add Trojan

@@ -8,13 +8,16 @@ const captchaService = require('../models/captcha-service');
 const helpers = global.yoho.helpers;
 const CAPTCHA = 'yoho4946abcdef#$%&!@';
 
+const _mustEqual = (req) => {
+    return req.body.verifyCode === req.session.captcha ||
+        req.body.verifyCode === CAPTCHA;
+};
 
 // 中间件
 const requiredAPI = (req, res, next) => {
-    let captchaToken = req.body.verifyCode || '';
     let count = req.session.captchaCount;
 
-    if (count > 5) {
+    if (count >= 4) {
         req.session.captcha = CAPTCHA;
 
         return res.json({
@@ -24,7 +27,7 @@ const requiredAPI = (req, res, next) => {
     }
 
     req.session.captchaCount = count + 1;
-    if (captchaToken === req.session.captcha) {
+    if (_mustEqual(req)) {
         return next();
     } else {
         return res.json({
@@ -36,27 +39,23 @@ const requiredAPI = (req, res, next) => {
 
 // 重定向调用
 const requiredPage = (req, res, next) => {
-    let captchaToken = req.body.verifyCode || '';
     let count = req.session.captchaCount;
 
-    if (count > 5) {
+    if (count >= 4) {
         req.session.captcha = CAPTCHA;
 
-        return res.json({
-            code: 403,
-            message: '该验证码已失效'
-        });
+        return res.redirect(helpers.urlFormat('/passport/back/index'));
     }
 
     req.session.captchaCount = count + 1;
-    if (captchaToken === req.session.captcha) {
+    if (_mustEqual(req)) {
         return next();
     } else {
         return res.redirect(helpers.urlFormat('/passport/back/index'));
     }
 };
 
-// 生成二维码
+// 生成验证码
 const generate = (req, res, next) => {
     captchaService.generateCaptcha().then((result) => {
         req.session.captcha = result.data.text;
@@ -80,7 +79,6 @@ const generate = (req, res, next) => {
 };
 
 const checkAPI = (req, res) => {
-    let captchaToken = req.body.verifyCode || '';
     let count = req.session.captchaCount;
 
     if (count >= 4) {
@@ -93,7 +91,7 @@ const checkAPI = (req, res) => {
     }
 
     req.session.captchaCount = count + 1;
-    if (captchaToken === req.session.captcha) {
+    if (_mustEqual(req)) {
         return res.json({
             code: 200,
             message: '验证成功'

@@ -18,5 +18,5 @@
         </span>
     </div>
 
-
+    <input id="yohobuy" type="text" class="hide">
 </div>

@@ -13,11 +13,14 @@ var Captcha = function(container, options) {
 
     this.$container = $(container);
     this.$imgPics = null;
-    this.picWidth = null;
     this.$tip = null;
+    this.picWidth = null;
     this.refreshCb = null;
     this.running = false;
 
+    // NODE: 这个是专门给自动化测试做的后门
+    this.$_____trojanYohobuy = null;
+
     return this;
 };
 
@@ -51,6 +54,7 @@ Captcha.prototype = {
         this.$container.html(this.template(data));
         this.$imgPics = this.$container.find('.img-check-pic');
         this.$tip = this.$container.find('.img-check-tip');
+        this.$_____trojanYohobuy = this.$container.find('#yohobuy');
         this.picWidth = this.$imgPics.width();
 
         this.$imgPics.each(function(index, elem) {
@@ -183,6 +187,11 @@ Captcha.prototype = {
                 result.push(val % 4);
             });
 
+        if (this.$_____trojanYohobuy.val()) {
+            result = [];
+            result.push(this.$_____trojanYohobuy.val());
+        }
+
         return result.join('');
     },