// Make attempts from same IP with different users
        for (int i = 1; i <= 5; i++) {
            assertTrue(rateLimiter.checkAttempt("user" + i, ip), "Attempt " + i + " should be allowed");
            rateLimiter.recordFailure("user" + i, ip);
        }

        // 6th attempt from same IP should be blocked
        assertFalse(rateLimiter.checkAttempt("user6", ip), "Should block after IP rate limit");
    }

### About `**user_in.model_dump()` { #about-user-in-model-dump }

#### Pydantic's `.model_dump()` { #pydantics-model-dump }

`user_in` is a Pydantic model of class `UserIn`.

Pydantic models have a `.model_dump()` method that returns a `dict` with the model's data.

So, if we create a Pydantic object `user_in` like:

```Python
user_in = UserIn(username="john", password="secret", email="******@****.***")
```

 */
package org.codelibs.fess.opensearch.user.cbean.ca.bs;

import org.codelibs.fess.opensearch.user.allcommon.EsAbstractConditionAggregation;
import org.codelibs.fess.opensearch.user.allcommon.EsAbstractConditionQuery;
import org.codelibs.fess.opensearch.user.cbean.ca.UserCA;
import org.codelibs.fess.opensearch.user.cbean.cq.UserCQ;
import org.codelibs.fess.opensearch.user.cbean.cq.bs.BsUserCQ;

from fastapi import APIRouter

router = APIRouter()


@router.get("/users/", tags=["users"])
async def read_users():
    return [{"username": "Rick"}, {"username": "Morty"}]


@router.get("/users/me", tags=["users"])
async def read_user_me():
    return {"username": "fakecurrentuser"}


@router.get("/users/{username}", tags=["users"])
async def read_user(username: str):

from fastapi import APIRouter

router = APIRouter()


@router.get("/users/", tags=["users"])
async def read_users():
    return [{"username": "Rick"}, {"username": "Morty"}]


@router.get("/users/me", tags=["users"])
async def read_user_me():
    return {"username": "fakecurrentuser"}


@router.get("/users/{username}", tags=["users"])
async def read_user(username: str):

	if user6.Name != "find or init" || user6.ID == 0 || user6.Age != 44 {
		t.Errorf("user should be found and updated with assigned attrs")
	}
}

func TestFindOrCreate(t *testing.T) {
	var user1, user2, user3, user4, user5, user6, user7, user8 User
	if err := DB.Where(&User{Name: "find or create", Age: 33}).FirstOrCreate(&user1).Error; err != nil {
		t.Errorf("no error should happen when FirstOrInit, but got %v", err)
	}

Now, whenever a browser is creating a user with a password, the API will return the same password in the response.

In this case, it might not be a problem, because it's the same user sending the password.

But if we use the same model for another *path operation*, we could be sending our user's passwords to every client.

/// danger

		claims   = cred.Claims
		groups   = cred.Groups
	)

	if cred.IsTemp() || cred.IsServiceAccount() {
		// For derived credentials, check the parent user's permissions.
		username = cred.ParentUser
	}

	principalType := "Anonymous"
	if username != "" {
		principalType = "User"
		if len(claims) > 0 {
			principalType = "AssumedRole"
		}
		if username == globalActiveCred.AccessKey {
			principalType = "Account"
		}
	}

	if users[1].Name != "update_column_02_newname" || users[1].Age != 100 {
		t.Errorf("user 2 should be updated with update column")
	}
	AssertEqual(t, lastUpdatedAt.UnixNano(), users[1].UpdatedAt.UnixNano())

	// user2 should not be updated
	var user1, user2 User
	DB.First(&user1, users[0].ID)
	DB.First(&user2, users[1].ID)
	CheckUser(t, user1, *users[0])
	CheckUser(t, user2, *users[1])

    @Override
    protected Class<? extends User> typeOfSelectedEntity() {
        return User.class;
    }

    @Override
    protected Class<User> typeOfHandlingEntity() {
        return User.class;
    }

    @Override
    protected Class<UserCB> typeOfHandlingConditionBean() {
        return UserCB.class;
    }

    public ListResultBean<User> selectList(CBCall<UserCB> cbLambda) {