From a0ec7add404d2eba96cd01298fea0fc59fc01b5e Mon Sep 17 00:00:00 2001
From: Xiaomin Wu <xiaowu@microsoft.com>
Date: Tue, 10 Mar 2015 10:57:47 -0700
Subject: [PATCH] FIXED: #1492, should not see or install unlisted packages

---
 Kudu.Core/SiteExtensions/FeedExtensions.cs    |  4 +-
 Kudu.FunctionalTests/SiteExtensionApiFacts.cs | 51 +++++++++++++++++++
 2 files changed, 53 insertions(+), 2 deletions(-)

diff --git a/Kudu.Core/SiteExtensions/FeedExtensions.cs b/Kudu.Core/SiteExtensions/FeedExtensions.cs
index 90a474023..169353bb0 100644
--- a/Kudu.Core/SiteExtensions/FeedExtensions.cs
+++ b/Kudu.Core/SiteExtensions/FeedExtensions.cs
@@ -42,7 +42,7 @@ public static async Task<UIPackageMetadata> GetLatestPackageById(this SourceRepo
         {
             UIPackageMetadata latestPackage = null;
             var metadataResource = await srcRepo.GetResourceAsync<UIMetadataResource>();
-            IEnumerable<UIPackageMetadata> packages = await metadataResource.GetMetadata(packageId, true, true, CancellationToken.None);
+            IEnumerable<UIPackageMetadata> packages = await metadataResource.GetMetadata(packageId, includePrerelease: true, includeUnlisted: false, token: CancellationToken.None);
             foreach (var p in packages)
             {
                 if (latestPackage == null ||
@@ -61,7 +61,7 @@ public static async Task<UIPackageMetadata> GetLatestPackageById(this SourceRepo
         public static async Task<UIPackageMetadata> GetPackageByIdentity(this SourceRepository srcRepo, string packageId, string version)
         {
             var metadataResource = await srcRepo.GetResourceAsync<UIMetadataResource>();
-            IEnumerable<UIPackageMetadata> packages = await metadataResource.GetMetadata(packageId, true, true, CancellationToken.None);
+            IEnumerable<UIPackageMetadata> packages = await metadataResource.GetMetadata(packageId, includePrerelease: true, includeUnlisted: false, token: CancellationToken.None);
             NuGetVersion expectedVersion = NuGetVersion.Parse(version);
             return packages.FirstOrDefault((p) =>
             {
diff --git a/Kudu.FunctionalTests/SiteExtensionApiFacts.cs b/Kudu.FunctionalTests/SiteExtensionApiFacts.cs
index e768beeff..0d033a44b 100644
--- a/Kudu.FunctionalTests/SiteExtensionApiFacts.cs
+++ b/Kudu.FunctionalTests/SiteExtensionApiFacts.cs
@@ -490,6 +490,57 @@ public async Task SiteExtensionParallelInstallationTest(string feedEndpoint, str
             });
         }
 
+        [Fact]
+        public async Task SiteExtensionShouldNotSeeUnlistPackage()
+        {
+            const string appName = "SiteExtensionShouldNotSeeUnlistPackage";
+            const string externalPackageId = "SimpleSite";
+            const string unlistedVersion = "3.0.0";
+            const string externalFeed = "https://www.myget.org/F/simplesvc/";
+
+            await ApplicationManager.RunAsync(appName, async appManager =>
+            {
+                var manager = appManager.SiteExtensionManager;
+
+                HttpResponseMessage response = await manager.GetRemoteExtension(externalPackageId, feedUrl: externalFeed);
+                SiteExtensionInfo info = await response.Content.ReadAsAsync<SiteExtensionInfo>();
+                Assert.NotEqual(unlistedVersion, info.Version);
+
+                var ex = await KuduAssert.ThrowsUnwrappedAsync<HttpUnsuccessfulRequestException>(async () =>
+                {
+                    await manager.GetRemoteExtension(externalPackageId, version: unlistedVersion, feedUrl: externalFeed);
+                });
+                Assert.Equal(HttpStatusCode.NotFound, ex.ResponseMessage.StatusCode);
+
+                response = await manager.GetRemoteExtensions(externalPackageId, allowPrereleaseVersions: true, feedUrl: externalFeed);
+                List<SiteExtensionInfo> infos = await response.Content.ReadAsAsync<List<SiteExtensionInfo>>();
+                Assert.NotEmpty(infos);
+                foreach (var item in infos)
+                {
+                    Assert.NotEqual(unlistedVersion, item.Version);
+                }
+
+                UpdateHeaderIfGoingToBeArmRequest(manager.Client, isArmRequest: true);
+                response = await manager.GetRemoteExtension(externalPackageId, feedUrl: externalFeed);
+                ArmEntry<SiteExtensionInfo> armInfo = await response.Content.ReadAsAsync<ArmEntry<SiteExtensionInfo>>();
+                Assert.NotEqual(unlistedVersion, armInfo.Properties.Version);
+
+                ex = await KuduAssert.ThrowsUnwrappedAsync<HttpUnsuccessfulRequestException>(async () =>
+                {
+                    await manager.GetRemoteExtension(externalPackageId, version: unlistedVersion, feedUrl: externalFeed);
+                });
+                Assert.Equal(HttpStatusCode.NotFound, ex.ResponseMessage.StatusCode);
+
+                response = await manager.GetRemoteExtensions(externalPackageId, allowPrereleaseVersions: true, feedUrl: externalFeed);
+                ArmListEntry<SiteExtensionInfo> armInfos = await response.Content.ReadAsAsync<ArmListEntry<SiteExtensionInfo>>();
+                Assert.NotEmpty(armInfos.Value);
+                foreach (var item in armInfos.Value)
+                {
+                    Assert.NotEqual(unlistedVersion, item.Properties.Version);
+                }
+            });
+        }
+
         private async Task<HttpResponseMessage> PollAndVerifyAfterArmInstallation(RemoteSiteExtensionManager manager, string packageId)
         {
             TestTracer.Trace("Polling for status for '{0}'", packageId);