///

點擊後會跳出一個小視窗，讓你輸入 `username` 與 `password`（以及其他可選欄位）：

<img src="/img/tutorial/security/image02.png">

/// note | 注意

不管你在表單輸入什麼，現在都還不會成功；等等我們會把它完成。

///

這當然不是給最終使用者用的前端，但它是用來互動式文件化整個 API 的極佳自動化工具。

前端團隊（也可能就是你）可以使用它。

第三方應用或系統也能使用它。

你也能用它來除錯、檢查與測試同一個應用。

## `password` 流程 { #the-password-flow }

現在回頭理解剛剛那些是什麼。

在 OAuth2 中，`password` 是處理安全與身分驗證的其中一種「流程」（flow）。

이를 처리하기 위해 먼저 `username`과 `password`를 UTF-8로 인코딩해서 `bytes`로 변환합니다.

그런 다음 `secrets.compare_digest()`를 사용해 `credentials.username`이 `"stanleyjobson"`이고 `credentials.password`가 `"swordfish"`인지 확실히 확인할 수 있습니다.

{* ../../docs_src/security/tutorial007_an_py310.py hl[1,12:24] *}

이는 다음과 비슷합니다:

```Python
if not (credentials.username == "stanleyjobson") or not (credentials.password == "swordfish"):
    # 어떤 오류를 반환
    ...
```

    }

    @Test
    @DisplayName("handle: empty user/domain edge yields '@' and null password")
    void testHandleWithEmptyUserAndDomainEdge() throws Exception {
        // Default constructor results in empty strings for user and domain, null for password
        JAASAuthenticator auth = new JAASAuthenticator();
        NameCallback nc = new NameCallback("user:");

```Python
UserInDB(**user_dict)
```

效果等同於：

```Python
UserInDB(
    username="john",
    password="secret",
    email="******@****.***",
    full_name=None,
)
```

更精確地說，直接使用 `user_dict`（未來內容可能有所不同）則等同於：

```Python
UserInDB(
    username = user_dict["username"],
    password = user_dict["password"],
    email = user_dict["email"],
    full_name = user_dict["full_name"],
)
```

    /**
     * The username of the user.
     */
    @Required
    @Size(max = 100)
    public String name;

    /**
     * The password for the user.
     */
    @Size(max = 100)
    public String password;

    /**
     * The password confirmation field.
     */
    @Size(max = 100)
    public String confirmPassword;

    /**
     * The attributes map for the user.
     */

                .getOrElse('test_admin'),
        password: providers.systemProperty('tests.rest.cluster.password')
                .forUseAtConfigurationTime()
                .getOrElse('x-pack-test-password')
]

tasks.withType(StandaloneRestIntegTestTask).configureEach {
    systemProperty 'tests.rest.cluster.username', clusterCredentials.username
    systemProperty 'tests.rest.cluster.password', clusterCredentials.password
}

        final Map<String, Object> sourceMap = new HashMap<>();
        if (name != null) {
            sourceMap.put("name", name);
        }
        if (password != null) {
            sourceMap.put("password", password);
        }
        if (groups != null) {
            sourceMap.put("groups", groups);
        }
        if (roles != null) {
            sourceMap.put("roles", roles);
        }

    }

    // Helper methods

    private void setupMockConfig(String fesenUrl, String username, String password) {
        setupMockConfig(fesenUrl, username, password, "");
    }

    private void setupMockConfig(String fesenUrl, String username, String password, String certificateAuthorities) {
        ComponentUtil.setFessConfig(new FessConfig.SimpleImpl() {

            "The specified user does not exist.", "The specified network password is not correct.",
            "Logon failure: unknown user name or bad password.", "Logon failure: user account restriction.",
            "Logon failure: account logon time restriction violation.", "Logon failure: user not allowed to log on to this computer.",
            "Logon failure: the specified account password has expired.", "Logon failure: account currently disabled.",

/**
 * @author FreeGen
 */
public class UserBhv extends BsUserBhv {

    private static final String ROLES = "roles";
    private static final String GROUPS = "groups";
    private static final String PASSWORD = "password";
    private static final String NAME = "name";

    private String indexName = null;

    @Override
    protected String asEsIndex() {
        if (indexName == null) {