mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-29 13:05:46 +00:00
6c79f55d48
Fixes tailscale/support-escalations#23. authURLs returned by control expire after 1 hour from creation. Customer reported that the Tailscale client on macOS would sending users to a stale authentication page when clicking on the `Login...` menu item. This can happen when clicking on Login after leaving the device unattended for several days. The device key expires, leading to the creation of a new authURL, however the client doesn't keep track of when the authURL was created. Meaning that `login-interactive` would send the user to an authURL that had expired server-side a long time before. This PR ensures that whenever `login-interactive` is called via LocalAPI, an authURL that is too old won't be used. We force control to give us a new authURL whenever it's been more than 30 minutes since the last authURL was sent down from control. Apply suggestions from code review Set interval to 6 days and 23 hours Signed-off-by: Andrea Gottardo <andrea@tailscale.com> Signed-off-by: Andrea Gottardo <andrea@gottardo.me> |
||
---|---|---|
.. | ||
testdata | ||
breaktcp_darwin.go | ||
breaktcp_linux.go | ||
c2n_pprof.go | ||
c2n_test.go | ||
c2n.go | ||
cert_js.go | ||
cert_test.go | ||
cert.go | ||
dnsconfig_test.go | ||
expiry_test.go | ||
expiry.go | ||
local_test.go | ||
local.go | ||
loglines_test.go | ||
network-lock_test.go | ||
network-lock.go | ||
peerapi_h2c.go | ||
peerapi_macios_ext.go | ||
peerapi_test.go | ||
peerapi.go | ||
profiles_notwindows.go | ||
profiles_test.go | ||
profiles_windows.go | ||
profiles.go | ||
serve_test.go | ||
serve.go | ||
ssh_stub.go | ||
ssh_test.go | ||
ssh.go | ||
state_test.go | ||
web_client_stub.go | ||
web_client.go |