[2FA] Update link msa/aad account page with legacy password account information. (#9408)

* Updated page to show legacy account information

* email moved to first line.

* let users link msa/aad account after being on exception list.

* fix tests

Author: Daniel Jacinto

src/NuGetGallery/Controllers/AuthenticationController.cs

@@ -137,7 +137,7 @@ public virtual async Task<ActionResult> SignIn(LogOnViewModel model, string retu
             }
 
             var authenticationResult = await _authService.Authenticate(model.SignIn.UserNameOrEmail, model.SignIn.Password);
-
+            
             if (authenticationResult.Result != PasswordAuthenticationResult.AuthenticationResult.Success)
             {
                 string modelErrorMessage = string.Empty;
@@ -936,7 +936,7 @@ private ActionResult AuthenticationView(string viewName, LogOnViewModel existing
             existingModel.SignIn = existingModel.SignIn ?? new SignInViewModel();
             existingModel.Register = existingModel.Register ?? new RegisterViewModel();
             existingModel.IsNuGetAccountPasswordLoginEnabled = _featureFlagService.IsNuGetAccountPasswordLoginEnabled();
-
+            existingModel.IsEmailOnExceptionList = _contentObjectService.LoginDiscontinuationConfiguration.IsEmailOnExceptionsList(existingModel.SignIn.UserNameOrEmail);
             return View(viewName, existingModel);
         }
 

src/NuGetGallery/ViewModels/LogOnViewModel.cs

@@ -16,6 +16,7 @@ public class LogOnViewModel
         public RegisterViewModel Register { get; set; }
         public IList<AuthenticationProviderViewModel> Providers { get; set; }
         public bool IsNuGetAccountPasswordLoginEnabled { get; set; }
+        public bool IsEmailOnExceptionList { get; set; }
 
         public LogOnViewModel()
             : this(new SignInViewModel())

src/NuGetGallery/Views/Authentication/LinkExternal.cshtml

@@ -9,29 +9,49 @@
 <section role="main" class="container main-container page-sign-in">
     @if (Model.External.FoundExistingUser)
     {
-        <div class="row">
-            <div class="col-xs-12">
-                <h1 class="text-center">Link @Model.External.ProviderAccountNoun</h1>
-            </div>
-        </div>
         <div class="row">
             <div class="@ViewHelpers.GetColumnClasses(ViewBag)">
                 @if (Model.External.ExistingUserCanBeLinked)
                 {
-                    <p class="text-center">
-                        We found an account with this email address. Sign in with your NuGet.org password to link with this Microsoft account.
-                    </p>
-                    <p class="text-center">
-                        Note that <b>your existing password login will be disabled</b> and you will need to use this Microsoft account to sign into NuGet.org
-                    </p>
-                    <p class="text-center">
-                        Please <a href="mailto:@Config.Current.GalleryOwner.Address">contact support</a> if you need more assistance.
-                    </p>
+                    if (Model.IsEmailOnExceptionList)
+                    {
+                        <div class="row">
+                            <div class="col-xs-12">
+                                <h1 class="text-center">Link @Model.External.ProviderAccountNoun</h1>
+                            </div>
+                        </div>
+                        <p class="text-center">
+                            Sign in with your NuGet.org password to link with this Microsoft account.
+                        </p>
+                        <p class="text-center">
+                            Please <a href="mailto:@Config.Current.GalleryOwner.Address">contact support</a> if you need more assistance.
+                        </p>
 
-                    @Html.Partial("_SignIn", Model)
+                        @Html.Partial("_SignIn", Model)
+                    }
+                    else
+                    {
+                        <div class="row">
+                            <div class="col-xs-12">
+                                <h1 class="text-center">Legacy Account</h1>
+                            </div>
+                        </div>
+                        <p class="text-center">
+                            We found an account with this email address (@Model.SignIn.UserNameOrEmail) that uses legacy password login. Unfortunately, <b>password login has been disabled</b>.
+                        </p>
+                        <p class="text-center">
+                            Some accounts can be recovered through manual proof of ownership.
+                            Please reach out to <a href="mailto:@Config.Current.GalleryOwner.Address">nuget support</a> for assistance.
+                        </p>
+                    }
                 }
                 else
                 {
+                    <div class="row">
+                        <div class="col-xs-12">
+                            <h1 class="text-center">Link @Model.External.ProviderAccountNoun</h1>
+                        </div>
+                    </div>
                     switch (Model.External.ExistingUserLinkingError)
                     {
                         case AssociateExternalAccountViewModel.ExistingUserLinkingErrorType.AccountIsAlreadyLinked:

tests/NuGetGallery.Facts/Controllers/AuthenticationControllerFacts.cs

@@ -33,6 +33,17 @@ public class AuthenticationControllerFacts
 
         public class TheLogOnAction : TestContainer
         {
+            public TheLogOnAction()
+            {
+                var isEmailOnExceptionList = new Mock<ILoginDiscontinuationConfiguration>();
+                isEmailOnExceptionList
+                    .Setup(x => x.IsEmailOnExceptionsList(It.IsAny<String>()))
+                    .Returns(false);
+                GetMock<IContentObjectService>()
+                    .Setup(x => x.LoginDiscontinuationConfiguration)
+                    .Returns(isEmailOnExceptionList.Object);
+            }
+
             [Fact]
             public void GivenUserAlreadyAuthenticated_ItRedirectsToReturnUrl()
             {
@@ -215,6 +226,17 @@ public async Task SendsNotificationForAssistance()
 
         public class TheSignInAction : TestContainer
         {
+            public TheSignInAction()
+            {
+                var isEmailOnExceptionList = new Mock<ILoginDiscontinuationConfiguration>();
+                isEmailOnExceptionList
+                    .Setup(x => x.IsEmailOnExceptionsList(It.IsAny<String>()))
+                    .Returns(false);
+                GetMock<IContentObjectService>()
+                    .Setup(x => x.LoginDiscontinuationConfiguration)
+                    .Returns(isEmailOnExceptionList.Object);
+            }
+
             [Fact]
             public async Task GivenUserAlreadyAuthenticated_ItRedirectsToReturnUrl()
             {
@@ -722,6 +744,17 @@ public async Task GivenAdminLogsInWithValidExternalAuth_ItChallengesWhenNotUsing
 
         public class TheRegisterAction : TestContainer
         {
+            public TheRegisterAction()
+            {
+                var isEmailOnExceptionList = new Mock<ILoginDiscontinuationConfiguration>();
+                isEmailOnExceptionList
+                    .Setup(x => x.IsEmailOnExceptionsList(It.IsAny<String>()))
+                    .Returns(false);
+                GetMock<IContentObjectService>()
+                    .Setup(x => x.LoginDiscontinuationConfiguration)
+                    .Returns(isEmailOnExceptionList.Object);
+            }
+
             [Fact]
             public async Task WillShowTheViewWithErrorsIfTheModelStateIsInvalid()
             {
@@ -1726,6 +1759,17 @@ public void WillRedirectToHomePageOnSuccessForAbsoluteUrls()
 
         public class TheLinkExternalAccountAction : TestContainer
         {
+            public TheLinkExternalAccountAction()
+            {
+                var isEmailOnExceptionList = new Mock<ILoginDiscontinuationConfiguration>();
+                isEmailOnExceptionList
+                    .Setup(x => x.IsEmailOnExceptionsList(It.IsAny<String>()))
+                    .Returns(false);
+                GetMock<IContentObjectService>()
+                    .Setup(x => x.LoginDiscontinuationConfiguration)
+                    .Returns(isEmailOnExceptionList.Object);
+            }
+
             [Theory]
             [InlineData("access_denied")]
             [InlineData("consent_required")]
@@ -2219,7 +2263,7 @@ public async Task GivenNoLinkAndEmailClaim_ItDisplaysLogOnViewWithEmailPrefilled
                 var msAuther = new MicrosoftAccountAuthenticator();
                 var msaUI = msAuther.GetUI();
 
-                GetMock<AuthenticationService>(); // Force a mock to be created
+                GetMock<AuthenticationService>(); // Force a mock to be created                
 
                 var controller = GetController<AuthenticationController>();