add Trojan

htoooth
Commit 0d1e9096565fa59d76cd214fb2a55df01eb34501 1 parent 242a97d7
Showing 3 changed files with 22 additions and 15 deletions
apps/passport/controllers/captcha.js
public/hbs/common/captcha.hbs
public/js/plugins/captcha.js
--- a/apps/passport/controllers/captcha.js
View file @0d1e909
+++ b/apps/passport/controllers/captcha.js
View file @0d1e909
@@ -8,13 +8,16 @@ const captchaService = require('../models/captcha-service');
 const helpers = global.yoho.helpers;
 const CAPTCHA = 'yoho4946abcdef#$%&!@';
 
+ const _mustEqual = (req) => {
+     return req.body.verifyCode === req.session.captcha ||
+         req.body.verifyCode === CAPTCHA;
+ };
 
 // 中间件
 const requiredAPI = (req, res, next) => {
-     let captchaToken = req.body.verifyCode || '';
     let count = req.session.captchaCount;
 
-     if (count > 5) {
+     if (count >= 4) {
         req.session.captcha = CAPTCHA;
 
         return res.json({
@@ -24,7 +27,7 @@ const requiredAPI = (req, res, next) => {
     }
 
     req.session.captchaCount = count + 1;
-     if (captchaToken === req.session.captcha) {
+     if (_mustEqual(req)) {
         return next();
     } else {
         return res.json({
@@ -36,27 +39,23 @@ const requiredAPI = (req, res, next) => {
 
 // 重定向调用
 const requiredPage = (req, res, next) => {
-     let captchaToken = req.body.verifyCode || '';
     let count = req.session.captchaCount;
 
-     if (count > 5) {
+     if (count >= 4) {
         req.session.captcha = CAPTCHA;
 
-         return res.json({
-             code: 403,
-             message: '该验证码已失效'
-         });
+         return res.redirect(helpers.urlFormat('/passport/back/index'));
     }
 
     req.session.captchaCount = count + 1;
-     if (captchaToken === req.session.captcha) {
+     if (_mustEqual(req)) {
         return next();
     } else {
         return res.redirect(helpers.urlFormat('/passport/back/index'));
     }
 };
 
- // 生成二维码
+ // 生成验证码
 const generate = (req, res, next) => {
     captchaService.generateCaptcha().then((result) => {
         req.session.captcha = result.data.text;
@@ -80,7 +79,6 @@ const generate = (req, res, next) => {
 };
 
 const checkAPI = (req, res) => {
-     let captchaToken = req.body.verifyCode || '';
     let count = req.session.captchaCount;
 
     if (count >= 4) {
@@ -93,7 +91,7 @@ const checkAPI = (req, res) => {
     }
 
     req.session.captchaCount = count + 1;
-     if (captchaToken === req.session.captcha) {
+     if (_mustEqual(req)) {
         return res.json({
             code: 200,
             message: '验证成功'
--- a/public/hbs/common/captcha.hbs
View file @0d1e909
+++ b/public/hbs/common/captcha.hbs
View file @0d1e909
@@ -18,5 +18,5 @@
         </span>
     </div>
 
- 
+     <input id="yohobuy" type="text" class="hide">
 </div>
--- a/public/js/plugins/captcha.js
View file @0d1e909
+++ b/public/js/plugins/captcha.js
View file @0d1e909
@@ -13,11 +13,14 @@ var Captcha = function(container, options) {
 
     this.$container = $(container);
     this.$imgPics = null;
-     this.picWidth = null;
     this.$tip = null;
+     this.picWidth = null;
     this.refreshCb = null;
     this.running = false;
 
+     // NODE: 这个是专门给自动化测试做的后门
+     this.$_____trojanYohobuy = null;
+ 
     return this;
 };
 
@@ -51,6 +54,7 @@ Captcha.prototype = {
         this.$container.html(this.template(data));
         this.$imgPics = this.$container.find('.img-check-pic');
         this.$tip = this.$container.find('.img-check-tip');
+         this.$_____trojanYohobuy = this.$container.find('#yohobuy');
         this.picWidth = this.$imgPics.width();
 
         this.$imgPics.each(function(index, elem) {
@@ -183,6 +187,11 @@ Captcha.prototype = {
                 result.push(val % 4);
             });
 
+         if (this.$_____trojanYohobuy.val()) {
+             result = [];
+             result.push(this.$_____trojanYohobuy.val());
+         }
+ 
         return result.join('');
     },