This change parses the `index_url` of the source and extracts out the
Basic Authentication `username` and `password` credentials, if they
exist, to be used by the existing mechanism for netrc parsing.
The `index_url` is then reconstructed without the credentials, so that
the rest of the index fetch can proceed as expected.
Details
=======
Previously, if one had a `pyproject.toml` with a custom source that had
basic auth credentials in the URL, e.g.
```toml
[[tool.poetry.source]]
name = "private_source"
url = "https://username:password@pypi.example.com/pypi"
```
The `fetch_from_legacy.py` script would fail to parse, erronously
splitting on the `:` thinking that whatever came after it was a numeric
port identifier ala `https://example.com:8080`.
While embedding authentication credentials in an index URL that is then
committed to a `pyproject.toml` is not what one would consider best
practice (there are several alternative approaches that keep credentials
out of the `pyproject.toml` file), it _is_ supported by the direct usage
of Poetry, and those legacy projects should still be able to utilize
`poetry2nix`.
The PyPI Legacy API documentation [1] says that the distribution
downloads for project can be accessed via a request
GET /simple/<project>/
but the current implementation instead makes a request
GET /simple/<project>
There exist some custom repository servers that give erroneous responses
to requests without the slash, so include the slash.
[1]: https://warehouse.pypa.io/api-reference/legacy.html
We want this fetcher to still work even when the CA certs and server
certs are expired or otherwise considered insecure for backwards
compatibility reasons.
