Audit add and remove ownership request action (#8764)

Progress on NuGet/Engineering#3994

Author: joelverhagen

src/NuGetGallery.Core/Auditing/AuditedPackageRegistrationAction.cs

@@ -9,6 +9,8 @@ public enum AuditedPackageRegistrationAction
         RemoveOwner,
         MarkVerified,
         MarkUnverified,
-        SetRequiredSigner
+        SetRequiredSigner,
+        AddOwnershipRequest,
+        DeleteOwnershipRequest,
     }
 }

src/NuGetGallery.Core/Auditing/PackageRegistrationAuditRecord.cs

@@ -14,6 +14,8 @@ public class PackageRegistrationAuditRecord : AuditRecord<AuditedPackageRegistra
         public string Owner { get; }
         public string PreviousRequiredSigner { get; private set; }
         public string NewRequiredSigner { get; private set; }
+        public string RequestingOwner { get; private set; }
+        public string NewOwner { get; private set; }
 
         public PackageRegistrationAuditRecord(
             string id, AuditedPackageRegistration registrationRecord, AuditedPackageRegistrationAction action, string owner)
@@ -55,5 +57,58 @@ public static PackageRegistrationAuditRecord CreateForSetRequiredSigner(
 
             return record;
         }
+
+        private static PackageRegistrationAuditRecord CreateForOwnerRequest(
+            PackageRegistration registration,
+            string requestingOwner,
+            string newOwner,
+            AuditedPackageRegistrationAction action)
+        {
+            if (registration == null)
+            {
+                throw new ArgumentNullException(nameof(registration));
+            }
+
+            if (requestingOwner == null)
+            {
+                throw new ArgumentNullException(nameof(requestingOwner));
+            }
+
+            if (newOwner == null)
+            {
+                throw new ArgumentNullException(nameof(newOwner));
+            }
+
+            var record = new PackageRegistrationAuditRecord(registration, action, owner: null);
+
+            record.RequestingOwner = requestingOwner;
+            record.NewOwner = newOwner;
+
+            return record;
+        }
+
+        public static PackageRegistrationAuditRecord CreateForAddOwnershipRequest(
+            PackageRegistration registration,
+            string requestingOwner,
+            string newOwner)
+        {
+            return CreateForOwnerRequest(
+                registration,
+                requestingOwner,
+                newOwner,
+                AuditedPackageRegistrationAction.AddOwnershipRequest);
+        }
+
+        public static PackageRegistrationAuditRecord CreateForDeleteOwnershipRequest(
+            PackageRegistration registration,
+            string requestingOwner,
+            string newOwner)
+        {
+            return CreateForOwnerRequest(
+                registration,
+                requestingOwner,
+                newOwner,
+                AuditedPackageRegistrationAction.DeleteOwnershipRequest);
+        }
     }
 }

src/NuGetGallery.Core/NuGetGallery.Core.csproj

@@ -43,6 +43,9 @@
   </ItemGroup>
 
   <ItemGroup>
+    <PackageReference Include="Microsoft.IdentityModel.Clients.ActiveDirectory">
+      <Version>5.2.6</Version>
+    </PackageReference>
     <PackageReference Include="NuGet.Packaging">
       <Version>5.9.0</Version>
     </PackageReference>

src/NuGetGallery.Services/PackageManagement/IPackageOwnerRequestService.cs

@@ -10,14 +10,23 @@ namespace NuGetGallery
     public interface IPackageOwnerRequestService
     {
         /// <summary>
-        /// Gets <see cref="PackageOwnerRequest"/>s that match the provided conditions.
+        /// Gets <see cref="PackageOwnerRequest"/>s that match the provided conditions. User entities on the returned requests are not populated.
         /// </summary>
         /// <param name="package">If nonnull, only returns <see cref="PackageOwnerRequest"/>s that are for this package.</param>
         /// <param name="requestingOwner">If nonnull, only returns <see cref="PackageOwnerRequest"/>s that were requested by this owner.</param>
         /// <param name="newOwner">If nonnull, only returns <see cref="PackageOwnerRequest"/>s that are for this user to become an owner.</param>
         /// <returns>An <see cref="IEnumerable{PackageOwnerRequest}"/> containing all objects that matched the conditions.</returns>
         IEnumerable<PackageOwnerRequest> GetPackageOwnershipRequests(PackageRegistration package = null, User requestingOwner = null, User newOwner = null);
 
+        /// <summary>
+        /// Gets <see cref="PackageOwnerRequest"/>s that match the provided conditions. User entities on the returned requests are populated.
+        /// </summary>
+        /// <param name="package">If nonnull, only returns <see cref="PackageOwnerRequest"/>s that are for this package.</param>
+        /// <param name="requestingOwner">If nonnull, only returns <see cref="PackageOwnerRequest"/>s that were requested by this owner.</param>
+        /// <param name="newOwner">If nonnull, only returns <see cref="PackageOwnerRequest"/>s that are for this user to become an owner.</param>
+        /// <returns>An <see cref="IEnumerable{PackageOwnerRequest}"/> containing all objects that matched the conditions.</returns>
+        IEnumerable<PackageOwnerRequest> GetPackageOwnershipRequestsWithUsers(PackageRegistration package = null, User requestingOwner = null, User newOwner = null);
+
         /// <summary>
         /// Checks if the pending owner has a request for this package which matches the specified token.
         /// </summary>

src/NuGetGallery.Services/PackageManagement/PackageOwnerRequestService.cs

@@ -45,10 +45,37 @@ public PackageOwnerRequest GetPackageOwnershipRequest(PackageRegistration packag
             return request.ConfirmationCode == token ? request : null;
         }
 
-        public IEnumerable<PackageOwnerRequest> GetPackageOwnershipRequests(PackageRegistration package = null, User requestingOwner = null, User newOwner = null)
+        public IEnumerable<PackageOwnerRequest> GetPackageOwnershipRequests(
+            PackageRegistration package = null,
+            User requestingOwner = null,
+            User newOwner = null)
+        {
+            return GetPackageOwnershipRequests(includeUsers: false, package, requestingOwner, newOwner);
+        }
+
+        public IEnumerable<PackageOwnerRequest> GetPackageOwnershipRequestsWithUsers(
+            PackageRegistration package = null,
+            User requestingOwner = null,
+            User newOwner = null)
+        {
+            return GetPackageOwnershipRequests(includeUsers: true, package, requestingOwner, newOwner);
+        }
+
+        private IEnumerable<PackageOwnerRequest> GetPackageOwnershipRequests(
+            bool includeUsers,
+            PackageRegistration package,
+            User requestingOwner,
+            User newOwner)
         {
             var query = _packageOwnerRequestRepository.GetAll().Include(e => e.PackageRegistration);
 
+            if (includeUsers)
+            {
+                query = query
+                    .Include(x => x.RequestingOwner)
+                    .Include(x => x.NewOwner);
+            }
+
             if (package != null)
             {
                 query = query.Where(r => r.PackageRegistrationKey == package.Key);
@@ -101,18 +128,23 @@ public async Task<PackageOwnerRequest> AddPackageOwnershipRequest(PackageRegistr
 
             _packageOwnerRequestRepository.InsertOnCommit(newRequest);
             await _packageOwnerRequestRepository.CommitChangesAsync();
+
             return newRequest;
         }
 
         public async Task DeletePackageOwnershipRequest(PackageOwnerRequest request, bool commitChanges = true)
         {
+            if (request == null)
+            {
+                throw new ArgumentNullException(nameof(request));
+            }
+
             _packageOwnerRequestRepository.DeleteOnCommit(request);
 
             if (commitChanges)
             {
                 await _packageOwnerRequestRepository.CommitChangesAsync();
             }
         }
-        
     }
 }

src/NuGetGallery.Services/PackageManagement/PackageOwnershipManagementService.cs

@@ -95,12 +95,22 @@ private async Task AddPackageOwnerTask(PackageRegistration packageRegistration,
 
             await _packageService.AddPackageOwnerAsync(packageRegistration, user, commitChanges);
 
-            await DeletePackageOwnershipRequestAsync(packageRegistration, user, commitChanges);
+            // Delete any ownership request related to this new owner, since the work is done. Don't audit since the
+            // "add owner" operation is audited itself. Having a "delete package ownership" audit here would be confusing
+            // because the intended user action was to add an owner, not to reject (delete) an ownership request.
+            await DeletePackageOwnershipRequestAsync(packageRegistration, user, commitChanges, saveAudit: false);
         }
 
         public async Task<PackageOwnerRequest> AddPackageOwnershipRequestAsync(PackageRegistration packageRegistration, User requestingOwner, User newOwner)
         {
-            return await _packageOwnerRequestService.AddPackageOwnershipRequest(packageRegistration, requestingOwner, newOwner);
+            var request = await _packageOwnerRequestService.AddPackageOwnershipRequest(packageRegistration, requestingOwner, newOwner);
+
+            await _auditingService.SaveAuditRecordAsync(PackageRegistrationAuditRecord.CreateForAddOwnershipRequest(
+                packageRegistration,
+                requestingOwner.Username,
+                newOwner.Username));
+
+            return request;
         }
 
         public PackageOwnerRequest GetPackageOwnershipRequest(PackageRegistration package, User pendingOwner, string token)
@@ -184,6 +194,11 @@ private async Task RemovePackageOwnerImplAsync(PackageRegistration packageRegist
         }
 
         public async Task DeletePackageOwnershipRequestAsync(PackageRegistration packageRegistration, User newOwner, bool commitChanges = true)
+        {
+            await DeletePackageOwnershipRequestAsync(packageRegistration, newOwner, commitChanges, saveAudit: true);
+        }
+
+        private async Task DeletePackageOwnershipRequestAsync(PackageRegistration packageRegistration, User newOwner, bool commitChanges, bool saveAudit)
         {
             if (packageRegistration == null)
             {
@@ -195,10 +210,25 @@ public async Task DeletePackageOwnershipRequestAsync(PackageRegistration package
                 throw new ArgumentNullException(nameof(newOwner));
             }
 
-            var request = _packageOwnerRequestService.GetPackageOwnershipRequests(package: packageRegistration, newOwner: newOwner).FirstOrDefault();
+            var request = _packageOwnerRequestService
+                .GetPackageOwnershipRequestsWithUsers(package: packageRegistration, newOwner: newOwner)
+                .FirstOrDefault();
             if (request != null)
             {
+                // We must capture this audit record prior to the actual deletion operation. Deletion of an entity in
+                // Entity Framework clears the relationship properties cause us to lose the information needed to create
+                // the audit record. The package ID and usernames become unavailable.
+                var auditRecord = PackageRegistrationAuditRecord.CreateForDeleteOwnershipRequest(
+                    request.PackageRegistration,
+                    request.RequestingOwner.Username,
+                    request.NewOwner.Username);
+
                 await _packageOwnerRequestService.DeletePackageOwnershipRequest(request, commitChanges);
+
+                if (saveAudit)
+                {
+                    await _auditingService.SaveAuditRecordAsync(auditRecord);
+                }
             }
         }
 

src/NuGetGallery/NuGetGallery.csproj

@@ -2212,9 +2212,6 @@
     <PackageReference Include="Microsoft.Extensions.Logging.Abstractions">
       <Version>2.2.0</Version>
     </PackageReference>
-    <PackageReference Include="Microsoft.IdentityModel.Clients.ActiveDirectory">
-      <Version>5.2.6</Version>
-    </PackageReference>
     <PackageReference Include="Microsoft.Net.Http">
       <Version>2.2.29</Version>
     </PackageReference>

tests/NuGetGallery.Core.Facts/Auditing/AuditedPackageRegistrationActionTests.cs

@@ -16,7 +16,9 @@ public void Definition_HasNotChanged()
                 "RemoveOwner",
                 "MarkVerified",
                 "MarkUnverified",
-                "SetRequiredSigner"
+                "SetRequiredSigner",
+                "AddOwnershipRequest",
+                "DeleteOwnershipRequest",
             };
 
             Verify(typeof(AuditedPackageRegistrationAction), expectedNames);

tests/NuGetGallery.Core.Facts/Auditing/PackageRegistrationAuditRecordTests.cs

@@ -38,6 +38,34 @@ public void GetPath_ReturnsLowerCasedId()
             Assert.Equal("a", actualPath);
         }
 
+        [Fact]
+        public void CreateForAddOwnershipRequest_InitializesProperties()
+        {
+            var record = PackageRegistrationAuditRecord.CreateForAddOwnershipRequest(
+                new PackageRegistration { Id = "NuGet.Versioning" },
+                requestingOwner: "NuGet",
+                newOwner: "Microsoft");
+
+            Assert.Equal("NuGet.Versioning", record.Id);
+            Assert.Equal("NuGet", record.RequestingOwner);
+            Assert.Equal("Microsoft", record.NewOwner);
+            Assert.Equal(AuditedPackageRegistrationAction.AddOwnershipRequest, record.Action);
+        }
+
+        [Fact]
+        public void CreateForDeleteOwnershipRequest_InitializesProperties()
+        {
+            var record = PackageRegistrationAuditRecord.CreateForDeleteOwnershipRequest(
+                new PackageRegistration { Id = "NuGet.Versioning" },
+                requestingOwner: "NuGet",
+                newOwner: "Microsoft");
+
+            Assert.Equal("NuGet.Versioning", record.Id);
+            Assert.Equal("NuGet", record.RequestingOwner);
+            Assert.Equal("Microsoft", record.NewOwner);
+            Assert.Equal(AuditedPackageRegistrationAction.DeleteOwnershipRequest, record.Action);
+        }
+
         [Fact]
         public void CreateForSetRequiredSigner_WhenRegistrationIsNull_Throws()
         {

tests/NuGetGallery.Facts/Controllers/ApiControllerFacts.cs

@@ -2659,10 +2659,10 @@ public async Task ReturnsProperResult(
 
         public class PackageVerificationKeyContainer : TestContainer
         {
-            public static int UserKey = 1234;
-            public static string Username = "testuser";
-            public static string PackageId = "foo";
-            public static string PackageVersion = "1.0.0";
+            public const int UserKey = 1234;
+            public const string Username = "testuser";
+            public const string PackageId = "foo";
+            public string PackageVersion = "1.0.0";
 
             internal TestableApiController SetupController(string keyType, Scope scope, Package package, bool isOwner = true)
             {