[py] Fix proxy basic auth handling special characters

[cgoldberg]

User description

🔗 Related Issues

Fixes #16100 (see the issue for more details)

💥 What does this PR do?

When using a proxy server that requires basic authentication where the username or password contain special characters (like #), the authentication fails because:

• The basic auth string gets URL-encoded when creating the proxy URL string
• The encoded password then gets base64-encoded in headers, causing authentication failure

This PR URL-unquotes the _basic_proxy_auth string that gets passed to urllib3.make_headers() for base64 encoding.

💡 Additional Considerations

I am hesitant to merge this without better testing. We don't have any unit tests covering this yet.

🔄 Types of changes

• Bug fix (backwards compatible)

---

PR Type

Bug fix

---

Description

• Fix proxy basic authentication with special characters in credentials

• URL-unquote basic auth string before base64 encoding

• Prevent double-encoding of special characters like '#' in passwords

---

Diagram Walkthrough

flowchart LR
  A["Proxy URL with special chars"] --> B["URL-encoded auth string"]
  B --> C["unquote() function"]
  C --> D["Clean auth string"]
  D --> E["base64 encoding"]
  E --> F["Successful authentication"]

Loading

File Walkthrough

	Relevant files
Bug fix	remote_connection.py Fix proxy auth special character handling                                py/selenium/webdriver/remote/remote_connection.py Import unquote function from urllib.parse Apply URL-unquoting to basic proxy auth string before base64 encoding Fix double-encoding issue for special characters in proxy credentials +4/-2

---

[qodo-merge-pro]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Missing Tests The PR author explicitly mentions being hesitant to merge without better testing and notes that there are no unit tests covering this functionality. This is a critical gap that should be addressed before merging. pool_manager_init_args["proxy_headers"] = urllib3.make_headers( proxy_basic_auth=unquote(self._basic_proxy_auth) ) Import Redundancy The import statement combines unquote and urlparse from urllib.parse, but urlparse was already imported separately. This creates potential confusion and should be consolidated for cleaner imports. from urllib.parse import unquote, urlparse

[qodo-merge-pro]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
General	Prevent double-decoding of credentials The unquote function should be applied selectively to avoid corrupting already-decoded credentials. Consider checking if the auth string contains URL-encoded characters before applying unquote to prevent double-decoding issues. py/selenium/webdriver/remote/remote_connection.py [301-303] +# Only unquote if the string appears to be URL-encoded +auth_string = self._basic_proxy_auth +if '%' in auth_string: + auth_string = unquote(auth_string) pool_manager_init_args["proxy_headers"] = urllib3.make_headers( - proxy_basic_auth=unquote(self._basic_proxy_auth) + proxy_basic_auth=auth_string ) Apply / Chat Suggestion importance[1-10]: 7 __ Why: The suggestion correctly identifies an edge case where unquote might corrupt a credential string that is not URL-encoded but contains a '%' character, improving the robustness of the PR's fix.	Medium
Update