mrlan
/
EnglishPal
7
3
Fork 23
Code Issues Pull Requests 45 Projects Releases Wiki Activity

FIX Bug 347 #215

Closed
dengbo wants to merge 1 commits from Bug585-Xuhaoxuan into Alpha-snapshot20240618
pull from: Bug585-Xuhaoxuan
merge into: mrlan:Alpha-snapshot20240618
Conversation 0 Commits 1 Files Changed 5
5 changed files with 141 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Login.py
View File

@ -79,6 +79,8 @@ class UserName:
def validate(self):
yuyexuan commented 2025-06-24 18:41:37 +08:00
Review

这段代码缺少对特殊字符(如@, #, $等),未处理Unicode字符和不可见字符的全面检查

这段代码缺少对特殊字符(如@, #, $等),未处理Unicode字符和不可见字符的全面检查
if len(self.username) > 20:
return f'{self.username} is too long. The user name cannot exceed 20 characters.'
if len(self.username) == 0: # 用户名必须不为空
return 'You can`t use an empty user name.'
if self.username.startswith('.'): # a user name must not start with a dot
return 'Period (.) is not allowed as the first letter in the user name.'
if ' ' in self.username: # a user name must not include a whitespace

4
app/templates/signup.html
View File

@ -29,8 +29,8 @@
password2 = $("#password2").val().trim();
// 基本表单验证
if (username === "" || password === "" || password2 === "") {
alert('输入不能为空!');
if (password === "" || password2 === "") {
huangkeqing commented 2025-06-24 09:20:16 +08:00
Review

在用户注册时,缺失对于用户名为空的判断

在用户注册时,缺失对于用户名为空的判断
alert('输入密码不能为空!');
return false;
}
if (password.includes(' ') || password2.includes(' ')) {

74
app/test/test_integration_login.py Normal file
View File

@ -0,0 +1,74 @@
# test_integration_username.py
import pytest
import sys
import os
# 获取文件所在目录的上两级目录EnglishPal
project_root = os.path.abspath(os.path.join(os.path.dirname(__file__), '..', '..'))
yuyexuan commented 2025-06-24 18:35:06 +08:00
Review

根目录获取用pathlib方式更加简洁高效
应明确导入路径而不是模糊的from app.Login import

根目录获取用pathlib方式更加简洁高效 应明确导入路径而不是模糊的from app.Login import
sys.path.append(project_root)
from app.Login import add_user, check_username_availability
# 模拟数据库行为
class MockUserDB:
def __init__(self):
self.users = {}
def insert_user(self, username, password, start_date, expiry_date):
if username in self.users:
return False
self.users[username] = {
'password': password,
'start_date': start_date,
'expiry_date': expiry_date
}
return True
def get_user_by_username(self, username):
return self.users.get(username)
original_insert_user = None
original_get_user_by_username = None
@pytest.fixture(autouse=True)
def setup_and_teardown():
global original_insert_user, original_get_user_by_username
from app.Login import insert_user as original_iu, get_user_by_username as original_gubu
original_insert_user = original_iu
original_get_user_by_username = original_gubu
mock_db = MockUserDB()
def mock_insert_user(**kwargs):
return mock_db.insert_user(**kwargs)
def mock_get_user_by_username(username):
return mock_db.get_user_by_username(username)
from app.Login import insert_user, get_user_by_username
insert_user = mock_insert_user
get_user_by_username = mock_get_user_by_username
yield
from app.Login import insert_user, get_user_by_username
insert_user = original_insert_user
get_user_by_username = original_get_user_by_username
def test_add_user_with_empty_username_fails():
yuyexuan commented 2025-06-24 18:39:03 +08:00
Review

在test_add_user_with_empty_username_fails和test_add_user_with_valid_username_succeeds中有如下的问题:assert result is None 没有明确表达测试意图,没有直接验证是否调用了数据库插入方法
那么我们可以使用pytest-mock的方式简化代码,提高测试效率

在test_add_user_with_empty_username_fails和test_add_user_with_valid_username_succeeds中有如下的问题:assert result is None 没有明确表达测试意图,没有直接验证是否调用了数据库插入方法 那么我们可以使用pytest-mock的方式简化代码,提高测试效率
with pytest.raises(ValueError) as exc_info:
add_user('', 'Password123')
assert "Attribute User.name is required" in str(exc_info.value)
def test_add_user_with_valid_username_succeeds():
result = add_user('validuser', 'Password123')
assert result is None # 如果 add_user 不返回值,则断言无异常即可
assert check_username_availability('validuser') is False # 用户已存在

63
app/test_login.py Normal file
View File

@ -0,0 +1,63 @@
# test_username.py
import pytest
from app.Login import UserName
def test_username_too_long():
username = 'a' * 21
result = UserName(username).validate()
assert username in result
assert 'too long' in result
def test_username_empty():
username = ''
result = UserName(username).validate()
assert 'empty user name' in result
def test_username_starts_with_dot():
username = '.startwithdot'
result = UserName(username).validate()
assert 'Period (.) is not allowed' in result
def test_username_contains_space():
username = 'has space'
result = UserName(username).validate()
assert 'Whitespace is not allowed' in result
def test_username_contains_invalid_punctuation():
invalid_chars = ['@', '#', '$', '!', '{', '}', '[', ']']
for c in invalid_chars:
username = f'bad{c}name'
result = UserName(username).validate()
assert f'{c} is not allowed' in result, f"Failed on char: {c}"
def test_username_uses_restricted_word():
huangkeqing commented 2025-06-24 09:52:54 +08:00
Review

对于保留字的判断,需要覆盖大小写不敏感的情况。可以修改受限词列表,包含不同大小写形式(例如,对于每个词,我们不仅测试小写,还测试大写、首字母大写等)。

对于保留字的判断,需要覆盖大小写不敏感的情况。可以修改受限词列表,包含不同大小写形式(例如,对于每个词,我们不仅测试小写,还测试大写、首字母大写等)。
restricted_words = ['signup', 'login', 'logout', 'reset', 'mark', 'back',
'unfamiliar', 'familiar', 'del', 'admin']
for word in restricted_words:
result = UserName(word).validate()
assert 'restricted word' in result, f"Failed on word: {word}"
def test_username_contains_chinese():
yuyexuan commented 2025-06-24 18:18:14 +08:00
Review

中文用户名测试不明确,仅测试了纯中文字符,未测试混合情况
错误信息断言过于具体,可能随需求变化而失效

中文用户名测试不明确,仅测试了纯中文字符,未测试混合情况 错误信息断言过于具体,可能随需求变化而失效
username = '用户名'
result = UserName(username).validate()
assert 'Chinese characters are not allowed' in result
def test_valid_username():
valid_usernames = [
'valid_user',
'valid.user',
'user123',
'A_veryValidName',
]
for username in valid_usernames:
result = UserName(username).validate()
assert result == 'OK', f"Failed on valid username: {username}"

BIN
current_branch_commit_messages.txt Normal file
View File

Binary file not shown.