// Copyright (c) Tailscale Inc & AUTHORS
// SPDX-License-Identifier: BSD-3-Clause
package captivedetection
import (
"context"
"net/http"
"net/http/httptest"
"net/url"
"runtime"
"strconv"
"sync"
"sync/atomic"
"testing"
"time"
"tailscale.com/derp/derphttp"
"tailscale.com/net/netmon"
"tailscale.com/syncs"
"tailscale.com/tstest/nettest"
"tailscale.com/util/must"
)
func TestAvailableEndpointsAlwaysAtLeastTwo(t *testing.T) {
endpoints := availableEndpoints(nil, 0, t.Logf, runtime.GOOS)
if len(endpoints) == 0 {
t.Errorf("Expected non-empty AvailableEndpoints, got an empty slice instead")
}
if len(endpoints) == 1 {
t.Errorf("Expected at least two AvailableEndpoints for redundancy, got only one instead")
}
for _, e := range endpoints {
if e.URL.Scheme != "http" {
t.Errorf("Expected HTTP URL in Endpoint, got HTTPS")
}
}
}
func TestDetectCaptivePortalReturnsFalse(t *testing.T) {
d := NewDetector(t.Logf)
found := d.Detect(context.Background(), netmon.NewStatic(), nil, 0)
if found {
t.Errorf("DetectCaptivePortal returned true, expected false.")
}
}
func TestEndpointsAreUpAndReturnExpectedResponse(t *testing.T) {
nettest.SkipIfNoNetwork(t)
d := NewDetector(t.Logf)
endpoints := availableEndpoints(nil, 0, t.Logf, runtime.GOOS)
t.Logf("testing %d endpoints", len(endpoints))
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
var good atomic.Bool
var wg sync.WaitGroup
sem := syncs.NewSemaphore(5)
for _, e := range endpoints {
wg.Add(1)
go func(endpoint Endpoint) {
defer wg.Done()
if !sem.AcquireContext(ctx) {
return
}
defer sem.Release()
found, err := d.verifyCaptivePortalEndpoint(ctx, endpoint, 0)
if err != nil && ctx.Err() == nil {
t.Logf("verifyCaptivePortalEndpoint failed with endpoint %v: %v", endpoint, err)
}
if found {
t.Logf("verifyCaptivePortalEndpoint with endpoint %v says we're behind a captive portal, but we aren't", endpoint)
return
}
good.Store(true)
t.Logf("endpoint good: %v", endpoint)
cancel()
}(e)
}
wg.Wait()
if !good.Load() {
t.Errorf("no good endpoints found")
}
}
func TestCaptivePortalRequest(t *testing.T) {
d := NewDetector(t.Logf)
now := time.Now()
d.clock = func() time.Time { return now }
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.Method != "GET" {
t.Errorf("expected GET, got %q", r.Method)
}
if r.URL.Path != "/generate_204" {
t.Errorf("expected /generate_204, got %q", r.URL.Path)
}
q := r.URL.Query()
if got, want := q.Get("t"), strconv.Itoa(int(now.Unix())); got != want {
t.Errorf("timestamp param; got %v, want %v", got, want)
}
w.Header().Set("X-Tailscale-Response", "response "+r.Header.Get("X-Tailscale-Challenge"))
w.WriteHeader(http.StatusNoContent)
}))
defer s.Close()
e := Endpoint{
URL: must.Get(url.Parse(s.URL + "/generate_204")),
StatusCode: 204,
ExpectedContent: "",
SupportsTailscaleChallenge: true,
}
found, err := d.verifyCaptivePortalEndpoint(ctx, e, 0)
if err != nil {
t.Fatalf("verifyCaptivePortalEndpoint = %v, %v", found, err)
}
if found {
t.Errorf("verifyCaptivePortalEndpoint = %v, want false", found)
}
}
func TestAgainstDERPHandler(t *testing.T) {
d := NewDetector(t.Logf)
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
s := httptest.NewServer(http.HandlerFunc(derphttp.ServeNoContent))
defer s.Close()
e := Endpoint{
URL: must.Get(url.Parse(s.URL + "/generate_204")),
StatusCode: 204,
ExpectedContent: "",
SupportsTailscaleChallenge: true,
}
found, err := d.verifyCaptivePortalEndpoint(ctx, e, 0)
if err != nil {
t.Fatalf("verifyCaptivePortalEndpoint = %v, %v", found, err)
}
if found {
t.Errorf("verifyCaptivePortalEndpoint = %v, want false", found)
}
}