wantErr: policyCondFailedErr,
		},
		{
			name:    "incorrect bucket name",
			fv:      defaultFormVals.Clone().Set("Bucket", "incorrect"),
			wantErr: policyCondFailedErr,
		},
		{
			name:    "incorrect ContentType",
			fv:      defaultFormVals.Clone().Set(xhttp.ContentType, "incorrect"),
			wantErr: policyCondFailedErr,
		},
		{
			name:    "incorrect X-Amz-Algorithm",

#### The time to answer helps the attackers { #the-time-to-answer-helps-the-attackers }

At that point, by noticing that the server took some microseconds longer to send the "Incorrect username or password" response, the attackers will know that they got _something_ right, some of the initial letters were right.

    if not user_dict:
        raise HTTPException(status_code=400, detail="Incorrect username or password")
    user = UserInDB(**user_dict)
    hashed_password = fake_hash_password(form_data.password)
    if not hashed_password == user.hashed_password:
        raise HTTPException(status_code=400, detail="Incorrect username or password")

    return {"access_token": user.username, "token_type": "bearer"}

     * Array of descriptive strings for each DOS error condition.
     */
    String[] DOS_ERROR_MESSAGES = { "The operation completed successfully.", "Incorrect function.", "Incorrect function.",
            "The system cannot find the file specified.", "Bad password.", "The system cannot find the path specified.", "reserved",

     * Array of descriptive strings for each DOS error condition.
     */
    String[] DOS_ERROR_MESSAGES = { "The operation completed successfully.", "Incorrect function.", "Incorrect function.",
            "The system cannot find the file specified.", "Bad password.", "The system cannot find the path specified.", "reserved",

            "A device attached to the system is not functioning.", "Incorrect function.", "The parameter is incorrect.",
            "Invalid access to memory location.", "The handle is invalid.", "The parameter is incorrect.",
            "The system cannot find the file specified.", "The system cannot find the file specified.", "End of file",

    if not user_dict:
        raise HTTPException(status_code=400, detail="Incorrect username or password")
    user = UserInDB(**user_dict)
    hashed_password = fake_hash_password(form_data.password)
    if not hashed_password == user.hashed_password:
        raise HTTPException(status_code=400, detail="Incorrect username or password")

    return {"access_token": user.username, "token_type": "bearer"}

def test_login_incorrect_password(client: TestClient):
    response = client.post(
        "/token", data={"username": "johndoe", "password": "incorrect"}
    )
    assert response.status_code == 400, response.text
    assert response.json() == {"detail": "Incorrect username or password"}


def test_login_incorrect_username(client: TestClient):
    response = client.post("/token", data={"username": "foo", "password": "secret"})

     */
    String[] NT_STATUS_MESSAGES = { "The operation completed successfully.", "A device attached to the system is not functioning.",
            "Incorrect function.", "The parameter is incorrect.", "Invalid access to memory location.", "The handle is invalid.",
            "The parameter is incorrect.", "The system cannot find the file specified.", "The system cannot find the file specified.",

    assert response.json() == {"detail": "Incorrect username or password"}
    assert response.headers["WWW-Authenticate"] == "Basic"


def test_security_http_basic_invalid_password(client: TestClient):
    response = client.get("/users/me", auth=("stanleyjobson", "wrongpassword"))
    assert response.status_code == 401, response.text
    assert response.json() == {"detail": "Incorrect username or password"}