From ca187abd13052fee100909076358fca89b473e0f Mon Sep 17 00:00:00 2001
From: Cory Benfield <lukasaoz@gmail.com>
Date: Sat, 11 Jan 2014 09:59:23 +0000
Subject: [PATCH 1/5] Unquote the auth after splitting the url.

---
 requests/utils.py | 11 +++++++----
 test_requests.py  |  6 +++++-
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/requests/utils.py b/requests/utils.py
index 7a4d44d5..168ff02e 100644
--- a/requests/utils.py
+++ b/requests/utils.py
@@ -635,11 +635,14 @@ def get_auth_from_url(url):
     """Given a url with authentication components, extract them into a tuple of
     username,password."""
     if url:
-        url = unquote(url)
         parsed = urlparse(url)
-        return (parsed.username, parsed.password)
-    else:
-        return ('', '')
+
+        try:
+            return (unquote(parsed.username), unquote(parsed.password))
+        except AttributeError:
+            pass
+
+    return ('', '')
 
 
 def to_native_string(string, encoding='ascii'):
diff --git a/test_requests.py b/test_requests.py
index 1e8e723f..4c1a3692 100755
--- a/test_requests.py
+++ b/test_requests.py
@@ -194,7 +194,7 @@ class RequestsTestCase(unittest.TestCase):
         assert r.json()['cookies']['foo'] == 'bar'
         # Make sure the session cj is still the custom one
         assert s.cookies is cj
-    
+
     def test_param_cookiejar_works(self):
         cj = cookielib.CookieJar()
         cookiejar_from_dict({'foo' : 'bar'}, cj)
@@ -705,6 +705,10 @@ class RequestsTestCase(unittest.TestCase):
         url = 'http://user%user:pass@complex.url.com/path?query=yes'
         assert ('user%user', 'pass') == requests.utils.get_auth_from_url(url)
 
+    def test_get_auth_from_url_encoded_hashes(self):
+        url = 'http://user:pass%23pass@complex.url.com/path?query=yes'
+        assert ('user', 'pass#pass') == requests.utils.get_auth_from_url(url)
+
     def test_cannot_send_unprepared_requests(self):
         r = requests.Request(url=HTTPBIN)
         with pytest.raises(ValueError):

From dddb41e34906c1b7eff389921c7b1bb6d734a433 Mon Sep 17 00:00:00 2001
From: Cory Benfield <lukasaoz@gmail.com>
Date: Sat, 11 Jan 2014 10:15:53 +0000
Subject: [PATCH 2/5] TypeError, not AttributeError on 3.3.

---
 requests/utils.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requests/utils.py b/requests/utils.py
index 168ff02e..13b649d3 100644
--- a/requests/utils.py
+++ b/requests/utils.py
@@ -639,7 +639,7 @@ def get_auth_from_url(url):
 
         try:
             return (unquote(parsed.username), unquote(parsed.password))
-        except AttributeError:
+        except (AttributeError, TypeError):
             pass
 
     return ('', '')

From b4ca6c95b60230ad604f8b89440fef18cfaa3a8c Mon Sep 17 00:00:00 2001
From: Cory Benfield <lukasaoz@gmail.com>
Date: Sun, 12 Jan 2014 09:39:32 +0000
Subject: [PATCH 3/5] Meet @sigmavirus24's demanding stylistic criteria.

---
 requests/utils.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/requests/utils.py b/requests/utils.py
index 13b649d3..528e7c90 100644
--- a/requests/utils.py
+++ b/requests/utils.py
@@ -638,11 +638,13 @@ def get_auth_from_url(url):
         parsed = urlparse(url)
 
         try:
-            return (unquote(parsed.username), unquote(parsed.password))
+            auth = (unquote(parsed.username), unquote(parsed.password))
         except (AttributeError, TypeError):
-            pass
+            auth = ('', '')
+    else:
+        auth = ('', '')
 
-    return ('', '')
+    return auth
 
 
 def to_native_string(string, encoding='ascii'):

From 2f98ef17924d296a4871d909e43f5e7e365d05a3 Mon Sep 17 00:00:00 2001
From: Cory Benfield <lukasaoz@gmail.com>
Date: Sun, 12 Jan 2014 14:44:53 +0000
Subject: [PATCH 4/5] Be less defensive in get_auth_from_url.

---
 requests/utils.py | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/requests/utils.py b/requests/utils.py
index 528e7c90..7b7ff0a7 100644
--- a/requests/utils.py
+++ b/requests/utils.py
@@ -634,14 +634,11 @@ def except_on_missing_scheme(url):
 def get_auth_from_url(url):
     """Given a url with authentication components, extract them into a tuple of
     username,password."""
-    if url:
-        parsed = urlparse(url)
+    parsed = urlparse(url)
 
-        try:
-            auth = (unquote(parsed.username), unquote(parsed.password))
-        except (AttributeError, TypeError):
-            auth = ('', '')
-    else:
+    try:
+        auth = (unquote(parsed.username), unquote(parsed.password))
+    except (AttributeError, TypeError):
         auth = ('', '')
 
     return auth

From 5b4e9aff0ea2d0876de33f57cece4b06fe4bc194 Mon Sep 17 00:00:00 2001
From: Cory Benfield <lukasaoz@gmail.com>
Date: Sun, 12 Jan 2014 14:46:40 +0000
Subject: [PATCH 5/5] Don't need to unquote twice.

---
 requests/adapters.py | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/requests/adapters.py b/requests/adapters.py
index 43addb1b..dd10e959 100644
--- a/requests/adapters.py
+++ b/requests/adapters.py
@@ -286,10 +286,6 @@ class HTTPAdapter(BaseAdapter):
         username, password = get_auth_from_url(proxy)
 
         if username and password:
-            # Proxy auth usernames and passwords will be urlencoded, we need
-            # to decode them.
-            username = unquote(username)
-            password = unquote(password)
             headers['Proxy-Authorization'] = _basic_auth_str(username,
                                                              password)