public virtual async Task <ActionResult> VerifyPackage() { var currentUser = GetCurrentUser(); PackageMetadata packageMetadata; using (Stream uploadFile = await _uploadFileService.GetUploadFileAsync(currentUser.Key)) { if (uploadFile == null) { return(RedirectToRoute(RouteName.UploadPackage)); } var package = await SafeCreatePackage(currentUser, uploadFile); if (package == null) { return(Redirect(Url.UploadPackage())); } try { packageMetadata = PackageMetadata.FromNuspecReader( package.GetNuspecReader()); } catch (Exception ex) { TempData["Message"] = ex.GetUserSafeMessage(); return(Redirect(Url.UploadPackage())); } } var model = new VerifyPackageRequest { Id = packageMetadata.Id, Version = packageMetadata.Version.ToNormalizedStringSafe(), LicenseUrl = packageMetadata.LicenseUrl.ToEncodedUrlStringOrNull(), Listed = true, Edit = new EditPackageVersionRequest { Authors = packageMetadata.Authors.Flatten(), Copyright = packageMetadata.Copyright, Description = packageMetadata.Description, IconUrl = packageMetadata.IconUrl.ToEncodedUrlStringOrNull(), LicenseUrl = packageMetadata.LicenseUrl.ToEncodedUrlStringOrNull(), ProjectUrl = packageMetadata.ProjectUrl.ToEncodedUrlStringOrNull(), ReleaseNotes = packageMetadata.ReleaseNotes, RequiresLicenseAcceptance = packageMetadata.RequireLicenseAcceptance, Summary = packageMetadata.Summary, Tags = PackageHelper.ParseTags(packageMetadata.Tags), VersionTitle = packageMetadata.Title, } }; return(View(model)); }
public virtual async Task <ActionResult> VerifyPackage() { var currentUser = GetCurrentUser(); IPackageMetadata packageMetadata; using (Stream uploadFile = await _uploadFileService.GetUploadFileAsync(currentUser.Key)) { if (uploadFile == null) { return(RedirectToRoute(RouteName.UploadPackage)); } try { using (INupkg package = CreatePackage(uploadFile)) { packageMetadata = package.Metadata; } } catch (InvalidDataException e) { // Log the exception in case we get support requests about it. QuietLog.LogHandledException(e); return(View("UnverifiablePackage")); } } var model = new VerifyPackageRequest { Id = packageMetadata.Id, Version = packageMetadata.Version.ToNormalizedStringSafe(), LicenseUrl = packageMetadata.LicenseUrl.ToEncodedUrlStringOrNull(), Listed = true, Edit = new EditPackageVersionRequest { Authors = packageMetadata.Authors.Flatten(), Copyright = packageMetadata.Copyright, Description = packageMetadata.Description, IconUrl = packageMetadata.IconUrl.ToEncodedUrlStringOrNull(), LicenseUrl = packageMetadata.LicenseUrl.ToEncodedUrlStringOrNull(), ProjectUrl = packageMetadata.ProjectUrl.ToEncodedUrlStringOrNull(), ReleaseNotes = packageMetadata.ReleaseNotes, RequiresLicenseAcceptance = packageMetadata.RequireLicenseAcceptance, Summary = packageMetadata.Summary, Tags = PackageHelper.ParseTags(packageMetadata.Tags), VersionTitle = packageMetadata.Title, } }; return(View(model)); }
[ValidateInput(false)] // Security note: Disabling ASP.Net input validation which does things like disallow angle brackets in submissions. See http://go.microsoft.com/fwlink/?LinkID=212874 public virtual async Task<ActionResult> VerifyPackage(VerifyPackageRequest formData) { var currentUser = GetCurrentUser(); Package package; using (Stream uploadFile = await _uploadFileService.GetUploadFileAsync(currentUser.Key)) { if (uploadFile == null) { TempData["Message"] = "Your attempt to verify the package submission failed, because we could not find the uploaded package file. Please try again."; return new RedirectResult(Url.UploadPackage()); } INupkg nugetPackage = await SafeCreatePackage(currentUser, uploadFile); if (nugetPackage == null) { // Send the user back return new RedirectResult(Url.UploadPackage()); } Debug.Assert(nugetPackage != null); // Rule out problem scenario with multiple tabs - verification request (possibly with edits) was submitted by user // viewing a different package to what was actually most recently uploaded if (!(String.IsNullOrEmpty(formData.Id) || String.IsNullOrEmpty(formData.Version))) { if (!(String.Equals(nugetPackage.Metadata.Id, formData.Id, StringComparison.OrdinalIgnoreCase) && String.Equals(nugetPackage.Metadata.Version.ToNormalizedString(), formData.Version, StringComparison.OrdinalIgnoreCase))) { TempData["Message"] = "Your attempt to verify the package submission failed, because the package file appears to have changed. Please try again."; return new RedirectResult(Url.VerifyPackage()); } } bool pendEdit = false; if (formData.Edit != null) { pendEdit = pendEdit || formData.Edit.RequiresLicenseAcceptance != nugetPackage.Metadata.RequireLicenseAcceptance; pendEdit = pendEdit || IsDifferent(formData.Edit.IconUrl, nugetPackage.Metadata.IconUrl.ToEncodedUrlStringOrNull()); pendEdit = pendEdit || IsDifferent(formData.Edit.ProjectUrl, nugetPackage.Metadata.ProjectUrl.ToEncodedUrlStringOrNull()); pendEdit = pendEdit || IsDifferent(formData.Edit.Authors, nugetPackage.Metadata.Authors.Flatten()); pendEdit = pendEdit || IsDifferent(formData.Edit.Copyright, nugetPackage.Metadata.Copyright); pendEdit = pendEdit || IsDifferent(formData.Edit.Description, nugetPackage.Metadata.Description); pendEdit = pendEdit || IsDifferent(formData.Edit.ReleaseNotes, nugetPackage.Metadata.ReleaseNotes); pendEdit = pendEdit || IsDifferent(formData.Edit.Summary, nugetPackage.Metadata.Summary); pendEdit = pendEdit || IsDifferent(formData.Edit.Tags, nugetPackage.Metadata.Tags); pendEdit = pendEdit || IsDifferent(formData.Edit.VersionTitle, nugetPackage.Metadata.Title); } // update relevant database tables package = _packageService.CreatePackage(nugetPackage, currentUser, commitChanges: false); Debug.Assert(package.PackageRegistration != null); _packageService.PublishPackage(package, commitChanges: false); if (pendEdit) { // Add the edit request to a queue where it will be processed in the background. _editPackageService.StartEditPackageRequest(package, formData.Edit, currentUser); } if (!formData.Listed) { _packageService.MarkPackageUnlisted(package, commitChanges: false); } _autoCuratedPackageCmd.Execute(package, nugetPackage, commitChanges: false); // save package to blob storage uploadFile.Position = 0; await _packageFileService.SavePackageFileAsync(package, uploadFile); // commit all changes to database as an atomic transaction _entitiesContext.SaveChanges(); // tell Lucene to update index for the new package _indexingService.UpdateIndex(); } // delete the uploaded binary in the Uploads container await _uploadFileService.DeleteUploadFileAsync(currentUser.Key); TempData["Message"] = String.Format( CultureInfo.CurrentCulture, Strings.SuccessfullyUploadedPackage, package.PackageRegistration.Id, package.Version); return RedirectToRoute(RouteName.DisplayPackage, new { package.PackageRegistration.Id, package.Version }); }
public virtual async Task<ActionResult> VerifyPackage() { var currentUser = GetCurrentUser(); IPackageMetadata packageMetadata; using (Stream uploadFile = await _uploadFileService.GetUploadFileAsync(currentUser.Key)) { if (uploadFile == null) { return RedirectToRoute(RouteName.UploadPackage); } using (INupkg package = await SafeCreatePackage(currentUser, uploadFile)) { if (package == null) { return Redirect(Url.UploadPackage()); } packageMetadata = package.Metadata; } } var model = new VerifyPackageRequest { Id = packageMetadata.Id, Version = packageMetadata.Version.ToNormalizedStringSafe(), LicenseUrl = packageMetadata.LicenseUrl.ToEncodedUrlStringOrNull(), Listed = true, Edit = new EditPackageVersionRequest { Authors = packageMetadata.Authors.Flatten(), Copyright = packageMetadata.Copyright, Description = packageMetadata.Description, IconUrl = packageMetadata.IconUrl.ToEncodedUrlStringOrNull(), LicenseUrl = packageMetadata.LicenseUrl.ToEncodedUrlStringOrNull(), ProjectUrl = packageMetadata.ProjectUrl.ToEncodedUrlStringOrNull(), ReleaseNotes = packageMetadata.ReleaseNotes, RequiresLicenseAcceptance = packageMetadata.RequireLicenseAcceptance, Summary = packageMetadata.Summary, Tags = PackageHelper.ParseTags(packageMetadata.Tags), VersionTitle = packageMetadata.Title, } }; return View(model); }
[ValidateInput(false)] // Security note: Disabling ASP.Net input validation which does things like disallow angle brackets in submissions. See http://go.microsoft.com/fwlink/?LinkID=212874 public virtual async Task <ActionResult> VerifyPackage(VerifyPackageRequest formData) { var currentUser = GetCurrentUser(); Package package; using (Stream uploadFile = await _uploadFileService.GetUploadFileAsync(currentUser.Key)) { if (uploadFile == null) { TempData["Message"] = "Your attempt to verify the package submission failed, because we could not find the uploaded package file. Please try again."; return(new RedirectResult(Url.UploadPackage())); } INupkg nugetPackage = await SafeCreatePackage(currentUser, uploadFile); if (nugetPackage == null) { // Send the user back return(new RedirectResult(Url.UploadPackage())); } Debug.Assert(nugetPackage != null); // Rule out problem scenario with multiple tabs - verification request (possibly with edits) was submitted by user // viewing a different package to what was actually most recently uploaded if (!(String.IsNullOrEmpty(formData.Id) || String.IsNullOrEmpty(formData.Version))) { if (!(String.Equals(nugetPackage.Metadata.Id, formData.Id, StringComparison.OrdinalIgnoreCase) && String.Equals(nugetPackage.Metadata.Version.ToNormalizedString(), formData.Version, StringComparison.OrdinalIgnoreCase))) { TempData["Message"] = "Your attempt to verify the package submission failed, because the package file appears to have changed. Please try again."; return(new RedirectResult(Url.VerifyPackage())); } } bool pendEdit = false; if (formData.Edit != null) { pendEdit = pendEdit || formData.Edit.RequiresLicenseAcceptance != nugetPackage.Metadata.RequireLicenseAcceptance; pendEdit = pendEdit || IsDifferent(formData.Edit.IconUrl, nugetPackage.Metadata.IconUrl.ToEncodedUrlStringOrNull()); pendEdit = pendEdit || IsDifferent(formData.Edit.ProjectUrl, nugetPackage.Metadata.ProjectUrl.ToEncodedUrlStringOrNull()); pendEdit = pendEdit || IsDifferent(formData.Edit.Authors, nugetPackage.Metadata.Authors.Flatten()); pendEdit = pendEdit || IsDifferent(formData.Edit.Copyright, nugetPackage.Metadata.Copyright); pendEdit = pendEdit || IsDifferent(formData.Edit.Description, nugetPackage.Metadata.Description); pendEdit = pendEdit || IsDifferent(formData.Edit.ReleaseNotes, nugetPackage.Metadata.ReleaseNotes); pendEdit = pendEdit || IsDifferent(formData.Edit.Summary, nugetPackage.Metadata.Summary); pendEdit = pendEdit || IsDifferent(formData.Edit.Tags, nugetPackage.Metadata.Tags); pendEdit = pendEdit || IsDifferent(formData.Edit.VersionTitle, nugetPackage.Metadata.Title); } // update relevant database tables package = _packageService.CreatePackage(nugetPackage, currentUser, commitChanges: false); Debug.Assert(package.PackageRegistration != null); _packageService.PublishPackage(package, commitChanges: false); if (pendEdit) { // Add the edit request to a queue where it will be processed in the background. _editPackageService.StartEditPackageRequest(package, formData.Edit, currentUser); } if (!formData.Listed) { _packageService.MarkPackageUnlisted(package, commitChanges: false); } _autoCuratedPackageCmd.Execute(package, nugetPackage, commitChanges: false); // save package to blob storage uploadFile.Position = 0; await _packageFileService.SavePackageFileAsync(package, uploadFile); // commit all changes to database as an atomic transaction _entitiesContext.SaveChanges(); // tell Lucene to update index for the new package _indexingService.UpdateIndex(); } // delete the uploaded binary in the Uploads container await _uploadFileService.DeleteUploadFileAsync(currentUser.Key); TempData["Message"] = String.Format( CultureInfo.CurrentCulture, Strings.SuccessfullyUploadedPackage, package.PackageRegistration.Id, package.Version); return(RedirectToRoute(RouteName.DisplayPackage, new { package.PackageRegistration.Id, package.Version })); }
public virtual async Task<ActionResult> VerifyPackage() { var currentUser = GetCurrentUser(); IPackageMetadata packageMetadata; using (Stream uploadFile = await _uploadFileService.GetUploadFileAsync(currentUser.Key)) { if (uploadFile == null) { return RedirectToRoute(RouteName.UploadPackage); } try { using (INupkg package = CreatePackage(uploadFile)) { packageMetadata = package.Metadata; } } catch (InvalidDataException e) { // Log the exception in case we get support requests about it. QuietLog.LogHandledException(e); return View("UnverifiablePackage"); } } var model = new VerifyPackageRequest { Id = packageMetadata.Id, Version = packageMetadata.Version.ToNormalizedStringSafe(), LicenseUrl = packageMetadata.LicenseUrl.ToEncodedUrlStringOrNull(), Listed = true, Edit = new EditPackageVersionRequest { Authors = packageMetadata.Authors.Flatten(), Copyright = packageMetadata.Copyright, Description = packageMetadata.Description, IconUrl = packageMetadata.IconUrl.ToEncodedUrlStringOrNull(), LicenseUrl = packageMetadata.LicenseUrl.ToEncodedUrlStringOrNull(), ProjectUrl = packageMetadata.ProjectUrl.ToEncodedUrlStringOrNull(), ReleaseNotes = packageMetadata.ReleaseNotes, RequiresLicenseAcceptance = packageMetadata.RequireLicenseAcceptance, Summary = packageMetadata.Summary, Tags = PackageHelper.ParseTags(packageMetadata.Tags), VersionTitle = packageMetadata.Title, } }; return View(model); }
[ValidateInput(false)] // Security note: Disabling ASP.Net input validation which does things like disallow angle brackets in submissions. See http://go.microsoft.com/fwlink/?LinkID=212874 public virtual async Task<ActionResult> VerifyPackage(VerifyPackageRequest formData) { var currentUser = GetCurrentUser(); Package package; using (Stream uploadFile = await _uploadFileService.GetUploadFileAsync(currentUser.Key)) { if (uploadFile == null) { TempData["Message"] = "Your attempt to verify the package submission failed, because we could not find the uploaded package file. Please try again."; return new RedirectResult(Url.UploadPackage()); } var nugetPackage = await SafeCreatePackage(currentUser, uploadFile); if (nugetPackage == null) { // Send the user back return new RedirectResult(Url.UploadPackage()); } Debug.Assert(nugetPackage != null); var packageMetadata = PackageMetadata.FromNuspecReader( nugetPackage.GetNuspecReader()); // Rule out problem scenario with multiple tabs - verification request (possibly with edits) was submitted by user // viewing a different package to what was actually most recently uploaded if (!(String.IsNullOrEmpty(formData.Id) || String.IsNullOrEmpty(formData.Version))) { if (!(String.Equals(packageMetadata.Id, formData.Id, StringComparison.OrdinalIgnoreCase) && String.Equals(packageMetadata.Version.ToNormalizedString(), formData.Version, StringComparison.OrdinalIgnoreCase))) { TempData["Message"] = "Your attempt to verify the package submission failed, because the package file appears to have changed. Please try again."; return new RedirectResult(Url.VerifyPackage()); } } bool pendEdit = false; if (formData.Edit != null) { pendEdit = pendEdit || formData.Edit.RequiresLicenseAcceptance != packageMetadata.RequireLicenseAcceptance; pendEdit = pendEdit || IsDifferent(formData.Edit.IconUrl, packageMetadata.IconUrl.ToEncodedUrlStringOrNull()); pendEdit = pendEdit || IsDifferent(formData.Edit.ProjectUrl, packageMetadata.ProjectUrl.ToEncodedUrlStringOrNull()); pendEdit = pendEdit || IsDifferent(formData.Edit.Authors, packageMetadata.Authors.Flatten()); pendEdit = pendEdit || IsDifferent(formData.Edit.Copyright, packageMetadata.Copyright); pendEdit = pendEdit || IsDifferent(formData.Edit.Description, packageMetadata.Description); pendEdit = pendEdit || IsDifferent(formData.Edit.ReleaseNotes, packageMetadata.ReleaseNotes); pendEdit = pendEdit || IsDifferent(formData.Edit.Summary, packageMetadata.Summary); pendEdit = pendEdit || IsDifferent(formData.Edit.Tags, packageMetadata.Tags); pendEdit = pendEdit || IsDifferent(formData.Edit.VersionTitle, packageMetadata.Title); } var packageStreamMetadata = new PackageStreamMetadata { HashAlgorithm = Constants.Sha512HashAlgorithmId, Hash = CryptographyService.GenerateHash(uploadFile.AsSeekableStream()), Size = uploadFile.Length, }; // update relevant database tables try { package = await _packageService.CreatePackageAsync(nugetPackage, packageStreamMetadata, currentUser, commitChanges: false); Debug.Assert(package.PackageRegistration != null); } catch (EntityException ex) { TempData["Message"] = ex.Message; return Redirect(Url.UploadPackage()); } await _packageService.PublishPackageAsync(package, commitChanges: false); if (pendEdit) { // Add the edit request to a queue where it will be processed in the background. _editPackageService.StartEditPackageRequest(package, formData.Edit, currentUser); } if (!formData.Listed) { await _packageService.MarkPackageUnlistedAsync(package, commitChanges: false); } await _autoCuratedPackageCmd.ExecuteAsync(package, nugetPackage, commitChanges: false); // save package to blob storage uploadFile.Position = 0; await _packageFileService.SavePackageFileAsync(package, uploadFile.AsSeekableStream()); // commit all changes to database as an atomic transaction await _entitiesContext.SaveChangesAsync(); // tell Lucene to update index for the new package _indexingService.UpdateIndex(); // write an audit record await _auditingService.SaveAuditRecord( new PackageAuditRecord(package, AuditedPackageAction.Create, PackageCreatedVia.Web)); // notify user _messageService.SendPackageAddedNotice(package, Url.Action("DisplayPackage", "Packages", routeValues: new { id = package.PackageRegistration.Id, version = package.Version }, protocol: Request.Url.Scheme), Url.Action("ReportMyPackage", "Packages", routeValues: new { id = package.PackageRegistration.Id, version = package.Version }, protocol: Request.Url.Scheme), Url.Action("Account", "Users", routeValues: null, protocol: Request.Url.Scheme)); } // delete the uploaded binary in the Uploads container await _uploadFileService.DeleteUploadFileAsync(currentUser.Key); TempData["Message"] = String.Format( CultureInfo.CurrentCulture, Strings.SuccessfullyUploadedPackage, package.PackageRegistration.Id, package.Version); return RedirectToRoute(RouteName.DisplayPackage, new { package.PackageRegistration.Id, package.Version }); }
public virtual async Task<ActionResult> VerifyPackage() { var currentUser = GetCurrentUser(); PackageMetadata packageMetadata; using (Stream uploadFile = await _uploadFileService.GetUploadFileAsync(currentUser.Key)) { if (uploadFile == null) { return RedirectToRoute(RouteName.UploadPackage); } var package = await SafeCreatePackage(currentUser, uploadFile); if (package == null) { return Redirect(Url.UploadPackage()); } try { packageMetadata = PackageMetadata.FromNuspecReader( package.GetNuspecReader()); } catch (Exception ex) { TempData["Message"] = ex.GetUserSafeMessage(); return Redirect(Url.UploadPackage()); } } var model = new VerifyPackageRequest { Id = packageMetadata.Id, Version = packageMetadata.Version.ToNormalizedStringSafe(), LicenseUrl = packageMetadata.LicenseUrl.ToEncodedUrlStringOrNull(), Listed = true, Language = packageMetadata.Language, MinClientVersion = packageMetadata.MinClientVersion, FrameworkReferenceGroups = packageMetadata.GetFrameworkReferenceGroups(), Dependencies = new DependencySetsViewModel( packageMetadata.GetDependencyGroups().AsPackageDependencyEnumerable()), DevelopmentDependency = packageMetadata.GetValueFromMetadata("developmentDependency"), Edit = new EditPackageVersionRequest { Authors = packageMetadata.Authors.Flatten(), Copyright = packageMetadata.Copyright, Description = packageMetadata.Description, IconUrl = packageMetadata.IconUrl.ToEncodedUrlStringOrNull(), LicenseUrl = packageMetadata.LicenseUrl.ToEncodedUrlStringOrNull(), ProjectUrl = packageMetadata.ProjectUrl.ToEncodedUrlStringOrNull(), ReleaseNotes = packageMetadata.ReleaseNotes, RequiresLicenseAcceptance = packageMetadata.RequireLicenseAcceptance, Summary = packageMetadata.Summary, Tags = PackageHelper.ParseTags(packageMetadata.Tags), VersionTitle = packageMetadata.Title, } }; return View(model); }