NuGet
diff --git a/‎src/AccountDeleter/EmptyFeatureFlagService.cs‎
Lines changed: 10 additions & 0 deletions b/‎src/AccountDeleter/EmptyFeatureFlagService.cs‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎src/Bootstrap/dist/css/bootstrap-theme.css‎
Lines changed: 3 additions & 0 deletions b/‎src/Bootstrap/dist/css/bootstrap-theme.css‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎src/Bootstrap/less/theme/common-readme.less‎
Lines changed: 4 additions & 0 deletions b/‎src/Bootstrap/less/theme/common-readme.less‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎src/GitHubVulnerabilities2Db/Fakes/FakeFeatureFlagService.cs‎
Lines changed: 10 additions & 0 deletions b/‎src/GitHubVulnerabilities2Db/Fakes/FakeFeatureFlagService.cs‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎src/NuGetGallery.Core/Auditing/AuditedAuthenticatedOperationAction.cs‎
Lines changed: 6 additions & 1 deletion b/‎src/NuGetGallery.Core/Auditing/AuditedAuthenticatedOperationAction.cs‎
Lines changed: 6 additions & 1 deletion
diff --git a/‎src/NuGetGallery.Services/Authentication/AuthenticationService.cs‎
Lines changed: 15 additions & 1 deletion b/‎src/NuGetGallery.Services/Authentication/AuthenticationService.cs‎
Lines changed: 15 additions & 1 deletion
diff --git a/‎src/NuGetGallery.Services/Authentication/PasswordAuthenticationResult.cs‎
Lines changed: 1 addition & 0 deletions b/‎src/NuGetGallery.Services/Authentication/PasswordAuthenticationResult.cs‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/NuGetGallery.Services/Configuration/FeatureFlagService.cs‎
Lines changed: 12 additions & 0 deletions b/‎src/NuGetGallery.Services/Configuration/FeatureFlagService.cs‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎src/NuGetGallery.Services/Configuration/IFeatureFlagService.cs‎
Lines changed: 14 additions & 3 deletions b/‎src/NuGetGallery.Services/Configuration/IFeatureFlagService.cs‎
Lines changed: 14 additions & 3 deletions
diff --git a/‎src/NuGetGallery.Services/Configuration/ILoginDiscontinuationConfiguration.cs‎
Lines changed: 1 addition & 0 deletions b/‎src/NuGetGallery.Services/Configuration/ILoginDiscontinuationConfiguration.cs‎
Lines changed: 1 addition & 0 deletions
@@ -86,6 +86,11 @@ public bool IsDisplayVulnerabilitiesEnabled()
             throw new NotImplementedException();
         }
 
+        public bool IsNuGetAccountPasswordLoginEnabled()
+        {
+            throw new NotImplementedException();
+        }
+
         public bool IsForceFlatContainerIconsEnabled()
         {
             throw new NotImplementedException();
@@ -141,6 +146,11 @@ public bool IsMarkdigMdRenderingEnabled()
             throw new NotImplementedException();
         }
 
+        public bool IsMarkdigMdSyntaxHighlightEnabled()
+        {
+            throw new NotImplementedException();
+        }
+
         public bool IsNewAccount2FAEnforcementEnabled()
         {
             throw new NotImplementedException();
 
@@ -41,6 +41,10 @@
   blockquote {
     font-size: @font-size-base;
   }
+
+  pre code.hljs{
+    background-color: #f6f8fa;
+  }
 } 
 
 #readme-preview {
 
@@ -125,6 +125,11 @@ public bool IsMarkdigMdRenderingEnabled()
             throw new NotImplementedException();
         }
 
+        public bool IsMarkdigMdSyntaxHighlightEnabled()
+        {
+            throw new NotImplementedException();
+        }
+
         public bool IsODataDatabaseReadOnlyEnabled()
         {
             throw new NotImplementedException();
@@ -279,5 +284,10 @@ public bool IsNewAccount2FAEnforcementEnabled()
         {
             throw new NotImplementedException();
         }
+
+        public bool IsNuGetAccountPasswordLoginEnabled()
+        {
+            throw new NotImplementedException();
+        }
     }
 }
@@ -28,6 +28,11 @@ public enum AuditedAuthenticatedOperationAction
         /// <summary>
         /// Symbol package push was attempted by a non-owner of the package
         /// </summary>
-        SymbolsPackagePushAttemptByNonOwner
+        SymbolsPackagePushAttemptByNonOwner,
+
+        /// <summary>
+        /// User attempted to login when password login is unsupported
+        /// </summary>
+        PasswordLoginUnsupported
     }
 }
@@ -33,6 +33,7 @@ public class AuthenticationService: IAuthenticationService
         private readonly IDateTimeProvider _dateTimeProvider;
         private readonly IContentObjectService _contentObjectService;
         private readonly ITelemetryService _telemetryService;
+        private readonly IFeatureFlagService _featureFlagService;
 
         /// <summary>
         /// This ctor is used for test only.
@@ -48,7 +49,7 @@ public AuthenticationService(
             IEntitiesContext entities, IAppConfiguration config, IDiagnosticsService diagnostics,
             IAuditingService auditing, IEnumerable<Authenticator> providers, ICredentialBuilder credentialBuilder,
             ICredentialValidator credentialValidator, IDateTimeProvider dateTimeProvider, ITelemetryService telemetryService,
-            IContentObjectService contentObjectService)
+            IContentObjectService contentObjectService, IFeatureFlagService featureFlagService)
         {
             InitCredentialFormatters();
 
@@ -62,6 +63,7 @@ public AuthenticationService(
             _dateTimeProvider = dateTimeProvider ?? throw new ArgumentNullException(nameof(dateTimeProvider));
             _telemetryService = telemetryService ?? throw new ArgumentNullException(nameof(telemetryService));
             _contentObjectService = contentObjectService ?? throw new ArgumentNullException(nameof(contentObjectService));
+            _featureFlagService = featureFlagService ?? throw new ArgumentNullException(nameof(featureFlagService));
         }
 
         public IEntitiesContext Entities { get; private set; }
@@ -83,6 +85,18 @@ public virtual async Task<PasswordAuthenticationResult> Authenticate(string user
             {
                 var user = FindByUserNameOrEmail(userNameOrEmail);
 
+                if (!_featureFlagService.IsNuGetAccountPasswordLoginEnabled() &&
+                !_contentObjectService.LoginDiscontinuationConfiguration.IsEmailOnExceptionsList(userNameOrEmail))
+                {
+                    _trace.Information("Password login unsupported.");
+
+                    await Auditing.SaveAuditRecordAsync(
+                        new FailedAuthenticatedOperationAuditRecord(
+                            userNameOrEmail, AuditedAuthenticatedOperationAction.PasswordLoginUnsupported));
+                    
+                    return new PasswordAuthenticationResult(PasswordAuthenticationResult.AuthenticationResult.PasswordLoginUnsupported);
+                }
+
                 // Check if the user exists
                 if (user == null)
                 {
 
@@ -8,6 +8,7 @@ public class PasswordAuthenticationResult
         public enum AuthenticationResult
         {
             AccountLocked, // The account is locked
+            PasswordLoginUnsupported, // Password login is not supported
             BadCredentials, // Bad user name or password provided
             Success // All good
         }
 
@@ -46,6 +46,7 @@ public class FeatureFlagService : IFeatureFlagService
         private const string EmbeddedReadmeFlightName = GalleryPrefix + "EmbeddedReadmes";
         private const string LicenseMdRenderingFlightName = GalleryPrefix + "LicenseMdRendering";
         private const string MarkdigMdRenderingFlightName = GalleryPrefix + "MarkdigMdRendering";
+        private const string MarkdigMdSyntaxHighlightFlightName = GalleryPrefix + "MarkdigMdSyntaxHighlight";
         private const string DeletePackageApiFlightName = GalleryPrefix + "DeletePackageApi";
         private const string ImageAllowlistFlightName = GalleryPrefix + "ImageAllowlist";
         private const string DisplayBannerFlightName = GalleryPrefix + "Banner";
@@ -54,6 +55,7 @@ public class FeatureFlagService : IFeatureFlagService
         private const string ComputeTargetFrameworkFeatureName = GalleryPrefix + "ComputeTargetFramework";
         private const string RecentPackagesNoIndexFeatureName = GalleryPrefix + "RecentPackagesNoIndex";
         private const string NewAccount2FAEnforcementFeatureName = GalleryPrefix + "NewAccount2FAEnforcement";
+        private const string NuGetAccountPasswordLoginFeatureName = GalleryPrefix + "NuGetAccountPasswordLogin";
 
         private const string ODataV1GetAllNonHijackedFeatureName = GalleryPrefix + "ODataV1GetAllNonHijacked";
         private const string ODataV1GetAllCountNonHijackedFeatureName = GalleryPrefix + "ODataV1GetAllCountNonHijacked";
@@ -334,6 +336,11 @@ public bool IsMarkdigMdRenderingEnabled()
             return _client.IsEnabled(MarkdigMdRenderingFlightName, defaultValue: false);
         }
 
+        public bool IsMarkdigMdSyntaxHighlightEnabled()
+        {
+            return _client.IsEnabled(MarkdigMdSyntaxHighlightFlightName, defaultValue: false);
+        }
+
         public bool IsDeletePackageApiEnabled(User user)
         {
             return _client.IsEnabled(DeletePackageApiFlightName, user, defaultValue: false);
@@ -368,5 +375,10 @@ public bool IsNewAccount2FAEnforcementEnabled()
         {
             return _client.IsEnabled(NewAccount2FAEnforcementFeatureName, defaultValue: false);
         }
+
+        public bool IsNuGetAccountPasswordLoginEnabled()
+        {
+            return _client.IsEnabled(NuGetAccountPasswordLoginFeatureName, defaultValue: true);
+        }
     }
 }
@@ -177,7 +177,7 @@ public interface IFeatureFlagService
         /// Whether the user is able to publish the package with an embedded readme file.
         /// </summary>
         bool AreEmbeddedReadmesEnabled(User user);
-        
+
         /// <summary>
         /// Whether the /Packages() endpoint is enabled for the V1 OData API.
         /// </summary>
@@ -262,7 +262,13 @@ public interface IFeatureFlagService
         /// Whether rendering Markdown content to HTML using Markdig is enabled
         /// </summary>
         bool IsMarkdigMdRenderingEnabled();
-        
+
+        /// <summary>
+        /// Whether rendering Markdown fenced code with syntax highlighting
+        /// </summary>
+        bool IsMarkdigMdSyntaxHighlightEnabled();
+
+        /// <summary>
         /// Whether or not the user can delete a package through the API.
         /// </summary>
         bool IsDeletePackageApiEnabled(User user);
@@ -276,7 +282,7 @@ public interface IFeatureFlagService
         /// Whether or not display the banner on nuget.org
         /// </summary>
         bool IsDisplayBannerEnabled();
-        
+
         /// <summary>
         /// Whether or not display target framework badges and table on nuget.org
         /// </summary>
@@ -296,5 +302,10 @@ public interface IFeatureFlagService
         /// Whether or not to enforce 2FA for new external account link or replacement.
         /// </summary>
         bool IsNewAccount2FAEnforcementEnabled();
+
+        /// <summary>
+        /// Whether or not NuGet.org password login is supported. NuGet.org accounts in the <see cref="LoginDiscontinuationConfiguration.ExceptionsForEmailAddresses"/> will always be supported.
+        /// </summary>
+        bool IsNuGetAccountPasswordLoginEnabled();
     }
 }
@@ -13,5 +13,6 @@ public interface ILoginDiscontinuationConfiguration
         bool IsUserOnWhitelist(User user);
         bool ShouldUserTransformIntoOrganization(User user);
         bool IsTenantIdPolicySupportedForOrganization(string emailAddress, string tenantId);
+        bool IsEmailOnExceptionsList(string emailAddress);
     }
 }
Original file line number	Diff line number	Diff line change
`@@ -86,6 +86,11 @@ public bool IsDisplayVulnerabilitiesEnabled()`
`86`	`86`	`throw new NotImplementedException();`
`87`	`87`	`}`
`88`	`88`
	`89`	`+ public bool IsNuGetAccountPasswordLoginEnabled()`
	`90`	`+ {`
	`91`	`+ throw new NotImplementedException();`
	`92`	`+ }`
	`93`	`+`
`89`	`94`	`public bool IsForceFlatContainerIconsEnabled()`
`90`	`95`	`{`
`91`	`96`	`throw new NotImplementedException();`
`@@ -141,6 +146,11 @@ public bool IsMarkdigMdRenderingEnabled()`
`141`	`146`	`throw new NotImplementedException();`
`142`	`147`	`}`
`143`	`148`
	`149`	`+ public bool IsMarkdigMdSyntaxHighlightEnabled()`
	`150`	`+ {`
	`151`	`+ throw new NotImplementedException();`
	`152`	`+ }`
	`153`	`+`
`144`	`154`	`public bool IsNewAccount2FAEnforcementEnabled()`
`145`	`155`	`{`
`146`	`156`	`throw new NotImplementedException();`
Original file line number	Diff line number	Diff line change
`@@ -41,6 +41,10 @@`
`41`	`41`	`blockquote {`
`42`	`42`	`font-size: @font-size-base;`
`43`	`43`	`}`
	`44`	`+`
	`45`	`+ pre code.hljs{`
	`46`	`+ background-color: #f6f8fa;`
	`47`	`+ }`
`44`	`48`	`}`
`45`	`49`
`46`	`50`	`#readme-preview {`
Original file line number	Diff line number	Diff line change
`@@ -125,6 +125,11 @@ public bool IsMarkdigMdRenderingEnabled()`
`125`	`125`	`throw new NotImplementedException();`
`126`	`126`	`}`
`127`	`127`
	`128`	`+ public bool IsMarkdigMdSyntaxHighlightEnabled()`
	`129`	`+ {`
	`130`	`+ throw new NotImplementedException();`
	`131`	`+ }`
	`132`	`+`
`128`	`133`	`public bool IsODataDatabaseReadOnlyEnabled()`
`129`	`134`	`{`
`130`	`135`	`throw new NotImplementedException();`
`@@ -279,5 +284,10 @@ public bool IsNewAccount2FAEnforcementEnabled()`
`279`	`284`	`{`
`280`	`285`	`throw new NotImplementedException();`
`281`	`286`	`}`
	`287`	`+`
	`288`	`+ public bool IsNuGetAccountPasswordLoginEnabled()`
	`289`	`+ {`
	`290`	`+ throw new NotImplementedException();`
	`291`	`+ }`
`282`	`292`	`}`
`283`	`293`	`}`
Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,11 @@ public enum AuditedAuthenticatedOperationAction`
`28`	`28`	`/// <summary>`
`29`	`29`	`/// Symbol package push was attempted by a non-owner of the package`
`30`	`30`	`/// </summary>`
`31`		`- SymbolsPackagePushAttemptByNonOwner`
	`31`	`+ SymbolsPackagePushAttemptByNonOwner,`
	`32`	`+`
	`33`	`+ /// <summary>`
	`34`	`+ /// User attempted to login when password login is unsupported`
	`35`	`+ /// </summary>`
	`36`	`+ PasswordLoginUnsupported`
`32`	`37`	`}`
`33`	`38`	`}`
Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,7 @@ public class PasswordAuthenticationResult`
`8`	`8`	`public enum AuthenticationResult`
`9`	`9`	`{`
`10`	`10`	`AccountLocked, // The account is locked`
	`11`	`+ PasswordLoginUnsupported, // Password login is not supported`
`11`	`12`	`BadCredentials, // Bad user name or password provided`
`12`	`13`	`Success // All good`
`13`	`14`	`}`
Original file line number	Diff line number	Diff line change
`@@ -46,6 +46,7 @@ public class FeatureFlagService : IFeatureFlagService`
`46`	`46`	`private const string EmbeddedReadmeFlightName = GalleryPrefix + "EmbeddedReadmes";`
`47`	`47`	`private const string LicenseMdRenderingFlightName = GalleryPrefix + "LicenseMdRendering";`
`48`	`48`	`private const string MarkdigMdRenderingFlightName = GalleryPrefix + "MarkdigMdRendering";`
	`49`	`+ private const string MarkdigMdSyntaxHighlightFlightName = GalleryPrefix + "MarkdigMdSyntaxHighlight";`
`49`	`50`	`private const string DeletePackageApiFlightName = GalleryPrefix + "DeletePackageApi";`
`50`	`51`	`private const string ImageAllowlistFlightName = GalleryPrefix + "ImageAllowlist";`
`51`	`52`	`private const string DisplayBannerFlightName = GalleryPrefix + "Banner";`
`@@ -54,6 +55,7 @@ public class FeatureFlagService : IFeatureFlagService`
`54`	`55`	`private const string ComputeTargetFrameworkFeatureName = GalleryPrefix + "ComputeTargetFramework";`
`55`	`56`	`private const string RecentPackagesNoIndexFeatureName = GalleryPrefix + "RecentPackagesNoIndex";`
`56`	`57`	`private const string NewAccount2FAEnforcementFeatureName = GalleryPrefix + "NewAccount2FAEnforcement";`
	`58`	`+ private const string NuGetAccountPasswordLoginFeatureName = GalleryPrefix + "NuGetAccountPasswordLogin";`
`57`	`59`
`58`	`60`	`private const string ODataV1GetAllNonHijackedFeatureName = GalleryPrefix + "ODataV1GetAllNonHijacked";`
`59`	`61`	`private const string ODataV1GetAllCountNonHijackedFeatureName = GalleryPrefix + "ODataV1GetAllCountNonHijacked";`
`@@ -334,6 +336,11 @@ public bool IsMarkdigMdRenderingEnabled()`
`334`	`336`	`return _client.IsEnabled(MarkdigMdRenderingFlightName, defaultValue: false);`
`335`	`337`	`}`
`336`	`338`
	`339`	`+ public bool IsMarkdigMdSyntaxHighlightEnabled()`
	`340`	`+ {`
	`341`	`+ return _client.IsEnabled(MarkdigMdSyntaxHighlightFlightName, defaultValue: false);`
	`342`	`+ }`
	`343`	`+`
`337`	`344`	`public bool IsDeletePackageApiEnabled(User user)`
`338`	`345`	`{`
`339`	`346`	`return _client.IsEnabled(DeletePackageApiFlightName, user, defaultValue: false);`
`@@ -368,5 +375,10 @@ public bool IsNewAccount2FAEnforcementEnabled()`
`368`	`375`	`{`
`369`	`376`	`return _client.IsEnabled(NewAccount2FAEnforcementFeatureName, defaultValue: false);`
`370`	`377`	`}`
	`378`	`+`
	`379`	`+ public bool IsNuGetAccountPasswordLoginEnabled()`
	`380`	`+ {`
	`381`	`+ return _client.IsEnabled(NuGetAccountPasswordLoginFeatureName, defaultValue: true);`
	`382`	`+ }`
`371`	`383`	`}`
`372`	`384`	`}`
Original file line number	Diff line number	Diff line change
`@@ -13,5 +13,6 @@ public interface ILoginDiscontinuationConfiguration`
`13`	`13`	`bool IsUserOnWhitelist(User user);`
`14`	`14`	`bool ShouldUserTransformIntoOrganization(User user);`
`15`	`15`	`bool IsTenantIdPolicySupportedForOrganization(string emailAddress, string tenantId);`
	`16`	`+ bool IsEmailOnExceptionsList(string emailAddress);`
`16`	`17`	`}`
`17`	`18`	`}`