Merge pull request conda#600 from wholtz/response_url_credentials

fix: remove credentials from response URLs

conda_lock/pypi_solver.py

@@ -359,6 +359,8 @@ def get_requirements(
  # https://github.com/conda/conda-lock/blob/ac31f5ddf2951ed4819295238ccf062fb2beb33c/conda_lock/_vendor/poetry/installation/executor.py#L557
  else:
  link = chooser.choose_for(op.package)
+ parsed_url = urlsplit(link.url)
+ link.url = link.url.replace(parsed_url.netloc, str(parsed_url.hostname))
  url = link.url_without_fragment
  hashes: Dict[str, str] = {}
  if link.hash_name is not None and link.hash is not None:

tests/test_pip_repositories.py

@@ -54,9 +54,13 @@ def private_package_tar():
  os.remove(tar_path)
 
 
-@pytest.fixture(autouse=True)
-def mock_private_pypi(private_package_tar: Path):
+@pytest.fixture(
+ autouse=True,
+ params=["response_url_without_credentials", "response_url_with_credentials"],
+)
+def mock_private_pypi(private_package_tar: Path, request: pytest.FixtureRequest):
  with requests_mock.Mocker(real_http=True) as mocker:
+ fixture_request = request
 
  def _make_response(
  request: requests.Request,
@@ -84,7 +88,10 @@ def _make_response(
  response.raw.seek(0)
 
  url = urlparse(request.url)
- response.url = request.url.replace(url.netloc, url.hostname)
+ if fixture_request.param == "response_url_with_credentials":
+ response.url = request.url
+ else:
+ response.url = request.url.replace(url.netloc, url.hostname)
  response.reason = reason
  return response