happyz
/
fastapi
mirror of https://github.com/tiangolo/fastapi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

🐛 Ensure that `HTTPDigest` only raises an exception when `auto_error is True` (#2939) 

Co-authored-by: svlandeg <sofie.vanlandeghem@gmail.com>
This commit is contained in:
Arthur Rio 2025-02-27 05:29:20 -07:00 committed by GitHub
parent b021569913
commit ccc7c8fef9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
fastapi/security/http.py
View File

@ -413,8 +413,11 @@ class HTTPDigest(HTTPBase):
else: else:
return None return None
if scheme.lower() != "digest": if scheme.lower() != "digest":
if self.auto_error:
raise HTTPException( raise HTTPException(
status_code=HTTP_403_FORBIDDEN, status_code=HTTP_403_FORBIDDEN,
detail="Invalid authentication credentials", detail="Invalid authentication credentials",
) )
else:
return None
return HTTPAuthorizationCredentials(scheme=scheme, credentials=credentials) return HTTPAuthorizationCredentials(scheme=scheme, credentials=credentials)

4
tests/test_security_http_digest_optional.py
View File

@ -37,8 +37,8 @@ def test_security_http_digest_incorrect_scheme_credentials():
response = client.get( response = client.get(
"/users/me", headers={"Authorization": "Other invalidauthorization"} "/users/me", headers={"Authorization": "Other invalidauthorization"}
) )
assert response.status_code == 403, response.text assert response.status_code == 200, response.text
assert response.json() == {"detail": "Invalid authentication credentials"} assert response.json() == {"msg": "Create an account first"}
def test_openapi_schema(): def test_openapi_schema():