public async Task <Membership> AddMemberAsync(Organization organization, string memberName, string confirmationToken)
{
organization = organization ?? throw new ArgumentNullException(nameof(organization));
var request = FindMembershipRequestByUsername(organization, memberName);
if (request == null || request.ConfirmationToken != confirmationToken)
{
throw new EntityException(string.Format(CultureInfo.CurrentCulture,
Strings.AddMember_MissingRequest, memberName));
}
var member = request.NewMember;
organization.MemberRequests.Remove(request);
if (!member.Confirmed)
{
throw new EntityException(string.Format(CultureInfo.CurrentCulture,
Strings.AddMember_UserNotConfirmed, memberName));
}
if (member is Organization)
{
throw new EntityException(string.Format(CultureInfo.CurrentCulture,
Strings.AddMember_UserIsOrganization, memberName));
}
var membership = FindMembershipByUsername(organization, memberName);
if (membership == null)
{
// Ensure that the new member meets the AAD tenant policy for this organization.
var policyResult = await SecurityPolicyService.EvaluateOrganizationPoliciesAsync(
SecurityPolicyAction.JoinOrganization, organization, member);
if (policyResult != SecurityPolicyResult.SuccessResult)
{
throw new EntityException(string.Format(CultureInfo.CurrentCulture,
Strings.AddMember_PolicyFailure, policyResult.ErrorMessage));
}
membership = new Membership()
{
Member = member,
IsAdmin = request.IsAdmin
};
organization.Members.Add(membership);
}
else
{
// If the user is already a member, update the existing membership.
// If the request grants admin but this member is not an admin, grant admin to the member.
membership.IsAdmin = membership.IsAdmin || request.IsAdmin;
}
await EntitiesContext.SaveChangesAsync();
return(membership);
}
public virtual async Task <JsonResult> AddCertificate(string accountName, HttpPostedFileBase uploadFile)
{
if (uploadFile == null)
{
return(Json(HttpStatusCode.BadRequest, new[] { Strings.CertificateFileIsRequired }));
}
var currentUser = GetCurrentUser();
var account = GetAccount(accountName);
if (currentUser == null)
{
return(Json(HttpStatusCode.Unauthorized));
}
if (account == null)
{
return(Json(HttpStatusCode.NotFound));
}
if (ActionsRequiringPermissions.ManageAccount.CheckPermissions(currentUser, account)
!= PermissionsCheckResult.Allowed || !User.WasMultiFactorAuthenticated())
{
return(Json(HttpStatusCode.Forbidden, new { Strings.Unauthorized }));
}
Certificate certificate;
try
{
using (var uploadStream = uploadFile.InputStream)
{
certificate = await CertificateService.AddCertificateAsync(uploadFile);
}
await CertificateService.ActivateCertificateAsync(certificate.Thumbprint, account);
}
catch (UserSafeException ex)
{
ex.Log();
return(Json(HttpStatusCode.BadRequest, new[] { ex.Message }));
}
var activeCertificateCount = CertificateService.GetCertificates(account).Count();
if (activeCertificateCount == 1 &&
SecurityPolicyService.IsSubscribed(account, AutomaticallyOverwriteRequiredSignerPolicy.PolicyName))
{
await PackageService.SetRequiredSignerAsync(account);
}
return(Json(HttpStatusCode.Created, new { certificate.Thumbprint }));
}
private async Task SubscribeOrganizationToTenantPolicyIfTenantIdIsSupported(User organization, User adminUser, bool commitChanges = true)
{
var tenantId = adminUser.Credentials.GetAzureActiveDirectoryCredential()?.TenantId;
if (string.IsNullOrWhiteSpace(tenantId) ||
!ContentObjectService.LoginDiscontinuationConfiguration.IsTenantIdPolicySupportedForOrganization(organization.EmailAddress ?? organization.UnconfirmedEmailAddress, tenantId))
{
return;
}
var tenantPolicy = RequireOrganizationTenantPolicy.Create(tenantId);
await SecurityPolicyService.SubscribeAsync(organization, tenantPolicy, commitChanges);
}
public async Task <Membership> AddMemberAsync(Organization organization, string memberName, bool isAdmin)
{
organization = organization ?? throw new ArgumentNullException(nameof(organization));
var membership = FindMembershipByUsername(organization, memberName);
if (membership != null)
{
throw new EntityException(string.Format(CultureInfo.CurrentCulture,
Strings.AddMember_AlreadyAMember, memberName));
}
var member = FindByUsername(memberName);
if (member == null)
{
throw new EntityException(string.Format(CultureInfo.CurrentCulture,
Strings.AddMember_UserNotFound, memberName));
}
if (!member.Confirmed)
{
throw new EntityException(string.Format(CultureInfo.CurrentCulture,
Strings.AddMember_UserNotConfirmed, memberName));
}
// Ensure that the new member meets the AAD tenant policy for this organization.
var policyResult = await SecurityPolicyService.EvaluateOrganizationPoliciesAsync(
SecurityPolicyAction.JoinOrganization, organization, member);
if (policyResult != SecurityPolicyResult.SuccessResult)
{
throw new EntityException(policyResult.ErrorMessage);
}
membership = new Membership()
{
Member = member,
IsAdmin = isAdmin
};
organization.Members.Add(membership);
await EntitiesContext.SaveChangesAsync();
return(membership);
}
private async Task <bool> SubscribeOrganizationToTenantPolicy(User organization, User adminUser, bool commitChanges = true)
{
var tenantId = GetAzureActiveDirectoryCredentialTenant(adminUser);
if (string.IsNullOrWhiteSpace(tenantId))
{
return(false);
}
var tenantPolicy = RequireOrganizationTenantPolicy.Create(tenantId);
if (!await SecurityPolicyService.SubscribeAsync(organization, tenantPolicy, commitChanges))
{
return(false);
}
return(true);
}
private async Task SubscribeOrganizationToTenantPolicyIfTenantIdIsSupported(User organization, User adminUser, bool commitChanges = true)
{
var tenantId = adminUser.Credentials.GetAzureActiveDirectoryCredential()?.TenantId;
if (string.IsNullOrEmpty(tenantId))
{
DiagnosticsSource.LogInformation("Will not apply tenant policy to organization because admin user does not have an AAD credential.");
return;
}
if (!ContentObjectService.LoginDiscontinuationConfiguration.IsTenantIdPolicySupportedForOrganization(
organization.EmailAddress ?? organization.UnconfirmedEmailAddress,
tenantId))
{
DiagnosticsSource.LogInformation("Will not apply tenant policy to organization because policy is not supported for email-tenant pair.");
return;
}
DiagnosticsSource.LogInformation("Applying tenant policy to organization.");
var tenantPolicy = RequireOrganizationTenantPolicy.Create(tenantId);
await SecurityPolicyService.SubscribeAsync(organization, tenantPolicy, commitChanges);
}
public async virtual Task <ActionResult> VerifyPackageKeyAsync(string id, string version)
{
var policyResult = await SecurityPolicyService.EvaluateAsync(SecurityPolicyAction.PackageVerify, HttpContext);
if (!policyResult.Success)
{
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.BadRequest, policyResult.ErrorMessage));
}
var user = GetCurrentUser();
var credential = user.GetCurrentApiKeyCredential(User.Identity);
var result = await VerifyPackageKeyInternalAsync(user, credential, id, version);
// Expire and delete verification key after first use to avoid growing the database tables.
if (CredentialTypes.IsPackageVerificationApiKey(credential.Type))
{
await AuthenticationService.RemoveCredential(user, credential);
}
TelemetryService.TrackVerifyPackageKeyEvent(id, version, user, User.Identity, result?.StatusCode ?? 200);
return((ActionResult)result ?? new EmptyResult());
}
private async Task <ActionResult> CreatePackageInternal()
{
var policyResult = await SecurityPolicyService.EvaluateAsync(SecurityPolicyAction.PackagePush, HttpContext);
if (!policyResult.Success)
{
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.BadRequest, policyResult.ErrorMessage));
}
// Get the user
var currentUser = GetCurrentUser();
using (var packageStream = ReadPackageFromRequest())
{
try
{
using (var archive = new ZipArchive(packageStream, ZipArchiveMode.Read, leaveOpen: true))
{
var reference = DateTime.UtcNow.AddDays(1); // allow "some" clock skew
var entryInTheFuture = archive.Entries.FirstOrDefault(
e => e.LastWriteTime.UtcDateTime > reference);
if (entryInTheFuture != null)
{
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.BadRequest, string.Format(
CultureInfo.CurrentCulture,
Strings.PackageEntryFromTheFuture,
entryInTheFuture.Name)));
}
}
using (var packageToPush = new PackageArchiveReader(packageStream, leaveStreamOpen: false))
{
try
{
PackageService.EnsureValid(packageToPush);
}
catch (Exception ex)
{
ex.Log();
var message = Strings.FailedToReadUploadFile;
if (ex is InvalidPackageException || ex is InvalidDataException || ex is EntityException)
{
message = ex.Message;
}
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.BadRequest, message));
}
NuspecReader nuspec;
var errors = ManifestValidator.Validate(packageToPush.GetNuspec(), out nuspec).ToArray();
if (errors.Length > 0)
{
var errorsString = string.Join("', '", errors.Select(error => error.ErrorMessage));
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.BadRequest, string.Format(
CultureInfo.CurrentCulture,
errors.Length > 1 ? Strings.UploadPackage_InvalidNuspecMultiple : Strings.UploadPackage_InvalidNuspec,
errorsString)));
}
if (nuspec.GetMinClientVersion() > Constants.MaxSupportedMinClientVersion)
{
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.BadRequest, string.Format(
CultureInfo.CurrentCulture,
Strings.UploadPackage_MinClientVersionOutOfRange,
nuspec.GetMinClientVersion())));
}
User owner;
// Ensure that the user can push packages for this partialId.
var id = nuspec.GetId();
var version = nuspec.GetVersion();
var packageRegistration = PackageService.FindPackageRegistrationById(id);
if (packageRegistration == null)
{
// Check if the current user's scopes allow pushing a new package ID
var apiScopeEvaluationResult = EvaluateApiScope(ActionsRequiringPermissions.UploadNewPackageId, new ActionOnNewPackageContext(id, ReservedNamespaceService), NuGetScopes.PackagePush);
owner = apiScopeEvaluationResult.Owner;
if (!apiScopeEvaluationResult.IsSuccessful())
{
// User cannot push a new package ID as the current user's scopes does not allow it
return(GetHttpResultFromFailedApiScopeEvaluationForPush(apiScopeEvaluationResult, id, version));
}
}
else
{
// Check if the current user's scopes allow pushing a new version of an existing package ID
var apiScopeEvaluationResult = EvaluateApiScope(ActionsRequiringPermissions.UploadNewPackageVersion, packageRegistration, NuGetScopes.PackagePushVersion, NuGetScopes.PackagePush);
owner = apiScopeEvaluationResult.Owner;
if (!apiScopeEvaluationResult.IsSuccessful())
{
// User cannot push a package as the current user's scopes does not allow it
await AuditingService.SaveAuditRecordAsync(
new FailedAuthenticatedOperationAuditRecord(
currentUser.Username,
AuditedAuthenticatedOperationAction.PackagePushAttemptByNonOwner,
attemptedPackage : new AuditedPackageIdentifier(
id, version.ToNormalizedStringSafe())));
return(GetHttpResultFromFailedApiScopeEvaluationForPush(apiScopeEvaluationResult, id, version));
}
if (packageRegistration.IsLocked)
{
return(new HttpStatusCodeWithBodyResult(
HttpStatusCode.Forbidden,
string.Format(CultureInfo.CurrentCulture, Strings.PackageIsLocked, packageRegistration.Id)));
}
// Check if a particular Id-Version combination already exists. We eventually need to remove this check.
string normalizedVersion = version.ToNormalizedString();
bool packageExists =
packageRegistration.Packages.Any(
p => string.Equals(
p.NormalizedVersion,
normalizedVersion,
StringComparison.OrdinalIgnoreCase));
if (packageExists)
{
return(new HttpStatusCodeWithBodyResult(
HttpStatusCode.Conflict,
string.Format(CultureInfo.CurrentCulture, Strings.PackageExistsAndCannotBeModified,
id, nuspec.GetVersion().ToNormalizedStringSafe())));
}
}
var packageStreamMetadata = new PackageStreamMetadata
{
HashAlgorithm = Constants.Sha512HashAlgorithmId,
Hash = CryptographyService.GenerateHash(packageStream.AsSeekableStream()),
Size = packageStream.Length
};
var package = await PackageUploadService.GeneratePackageAsync(
id,
packageToPush,
packageStreamMetadata,
owner,
currentUser);
await AutoCuratePackage.ExecuteAsync(package, packageToPush, commitChanges : false);
PackageCommitResult commitResult;
using (Stream uploadStream = packageStream)
{
uploadStream.Position = 0;
commitResult = await PackageUploadService.CommitPackageAsync(
package,
uploadStream.AsSeekableStream());
}
switch (commitResult)
{
case PackageCommitResult.Success:
break;
case PackageCommitResult.Conflict:
return(new HttpStatusCodeWithBodyResult(
HttpStatusCode.Conflict,
Strings.UploadPackage_IdVersionConflict));
default:
throw new NotImplementedException($"The package commit result {commitResult} is not supported.");
}
IndexingService.UpdatePackage(package);
// Write an audit record
await AuditingService.SaveAuditRecordAsync(
new PackageAuditRecord(package, AuditedPackageAction.Create, PackageCreatedVia.Api));
if (!(ConfigurationService.Current.AsynchronousPackageValidationEnabled && ConfigurationService.Current.BlockingAsynchronousPackageValidationEnabled))
{
// Notify user of push unless async validation in blocking mode is used
MessageService.SendPackageAddedNotice(package,
Url.Package(package.PackageRegistration.Id, package.NormalizedVersion, relativeUrl: false),
Url.ReportPackage(package.PackageRegistration.Id, package.NormalizedVersion, relativeUrl: false),
Url.AccountSettings(relativeUrl: false));
}
TelemetryService.TrackPackagePushEvent(package, currentUser, User.Identity);
if (package.SemVerLevelKey == SemVerLevelKey.SemVer2)
{
return(new HttpStatusCodeWithServerWarningResult(HttpStatusCode.Created, Strings.WarningSemVer2PackagePushed));
}
return(new HttpStatusCodeResult(HttpStatusCode.Created));
}
}
catch (InvalidPackageException ex)
{
return(BadRequestForExceptionMessage(ex));
}
catch (InvalidDataException ex)
{
return(BadRequestForExceptionMessage(ex));
}
catch (EntityException ex)
{
return(BadRequestForExceptionMessage(ex));
}
catch (FrameworkException ex)
{
return(BadRequestForExceptionMessage(ex));
}
}
}
public async Task <MembershipRequest> AddMembershipRequestAsync(Organization organization, string memberName, bool isAdmin)
{
organization = organization ?? throw new ArgumentNullException(nameof(organization));
var membership = FindMembershipByUsername(organization, memberName);
if (membership != null)
{
throw new EntityException(string.Format(CultureInfo.CurrentCulture,
Strings.AddMember_AlreadyAMember, memberName));
}
var request = FindMembershipRequestByUsername(organization, memberName);
if (request != null)
{
// If there is already an existing request, return it.
// If the existing request grants collaborator but we are trying to create a request that grants admin, update the request to grant admin.
request.IsAdmin = isAdmin || request.IsAdmin;
await EntitiesContext.SaveChangesAsync();
return(request);
}
if (Regex.IsMatch(memberName, GalleryConstants.EmailValidationRegex, RegexOptions.None, GalleryConstants.EmailValidationRegexTimeout))
{
throw new EntityException(Strings.AddMember_NameIsEmail);
}
var member = FindByUsername(memberName);
if (member == null)
{
throw new EntityException(string.Format(CultureInfo.CurrentCulture,
Strings.AddMember_UserNotFound, memberName));
}
if (!member.Confirmed)
{
throw new EntityException(string.Format(CultureInfo.CurrentCulture,
Strings.AddMember_UserNotConfirmed, memberName));
}
if (member is Organization)
{
throw new EntityException(string.Format(CultureInfo.CurrentCulture,
Strings.AddMember_UserIsOrganization, memberName));
}
// Ensure that the new member meets the AAD tenant policy for this organization.
var policyResult = await SecurityPolicyService.EvaluateOrganizationPoliciesAsync(
SecurityPolicyAction.JoinOrganization, organization, member);
if (policyResult != SecurityPolicyResult.SuccessResult)
{
throw new EntityException(policyResult.ErrorMessage);
}
request = new MembershipRequest()
{
Organization = organization,
NewMember = member,
IsAdmin = isAdmin,
ConfirmationToken = Crypto.GenerateToken(),
RequestDate = DateTime.UtcNow,
};
organization.MemberRequests.Add(request);
await EntitiesContext.SaveChangesAsync();
return(request);
}
private async Task <ActionResult> CreatePackageInternal()
{
var policyResult = await SecurityPolicyService.EvaluateAsync(SecurityPolicyAction.PackagePush, HttpContext);
if (!policyResult.Success)
{
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.BadRequest, policyResult.ErrorMessage));
}
// Get the user
var user = GetCurrentUser();
using (var packageStream = ReadPackageFromRequest())
{
try
{
using (var archive = new ZipArchive(packageStream, ZipArchiveMode.Read, leaveOpen: true))
{
var reference = DateTime.UtcNow.AddDays(1); // allow "some" clock skew
var entryInTheFuture = archive.Entries.FirstOrDefault(
e => e.LastWriteTime.UtcDateTime > reference);
if (entryInTheFuture != null)
{
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.BadRequest, string.Format(
CultureInfo.CurrentCulture,
Strings.PackageEntryFromTheFuture,
entryInTheFuture.Name)));
}
}
using (var packageToPush = new PackageArchiveReader(packageStream, leaveStreamOpen: false))
{
try
{
PackageService.EnsureValid(packageToPush);
}
catch (Exception ex)
{
ex.Log();
var message = Strings.FailedToReadUploadFile;
if (ex is InvalidPackageException || ex is InvalidDataException || ex is EntityException)
{
message = ex.Message;
}
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.BadRequest, message));
}
NuspecReader nuspec;
var errors = ManifestValidator.Validate(packageToPush.GetNuspec(), out nuspec).ToArray();
if (errors.Length > 0)
{
var errorsString = string.Join("', '", errors.Select(error => error.ErrorMessage));
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.BadRequest, string.Format(
CultureInfo.CurrentCulture,
errors.Length > 1 ? Strings.UploadPackage_InvalidNuspecMultiple : Strings.UploadPackage_InvalidNuspec,
errorsString)));
}
if (nuspec.GetMinClientVersion() > Constants.MaxSupportedMinClientVersion)
{
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.BadRequest, string.Format(
CultureInfo.CurrentCulture,
Strings.UploadPackage_MinClientVersionOutOfRange,
nuspec.GetMinClientVersion())));
}
// Ensure that the user can push packages for this partialId.
var id = nuspec.GetId();
var packageRegistration = PackageService.FindPackageRegistrationById(id);
IReadOnlyCollection <ReservedNamespace> userOwnedNamespaces = null;
if (packageRegistration == null)
{
// Check if API key allows pushing a new package id
if (!ApiKeyScopeAllows(
subject: id,
requestedActions: NuGetScopes.PackagePush))
{
// User cannot push a new package ID as the API key scope does not allow it
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.Unauthorized, Strings.ApiKeyNotAuthorized));
}
// For a new package id verify that the user is allowed to push to the matching namespaces, if any.
var isPushAllowed = ReservedNamespaceService.IsPushAllowed(id, user, out userOwnedNamespaces);
if (!isPushAllowed)
{
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.Conflict, Strings.UploadPackage_IdNamespaceConflict));
}
}
else
{
// Is the user allowed to push this Id?
if (!packageRegistration.IsOwner(user))
{
// Audit that a non-owner tried to push the package
await AuditingService.SaveAuditRecordAsync(
new FailedAuthenticatedOperationAuditRecord(
user.Username,
AuditedAuthenticatedOperationAction.PackagePushAttemptByNonOwner,
attemptedPackage : new AuditedPackageIdentifier(
id, nuspec.GetVersion().ToNormalizedStringSafe())));
// User cannot push a package to an ID owned by another user.
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.Conflict,
string.Format(CultureInfo.CurrentCulture, Strings.PackageIdNotAvailable,
id)));
}
// Check if API key allows pushing the current package id
if (!ApiKeyScopeAllows(
packageRegistration.Id,
NuGetScopes.PackagePushVersion, NuGetScopes.PackagePush))
{
// User cannot push a package as the API key scope does not allow it
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.Unauthorized, Strings.ApiKeyNotAuthorized));
}
// Check if a particular Id-Version combination already exists. We eventually need to remove this check.
string normalizedVersion = nuspec.GetVersion().ToNormalizedString();
bool packageExists =
packageRegistration.Packages.Any(
p => string.Equals(
p.NormalizedVersion,
normalizedVersion,
StringComparison.OrdinalIgnoreCase));
if (packageExists)
{
return(new HttpStatusCodeWithBodyResult(
HttpStatusCode.Conflict,
string.Format(CultureInfo.CurrentCulture, Strings.PackageExistsAndCannotBeModified,
id, nuspec.GetVersion().ToNormalizedStringSafe())));
}
}
var packageStreamMetadata = new PackageStreamMetadata
{
HashAlgorithm = Constants.Sha512HashAlgorithmId,
Hash = CryptographyService.GenerateHash(packageStream.AsSeekableStream()),
Size = packageStream.Length
};
var package = await PackageUploadService.GeneratePackageAsync(
id,
packageToPush,
packageStreamMetadata,
user,
commitChanges : false);
await AutoCuratePackage.ExecuteAsync(package, packageToPush, commitChanges : false);
using (Stream uploadStream = packageStream)
{
uploadStream.Position = 0;
try
{
await PackageFileService.SavePackageFileAsync(package, uploadStream.AsSeekableStream());
}
catch (InvalidOperationException ex)
{
ex.Log();
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.Conflict, Strings.UploadPackage_IdVersionConflict));
}
}
try
{
await EntitiesContext.SaveChangesAsync();
}
catch
{
// If saving to the DB fails for any reason, we need to delete the package we just saved.
await PackageFileService.DeletePackageFileAsync(nuspec.GetId(), nuspec.GetVersion().ToNormalizedString());
throw;
}
IndexingService.UpdatePackage(package);
// Write an audit record
await AuditingService.SaveAuditRecordAsync(
new PackageAuditRecord(package, AuditedPackageAction.Create, PackageCreatedVia.Api));
// Notify user of push
MessageService.SendPackageAddedNotice(package,
Url.Package(package.PackageRegistration.Id, package.NormalizedVersion, relativeUrl: false),
Url.ReportPackage(package.PackageRegistration.Id, package.NormalizedVersion, relativeUrl: false),
Url.AccountSettings(relativeUrl: false));
TelemetryService.TrackPackagePushEvent(package, user, User.Identity);
if (package.SemVerLevelKey == SemVerLevelKey.SemVer2)
{
return(new HttpStatusCodeWithServerWarningResult(HttpStatusCode.Created, Strings.WarningSemVer2PackagePushed));
}
return(new HttpStatusCodeResult(HttpStatusCode.Created));
}
}
catch (InvalidPackageException ex)
{
return(BadRequestForExceptionMessage(ex));
}
catch (InvalidDataException ex)
{
return(BadRequestForExceptionMessage(ex));
}
catch (EntityException ex)
{
return(BadRequestForExceptionMessage(ex));
}
catch (FrameworkException ex)
{
return(BadRequestForExceptionMessage(ex));
}
}
}
