From d6e64e3465128ad2795bd9893e2cdde18d63b34d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=BC=A0=E5=B0=8F=E9=A3=9E?= <2624970078@qq.com>
Date: Fri, 11 Jun 2021 15:16:28 +0800
Subject: [PATCH] =?UTF-8?q?=E5=88=A0=E9=99=A4test=5Flogin.py=E4=B8=AD?=
 =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E7=9A=84=E4=BB=A3=E7=A0=81=EF=BC=8C=E6=B7=BB?=
 =?UTF-8?q?=E5=8A=A0test=5Flogin=5Fsecurity=5Ffix.py=E7=94=A8=E6=9D=A5?=
 =?UTF-8?q?=E6=A3=80=E9=AA=8Cbug=E6=98=AF=E5=90=A6=E4=BF=AE=E5=A4=8D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/test/test_login.py              | 16 -------------
 app/test/test_login_security_fix.py | 35 +++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+), 16 deletions(-)
 create mode 100644 app/test/test_login_security_fix.py

diff --git a/app/test/test_login.py b/app/test/test_login.py
index a9f61ff..2fc5d49 100644
--- a/app/test/test_login.py
+++ b/app/test/test_login.py
@@ -60,21 +60,5 @@ def test_login():
         driver.save_screenshot('./app/test/test_login_pic4.png')    
         assert 'EnglishPal Study Room for ' + uname in  driver.title
 
-        #logout
-        driver.get(HOME_PAGE + 'logout')
-
-        # 测试bug是否修复
-        driver.get(HOME_PAGE)
-        elem = driver.find_element_by_link_text('登录')
-        elem.click()
-        uname = 'lanhui'
-        elem = driver.find_element_by_name('username')
-        elem.send_keys(uname)
-        elem = driver.find_element_by_name('password')
-        elem.send_keys("' or 'a'='a'or'a'='a")
-        elem = driver.find_element_by_xpath('//form[1]/p[3]/input[1]') # 找到登录按钮
-        elem.click()
-        driver.save_screenshot('./app/test/test_login_pic5.png')
-        assert '无法通过验证。' in driver.page_source
     finally:
         driver.quit()
diff --git a/app/test/test_login_security_fix.py b/app/test/test_login_security_fix.py
new file mode 100644
index 0000000..b836b6b
--- /dev/null
+++ b/app/test/test_login_security_fix.py
@@ -0,0 +1,35 @@
+# -*- coding: utf-8 -*-
+# Run the docker image using the following command:
+# docker run -d -p 4444:4444 selenium/standalone-chrome
+from selenium import webdriver
+from selenium.webdriver.common.desired_capabilities import DesiredCapabilities
+
+import random, string
+
+driver = webdriver.Remote('http://localhost:4444/wd/hub', DesiredCapabilities.CHROME)
+driver.implicitly_wait(10)
+
+HOME_PAGE = 'http://121.4.94.30:91/'
+
+def test_login_security_fix():
+    try:
+        driver.get(HOME_PAGE)
+        
+        elem = driver.find_element_by_link_text('登录')
+        elem.click()
+        
+        uname = 'lanhui'
+        elem = driver.find_element_by_name('username')
+        elem.send_keys(uname)
+        
+        elem = driver.find_element_by_name('password')
+        # 使用原有漏洞密码登录
+        elem.send_keys("' or 'a'='a'or'a'='a")
+        
+        elem = driver.find_element_by_xpath('//form[1]/p[3]/input[1]') # 找到登录按钮
+        elem.click()
+        
+        driver.save_screenshot('./app/test/test_login_security_fix0.png')
+        assert '无法通过验证。' in driver.page_source
+    finally:
+        driver.quit()