Added FeedOnlyMode to support NuGetV2RepositoryMirrors #2212

Merged
merged 8 commits into from Jun 18, 2014

Conversation

Projects
None yet
3 participants
Member

deepakaravindr commented Jun 12, 2014

Added FeedOnlyMode to support NuGetV2RepositoryMirrors

  1. TODO: Always prevent user registration in the FeedOnlyMode

Fixes #2221

deepakaravindr added some commits Jun 11, 2014

Always register the home route
// The home route is used as a probe path by Azure Load Balancer
// to determine if the node is up. So, always register the home route
// Just do so with an Empty Home, in the FeedOnlyMode, which simply returns a 200
@@ -119,6 +119,11 @@ public virtual void CreateSession(IOwinContext owinContext, User user)
public virtual async Task<AuthenticatedUser> Register(string username, string emailAddress, Credential credential)
@jeffhandley

jeffhandley Jun 18, 2014

Member

If the routes aren't registered, how would this code have been reached?

Do other methods need the same guard?

@deepakaravindr

deepakaravindr Jun 18, 2014

Member

This is more of a defense-in-depth. If it were possible to hit the Register method if the ControllerName and ActionName are known, by any means, it is prevented. We only need to stop Register from executing, since, unregistered users can never push a package. With other methods though it is not a concern

@anurse

anurse Jun 18, 2014

Member

👍 to defense-in-depth

+ [Serializable]
+ public class FeedOnlyModeException : Exception
+ {
+ public const string FeedOnlyModeError = "Illegal request! Running on Feed Only mode. User Registration or authentication is disallowed";
@jeffhandley

jeffhandley Jun 18, 2014

Member

Nit: Add a period at the end of the last sentence.

Member

jeffhandley commented Jun 18, 2014

Looks good to me

- Routes.RegisterRoutes(RouteTable.Routes);
+ if (!configuration.FeedOnlyMode)
+ {
+ Routes.RegisterRoutes(RouteTable.Routes);
@anurse

anurse Jun 18, 2014

Member

Perhaps rename this to RegisterUIRoutes to be clear

@deepakaravindr

deepakaravindr Jun 18, 2014

Member

Done. Also, refactored code a little bit to move "feedOnlyMode" check to RegisterRoutes method in Routes.cs which calls RegisterUIRoutes, RegisterAPIV2Routes and so on. This helps ensure that existing unit tests call RegisterAPIV2Routes by calling RegisterRoutes(). RegisterServiceRoutes is still called from AppActivator.cs, so that, existing unit tests do not fail

Member

anurse commented Jun 18, 2014

:shipit:

deepakaravindr added some commits Jun 18, 2014

Refactored Route Registration methods.
There is always the RegisterRoutes method which the AppActivator and test
methods call with/without bool feedOnlyMode
Doing it the old way w.r.t RegisterServiceRoutes(). Call it independe…
…ntly

from the rest of the routes. Otherwise, a lot of unit tests fail

deepakaravindr added a commit that referenced this pull request Jun 18, 2014

Merge pull request #2212 from NuGet/daravind/FeedOnlyMode
Added FeedOnlyMode to support NuGetV2RepositoryMirrors

@deepakaravindr deepakaravindr merged commit ddd4d58 into master Jun 18, 2014

1 check passed

default Finished TeamCity Build Services :: V2 Gallery :: Pending Changes : Tests passed: 874
Details

@maartenba maartenba deleted the daravind/FeedOnlyMode branch Jun 12, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment