2021-05-02 18:47:36 +00:00
|
|
|
package headscale
|
|
|
|
|
|
|
|
import (
|
2021-05-05 21:00:04 +00:00
|
|
|
"time"
|
2021-05-02 18:47:36 +00:00
|
|
|
|
|
|
|
"gopkg.in/check.v1"
|
|
|
|
)
|
|
|
|
|
|
|
|
func (*Suite) TestCreatePreAuthKey(c *check.C) {
|
2022-08-25 10:12:41 +00:00
|
|
|
_, err := app.CreatePreAuthKey("bogus", true, false, nil, nil)
|
2021-05-05 21:00:04 +00:00
|
|
|
|
2021-05-02 18:47:36 +00:00
|
|
|
c.Assert(err, check.NotNil)
|
|
|
|
|
2021-11-15 16:16:04 +00:00
|
|
|
namespace, err := app.CreateNamespace("test")
|
2021-05-02 18:47:36 +00:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2022-08-25 10:12:41 +00:00
|
|
|
key, err := app.CreatePreAuthKey(namespace.Name, true, false, nil, nil)
|
2021-05-02 18:47:36 +00:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
|
|
|
// Did we get a valid key?
|
2021-11-15 16:16:04 +00:00
|
|
|
c.Assert(key.Key, check.NotNil)
|
|
|
|
c.Assert(len(key.Key), check.Equals, 48)
|
2021-05-02 18:47:36 +00:00
|
|
|
|
|
|
|
// Make sure the Namespace association is populated
|
2021-11-15 16:16:04 +00:00
|
|
|
c.Assert(key.Namespace.Name, check.Equals, namespace.Name)
|
2021-05-02 18:47:36 +00:00
|
|
|
|
2021-11-15 16:16:04 +00:00
|
|
|
_, err = app.ListPreAuthKeys("bogus")
|
2021-05-02 18:47:36 +00:00
|
|
|
c.Assert(err, check.NotNil)
|
|
|
|
|
2021-11-15 16:16:04 +00:00
|
|
|
keys, err := app.ListPreAuthKeys(namespace.Name)
|
2021-05-02 18:47:36 +00:00
|
|
|
c.Assert(err, check.IsNil)
|
2021-11-04 22:14:39 +00:00
|
|
|
c.Assert(len(keys), check.Equals, 1)
|
2021-05-02 18:47:36 +00:00
|
|
|
|
|
|
|
// Make sure the Namespace association is populated
|
2021-11-15 16:16:04 +00:00
|
|
|
c.Assert((keys)[0].Namespace.Name, check.Equals, namespace.Name)
|
2021-05-02 18:47:36 +00:00
|
|
|
}
|
2021-05-05 21:00:04 +00:00
|
|
|
|
|
|
|
func (*Suite) TestExpiredPreAuthKey(c *check.C) {
|
2021-11-15 16:16:04 +00:00
|
|
|
namespace, err := app.CreateNamespace("test2")
|
2021-05-05 21:00:04 +00:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
|
|
|
now := time.Now()
|
2022-08-25 10:12:41 +00:00
|
|
|
pak, err := app.CreatePreAuthKey(namespace.Name, true, false, &now, nil)
|
2021-05-05 21:00:04 +00:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2021-11-15 16:16:04 +00:00
|
|
|
key, err := app.checkKeyValidity(pak.Key)
|
2022-07-29 15:35:21 +00:00
|
|
|
c.Assert(err, check.Equals, ErrPreAuthKeyExpired)
|
2021-11-15 16:16:04 +00:00
|
|
|
c.Assert(key, check.IsNil)
|
2021-05-05 21:00:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (*Suite) TestPreAuthKeyDoesNotExist(c *check.C) {
|
2021-11-15 16:16:04 +00:00
|
|
|
key, err := app.checkKeyValidity("potatoKey")
|
2022-07-29 15:35:21 +00:00
|
|
|
c.Assert(err, check.Equals, ErrPreAuthKeyNotFound)
|
2021-11-15 16:16:04 +00:00
|
|
|
c.Assert(key, check.IsNil)
|
2021-05-05 21:00:04 +00:00
|
|
|
}
|
2021-05-05 22:08:36 +00:00
|
|
|
|
|
|
|
func (*Suite) TestValidateKeyOk(c *check.C) {
|
2021-11-15 16:16:04 +00:00
|
|
|
namespace, err := app.CreateNamespace("test3")
|
2021-05-05 22:08:36 +00:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2022-08-25 10:12:41 +00:00
|
|
|
pak, err := app.CreatePreAuthKey(namespace.Name, true, false, nil, nil)
|
2021-05-05 22:08:36 +00:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2021-11-15 16:16:04 +00:00
|
|
|
key, err := app.checkKeyValidity(pak.Key)
|
2021-05-05 22:08:36 +00:00
|
|
|
c.Assert(err, check.IsNil)
|
2021-11-15 16:16:04 +00:00
|
|
|
c.Assert(key.ID, check.Equals, pak.ID)
|
2021-05-05 22:08:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (*Suite) TestAlreadyUsedKey(c *check.C) {
|
2021-11-15 16:16:04 +00:00
|
|
|
namespace, err := app.CreateNamespace("test4")
|
2021-05-05 22:08:36 +00:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2022-08-25 10:12:41 +00:00
|
|
|
pak, err := app.CreatePreAuthKey(namespace.Name, false, false, nil, nil)
|
2021-05-05 22:08:36 +00:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2021-11-15 16:16:04 +00:00
|
|
|
machine := Machine{
|
2021-05-05 22:08:36 +00:00
|
|
|
ID: 0,
|
|
|
|
MachineKey: "foo",
|
|
|
|
NodeKey: "bar",
|
|
|
|
DiscoKey: "faa",
|
2022-04-24 19:54:38 +00:00
|
|
|
Hostname: "testest",
|
2021-11-15 16:16:04 +00:00
|
|
|
NamespaceID: namespace.ID,
|
2021-11-18 08:49:55 +00:00
|
|
|
RegisterMethod: RegisterMethodAuthKey,
|
2021-05-05 22:08:36 +00:00
|
|
|
AuthKeyID: uint(pak.ID),
|
|
|
|
}
|
2021-11-15 16:16:04 +00:00
|
|
|
app.db.Save(&machine)
|
2021-05-05 22:08:36 +00:00
|
|
|
|
2021-11-15 16:16:04 +00:00
|
|
|
key, err := app.checkKeyValidity(pak.Key)
|
2022-07-29 15:35:21 +00:00
|
|
|
c.Assert(err, check.Equals, ErrSingleUseAuthKeyHasBeenUsed)
|
2021-11-15 16:16:04 +00:00
|
|
|
c.Assert(key, check.IsNil)
|
2021-05-05 22:08:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (*Suite) TestReusableBeingUsedKey(c *check.C) {
|
2021-11-15 16:16:04 +00:00
|
|
|
namespace, err := app.CreateNamespace("test5")
|
2021-05-05 22:08:36 +00:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2022-08-25 10:12:41 +00:00
|
|
|
pak, err := app.CreatePreAuthKey(namespace.Name, true, false, nil, nil)
|
2021-05-05 22:08:36 +00:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2021-11-15 16:16:04 +00:00
|
|
|
machine := Machine{
|
2021-05-05 22:08:36 +00:00
|
|
|
ID: 1,
|
|
|
|
MachineKey: "foo",
|
|
|
|
NodeKey: "bar",
|
|
|
|
DiscoKey: "faa",
|
2022-04-24 19:54:38 +00:00
|
|
|
Hostname: "testest",
|
2021-11-15 16:16:04 +00:00
|
|
|
NamespaceID: namespace.ID,
|
2021-11-18 08:49:55 +00:00
|
|
|
RegisterMethod: RegisterMethodAuthKey,
|
2021-05-05 22:08:36 +00:00
|
|
|
AuthKeyID: uint(pak.ID),
|
|
|
|
}
|
2021-11-15 16:16:04 +00:00
|
|
|
app.db.Save(&machine)
|
2021-05-05 22:08:36 +00:00
|
|
|
|
2021-11-15 16:16:04 +00:00
|
|
|
key, err := app.checkKeyValidity(pak.Key)
|
2021-05-05 22:08:36 +00:00
|
|
|
c.Assert(err, check.IsNil)
|
2021-11-15 16:16:04 +00:00
|
|
|
c.Assert(key.ID, check.Equals, pak.ID)
|
2021-05-05 22:08:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (*Suite) TestNotReusableNotBeingUsedKey(c *check.C) {
|
2021-11-15 16:16:04 +00:00
|
|
|
namespace, err := app.CreateNamespace("test6")
|
2021-05-05 22:08:36 +00:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2022-08-25 10:12:41 +00:00
|
|
|
pak, err := app.CreatePreAuthKey(namespace.Name, false, false, nil, nil)
|
2021-05-05 22:08:36 +00:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2021-11-15 16:16:04 +00:00
|
|
|
key, err := app.checkKeyValidity(pak.Key)
|
2021-05-05 22:08:36 +00:00
|
|
|
c.Assert(err, check.IsNil)
|
2021-11-15 16:16:04 +00:00
|
|
|
c.Assert(key.ID, check.Equals, pak.ID)
|
2021-05-05 22:08:36 +00:00
|
|
|
}
|
2021-05-23 00:15:29 +00:00
|
|
|
|
|
|
|
func (*Suite) TestEphemeralKey(c *check.C) {
|
2021-11-15 16:16:04 +00:00
|
|
|
namespace, err := app.CreateNamespace("test7")
|
2021-05-23 00:15:29 +00:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2022-08-25 10:12:41 +00:00
|
|
|
pak, err := app.CreatePreAuthKey(namespace.Name, false, true, nil, nil)
|
2021-05-23 00:15:29 +00:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
|
|
|
now := time.Now()
|
2021-11-15 16:16:04 +00:00
|
|
|
machine := Machine{
|
2021-05-23 00:15:29 +00:00
|
|
|
ID: 0,
|
|
|
|
MachineKey: "foo",
|
|
|
|
NodeKey: "bar",
|
|
|
|
DiscoKey: "faa",
|
2022-04-24 19:54:38 +00:00
|
|
|
Hostname: "testest",
|
2021-11-15 16:16:04 +00:00
|
|
|
NamespaceID: namespace.ID,
|
2021-11-18 08:49:55 +00:00
|
|
|
RegisterMethod: RegisterMethodAuthKey,
|
2021-05-23 00:15:29 +00:00
|
|
|
LastSeen: &now,
|
|
|
|
AuthKeyID: uint(pak.ID),
|
|
|
|
}
|
2021-11-15 16:16:04 +00:00
|
|
|
app.db.Save(&machine)
|
2021-05-23 00:15:29 +00:00
|
|
|
|
2021-11-15 16:16:04 +00:00
|
|
|
_, err = app.checkKeyValidity(pak.Key)
|
2021-05-23 00:15:29 +00:00
|
|
|
// Ephemeral keys are by definition reusable
|
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2021-11-15 16:16:04 +00:00
|
|
|
_, err = app.GetMachine("test7", "testest")
|
2021-05-23 00:15:29 +00:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2021-11-15 16:16:04 +00:00
|
|
|
app.expireEphemeralNodesWorker()
|
2021-05-23 00:15:29 +00:00
|
|
|
|
|
|
|
// The machine record should have been deleted
|
2021-11-15 16:16:04 +00:00
|
|
|
_, err = app.GetMachine("test7", "testest")
|
2021-05-23 00:15:29 +00:00
|
|
|
c.Assert(err, check.NotNil)
|
|
|
|
}
|
2021-08-07 21:57:52 +00:00
|
|
|
|
|
|
|
func (*Suite) TestExpirePreauthKey(c *check.C) {
|
2021-11-15 16:16:04 +00:00
|
|
|
namespace, err := app.CreateNamespace("test3")
|
2021-08-07 21:57:52 +00:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2022-08-25 10:12:41 +00:00
|
|
|
pak, err := app.CreatePreAuthKey(namespace.Name, true, false, nil, nil)
|
2021-08-07 21:57:52 +00:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
c.Assert(pak.Expiration, check.IsNil)
|
|
|
|
|
2021-11-15 16:16:04 +00:00
|
|
|
err = app.ExpirePreAuthKey(pak)
|
2021-08-07 21:57:52 +00:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
c.Assert(pak.Expiration, check.NotNil)
|
|
|
|
|
2021-11-15 16:16:04 +00:00
|
|
|
key, err := app.checkKeyValidity(pak.Key)
|
2022-07-29 15:35:21 +00:00
|
|
|
c.Assert(err, check.Equals, ErrPreAuthKeyExpired)
|
2021-11-15 16:16:04 +00:00
|
|
|
c.Assert(key, check.IsNil)
|
2021-08-07 21:57:52 +00:00
|
|
|
}
|
2021-10-13 16:13:26 +00:00
|
|
|
|
2021-10-13 20:51:55 +00:00
|
|
|
func (*Suite) TestNotReusableMarkedAsUsed(c *check.C) {
|
2021-11-15 16:16:04 +00:00
|
|
|
namespace, err := app.CreateNamespace("test6")
|
2021-10-13 16:13:26 +00:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
2022-08-25 10:12:41 +00:00
|
|
|
pak, err := app.CreatePreAuthKey(namespace.Name, false, false, nil, nil)
|
2021-10-13 16:13:26 +00:00
|
|
|
c.Assert(err, check.IsNil)
|
2021-10-13 20:51:55 +00:00
|
|
|
pak.Used = true
|
2021-11-15 16:16:04 +00:00
|
|
|
app.db.Save(&pak)
|
2021-10-13 16:13:26 +00:00
|
|
|
|
2021-11-15 16:16:04 +00:00
|
|
|
_, err = app.checkKeyValidity(pak.Key)
|
2022-07-29 15:35:21 +00:00
|
|
|
c.Assert(err, check.Equals, ErrSingleUseAuthKeyHasBeenUsed)
|
2021-10-13 16:13:26 +00:00
|
|
|
}
|
2022-08-25 10:43:15 +00:00
|
|
|
|
2022-09-07 12:12:29 +00:00
|
|
|
func (*Suite) TestPreAuthKeyACLTags(c *check.C) {
|
2022-08-25 10:43:15 +00:00
|
|
|
namespace, err := app.CreateNamespace("test8")
|
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
|
|
|
_, err = app.CreatePreAuthKey(namespace.Name, false, false, nil, []string{"badtag"})
|
|
|
|
c.Assert(err, check.NotNil) // Confirm that malformed tags are rejected
|
|
|
|
|
|
|
|
tags := []string{"tag:test1", "tag:test2"}
|
|
|
|
tagsWithDuplicate := []string{"tag:test1", "tag:test2", "tag:test2"}
|
|
|
|
_, err = app.CreatePreAuthKey(namespace.Name, false, false, nil, tagsWithDuplicate)
|
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
|
|
|
listedPaks, err := app.ListPreAuthKeys("test8")
|
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
c.Assert(listedPaks[0].toProto().AclTags, check.DeepEquals, tags)
|
|
|
|
}
|