@ExtendWith(MockitoExtension.class)
class NtlmContextTest {

    @Mock
    private NtlmPasswordAuthentication mockAuth;

    private final String domain = "TEST_DOMAIN";
    private final String username = "testUser";
    private final String password = "testPassword";
    private final String workstation = "TEST_WORKSTATION";

    @BeforeEach
    void setUp() {
        // MockitoExtension handles mock initialization

## 驗證 `username` 與資料結構 { #verify-the-username-and-data-shape }

我們先確認取得了 `username`，並取出 scopes。

接著用 Pydantic 模型驗證這些資料（捕捉 `ValidationError` 例外），若在讀取 JWT token 或用 Pydantic 驗證資料時出錯，就丟出先前建立的 `HTTPException`。

為此，我們更新了 Pydantic 模型 `TokenData`，加入新屬性 `scopes`。

透過 Pydantic 驗證資料，我們可以確保，例如，scopes 正好是 `list` 的 `str`，而 `username` 是 `str`。

否則若是 `dict` 或其他型別，可能在後續某處使應用壞掉，造成安全風險。

        parentProps.setProperty("jcifs.smb.client.domain", "parentdomain");
        parentProps.setProperty("jcifs.smb.client.username", "parentuser");

        Properties childProps = new Properties(parentProps);
        childProps.setProperty("jcifs.smb.client.username", "childuser");

        // When
        PropertyConfiguration testConfig = new PropertyConfiguration(childProps);

        // Then

    * Isto contém o `username` e o `password` enviado.

{* ../../docs_src/security/tutorial006_an_py310.py hl[4,8,12] *}

Quando você tentar abrir a URL pela primeira vez (ou clicar no botão "Executar" na documentação) o navegador vai pedir pelo seu usuário e senha:

<img src="/img/tutorial/security/image12.png">

## Verifique o usuário { #check-the-username }

Aqui está um exemplo mais completo.

        raise


@app.get("/items/{item_id}")
def get_item(item_id: str, username: str = Depends(get_username)):
    if item_id == "portal-gun":
        raise InternalError(
            f"The portal gun is too dangerous to be owned by {username}"
        )
    if item_id != "plumbus":
        raise HTTPException(

					<property name="updateCommand">[
					"/usr/sbin/htpasswd",
					"-b",
					"/tmp/test.txt",
					"$USERNAME",
					"$PASSWORD"
					]</property>
					<property name="deleteCommand">[
					"/usr/sbin/htpasswd",
					"-D",
					"/tmp/test.txt",
					"$USERNAME"
					]</property>
					<property name="targetUsers">[
					"admin"
					]</property>
				</component>
			</arg>

  var base: String? = null
  var scheme = ""
  var username = ""
  var password: String? = null
  var host = ""
  var port = ""
  var path = ""
  var query = ""
  var fragment = ""

  fun expectParseFailure() = scheme.isEmpty()

  private operator fun set(
    name: String,
    value: String,
  ) {
    when (name) {
      "s" -> scheme = value
      "u" -> username = value
      "pass" -> password = value

        yield "Rick"
    finally:
        print("Cleanup up before response is sent")

UserNameDep = Annotated[str, Depends(get_username, scope="function")]

@app.get("/users/me")
def get_user_me(username: UserNameDep):
    return username
```

## Class Dependencies

Avoid creating class dependencies when possible.

If a class is needed, instead create a regular function dependency that returns a class instance.

Do this:

        raise


@app.get("/items/{item_id}")
def get_item(item_id: str, username: Annotated[str, Depends(get_username)]):
    if item_id == "portal-gun":
        raise InternalError(
            f"The portal gun is too dangerous to be owned by {username}"
        )
    if item_id != "plumbus":
        raise HTTPException(

@app.get("/items/")
async def read_items():
    return [{"item": "Portal Gun"}, {"item": "Plumbus"}]


@app.get("/users/")
async def read_users():