From 19c246e988335de7c2644544b269b021815cc051 Mon Sep 17 00:00:00 2001
From: Helmut Grohne <helmut@subdivi.de>
Date: Tue, 6 Dec 2022 19:33:26 +0100
Subject: wsgitools.digest: relax checking of PATH_INFO

Apache mod_proxy_scgi seems to insert an additional slash at the start
of PATH_INFO deal with this rather than rejecting authentication.
---
 wsgitools/digest.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/wsgitools/digest.py b/wsgitools/digest.py
index ffdf063..5b101e5 100644
--- a/wsgitools/digest.py
+++ b/wsgitools/digest.py
@@ -688,10 +688,14 @@ def check_uri(credentials, environ):
         if not uri.startswith(environ["SCRIPT_NAME"]):
             raise AuthenticationRequired("url mismatch")
         uri = uri[len(environ["SCRIPT_NAME"]):]
-    if environ.get("PATH_INFO"):
-        if not uri.startswith(environ["PATH_INFO"]):
+    path_info = environ.get("PATH_INFO")
+    if path_info:
+        if uri.startswith(path_info):
+            uri = uri[len(path_info):]
+        elif path_info.startswith("/") and uri.startswith(path_info[1:]):
+            uri = uri[len(path_info)-1:]
+        else:
             raise AuthenticationRequired("url mismatch")
-        uri = uri[len(environ["PATH_INFO"]):]
     if uri not in ('', '?'):
         raise AuthenticationRequired("url mismatch")
 
-- 
cgit v1.2.3