mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-26 03:25:35 +00:00
6c79f55d48
Fixes tailscale/support-escalations#23. authURLs returned by control expire after 1 hour from creation. Customer reported that the Tailscale client on macOS would sending users to a stale authentication page when clicking on the `Login...` menu item. This can happen when clicking on Login after leaving the device unattended for several days. The device key expires, leading to the creation of a new authURL, however the client doesn't keep track of when the authURL was created. Meaning that `login-interactive` would send the user to an authURL that had expired server-side a long time before. This PR ensures that whenever `login-interactive` is called via LocalAPI, an authURL that is too old won't be used. We force control to give us a new authURL whenever it's been more than 30 minutes since the last authURL was sent down from control. Apply suggestions from code review Set interval to 6 days and 23 hours Signed-off-by: Andrea Gottardo <andrea@tailscale.com> Signed-off-by: Andrea Gottardo <andrea@gottardo.me> |
||
|---|---|---|
| .. | ||
| testdata | ||
| breaktcp_darwin.go | ||
| breaktcp_linux.go | ||
| c2n_pprof.go | ||
| c2n_test.go | ||
| c2n.go | ||
| cert_js.go | ||
| cert_test.go | ||
| cert.go | ||
| dnsconfig_test.go | ||
| expiry_test.go | ||
| expiry.go | ||
| local_test.go | ||
| local.go | ||
| loglines_test.go | ||
| network-lock_test.go | ||
| network-lock.go | ||
| peerapi_h2c.go | ||
| peerapi_macios_ext.go | ||
| peerapi_test.go | ||
| peerapi.go | ||
| profiles_notwindows.go | ||
| profiles_test.go | ||
| profiles_windows.go | ||
| profiles.go | ||
| serve_test.go | ||
| serve.go | ||
| ssh_stub.go | ||
| ssh_test.go | ||
| ssh.go | ||
| state_test.go | ||
| web_client_stub.go | ||
| web_client.go | ||