Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 10 of 97 for johndoe (0.18 sec)

  2. github.com/tiangolo/fastapi

    tests/test_tutorial/test_security/test_tutorial003.py 

    
def test_login():
    response = client.post("/token", data={"username": "johndoe", "password": "secret"})
    assert response.status_code == 200, response.text
    assert response.json() == {"access_token": "johndoe", "token_type": "bearer"}


def test_login_incorrect_password():
    response = client.post(
        "/token", data={"username": "johndoe", "password": "incorrect"}
    )
    assert response.status_code == 400, response.text
    Python
    - Registered: Sun Apr 21 07:19:11 GMT 2024
    - Last Modified: Fri Jul 07 17:12:13 GMT 2023
    - 8K bytes
    - Viewed (0)
  3. github.com/tiangolo/fastapi

    tests/test_tutorial/test_security/test_tutorial003_an_py310.py 

        response = client.post("/token", data={"username": "johndoe", "password": "secret"})
    assert response.status_code == 200, response.text
    assert response.json() == {"access_token": "johndoe", "token_type": "bearer"}


@needs_py310
def test_login_incorrect_password(client: TestClient):
    response = client.post(
        "/token", data={"username": "johndoe", "password": "incorrect"}
    )
    Python
    - Registered: Sun Apr 21 07:19:11 GMT 2024
    - Last Modified: Fri Jul 07 17:12:13 GMT 2023
    - 8.4K bytes
    - Viewed (0)
  4. github.com/tiangolo/fastapi

    tests/test_tutorial/test_security/test_tutorial003_py310.py 

        response = client.post("/token", data={"username": "johndoe", "password": "secret"})
    assert response.status_code == 200, response.text
    assert response.json() == {"access_token": "johndoe", "token_type": "bearer"}


@needs_py310
def test_login_incorrect_password(client: TestClient):
    response = client.post(
        "/token", data={"username": "johndoe", "password": "incorrect"}
    )
    Python
    - Registered: Sun Apr 21 07:19:11 GMT 2024
    - Last Modified: Fri Jul 07 17:12:13 GMT 2023
    - 8.4K bytes
    - Viewed (0)
  5. github.com/tiangolo/fastapi

    tests/test_response_model_data_filter.py 

        response = client.post(
        "/users", json={"email": "johndoe@example.com", "password": "secret"}
    )
    assert response.json() == {"email": "johndoe@example.com"}


def test_filter_second_level_model():
    response = client.get("/pets/1")
    assert response.json() == {
        "name": "Nibbler",
        "owner": {"email": "johndoe@example.com"},
    }


def test_list_of_models():
    Python
    - Registered: Sun Apr 21 07:19:11 GMT 2024
    - Last Modified: Fri Jul 07 17:12:13 GMT 2023
    - 1.7K bytes
    - Viewed (0)
  6. github.com/tiangolo/fastapi

    tests/test_tutorial/test_security/test_tutorial003_an_py39.py 

        response = client.post("/token", data={"username": "johndoe", "password": "secret"})
    assert response.status_code == 200, response.text
    assert response.json() == {"access_token": "johndoe", "token_type": "bearer"}


@needs_py39
def test_login_incorrect_password(client: TestClient):
    response = client.post(
        "/token", data={"username": "johndoe", "password": "incorrect"}
    )
    Python
    - Registered: Sun Apr 21 07:19:11 GMT 2024
    - Last Modified: Fri Jul 07 17:12:13 GMT 2023
    - 8.4K bytes
    - Viewed (0)
  7. github.com/tiangolo/fastapi

    docs/zh/docs/advanced/security/http-basic-auth.md 

    ```

但使用 `secrets.compare_digest()`,可以防御**时差攻击**,更加安全。

### 时差攻击

什么是**时差攻击**?

假设攻击者试图猜出用户名与密码。

他们发送用户名为 `johndoe`,密码为 `love123`  的请求。

然后,Python 代码执行如下操作:

```Python
if "johndoe" == "stanleyjobson" and "love123" == "swordfish":
    ...
```

但就在 Python 比较完 `johndoe` 的第一个字母 `j` 与 `stanleyjobson` 的 `s` 时,Python 就已经知道这两个字符串不相同了,它会这么想,**没必要浪费更多时间执行剩余字母的对比计算了**。应用立刻就会返回**错误的用户或密码**。
    Plain Text
    - Registered: Sun Apr 21 07:19:11 GMT 2024
    - Last Modified: Sat Mar 30 22:43:48 GMT 2024
    - 3.9K bytes
    - Viewed (0)
  8. github.com/tiangolo/fastapi

    docs_src/security/tutorial003.py 

    from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
from pydantic import BaseModel

fake_users_db = {
    "johndoe": {
        "username": "johndoe",
        "full_name": "John Doe",
        "email": "johndoe@example.com",
        "hashed_password": "fakehashedsecret",
        "disabled": False,
    },
    "alice": {
        "username": "alice",
    Python
    - Registered: Sun Apr 21 07:19:11 GMT 2024
    - Last Modified: Sat May 14 11:59:59 GMT 2022
    - 2.4K bytes
    - Viewed (0)
  9. github.com/tiangolo/fastapi

    tests/test_response_model_data_filter_no_inheritance.py 

        response = client.post(
        "/users", json={"email": "johndoe@example.com", "password": "secret"}
    )
    assert response.json() == {"email": "johndoe@example.com"}


def test_filter_second_level_model():
    response = client.get("/pets/1")
    assert response.json() == {
        "name": "Nibbler",
        "owner": {"email": "johndoe@example.com"},
    }


def test_list_of_models():
    Python
    - Registered: Sun Apr 21 07:19:11 GMT 2024
    - Last Modified: Fri Jul 07 17:12:13 GMT 2023
    - 1.7K bytes
    - Viewed (0)
  10. github.com/tiangolo/fastapi

    tests/test_tutorial/test_security/test_tutorial005_an_py310.py 

        response = client.post("/token", data={"username": "johndoe", "password": "secret"})
    assert response.status_code == 200, response.text
    content = response.json()
    assert "access_token" in content
    assert content["token_type"] == "bearer"


@needs_py310
def test_login_incorrect_password(client: TestClient):
    response = client.post(
        "/token", data={"username": "johndoe", "password": "incorrect"}
    )
    Python
    - Registered: Sun Apr 21 07:19:11 GMT 2024
    - Last Modified: Wed Mar 13 19:07:10 GMT 2024
    - 16.3K bytes
    - Viewed (0)
  11. github.com/tiangolo/fastapi

    docs_src/security/tutorial004_an_py39.py 

    SECRET_KEY = "09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7"
ALGORITHM = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES = 30


fake_users_db = {
    "johndoe": {
        "username": "johndoe",
        "full_name": "John Doe",
        "email": "johndoe@example.com",
        "hashed_password": "$2b$12$EixZaYVK1fsbw1ZfbX3OXePaWxn96p36WQoeG6Lruj3vjPGga31lW",
        "disabled": False,
    }
}
    Python
    - Registered: Sun Apr 21 07:19:11 GMT 2024
    - Last Modified: Tue Mar 26 16:56:53 GMT 2024
    - 4.1K bytes
    - Viewed (0)
Back to top