在 Python 单元测试中模拟每次请求后清除 cookie
Simulate clearing cookies after each request in a Python unittest
我需要编写一个单元测试来确定速率限制方法是否有效,即使用户在每次请求后清除 cookie。现有的限速方式是使用session来统计请求。我们的安全专家说,在每次请求后清除 cookie 很容易绕过这个问题。我不知道如何在单元测试中模拟新会话或清除 cookie。服务器 Python2.7 使用 Flask。现有代码:
def test_retry_protection(self):
#
prev1 = app.config['RETRY_PROTECTION_COUNT']
app.config['RETRY_PROTECTION_COUNT'] = 3
prev2 = app.config['RETRY_PROTECTION_SECONDS']
app.config['RETRY_PROTECTION_SECONDS'] = 5
username = 'retry.me'
password = 'ke52u&%y!jfueQ'
result = self.app.post('/add_password',
data=dict(username=username, password1=password,
password2=password))
assert '": "ok"' in result.data, result.data
for x in range(app.config['RETRY_PROTECTION_COUNT'] - 1):
result = self.app.post('/update_password',
data=dict(username=username, password1=password,
password2=password, password_old=password + 'wrong'))
assert 'User and password not correct' in result.data, result.data
result = self.app.post('/update_password',
data=dict(username=username, password1=password + 'change',
password2=password + 'change', password_old=password))
assert 'Excessive usage - wait 10 minutes to try again' in result.data, result.data
time.sleep(app.config['RETRY_PROTECTION_SECONDS'] + 1)
result = self.app.post('/update_password',
data=dict(username=username, password1=password + 'change',
password2=password + 'change', password_old=password))
assert '": "ok"' in result.data, result.data
app.config['RETRY_PROTECTION_COUNT'] = prev1
app.config['RETRY_PROTECTION_SECONDS'] = prev2
如果您使用 Flask.test_client 编写单元测试,您可以使用它的 cookie_jar 属性来访问 cookies:
app = flask.Flask(__name__)
client = app.test_client()
client.cookie_jar.clear()
# or
client.cookie_jar.clear_session_cookies()
我需要编写一个单元测试来确定速率限制方法是否有效,即使用户在每次请求后清除 cookie。现有的限速方式是使用session来统计请求。我们的安全专家说,在每次请求后清除 cookie 很容易绕过这个问题。我不知道如何在单元测试中模拟新会话或清除 cookie。服务器 Python2.7 使用 Flask。现有代码:
def test_retry_protection(self):
#
prev1 = app.config['RETRY_PROTECTION_COUNT']
app.config['RETRY_PROTECTION_COUNT'] = 3
prev2 = app.config['RETRY_PROTECTION_SECONDS']
app.config['RETRY_PROTECTION_SECONDS'] = 5
username = 'retry.me'
password = 'ke52u&%y!jfueQ'
result = self.app.post('/add_password',
data=dict(username=username, password1=password,
password2=password))
assert '": "ok"' in result.data, result.data
for x in range(app.config['RETRY_PROTECTION_COUNT'] - 1):
result = self.app.post('/update_password',
data=dict(username=username, password1=password,
password2=password, password_old=password + 'wrong'))
assert 'User and password not correct' in result.data, result.data
result = self.app.post('/update_password',
data=dict(username=username, password1=password + 'change',
password2=password + 'change', password_old=password))
assert 'Excessive usage - wait 10 minutes to try again' in result.data, result.data
time.sleep(app.config['RETRY_PROTECTION_SECONDS'] + 1)
result = self.app.post('/update_password',
data=dict(username=username, password1=password + 'change',
password2=password + 'change', password_old=password))
assert '": "ok"' in result.data, result.data
app.config['RETRY_PROTECTION_COUNT'] = prev1
app.config['RETRY_PROTECTION_SECONDS'] = prev2
如果您使用 Flask.test_client 编写单元测试,您可以使用它的 cookie_jar 属性来访问 cookies:
app = flask.Flask(__name__)
client = app.test_client()
client.cookie_jar.clear()
# or
client.cookie_jar.clear_session_cookies()