try {
            String username = "testuser";
            String password = "testpass";
            server = startFtpServer(FTP_PORT, username, password);
            Map<String, Object> params = new HashMap<String, Object>();
            FtpAuthentication auth = new FtpAuthentication();
            auth.setUsername(username);
            auth.setPassword(password);

        }
        return out;
    }

    @Test
    @DisplayName("getNTHash: known vector for 'password'")
    void testGetNTHash_knownVector() {
        // Arrange
        String password = "password";
        // Known NT hash for "password" (UTF-16LE MD4)
        // This is a well-known test vector: password -> 8846F7EAEE8FB117AD06BDD830B7586C
        byte[] expected = hex("8846F7EAEE8FB117AD06BDD830B7586C");

        // Act

     */
    void delete(User user);

    /**
     * Changes the password for the specified user.
     * @param username The username for which to change the password.
     * @param password The new password.
     * @return True if the password was successfully changed, false otherwise.
     */
    boolean changePassword(String username, String password);

    /**
     * Loads user information from the authentication chain.

     */
    public String getPassword() {
        return password;
    }

    /**
     * Set the user's password which is used when connecting to the repository.
     *
     * @param password password of the user
     */
    public void setPassword(String password) {
        this.password = password;
    }

    /**
     * Get the username used to access the repository.
     *

                "msg": "String should match pattern '^password$'",
                "input": grant_type,
                "ctx": {"pattern": "^password$"},
            }
        ]
    }


def test_strict_login_correct_grant_type():
    response = client.post(
        "/login",
        data={"username": "johndoe", "password": "secret", "grant_type": "password"},
    )
    assert response.status_code == 200

                "msg": "String should match pattern '^password$'",
                "input": grant_type,
                "ctx": {"pattern": "^password$"},
            }
        ]
    }


def test_strict_login_correct_correct_grant_type():
    response = client.post(
        "/login",
        data={"username": "johndoe", "password": "secret", "grant_type": "password"},
    )

///

## Password hashing { #password-hashing }

"Hashing" means converting some content (a password in this case) into a sequence of bytes (just a string) that looks like gibberish.

Whenever you pass exactly the same content (exactly the same password) you get exactly the same gibberish.

But you cannot convert from the gibberish back to the password.

### Why use password hashing { #why-use-password-hashing }

        params.put(ExtractData.RESOURCE_NAME_KEY, resourceName);
        assertEquals("PASSWORD", pdfExtractor.getPassword(params));
    }

    public void test_getPassword_json() {
        String url;
        Map<String, String> params = new HashMap<>();
        params.put(ExtractData.FILE_PASSWORDS, "{\".*hoge1.pdf\":\"password\",\"fuga.pdf\":\"PASSWORD\"}");

        url = null;
        params.put(ExtractData.URL, url);

* The **input model** needs to be able to have a password.
* The **output model** should not have a password.
* The **database model** would probably need to have a hashed password.

/// danger

Never store user's plaintext passwords. Always store a "secure hash" that you can then verify.

If you don't know, you will learn what a "password hash" is in the [security chapters](security/simple-oauth2.md#password-hashing){.internal-link target=_blank}.

///

If it doesn't receive it, it returns an HTTP 401 "Unauthorized" error.

And returns a header `WWW-Authenticate` with a value of `Basic`, and an optional `realm` parameter.

That tells the browser to show the integrated prompt for a username and password.

Then, when you type that username and password, the browser sends them in the header automatically.