From ccc7c8fef9eaab9d74ad142c50847be7e38e250a Mon Sep 17 00:00:00 2001 From: Arthur Rio Date: Thu, 27 Feb 2025 05:29:20 -0700 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Ensure=20that=20`HTTPDigest`=20o?= =?UTF-8?q?nly=20raises=20an=20exception=20when=20`auto=5Ferror=20is=20Tru?= =?UTF-8?q?e`=20(#2939)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: svlandeg --- fastapi/security/http.py | 11 +++++++---- tests/test_security_http_digest_optional.py | 4 ++-- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/fastapi/security/http.py b/fastapi/security/http.py index e06f3d66d..9ab2df3c9 100644 --- a/fastapi/security/http.py +++ b/fastapi/security/http.py @@ -413,8 +413,11 @@ class HTTPDigest(HTTPBase): else: return None if scheme.lower() != "digest": - raise HTTPException( - status_code=HTTP_403_FORBIDDEN, - detail="Invalid authentication credentials", - ) + if self.auto_error: + raise HTTPException( + status_code=HTTP_403_FORBIDDEN, + detail="Invalid authentication credentials", + ) + else: + return None return HTTPAuthorizationCredentials(scheme=scheme, credentials=credentials) diff --git a/tests/test_security_http_digest_optional.py b/tests/test_security_http_digest_optional.py index 1e6eb8bd7..0d66f9c72 100644 --- a/tests/test_security_http_digest_optional.py +++ b/tests/test_security_http_digest_optional.py @@ -37,8 +37,8 @@ def test_security_http_digest_incorrect_scheme_credentials(): response = client.get( "/users/me", headers={"Authorization": "Other invalidauthorization"} ) - assert response.status_code == 403, response.text - assert response.json() == {"detail": "Invalid authentication credentials"} + assert response.status_code == 200, response.text + assert response.json() == {"msg": "Create an account first"} def test_openapi_schema():