public static bool IsExcluded(this IOpenIdConnectRequestOptions options, IOpenIdConnectRequest openIdConnectRequest) { var username = openIdConnectRequest.GetUsername(); if (!string.IsNullOrEmpty(username) && options.ExcludedUsernameExpression != null && options.ExcludedUsernameExpression.IsMatch(username)) { return(true); } var tenant = openIdConnectRequest.GetTenant(); if (!string.IsNullOrEmpty(tenant) && options.ExcludedTenantExpression != null && options.ExcludedTenantExpression.IsMatch(tenant)) { return(true); } var osVersion = openIdConnectRequest.GetOsVersion(); if (!string.IsNullOrEmpty(osVersion) && options.ExcludedOsVersionExpression != null && options.ExcludedOsVersionExpression.IsMatch(osVersion)) { return(true); } var device = openIdConnectRequest.GetDevice(); if (!string.IsNullOrEmpty(device?.DeviceType) && options.ExcludedDeviceExpression != null && options.ExcludedDeviceExpression.IsMatch(device.DeviceType)) { return(true); } return(options.ExcludedSubnets.Any(excludedSubnet => excludedSubnet.Contains(openIdConnectRequest.GetRemoteIpAddress()))); }
protected override async Task <PipelineState> DoInvoke(IOwinContext context, IOpenIdConnectRequest openIdConnectRequest, ILoginStatistics loginStatistics) { var challengeForAllLogins = await ShouldChallengeForAllLogins(context); if (challengeForAllLogins) { return(PipelineState.Challenge); } return(PipelineState.Continue); }
public string CreateHtmlBody(IOpenIdConnectRequest openIdConnectRequest) { var languageCode = openIdConnectRequest.GetLanguage(); if (string.IsNullOrEmpty(languageCode)) { languageCode = DefaultLanguageCode; } return(_options.SupportsPartialRecaptcha(openIdConnectRequest) ? CreatePartialHtmlBody(languageCode, openIdConnectRequest.GetDevice()) : CreateFullHtmlBody(languageCode, openIdConnectRequest.GetDevice())); }
private async Task ChallengeWithRequestForRecaptcha(IOwinContext context, IOpenIdConnectRequest openIdConnectRequest) { var httpChallenge = context.Get <IHttpRecaptchaChallenge>(); if (openIdConnectRequest == null) { await httpChallenge.ReturnResponse(context, _options); return; } await httpChallenge.ReturnResponse(context, _options, openIdConnectRequest); }
private async Task ChallengeWithRequestForRecaptcha(IOwinContext context, IOpenIdConnectRequest openIdConnectRequest, int numberOfFailedLogins) { var loginStatistics = context.Get <ILoginStatistics>(); await loginStatistics.IncrementFailedLoginsForUserAndIpAddress(openIdConnectRequest.GetUsername(), openIdConnectRequest.GetRemoteIpAddress()); await loginStatistics.IncrementChallengedLoginsForUserAndIpAddress(openIdConnectRequest.GetUsername(), openIdConnectRequest.GetRemoteIpAddress(), numberOfFailedLogins, _options.NumberOfAllowedLoginFailuresPerIpAddress); var httpChallenge = context.Get <IHttpRecaptchaChallenge>(); await httpChallenge.ReturnResponse(context, _options, openIdConnectRequest); }
public override async Task <PipelineState> DoInvoke(IOwinContext context, IOpenIdConnectRequest openIdConnectRequest, ILoginStatistics loginStatistics) { var numberOfFailedLogins = await loginStatistics.GetNumberOfFailedLoginsForIpAddress(openIdConnectRequest.GetRemoteIpAddress()); if (numberOfFailedLogins < _options.NumberOfAllowedLoginFailuresPerIpAddress) { await loginStatistics.IncrementUnchallengedLoginsForUserAndIpAddress(openIdConnectRequest.GetUsername(), openIdConnectRequest.GetRemoteIpAddress(), numberOfFailedLogins, _options.NumberOfAllowedLoginFailuresPerIpAddress); return(PipelineState.Continue); } return(PipelineState.Challenge); }
private async Task ChallengeWithRequestForRecaptcha(IOwinContext context, IOpenIdConnectRequest openIdConnectRequest) { var recaptchaMonitor = context.Get <IRecaptchaMonitor>(); recaptchaMonitor?.ChallengeIssued(openIdConnectRequest.ToRecaptchaUserContext()); var httpChallenge = context.Get <IHttpRecaptchaChallenge>(); if (openIdConnectRequest == null) { await httpChallenge.ReturnResponse(context, _options); return; } await httpChallenge.ReturnResponse(context, _options, openIdConnectRequest); }
private static async Task SetLoginStatusForUser(IOwinContext context, IOpenIdConnectRequest openIdConnectRequest) { var loginStatistics = context.Get <ILoginStatistics>(); if (loginStatistics == null) { return; } if (IsSuccessStatusCode(context.Response.StatusCode)) { await loginStatistics.IncrementSuccessfulLoginsForUsernameAndIpAddress(openIdConnectRequest.GetUsername(), openIdConnectRequest.GetRemoteIpAddress()); } else { await loginStatistics.IncrementFailedLoginsForUserAndIpAddress(openIdConnectRequest.GetUsername(), openIdConnectRequest.GetRemoteIpAddress()); } }
private async Task InvokeCore(IOwinContext context, IOpenIdConnectRequest openIdConnectRequest) { var username = openIdConnectRequest.GetUsername(); var loginStatistics = context.Get <ILoginStatistics>(); if (loginStatistics != null) { var numberOfFailedLogins = await loginStatistics.GetNumberOfFailedLoginsForUser(username); if (numberOfFailedLogins > _options.NumberOfAllowedLoginFailures) { await ReturnThrottledResponse(context); return; } } await Next.Invoke(context); await SetLoginStatusForUser(context, openIdConnectRequest); }
protected override async Task <PipelineState> DoInvoke(IOwinContext context, IOpenIdConnectRequest openIdConnectRequest, ILoginStatistics loginStatistics) { var recaptchaValidationService = context.Get <IRecaptchaValidationService>(); var recaptchaChallengeResponse = openIdConnectRequest.GetRecaptchaChallengeResponse(); if (!string.IsNullOrEmpty(recaptchaChallengeResponse)) { var recaptchaVerificationResponse = await recaptchaValidationService.Validate(recaptchaChallengeResponse, Options); if (recaptchaVerificationResponse.Succeeded) { context.Set <IRecaptchaContext>(new RecaptchaContext(RecaptchaState.ChallengeSucceeded, recaptchaVerificationResponse.Hostname, recaptchaVerificationResponse.Timestamp)); return(PipelineState.Continue); } context.Set <IRecaptchaContext>(new RecaptchaContext(RecaptchaState.Failed, recaptchaVerificationResponse.Hostname, recaptchaVerificationResponse.Timestamp)); return(PipelineState.Challenge); } return(PipelineState.Continue); }
public static RecaptchaUserContext ToRecaptchaUserContext(this IOpenIdConnectRequest request) { if (request == null) { return(new RecaptchaUserContext()); } var device = request.GetDevice(); return(new RecaptchaUserContext { Username = request.GetUsername(), UserAgent = request.GetUserAgent(), Device = new RecaptchaUserDevice { Id = device?.DeviceId, Name = device?.DeviceName, Token = device?.DeviceToken, Type = device?.DeviceType }, IpAddress = request.GetRemoteIpAddress().ToString(), Tenant = request.GetTenant() }); }
private static async Task SetLoginStatusForExcludedUser(IOwinContext context, IOpenIdConnectRequest openIdConnectRequest) { var loginStatistics = context.Get <ILoginStatistics>(); if (loginStatistics == null) { return; } await loginStatistics.IncrementAttemptedLoginsForExcludedUsernameAndIpAddress(openIdConnectRequest.GetUsername(), openIdConnectRequest.GetRemoteIpAddress()); }
private async Task Challenge(IOwinContext context, IOpenIdConnectRequest openIdConnectRequest, ILoginStatistics loginStatistics) { var numberOfFailedLogins = await loginStatistics.GetNumberOfFailedLoginsForIpAddress(openIdConnectRequest.GetRemoteIpAddress()); await ChallengeWithRequestForRecaptcha(context, openIdConnectRequest, numberOfFailedLogins); }
public static bool Matches(this IOpenIdConnectRequestOptions openIdConnectRequestOptions, IOpenIdConnectRequest openIdConnectRequest) { var grantType = openIdConnectRequest.GetGrantType(); var path = openIdConnectRequestOptions.ProtectedPath; if (string.IsNullOrEmpty(grantType) || string.IsNullOrEmpty(path)) { return(false); } return(path.Equals(openIdConnectRequest.GetPath(), StringComparison.OrdinalIgnoreCase) && openIdConnectRequestOptions.ProtectedGrantTypes.Contains(grantType)); }
public async Task ReturnResponse(IOwinContext context, IIdentityServerRecaptchaOptions options, IOpenIdConnectRequest openIdConnectRequest) { var identityServerChallengeResource = new IdentityServerBadRequestChallengeResource { Message = CreateResponseMessage(), ChallengeHtml = _recaptchaPage.CreateHtmlBody(openIdConnectRequest) }; await context.ReturnResponse(HttpStatusCode.BadRequest, identityServerChallengeResource); }
public abstract Task <PipelineState> DoInvoke(IOwinContext context, IOpenIdConnectRequest openIdConnectRequest, ILoginStatistics loginStatistics);
public static bool SupportsPartialRecaptcha(this IIdentityServerRecaptchaOptions openIdConnectRequestOptions, IOpenIdConnectRequest openIdConnectRequest) { var basicAuthenticationHeaderValue = openIdConnectRequest.GetBasicAuthenticationHeaderValue(); if (string.IsNullOrEmpty(basicAuthenticationHeaderValue)) { return(true); } var basicAuthenticationHeaders = openIdConnectRequestOptions.WebClients.Select(client => Convert.ToBase64String(Encoding.UTF8.GetBytes($"{client.ClientId}:{client.Secret}"))) .Select(authorizationValue => new AuthenticationHeaderValue("Basic", authorizationValue)); return(basicAuthenticationHeaders .Any(authenticationHeaderValue => { return authenticationHeaderValue.ToString() == basicAuthenticationHeaderValue; })); }
public static bool IsExcluded(this RecaptchaValidationOptions recaptchaValidationOptions, IOwinContext owinContext, IOpenIdConnectRequest openIdConnectRequest) { var subnetExcluded = recaptchaValidationOptions.ExcludedSubnets.Any(excludedSubnet => { var remoteClientIpAddress = owinContext.GetRemoteClientIpAddress(); IPAddress ipAaddress; return(IPAddress.TryParse(remoteClientIpAddress, out ipAaddress) && excludedSubnet.Contains(ipAaddress)); }); if (subnetExcluded) { return(true); } if (openIdConnectRequest == null) { return(false); } var username = openIdConnectRequest.GetUsername(); if (!string.IsNullOrEmpty(username) && recaptchaValidationOptions.ExcludedUsernameExpression != null && recaptchaValidationOptions.ExcludedUsernameExpression.IsMatch(username)) { return(true); } var tenant = openIdConnectRequest.GetTenant(); if (!string.IsNullOrEmpty(tenant) && recaptchaValidationOptions.ExcludedTenantExpression != null && recaptchaValidationOptions.ExcludedTenantExpression.IsMatch(tenant)) { return(true); } var osVersion = openIdConnectRequest.GetOsVersion(); if (!string.IsNullOrEmpty(osVersion) && recaptchaValidationOptions.ExcludedOsVersionExpression != null && recaptchaValidationOptions.ExcludedOsVersionExpression.IsMatch(osVersion)) { return(true); } return(false); }
public async Task ReturnResponse(IOwinContext context, IIdentityServerRecaptchaOptions options, IOpenIdConnectRequest openIdConnectRequest) { await context.ReturnResponse(HttpStatusCode.Unauthorized, new IdentityServerUnauthorizedChallengeResource { ChallengeHtml = _recaptchaPage.CreateHtmlBody(openIdConnectRequest), LinkToChallenge = options.LinkToChallenge, Description = CreateResponseMessage() }, $@"recaptcha url=""{options.LinkToChallenge}"""); }