assertArrayEquals(blob, resp.getBlob());
        assertEquals(sessionFlags, resp.getSessionFlags());
        assertTrue(resp.isLoggedInAsGuest(), "Anonymous should be treated as guest login");
    }

    @Test
    @DisplayName("prepare should not set sessionId if not received yet")
    void testPrepareWithoutReceivedDoesNotPropagate() {
        Smb2SessionSetupResponse resp = newResponse();

Depois de uma semana, o token expirará e o usuário não estará autorizado, precisando fazer login novamente para obter um novo token. E se o usuário (ou uma terceira parte) tentar modificar o token para alterar a expiração, você seria capaz de descobrir isso, pois as assinaturas não iriam corresponder.

Aber keine Sorge, Sie können sie Ihren Endbenutzern im Frontend so anzeigen, wie Sie möchten.

Und Ihre Datenbankmodelle können beliebige andere Namen verwenden.

Aber für die Login-*Pfadoperation* müssen wir diese Namen verwenden, um mit der Spezifikation kompatibel zu sein (und beispielsweise das integrierte API-Dokumentationssystem verwenden zu können).

But don't worry, you can show it as you wish to your final users in the frontend.

And your database models can use any other names you want.

But for the login *path operation*, we need to use these names to be compatible with the spec (and be able to, for example, use the integrated API documentation system).

                                        }
                                    }
                                },
                            },
                        },
                        "summary": "Login For Access Token",
                        "operationId": "login_for_access_token_token_post",
                        "requestBody": {
                            "content": {

After detecting that the credentials are incorrect, return an `HTTPException` with a status code 401 (the same returned when no credentials are provided) and add the header `WWW-Authenticate` to make the browser show the login prompt again:

    /** The key of the message: Login */
    public static final String LABELS_LOGIN = "{labels.login}";

    /** The key of the message: Username */
    public static final String LABELS_LOGIN_placeholder_username = "{labels.login.placeholder_username}";

    /** The key of the message: Password */
    public static final String LABELS_LOGIN_placeholder_password = "{labels.login.placeholder_password}";

# Application Exception
# ---------------------
# /- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# five framework-embedded messages (don't change key names)
# - - - - - - - - - -/
errors.login.failure = Oturum açma başarısız oldu.
errors.app.illegal.transition = Geçersiz geçiş. Lütfen tekrar deneyin.
errors.app.db.already.deleted = Başka bir işlem tarafından silinmiş olabilir. Lütfen tekrar deneyin.

		Duration:  time.Since(startTime),
		Path:      objPath,
		Error:     errStr,
		Bytes:     sz,
		Custom: map[string]string{
			"user":   s.Sess.LoginUser(),
			"cmd":    s.Cmd,
			"param":  s.Param,
			"login":  fmt.Sprintf("%t", s.Sess.IsLogin()),
			"source": source,
		},
	}
}

func (m *ftpMetrics) log(s *ftp.Context, paths ...string) func(sz int64, err error) {
	startTime := time.Now()
	source := getSource(2)

                                    }
                                }
                            },
                        },
                    },
                    "summary": "Login For Access Token",
                    "operationId": "login_for_access_token_token_post",
                    "requestBody": {
                        "content": {