objectClass: inetOrgPerson
cn: Fahim Ahmed
sn: Ahmed
uid: fahim
mail: ******@****.***
userPassword: {SSHA}lRNH+PHooRaruiEb+CBEA21EZLMkAmcc

# Add a user with special chars. The password = example here.
dn: uid=Пользователь,OU=people,OU=swengg,DC=min,DC=io
objectClass: inetOrgPerson
cn: Special Charsman
sn: Charsman
uid: Пользователь
mail: ******@****.***

* Make sure you have well defined Pydantic models for your request bodies and responses.
* Configure any required permissions and roles using dependencies.
* Never store plaintext passwords, only password hashes.
* Implement and use well-known cryptographic tools, like pwdlib and JWT tokens, etc.
* Add more granular permission controls with OAuth2 scopes where needed.
* ...etc.

{* ../../docs_src/request_form_models/tutorial002_an_py39.py hl[12] *}

클라이언트가 추가 데이터를 보내려고 하면 **오류** 응답을 받게 됩니다.

예를 들어, 클라이언트가 폼 필드를 보내려고 하면:

* `username`: `Rick`
* `password`: `Portal Gun`
* `extra`: `Mr. Poopybutthole`

`extra` 필드가 허용되지 않는다는 오류 응답을 받게 됩니다:

```json
{
    "detail": [
        {
            "type": "extra_forbidden",
            "loc": ["body", "extra"],

import jcifs.smb1.smb1.NtlmPasswordAuthentication;
import jcifs.smb1.util.Base64;

/**
 * This class is used internally by {@code NtlmHttpFilter},
 * {@code NtlmServlet}, and {@code NetworkExplorer} to negiotiate password
 * hashes via NTLM SSP with MSIE. It might also be used directly by servlet
 * containers to incorporate similar functionality.
 * <p>
 * How NTLMSSP is used in conjunction with HTTP and MSIE clients is

En este ejemplo estamos usando el flujo de OAuth2 "password".

Esto es apropiado cuando estamos iniciando sesión en nuestra propia aplicación, probablemente con nuestro propio frontend.

Porque podemos confiar en ella para recibir el `username` y `password`, ya que la controlamos.

        * `implicit`
        * `clientCredentials`
        * `authorizationCode`
    * Mas existe um “fluxo” específico que pode ser perfeitamente usado para resolver autenticação diretamente na mesma aplicação:
        * `password`: alguns dos próximos capítulos tratarão disso.
* `openIdConnect`: tem uma forma para definir como descobrir automaticamente o dado da autenticação OAuth2.

        return requestNtlmPasswordAuthentication(auth, url, sae);
    }

    /**
     * Requests NTLM password authentication using the specified authenticator.
     * @param a the authenticator to use for retrieving credentials
     * @param url the URL that requires authentication

    // Patterns for sensitive data - compiled once and cached
    private static final Pattern PASSWORD_PATTERN = Pattern.compile(
            "(?i)(password|passwd|pwd|secret|token|key|credential|auth)([\"']?\\s*[:=]\\s*[\"']?)([^\"',\\s]+)", Pattern.CASE_INSENSITIVE);

    private static final Pattern IP_PATTERN = Pattern.compile("\\b(?:[0-9]{1,3}\\.){3}[0-9]{1,3}\\b");

        // Configure authentication - set fields directly since NtlmPasswordAuthentication is final
        mockAuth.username = "testuser";
        mockAuth.domain = "TESTDOMAIN";
        mockAuth.password = "testpass";

        when(mockAuth.getAnsiHash(any(byte[].class))).thenReturn(new byte[24]);
        when(mockAuth.getUnicodeHash(any(byte[].class))).thenReturn(new byte[24]);

                int index = auth.indexOf(':');
                String user = index != -1 ? auth.substring(0, index) : auth;
                final String password = index != -1 ? auth.substring(index + 1) : "";
                index = user.indexOf('\\');
                if (index == -1) {
                    index = user.indexOf('/');
                }