[Hotfix] Add configuration to limit the number of owners and ownership requests (#10688)

Author: joelverhagen

src/AccountDeleter/Configuration/GalleryConfiguration.cs

@@ -1,4 +1,4 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
@@ -118,5 +118,7 @@ public string SiteRoot
         public string AdminSenderUser { get => throw new NotImplementedException(); set => throw new NotImplementedException(); }
         public string SupportEmailSiteRoot { get => throw new NotImplementedException(); set => throw new NotImplementedException(); }
         public int MaxJsonLengthOverride { get => throw new NotImplementedException(); set => throw new NotImplementedException(); }
+        public int MaxOwnerPerPackageRegistration { get => throw new NotImplementedException(); set => throw new NotImplementedException(); }
+        public int MaxOwnerRequestsPerPackageRegistration { get => throw new NotImplementedException(); set => throw new NotImplementedException(); }
     }
 }

src/NuGetGallery.Services/Configuration/AppConfiguration.cs

@@ -417,15 +417,27 @@ public string ExternalBrandingMessage
 
         [DefaultValue(null)]
         public int? MinWorkerThreads { get; set; }
+
         [DefaultValue(null)]
         public int? MaxWorkerThreads { get; set; }
+
         [DefaultValue(null)]
         public int? MinIoThreads { get; set; }
+
         [DefaultValue(null)]
         public int? MaxIoThreads { get; set; }
+
         public string InternalMicrosoftTenantKey { get; set; }
+
         public string AdminSenderUser { get; set; }
+
         [DefaultValue(16 * 1024 * 1024)]
         public int MaxJsonLengthOverride { get; set; }
+
+        [DefaultValue(15)]
+        public int MaxOwnerPerPackageRegistration { get; set; }
+
+        [DefaultValue(3)]
+        public int MaxOwnerRequestsPerPackageRegistration { get; set; }
     }
-}
+}

src/NuGetGallery.Services/Configuration/IAppConfiguration.cs

@@ -530,5 +530,15 @@ public interface IAppConfiguration : IMessageServiceConfiguration
         /// select places where large JSON response bodies are possible.
         /// </summary>
         int MaxJsonLengthOverride { get; set; }
+
+        /// <summary>
+        /// The maximum number of owners allowed per package registration. If this limit is reached, no more owners can be added and others must be removed first.
+        /// </summary>
+        int MaxOwnerPerPackageRegistration { get; set; }
+
+        /// <summary>
+        /// The maximum number of owner requests allowed per package registration. If this limit is reached, no more requests can be made and other requests must be removed first.
+        /// </summary>
+        int MaxOwnerRequestsPerPackageRegistration { get; set; }
     }
-}
+}

src/NuGetGallery.Services/PackageManagement/PackageOwnerRequestService.cs

@@ -1,22 +1,28 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
 using System.Collections.Generic;
 using System.Data.Entity;
+using System.Globalization;
 using System.Linq;
 using System.Threading.Tasks;
 using NuGet.Services.Entities;
+using NuGetGallery.Configuration;
 
 namespace NuGetGallery
 {
     public class PackageOwnerRequestService : IPackageOwnerRequestService
     {
         private readonly IEntityRepository<PackageOwnerRequest> _packageOwnerRequestRepository;
+        private readonly IAppConfiguration _appConfiguration;
 
-        public PackageOwnerRequestService(IEntityRepository<PackageOwnerRequest> packageOwnerRequestRepository)
+        public PackageOwnerRequestService(
+            IEntityRepository<PackageOwnerRequest> packageOwnerRequestRepository,
+            IAppConfiguration appConfiguration)
         {
             _packageOwnerRequestRepository = packageOwnerRequestRepository ?? throw new ArgumentNullException(nameof(packageOwnerRequestRepository));
+            _appConfiguration = appConfiguration ?? throw new ArgumentNullException(nameof(appConfiguration));
         }
 
         public PackageOwnerRequest GetPackageOwnershipRequest(PackageRegistration package, User newOwner, string token)
@@ -111,10 +117,19 @@ public async Task<PackageOwnerRequest> AddPackageOwnershipRequest(PackageRegistr
                 throw new ArgumentNullException(nameof(newOwner));
             }
 
-            var existingRequest = GetPackageOwnershipRequests(package: package, newOwner: newOwner).FirstOrDefault();
-            if (existingRequest != null)
+            var existingRequests = GetPackageOwnershipRequests(package: package).ToList();
+            var duplicate = existingRequests.FirstOrDefault(x => x.NewOwnerKey == newOwner.Key);
+            if (duplicate is not null)
             {
-                return existingRequest;
+                return duplicate;
+            }
+
+            if (existingRequests.Count >= Math.Max(1, _appConfiguration.MaxOwnerRequestsPerPackageRegistration))
+            {
+                throw new UserSafeException(string.Format(
+                    CultureInfo.CurrentCulture,
+                    ServicesStrings.MaximumPackageOwnerRequestsReached,
+                    _appConfiguration.MaxOwnerRequestsPerPackageRegistration));
             }
 
             var newRequest = new PackageOwnerRequest
@@ -147,4 +162,4 @@ public async Task DeletePackageOwnershipRequest(PackageOwnerRequest request, boo
             }
         }
     }
-}
+}

src/NuGetGallery.Services/PackageManagement/PackageOwnershipManagementService.cs

@@ -1,8 +1,9 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
 using System.Collections.Generic;
+using System.Globalization;
 using System.Linq;
 using System.Threading.Tasks;
 using System.Web;
@@ -47,6 +48,16 @@ public PackageOwnershipManagementService(
 
         public async Task AddPackageOwnerWithMessagesAsync(PackageRegistration packageRegistration, User user)
         {
+            if (packageRegistration == null)
+            {
+                throw new ArgumentNullException(nameof(packageRegistration));
+            }
+
+            if (packageRegistration.Owners.Count >= Math.Max(_appConfiguration.MaxOwnerPerPackageRegistration, 1))
+            {
+                throw new UserSafeException(string.Format(CultureInfo.CurrentCulture, ServicesStrings.MaximumPackageOwnersReached, _appConfiguration.MaxOwnerPerPackageRegistration));
+            }
+
             await AddPackageOwnerAsync(packageRegistration, user, commitChanges: true);
 
             var packageUrl = _urlHelper.Package(packageRegistration.Id, version: null, relativeUrl: false, supportEmail: true);
@@ -418,4 +429,4 @@ private static bool OwnerHasPermissionsToRemoveFromNamespace(User requestingOwne
             return true;
         }
     }
-}
+}

src/NuGetGallery.Services/PackageManagement/PackageService.cs

@@ -8,7 +8,6 @@
 using System.Linq;
 using System.Threading;
 using System.Threading.Tasks;
-using System.Web.Helpers;
 using Newtonsoft.Json;
 using Newtonsoft.Json.Linq;
 using NuGet.Frameworks;

src/NuGetGallery.Services/ServicesStrings.Designer.cs

@@ -1145,4 +1145,15 @@ The {1} Team</value>
   <data name="ScopeDescription_UnlistDeprecatePackage" xml:space="preserve">
     <value>Unlist, relist, or deprecate package versions</value>
   </data>
+  <data name="MaximumPackageOwnersReached" xml:space="preserve">
+    <value>The new package owner cannot be added. The package has the maximum number of owners ({0}). An existing owner must be removed to proceed.</value>
+    <comment>{0} is the maximum number of owners.</comment>
+  </data>
+  <data name="MaximumPackageOwnerRequestsReached" xml:space="preserve">
+    <value>The package ownership request cannot be saved. The package already has the maximum number of ownership requests ({0}). An existing ownership request must be removed to proceed.</value>
+    <comment>{0} is the maximum number of owners.</comment>
+  </data>
+  <data name="OwnershipRequestNotValid" xml:space="preserve">
+    <value>Make sure you clicked on the confirmation URL in the email we sent. It's also possible that the existing owner revoked the request to add you as an owner.</value>
+  </data>
 </root>

src/NuGetGallery.Services/ServicesStrings.resx

@@ -1,4 +1,4 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
@@ -48,21 +48,7 @@ public static string GetUserSafeMessage(this Exception self)
             {
                 return uvex.UserMessage;
             }
-            return Strings.DefaultUserSafeExceptionMessage;
-        }
-
-        public static void Log(this Exception self)
-        {
-            IUserSafeException uvex = self as IUserSafeException;
-            if (uvex != null)
-            {
-                // Log the exception that the User-Visible wrapper marked as to-be-logged
-                QuietLog.LogHandledException(uvex.LoggedException);
-            }
-            else
-            {
-                QuietLog.LogHandledException(self);
-            }
+            return ServicesStrings.DefaultUserSafeExceptionMessage;
         }
     }
-}
+}

…lery/Infrastructure/UserSafeException.cs …GetGallery.Services/UserSafeException.cssrc/NuGetGallery/Infrastructure/UserSafeException.cs renamed to src/NuGetGallery.Services/UserSafeException.cs src/NuGetGallery/Infrastructure/UserSafeException.cs renamed to src/NuGetGallery.Services/UserSafeException.cs

@@ -1,4 +1,4 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
@@ -136,17 +136,24 @@ public async Task<JsonResult> AddPackageOwner(AddPackageOwnerViewModel addOwnerD
             {
                 var packageUrl = Url.Package(model.Package.Id, version: null, relativeUrl: false);
 
-                if (model.CurrentUserCanAcceptOnBehalfOfUser)
+                try
                 {
-                    await _packageOwnershipManagementService.AddPackageOwnerWithMessagesAsync(model.Package, model.User);
+                    if (model.CurrentUserCanAcceptOnBehalfOfUser)
+                    {
+                        await _packageOwnershipManagementService.AddPackageOwnerWithMessagesAsync(model.Package, model.User);
+                    }
+                    else
+                    {
+                        await _packageOwnershipManagementService.AddPackageOwnershipRequestWithMessagesAsync(
+                            model.Package,
+                            model.CurrentUser,
+                            model.User,
+                            message);
+                    }
                 }
-                else
+                catch (UserSafeException e)
                 {
-                    await _packageOwnershipManagementService.AddPackageOwnershipRequestWithMessagesAsync(
-                        model.Package,
-                        model.CurrentUser,
-                        model.User,
-                        message);
+                    return Json(new { success = false, message = e.Message }, JsonRequestBehavior.AllowGet);
                 }
 
                 return Json(new
@@ -416,4 +423,4 @@ public ManagePackageOwnerModel(PackageRegistration package, User user, User curr
             public string Error { get; }
         }
     }
-}
+}