From 808220b882d9b96dc77aa03ba998d365336bb623 Mon Sep 17 00:00:00 2001
From: gaosiyuan <1264472267@qq.com>
Date: Tue, 23 Jun 2026 15:15:39 +0800
Subject: [PATCH] fix: decode percent-encoded credentials from URL

When credentials are passed in the URL (e.g. http://u%40d:***@host/),
Python's urlsplit() preserves the percent-encoding in .username and
.password attributes. Apply urllib.parse.unquote() to decode them
before passing to the auth handler.

This matches curl's behavior and fixes #1623.
---
 httpie/cli/argparser.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/httpie/cli/argparser.py b/httpie/cli/argparser.py
index 9bf09b3b73..897fcdb559 100644
--- a/httpie/cli/argparser.py
+++ b/httpie/cli/argparser.py
@@ -5,7 +5,7 @@
 import sys
 from argparse import RawDescriptionHelpFormatter
 from textwrap import dedent
-from urllib.parse import urlsplit
+from urllib.parse import unquote, urlsplit
 
 from requests.utils import get_netrc_auth
 
@@ -288,9 +288,9 @@ def _process_auth(self):
 
         if self.args.auth is None and not auth_type_set:
             if url.username is not None:
-                # Handle http://username:password@hostname/
-                username = url.username
-                password = url.password or ''
+                # Handle http://username:***@hostname/
+                username = unquote(url.username)
+                password = unquote(url.password) if url.password else ''
                 self.args.auth = AuthCredentials(
                     key=username,
                     value=password,