public async Task ThrottledRequestsWithExcludedUsername_WithAllowedFailures_ShouldPublishExcludedLoginStatistics()
{
const int numberOfAllowedLoginFailures = 3;
const int numberOfAttemptsThatShouldTriggerThrottling = numberOfAllowedLoginFailures + 1;
using (var identityServerWithThrottledLoginRequests = new IdentityServerWithThrottledLoginRequests()
.WithNumberOfAllowedLoginFailures(numberOfAllowedLoginFailures)
.WithExcludedUsernameExpression("example.com")
.WithProtectedGrantType("password"))
{
var server = identityServerWithThrottledLoginRequests.Build();
for (var attempt = 0; attempt < numberOfAttemptsThatShouldTriggerThrottling; ++attempt)
{
await server.CreateNativeLoginRequest()
.WithUsername("jeuser.example.com")
.WithPassword("Passw0rd")
.Build()
.PostAsync();
}
identityServerWithThrottledLoginRequests.LoginStatistics.TotalNumberOfExcludedAttemptedLogins.Should()
.Be(numberOfAttemptsThatShouldTriggerThrottling);
}
}
public async Task ThrottledRequests_WithAllowedFailuresAndBadRequestResponse_ShouldThrottleRequestsAboveThreshold()
{
const int numberOfAllowedLoginFailures = 3;
using (var server = new IdentityServerWithThrottledLoginRequests()
.WithNumberOfAllowedLoginFailures(numberOfAllowedLoginFailures)
.WithRequestsThrottledAsBadRequest()
.WithProtectedGrantType("password").Build())
{
const int numberOfFailedLoginAttemptsThatExceedThreshold = numberOfAllowedLoginFailures + 1;
for (var attempt = 1; attempt <= numberOfFailedLoginAttemptsThatExceedThreshold; ++attempt)
{
await server.CreateNativeLoginRequest()
.WithUsername("jeuser")
.WithPassword("Passw0rd123")
.Build()
.PostAsync();
}
var response = await server.CreateNativeLoginRequest()
.WithUsername("jeuser")
.WithPassword("Passw0rd123")
.Build()
.PostAsync();
response.StatusCode.Should().Be(HttpStatusCode.BadRequest);
var tokenResponse = await response.Content.ReadAsAsync <IdentityServerBadRequestChallengeResource>();
tokenResponse.Message.Should().Be("Too many connections");
}
}
public async Task ThrottledRequestsWithExcludedUsername_WithAllowedFailures_ShouldNotThrottle()
{
const int numberOfAllowedLoginFailures = 3;
const int numberOfAttemptsThatShouldTriggerThrottling = numberOfAllowedLoginFailures + 1;
using (var identityServerWithThrottledLoginRequests = new IdentityServerWithThrottledLoginRequests()
.WithNumberOfAllowedLoginFailures(numberOfAllowedLoginFailures)
.WithExcludedUsernameExpression("example.com")
.WithProtectedGrantType("password"))
{
var server = identityServerWithThrottledLoginRequests.Build();
for (var attempt = 0; attempt < numberOfAttemptsThatShouldTriggerThrottling; ++attempt)
{
var response = await server.CreateNativeLoginRequest()
.WithUsername("jeuser.example.com")
.WithPassword("Passw0rd")
.Build()
.PostAsync();
response.StatusCode.Should().Be(HttpStatusCode.BadRequest);
var tokenFailureResponse = await response.Content.ReadAsAsync <TokenFailureResponseModel>();
tokenFailureResponse.Error.Should().Be("invalid_grant");
}
}
}
public async Task ThrottledRequests_WithAllowedFailures_ShouldNotPublishExcludedLoginStatistics()
{
const int numberOfAllowedLoginFailures = 3;
using (var identityServerWithThrottledLoginRequests = new IdentityServerWithThrottledLoginRequests()
.WithNumberOfAllowedLoginFailures(numberOfAllowedLoginFailures)
.WithProtectedGrantType("password"))
{
var server = identityServerWithThrottledLoginRequests.Build();
for (var attempt = 1; attempt <= numberOfAllowedLoginFailures; ++attempt)
{
await server.CreateNativeLoginRequest()
.WithUsername("jeuser")
.WithPassword("Passw0rd123")
.Build()
.PostAsync();
}
await server.CreateNativeLoginRequest()
.WithUsername("jeuser")
.WithPassword("Passw0rd123")
.Build()
.PostAsync();
identityServerWithThrottledLoginRequests.LoginStatistics.TotalNumberOfExcludedAttemptedLogins.Should()
.Be(0);
}
}
public async Task ThrottledRequests_WithZeroAllowedFailures_ShouldAllowLogins()
{
using (var server = new IdentityServerWithThrottledLoginRequests()
.WithNumberOfAllowedLoginFailures(0).Build())
{
var response = await server.CreateNativeLoginRequest()
.WithUsername("jeuser")
.WithPassword("Passw0rd")
.Build()
.PostAsync();
response.StatusCode.Should().Be(HttpStatusCode.OK);
var tokenResponse = await response.Content.ReadAsAsync <TokenResponseModel>();
tokenResponse.AccessToken.Should().NotBeNullOrEmpty();
}
}
public async Task ThrottledRequestsWithMissingGrantType_WithZeroAllowedFailures_ShouldFailOnLoginFailures()
{
using (var server = new IdentityServerWithThrottledLoginRequests()
.WithNumberOfAllowedLoginFailures(0).Build())
{
var response = await server.CreateNativeLoginRequest()
.WithUsername("jeuser")
.WithPassword("Passw0rd123")
.Build()
.PostAsync();
response.StatusCode.Should().Be(HttpStatusCode.BadRequest);
var tokenFailureResponse = await response.Content.ReadAsAsync <TokenFailureResponseModel>();
tokenFailureResponse.Error.Should().Be("invalid_grant");
}
}
public async Task ThrottledRequestsWithMssingGrantType_WithZeroAllowedFailures_ShouldNotPublishLoginStatistics()
{
using (var identityServerWithThrottledLoginRequests = new IdentityServerWithThrottledLoginRequests()
.WithNumberOfAllowedLoginFailures(0))
{
var server = identityServerWithThrottledLoginRequests.Build();
var response = await server.CreateNativeLoginRequest()
.WithUsername("jeuser")
.WithPassword("Passw0rd")
.Build()
.PostAsync();
response.StatusCode.Should().Be(HttpStatusCode.OK);
var loginStatistics = identityServerWithThrottledLoginRequests.LoginStatistics;
loginStatistics.TotalNumberOfFailedLogins.Should().Be(0);
loginStatistics.TotalNumberOfSuccessfulLogins.Should().Be(0);
loginStatistics.TotalNumberOfExcludedAttemptedLogins.Should().Be(0);
}
}
public async Task ThrottledRequests_WithAllowedFailures_ShouldAllowFailuresBelowThreshold()
{
const int numberOfAllowedLoginFailures = 3;
using (var server = new IdentityServerWithThrottledLoginRequests()
.WithNumberOfAllowedLoginFailures(numberOfAllowedLoginFailures)
.WithProtectedGrantType("password").Build())
{
for (var attempt = 1; attempt <= numberOfAllowedLoginFailures; ++attempt)
{
var response = await server.CreateNativeLoginRequest()
.WithUsername("jeuser")
.WithPassword("Passw0rd123")
.Build()
.PostAsync();
response.StatusCode.Should().Be(HttpStatusCode.BadRequest);
var tokenFailureResponse = await response.Content.ReadAsAsync <TokenFailureResponseModel>();
tokenFailureResponse.Error.Should().Be("invalid_grant");
}
}
}
