Finish PR 3732: Handle url encoded credentials

[qdamian]

Please consider this PR that closes #3236.

It's based on mjwillson's fix, but attempts to address Ivoz's comments in PR #3732.

Thanks!

[dstufft]

This code looks good to me, though I'd love to get @Lukasa or @sigmavirus24 to take a quick look at it to make sure this makes sense from a HTTP perspective.

[Lukasa]

So this is in principle fine, but bumps into the kind of problem that Requests bumps into a lot: how do you tell the difference between urlencoded credentials and raw credentials that happen to contain valid urlencoded strings? Like...what if the password actually contains the characters %23 in that order?

This is a difficult thing to handle, and consistency is generally valuable, but this change can (and probably will) break someone if we're not careful.

[dstufft]

@Lukasa Ok thanks. I think the answer here is probably just, this is an URL so you need to urlquote your stuff, if your password contains %23 you'll need to escape it.

[sigmavirus24]

Alternate suggestion, @dstufft, you're already using rfc3986. v1.0 will have a URIBuilder object and if you have users specify credentials separately then you can use that to ensure the credentials are properly encoded.