assert response.json() == {
        "user_me": {
            "user_me": "user_me_1",
            "current_user": {
                "user": "user_1",
                "scopes": ["me"],
                "db_session": "db_session_1",
            },
        },
        "user_items": {
            "user_items": "user_items_1",
            "user_me": {
                "user_me": "user_me_2",
                "current_user": {

### About `**user_in.model_dump()` { #about-user-in-model-dump }

#### Pydantic's `.model_dump()` { #pydantics-model-dump }

`user_in` is a Pydantic model of class `UserIn`.

Pydantic models have a `.model_dump()` method that returns a `dict` with the model's data.

So, if we create a Pydantic object `user_in` like:

```Python

def fake_save_user(user_in: UserIn):
    hashed_password = fake_password_hasher(user_in.password)
    user_in_db = UserInDB(**user_in.model_dump(), hashed_password=hashed_password)
    print("User saved! ..not really")
    return user_in_db


@app.post("/user/", response_model=UserOut)
async def create_user(user_in: UserIn):
    user_saved = fake_save_user(user_in)

def fake_save_user(user_in: UserIn):
    hashed_password = fake_password_hasher(user_in.password)
    user_in_db = UserInDB(**user_in.model_dump(), hashed_password=hashed_password)
    print("User saved! ..not really")
    return user_in_db


@app.post("/user/", response_model=UserOut)
async def create_user(user_in: UserIn):
    user_saved = fake_save_user(user_in)

Wenn wir also ein Pydantic-Objekt `user_in` erstellen, etwa so:

```Python
user_in = UserIn(username="john", password="secret", email="******@****.***")
```

und dann aufrufen:

```Python
user_dict = user_in.model_dump()
```

haben wir jetzt ein `dict` mit den Daten in der Variablen `user_dict` (es ist ein `dict` statt eines Pydantic-Modellobjekts).

from fastapi import APIRouter

router = APIRouter()


@router.get("/users/", tags=["users"])
async def read_users():
    return [{"username": "Rick"}, {"username": "Morty"}]


@router.get("/users/me", tags=["users"])
async def read_user_me():
    return {"username": "fakecurrentuser"}


@router.get("/users/{username}", tags=["users"])
async def read_user(username: str):

Now, whenever a browser is creating a user with a password, the API will return the same password in the response.

In this case, it might not be a problem, because it's the same user sending the password.

But if we use the same model for another *path operation*, we could be sending our user's passwords to every client.

/// danger

client = TestClient(app)


@pytest.mark.parametrize(
    ("user_id", "expected_response"),
    [
        ("me", {"user_id": "the current user"}),
        ("alice", {"user_id": "alice"}),
    ],
)
def test_get_users(user_id: str, expected_response: dict):
    response = client.get(f"/users/{user_id}")
    assert response.status_code == 200, response.text
    assert response.json() == expected_response

@user_router.get("/")
def get_users():
    return [{"user_id": "u1"}, {"user_id": "u2"}]


@user_router.get("/{user_id}")
def get_user(user_id: str):
    return {"user_id": user_id}


@item_router.get("/")
def get_items(user_id: Optional[str] = None):
    if user_id is None:
        return [{"item_id": "i1", "user_id": "u1"}, {"item_id": "i2", "user_id": "u2"}]
    else:

                    },
                }
            }
        },
        "components": {
            "schemas": {
                "UserIn": {
                    "title": "UserIn",
                    "required": ["username", "password", "email"],
                    "type": "object",
                    "properties": {
                        "username": {"title": "Username", "type": "string"},