feat: disable SSL verification for HAL client and HTTParty client whe…

…n environment variable PACT_DISABLE_SSL_VERIFICATION=true
aushm · Oct 1, 2021 · 470aafa · 470aafa
1 parent 1f18e70
commit 470aafa
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 6 deletions.
diff --git a/lib/pact_broker/client/base_client.rb b/lib/pact_broker/client/base_client.rb
@@ -54,6 +54,8 @@ def initialize options
         self.class.headers('Authorization' => "Bearer #{client_options[:token]}") if client_options[:token]
         self.class.ssl_ca_file(ENV['SSL_CERT_FILE']) if ENV['SSL_CERT_FILE'] && ENV['SSL_CERT_FILE'] != ''
         self.class.ssl_ca_path(ENV['SSL_CERT_DIR']) if ENV['SSL_CERT_DIR'] && ENV['SSL_CERT_DIR'] != ''
+        @default_options = {}
+        @default_options[:verify] = false if (ENV['PACT_DISABLE_SSL_VERIFICATION'] == 'true' || ENV['PACT_BROKER_DISABLE_SSL_VERIFICATION'] == 'true')
       end
 
       def default_request_headers
@@ -102,15 +104,15 @@ def handle_response response
       end
 
       def patch url, options
-        self.class.patch(url, options.merge(body: options[:body].to_json))
+        self.class.patch(url, @default_options.merge(options.merge(body: options[:body].to_json)))
       end
 
-      def put url, *args
-        self.class.put(url, *args)
+      def put url, options = {}, &block
+        self.class.put(url, @default_options.merge(options), &block)
       end
 
-      def get url, *args
-        self.class.get(url, *args)
+      def get url, options = {}, &block
+        self.class.get(url, @default_options.merge(options), &block)
       end
 
       def url_for_relation relation_name, params

diff --git a/lib/pact_broker/client/hal/http_client.rb b/lib/pact_broker/client/hal/http_client.rb
@@ -2,6 +2,7 @@
 require 'pact_broker/client/hal/authorization_header_redactor'
 require 'net/http'
 require 'json'
+require 'openssl'
 
 module PactBroker
   module Client
@@ -62,13 +63,19 @@ def create_request uri, http_method, body = nil, headers = {}
         def perform_request request, uri
           response = until_truthy_or_max_times(condition: ->(resp) { resp.code.to_i < 500 }) do
             http = Net::HTTP.new(uri.host, uri.port, :ENV)
-            http.set_debug_output(output_stream) if verbose
+            http.set_debug_output(output_stream) if verbose?
             http.use_ssl = (uri.scheme == 'https')
             # Need to manually set the ca_file and ca_path for the pact-ruby-standalone.
             # The env vars seem to be picked up automatically in later Ruby versions.
             # See https://github.com/pact-foundation/pact-ruby-standalone/issues/57
             http.ca_file = ENV['SSL_CERT_FILE'] if ENV['SSL_CERT_FILE'] && ENV['SSL_CERT_FILE'] != ''
             http.ca_path = ENV['SSL_CERT_DIR'] if ENV['SSL_CERT_DIR'] && ENV['SSL_CERT_DIR'] != ''
+            if disable_ssl_verification?
+              if verbose?
+                $stdout.puts("SSL verification is disabled")
+              end
+              http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+            end
             http.start do |http|
               http.request request
             end
@@ -115,6 +122,14 @@ def output_stream
           AuthorizationHeaderRedactor.new($stdout)
         end
 
+        def verbose?
+          verbose || ENV["VERBOSE"] == "true"
+        end
+
+        def disable_ssl_verification?
+          ENV['PACT_DISABLE_SSL_VERIFICATION'] == 'true' || ENV['PACT_BROKER_DISABLE_SSL_VERIFICATION'] == 'true'
+        end
+
         class Response < SimpleDelegator
           def body
             bod = raw_body