Fix deprecation custom message issues (#7284)

Scott Bommarito · web-flow · commit d8dc32d9992e · 2019-06-21T11:20:07.000-07:00
diff --git a/src/NuGetGallery/Controllers/ManageDeprecationJsonApiController.cs b/src/NuGetGallery/Controllers/ManageDeprecationJsonApiController.cs
@@ -9,14 +9,16 @@
 using System.Web.Mvc;
 using NuGet.Services.Entities;
 using NuGet.Versioning;
-using NuGetGallery.Auditing;
 using NuGetGallery.Filters;
+using NuGetGallery.RequestModels;
 
 namespace NuGetGallery
 {
     public partial class ManageDeprecationJsonApiController
         : AppController
     {
+        private const int MaxCustomMessageLength = 1000;
+
         private readonly IPackageService _packageService;
         private readonly IPackageDeprecationService _deprecationService;
         private readonly IFeatureFlagService _featureFlagService;
@@ -50,28 +52,22 @@ public virtual JsonResult GetAlternatePackageVersions(string id)
         [RequiresAccountConfirmation("deprecate a package")]
         [ValidateAntiForgeryToken]
         public virtual async Task<JsonResult> Deprecate(
-            string id,
-            IEnumerable<string> versions,
-            bool isLegacy,
-            bool hasCriticalBugs,
-            bool isOther,
-            string alternatePackageId,
-            string alternatePackageVersion,
-            string customMessage)
+            DeprecatePackageRequest request)
         {
             var status = PackageDeprecationStatus.NotDeprecated;
 
-            if (isLegacy)
+            if (request.IsLegacy)
             {
                 status |= PackageDeprecationStatus.Legacy;
             }
 
-            if (hasCriticalBugs)
+            if (request.HasCriticalBugs)
             {
                 status |= PackageDeprecationStatus.CriticalBugs;
             }
 
-            if (isOther)
+            var customMessage = request.CustomMessage;
+            if (request.IsOther)
             {
                 if (string.IsNullOrWhiteSpace(customMessage))
                 {
@@ -81,19 +77,29 @@ public virtual async Task<JsonResult> Deprecate(
                 status |= PackageDeprecationStatus.Other;
             }
 
-            if (versions == null || !versions.Any())
+            if (customMessage != null)
+            {
+                if (customMessage.Length > MaxCustomMessageLength)
+                {
+                    return DeprecateErrorResponse(
+                        HttpStatusCode.BadRequest,
+                        string.Format(Strings.DeprecatePackage_CustomMessageTooLong, MaxCustomMessageLength));
+                }
+            }
+
+            if (request.Versions == null || !request.Versions.Any())
             {
                 return DeprecateErrorResponse(HttpStatusCode.BadRequest, Strings.DeprecatePackage_NoVersions);
             }
 
-            var packages = _packageService.FindPackagesById(id, PackageDeprecationFieldsToInclude.DeprecationAndRelationships);
+            var packages = _packageService.FindPackagesById(request.Id, PackageDeprecationFieldsToInclude.DeprecationAndRelationships);
             var registration = packages.FirstOrDefault()?.PackageRegistration;
             if (registration == null)
             {
                 // This should only happen if someone hacks the form or if the package is deleted while the user is filling out the form.
                 return DeprecateErrorResponse(
                     HttpStatusCode.NotFound,
-                    string.Format(Strings.DeprecatePackage_MissingRegistration, id));
+                    string.Format(Strings.DeprecatePackage_MissingRegistration, request.Id));
             }
 
             var currentUser = GetCurrentUser();
@@ -111,37 +117,37 @@ public virtual async Task<JsonResult> Deprecate(
             {
                 return DeprecateErrorResponse(
                     HttpStatusCode.Forbidden,
-                    string.Format(Strings.DeprecatePackage_Locked, id));
+                    string.Format(Strings.DeprecatePackage_Locked, request.Id));
             }
 
             PackageRegistration alternatePackageRegistration = null;
             Package alternatePackage = null;
-            if (!string.IsNullOrWhiteSpace(alternatePackageId))
+            if (!string.IsNullOrWhiteSpace(request.AlternatePackageId))
             {
-                if (!string.IsNullOrWhiteSpace(alternatePackageVersion))
+                if (!string.IsNullOrWhiteSpace(request.AlternatePackageVersion))
                 {
-                    alternatePackage = _packageService.FindPackageByIdAndVersionStrict(alternatePackageId, alternatePackageVersion);
+                    alternatePackage = _packageService.FindPackageByIdAndVersionStrict(request.AlternatePackageId, request.AlternatePackageVersion);
                     if (alternatePackage == null)
                     {
                         return DeprecateErrorResponse(
                             HttpStatusCode.NotFound,
-                            string.Format(Strings.DeprecatePackage_NoAlternatePackage, alternatePackageId, alternatePackageVersion));
+                            string.Format(Strings.DeprecatePackage_NoAlternatePackage, request.AlternatePackageId, request.AlternatePackageVersion));
                     }
                 }
                 else
                 {
-                    alternatePackageRegistration = _packageService.FindPackageRegistrationById(alternatePackageId);
+                    alternatePackageRegistration = _packageService.FindPackageRegistrationById(request.AlternatePackageId);
                     if (alternatePackageRegistration == null)
                     {
                         return DeprecateErrorResponse(
                             HttpStatusCode.NotFound,
-                            string.Format(Strings.DeprecatePackage_NoAlternatePackageRegistration, alternatePackageId));
+                            string.Format(Strings.DeprecatePackage_NoAlternatePackageRegistration, request.AlternatePackageId));
                     }
                 }
             }
 
             var packagesToUpdate = new List<Package>();
-            foreach (var version in versions)
+            foreach (var version in request.Versions)
             {
                 var normalizedVersion = NuGetVersionFormatter.Normalize(version);
                 var package = packages.SingleOrDefault(v => v.NormalizedVersion == normalizedVersion);
@@ -150,7 +156,7 @@ public virtual async Task<JsonResult> Deprecate(
                     // This should only happen if someone hacks the form or if a version of the package is deleted while the user is filling out the form.
                     return DeprecateErrorResponse(
                         HttpStatusCode.NotFound,
-                        string.Format(Strings.DeprecatePackage_MissingVersion, id));
+                        string.Format(Strings.DeprecatePackage_MissingVersion, request.Id));
                 }
                 else
                 {
diff --git a/src/NuGetGallery/NuGetGallery.csproj b/src/NuGetGallery/NuGetGallery.csproj
@@ -252,6 +252,7 @@
     <Compile Include="Migrations\201905071526573_DevelopmentDependencyMetadata.Designer.cs">
       <DependentUpon>201905071526573_DevelopmentDependencyMetadata.cs</DependentUpon>
     </Compile>
+    <Compile Include="RequestModels\DeprecatePackageRequest.cs" />
     <Compile Include="Services\IPackageDeprecationService.cs" />
     <Compile Include="Queries\AutocompleteDatabasePackageIdsQuery.cs" />
     <Compile Include="Queries\AutocompleteDatabasePackageVersionsQuery.cs" />
diff --git a/src/NuGetGallery/RequestModels/DeprecatePackageRequest.cs b/src/NuGetGallery/RequestModels/DeprecatePackageRequest.cs
@@ -0,0 +1,22 @@
+﻿// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Collections.Generic;
+using System.Web.Mvc;
+
+namespace NuGetGallery.RequestModels
+{
+    public class DeprecatePackageRequest
+    {
+        public string Id { get; set; }
+        public IEnumerable<string> Versions { get; set; }
+        public bool IsLegacy { get; set; }
+        public bool HasCriticalBugs { get; set; }
+        public bool IsOther { get; set; }
+        public string AlternatePackageId { get; set; }
+        public string AlternatePackageVersion { get; set; }
+
+        [AllowHtml]
+        public string CustomMessage { get; set; }
+    }
+}
diff --git a/src/NuGetGallery/Strings.Designer.cs b/src/NuGetGallery/Strings.Designer.cs
diff --git a/src/NuGetGallery/Strings.resx b/src/NuGetGallery/Strings.resx
@@ -1121,4 +1121,7 @@ The {1} Team</value>
   <data name="UploadPackage_EmbeddedIconNotAccepted" xml:space="preserve">
     <value>The &lt;icon&gt; element is not currently supported.</value>
   </data>
+  <data name="DeprecatePackage_CustomMessageTooLong" xml:space="preserve">
+    <value>Your custom message is too long. It must be under {0} characters.</value>
+  </data>
 </root>
diff --git a/src/NuGetGallery/Views/Packages/_DisplayPackageDeprecation.cshtml b/src/NuGetGallery/Views/Packages/_DisplayPackageDeprecation.cshtml
@@ -63,7 +63,7 @@
             @if (!string.IsNullOrEmpty(Model.CustomMessage))
             {
                 <b>Additional Details</b>
-                <p>@Model.CustomMessage</p>
+                <p>@Html.PreFormattedText(Model.CustomMessage)</p>
             }
         </div>
     </div>
diff --git a/tests/NuGetGallery.Facts/Controllers/ManageDeprecationJsonApiControllerFacts.cs b/tests/NuGetGallery.Facts/Controllers/ManageDeprecationJsonApiControllerFacts.cs

Original file line number	Diff line number	Diff line change
`@@ -9,14 +9,16 @@`
`9`	`9`	`using System.Web.Mvc;`
`10`	`10`	`using NuGet.Services.Entities;`
`11`	`11`	`using NuGet.Versioning;`
`12`		`-using NuGetGallery.Auditing;`
`13`	`12`	`using NuGetGallery.Filters;`
	`13`	`+using NuGetGallery.RequestModels;`
`14`	`14`
`15`	`15`	`namespace NuGetGallery`
`16`	`16`	`{`
`17`	`17`	`public partial class ManageDeprecationJsonApiController`
`18`	`18`	`: AppController`
`19`	`19`	`{`
	`20`	`+ private const int MaxCustomMessageLength = 1000;`
	`21`	`+`
`20`	`22`	`private readonly IPackageService _packageService;`
`21`	`23`	`private readonly IPackageDeprecationService _deprecationService;`
`22`	`24`	`private readonly IFeatureFlagService _featureFlagService;`
`@@ -50,28 +52,22 @@ public virtual JsonResult GetAlternatePackageVersions(string id)`
`50`	`52`	`[RequiresAccountConfirmation("deprecate a package")]`
`51`	`53`	`[ValidateAntiForgeryToken]`
`52`	`54`	`public virtual async Task<JsonResult> Deprecate(`
`53`		`- string id,`
`54`		`- IEnumerable<string> versions,`
`55`		`- bool isLegacy,`
`56`		`- bool hasCriticalBugs,`
`57`		`- bool isOther,`
`58`		`- string alternatePackageId,`
`59`		`- string alternatePackageVersion,`
`60`		`- string customMessage)`
	`55`	`+ DeprecatePackageRequest request)`
`61`	`56`	`{`
`62`	`57`	`var status = PackageDeprecationStatus.NotDeprecated;`
`63`	`58`
`64`		`- if (isLegacy)`
	`59`	`+ if (request.IsLegacy)`
`65`	`60`	`{`
`66`	`61`	`status \|= PackageDeprecationStatus.Legacy;`
`67`	`62`	`}`
`68`	`63`
`69`		`- if (hasCriticalBugs)`
	`64`	`+ if (request.HasCriticalBugs)`
`70`	`65`	`{`
`71`	`66`	`status \|= PackageDeprecationStatus.CriticalBugs;`
`72`	`67`	`}`
`73`	`68`
`74`		`- if (isOther)`
	`69`	`+ var customMessage = request.CustomMessage;`
	`70`	`+ if (request.IsOther)`
`75`	`71`	`{`
`76`	`72`	`if (string.IsNullOrWhiteSpace(customMessage))`
`77`	`73`	`{`
`@@ -81,19 +77,29 @@ public virtual async Task<JsonResult> Deprecate(`
`81`	`77`	`status \|= PackageDeprecationStatus.Other;`
`82`	`78`	`}`
`83`	`79`
`84`		`- if (versions == null \|\| !versions.Any())`
	`80`	`+ if (customMessage != null)`
	`81`	`+ {`
	`82`	`+ if (customMessage.Length > MaxCustomMessageLength)`
	`83`	`+ {`
	`84`	`+ return DeprecateErrorResponse(`
	`85`	`+ HttpStatusCode.BadRequest,`
	`86`	`+ string.Format(Strings.DeprecatePackage_CustomMessageTooLong, MaxCustomMessageLength));`
	`87`	`+ }`
	`88`	`+ }`
	`89`	`+`
	`90`	`+ if (request.Versions == null \|\| !request.Versions.Any())`
`85`	`91`	`{`
`86`	`92`	`return DeprecateErrorResponse(HttpStatusCode.BadRequest, Strings.DeprecatePackage_NoVersions);`
`87`	`93`	`}`
`88`	`94`
`89`		`- var packages = _packageService.FindPackagesById(id, PackageDeprecationFieldsToInclude.DeprecationAndRelationships);`
	`95`	`+ var packages = _packageService.FindPackagesById(request.Id, PackageDeprecationFieldsToInclude.DeprecationAndRelationships);`
`90`	`96`	`var registration = packages.FirstOrDefault()?.PackageRegistration;`
`91`	`97`	`if (registration == null)`
`92`	`98`	`{`
`93`	`99`	`// This should only happen if someone hacks the form or if the package is deleted while the user is filling out the form.`
`94`	`100`	`return DeprecateErrorResponse(`
`95`	`101`	`HttpStatusCode.NotFound,`
`96`		`- string.Format(Strings.DeprecatePackage_MissingRegistration, id));`
	`102`	`+ string.Format(Strings.DeprecatePackage_MissingRegistration, request.Id));`
`97`	`103`	`}`
`98`	`104`
`99`	`105`	`var currentUser = GetCurrentUser();`
`@@ -111,37 +117,37 @@ public virtual async Task<JsonResult> Deprecate(`
`111`	`117`	`{`
`112`	`118`	`return DeprecateErrorResponse(`
`113`	`119`	`HttpStatusCode.Forbidden,`
`114`		`- string.Format(Strings.DeprecatePackage_Locked, id));`
	`120`	`+ string.Format(Strings.DeprecatePackage_Locked, request.Id));`
`115`	`121`	`}`
`116`	`122`
`117`	`123`	`PackageRegistration alternatePackageRegistration = null;`
`118`	`124`	`Package alternatePackage = null;`
`119`		`- if (!string.IsNullOrWhiteSpace(alternatePackageId))`
	`125`	`+ if (!string.IsNullOrWhiteSpace(request.AlternatePackageId))`
`120`	`126`	`{`
`121`		`- if (!string.IsNullOrWhiteSpace(alternatePackageVersion))`
	`127`	`+ if (!string.IsNullOrWhiteSpace(request.AlternatePackageVersion))`
`122`	`128`	`{`
`123`		`- alternatePackage = _packageService.FindPackageByIdAndVersionStrict(alternatePackageId, alternatePackageVersion);`
	`129`	`+ alternatePackage = _packageService.FindPackageByIdAndVersionStrict(request.AlternatePackageId, request.AlternatePackageVersion);`
`124`	`130`	`if (alternatePackage == null)`
`125`	`131`	`{`
`126`	`132`	`return DeprecateErrorResponse(`
`127`	`133`	`HttpStatusCode.NotFound,`
`128`		`- string.Format(Strings.DeprecatePackage_NoAlternatePackage, alternatePackageId, alternatePackageVersion));`
	`134`	`+ string.Format(Strings.DeprecatePackage_NoAlternatePackage, request.AlternatePackageId, request.AlternatePackageVersion));`
`129`	`135`	`}`
`130`	`136`	`}`
`131`	`137`	`else`
`132`	`138`	`{`
`133`		`- alternatePackageRegistration = _packageService.FindPackageRegistrationById(alternatePackageId);`
	`139`	`+ alternatePackageRegistration = _packageService.FindPackageRegistrationById(request.AlternatePackageId);`
`134`	`140`	`if (alternatePackageRegistration == null)`
`135`	`141`	`{`
`136`	`142`	`return DeprecateErrorResponse(`
`137`	`143`	`HttpStatusCode.NotFound,`
`138`		`- string.Format(Strings.DeprecatePackage_NoAlternatePackageRegistration, alternatePackageId));`
	`144`	`+ string.Format(Strings.DeprecatePackage_NoAlternatePackageRegistration, request.AlternatePackageId));`
`139`	`145`	`}`
`140`	`146`	`}`
`141`	`147`	`}`
`142`	`148`
`143`	`149`	`var packagesToUpdate = new List<Package>();`
`144`		`- foreach (var version in versions)`
	`150`	`+ foreach (var version in request.Versions)`
`145`	`151`	`{`
`146`	`152`	`var normalizedVersion = NuGetVersionFormatter.Normalize(version);`
`147`	`153`	`var package = packages.SingleOrDefault(v => v.NormalizedVersion == normalizedVersion);`
`@@ -150,7 +156,7 @@ public virtual async Task<JsonResult> Deprecate(`
`150`	`156`	`// This should only happen if someone hacks the form or if a version of the package is deleted while the user is filling out the form.`
`151`	`157`	`return DeprecateErrorResponse(`
`152`	`158`	`HttpStatusCode.NotFound,`
`153`		`- string.Format(Strings.DeprecatePackage_MissingVersion, id));`
	`159`	`+ string.Format(Strings.DeprecatePackage_MissingVersion, request.Id));`
`154`	`160`	`}`
`155`	`161`	`else`
`156`	`162`	`{`
Original file line number	Diff line number	Diff line change
`@@ -63,7 +63,7 @@`
`63`	`63`	`@if (!string.IsNullOrEmpty(Model.CustomMessage))`
`64`	`64`	`{`
`65`	`65`	`<b>Additional Details</b>`
`66`		`- <p>@Model.CustomMessage</p>`
	`66`	`+ <p>@Html.PreFormattedText(Model.CustomMessage)</p>`
`67`	`67`	`}`
`68`	`68`	`</div>`
`69`	`69`	`</div>`