Web interface test get and POST requests

With regard to the HTTP protocol, I thought about the fact that there was no need to spend another section on this, because the introduction of the HTTP protocol is very detailed online. In order to try to avoid introducing an empty concept and theory to introduce interface testing, I will still give specific examples here.

Let's start with a brief introduction to the basic concepts: we want to open a Web site, first of all we need to enter the Web address into the URL input frame of the browser's address. When I hit enter, through the HTTP protocol, the URL to the domain name resolution server, the domain name resolution server according to the URL to find the corresponding IP host (System server). This process is called request, which is requested, and when the IP host gets the request, the corresponding resource is returned to the user's browser. This process is called response, which is the response.

When the user's browser requests to the system server, there are several methods, the most commonly used are get and post two methods.

Here we develop a web app that can receive get and post requests. Of course, the reader is required to have a certain foundation of web development. But the non-programming language and web framework are not the focus of our discussion.

Take the code for the Flask framework as an example.

GET Request

pyfl/

|----/hello.py

|----/templates/

|----|-----------/index.html

|----|-----------/user.html

hello.py

 fromFlaskImportFlask,render_templateapp= Flask (__name__) @app. Route ("/")defindex ():returnRender_template ("index.html")if __name__=='__main__': App.run (Debug=true)

Index.html

< H1 > < H1 >

To start the flask Container:

Visit: Http://127.0.0.1:5000/

To view GET request information through Firebug:

Of course, this return is just a static page, and does not require any parameters, we only need to determine whether the return is a few .

Expand hello.py as follows:

 fromFlaskImportFlask,render_templateapp= Flask (__name__) @app. Route ("/")defindex ():returnRender_template ("index.html") @app. Route ("/user/<name>")defUser (name):returnRender_template ("user.html", name=name)if __name__=='__main__': App.run (Debug=true)

User.html

< H1 > Hell, {{name}}! < H1 >

Visit: HTTP://127.0.0.1:5000/USER/AAA

By comparison, this get request is a bit more complicated, with some parameters (AAA) in the request,backstage (hello.py The parameter is received and reversed back to the user.html page.

At this point, we can do some simple tests on this parameter, comparing parameters to null, characters, numbers, scripts,SQL , and so on . In fact, the SQL injection of the security test is also started with the SQL statements in the input parameters .

POST Request

pyfl/

|----/hello.py

|----/templates/

|----|-----------/index.html

hello.py

 fromFlaskImportFlask,render_template,requestapp= Flask (__name__) @app. Route ("/")defindex ():returnRender_template ("index.html") @app. Route ("/login", methods = ['GET','POST'])deflogin ():ifRequest.method = ="POST": Username= Request.form.get ('username') Password= Request.form.get ('Password')        ifusername=="Zhangsan"  andpassword=="123":            return ""%usernameElse:            return ""        Else:        return ""if __name__=='__main__': App.run (Debug=true)

Index.html

<formAction= "/login"Method= "POST">Username:<inputtype= "text"name= "username">Password:<inputtype= "Password"name= "Password">    <inputtype= "Submit"ID= "Submit"></form>

Visit: Http://127.0.0.1:5000/

Enter the user name, password login (background hello.py decision, the user named "Zhangsan", password for "123" login success, other accounts failed. )

Python has a requests Library that makes it easy to simulate a test POST request.

#Coding=utf-8ImportREQUESTSS=Requestsdata={"username":"Zhangsan","Password":"123",}r= S.post ('Http://127.0.0.1:5000/login', data)PrintR.status_codePrintr.headers['Content-type']Printr.encodingPrintR.text

Execution Result:

text/html; Charset=utf-8UTF-8welcome, Zhangsan! 

POST the interface tests the same, checking the returned content by not entering an empty, or wrong username password.

===================

This article is a primer, there are many issues to discuss, such as the interface returns JSON -formatted data, for example, the interface for Security plus digital signature. From the point of view of the test, which work can simulate these requests, how to organize and run the test cases. There is time to discuss it later.

Web interface test get and POST requests