From 652a8a8f7a186c2708a4abc7f54fb7e601fddc96 Mon Sep 17 00:00:00 2001
From: Daniel Kesselberg <mail@danielkesselberg.de>
Date: Tue, 29 Aug 2023 17:20:16 +0200
Subject: [PATCH] feat: add switch to disable dns pinning

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
---
 lib/private/Http/Client/ClientService.php   |  6 ++-
 tests/lib/Http/Client/ClientServiceTest.php | 43 ++++++++++++++++++++-
 2 files changed, 46 insertions(+), 3 deletions(-)

diff --git a/lib/private/Http/Client/ClientService.php b/lib/private/Http/Client/ClientService.php
index bbc2330176f..01c53b4f5c3 100644
--- a/lib/private/Http/Client/ClientService.php
+++ b/lib/private/Http/Client/ClientService.php
@@ -27,8 +27,8 @@ declare(strict_types=1);
 namespace OC\Http\Client;
 
 use GuzzleHttp\Client as GuzzleClient;
-use GuzzleHttp\HandlerStack;
 use GuzzleHttp\Handler\CurlHandler;
+use GuzzleHttp\HandlerStack;
 use OCP\Http\Client\IClient;
 use OCP\Http\Client\IClientService;
 use OCP\ICertificateManager;
@@ -65,7 +65,9 @@ class ClientService implements IClientService {
 	public function newClient(): IClient {
 		$handler = new CurlHandler();
 		$stack = HandlerStack::create($handler);
-		$stack->push($this->dnsPinMiddleware->addDnsPinning());
+		if ($this->config->getSystemValueBool('dns_pinning', true)) {
+			$stack->push($this->dnsPinMiddleware->addDnsPinning());
+		}
 
 		$client = new GuzzleClient(['handler' => $stack]);
 
diff --git a/tests/lib/Http/Client/ClientServiceTest.php b/tests/lib/Http/Client/ClientServiceTest.php
index ed1165236aa..a8348f67513 100644
--- a/tests/lib/Http/Client/ClientServiceTest.php
+++ b/tests/lib/Http/Client/ClientServiceTest.php
@@ -12,8 +12,8 @@ declare(strict_types=1);
 namespace Test\Http\Client;
 
 use GuzzleHttp\Client as GuzzleClient;
-use GuzzleHttp\HandlerStack;
 use GuzzleHttp\Handler\CurlHandler;
+use GuzzleHttp\HandlerStack;
 use OC\Http\Client\Client;
 use OC\Http\Client\ClientService;
 use OC\Http\Client\DnsPinMiddleware;
@@ -28,6 +28,9 @@ class ClientServiceTest extends \Test\TestCase {
 	public function testNewClient(): void {
 		/** @var IConfig $config */
 		$config = $this->createMock(IConfig::class);
+		$config->method('getSystemValueBool')
+			->with('dns_pinning', true)
+			->willReturn(true);
 		/** @var ICertificateManager $certificateManager */
 		$certificateManager = $this->createMock(ICertificateManager::class);
 		$dnsPinMiddleware = $this->createMock(DnsPinMiddleware::class);
@@ -50,6 +53,44 @@ class ClientServiceTest extends \Test\TestCase {
 		$stack->push($dnsPinMiddleware->addDnsPinning());
 		$guzzleClient = new GuzzleClient(['handler' => $stack]);
 
+		$this->assertEquals(
+			new Client(
+				$config,
+				$certificateManager,
+				$guzzleClient,
+				$remoteHostValidator,
+			),
+			$clientService->newClient()
+		);
+	}
+
+	public function testDisableDnsPinning(): void {
+		/** @var IConfig $config */
+		$config = $this->createMock(IConfig::class);
+		$config->method('getSystemValueBool')
+			->with('dns_pinning', true)
+			->willReturn(false);
+		/** @var ICertificateManager $certificateManager */
+		$certificateManager = $this->createMock(ICertificateManager::class);
+		$dnsPinMiddleware = $this->createMock(DnsPinMiddleware::class);
+		$dnsPinMiddleware
+			->expects($this->never())
+			->method('addDnsPinning')
+			->willReturn(function () {
+			});
+		$remoteHostValidator = $this->createMock(IRemoteHostValidator::class);
+
+		$clientService = new ClientService(
+			$config,
+			$certificateManager,
+			$dnsPinMiddleware,
+			$remoteHostValidator,
+		);
+
+		$handler = new CurlHandler();
+		$stack = HandlerStack::create($handler);
+		$guzzleClient = new GuzzleClient(['handler' => $stack]);
+
 		$this->assertEquals(
 			new Client(
 				$config,