//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @Test public void shouldNotSlowRequestRateOnLessThanMaxFailedAttempts()
public virtual void ShouldNotSlowRequestRateOnLessThanMaxFailedAttempts()
{
// Given
FakeClock clock = FakeClock;
AuthenticationStrategy authStrategy = NewAuthStrategy(clock, 3);
User user = (new User.Builder("user", LegacyCredential.ForPassword("right"))).build();
// When we've failed two times
assertThat(authStrategy.Authenticate(user, password("wrong")), equalTo(AuthenticationResult.FAILURE));
assertThat(authStrategy.Authenticate(user, password("wrong")), equalTo(AuthenticationResult.FAILURE));
// Then
assertThat(authStrategy.Authenticate(user, password("right")), equalTo(AuthenticationResult.SUCCESS));
}
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @Test public void shouldReturnFailureForInvalidAttempt()
public virtual void ShouldReturnFailureForInvalidAttempt()
{
// Given
FakeClock clock = FakeClock;
AuthenticationStrategy authStrategy = NewAuthStrategy(clock, 3);
User user = (new User.Builder("user", LegacyCredential.ForPassword("right"))).build();
// Then
assertThat(authStrategy.Authenticate(user, password("wrong")), equalTo(AuthenticationResult.FAILURE));
}
public async Task <IActionResult> Post([FromBody] UserModel userModel)
{
if (!ModelState.IsValid)
{
logger.LogInformation($"Invalid model state: {string.Concat(ModelState.Values.Select(x => x.Errors.Select(r => r.ErrorMessage)))}");
return(BadRequest(ModelState));
}
var authenticationResult = await authenticationStrategy.Authenticate(userModel, HttpContext.GetMobileHeader());
if (authenticationResult.Succeed)
{
var authenticatedUser = await authenticationStrategy.GetAuthenticatedUser();
return(Ok(authenticatedUser));
}
else
{
return(BadRequest(authenticationResult.Error));
}
}
private void TestUnlimitedFailedAuthAttempts(int maxFailedAttempts)
{
FakeClock clock = FakeClock;
AuthenticationStrategy authStrategy = NewAuthStrategy(clock, maxFailedAttempts);
User user = (new User.Builder("user", LegacyCredential.ForPassword("right"))).build();
int attempts = ThreadLocalRandom.current().Next(5, 100);
for (int i = 0; i < attempts; i++)
{
assertEquals(AuthenticationResult.FAILURE, authStrategy.Authenticate(user, password("wrong")));
}
}
private void TestSlowRequestRateOnMultipleFailedAttemptsWhereAttemptIsValid(int maxFailedAttempts, Duration lockDuration)
{
// Given
FakeClock clock = FakeClock;
AuthenticationStrategy authStrategy = NewAuthStrategy(clock, maxFailedAttempts, lockDuration);
User user = (new User.Builder("user", LegacyCredential.ForPassword("right"))).build();
// When we've failed max number of times
for (int i = 0; i < maxFailedAttempts; i++)
{
assertThat(authStrategy.Authenticate(user, password("wrong")), equalTo(AuthenticationResult.FAILURE));
}
// Then
assertThat(authStrategy.Authenticate(user, password("right")), equalTo(AuthenticationResult.TOO_MANY_ATTEMPTS));
// But when time heals all wounds
clock.Forward(lockDuration.plus(1, SECONDS));
// Then things should be alright
assertThat(authStrategy.Authenticate(user, password("right")), equalTo(AuthenticationResult.SUCCESS));
}