For web applications, most systems require users to enter a verification code when they log in. There are many types of verification codes, including alphanumeric and Chinese characters, and even the user needs to enter an answer to an arithmetic problem. For the system, the use of verification codes can effectively prevent the use of machine guessing methods to detect passwords, which increases security to a certain extent. But for testers, whether it is performance testing or automated testing is a difficult problem.
Let's talk about several methods for handling verification codes.
Remove verification code
This is the easiest way. For developers, just comment out the relevant code of the verification code. If it is in a test environment, this will save a lot of trouble for testers. The environment runs, which brings certain risks to the system.
Set Universal Code
The main reason for removing the verification code is the security issue. In order to respond to the security threat of the online system, you can not cancel the verification code when modifying the program, but leave a "backdoor" in the program --- set a "universal verification code" as long as the user Enter this "universal verification code", the program considers the verification passed, otherwise it will be verified according to the original verification method.
operation result:
random
random is used to generate random numbers
Randine ()
The randint () method is used to generate random integers. The two parameters passed are the range of random numbers. The second parameter of randint (1000, 9999) is larger than the first parameter.
We require the user to enter a random number and make judgments on the user input. If it is equal to the generated random number, the login is successful, and if it is equal to 1111, the login is successful, otherwise it fails. Then the judgment equal to 1111 is a universal code.
Captcha recognition technology
For example, you can use Python-tesseract to recognize the image verification code. Python-tesseract is a Python package class of the optical character recognition Tesseract OCR engine . Able to read any conventional picture files (JPG, GIF, PNG, TIFF, etc. ) . However, there are many forms of verification codes on the market, and any current verification code recognition technology does not have a recognition rate of 100% .
Record cookie
( Applicable to UI automated testing, and the username and password currently used in most applications are not recorded in cookies or encrypted. )
By adding cookies to the browser, you can bypass the login verification code, which is a more interesting solution. Before the user logs in, we can add the user name and password to the browser cookie through the add_cookie () method, and access the system login link again to log in automatically. For example the following way:
The biggest difficulty in using cookies to log in is how to obtain the name of the user name and password. If the name of the name cannot be found, there is no way to enter the user name and password information into the value.
I suggest that you can use the get_cookies () method to get all the cookie information logged in, so as to find the name of the name object of the user name and password; of course, the easiest way is to ask the front-end developer.
◆ Source: The picture and text come from the Internet, if there is any infringement, please contact to delete
