#!/bin/bash # 登录验证码功能测试脚本 echo "================================" echo "登录验证码功能测试" echo "================================" echo "" BASE_URL="http://localhost:40001" echo "1. 测试验证码API..." response=$(curl -s -w "\n%{http_code}" "$BASE_URL/api/captcha") http_code=$(echo "$response" | tail -n1) if [ "$http_code" = "200" ]; then echo "✓ 验证码API正常 (HTTP $http_code)" else echo "✗ 验证码API异常 (HTTP $http_code)" fi echo "" echo "2. 测试第一次登录失败(不需要验证码)..." response=$(curl -s -X POST "$BASE_URL/api/login" \ -H "Content-Type: application/json" \ -d '{"username":"test","password":"wrong"}' \ -c cookies.txt) echo "$response" | jq -r '.message' needCaptcha=$(echo "$response" | jq -r '.needCaptcha // false') if [ "$needCaptcha" = "false" ]; then echo "✓ 第一次失败不需要验证码" else echo "⚠ 第一次失败就需要验证码(可能之前已有失败记录)" fi echo "" echo "3. 测试第二次登录失败(不需要验证码)..." response=$(curl -s -X POST "$BASE_URL/api/login" \ -H "Content-Type: application/json" \ -d '{"username":"test","password":"wrong"}' \ -b cookies.txt -c cookies.txt) echo "$response" | jq -r '.message' needCaptcha=$(echo "$response" | jq -r '.needCaptcha // false') if [ "$needCaptcha" = "false" ]; then echo "✓ 第二次失败不需要验证码" else echo "⚠ 第二次失败就需要验证码(可能之前已有失败记录)" fi echo "" echo "4. 测试第三次登录失败(应该需要验证码)..." response=$(curl -s -X POST "$BASE_URL/api/login" \ -H "Content-Type: application/json" \ -d '{"username":"test","password":"wrong"}' \ -b cookies.txt -c cookies.txt) echo "$response" | jq -r '.message' needCaptcha=$(echo "$response" | jq -r '.needCaptcha // false') if [ "$needCaptcha" = "true" ]; then echo "✓ 第三次失败需要验证码" else echo "✗ 第三次失败应该需要验证码" fi echo "" echo "5. 测试不提供验证码时登录..." response=$(curl -s -X POST "$BASE_URL/api/login" \ -H "Content-Type: application/json" \ -d '{"username":"admin","password":"admin123"}' \ -b cookies.txt -c cookies.txt) message=$(echo "$response" | jq -r '.message') echo "$message" if [[ "$message" == *"验证码"* ]]; then echo "✓ 正确要求输入验证码" else echo "⚠ 未要求验证码(用户可能不存在或之前没有失败记录)" fi echo "" # 清理 rm -f cookies.txt echo "================================" echo "测试完成" echo "================================" echo "" echo "注意事项:" echo "1. 确保后端服务已启动 (node backend/server.js)" echo "2. 测试用户'test'可能不存在,这是正常的" echo "3. 如果要完整测试,请使用浏览器手动测试" echo "4. 防爆破机制会在失败5次后封锁30分钟" echo ""