///

## Request body + path parameters { #request-body-path-parameters }

You can declare path parameters and request body at the same time.

**FastAPI** will recognize that the function parameters that match path parameters should be **taken from the path**, and that function parameters that are declared to be Pydantic models should be **taken from the request body**.

{* ../../docs_src/body/tutorial003_py310.py hl[15:16] *}

     * @return The index updater.
     */
    public static IndexUpdater getIndexUpdater() {
        return getComponent(INDEX_UPDATER);
    }

    /**
     * Gets the key match helper component.
     * @return The key match helper.
     */
    public static KeyMatchHelper getKeyMatchHelper() {
        return getComponent(KEY_MATCH_HELPER);
    }

    /**
     * Gets the indexing helper component.

  }

  /**
   * Earlier implementations of Android's hostname verifier required that wildcard names wouldn't
   * match "*.com" or similar. This was a nonstandard check that we've since dropped. It is the CA's
   * responsibility to not hand out certificates that match so broadly.
   */
  @Test fun wildcardsDoesNotNeedTwoDots() {
    // openssl req -x509 -nodes -days 36500 -subj '/CN=*.com' -newkey rsa:512 -out cert.pem

Let's put that data in the Pydantic `UserInDB` model first.

You should never save plaintext passwords, so, we'll use the (fake) password hashing system.

If the passwords don't match, we return the same error.

#### Password hashing { #password-hashing }

"Hashing" means: converting some content (a password in this case) into a sequence of bytes (just a string) that looks like gibberish.

    //                                                                        Small Helper
    //                                                                        ============
    /**
     * Verifies that the CRUD mode matches the expected mode.
     *
     * @param crudMode actual CRUD mode
     * @param expectedMode expected CRUD mode
     */
    protected void verifyCrudMode(final int crudMode, final int expectedMode) {

    //                                                                        Small Helper
    //                                                                        ============
    /**
     * Verifies that the CRUD mode matches the expected mode.
     *
     * @param crudMode the actual CRUD mode
     * @param expectedMode the expected CRUD mode
     */
    protected void verifyCrudMode(final int crudMode, final int expectedMode) {

    void testGetSmbTreeReuses() {
        SmbSessionImpl session = newSession();
        SmbTreeImpl t1 = session.getSmbTree("IPC$", null);
        SmbTreeImpl t2 = session.getSmbTree("ipc$", null); // case-insensitive match
        assertSame(t1, t2, "Expected same tree instance to be reused");
    }

    @ParameterizedTest
    @NullAndEmptySource
    @DisplayName("treeConnectLogon: invalid logon share throws SmbException")

     * both say in their comments that they're not really sure what the right approach is. We go
     * with Chrome's behavior (which also experimentally seems to match what IE does), but if you
     * actually want to have a good chance of things working, please avoid double-quotes, newlines,
     * percent signs, and the like in your field names.
     */

            Field offField = Smb2ReadRequest.class.getDeclaredField("offset");
            offField.setAccessible(true);
            long offVal = offField.getLong(req);
            assertEquals(2L, offVal, "Request offset should match skipped bytes");
        }

        @Test
        @DisplayName("read(byte[]) delegates to read(byte[],off,len)")
        void readArrayDelegates() throws Exception {
            SmbFileInputStream in = newStream();

Alle Sicherheits-Werkzeuge, die in OpenAPI integriert sind (und die automatische API-Dokumentation), erben von `SecurityBase`, so weiß **FastAPI**, wie es sie in OpenAPI integrieren muss.

///

## Was es macht

FastAPI wird im Request nach diesem `Authorization`-Header suchen, prüfen, ob der Wert `Bearer` plus ein Token ist, und den Token als `str` zurückgeben.