Username/password in the URL not decoded when used for basic authentication

[vadz]

Checklist

• I've searched for similar issues.
• I'm using the latest version of HTTPie.

---

Minimal reproduction code and steps

Run http https://u%40d:1%3d2%[email protected]/basic-auth/u%40d/1%3d2%3f.

Current result

401 status is returned because HTTPie tries to authenticate using u%40d username instead of the expected u@d (and wrong password, too, for the same reason).

Expected result

Same as from running http -a 'u@d:1=2?' https://httpbin.org/basic-auth/u%40d/1%3d2%3f, i.e. 200 status response.

---

Debug output

Please re-run the command with --debug, then copy the entire command & output and paste both below:

$ http --debug https://u%40d:1%3d2%[email protected]/basic-auth/u%40d/1%3d2%3f
HTTPie 3.2.4
Requests 2.32.3
Pygments 2.19.1
Python 3.11.2 (main, Nov 30 2024, 21:22:50) [GCC 12.2.0]
/home/zeitlin/python/3.11/bin/python3
Linux 6.7.9-amd64

<Environment {'apply_warnings_filter': <function Environment.apply_warnings_filter at 0x7ff3af8a0720>,
 'args': Namespace(),
 'as_silent': <function Environment.as_silent at 0x7ff3af8a05e0>,
 'colors': 256,
 'config': {'default_options': []},
 'config_dir': PosixPath('/home/zeitlin/.config/httpie'),
 'devnull': <property object at 0x7ff3af87d4e0>,
 'is_windows': False,
 'log_error': <function Environment.log_error at 0x7ff3af8a0680>,
 'program_name': 'http',
 'quiet': 0,
 'rich_console': <functools.cached_property object at 0x7ff3af8916d0>,
 'rich_error_console': <functools.cached_property object at 0x7ff3af891750>,
 'show_displays': True,
 'stderr': <_io.TextIOWrapper name='<stderr>' mode='w' encoding='utf-8'>,
 'stderr_isatty': False,
 'stdin': <_io.TextIOWrapper name='<stdin>' mode='r' encoding='utf-8'>,
 'stdin_encoding': 'utf-8',
 'stdin_isatty': True,
 'stdout': <_io.TextIOWrapper name='<stdout>' mode='w' encoding='utf-8'>,
 'stdout_encoding': 'utf-8',
 'stdout_isatty': False}>

<PluginManager {'adapters': [],
 'auth': [<class 'httpie.plugins.builtin.BasicAuthPlugin'>,
          <class 'httpie.plugins.builtin.DigestAuthPlugin'>,
          <class 'httpie.plugins.builtin.BearerAuthPlugin'>],
 'converters': [],
 'formatters': [<class 'httpie.output.formatters.headers.HeadersFormatter'>,
                <class 'httpie.output.formatters.json.JSONFormatter'>,
                <class 'httpie.output.formatters.xml.XMLFormatter'>,
                <class 'httpie.output.formatters.colors.ColorFormatter'>]}>

>>> requests.request(**{'auth': <httpie.plugins.builtin.HTTPBasicAuth object at 0x7ff3afd8aa90>,
 'data': RequestJSONDataDict(),
 'headers': <HTTPHeadersDict('User-Agent': b'HTTPie/3.2.4')>,
 'method': 'get',
 'params': <generator object MultiValueOrderedDict.items at 0x7ff3af36a640>,
 'url': 'https://u%40d:1%3d2%[email protected]/basic-auth/u%40d/1%3d2%3f'})

Additional information, screenshots, or code examples

I believe HTTPie should decode percent-encoded characters in the userinfo part of the URL. Curl does it and, well, it just makes sense: otherwise user names containing reserved characters simply can't be specified directly in the URL.

This is a minor problem, because using --auth works, but I think it's surprising and confusing that using them directly in the URL does not (at least it confused me).