* Check and read the code, see if it makes sense, **run it locally** and see if it actually solves the problem.

* Then **comment** saying that you did that, that's how I will know you really checked it.

/// info

Unfortunately, I can't simply trust PRs that just have several approvals.

            }

            // Verify that calculateMIC was never called
            verify(mockCtx, never()).calculateMIC(any());
            // Verify that supportsIntegrity was checked once
            verify(mockCtx, times(1)).supportsIntegrity();
            // Due to short-circuit evaluation, isEstablished should never be called
            // when supportsIntegrity returns false

      } catch (Exception | Error unsafeFailure) { // sneaky checked exception
        thrownUnsafeFailure = unsafeFailure;
        // Catch absolutely everything and fall through to AtomicReferenceFieldUpdaterAtomicHelper.
        try {
          helper = new AtomicReferenceFieldUpdaterAtomicHelper();
        } catch (Exception // sneaky checked exception
            | Error atomicReferenceFieldUpdaterFailure) {

e.toggle=function(){var t=!0,e=!0,n=o.default(this._element).closest('[data-toggle="buttons"]')[0];if(n){var i=this._element.querySelector(y);if(i){if("radio"===i.type)if(i.checked&&this._element.classList.contains(_))t=!1;else{var a=n.querySelector(".active");a&&o.default(a).removeClass(_)}t&&("checkbox"!==i.type&&"radio"!==i.type||(i.checked=!this._element.classList.contains(_)),this.shouldAvoidTriggerChange||o.default(i).trigger("change")),i.focus(),e=!1}}this._element.hasAttribute("disabled")||this._...

They will be checked independently for each *path operation*.

## Check it { #check-it }

If you open the API docs, you can authenticate and specify which scopes you want to authorize.

<img src="/img/tutorial/security/image11.png">

{* ../../docs_src/security/tutorial003_an_py310.py hl[3,79:81] *}

### Check the password { #check-the-password }

At this point we have the user data from our database, but we haven't checked the password.

Let's put that data in the Pydantic `UserInDB` model first.

You should never save plaintext passwords, so, we'll use the (fake) password hashing system.

	pp.SetContentType("image/jpeg")
	pp.SetUserMetadata("uuid", "14365123651274")
	pp.SetKeyStartsWith("user/user1/filename")
	pp.SetContentLengthRange(100, 999999) // not testable from this layer, condition is checked in the API handler.
	pp.SetSuccessStatusAction("201")
	pp.SetCondition("eq", "X-Amz-Credential", "KVGKMDUQ23TCZXTLTHLP/20160727/us-east-1/s3/aws4_request")
	pp.SetCondition("eq", "X-Amz-Algorithm", "AWS4-HMAC-SHA256")

      } catch (Exception | Error unsafeFailure) { // sneaky checked exception
        thrownUnsafeFailure = unsafeFailure;
        // Catch absolutely everything and fall through to AtomicReferenceFieldUpdaterAtomicHelper.
        try {
          helper = new AtomicReferenceFieldUpdaterAtomicHelper();
        } catch (Exception // sneaky checked exception
            | Error atomicReferenceFieldUpdaterFailure) {

         * The canonicalization routine
         */
        for (int i = 0; i < length; i++) {
            switch (state) {
            case 0:
                if (in[i] != '/') {
                    // Checked exception (e.g. MalformedURLException) would be better
                    // but this would be a nightmare API wise
                    throw new RuntimeCIFSException("Invalid smb: URL: " + this.url);
                }

     */
    @Test
    @DisplayName("Handle exact boundary data size")
    void testExactBoundarySize() throws CIFSException {
        // Test with data that ends exactly at the position where EOL should be checked
        byte[] data = new byte[0];
        byte[] avPairData = createAvPairData(AvPair.MsvAvTargetName, data);
        byte[] eolData = createEolData();