Use split_auth_from_netloc() inside MultiDomainBasicAuth().

src/pip/_internal/download.py

@@ -26,7 +26,6 @@ from pip._vendor.requests.utils import get_netrc_auth
 from pip._vendor.six.moves import xmlrpc_client  # type: ignore
 from pip._vendor.six.moves.urllib import parse as urllib_parse
 from pip._vendor.six.moves.urllib import request as urllib_request
-from pip._vendor.six.moves.urllib.parse import unquote as urllib_unquote
 from pip._vendor.urllib3.util import IS_PYOPENSSL
 
 import pip
@@ -39,8 +38,8 @@ from pip._internal.utils.glibc import libc_ver
 from pip._internal.utils.logging import indent_log
 from pip._internal.utils.misc import (
     ARCHIVE_EXTENSIONS, ask_path_exists, backup_dir, call_subprocess, consume,
-    display_path, format_size, get_installed_version, rmtree, splitext,
-    unpack_file,
+    display_path, format_size, get_installed_version, rmtree,
+    split_auth_from_netloc, splitext, unpack_file,
 )
 from pip._internal.utils.setuptools_build import SETUPTOOLS_SHIM
 from pip._internal.utils.temp_dir import TempDirectory
@@ -153,7 +152,7 @@ class MultiDomainBasicAuth(AuthBase):
 
         # Extract credentials embedded in the url if we have none stored
         if username is None:
-            username, password = self.parse_credentials(parsed.netloc)
+            username, password = split_auth_from_netloc(parsed.netloc)[1]
 
         # Get creds from netrc if we still don't have them
         if username is None and password is None:
@@ -213,15 +212,6 @@ class MultiDomainBasicAuth(AuthBase):
             logger.warning('401 Error, Credentials not correct for %s',
                            resp.request.url)
 
-    def parse_credentials(self, netloc):
-        if "@" in netloc:
-            userinfo = netloc.rsplit("@", 1)[0]
-            if ":" in userinfo:
-                user, pwd = userinfo.split(":", 1)
-                return (urllib_unquote(user), urllib_unquote(pwd))
-            return urllib_unquote(userinfo), None
-        return None, None
-
 
 class LocalFSAdapter(BaseAdapter):
 

tests/unit/test_download.py

@@ -10,8 +10,8 @@ from pip._vendor.six.moves.urllib import request as urllib_request
 
 import pip
 from pip._internal.download import (
-    MultiDomainBasicAuth, PipSession, SafeFileCache, path_to_url,
-    unpack_file_url, unpack_http_url, url_to_path,
+    PipSession, SafeFileCache, path_to_url, unpack_file_url, unpack_http_url,
+    url_to_path,
 )
 from pip._internal.exceptions import HashMismatch
 from pip._internal.models.link import Link
@@ -328,14 +328,3 @@ class TestPipSession:
         )
 
         assert not hasattr(session.adapters["https://example.com/"], "cache")
-
-
-def test_parse_credentials():
-    auth = MultiDomainBasicAuth()
-    assert auth.parse_credentials("foo:bar@example.com") == ('foo', 'bar')
-    assert auth.parse_credentials("foo@example.com") == ('foo', None)
-    assert auth.parse_credentials("example.com") == (None, None)
-
-    # URL-encoded reserved characters:
-    assert auth.parse_credentials("user%3Aname:%23%40%5E@example.com") \
-        == ("user:name", "#@^")