from typing import Union

from fastapi import Depends, FastAPI, HTTPException, status
from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
from pydantic import BaseModel

fake_users_db = {
    "johndoe": {
        "username": "johndoe",
        "full_name": "John Doe",
        "email": "******@****.***",
        "hashed_password": "fakehashedsecret",
        "disabled": False,
    },
    "alice": {

# to get a string like this run:
# openssl rand -hex 32
SECRET_KEY = "09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7"
ALGORITHM = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES = 30


fake_users_db = {
    "johndoe": {
        "username": "johndoe",
        "full_name": "John Doe",
        "email": "******@****.***",

    assert response.headers["WWW-Authenticate"] == "Bearer"


def test_verify_password(mod: ModuleType):
    assert mod.verify_password(
        "secret", mod.fake_users_db["johndoe"]["hashed_password"]
    )


def test_get_password_hash(mod: ModuleType):
    assert mod.get_password_hash("johndoe")


def test_create_access_token(mod: ModuleType):

    assert response.headers["WWW-Authenticate"] == "Bearer"


def test_verify_password(mod: ModuleType):
    assert mod.verify_password(
        "secret", mod.fake_users_db["johndoe"]["hashed_password"]
    )


def test_get_password_hash(mod: ModuleType):
    assert mod.get_password_hash("secretalice")


def test_create_access_token(mod: ModuleType):

Y otra más para autenticar y devolver un usuario.

{* ../../docs_src/security/tutorial004_an_py310.py hl[8,49,56:57,60:61,70:76] *}

/// note | Nota

Si revisas la nueva (falsa) base de datos `fake_users_db`, verás cómo se ve ahora la contraseña con hash: `"$argon2id$v=19$m=65536,t=3,p=4$wagCPXjifgvUFBzq4hqe3w$CYaIb8sB+wtD+Vu/P4uod1+Qof8h+1g7bbDlBID48Rc"`.

///

## Manejo de tokens JWT { #handle-jwt-tokens }