public async Task Can_authenticate_with_passwordless_email_code()
{
// Arrange
var authenticationApiClient = new AuthenticationApiClient(new Uri(GetVariable("AUTH0_AUTHENTICATION_API_URL")));
// Arrange
var authenticationResponse = await authenticationApiClient.AuthenticateAsync(new AuthenticationRequest
{
ClientId = GetVariable("AUTH0_CLIENT_ID"),
Connection = "email",
GrantType = "password",
Scope = "openid",
Username = "******",
Password = "******"
});
authenticationResponse.Should().NotBeNull();
}
public async Task <ActionResult> Login(LoginViewModel vm, string returnUrl = null)
{
if (ModelState.IsValid)
{
try
{
AuthenticationApiClient client =
new AuthenticationApiClient(
new Uri($"https://{ConfigurationManager.AppSettings["auth0:Domain"]}/"));
var result = await client.AuthenticateAsync(new AuthenticationRequest
{
ClientId = ConfigurationManager.AppSettings["auth0:ClientId"],
Scope = "openid",
Connection = "Database-Connection", // Specify the correct name of your DB connection
Username = vm.EmailAddress,
Password = vm.Password
});
// Get user info from token
var user = await client.GetTokenInfoAsync(result.IdToken);
// Create claims principal
var claimsIdentity = new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.NameIdentifier, user.UserId),
new Claim(ClaimTypes.Name, user.FullName ?? user.Email),
new Claim("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider", "ASP.NET Identity", "http://www.w3.org/2001/XMLSchema#string")
}, DefaultAuthenticationTypes.ApplicationCookie);
// Sign user into cookie middleware
AuthenticationManager.SignIn(new AuthenticationProperties {
IsPersistent = false
}, claimsIdentity);
return(RedirectToLocal(returnUrl));
}
catch (Exception e)
{
ModelState.AddModelError("", e.Message);
}
}
return(View(vm));
}
public async Task Can_authenticate_with_passwordless_email_code()
{
// Arrange
var authenticationApiClient = new AuthenticationApiClient(new Uri(GetVariable("AUTH0_AUTHENTICATION_API_URL")));
// Arrange
var authenticationResponse = await authenticationApiClient.AuthenticateAsync(new AuthenticationRequest
{
ClientId = GetVariable("AUTH0_CLIENT_ID"),
Connection = "email",
GrantType = "password",
Scope = "openid",
Username = "******",
Password = "******"
});
authenticationResponse.Should().NotBeNull();
}
public async Task Can_obtain_user_info()
{
var authenticationApiClient = new AuthenticationApiClient(GetVariable("AUTH0_AUTHENTICATION_API_URL"));
// First get the access token
var token = await authenticationApiClient.AuthenticateAsync(new AuthenticationRequest
{
ClientId = GetVariable("AUTH0_CLIENT_ID"),
ClientSecret = GetVariable("AUTH0_CLIENT_SECRET"),
Realm = connection.Name,
Username = newUser.Email,
Password = "******",
Scope = "openid profile"
});
// Get the user info
var user = await authenticationApiClient.GetUserInfoAsync(token.AccessToken);
user.Should().NotBeNull();
user.UserId.Should().NotBeNull();
}
public async Task <IActionResult> Login(LoginViewModel vm, string returnUrl = null)
{
if (ModelState.IsValid)
{
try
{
AuthenticationApiClient client = new AuthenticationApiClient(new Uri($"https://{_auth0Settings.Domain}/"));
var result = await client.AuthenticateAsync(new AuthenticationRequest
{
ClientId = _auth0Settings.ClientId,
Scope = "openid",
Connection = "Database-Connection", // Specify the correct name of your DB connection
Username = vm.EmailAddress,
Password = vm.Password
});
// Get user info from token
var user = await client.GetTokenInfoAsync(result.IdToken);
// Create claims principal
var claimsPrincipal = new ClaimsPrincipal(new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.NameIdentifier, user.UserId),
new Claim(ClaimTypes.Name, user.FullName)
}, CookieAuthenticationDefaults.AuthenticationScheme));
// Sign user into cookie middleware
await HttpContext.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, claimsPrincipal);
return(RedirectToLocal(returnUrl));
}
catch (Exception e)
{
ModelState.AddModelError("", e.Message);
}
}
return(View(vm));
}
public async Task Can_authenticate_user_with_plus_in_username()
{
// Arrange
var authenticationApiClient = new AuthenticationApiClient(new Uri(GetVariable("AUTH0_AUTHENTICATION_API_URL")));
// Act
var authenticationResponse = await authenticationApiClient.AuthenticateAsync(new AuthenticationRequest
{
ClientId = GetVariable("AUTH0_CLIENT_ID"),
Connection = connection.Name,
GrantType = "password",
Scope = "openid",
Username = plusUser.Email,
Password = "******"
});
// Assert
authenticationResponse.Should().NotBeNull();
authenticationResponse.TokenType.Should().NotBeNull();
authenticationResponse.AccessToken.Should().NotBeNull();
authenticationResponse.IdToken.Should().NotBeNull();
}
public async Task Can_authenticate_against_Auth0()
{
// Arrange
var authenticationApiClient = new AuthenticationApiClient(new Uri(GetVariable("AUTH0_AUTHENTICATION_API_URL")));
// Act
var authenticationResponse = await authenticationApiClient.AuthenticateAsync(new AuthenticationRequest
{
ClientId = GetVariable("AUTH0_CLIENT_ID"),
Connection = connection.Name,
GrantType = "password",
Scope = "openid",
Username = user.Email,
Password = "******"
});
// Assert
authenticationResponse.Should().NotBeNull();
authenticationResponse.TokenType.Should().NotBeNull();
authenticationResponse.AccessToken.Should().NotBeNull();
authenticationResponse.IdToken.Should().NotBeNull();
authenticationResponse.RefreshToken.Should().BeNull(); // No refresh token if offline access was not requested
}
public async Task Can_authenticate_against_Auth0()
{
// Arrange
var authenticationApiClient = new AuthenticationApiClient(new Uri(GetVariable("AUTH0_AUTHENTICATION_API_URL")));
// Act
var authenticationResponse = await authenticationApiClient.AuthenticateAsync(new AuthenticationRequest
{
ClientId = GetVariable("AUTH0_CLIENT_ID"),
Connection = connection.Name,
GrantType = "password",
Scope = "openid",
Username = user.Email,
Password = "******"
});
// Assert
authenticationResponse.Should().NotBeNull();
authenticationResponse.TokenType.Should().NotBeNull();
authenticationResponse.AccessToken.Should().NotBeNull();
authenticationResponse.IdToken.Should().NotBeNull();
authenticationResponse.RefreshToken.Should().BeNull(); // No refresh token if offline access was not requested
}
public async Task Can_authenticate_user_with_plus_in_username()
{
// Arrange
var authenticationApiClient = new AuthenticationApiClient(new Uri(GetVariable("AUTH0_AUTHENTICATION_API_URL")));
// Act
var authenticationResponse = await authenticationApiClient.AuthenticateAsync(new AuthenticationRequest
{
ClientId = GetVariable("AUTH0_CLIENT_ID"),
Connection = connection.Name,
GrantType = "password",
Scope = "openid",
Username = plusUser.Email,
Password = "******"
});
// Assert
authenticationResponse.Should().NotBeNull();
authenticationResponse.TokenType.Should().NotBeNull();
authenticationResponse.AccessToken.Should().NotBeNull();
authenticationResponse.IdToken.Should().NotBeNull();
}
public async Task SetUp()
{
var scopes = new
{
users = new
{
actions = new string[] { "read", "create", "update", "delete" }
},
connections = new
{
actions = new string[] { "create", "delete" }
}
};
string token = GenerateToken(scopes);
apiClient = new ManagementApiClient(token, new Uri(GetVariable("AUTH0_MANAGEMENT_API_URL")));
authenticationApiClient = new AuthenticationApiClient(new Uri(GetVariable("AUTH0_AUTHENTICATION_API_URL")));
// We will need a connection to add the users to...
connection = await apiClient.Connections.CreateAsync(new ConnectionCreateRequest
{
Name = Guid.NewGuid().ToString("N"),
Strategy = "auth0",
EnabledClients = new[] { "rLNKKMORlaDzrMTqGtSL9ZSXiBBksCQW" }
});
// Add a new user
var newUserRequest = new UserCreateRequest
{
Connection = connection.Name,
Email = $"{Guid.NewGuid():N}@nonexistingdomain.aaa",
EmailVerified = true,
Password = "******"
};
user = await apiClient.Users.CreateAsync(newUserRequest);
// Now try and sign in with a wrong password until we get "too many attempts"
bool userBlocked = false;
int attempts = 0;
do
{
try
{
attempts++;
var authenticationResponse = await authenticationApiClient.AuthenticateAsync(new AuthenticationRequest
{
ClientId = GetVariable("AUTH0_CLIENT_ID"),
Connection = connection.Name,
GrantType = "password",
Scope = "openid",
Username = user.Email,
Password = "******"
});
}
catch (ApiException ex)
{
if (ex.ApiError.Error == "too_many_attempts")
{
userBlocked = true;
}
}
} while (!userBlocked && attempts < 20); // Add failsafe to stop if we go over 20 attempts. User should be blocked by then, but just to make sure...
}
