public Task OnSubscribeAsync(UserSecurityPolicySubscriptionContext context) { // Todo: // Maybe we should enumerate through the user's packages and add Microsoft as a package owner if the package passes the metadata requirements when a user is onboarded to this policy. // We should also unlock the package if it is locked as part of adding Microsoft as co-owner. return(Task.CompletedTask); }
/// <summary> /// On subscribe, set API keys with push capability to expire in <see cref="PushKeysExpirationInDays" /> days. /// </summary> /// <param name="context"></param> public async Task OnSubscribeAsync(UserSecurityPolicySubscriptionContext context) { var pushKeys = context.User.Credentials.Where(c => CredentialTypes.IsApiKey(c.Type) && ( c.Scopes.Count == 0 || c.Scopes.Any(s => s.AllowedAction.Equals(NuGetScopes.PackagePush, StringComparison.OrdinalIgnoreCase) || s.AllowedAction.Equals(NuGetScopes.PackagePushVersion, StringComparison.OrdinalIgnoreCase) )) ); var expires = DateTime.UtcNow.AddDays(PushKeysExpirationInDays); var expireTasks = new List <Task>(); foreach (var key in pushKeys) { if (!key.Expires.HasValue || key.Expires > expires) { expireTasks.Add(_auditing.SaveAuditRecordAsync( new UserAuditRecord(context.User, AuditedUserAction.ExpireCredential, key))); key.Expires = expires; } } await Task.WhenAll(expireTasks); _diagnostics.Information($"Expiring {pushKeys.Count()} keys with push capability for user '{context.User.Username}'."); }
public Task OnUnsubscribeAsync(UserSecurityPolicySubscriptionContext context) { return(Task.CompletedTask); }
public Task OnUnsubscribeAsync(UserSecurityPolicySubscriptionContext context) { throw new NotSupportedException(); }