[Repository Signing] Order owners metadata lexicographically (#513)

loic-sharma · web-flow · commit cb186cddaaaa · 2018-08-03T16:49:04.000-07:00
Part of NuGet/NuGetGallery#6258
diff --git a/src/NuGet.Services.Revalidate/readme.md b/src/NuGet.Services.Revalidate/readme.md
@@ -8,7 +8,7 @@ are installed by .NET SDK and Visual Studio
 2. Initialization phase - the job determines which packages should be revalidated.
 3. Revalidation phase - packages are enqueued for revalidations
 
-These phase MUST be completed in order.
+These phases MUST be completed in order.
 
 # The Build Preinstalled Packages phase
 
diff --git a/src/NuGet.Services.Validation.Orchestrator/PackageSigning/ScanAndSign/ScanAndSignProcessor.cs b/src/NuGet.Services.Validation.Orchestrator/PackageSigning/ScanAndSign/ScanAndSignProcessor.cs
@@ -246,6 +246,8 @@ private List<string> FindPackageOwners(IValidationRequest request)
             return registration
                 .Owners
                 .Select(o => o.Username)
+                .ToList()
+                .OrderBy(u => u, StringComparer.InvariantCultureIgnoreCase)
                 .ToList();
         }
     }
diff --git a/tests/Validation.PackageSigning.ScanAndSign.Tests/ScanAndSignProcessorFacts.cs b/tests/Validation.PackageSigning.ScanAndSign.Tests/ScanAndSignProcessorFacts.cs
@@ -251,9 +251,12 @@ public async Task EnqueuesScanAndSignIfPackageHasNoRepositorySignature()
                         _request.NupkgUrl,
                         _config.V3ServiceIndexUrl,
                         It.Is<List<string>>(l =>
-                            l.Count() == 2 &&
-                            l.Contains("Billy") &&
-                            l.Contains("Bob"))),
+                            // Ensure that the owners are lexicographically ordered.
+                            l.Count() == 4 &&
+                            l[0] == "Annie" &&
+                            l[1] == "Bob" &&
+                            l[2] == "zack" &&
+                            l[3] == "Zorro")),
                     Times.Once);
 
             _validatorStateServiceMock
@@ -441,8 +444,10 @@ public async Task WhenPackageFitsCriteriaAndIsNotRepositorySigned_DoesNotSkipSca
         {
             Owners = new List<User>
             {
-                new User("Billy"),
+                new User("Zorro"),
                 new User("Bob"),
+                new User("Annie"),
+                new User("zack")
             }
         };
 

Original file line number	Diff line number	Diff line change
`@@ -246,6 +246,8 @@ private List<string> FindPackageOwners(IValidationRequest request)`
`246`	`246`	`return registration`
`247`	`247`	`.Owners`
`248`	`248`	`.Select(o => o.Username)`
	`249`	`+ .ToList()`
	`250`	`+ .OrderBy(u => u, StringComparer.InvariantCultureIgnoreCase)`
`249`	`251`	`.ToList();`
`250`	`252`	`}`
`251`	`253`	`}`