From 3a4ac3a7c07233e72cabb232d4c1e44393570cb0 Mon Sep 17 00:00:00 2001
From: Daniel Waterworth <me@danielwaterworth.com>
Date: Thu, 1 Dec 2022 10:50:06 -0600
Subject: [PATCH] FIX: Don't update url in GitImporter (#19273)

Since it's fetched and used elsewhere and expected to stay the same.
---
 lib/theme_store/git_importer.rb           |  14 +--
 spec/lib/theme_store/git_importer_spec.rb | 109 ++++++++++++++--------
 2 files changed, 75 insertions(+), 48 deletions(-)

diff --git a/lib/theme_store/git_importer.rb b/lib/theme_store/git_importer.rb
index 873986af9e0..3c54b84e13e 100644
--- a/lib/theme_store/git_importer.rb
+++ b/lib/theme_store/git_importer.rb
@@ -117,7 +117,7 @@ class ThemeStore::GitImporter
     end
   end
 
-  def clone_args(config = {})
+  def clone_args(url, config = {})
     args = ["git"]
 
     config.each do |key, value|
@@ -130,27 +130,27 @@ class ThemeStore::GitImporter
       args.concat(['--single-branch', "-b", @branch])
     end
 
-    args.concat([@url, @temp_folder])
+    args.concat([url, @temp_folder])
 
     args
   end
 
   def clone_http!
-    @uri = redirected_uri
-    @url = @uri.to_s
+    uri = redirected_uri
 
     unless ["http", "https"].include?(@uri.scheme)
       raise_import_error!
     end
 
-    addresses = FinalDestination::SSRFDetector.lookup_and_filter_ips(@uri.host)
+    addresses = FinalDestination::SSRFDetector.lookup_and_filter_ips(uri.host)
 
     unless addresses.empty?
       env = { "GIT_TERMINAL_PROMPT" => "0" }
 
       args = clone_args(
+        uri.to_s,
         "http.followRedirects" => "false",
-        "http.curloptResolve" => "#{@uri.host}:#{@uri.port}:#{addresses.join(',')}",
+        "http.curloptResolve" => "#{uri.host}:#{uri.port}:#{addresses.join(',')}",
       )
 
       begin
@@ -168,7 +168,7 @@ class ThemeStore::GitImporter
     with_ssh_private_key do |ssh_folder|
       # Use only the specified SSH key
       env = { 'GIT_SSH_COMMAND' => "ssh -i #{ssh_folder}/id_rsa -o IdentitiesOnly=yes -o IdentityFile=#{ssh_folder}/id_rsa -o StrictHostKeyChecking=no" }
-      args = clone_args
+      args = clone_args(@url)
 
       begin
         Discourse::Utils.execute_command(env, *args, timeout: COMMAND_TIMEOUT_SECONDS)
diff --git a/spec/lib/theme_store/git_importer_spec.rb b/spec/lib/theme_store/git_importer_spec.rb
index 7efe3096b56..dc45410303c 100644
--- a/spec/lib/theme_store/git_importer_spec.rb
+++ b/spec/lib/theme_store/git_importer_spec.rb
@@ -20,39 +20,10 @@ RSpec.describe ThemeStore::GitImporter do
         .with("github.com")
         .returns(["192.0.2.100"])
 
-      FinalDestination
-        .stubs(:resolve)
-        .with(first_fetch_url, http_verb: :get)
-        .returns(URI.parse(first_fetch_url))
-
       @temp_folder = "#{Pathname.new(Dir.tmpdir).realpath}/discourse_theme_#{hex}"
       @ssh_folder = "#{Pathname.new(Dir.tmpdir).realpath}/discourse_theme_ssh_#{hex}"
     end
 
-    it "imports http urls" do
-      Discourse::Utils
-        .expects(:execute_command)
-        .with(
-          { "GIT_TERMINAL_PROMPT" => "0" },
-          "git", "-c", "http.followRedirects=false", "-c", "http.curloptResolve=github.com:443:192.0.2.100", "clone", "https://github.com/example/example.git", @temp_folder, timeout: 20
-        )
-
-      importer = ThemeStore::GitImporter.new(url)
-      importer.import!
-    end
-
-    it "imports when the url has a trailing slash" do
-      Discourse::Utils
-        .expects(:execute_command)
-        .with(
-          { "GIT_TERMINAL_PROMPT" => "0" },
-          "git", "-c", "http.followRedirects=false", "-c", "http.curloptResolve=github.com:443:192.0.2.100", "clone", "https://github.com/example/example.git", @temp_folder, timeout: 20
-        )
-
-      importer = ThemeStore::GitImporter.new(trailing_slash_url)
-      importer.import!
-    end
-
     it "imports ssh urls" do
       Discourse::Utils
         .expects(:execute_command)
@@ -65,18 +36,6 @@ RSpec.describe ThemeStore::GitImporter do
       importer.import!
     end
 
-    it "imports http urls with a particular branch" do
-      Discourse::Utils
-        .expects(:execute_command)
-        .with(
-          { "GIT_TERMINAL_PROMPT" => "0" },
-          "git", "-c", "http.followRedirects=false", "-c", "http.curloptResolve=github.com:443:192.0.2.100", "clone", "--single-branch", "-b", branch, "https://github.com/example/example.git", @temp_folder, timeout: 20
-        )
-
-      importer = ThemeStore::GitImporter.new(url, branch: branch)
-      importer.import!
-    end
-
     it "imports ssh urls with a particular branch" do
       Discourse::Utils
         .expects(:execute_command)
@@ -88,5 +47,73 @@ RSpec.describe ThemeStore::GitImporter do
       importer = ThemeStore::GitImporter.new(ssh_url, private_key: "private_key", branch: branch)
       importer.import!
     end
+
+    context "with a redirect" do
+      before do
+        FinalDestination
+          .stubs(:resolve)
+          .with(first_fetch_url, http_verb: :get)
+          .returns(URI.parse("https://github.com/redirected/example.git/info/refs?service=git-upload-pack"))
+      end
+
+      it "imports http urls" do
+        Discourse::Utils
+          .expects(:execute_command)
+          .with(
+            { "GIT_TERMINAL_PROMPT" => "0" },
+            "git", "-c", "http.followRedirects=false", "-c", "http.curloptResolve=github.com:443:192.0.2.100", "clone", "https://github.com/redirected/example.git", @temp_folder, timeout: 20
+          )
+
+        importer = ThemeStore::GitImporter.new(url)
+        importer.import!
+
+        expect(importer.url).to eq(url)
+      end
+    end
+
+    context "without a redirect" do
+      before do
+        FinalDestination
+          .stubs(:resolve)
+          .with(first_fetch_url, http_verb: :get)
+          .returns(URI.parse(first_fetch_url))
+      end
+
+      it "imports http urls" do
+        Discourse::Utils
+          .expects(:execute_command)
+          .with(
+            { "GIT_TERMINAL_PROMPT" => "0" },
+            "git", "-c", "http.followRedirects=false", "-c", "http.curloptResolve=github.com:443:192.0.2.100", "clone", "https://github.com/example/example.git", @temp_folder, timeout: 20
+          )
+
+        importer = ThemeStore::GitImporter.new(url)
+        importer.import!
+      end
+
+      it "imports when the url has a trailing slash" do
+        Discourse::Utils
+          .expects(:execute_command)
+          .with(
+            { "GIT_TERMINAL_PROMPT" => "0" },
+            "git", "-c", "http.followRedirects=false", "-c", "http.curloptResolve=github.com:443:192.0.2.100", "clone", "https://github.com/example/example.git", @temp_folder, timeout: 20
+          )
+
+        importer = ThemeStore::GitImporter.new(trailing_slash_url)
+        importer.import!
+      end
+
+      it "imports http urls with a particular branch" do
+        Discourse::Utils
+          .expects(:execute_command)
+          .with(
+            { "GIT_TERMINAL_PROMPT" => "0" },
+            "git", "-c", "http.followRedirects=false", "-c", "http.curloptResolve=github.com:443:192.0.2.100", "clone", "--single-branch", "-b", branch, "https://github.com/example/example.git", @temp_folder, timeout: 20
+          )
+
+        importer = ThemeStore::GitImporter.new(url, branch: branch)
+        importer.import!
+      end
+    end
   end
 end