Merge pull request #6167 from NuGet/dev

[ReleasePrep][2018.07.16]RI of dev into master

README.md

@@ -27,7 +27,10 @@ This project has adopted the [Microsoft Open Source Code of Conduct](https://ope
 4. Set up the website!
 
     ```PS C:\Code\NuGetGallery> .\tools\Setup-DevEnvironment.ps1```
-5. Ensure the `NugetGallery` project is the StartUp Project and press `F5` to run the site! That's it!
+
+5. If you would like to configure your gallery instance to use MSA/AAD, please follow the steps listed [here](https://github.com/NuGet/NuGetGallery/wiki/Configuring-MSA-AAD-for-your-on-prem-gallery-instance).
+
+6. Ensure the `NugetGallery` project is the StartUp Project and press `F5` to run the site! That's it!
 
 When working with the gallery, e-mail messages are saved to the file system (under `~/App_Data`).
 You can use an SMTP server instead by editing `src\NuGetGallery\Web.Config` and adding a `Gallery.SmtpUri`
@@ -45,7 +48,7 @@ You can undo this with this command:
     git update-index --no-assume-unchanged .vs/config/applicationhost.config
 
 This should help prevent unwanted file commits.
-    
+
 ## Contribute
 If you find a bug with the gallery, please visit the [Issue tracker](https://github.com/NuGet/NuGetGallery/issues) and 
 create an issue. If you're feeling generous, please search to see if the issue is already logged before creating a 

src/Bootstrap/less/theme/page-display-package.less

@@ -19,6 +19,11 @@
     }
   }
 
+  .failed-validation-alert-list {
+    margin-top: 15px;
+    margin-bottom: 15px;
+  }
+
   .package-details-main {
     .break-word;
 

src/NuGetGallery.Core/Entities/AccountDelete.cs

@@ -37,10 +37,9 @@ public class AccountDelete
         /// </summary>
         public User DeletedBy { get; set; }
 
-        /// <summary>
-        /// The signature of the admin.
-        /// </summary>
-        [Required]
-        public string Signature { get; set; }
+         /// <summary>
+         /// The signature of the admin.
+         /// </summary>
+         public string Signature { get; set; }
     }
 }

src/NuGetGallery.Core/Extensions/PackageValidationSetExtensions.cs

@@ -0,0 +1,42 @@
+using NuGet.Services.Validation;
+using NuGet.Services.Validation.Issues;
+using System.Collections.Generic;
+using System.Linq;
+
+namespace NuGetGallery
+{
+    public static class PackageValidationSetExtensions
+    {
+        public static IReadOnlyList<ValidationIssue> GetValidationIssues(this PackageValidationSet validationSet)
+        {
+            IReadOnlyList<ValidationIssue> issues = null;
+
+            if (validationSet != null)
+            {
+                // Get the failed validation set's validation issues. The issues are ordered by their
+                // key so that it appears that issues are appended as more validations fail.
+                issues = validationSet
+                    .PackageValidations
+                    .SelectMany(v => v.PackageValidationIssues)
+                    .OrderBy(i => i.Key)
+                    .Select(i => ValidationIssue.Deserialize(i.IssueCode, i.Data))
+                    .ToList();
+
+                // Filter out unknown issues and deduplicate the issues by code and data. This also deduplicates cases
+                // where there is extraneous data in the serialized data field or if the issue code is unknown.
+                issues = issues
+                    .GroupBy(x => new { x.IssueCode, Data = x.Serialize() })
+                    .Select(x => x.First())
+                    .ToList();
+            }
+
+            // If the package failed validation but we could not find an issue that explains why, use a generic error message.
+            if (issues == null || !issues.Any())
+            {
+                issues = new[] { ValidationIssue.Unknown };
+            }
+
+            return issues;
+        }
+    }
+}

src/NuGetGallery.Core/NuGetGallery.Core.csproj

@@ -146,6 +146,7 @@
     <Compile Include="Entities\User.cs" />
     <Compile Include="Extensions\EntitiesContextExtensions.cs" />
     <Compile Include="Extensions\PackageRegistrationExtensions.cs" />
+    <Compile Include="Extensions\PackageValidationSetExtensions.cs" />
     <Compile Include="Extensions\UserExtensionsCore.cs" />
     <Compile Include="ICloudStorageStatusDependency.cs" />
     <Compile Include="Infrastructure\AzureEntityList.cs" />
@@ -187,7 +188,9 @@
     <Compile Include="Services\ICorePackageService.cs" />
     <Compile Include="Services\IFileReference.cs" />
     <Compile Include="Services\ICoreFileStorageService.cs" />
+    <Compile Include="Services\IFileMetadataService.cs" />
     <Compile Include="Services\ISimpleCloudBlob.cs" />
+    <Compile Include="Services\PackageFileServiceMetadata.cs" />
     <Compile Include="Services\TestableStorageClientException.cs" />
     <Compile Include="StreamExtensions.cs" />
     <Compile Include="CoreStrings.Designer.cs">
@@ -242,6 +245,12 @@
     <PackageReference Include="NuGet.Packaging.Core">
       <Version>4.8.0-preview4.5287</Version>
     </PackageReference>
+    <PackageReference Include="NuGet.Services.Validation">
+      <Version>2.26.0-master-33196</Version>
+    </PackageReference>
+    <PackageReference Include="NuGet.Services.Validation.Issues">
+      <Version>2.26.0-master-33196</Version>
+    </PackageReference>
     <PackageReference Include="NuGet.Versioning">
       <Version>4.8.0-preview4.5287</Version>
     </PackageReference>

src/NuGetGallery.Core/Services/CloudBlobCoreFileStorageService.cs

@@ -470,7 +470,7 @@ await blob.DownloadToStreamAsync(
                 {
                     return new StorageResult(HttpStatusCode.NotModified, null);
                 }
-                else if (ex.RequestInformation.ExtendedErrorInformation.ErrorCode == BlobErrorCodeStrings.BlobNotFound)
+                else if (ex.RequestInformation.ExtendedErrorInformation?.ErrorCode == BlobErrorCodeStrings.BlobNotFound)
                 {
                     return new StorageResult(HttpStatusCode.NotFound, null);
                 }

src/NuGetGallery.Core/Services/CoreMessageService.cs

@@ -5,7 +5,10 @@
 using System.Globalization;
 using System.Linq;
 using System.Net.Mail;
+using System.Text;
 using AnglicanGeek.MarkdownMailer;
+using NuGet.Services.Validation;
+using NuGet.Services.Validation.Issues;
 
 namespace NuGetGallery.Services
 {
@@ -50,58 +53,41 @@ [change your email notification settings]({emailSettingsUrl}).
             }
         }
 
-        public void SendPackageValidationFailedNotice(Package package, string packageUrl, string packageSupportUrl)
+        public void SendPackageValidationFailedNotice(Package package, PackageValidationSet validationSet, string packageUrl, string packageSupportUrl, string announcementsUrl, string twitterUrl)
         {
-            string subject = "[{0}] Package validation failed - {1} {2}";
-            string body = @"The package [{1} {2}]({3}) failed validation and was therefore not published on {0}. Note that the package will not be available for consumption and you will not be able to push the same package ID and version until further action is taken. Please [contact support]({4}) for next steps.";
+            var validationIssues = validationSet.GetValidationIssues();
 
-            body = string.Format(
-                CultureInfo.CurrentCulture,
-                body,
-                CoreConfiguration.GalleryOwner.DisplayName,
-                package.PackageRegistration.Id,
-                package.Version,
-                packageUrl,
-                packageSupportUrl);
-
-            subject = string.Format(CultureInfo.CurrentCulture, subject, CoreConfiguration.GalleryOwner.DisplayName, package.PackageRegistration.Id, package.Version);
+            var subject = $"[{CoreConfiguration.GalleryOwner.DisplayName}] Package validation failed - {package.PackageRegistration.Id} {package.Version}";
+            var bodyBuilder = new StringBuilder();
+            bodyBuilder.Append($@"The package [{package.PackageRegistration.Id} {package.Version}]({packageUrl}) failed validation because of the following reason(s):
+");
 
-            using (var mailMessage = new MailMessage())
+            foreach (var validationIssue in validationIssues)
             {
-                mailMessage.Subject = subject;
-                mailMessage.Body = body;
-                mailMessage.From = CoreConfiguration.GalleryNoReplyAddress;
-
-                AddAllOwnersToMailMessage(package.PackageRegistration, mailMessage);
-
-                if (mailMessage.To.Any())
-                {
-                    SendMessage(mailMessage, copySender: false);
-                }
+                bodyBuilder.Append($@"
+- {ParseValidationIssue(validationIssue, announcementsUrl, twitterUrl)}");
             }
-        }
 
-        public void SendSignedPackageNotAllowedNotice(Package package, string packageUrl, string announcementsUrl, string twitterUrl)
-        {
-            string subject = "[{0}] Package validation failed - {1} {2}";
-            string body = @"The package [{1} {2}]({3}) could not be published since it is signed. {0} does not accept signed packages at this moment. To be notified when {0} starts accepting signed packages, and more, watch our [Announcements]({4}) page or follow us on [Twitter]({5}).";
+            bodyBuilder.Append($@"
 
-            body = string.Format(
-                CultureInfo.CurrentCulture,
-                body,
-                CoreConfiguration.GalleryOwner.DisplayName,
-                package.PackageRegistration.Id,
-                package.Version,
-                packageUrl,
-                announcementsUrl,
-                twitterUrl);
+Your package was not published on {CoreConfiguration.GalleryOwner.DisplayName} and is not available for consumption.
 
-            subject = string.Format(CultureInfo.CurrentCulture, subject, CoreConfiguration.GalleryOwner.DisplayName, package.PackageRegistration.Id, package.Version);
+");
+
+            if (validationIssues.Any(i => i.IssueCode == ValidationIssueCode.Unknown))
+            {
+                bodyBuilder.Append($"Please [contact support]({packageSupportUrl}) to help fix your package.");
+            }
+            else
+            {
+                var issuePluralString = validationIssues.Count() > 1 ? "all the issues" : "the issue";
+                bodyBuilder.Append($"You can reupload your package once you've fixed {issuePluralString} with it.");
+            }
 
             using (var mailMessage = new MailMessage())
             {
                 mailMessage.Subject = subject;
-                mailMessage.Body = body;
+                mailMessage.Body = bodyBuilder.ToString();
                 mailMessage.From = CoreConfiguration.GalleryNoReplyAddress;
 
                 AddAllOwnersToMailMessage(package.PackageRegistration, mailMessage);
@@ -113,6 +99,37 @@ public void SendSignedPackageNotAllowedNotice(Package package, string packageUrl
             }
         }
 
+        private static string ParseValidationIssue(ValidationIssue validationIssue, string announcementsUrl, string twitterUrl)
+        {
+            switch (validationIssue.IssueCode)
+            {
+                case ValidationIssueCode.PackageIsSigned:
+                    return $"This package could not be published since it is signed. We do not accept signed packages at this moment. To be notified about package signing and more, watch our [Announcements]({announcementsUrl}) page or follow us on [Twitter]({twitterUrl}).";
+                case ValidationIssueCode.ClientSigningVerificationFailure:
+                    var clientIssue = (ClientSigningVerificationFailure)validationIssue;
+                    return clientIssue != null 
+                        ? $"**{clientIssue.ClientCode}**: {clientIssue.ClientMessage}" 
+                        : "This package's signature was unable to be verified.";
+                case ValidationIssueCode.PackageIsZip64:
+                    return "Zip64 packages are not supported.";
+                case ValidationIssueCode.OnlyAuthorSignaturesSupported:
+                    return "Signed packages must only have an author signature. Other signature types are not supported.";
+                case ValidationIssueCode.AuthorAndRepositoryCounterSignaturesNotSupported:
+                    return "Author countersignatures and repository countersignatures are not supported.";
+                case ValidationIssueCode.OnlySignatureFormatVersion1Supported:
+                    return "**NU3007:** Package signatures must have format version 1.";
+                case ValidationIssueCode.AuthorCounterSignaturesNotSupported:
+                    return "Author countersignatures are not supported.";
+                case ValidationIssueCode.PackageIsNotSigned:
+                    return "This package must be signed with a registered certificate. [Read more...](https://aka.ms/nuget-signed-ref)";
+                case ValidationIssueCode.PackageIsSignedWithUnauthorizedCertificate:
+                    var certIssue = (UnauthorizedCertificateFailure)validationIssue;
+                    return $"The package was signed, but the signing certificate {(certIssue != null ? $"(SHA-1 thumbprint {certIssue.Sha1Thumbprint})" : "")} is not associated with your account. You must register this certificate to publish signed packages. [Read more...](https://aka.ms/nuget-signed-ref)";
+                default:
+                    return "There was an unknown failure when validating your package.";
+            }
+        }
+
         public void SendValidationTakingTooLongNotice(Package package, string packageUrl)
         {
             string subject = "[{0}] Package validation taking longer than expected - {1} {2}";