특히 사용자 모델의 경우에 그러한데, 왜냐하면:

* **입력 모델** 은 비밀번호를 가져야 합니다.
* **출력 모델** 은 비밀번호를 가지면 안됩니다.
* **데이터베이스 모델** 은 해시처리된 비밀번호를 가질 것입니다.

/// danger | 위험

절대 사용자의 비밀번호를 평문으로 저장하지 마세요. 항상 이후에 검증 가능한 "안전한 해시(secure hash)"로 저장하세요.

만약 이게 무엇인지 모르겠다면, [security chapters](security/simple-oauth2.md#password-hashing){.internal-link target=_blank}.에서 비밀번호 해시에 대해 배울 수 있습니다.

///

## 다중 모델

my_second_user: User = User(**second_user_data)
```

/// info

`**second_user_data` bedeutet:

Nimm die Schlüssel-Wert-Paare des `second_user_data` <abbr title="Dictionary – Wörterbuch: In anderen Programmiersprachen auch Hash, Map, Objekt, Assoziatives Array genannt">Dicts</abbr> und übergib sie direkt als Schlüsselwort-Argumente. Äquivalent zu: `User(id=4, name="Mary", joined="2018-11-30")`.

///

### Editor Unterstützung

        .addEqualityGroup(ImmutableSet.of(1, 2, 1), ImmutableSet.of(2, 1, 1))
        .testEquals();
  }

  /**
   * The maximum allowed probability of falsely detecting a hash flooding attack if the input is
   * randomly generated.
   */
  private static final double HASH_FLOODING_FPP = 0.001;

  public void testReuseBuilderReducingHashTableSizeWithPowerOfTwoTotalElements() {

            && thrown.equals(other.thrown)
            && suppressed.equals(other.suppressed);
      }
      return false;
    }

    @Override
    public int hashCode() {
      return Objects.hash(closeable, thrown, suppressed);
    }

    @Override
    public String toString() {
      return MoreObjects.toStringHelper(this)
          .add("closeable", closeable)
          .add("thrown", thrown)

            byte[] hash1 = transport.calculatePreauthHash(input, 0, input.length, null);
            assertNotNull(hash1);
            assertEquals(64, hash1.length, "SHA-512 size");

            byte[] hash2 = transport.calculatePreauthHash(new byte[] { 50 }, 0, 1, hash1);
            assertNotNull(hash2);
            assertEquals(64, hash2.length);

   *
   * @since 10.0
   */
  public static final long MAX_POWER_OF_TWO = 1L << (Long.SIZE - 2);

  /**
   * Returns a hash code for {@code value}; obsolete alternative to {@link Long#hashCode(long)}.
   *
   * @param value a primitive {@code long} value
   * @return a hash code for the value
   */
  @InlineMe(replacement = "Long.hashCode(value)")
  public static int hashCode(long value) {

///

Erstellen Sie eine Hilfsfunktion, um ein vom Benutzer stammendes Passwort zu hashen.

Und eine weitere, um zu überprüfen, ob ein empfangenes Passwort mit dem gespeicherten Hash übereinstimmt.

Und noch eine, um einen Benutzer zu authentifizieren und zurückzugeben.

{* ../../docs_src/security/tutorial004_an_py310.py hl[7,48,55:56,59:60,69:75] *}

/// note | Hinweis

			}
		}
	}()

	var (
		hr     *hash.Reader
		isSSEC = crypto.SSEC.IsEncrypted(objInfo.UserDefined)
	)

	var objectSize int64
	for _, partInfo := range objInfo.Parts {
		if isSSEC {
			hr, err = hash.NewReader(ctx, io.LimitReader(r, partInfo.Size), partInfo.Size, "", "", partInfo.ActualSize)
		} else {

	"net/url"
	"sort"
	"strconv"
	"strings"
	"time"

	"github.com/minio/minio-go/v7/pkg/s3utils"
	"github.com/minio/minio-go/v7/pkg/set"
	"github.com/minio/minio/internal/auth"
	"github.com/minio/minio/internal/hash/sha256"
	xhttp "github.com/minio/minio/internal/http"
)

// AWS Signature Version '4' constants.
const (
	signV4Algorithm = "AWS4-HMAC-SHA256"
	iso8601Format   = "20060102T150405Z"
	yyyymmdd        = "20060102"

Para este exemplo simples, seremos completamente inseguros e retornaremos o mesmo `username` do token.

/// tip | Dica

No próximo capítulo, você verá uma implementação realmente segura, com hash de senha e tokens <abbr title="JSON Web Tokens">JWT</abbr>.

Mas, por enquanto, vamos nos concentrar nos detalhes específicos de que precisamos.

///

{* ../../docs_src/security/tutorial003_an_py310.py hl[87] *}