def test_login_incorrect_password(client: TestClient):
    response = client.post(
        "/token", data={"username": "johndoe", "password": "incorrect"}
    )
    assert response.status_code == 400, response.text
    assert response.json() == {"detail": "Incorrect username or password"}


def test_login_incorrect_username(client: TestClient):
    response = client.post("/token", data={"username": "foo", "password": "secret"})

    assert response.json() == {"detail": "Incorrect username or password"}
    assert response.headers["WWW-Authenticate"] == "Basic"


def test_security_http_basic_invalid_password(client: TestClient):
    response = client.get("/users/me", auth=("stanleyjobson", "wrongpassword"))
    assert response.status_code == 401, response.text
    assert response.json() == {"detail": "Incorrect username or password"}

    if not user_dict:
        raise HTTPException(status_code=400, detail="Incorrect username or password")
    user = UserInDB(**user_dict)
    hashed_password = fake_hash_password(form_data.password)
    if not hashed_password == user.hashed_password:
        raise HTTPException(status_code=400, detail="Incorrect username or password")

    return {"access_token": user.username, "token_type": "bearer"}

        assertTrue(a.getScope().equals("test"), "Incorrect scope for " + a.getDependencyConflictId());

        // transitive dep, overridden b depMgmt
        assertTrue(b.getScope().equals("runtime"), "Incorrect scope for " + b.getDependencyConflictId());

        // direct dep, overrides depMgmt
        assertTrue(c.getScope().equals("runtime"), "Incorrect scope for " + c.getDependencyConflictId());
    }

#### Die Zeit zum Antworten hilft den Angreifern { #the-time-to-answer-helps-the-attackers }

#### The time to answer helps the attackers { #the-time-to-answer-helps-the-attackers }

At that point, by noticing that the server took some microseconds longer to send the "Incorrect username or password" response, the attackers will know that they got _something_ right, some of the initial letters were right.

    if not user_dict:
        raise HTTPException(status_code=400, detail="Incorrect username or password")
    user = UserInDB(**user_dict)
    hashed_password = fake_hash_password(form_data.password)
    if not hashed_password == user.hashed_password:
        raise HTTPException(status_code=400, detail="Incorrect username or password")

    return {"access_token": user.username, "token_type": "bearer"}

            "A device attached to the system is not functioning.", "Incorrect function.", "The parameter is incorrect.",
            "Invalid access to memory location.", "The handle is invalid.", "The parameter is incorrect.",
            "The system cannot find the file specified.", "The system cannot find the file specified.", "End of file",

* Leer el body del request como JSON.
* Convertir los tipos correspondientes (si es necesario).
* Validar los datos.
    * Si los datos son inválidos, devolverá un error claro e indicado, señalando exactamente dónde y qué fue lo incorrecto.
* Proporcionar los datos recibidos en el parámetro `item`.
    * Como lo declaraste en la función como de tipo `Item`, también tendrás todo el soporte del editor (autocompletado, etc.) para todos los atributos y sus tipos.

     */
    String[] NT_STATUS_MESSAGES = { "The operation completed successfully.", "A device attached to the system is not functioning.",
            "Incorrect function.", "The parameter is incorrect.", "Invalid access to memory location.", "The handle is invalid.",
            "The parameter is incorrect.", "The system cannot find the file specified.", "The system cannot find the file specified.",