Merge pull request nextcloud#41872 from nextcloud/backport/40108/stab…

…le25 [stable25] feat: add switch to disable dns pinning
nextmcloud · Dec 4, 2023 · 13f348b · 13f348b
2 parents 25dad2e + 13fda8b
commit 13f348b
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 4 deletions.
diff --git a/lib/private/Http/Client/ClientService.php b/lib/private/Http/Client/ClientService.php
@@ -27,8 +27,8 @@
 namespace OC\Http\Client;
 
 use GuzzleHttp\Client as GuzzleClient;
-use GuzzleHttp\HandlerStack;
 use GuzzleHttp\Handler\CurlHandler;
+use GuzzleHttp\HandlerStack;
 use OCP\Http\Client\IClient;
 use OCP\Http\Client\IClientService;
 use OCP\ICertificateManager;
@@ -65,8 +65,9 @@ public function __construct(IConfig $config,
 	public function newClient(): IClient {
 		$handler = new CurlHandler();
 		$stack = HandlerStack::create($handler);
-		$stack->push($this->dnsPinMiddleware->addDnsPinning());
-
+		if ($this->config->getSystemValueBool('dns_pinning', true)) {
+			$stack->push($this->dnsPinMiddleware->addDnsPinning());
+		}
 		$client = new GuzzleClient(['handler' => $stack]);
 
 		return new Client(

diff --git a/tests/lib/Http/Client/ClientServiceTest.php b/tests/lib/Http/Client/ClientServiceTest.php
@@ -9,8 +9,8 @@
 namespace Test\Http\Client;
 
 use GuzzleHttp\Client as GuzzleClient;
-use GuzzleHttp\HandlerStack;
 use GuzzleHttp\Handler\CurlHandler;
+use GuzzleHttp\HandlerStack;
 use OC\Http\Client\Client;
 use OC\Http\Client\ClientService;
 use OC\Http\Client\DnsPinMiddleware;
@@ -25,6 +25,9 @@ class ClientServiceTest extends \Test\TestCase {
 	public function testNewClient(): void {
 		/** @var IConfig $config */
 		$config = $this->createMock(IConfig::class);
+		$config->method('getSystemValueBool')
+			->with('dns_pinning', true)
+			->willReturn(true);
 		/** @var ICertificateManager $certificateManager */
 		$certificateManager = $this->createMock(ICertificateManager::class);
 		$dnsPinMiddleware = $this->createMock(DnsPinMiddleware::class);
@@ -57,4 +60,42 @@ public function testNewClient(): void {
 			$clientService->newClient()
 		);
 	}
+
+	public function testDisableDnsPinning(): void {
+		/** @var IConfig $config */
+		$config = $this->createMock(IConfig::class);
+		$config->method('getSystemValueBool')
+			->with('dns_pinning', true)
+			->willReturn(false);
+		/** @var ICertificateManager $certificateManager */
+		$certificateManager = $this->createMock(ICertificateManager::class);
+		$dnsPinMiddleware = $this->createMock(DnsPinMiddleware::class);
+		$dnsPinMiddleware
+			->expects($this->never())
+			->method('addDnsPinning')
+			->willReturn(function () {
+			});
+		$localAddressChecker = $this->createMock(LocalAddressChecker::class);
+
+		$clientService = new ClientService(
+			$config,
+			$certificateManager,
+			$dnsPinMiddleware,
+			$localAddressChecker
+		);
+
+		$handler = new CurlHandler();
+		$stack = HandlerStack::create($handler);
+		$guzzleClient = new GuzzleClient(['handler' => $stack]);
+
+		$this->assertEquals(
+			new Client(
+				$config,
+				$certificateManager,
+				$guzzleClient,
+				$localAddressChecker
+			),
+			$clientService->newClient()
+		);
+	}
 }