2023-05-22 00:37:59 +08:00
|
|
|
package db
|
2021-05-03 02:47:36 +08:00
|
|
|
|
|
|
|
|
import (
|
2021-05-06 05:00:04 +08:00
|
|
|
"time"
|
2021-05-03 02:47:36 +08:00
|
|
|
|
2023-05-22 00:37:59 +08:00
|
|
|
"github.com/juanfont/headscale/hscontrol/types"
|
|
|
|
|
"github.com/juanfont/headscale/hscontrol/util"
|
2021-05-03 02:47:36 +08:00
|
|
|
"gopkg.in/check.v1"
|
2024-07-18 16:01:59 +08:00
|
|
|
"tailscale.com/types/ptr"
|
2021-05-03 02:47:36 +08:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func (*Suite) TestCreatePreAuthKey(c *check.C) {
|
2023-05-22 00:37:59 +08:00
|
|
|
_, err := db.CreatePreAuthKey("bogus", true, false, nil, nil)
|
2021-05-06 05:00:04 +08:00
|
|
|
|
2021-05-03 02:47:36 +08:00
|
|
|
c.Assert(err, check.NotNil)
|
|
|
|
|
|
2023-05-22 00:37:59 +08:00
|
|
|
user, err := db.CreateUser("test")
|
2021-05-03 02:47:36 +08:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
|
2023-05-22 00:37:59 +08:00
|
|
|
key, err := db.CreatePreAuthKey(user.Name, true, false, nil, nil)
|
2021-05-03 02:47:36 +08:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
|
|
|
|
|
// Did we get a valid key?
|
2021-11-16 00:16:04 +08:00
|
|
|
c.Assert(key.Key, check.NotNil)
|
|
|
|
|
c.Assert(len(key.Key), check.Equals, 48)
|
2021-05-03 02:47:36 +08:00
|
|
|
|
2023-01-18 00:43:44 +08:00
|
|
|
// Make sure the User association is populated
|
|
|
|
|
c.Assert(key.User.Name, check.Equals, user.Name)
|
2021-05-03 02:47:36 +08:00
|
|
|
|
2023-05-22 00:37:59 +08:00
|
|
|
_, err = db.ListPreAuthKeys("bogus")
|
2021-05-03 02:47:36 +08:00
|
|
|
c.Assert(err, check.NotNil)
|
|
|
|
|
|
2023-05-22 00:37:59 +08:00
|
|
|
keys, err := db.ListPreAuthKeys(user.Name)
|
2021-05-03 02:47:36 +08:00
|
|
|
c.Assert(err, check.IsNil)
|
2021-11-05 06:14:39 +08:00
|
|
|
c.Assert(len(keys), check.Equals, 1)
|
2021-05-03 02:47:36 +08:00
|
|
|
|
2023-01-18 00:43:44 +08:00
|
|
|
// Make sure the User association is populated
|
|
|
|
|
c.Assert((keys)[0].User.Name, check.Equals, user.Name)
|
2021-05-03 02:47:36 +08:00
|
|
|
}
|
2021-05-06 05:00:04 +08:00
|
|
|
|
|
|
|
|
func (*Suite) TestExpiredPreAuthKey(c *check.C) {
|
2023-05-22 00:37:59 +08:00
|
|
|
user, err := db.CreateUser("test2")
|
2021-05-06 05:00:04 +08:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
|
2024-02-09 00:28:19 +08:00
|
|
|
now := time.Now().Add(-5 * time.Second)
|
2023-05-22 00:37:59 +08:00
|
|
|
pak, err := db.CreatePreAuthKey(user.Name, true, false, &now, nil)
|
2021-05-06 05:00:04 +08:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
|
2023-05-22 00:37:59 +08:00
|
|
|
key, err := db.ValidatePreAuthKey(pak.Key)
|
2022-07-29 23:35:21 +08:00
|
|
|
c.Assert(err, check.Equals, ErrPreAuthKeyExpired)
|
2021-11-16 00:16:04 +08:00
|
|
|
c.Assert(key, check.IsNil)
|
2021-05-06 05:00:04 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (*Suite) TestPreAuthKeyDoesNotExist(c *check.C) {
|
2023-05-22 00:37:59 +08:00
|
|
|
key, err := db.ValidatePreAuthKey("potatoKey")
|
2022-07-29 23:35:21 +08:00
|
|
|
c.Assert(err, check.Equals, ErrPreAuthKeyNotFound)
|
2021-11-16 00:16:04 +08:00
|
|
|
c.Assert(key, check.IsNil)
|
2021-05-06 05:00:04 +08:00
|
|
|
}
|
2021-05-06 06:08:36 +08:00
|
|
|
|
|
|
|
|
func (*Suite) TestValidateKeyOk(c *check.C) {
|
2023-05-22 00:37:59 +08:00
|
|
|
user, err := db.CreateUser("test3")
|
2021-05-06 06:08:36 +08:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
|
2023-05-22 00:37:59 +08:00
|
|
|
pak, err := db.CreatePreAuthKey(user.Name, true, false, nil, nil)
|
2021-05-06 06:08:36 +08:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
|
2023-05-22 00:37:59 +08:00
|
|
|
key, err := db.ValidatePreAuthKey(pak.Key)
|
2021-05-06 06:08:36 +08:00
|
|
|
c.Assert(err, check.IsNil)
|
2021-11-16 00:16:04 +08:00
|
|
|
c.Assert(key.ID, check.Equals, pak.ID)
|
2021-05-06 06:08:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (*Suite) TestAlreadyUsedKey(c *check.C) {
|
2023-05-22 00:37:59 +08:00
|
|
|
user, err := db.CreateUser("test4")
|
2021-05-06 06:08:36 +08:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
|
2023-05-22 00:37:59 +08:00
|
|
|
pak, err := db.CreatePreAuthKey(user.Name, false, false, nil, nil)
|
2021-05-06 06:08:36 +08:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
|
2023-09-24 19:42:05 +08:00
|
|
|
node := types.Node{
|
2021-05-06 06:08:36 +08:00
|
|
|
ID: 0,
|
2022-04-25 03:54:38 +08:00
|
|
|
Hostname: "testest",
|
2023-01-18 03:36:46 +08:00
|
|
|
UserID: user.ID,
|
2023-05-22 00:37:59 +08:00
|
|
|
RegisterMethod: util.RegisterMethodAuthKey,
|
2024-07-18 16:01:59 +08:00
|
|
|
AuthKeyID: ptr.To(pak.ID),
|
2021-05-06 06:08:36 +08:00
|
|
|
}
|
2024-05-16 08:40:14 +08:00
|
|
|
trx := db.DB.Save(&node)
|
|
|
|
|
c.Assert(trx.Error, check.IsNil)
|
2021-05-06 06:08:36 +08:00
|
|
|
|
2023-05-22 00:37:59 +08:00
|
|
|
key, err := db.ValidatePreAuthKey(pak.Key)
|
2022-07-29 23:35:21 +08:00
|
|
|
c.Assert(err, check.Equals, ErrSingleUseAuthKeyHasBeenUsed)
|
2021-11-16 00:16:04 +08:00
|
|
|
c.Assert(key, check.IsNil)
|
2021-05-06 06:08:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (*Suite) TestReusableBeingUsedKey(c *check.C) {
|
2023-05-22 00:37:59 +08:00
|
|
|
user, err := db.CreateUser("test5")
|
2021-05-06 06:08:36 +08:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
|
2023-05-22 00:37:59 +08:00
|
|
|
pak, err := db.CreatePreAuthKey(user.Name, true, false, nil, nil)
|
2021-05-06 06:08:36 +08:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
|
2023-09-24 19:42:05 +08:00
|
|
|
node := types.Node{
|
2021-05-06 06:08:36 +08:00
|
|
|
ID: 1,
|
2022-04-25 03:54:38 +08:00
|
|
|
Hostname: "testest",
|
2023-01-18 03:36:46 +08:00
|
|
|
UserID: user.ID,
|
2023-05-22 00:37:59 +08:00
|
|
|
RegisterMethod: util.RegisterMethodAuthKey,
|
2024-07-18 16:01:59 +08:00
|
|
|
AuthKeyID: ptr.To(pak.ID),
|
2021-05-06 06:08:36 +08:00
|
|
|
}
|
2024-05-16 08:40:14 +08:00
|
|
|
trx := db.DB.Save(&node)
|
|
|
|
|
c.Assert(trx.Error, check.IsNil)
|
2021-05-06 06:08:36 +08:00
|
|
|
|
2023-05-22 00:37:59 +08:00
|
|
|
key, err := db.ValidatePreAuthKey(pak.Key)
|
2021-05-06 06:08:36 +08:00
|
|
|
c.Assert(err, check.IsNil)
|
2021-11-16 00:16:04 +08:00
|
|
|
c.Assert(key.ID, check.Equals, pak.ID)
|
2021-05-06 06:08:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (*Suite) TestNotReusableNotBeingUsedKey(c *check.C) {
|
2023-05-22 00:37:59 +08:00
|
|
|
user, err := db.CreateUser("test6")
|
2021-05-06 06:08:36 +08:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
|
2023-05-22 00:37:59 +08:00
|
|
|
pak, err := db.CreatePreAuthKey(user.Name, false, false, nil, nil)
|
2021-05-06 06:08:36 +08:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
|
2023-05-22 00:37:59 +08:00
|
|
|
key, err := db.ValidatePreAuthKey(pak.Key)
|
2021-05-06 06:08:36 +08:00
|
|
|
c.Assert(err, check.IsNil)
|
2021-11-16 00:16:04 +08:00
|
|
|
c.Assert(key.ID, check.Equals, pak.ID)
|
2021-05-06 06:08:36 +08:00
|
|
|
}
|
2021-05-23 08:15:29 +08:00
|
|
|
|
2021-08-08 05:57:52 +08:00
|
|
|
func (*Suite) TestExpirePreauthKey(c *check.C) {
|
2023-05-22 00:37:59 +08:00
|
|
|
user, err := db.CreateUser("test3")
|
2021-08-08 05:57:52 +08:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
|
2023-05-22 00:37:59 +08:00
|
|
|
pak, err := db.CreatePreAuthKey(user.Name, true, false, nil, nil)
|
2021-08-08 05:57:52 +08:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
c.Assert(pak.Expiration, check.IsNil)
|
|
|
|
|
|
2023-05-22 00:37:59 +08:00
|
|
|
err = db.ExpirePreAuthKey(pak)
|
2021-08-08 05:57:52 +08:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
c.Assert(pak.Expiration, check.NotNil)
|
|
|
|
|
|
2023-05-22 00:37:59 +08:00
|
|
|
key, err := db.ValidatePreAuthKey(pak.Key)
|
2022-07-29 23:35:21 +08:00
|
|
|
c.Assert(err, check.Equals, ErrPreAuthKeyExpired)
|
2021-11-16 00:16:04 +08:00
|
|
|
c.Assert(key, check.IsNil)
|
2021-08-08 05:57:52 +08:00
|
|
|
}
|
2021-10-14 00:13:26 +08:00
|
|
|
|
2021-10-14 04:51:55 +08:00
|
|
|
func (*Suite) TestNotReusableMarkedAsUsed(c *check.C) {
|
2023-05-22 00:37:59 +08:00
|
|
|
user, err := db.CreateUser("test6")
|
2021-10-14 00:13:26 +08:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
|
2023-05-22 00:37:59 +08:00
|
|
|
pak, err := db.CreatePreAuthKey(user.Name, false, false, nil, nil)
|
2021-10-14 00:13:26 +08:00
|
|
|
c.Assert(err, check.IsNil)
|
2021-10-14 04:51:55 +08:00
|
|
|
pak.Used = true
|
2024-02-09 00:28:19 +08:00
|
|
|
db.DB.Save(&pak)
|
2021-10-14 00:13:26 +08:00
|
|
|
|
2023-05-22 00:37:59 +08:00
|
|
|
_, err = db.ValidatePreAuthKey(pak.Key)
|
2022-07-29 23:35:21 +08:00
|
|
|
c.Assert(err, check.Equals, ErrSingleUseAuthKeyHasBeenUsed)
|
2021-10-14 00:13:26 +08:00
|
|
|
}
|
2022-08-25 18:43:15 +08:00
|
|
|
|
2022-09-07 20:12:29 +08:00
|
|
|
func (*Suite) TestPreAuthKeyACLTags(c *check.C) {
|
2023-05-22 00:37:59 +08:00
|
|
|
user, err := db.CreateUser("test8")
|
2022-08-25 18:43:15 +08:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
|
2023-05-22 00:37:59 +08:00
|
|
|
_, err = db.CreatePreAuthKey(user.Name, false, false, nil, []string{"badtag"})
|
2022-08-25 18:43:15 +08:00
|
|
|
c.Assert(err, check.NotNil) // Confirm that malformed tags are rejected
|
|
|
|
|
|
|
|
|
|
tags := []string{"tag:test1", "tag:test2"}
|
|
|
|
|
tagsWithDuplicate := []string{"tag:test1", "tag:test2", "tag:test2"}
|
2023-05-22 00:37:59 +08:00
|
|
|
_, err = db.CreatePreAuthKey(user.Name, false, false, nil, tagsWithDuplicate)
|
2022-08-25 18:43:15 +08:00
|
|
|
c.Assert(err, check.IsNil)
|
|
|
|
|
|
2023-05-22 00:37:59 +08:00
|
|
|
listedPaks, err := db.ListPreAuthKeys("test8")
|
2022-08-25 18:43:15 +08:00
|
|
|
c.Assert(err, check.IsNil)
|
2023-11-23 15:31:33 +08:00
|
|
|
c.Assert(listedPaks[0].Proto().GetAclTags(), check.DeepEquals, tags)
|
2022-08-25 18:43:15 +08:00
|
|
|
}
|
