}
    }

    @Nested
    @DisplayName("Encode Tests")
    class EncodeTests {

        @Test
        @DisplayName("Should encode simple path correctly")
        void testEncodeSimplePath() {
            String path = "\\\\server\\share";
            int maxReferralLevel = 3;
            buffer = new DfsReferralRequestBuffer(path, maxReferralLevel);

    if not user_dict:
        raise HTTPException(status_code=400, detail="Incorrect username or password")
    user = UserInDB(**user_dict)
    hashed_password = fake_hash_password(form_data.password)
    if not hashed_password == user.hashed_password:
        raise HTTPException(status_code=400, detail="Incorrect username or password")

    return {"access_token": user.username, "token_type": "bearer"}

def test_login_incorrect_password(client: TestClient):
    response = client.post(
        "/token", data={"username": "johndoe", "password": "incorrect"}
    )
    assert response.status_code == 400, response.text
    assert response.json() == {"detail": "Incorrect username or password"}


def test_login_incorrect_username(client: TestClient):
    response = client.post("/token", data={"username": "foo", "password": "secret"})

    private MsrpcDfsRootEnum dfsRootEnum;

    @BeforeEach
    void setUp() {
        dfsRootEnum = new MsrpcDfsRootEnum(TEST_SERVER);
    }

    @Test
    @DisplayName("Constructor should initialize all fields correctly")
    void testConstructorInitialization() {
        // Verify level is set to 200 for DFS root enumeration
        assertEquals(200, dfsRootEnum.level);

        // Verify DCE/RPC message properties

        } finally {
            der.close();
        }
        return collector.toByteArray();
    }

    @Test
    @DisplayName("Round-trip: all fields set encodes and parses back correctly")
    void testRoundTripAllFields() throws Exception {
        ASN1ObjectIdentifier[] mechs = new ASN1ObjectIdentifier[] { OID_KRB, OID_NTLM };

#### The time to answer helps the attackers { #the-time-to-answer-helps-the-attackers }

At that point, by noticing that the server took some microseconds longer to send the "Incorrect username or password" response, the attackers will know that they got _something_ right, some of the initial letters were right.

        customRequest.setFileId(testFileId);

        // Then
        assertArrayEquals(testFileId, customRequest.getFileId(), "Custom implementation should store file ID correctly");
        assertEquals(1, customRequest.getSetCount(), "Should track set count correctly");
    }

        assertEquals("Structure size is not 16", exception.getMessage());
    }

    @DisplayName("Should parse different share types correctly")
    @ParameterizedTest
    @CsvSource({ "1, 1", // DISK
            "2, 2", // PIPE
            "3, 3", // PRINT
            "0, 0", // Unknown
            "255, -1" // Byte overflow to signed
    })

    assert response.json() == {"detail": "Incorrect username or password"}
    assert response.headers["WWW-Authenticate"] == "Basic"


def test_security_http_basic_invalid_password(client: TestClient):
    response = client.get("/users/me", auth=("stanleyjobson", "wrongpassword"))
    assert response.status_code == 401, response.text
    assert response.json() == {"detail": "Incorrect username or password"}

        // Then - verify command is set correctly using reflection
        Field commandField = ServerMessageBlock2.class.getDeclaredField("command");
        commandField.setAccessible(true);
        int command = (int) commandField.get(req);

        assertEquals(0x0003, command); // SMB2_TREE_CONNECT command value

        // Verify path is set correctly