.LicenseUrl.ToEncodedUrlStringOrNull(),
                    ProjectUrl = packageMetadata.ProjectUrl.ToEncodedUrlStringOrNull(),
                    ReleaseNotes = packageMetadata.ReleaseNotes,
                    RequiresLicenseAcceptance = packageMetadata.RequireLicenseAcceptance,
                    Summary = packageMetadata.Summary,
                    Tags = PackageHelper.ParseTags(packageMetadata.Tags),
                    VersionTitle = packageMetadata.Title,
                }
            };
            return View(model);
        }
        [ValidateInput(false)] // Security note: Disabling ASP.Net input validation which does things like disallow angle brackets in submissions. See http://go.microsoft.com/fwlink/?LinkID=212874
        public virtual async Task<ActionResult> VerifyPackage(VerifyPackageRequest formData)
        {
            var currentUser = GetCurrentUser();

            Package package;
            using (Stream uploadFile = await _uploadFileService.GetUploadFileAsync(currentUser.Key))
            {
                if (uploadFile == null)
                {
                    TempData["Message"] = "Your attempt to verify the package submission failed, because we could not find the uploaded package file. Please try again.";
                    return new RedirectResult(Url.UploadPackage());
                }

                var nugetPackage = await SafeCreatePackage(currentUser, uploadFile);
                if (nugetPackage == null)
                {
                    // Send the user back
                    return new RedirectResult(Url.UploadPackage());
                }
                Debug.Assert(nugetPackage != null);

                var packageMetadata = PackageMetadata.FromNuspecReader(
                    nugetPackage.GetNuspecReader());

                // Rule out problem scenario with multiple tabs - verification request (possibly with edits) was submitted by user
                // viewing a different package to what was actually most recently uploaded
                if (!(String.IsNullOrEmpty(formData.Id) || String.IsNullOrEmpty(formData.Version)))
                {
                    if (!(String.Equals(packageMetadata.Id, formData.Id, StringComparison.OrdinalIgnoreCase)
                        && String.Equals(packageMetadata.Version.ToNormalizedString(), formData.Version, StringComparison.OrdinalIgnoreCase)))
                    {
                        TempData["Message"] = "Your attempt to verify the package submission failed, because the package file appears to have changed. Please try again.";
                        return new RedirectResult(Url.VerifyPackage());
                    }
                }

                bool pendEdit = false;
                if (formData.Edit != null)
                {
                    pendEdit = pendEdit || formData.Edit.RequiresLicenseAcceptance != packageMetadata.RequireLicenseAcceptance;

                    pendEdit = pendEdit || IsDifferent(formData.Edit.IconUrl, packageMetadata.IconUrl.ToEncodedUrlStringOrNull());
                    pendEdit = pendEdit || IsDifferent(formData.Edit.ProjectUrl, packageMetadata.ProjectUrl.ToEncodedUrlStringOrNull());

                    pendEdit = pendEdit || IsDifferent(formData.Edit.Authors, packageMetadata.Authors.Flatten());
                    pendEdit = pendEdit || IsDifferent(formData.Edit.Copyright, packageMetadata.Copyright);
                    pendEdit = pendEdit || IsDifferent(formData.Edit.Description, packageMetadata.Description);
                    pendEdit = pendEdit || IsDifferent(formData.Edit.ReleaseNotes, packageMetadata.ReleaseNotes);
                    pendEdit = pendEdit || IsDifferent(formData.Edit.Summary, packageMetadata.Summary);
                    pendEdit = pendEdit || IsDifferent(formData.Edit.Tags, packageMetadata.Tags);
                    pendEdit = pendEdit || IsDifferent(formData.Edit.VersionTitle, packageMetadata.Title);
                }

                var packageStreamMetadata = new PackageStreamMetadata
                {
                    HashAlgorithm = Constants.Sha512HashAlgorithmId,
                    Hash = CryptographyService.GenerateHash(uploadFile.AsSeekableStream()),
                    Size = uploadFile.Length,
                };

                // update relevant database tables
                try
                {
                    package = await _packageService.CreatePackageAsync(nugetPackage, packageStreamMetadata, currentUser, commitChanges: false);
                    Debug.Assert(package.PackageRegistration != null);
                }
                catch (EntityException ex)
                {
                    TempData["Message"] = ex.Message;
                    return Redirect(Url.UploadPackage());
                }

                await _packageService.PublishPackageAsync(package, commitChanges: false);

                if (pendEdit)
                {
                    // Add the edit request to a queue where it will be processed in the background.
                    _editPackageService.StartEditPackageRequest(package, formData.Edit, currentUser);
                }

                if (!formData.Listed)
                {
                    await _packageService.MarkPackageUnlistedAsync(package, commitChanges: false);
                }

                await _autoCuratedPackageCmd.ExecuteAsync(package, nugetPackage, commitChanges: false);

                // save package to blob storage
                uploadFile.Position = 0;
                await _packageFileService.SavePackageFileAsync(package, uploadFile.AsSeekableStream());

                // commit all changes to database as an atomic transaction
                await _entitiesContext.SaveChangesAsync();

                // tell Lucene to update index for the new package
                _indexingService.UpdateIndex();

                // write an audit record
                await _auditingService.SaveAuditRecord(
                    new PackageAuditRecord(package, AuditedPackageAction.Create, PackageCreatedVia.Web));

                // notify user
                _messageService.SendPackageAddedNotice(package,
                    Url.Action("DisplayPackage", "Packages", routeValues: new { id = package.PackageRegistration.Id, version = package.Version }, protocol: Request.Url.Scheme),
                    Url.Action("ReportMyPackage", "Packages", routeValues: new { id = package.PackageRegistration.Id, version = package.Version }, protocol: Request.Url.Scheme),
                    Url.Action("Account", "Users", routeValues: null, protocol: Request.Url.Scheme));
            }

            // delete the uploaded binary in the Uploads container
            await _uploadFileService.DeleteUploadFileAsync(currentUser.Key);

            TempData["Message"] = String.Format(
                CultureInfo.CurrentCulture, Strings.SuccessfullyUploadedPackage, package.PackageRegistration.Id, package.Version);

            return RedirectToRoute(RouteName.DisplayPackage, new { package.PackageRegistration.Id, package.Version });
        }
        public virtual async Task<ActionResult> VerifyPackage()
        {
            var currentUser = GetCurrentUser();

            PackageMetadata packageMetadata;
            using (Stream uploadFile = await _uploadFileService.GetUploadFileAsync(currentUser.Key))
            {
                if (uploadFile == null)
                {
                    return RedirectToRoute(RouteName.UploadPackage);
                }

                var package = await SafeCreatePackage(currentUser, uploadFile);
                if (package == null)
                {
                    return Redirect(Url.UploadPackage());
                }

                try
                {
                    packageMetadata = PackageMetadata.FromNuspecReader(
                        package.GetNuspecReader());
                }
                catch (Exception ex)
                {
                    TempData["Message"] = ex.GetUserSafeMessage();
                    return Redirect(Url.UploadPackage());
                }
            }

            var model = new VerifyPackageRequest
            {
                Id = packageMetadata.Id,
                Version = packageMetadata.Version.ToNormalizedStringSafe(),
                LicenseUrl = packageMetadata.LicenseUrl.ToEncodedUrlStringOrNull(),
                Listed = true,
                Language = packageMetadata.Language,
                MinClientVersion = packageMetadata.MinClientVersion,
                FrameworkReferenceGroups = packageMetadata.GetFrameworkReferenceGroups(),
                Dependencies = new DependencySetsViewModel(
                    packageMetadata.GetDependencyGroups().AsPackageDependencyEnumerable()),
                DevelopmentDependency = packageMetadata.GetValueFromMetadata("developmentDependency"),
                Edit = new EditPackageVersionRequest
                {
                    Authors = packageMetadata.Authors.Flatten(),
                    Copyright = packageMetadata.Copyright,
                    Description = packageMetadata.Description,
                    IconUrl = packageMetadata.IconUrl.ToEncodedUrlStringOrNull(),
                    LicenseUrl = packageMetadata.LicenseUrl.ToEncodedUrlStringOrNull(),
                    ProjectUrl = packageMetadata.ProjectUrl.ToEncodedUrlStringOrNull(),
                    ReleaseNotes = packageMetadata.ReleaseNotes,
                    RequiresLicenseAcceptance = packageMetadata.RequireLicenseAcceptance,
                    Summary = packageMetadata.Summary,
                    Tags = PackageHelper.ParseTags(packageMetadata.Tags),
                    VersionTitle = packageMetadata.Title,
                }
            };

            return View(model);
        }