private User GetUserByApiKey(string apiKey) { var cred = UserService.AuthenticateCredential(CredentialTypes.ApiKeyV1, apiKey.ToLowerInvariant()); User user; if (cred == null) { #pragma warning disable 0618 user = UserService.FindByApiKey(Guid.Parse(apiKey)); #pragma warning restore 0618 } else { user = cred.User; } return(user); }
public virtual ActionResult VerifyPackageKey(string apiKey, string id, string version) { Guid parsedApiKey; if (!Guid.TryParse(apiKey, out parsedApiKey)) { return(new HttpStatusCodeWithBodyResult( HttpStatusCode.BadRequest, String.Format(CultureInfo.CurrentCulture, Strings.InvalidApiKey, apiKey))); } var user = UserService.FindByApiKey(parsedApiKey); if (user == null) { return(new HttpStatusCodeWithBodyResult( HttpStatusCode.Forbidden, String.Format(CultureInfo.CurrentCulture, Strings.ApiKeyNotAuthorized, "push"))); } if (!String.IsNullOrEmpty(id)) { // If the partialId is present, then verify that the user has permission to push for the specific Id \ version combination. var package = PackageService.FindPackageByIdAndVersion(id, version); if (package == null) { return(new HttpStatusCodeWithBodyResult( HttpStatusCode.NotFound, String.Format(CultureInfo.CurrentCulture, Strings.PackageWithIdAndVersionNotFound, id, version))); } if (!package.IsOwner(user)) { return(new HttpStatusCodeWithBodyResult( HttpStatusCode.Forbidden, String.Format(CultureInfo.CurrentCulture, Strings.ApiKeyNotAuthorized, "push"))); } } return(new EmptyResult()); }
public virtual ActionResult PublishPackage(string apiKey, string id, string version) { Guid parsedApiKey; if (!Guid.TryParse(apiKey, out parsedApiKey)) { return(new HttpStatusCodeWithBodyResult( HttpStatusCode.BadRequest, String.Format(CultureInfo.CurrentCulture, Strings.InvalidApiKey, apiKey))); } var user = UserService.FindByApiKey(parsedApiKey); if (user == null) { return(new HttpStatusCodeWithBodyResult( HttpStatusCode.Forbidden, String.Format(CultureInfo.CurrentCulture, Strings.ApiKeyNotAuthorized, "publish"))); } var package = PackageService.FindPackageByIdAndVersion(id, version); if (package == null) { return(new HttpStatusCodeWithBodyResult( HttpStatusCode.NotFound, String.Format(CultureInfo.CurrentCulture, Strings.PackageWithIdAndVersionNotFound, id, version))); } if (!package.IsOwner(user)) { return(new HttpStatusCodeWithBodyResult( HttpStatusCode.Forbidden, String.Format(CultureInfo.CurrentCulture, Strings.ApiKeyNotAuthorized, "publish"))); } PackageService.MarkPackageListed(package); IndexingService.UpdatePackage(package); return(new EmptyResult()); }
private async Task <ActionResult> CreatePackageInternal(string apiKey) { Guid parsedApiKey; if (!Guid.TryParse(apiKey, out parsedApiKey)) { return(new HttpStatusCodeWithBodyResult( HttpStatusCode.BadRequest, String.Format(CultureInfo.CurrentCulture, Strings.InvalidApiKey, apiKey))); } var user = UserService.FindByApiKey(parsedApiKey); if (user == null) { return(new HttpStatusCodeWithBodyResult( HttpStatusCode.Forbidden, String.Format(CultureInfo.CurrentCulture, Strings.ApiKeyNotAuthorized, "push"))); } using (var packageToPush = ReadPackageFromRequest()) { // Ensure that the user can push packages for this partialId. var packageRegistration = PackageService.FindPackageRegistrationById(packageToPush.Metadata.Id); if (packageRegistration != null) { if (!packageRegistration.IsOwner(user)) { return(new HttpStatusCodeWithBodyResult( HttpStatusCode.Forbidden, String.Format(CultureInfo.CurrentCulture, Strings.ApiKeyNotAuthorized, "push"))); } // Check if a particular Id-Version combination already exists. We eventually need to remove this check. bool packageExists = packageRegistration.Packages.Any( p => p.Version.Equals(packageToPush.Metadata.Version.ToString(), StringComparison.OrdinalIgnoreCase)); if (packageExists) { return(new HttpStatusCodeWithBodyResult( HttpStatusCode.Conflict, String.Format(CultureInfo.CurrentCulture, Strings.PackageExistsAndCannotBeModified, packageToPush.Metadata.Id, packageToPush.Metadata.Version))); } } var package = PackageService.CreatePackage(packageToPush, user, commitChanges: true); using (Stream uploadStream = packageToPush.GetStream()) { await PackageFileService.SavePackageFileAsync(package, uploadStream); } if ( packageToPush.Metadata.Id.Equals(Constants.NuGetCommandLinePackageId, StringComparison.OrdinalIgnoreCase) && package.IsLatestStable) { // If we're pushing a new stable version of NuGet.CommandLine, update the extracted executable. await NugetExeDownloaderService.UpdateExecutableAsync(packageToPush); } } return(new HttpStatusCodeResult(201)); }