Skip to content

Commit 6e465b4

Browse files
authored
Merge pull request #9189 from NuGet/dev
[2022-08-12] RI of dev to main for NuGetGallery
2 parents e76529b + e78a94a commit 6e465b4

50 files changed

Lines changed: 483 additions & 30 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

src/AccountDeleter/EmptyFeatureFlagService.cs

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -86,6 +86,11 @@ public bool IsDisplayVulnerabilitiesEnabled()
8686
throw new NotImplementedException();
8787
}
8888

89+
public bool IsNuGetAccountPasswordLoginEnabled()
90+
{
91+
throw new NotImplementedException();
92+
}
93+
8994
public bool IsForceFlatContainerIconsEnabled()
9095
{
9196
throw new NotImplementedException();
@@ -141,6 +146,11 @@ public bool IsMarkdigMdRenderingEnabled()
141146
throw new NotImplementedException();
142147
}
143148

149+
public bool IsMarkdigMdSyntaxHighlightEnabled()
150+
{
151+
throw new NotImplementedException();
152+
}
153+
144154
public bool IsNewAccount2FAEnforcementEnabled()
145155
{
146156
throw new NotImplementedException();

src/Bootstrap/dist/css/bootstrap-theme.css

Lines changed: 3 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

src/Bootstrap/less/theme/common-readme.less

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,10 @@
4141
blockquote {
4242
font-size: @font-size-base;
4343
}
44+
45+
pre code.hljs{
46+
background-color: #f6f8fa;
47+
}
4448
}
4549

4650
#readme-preview {

src/GitHubVulnerabilities2Db/Fakes/FakeFeatureFlagService.cs

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -125,6 +125,11 @@ public bool IsMarkdigMdRenderingEnabled()
125125
throw new NotImplementedException();
126126
}
127127

128+
public bool IsMarkdigMdSyntaxHighlightEnabled()
129+
{
130+
throw new NotImplementedException();
131+
}
132+
128133
public bool IsODataDatabaseReadOnlyEnabled()
129134
{
130135
throw new NotImplementedException();
@@ -279,5 +284,10 @@ public bool IsNewAccount2FAEnforcementEnabled()
279284
{
280285
throw new NotImplementedException();
281286
}
287+
288+
public bool IsNuGetAccountPasswordLoginEnabled()
289+
{
290+
throw new NotImplementedException();
291+
}
282292
}
283293
}

src/NuGetGallery.Core/Auditing/AuditedAuthenticatedOperationAction.cs

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,11 @@ public enum AuditedAuthenticatedOperationAction
2828
/// <summary>
2929
/// Symbol package push was attempted by a non-owner of the package
3030
/// </summary>
31-
SymbolsPackagePushAttemptByNonOwner
31+
SymbolsPackagePushAttemptByNonOwner,
32+
33+
/// <summary>
34+
/// User attempted to login when password login is unsupported
35+
/// </summary>
36+
PasswordLoginUnsupported
3237
}
3338
}

src/NuGetGallery.Services/Authentication/AuthenticationService.cs

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,7 @@ public class AuthenticationService: IAuthenticationService
3333
private readonly IDateTimeProvider _dateTimeProvider;
3434
private readonly IContentObjectService _contentObjectService;
3535
private readonly ITelemetryService _telemetryService;
36+
private readonly IFeatureFlagService _featureFlagService;
3637

3738
/// <summary>
3839
/// This ctor is used for test only.
@@ -48,7 +49,7 @@ public AuthenticationService(
4849
IEntitiesContext entities, IAppConfiguration config, IDiagnosticsService diagnostics,
4950
IAuditingService auditing, IEnumerable<Authenticator> providers, ICredentialBuilder credentialBuilder,
5051
ICredentialValidator credentialValidator, IDateTimeProvider dateTimeProvider, ITelemetryService telemetryService,
51-
IContentObjectService contentObjectService)
52+
IContentObjectService contentObjectService, IFeatureFlagService featureFlagService)
5253
{
5354
InitCredentialFormatters();
5455

@@ -62,6 +63,7 @@ public AuthenticationService(
6263
_dateTimeProvider = dateTimeProvider ?? throw new ArgumentNullException(nameof(dateTimeProvider));
6364
_telemetryService = telemetryService ?? throw new ArgumentNullException(nameof(telemetryService));
6465
_contentObjectService = contentObjectService ?? throw new ArgumentNullException(nameof(contentObjectService));
66+
_featureFlagService = featureFlagService ?? throw new ArgumentNullException(nameof(featureFlagService));
6567
}
6668

6769
public IEntitiesContext Entities { get; private set; }
@@ -83,6 +85,18 @@ public virtual async Task<PasswordAuthenticationResult> Authenticate(string user
8385
{
8486
var user = FindByUserNameOrEmail(userNameOrEmail);
8587

88+
if (!_featureFlagService.IsNuGetAccountPasswordLoginEnabled() &&
89+
!_contentObjectService.LoginDiscontinuationConfiguration.IsEmailOnExceptionsList(userNameOrEmail))
90+
{
91+
_trace.Information("Password login unsupported.");
92+
93+
await Auditing.SaveAuditRecordAsync(
94+
new FailedAuthenticatedOperationAuditRecord(
95+
userNameOrEmail, AuditedAuthenticatedOperationAction.PasswordLoginUnsupported));
96+
97+
return new PasswordAuthenticationResult(PasswordAuthenticationResult.AuthenticationResult.PasswordLoginUnsupported);
98+
}
99+
86100
// Check if the user exists
87101
if (user == null)
88102
{

src/NuGetGallery.Services/Authentication/PasswordAuthenticationResult.cs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ public class PasswordAuthenticationResult
88
public enum AuthenticationResult
99
{
1010
AccountLocked, // The account is locked
11+
PasswordLoginUnsupported, // Password login is not supported
1112
BadCredentials, // Bad user name or password provided
1213
Success // All good
1314
}

src/NuGetGallery.Services/Configuration/FeatureFlagService.cs

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,7 @@ public class FeatureFlagService : IFeatureFlagService
4646
private const string EmbeddedReadmeFlightName = GalleryPrefix + "EmbeddedReadmes";
4747
private const string LicenseMdRenderingFlightName = GalleryPrefix + "LicenseMdRendering";
4848
private const string MarkdigMdRenderingFlightName = GalleryPrefix + "MarkdigMdRendering";
49+
private const string MarkdigMdSyntaxHighlightFlightName = GalleryPrefix + "MarkdigMdSyntaxHighlight";
4950
private const string DeletePackageApiFlightName = GalleryPrefix + "DeletePackageApi";
5051
private const string ImageAllowlistFlightName = GalleryPrefix + "ImageAllowlist";
5152
private const string DisplayBannerFlightName = GalleryPrefix + "Banner";
@@ -54,6 +55,7 @@ public class FeatureFlagService : IFeatureFlagService
5455
private const string ComputeTargetFrameworkFeatureName = GalleryPrefix + "ComputeTargetFramework";
5556
private const string RecentPackagesNoIndexFeatureName = GalleryPrefix + "RecentPackagesNoIndex";
5657
private const string NewAccount2FAEnforcementFeatureName = GalleryPrefix + "NewAccount2FAEnforcement";
58+
private const string NuGetAccountPasswordLoginFeatureName = GalleryPrefix + "NuGetAccountPasswordLogin";
5759

5860
private const string ODataV1GetAllNonHijackedFeatureName = GalleryPrefix + "ODataV1GetAllNonHijacked";
5961
private const string ODataV1GetAllCountNonHijackedFeatureName = GalleryPrefix + "ODataV1GetAllCountNonHijacked";
@@ -334,6 +336,11 @@ public bool IsMarkdigMdRenderingEnabled()
334336
return _client.IsEnabled(MarkdigMdRenderingFlightName, defaultValue: false);
335337
}
336338

339+
public bool IsMarkdigMdSyntaxHighlightEnabled()
340+
{
341+
return _client.IsEnabled(MarkdigMdSyntaxHighlightFlightName, defaultValue: false);
342+
}
343+
337344
public bool IsDeletePackageApiEnabled(User user)
338345
{
339346
return _client.IsEnabled(DeletePackageApiFlightName, user, defaultValue: false);
@@ -368,5 +375,10 @@ public bool IsNewAccount2FAEnforcementEnabled()
368375
{
369376
return _client.IsEnabled(NewAccount2FAEnforcementFeatureName, defaultValue: false);
370377
}
378+
379+
public bool IsNuGetAccountPasswordLoginEnabled()
380+
{
381+
return _client.IsEnabled(NuGetAccountPasswordLoginFeatureName, defaultValue: true);
382+
}
371383
}
372384
}

src/NuGetGallery.Services/Configuration/IFeatureFlagService.cs

Lines changed: 14 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -177,7 +177,7 @@ public interface IFeatureFlagService
177177
/// Whether the user is able to publish the package with an embedded readme file.
178178
/// </summary>
179179
bool AreEmbeddedReadmesEnabled(User user);
180-
180+
181181
/// <summary>
182182
/// Whether the /Packages() endpoint is enabled for the V1 OData API.
183183
/// </summary>
@@ -262,7 +262,13 @@ public interface IFeatureFlagService
262262
/// Whether rendering Markdown content to HTML using Markdig is enabled
263263
/// </summary>
264264
bool IsMarkdigMdRenderingEnabled();
265-
265+
266+
/// <summary>
267+
/// Whether rendering Markdown fenced code with syntax highlighting
268+
/// </summary>
269+
bool IsMarkdigMdSyntaxHighlightEnabled();
270+
271+
/// <summary>
266272
/// Whether or not the user can delete a package through the API.
267273
/// </summary>
268274
bool IsDeletePackageApiEnabled(User user);
@@ -276,7 +282,7 @@ public interface IFeatureFlagService
276282
/// Whether or not display the banner on nuget.org
277283
/// </summary>
278284
bool IsDisplayBannerEnabled();
279-
285+
280286
/// <summary>
281287
/// Whether or not display target framework badges and table on nuget.org
282288
/// </summary>
@@ -296,5 +302,10 @@ public interface IFeatureFlagService
296302
/// Whether or not to enforce 2FA for new external account link or replacement.
297303
/// </summary>
298304
bool IsNewAccount2FAEnforcementEnabled();
305+
306+
/// <summary>
307+
/// Whether or not NuGet.org password login is supported. NuGet.org accounts in the <see cref="LoginDiscontinuationConfiguration.ExceptionsForEmailAddresses"/> will always be supported.
308+
/// </summary>
309+
bool IsNuGetAccountPasswordLoginEnabled();
299310
}
300311
}

src/NuGetGallery.Services/Configuration/ILoginDiscontinuationConfiguration.cs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,5 +13,6 @@ public interface ILoginDiscontinuationConfiguration
1313
bool IsUserOnWhitelist(User user);
1414
bool ShouldUserTransformIntoOrganization(User user);
1515
bool IsTenantIdPolicySupportedForOrganization(string emailAddress, string tenantId);
16+
bool IsEmailOnExceptionsList(string emailAddress);
1617
}
1718
}

0 commit comments

Comments
 (0)