2023-05-21 18:37:59 +02:00
|
|
|
package db
|
2021-05-02 20:47:36 +02:00
|
|
|
|
|
|
|
import (
|
2021-05-05 23:00:04 +02:00
|
|
|
"time"
|
2021-05-02 20:47:36 +02:00
|
|
|
|
2023-05-21 18:37:59 +02:00
|
|
|
"github.com/juanfont/headscale/hscontrol/types"
|
|
|
|
"github.com/juanfont/headscale/hscontrol/util"
|
2021-05-02 20:47:36 +02:00
|
|
|
"gopkg.in/check.v1"
|
2024-02-08 17:28:19 +01:00
|
|
|
"gorm.io/gorm"
|
2021-05-02 20:47:36 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
func (*Suite) TestCreatePreAuthKey(c *check.C) {
|
2023-05-21 18:37:59 +02:00
|
|
|
_, err := db.CreatePreAuthKey("bogus", true, false, nil, nil)
|
2021-05-05 23:00:04 +02:00
|
|
|
|
2021-05-02 20:47:36 +02:00
|
|
|
c.Assert(err, check.NotNil)
|
|
|
|
|
2023-05-21 18:37:59 +02:00
|
|
|
user, err := db.CreateUser("test")
|
2021-05-02 20:47:36 +02:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2023-05-21 18:37:59 +02:00
|
|
|
key, err := db.CreatePreAuthKey(user.Name, true, false, nil, nil)
|
2021-05-02 20:47:36 +02:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
|
|
|
// Did we get a valid key?
|
2021-11-15 17:16:04 +01:00
|
|
|
c.Assert(key.Key, check.NotNil)
|
|
|
|
c.Assert(len(key.Key), check.Equals, 48)
|
2021-05-02 20:47:36 +02:00
|
|
|
|
2023-01-17 17:43:44 +01:00
|
|
|
// Make sure the User association is populated
|
|
|
|
c.Assert(key.User.Name, check.Equals, user.Name)
|
2021-05-02 20:47:36 +02:00
|
|
|
|
2023-05-21 18:37:59 +02:00
|
|
|
_, err = db.ListPreAuthKeys("bogus")
|
2021-05-02 20:47:36 +02:00
|
|
|
c.Assert(err, check.NotNil)
|
|
|
|
|
2023-05-21 18:37:59 +02:00
|
|
|
keys, err := db.ListPreAuthKeys(user.Name)
|
2021-05-02 20:47:36 +02:00
|
|
|
c.Assert(err, check.IsNil)
|
2021-11-04 23:14:39 +01:00
|
|
|
c.Assert(len(keys), check.Equals, 1)
|
2021-05-02 20:47:36 +02:00
|
|
|
|
2023-01-17 17:43:44 +01:00
|
|
|
// Make sure the User association is populated
|
|
|
|
c.Assert((keys)[0].User.Name, check.Equals, user.Name)
|
2021-05-02 20:47:36 +02:00
|
|
|
}
|
2021-05-05 23:00:04 +02:00
|
|
|
|
|
|
|
func (*Suite) TestExpiredPreAuthKey(c *check.C) {
|
2023-05-21 18:37:59 +02:00
|
|
|
user, err := db.CreateUser("test2")
|
2021-05-05 23:00:04 +02:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2024-02-08 17:28:19 +01:00
|
|
|
now := time.Now().Add(-5 * time.Second)
|
2023-05-21 18:37:59 +02:00
|
|
|
pak, err := db.CreatePreAuthKey(user.Name, true, false, &now, nil)
|
2021-05-05 23:00:04 +02:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2023-05-21 18:37:59 +02:00
|
|
|
key, err := db.ValidatePreAuthKey(pak.Key)
|
2022-07-29 17:35:21 +02:00
|
|
|
c.Assert(err, check.Equals, ErrPreAuthKeyExpired)
|
2021-11-15 17:16:04 +01:00
|
|
|
c.Assert(key, check.IsNil)
|
2021-05-05 23:00:04 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
func (*Suite) TestPreAuthKeyDoesNotExist(c *check.C) {
|
2023-05-21 18:37:59 +02:00
|
|
|
key, err := db.ValidatePreAuthKey("potatoKey")
|
2022-07-29 17:35:21 +02:00
|
|
|
c.Assert(err, check.Equals, ErrPreAuthKeyNotFound)
|
2021-11-15 17:16:04 +01:00
|
|
|
c.Assert(key, check.IsNil)
|
2021-05-05 23:00:04 +02:00
|
|
|
}
|
2021-05-06 00:08:36 +02:00
|
|
|
|
|
|
|
func (*Suite) TestValidateKeyOk(c *check.C) {
|
2023-05-21 18:37:59 +02:00
|
|
|
user, err := db.CreateUser("test3")
|
2021-05-06 00:08:36 +02:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2023-05-21 18:37:59 +02:00
|
|
|
pak, err := db.CreatePreAuthKey(user.Name, true, false, nil, nil)
|
2021-05-06 00:08:36 +02:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2023-05-21 18:37:59 +02:00
|
|
|
key, err := db.ValidatePreAuthKey(pak.Key)
|
2021-05-06 00:08:36 +02:00
|
|
|
c.Assert(err, check.IsNil)
|
2021-11-15 17:16:04 +01:00
|
|
|
c.Assert(key.ID, check.Equals, pak.ID)
|
2021-05-06 00:08:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
func (*Suite) TestAlreadyUsedKey(c *check.C) {
|
2023-05-21 18:37:59 +02:00
|
|
|
user, err := db.CreateUser("test4")
|
2021-05-06 00:08:36 +02:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2023-05-21 18:37:59 +02:00
|
|
|
pak, err := db.CreatePreAuthKey(user.Name, false, false, nil, nil)
|
2021-05-06 00:08:36 +02:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2024-05-16 02:40:14 +02:00
|
|
|
pakID := uint(pak.ID)
|
2023-09-24 13:42:05 +02:00
|
|
|
node := types.Node{
|
2021-05-06 00:08:36 +02:00
|
|
|
ID: 0,
|
2022-04-24 21:54:38 +02:00
|
|
|
Hostname: "testest",
|
2023-01-17 20:36:46 +01:00
|
|
|
UserID: user.ID,
|
2023-05-21 18:37:59 +02:00
|
|
|
RegisterMethod: util.RegisterMethodAuthKey,
|
2024-05-16 02:40:14 +02:00
|
|
|
AuthKeyID: &pakID,
|
2021-05-06 00:08:36 +02:00
|
|
|
}
|
2024-05-16 02:40:14 +02:00
|
|
|
trx := db.DB.Save(&node)
|
|
|
|
c.Assert(trx.Error, check.IsNil)
|
2021-05-06 00:08:36 +02:00
|
|
|
|
2023-05-21 18:37:59 +02:00
|
|
|
key, err := db.ValidatePreAuthKey(pak.Key)
|
2022-07-29 17:35:21 +02:00
|
|
|
c.Assert(err, check.Equals, ErrSingleUseAuthKeyHasBeenUsed)
|
2021-11-15 17:16:04 +01:00
|
|
|
c.Assert(key, check.IsNil)
|
2021-05-06 00:08:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
func (*Suite) TestReusableBeingUsedKey(c *check.C) {
|
2023-05-21 18:37:59 +02:00
|
|
|
user, err := db.CreateUser("test5")
|
2021-05-06 00:08:36 +02:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2023-05-21 18:37:59 +02:00
|
|
|
pak, err := db.CreatePreAuthKey(user.Name, true, false, nil, nil)
|
2021-05-06 00:08:36 +02:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2024-05-16 02:40:14 +02:00
|
|
|
pakID := uint(pak.ID)
|
2023-09-24 13:42:05 +02:00
|
|
|
node := types.Node{
|
2021-05-06 00:08:36 +02:00
|
|
|
ID: 1,
|
2022-04-24 21:54:38 +02:00
|
|
|
Hostname: "testest",
|
2023-01-17 20:36:46 +01:00
|
|
|
UserID: user.ID,
|
2023-05-21 18:37:59 +02:00
|
|
|
RegisterMethod: util.RegisterMethodAuthKey,
|
2024-05-16 02:40:14 +02:00
|
|
|
AuthKeyID: &pakID,
|
2021-05-06 00:08:36 +02:00
|
|
|
}
|
2024-05-16 02:40:14 +02:00
|
|
|
trx := db.DB.Save(&node)
|
|
|
|
c.Assert(trx.Error, check.IsNil)
|
2021-05-06 00:08:36 +02:00
|
|
|
|
2023-05-21 18:37:59 +02:00
|
|
|
key, err := db.ValidatePreAuthKey(pak.Key)
|
2021-05-06 00:08:36 +02:00
|
|
|
c.Assert(err, check.IsNil)
|
2021-11-15 17:16:04 +01:00
|
|
|
c.Assert(key.ID, check.Equals, pak.ID)
|
2021-05-06 00:08:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
func (*Suite) TestNotReusableNotBeingUsedKey(c *check.C) {
|
2023-05-21 18:37:59 +02:00
|
|
|
user, err := db.CreateUser("test6")
|
2021-05-06 00:08:36 +02:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2023-05-21 18:37:59 +02:00
|
|
|
pak, err := db.CreatePreAuthKey(user.Name, false, false, nil, nil)
|
2021-05-06 00:08:36 +02:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2023-05-21 18:37:59 +02:00
|
|
|
key, err := db.ValidatePreAuthKey(pak.Key)
|
2021-05-06 00:08:36 +02:00
|
|
|
c.Assert(err, check.IsNil)
|
2021-11-15 17:16:04 +01:00
|
|
|
c.Assert(key.ID, check.Equals, pak.ID)
|
2021-05-06 00:08:36 +02:00
|
|
|
}
|
2021-05-23 02:15:29 +02:00
|
|
|
|
2024-03-03 11:11:10 +01:00
|
|
|
func (*Suite) TestEphemeralKeyReusable(c *check.C) {
|
2023-05-21 18:37:59 +02:00
|
|
|
user, err := db.CreateUser("test7")
|
2021-05-23 02:15:29 +02:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2024-03-03 11:11:10 +01:00
|
|
|
pak, err := db.CreatePreAuthKey(user.Name, true, true, nil, nil)
|
2021-05-23 02:15:29 +02:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2023-05-21 18:37:59 +02:00
|
|
|
now := time.Now().Add(-time.Second * 30)
|
2024-05-16 02:40:14 +02:00
|
|
|
pakID := uint(pak.ID)
|
2023-09-24 13:42:05 +02:00
|
|
|
node := types.Node{
|
2021-05-23 02:15:29 +02:00
|
|
|
ID: 0,
|
2022-04-24 21:54:38 +02:00
|
|
|
Hostname: "testest",
|
2023-01-17 20:36:46 +01:00
|
|
|
UserID: user.ID,
|
2023-05-21 18:37:59 +02:00
|
|
|
RegisterMethod: util.RegisterMethodAuthKey,
|
2021-05-23 02:15:29 +02:00
|
|
|
LastSeen: &now,
|
2024-05-16 02:40:14 +02:00
|
|
|
AuthKeyID: &pakID,
|
2021-05-23 02:15:29 +02:00
|
|
|
}
|
2024-05-16 02:40:14 +02:00
|
|
|
trx := db.DB.Save(&node)
|
|
|
|
c.Assert(trx.Error, check.IsNil)
|
2021-05-23 02:15:29 +02:00
|
|
|
|
2023-05-21 18:37:59 +02:00
|
|
|
_, err = db.ValidatePreAuthKey(pak.Key)
|
2021-05-23 02:15:29 +02:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2024-02-08 17:28:19 +01:00
|
|
|
_, err = db.getNode("test7", "testest")
|
2021-05-23 02:15:29 +02:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2024-04-21 18:28:17 +02:00
|
|
|
db.Write(func(tx *gorm.DB) error {
|
2024-02-23 10:59:24 +01:00
|
|
|
DeleteExpiredEphemeralNodes(tx, time.Second*20)
|
2024-02-08 17:28:19 +01:00
|
|
|
return nil
|
|
|
|
})
|
2021-05-23 02:15:29 +02:00
|
|
|
|
|
|
|
// The machine record should have been deleted
|
2024-02-08 17:28:19 +01:00
|
|
|
_, err = db.getNode("test7", "testest")
|
2021-05-23 02:15:29 +02:00
|
|
|
c.Assert(err, check.NotNil)
|
|
|
|
}
|
2021-08-07 23:57:52 +02:00
|
|
|
|
2024-03-03 11:11:10 +01:00
|
|
|
func (*Suite) TestEphemeralKeyNotReusable(c *check.C) {
|
|
|
|
user, err := db.CreateUser("test7")
|
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
|
|
|
pak, err := db.CreatePreAuthKey(user.Name, false, true, nil, nil)
|
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
|
|
|
now := time.Now().Add(-time.Second * 30)
|
2024-05-16 02:40:14 +02:00
|
|
|
pakId := uint(pak.ID)
|
2024-03-03 11:11:10 +01:00
|
|
|
node := types.Node{
|
|
|
|
ID: 0,
|
|
|
|
Hostname: "testest",
|
|
|
|
UserID: user.ID,
|
|
|
|
RegisterMethod: util.RegisterMethodAuthKey,
|
|
|
|
LastSeen: &now,
|
2024-05-16 02:40:14 +02:00
|
|
|
AuthKeyID: &pakId,
|
2024-03-03 11:11:10 +01:00
|
|
|
}
|
|
|
|
db.DB.Save(&node)
|
|
|
|
|
|
|
|
_, err = db.ValidatePreAuthKey(pak.Key)
|
|
|
|
c.Assert(err, check.NotNil)
|
|
|
|
|
|
|
|
_, err = db.getNode("test7", "testest")
|
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2024-04-21 18:28:17 +02:00
|
|
|
db.Write(func(tx *gorm.DB) error {
|
2024-02-23 10:59:24 +01:00
|
|
|
DeleteExpiredEphemeralNodes(tx, time.Second*20)
|
2024-03-03 11:11:10 +01:00
|
|
|
return nil
|
|
|
|
})
|
|
|
|
|
|
|
|
// The machine record should have been deleted
|
|
|
|
_, err = db.getNode("test7", "testest")
|
|
|
|
c.Assert(err, check.NotNil)
|
|
|
|
}
|
|
|
|
|
2021-08-07 23:57:52 +02:00
|
|
|
func (*Suite) TestExpirePreauthKey(c *check.C) {
|
2023-05-21 18:37:59 +02:00
|
|
|
user, err := db.CreateUser("test3")
|
2021-08-07 23:57:52 +02:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2023-05-21 18:37:59 +02:00
|
|
|
pak, err := db.CreatePreAuthKey(user.Name, true, false, nil, nil)
|
2021-08-07 23:57:52 +02:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
c.Assert(pak.Expiration, check.IsNil)
|
|
|
|
|
2023-05-21 18:37:59 +02:00
|
|
|
err = db.ExpirePreAuthKey(pak)
|
2021-08-07 23:57:52 +02:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
c.Assert(pak.Expiration, check.NotNil)
|
|
|
|
|
2023-05-21 18:37:59 +02:00
|
|
|
key, err := db.ValidatePreAuthKey(pak.Key)
|
2022-07-29 17:35:21 +02:00
|
|
|
c.Assert(err, check.Equals, ErrPreAuthKeyExpired)
|
2021-11-15 17:16:04 +01:00
|
|
|
c.Assert(key, check.IsNil)
|
2021-08-07 23:57:52 +02:00
|
|
|
}
|
2021-10-13 18:13:26 +02:00
|
|
|
|
2021-10-13 22:51:55 +02:00
|
|
|
func (*Suite) TestNotReusableMarkedAsUsed(c *check.C) {
|
2023-05-21 18:37:59 +02:00
|
|
|
user, err := db.CreateUser("test6")
|
2021-10-13 18:13:26 +02:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2023-05-21 18:37:59 +02:00
|
|
|
pak, err := db.CreatePreAuthKey(user.Name, false, false, nil, nil)
|
2021-10-13 18:13:26 +02:00
|
|
|
c.Assert(err, check.IsNil)
|
2021-10-13 22:51:55 +02:00
|
|
|
pak.Used = true
|
2024-02-08 17:28:19 +01:00
|
|
|
db.DB.Save(&pak)
|
2021-10-13 18:13:26 +02:00
|
|
|
|
2023-05-21 18:37:59 +02:00
|
|
|
_, err = db.ValidatePreAuthKey(pak.Key)
|
2022-07-29 17:35:21 +02:00
|
|
|
c.Assert(err, check.Equals, ErrSingleUseAuthKeyHasBeenUsed)
|
2021-10-13 18:13:26 +02:00
|
|
|
}
|
2022-08-25 12:43:15 +02:00
|
|
|
|
2022-09-07 14:12:29 +02:00
|
|
|
func (*Suite) TestPreAuthKeyACLTags(c *check.C) {
|
2023-05-21 18:37:59 +02:00
|
|
|
user, err := db.CreateUser("test8")
|
2022-08-25 12:43:15 +02:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2023-05-21 18:37:59 +02:00
|
|
|
_, err = db.CreatePreAuthKey(user.Name, false, false, nil, []string{"badtag"})
|
2022-08-25 12:43:15 +02:00
|
|
|
c.Assert(err, check.NotNil) // Confirm that malformed tags are rejected
|
|
|
|
|
|
|
|
tags := []string{"tag:test1", "tag:test2"}
|
|
|
|
tagsWithDuplicate := []string{"tag:test1", "tag:test2", "tag:test2"}
|
2023-05-21 18:37:59 +02:00
|
|
|
_, err = db.CreatePreAuthKey(user.Name, false, false, nil, tagsWithDuplicate)
|
2022-08-25 12:43:15 +02:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2023-05-21 18:37:59 +02:00
|
|
|
listedPaks, err := db.ListPreAuthKeys("test8")
|
2022-08-25 12:43:15 +02:00
|
|
|
c.Assert(err, check.IsNil)
|
2023-11-23 08:31:33 +01:00
|
|
|
c.Assert(listedPaks[0].Proto().GetAclTags(), check.DeepEquals, tags)
|
2022-08-25 12:43:15 +02:00
|
|
|
}
|