public async Task LoginWithIpWithBadReputationParallelLoadAsync() { TestConfiguration configuration = InitTest(); //((MemoryOnlyStableStore) configuration.StableStore).Accounts = null; string[] usernames = CreateUserAccounts(configuration, 250); CreateTestAccount(configuration, Username1, Password1); // Have one attacker make the password popular by attempting to login to every account with it. await TaskParalllel.ForEachWithWorkers(usernames.Skip(20), async (username, itemNumber, cancelToken) => await AuthenticateAsync(configuration, username, Password1, clientAddress: AttackersIp, cancellationToken: cancelToken)); Thread.Sleep(2000); LoginAttempt firstAttackersAttempt = await AuthenticateAsync(configuration, Username1, Password1, clientAddress : AttackersIp); Assert.Equal(AuthenticationOutcome.CredentialsValidButBlocked, firstAttackersAttempt.Outcome); // Now the second attacker should be flagged after using that password 10 times on different accounts. foreach (string username in usernames.Skip(1).Take(19)) { await AuthenticateAsync(configuration, username, Password1, AnotherAttackersIp); } await AuthenticateAsync(configuration, usernames[0], Password1, AnotherAttackersIp); LoginAttempt anotherAttackersAttempt = await AuthenticateAsync(configuration, Username1, Password1, clientAddress : AnotherAttackersIp); Assert.Equal(AuthenticationOutcome.CredentialsValidButBlocked, anotherAttackersAttempt.Outcome); }
public async Task LoginWithIpWithBadReputationParallelLoadAsync() { TestConfiguration configuration = InitTest(); string[] usernames = CreateUserAccounts(configuration, 250); CreateTestAccount(configuration, Username1, Password1); await TaskParalllel.ForEachWithWorkers(usernames.Skip(20), async (username, itemNumber, cancelToken) => await AuthenticateAsync(configuration, username, Password1, clientAddress: AttackersIp, cancellationToken: cancelToken)); Thread.Sleep(2000); LoginAttempt firstAttackersAttempt = await AuthenticateAsync(configuration, Username1, Password1, clientAddress : AttackersIp); Assert.Equal(AuthenticationOutcome.CredentialsValidButBlocked, firstAttackersAttempt.Outcome); foreach (string username in usernames.Skip(1).Take(19)) { await AuthenticateAsync(configuration, username, Password1, AnotherAttackersIp); } await AuthenticateAsync(configuration, usernames[0], Password1, AnotherAttackersIp); LoginAttempt anotherAttackersAttempt = await AuthenticateAsync(configuration, Username1, Password1, clientAddress : AnotherAttackersIp); Assert.Equal(AuthenticationOutcome.CredentialsValidButBlocked, anotherAttackersAttempt.Outcome); }