```JSON
{
  "detail": "Not authenticated"
}
```

### Inactive user { #inactive-user }

Now try with an inactive user, authenticate with:

User: `alice`

Password: `secret2`

And try to use the operation `GET` with the path `/users/me`.

You will get an "Inactive user" error, like:

```JSON
{
  "detail": "Inactive user"
}
```

## Recap { #recap }

            "There are currently no logon servers available to service the logon request.", "The specified user already exists.",
            "The specified user does not exist.", "The specified network password is not correct.",
            "Logon failure: unknown user name or bad password.", "Logon failure: user account restriction.",

            "There are currently no logon servers available to service the logon request.", "The specified user already exists.",
            "The specified user does not exist.", "The specified network password is not correct.",
            "Logon failure: unknown user name or bad password.", "Logon failure: user account restriction.",

```plaintext
/home/user/code/awesome-project/.venv/bin/python
```

e usa esse.

////

//// tab | Windows

```plaintext
C:\Users\user\code\awesome-project\.venv\Scripts;C:\Windows\System32
```

Isso significa que o sistema agora começará a procurar primeiro por programas em:

```plaintext
C:\Users\user\code\awesome-project\.venv\Scripts
```

/// note | 技術詳細

レスポンスモデルは、関数の戻り値のアノテーションではなく、このパラメータで宣言されています。なぜなら、パス関数は実際にはそのレスポンスモデルを返すのではなく、`dict`やデータベースオブジェクト、あるいは他のモデルを返し、`response_model`を使用してフィールドの制限やシリアライズを行うからです。

///

## 同じ入力データの返却

ここでは`UserIn`モデルを宣言しています。それには平文のパスワードが含まれています:

{* ../../docs_src/response_model/tutorial002.py hl[9,11] *}

そして、このモデルを使用して入力を宣言し、同じモデルを使って出力を宣言しています:

{* ../../docs_src/response_model/tutorial002.py hl[17,18] *}

  /**
   * The request that initiated this HTTP response. This is not necessarily the same request issued
   * by the application:
   *
   * * It may be transformed by the user's interceptors. For example, an application interceptor
   *   may add headers like `User-Agent`.
   * * It may be the request generated in response to an HTTP redirect or authentication
   *   challenge. In this case the request URL may be different than the initial request URL.

        // Make attempts from same IP with different users
        for (int i = 1; i <= 5; i++) {
            assertTrue(rateLimiter.checkAttempt("user" + i, ip), "Attempt " + i + " should be allowed");
            rateLimiter.recordFailure("user" + i, ip);
        }

        // 6th attempt from same IP should be blocked
        assertFalse(rateLimiter.checkAttempt("user6", ip), "Should block after IP rate limit");
    }

    /**
     * Creates an ElevateWord entity based on the form and operation mode.
     *
     * @param form create form containing elevate word data
     * @param username current user's username
     * @param currentTime current timestamp
     * @return optional ElevateWord entity
     */

	if err == nil {
		c.Fatalf("user account was not disabled!")
	}

	// 5. Check that user can be deleted and verify it.
	err = s.adm.RemoveUser(ctx, accessKey)
	if err != nil {
		c.Fatalf("user could not be deleted: %v", err)
	}
	usersMap, err = s.adm.ListUsers(ctx)
	if err != nil {
		c.Fatalf("error listing: %v", err)
	}
	_, ok = usersMap[accessKey]
	if ok {
		c.Fatalf("user not deleted: %s", accessKey)
	}

That way, you can create a token with an expiration of, let's say, 1 week. And then when the user comes back the next day with the token, you know that user is still logged in to your system.