Usando as credenciais:

Username: `johndoe`
Password: `secret`

/// check | Verifique

Observe que em nenhuma parte do código está a senha em texto puro "`secret`", nós temos apenas o hash.

///

<img src="/img/tutorial/security/image08.png">

Chame o endpoint `/users/me/`, você receberá o retorno como:

```JSON
{
  "username": "johndoe",
  "email": "******@****.***",

```JSON
{
    "item": {
        "name": "Foo",
        "description": "The pretender",
        "price": 42.0,
        "tax": 3.2
    },
    "user": {
        "username": "dave",
        "full_name": "Dave Grohl"
    }
}
```

/// note | Nota

     * This is a required field for identifying which request header entry to update.
     */
    @Required
    @Size(max = 1000)
    public String id;

    /**
     * The username of the user who last updated this request header configuration.
     * Used for audit trail purposes to track who made changes.
     */
    @Size(max = 1000)
    public String updatedBy;

    /**

     * This is a required field for identifying which elevate word entry to update.
     */
    @Required
    @Size(max = 1000)
    public String id;

    /**
     * The username of the user who last updated this elevate word configuration.
     * Used for audit trail purposes to track who made changes.
     */
    @Size(max = 1000)
    public String updatedBy;

    /**

{* ../../docs_src/request_form_models/tutorial002_an_py310.py hl[12] *}

If a client tries to send some extra data, they will receive an **error** response.

For example, if the client tries to send the form fields:

* `username`: `Rick`
* `password`: `Portal Gun`
* `extra`: `Mr. Poopybutthole`

They will receive an error response telling them that the field `extra` is not allowed:

```json
{
    "detail": [
        {

from pydantic import BaseModel

app = FastAPI()


class Item(BaseModel):
    name: str
    price: float


class ResponseMessage(BaseModel):
    message: str


class User(BaseModel):
    username: str
    email: str


@app.post("/items/", response_model=ResponseMessage, tags=["items"])
async def create_item(item: Item):
    return {"message": "Item received"}

  }

  @Test
  fun toUriWithUsernameNoPassword() {
    val httpUrl =
      HttpUrl
        .Builder()
        .scheme("http")
        .username("user")
        .host("host")
        .build()
    assertThat(httpUrl.toString()).isEqualTo("http://user@host/")
    assertThat(httpUrl.toUri().toString()).isEqualTo("http://user@host/")
  }

  @Test

    private Date kickOffTime;
    private Date pwdLastChangeTime;
    private Date pwdCanChangeTime;
    private Date pwdMustChangeTime;
    private short logonCount;
    private short badPasswordCount;
    private String userName;
    private String userDisplayName;
    private String logonScript;
    private String profilePath;
    private String homeDirectory;
    private String homeDrive;
    private String serverName;

     * @param domain
     *            domain for NTLM fallback
     * @param username
     *            user for NTLM fallback
     * @param password
     *            password for NTLM fallback
     */
    public Kerb5Authenticator(Subject subject, String domain, String username, String password) {
        super(domain, username, password);
        this.canFallback = true;
        this.subject = subject;
    }

    public String permissions;

    /** The boost score multiplier applied to elevated documents */
    @Required
    @ValidateTypeFailure
    public Float boost;

    /** The username of who created this elevate word entry */
    @Size(max = 1000)
    public String createdBy;

    /** The timestamp when this elevate word entry was created */
    @ValidateTypeFailure
    public Long createdTime;