@@ -805,6 +805,45 @@ def test_DIGESTAUTH_QUOTES_QOP_VALUE(self, httpbin):
805805 r = requests .get (url , auth = auth )
806806 assert '"auth"' in r .request .headers ["Authorization" ]
807807
808+ def test_DIGESTAUTH_WITH_SEMICOLONS_IN_PATH (self ):
809+ """Test that digest auth correctly includes semicolons in the uri field.
810+
811+ This tests issue #6990 where semicolons in URL paths were being
812+ truncated in the digest auth uri field.
813+ """
814+ from unittest .mock import Mock , patch
815+
816+ auth = HTTPDigestAuth ("user" , "pass" )
817+
818+ # Initialize the auth state
819+ auth .init_per_thread_state ()
820+ auth ._thread_local .chal = {
821+ "realm" : "test-realm" ,
822+ "nonce" : "test-nonce" ,
823+ "qop" : "auth" ,
824+ "algorithm" : "MD5"
825+ }
826+ auth ._thread_local .last_nonce = ""
827+
828+ # Test URL with semicolons in the path (MusicBrainz-style API)
829+ test_url = "https://example.com/api/collection/id1/releases/uuid1;uuid2;uuid3?fmt=json&client=test"
830+
831+ # Build the digest header
832+ header = auth .build_digest_header ("PUT" , test_url )
833+
834+ # Extract the uri field from the Authorization header
835+ assert 'uri="/api/collection/id1/releases/uuid1;uuid2;uuid3?fmt=json&client=test"' in header
836+
837+ # Test with semicolons but no query parameters
838+ test_url2 = "https://example.com/path/id1;id2;id3"
839+ header2 = auth .build_digest_header ("GET" , test_url2 )
840+ assert 'uri="/path/id1;id2;id3"' in header2
841+
842+ # Test with just path (no semicolons or query)
843+ test_url3 = "https://example.com/simple/path"
844+ header3 = auth .build_digest_header ("GET" , test_url3 )
845+ assert 'uri="/simple/path"' in header3
846+
808847 def test_POSTBIN_GET_POST_FILES (self , httpbin ):
809848 url = httpbin ("post" )
810849 requests .post (url ).raise_for_status ()
0 commit comments