private SecurityPolicyResult Evaluate(string scopes)
        {
            var identity = AuthenticationService.CreateIdentity(
                new User("testUser"),
                AuthenticationTypes.ApiKey,
                new Claim(NuGetClaims.ApiKey, string.Empty));

            if (!string.IsNullOrEmpty(scopes))
            {
                identity.AddClaim(new Claim(NuGetClaims.Scope, scopes));
            }

            var principal = new Mock <IPrincipal>();

            principal.Setup(p => p.Identity).Returns(identity);

            var httpContext = new Mock <HttpContextBase>();

            httpContext.Setup(c => c.User).Returns(principal.Object);

            var context = new UserSecurityPolicyContext(httpContext.Object,
                                                        new UserSecurityPolicy[] { new UserSecurityPolicy("RequireApiKeyWithPackageVerifyScopePolicy") });

            return(new RequirePackageVerifyScopePolicy().Evaluate(context));
        }
        private SecurityPolicyResult Evaluate(string minClientVersions, string actualClientVersion)
        {
            var headers = new NameValueCollection();

            if (!string.IsNullOrEmpty(actualClientVersion))
            {
                headers[Constants.ClientVersionHeaderName] = actualClientVersion;
            }
            ;

            var httpRequest = new Mock <HttpRequestBase>();

            httpRequest.Setup(r => r.Headers).Returns(headers);

            var httpContext = new Mock <HttpContextBase>();

            httpContext.Setup(c => c.Request).Returns(httpRequest.Object);

            var policies = minClientVersions.Split(',').Select(
                v => CreateMinClientVersionForPushPolicy(v)
                ).ToArray();
            var context = new UserSecurityPolicyContext(httpContext.Object, policies);

            return(new RequireMinClientVersionForPushPolicy().Evaluate(context));
        }
Esempio n. 3
0
        /// <summary>
        /// Get the current client version from the request.
        /// </summary>
        private NuGetVersion GetClientVersion(UserSecurityPolicyContext context)
        {
            var clientVersionString = context.HttpContext.Request?.Headers[Constants.ClientVersionHeaderName];

            NuGetVersion clientVersion;

            return(NuGetVersion.TryParse(clientVersionString, out clientVersion) ? clientVersion : null);
        }
Esempio n. 4
0
        /// <summary>
        /// In case of multiple, select the max of the minimum required client versions.
        /// </summary>
        private NuGetVersion GetMaxOfMinClientVersions(UserSecurityPolicyContext context)
        {
            var policyStates = context.Policies
                               .Where(p => !string.IsNullOrEmpty(p.Value))
                               .Select(p => JsonConvert.DeserializeObject <State>(p.Value));

            return(policyStates.Max(s => s.MinClientVersion));
        }
Esempio n. 5
0
        public override SecurityPolicyResult Evaluate(UserSecurityPolicyContext context)
        {
            if (context == null)
            {
                throw new ArgumentNullException(nameof(context));
            }

            var identity = context.HttpContext.User.Identity;

            if (identity.HasPackageVerifyScopeClaim())
            {
                return(SecurityPolicyResult.SuccessResult);
            }

            return(SecurityPolicyResult.CreateErrorResult(Strings.SecurityPolicy_RequireApiKeyWithPackageVerifyScope));
        }
Esempio n. 6
0
        public override SecurityPolicyResult Evaluate(UserSecurityPolicyContext context)
        {
            if (context == null)
            {
                throw new ArgumentNullException(nameof(context));
            }

            var minClientVersion = GetMaxOfMinClientVersions(context);

            var clientVersion = GetClientVersion(context);

            if (clientVersion == null || clientVersion < minClientVersion)
            {
                return(SecurityPolicyResult.CreateErrorResult(string.Format(CultureInfo.CurrentCulture,
                                                                            Strings.SecurityPolicy_RequireMinClientVersionForPush, minClientVersion)));
            }

            return(SecurityPolicyResult.SuccessResult);
        }
Esempio n. 7
0
 public abstract SecurityPolicyResult Evaluate(UserSecurityPolicyContext context);