from inline_snapshot import snapshot
from pydantic import BaseModel

app = FastAPI()

oid = OpenIdConnect(openIdConnectUrl="/openid")


class User(BaseModel):
    username: str


def get_current_user(oauth_header: str = Security(oid)):
    user = User(username=oauth_header)
    return user


@app.get("/users/me")
def read_current_user(current_user: User = Depends(get_current_user)):
    return current_user

app = FastAPI()

oid = OpenIdConnect(
    openIdConnectUrl="/openid", description="OpenIdConnect security scheme"
)


class User(BaseModel):
    username: str


def get_current_user(oauth_header: str = Security(oid)):
    user = User(username=oauth_header)
    return user


@app.get("/users/me")
def read_current_user(current_user: User = Depends(get_current_user)):
    return current_user

為了處理這點，我們會先將 `username` 與 `password` 以 UTF-8 編碼成 `bytes`。

接著我們可以使用 `secrets.compare_digest()` 來確認 `credentials.username` 等於 `"stanleyjobson"`，而 `credentials.password` 等於 `"swordfish"`。

{* ../../docs_src/security/tutorial007_an_py310.py hl[1,12:24] *}

這大致等同於：

```Python
if not (credentials.username == "stanleyjobson") or not (credentials.password == "swordfish"):
    # 回傳錯誤

        assertEquals("entraiduser", ((TestLoginCredential) credential).username);
    }

    // Helper classes for testing
    private static class TestLoginCredential implements LoginCredential {
        private final String username;

        public TestLoginCredential(String username) {
            this.username = username;
        }

        @Override
        public String toString() {

            },
            "user": {"username": "johndoe", "full_name": "John Doe"},
        },
    )
    assert response.status_code == 200
    assert response.json() == {
        "item_id": 5,
        "item": {
            "name": "Foo",
            "price": 50.5,
            "description": "Some Foo",
            "tax": 0.1,
        },
        "user": {"username": "johndoe", "full_name": "John Doe"},
    }

Fini de taper des noms de clés erronés, de faire des allers-retours entre les documents, ou de faire défiler vers le haut et vers le bas pour savoir si vous avez finalement utilisé `username` ou `user_name`.

### Court { #short }

Şimdi önceki bölümün üzerine inşa edip, eksik parçaları ekleyerek tam bir güvenlik akışı oluşturalım.

## `username` ve `password`’ü Alma { #get-the-username-and-password }

`username` ve `password`’ü almak için **FastAPI** security yardımcı araçlarını kullanacağız.

OAuth2, (bizim kullandığımız) "password flow" kullanılırken client/kullanıcının form verisi olarak `username` ve `password` alanlarını göndermesi gerektiğini belirtir.

UserInDB(**user_dict)
```

дасть еквівалентний результат:

```Python
UserInDB(
    username="john",
    password="secret",
    email="******@****.***",
    full_name=None,
)
```

А точніше, використовуючи безпосередньо `user_dict`, з будь-яким його вмістом у майбутньому:

```Python
UserInDB(
    username = user_dict["username"],
    password = user_dict["password"],
    email = user_dict["email"],

     * domain, username, and password. Parameters that are {@code null}
     * will be substituted with {@code jcifs.smb.client.domain},
     * {@code jcifs.smb.client.username}, {@code jcifs.smb.client.password}
     * property values.
     *
     * @param tc
     *            context to use
     * @param domain the authentication domain
     * @param username the username to authenticate with

    }

    /**
     * Retrieves a user by their username.
     *
     * @param username the username to search for
     * @return an OptionalEntity containing the user if found
     */
    public OptionalEntity<User> getUserByName(final String username) {
        return userBhv.selectEntity(cb -> {
            cb.query().setName_Equal(username);
        });
    }

    /**