|
|
|
|
@ -31,6 +31,7 @@ import ( |
|
|
|
|
"tailscale.com/tailcfg" |
|
|
|
|
"tailscale.com/testy" |
|
|
|
|
"tailscale.io/control" // not yet released
|
|
|
|
|
"tailscale.io/control/cfgdb" |
|
|
|
|
) |
|
|
|
|
|
|
|
|
|
func TestTest(t *testing.T) { |
|
|
|
|
@ -716,6 +717,69 @@ func TestRefresh(t *testing.T) { |
|
|
|
|
c1.Shutdown() |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
func TestAuthKey(t *testing.T) { |
|
|
|
|
var nowMu sync.Mutex |
|
|
|
|
now := time.Now() // Server and Client use this variable as the current time
|
|
|
|
|
timeNow := func() time.Time { |
|
|
|
|
nowMu.Lock() |
|
|
|
|
defer nowMu.Unlock() |
|
|
|
|
return now |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
s := newServer(t) |
|
|
|
|
s.control.TimeNow = timeNow |
|
|
|
|
defer s.close() |
|
|
|
|
|
|
|
|
|
const loginName = "testuser1@example.com" |
|
|
|
|
user, err := s.control.DB().FindOrCreateUser("google", loginName, "", "") |
|
|
|
|
if err != nil { |
|
|
|
|
t.Fatal(err) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
t.Run("one-off", func(t *testing.T) { |
|
|
|
|
oneOffKey, err := s.control.DB().NewAPIKey(user.ID, cfgdb.KeyCapabilities{ |
|
|
|
|
Bits: cfgdb.KeyCapOneOffNodeAuth, |
|
|
|
|
}) |
|
|
|
|
if err != nil { |
|
|
|
|
t.Fatal(err) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
c1 := s.newClientWithKey(t, "c1", string(oneOffKey)) |
|
|
|
|
c1.Login(nil, 0) |
|
|
|
|
c1.waitStatus(t, stateAuthenticated) |
|
|
|
|
c1.waitStatus(t, stateSynchronized) |
|
|
|
|
c1.Shutdown() |
|
|
|
|
|
|
|
|
|
// Key won't work a second time.
|
|
|
|
|
c2 := s.newClientWithKey(t, "c2", string(oneOffKey)) |
|
|
|
|
c2.Login(nil, 0) |
|
|
|
|
status := c2.readStatus(t) |
|
|
|
|
if e, substr := status.New.Err, `revoked`; !strings.Contains(e, substr) { |
|
|
|
|
t.Errorf("Err=%q, expect substring %q", e, substr) |
|
|
|
|
} |
|
|
|
|
c2.Shutdown() |
|
|
|
|
}) |
|
|
|
|
|
|
|
|
|
t.Run("followup", func(t *testing.T) { |
|
|
|
|
key, err := s.control.DB().NewAPIKey(user.ID, cfgdb.KeyCapabilities{ |
|
|
|
|
Bits: cfgdb.KeyCapNodeAuth, |
|
|
|
|
}) |
|
|
|
|
if err != nil { |
|
|
|
|
t.Fatal(err) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
c1 := s.newClient(t, "c1") |
|
|
|
|
c1.Login(nil, 0) |
|
|
|
|
c1.waitStatus(t, stateURLVisitRequired) |
|
|
|
|
|
|
|
|
|
c1.direct.authKey = string(key) |
|
|
|
|
c1.Login(nil, 0) |
|
|
|
|
c1.waitStatus(t, stateAuthenticated) |
|
|
|
|
c1.waitStatus(t, stateSynchronized) |
|
|
|
|
c1.Shutdown() |
|
|
|
|
}) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
func TestExpectedProvider(t *testing.T) { |
|
|
|
|
s := newServer(t) |
|
|
|
|
defer s.close() |
|
|
|
|
@ -1008,6 +1072,10 @@ type statusChange struct { |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
func (s *server) newClient(t *testing.T, name string) *client { |
|
|
|
|
return s.newClientWithKey(t, name, "") |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
func (s *server) newClientWithKey(t *testing.T, name, authKey string) *client { |
|
|
|
|
t.Helper() |
|
|
|
|
|
|
|
|
|
ch := make(chan statusChange, 1024) |
|
|
|
|
@ -1033,6 +1101,7 @@ func (s *server) newClient(t *testing.T, name string) *client { |
|
|
|
|
return zstd.NewReader(nil) |
|
|
|
|
}, |
|
|
|
|
KeepAlive: true, |
|
|
|
|
AuthKey: authKey, |
|
|
|
|
}) |
|
|
|
|
ctlc.SetStatusFunc(func(new Status) { |
|
|
|
|
select { |
|
|
|
|
|
David Crawshaw
6 years ago