feat: add switch to disable dns pinning

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>

Author: kesselb

lib/private/Http/Client/ClientService.php

@@ -27,8 +27,10 @@
 namespace OC\Http\Client;
 
 use GuzzleHttp\Client as GuzzleClient;
-use GuzzleHttp\HandlerStack;
 use GuzzleHttp\Handler\CurlHandler;
+use GuzzleHttp\HandlerStack;
+use GuzzleHttp\Middleware;
+use OCP\Diagnostics\IEventLogger;
 use OCP\Http\Client\IClient;
 use OCP\Http\Client\IClientService;
 use OCP\ICertificateManager;
@@ -65,8 +67,9 @@ public function __construct(IConfig $config,
 	public function newClient(): IClient {
 		$handler = new CurlHandler();
 		$stack = HandlerStack::create($handler);
-		$stack->push($this->dnsPinMiddleware->addDnsPinning());
-
+		if ($this->config->getSystemValueBool('dns_pinning', true)) {
+			$stack->push($this->dnsPinMiddleware->addDnsPinning());
+		}
 		$client = new GuzzleClient(['handler' => $stack]);
 
 		return new Client(

tests/lib/Http/Client/ClientServiceTest.php

@@ -9,8 +9,9 @@
 namespace Test\Http\Client;
 
 use GuzzleHttp\Client as GuzzleClient;
-use GuzzleHttp\HandlerStack;
 use GuzzleHttp\Handler\CurlHandler;
+use GuzzleHttp\HandlerStack;
+use GuzzleHttp\Middleware;
 use OC\Http\Client\Client;
 use OC\Http\Client\ClientService;
 use OC\Http\Client\DnsPinMiddleware;
@@ -25,6 +26,9 @@ class ClientServiceTest extends \Test\TestCase {
 	public function testNewClient(): void {
 		/** @var IConfig $config */
 		$config = $this->createMock(IConfig::class);
+		$config->method('getSystemValueBool')
+			->with('dns_pinning', true)
+			->willReturn(true);
 		/** @var ICertificateManager $certificateManager */
 		$certificateManager = $this->createMock(ICertificateManager::class);
 		$dnsPinMiddleware = $this->createMock(DnsPinMiddleware::class);
@@ -57,4 +61,52 @@ public function testNewClient(): void {
 			$clientService->newClient()
 		);
 	}
+
+	public function testDisableDnsPinning(): void {
+		/** @var IConfig $config */
+		$config = $this->createMock(IConfig::class);
+		$config->method('getSystemValueBool')
+			->with('dns_pinning', true)
+			->willReturn(false);
+		/** @var ICertificateManager $certificateManager */
+		$certificateManager = $this->createMock(ICertificateManager::class);
+		$dnsPinMiddleware = $this->createMock(DnsPinMiddleware::class);
+		$dnsPinMiddleware
+			->expects($this->never())
+			->method('addDnsPinning')
+			->willReturn(function () {
+			});
+		$remoteHostValidator = $this->createMock(IRemoteHostValidator::class);
+		$eventLogger = $this->createMock(IEventLogger::class);
+		$logger = $this->createMock(LoggerInterface::class);
+
+		$clientService = new ClientService(
+			$config,
+			$certificateManager,
+			$dnsPinMiddleware,
+			$remoteHostValidator,
+			$eventLogger,
+			$logger,
+		);
+
+		$handler = new CurlHandler();
+		$stack = HandlerStack::create($handler);
+		$stack->push(Middleware::tap(function (RequestInterface $request) use ($eventLogger) {
+			$eventLogger->start('http:request', $request->getMethod() . " request to " . $request->getRequestTarget());
+		}, function () use ($eventLogger) {
+			$eventLogger->end('http:request');
+		}), 'event logger');
+		$guzzleClient = new GuzzleClient(['handler' => $stack]);
+
+		$this->assertEquals(
+			new Client(
+				$config,
+				$certificateManager,
+				$guzzleClient,
+				$remoteHostValidator,
+				$logger,
+			),
+			$clientService->newClient()
+		);
+	}
 }