From 54467ba55325847720c6dc726f6feac840b3f29c Mon Sep 17 00:00:00 2001 From: Lynn Dai Date: Mon, 28 Nov 2022 15:01:11 -0800 Subject: [PATCH 1/8] add domain flat.badgen.net --- .../App_Data/Files/Content/Trusted-Image-Domains.json | 1 + 1 file changed, 1 insertion(+) diff --git a/src/NuGetGallery/App_Data/Files/Content/Trusted-Image-Domains.json b/src/NuGetGallery/App_Data/Files/Content/Trusted-Image-Domains.json index 5c21d323af..e6155e9c81 100644 --- a/src/NuGetGallery/App_Data/Files/Content/Trusted-Image-Domains.json +++ b/src/NuGetGallery/App_Data/Files/Content/Trusted-Image-Domains.json @@ -23,6 +23,7 @@ "codefactor.io", "coveralls.io", "dev.azure.com", + "flat.badgen.net", "gitlab.com", "img.shields.io", "i.imgur.com", From 3f92a094e1cb0878a6e0da191805fbfe64b1eee8 Mon Sep 17 00:00:00 2001 From: Joel Verhagen Date: Mon, 12 Dec 2022 10:40:17 -0800 Subject: [PATCH 2/8] Audit the AddCredential action after we commit to the DB (#9324) Resolve https://github.com/NuGet/Engineering/issues/4660 --- .../Authentication/AuthenticationService.cs | 25 +++++++--- .../AuthenticationServiceFacts.cs | 47 +++++++++++++++++++ 2 files changed, 66 insertions(+), 6 deletions(-) diff --git a/src/NuGetGallery.Services/Authentication/AuthenticationService.cs b/src/NuGetGallery.Services/Authentication/AuthenticationService.cs index 673bd85613..057b3190fa 100644 --- a/src/NuGetGallery.Services/Authentication/AuthenticationService.cs +++ b/src/NuGetGallery.Services/Authentication/AuthenticationService.cs @@ -473,6 +473,9 @@ public virtual async Task ReplaceCredential(User user, Credential credential) { await ReplaceCredentialInternal(user, credential); await Entities.SaveChangesAsync(); + + await Auditing.SaveAuditRecordAsync(new UserAuditRecord( + user, AuditedUserAction.AddCredential, credential)); } public virtual async Task ResetPasswordWithToken(string username, string token, string newPassword) @@ -501,6 +504,10 @@ public virtual async Task ResetPasswordWithToken(string username, st user.FailedLoginCount = 0; user.LastFailedLoginUtc = null; await Entities.SaveChangesAsync(); + + await Auditing.SaveAuditRecordAsync(new UserAuditRecord( + user, AuditedUserAction.AddCredential, cred)); + return cred; } @@ -590,6 +597,10 @@ public virtual async Task ChangePassword(User user, string oldPassword, st // Save changes await Entities.SaveChangesAsync(); + + await Auditing.SaveAuditRecordAsync(new UserAuditRecord( + user, AuditedUserAction.AddCredential, passwordCredential)); + return true; } @@ -623,10 +634,10 @@ public virtual async Task AddCredential(User user, Credential credential) throw new InvalidOperationException(ServicesStrings.OrganizationsCannotCreateCredentials); } - await Auditing.SaveAuditRecordAsync(new UserAuditRecord(user, AuditedUserAction.AddCredential, credential)); user.Credentials.Add(credential); await Entities.SaveChangesAsync(); + await Auditing.SaveAuditRecordAsync(new UserAuditRecord(user, AuditedUserAction.AddCredential, credential)); _telemetryService.TrackNewCredentialCreated(user, credential); } @@ -838,9 +849,6 @@ await Auditing.SaveAuditRecordAsync(new UserAuditRecord( } user.Credentials.Add(credential); - - await Auditing.SaveAuditRecordAsync(new UserAuditRecord( - user, AuditedUserAction.AddCredential, credential)); } private static CredentialKind GetCredentialKind(string type) @@ -1024,15 +1032,20 @@ private async Task MigrateCredentials(User user, List creds, string await Auditing.SaveAuditRecordAsync(new UserAuditRecord(user, AuditedUserAction.RemoveCredential, toRemove)); // Now add one if there are no credentials left + Credential newCred = null; if (creds.Count == 0) { - var newCred = _credentialBuilder.CreatePasswordCredential(password); - await Auditing.SaveAuditRecordAsync(new UserAuditRecord(user, AuditedUserAction.AddCredential, newCred)); + newCred = _credentialBuilder.CreatePasswordCredential(password); user.Credentials.Add(newCred); } // Save changes, if any await Entities.SaveChangesAsync(); + + if (newCred != null) + { + await Auditing.SaveAuditRecordAsync(new UserAuditRecord(user, AuditedUserAction.AddCredential, newCred)); + } } } } \ No newline at end of file diff --git a/tests/NuGetGallery.Facts/Authentication/AuthenticationServiceFacts.cs b/tests/NuGetGallery.Facts/Authentication/AuthenticationServiceFacts.cs index 0817d1a5a4..bce12636d9 100644 --- a/tests/NuGetGallery.Facts/Authentication/AuthenticationServiceFacts.cs +++ b/tests/NuGetGallery.Facts/Authentication/AuthenticationServiceFacts.cs @@ -15,6 +15,8 @@ using NuGetGallery.Auditing; using NuGetGallery.Authentication.Providers; using NuGetGallery.Authentication.Providers.MicrosoftAccount; +using NuGetGallery.Configuration; +using NuGetGallery.Diagnostics; using NuGetGallery.Framework; using NuGetGallery.Infrastructure.Authentication; using Xunit; @@ -2071,6 +2073,51 @@ public async Task WritesAuditRecordForTheNewCredential() ar.AffectedCredential[0].Type == cred.Type && ar.AffectedCredential[0].Identity == cred.Identity)); } + + [Fact] + public async Task WritesAuditRecordAfterDbCommit() + { + // Arrange + var entitiesContext = new Mock(); + var auditingService = new Mock(); + var credentialBuilder = new CredentialBuilder(); + + var authService = new AuthenticationService( + entitiesContext.Object, + Get(), + Get(), + auditingService.Object, + Enumerable.Empty(), + credentialBuilder, + Get(), + Get(), + Get(), + Get(), + Get()); + var operations = new List(); + + var fakes = Get(); + var user = fakes.CreateUser("test", credentialBuilder.CreatePasswordCredential(Fakes.Password)); + var cred = credentialBuilder.CreateExternalCredential("flarg", "glarb", "blarb"); + Mock + .Get(authService.Auditing) + .Setup(x => x.SaveAuditRecordAsync(It.IsAny())) + .Returns(Task.CompletedTask) + .Callback(() => operations.Add(nameof(IAuditingService.SaveAuditRecordAsync))); + Mock + .Get(authService.Entities) + .Setup(x => x.SaveChangesAsync()) + .ReturnsAsync(() => 0) + .Callback(() => operations.Add(nameof(IEntitiesContext.SaveChangesAsync))); + + // Act + await authService.AddCredential(user, cred); + + // Assert + Assert.Equal( + new List { nameof(IEntitiesContext.SaveChangesAsync), nameof(IAuditingService.SaveAuditRecordAsync) }, + operations); + } } public class TheDescribeCredentialMethod : TestContainer From d74e33106c3c0f357c1e2fbdffcedd9641cb9e5d Mon Sep 17 00:00:00 2001 From: Advay Tandon <82980589+advay26@users.noreply.github.com> Date: Tue, 13 Dec 2022 22:15:52 +0000 Subject: [PATCH 3/8] Added support for .NET Framework 4.8.1 (#9327) * Added support for .NET Framework 4.8.1 * test CI * Revert "test CI" --- src/NuGetGallery.Core/Frameworks/SupportedFrameworks.cs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/NuGetGallery.Core/Frameworks/SupportedFrameworks.cs b/src/NuGetGallery.Core/Frameworks/SupportedFrameworks.cs index 4c40002035..c9249437ce 100644 --- a/src/NuGetGallery.Core/Frameworks/SupportedFrameworks.cs +++ b/src/NuGetGallery.Core/Frameworks/SupportedFrameworks.cs @@ -25,6 +25,7 @@ public static class SupportedFrameworks public static readonly NuGetFramework MonoTouch = new NuGetFramework(FrameworkIdentifiers.MonoTouch, EmptyVersion); public static readonly NuGetFramework MonoMac = new NuGetFramework(FrameworkIdentifiers.MonoMac, EmptyVersion); public static readonly NuGetFramework Net48 = new NuGetFramework(FrameworkIdentifiers.Net, new Version(4, 8, 0, 0)); + public static readonly NuGetFramework Net481 = new NuGetFramework(FrameworkIdentifiers.Net, new Version(4, 8, 1, 0)); public static readonly NuGetFramework Net50Windows = new NuGetFramework(FrameworkIdentifiers.NetCoreApp, Version5, "windows", EmptyVersion); public static readonly NuGetFramework Net60Android = new NuGetFramework(FrameworkIdentifiers.NetCoreApp, Version6, "android", EmptyVersion); public static readonly NuGetFramework Net60Ios = new NuGetFramework(FrameworkIdentifiers.NetCoreApp, Version6, "ios", EmptyVersion); @@ -57,7 +58,7 @@ static SupportedFrameworks() { MonoAndroid, MonoMac, MonoTouch, Native, - Net11, Net2, Net35, Net4, Net403, Net45, Net451, Net452, Net46, Net461, Net462, Net463, Net47, Net471, Net472, Net48, + Net11, Net2, Net35, Net4, Net403, Net45, Net451, Net452, Net46, Net461, Net462, Net463, Net47, Net471, Net472, Net48, Net481, Net50, Net50Windows, Net60, Net60Android, Net60Ios, Net60MacCatalyst, Net60MacOs, Net60TvOs, Net60Windows, Net70, Net70Android, Net70Ios, Net70MacCatalyst, Net70MacOs, Net70TvOs, Net70Windows, From e031d697f49eec9975cc586cb15cd29868c118d3 Mon Sep 17 00:00:00 2001 From: Joel Verhagen Date: Wed, 14 Dec 2022 16:27:27 -0800 Subject: [PATCH 4/8] Selectively render the vulnerable element on manage packages page (#9328) Progress on https://github.com/NuGet/NuGetGallery/issues/5877 --- src/NuGetGallery/Scripts/gallery/common.js | 2 +- src/NuGetGallery/Views/Users/Packages.cshtml | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/NuGetGallery/Scripts/gallery/common.js b/src/NuGetGallery/Scripts/gallery/common.js index 5b06f5620a..cfed8a112e 100644 --- a/src/NuGetGallery/Scripts/gallery/common.js +++ b/src/NuGetGallery/Scripts/gallery/common.js @@ -462,7 +462,7 @@ nuget.setPopovers = function () { var popoverElement = $(this); - var popoverElementDom = popoverElement.get(0); + var popoverElementDom = this; var originalLabel = popoverElementDom.ariaLabel; var popoverHideTimeMS = 2000; var popoverFadeTimeMS = 200; diff --git a/src/NuGetGallery/Views/Users/Packages.cshtml b/src/NuGetGallery/Views/Users/Packages.cshtml index b2c94bd56e..4ed133aedb 100644 --- a/src/NuGetGallery/Views/Users/Packages.cshtml +++ b/src/NuGetGallery/Views/Users/Packages.cshtml @@ -179,9 +179,11 @@ { var title = "This version has at least one known vulnerability. Click on the package name for details."; - + + + } From db1bdb26b720e76a761d686cde1e1b53902f3ce0 Mon Sep 17 00:00:00 2001 From: Xiaoxstz <81862747+xiaoxstz@users.noreply.github.com> Date: Mon, 26 Dec 2022 23:23:09 +0800 Subject: [PATCH 5/8] Add document about how to deploy locally (#9333) --- README.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/README.md b/README.md index 85ce44c49a..ac4c0545ef 100644 --- a/README.md +++ b/README.md @@ -27,9 +27,26 @@ Now run the NuGet Gallery: Refer to [our documentation](./docs/) for information on how to develop the frontend, use AAD, and more. ## Deploy +### Deploy to Azure You will find instructions on how to deploy the Gallery to Azure [here](https://github.com/NuGet/NuGetGallery/blob/master/docs/Deploying/README.md). +### Deploy locally +After you succeed in running the NuGet Gallery, you can create a publish profile to deploy locally (such as your local Windows computer). + +The steps are: +1. Select the `NuGetGallery` project in Solution Explore of Visual Studio. +2. Right click the project, and then click `Publish` in the pop-up menu. Create a publish profile and make sure the Target is set to `Folder`. +3. Copy the contents of the `Target Location` to any folder you want. For the following example, assume the folder is `C:\ContosoSoftware\NuGetGallery`. +4. Execute the command below to start the web app (note that the parameter `/path` of iisexpress.exe only supports absolute paths on Windows). + ```cmd + "C:\Program Files\IIS Express\iisexpress.exe" /path:C:\ContosoSoftware\NuGetGallery + ``` + +Now you can access the local website with a web browser. The URL is `https://localhost`. + +After you deploy it, you don't need using Visual Studio to run it anymore. + ## Contribute If you find a bug with the gallery, please visit the [Issue tracker](https://github.com/NuGet/NuGetGallery/issues) and From e8c507babf86a5750214b024aedd652dc205eb84 Mon Sep 17 00:00:00 2001 From: Joel Verhagen Date: Tue, 3 Jan 2023 14:09:51 -0600 Subject: [PATCH 6/8] Move the error message container outside of the Upload section (#9338) Fix https://github.com/NuGet/NuGetGallery/issues/9336 --- .../Services/UploadPackageMissingReadme.cs | 2 +- .../Views/Packages/UploadPackage.cshtml | 13 +++++++------ 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/src/NuGetGallery/Services/UploadPackageMissingReadme.cs b/src/NuGetGallery/Services/UploadPackageMissingReadme.cs index 906d1c0299..5e882d4cd9 100644 --- a/src/NuGetGallery/Services/UploadPackageMissingReadme.cs +++ b/src/NuGetGallery/Services/UploadPackageMissingReadme.cs @@ -1,7 +1,7 @@ namespace NuGetGallery { /// - /// Represents a package ID reservation conflict + /// Represents package missing an embedded README. /// public class UploadPackageMissingReadme : IValidationMessage { diff --git a/src/NuGetGallery/Views/Packages/UploadPackage.cshtml b/src/NuGetGallery/Views/Packages/UploadPackage.cshtml index 4c2395b661..1f35c535bf 100644 --- a/src/NuGetGallery/Views/Packages/UploadPackage.cshtml +++ b/src/NuGetGallery/Views/Packages/UploadPackage.cshtml @@ -20,9 +20,9 @@ @if (Model.IsUserLocked) { @ViewHelpers.AlertDanger( - @ - @ServicesStrings.UserAccountIsLocked - ) + @ + @ServicesStrings.UserAccountIsLocked + ) } else { @@ -33,6 +33,10 @@ Best Practices page.

+ + +