Fix digest auth dropping challenge fields with empty string values (aio-libs#12097)

bysiber · web-flow · commit 51d5dbac70b5 · 2026-02-20T22:38:21.000Z
diff --git a/CHANGES/12097.bugfix.rst b/CHANGES/12097.bugfix.rst
@@ -0,0 +1 @@
+Fixed digest auth dropping challenge fields with empty string values -- by :user:`bysiber`.
diff --git a/aiohttp/client_middleware_digest_auth.py b/aiohttp/client_middleware_digest_auth.py
@@ -414,7 +414,7 @@ def _authenticate(self, response: ClientResponse) -> bool:
         # Extract challenge parameters
         self._challenge = {}
         for field in CHALLENGE_FIELDS:
-            if value := header_pairs.get(field):
+            if (value := header_pairs.get(field)) is not None:
                 self._challenge[field] = value
 
         # Update protection space based on domain parameter or default to origin
diff --git a/tests/test_client_middleware_digest_auth.py b/tests/test_client_middleware_digest_auth.py
@@ -114,6 +114,13 @@ def mock_md5_digest() -> Generator[mock.MagicMock, None, None]:
             True,
             {"realm": "test", "nonce": "abc", "qop": "auth"},
         ),
+        # Valid digest with empty realm (RFC 7616 Section 3.3 allows this)
+        (
+            401,
+            {"www-authenticate": 'Digest realm="", nonce="abc", qop="auth"'},
+            True,
+            {"realm": "", "nonce": "abc", "qop": "auth"},
+        ),
         # Non-401 status
         (200, {}, False, {}),  # No challenge should be set
     ],

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	+Fixed digest auth dropping challenge fields with empty string values -- by :user:`bysiber`.