#### The time to answer helps the attackers { #the-time-to-answer-helps-the-attackers }

At that point, by noticing that the server took some microseconds longer to send the "Incorrect username or password" response, the attackers will know that they got _something_ right, some of the initial letters were right.

    if not user_dict:
        raise HTTPException(status_code=400, detail="Incorrect username or password")
    user = UserInDB(**user_dict)
    hashed_password = fake_hash_password(form_data.password)
    if not hashed_password == user.hashed_password:
        raise HTTPException(status_code=400, detail="Incorrect username or password")

    return {"access_token": user.username, "token_type": "bearer"}

constraints.LuhnCheck.message = The Luhn Modulo 11 checksum of {value} is incorrect.
constraints.Mod10Check.message = The Modulo 10 checksum of {value} is incorrect.
constraints.Mod11Check.message = The Modulo 11 checksum of {value} is incorrect.
constraints.ModCheck.message = The {modType} checksum of {value} is incorrect.
constraints.NotBlank.message = {item} is required.
constraints.NotEmpty.message = {item} is required.

constraints.LuhnCheck.message = The Luhn Modulo 11 checksum of {value} is incorrect.
constraints.Mod10Check.message = The Modulo 10 checksum of {value} is incorrect.
constraints.Mod11Check.message = The Modulo 11 checksum of {value} is incorrect.
constraints.ModCheck.message = The {modType} checksum of {value} is incorrect.
constraints.NotBlank.message = {item} is required.
constraints.NotEmpty.message = {item} is required.

 *  Upgrade: [Kotlin 1.3.71][kotlin_1_3_71].


## Version 4.5.0

_2020-04-06_

**This release fixes a severe bug where OkHttp incorrectly detected and recovered from unhealthy
connections.** Stale or canceled connections were incorrectly attempted when they shouldn't have
been, leading to rare cases of infinite retries. Please upgrade to this release!

def test_login_incorrect_password(mod: ModuleType):
    client = TestClient(mod.app)
    response = client.post(
        "/token", data={"username": "johndoe", "password": "incorrect"}
    )
    assert response.status_code == 400, response.text
    assert response.json() == {"detail": "Incorrect username or password"}


def test_login_incorrect_username(mod: ModuleType):
    client = TestClient(mod.app)

                "input": None,
            }
        ]
    }


@pytest.mark.parametrize(
    argnames=["grant_type"],
    argvalues=[
        pytest.param("incorrect", id="incorrect value"),
        pytest.param("passwordblah", id="password with suffix"),
        pytest.param("blahpassword", id="password with prefix"),
    ],
)
def test_strict_login_incorrect_grant_type(grant_type: str):

     */
    String[] NT_STATUS_MESSAGES = { "The operation completed successfully.", "A device attached to the system is not functioning.",
            "Incorrect function.", "The parameter is incorrect.", "Invalid access to memory location.", "The handle is invalid.",
            "The parameter is incorrect.", "The system cannot find the file specified.", "The system cannot find the file specified.",

        current_password_bytes, correct_password_bytes
    )
    if not (is_correct_username and is_correct_password):
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Incorrect username or password",
            headers={"WWW-Authenticate": "Basic"},
        )
    return credentials.username


@app.get("/users/me")
def read_current_user(username: str = Depends(get_current_username)):

def test_login_incorrect_password(mod: ModuleType):
    client = TestClient(mod.app)
    response = client.post(
        "/token", data={"username": "johndoe", "password": "incorrect"}
    )
    assert response.status_code == 401, response.text
    assert response.json() == {"detail": "Incorrect username or password"}


def test_login_incorrect_username(mod: ModuleType):
    client = TestClient(mod.app)