1 files changed, 28 insertions, 0 deletions

diff --git a/test.py b/test.py
index 92e2ce9..c9d972d 100755
--- a/test.py
+++ b/test.py
@@ -184,6 +184,20 @@ class AuthDigestMiddlewareTest(unittest.TestCase):
         res.status(401)
         res.header("WWW-Authenticate", lambda _: True)
 
+    def test401garbage(self):
+        req = self.req.copy()
+        req.setheader('http-authorization', 'Garbage')
+        res = req(self.app)
+        res.status(401)
+        res.header("WWW-Authenticate", lambda _: True)
+
+    def test401digestgarbage(self):
+        req = self.req.copy()
+        req.setheader('http-authorization', 'Digest ","')
+        res = req(self.app)
+        res.status(401)
+        res.header("WWW-Authenticate", lambda _: True)
+
     def doauth(self, password="baz", status=200):
         res = self.req(self.app)
         nonce = next(iter(filter(lambda x: x.startswith("nonce="),
@@ -258,6 +272,20 @@ class BasicAuthMiddlewareTest(unittest.TestCase):
         res.status(401)
         res.header("WWW-Authenticate", lambda _: True)
 
+    def test401garbage(self):
+        req = self.req.copy()
+        req.setheader('http-authorization', 'Garbage')
+        res = req(self.app)
+        res.status(401)
+        res.header("WWW-Authenticate", lambda _: True)
+
+    def test401basicgarbage(self):
+        req = self.req.copy()
+        req.setheader('http-authorization', 'Basic ()')
+        res = req(self.app)
+        res.status(401)
+        res.header("WWW-Authenticate", lambda _: True)
+
     def doauth(self, password="baz", status=200):
         req = self.req.copy()
         token = ("bar:%s" % password).encode("base64").strip()