Show deprecation information for current package on the Display Package page (#6917)

Author: Scott Bommarito

src/Bootstrap/dist/css/bootstrap-theme.css

@@ -19,6 +19,40 @@
     }
   }
 
+  .deprecation-container {
+    .deprecation-expander {
+      display: flex;
+      justify-content: space-between;
+      vertical-align: middle;
+
+      .deprecation-expander-icon-container {
+        display: flex;
+        align-items: center;
+        
+        .deprecation-expander-icon {
+          position: unset;
+          top: unset;
+        }
+      }
+
+      .deprecation-expander-info-right {
+        padding-left: 15px;
+      }
+    }
+
+    .deprecation-content-container {
+      margin-top: 15px;
+
+      p {
+        margin-top: 5px;
+      }
+
+      p:last-of-type {
+        margin-bottom: 0px;
+      }
+    }
+  }
+
   .failed-validation-alert-list {
     margin-top: 15px;
     margin-bottom: 15px;

src/Bootstrap/less/theme/page-display-package.less

@@ -110,6 +110,7 @@ public partial class PackagesController
         private readonly ICoreLicenseFileService _coreLicenseFileService;
         private readonly ILicenseExpressionSplitter _licenseExpressionSplitter;
         private readonly IFeatureFlagService _featureFlagService;
+        private readonly IPackageDeprecationService _deprecationService;
 
         public PackagesController(
             IPackageService packageService,
@@ -137,7 +138,8 @@ public PackagesController(
             IDiagnosticsService diagnosticsService,
             ICoreLicenseFileService coreLicenseFileService,
             ILicenseExpressionSplitter licenseExpressionSplitter,
-            IFeatureFlagService featureFlagService)
+            IFeatureFlagService featureFlagService,
+            IPackageDeprecationService deprecationService)
         {
             _packageService = packageService;
             _uploadFileService = uploadFileService;
@@ -165,6 +167,7 @@ public PackagesController(
             _coreLicenseFileService = coreLicenseFileService ?? throw new ArgumentNullException(nameof(coreLicenseFileService));
             _licenseExpressionSplitter = licenseExpressionSplitter ?? throw new ArgumentNullException(nameof(licenseExpressionSplitter));
             _featureFlagService = featureFlagService ?? throw new ArgumentNullException(nameof(featureFlagService));
+            _deprecationService = deprecationService ?? throw new ArgumentNullException(nameof(deprecationService));
         }
 
         [HttpGet]
@@ -737,7 +740,8 @@ public virtual async Task<ActionResult> DisplayPackage(string id, string version
                 return HttpNotFound();
             }
 
-            var model = new DisplayPackageViewModel(package, currentUser);
+            var deprecation = _deprecationService.GetDeprecationByPackage(package);
+            var model = new DisplayPackageViewModel(package, currentUser, deprecation);
 
             model.ValidatingTooLong = _validationService.IsValidatingTooLong(package);
             model.PackageValidationIssues = _validationService.GetLatestPackageValidationIssues(package);

src/NuGetGallery/Controllers/PackagesController.cs

@@ -1931,6 +1931,7 @@
     <Content Include="Views\Packages\License.cshtml" />
     <Content Include="Views\Packages\_ManageDeprecation.cshtml" />
     <Content Include="Views\Shared\_MultiSelectDropdown.cshtml" />
+    <Content Include="Views\Packages\_DisplayPackageDeprecation.cshtml" />
   </ItemGroup>
   <ItemGroup>
     <Service Include="{508349B6-6B84-4DF5-91F0-309BEEBAD82D}" />

src/NuGetGallery/NuGetGallery.csproj

@@ -1,20 +1,28 @@
 $(function () {
     'use strict';
 
-    function configureCopyButton(id) {
-        var copyButton = $('#' + id + '-button');
-        copyButton.popover({ trigger: 'manual' });
-
-        copyButton.click(function () {
-            var text = $('#' + id + '-text').text().trim();
-            window.nuget.copyTextToClipboard(text, copyButton);
-            copyButton.popover('show');
-            setTimeout(function () {
-                copyButton.popover('destroy');
-            }, 1000);
+    // Configure the deprecation information container
+    var container = $('#show-deprecation-content-container');
+    if ($('#deprecation-content-container').children().length) {
+        // If the deprecation information container has content, configure it as an expander.
+        window.nuget.configureExpander("deprecation-content-container", "ChevronDown", null, "ChevronUp");
+        container.keydown(function (event) {
+            if (event.which === 13) { // Enter
+                $(event.target).click();
+            }
         });
-    }    
-    
+    }
+    else {
+        // If the container does not have content, remove its expander attributes
+        var expanderAttributes = ['data-toggle', 'data-target', 'aria-expanded', 'aria-controls', 'tabindex'];
+        for (var i in expanderAttributes) {
+            container.removeAttr(expanderAttributes[i]);
+        }
+
+        $('#deprecation-expander-icon-right').hide();
+    }
+
+    // Configure ReadMe container
     var readmeContainer = $("#readme-container");
     if (readmeContainer[0])
     {
@@ -41,6 +49,7 @@ $(function () {
         });
     }
 
+    // Configure expanders
     window.nuget.configureExpanderHeading("dependency-groups");
     window.nuget.configureExpanderHeading("version-history");
     window.nuget.configureExpander(
@@ -50,6 +59,21 @@ $(function () {
         "CalculatorSubtract",
         "Show more"); 
 
+    // Configure package manager copy buttons
+    function configureCopyButton(id) {
+        var copyButton = $('#' + id + '-button');
+        copyButton.popover({ trigger: 'manual' });
+
+        copyButton.click(function () {
+            var text = $('#' + id + '-text').text().trim();
+            window.nuget.copyTextToClipboard(text, copyButton);
+            copyButton.popover('show');
+            setTimeout(function () {
+                copyButton.popover('destroy');
+            }, 1000);
+        });
+    }  
+
     for (var i in packageManagers)
     {
         configureCopyButton(packageManagers[i]);

src/NuGetGallery/Scripts/gallery/page-display-package.js

@@ -37,5 +37,7 @@ Task UpdateDeprecation(
         /// Fetches all <see cref="Cwe"/>s with a <see cref="Cwe.CweId"/> contained in <paramref name="ids"/>.
         /// </summary>
         IReadOnlyCollection<Cwe> GetCwesById(IEnumerable<string> ids);
+
+        PackageDeprecation GetDeprecationByPackage(Package package);
     }
 }

src/NuGetGallery/Services/IPackageDeprecationService.cs

@@ -3,6 +3,7 @@
 
 using System;
 using System.Collections.Generic;
+using System.Data.Entity;
 using System.Linq;
 using System.Threading.Tasks;
 using NuGet.Services.Entities;
@@ -171,5 +172,15 @@ public IReadOnlyCollection<Cwe> GetCwesById(IEnumerable<string> ids)
 
             return cwes;
         }
+
+        public PackageDeprecation GetDeprecationByPackage(Package package)
+        {
+            return _deprecationRepository.GetAll()
+                .Include(d => d.Cves)
+                .Include(d => d.Cwes)
+                .Include(d => d.AlternatePackage.PackageRegistration)
+                .Include(d => d.AlternatePackageRegistration)
+                .SingleOrDefault(d => d.PackageKey == package.Key);
+        }
     }
 }

src/NuGetGallery/Services/PackageDeprecationService.cs

@@ -11,7 +11,7 @@ namespace NuGetGallery
     public class DeletePackageViewModel : DisplayPackageViewModel
     {
         public DeletePackageViewModel(Package package, User currentUser, IReadOnlyList<ReportPackageReason> reasons)
-            : base(package, currentUser)
+            : base(package, currentUser, null)
         {
             DeletePackagesRequest = new DeletePackagesRequest
             {

src/NuGetGallery/ViewModels/DeletePackageViewModel.cs

@@ -13,7 +13,7 @@ namespace NuGetGallery
 {
     public class DisplayPackageViewModel : ListPackageItemViewModel
     {
-        public DisplayPackageViewModel(Package package, User currentUser)
+        public DisplayPackageViewModel(Package package, User currentUser, PackageDeprecation deprecation)
             : this(package, currentUser, (string)null)
         {
             HasSemVer2Version = NuGetVersion.IsSemVer2;
@@ -46,6 +46,28 @@ public DisplayPackageViewModel(Package package, User currentUser)
                 DownloadsPerDayLabel = DownloadsPerDay < 1 ? "<1" : DownloadsPerDay.ToNuGetNumberString();
                 IsDotnetToolPackageType = package.PackageTypes.Any(e => e.Name.Equals("DotnetTool", StringComparison.OrdinalIgnoreCase));
             }
+
+            if (deprecation != null)
+            {
+                DeprecationStatus = deprecation.Status;
+
+                CveIds = deprecation.Cves?.Select(c => c.CveId).ToList();
+                CvssRating = deprecation.CvssRating;
+                CweIds = deprecation.Cwes?.Select(c => c.CweId).ToList();
+
+                AlternatePackageId = deprecation.AlternatePackageRegistration?.Id;
+
+                var alternatePackage = deprecation.AlternatePackage;
+                if (alternatePackage != null)
+                {
+                    // A deprecation should not have both an alternate package registration and an alternate package.
+                    // In case a deprecation does have both, we will hide the alternate package registration's ID in this model.
+                    AlternatePackageId = alternatePackage?.Id;
+                    AlternatePackageVersion = alternatePackage?.Version;
+                }
+
+                CustomMessage = deprecation.CustomMessage;
+            }
         }
 
         private DisplayPackageViewModel(Package package, User currentUser, string pushedBy)
@@ -141,6 +163,14 @@ public bool HasNewerRelease
         public IReadOnlyCollection<CompositeLicenseExpressionSegment> LicenseExpressionSegments { get; set; }
         public EmbeddedLicenseFileType EmbeddedLicenseType { get; set; }
 
+        public PackageDeprecationStatus DeprecationStatus { get; set; }
+        public IReadOnlyCollection<string> CveIds { get; set; }
+        public decimal? CvssRating { get; set; }
+        public IReadOnlyCollection<string> CweIds { get; set; }
+        public string AlternatePackageId { get; set; }
+        public string AlternatePackageVersion { get; set; }
+        public string CustomMessage { get; set; }
+
         private IDictionary<User, string> _pushedByCache = new Dictionary<User, string>();
 
         private string GetPushedBy(Package package, User currentUser)

src/NuGetGallery/ViewModels/DisplayPackageViewModel.cs

@@ -156,12 +156,16 @@ public VersionDeprecationState(Package package, string text)
                     CvssRating = deprecation.CvssRating;
                     CweIds = deprecation.Cwes?.Select(c => new VulnerabilityDetailState(c)).ToList();
 
-                    // A deprecation should not have both an alternate package registration and an alternate package.
-                    // In case a deprecation does have both, we will hide the alternate package registration's ID in this model.
                     AlternatePackageId = deprecation.AlternatePackageRegistration?.Id;
+
                     var alternatePackage = deprecation.AlternatePackage;
-                    AlternatePackageId = alternatePackage?.Id;
-                    AlternatePackageVersion = alternatePackage?.Version;
+                    if (alternatePackage != null)
+                    {
+                        // A deprecation should not have both an alternate package registration and an alternate package.
+                        // In case a deprecation does have both, we will hide the alternate package registration's ID in this model.
+                        AlternatePackageId = alternatePackage?.Id;
+                        AlternatePackageVersion = alternatePackage?.Version;
+                    }
 
                     CustomMessage = deprecation.CustomMessage;