2017-09-15 78 views
0

我需要編寫一個單元測試以確定速率限制方法是否工作,即使用戶在每次請求後都清除了cookie。現有的速率限制方法使用會話來計數請求。我們的安全專家表示,這很容易通過在每次請求後清除cookie來繞過。我不知道如何在單元測試中模擬新會話或清除cookie。服務器是使用Flask的Python2.7。現有代碼:在Python單元測試中的每個請求之後模擬清除cookie

def test_retry_protection(self): 
    # 
    prev1 = app.config['RETRY_PROTECTION_COUNT'] 
    app.config['RETRY_PROTECTION_COUNT'] = 3 
    prev2 = app.config['RETRY_PROTECTION_SECONDS'] 
    app.config['RETRY_PROTECTION_SECONDS'] = 5 
    username = 'retry.me' 
    password = 'ke52u&%y!jfueQ' 
    result = self.app.post('/add_password', 
          data=dict(username=username, password1=password, 
            password2=password)) 
    assert '": "ok"' in result.data, result.data 

    for x in range(app.config['RETRY_PROTECTION_COUNT'] - 1): 
     result = self.app.post('/update_password', 
           data=dict(username=username, password1=password, 
             password2=password, password_old=password + 'wrong')) 
     assert 'User and password not correct' in result.data, result.data 

    result = self.app.post('/update_password', 
          data=dict(username=username, password1=password + 'change', 
            password2=password + 'change', password_old=password)) 
    assert 'Excessive usage - wait 10 minutes to try again' in result.data, result.data 
    time.sleep(app.config['RETRY_PROTECTION_SECONDS'] + 1) 
    result = self.app.post('/update_password', 
          data=dict(username=username, password1=password + 'change', 
            password2=password + 'change', password_old=password)) 
    assert '": "ok"' in result.data, result.data 
    app.config['RETRY_PROTECTION_COUNT'] = prev1 
    app.config['RETRY_PROTECTION_SECONDS'] = prev2 
+0

如果cookies被清除他們的是我不認爲任何方式來做到這一點。 –

回答