public async Task <Package> GeneratePackageAsync(
string id,
PackageArchiveReader nugetPackage,
PackageStreamMetadata packageStreamMetadata,
User user)
{
var isPushAllowed = _reservedNamespaceService.IsPushAllowed(id, user, out IReadOnlyCollection <ReservedNamespace> userOwnedNamespaces);
var shouldMarkIdVerified = isPushAllowed && userOwnedNamespaces != null && userOwnedNamespaces.Any();
var package = await _packageService.CreatePackageAsync(
nugetPackage,
packageStreamMetadata,
user,
isVerified : shouldMarkIdVerified);
await _validationService.StartValidationAsync(package);
if (shouldMarkIdVerified)
{
// Add all relevant package registrations to the applicable namespaces
foreach (var rn in userOwnedNamespaces)
{
_reservedNamespaceService.AddPackageRegistrationToNamespace(
rn.Value,
package.PackageRegistration);
}
}
return(package);
}
public async Task <Package> GeneratePackageAsync(
string id,
PackageArchiveReader nugetPackage,
PackageStreamMetadata packageStreamMetadata,
User owner,
User currentUser)
{
var shouldMarkIdVerified = _reservedNamespaceService.ShouldMarkNewPackageIdVerified(owner, id, out var ownedMatchingReservedNamespaces);
var package = await _packageService.CreatePackageAsync(
nugetPackage,
packageStreamMetadata,
owner,
currentUser,
isVerified : shouldMarkIdVerified);
if (shouldMarkIdVerified)
{
// Add all relevant package registrations to the applicable namespaces
foreach (var rn in ownedMatchingReservedNamespaces)
{
_reservedNamespaceService.AddPackageRegistrationToNamespace(
rn.Value,
package.PackageRegistration);
}
}
_vulnerabilityService.ApplyExistingVulnerabilitiesToPackage(package);
return(package);
}
public async Task <IActionResult> CreatePackage(CreatePackageCommand command)
{
var result = await _packageService.CreatePackageAsync(command);
return(result.Success
? StatusCode(StatusCodes.Status201Created, result)
: StatusCode(StatusCodes.Status400BadRequest, result));
}
public async Task <Package> GeneratePackageAsync(string id, PackageArchiveReader nugetPackage, PackageStreamMetadata packageStreamMetadata, User user, bool commitChanges)
{
var isPushAllowed = _reservedNamespaceService.IsPushAllowed(id, user, out IReadOnlyCollection <ReservedNamespace> userOwnedNamespaces);
var shouldMarkIdVerified = isPushAllowed && userOwnedNamespaces != null && userOwnedNamespaces.Any();
var package = await _packageService.CreatePackageAsync(
nugetPackage,
packageStreamMetadata,
user,
isVerified : shouldMarkIdVerified,
commitChanges : commitChanges);
if (shouldMarkIdVerified)
{
// Add all relevant package registrations to the applicable namespaces
await Task.WhenAll(userOwnedNamespaces
.Select(rn => _reservedNamespaceService.AddPackageRegistrationToNamespaceAsync(rn.Value, package.PackageRegistration, commitChanges)));
}
return(package);
}
private async Task <bool> IsValidAsync(
IPackageService packageService,
RequirePackageMetadataState state,
string packagePath)
{
if (!File.Exists(packagePath) && !Directory.Exists(packagePath))
{
OutputColor(
ConsoleColor.Red,
() =>
{
_console.WriteLine("INVALID.");
_console.WriteLine(packagePath);
_console.WriteLine("The path does not exist.");
});
return(false);
}
if (File.GetAttributes(packagePath).HasFlag(FileAttributes.Directory))
{
OutputColor(
ConsoleColor.Red,
() =>
{
_console.WriteLine("INVALID.");
_console.WriteLine(packagePath);
_console.WriteLine("The path is a directory, not a file.");
});
return(false);
}
Package package;
using (var packageStream = File.OpenRead(packagePath))
{
var packageArchiveReader = new PackageArchiveReader(packageStream);
var packageStreamMetadata = new PackageStreamMetadata
{
HashAlgorithm = CoreConstants.Sha512HashAlgorithmId,
Hash = CryptographyService.GenerateHash(
packageStream.AsSeekableStream(),
CoreConstants.Sha512HashAlgorithmId),
Size = packageStream.Length
};
var owner = new User();
var currentUser = owner;
var isVerified = true;
package = await packageService.CreatePackageAsync(
packageArchiveReader,
packageStreamMetadata,
owner,
currentUser,
isVerified);
}
var isCompliant = RequirePackageMetadataComplianceUtility.IsPackageMetadataCompliant(
package,
state,
out var complianceFailures);
if (isCompliant)
{
OutputColor(
ConsoleColor.Green,
() =>
{
_console.WriteLine("VALID.");
_console.WriteLine(packagePath);
_console.WriteLine($"The package {package.Id} {package.Version} is compliant.");
});
return(true);
}
else
{
OutputColor(
ConsoleColor.Red,
() =>
{
var single = complianceFailures.Count == 1;
_console.WriteLine("INVALID.");
_console.WriteLine(packagePath);
_console.WriteLine($"The package {package.Id} {package.Version} is not compliant.");
_console.WriteLine($"There {(single ? "is" : "are")} {complianceFailures.Count} problem{(single ? string.Empty : "s")}.");
foreach (var failure in complianceFailures)
{
_console.WriteLine($" - {failure}");
}
});
return(false);
}
}
[ValidateInput(false)] // Security note: Disabling ASP.Net input validation which does things like disallow angle brackets in submissions. See http://go.microsoft.com/fwlink/?LinkID=212874
public virtual async Task <ActionResult> VerifyPackage(VerifyPackageRequest formData)
{
var currentUser = GetCurrentUser();
Package package;
using (Stream uploadFile = await _uploadFileService.GetUploadFileAsync(currentUser.Key))
{
if (uploadFile == null)
{
TempData["Message"] = "Your attempt to verify the package submission failed, because we could not find the uploaded package file. Please try again.";
return(new RedirectResult(Url.UploadPackage()));
}
var nugetPackage = await SafeCreatePackage(currentUser, uploadFile);
if (nugetPackage == null)
{
// Send the user back
return(new RedirectResult(Url.UploadPackage()));
}
Debug.Assert(nugetPackage != null);
var packageMetadata = PackageMetadata.FromNuspecReader(
nugetPackage.GetNuspecReader());
// Rule out problem scenario with multiple tabs - verification request (possibly with edits) was submitted by user
// viewing a different package to what was actually most recently uploaded
if (!(String.IsNullOrEmpty(formData.Id) || String.IsNullOrEmpty(formData.Version)))
{
if (!(String.Equals(packageMetadata.Id, formData.Id, StringComparison.OrdinalIgnoreCase) &&
String.Equals(packageMetadata.Version.ToNormalizedString(), formData.Version, StringComparison.OrdinalIgnoreCase)))
{
TempData["Message"] = "Your attempt to verify the package submission failed, because the package file appears to have changed. Please try again.";
return(new RedirectResult(Url.VerifyPackage()));
}
}
bool pendEdit = false;
if (formData.Edit != null)
{
pendEdit = pendEdit || formData.Edit.RequiresLicenseAcceptance != packageMetadata.RequireLicenseAcceptance;
pendEdit = pendEdit || IsDifferent(formData.Edit.IconUrl, packageMetadata.IconUrl.ToEncodedUrlStringOrNull());
pendEdit = pendEdit || IsDifferent(formData.Edit.ProjectUrl, packageMetadata.ProjectUrl.ToEncodedUrlStringOrNull());
pendEdit = pendEdit || IsDifferent(formData.Edit.Authors, packageMetadata.Authors.Flatten());
pendEdit = pendEdit || IsDifferent(formData.Edit.Copyright, packageMetadata.Copyright);
pendEdit = pendEdit || IsDifferent(formData.Edit.Description, packageMetadata.Description);
pendEdit = pendEdit || IsDifferent(formData.Edit.ReleaseNotes, packageMetadata.ReleaseNotes);
pendEdit = pendEdit || IsDifferent(formData.Edit.Summary, packageMetadata.Summary);
pendEdit = pendEdit || IsDifferent(formData.Edit.Tags, packageMetadata.Tags);
pendEdit = pendEdit || IsDifferent(formData.Edit.VersionTitle, packageMetadata.Title);
}
var packageStreamMetadata = new PackageStreamMetadata
{
HashAlgorithm = Constants.Sha512HashAlgorithmId,
Hash = CryptographyService.GenerateHash(uploadFile.AsSeekableStream()),
Size = uploadFile.Length,
};
// update relevant database tables
try
{
package = await _packageService.CreatePackageAsync(nugetPackage, packageStreamMetadata, currentUser, commitChanges : false);
Debug.Assert(package.PackageRegistration != null);
}
catch (EntityException ex)
{
TempData["Message"] = ex.Message;
return(Redirect(Url.UploadPackage()));
}
await _packageService.PublishPackageAsync(package, commitChanges : false);
if (pendEdit)
{
// Add the edit request to a queue where it will be processed in the background.
_editPackageService.StartEditPackageRequest(package, formData.Edit, currentUser);
}
if (!formData.Listed)
{
await _packageService.MarkPackageUnlistedAsync(package, commitChanges : false);
}
await _autoCuratedPackageCmd.ExecuteAsync(package, nugetPackage, commitChanges : false);
// save package to blob storage
uploadFile.Position = 0;
await _packageFileService.SavePackageFileAsync(package, uploadFile.AsSeekableStream());
// commit all changes to database as an atomic transaction
await _entitiesContext.SaveChangesAsync();
// tell Lucene to update index for the new package
_indexingService.UpdateIndex();
_messageService.SendPackageAddedNotice(package,
Url.Action("DisplayPackage", "Packages", routeValues: new { id = package.PackageRegistration.Id, version = package.Version }, protocol: Request.Url.Scheme),
Url.Action("ReportMyPackage", "Packages", routeValues: new { id = package.PackageRegistration.Id, version = package.Version }, protocol: Request.Url.Scheme),
Url.Action("Account", "Users", routeValues: null, protocol: Request.Url.Scheme));
}
// delete the uploaded binary in the Uploads container
await _uploadFileService.DeleteUploadFileAsync(currentUser.Key);
TempData["Message"] = String.Format(
CultureInfo.CurrentCulture, Strings.SuccessfullyUploadedPackage, package.PackageRegistration.Id, package.Version);
return(RedirectToRoute(RouteName.DisplayPackage, new { package.PackageRegistration.Id, package.Version }));
}
public async Task <ActionResult> CreatePackageForOneCatering([FromBody] CreatePackageRequest request, [FromRoute] Guid cateringId)
{
if (!ModelState.IsValid)
{
return(BadRequest(new ApiErrorResponse()
{
ErrorType = "Bad Request",
StatusCode = 400,
Errors = ModelState.Values.SelectMany(v => v.Errors).Select(e => e.ErrorMessage)
}));
}
var catering = await cateringService.GetCateringByIdAsync(cateringId);
if (catering == null)
{
return(NotFound(new ApiErrorResponse()
{
ErrorType = "Not Found",
StatusCode = 404,
Errors = new string[] { "Catering doesn't exist" }
}));
}
var package = new Package
{
Name = request.Name,
Serves = request.Serves,
ServicePresentation = request.ServicePresentation,
SetupTime = request.SetupTime,
Description = request.Description,
Price = request.Price,
Menus = request.Menus.Select(m => new Menu {
Name = m
}).ToList(),
Catering = catering,
PackageOptions = request.PackageOptions.Select(o => new PackageOption
{
OptionsType = o.OptionsType,
Title = o.Title,
PackageOptionItems = o.PackageOptionItems.Select(i => new PackageOptionItem {
Name = i
}).ToList()
}).ToList(),
PackageRequirements = request.PackageRequirements.Select(r => new PackageRequirement {
Name = r
}).ToList()
};
var created = await packageService.CreatePackageAsync(package);
if (!created)
{
return(BadRequest(new ApiErrorResponse()
{
ErrorType = "Bad Request",
StatusCode = 400,
Errors = new[] { "Unable to create a package." }
}));
}
var baseUrl = $"{HttpContext.Request.Scheme}://{HttpContext.Request.Host.ToUriComponent()}";
var locationUrl = baseUrl + "/" + ApiRoutes.Packages.Get.Replace("{packageId}", package.Id.ToString());
var response = new CreatePackageSuccessResponse()
{
Id = package.Id
};
return(Created(locationUrl, response));
}
