String user = (index != -1) ? auth.substring(0, index) : auth;
                String password = (index != -1) ? auth.substring(index + 1) : "";
                index = user.indexOf('\\');
                if (index == -1) index = user.indexOf('/');
                String domain = (index != -1) ? user.substring(0, index) : defaultDomain;
                user = (index != -1) ? user.substring(index + 1) : user;

non-free programs enables many more people to use the whole GNU
operating system, as well as its variant, the GNU/Linux operating
system.

  Although the Lesser General Public License is Less protective of the
users' freedom, it does ensure that the user of a program that is
linked with the Library has the freedom and the wherewithal to run
that program using a modified version of the Library.

  "detail": "Not authenticated"
}
```

### 비활성된 유저

이제 비활성된 사용자로 시도하고, 인증해봅시다:

유저명: `alice`

패스워드: `secret2`

그리고 `/users/me` 경로와 함께 `GET` 작업을 사용해 봅시다.

다음과 같은 "Inactive user" 오류가 발생합니다:

```JSON
{
  "detail": "Inactive user"
}
```

## 요약

이제 API에 대한 `username` 및 `password`를 기반으로 완전한 보안 시스템을 구현할 수 있는 도구가 있습니다.

                int index = auth.indexOf(':');
                String user = ( index != -1 ) ? auth.substring(0, index) : auth;
                String password = ( index != -1 ) ? auth.substring(index + 1) : "";
                index = user.indexOf('\\');
                if ( index == -1 )
                    index = user.indexOf('/');
                String domain = ( index != -1 ) ? user.substring(0, index) : this.defaultDomain;

  //  "server auth", "client auth",
  //  "code signing", "email protection", "s/mime",
  //  "ipsec end system", "ipsec tunnel", "ipsec user",
  //  "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"
  // +listType=atomic
  repeated string usages = 5;

  // username contains the name of the user that created the CertificateSigningRequest.
  // Populated by the API server on creation and immutable.
  // +optional

 * hashes were used to construct this <tt>NtlmPasswordAuthentication</tt>
 * object which will be the case when NTLM HTTP Authentication is
 * used. There is no way to retrieve a users password in plain text unless
 * it is supplied by the user at runtime.
 */
    public String getPassword() {
        return password;
    }
/**
 * Return the domain and username in the format:

//
//	// assign an email if the record is not found
//	db.Where(User{Name: "non_existing"}).Attrs(User{Email: "******@****.***"}).FirstOrInit(&user)
//	// user -> User{Name: "non_existing", Email: "******@****.***"}
//
//	// assign email regardless of if record is found
//	db.Where(User{Name: "jinzhu"}).Assign(User{Email: "******@****.***"}).FirstOrInit(&user)
//	// user -> User{Name: "jinzhu", Age: 20, Email: "******@****.***"}

```JSON
{
  "detail": "Not authenticated"
}
```

### 未激活用户

测试未激活用户，输入以下信息，进行身份验证：

用户名：`alice`

密码：`secret2`

然后，执行 `/users/me` 路径的 `GET` 操作。

显示下列**未激活用户**错误信息：

```JSON
{
  "detail": "Inactive user"
}
```

## 小结

使用本章的工具实现基于 `username` 和 `password` 的完整 API 安全系统。

这些工具让安全系统兼容任何数据库、用户及数据模型。

唯一欠缺的是，它仍然不是真的**安全**。

这会需要一些“等待时间”。

但是由于 SQLAlchemy 不具有`await`直接使用的兼容性，因此类似于：

```Python
user = await db.query(User).first()
```

...相反，我们可以使用：

```Python
user = db.query(User).first()
```

然后我们应该声明*路径操作函数*和不带 的依赖关系`async def`，只需使用普通的`def`，如下：

```Python hl_lines="2"
@app.get("/users/{user_id}", response_model=schemas.User)
def read_user(user_id: int, db: Session = Depends(get_db)):

import java.io.IOException;

import jcifs.smb1.util.Hexdump;

/**
 * An Access Control Entry (ACE) is an element in a security descriptor
 * such as those associated with files and directories. The Windows OS
 * determines which users have the necessary permissions to access objects
 * based on these entries.
 * <p>
 * To fully understand the information exposed by this class a description