Preserve uncleaned VCS URL in the lock file.

news/6256.bugfix.rst

@@ -0,0 +1 @@
+Fixes regression in lock file generation that caused environment variable references (e.g., ${GIT_PASSWORD}) in VCS URLs to be stripped out. This restores the ability to use credential placeholders in version control system URLs.

pipenv/utils/dependencies.py

@@ -283,10 +283,7 @@ def clean_resolved_dep(project, dep, is_top_level=False, current_entry=None):
                     [extra.strip() for extra in extras_section.split(",")]
                 )
 
-            # Extract the clean VCS URL
-            clean_vcs_url = extract_vcs_url(vcs_url)
-
-            lockfile[vcs_type] = clean_vcs_url
+            lockfile[vcs_type] = vcs_url
             lockfile["ref"] = dep.get("ref")
             if "subdirectory" in dep:
                 lockfile["subdirectory"] = dep["subdirectory"]

tests/integration/test_install_vcs.py

@@ -1,3 +1,5 @@
+import os
+
 import pytest
 
 
@@ -8,3 +10,35 @@ def test_install_github_vcs(pipenv_instance_pypi):
         c = p.pipenv("install git+https://github.com/reagento/adaptix.git@2.16")
         assert not c.returncode
         assert "dataclass-factory" in p.pipfile["packages"]
+
+
+@pytest.mark.basic
+@pytest.mark.install
+@pytest.mark.parametrize("use_credentials", [True, False])
+def test_install_github_vcs_with_credentials(pipenv_instance_pypi, use_credentials):
+    with pipenv_instance_pypi() as p:
+        # Set environment variables
+        os.environ['GIT_REPO'] = 'github.com/reagento/adaptix.git'
+        if use_credentials:
+            os.environ['GIT_USERNAME'] = 'git'  # Use 'git' as a dummy username
+            os.environ['GIT_PASSWORD'] = ''  # Empty password for public repos
+            url = "git+https://${GIT_USERNAME}:${GIT_PASSWORD}@${GIT_REPO}@2.16"
+        else:
+            url = "git+https://${GIT_REPO}@2.16"
+
+        # Use single quotes to prevent shell expansion
+        c = p.pipenv(f"install '{url}'")
+        assert c.returncode == 0, f"Install failed with error: {c.stderr}"
+
+        assert "dataclass-factory" in p.pipfile["packages"]
+
+        # Check if the URL in the lockfile still contains the environment variables
+        lockfile_content = p.lockfile
+        assert "${GIT_REPO}" in lockfile_content['default']['dataclass-factory']['git']
+        if use_credentials:
+            assert "${GIT_USERNAME}" in lockfile_content['default']['dataclass-factory']['git']
+            assert "${GIT_PASSWORD}" in lockfile_content['default']['dataclass-factory']['git']
+
+        # Verify that the package is installed and usable
+        c = p.pipenv("run python -c 'import dataclass_factory'")
+        assert c.returncode == 0, f"Failed to import library: {c.stderr}"

tests/unit/test_dependencies.py

@@ -0,0 +1,31 @@
+import pytest
+from pipenv.utils.dependencies import clean_resolved_dep
+
+def test_clean_resolved_dep_with_vcs_url():
+    project = {}  # Mock project object, adjust as needed
+    dep = {
+        "name": "example-package",
+        "git": "git+https://${GIT_USERNAME}:${GIT_PASSWORD}@github.com/username/repo.git",
+        "ref": "main"
+    }
+
+    result = clean_resolved_dep(project, dep)
+
+    assert "example-package" in result
+    assert result["example-package"]["git"] == "git+https://${GIT_USERNAME}:${GIT_PASSWORD}@github.com/username/repo.git"
+    assert result["example-package"]["ref"] == "main"
+
+def test_clean_resolved_dep_with_vcs_url_and_extras():
+    project = {}  # Mock project object, adjust as needed
+    dep = {
+        "name": "example-package",
+        "git": "git+https://${GIT_USERNAME}:${GIT_PASSWORD}@github.com/username/repo.git[extra1,extra2]",
+        "ref": "main"
+    }
+
+    result = clean_resolved_dep(project, dep)
+
+    assert "example-package" in result
+    assert result["example-package"]["git"] == "git+https://${GIT_USERNAME}:${GIT_PASSWORD}@github.com/username/repo.git[extra1,extra2]"
+    assert result["example-package"]["ref"] == "main"
+    assert result["example-package"]["extras"] == ["extra1", "extra2"]