Merge changes made in the branch SPM-Spring2021-2599-张小飞201831990641

2021-07-13 11:06:12 +08:00 · 2021-07-13 11:06:12 +08:00 · 0afac2a30e
parent 3bddc1ed27 b53b5ed4c3
commit 0afac2a30e
10 changed files with 62 additions and 10 deletions
--- a/1
+++ b/1
@ -1,2 +1,3 @@
 FROM tiangolo/uwsgi-nginx-flask:python3.6
 COPY ./app /app
--- a/app/UseSqlite.py
+++ b/app/UseSqlite.py
@ -32,6 +32,20 @@ class Sqlite3Template:
        self.instructions(self.query)
        self.operate()
    def instructions_with_parameters(self, query_statement, parameters):
        self.query = query_statement
        self.parameters = parameters
    def do_with_parameters(self):
        self.connect(self.db_fname)
        self.instructions_with_parameters(self.query, self.parameters)
        self.operate_with_parameters()
    def operate_with_parameters(self):
        self.conn.row_factory = sqlite3.Row
        self.results = self.conn.execute(self.query, self.parameters) # self.query is to be given in the child classes
        self.conn.commit()
 class InsertQuery(Sqlite3Template):
    def instructions(self, query):
--- a/app/main.py
+++ b/app/main.py
@ -38,8 +38,8 @@ def load_freq_history(path):
 def verify_user(username, password):
    rq = RecordQuery(path_prefix + 'static/wordfreqapp.db')
-    rq.instructions("SELECT * FROM user WHERE name='%s' AND password='%s'" % (username, password))
+    rq.instructions_with_parameters("SELECT * FROM user WHERE name=? AND password=?", (username, password))
-    rq.do()
+    rq.do_with_parameters()
    result = rq.get_results()
    return result != []
@ -228,7 +228,7 @@ def mainpage():
               </head>
               <body>
        '''
-        page += '<p><b><font size="+3" color="red">English Pal - Learn English in a smart way!</font></b></p>'
+        page += '<p><b><font size="+3" color="red">English Pal -(SPM-Spring2021-2599-张小飞201831990641) Learn English in a smart way!</font></b></p>'
        if session.get('logged_in'):
            page += ' <a href="%s">%s</a></p>\n' % (session['username'], session['username'])
        else:
--- a/app/test/test_add_word.py
+++ b/app/test/test_add_word.py
@ -10,7 +10,7 @@ import string
 driver = webdriver.Remote('http://localhost:4444/wd/hub', DesiredCapabilities.CHROME)
 driver.implicitly_wait(10)
-HOME_PAGE = 'http://121.4.94.30:91/'
+HOME_PAGE = 'http://121.4.94.30:5000/'
 def has_punctuation(s):
@ -19,6 +19,7 @@ def has_punctuation(s):
 def test_add_word():
    try:
        driver.get(HOME_PAGE)
        print(driver.page_source)
        assert 'English Pal -' in driver.page_source
        # login
--- a/app/test/test_add_word_and_essay_does_not_change.py
+++ b/app/test/test_add_word_and_essay_does_not_change.py
@ -10,7 +10,7 @@ import string
 driver = webdriver.Remote('http://localhost:4444/wd/hub', DesiredCapabilities.CHROME)
 driver.implicitly_wait(10)
-HOME_PAGE = 'http://121.4.94.30:91/'
+HOME_PAGE = 'http://121.4.94.30:5000/'
 def has_punctuation(s):
--- a/app/test/test_login.py
+++ b/app/test/test_login.py
@ -9,7 +9,7 @@ import random, string
 driver = webdriver.Remote('http://localhost:4444/wd/hub', DesiredCapabilities.CHROME)
 driver.implicitly_wait(10)
-HOME_PAGE = 'http://121.4.94.30:91/'
+HOME_PAGE = 'http://121.4.94.30:5000/'
@ -59,5 +59,6 @@ def test_login():
        driver.save_screenshot('./app/test/test_login_pic4.png')    
        assert 'EnglishPal Study Room for ' + uname in  driver.title
    finally:
        driver.quit()
--- a/app/test/test_login_security_fix.py
+++ b/app/test/test_login_security_fix.py
@ -0,0 +1,35 @@
 # -*- coding: utf-8 -*-
 # Run the docker image using the following command:
 # docker run -d -p 4444:4444 selenium/standalone-chrome
 from selenium import webdriver
 from selenium.webdriver.common.desired_capabilities import DesiredCapabilities
 import random, string
 driver = webdriver.Remote('http://localhost:4444/wd/hub', DesiredCapabilities.CHROME)
 driver.implicitly_wait(10)
 HOME_PAGE = 'http://121.4.94.30:5000/'
 def test_login_security_fix():
    try:
        driver.get(HOME_PAGE)
        elem = driver.find_element_by_link_text('登录')
        elem.click()
        uname = 'lanhui'
        elem = driver.find_element_by_name('username')
        elem.send_keys(uname)
        elem = driver.find_element_by_name('password')
        # 使用原有漏洞密码登录
        elem.send_keys("' or 'a'='a'or'a'='a")
        elem = driver.find_element_by_xpath('//form[1]/p[3]/input[1]') # 找到登录按钮
        elem.click()
        driver.save_screenshot('./app/test/test_login_security_fix0.png')
        assert '无法通过验证。' in driver.page_source
    finally:
        driver.quit()
--- a/app/test/test_next_essay.py
+++ b/app/test/test_next_essay.py
@ -9,7 +9,7 @@ import random, string, time
 driver = webdriver.Remote('http://localhost:4444/wd/hub', DesiredCapabilities.CHROME)
 driver.implicitly_wait(10)
-HOME_PAGE = 'http://121.4.94.30:91/'
+HOME_PAGE = 'http://121.4.94.30:5000/'
@ -42,7 +42,7 @@ def test_next():
        # click Next
        diff = 0
-        for i in range(5):
+        for i in range(10):
            elem = driver.find_element_by_link_text('下一篇')
            elem.click()
            driver.save_screenshot('./app/test/test_next_essay_pic1.png')
--- a/app/test/test_signup.py
+++ b/app/test/test_signup.py
@ -9,7 +9,7 @@ import random, string
 driver = webdriver.Remote('http://localhost:4444/wd/hub', DesiredCapabilities.CHROME)
 driver.implicitly_wait(10)
-HOME_PAGE = 'http://121.4.94.30:91/'
+HOME_PAGE = 'http://121.4.94.30:5000/'
--- a/效果演示.mp4
+++ b/效果演示.mp4
`@ -1,2 +1,3 @@`
	`FROM tiangolo/uwsgi-nginx-flask:python3.6`	`FROM tiangolo/uwsgi-nginx-flask:python3.6`
	`COPY ./app /app`	`COPY ./app /app`