NuGet · chenriksson · May 16, 2017 · May 11, 2017 · May 11, 2017 · May 11, 2017
diff --git a/src/NuGetGallery.Core/Auditing/AuditedEntities/AuditedUserSecurityPolicy.cs b/src/NuGetGallery.Core/Auditing/AuditedEntities/AuditedUserSecurityPolicy.cs
@@ -0,0 +1,22 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace NuGetGallery.Auditing.AuditedEntities
+{
+    /// <summary>
+    /// Auditing details for UserSecurityPolicy entity.
+    /// </summary>
+    public class AuditedUserSecurityPolicy
+    {
+        public string Name { get; }
+        public string Subscription { get; }
+        public string Value { get; }
+
+        public AuditedUserSecurityPolicy(UserSecurityPolicy policy)
+        {
+            Name = policy.Name;
+            Subscription = policy.Subscription;
+            Value = policy.Value;
+        }
+    }
+}
diff --git a/src/NuGetGallery.Core/Auditing/AuditedPackageAction.cs b/src/NuGetGallery.Core/Auditing/AuditedPackageAction.cs
@@ -12,7 +12,6 @@ public enum AuditedPackageAction
         Unlist,
         Edit,
         UndoEdit,
-
-
+        Verify
     }
 }
diff --git a/src/NuGetGallery.Core/Auditing/AuditedSecurityPolicyAction.cs b/src/NuGetGallery.Core/Auditing/AuditedSecurityPolicyAction.cs
@@ -0,0 +1,11 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace NuGetGallery.Auditing
+{
+    public enum AuditedSecurityPolicyAction
+    {
+        Create,
+        Verify
+    }
+}
diff --git a/src/NuGetGallery.Core/Auditing/AuditedUserAction.cs b/src/NuGetGallery.Core/Auditing/AuditedUserAction.cs
@@ -14,6 +14,8 @@ public enum AuditedUserAction
         ChangeEmail,
         CancelChangeEmail,
         ConfirmEmail,
-        Login
+        Login,
+        SubscribeToPolicies,
+        UnsubscribeFromPolicies
     }
 }
diff --git a/src/NuGetGallery.Core/Auditing/UserAuditAction.cs b/src/NuGetGallery.Core/Auditing/UserAuditAction.cs
diff --git a/src/NuGetGallery.Core/Auditing/UserAuditRecord.cs b/src/NuGetGallery.Core/Auditing/UserAuditRecord.cs
@@ -4,6 +4,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using NuGetGallery.Auditing.AuditedEntities;
 
 namespace NuGetGallery.Auditing
 {
@@ -17,6 +18,11 @@ public class UserAuditRecord : AuditRecord<AuditedUserAction>
         public CredentialAuditRecord[] AffectedCredential { get; }
         public string AffectedEmailAddress { get; }
 
+        /// <summary>
+        /// Subset of user policies affected by the action (subscription / unsubscription).
+        /// </summary>
+        public AuditedUserSecurityPolicy[] AffectedPolicies { get; }
+
         public UserAuditRecord(User user, AuditedUserAction action)
             : this(user, action, Enumerable.Empty<Credential>())
         {
@@ -55,7 +61,18 @@ public UserAuditRecord(User user, AuditedUserAction action, string affectedEmail
         {
             AffectedEmailAddress = affectedEmailAddress;
         }
-
+
+        public UserAuditRecord(User user, AuditedUserAction action, IEnumerable<UserSecurityPolicy> affectedPolicies)
+            : this(user, action, Enumerable.Empty<Credential>())
+        {
+            if (affectedPolicies == null || affectedPolicies.Count() == 0)
+            {
+                throw new ArgumentException(nameof(affectedPolicies));
+            }
+
+            AffectedPolicies = affectedPolicies.Select(p => new AuditedUserSecurityPolicy(p)).ToArray();
+        }
+
         public override string GetPath()
         {
             return Username.ToLowerInvariant();

diff --git a/src/NuGetGallery.Core/Auditing/UserSecurityPolicyAuditRecord.cs b/src/NuGetGallery.Core/Auditing/UserSecurityPolicyAuditRecord.cs
@@ -0,0 +1,50 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using NuGetGallery.Auditing.AuditedEntities;
+
+namespace NuGetGallery.Auditing
+{
+    /// <summary>
+    /// Audit record for failed user security policy evaluations.
+    /// </summary>
+    public class UserSecurityPolicyAuditRecord : AuditRecord<AuditedSecurityPolicyAction>
+    {
+        public string Username { get; }
+
+        public AuditedUserSecurityPolicy[] AffectedPolicies { get; }
+
+        public bool Success { get; set; }
+
+        public string ErrorMessage { get; }
+
+        public UserSecurityPolicyAuditRecord(string username,
+            AuditedSecurityPolicyAction action,
+            IEnumerable<UserSecurityPolicy> affectedPolicies,
+            bool success, string errorMessage = null)
+            :base(action)
+        {
+            if (string.IsNullOrEmpty(username))
+            {
+                throw new ArgumentNullException(nameof(username));
+            }
+            if (affectedPolicies == null || affectedPolicies.Count() == 0)
+            {
+                throw new ArgumentException(nameof(affectedPolicies));
+            }
+
+            Username = username;
+            AffectedPolicies = affectedPolicies.Select(p => new AuditedUserSecurityPolicy(p)).ToArray();
+            Success = success;
+            ErrorMessage = errorMessage;
+        }
+
+        public override string GetPath()
+        {
+            return Username.ToLowerInvariant();
+        }
+    }
+}
diff --git a/src/NuGetGallery.Core/NuGetGallery.Core.csproj b/src/NuGetGallery.Core/NuGetGallery.Core.csproj
@@ -122,11 +122,14 @@
     <Compile Include="Auditing\AuditedEntities\AuditedPackage.cs" />
     <Compile Include="Auditing\AuditedEntities\AuditedPackageIdentifier.cs" />
     <Compile Include="Auditing\AuditedAuthenticatedOperationAction.cs" />
+    <Compile Include="Auditing\AuditedEntities\AuditedUserSecurityPolicy.cs" />
+    <Compile Include="Auditing\AuditedSecurityPolicyAction.cs" />
     <Compile Include="Auditing\AuditEntry.cs" />
     <Compile Include="Auditing\AuditActor.cs" />
     <Compile Include="Auditing\AuditingService.cs" />
     <Compile Include="Auditing\AuditRecord.cs" />
     <Compile Include="Auditing\FailedAuthenticatedOperationAuditRecord.cs" />
+    <Compile Include="Auditing\UserSecurityPolicyAuditRecord.cs" />
     <Compile Include="Auditing\FileSystemAuditingService.cs" />
     <Compile Include="Auditing\CloudAuditingService.cs" />
     <Compile Include="Auditing\CredentialAuditRecord.cs" />
@@ -139,7 +142,6 @@
     <Compile Include="Auditing\AuditedUserAction.cs" />
     <Compile Include="Auditing\PackageAuditRecord.cs" />
     <Compile Include="Auditing\ScopeAuditRecord.cs" />
-    <Compile Include="Auditing\UserAuditAction.cs" />
     <Compile Include="Auditing\UserAuditRecord.cs" />
     <Compile Include="CoreConstants.cs" />
     <Compile Include="CredentialTypes.cs" />

diff --git a/src/NuGetGallery/App_Start/DefaultDependenciesModule.cs b/src/NuGetGallery/App_Start/DefaultDependenciesModule.cs
@@ -207,6 +207,10 @@ protected override void Load(ContainerBuilder builder)
                 .As<ISecurityPolicyService>()
                 .InstancePerLifetimeScope();
 
+            builder.RegisterType<SecurePushSubscription>()
+                .AsSelf()
+                .InstancePerLifetimeScope();
+
             var mailSenderThunk = new Lazy<IMailSender>(
                 () =>
                 {

diff --git a/src/NuGetGallery/Authentication/Providers/ApiKey/ApiKeyAuthenticationHandler.cs b/src/NuGetGallery/Authentication/Providers/ApiKey/ApiKeyAuthenticationHandler.cs
@@ -3,7 +3,6 @@
 
 using System;
 using System.Globalization;
-using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.Owin;

diff --git a/src/NuGetGallery/Controllers/ApiController.cs b/src/NuGetGallery/Controllers/ApiController.cs
@@ -23,6 +23,7 @@
 using NuGetGallery.Filters;
 using NuGetGallery.Infrastructure.Authentication;
 using NuGetGallery.Packaging;
+using NuGetGallery.Security;
 using PackageIdValidator = NuGetGallery.Packaging.PackageIdValidator;
 
 namespace NuGetGallery
@@ -47,6 +48,7 @@ public partial class ApiController
         public ITelemetryService TelemetryService { get; set; }
         public AuthenticationService AuthenticationService { get; set; }
         public ICredentialBuilder CredentialBuilder { get; set; }
+        protected ISecurityPolicyService SecurityPolicyService { get; set; }
 
         protected ApiController()
         {
@@ -69,7 +71,8 @@ public ApiController(
             IGalleryConfigurationService configurationService,
             ITelemetryService telemetryService,
             AuthenticationService authenticationService,
-            ICredentialBuilder credentialBuilder)
+            ICredentialBuilder credentialBuilder,
+            ISecurityPolicyService securityPolicies)
         {
             EntitiesContext = entitiesContext;
             PackageService = packageService;
@@ -87,6 +90,7 @@ public ApiController(
             TelemetryService = telemetryService;
             AuthenticationService = authenticationService;
             CredentialBuilder = credentialBuilder;
+            SecurityPolicyService = securityPolicies;
             StatisticsService = null;
         }
 
@@ -107,8 +111,11 @@ public ApiController(
             IGalleryConfigurationService configurationService,
             ITelemetryService telemetryService,
             AuthenticationService authenticationService,
-            ICredentialBuilder credentialBuilder)
-            : this(entitiesContext, packageService, packageFileService, userService, nugetExeDownloaderService, contentService, indexingService, searchService, autoCuratePackage, statusService, messageService, auditingService, configurationService, telemetryService, authenticationService, credentialBuilder)
+            ICredentialBuilder credentialBuilder,
+            ISecurityPolicyService securityPolicies)
+            : this(entitiesContext, packageService, packageFileService, userService, nugetExeDownloaderService, contentService,
+                  indexingService, searchService, autoCuratePackage, statusService, messageService, auditingService,
+                  configurationService, telemetryService, authenticationService, credentialBuilder, securityPolicies)
         {
             StatisticsService = statisticsService;
         }
@@ -224,15 +231,21 @@ public async virtual Task<ActionResult> CreatePackageVerificationKeyAsync(string
 
         [HttpGet]
         [RequireSsl]
-        [ApiAuthorize(SecurityPolicyAction.PackageVerify)]
+        [ApiAuthorize]
         [ApiScopeRequired(NuGetScopes.PackageVerify, NuGetScopes.PackagePush, NuGetScopes.PackagePushVersion)]
         [ActionName("VerifyPackageKey")]
         public async virtual Task<ActionResult> VerifyPackageKeyAsync(string id, string version)
         {
+            var policyResult = await SecurityPolicyService.EvaluateAsync(SecurityPolicyAction.PackageVerify, HttpContext);
+            if (!policyResult.Success)
+            {
+                return new HttpStatusCodeWithBodyResult(HttpStatusCode.BadRequest, policyResult.ErrorMessage);
+            }
+
             var user = GetCurrentUser();
             var credential = user.GetCurrentApiKeyCredential(User.Identity);
 
-            var result = VerifyPackageKeyInternal(user, credential, id, version);
+            var result = await VerifyPackageKeyInternalAsync(user, credential, id, version);
 
             // Expire and delete verification key after first use to avoid growing the database tables.
             if (CredentialTypes.IsPackageVerificationApiKey(credential.Type))
@@ -245,7 +258,7 @@ public async virtual Task<ActionResult> VerifyPackageKeyAsync(string id, string
             return (ActionResult)result ?? new EmptyResult();
         }
 
-        private HttpStatusCodeWithBodyResult VerifyPackageKeyInternal(User user, Credential credential, string id, string version)
+        private async Task<HttpStatusCodeWithBodyResult> VerifyPackageKeyInternalAsync(User user, Credential credential, string id, string version)
         {
             // Verify that the user has permission to push for the specific Id \ version combination.
             var package = PackageService.FindPackageByIdAndVersion(id, version);
@@ -254,7 +267,11 @@ private HttpStatusCodeWithBodyResult VerifyPackageKeyInternal(User user, Credent
                 return new HttpStatusCodeWithBodyResult(
                     HttpStatusCode.NotFound, String.Format(CultureInfo.CurrentCulture, Strings.PackageWithIdAndVersionNotFound, id, version));
             }
-
+
+            // Write an audit record
+            await AuditingService.SaveAuditRecordAsync(
+                new PackageAuditRecord(package, AuditedPackageAction.Verify, "Verified via API."));
+
             if (!package.IsOwner(user))
             {
                 return new HttpStatusCodeWithBodyResult(HttpStatusCode.Forbidden, Strings.ApiKeyNotAuthorized);
@@ -282,7 +299,7 @@ private HttpStatusCodeWithBodyResult VerifyPackageKeyInternal(User user, Credent
 
         [HttpPut]
         [RequireSsl]
-        [ApiAuthorize(SecurityPolicyAction.PackagePush)]
+        [ApiAuthorize]
         [ApiScopeRequired(NuGetScopes.PackagePush, NuGetScopes.PackagePushVersion)]
         [ActionName("PushPackageApi")]
         public virtual Task<ActionResult> CreatePackagePut()
@@ -292,7 +309,7 @@ public virtual Task<ActionResult> CreatePackagePut()
 
         [HttpPost]
         [RequireSsl]
-        [ApiAuthorize(SecurityPolicyAction.PackagePush)]
+        [ApiAuthorize]
         [ApiScopeRequired(NuGetScopes.PackagePush, NuGetScopes.PackagePushVersion)]
         [ActionName("PushPackageApi")]
         public virtual Task<ActionResult> CreatePackagePost()
@@ -302,6 +319,12 @@ public virtual Task<ActionResult> CreatePackagePost()
 
         private async Task<ActionResult> CreatePackageInternal()
         {
+            var policyResult = await SecurityPolicyService.EvaluateAsync(SecurityPolicyAction.PackagePush, HttpContext);
+            if (!policyResult.Success)
+            {
+                return new HttpStatusCodeWithBodyResult(HttpStatusCode.BadRequest, policyResult.ErrorMessage);
+            }
+
             // Get the user
             var user = GetCurrentUser();