assertEquals("\\2a\\29\\28uid=\\2a\\29\\29\\28|\\28uid=\\2a", LdapUtil.escapeValue("*)(uid=*))(|(uid=*"));

        // Test complex injection: admin)(&(password=*))
        assertEquals("admin\\29\\28&\\28password=\\2a\\29\\29", LdapUtil.escapeValue("admin)(&(password=*))"));
    }

    @Test
    public void test_escapeValue_allSpecialCharsInSequence() {
        assertEquals("\\5c\\2a\\28\\29\\00", LdapUtil.escapeValue("\\*()\0"));

        assertTrue("Result should contain password={cipher}, but was: " + result, result.contains("password={cipher}"));

        // Test with empty encryption target
        value = "password=";
        result = ParameterUtil.encrypt(value);
        assertTrue(result.contains("password={cipher}"));

        // Test with only whitespace value
        value = "password=   ";
        result = ParameterUtil.encrypt(value);

        LdapManager ldapManager = new LdapManager();
        ldapManager.init();

        // Complex injection attempt should be fully escaped
        String injectionAttempt = "admin)(|(password=*";
        String expected = "admin\\29\\28|\\28password=\\2a";
        assertEquals(expected, ldapManager.escapeLDAPSearchFilter(injectionAttempt));
    }

    @Test
    public void test_escapeLDAPSearchFilter_withAllSpecialCharacters() {

                return "";
            }
        });

        assertEquals("errors.password_no_uppercase", systemHelper.validatePassword("password"));
        assertEquals("", systemHelper.validatePassword("Password"));
        assertEquals("", systemHelper.validatePassword("PASSWORD"));
    }

    @Test
    public void test_validatePassword_requireLowercase() {

                "msg": "String should match pattern '^password$'",
                "input": grant_type,
                "ctx": {"pattern": "^password$"},
            }
        ]
    }


def test_strict_login_correct_grant_type():
    response = client.post(
        "/login",
        data={"username": "johndoe", "password": "secret", "grant_type": "password"},
    )
    assert response.status_code == 200

                "msg": "String should match pattern '^password$'",
                "input": grant_type,
                "ctx": {"pattern": "^password$"},
            }
        ]
    }


def test_strict_login_correct_correct_grant_type():
    response = client.post(
        "/login",
        data={"username": "johndoe", "password": "secret", "grant_type": "password"},
    )

If it doesn't receive it, it returns an HTTP 401 "Unauthorized" error.

And returns a header `WWW-Authenticate` with a value of `Basic`, and an optional `realm` parameter.

That tells the browser to show the integrated prompt for a username and password.

Then, when you type that username and password, the browser sends them in the header automatically.

                "msg": "String should match pattern '^password$'",
                "input": grant_type,
                "ctx": {"pattern": "^password$"},
            }
        ]
    }


def test_strict_login_correct_data():
    response = client.post(
        "/login",
        data={"username": "johndoe", "password": "secret", "grant_type": "password"},
    )
    assert response.status_code == 200

# Password ve Bearer ile Basit OAuth2 { #simple-oauth2-with-password-and-bearer }

Şimdi önceki bölümün üzerine inşa edip, eksik parçaları ekleyerek tam bir güvenlik akışı oluşturalım.

## `username` ve `password`’ü Alma { #get-the-username-and-password }

`username` ve `password`’ü almak için **FastAPI** security yardımcı araçlarını kullanacağız.

class OAuth2PasswordRequestForm:
    """
    This is a dependency class to collect the `username` and `password` as form data
    for an OAuth2 password flow.

    The OAuth2 specification dictates that for a password flow the data should be
    collected using form data (instead of JSON) and that it should have the specific
    fields `username` and `password`.

    All the initialization parameters are extracted from the request.