}

    /**
     * Returns the time when the user's password was last changed.
     * @return the password last change timestamp
     */
    public Date getPwdLastChangeTime() {
        return this.pwdLastChangeTime;
    }

    /**
     * Returns the earliest time when the user can change their password.
     * @return the password can change timestamp
     */
    public Date getPwdCanChangeTime() {

И им также можете пользоваться вы сами, чтобы отлаживать, проверять и тестировать то же самое приложение.

## «`password` flow» (аутентификация по паролю) { #the-password-flow }

Теперь давайте немного вернемся и разберемся, что это все такое.

«`password` flow» — это один из способов («flows»), определенных в OAuth2, для обеспечения безопасности и аутентификации.

                "UserIn": {
                    "title": "UserIn",
                    "required": ["username", "password", "email"],
                    "type": "object",
                    "properties": {
                        "username": {"title": "Username", "type": "string"},
                        "password": {"title": "Password", "type": "string"},
                        "email": {
                            "title": "Email",

```

다음과 같은 결과를 생성합니다:

```Python
UserInDB(
    username="john",
    password="secret",
    email="******@****.***",
    full_name=None,
)
```

혹은 더 정확히 말하자면, `user_dict`를 직접 사용하는 것은, 나중에 어떤 값이 추가되더라도 아래와 동일한 효과를 냅니다:

```Python
UserInDB(
    username = user_dict["username"],
    password = user_dict["password"],
    email = user_dict["email"],
    full_name = user_dict["full_name"],
)
```

    if not user_dict:
        raise HTTPException(status_code=400, detail="Incorrect username or password")
    user = UserInDB(**user_dict)
    hashed_password = fake_hash_password(form_data.password)
    if not hashed_password == user.hashed_password:
        raise HTTPException(status_code=400, detail="Incorrect username or password")

    return {"access_token": user.username, "token_type": "bearer"}


@app.get("/users/me")

        final String username = fessConfig.getFesenUsername();
        final String password = fessConfig.getFesenPassword();
        if (StringUtil.isNotBlank(username) && StringUtil.isNotBlank(password)) {
            builder.put(Constants.FESEN_USERNAME, username);
            builder.put(Constants.FESEN_PASSWORD, password);
        }
        final String authorities = fessConfig.getFesenHttpSslCertificateAuthorities();

                    final String password = auth.getPassword();
                    lmHash = new byte[0];
                    ntHash = new byte[(password.length() + 1) * 2];
                    writeString(password, ntHash, 0);
                } else {
                    // plain text
                    final String password = auth.getPassword();
                    lmHash = new byte[(password.length() + 1) * 2];

# OAuth2 实现简单的 Password 和 Bearer 验证

本章添加上一章示例中欠缺的部分，实现完整的安全流。

## 获取 `username` 和 `password`

首先，使用 **FastAPI** 安全工具获取 `username` 和 `password`。

OAuth2 规范要求使用**密码流**时，客户端或用户必须以表单数据形式发送 `username` 和 `password` 字段。

并且，这两个字段必须命名为 `username` 和 `password` ，不能使用 `user-name` 或 `email` 等其它名称。

不过也不用担心，前端仍可以显示终端用户所需的名称。

数据库模型也可以使用所需的名称。

但对于登录*路径操作*，则要使用兼容规范的 `username` 和 `password`，（例如，实现与 API 文档集成）。

labels.suggestWord=Suggest Word
labels.targetLabel=Label
labels.term=Term
labels.fields=Fields
labels.ex_q=Extended Query
labels.oldPassword=Current Password
labels.newPassword=New Password
labels.confirmNewPassword=New Password (Confirm)

labels.menu_system=System
labels.menu_wizard=Wizard
labels.menu_crawl_config=General
labels.menu_scheduler_config=Scheduler
labels.menu_dashboard_config=Dashboard

    @Test
    public void testEncryptDecryptLongPassword() throws Exception {
        // Test with very long password
        char[] plaintext = new char[10000];
        Arrays.fill(plaintext, 'X');

        byte[] encrypted = storage.encryptCredentials(plaintext);
        assertNotNull(encrypted, "Encrypted long password should not be null");