public async Task ThrottledRequests_WithAllowedFailuresAndBadRequestResponse_ShouldThrottleRequestsAboveThreshold()
{
const int numberOfAllowedLoginFailures = 3;
using (var server = new IdentityServerWithThrottledLoginRequests()
.WithNumberOfAllowedLoginFailures(numberOfAllowedLoginFailures)
.WithRequestsThrottledAsBadRequest()
.WithProtectedGrantType("password").Build())
{
const int numberOfFailedLoginAttemptsThatExceedThreshold = numberOfAllowedLoginFailures + 1;
for (var attempt = 1; attempt <= numberOfFailedLoginAttemptsThatExceedThreshold; ++attempt)
{
await server.CreateNativeLoginRequest()
.WithUsername("jeuser")
.WithPassword("Passw0rd123")
.Build()
.PostAsync();
}
var response = await server.CreateNativeLoginRequest()
.WithUsername("jeuser")
.WithPassword("Passw0rd123")
.Build()
.PostAsync();
response.StatusCode.Should().Be(HttpStatusCode.BadRequest);
var tokenResponse = await response.Content.ReadAsAsync <IdentityServerBadRequestChallengeResource>();
tokenResponse.Message.Should().Be("Too many connections");
}
}
public async Task ThrottledRequests_WithZeroAllowedFailures_ShouldAllowLogins()
{
using (var server = new IdentityServerWithThrottledLoginRequests()
.WithNumberOfAllowedLoginFailures(0).Build())
{
var response = await server.CreateNativeLoginRequest()
.WithUsername("jeuser")
.WithPassword("Passw0rd")
.Build()
.PostAsync();
response.StatusCode.Should().Be(HttpStatusCode.OK);
var tokenResponse = await response.Content.ReadAsAsync <TokenResponseModel>();
tokenResponse.AccessToken.Should().NotBeNullOrEmpty();
}
}
public async Task ThrottledRequestsWithMissingGrantType_WithZeroAllowedFailures_ShouldFailOnLoginFailures()
{
using (var server = new IdentityServerWithThrottledLoginRequests()
.WithNumberOfAllowedLoginFailures(0).Build())
{
var response = await server.CreateNativeLoginRequest()
.WithUsername("jeuser")
.WithPassword("Passw0rd123")
.Build()
.PostAsync();
response.StatusCode.Should().Be(HttpStatusCode.BadRequest);
var tokenFailureResponse = await response.Content.ReadAsAsync <TokenFailureResponseModel>();
tokenFailureResponse.Error.Should().Be("invalid_grant");
}
}
public async Task ThrottledRequests_WithAllowedFailures_ShouldAllowFailuresBelowThreshold()
{
const int numberOfAllowedLoginFailures = 3;
using (var server = new IdentityServerWithThrottledLoginRequests()
.WithNumberOfAllowedLoginFailures(numberOfAllowedLoginFailures)
.WithProtectedGrantType("password").Build())
{
for (var attempt = 1; attempt <= numberOfAllowedLoginFailures; ++attempt)
{
var response = await server.CreateNativeLoginRequest()
.WithUsername("jeuser")
.WithPassword("Passw0rd123")
.Build()
.PostAsync();
response.StatusCode.Should().Be(HttpStatusCode.BadRequest);
var tokenFailureResponse = await response.Content.ReadAsAsync <TokenFailureResponseModel>();
tokenFailureResponse.Error.Should().Be("invalid_grant");
}
}
}