Mirrors/juanfont.headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2025-08-10 13:46:46 +02:00
Code Issues Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Kristoffer Dalby 2025-07-10 20:33:12 +00:00
parent a30407484f
commit 3a1608e6f5
1 changed files with 31 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
integration/auth_key_test.go
View File

@ -85,27 +85,24 @@ func TestAuthKeyLogoutAndReloginSameUser(t *testing.T) {
t.Logf("all clients logged out") t.Logf("all clients logged out")
listNodes, err = headscale.ListNodes() listNodes, err = headscale.ListNodes()
require.Len(t, listNodes, nodeCountBeforeLogout) require.Equal(t, nodeCountBeforeLogout, len(listNodes))
for _, node := range listNodes { for _, node := range listNodes {
assertLastSeenSet(t, node) assertLastSeenSet(t, node)
} }
userMap, err := headscale.MapUsers()
assertNoErr(t, err)
// if the server is not running with HTTPS, we have to wait a bit before // if the server is not running with HTTPS, we have to wait a bit before
// reconnection as the newest Tailscale client has a measure that will only // reconnection as the newest Tailscale client has a measure that will only
// reconnect over HTTPS if they saw a noise connection previously. // reconnect over HTTPS if they saw a noise connection previously.
// https://github.com/tailscale/tailscale/commit/1eaad7d3deb0815e8932e913ca1a862afa34db38 // https://github.com/tailscale/tailscale/commit/1eaad7d3deb0815e8932e913ca1a862afa34db38
// https://github.com/juanfont/headscale/issues/2164 // https://github.com/juanfont/headscale/issues/2164
if !https { if !https {
// Wait for the 2-minute noise dial memory to expire time.Sleep(5 * time.Minute)
// The Tailscale commit shows clients remember noise dials for 2 minutes
t.Logf("Waiting 2.5 minutes for Tailscale noise dial memory to expire...")
time.Sleep(2*time.Minute + 30*time.Second)
} }
userMap, err := headscale.MapUsers()
assertNoErr(t, err)
for _, userName := range spec.Users { for _, userName := range spec.Users {
key, err := scenario.CreatePreAuthKey(userMap[userName].GetId(), true, false) key, err := scenario.CreatePreAuthKey(userMap[userName].GetId(), true, false)
if err != nil { if err != nil {
@ -119,7 +116,7 @@ func TestAuthKeyLogoutAndReloginSameUser(t *testing.T) {
} }
listNodes, err = headscale.ListNodes() listNodes, err = headscale.ListNodes()
require.Len(t, listNodes, nodeCountBeforeLogout) require.Equal(t, nodeCountBeforeLogout, len(listNodes))
for _, node := range listNodes { for _, node := range listNodes {
assertLastSeenSet(t, node) assertLastSeenSet(t, node)
@ -156,7 +153,7 @@ func TestAuthKeyLogoutAndReloginSameUser(t *testing.T) {
} }
listNodes, err = headscale.ListNodes() listNodes, err = headscale.ListNodes()
require.Len(t, listNodes, nodeCountBeforeLogout) require.Equal(t, nodeCountBeforeLogout, len(listNodes))
for _, node := range listNodes { for _, node := range listNodes {
assertLastSeenSet(t, node) assertLastSeenSet(t, node)
} }
@ -323,66 +320,32 @@ func TestAuthKeyLogoutAndReloginSameUserExpiredKey(t *testing.T) {
// https://github.com/tailscale/tailscale/commit/1eaad7d3deb0815e8932e913ca1a862afa34db38 // https://github.com/tailscale/tailscale/commit/1eaad7d3deb0815e8932e913ca1a862afa34db38
// https://github.com/juanfont/headscale/issues/2164 // https://github.com/juanfont/headscale/issues/2164
if !https { if !https {
userMap, err := headscale.MapUsers() time.Sleep(5 * time.Minute)
}
userMap, err := headscale.MapUsers()
assertNoErr(t, err)
for _, userName := range spec.Users {
key, err := scenario.CreatePreAuthKey(userMap[userName].GetId(), true, false)
if err != nil {
t.Fatalf("failed to create pre-auth key for user %s: %s", userName, err)
}
// Expire the key so it can't be used
_, err = headscale.Execute(
[]string{
"headscale",
"preauthkeys",
"--user",
strconv.FormatUint(userMap[userName].GetId(), 10),
"expire",
key.Key,
})
assertNoErr(t, err) assertNoErr(t, err)
// Create and expire auth keys once outside the retry loop err = scenario.RunTailscaleUp(userName, headscale.GetEndpoint(), key.GetKey())
userExpiredKeys := make(map[string]string) assert.ErrorContains(t, err, "authkey expired")
for _, userName := range spec.Users {
key, err := scenario.CreatePreAuthKey(userMap[userName].GetId(), true, false)
assertNoErr(t, err)
// Expire the key so it can't be used
_, err = headscale.Execute(
[]string{
"headscale",
"preauthkeys",
"--user",
strconv.FormatUint(userMap[userName].GetId(), 10),
"expire",
key.GetKey(),
})
assertNoErr(t, err)
userExpiredKeys[userName] = key.GetKey()
}
// Wait for the 2-minute noise dial memory to expire
// The Tailscale commit shows clients remember noise dials for 2 minutes
t.Logf("Waiting 2.5 minutes for Tailscale noise dial memory to expire...")
time.Sleep(2*time.Minute + 30*time.Second)
// Try to reconnect with expired keys - should fail
for _, userName := range spec.Users {
err = scenario.RunTailscaleUp(userName, headscale.GetEndpoint(), userExpiredKeys[userName])
assert.Error(t, err, "Should get error when using expired key")
assert.Contains(t, err.Error(), "authkey expired")
}
} else {
userMap, err := headscale.MapUsers()
assertNoErr(t, err)
for _, userName := range spec.Users {
key, err := scenario.CreatePreAuthKey(userMap[userName].GetId(), true, false)
if err != nil {
t.Fatalf("failed to create pre-auth key for user %s: %s", userName, err)
}
// Expire the key so it can't be used
_, err = headscale.Execute(
[]string{
"headscale",
"preauthkeys",
"--user",
strconv.FormatUint(userMap[userName].GetId(), 10),
"expire",
key.GetKey(),
})
assertNoErr(t, err)
err = scenario.RunTailscaleUp(userName, headscale.GetEndpoint(), key.GetKey())
assert.Error(t, err, "Should get error when using expired key")
assert.Contains(t, err.Error(), "authkey expired")
}
} }
}) })
} }