因此，延續上面的 `user_dict`，寫成：

```Python
UserInDB(**user_dict)
```

效果等同於：

```Python
UserInDB(
    username="john",
    password="secret",
    email="******@****.***",
    full_name=None,
)
```

更精確地說，直接使用 `user_dict`（未來內容可能有所不同）則等同於：

```Python
UserInDB(
    username = user_dict["username"],
    password = user_dict["password"],
    email = user_dict["email"],
    full_name = user_dict["full_name"],

{* ../../docs_src/security/tutorial005_an_py310.py hl[106,108:116] *}

## Verify the `username` and data shape { #verify-the-username-and-data-shape }

We verify that we get a `username`, and extract the scopes.

@ExtendWith(MockitoExtension.class)
class NtlmContextTest {

    @Mock
    private NtlmPasswordAuthentication mockAuth;

    private final String domain = "TEST_DOMAIN";
    private final String username = "testUser";
    private final String password = "testPassword";
    private final String workstation = "TEST_WORKSTATION";

    @BeforeEach
    void setUp() {
        // MockitoExtension handles mock initialization

     *
     * @param form the create form
     * @param username the current username
     * @param currentTime the current time
     * @return optional file configuration entity
     */
    public static OptionalEntity<FileConfig> getEntity(final CreateForm form, final String username, final long currentTime) {
        switch (form.crudMode) {
        case CrudMode.CREATE:

            assertEquals("user" + i, chains.get(i).lastLoadedUser.getName());
        }
    }

    // Helper method to create test user
    private User createTestUser(String username) {
        User user = new User();
        user.setName(username);
        return user;
    }

    // Test implementation of AuthenticationChain
    private static class TestAuthenticationChain implements AuthenticationChain {
        int id;

## 驗證 `username` 與資料結構 { #verify-the-username-and-data-shape }

我們先確認取得了 `username`，並取出 scopes。

接著用 Pydantic 模型驗證這些資料（捕捉 `ValidationError` 例外），若在讀取 JWT token 或用 Pydantic 驗證資料時出錯，就丟出先前建立的 `HTTPException`。

為此，我們更新了 Pydantic 模型 `TokenData`，加入新屬性 `scopes`。

透過 Pydantic 驗證資料，我們可以確保，例如，scopes 正好是 `list` 的 `str`，而 `username` 是 `str`。

否則若是 `dict` 或其他型別，可能在後續某處使應用壞掉，造成安全風險。

        parentProps.setProperty("jcifs.smb.client.domain", "parentdomain");
        parentProps.setProperty("jcifs.smb.client.username", "parentuser");

        Properties childProps = new Properties(parentProps);
        childProps.setProperty("jcifs.smb.client.username", "childuser");

        // When
        PropertyConfiguration testConfig = new PropertyConfiguration(childProps);

        // Then

    * Isto contém o `username` e o `password` enviado.

{* ../../docs_src/security/tutorial006_an_py310.py hl[4,8,12] *}

Quando você tentar abrir a URL pela primeira vez (ou clicar no botão "Executar" na documentação) o navegador vai pedir pelo seu usuário e senha:

<img src="/img/tutorial/security/image12.png">

## Verifique o usuário { #check-the-username }

Aqui está um exemplo mais completo.

  static final class BasicAuthInterceptor implements Interceptor {
    private final String credentials;
    private final String host;

    BasicAuthInterceptor(String host, String username, String password) {
      this.credentials = Credentials.basic(username, password);
      this.host = host;
    }

    @Override public Response intercept(Chain chain) throws IOException {
      Request request = chain.request();

        raise


@app.get("/items/{item_id}")
def get_item(item_id: str, username: str = Depends(get_username)):
    if item_id == "portal-gun":
        raise InternalError(
            f"The portal gun is too dangerous to be owned by {username}"
        )
    if item_id != "plumbus":
        raise HTTPException(