Fix psf#6990: Preserve full URI path in digest auth when URL contains semicolons

MuraveyApp · MuraveyApp · commit c1d02f2000f2 · 2026-04-06T17:49:51.000+08:00
diff --git a/src/requests/auth.py b/src/requests/auth.py
@@ -183,6 +183,8 @@ def sha512_utf8(x):
         p_parsed = urlparse(url)
         #: path is request-uri defined in RFC 2616 which should not be empty
         path = p_parsed.path or "/"
+        if p_parsed.params:
+            path += f";{p_parsed.params}"
         if p_parsed.query:
             path += f"?{p_parsed.query}"
 
diff --git a/tests/test_digestauth.py b/tests/test_digestauth.py
@@ -0,0 +1,38 @@
+"""Tests for Digest Auth URI handling (issue #6990)."""
+
+import requests
+from requests.auth import HTTPDigestAuth
+
+
+def test_digest_auth_uri_includes_semicolon_params():
+    """Digest auth URI must include semicolon path parameters (issue #6990)."""
+    auth = HTTPDigestAuth("user", "pass")
+    auth._thread_local.chal = {
+        "realm": "testrealm",
+        "nonce": "testnonce",
+        "qop": "auth",
+    }
+    auth._thread_local.last_nonce = ""
+    auth._thread_local.nonce_count = 0
+
+    url = "http://example.com/path;jsessionid=abc123?q=1"
+    header = auth.build_digest_header("GET", url)
+
+    assert 'uri="/path;jsessionid=abc123?q=1"' in header
+
+
+def test_digest_auth_uri_without_semicolon_params():
+    """Digest auth URI is unchanged for URLs without semicolon path params."""
+    auth = HTTPDigestAuth("user", "pass")
+    auth._thread_local.chal = {
+        "realm": "testrealm",
+        "nonce": "testnonce",
+        "qop": "auth",
+    }
+    auth._thread_local.last_nonce = ""
+    auth._thread_local.nonce_count = 0
+
+    url = "http://example.com/path?q=1"
+    header = auth.build_digest_header("GET", url)
+
+    assert 'uri="/path?q=1"' in header
