summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Kesselberg <mail@danielkesselberg.de>2023-08-29 17:20:16 +0200
committerbackportbot-nextcloud[bot] <backportbot-nextcloud[bot]@users.noreply.github.com>2023-08-30 13:07:55 +0000
commit4338d0747dd38dc60cdc1104cb7b69d3c82095da (patch)
tree4d6d8fcbcd236759aec5802e9f8d7fa25bbe3427
parent191e20d7f48338ca336fd0091301653251fc0667 (diff)
downloadnextcloud-server-4338d0747dd38dc60cdc1104cb7b69d3c82095da.tar.gz
nextcloud-server-4338d0747dd38dc60cdc1104cb7b69d3c82095da.zip
feat: add switch to disable dns pinning
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
-rw-r--r--lib/private/Http/Client/ClientService.php6
-rw-r--r--tests/lib/Http/Client/ClientServiceTest.php53
2 files changed, 56 insertions, 3 deletions
diff --git a/lib/private/Http/Client/ClientService.php b/lib/private/Http/Client/ClientService.php
index 532aa7f566a..66f84e14c57 100644
--- a/lib/private/Http/Client/ClientService.php
+++ b/lib/private/Http/Client/ClientService.php
@@ -27,8 +27,8 @@ declare(strict_types=1);
namespace OC\Http\Client;
use GuzzleHttp\Client as GuzzleClient;
-use GuzzleHttp\HandlerStack;
use GuzzleHttp\Handler\CurlHandler;
+use GuzzleHttp\HandlerStack;
use GuzzleHttp\Middleware;
use OCP\Diagnostics\IEventLogger;
use OCP\Http\Client\IClient;
@@ -75,7 +75,9 @@ class ClientService implements IClientService {
public function newClient(): IClient {
$handler = new CurlHandler();
$stack = HandlerStack::create($handler);
- $stack->push($this->dnsPinMiddleware->addDnsPinning());
+ if ($this->config->getSystemValueBool('dns_pinning', true)) {
+ $stack->push($this->dnsPinMiddleware->addDnsPinning());
+ }
$stack->push(Middleware::tap(function (RequestInterface $request) {
$this->eventLogger->start('http:request', $request->getMethod() . " request to " . $request->getRequestTarget());
}, function () {
diff --git a/tests/lib/Http/Client/ClientServiceTest.php b/tests/lib/Http/Client/ClientServiceTest.php
index 40da0a2111c..3aae7ceae25 100644
--- a/tests/lib/Http/Client/ClientServiceTest.php
+++ b/tests/lib/Http/Client/ClientServiceTest.php
@@ -12,8 +12,8 @@ declare(strict_types=1);
namespace Test\Http\Client;
use GuzzleHttp\Client as GuzzleClient;
-use GuzzleHttp\HandlerStack;
use GuzzleHttp\Handler\CurlHandler;
+use GuzzleHttp\HandlerStack;
use GuzzleHttp\Middleware;
use OC\Http\Client\Client;
use OC\Http\Client\ClientService;
@@ -32,6 +32,9 @@ class ClientServiceTest extends \Test\TestCase {
public function testNewClient(): void {
/** @var IConfig $config */
$config = $this->createMock(IConfig::class);
+ $config->method('getSystemValueBool')
+ ->with('dns_pinning', true)
+ ->willReturn(true);
/** @var ICertificateManager $certificateManager */
$certificateManager = $this->createMock(ICertificateManager::class);
$dnsPinMiddleware = $this->createMock(DnsPinMiddleware::class);
@@ -74,4 +77,52 @@ class ClientServiceTest extends \Test\TestCase {
$clientService->newClient()
);
}
+
+ public function testDisableDnsPinning(): void {
+ /** @var IConfig $config */
+ $config = $this->createMock(IConfig::class);
+ $config->method('getSystemValueBool')
+ ->with('dns_pinning', true)
+ ->willReturn(false);
+ /** @var ICertificateManager $certificateManager */
+ $certificateManager = $this->createMock(ICertificateManager::class);
+ $dnsPinMiddleware = $this->createMock(DnsPinMiddleware::class);
+ $dnsPinMiddleware
+ ->expects($this->never())
+ ->method('addDnsPinning')
+ ->willReturn(function () {
+ });
+ $remoteHostValidator = $this->createMock(IRemoteHostValidator::class);
+ $eventLogger = $this->createMock(IEventLogger::class);
+ $logger = $this->createMock(LoggerInterface::class);
+
+ $clientService = new ClientService(
+ $config,
+ $certificateManager,
+ $dnsPinMiddleware,
+ $remoteHostValidator,
+ $eventLogger,
+ $logger,
+ );
+
+ $handler = new CurlHandler();
+ $stack = HandlerStack::create($handler);
+ $stack->push(Middleware::tap(function (RequestInterface $request) use ($eventLogger) {
+ $eventLogger->start('http:request', $request->getMethod() . " request to " . $request->getRequestTarget());
+ }, function () use ($eventLogger) {
+ $eventLogger->end('http:request');
+ }), 'event logger');
+ $guzzleClient = new GuzzleClient(['handler' => $stack]);
+
+ $this->assertEquals(
+ new Client(
+ $config,
+ $certificateManager,
+ $guzzleClient,
+ $remoteHostValidator,
+ $logger,
+ ),
+ $clientService->newClient()
+ );
+ }
}