接口自动化测试:用户认证
认证函数
- 认证函数的处理过程主要是提取用户认证数据并判断其正确性,
get_http_auth = request.META.get('HTTP_AUTHORIZATION', b'')request.META是一个python字典,包含了本次HTTP请求的Header信息,例如用户认证、IP地址和用户Agent等HTTP_AUTHORIZATION用于获取HTTP认证数据,如果为空,将得到一个空的bytes对象 - 例如客户端传的数据是admin/admin123456,这里得到的数据会是
Basic YWRtaW46YWRtaW4xMjM0NTY=而auth=get_http_auth-split()将其拆分成list,拆分后数据为[‘Basic’,‘YWRtaW46YWRtaW4xMjM0NTY=’] - 取得加密字符串后,使用base64进行解码操作,通过decode()方法以UTF-8编码对字符串进行解码
auth_parts = base64.b64decode(auth[1]).decode('utf-8').partition(':')partition()方法以冒号为分隔符对字符串进行分隔,得到的数据为('admin',':','admin123456') - 之后便是Django的认证模块进行工作了
# 用户认证
def user_auth(request):
get_http_auth = request.META.get('HTTP_AUTHORIZATION', b'')
auth = get_http_auth.split()
try:
auth_parts = base64.b64decode(auth[1]).decode('utf-8').partition(':')
except IndexError:
return "null"
userid, password = auth_parts[0], auth_parts[2]
user = django_auth.authenticate(username=userid, password=password)
if user is not None and user.is_active:
django_auth.login(request, user)
return "success"
else:
return "fail"
接口添加认证
比较一下区别
#发布会查询
def get_event_list(request):
eid = request.GET.get("eid", "") # 发布会id
name = request.GET.get("name", "") # 发布会名称
# 通过GET请求接收eid和name,两个参数都是可选项,但不能同时为空,否则返回10021和错误提示
if eid == '' and name == '':
return JsonResponse({'status':10021,'message':'parameter error'})
# 如果eid不为空,则使用eid查询,将查询结果以字典的形式存放到定义的event中,并将event作为接口返回字典中data对应的值
if eid != '':
event = {}
try:
result = Event.objects.get(id=eid)
except ObjectDoesNotExist:
return JsonResponse({'status':10022, 'message':'query result is empty'})
else:
event['eid'] = result.id
event['name'] = result.name
event['limit'] = result.limit
event['status'] = result.status
event['address'] = result.address
event['start_time'] = result.start_time
return JsonResponse({'status':200, 'message':'success', 'data':event})
# name为模糊查询,返回结果可能是多条,先将查询的每一条数据放到一个event字典中,再把每个event字典放到datas数组中,最后将整个datas数组作为接口返回字典中data对应的值
if name != '':
datas = []
results = Event.objects.filter(name__contains=name)
if results:
for r in results:
event = {}
event['eid'] = r.id
event['name'] = r.name
event['limit'] = r.limit
event['status'] = r.status
event['address'] = r.address
event['start_time'] = r.start_time
datas.append(event)
return JsonResponse({'status':200, 'message':'success', 'data':datas})
else:
return JsonResponse({'status':10022, 'message':'query result is empty'})
# 发布会查询接口---增加用户认证
def get_event_list(request):
auth_result = user_auth(request)
if auth_result == "null":
return JsonResponse({'status':10011,'message':'user auth null'})
if auth_result == "fail":
return JsonResponse({'status':10012,'message':'user auth fail'})
eid = request.GET.get("eid", "") # 发布会id
name = request.GET.get("name", "") # 发布会名称
if eid == '' and name == '':
return JsonResponse({'status':10021,'message':'parameter error'})
if eid != '':
event = {}
try:
result = Event.objects.get(id=eid)
except ObjectDoesNotExist:
return JsonResponse({'status':10022, 'message':'query result is empty'})
else:
event['eid'] = result.id
event['name'] = result.name
event['limit'] = result.limit
event['status'] = result.status
event['address'] = result.address
event['start_time'] = result.start_time
return JsonResponse({'status':200, 'message':'success', 'data':event})
if name != '':
datas = []
results = Event.objects.filter(name__contains=name)
if results:
for r in results:
event = {}
event['eid'] = r.id
event['name'] = r.name
event['limit'] = r.limit
event['status'] = r.status
event['address'] = r.address
event['start_time'] = r.start_time
datas.append(event)
return JsonResponse({'status':200, 'message':'success', 'data':datas})
else:
return JsonResponse({'status':10022, 'message':'query result is empty'})
接口文档
| Items | 说明 |
|---|---|
| 名称 | 查询发布会接口 |
| 描述 | 查询发布会接口 |
| URL | http://127.0.0.1:8000/api/sec_get_event_list/ |
| 调用方法 | GET |
| 传递参数 | eid#发布会id,name#发布会名称 |
| 返回值 | {“data”:{“start_time”:“2019-10-31T14:00:00”, “name”:“询盘云发布会A”, “limit”:“20000”,“address”:“北京”,“status”:“true”},“message”:“success”,“status”:“200”} |
| 状态吗 | 10011:user auth null,10012:user auth fail,10021:parameter error,10022:query result is empty,200:success |
| 说明 | 接口需要认证:auth=(“username”, “password”), eid或者name两个参数二选一 |
接口测试用例
# coding=utf-8
import unittest
import requests
class GetEventListTest(unittest.TestCase):
''' 查询发布会信息(带用户认证)'''
def setUp(self):
self.base_url = "http://127.0.0.1:8000/api/sec_get_event_list/"
self.auth_user = ('admin', 'admin123456')
def test_get_event_list_auth_null(self):
''' auth为空 '''
r = requests.get(self.base_url, params={'eid':'1'})
result = r.json()
self.assertEqual(result['status'], 10011)
self.assertEqual(result['message'], 'user auth null')
def test_get_event_list_auth_error(self):
''' auth错误 '''
r = requests.get(self.base_url, auth=('abc','123'), params={'eid':'1'})
result = r.json()
self.assertEqual(result['status'], 10012)
self.assertEqual(result['message'], 'user auth fail')
def test_get_event_list_eid_null(self):
''' eid 参数为空 '''
r = requests.get(self.base_url, auth=self.auth_user, params={'eid':''})
result = r.json()
self.assertEqual(result['status'], 10021)
self.assertEqual(result['message'], 'parameter error')
def test_get_event_list_eid_error(self):
''' eid=901 查询结果为空 '''
r = requests.get(self.base_url, auth=self.auth_user, params={'eid':901})
result = r.json()
self.assertEqual(result['status'], 10022)
self.assertEqual(result['message'], 'query result is empty')
def test_get_event_list_eid_success(self):
''' 根据 eid 查询结果成功 '''
r = requests.get(self.base_url, auth=self.auth_user, params={'eid':1})
result = r.json()
self.assertEqual(result['status'], 200)
self.assertEqual(result['message'], 'success')
self.assertEqual(result['data']['name'],u'mx6发布会')
self.assertEqual(result['data']['address'],u'北京国家会议中心')
def test_get_event_list_nam_result_null(self):
''' 关键字‘abc’查询 '''
r = requests.get(self.base_url, auth=self.auth_user, params={'name':'abc'})
result = r.json()
self.assertEqual(result['status'], 10022)
self.assertEqual(result['message'], 'query result is empty')
def test_get_event_list_name_find(self):
''' 关键字‘发布会’模糊查询 '''
r = requests.get(self.base_url, auth=self.auth_user, params={'name':'发布会'})
result = r.json()
self.assertEqual(result['status'], 200)
self.assertEqual(result['message'], 'success')
self.assertEqual(result['data'][0]['name'],u'mx6发布会')
self.assertEqual(result['data'][0]['address'],u'北京国家会议中心')