Username/password in the URL not decoded when used for basic authentication #1623
Description
Checklist
- I've searched for similar issues.
- I'm using the latest version of HTTPie.
Minimal reproduction code and steps
Run http https://u%40d:1%3d2%[email protected]/basic-auth/u%40d/1%3d2%3f.
Current result
401 status is returned because HTTPie tries to authenticate using u%40d username instead of the expected u@d (and wrong password, too, for the same reason).
Expected result
Same as from running http -a 'u@d:1=2?' https://httpbin.org/basic-auth/u%40d/1%3d2%3f, i.e. 200 status response.
Debug output
Please re-run the command with --debug, then copy the entire command & output and paste both below:
$ http --debug https://u%40d:1%3d2%[email protected]/basic-auth/u%40d/1%3d2%3f
HTTPie 3.2.4
Requests 2.32.3
Pygments 2.19.1
Python 3.11.2 (main, Nov 30 2024, 21:22:50) [GCC 12.2.0]
/home/zeitlin/python/3.11/bin/python3
Linux 6.7.9-amd64
<Environment {'apply_warnings_filter': <function Environment.apply_warnings_filter at 0x7ff3af8a0720>,
'args': Namespace(),
'as_silent': <function Environment.as_silent at 0x7ff3af8a05e0>,
'colors': 256,
'config': {'default_options': []},
'config_dir': PosixPath('/home/zeitlin/.config/httpie'),
'devnull': <property object at 0x7ff3af87d4e0>,
'is_windows': False,
'log_error': <function Environment.log_error at 0x7ff3af8a0680>,
'program_name': 'http',
'quiet': 0,
'rich_console': <functools.cached_property object at 0x7ff3af8916d0>,
'rich_error_console': <functools.cached_property object at 0x7ff3af891750>,
'show_displays': True,
'stderr': <_io.TextIOWrapper name='<stderr>' mode='w' encoding='utf-8'>,
'stderr_isatty': False,
'stdin': <_io.TextIOWrapper name='<stdin>' mode='r' encoding='utf-8'>,
'stdin_encoding': 'utf-8',
'stdin_isatty': True,
'stdout': <_io.TextIOWrapper name='<stdout>' mode='w' encoding='utf-8'>,
'stdout_encoding': 'utf-8',
'stdout_isatty': False}>
<PluginManager {'adapters': [],
'auth': [<class 'httpie.plugins.builtin.BasicAuthPlugin'>,
<class 'httpie.plugins.builtin.DigestAuthPlugin'>,
<class 'httpie.plugins.builtin.BearerAuthPlugin'>],
'converters': [],
'formatters': [<class 'httpie.output.formatters.headers.HeadersFormatter'>,
<class 'httpie.output.formatters.json.JSONFormatter'>,
<class 'httpie.output.formatters.xml.XMLFormatter'>,
<class 'httpie.output.formatters.colors.ColorFormatter'>]}>
>>> requests.request(**{'auth': <httpie.plugins.builtin.HTTPBasicAuth object at 0x7ff3afd8aa90>,
'data': RequestJSONDataDict(),
'headers': <HTTPHeadersDict('User-Agent': b'HTTPie/3.2.4')>,
'method': 'get',
'params': <generator object MultiValueOrderedDict.items at 0x7ff3af36a640>,
'url': 'https://u%40d:1%3d2%[email protected]/basic-auth/u%40d/1%3d2%3f'})Additional information, screenshots, or code examples
I believe HTTPie should decode percent-encoded characters in the userinfo part of the URL. Curl does it and, well, it just makes sense: otherwise user names containing reserved characters simply can't be specified directly in the URL.
This is a minor problem, because using --auth works, but I think it's surprising and confusing that using them directly in the URL does not (at least it confused me).