public Task OnSubscribeAsync(UserSecurityPolicySubscriptionContext context)
{
// Todo:
// Maybe we should enumerate through the user's packages and add Microsoft as a package owner if the package passes the metadata requirements when a user is onboarded to this policy.
// We should also unlock the package if it is locked as part of adding Microsoft as co-owner.
return(Task.CompletedTask);
}
/// <summary>
/// On subscribe, set API keys with push capability to expire in <see cref="PushKeysExpirationInDays" /> days.
/// </summary>
/// <param name="context"></param>
public async Task OnSubscribeAsync(UserSecurityPolicySubscriptionContext context)
{
var pushKeys = context.User.Credentials.Where(c =>
CredentialTypes.IsApiKey(c.Type) &&
(
c.Scopes.Count == 0 ||
c.Scopes.Any(s =>
s.AllowedAction.Equals(NuGetScopes.PackagePush, StringComparison.OrdinalIgnoreCase) ||
s.AllowedAction.Equals(NuGetScopes.PackagePushVersion, StringComparison.OrdinalIgnoreCase)
))
);
var expires = DateTime.UtcNow.AddDays(PushKeysExpirationInDays);
var expireTasks = new List <Task>();
foreach (var key in pushKeys)
{
if (!key.Expires.HasValue || key.Expires > expires)
{
expireTasks.Add(_auditing.SaveAuditRecordAsync(
new UserAuditRecord(context.User, AuditedUserAction.ExpireCredential, key)));
key.Expires = expires;
}
}
await Task.WhenAll(expireTasks);
_diagnostics.Information($"Expiring {pushKeys.Count()} keys with push capability for user '{context.User.Username}'.");
}
public Task OnUnsubscribeAsync(UserSecurityPolicySubscriptionContext context)
{
return(Task.CompletedTask);
}
public Task OnUnsubscribeAsync(UserSecurityPolicySubscriptionContext context)
{
throw new NotSupportedException();
}
