Beispiel #1
0
        public async Task ThrottledRequests_WithAllowedFailuresAndBadRequestResponse_ShouldThrottleRequestsAboveThreshold()
        {
            const int numberOfAllowedLoginFailures = 3;

            using (var server = new IdentityServerWithThrottledLoginRequests()
                                .WithNumberOfAllowedLoginFailures(numberOfAllowedLoginFailures)
                                .WithRequestsThrottledAsBadRequest()
                                .WithProtectedGrantType("password").Build())
            {
                const int numberOfFailedLoginAttemptsThatExceedThreshold = numberOfAllowedLoginFailures + 1;
                for (var attempt = 1; attempt <= numberOfFailedLoginAttemptsThatExceedThreshold; ++attempt)
                {
                    await server.CreateNativeLoginRequest()
                    .WithUsername("jeuser")
                    .WithPassword("Passw0rd123")
                    .Build()
                    .PostAsync();
                }

                var response = await server.CreateNativeLoginRequest()
                               .WithUsername("jeuser")
                               .WithPassword("Passw0rd123")
                               .Build()
                               .PostAsync();

                response.StatusCode.Should().Be(HttpStatusCode.BadRequest);
                var tokenResponse = await response.Content.ReadAsAsync <IdentityServerBadRequestChallengeResource>();

                tokenResponse.Message.Should().Be("Too many connections");
            }
        }
Beispiel #2
0
        public async Task ThrottledRequests_WithZeroAllowedFailures_ShouldAllowLogins()
        {
            using (var server = new IdentityServerWithThrottledLoginRequests()
                                .WithNumberOfAllowedLoginFailures(0).Build())
            {
                var response = await server.CreateNativeLoginRequest()
                               .WithUsername("jeuser")
                               .WithPassword("Passw0rd")
                               .Build()
                               .PostAsync();

                response.StatusCode.Should().Be(HttpStatusCode.OK);
                var tokenResponse = await response.Content.ReadAsAsync <TokenResponseModel>();

                tokenResponse.AccessToken.Should().NotBeNullOrEmpty();
            }
        }
Beispiel #3
0
        public async Task ThrottledRequestsWithMissingGrantType_WithZeroAllowedFailures_ShouldFailOnLoginFailures()
        {
            using (var server = new IdentityServerWithThrottledLoginRequests()
                                .WithNumberOfAllowedLoginFailures(0).Build())
            {
                var response = await server.CreateNativeLoginRequest()
                               .WithUsername("jeuser")
                               .WithPassword("Passw0rd123")
                               .Build()
                               .PostAsync();

                response.StatusCode.Should().Be(HttpStatusCode.BadRequest);
                var tokenFailureResponse = await response.Content.ReadAsAsync <TokenFailureResponseModel>();

                tokenFailureResponse.Error.Should().Be("invalid_grant");
            }
        }
Beispiel #4
0
        public async Task ThrottledRequests_WithAllowedFailures_ShouldAllowFailuresBelowThreshold()
        {
            const int numberOfAllowedLoginFailures = 3;

            using (var server = new IdentityServerWithThrottledLoginRequests()
                                .WithNumberOfAllowedLoginFailures(numberOfAllowedLoginFailures)
                                .WithProtectedGrantType("password").Build())
            {
                for (var attempt = 1; attempt <= numberOfAllowedLoginFailures; ++attempt)
                {
                    var response = await server.CreateNativeLoginRequest()
                                   .WithUsername("jeuser")
                                   .WithPassword("Passw0rd123")
                                   .Build()
                                   .PostAsync();

                    response.StatusCode.Should().Be(HttpStatusCode.BadRequest);
                    var tokenFailureResponse = await response.Content.ReadAsAsync <TokenFailureResponseModel>();

                    tokenFailureResponse.Error.Should().Be("invalid_grant");
                }
            }
        }