Merge pull request #5985 from NuGet/dev

[Deployment][2018.05.21]RI dev into master

.gitignore

@@ -31,6 +31,7 @@ tools/
 .nuget/EULA_Microsoft Visual Studio Team Services Credential Provider.docx
 .nuget/ThirdPartyNotices.txt
 AssemblyInfo.g.cs
+tests/Scripts/Config-*.json
 
 # MSTest test Results
 [Tt]est[Rr]esult*/

src/Bootstrap/less/theme/modals.less

@@ -93,7 +93,10 @@
       }
 
       .transform-text {
-        padding: 40px 15px;
+        padding-top: 20px;
+        padding-left: 15px;
+        padding-right: 15px;
+        padding-bottom: 40px;
         margin: 0px;
       }
     }

src/NuGetGallery.Core/Auditing/CloudAuditingService.cs

@@ -152,7 +152,10 @@ public override string RenderAuditEntry(AuditEntry entry)
 
         public override bool RecordWillBePersisted(AuditRecord auditRecord)
         {
-            return auditRecord.GetType() == typeof(PackageAuditRecord);
+            var packageAuditRecord = auditRecord as PackageAuditRecord;
+
+            return packageAuditRecord != null &&
+                (packageAuditRecord.Action == AuditedPackageAction.Delete || packageAuditRecord.Action == AuditedPackageAction.SoftDelete);
         }
     }
-}
+}

src/NuGetGallery.Core/Authentication/NuGetClaims.cs

@@ -37,6 +37,11 @@ public static class NuGetClaims
         /// </summary>
         public const string ExternalLogin = ClaimsDomain + "externallogin";
 
+        /// <summary>
+        /// The claim url for the claim that stores the list of associated external login identities.
+        /// </summary>
+        public const string ExternalCredentialIdenities = ClaimsDomain + "externalcredentialidentity";
+
         /// <summary>
         /// The claim url for the claim that stores whether or not the user has enabled multi-factor authentication.
         /// </summary>

src/NuGetGallery.Core/CoreConstants.cs

@@ -20,6 +20,7 @@ public static class CoreConstants
         public const string PackageContentType = "binary/octet-stream";
         public const string OctetStreamContentType = "application/octet-stream";
         public const string TextContentType = "text/plain";
+        public const string CertificateContentType = "application/pkix-cert";
 
         public const string UserCertificatesFolderName = "user-certificates";
         public const string ContentFolderName = "content";

src/NuGetGallery.Core/Entities/EntitiesContext.cs

@@ -348,7 +348,7 @@ protected override void OnModelCreating(DbModelBuilder modelBuilder)
                 .Property(c => c.Sha1Thumbprint)
                 .HasMaxLength(40)
                 .HasColumnType("varchar")
-                .IsOptional();
+                .IsRequired();
 
             modelBuilder.Entity<UserCertificate>()
                 .HasKey(uc => uc.Key);

src/NuGetGallery.Core/Services/CloudBlobCoreFileStorageService.cs

@@ -446,6 +446,9 @@ private static string GetContentType(string folderName)
                 case CoreConstants.PackageReadMesFolderName:
                     return CoreConstants.TextContentType;
 
+                case CoreConstants.UserCertificatesFolderName:
+                    return CoreConstants.CertificateContentType;
+
                 default:
                     throw new InvalidOperationException(
                         String.Format(CultureInfo.CurrentCulture, "The folder name {0} is not supported.", folderName));

src/NuGetGallery/App_Data/Files/Content/Login-Discontinuation-Configuration.json

@@ -1,20 +1,21 @@
 {
-  "DiscontinuedForEmailAddresses": [
-    "[email protected]"
-  ],
-  "DiscontinuedForDomains": [
-    "cannotUsePassword.com"
-  ],
-  "ExceptionsForEmailAddresses": [
-    "[email protected]"
-  ],
-  "ForceTransformationToOrganizationForEmailAddresses": [
-    "[email protected]"
-  ],
-  "EnabledOrganizationAadTenants": [
-    {
-      "EmailDomain": "tenantOnly.com",
-      "TenantId":  "tenantID"
-    }
-  ]
+    "IsPasswordDiscontinuedForAll": false,
+    "DiscontinuedForEmailAddresses": [
+        "[email protected]"
+    ],
+    "DiscontinuedForDomains": [
+        "cannotUsePassword.com"
+    ],
+    "ExceptionsForEmailAddresses": [
+        "[email protected]"
+    ],
+    "ForceTransformationToOrganizationForEmailAddresses": [
+        "[email protected]"
+    ],
+    "EnabledOrganizationAadTenants": [
+        {
+            "EmailDomain": "tenantOnly.com",
+            "TenantId": "tenantID"
+        }
+    ]
 }

src/NuGetGallery/App_Start/AppActivator.cs

@@ -198,7 +198,7 @@ private static void BundlingPostStart()
             BundleTable.Bundles.Add(newScriptBundle);
 
             var d3ScriptBundle = new ScriptBundle("~/Scripts/gallery/stats.min.js")
-                .Include("~/Scripts/gallery/d3.v3.js")
+                .Include("~/Scripts/d3/d3.js")
                 .Include("~/Scripts/gallery/stats-perpackagestatsgraphs.js")
                 .Include("~/Scripts/gallery/stats-dimensions.js");
             BundleTable.Bundles.Add(d3ScriptBundle);

src/NuGetGallery/App_Start/DefaultDependenciesModule.cs

@@ -272,14 +272,6 @@ protected override void Load(ContainerBuilder builder)
                 .As<ICertificateService>()
                 .InstancePerLifetimeScope();
 
-            if (configuration.Current.IsHosted)
-            {
-                HostingEnvironment.QueueBackgroundWorkItem(async cancellationToken => await DependencyResolver
-                    .Current
-                    .GetService<IContentObjectService>()
-                    .Refresh());
-            }
-
             Func<MailSender> mailSenderFactory = () =>
                 {
                     var settings = configuration;

src/NuGetGallery/App_Start/OwinStartup.cs

@@ -7,6 +7,7 @@
 using System.Net;
 using System.Threading.Tasks;
 using System.Web;
+using System.Web.Hosting;
 using System.Web.Http;
 using System.Web.Mvc;
 using Elmah;
@@ -60,6 +61,16 @@ public static void Configuration(IAppBuilder app)
             var config = dependencyResolver.GetService<IGalleryConfigurationService>();
             var auth = dependencyResolver.GetService<AuthenticationService>();
 
+            // Configure machine key for session persistence across slots
+            SessionPersistence.Setup(config);
+
+            // Refresh the content for the ContentObjectService to guarantee it has loaded the latest configuration on startup.
+            if (config.Current.IsHosted)
+            {
+                var contentObjectService = dependencyResolver.GetService<IContentObjectService>();
+                HostingEnvironment.QueueBackgroundWorkItem(async cancellationToken => await contentObjectService.Refresh());
+            }
+
             // Setup telemetry
             var instrumentationKey = config.Current.AppInsightsInstrumentationKey;
             if (!string.IsNullOrEmpty(instrumentationKey))

src/NuGetGallery/App_Start/SessionPersistence.cs

@@ -0,0 +1,45 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Configuration;
+using System.Reflection;
+using System.Web.Configuration;
+using NuGetGallery.Configuration;
+
+namespace NuGetGallery
+{
+    public static class SessionPersistence
+    {
+        public static void Setup(IGalleryConfigurationService config)
+        {
+            // The machine keys are used for encrypting/decrypting cookies used by ASP.NET, these are usually set by IIS in 'Auto' mode. 
+            // During a deployment to Azure cloud service the same machine key values are set on all the instances of a given cloud service,
+            // thereby providing session persistence across different instances in the same deployment slot. However, across different slots(staging vs production)
+            // these session keys are different. Thereby causing the loss of session upon a slot swap. Manually setting these values on role start ensures same
+            // keys are used by all the instances across all the slots of a Azure cloud service. See more analysis here: https://github.com/NuGet/Engineering/issues/1329
+            if (config.Current.EnableMachineKeyConfiguration
+                && !string.IsNullOrWhiteSpace(config.Current.MachineKeyDecryption)
+                && !string.IsNullOrWhiteSpace(config.Current.MachineKeyDecryptionKey)
+                && !string.IsNullOrWhiteSpace(config.Current.MachineKeyValidationAlgorithm)
+                && !string.IsNullOrWhiteSpace(config.Current.MachineKeyValidationKey))
+            {
+                var mksType = typeof(MachineKeySection);
+                var mksSection = ConfigurationManager.GetSection("system.web/machineKey") as MachineKeySection;
+                var resetMethod = mksType.GetMethod("Reset", BindingFlags.NonPublic | BindingFlags.Instance);
+
+                var machineKeyConfig = new MachineKeySection();
+                machineKeyConfig.ApplicationName = mksSection.ApplicationName;
+                machineKeyConfig.CompatibilityMode = mksSection.CompatibilityMode;
+                machineKeyConfig.DataProtectorType = mksSection.DataProtectorType;
+                machineKeyConfig.Validation = mksSection.Validation;
+
+                machineKeyConfig.DecryptionKey = config.Current.MachineKeyDecryptionKey;
+                machineKeyConfig.Decryption = config.Current.MachineKeyDecryption;
+                machineKeyConfig.ValidationKey = config.Current.MachineKeyValidationKey;
+                machineKeyConfig.ValidationAlgorithm = config.Current.MachineKeyValidationAlgorithm;
+
+                resetMethod.Invoke(mksSection, new object[] { machineKeyConfig });
+            }
+        }
+    }
+}

src/NuGetGallery/Areas/Admin/Controllers/SupportRequestController.cs

@@ -87,11 +87,11 @@ public async Task<ActionResult> EnableAdmin(int key)
 
         [HttpPost]
         [ValidateAntiForgeryToken]
-        public async Task<ActionResult> AddAdmin(string galleryUsername, string pagerDutyUsername)
+        public async Task<ActionResult> AddAdmin(string galleryUsername)
         {
             try
             {
-                await _supportRequestService.AddAdminAsync(galleryUsername, pagerDutyUsername);
+                await _supportRequestService.AddAdminAsync(galleryUsername);
 
                 return new HttpStatusCodeResult(HttpStatusCode.NoContent);
             }
@@ -103,11 +103,11 @@ public async Task<ActionResult> AddAdmin(string galleryUsername, string pagerDut
 
         [HttpPost]
         [ValidateAntiForgeryToken]
-        public async Task<ActionResult> UpdateAdmin(int key, string galleryUsername, string pagerDutyUsername)
+        public async Task<ActionResult> UpdateAdmin(int key, string galleryUsername)
         {
             try
             {
-                await _supportRequestService.UpdateAdminAsync(key, galleryUsername, pagerDutyUsername);
+                await _supportRequestService.UpdateAdminAsync(key, galleryUsername);
 
                 return new HttpStatusCodeResult(HttpStatusCode.NoContent);
             }

src/NuGetGallery/Areas/Admin/Migrations/201805221605033_DropPagerDutyColumn.cs

@@ -0,0 +1,20 @@
+namespace NuGetGallery.Areas.Admin
+{
+    using System;
+    using System.Data.Entity.Migrations;
+
+    public partial class DropPagerDutyColumn : DbMigration
+    {
+        public override void Up()
+        {
+            DropIndex("dbo.Admins", new[] { "PagerDutyUsername" });
+            DropColumn("dbo.Admins", "PagerDutyUsername");
+        }
+
+        public override void Down()
+        {
+            AddColumn("dbo.Admins", "PagerDutyUsername", c => c.String(nullable: false, maxLength: 255, unicode: false));
+            CreateIndex("dbo.Admins", "PagerDutyUsername");
+        }
+    }
+}