public async Task Evaluate_CompliantPackage_AddsRequiredCoOwner()
{
// Arrange
var subscription = new MicrosoftTeamSubscription();
var policyHandler = new RequirePackageMetadataCompliancePolicy();
var nugetUser = new User("NuGet");
var newPackageRegistration = new PackageRegistration {
Id = "NewPackageId", Owners = new List <User> {
nugetUser
}
};
var newMicrosoftCompliantPackage = Fakes.CreateCompliantPackage("1.0", newPackageRegistration);
var packageOwnershipManagementService = new Mock <IPackageOwnershipManagementService>();
packageOwnershipManagementService.Setup(m => m.AddPackageOwnerAsync(newPackageRegistration, It.IsAny <User>(), false)).Returns(Task.CompletedTask);
var context = CreateTestContext(
true,
subscription.Policies,
newMicrosoftCompliantPackage,
packageRegistrationAlreadyExists: false,
packageOwnershipManagementService: packageOwnershipManagementService.Object,
sourceAccount: nugetUser,
targetAccount: nugetUser);
// Act
var result = await policyHandler.EvaluateAsync(context);
// Assert
Assert.True(result.Success);
packageOwnershipManagementService.Verify(s => s.AddPackageOwnerAsync(newPackageRegistration, Fakes.RequiredCoOwner, false), Times.Once);
}
public async Task Evaluate_NonCompliantPackage_CreatesErrorResult(Package nonCompliantPackage)
{
// Arrange
var subscription = new MicrosoftTeamSubscription();
var policyHandler = new RequirePackageMetadataCompliancePolicy();
var nugetUser = new User("NuGet");
var newPackageRegistration = new PackageRegistration {
Id = "NewPackageId", Owners = new List <User> {
nugetUser
}
};
var context = CreateTestContext(
true,
subscription.Policies,
nonCompliantPackage,
packageRegistrationAlreadyExists: false,
sourceAccount: nugetUser,
targetAccount: nugetUser);
// Act
var result = await policyHandler.EvaluateAsync(context);
// Assert
Assert.False(result.Success);
Assert.Null(newPackageRegistration.Owners.SingleOrDefault(u => u.Username == MicrosoftTeamSubscription.MicrosoftUsername));
Assert.False(newPackageRegistration.IsVerified);
}
public void Evaluate_ThrowsForNullArgument()
{
// Arrange
var policyHandler = new RequirePackageMetadataCompliancePolicy();
// Act
// Assert
Assert.ThrowsAsync <ArgumentNullException>(() => policyHandler.EvaluateAsync(null));
}
public void Constructor_DefaultsToPackagePushSecurityPolicyAction()
{
// Arrange
// Act
var policyHandler = new RequirePackageMetadataCompliancePolicy();
// Assert
Assert.Equal(SecurityPolicyAction.PackagePush, policyHandler.Action);
}
private static List <UserSecurityPolicy> InitializePoliciesList()
{
return(new List <UserSecurityPolicy>()
{
RequirePackageMetadataCompliancePolicy.CreatePolicy(
Name,
MicrosoftUsername,
allowedCopyrightNotices: AllowedCopyrightNotices,
isLicenseUrlRequired: true,
isProjectUrlRequired: true,
errorMessageFormat: Strings.SecurityPolicy_RequireMicrosoftPackageMetadataComplianceForPush)
});
}
public async Task Evaluate_SilentlySucceedsWhenRequiredCoOwnerDoesNotExist()
{
// Arrange
var subscription = new MicrosoftTeamSubscription();
var policyHandler = new RequirePackageMetadataCompliancePolicy();
var fakes = new Fakes();
var context = CreateTestContext(false, subscription.Policies, fakes.NewPackageVersion, packageRegistrationAlreadyExists: false);
// Act
var result = await policyHandler.EvaluateAsync(context);
// Assert
Assert.Equal(SecurityPolicyResult.SuccessResult, result);
}
public async Task Evaluate_DoesNotCommitChangesToEntityContext()
{
// Arrange
var subscription = new MicrosoftTeamSubscription();
var policyHandler = new RequirePackageMetadataCompliancePolicy();
var nugetUser = new User("NuGet");
var newPackageRegistration = new PackageRegistration {
Id = "NewPackageId", Owners = new List <User> {
nugetUser
}
};
var newMicrosoftCompliantPackage = Fakes.CreateCompliantPackage("1.0", newPackageRegistration);
var packageOwnershipManagementService = new Mock <IPackageOwnershipManagementService>(MockBehavior.Strict);
packageOwnershipManagementService
.Setup(m => m.AddPackageOwnerAsync(newPackageRegistration, It.IsAny <User>(), false /* commitChanges: false */))
.Returns(Task.CompletedTask)
.Verifiable();
var userService = new Mock <IUserService>(MockBehavior.Strict);
userService
.Setup(m => m.FindByUsername(MicrosoftTeamSubscription.MicrosoftUsername, It.IsAny <bool>()))
.Returns(Fakes.RequiredCoOwner)
.Verifiable();
var telemetryService = new Mock <ITelemetryService>().Object;
var context = new PackageSecurityPolicyEvaluationContext(
userService.Object,
packageOwnershipManagementService.Object,
telemetryService,
subscription.Policies,
newMicrosoftCompliantPackage,
sourceAccount: nugetUser,
targetAccount: nugetUser,
httpContext: It.IsAny <HttpContextBase>());
// Act
var result = await policyHandler.EvaluateAsync(context);
// Assert
packageOwnershipManagementService.VerifyAll();
userService.VerifyAll();
}
public async Task Evaluate_CompliantPackageAuthors_CreatesSuccessResult()
{
// Arrange
var nugetUser = new User("NuGet");
var newPackageRegistration = new PackageRegistration {
Id = "NewPackageId", Owners = new List <User> {
nugetUser
}
};
var packageAuthors = new[] { MicrosoftTeamSubscription.MicrosoftUsername, "The Most-Awesome Package Authors" };
var compliantPackage = Fakes.CreateCompliantPackage("1.0.0", newPackageRegistration, packageAuthors);
var policy = RequirePackageMetadataCompliancePolicy.CreatePolicy(
MicrosoftTeamSubscription.Name,
MicrosoftTeamSubscription.MicrosoftUsername,
allowedCopyrightNotices: MicrosoftTeamSubscription.AllowedCopyrightNotices,
allowedAuthors: packageAuthors,
isLicenseUrlRequired: true,
isProjectUrlRequired: true,
errorMessageFormat: Strings.SecurityPolicy_RequireMicrosoftPackageMetadataComplianceForPush);
var policyHandler = new RequirePackageMetadataCompliancePolicy();
var packageOwnershipManagementService = new Mock <IPackageOwnershipManagementService>();
packageOwnershipManagementService.Setup(m => m.AddPackageOwnerAsync(newPackageRegistration, It.IsAny <User>(), false)).Returns(Task.CompletedTask);
var context = CreateTestContext(
true,
new[] { policy },
compliantPackage,
packageRegistrationAlreadyExists: false,
sourceAccount: nugetUser,
targetAccount: nugetUser,
packageOwnershipManagementService: packageOwnershipManagementService.Object);
// Act
var result = await policyHandler.EvaluateAsync(context);
// Assert
Assert.True(result.Success);
packageOwnershipManagementService.Verify(s => s.AddPackageOwnerAsync(newPackageRegistration, Fakes.RequiredCoOwner, false), Times.Once);
}
public async Task Evaluate_CompliantPackage_CreatesWarningResultWhenPrefixReservationForNewIdIsMissing()
{
// Arrange
var subscription = new MicrosoftTeamSubscription();
var policyHandler = new RequirePackageMetadataCompliancePolicy();
var nugetUser = new User("NuGet");
var newPackageRegistration = new PackageRegistration {
Id = "NewPackageId", Owners = new List <User> {
nugetUser
}
};
var newMicrosoftCompliantPackage = Fakes.CreateCompliantPackage("1.0", newPackageRegistration);
var packageOwnershipManagementService = new Mock <IPackageOwnershipManagementService>();
packageOwnershipManagementService.Setup(m => m.AddPackageOwnerAsync(newPackageRegistration, It.IsAny <User>(), false)).Returns(Task.CompletedTask);
var context = CreateTestContext(
true,
subscription.Policies,
newMicrosoftCompliantPackage,
packageRegistrationAlreadyExists: false,
packageOwnershipManagementService: packageOwnershipManagementService.Object,
sourceAccount: nugetUser,
targetAccount: nugetUser);
// Act
var result = await policyHandler.EvaluateAsync(context);
// Assert
Assert.True(result.Success);
Assert.Null(result.ErrorMessage);
Assert.True(result.HasWarnings);
Assert.NotEmpty(result.WarningMessages);
Assert.Contains(Strings.SecurityPolicy_RequirePackagePrefixReserved, result.WarningMessages);
Assert.False(newPackageRegistration.IsVerified);
packageOwnershipManagementService.Verify(s => s.AddPackageOwnerAsync(newPackageRegistration, Fakes.RequiredCoOwner, false), Times.Once);
}
public async Task Evaluate_DuplicatePackageAuthor_CreatesErrorResult()
{
// Arrange
var nugetUser = new User("NuGet");
var newPackageRegistration = new PackageRegistration {
Id = "NewPackageId", Owners = new List <User> {
nugetUser
}
};
var packageAuthors = new[] { MicrosoftTeamSubscription.MicrosoftUsername, MicrosoftTeamSubscription.MicrosoftUsername };
var nonCompliantPackage = Fakes.CreateCompliantPackage("1.0.0", newPackageRegistration, packageAuthors);
var policy = RequirePackageMetadataCompliancePolicy.CreatePolicy(
MicrosoftTeamSubscription.Name,
MicrosoftTeamSubscription.MicrosoftUsername,
allowedCopyrightNotices: MicrosoftTeamSubscription.AllowedCopyrightNotices,
allowedAuthors: new[] { MicrosoftTeamSubscription.MicrosoftUsername },
isLicenseUrlRequired: true,
isProjectUrlRequired: true,
errorMessageFormat: Strings.SecurityPolicy_RequireMicrosoftPackageMetadataComplianceForPush);
var policyHandler = new RequirePackageMetadataCompliancePolicy();
var context = CreateTestContext(
true,
new[] { policy },
nonCompliantPackage,
packageRegistrationAlreadyExists: false,
sourceAccount: nugetUser,
targetAccount: nugetUser);
// Act
var result = await policyHandler.EvaluateAsync(context);
// Assert
Assert.False(result.Success);
Assert.Null(newPackageRegistration.Owners.SingleOrDefault(u => u.Username == MicrosoftTeamSubscription.MicrosoftUsername));
Assert.False(newPackageRegistration.IsVerified);
}
