headscale/preauth_keys_test.go

210 lines
5.5 KiB
Go
Raw Normal View History

package headscale
import (
2021-05-05 15:00:04 -06:00
"time"
"gopkg.in/check.v1"
)
func (*Suite) TestCreatePreAuthKey(c *check.C) {
2022-08-25 04:12:41 -06:00
_, err := app.CreatePreAuthKey("bogus", true, false, nil, nil)
2021-05-05 15:00:04 -06:00
c.Assert(err, check.NotNil)
user, err := app.CreateUser("test")
c.Assert(err, check.IsNil)
key, err := app.CreatePreAuthKey(user.Name, true, false, nil, nil)
c.Assert(err, check.IsNil)
// Did we get a valid key?
2021-11-15 09:16:04 -07:00
c.Assert(key.Key, check.NotNil)
c.Assert(len(key.Key), check.Equals, 48)
// Make sure the User association is populated
c.Assert(key.User.Name, check.Equals, user.Name)
2021-11-15 09:16:04 -07:00
_, err = app.ListPreAuthKeys("bogus")
c.Assert(err, check.NotNil)
keys, err := app.ListPreAuthKeys(user.Name)
c.Assert(err, check.IsNil)
c.Assert(len(keys), check.Equals, 1)
// Make sure the User association is populated
c.Assert((keys)[0].User.Name, check.Equals, user.Name)
}
2021-05-05 15:00:04 -06:00
func (*Suite) TestExpiredPreAuthKey(c *check.C) {
user, err := app.CreateUser("test2")
2021-05-05 15:00:04 -06:00
c.Assert(err, check.IsNil)
now := time.Now()
pak, err := app.CreatePreAuthKey(user.Name, true, false, &now, nil)
2021-05-05 15:00:04 -06:00
c.Assert(err, check.IsNil)
2021-11-15 09:16:04 -07:00
key, err := app.checkKeyValidity(pak.Key)
2022-07-29 09:35:21 -06:00
c.Assert(err, check.Equals, ErrPreAuthKeyExpired)
2021-11-15 09:16:04 -07:00
c.Assert(key, check.IsNil)
2021-05-05 15:00:04 -06:00
}
func (*Suite) TestPreAuthKeyDoesNotExist(c *check.C) {
2021-11-15 09:16:04 -07:00
key, err := app.checkKeyValidity("potatoKey")
2022-07-29 09:35:21 -06:00
c.Assert(err, check.Equals, ErrPreAuthKeyNotFound)
2021-11-15 09:16:04 -07:00
c.Assert(key, check.IsNil)
2021-05-05 15:00:04 -06:00
}
func (*Suite) TestValidateKeyOk(c *check.C) {
user, err := app.CreateUser("test3")
c.Assert(err, check.IsNil)
pak, err := app.CreatePreAuthKey(user.Name, true, false, nil, nil)
c.Assert(err, check.IsNil)
2021-11-15 09:16:04 -07:00
key, err := app.checkKeyValidity(pak.Key)
c.Assert(err, check.IsNil)
2021-11-15 09:16:04 -07:00
c.Assert(key.ID, check.Equals, pak.ID)
}
func (*Suite) TestAlreadyUsedKey(c *check.C) {
user, err := app.CreateUser("test4")
c.Assert(err, check.IsNil)
pak, err := app.CreatePreAuthKey(user.Name, false, false, nil, nil)
c.Assert(err, check.IsNil)
2021-11-15 09:16:04 -07:00
machine := Machine{
ID: 0,
MachineKey: "foo",
NodeKey: "bar",
DiscoKey: "faa",
Hostname: "testest",
UserID: user.ID,
2021-11-18 01:49:55 -07:00
RegisterMethod: RegisterMethodAuthKey,
AuthKeyID: uint(pak.ID),
}
2021-11-15 09:16:04 -07:00
app.db.Save(&machine)
2021-11-15 09:16:04 -07:00
key, err := app.checkKeyValidity(pak.Key)
2022-07-29 09:35:21 -06:00
c.Assert(err, check.Equals, ErrSingleUseAuthKeyHasBeenUsed)
2021-11-15 09:16:04 -07:00
c.Assert(key, check.IsNil)
}
func (*Suite) TestReusableBeingUsedKey(c *check.C) {
user, err := app.CreateUser("test5")
c.Assert(err, check.IsNil)
pak, err := app.CreatePreAuthKey(user.Name, true, false, nil, nil)
c.Assert(err, check.IsNil)
2021-11-15 09:16:04 -07:00
machine := Machine{
ID: 1,
MachineKey: "foo",
NodeKey: "bar",
DiscoKey: "faa",
Hostname: "testest",
UserID: user.ID,
2021-11-18 01:49:55 -07:00
RegisterMethod: RegisterMethodAuthKey,
AuthKeyID: uint(pak.ID),
}
2021-11-15 09:16:04 -07:00
app.db.Save(&machine)
2021-11-15 09:16:04 -07:00
key, err := app.checkKeyValidity(pak.Key)
c.Assert(err, check.IsNil)
2021-11-15 09:16:04 -07:00
c.Assert(key.ID, check.Equals, pak.ID)
}
func (*Suite) TestNotReusableNotBeingUsedKey(c *check.C) {
user, err := app.CreateUser("test6")
c.Assert(err, check.IsNil)
pak, err := app.CreatePreAuthKey(user.Name, false, false, nil, nil)
c.Assert(err, check.IsNil)
2021-11-15 09:16:04 -07:00
key, err := app.checkKeyValidity(pak.Key)
c.Assert(err, check.IsNil)
2021-11-15 09:16:04 -07:00
c.Assert(key.ID, check.Equals, pak.ID)
}
func (*Suite) TestEphemeralKey(c *check.C) {
user, err := app.CreateUser("test7")
c.Assert(err, check.IsNil)
pak, err := app.CreatePreAuthKey(user.Name, false, true, nil, nil)
c.Assert(err, check.IsNil)
now := time.Now()
2021-11-15 09:16:04 -07:00
machine := Machine{
ID: 0,
MachineKey: "foo",
NodeKey: "bar",
DiscoKey: "faa",
Hostname: "testest",
UserID: user.ID,
2021-11-18 01:49:55 -07:00
RegisterMethod: RegisterMethodAuthKey,
LastSeen: &now,
AuthKeyID: uint(pak.ID),
}
2021-11-15 09:16:04 -07:00
app.db.Save(&machine)
2021-11-15 09:16:04 -07:00
_, err = app.checkKeyValidity(pak.Key)
// Ephemeral keys are by definition reusable
c.Assert(err, check.IsNil)
2021-11-15 09:16:04 -07:00
_, err = app.GetMachine("test7", "testest")
c.Assert(err, check.IsNil)
2021-11-15 09:16:04 -07:00
app.expireEphemeralNodesWorker()
// The machine record should have been deleted
2021-11-15 09:16:04 -07:00
_, err = app.GetMachine("test7", "testest")
c.Assert(err, check.NotNil)
}
2021-08-07 15:57:52 -06:00
func (*Suite) TestExpirePreauthKey(c *check.C) {
user, err := app.CreateUser("test3")
2021-08-07 15:57:52 -06:00
c.Assert(err, check.IsNil)
pak, err := app.CreatePreAuthKey(user.Name, true, false, nil, nil)
2021-08-07 15:57:52 -06:00
c.Assert(err, check.IsNil)
c.Assert(pak.Expiration, check.IsNil)
2021-11-15 09:16:04 -07:00
err = app.ExpirePreAuthKey(pak)
2021-08-07 15:57:52 -06:00
c.Assert(err, check.IsNil)
c.Assert(pak.Expiration, check.NotNil)
2021-11-15 09:16:04 -07:00
key, err := app.checkKeyValidity(pak.Key)
2022-07-29 09:35:21 -06:00
c.Assert(err, check.Equals, ErrPreAuthKeyExpired)
2021-11-15 09:16:04 -07:00
c.Assert(key, check.IsNil)
2021-08-07 15:57:52 -06:00
}
func (*Suite) TestNotReusableMarkedAsUsed(c *check.C) {
user, err := app.CreateUser("test6")
c.Assert(err, check.IsNil)
pak, err := app.CreatePreAuthKey(user.Name, false, false, nil, nil)
c.Assert(err, check.IsNil)
pak.Used = true
2021-11-15 09:16:04 -07:00
app.db.Save(&pak)
2021-11-15 09:16:04 -07:00
_, err = app.checkKeyValidity(pak.Key)
2022-07-29 09:35:21 -06:00
c.Assert(err, check.Equals, ErrSingleUseAuthKeyHasBeenUsed)
}
2022-09-07 06:12:29 -06:00
func (*Suite) TestPreAuthKeyACLTags(c *check.C) {
user, err := app.CreateUser("test8")
c.Assert(err, check.IsNil)
_, err = app.CreatePreAuthKey(user.Name, false, false, nil, []string{"badtag"})
c.Assert(err, check.NotNil) // Confirm that malformed tags are rejected
tags := []string{"tag:test1", "tag:test2"}
tagsWithDuplicate := []string{"tag:test1", "tag:test2", "tag:test2"}
_, err = app.CreatePreAuthKey(user.Name, false, false, nil, tagsWithDuplicate)
c.Assert(err, check.IsNil)
listedPaks, err := app.ListPreAuthKeys("test8")
c.Assert(err, check.IsNil)
c.Assert(listedPaks[0].toProto().AclTags, check.DeepEquals, tags)
}