public virtual async Task <AuthenticatedUser> Authenticate(string userNameOrEmail, string password)
{
using (_trace.Activity("Authenticate:" + userNameOrEmail))
{
var user = FindByUserNameOrEmail(userNameOrEmail);
// Check if the user exists
if (user == null)
{
_trace.Information("No such user: "******"Password validation failed: " + userNameOrEmail);
return(null);
}
var passwordCredentials = user
.Credentials
.Where(c => c.Type.StartsWith(CredentialTypes.Password.Prefix, StringComparison.OrdinalIgnoreCase))
.ToList();
if (passwordCredentials.Count > 1 || !passwordCredentials.Any(c => String.Equals(c.Type, CredentialTypes.Password.Pbkdf2, StringComparison.OrdinalIgnoreCase)))
{
await MigrateCredentials(user, passwordCredentials, password);
}
// Return the result
_trace.Verbose("Successfully authenticated '" + user.Username + "' with '" + matched.Type + "' credential");
return(new AuthenticatedUser(user, matched));
}
}
public async Task <PackageStatus> StartValidationAsync(Package package)
{
if (_appConfiguration.ReadOnlyMode)
{
throw new ReadOnlyModeException(Strings.CannotEnqueueDueToReadOnly);
}
var data = new PackageValidationMessageData(
package.PackageRegistration.Id,
package.Version,
Guid.NewGuid());
var activityName = $"Enqueuing asynchronous package validation: " +
$"{data.PackageId} {data.PackageVersion} ({data.ValidationTrackingId})";
using (_diagnosticsSource.Activity(activityName))
{
await _enqueuer.StartValidationAsync(data);
}
if (_appConfiguration.BlockingAsynchronousPackageValidationEnabled)
{
return(PackageStatus.Validating);
}
return(PackageStatus.Available);
}
public async Task <PackageStatus> StartValidationAsync(TPackageEntity package)
{
var validatingType = ValidateAndGetType(package);
var entityKey = package.Key == default(int) ? (int?)null : package.Key;
var data = PackageValidationMessageData.NewProcessValidationSet(
package.Id,
package.Version,
Guid.NewGuid(),
validatingType,
entityKey: entityKey);
var activityName = $"Enqueuing asynchronous package validation: " +
$"{data.ProcessValidationSet.PackageId} {data.ProcessValidationSet.PackageVersion} " +
$"{data.ProcessValidationSet.ValidatingType} ({data.ProcessValidationSet.ValidationTrackingId})";
using (_diagnosticsSource.Activity(activityName))
{
var postponeProcessingTill = DateTimeOffset.UtcNow + _appConfiguration.AsynchronousPackageValidationDelay;
await _validationEnqueuer.SendMessageAsync(data, postponeProcessingTill);
}
return(TargetPackageStatus);
}
public async Task <PackageStatus> StartValidationAsync(TPackageEntity package)
{
if (_appConfiguration.ReadOnlyMode)
{
throw new ReadOnlyModeException(Strings.CannotEnqueueDueToReadOnly);
}
ValidatingType validatingType;
var entityKey = package.Key == default(int) ? (int?)null : package.Key;
if (package is Package)
{
validatingType = ValidatingType.Package;
}
else if (package is SymbolPackage)
{
validatingType = ValidatingType.SymbolPackage;
}
else
{
throw new ArgumentException($"Unknown IPackageEntity type: {nameof(package)}");
}
var data = new PackageValidationMessageData(
package.Id,
package.Version,
Guid.NewGuid(),
validatingType,
entityKey: entityKey);
var activityName = $"Enqueuing asynchronous package validation: " +
$"{data.PackageId} {data.PackageVersion} {data.ValidatingType} ({data.ValidationTrackingId})";
using (_diagnosticsSource.Activity(activityName))
{
var postponeProcessingTill = DateTimeOffset.UtcNow + _appConfiguration.AsynchronousPackageValidationDelay;
await _validationEnqueuer.StartValidationAsync(data, postponeProcessingTill);
}
if (_appConfiguration.BlockingAsynchronousPackageValidationEnabled)
{
return(PackageStatus.Validating);
}
return(PackageStatus.Available);
}
public async Task <PackageStatus> StartValidationAsync(Package package)
{
if (_appConfiguration.ReadOnlyMode)
{
throw new ReadOnlyModeException(Strings.CannotEnqueueDueToReadOnly);
}
var data = new PackageValidationMessageData(
package.PackageRegistration.Id,
package.Version,
Guid.NewGuid());
var activityName = $"Enqueuing asynchronous package validation: " +
$"{data.PackageId} {data.PackageVersion} ({data.ValidationTrackingId})";
using (_diagnosticsSource.Activity(activityName))
{
await _enqueuer.StartValidationAsync(data);
}
// For now, don't require asynchronous validation before the package is available for consumption.
// Related: https://github.com/NuGet/NuGetGallery/issues/4744
return(PackageStatus.Available);
}
public virtual async Task <PasswordAuthenticationResult> Authenticate(string userNameOrEmail, string password)
{
using (_trace.Activity("Authenticate"))
{
var user = FindByUserNameOrEmail(userNameOrEmail);
// Check if the user exists
if (user == null)
{
_trace.Information("No such user.");
await Auditing.SaveAuditRecordAsync(
new FailedAuthenticatedOperationAuditRecord(
userNameOrEmail, AuditedAuthenticatedOperationAction.FailedLoginNoSuchUser));
return(new PasswordAuthenticationResult(PasswordAuthenticationResult.AuthenticationResult.BadCredentials));
}
if (user is Organization)
{
_trace.Information("Cannot authenticate organization account.");
await Auditing.SaveAuditRecordAsync(
new FailedAuthenticatedOperationAuditRecord(
userNameOrEmail, AuditedAuthenticatedOperationAction.FailedLoginUserIsOrganization));
return(new PasswordAuthenticationResult(PasswordAuthenticationResult.AuthenticationResult.BadCredentials));
}
int remainingMinutes;
if (IsAccountLocked(user, out remainingMinutes))
{
_trace.Information($"Login failed. User account is locked for the next {remainingMinutes} minutes.");
return(new PasswordAuthenticationResult(PasswordAuthenticationResult.AuthenticationResult.AccountLocked,
authenticatedUser: null, lockTimeRemainingMinutes: remainingMinutes));
}
// Validate the password
Credential matched;
if (!ValidatePasswordCredential(user.Credentials, password, out matched))
{
_trace.Information("Password validation failed.");
await UpdateFailedLoginAttempt(user);
await Auditing.SaveAuditRecordAsync(
new FailedAuthenticatedOperationAuditRecord(
userNameOrEmail, AuditedAuthenticatedOperationAction.FailedLoginInvalidPassword));
return(new PasswordAuthenticationResult(PasswordAuthenticationResult.AuthenticationResult.BadCredentials));
}
var passwordCredentials = user
.Credentials
.Where(c => c.IsPassword())
.ToList();
if (passwordCredentials.Count > 1 ||
!passwordCredentials.Any(c => string.Equals(c.Type, CredentialBuilder.LatestPasswordType, StringComparison.OrdinalIgnoreCase)))
{
await MigrateCredentials(user, passwordCredentials, password);
}
// Reset failed login count upon successful login
await UpdateSuccessfulLoginAttempt(user);
// Return the result
_trace.Verbose("User successfully authenticated with '" + matched.Type + "' credential");
return(new PasswordAuthenticationResult(PasswordAuthenticationResult.AuthenticationResult.Success, new AuthenticatedUser(user, matched)));
}
}
public virtual async Task <PasswordAuthenticationResult> Authenticate(string userNameOrEmail, string password)
{
using (_trace.Activity("Authenticate:" + userNameOrEmail))
{
var user = FindByUserNameOrEmail(userNameOrEmail);
// Check if the user exists
if (user == null)
{
var ldapUser = this.Ldap.ValidateUsernameAndPassword(userNameOrEmail, password);
if (ldapUser != null)
{
_trace.Information($"Creating user from LDAP credentials: {userNameOrEmail}");
var ldapCredential = _credentialBuilder.CreateExternalCredential(AuthenticationTypes.LdapUser, ldapUser.Username, ldapUser.Identity);
var authUser = await this.Register(ldapUser.Username, ldapUser.Email, ldapCredential);
return(new PasswordAuthenticationResult(PasswordAuthenticationResult.AuthenticationResult.Success, authUser));
}
_trace.Information("No such user: "******"Login failed. User account {userNameOrEmail} is locked for the next {remainingMinutes} minutes.");
return(new PasswordAuthenticationResult(PasswordAuthenticationResult.AuthenticationResult.AccountLocked,
authenticatedUser: null, lockTimeRemainingMinutes: remainingMinutes));
}
// Validate the password
Credential matched;
if (!ValidatePasswordCredential(user.Credentials, password, out matched))
{
var isValid = this.Ldap.ValidateCredentials(user.Credentials, password, out matched);
if (isValid)
{
_trace.Verbose($"Successfully authenticated '{user.Username}' with '{matched.Type}' credential");
return(new PasswordAuthenticationResult(PasswordAuthenticationResult.AuthenticationResult.Success, new AuthenticatedUser(user, matched)));
}
_trace.Information($"Password validation failed: {userNameOrEmail}");
await UpdateFailedLoginAttempt(user);
await Auditing.SaveAuditRecordAsync(
new FailedAuthenticatedOperationAuditRecord(
userNameOrEmail, AuditedAuthenticatedOperationAction.FailedLoginInvalidPassword));
return(new PasswordAuthenticationResult(PasswordAuthenticationResult.AuthenticationResult.BadCredentials));
}
var passwordCredentials = user
.Credentials
.Where(c => CredentialTypes.IsPassword(c.Type))
.ToList();
if (passwordCredentials.Count > 1 ||
!passwordCredentials.Any(c => string.Equals(c.Type, CredentialBuilder.LatestPasswordType, StringComparison.OrdinalIgnoreCase)))
{
await MigrateCredentials(user, passwordCredentials, password);
}
// Reset failed login count upon successful login
await UpdateSuccessfulLoginAttempt(user);
// Return the result
_trace.Verbose("Successfully authenticated '" + user.Username + "' with '" + matched.Type + "' credential");
return(new PasswordAuthenticationResult(PasswordAuthenticationResult.AuthenticationResult.Success, new AuthenticatedUser(user, matched)));
}
}
