private async Task ChallengeWithRequestForRecaptcha(IOwinContext context, IOpenIdConnectRequest openIdConnectRequest, int numberOfFailedLogins) { var loginStatistics = context.Get <ILoginStatistics>(); await loginStatistics.IncrementFailedLoginsForUserAndIpAddress(openIdConnectRequest.GetUsername(), openIdConnectRequest.GetRemoteIpAddress()); await loginStatistics.IncrementChallengedLoginsForUserAndIpAddress(openIdConnectRequest.GetUsername(), openIdConnectRequest.GetRemoteIpAddress(), numberOfFailedLogins, _options.NumberOfAllowedLoginFailuresPerIpAddress); var httpChallenge = context.Get <IHttpRecaptchaChallenge>(); await httpChallenge.ReturnResponse(context, _options, openIdConnectRequest); }
public static bool IsExcluded(this IOpenIdConnectRequestOptions options, IOpenIdConnectRequest openIdConnectRequest) { var username = openIdConnectRequest.GetUsername(); if (!string.IsNullOrEmpty(username) && options.ExcludedUsernameExpression != null && options.ExcludedUsernameExpression.IsMatch(username)) { return(true); } var tenant = openIdConnectRequest.GetTenant(); if (!string.IsNullOrEmpty(tenant) && options.ExcludedTenantExpression != null && options.ExcludedTenantExpression.IsMatch(tenant)) { return(true); } var osVersion = openIdConnectRequest.GetOsVersion(); if (!string.IsNullOrEmpty(osVersion) && options.ExcludedOsVersionExpression != null && options.ExcludedOsVersionExpression.IsMatch(osVersion)) { return(true); } var device = openIdConnectRequest.GetDevice(); if (!string.IsNullOrEmpty(device?.DeviceType) && options.ExcludedDeviceExpression != null && options.ExcludedDeviceExpression.IsMatch(device.DeviceType)) { return(true); } return(options.ExcludedSubnets.Any(excludedSubnet => excludedSubnet.Contains(openIdConnectRequest.GetRemoteIpAddress()))); }
public override async Task <PipelineState> DoInvoke(IOwinContext context, IOpenIdConnectRequest openIdConnectRequest, ILoginStatistics loginStatistics) { var numberOfFailedLogins = await loginStatistics.GetNumberOfFailedLoginsForIpAddress(openIdConnectRequest.GetRemoteIpAddress()); if (numberOfFailedLogins < _options.NumberOfAllowedLoginFailuresPerIpAddress) { await loginStatistics.IncrementUnchallengedLoginsForUserAndIpAddress(openIdConnectRequest.GetUsername(), openIdConnectRequest.GetRemoteIpAddress(), numberOfFailedLogins, _options.NumberOfAllowedLoginFailuresPerIpAddress); return(PipelineState.Continue); } return(PipelineState.Challenge); }
public static bool IsExcluded(this RecaptchaValidationOptions recaptchaValidationOptions, IOwinContext owinContext, IOpenIdConnectRequest openIdConnectRequest) { var subnetExcluded = recaptchaValidationOptions.ExcludedSubnets.Any(excludedSubnet => { var remoteClientIpAddress = owinContext.GetRemoteClientIpAddress(); IPAddress ipAaddress; return(IPAddress.TryParse(remoteClientIpAddress, out ipAaddress) && excludedSubnet.Contains(ipAaddress)); }); if (subnetExcluded) { return(true); } if (openIdConnectRequest == null) { return(false); } var username = openIdConnectRequest.GetUsername(); if (!string.IsNullOrEmpty(username) && recaptchaValidationOptions.ExcludedUsernameExpression != null && recaptchaValidationOptions.ExcludedUsernameExpression.IsMatch(username)) { return(true); } var tenant = openIdConnectRequest.GetTenant(); if (!string.IsNullOrEmpty(tenant) && recaptchaValidationOptions.ExcludedTenantExpression != null && recaptchaValidationOptions.ExcludedTenantExpression.IsMatch(tenant)) { return(true); } var osVersion = openIdConnectRequest.GetOsVersion(); if (!string.IsNullOrEmpty(osVersion) && recaptchaValidationOptions.ExcludedOsVersionExpression != null && recaptchaValidationOptions.ExcludedOsVersionExpression.IsMatch(osVersion)) { return(true); } return(false); }
private static async Task SetLoginStatusForUser(IOwinContext context, IOpenIdConnectRequest openIdConnectRequest) { var loginStatistics = context.Get <ILoginStatistics>(); if (loginStatistics == null) { return; } if (IsSuccessStatusCode(context.Response.StatusCode)) { await loginStatistics.IncrementSuccessfulLoginsForUsernameAndIpAddress(openIdConnectRequest.GetUsername(), openIdConnectRequest.GetRemoteIpAddress()); } else { await loginStatistics.IncrementFailedLoginsForUserAndIpAddress(openIdConnectRequest.GetUsername(), openIdConnectRequest.GetRemoteIpAddress()); } }
private async Task InvokeCore(IOwinContext context, IOpenIdConnectRequest openIdConnectRequest) { var username = openIdConnectRequest.GetUsername(); var loginStatistics = context.Get <ILoginStatistics>(); if (loginStatistics != null) { var numberOfFailedLogins = await loginStatistics.GetNumberOfFailedLoginsForUser(username); if (numberOfFailedLogins > _options.NumberOfAllowedLoginFailures) { await ReturnThrottledResponse(context); return; } } await Next.Invoke(context); await SetLoginStatusForUser(context, openIdConnectRequest); }
public static RecaptchaUserContext ToRecaptchaUserContext(this IOpenIdConnectRequest request) { if (request == null) { return(new RecaptchaUserContext()); } var device = request.GetDevice(); return(new RecaptchaUserContext { Username = request.GetUsername(), UserAgent = request.GetUserAgent(), Device = new RecaptchaUserDevice { Id = device?.DeviceId, Name = device?.DeviceName, Token = device?.DeviceToken, Type = device?.DeviceType }, IpAddress = request.GetRemoteIpAddress().ToString(), Tenant = request.GetTenant() }); }
private static async Task SetLoginStatusForExcludedUser(IOwinContext context, IOpenIdConnectRequest openIdConnectRequest) { var loginStatistics = context.Get <ILoginStatistics>(); if (loginStatistics == null) { return; } await loginStatistics.IncrementAttemptedLoginsForExcludedUsernameAndIpAddress(openIdConnectRequest.GetUsername(), openIdConnectRequest.GetRemoteIpAddress()); }