SecurityPolicyService.IsSubscribed should ignore state (#6753)

* SecurityPolicyService.IsSubscribed should ignore state #1970

* Added unit test

* improve assertion

Author: xavierdecoster

src/NuGetGallery/Security/SecurityPolicyService.cs

@@ -354,7 +354,10 @@ public bool IsSubscribed(User user, IUserSecurityPolicySubscription subscription
             var subscribed = FindPolicies(user, subscription);
             var required = subscription.Policies;
 
-            return required.All(rp => subscribed.Any(sp => sp.Equals(rp)));
+            return required.All(rp => 
+                    subscribed.Any(sp => 
+                        string.Equals(sp.Name, rp.Name, StringComparison.OrdinalIgnoreCase)
+                        && string.Equals(sp.Subscription, rp.Subscription, StringComparison.OrdinalIgnoreCase)));
         }
 
         /// <summary>

tests/NuGetGallery.Facts/Areas/Admin/Controllers/SecurityPolicyControllerFacts.cs

@@ -188,6 +188,30 @@ public async Task UpdateUnsubscribesUsers()
             policyService.MockEntitiesContext.Verify(c => c.SaveChangesAsync(), Times.Exactly(2));
         }
 
+        [Fact]
+        public void IsSubscribedIgnoresPolicyState()
+        {
+            // Arrange.
+            var users = TestUsers.ToList();
+            var policyService = new TestSecurityPolicyService();
+            var entitiesMock = policyService.MockEntitiesContext;
+            entitiesMock.Setup(c => c.Users).Returns(users.MockDbSet().Object);
+            var controller = new SecurityPolicyController(entitiesMock.Object, policyService);
+            var subscription = policyService.Mocks.UserPoliciesSubscription.Object;
+
+            users.ForEach(async u => await policyService.SubscribeAsync(u, subscription));
+            policyService.MockEntitiesContext.ResetCalls();
+
+            // Act.
+            // Simulates changes to the configurable state of all existing policy subscriptions
+            users.ForEach(u => 
+                u.SecurityPolicies.Where(p => p.Subscription == subscription.SubscriptionName).ToList().ForEach(p => 
+                    p.Value = Guid.NewGuid().ToString()));
+
+            // Assert.
+            Assert.All(users, u => Assert.True(policyService.IsSubscribed(u, subscription)));
+        }
+
         [Fact]
         public async Task UpdateIgnoresBadUsers()
         {