Use rawurldecode instead of urldecode, fixes #7407

src/Composer/Util/Git.php

@@ -57,7 +57,7 @@ class Git
             // capture username/password from URL if there is one
             $this->process->execute('git remote -v', $output, $cwd);
             if (preg_match('{^(?:composer|origin)\s+https?://(.+):(.+)@([^/]+)}im', $output, $match)) {
-                $this->io->setAuthentication($match[3], urldecode($match[1]), urldecode($match[2]));
+                $this->io->setAuthentication($match[3], rawurldecode($match[1]), rawurldecode($match[2]));
             }
         }
 

src/Composer/Util/RemoteFilesystem.php

@@ -243,7 +243,7 @@ class RemoteFilesystem
 
         // capture username/password from URL if there is one
         if (preg_match('{^https?://([^:/]+):([^@/]+)@([^/]+)}i', $fileUrl, $match)) {
-            $this->io->setAuthentication($originUrl, urldecode($match[1]), urldecode($match[2]));
+            $this->io->setAuthentication($originUrl, rawurldecode($match[1]), rawurldecode($match[2]));
         }
 
         $tempAdditionalOptions = $additionalOptions;

src/Composer/Util/StreamContextFactory.php

@@ -109,9 +109,9 @@ final class StreamContextFactory
 
             // handle proxy auth if present
             if (isset($proxy['user'])) {
-                $auth = urldecode($proxy['user']);
+                $auth = rawurldecode($proxy['user']);
                 if (isset($proxy['pass'])) {
-                    $auth .= ':' . urldecode($proxy['pass']);
+                    $auth .= ':' . rawurldecode($proxy['pass']);
                 }
                 $auth = base64_encode($auth);