severity - Code Search

docs/zh/docs/tutorial/security/simple-oauth2.md

### 身份验证

点击**Authorize**按钮。

使用以下凭证：

用户名：`johndoe`

密码：`secret`

<img src="https://fastapi.tiangolo.com/img/tutorial/security/image04.png">

通过身份验证后，显示下图所示的内容：

<img src="https://fastapi.tiangolo.com/img/tutorial/security/image05.png">

### 获取当前用户数据

使用 `/users/me` 路径的 `GET` 操作。

可以提取如下当前用户数据：

```JSON
{
  "username": "johndoe",

Created: Sun Dec 28 07:19:09 GMT 2025

- Last Modified: Mon Nov 18 02:25:44 GMT 2024

- 8.6K bytes

- Click Count (0)

github.com/square/okhttp

samples/static-server/src/main/java/okhttp3/sample/SampleServer.java

package okhttp3.sample;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import okhttp3.mockwebserver.Dispatcher;

Created: Fri Dec 26 11:42:13 GMT 2025

- Last Modified: Wed Jan 02 02:50:44 GMT 2019

- 4.7K bytes

- Click Count (0)

github.com/square/okhttp

okhttp/src/jvmTest/kotlin/okhttp3/TestTls13Request.kt

 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package okhttp3

import java.io.IOException
import java.security.Security
import okhttp3.internal.platform.Platform
import org.conscrypt.Conscrypt

// TLS 1.3
private val TLS13_CIPHER_SUITES =
  listOf(
    CipherSuite.TLS_AES_128_GCM_SHA256,
    CipherSuite.TLS_AES_256_GCM_SHA384,

Created: Fri Dec 26 11:42:13 GMT 2025

- Last Modified: Thu May 22 14:39:30 GMT 2025

- 3.6K bytes

- Click Count (0)

github.com/tiangolo/fastapi

docs/ru/docs/tutorial/security/oauth2-jwt.md

Если токен недействителен, то сразу же верните HTTP-ошибку.

{* ../../docs_src/security/tutorial004_an_py310.py hl[90:107] *}

## Обновление *операции пути* `/token` { #update-the-token-path-operation }

Создайте `timedelta` со временем истечения срока действия токена.

Создайте реальный токен доступа JWT и верните его

{* ../../docs_src/security/tutorial004_an_py310.py hl[118:133] *}

Created: Sun Dec 28 07:19:09 GMT 2025

- Last Modified: Tue Sep 30 11:24:39 GMT 2025

- 19.1K bytes

- Click Count (0)

github.com/square/okhttp

okhttp/src/androidMain/kotlin/okhttp3/internal/platform/android/AndroidCertificateChainCleaner.kt

 */
package okhttp3.internal.platform.android

import android.net.http.X509TrustManagerExtensions
import java.lang.IllegalArgumentException
import java.security.cert.Certificate
import java.security.cert.CertificateException
import java.security.cert.X509Certificate
import javax.net.ssl.SSLPeerUnverifiedException
import javax.net.ssl.X509TrustManager
import okhttp3.internal.SuppressSignatureCheck

Created: Fri Dec 26 11:42:13 GMT 2025

- Last Modified: Fri Dec 27 13:39:56 GMT 2024

- 2.7K bytes

- Click Count (0)

github.com/tiangolo/fastapi

docs/ko/docs/tutorial/security/simple-oauth2.md

데이터베이스가 유출된 경우 해커는 사용자의 일반 텍스트 암호가 아니라 해시만 갖게 됩니다.

따라서 해커는 다른 시스템에서 동일한 암호를 사용하려고 시도할 수 없습니다(많은 사용자가 모든 곳에서 동일한 암호를 사용하므로 이는 위험할 수 있습니다).

//// tab | 파이썬 3.7 이상

{* ../../docs_src/security/tutorial003.py hl[80:83] *}

////

{* ../../docs_src/security/tutorial003_py310.py hl[78:81] *}

#### `**user_dict`에 대해

`UserInDB(**user_dict)`는 다음을 의미한다:

*`user_dict`의 키와 값을 다음과 같은 키-값 인수로 직접 전달합니다:*

```Python

Created: Sun Dec 28 07:19:09 GMT 2025

- Last Modified: Sat Feb 15 11:19:12 GMT 2025

- 10.8K bytes

- Click Count (0)

github.com/square/okhttp

okhttp-testing-support/src/main/kotlin/okhttp3/DelegatingSSLSession.kt

 * limitations under the License.
 */
package okhttp3

import java.security.Principal
import java.security.cert.Certificate
import javax.net.ssl.SSLPeerUnverifiedException
import javax.net.ssl.SSLSession
import javax.net.ssl.SSLSessionContext
import javax.security.cert.X509Certificate

/** An [SSLSession] that delegates all calls.  */
abstract class DelegatingSSLSession(

Created: Fri Dec 26 11:42:13 GMT 2025

- Last Modified: Wed Mar 19 19:25:20 GMT 2025

- 2.6K bytes

- Click Count (0)

github.com/tiangolo/fastapi

tests/test_security_oauth2.py

import pytest
from fastapi import Depends, FastAPI, Security
from fastapi.security import OAuth2, OAuth2PasswordRequestFormStrict
from fastapi.testclient import TestClient
from pydantic import BaseModel

app = FastAPI()

reusable_oauth2 = OAuth2(
    flows={
        "password": {
            "tokenUrl": "token",
            "scopes": {"read:users": "Read the users", "write:users": "Create users"},
        }
    }
)

Created: Sun Dec 28 07:19:09 GMT 2025

- Last Modified: Sat Dec 27 18:19:10 GMT 2025

- 9K bytes

- Click Count (0)

github.com/codelibs/jcifs

src/test/java/jcifs/internal/smb2/session/Smb2SessionSetupRequestTest.java

        // Channel
        assertEquals(0, SMBUtil.readInt4(buffer, bodyOffset + 8));

        // Security Buffer Offset
        int securityBufferOffset = SMBUtil.readInt2(buffer, bodyOffset + 12);
        assertTrue(securityBufferOffset > 0);

        // Security Buffer Length
        assertEquals(token.length, SMBUtil.readInt2(buffer, bodyOffset + 14));

        // Previous Session ID

Created: Sat Dec 20 13:44:44 GMT 2025

- Last Modified: Thu Aug 14 05:31:44 GMT 2025

- 21.2K bytes

- Click Count (0)

github.com/tiangolo/fastapi

docs/zh/docs/tutorial/security/oauth2-jwt.md

创建设置令牌过期时间的变量。

定义令牌端点响应的 Pydantic 模型。

创建生成新的访问令牌的工具函数。

{* ../../docs_src/security/tutorial004.py hl[6,12:14,28:30,78:86] *}

## 更新依赖项

更新 `get_current_user` 以接收与之前相同的令牌，但这里用的是 JWT 令牌。

解码并校验接收到的令牌，然后，返回当前用户。

如果令牌无效，则直接返回 HTTP 错误。

{* ../../docs_src/security/tutorial004_an_py310.py hl[4,7,13:15,29:31,79:87] *}

## 更新 `/token` *路径操作*

用令牌过期时间创建 `timedelta` 对象。

Created: Sun Dec 28 07:19:09 GMT 2025

- Last Modified: Mon Nov 18 02:25:44 GMT 2024

- 8.9K bytes

- Click Count (0)

Search Options