For this problem, we can usually take the following three approaches to solve the problem:
1. The first method, and the easiest one to think of, is to temporarily block the verification function in the system under test. In other words, by temporarily modifying the application, no matter what verification code the user enters, it will be considered correct. This method is the easiest to implement and will not have much impact on the test results (of course, this method eliminates the "verification of verification code" link, but this link is difficult to become a system performance bottleneck). But this method has a fatal problem: if the system under test is a system that is actually online, blocking the verification function will cause a very large security risk to the business that is already running. Therefore, for the system that is already online, , it is inappropriate to use this method;
2. The second method is slightly improved based on the first method. The first method brings great security issues, so we can consider not canceling the verification, but leaving a backdoor in it. We set a so-called "universal verification code". As long as the user enters this "universal verification code" ”, we will verify that it passes, otherwise, we will still verify it according to the original verification method. This method still has security issues, but since we can control the "universal verification code" to a small range through management means, and only retain this small backdoor during the performance test, it is better than the first method. Said that there have been major improvements in security;
3. If security is really crucial to the application and no mistakes are allowed, then we can use further methods to deal with this problem. a) General performance testing tools (MI's LR, Seague's Silk performer, etc.) can call external DLLs or component interfaces. Therefore, you can consider obtaining the implementation of the "verification code verification" part and writing a DLL to obtain the verification code. , just call it in the test script. b) Or use a request to refresh the authentication code page, and then save the returned image as a file on the hard disk through association, then use OCR (optical character recognition) to identify the content of the file, save the result to txt, and finally use LR to read this text.
Method a) Example:
Add a function to the script to solve the verification code problem. Of course, this method bypasses the server, but it is still feasible.
Step 1: Write a GUID.h header file, which contains a GUID method that randomly generates a string of random numbers from 26 letters and 9 numbers. The code is as follows:
//GUID.h
char* lr_guid_gen(char* paramName){ //生成GUID方法
typedef struct _GUID {
unsigned long Data1;
unsigned short Data2;
unsigned short Data3;
unsigned char Data4[8];
} GUID;
GUID m_guid;
char buf[50];
char pNameStr[50];
CoCreateGuid(&m_guid);
// 定义输出格式
sprintf (buf, "{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}", // 大写
// sprintf (buf, "{%08lx-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}",// 小写
//sprintf (buf, "%08lX%04X%04X%02X%02X%02X%02X%02X%02X%02X%02X",// 小写
m_guid.Data1, m_guid.Data2, m_guid.Data3,
m_guid.Data4[0], m_guid.Data4[1], m_guid.Data4[2], m_guid.Data4[3],
m_guid.Data4[4], m_guid.Data4[5], m_guid.Data4[6], m_guid.Data4[7]);
lr_save_string(buf, paramName);
sprintf(pNameStr,"{%s}",paramName);
return lr_eval_string(pNameStr);
}Thank you to everyone who reads my article carefully. There is always a courtesy. Although it is not a very valuable thing, if you can use it, you can take it directly:
These materials should be the most comprehensive and complete preparation warehouse for [software testing] friends. This warehouse has also accompanied tens of thousands of test engineers through the most difficult journey. I hope it can also help you! Anyone in need Partners can click on the small card below to receive it
