From 852f6970df58f7e9b25cf109dc4aa88b38c8b34c Mon Sep 17 00:00:00 2001
From: "Axel H." <noirbizarre@gmail.com>
Date: Thu, 19 Sep 2024 09:50:38 +0200
Subject: [PATCH] fix(auth): ensures `/` is URL encoded in sources auth
 environment variables (fix #3169)

---
 news/3169.bugfix.md | 1 +
 src/pdm/utils.py    | 2 +-
 tests/test_utils.py | 8 ++++----
 3 files changed, 6 insertions(+), 5 deletions(-)
 create mode 100644 news/3169.bugfix.md

diff --git a/news/3169.bugfix.md b/news/3169.bugfix.md
new file mode 100644
index 0000000000..1d0c0482d9
--- /dev/null
+++ b/news/3169.bugfix.md
@@ -0,0 +1 @@
+Ensures that  `/` is URL encoded in sources URL environment variables.
diff --git a/src/pdm/utils.py b/src/pdm/utils.py
index a474d91351..6b62d671f8 100644
--- a/src/pdm/utils.py
+++ b/src/pdm/utils.py
@@ -244,7 +244,7 @@ def expand_env_vars(credential: str, quote: bool = False, env: Mapping[str, str]
 
     def replace_func(match: Match) -> str:
         rv = env.get(match.group(1), match.group(0))
-        return parse.quote(rv) if quote else rv
+        return parse.quote(rv, "") if quote else rv
 
     return re.sub(r"\$\{(.+?)\}", replace_func, credential)
 
diff --git a/tests/test_utils.py b/tests/test_utils.py
index 7461d71d35..a2122fb5a0 100644
--- a/tests/test_utils.py
+++ b/tests/test_utils.py
@@ -217,11 +217,11 @@ def test_expand_env_vars(given, expected, monkeypatch):
         ("https://example.org/path?arg=1", "https://example.org/path?arg=1"),
         (
             "https://${FOO}@example.org/path?arg=1",
-            "https://hello@example.org/path?arg=1",
+            "https://token%3Aoidc%2F1@example.org/path?arg=1",
         ),
         (
             "https://${FOO}:${BAR}@example.org/path?arg=1",
-            "https://hello:wo%3Arld@example.org/path?arg=1",
+            "https://token%3Aoidc%2F1:p%40ssword@example.org/path?arg=1",
         ),
         (
             "https://${FOOBAR}@example.org/path?arg=1",
@@ -230,8 +230,8 @@ def test_expand_env_vars(given, expected, monkeypatch):
     ],
 )
 def test_expand_env_vars_in_auth(given, expected, monkeypatch):
-    monkeypatch.setenv("FOO", "hello")
-    monkeypatch.setenv("BAR", "wo:rld")
+    monkeypatch.setenv("FOO", "token:oidc/1")
+    monkeypatch.setenv("BAR", "p@ssword")
     assert utils.expand_env_vars_in_auth(given) == expected