public bool Authenticate(LoginRequest request, IEnumerable<IAuthenticationStrategy> strategies)
{
_auditor.ApplyHistory(request);
var authResult = strategies.Any(x => x.Authenticate(request));
_auditor.Audit(request);
return authResult;
}
public void SetRememberMeCookie(LoginRequest request)
{
if (request.RememberMe && request.UserName.IsNotEmpty())
{
_cookies.User.Value = request.UserName;
}
}
public void ApplyHistory(LoginRequest request)
{
var history = _session.Load<LoginFailureHistory>(request.UserName);
if (history == null) return;
request.NumberOfTries = history.Attempts;
request.LockedOutUntil = history.LockedOutTime;
}
public void LogSuccess(LoginRequest request, Audit audit)
{
_repository.Update(audit);
var history = _session.Load<LoginFailureHistory>(request.UserName);
if (history != null)
{
_session.Delete(history);
}
}
public FubuContinuation LoggedIn(LoginRequest request)
{
string url = request.Url;
if (url.IsEmpty())
{
url = "~/";
}
return FubuContinuation.RedirectTo(url);
}
public void LoggedIn(LoginRequest request)
{
var url = request.Url;
if (url.IsEmpty())
{
url = "~/";
}
_writer.RedirectToUrl(url);
}
public HtmlDocument get_login(LoginRequest request)
{
var document = new HtmlDocument();
document.Title = "Login Page";
document.Add("h1").Text("This is the login page");
document.Add("div").Id("message").Text(request.Message);
return document;
}
public void apply_history_when_there_is_no_history()
{
var request = new LoginRequest
{
NumberOfTries = 5,
UserName = "******"
};
var auditor = theContainer.GetInstance<PersistedLoginAuditor>();
auditor.ApplyHistory(request);
request.NumberOfTries.ShouldEqual(5); // Nothing gets replaced
}
public void LogFailure(LoginRequest request, Audit audit)
{
_repository.Update(audit);
var history = _session.Load<LoginFailureHistory>(request.UserName) ?? new LoginFailureHistory
{
Id = request.UserName
};
history.Attempts = request.NumberOfTries;
history.LockedOutTime = request.LockedOutUntil;
_session.Store(history);
}
public bool Authenticate(LoginRequest request)
{
if (_authenticator.AuthenticateCredentials(request))
{
request.Status = LoginStatus.Succeeded;
_session.MarkAuthenticated(request.UserName);
}
else
{
request.Status = LoginStatus.Failed;
request.NumberOfTries++;
}
return request.Status == LoginStatus.Succeeded;
}
public LoginStatus IsLockedOut(LoginRequest request)
{
if (request.NumberOfTries >= _settings.MaximumNumberOfFailedAttempts)
{
return LoginStatus.LockedOut;
}
if (request.LockedOutUntil != null)
{
if (request.LockedOutUntil.Value > _systemTime.UtcNow())
{
return LoginStatus.LockedOut;
}
}
return LoginStatus.NotAuthenticated;
}
public void write_login_failure()
{
var request = new LoginRequest
{
Status = LoginStatus.Failed,
UserName = "******"
};
var auditor = theContainer.GetInstance<PersistedLoginAuditor>();
auditor.Audit(request);
var theAudit = theContainer.GetInstance<IEntityRepository>().All<Audit>()
.Where(x => x.Type == "LoginFailure").Single();
theAudit.Message.ShouldBeOfType<LoginFailure>();
theAudit.Timestamp.ShouldEqual(theTime.UtcNow());
theAudit.Username.ShouldEqual(request.UserName);
}
public bool Authenticate(LoginRequest request)
{
if (_lockedOutRule.IsLockedOut(request) == LoginStatus.LockedOut)
{
request.Status = LoginStatus.LockedOut;
}
else if (_authenticator.AuthenticateCredentials(request))
{
request.Status = LoginStatus.Succeeded;
_session.MarkAuthenticated(request.UserName);
}
else
{
request.Status = LoginStatus.Failed;
request.NumberOfTries++;
_lockedOutRule.ProcessFailure(request);
}
return request.Status == LoginStatus.Succeeded;
}
public void apply_history_when_there_is_prior_history()
{
var history = new LoginFailureHistory
{
Id = "AlreadyLockedOut",
Attempts = 3,
LockedOutTime = DateTime.Today.AddMinutes(30)
};
theContainer.GetInstance<ITransaction>().Execute<IDocumentSession>(repo => repo.Store(history));
var auditor = theContainer.GetInstance<PersistedLoginAuditor>();
var request = new LoginRequest
{
UserName = history.Id
};
auditor.ApplyHistory(request);
request.NumberOfTries.ShouldEqual(history.Attempts);
request.LockedOutUntil.ShouldEqual(history.LockedOutTime.Value);
}
public void ProcessFailure(LoginRequest request)
{
if (request.LockedOutUntil != null && request.LockedOutUntil.Value <= _systemTime.UtcNow())
{
request.LockedOutUntil = null;
}
if (IsLockedOut(request) == LoginStatus.LockedOut)
{
request.Status = LoginStatus.LockedOut;
request.Message = LoginKeys.LockedOut.ToString();
request.NumberOfTries = 0; // This is important for the unlocking later
if (request.LockedOutUntil == null)
{
request.LockedOutUntil = _systemTime.UtcNow().AddMinutes(_settings.CooloffPeriodInMinutes);
}
}
else
{
request.Message = LoginKeys.Failed.ToFormat(request.NumberOfTries,
_settings.MaximumNumberOfFailedAttempts);
}
}
public void when_logging_success_wipe_clean_the_login_failure_history()
{
var history = new LoginFailureHistory
{
UserName = "******",
Attempts = 3
};
theContainer.GetInstance<ITransaction>().WithRepository(repo =>
{
repo.Update(history);
});
waitForHistoryToAppear(history.UserName);
var request = new LoginRequest
{
Status = LoginStatus.Succeeded,
UserName = history.UserName
};
var auditor = theContainer.GetInstance<PersistedLoginAuditor>();
auditor.Audit(request);
waitForHistoryToDisappear(history.UserName);
}
public void when_logging_failure_for_a_user_that_is_locked_out()
{
var request = new LoginRequest
{
Status = LoginStatus.Failed,
UserName = "******",
NumberOfTries = 1,
LockedOutUntil = DateTime.Today.ToUniversalTime()
};
var auditor = theContainer.GetInstance<PersistedLoginAuditor>();
auditor.Audit(request);
var history = theContainer.GetInstance<IDocumentSession>()
.Load<LoginFailureHistory>(request.UserName);
history.LockedOutTime.ShouldEqual(request.LockedOutUntil);
}
public bool Authenticate(LoginRequest request)
{
return Authenticate(request, _strategies);
}
public bool Authenticate(LoginRequest request)
{
return _strategies.Any(x => x.Authenticate(request));
}
public bool Authenticate(LoginRequest request)
{
return(_strategies.Any(x => x.Authenticate(request)));
}
public void apply_history_when_there_is_prior_history()
{
var history = new LoginFailureHistory
{
UserName = "******",
Attempts = 3,
LockedOutTime = DateTime.Today.AddMinutes(30)
};
theContainer.GetInstance<ITransaction>().WithRepository(repo => repo.Update(history));
waitForHistoryToAppear(history.UserName);
var auditor = theContainer.GetInstance<PersistedLoginAuditor>();
var request = new LoginRequest
{
UserName = history.UserName
};
auditor.ApplyHistory(request);
request.NumberOfTries.ShouldEqual(history.Attempts);
request.LockedOutUntil.ShouldEqual(history.LockedOutTime.Value);
}
public void update_an_existing_history()
{
var history = new LoginFailureHistory
{
UserName = "******",
Attempts = 2
};
theContainer.GetInstance<ITransaction>().WithRepository(repo =>
{
repo.Update(history);
});
waitForHistoryToAppear(history.UserName);
var request = new LoginRequest
{
Status = LoginStatus.Failed,
UserName = history.UserName,
NumberOfTries = 3,
LockedOutUntil = DateTime.Today.ToUniversalTime()
};
var auditor = theContainer.GetInstance<PersistedLoginAuditor>();
auditor.Audit(request);
waitForHistoryToAppear(request.UserName);
var history2 = theContainer.GetInstance<IEntityRepository>()
.FindWhere<LoginFailureHistory>(x => x.UserName == request.UserName);
history2.Attempts.ShouldEqual(request.NumberOfTries);
history2.LockedOutTime.ShouldEqual(request.LockedOutUntil);
}
public void when_logging_failure_for_a_user_that_is_locked_out()
{
var request = new LoginRequest
{
Status = LoginStatus.Failed,
UserName = "******",
NumberOfTries = 1,
LockedOutUntil = DateTime.Today.ToUniversalTime()
};
var auditor = theContainer.GetInstance<PersistedLoginAuditor>();
auditor.Audit(request);
waitForHistoryToAppear(request.UserName);
var history = theContainer.GetInstance<IEntityRepository>()
.FindWhere<LoginFailureHistory>(x => x.UserName == request.UserName);
history.LockedOutTime.ShouldEqual(request.LockedOutUntil);
}
public void when_logging_failure_for_a_user_that_has_no_prior_failure_history()
{
var request = new LoginRequest
{
Status = LoginStatus.Failed,
UserName = "******",
NumberOfTries = 1,
LockedOutUntil = null
};
var auditor = theContainer.GetInstance<PersistedLoginAuditor>();
auditor.Audit(request);
var history = theContainer.GetInstance<IDocumentSession>().Load<LoginFailureHistory>(request.UserName);
history.ShouldNotBeNull();
history.Attempts.ShouldEqual(1);
history.LockedOutTime.ShouldBeNull();
}
protected bool Equals(LoginRequest other)
{
return(string.Equals(Url, other.Url));
}
public void update_an_existing_history()
{
var history = new LoginFailureHistory
{
Id = "AlreadyFailed",
Attempts = 2
};
theContainer.GetInstance<ITransaction>().Execute<IDocumentSession>(repo =>
{
repo.Store(history);
});
var request = new LoginRequest
{
Status = LoginStatus.Failed,
UserName = history.Id,
NumberOfTries = 3,
LockedOutUntil = DateTime.Today.ToUniversalTime()
};
var auditor = theContainer.GetInstance<PersistedLoginAuditor>();
auditor.Audit(request);
var history2 = theContainer.GetInstance<IDocumentSession>()
.Load<LoginFailureHistory>(request.UserName);
history2.Attempts.ShouldEqual(request.NumberOfTries);
history2.LockedOutTime.ShouldEqual(request.LockedOutUntil);
}
protected bool Equals(LoginRequest other)
{
return string.Equals(Url, other.Url);
}
public void when_logging_success_wipe_clean_the_login_failure_history()
{
var history = new LoginFailureHistory
{
Id = "doofus",
Attempts = 3
};
theContainer.GetInstance<ITransaction>().Execute<IDocumentSession>(repo =>
{
repo.Store(history);
});
var request = new LoginRequest
{
Status = LoginStatus.Succeeded,
UserName = history.Id
};
var auditor = theContainer.GetInstance<PersistedLoginAuditor>();
auditor.Audit(request);
}
public bool Authenticate(LoginRequest request)
{
return false;
}
