Installing from private repository using --extra-index-url results in a prompt for user credentials

[alegonz]

Environment

• pip version: 19.2 and over
• Python version: 3.7.2
• OS: Debian 9

Description

pip install results in a prompt for user credentials when specifying a private repository with --extra-index-url and a URL that includes a read token.

Issues #3931 and #6775 are possibly related.

Expected behavior

The URL with the read token should suffice to download and install packages from the private repository.

How to Reproduce

The commands below were executed in a docker container using the python:3.7.2-stretch image.

$ docker run -it python:3.7.2-stretch /bin/bash

1. With version 19.2.1, trying to install from a private repository (in this case, packagecloud) using the --extra-index-url option and a URL with a read token (actual repo details were redacted) results in a prompt for user credentials.

$ pip --version
pip 19.2.1 from /usr/local/lib/python3.7/site-packages/pip (python 3.7)
$ pip install --extra-index-url=https://*MY-TOKEN*@packagecloud.io/myuser/myrepo/pypi/simple mypackage
Looking in indexes: https://pypi.org/simple, https://*MY-TOKEN*@packagecloud.io/myuser/myrepo/pypi/simple
Collecting mypackage
User for packagecloud.io:

2. Downgrading pip to 19.1.1 solves the issue:

$ pip install pip==19.1.1
Collecting pip==19.1.1
  Downloading https://files.pythonhosted.org/packages/5c/e0/be401c003291b56efc55aeba6a80ab790d3d4cece2778288d65323009420/pip-19.1.1-py2.py3-none-any.whl (1.4MB)
     |████████████████████████████████| 1.4MB 4.5MB/s 
Installing collected packages: pip
  Found existing installation: pip 19.2.1
    Uninstalling pip-19.2.1:
      Successfully uninstalled pip-19.2.1
Successfully installed pip-19.1.1
$ pip install --extra-index-url=https://*MY-TOKEN*@packagecloud.io/myuser/myrepo/pypi/simple mypackage
Looking in indexes: https://pypi.org/simple, https://*MY-TOKEN*@packagecloud.io/myuser/myrepo/pypi/simple
Collecting mypackage
  Downloading https://packagecloud.io/myuser/myrepo/pypi/packages/mypackage-0.1.0-py2.py3-none-any.whl (80kB)
     |████████████████████████████████| 81kB 7.0MB/s 
Installing collected packages: mypackage
Successfully installed mypackage-0.1.0
WARNING: You are using pip version 19.1.1, however version 19.2.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.

[cjerdonek]

Does it work if you put a colon after the token?

[alegonz]

Does it work if you put a colon after the token?

It does! 🎉
19.1.1: works with or without colon.
19.2.1: works with colon, does not without.

[cjerdonek]

This is the same as #6796.

[pradyunsg]

Duplicate of #6796

[alegonz]

@cjerdonek @pradyunsg
Thank you!