From 36ae755d38fc7b5eca332e8d20cd725aa460b2f8 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 13 Apr 2026 20:28:28 +0000
Subject: [PATCH 1/2] Improve push failure error message for package ID scope
mismatch
Agent-Logs-Url: https://github.com/NuGet/NuGetGallery/sessions/aa085293-31cc-41ec-b433-e820261dd577
Co-authored-by: chabiss <14151258+chabiss@users.noreply.github.com>
---
src/NuGetGallery/Controllers/ApiController.cs | 6 +++++-
src/NuGetGallery/Strings.resx | 3 +++
tests/NuGetGallery.Facts/Controllers/ApiControllerFacts.cs | 2 +-
3 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/NuGetGallery/Controllers/ApiController.cs b/src/NuGetGallery/Controllers/ApiController.cs
index 4ed74b15da..f2e9da80bf 100644
--- a/src/NuGetGallery/Controllers/ApiController.cs
+++ b/src/NuGetGallery/Controllers/ApiController.cs
@@ -1227,7 +1227,11 @@ private HttpStatusCodeWithBodyResult GetHttpResultFromFailedApiScopeEvaluationHe
}
string message;
- if (result.PermissionsCheckResult == PermissionsCheckResult.Allowed && !result.IsOwnerConfirmed)
+ if (!result.ScopesAreValid)
+ {
+ message = Strings.ApiKeyNotAuthorized_PackageIdScopeMismatch;
+ }
+ else if (result.PermissionsCheckResult == PermissionsCheckResult.Allowed && !result.IsOwnerConfirmed)
{
message = Strings.ApiKeyOwnerUnconfirmed;
}
diff --git a/src/NuGetGallery/Strings.resx b/src/NuGetGallery/Strings.resx
index c3be3e3533..8cee98ef96 100644
--- a/src/NuGetGallery/Strings.resx
+++ b/src/NuGetGallery/Strings.resx
@@ -138,6 +138,9 @@
The specified API key is invalid, has expired, or does not have permission to access the specified package.
+
+ The specified API key does not have permission to push to this package. The API key may have a package ID scope that does not include this package ID.
+
A package with ID '{0}' and version '{1}' already exists and cannot be modified.
diff --git a/tests/NuGetGallery.Facts/Controllers/ApiControllerFacts.cs b/tests/NuGetGallery.Facts/Controllers/ApiControllerFacts.cs
index cdbe6ddef3..ad39907c39 100644
--- a/tests/NuGetGallery.Facts/Controllers/ApiControllerFacts.cs
+++ b/tests/NuGetGallery.Facts/Controllers/ApiControllerFacts.cs
@@ -205,7 +205,7 @@ public static IEnumerable InvalidScopes_Data
{
get
{
- yield return MemberDataHelper.AsData(new ApiScopeEvaluationResult(null, PermissionsCheckResult.Unknown, scopesAreValid: false), HttpStatusCode.Forbidden, Strings.ApiKeyNotAuthorized);
+ yield return MemberDataHelper.AsData(new ApiScopeEvaluationResult(null, PermissionsCheckResult.Unknown, scopesAreValid: false), HttpStatusCode.Forbidden, Strings.ApiKeyNotAuthorized_PackageIdScopeMismatch);
foreach (var result in Enum.GetValues(typeof(PermissionsCheckResult)).Cast())
{
From 61aa497e98def0ab65f10839bc690adc17cf019f Mon Sep 17 00:00:00 2001
From: Charles Bissonnette
Date: Fri, 17 Apr 2026 11:40:04 -0700
Subject: [PATCH 2/2] Update PackageIdScopeMismatch error message to be more
general
Broaden the message to cover action mismatches in addition to package ID scope mismatches.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
src/NuGetGallery/Strings.resx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/NuGetGallery/Strings.resx b/src/NuGetGallery/Strings.resx
index 8cee98ef96..3fd4c5cb4e 100644
--- a/src/NuGetGallery/Strings.resx
+++ b/src/NuGetGallery/Strings.resx
@@ -139,7 +139,7 @@
The specified API key is invalid, has expired, or does not have permission to access the specified package.
- The specified API key does not have permission to push to this package. The API key may have a package ID scope that does not include this package ID.
+ The specified API key does not have permission to perform this action on this package. The API key may have a package ID scope that does not include this package ID, or it may not allow the requested action.
A package with ID '{0}' and version '{1}' already exists and cannot be modified.