Certificates: fix bug bash bugs (#5875)

Resolve #5873.
NuGet · May 2, 2018 · 6200a64 · 6200a64
1 parent e01b75e
commit 6200a64
Show file tree

Hide file tree

Showing 17 changed files with 199 additions and 56 deletions.
diff --git a/src/NuGetGallery/Controllers/PackagesController.cs b/src/NuGetGallery/Controllers/PackagesController.cs
@@ -84,7 +84,6 @@ public partial class PackagesController
         private readonly IReadMeService _readMeService;
         private readonly IValidationService _validationService;
         private readonly IPackageOwnershipManagementService _packageOwnershipManagementService;
-        private readonly ICertificateService _certificateService;
 
         public PackagesController(
             IPackageService packageService,
@@ -107,8 +106,7 @@ public PackagesController(
             IPackageUploadService packageUploadService,
             IReadMeService readMeService,
             IValidationService validationService,
-            IPackageOwnershipManagementService packageOwnershipManagementService,
-            ICertificateService certificateService)
+            IPackageOwnershipManagementService packageOwnershipManagementService)
         {
             _packageService = packageService;
             _uploadFileService = uploadFileService;
@@ -131,7 +129,6 @@ public PackagesController(
             _readMeService = readMeService;
             _validationService = validationService;
             _packageOwnershipManagementService = packageOwnershipManagementService;
-            _certificateService = certificateService;
         }
 
         [HttpGet]
@@ -1341,14 +1338,6 @@ private async Task<ActionResult> HandleOwnershipRequest(string id, string userna
 
                 SendAddPackageOwnerNotification(package, user);
 
-                var hasActiveCertificates = _certificateService.GetCertificates(user).Any();
-
-                if (hasActiveCertificates &&
-                    _securityPolicyService.IsSubscribed(user, AutomaticallyOverwriteRequiredSignerPolicy.PolicyName))
-                {
-                    await _packageService.SetRequiredSignerAsync(package, user);
-                }
-
                 return View("ConfirmOwner", new PackageOwnerConfirmationModel(id, user.Username, ConfirmOwnershipResult.Success));
             }
             else

diff --git a/src/NuGetGallery/Controllers/UsersController.cs b/src/NuGetGallery/Controllers/UsersController.cs
@@ -473,6 +473,7 @@ public virtual ActionResult Packages()
 
             var model = new ManagePackagesViewModel
             {
+                User = currentUser,
                 Owners = owners,
                 ListedPackages = listedPackages,
                 UnlistedPackages = unlistedPackages,

diff --git a/src/NuGetGallery/NuGetGallery.csproj b/src/NuGetGallery/NuGetGallery.csproj
@@ -441,8 +441,8 @@
     <Reference Include="NuGet.Protocol, Version=4.3.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <HintPath>..\..\packages\NuGet.Protocol.4.3.0-preview1-2524\lib\net45\NuGet.Protocol.dll</HintPath>
     </Reference>
-    <Reference Include="NuGet.Services.Contracts, Version=2.10.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\packages\NuGet.Services.Contracts.2.10.0\lib\net45\NuGet.Services.Contracts.dll</HintPath>
+    <Reference Include="NuGet.Services.Contracts, Version=2.25.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\NuGet.Services.Contracts.2.25.0-master-30191\lib\net45\NuGet.Services.Contracts.dll</HintPath>
     </Reference>
     <Reference Include="NuGet.Services.KeyVault, Version=1.0.0.0, Culture=neutral, processorArchitecture=MSIL">
       <HintPath>..\..\packages\NuGet.Services.KeyVault.1.0.0.0\lib\net45\NuGet.Services.KeyVault.dll</HintPath>
@@ -460,14 +460,14 @@
       <HintPath>..\..\packages\NuGet.Services.Platform.Client.3.0.29-r-master\lib\portable-net45+wp80+win\NuGet.Services.Platform.Client.dll</HintPath>
       <Private>True</Private>
     </Reference>
-    <Reference Include="NuGet.Services.ServiceBus, Version=2.10.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\packages\NuGet.Services.ServiceBus.2.10.0\lib\net45\NuGet.Services.ServiceBus.dll</HintPath>
+    <Reference Include="NuGet.Services.ServiceBus, Version=2.25.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\NuGet.Services.ServiceBus.2.25.0-master-30191\lib\net45\NuGet.Services.ServiceBus.dll</HintPath>
     </Reference>
-    <Reference Include="NuGet.Services.Validation, Version=2.10.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\packages\NuGet.Services.Validation.2.10.0\lib\net45\NuGet.Services.Validation.dll</HintPath>
+    <Reference Include="NuGet.Services.Validation, Version=2.25.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\NuGet.Services.Validation.2.25.0-master-30191\lib\net45\NuGet.Services.Validation.dll</HintPath>
     </Reference>
-    <Reference Include="NuGet.Services.Validation.Issues, Version=2.10.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\packages\NuGet.Services.Validation.Issues.2.10.0\lib\net45\NuGet.Services.Validation.Issues.dll</HintPath>
+    <Reference Include="NuGet.Services.Validation.Issues, Version=2.25.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\NuGet.Services.Validation.Issues.2.25.0-master-30191\lib\net45\NuGet.Services.Validation.Issues.dll</HintPath>
     </Reference>
     <Reference Include="NuGet.Versioning, Version=4.3.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <HintPath>..\..\packages\NuGet.Versioning.4.3.0-preview1-2524\lib\net45\NuGet.Versioning.dll</HintPath>

diff --git a/src/NuGetGallery/Scripts/gallery/page-manage-packages.js b/src/NuGetGallery/Scripts/gallery/page-manage-packages.js
@@ -45,7 +45,17 @@
                 return ko.unwrap(this.DownloadCount).toLocaleString();
             }, this);
 
-            this._requiredSigner = ko.observable(packageItem.RequiredSigner ? packageItem.RequiredSigner.Username : null);
+            var requiredSigner = null;
+
+            if (packageItem.RequiredSigner) {
+                if (this.ShowTextBox) {
+                    requiredSigner = packageItem.RequiredSigner.OptionText;
+                } else {
+                    requiredSigner = packageItem.RequiredSigner.Username;
+                }
+            }
+
+            this._requiredSigner = ko.observable(requiredSigner);
 
             this.RequiredSigner = ko.pureComputed({
                 read: function () {

diff --git a/src/NuGetGallery/Services/PackageService.cs b/src/NuGetGallery/Services/PackageService.cs
@@ -12,6 +12,7 @@
 using NuGet.Versioning;
 using NuGetGallery.Auditing;
 using NuGetGallery.Packaging;
+using NuGetGallery.Security;
 
 namespace NuGetGallery
 {
@@ -20,18 +21,22 @@ public class PackageService : CorePackageService, IPackageService
         private readonly IPackageNamingConflictValidator _packageNamingConflictValidator;
         private readonly IAuditingService _auditingService;
         private readonly ITelemetryService _telemetryService;
+        private readonly ISecurityPolicyService _securityPolicyService;
 
         public PackageService(
             IEntityRepository<PackageRegistration> packageRegistrationRepository,
             IEntityRepository<Package> packageRepository,
             IEntityRepository<Certificate> certificateRepository,
             IPackageNamingConflictValidator packageNamingConflictValidator,
             IAuditingService auditingService,
-            ITelemetryService telemetryService) : base(packageRepository, packageRegistrationRepository, certificateRepository)
+            ITelemetryService telemetryService,
+            ISecurityPolicyService securityPolicyService)
+            : base(packageRepository, packageRegistrationRepository, certificateRepository)
         {
             _packageNamingConflictValidator = packageNamingConflictValidator ?? throw new ArgumentNullException(nameof(packageNamingConflictValidator));
             _auditingService = auditingService ?? throw new ArgumentNullException(nameof(auditingService));
             _telemetryService = telemetryService ?? throw new ArgumentNullException(nameof(telemetryService));
+            _securityPolicyService = securityPolicyService ?? throw new ArgumentNullException(nameof(securityPolicyService));
         }
 
         /// <summary>
@@ -347,7 +352,13 @@ public async Task PublishPackageAsync(Package package, bool commitChanges = true
         public async Task AddPackageOwnerAsync(PackageRegistration package, User newOwner)
         {
             package.Owners.Add(newOwner);
+
             await _packageRepository.CommitChangesAsync();
+
+            if (_securityPolicyService.IsSubscribed(newOwner, AutomaticallyOverwriteRequiredSignerPolicy.PolicyName))
+            {
+                await SetRequiredSignerAsync(package, newOwner);
+            }
         }
 
         public async Task RemovePackageOwnerAsync(PackageRegistration package, User user)

diff --git a/src/NuGetGallery/ViewModels/ManagePackagesViewModel.cs b/src/NuGetGallery/ViewModels/ManagePackagesViewModel.cs
@@ -7,6 +7,8 @@ namespace NuGetGallery
 {
     public class ManagePackagesViewModel
     {
+        public virtual User User { get; set; }
+
         public IEnumerable<ListPackageOwnerViewModel> Owners { get; set; }
 
         public IEnumerable<ListPackageItemRequiredSignerViewModel> ListedPackages { get; set; }

diff --git a/src/NuGetGallery/Views/Packages/_ValidationIssue.cshtml b/src/NuGetGallery/Views/Packages/_ValidationIssue.cshtml
@@ -40,6 +40,24 @@
             <b>NU3007:</b> Package signatures must have format version 1.
         </text>
         break;
+    case ValidationIssueCode.AuthorCounterSignaturesNotSupported:
+        <text>
+            Author countersignatures are not supported.
+        </text>
+        break;
+    case ValidationIssueCode.PackageIsNotSigned:
+        <text>
+            <b>Package publishing failed.</b> The package must be signed with a registered certificate. <a href="https://aka.ms/nuget-signed-ref">Read more...</a>
+        </text>
+        break;
+    case ValidationIssueCode.PackageIsSignedWithUnauthorizedCertificate:
+        {
+            var typedIssue = (UnauthorizedCertificateFailure)Model;
+            <text>
+                <b>Package publishing failed.</b> The package was signed, but the signing certificate (SHA-1 thumbprint @typedIssue.Sha1Thumbprint) is not associated with your account. You must register this certificate to publish signed packages. <a href="https://aka.ms/nuget-signed-ref">Read more...</a>
+            </text>
+            break;
+        }
     default:
         <text>
             <strong>Package publishing failed.</strong> This package could not be published since package validation

diff --git a/src/NuGetGallery/Views/Shared/_AccountCertificates.cshtml b/src/NuGetGallery/Views/Shared/_AccountCertificates.cshtml
@@ -5,7 +5,14 @@
 
 @helper WarnFor2FARequirement()
 {
-    @ViewHelpers.AlertWarning(@<text>You must enable two-factor authentication before you can register or manage certificates.  This can be enabled in your <a href="@Url.AccountSettings()">Account Settings</a>.</text>)
+    if (Model.User.EnableMultiFactorAuthentication)
+    {
+        @ViewHelpers.AlertWarning(@<text>You must log in using two-factor authentication before you can register or manage certificates.</text>)
+    }
+    else
+    {
+        @ViewHelpers.AlertWarning(@<text>You must enable two-factor authentication before you can register or manage certificates. This can be enabled in your <a href="@Url.AccountSettings()">Account Settings</a>.</text>)
+    }
 }
 
 @ViewHelpers.Section(

diff --git a/src/NuGetGallery/Views/Users/Packages.cshtml b/src/NuGetGallery/Views/Users/Packages.cshtml
@@ -92,9 +92,16 @@
 <script type="text/html" id="manage-packages">
     @if (!Model.WasMultiFactorAuthenticated)
     {
-        <div data-bind="visible: Packages.length > 0">
+    <div data-bind="visible: Packages.length > 0">
+        @if (Model.User.EnableMultiFactorAuthentication)
+        {
+            @ViewHelpers.AlertWarning(@<text>You must log in using two-factor authentication before you can change package signing requirements.</text>)
+        }
+        else
+        {
             @ViewHelpers.AlertWarning(@<text>You must enable two-factor authentication before you can change package signing requirements. This can be enabled in your <a href="@Url.AccountSettings()">Account Settings</a>.</text>)
-        </div>
+        }
+    </div>
     }
     <div class="col-md-12">
         <div class="panel-collapse collapse in" aria-expanded="true">

diff --git a/src/NuGetGallery/packages.config b/src/NuGetGallery/packages.config
@@ -89,14 +89,14 @@
   <package id="NuGet.Packaging" version="4.3.0-preview1-2524" targetFramework="net46" />
   <package id="NuGet.Packaging.Core" version="4.3.0-preview1-2524" targetFramework="net46" />
   <package id="NuGet.Protocol" version="4.3.0-preview1-2524" targetFramework="net46" />
-  <package id="NuGet.Services.Contracts" version="2.10.0" targetFramework="net46" />
+  <package id="NuGet.Services.Contracts" version="2.25.0-master-30191" targetFramework="net46" />
   <package id="NuGet.Services.KeyVault" version="1.0.0.0" targetFramework="net46" />
   <package id="NuGet.Services.Logging" version="2.2.3.0" targetFramework="net46" />
   <package id="NuGet.Services.Owin" version="2.2.3" targetFramework="net46" />
   <package id="NuGet.Services.Platform.Client" version="3.0.29-r-master" targetFramework="net46" />
-  <package id="NuGet.Services.ServiceBus" version="2.10.0" targetFramework="net46" />
-  <package id="NuGet.Services.Validation" version="2.10.0" targetFramework="net46" />
-  <package id="NuGet.Services.Validation.Issues" version="2.10.0" targetFramework="net46" />
+  <package id="NuGet.Services.ServiceBus" version="2.25.0-master-30191" targetFramework="net46" />
+  <package id="NuGet.Services.Validation" version="2.25.0-master-30191" targetFramework="net46" />
+  <package id="NuGet.Services.Validation.Issues" version="2.25.0-master-30191" targetFramework="net46" />
   <package id="NuGet.Versioning" version="4.3.0-preview1-2524" targetFramework="net46" />
   <package id="Owin" version="1.0" targetFramework="net46" />
   <package id="PoliteCaptcha" version="0.4.0.1" targetFramework="net46" />

diff --git a/tests/NuGetGallery.Facts/Controllers/PackagesControllerFacts.cs b/tests/NuGetGallery.Facts/Controllers/PackagesControllerFacts.cs
@@ -60,8 +60,7 @@ private static PackagesController CreateController(
             Mock<IPackageUploadService> packageUploadService = null,
             Mock<IValidationService> validationService = null,
             Mock<IPackageOwnershipManagementService> packageOwnershipManagementService = null,
-            IReadMeService readMeService = null,
-            ICertificateService certificateService = null)
+            IReadMeService readMeService = null)
         {
             packageService = packageService ?? new Mock<IPackageService>();
             if (uploadFileService == null)
@@ -114,8 +113,6 @@ private static PackagesController CreateController(
 
             readMeService = readMeService ?? new ReadMeService(packageFileService.Object, entitiesContext.Object);
 
-            certificateService = certificateService ?? Mock.Of<ICertificateService>();
-
             var controller = new Mock<PackagesController>(
                 packageService.Object,
                 uploadFileService.Object,
@@ -137,8 +134,7 @@ private static PackagesController CreateController(
                 packageUploadService.Object,
                 readMeService,
                 validationService.Object,
-                packageOwnershipManagementService.Object,
-                certificateService);
+                packageOwnershipManagementService.Object);
 
             controller.CallBase = true;
             controller.Object.SetOwinContextOverride(Fakes.CreateOwinContext());

diff --git a/tests/NuGetGallery.Facts/NuGetGallery.Facts.csproj b/tests/NuGetGallery.Facts/NuGetGallery.Facts.csproj
@@ -217,21 +217,21 @@
     <Reference Include="NuGet.Protocol, Version=4.3.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <HintPath>..\..\packages\NuGet.Protocol.4.3.0-preview1-2524\lib\net45\NuGet.Protocol.dll</HintPath>
     </Reference>
-    <Reference Include="NuGet.Services.Contracts, Version=2.10.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\packages\NuGet.Services.Contracts.2.10.0\lib\net45\NuGet.Services.Contracts.dll</HintPath>
+    <Reference Include="NuGet.Services.Contracts, Version=2.25.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\NuGet.Services.Contracts.2.25.0-master-30191\lib\net45\NuGet.Services.Contracts.dll</HintPath>
     </Reference>
     <Reference Include="NuGet.Services.KeyVault, Version=1.0.0.0, Culture=neutral, processorArchitecture=MSIL">
       <HintPath>..\..\packages\NuGet.Services.KeyVault.1.0.0.0\lib\net45\NuGet.Services.KeyVault.dll</HintPath>
       <Private>True</Private>
     </Reference>
-    <Reference Include="NuGet.Services.ServiceBus, Version=2.10.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\packages\NuGet.Services.ServiceBus.2.10.0\lib\net45\NuGet.Services.ServiceBus.dll</HintPath>
+    <Reference Include="NuGet.Services.ServiceBus, Version=2.25.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\NuGet.Services.ServiceBus.2.25.0-master-30191\lib\net45\NuGet.Services.ServiceBus.dll</HintPath>
     </Reference>
-    <Reference Include="NuGet.Services.Validation, Version=2.10.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\packages\NuGet.Services.Validation.2.10.0\lib\net45\NuGet.Services.Validation.dll</HintPath>
+    <Reference Include="NuGet.Services.Validation, Version=2.25.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\NuGet.Services.Validation.2.25.0-master-30191\lib\net45\NuGet.Services.Validation.dll</HintPath>
     </Reference>
-    <Reference Include="NuGet.Services.Validation.Issues, Version=2.10.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\packages\NuGet.Services.Validation.Issues.2.10.0\lib\net45\NuGet.Services.Validation.Issues.dll</HintPath>
+    <Reference Include="NuGet.Services.Validation.Issues, Version=2.25.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\NuGet.Services.Validation.Issues.2.25.0-master-30191\lib\net45\NuGet.Services.Validation.Issues.dll</HintPath>
     </Reference>
     <Reference Include="NuGet.Versioning, Version=4.3.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <HintPath>..\..\packages\NuGet.Versioning.4.3.0-preview1-2524\lib\net45\NuGet.Versioning.dll</HintPath>