Add auditing for package (un)deprecate actions (#7118)

* Add auditing for package (un)deprecate actions

* Register DeprecatedByUser data

* Fix unit tests

* PR feedback + unit test

Author: xavierdecoster

src/NuGetGallery.Core/Auditing/AuditedEntities/AuditedPackageDeprecation.cs

@@ -0,0 +1,37 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using NuGet.Services.Entities;
+using NuGetGallery.Auditing.Obfuscation;
+using System;
+
+namespace NuGetGallery.Auditing.AuditedEntities
+{
+    public class AuditedPackageDeprecation
+    {
+        public int Key { get; private set; }
+        public int PackageKey { get; private set; }
+        public int Status { get; private set; }
+        public int? AlternatePackageRegistrationKey { get; private set; }
+        public int? AlternatePackageKey { get; private set; }
+        [Obfuscate(ObfuscationType.UserKey)]
+        public int? DeprecatedByUserKey { get; private set; }
+        public DateTime DeprecatedOn { get; private set; }
+        public string CustomMessage { get; private set; }
+
+        public static AuditedPackageDeprecation CreateFrom(PackageDeprecation packageDeprecation)
+        {
+            return new AuditedPackageDeprecation
+            {
+                Key = packageDeprecation.Key,
+                PackageKey = packageDeprecation.PackageKey,
+                Status = (int)packageDeprecation.Status,
+                AlternatePackageRegistrationKey = packageDeprecation.AlternatePackageRegistrationKey,
+                AlternatePackageKey = packageDeprecation.AlternatePackageKey,
+                DeprecatedByUserKey = packageDeprecation.DeprecatedByUserKey,
+                DeprecatedOn = packageDeprecation.DeprecatedOn,
+                CustomMessage = packageDeprecation.CustomMessage
+            };
+        }
+    }
+}

src/NuGetGallery.Core/Auditing/AuditedPackageAction.cs

@@ -17,6 +17,8 @@ public enum AuditedPackageAction
         UndoEdit,
         Verify,
         SymbolsCreate,
-        SymbolsDelete
+        SymbolsDelete,
+        Deprecate,
+        Undeprecate
     }
 }

src/NuGetGallery.Core/Auditing/PackageAuditReasons.cs

@@ -28,4 +28,20 @@ public static class PackageDeletedVia
         /// </summary>
         public const string Web = "Deleted via web.";
     }
+
+    public static class PackageDeprecatedVia
+    {
+        /// <summary>
+        /// Package has been deprecated via NuGet web interface (browser)
+        /// </summary>
+        public const string Web = "Deprecated via web.";
+    }
+
+    public static class PackageUndeprecatedVia
+    {
+        /// <summary>
+        /// Package has been undeprecated via NuGet web interface (browser)
+        /// </summary>
+        public const string Web = "Undeprecated via web.";
+    }
 }

src/NuGetGallery.Core/Auditing/PackageAuditRecord.cs

@@ -3,6 +3,7 @@
 
 using NuGet.Services.Entities;
 using NuGetGallery.Auditing.AuditedEntities;
+using System.Linq;
 
 namespace NuGetGallery.Auditing
 {
@@ -14,12 +15,15 @@ public class PackageAuditRecord : AuditRecord<AuditedPackageAction>
 
         public AuditedPackage PackageRecord { get; }
         public AuditedPackageRegistration RegistrationRecord { get; }
+        public AuditedPackageDeprecation DeprecationRecord { get; }
 
         public string Reason { get; }
 
         public PackageAuditRecord(
             string id, string version, string hash,
-            AuditedPackage packageRecord, AuditedPackageRegistration registrationRecord,
+            AuditedPackage packageRecord,
+            AuditedPackageRegistration registrationRecord,
+            AuditedPackageDeprecation deprecationRecord,
             AuditedPackageAction action, string reason)
             : base(action)
         {
@@ -28,6 +32,7 @@ public PackageAuditRecord(
             Hash = hash;
             PackageRecord = packageRecord;
             RegistrationRecord = registrationRecord;
+            DeprecationRecord = deprecationRecord;
             Reason = reason;
         }
 
@@ -37,6 +42,7 @@ public PackageAuditRecord(string id, string version, AuditedPackageAction action
                   hash: "",
                   packageRecord: null,
                   registrationRecord: null,
+                  deprecationRecord: null,
                   action: action,
                   reason: reason)
         { }
@@ -47,11 +53,15 @@ public PackageAuditRecord(Package package, AuditedPackageAction action, string r
                   package.Hash,
                   packageRecord: null,
                   registrationRecord: null,
+                  deprecationRecord: null,
                   action: action,
                   reason: reason)
         {
             PackageRecord = AuditedPackage.CreateFrom(package);
             RegistrationRecord = AuditedPackageRegistration.CreateFrom(package.PackageRegistration);
+            DeprecationRecord = package.Deprecations
+                .Select(d => AuditedPackageDeprecation.CreateFrom(d))
+                .SingleOrDefault();
         }
 
         public PackageAuditRecord(Package package, AuditedPackageAction action)
@@ -60,11 +70,15 @@ public PackageAuditRecord(Package package, AuditedPackageAction action)
                   package.Hash,
                   packageRecord: null,
                   registrationRecord: null,
+                  deprecationRecord: null,
                   action: action,
                   reason: null)
         {
             PackageRecord = AuditedPackage.CreateFrom(package);
             RegistrationRecord = AuditedPackageRegistration.CreateFrom(package.PackageRegistration);
+            DeprecationRecord = package.Deprecations
+                .Select(d => AuditedPackageDeprecation.CreateFrom(d))
+                .SingleOrDefault();
         }
 
         public override string GetPath()

src/NuGetGallery.Core/NuGetGallery.Core.csproj

@@ -64,6 +64,7 @@
     <Compile Include="Auditing\AggregateAuditingService.cs" />
     <Compile Include="Auditing\AuditedCertificateAction.cs" />
     <Compile Include="Auditing\AuditedDeleteAccountAction.cs" />
+    <Compile Include="Auditing\AuditedEntities\AuditedPackageDeprecation.cs" />
     <Compile Include="Auditing\CertificateAuditRecord.cs" />
     <Compile Include="Auditing\Obfuscation\ObfuscateAttribute.cs" />
     <Compile Include="Auditing\Obfuscation\ObfuscationType.cs" />

src/NuGetGallery/Controllers/ManageDeprecationJsonApiController.cs

@@ -9,22 +9,26 @@
 using System.Web.Mvc;
 using NuGet.Services.Entities;
 using NuGet.Versioning;
+using NuGetGallery.Auditing;
 using NuGetGallery.Filters;
 
 namespace NuGetGallery
 {
     public partial class ManageDeprecationJsonApiController
         : AppController
     {
+        private readonly IAuditingService _auditingService;
         private readonly IPackageService _packageService;
         private readonly IPackageDeprecationService _deprecationService;
         private readonly IFeatureFlagService _featureFlagService;
 
         public ManageDeprecationJsonApiController(
+            IAuditingService auditingService,
             IPackageService packageService,
             IPackageDeprecationService deprecationService,
             IFeatureFlagService featureFlagService)
         {
+            _auditingService = auditingService ?? throw new ArgumentNullException(nameof(auditingService));
             _packageService = packageService ?? throw new ArgumentNullException(nameof(packageService));
             _deprecationService = deprecationService ?? throw new ArgumentNullException(nameof(deprecationService));
             _featureFlagService = featureFlagService ?? throw new ArgumentNullException(nameof(featureFlagService));
@@ -162,7 +166,18 @@ await _deprecationService.UpdateDeprecation(
                 status,
                 alternatePackageRegistration,
                 alternatePackage,
-                customMessage);
+                customMessage,
+                currentUser);
+
+            foreach (var packageToUpdate in packagesToUpdate)
+            {
+                await _auditingService.SaveAuditRecordAsync(
+                    new PackageAuditRecord(
+                        packageToUpdate,
+                        status == PackageDeprecationStatus.NotDeprecated ? AuditedPackageAction.Undeprecate : AuditedPackageAction.Deprecate,
+                        status == PackageDeprecationStatus.NotDeprecated ? PackageUndeprecatedVia.Web : PackageDeprecatedVia.Web));
+
+            }
 
             return Json(HttpStatusCode.OK);
         }

src/NuGetGallery/Services/IPackageDeprecationService.cs

@@ -21,7 +21,8 @@ Task UpdateDeprecation(
             PackageDeprecationStatus status,
             PackageRegistration alternatePackageRegistration,
             Package alternatePackage,
-            string customMessage);
+            string customMessage,
+            User user);
 
         PackageDeprecation GetDeprecationByPackage(Package package);
     }

src/NuGetGallery/Services/PackageDeleteService.cs

@@ -414,6 +414,7 @@ public async Task ReflowHardDeletedPackageAsync(string id, string version)
                 hash: string.Empty,
                 packageRecord: null,
                 registrationRecord: null,
+                deprecationRecord: null,
                 action: AuditedPackageAction.Delete,
                 reason: "reflow hard-deleted package");
 

src/NuGetGallery/Services/PackageDeprecationService.cs

@@ -25,13 +25,19 @@ public async Task UpdateDeprecation(
            PackageDeprecationStatus status,
            PackageRegistration alternatePackageRegistration,
            Package alternatePackage,
-           string customMessage)
+           string customMessage,
+           User user)
         {
             if (packages == null || !packages.Any())
             {
                 throw new ArgumentException(nameof(packages));
             }
 
+            if (user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+
             var shouldDelete = status == PackageDeprecationStatus.NotDeprecated;
             var deprecations = new List<PackageDeprecation>();
             foreach (var package in packages)
@@ -59,6 +65,7 @@ public async Task UpdateDeprecation(
                     }
 
                     deprecation.Status = status;
+                    deprecation.DeprecatedByUser = user;
 
                     deprecation.AlternatePackageRegistration = alternatePackageRegistration;
                     deprecation.AlternatePackage = alternatePackage;

tests/NuGetGallery.Core.Facts/Auditing/AuditedPackageActionTests.cs

@@ -21,7 +21,9 @@ public void Definition_HasNotChanged()
                 "UndoEdit",
                 "Verify",
                 "SymbolsCreate",
-                "SymbolsDelete"
+                "SymbolsDelete",
+                "Deprecate",
+                "Undeprecate"
             };
 
             Verify(typeof(AuditedPackageAction), expectedNames);