totalBatch += batch

		if tx.RowsAffected != 2 {
			t.Errorf("Incorrect affected rows, expects: 2, got %v", tx.RowsAffected)
		}

		if len(results) != 2 {
			t.Errorf("Incorrect users length, expects: 2, got %v", len(results))
		}

		for idx := range results {
			results[idx].Name = results[idx].Name + "_new"
		}

    assert content["token_type"] == "bearer"


def test_login_incorrect_password():
    response = client.post(
        "/token", data={"username": "johndoe", "password": "incorrect"}
    )
    assert response.status_code == 400, response.text
    assert response.json() == {"detail": "Incorrect username or password"}


def test_login_incorrect_username():

        assertTrue(a.getScope().equals("test"), "Incorrect scope for " + a.getDependencyConflictId());

        // transitive dep, overridden b depMgmt
        assertTrue(b.getScope().equals("runtime"), "Incorrect scope for " + b.getDependencyConflictId());

        // direct dep, overrides depMgmt
        assertTrue(c.getScope().equals("runtime"), "Incorrect scope for " + c.getDependencyConflictId());
    }

@needs_py310
def test_login_incorrect_password(client: TestClient):
    response = client.post(
        "/token", data={"username": "johndoe", "password": "incorrect"}
    )
    assert response.status_code == 400, response.text
    assert response.json() == {"detail": "Incorrect username or password"}


@needs_py310
def test_login_incorrect_username(client: TestClient):

    if not user_dict:
        raise HTTPException(status_code=400, detail="Incorrect username or password")
    user = UserInDB(**user_dict)
    hashed_password = fake_hash_password(form_data.password)
    if not hashed_password == user.hashed_password:
        raise HTTPException(status_code=400, detail="Incorrect username or password")

    return {"access_token": user.username, "token_type": "bearer"}

    assert content["token_type"] == "bearer"


def test_login_incorrect_password():
    response = client.post(
        "/token", data={"username": "johndoe", "password": "incorrect"}
    )
    assert response.status_code == 400, response.text
    assert response.json() == {"detail": "Incorrect username or password"}


def test_login_incorrect_username():

@needs_py39
def test_login_incorrect_password(client: TestClient):
    response = client.post(
        "/token", data={"username": "johndoe", "password": "incorrect"}
    )
    assert response.status_code == 400, response.text
    assert response.json() == {"detail": "Incorrect username or password"}


@needs_py39
def test_login_incorrect_username(client: TestClient):

@needs_py39
def test_login_incorrect_password(client: TestClient):
    response = client.post(
        "/token", data={"username": "johndoe", "password": "incorrect"}
    )
    assert response.status_code == 400, response.text
    assert response.json() == {"detail": "Incorrect username or password"}


@needs_py39
def test_login_incorrect_username(client: TestClient):

@needs_py310
def test_login_incorrect_password(client: TestClient):
    response = client.post(
        "/token", data={"username": "johndoe", "password": "incorrect"}
    )
    assert response.status_code == 400, response.text
    assert response.json() == {"detail": "Incorrect username or password"}


@needs_py310
def test_login_incorrect_username(client: TestClient):

#### The time to answer helps the attackers

At that point, by noticing that the server took some microseconds longer to send the "Incorrect username or password" response, the attackers will know that they got _something_ right, some of the initial letters were right.