client = TestClient(app)


def test_security_http_digest():
    response = client.get("/users/me", headers={"Authorization": "Digest foobar"})
    assert response.status_code == 200, response.text
    assert response.json() == {"scheme": "Digest", "credentials": "foobar"}


def test_security_http_digest_no_credentials():
    response = client.get("/users/me")

apiVersion: v1
entries:
  minio:
  - apiVersion: v1
    appVersion: RELEASE.2024-12-18T13-15-44Z
    created: "2025-01-02T21:34:25.234658257-08:00"
    description: High Performance Object Storage
    digest: 25fa2740480d1ebc9e64340854a6c42d3a7bc39c2a77378da91b21f144faa9af
    home: https://min.io
    icon: https://min.io/resources/img/logo/MINIO_wordmark.png
    keywords:
    - minio
    - storage
    - object-storage
    - s3

client = TestClient(app)


def test_security_http_digest():
    response = client.get("/users/me", headers={"Authorization": "Digest foobar"})
    assert response.status_code == 200, response.text
    assert response.json() == {"scheme": "Digest", "credentials": "foobar"}


def test_security_http_digest_no_credentials():
    response = client.get("/users/me")

    - name: Update the RBE Configs
      run: |
        function map() {
          # The "digest" that allows us to pull an image is not the digest as
          # returned by the API, but a sha256sum of the entire chunk of image
          # metadata. gcr.io helpfully includes it in the header of the response
          # as docker-content-digest: sha256:[digest]. Note we use egrep to
          # match exactly sha256:<hash> because curl may include a ^M symbol at

client = TestClient(app)


def test_security_http_digest():
    response = client.get("/users/me", headers={"Authorization": "Digest foobar"})
    assert response.status_code == 200, response.text
    assert response.json() == {"scheme": "Digest", "credentials": "foobar"}


def test_security_http_digest_no_credentials():
    response = client.get("/users/me")

        return HTTPAuthorizationCredentials(scheme=scheme, credentials=credentials)


class HTTPDigest(HTTPBase):
    """
    HTTP Digest authentication.

    **Warning**: this is only a stub to connect the components with OpenAPI in FastAPI,
    but it doesn't implement the full Digest scheme, you would need to to subclass it
    and implement it in your code.

    Ref: https://datatracker.ietf.org/doc/html/rfc7616

        byte[] digest = md.digest();

        String md5path = repository.pathOf(artifact) + ".md5";
        File md5artifactFile = new File(repository.getBasedir(), md5path);
        try (Writer writer =
                new OutputStreamWriter(new FileOutputStream(md5artifactFile), StandardCharsets.ISO_8859_1)) {
            writer.append(printHexBinary(digest));
        }
    }

}

// BadDigest - Content-MD5 you specified did not match what we received.
type BadDigest struct {
	ExpectedMD5   string
	CalculatedMD5 string
}

func (e BadDigest) Error() string {
	return "Bad digest: Expected " + e.ExpectedMD5 + " does not match calculated " + e.CalculatedMD5
}

// SizeTooSmall reader size too small
type SizeTooSmall struct {
	Want int64
	Got  int64
}

    for name, rev in peer.listkeys(b'bookmarks').items():
      h.update(name)
      h.update(b'=')
      h.update(rev)
      h.update(b'\n')
  print('r1:'+base64.standard_b64encode(h.digest()).decode('utf-8'))

@command(b'golookup', [], _('url rev'), norepo=True)
def golookup(ui, url, rev):
  """
  golookup looks up a single identifier in the repo,
  printing its hash.
  """

#### Исправление с помощью `secrets.compare_digest()` { #fix-it-with-secrets-compare-digest }

Но в нашем коде мы используем `secrets.compare_digest()`.

Вкратце: сравнение `stanleyjobsox` с `stanleyjobson` займёт столько же времени, сколько и сравнение `johndoe` с `stanleyjobson`. То же относится и к паролю.