From: Arthur Rio <arthur.rio44@gmail.com>
Date: Thu, 27 Feb 2025 12:29:20 +0000 (-0700)
Subject: 🐛 Ensure that `HTTPDigest` only raises an exception when `auto_error is True` (#2939)
X-Git-Tag: 0.115.9~8
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=ccc7c8fef9eaab9d74ad142c50847be7e38e250a;p=thirdparty%2Ffastapi%2Ffastapi.git

🐛 Ensure that `HTTPDigest` only raises an exception when `auto_error is True` (#2939)

Co-authored-by: svlandeg <sofie.vanlandeghem@gmail.com>
---

diff --git a/fastapi/security/http.py b/fastapi/security/http.py
index e06f3d66d8..9ab2df3c98 100644
--- a/fastapi/security/http.py
+++ b/fastapi/security/http.py
@@ -413,8 +413,11 @@ class HTTPDigest(HTTPBase):
             else:
                 return None
         if scheme.lower() != "digest":
-            raise HTTPException(
-                status_code=HTTP_403_FORBIDDEN,
-                detail="Invalid authentication credentials",
-            )
+            if self.auto_error:
+                raise HTTPException(
+                    status_code=HTTP_403_FORBIDDEN,
+                    detail="Invalid authentication credentials",
+                )
+            else:
+                return None
         return HTTPAuthorizationCredentials(scheme=scheme, credentials=credentials)
diff --git a/tests/test_security_http_digest_optional.py b/tests/test_security_http_digest_optional.py
index 1e6eb8bd7f..0d66f9c72e 100644
--- a/tests/test_security_http_digest_optional.py
+++ b/tests/test_security_http_digest_optional.py
@@ -37,8 +37,8 @@ def test_security_http_digest_incorrect_scheme_credentials():
     response = client.get(
         "/users/me", headers={"Authorization": "Other invalidauthorization"}
     )
-    assert response.status_code == 403, response.text
-    assert response.json() == {"detail": "Invalid authentication credentials"}
+    assert response.status_code == 200, response.text
+    assert response.json() == {"msg": "Create an account first"}
 
 
 def test_openapi_schema():