Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ReleasePrep][2023.01.01]RI of dev into main #9345

Merged
merged 9 commits into from
Jan 11, 2023
4 changes: 2 additions & 2 deletions .github/ISSUE_TEMPLATE/NUGETORG_ISSUE.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,9 @@ body:

The more detail you provide, the more likely it will be for us to be able to identify what is going on and how to solve it!

### For issues connecting to NuGet.org, please refer to [this guide](https://docs.microsoft.com/en-us/nuget/nuget-org/nuget-org-faq#nuget.org-not-accessible).
### For issues connecting to NuGet.org, please refer to [this guide](https://docs.microsoft.com/nuget/nuget-org/nuget-org-faq#nuget.org-not-accessible).

### For issues regarding your NuGet.org account, please refer to [this guide](https://docs.microsoft.com/en-us/nuget/nuget-org/nuget-org-faq#nuget.org-account-management).
### For issues regarding your NuGet.org account, please refer to [this guide](https://docs.microsoft.com/nuget/nuget-org/nuget-org-faq#nuget.org-account-management).
- type: dropdown
id: impact
attributes:
Expand Down
17 changes: 17 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,26 @@ Now run the NuGet Gallery:
Refer to [our documentation](./docs/) for information on how to develop the frontend, use AAD, and more.

## Deploy
### Deploy to Azure

You will find instructions on how to deploy the Gallery to Azure [here](https://github.com/NuGet/NuGetGallery/blob/master/docs/Deploying/README.md).

### Deploy locally
After you succeed in running the NuGet Gallery, you can create a publish profile to deploy locally (such as your local Windows computer).

The steps are:
1. Select the `NuGetGallery` project in Solution Explore of Visual Studio.
2. Right click the project, and then click `Publish` in the pop-up menu. Create a publish profile and make sure the Target is set to `Folder`.
3. Copy the contents of the `Target Location` to any folder you want. For the following example, assume the folder is `C:\ContosoSoftware\NuGetGallery`.
4. Execute the command below to start the web app (note that the parameter `/path` of iisexpress.exe only supports absolute paths on Windows).
```cmd
"C:\Program Files\IIS Express\iisexpress.exe" /path:C:\ContosoSoftware\NuGetGallery
```

Now you can access the local website with a web browser. The URL is `https://localhost`.

After you deploy it, you don't need using Visual Studio to run it anymore.

## Contribute

If you find a bug with the gallery, please visit the [Issue tracker](https://github.com/NuGet/NuGetGallery/issues) and
Expand Down
3 changes: 2 additions & 1 deletion src/NuGetGallery.Core/Frameworks/SupportedFrameworks.cs
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ public static class SupportedFrameworks
public static readonly NuGetFramework MonoTouch = new NuGetFramework(FrameworkIdentifiers.MonoTouch, EmptyVersion);
public static readonly NuGetFramework MonoMac = new NuGetFramework(FrameworkIdentifiers.MonoMac, EmptyVersion);
public static readonly NuGetFramework Net48 = new NuGetFramework(FrameworkIdentifiers.Net, new Version(4, 8, 0, 0));
public static readonly NuGetFramework Net481 = new NuGetFramework(FrameworkIdentifiers.Net, new Version(4, 8, 1, 0));
public static readonly NuGetFramework Net50Windows = new NuGetFramework(FrameworkIdentifiers.NetCoreApp, Version5, "windows", EmptyVersion);
public static readonly NuGetFramework Net60Android = new NuGetFramework(FrameworkIdentifiers.NetCoreApp, Version6, "android", EmptyVersion);
public static readonly NuGetFramework Net60Ios = new NuGetFramework(FrameworkIdentifiers.NetCoreApp, Version6, "ios", EmptyVersion);
Expand Down Expand Up @@ -57,7 +58,7 @@ static SupportedFrameworks()
{
MonoAndroid, MonoMac, MonoTouch,
Native,
Net11, Net2, Net35, Net4, Net403, Net45, Net451, Net452, Net46, Net461, Net462, Net463, Net47, Net471, Net472, Net48,
Net11, Net2, Net35, Net4, Net403, Net45, Net451, Net452, Net46, Net461, Net462, Net463, Net47, Net471, Net472, Net48, Net481,
Net50, Net50Windows,
Net60, Net60Android, Net60Ios, Net60MacCatalyst, Net60MacOs, Net60TvOs, Net60Windows,
Net70, Net70Android, Net70Ios, Net70MacCatalyst, Net70MacOs, Net70TvOs, Net70Windows,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -473,6 +473,9 @@ public virtual async Task ReplaceCredential(User user, Credential credential)
{
await ReplaceCredentialInternal(user, credential);
await Entities.SaveChangesAsync();

await Auditing.SaveAuditRecordAsync(new UserAuditRecord(
user, AuditedUserAction.AddCredential, credential));
}

public virtual async Task<Credential> ResetPasswordWithToken(string username, string token, string newPassword)
Expand Down Expand Up @@ -501,6 +504,10 @@ public virtual async Task<Credential> ResetPasswordWithToken(string username, st
user.FailedLoginCount = 0;
user.LastFailedLoginUtc = null;
await Entities.SaveChangesAsync();

await Auditing.SaveAuditRecordAsync(new UserAuditRecord(
user, AuditedUserAction.AddCredential, cred));

return cred;
}

Expand Down Expand Up @@ -590,6 +597,10 @@ public virtual async Task<bool> ChangePassword(User user, string oldPassword, st

// Save changes
await Entities.SaveChangesAsync();

await Auditing.SaveAuditRecordAsync(new UserAuditRecord(
user, AuditedUserAction.AddCredential, passwordCredential));

return true;
}

Expand Down Expand Up @@ -623,10 +634,10 @@ public virtual async Task AddCredential(User user, Credential credential)
throw new InvalidOperationException(ServicesStrings.OrganizationsCannotCreateCredentials);
}

await Auditing.SaveAuditRecordAsync(new UserAuditRecord(user, AuditedUserAction.AddCredential, credential));
user.Credentials.Add(credential);
await Entities.SaveChangesAsync();

await Auditing.SaveAuditRecordAsync(new UserAuditRecord(user, AuditedUserAction.AddCredential, credential));
_telemetryService.TrackNewCredentialCreated(user, credential);
}

Expand Down Expand Up @@ -838,9 +849,6 @@ await Auditing.SaveAuditRecordAsync(new UserAuditRecord(
}

user.Credentials.Add(credential);

await Auditing.SaveAuditRecordAsync(new UserAuditRecord(
user, AuditedUserAction.AddCredential, credential));
}

private static CredentialKind GetCredentialKind(string type)
Expand Down Expand Up @@ -1024,15 +1032,20 @@ private async Task MigrateCredentials(User user, List<Credential> creds, string
await Auditing.SaveAuditRecordAsync(new UserAuditRecord(user, AuditedUserAction.RemoveCredential, toRemove));

// Now add one if there are no credentials left
Credential newCred = null;
if (creds.Count == 0)
{
var newCred = _credentialBuilder.CreatePasswordCredential(password);
await Auditing.SaveAuditRecordAsync(new UserAuditRecord(user, AuditedUserAction.AddCredential, newCred));
newCred = _credentialBuilder.CreatePasswordCredential(password);
user.Credentials.Add(newCred);
}

// Save changes, if any
await Entities.SaveChangesAsync();

if (newCred != null)
{
await Auditing.SaveAuditRecordAsync(new UserAuditRecord(user, AuditedUserAction.AddCredential, newCred));
}
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -101,12 +101,13 @@ protected override void AttachToOwinApp(IGalleryConfigurationService config, IAp
RedirectUri = siteRoot + _callbackPath,
PostLogoutRedirectUri = siteRoot,
Scope = OpenIdConnectScope.OpenIdProfile + " email",
ResponseType = OpenIdConnectResponseType.CodeIdToken,
ResponseType = OpenIdConnectResponseType.IdToken,
TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters() { ValidateIssuer = false },
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = AuthenticationFailed,
RedirectToIdentityProvider = RedirectToIdentityProvider
RedirectToIdentityProvider = RedirectToIdentityProvider,
AuthorizationCodeReceived = AuthorizationCodeReceived,
}
};

Expand Down Expand Up @@ -257,7 +258,7 @@ private Task RedirectToIdentityProvider(RedirectToIdentityProviderNotification<O
// Set the redirect_uri token for the alternate domains of same gallery instance
if (_alternateSiteRootList != null && _alternateSiteRootList.Contains(notification.Request.Uri.Host))
{
notification.ProtocolMessage.RedirectUri = "https://" + notification.Request.Uri.Host + "/" + _callbackPath ;
notification.ProtocolMessage.RedirectUri = "https://" + notification.Request.Uri.Host + "/" + _callbackPath;
}

// We always want to show the options to select account when signing in and while changing account.
Expand All @@ -271,5 +272,13 @@ private AuthenticationProperties GetAuthenticationPropertiesFromProtocolMessage(
var authenticationPropertiesEncodedString = message.State.Split('=');
return options.StateDataFormat.Unprotect(authenticationPropertiesEncodedString[1]);
}

private Task AuthorizationCodeReceived(AuthorizationCodeReceivedNotification context)
{
// Explicitly set the access_token to null. The access_token is used for authorized requests to AAD on
// behalf of the end user. We do not use this feature. We only use the id_token.
context.HandleCodeRedemption(accessToken: null, idToken: context.JwtSecurityToken.RawData);
return Task.CompletedTask;
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@ namespace NuGetGallery.Authentication.Providers.AzureActiveDirectoryV2
public class AzureActiveDirectoryV2AuthenticatorConfiguration : AuthenticatorConfiguration
{
public string ClientId { get; set; }
public string ClientSecret { get; set; }

public AzureActiveDirectoryV2AuthenticatorConfiguration()
{
Expand All @@ -31,7 +30,7 @@ public override void ApplyToOwinSecurityOptions(AuthenticationOptions options)
// the auth flow.
openIdOptions.AuthenticationMode = AuthenticationMode.Passive;

// Make sure ClientId and ClientSecret is configured
// Make sure ClientId is configured
if (String.IsNullOrEmpty(ClientId))
{
throw new ConfigurationErrorsException(String.Format(
Expand All @@ -40,16 +39,7 @@ public override void ApplyToOwinSecurityOptions(AuthenticationOptions options)
"Auth.CommonAuth.ClientId"));
}

if (String.IsNullOrEmpty(ClientSecret))
{
throw new ConfigurationErrorsException(String.Format(
CultureInfo.CurrentCulture,
ServicesStrings.MissingRequiredConfigurationValue,
"Auth.CommonAuth.ClientSecret"));
}

openIdOptions.ClientId = ClientId;
openIdOptions.ClientSecret = ClientSecret;
openIdOptions.Authority = String.Format(CultureInfo.InvariantCulture, AzureActiveDirectoryV2Authenticator.Authority, AzureActiveDirectoryV2Authenticator.V2CommonTenant);
}
}
Expand Down
4 changes: 2 additions & 2 deletions src/NuGetGallery.Services/ServicesStrings.resx
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<?xml version="1.0" encoding="utf-8"?>
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Expand Down Expand Up @@ -897,7 +897,7 @@ If you would like to update the linked Microsoft account you can do so from the
Policy violations: {0}</value>
</data>
<data name="SecurityPolicy_RequirePackagePrefixReserved" xml:space="preserve">
<value>You have not published a package with this prefix in the past. This means other users may be able to push packages starting with the same prefix. Contact account@nuget.org to reserve the prefix. Go to https://docs.microsoft.com/en-us/nuget/reference/id-prefix-reservation to learn more about Package ID prefix reservation.</value>
<value>You have not published a package with this prefix in the past. This means other users may be able to push packages starting with the same prefix. Contact account@nuget.org to reserve the prefix. Go to https://docs.microsoft.com/nuget/reference/id-prefix-reservation to learn more about Package ID prefix reservation.</value>
</data>
<data name="SecurityPolicy_CopyrightNotCompliant" xml:space="preserve">
<value>The package metadata contains a non-compliant copyright element.</value>
Expand Down
2 changes: 1 addition & 1 deletion src/NuGetGallery/App_Code/ViewHelpers.cshtml
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@
<p class="error-action">Get me out of here! <a href="@url.Home()">Go home</a></p>
<p class="error-action">Wondering if NuGet is down? <a href="https://status.nuget.org/">Check our status</a></p>
<p class="error-action">Looking for a package? <a href="@url.PackageList()">Try searching</a></p>
<p class="error-action">Package you're looking for doesn't exist? <a href="https://docs.microsoft.com/en-us/nuget/quickstart/create-and-publish-a-package">Make one</a></p>
<p class="error-action">Package you're looking for doesn't exist? <a href="https://docs.microsoft.com/nuget/quickstart/create-and-publish-a-package">Make one</a></p>
<p class="error-action">Pretty sure we messed up? <a href="https://github.com/NuGet/NuGetGallery/issues">File a bug</a></p>
<p class="error-action">Can't get enough NuGet? <a href="https://twitter.com/nuget">Follow us</a></p>
</div>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
"codefactor.io",
"coveralls.io",
"dev.azure.com",
"flat.badgen.net",
"gitlab.com",
"img.shields.io",
"i.imgur.com",
Expand Down
2 changes: 1 addition & 1 deletion src/NuGetGallery/Scripts/gallery/common.js
Original file line number Diff line number Diff line change
Expand Up @@ -462,7 +462,7 @@

nuget.setPopovers = function () {
var popoverElement = $(this);
var popoverElementDom = popoverElement.get(0);
var popoverElementDom = this;
var originalLabel = popoverElementDom.ariaLabel;
var popoverHideTimeMS = 2000;
var popoverFadeTimeMS = 200;
Expand Down
2 changes: 1 addition & 1 deletion src/NuGetGallery/Services/UploadPackageMissingReadme.cs
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
namespace NuGetGallery
{
/// <summary>
/// Represents a package ID reservation conflict
/// Represents package missing an embedded README.
/// </summary>
public class UploadPackageMissingReadme : IValidationMessage
{
Expand Down
12 changes: 6 additions & 6 deletions src/NuGetGallery/Strings.resx
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<?xml version="1.0" encoding="utf-8"?>
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Expand Down Expand Up @@ -515,10 +515,10 @@ For more information, please contact '{2}'.</value>
<value>The ID prefix of this package has been reserved for one of the owners of this package by NuGet.org.</value>
</data>
<data name="UploadPackage_IdNamespaceConflict" xml:space="preserve">
<value>This package ID has been reserved. Please request access to upload to this reserved namespace from the owner of the reserved prefix, or re-upload the package with a different ID. Go to https://docs.microsoft.com/en-us/nuget/reference/id-prefix-reservation learn more about Package ID prefix reservation.</value>
<value>This package ID has been reserved. Please request access to upload to this reserved namespace from the owner of the reserved prefix, or re-upload the package with a different ID. Go to https://docs.microsoft.com/nuget/reference/id-prefix-reservation learn more about Package ID prefix reservation.</value>
</data>
<data name="UploadPackage_IdNamespaceConflictHtml" xml:space="preserve">
<value>This package ID has been reserved. Please request access to upload to this reserved namespace from the owner of the reserved prefix, or re-upload the package with a different ID. &lt;a href="https://docs.microsoft.com/en-us/nuget/reference/id-prefix-reservation"&gt;Learn more about Package ID prefix reservation&lt;/a&gt;.</value>
<value>This package ID has been reserved. Please request access to upload to this reserved namespace from the owner of the reserved prefix, or re-upload the package with a different ID. &lt;a href="https://docs.microsoft.com/nuget/reference/id-prefix-reservation"&gt;Learn more about Package ID prefix reservation&lt;/a&gt;.</value>
</data>
<data name="PreviewReadMe_ConversionFailed" xml:space="preserve">
<value>Conversion of Markdown to HTML failed with '{0}'.</value>
Expand All @@ -539,10 +539,10 @@ For more information, please contact '{2}'.</value>
<value>The Documentation URL must be a raw Markdown file hosted on GitHub.</value>
</data>
<data name="UploadPackage_MissingReadmeHtml" xml:space="preserve">
<value>&lt;strong&gt;Readme&lt;/strong&gt; missing.&lt;a href="https://learn.microsoft.com/en-us/nuget/create-packages/package-authoring-best-practices#readme"&gt; See how to include a readme file within the package&lt;/a&gt;, or add it as you upload.</value>
<value>&lt;strong&gt;Readme&lt;/strong&gt; missing.&lt;a href="https://learn.microsoft.com/nuget/create-packages/package-authoring-best-practices#readme"&gt; See how to include a readme file within the package&lt;/a&gt;, or add it as you upload.</value>
</data>
<data name="UploadPackage_MissingReadme" xml:space="preserve">
<value>Readme missing. Go to https://learn.microsoft.com/en-us/nuget/create-packages/package-authoring-best-practices#readme learn How to include a readme file within the package.</value>
<value>Readme missing. Go to https://learn.microsoft.com/nuget/create-packages/package-authoring-best-practices#readme learn How to include a readme file within the package.</value>
</data>
<data name="ReservedNamespace_OwnerAdded" xml:space="preserve">
<value>The user '{0}' is now an owner of the prefix '{1}'.</value>
Expand Down Expand Up @@ -909,7 +909,7 @@ If you would like to update the linked Microsoft account you can do so from the
Policy violations: {0}</value>
</data>
<data name="SecurityPolicy_RequirePackagePrefixReserved" xml:space="preserve">
<value>You have not published a package with this prefix in the past. This means other users may be able to push packages starting with the same prefix. Contact account@nuget.org to reserve the prefix. Go to https://docs.microsoft.com/en-us/nuget/reference/id-prefix-reservation to learn more about Package ID prefix reservation.</value>
<value>You have not published a package with this prefix in the past. This means other users may be able to push packages starting with the same prefix. Contact account@nuget.org to reserve the prefix. Go to https://docs.microsoft.com/nuget/reference/id-prefix-reservation to learn more about Package ID prefix reservation.</value>
</data>
<data name="SecurityPolicy_CopyrightNotCompliant" xml:space="preserve">
<value>The package metadata contains a non-compliant copyright element.</value>
Expand Down
Loading