private async Task ChallengeWithRequestForRecaptcha(IOwinContext context, IOpenIdConnectRequest openIdConnectRequest, int numberOfFailedLogins)
{
var loginStatistics = context.Get <ILoginStatistics>();
await loginStatistics.IncrementFailedLoginsForUserAndIpAddress(openIdConnectRequest.GetUsername(),
openIdConnectRequest.GetRemoteIpAddress());
await loginStatistics.IncrementChallengedLoginsForUserAndIpAddress(openIdConnectRequest.GetUsername(),
openIdConnectRequest.GetRemoteIpAddress(), numberOfFailedLogins, _options.NumberOfAllowedLoginFailuresPerIpAddress);
var httpChallenge = context.Get <IHttpRecaptchaChallenge>();
await httpChallenge.ReturnResponse(context, _options, openIdConnectRequest);
}
public static bool IsExcluded(this IOpenIdConnectRequestOptions options, IOpenIdConnectRequest openIdConnectRequest)
{
var username = openIdConnectRequest.GetUsername();
if (!string.IsNullOrEmpty(username) && options.ExcludedUsernameExpression != null &&
options.ExcludedUsernameExpression.IsMatch(username))
{
return(true);
}
var tenant = openIdConnectRequest.GetTenant();
if (!string.IsNullOrEmpty(tenant) && options.ExcludedTenantExpression != null &&
options.ExcludedTenantExpression.IsMatch(tenant))
{
return(true);
}
var osVersion = openIdConnectRequest.GetOsVersion();
if (!string.IsNullOrEmpty(osVersion) && options.ExcludedOsVersionExpression != null &&
options.ExcludedOsVersionExpression.IsMatch(osVersion))
{
return(true);
}
var device = openIdConnectRequest.GetDevice();
if (!string.IsNullOrEmpty(device?.DeviceType) && options.ExcludedDeviceExpression != null && options.ExcludedDeviceExpression.IsMatch(device.DeviceType))
{
return(true);
}
return(options.ExcludedSubnets.Any(excludedSubnet => excludedSubnet.Contains(openIdConnectRequest.GetRemoteIpAddress())));
}
public override async Task <PipelineState> DoInvoke(IOwinContext context, IOpenIdConnectRequest openIdConnectRequest, ILoginStatistics loginStatistics)
{
var numberOfFailedLogins = await loginStatistics.GetNumberOfFailedLoginsForIpAddress(openIdConnectRequest.GetRemoteIpAddress());
if (numberOfFailedLogins < _options.NumberOfAllowedLoginFailuresPerIpAddress)
{
await loginStatistics.IncrementUnchallengedLoginsForUserAndIpAddress(openIdConnectRequest.GetUsername(),
openIdConnectRequest.GetRemoteIpAddress(), numberOfFailedLogins, _options.NumberOfAllowedLoginFailuresPerIpAddress);
return(PipelineState.Continue);
}
return(PipelineState.Challenge);
}
public static bool IsExcluded(this RecaptchaValidationOptions recaptchaValidationOptions, IOwinContext owinContext, IOpenIdConnectRequest openIdConnectRequest)
{
var subnetExcluded = recaptchaValidationOptions.ExcludedSubnets.Any(excludedSubnet =>
{
var remoteClientIpAddress = owinContext.GetRemoteClientIpAddress();
IPAddress ipAaddress;
return(IPAddress.TryParse(remoteClientIpAddress, out ipAaddress) && excludedSubnet.Contains(ipAaddress));
});
if (subnetExcluded)
{
return(true);
}
if (openIdConnectRequest == null)
{
return(false);
}
var username = openIdConnectRequest.GetUsername();
if (!string.IsNullOrEmpty(username) && recaptchaValidationOptions.ExcludedUsernameExpression != null &&
recaptchaValidationOptions.ExcludedUsernameExpression.IsMatch(username))
{
return(true);
}
var tenant = openIdConnectRequest.GetTenant();
if (!string.IsNullOrEmpty(tenant) && recaptchaValidationOptions.ExcludedTenantExpression != null &&
recaptchaValidationOptions.ExcludedTenantExpression.IsMatch(tenant))
{
return(true);
}
var osVersion = openIdConnectRequest.GetOsVersion();
if (!string.IsNullOrEmpty(osVersion) && recaptchaValidationOptions.ExcludedOsVersionExpression != null &&
recaptchaValidationOptions.ExcludedOsVersionExpression.IsMatch(osVersion))
{
return(true);
}
return(false);
}
private static async Task SetLoginStatusForUser(IOwinContext context, IOpenIdConnectRequest openIdConnectRequest)
{
var loginStatistics = context.Get <ILoginStatistics>();
if (loginStatistics == null)
{
return;
}
if (IsSuccessStatusCode(context.Response.StatusCode))
{
await loginStatistics.IncrementSuccessfulLoginsForUsernameAndIpAddress(openIdConnectRequest.GetUsername(), openIdConnectRequest.GetRemoteIpAddress());
}
else
{
await loginStatistics.IncrementFailedLoginsForUserAndIpAddress(openIdConnectRequest.GetUsername(), openIdConnectRequest.GetRemoteIpAddress());
}
}
private async Task InvokeCore(IOwinContext context, IOpenIdConnectRequest openIdConnectRequest)
{
var username = openIdConnectRequest.GetUsername();
var loginStatistics = context.Get <ILoginStatistics>();
if (loginStatistics != null)
{
var numberOfFailedLogins = await loginStatistics.GetNumberOfFailedLoginsForUser(username);
if (numberOfFailedLogins > _options.NumberOfAllowedLoginFailures)
{
await ReturnThrottledResponse(context);
return;
}
}
await Next.Invoke(context);
await SetLoginStatusForUser(context, openIdConnectRequest);
}
public static RecaptchaUserContext ToRecaptchaUserContext(this IOpenIdConnectRequest request)
{
if (request == null)
{
return(new RecaptchaUserContext());
}
var device = request.GetDevice();
return(new RecaptchaUserContext
{
Username = request.GetUsername(),
UserAgent = request.GetUserAgent(),
Device = new RecaptchaUserDevice
{
Id = device?.DeviceId,
Name = device?.DeviceName,
Token = device?.DeviceToken,
Type = device?.DeviceType
},
IpAddress = request.GetRemoteIpAddress().ToString(),
Tenant = request.GetTenant()
});
}
private static async Task SetLoginStatusForExcludedUser(IOwinContext context, IOpenIdConnectRequest openIdConnectRequest)
{
var loginStatistics = context.Get <ILoginStatistics>();
if (loginStatistics == null)
{
return;
}
await loginStatistics.IncrementAttemptedLoginsForExcludedUsernameAndIpAddress(openIdConnectRequest.GetUsername(), openIdConnectRequest.GetRemoteIpAddress());
}
