From 13fda8b6720ce8c5464d7556285124a1bf08e682 Mon Sep 17 00:00:00 2001
From: Daniel Kesselberg <mail@danielkesselberg.de>
Date: Tue, 29 Aug 2023 17:20:16 +0200
Subject: [PATCH] feat: add switch to disable dns pinning

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
---
 lib/private/Http/Client/ClientService.php   |  7 ++--
 tests/lib/Http/Client/ClientServiceTest.php | 43 ++++++++++++++++++++-
 2 files changed, 46 insertions(+), 4 deletions(-)

diff --git a/lib/private/Http/Client/ClientService.php b/lib/private/Http/Client/ClientService.php
index e868d4af7a522..c007245944fb0 100644
--- a/lib/private/Http/Client/ClientService.php
+++ b/lib/private/Http/Client/ClientService.php
@@ -27,8 +27,8 @@
 namespace OC\Http\Client;
 
 use GuzzleHttp\Client as GuzzleClient;
-use GuzzleHttp\HandlerStack;
 use GuzzleHttp\Handler\CurlHandler;
+use GuzzleHttp\HandlerStack;
 use OCP\Http\Client\IClient;
 use OCP\Http\Client\IClientService;
 use OCP\ICertificateManager;
@@ -65,8 +65,9 @@ public function __construct(IConfig $config,
 	public function newClient(): IClient {
 		$handler = new CurlHandler();
 		$stack = HandlerStack::create($handler);
-		$stack->push($this->dnsPinMiddleware->addDnsPinning());
-
+		if ($this->config->getSystemValueBool('dns_pinning', true)) {
+			$stack->push($this->dnsPinMiddleware->addDnsPinning());
+		}
 		$client = new GuzzleClient(['handler' => $stack]);
 
 		return new Client(
diff --git a/tests/lib/Http/Client/ClientServiceTest.php b/tests/lib/Http/Client/ClientServiceTest.php
index 94f4d51ecee8d..5c6df5cb95f56 100644
--- a/tests/lib/Http/Client/ClientServiceTest.php
+++ b/tests/lib/Http/Client/ClientServiceTest.php
@@ -9,8 +9,8 @@
 namespace Test\Http\Client;
 
 use GuzzleHttp\Client as GuzzleClient;
-use GuzzleHttp\HandlerStack;
 use GuzzleHttp\Handler\CurlHandler;
+use GuzzleHttp\HandlerStack;
 use OC\Http\Client\Client;
 use OC\Http\Client\ClientService;
 use OC\Http\Client\DnsPinMiddleware;
@@ -25,6 +25,9 @@ class ClientServiceTest extends \Test\TestCase {
 	public function testNewClient(): void {
 		/** @var IConfig $config */
 		$config = $this->createMock(IConfig::class);
+		$config->method('getSystemValueBool')
+			->with('dns_pinning', true)
+			->willReturn(true);
 		/** @var ICertificateManager $certificateManager */
 		$certificateManager = $this->createMock(ICertificateManager::class);
 		$dnsPinMiddleware = $this->createMock(DnsPinMiddleware::class);
@@ -57,4 +60,42 @@ public function testNewClient(): void {
 			$clientService->newClient()
 		);
 	}
+
+	public function testDisableDnsPinning(): void {
+		/** @var IConfig $config */
+		$config = $this->createMock(IConfig::class);
+		$config->method('getSystemValueBool')
+			->with('dns_pinning', true)
+			->willReturn(false);
+		/** @var ICertificateManager $certificateManager */
+		$certificateManager = $this->createMock(ICertificateManager::class);
+		$dnsPinMiddleware = $this->createMock(DnsPinMiddleware::class);
+		$dnsPinMiddleware
+			->expects($this->never())
+			->method('addDnsPinning')
+			->willReturn(function () {
+			});
+		$localAddressChecker = $this->createMock(LocalAddressChecker::class);
+
+		$clientService = new ClientService(
+			$config,
+			$certificateManager,
+			$dnsPinMiddleware,
+			$localAddressChecker
+		);
+
+		$handler = new CurlHandler();
+		$stack = HandlerStack::create($handler);
+		$guzzleClient = new GuzzleClient(['handler' => $stack]);
+
+		$this->assertEquals(
+			new Client(
+				$config,
+				$certificateManager,
+				$guzzleClient,
+				$localAddressChecker
+			),
+			$clientService->newClient()
+		);
+	}
 }