diff --git a/control/controlclient/auto.go b/control/controlclient/auto.go index 3c213de9c..edd0ae29c 100644 --- a/control/controlclient/auto.go +++ b/control/controlclient/auto.go @@ -26,9 +26,8 @@ type LoginGoal struct { _ structs.Incomparable - token *tailcfg.Oauth2Token // oauth token to use when logging in - flags LoginFlags // flags to use when logging in - url string // auth url that needs to be visited + flags LoginFlags // flags to use when logging in + url string // auth url that needs to be visited } var _ Client = (*Auto)(nil) @@ -338,7 +337,7 @@ func (c *Auto) authRoutine() { url, err = c.direct.WaitLoginURL(ctx, goal.url) f = "WaitLoginURL" } else { - url, err = c.direct.TryLogin(ctx, goal.token, goal.flags) + url, err = c.direct.TryLogin(ctx, goal.flags) f = "TryLogin" } if err != nil { @@ -612,8 +611,8 @@ func (c *Auto) sendStatus(who string, err error, url string, nm *netmap.NetworkM }) } -func (c *Auto) Login(t *tailcfg.Oauth2Token, flags LoginFlags) { - c.logf("client.Login(%v, %v)", t != nil, flags) +func (c *Auto) Login(flags LoginFlags) { + c.logf("client.Login(%v)", flags) c.mu.Lock() defer c.mu.Unlock() @@ -625,7 +624,6 @@ func (c *Auto) Login(t *tailcfg.Oauth2Token, flags LoginFlags) { } c.wantLoggedIn = true c.loginGoal = &LoginGoal{ - token: t, flags: flags, } c.cancelMapCtxLocked() diff --git a/control/controlclient/client.go b/control/controlclient/client.go index 1aaaff115..8df64f9e8 100644 --- a/control/controlclient/client.go +++ b/control/controlclient/client.go @@ -45,7 +45,7 @@ type Client interface { // LoginFinished flag (on success) or an auth URL (if further // interaction is needed). It merely sets the process in motion, // and doesn't wait for it to complete. - Login(*tailcfg.Oauth2Token, LoginFlags) + Login(LoginFlags) // Logout starts a synchronous logout process. It doesn't return // until the logout operation has been completed. Logout(context.Context) error diff --git a/control/controlclient/direct.go b/control/controlclient/direct.go index 95b698a14..24adec882 100644 --- a/control/controlclient/direct.go +++ b/control/controlclient/direct.go @@ -401,12 +401,12 @@ func (c *Direct) TryLogout(ctx context.Context) error { return err } -func (c *Direct) TryLogin(ctx context.Context, t *tailcfg.Oauth2Token, flags LoginFlags) (url string, err error) { +func (c *Direct) TryLogin(ctx context.Context, flags LoginFlags) (url string, err error) { if strings.Contains(c.serverURL, "controlplane.tailscale.com") && envknob.Bool("TS_PANIC_IF_HIT_MAIN_CONTROL") { panic(fmt.Sprintf("[unexpected] controlclient: TryLogin called on %s; tainted=%v", c.serverURL, c.panicOnUse)) } - c.logf("[v1] direct.TryLogin(token=%v, flags=%v)", t != nil, flags) - return c.doLoginOrRegen(ctx, loginOpt{Token: t, Flags: flags}) + c.logf("[v1] direct.TryLogin(flags=%v)", flags) + return c.doLoginOrRegen(ctx, loginOpt{Flags: flags}) } // WaitLoginURL sits in a long poll waiting for the user to authenticate at url. @@ -441,7 +441,6 @@ func (c *Direct) SetExpirySooner(ctx context.Context, expiry time.Time) error { } type loginOpt struct { - Token *tailcfg.Oauth2Token Flags LoginFlags Regen bool // generate a new nodekey, can be overridden in doLogin URL string @@ -610,10 +609,9 @@ func (c *Direct) doLogin(ctx context.Context, opt loginOpt) (mustRegen bool, new c.logf("RegisterReq: onode=%v node=%v fup=%v nks=%v", request.OldNodeKey.ShortString(), request.NodeKey.ShortString(), opt.URL != "", len(nodeKeySignature) > 0) - if opt.Token != nil || authKey != "" { + if authKey != "" { request.Auth = &tailcfg.RegisterResponseAuth{ - Oauth2Token: opt.Token, - AuthKey: authKey, + AuthKey: authKey, } } err = signRegisterRequest(&request, c.serverURL, c.serverLegacyKey, machinePrivKey.Public()) diff --git a/ipn/ipnlocal/local.go b/ipn/ipnlocal/local.go index 9fea49870..88f1110d5 100644 --- a/ipn/ipnlocal/local.go +++ b/ipn/ipnlocal/local.go @@ -1842,7 +1842,7 @@ func (b *LocalBackend) Start(opts ipn.Options) error { // Without this, the state machine transitions to "NeedsLogin" implying // that user interaction is required, which is not the case and can // regress tsnet.Server restarts. - cc.Login(nil, controlclient.LoginDefault) + cc.Login(controlclient.LoginDefault) } b.stateMachineLockedOnEntry(unlock) @@ -2825,7 +2825,7 @@ func (b *LocalBackend) StartLoginInteractive(ctx context.Context) error { if url != "" && timeSinceAuthURLCreated < ((7*24*time.Hour)-(1*time.Hour)) { b.popBrowserAuthNow() } else { - cc.Login(nil, b.loginFlags|controlclient.LoginInteractive) + cc.Login(b.loginFlags | controlclient.LoginInteractive) } return nil } @@ -3339,7 +3339,7 @@ func (b *LocalBackend) setPrefsLockedOnEntry(newp *ipn.Prefs, unlock unlockOnce) if !oldp.WantRunning() && newp.WantRunning { b.logf("transitioning to running; doing Login...") - cc.Login(nil, controlclient.LoginDefault) + cc.Login(controlclient.LoginDefault) } if oldp.WantRunning() != newp.WantRunning { diff --git a/ipn/ipnlocal/state_test.go b/ipn/ipnlocal/state_test.go index f1b11e737..d9ed608d8 100644 --- a/ipn/ipnlocal/state_test.go +++ b/ipn/ipnlocal/state_test.go @@ -198,8 +198,8 @@ func (cc *mockControl) Shutdown() { // Login starts a login process. Note that in this mock, we don't automatically // generate notifications about the progress of the login operation. You have to // call send() as required by the test. -func (cc *mockControl) Login(t *tailcfg.Oauth2Token, flags controlclient.LoginFlags) { - cc.logf("Login token=%v flags=%v", t, flags) +func (cc *mockControl) Login(flags controlclient.LoginFlags) { + cc.logf("Login flags=%v", flags) cc.called("Login") newKeys := cc.populateKeys() @@ -265,7 +265,7 @@ func (b *LocalBackend) nonInteractiveLoginForStateTest() { cc := b.cc b.mu.Unlock() - cc.Login(nil, b.loginFlags|controlclient.LoginInteractive) + cc.Login(b.loginFlags | controlclient.LoginInteractive) } // A very precise test of the sequence of function calls generated by diff --git a/tailcfg/tailcfg.go b/tailcfg/tailcfg.go index c842b88d3..98ea855ec 100644 --- a/tailcfg/tailcfg.go +++ b/tailcfg/tailcfg.go @@ -1082,7 +1082,7 @@ type RegisterResponseAuth struct { // At most one of Oauth2Token or AuthKey is set. - Oauth2Token *Oauth2Token `json:",omitempty"` + Oauth2Token *Oauth2Token `json:",omitempty"` // used by pre-1.66 Android only AuthKey string `json:",omitempty"` }