}
      setting 'xpack.security.enabled', 'true'
      keystore 'bootstrap.password', 'password'
      user username: 'elastic-admin', password: 'elastic-password', role: 'superuser'
    }
}

tasks.register("run", RunTask) {
  useCluster testClusters.named("runTask")
  description = 'Runs elasticsearch in the foreground'

        this.parameters = value;
    }

    public String getPassword() {
        checkSpecifiedProperty("password");
        return convertEmptyToNull(password);
    }

    public void setPassword(String value) {
        registerModifiedProperty("password");
        this.password = value;
    }

    public Integer getPort() {
        checkSpecifiedProperty("port");
        return port;
    }

        this.parameters = value;
    }

    public String getPassword() {
        checkSpecifiedProperty("password");
        return convertEmptyToNull(password);
    }

    public void setPassword(String value) {
        registerModifiedProperty("password");
        this.password = value;
    }

    public Integer getPort() {
        checkSpecifiedProperty("port");
        return port;
    }

```Python
UserInDB(
    username="john",
    password="secret",
    email="******@****.***",
    full_name=None,
)
```

Ou plus exactement, en utilisant `user_dict` directement, quels que soient ses contenus futurs :

```Python
UserInDB(
    username = user_dict["username"],
    password = user_dict["password"],
    email = user_dict["email"],
    full_name = user_dict["full_name"],
)

def get_password_hash(password):
    return password_hash.hash(password)


def get_user(db, username: str):
    if username in db:
        user_dict = db[username]
        return UserInDB(**user_dict)


def authenticate_user(fake_db, username: str, password: str):
    user = get_user(fake_db, username)
    if not user:
        verify_password(password, DUMMY_HASH)
        return False

It can be used by third party applications and systems.

And it can also be used by yourself, to debug, check and test the same application.

## The `password` flow { #the-password-flow }

Now let's go back a bit and understand what is all that.

The `password` "flow" is one of the ways ("flows") defined in OAuth2, to handle security and authentication.

Et il peut aussi être utilisé par vous-même, pour déboguer, vérifier et tester la même application.

## Le flux `password` { #the-password-flow }

Revenons un peu en arrière et comprenons de quoi il s'agit.

Le « flux » `password` est l'une des manières (« flows ») définies dans OAuth2 pour gérer la sécurité et l'authentification.

        // Credentials
        final CredentialsConfig credentials = new CredentialsConfig();
        credentials.setUsername(username);
        final String password = paramMap.get(prefix + "password");
        credentials.setPassword(password == null ? StringUtil.EMPTY : password);
        if (Constants.NTLM.equals(scheme)) {
            credentials.setType(CredentialsType.NTLM);
            credentials.setDomain(paramMap.get(prefix + "domain"));

            user.clearOriginalPassword();
        }
    }

    /**
     * Changes the password for a user identified by username.
     * Updates both the authentication manager and the database with the new encrypted password.
     *
     * @param username the username of the user
     * @param password the new password in plain text
     * @throws FessUserNotFoundException if the user is not found
     */

# Password ile OAuth2 (ve hashing), JWT token'ları ile Bearer { #oauth2-with-password-and-hashing-bearer-with-jwt-tokens }

Artık tüm security flow elimizde olduğuna göre, uygulamayı gerçekten güvenli hâle getirelim: <abbr title="JSON Web Token'lar">JWT</abbr> token'ları ve güvenli password hashing kullanacağız.

Bu kodu uygulamanızda gerçekten kullanabilirsiniz; password hash'lerini veritabanınıza kaydedebilirsiniz, vb.