Fix empty domain issue in DigestAuthMiddleware

[Dreamsorcerer]

No description provided.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.96%. Comparing base (c4de983) to head (29f9484).
⚠️ Report is 1 commits behind head on master.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##           master   #12983   +/-   ##
=======================================
  Coverage   98.96%   98.96%           
=======================================
  Files         131      131           
  Lines       48087    48123   +36     
  Branches     2496     2499    +3     
=======================================
+ Hits        47587    47623   +36     
  Misses        376      376           
  Partials      124      124           

Flag	Coverage Δ
Autobahn	22.22% <8.10%> (-0.02%)	⬇️
CI-GHA	98.90% <100.00%> (+<0.01%)	⬆️
OS-Linux	98.67% <100.00%> (-0.01%)	⬇️
OS-Windows	97.04% <100.00%> (+<0.01%)	⬆️
OS-macOS	97.95% <100.00%> (+<0.01%)	⬆️
Py-3.10	98.14% <100.00%> (-0.01%)	⬇️
Py-3.11	98.41% <100.00%> (+<0.01%)	⬆️
Py-3.12	98.50% <100.00%> (+<0.01%)	⬆️
Py-3.13	98.48% <100.00%> (+<0.01%)	⬆️
Py-3.14	98.49% <100.00%> (+<0.01%)	⬆️
Py-3.14t	97.58% <100.00%> (-0.01%)	⬇️
Py-pypy-3.11	97.44% <100.00%> (-0.01%)	⬇️
VM-macos	97.95% <100.00%> (+<0.01%)	⬆️
VM-ubuntu	98.67% <100.00%> (-0.01%)	⬇️
VM-windows	97.04% <100.00%> (+<0.01%)	⬆️
cython-coverage	37.99% <0.00%> (-0.03%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

[Dreamsorcerer]

@aiolibsbot review

[codspeed-hq]

Merging this PR will not alter performance

✅ 83 untouched benchmarks
⏩ 83 skipped benchmarks¹

---

_{Comparing fix-digest-auth (29f9484) with master (c4de983)²}

Footnotes

1. 83 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩

2. No successful run was found on master (51da10a) during the generation of this report, so c4de983 was used instead as the comparison base. There might be some changes unrelated to this pull request in this report. ↩

[aiolibsbot]

PR Review — Fix empty domain issue in DigestAuthMiddleware

Solid, minimal fix for a real IndexError. Merge-ready.

What's done well:

• Correctly diagnoses the root cause: a domain directive of just " strips to "", which str(URL("")) turns into an empty string in _protection_space; _in_protection_space then crashes on space_str[-1] (line 391).

• The fix is robust on two layers: if not uri: continue skips empty tokens, and the unconditional if not self._protection_space: fallback to origin also catches any future case where a token parses to empty.

• Hoisting self._protection_space = [] above the branch unifies the empty-domain and no-domain paths without changing behavior for valid domains.

• Test coverage is thorough: a parametrized unit test for both the escaped-quote and bare-quote forms, plus an end-to-end preemptive-auth regression that exercises the exact failure (second request raising IndexError). Behavior-only assertions, no source inspection.

• Changelog fragment present with correct PR number and :user: attribution.

• No blocking or warning-level issues found.

---

---

Automated review by Kōan (Claude) HEAD=29f9484 44s