public async Task RecaptchaWithInvalidRecaptchaAnswer_WithAnswerAsHeaderValue_ShouldChallenge(HttpStatusCode returnedStatusCode) { using (var fakeRecaptchaServer = new FakeServer()) { fakeRecaptchaServer.Start(); fakeRecaptchaServer.Expect.Get("/?secret=private_key&response=correct_response") .Returns(returnedStatusCode, string.Empty); using (var server = new IdentityServerWithRecaptcha() .WithProtectedGrantType("password") .WithPrivateKey("private_key") .WithVerificationUri(fakeRecaptchaServer.BaseUri) .WithNumberOfAllowedLoginFailuresPerIpAddress(1).Build()) { var response = await server.CreateNativeLoginRequest() .WithUsername("jeuser") .WithPassword("Passw0rd") .WithHttpHeaderRecaptchaResponseBase64("correct_response") .Build() .PostAsync(); response.StatusCode.Should().Be(HttpStatusCode.OK); } } }
public async Task RecaptchaWithValidRecaptchaAnswer_WithAnswerAsAcrValue_ShouldNotChallenge() { using (var fakeRecaptchaServer = new FakeServer()) { fakeRecaptchaServer.Start(); fakeRecaptchaServer.Expect.Get("/?secret=private_key&response=correct_response") .Returns(HttpStatusCode.OK, JsonConvert.SerializeObject(new RecaptchaVerificationResponse { Succeeded = true })); var identityServerBuilder = new IdentityServerWithRecaptcha() .WithProtectedGrantType("password") .WithPrivateKey("private_key") .WithVerificationUri(fakeRecaptchaServer.BaseUri) .WithNumberOfAllowedLoginFailuresPerIpAddress(1); using (var server = identityServerBuilder.Build()) { var response = await server.CreateNativeLoginRequest() .WithUsername("jeuser") .WithPassword("Passw0rd") .WithRecaptchaResponseAsAcrValue("correct_response") .Build() .PostAsync(); response.StatusCode.Should().Be(HttpStatusCode.OK); var tokenResponse = await response.Content.ReadAsAsync <TokenResponseModel>(); tokenResponse.AccessToken.Should().NotBeNullOrEmpty(); identityServerBuilder.RecaptchaMonitor.HasIssuedChallenge.Should().BeFalse(); } } }
public async Task RecaptchaWithValidCredentials_WithDefaultChallengeType_ShouldChallengeAsUnauthorized() { var ipAddress = "192.168.1.101"; var username = "******"; var identityServerBuilder = new IdentityServerWithRecaptcha() .WithProtectedGrantType("password") .WithNumberOfAllowedLoginFailuresPerIpAddress(NumberOfAllowedLoginFailures) .WithFailuresForIpAddress(ipAddress, NumberOfAllowedLoginFailures); using (var server = identityServerBuilder.Build()) { var response = await server .CreateNativeLoginRequest() .WithUsername(username) .WithPassword("Passw0rd") .WithGrantType("password") .Build() .PostAsync(); response.StatusCode.Should().Be(HttpStatusCode.Unauthorized); response.Headers.WwwAuthenticate.Should().Contain(h => h.Scheme == "recaptcha"); response.Headers.WwwAuthenticate.Should().Contain(h => h.Parameter == @"url=""/recaptcha/platform"""); identityServerBuilder.RecaptchaMonitor.HasIssuedChallenge.Should().BeTrue(); identityServerBuilder.RecaptchaMonitor.HasCompletedChallenge.Should().BeFalse(); identityServerBuilder.RecaptchaMonitor.UserContext.Username.Should().Be(username); identityServerBuilder.RecaptchaMonitor.UserContext.IpAddress.Should().Be(ipAddress); } }
public async Task RecaptchaWithValidCredentials_WithTooManyFailedLogins_ShouldPass() { const int NumberOfAllowedLoginFailures = 1; using (var fakeRecaptchaServer = new FakeServer()) { fakeRecaptchaServer.Start(); fakeRecaptchaServer.Expect.Get("/?secret=private_key&response=correct_response") .Returns(HttpStatusCode.OK, JsonConvert.SerializeObject(new RecaptchaVerificationResponse { Succeeded = true })); using (var server = new IdentityServerWithRecaptcha() .WithProtectedGrantType("password") .WithPrivateKey("private_key") .WithVerificationUri(fakeRecaptchaServer.BaseUri) .WithNumberOfAllowedLoginFailuresPerIpAddress(NumberOfAllowedLoginFailures) .WithFailuresForIpAddress("192.168.1.101", NumberOfAllowedLoginFailures + 1) .WithChallengeAsBadRequest() .WithNumberOfAllowedLoginFailuresPerIpAddress(NumberOfAllowedLoginFailures).Build()) { var response = await server.CreateNativeLoginRequest() .WithUsername("jeuser") .WithPassword("Passw0rd") .WithGrantType("password") .WithHttpHeaderRecaptchaResponseRaw("correct_response") .Build() .PostAsync(); response.StatusCode.Should().NotBe(HttpStatusCode.BadRequest); } } }
public async Task RecaptchaWithValidCredentials_WithDefaultChallengeType_ShouldContainExpectedRecaptchaBody() { var identityServerBuilder = new IdentityServerWithRecaptcha() .WithProtectedGrantType("password") .WithNumberOfAllowedLoginFailuresPerIpAddress(NumberOfAllowedLoginFailures) .WithFailuresForIpAddress("192.168.1.101", NumberOfAllowedLoginFailures); using (var server = identityServerBuilder.Build()) { var response = await server.CreateNativeLoginRequest() .WithUsername("jeuser") .WithPassword("Passw0rd") .WithGrantType("password") .Build() .PostAsync(); response.StatusCode.Should().Be(HttpStatusCode.Unauthorized); var resource = await response.Content.ReadAsAsync <IdentityServerUnauthorizedChallengeResource>(); resource.LinkToChallenge.Should().Be("/recaptcha/platform"); resource.Description.Should().Contain("add the x-recaptcha-answer"); resource.ChallengeHtml.Should().Contain("<script src=\"https://www.google.com/recaptcha/api.js?hl=en-GB\" async defer>"); identityServerBuilder.RecaptchaMonitor.HasIssuedChallenge.Should().BeTrue(); identityServerBuilder.RecaptchaMonitor.HasCompletedChallenge.Should().BeFalse(); } }
public async Task RecaptchaWithInvalidRecaptchaAnswer_WithAnswerAsAcrValue_ShouldChallenge() { using (var fakeRecaptchaServer = new FakeServer()) { fakeRecaptchaServer.Start(); fakeRecaptchaServer.Expect.Get("/?secret=private_key&response=correct_response") .Returns(HttpStatusCode.OK, JsonConvert.SerializeObject(new RecaptchaVerificationResponse { Succeeded = false })); using (var server = new IdentityServerWithRecaptcha() .WithProtectedGrantType("password") .WithPrivateKey("private_key") .WithVerificationUri(fakeRecaptchaServer.BaseUri) .WithNumberOfAllowedLoginFailuresPerIpAddress(1) .WithFailuresForIpAddress("192.168.1.101", 1).Build()) { var response = await server.CreateNativeLoginRequest() .WithUsername("jeuser") .WithPassword("Passw0rd") .WithRecaptchaResponseAsAcrValue("correct_response") .Build() .PostAsync(); response.StatusCode.Should().Be(HttpStatusCode.Unauthorized); response.Headers.WwwAuthenticate.Should().Contain(h => h.Scheme == "recaptcha"); response.Headers.WwwAuthenticate.Should().Contain(h => h.Parameter == @"url=""/recaptcha/platform"""); } } }
public async Task RecaptchaWithValidRecaptchaAnswer_WithLongAnswerAsAcrValue_AndAllTheTrimmings_ShouldNotChallenge() { const string longAnswer = "03ACgFB9vknGtsjy3YCRubfh4Nk4_9j4jIaJ8q5nPO6AOu391yoMxeQctcw6-OPt5HyBGjm8B25-xrQUDD-kQjoJOrY3IBiFa5fh__YC9RVbRTPxNrGdhdUjyJxVzQE5obPE1AUPScn3gyS6iaIOxgW_wB-ttxB-0_ybk7GP6Dz-QFnrXQaYYGZEEQxLHQReku_wwiOIWV40HFEpMx_Z-LwPBKOWO3fk2p3fQsnZGCcAhnszi6DfdYJWKdBmfra6BjcJ4Tfx2Xvyn75a4CmDwS7FYp6kg_dmzN1BaLPSA26DKndbrjL3lW2ghKsaat6TTcIx23M5jvcUlzsh5QxHWd3YhmmokS_QfZa0dyuWMUJ1TisYrVOGsg6p2tCiPIm5qLLaWl1scXMgA5PLBR3cx0fNy7Q72gbkfLOQ"; using (var fakeRecaptchaServer = new FakeServer()) { fakeRecaptchaServer.Start(); fakeRecaptchaServer.Expect.Get("/?secret=private_key&response=" + longAnswer) .Returns(HttpStatusCode.OK, JsonConvert.SerializeObject(new RecaptchaVerificationResponse { Succeeded = true })); using (var server = new IdentityServerWithRecaptcha() .WithProtectedGrantType("password") .WithPrivateKey("private_key") .WithVerificationUri(fakeRecaptchaServer.BaseUri) .WithNumberOfAllowedLoginFailuresPerIpAddress(1).Build()) { var response = await server.CreateNativeLoginRequest() .WithUsername("jeuser") .WithPassword("Passw0rd") .WithRecaptchaResponseAsAcrValue(longAnswer) .WithEncodedDevice("id", "type", "name", "token") .Build() .PostAsync(); response.StatusCode.Should().Be(HttpStatusCode.OK); var tokenResponse = await response.Content.ReadAsAsync <TokenResponseModel>(); tokenResponse.AccessToken.Should().NotBeNullOrEmpty(); } } }
public async Task RecaptchaResponseBody_WithDefaultChallengeType_ShouldContainExpectedRecaptchaBody() { using (var server = new IdentityServerWithRecaptcha() .WithProtectedGrantType("password") .WithNumberOfAllowedLoginFailuresPerIpAddress(NumberOfAllowedLoginFailures) .WithFailuresForIpAddress("192.168.1.101", NumberOfAllowedLoginFailures) .WithPublicKey("recaptcha-public-key") .Build()) { var response = await server.CreateNativeLoginRequest() .WithUsername("jeuser") .WithPassword("Passw0rd") .WithGrantType("password") .WithLanguageCode("es-ES") .Build() .PostAsync(); response.StatusCode.Should().Be(HttpStatusCode.Unauthorized); var resource = await response.Content.ReadAsAsync <IdentityServerUnauthorizedChallengeResource>(); resource.LinkToChallenge.Should().Be("/recaptcha/platform"); resource.Description.Should().Contain("add the x-recaptcha-answer"); resource.ChallengeHtml.Should().Contain("<script src=\"https://www.google.com/recaptcha/api.js?hl=es-ES\" async defer>"); resource.ChallengeHtml.Should().Contain("<div class=\"g-recaptcha\" data-sitekey=\"recaptcha-public-key\"></div>"); } }
public async Task RecaptchaResponseBody_WithDefaultChallengeTypeAndHost_ShouldContainExpectedCssInRecaptchaBody(string deviceType, string expectedHtml) { using (var server = new IdentityServerWithRecaptcha() .WithProtectedGrantType("password") .WithNumberOfAllowedLoginFailuresPerIpAddress(NumberOfAllowedLoginFailures) .WithFailuresForIpAddress("192.168.1.101", NumberOfAllowedLoginFailures) .WithPublicKey("recaptcha-public-key") .WithContentServerName("public.example-api.com") .Build()) { var response = await server.CreateNativeLoginRequest() .WithUsername("jeuser") .WithPassword("Passw0rd") .WithGrantType("password") .WithLanguageCode("es-ES") .WithEncodedDevice("device-id", deviceType, "some-device-name", "some-device-token") .Build() .PostAsync(); response.StatusCode.Should().Be(HttpStatusCode.Unauthorized); var resource = await response.Content.ReadAsAsync <IdentityServerUnauthorizedChallengeResource>(); resource.ChallengeHtml.Should().Contain(expectedHtml); } }
public async Task RecaptchaWithExcludedTenant_WitNonExcludedTenant_ShouldChallenge() { var ipAddress = "192.168.1.101"; var username = "******"; var tenant = "uk"; var identityServerBuilder = new IdentityServerWithRecaptcha() .WithExcludedTenantsMatching("es") .WithProtectedGrantType("password") .WithNumberOfAllowedLoginFailuresPerIpAddress(1) .WithFailuresForIpAddress(ipAddress, 1); using (var server = identityServerBuilder.Build()) { var response = await server.CreateNativeLoginRequest() .WithUsername(username) .WithPassword("Passw0rd") .WithTenant(tenant) .Build() .PostAsync(); response.StatusCode.Should().Be(HttpStatusCode.Unauthorized); identityServerBuilder.RecaptchaMonitor.HasIssuedChallenge.Should().BeTrue(); identityServerBuilder.RecaptchaMonitor.UserContext.ShouldBeEquivalentTo(new RecaptchaUserContext { Username = username, IpAddress = ipAddress, Tenant = tenant, Device = new RecaptchaUserDevice() }); } }
public async Task RecaptchaWithValidCredentials_WithDefaultChallengeType_ShouldReport() { var ipAddress = "192.168.1.101"; var username = "******"; var identityServerBuilder = new IdentityServerWithRecaptcha() .WithProtectedGrantType("password") .WithNumberOfAllowedLoginFailuresPerIpAddress(NumberOfAllowedLoginFailures) .WithFailuresForIpAddress(ipAddress, NumberOfAllowedLoginFailures); using (var server = identityServerBuilder.Build()) { await server.CreateNativeLoginRequest() .WithUsername("jeuser") .WithPassword("Passw0rd") .WithGrantType("password") .Build() .PostAsync(); identityServerBuilder.LoginStatistics.TotalNumberOfChallengesForFailedLogins.Should().Be(1); identityServerBuilder.RecaptchaMonitor.HasIssuedChallenge.Should().BeTrue(); identityServerBuilder.RecaptchaMonitor.HasCompletedChallenge.Should().BeFalse(); identityServerBuilder.RecaptchaMonitor.UserContext.ShouldBeEquivalentTo(new RecaptchaUserContext { Username = username, IpAddress = ipAddress, Device = new RecaptchaUserDevice() }); } }
public async Task RecaptchaWithValidRecaptchaAnswer_WithLongAnswerAsAcrValue_ShouldNotChallenge() { const string longAnswer = "sHPqR2vXe1Gvena4WLtGvpslvmQjQrrFVTQDUpTPJ05IAsEpxeuGuuWI4bpOE0fqVgk3GGSjZS3ZbAPwXJhpeZuEaQhg6Vyp8PqYKD1906snU6aWgphMtSpo4QLOgyzRbAtGV6km58lBWKvrzrzEzYUerm44QXngw0meLTmryh33X0xHMzTSm7DGueATSlSO2lCv9E9xKomDpOZVp8tDYEL5bJflNvB3fMD2P2kUftlb8iv6VON6flwMLYrCuweFPQZ61FizEJGwJ4zpS1Mfgw5hV9BEkHhYbmuYBoLniKkB4KwPrYOHFw9IwFyKTiqIQC70RVWODc4hpjVsLsP4xeNuIASjDKj33Np4XiocvEYv8JIYTWuEffot0SKWVE8OgNQH5BL77FkLjERV"; using (var fakeRecaptchaServer = new FakeServer()) { fakeRecaptchaServer.Start(); fakeRecaptchaServer.Expect.Get("/?secret=private_key&response=" + longAnswer) .Returns(HttpStatusCode.OK, JsonConvert.SerializeObject(new RecaptchaVerificationResponse { Succeeded = true })); using (var server = new IdentityServerWithRecaptcha() .WithProtectedGrantType("password") .WithPrivateKey("private_key") .WithVerificationUri(fakeRecaptchaServer.BaseUri) .WithNumberOfAllowedLoginFailuresPerIpAddress(1).Build()) { var response = await server.CreateNativeLoginRequest() .WithUsername("jeuser") .WithPassword("Passw0rd") .WithRecaptchaResponseAsAcrValue(longAnswer) .Build() .PostAsync(); response.StatusCode.Should().Be(HttpStatusCode.OK); var tokenResponse = await response.Content.ReadAsAsync <TokenResponseModel>(); tokenResponse.AccessToken.Should().NotBeNullOrEmpty(); } } }
public async Task RecaptchaWithValidCredentials_WhenEveryoneIsChallenged() { using (var fakeRecaptchaServer = new FakeServer()) { fakeRecaptchaServer.Start(); fakeRecaptchaServer.Expect.Get("/?secret=private_key&response=correct_response") .Returns(HttpStatusCode.OK, JsonConvert.SerializeObject(new RecaptchaVerificationResponse { Succeeded = true })); using (var server = new IdentityServerWithRecaptcha() .WithProtectedGrantType("password") .WithPrivateKey("private_key") .WithVerificationUri(fakeRecaptchaServer.BaseUri) .WithChallengeAsBadRequest() .WithPlatformSecurityShieldsUp() .Build()) { var response = await server.CreateNativeLoginRequest() .WithUsername("jeuser") .WithPassword("Passw0rd") .WithGrantType("password") .WithHttpHeaderRecaptchaResponseRaw("correct_response") .Build() .PostAsync(); response.StatusCode.Should().NotBe(HttpStatusCode.BadRequest); } } }
public async Task RecaptchaWithValidCredentials_WithTooManyFailedLogins_ShouldPass() { const int NumberOfAllowedLoginFailures = 1; using (var fakeRecaptchaServer = new FakeServer()) { fakeRecaptchaServer.Start(); fakeRecaptchaServer.Expect.Get("/?secret=private_key&response=correct_response") .Returns(HttpStatusCode.OK, JsonConvert.SerializeObject(new RecaptchaVerificationResponse { Succeeded = true })); var ipAddress = "192.168.1.101"; var username = "******"; var identityServerBuilder = new IdentityServerWithRecaptcha() .WithProtectedGrantType("password") .WithPrivateKey("private_key") .WithVerificationUri(fakeRecaptchaServer.BaseUri) .WithNumberOfAllowedLoginFailuresPerIpAddress(NumberOfAllowedLoginFailures) .WithFailuresForIpAddress(ipAddress, NumberOfAllowedLoginFailures + 1) .WithChallengeAsBadRequest() .WithNumberOfAllowedLoginFailuresPerIpAddress(NumberOfAllowedLoginFailures); using (var server = identityServerBuilder.Build()) { var response = await server.CreateNativeLoginRequest() .WithUsername(username) .WithPassword("Passw0rd") .WithGrantType("password") .WithHttpHeaderRecaptchaResponseRaw("correct_response") .Build() .PostAsync(); response.StatusCode.Should().NotBe(HttpStatusCode.BadRequest); identityServerBuilder.RecaptchaMonitor.HasCompletedChallenge.Should().BeTrue(); identityServerBuilder.RecaptchaMonitor.ChallengeCompletedInvokeCount.Should().Be(1); identityServerBuilder.RecaptchaMonitor.ResponseContext.State.Should().Be(RecaptchaState.ChallengeSucceeded); identityServerBuilder.RecaptchaMonitor.UserContext.ShouldBeEquivalentTo(new RecaptchaUserContext { Username = username, IpAddress = ipAddress, Device = new RecaptchaUserDevice() }); } } }
public async Task RecaptchaWithPlatformLevelSecurity_WithShieldsUp_ShouldChallenge() { using (var server = new IdentityServerWithRecaptcha() .WithPlatformSecurityShieldsUp() .WithProtectedGrantType("password") .WithNumberOfAllowedLoginFailuresPerIpAddress(NumberOfAllowedLoginFailures).Build()) { var response = await server.CreateNativeLoginRequest() .WithUsername("jeuser") .WithPassword("Passw0rd") .Build() .PostAsync(); response.StatusCode.Should().Be(HttpStatusCode.Unauthorized); } }
public async Task RecaptchaWithExcludedUsers_WitNonExcludedSubnet_ShouldChallenge() { using (var server = new IdentityServerWithRecaptcha() .WithExcludedUsernamesMatching("randomuser") .WithProtectedGrantType("password") .WithNumberOfAllowedLoginFailuresPerIpAddress(1) .WithFailuresForIpAddress("192.168.1.101", 1).Build()) { var response = await server.CreateNativeLoginRequest() .WithUsername("jeuser") .WithPassword("Passw0rd") .Build() .PostAsync(); response.StatusCode.Should().Be(HttpStatusCode.Unauthorized); } }
public async Task RecaptchaWithValidCredentials_WithUnsupportedGrantType_ShouldNotChallenge() { using (var server = new IdentityServerWithRecaptcha() .WithNumberOfAllowedLoginFailuresPerIpAddress(NumberOfAllowedLoginFailures).Build()) { var response = await server.CreateNativeLoginRequest() .WithUsername("jeuser") .WithPassword("Passw0rd") .Build() .PostAsync(); response.StatusCode.Should().Be(HttpStatusCode.OK); var tokenResponse = await response.Content.ReadAsAsync <TokenResponseModel>(); tokenResponse.AccessToken.Should().NotBeNullOrEmpty(); } }
public async Task RecaptchaWithExcludedTenant_WitExcludedDeviceType_ShouldNotChallenge() { using (var server = new IdentityServerWithRecaptcha() .WithExcludedDevicesMatching("ios") .WithProtectedGrantType("password") .WithNumberOfAllowedLoginFailuresPerIpAddress(1) .WithFailuresForIpAddress("192.168.1.101", 1).Build()) { var response = await server.CreateNativeLoginRequest() .WithUsername("jeuser") .WithPassword("Passw0rd") .WithDeviceType("ios") .Build() .PostAsync(); response.StatusCode.Should().Be(HttpStatusCode.OK); } }
public async Task RecaptchaWithValidCredentials_WithUnsupportedGrantType_ShouldReport() { var identityServerBuilder = new IdentityServerWithRecaptcha() .WithProtectedGrantType("password") .WithNumberOfAllowedLoginFailuresPerIpAddress(NumberOfAllowedLoginFailures); using (var server = identityServerBuilder.Build()) { await server.CreateNativeLoginRequest() .WithUsername("jeuser") .WithPassword("Passw0rd") .Build() .PostAsync(); identityServerBuilder.LoginStatistics.TotalNumberOfNonChallengesForFailedLogins.Should().Be(1); identityServerBuilder.LoginStatistics.TotalNumberOfChallengesForFailedLogins.Should().Be(0); } }
public async Task RecaptchaWithExcludedTenant_WitNonExcludedDevice_ShouldChallenge() { var ipAddress = "192.168.1.101"; var username = "******"; var deviceId = "device-id"; var deviceName = "device-name"; var deviceType = "device-type"; var deviceToken = "device-token"; var identityServerBuilder = new IdentityServerWithRecaptcha() .WithExcludedDevicesMatching("android") .WithProtectedGrantType("password") .WithNumberOfAllowedLoginFailuresPerIpAddress(1) .WithFailuresForIpAddress("192.168.1.101", 1); using (var server = identityServerBuilder.Build()) { var response = await server.CreateNativeLoginRequest() .WithUsername(username) .WithPassword("Passw0rd") .WithEncodedDevice(deviceId, deviceType, deviceName, deviceToken) .Build() .PostAsync(); response.StatusCode.Should().Be(HttpStatusCode.Unauthorized); identityServerBuilder.RecaptchaMonitor.HasIssuedChallenge.Should().BeTrue(); identityServerBuilder.RecaptchaMonitor.HasCompletedChallenge.Should().BeFalse(); identityServerBuilder.RecaptchaMonitor.UserContext.ShouldBeEquivalentTo( new RecaptchaUserContext { Username = username, IpAddress = ipAddress, Device = new RecaptchaUserDevice { Id = deviceId, Type = deviceType, Name = deviceName, Token = deviceToken } }); } }
public async Task RecaptchaWithValidCredentials_WithBadRequestChallengeType_ShouldChallengAsBadRequest() { using (var server = new IdentityServerWithRecaptcha() .WithProtectedGrantType("password") .WithNumberOfAllowedLoginFailuresPerIpAddress(NumberOfAllowedLoginFailures) .WithFailuresForIpAddress("192.168.1.101", NumberOfAllowedLoginFailures) .WithChallengeAsBadRequest() .WithNumberOfAllowedLoginFailuresPerIpAddress(NumberOfAllowedLoginFailures).Build()) { var response = await server.CreateNativeLoginRequest() .WithUsername("jeuser") .WithPassword("Passw0rd") .WithGrantType("password") .Build() .PostAsync(); response.StatusCode.Should().Be(HttpStatusCode.BadRequest); } }
public async Task RecaptchaWithExcludedTenant_WitNonExcludedDeviceType_ShouldChallenge() { var identityServerBuilder = new IdentityServerWithRecaptcha() .WithExcludedDevicesMatching("android") .WithProtectedGrantType("password") .WithNumberOfAllowedLoginFailuresPerIpAddress(1) .WithFailuresForIpAddress("192.168.1.101", 1); using (var server = identityServerBuilder.Build()) { var response = await server.CreateNativeLoginRequest() .WithUsername("jeuser") .WithPassword("Passw0rd") .WithDeviceType("ios") .Build() .PostAsync(); response.StatusCode.Should().Be(HttpStatusCode.Unauthorized); identityServerBuilder.RecaptchaMonitor.HasIssuedChallenge.Should().BeTrue(); identityServerBuilder.RecaptchaMonitor.HasCompletedChallenge.Should().BeFalse(); } }
public async Task RecaptchaResponseBody_WithDefaultClients_ShouldContainFullRecaptchaHtml() { using (var server = new IdentityServerWithRecaptcha() .WithProtectedGrantType("password") .WithNumberOfAllowedLoginFailuresPerIpAddress(NumberOfAllowedLoginFailures) .WithFailuresForIpAddress("192.168.1.101", NumberOfAllowedLoginFailures) .WithPublicKey("recaptcha-public-key") .Build()) { var response = await server.CreateNativeLoginRequest() .WithUsername("jeuser") .WithPassword("Passw0rd") .WithGrantType("password") .WithLanguageCode("es-ES") .Build() .PostAsync(); response.StatusCode.Should().Be(HttpStatusCode.Unauthorized); var resource = await response.Content.ReadAsAsync <IdentityServerUnauthorizedChallengeResource>(); resource.ChallengeHtml.Should().StartWith("<!DOCTYPE html>"); } }
public async Task RecaptchaWithValidCredentials_WithBadRequestChallengeType_ShouldContainExpectedRecaptchaBody() { using (var server = new IdentityServerWithRecaptcha() .WithProtectedGrantType("password") .WithNumberOfAllowedLoginFailuresPerIpAddress(NumberOfAllowedLoginFailures) .WithFailuresForIpAddress("192.168.1.101", NumberOfAllowedLoginFailures) .WithChallengeAsBadRequest() .WithNumberOfAllowedLoginFailuresPerIpAddress(NumberOfAllowedLoginFailures).Build()) { var response = await server.CreateNativeLoginRequest() .WithUsername("jeuser") .WithPassword("Passw0rd") .WithGrantType("password") .Build() .PostAsync(); response.StatusCode.Should().Be(HttpStatusCode.BadRequest); var resource = await response.Content.ReadAsAsync <IdentityServerBadRequestChallengeResource>(); resource.Message.Should().Contain("Please complete the Recaptcha"); resource.ChallengeHtml.Should().Contain("<script src=\"https://www.google.com/recaptcha/api.js?hl=en-GB\" async defer>"); } }
public async Task RecaptchaWithValidCredentials_WithBadRequestChallengeType_ShouldContainExpectedRecaptchaBody() { var ipAddress = "192.168.1.101"; var username = "******"; var identityServerBuilder = new IdentityServerWithRecaptcha() .WithProtectedGrantType("password") .WithNumberOfAllowedLoginFailuresPerIpAddress(NumberOfAllowedLoginFailures) .WithFailuresForIpAddress(ipAddress, NumberOfAllowedLoginFailures) .WithChallengeAsBadRequest() .WithNumberOfAllowedLoginFailuresPerIpAddress(NumberOfAllowedLoginFailures); using (var server = identityServerBuilder.Build()) { var response = await server.CreateNativeLoginRequest() .WithUsername(username) .WithPassword("Passw0rd") .WithGrantType("password") .Build() .PostAsync(); response.StatusCode.Should().Be(HttpStatusCode.BadRequest); var resource = await response.Content.ReadAsAsync <IdentityServerBadRequestChallengeResource>(); resource.Message.Should().Contain("Please complete the Recaptcha"); resource.ChallengeHtml.Should().Contain("<script src=\"https://www.google.com/recaptcha/api.js?hl=en-GB\" async defer>"); identityServerBuilder.RecaptchaMonitor.HasIssuedChallenge.Should().BeTrue(); identityServerBuilder.RecaptchaMonitor.HasCompletedChallenge.Should().BeFalse(); identityServerBuilder.RecaptchaMonitor.UserContext.ShouldBeEquivalentTo(new RecaptchaUserContext { Username = username, IpAddress = ipAddress, Device = new RecaptchaUserDevice() }); } }