input = Arrays.copyOf(input, input.length);
    Chars.reverse(input);
    assertThat(input).isEqualTo(expectedOutput);
  }

  private static void testReverse(char[] input, int fromIndex, int toIndex, char[] expectedOutput) {
    input = Arrays.copyOf(input, input.length);
    Chars.reverse(input, fromIndex, toIndex);
    assertThat(input).isEqualTo(expectedOutput);
  }

import okhttp3.internal.toImmutableList

/**
 * A specification for a connection to an origin server. For simple connections, this is the
 * server's hostname and port. If an explicit proxy is requested (or [no proxy][Proxy.NO_PROXY] is
 * explicitly requested), this also includes that proxy information. For secure connections the
 * address also includes the SSL socket factory, hostname verifier, and certificate pinner.
 *

Suponha que você tem um único parâmetro de corpo `item`, a partir de um modelo Pydantic `Item`.

Por padrão, o **FastAPI** esperará que seu conteúdo venha no corpo diretamente.

Mas se você quiser que ele espere por um JSON com uma chave `item` e dentro dele os conteúdos do modelo, como ocorre ao declarar vários parâmetros de corpo, você pode usar o parâmetro especial de `Body` chamado `embed`:

```Python
item: Item = Body(embed=True)

          SerializableTester.reserializeAndAssert(asMap);
          SerializableTester.reserializeAndAssert(descendingMap);
          assertEquals(
              ImmutableList.copyOf(asMap.entrySet()).reverse(),
              ImmutableList.copyOf(descendingMap.entrySet()));

          for (Range<Integer> query : RANGES) {
            assertEquals(expectedAsMap.get(query), asMap.get(query));
          }
        }

```Python
if not (credentials.username == "stanleyjobson") or not (credentials.password == "swordfish"):
    # Return some error
    ...
```

But by using the `secrets.compare_digest()` it will be secure against a type of attacks called "timing attacks".

### Timing Attacks { #timing-attacks }

But what's a "timing attack"?

Let's imagine some attackers are trying to guess the username and password.

- name: authx
  html_url: https://github.com/yezz123/authx
  stars: 978
  owner_login: yezz123
  owner_html_url: https://github.com/yezz123
- name: secure
  html_url: https://github.com/TypeError/secure
  stars: 942
  owner_login: TypeError
  owner_html_url: https://github.com/TypeError
- name: titiler
  html_url: https://github.com/developmentseed/titiler
  stars: 940

  //   2. Flipping the bits of the constant so we can process a byte at a time. => 0x82F63B78
  private static final int CRC32C_GENERATOR = 0x1EDC6F41; // 0x11EDC6F41
  private static final int CRC32C_GENERATOR_FLIPPED = Integer.reverse(CRC32C_GENERATOR);

  public void testCrc32cByteTable() {
    // See Hacker's Delight 2nd Edition, Figure 14-7.
    int[] expected = new int[256];
    for (int i = 0; i < expected.length; i++) {
      int crc = i;

        assertArrayEquals("password123".toCharArray(), (char[]) passwordValue, "Password content should match");
    }

    @Test
    @DisplayName("Test secure password wipe")
    void testSecureWipePassword() throws Exception {
        String testPassword = "testPassword123";
        authenticator = new NtlmPasswordAuthenticator("DOMAIN", "username", testPassword);

          .compound(
              Ordering.natural()
                  .onResultOf((List<Class<?>> params) -> params.contains(Throwable.class)))
          .reverse();
  private static final Ordering<Constructor<?>> WITH_STRING_PARAM_THEN_WITH_THROWABLE_PARAM =
      ORDERING_BY_CONSTRUCTOR_PARAMETER_LIST.onResultOf(
          constructor -> asList(constructor.getParameterTypes()));

* The **input model** needs to be able to have a password.
* The **output model** should not have a password.
* The **database model** would probably need to have a hashed password.

/// danger

Never store user's plaintext passwords. Always store a "secure hash" that you can then verify.

If you don't know, you will learn what a "password hash" is in the [security chapters](security/simple-oauth2.md#password-hashing){.internal-link target=_blank}.

///