Refresh machines with correct new expiry

2023-01-11 13:21:30 +01:00 · 2023-01-11 13:21:30 +01:00 · dd173ecc1f
commit dd173ecc1f
parent 8ca0fb7ed0
2 changed files with 8 additions and 2 deletions
--- a/machine.go
+++ b/machine.go
@ -873,6 +873,7 @@ func (h *Headscale) RegisterMachineFromAuthCallback(
 		Str("nodeKey", nodeKey.ShortString()).
 		Str("namespaceName", namespaceName).
 		Str("registrationMethod", registrationMethod).
 		Str("expiresAt", fmt.Sprintf("%v", machineExpiry)).
 		Msg("Registering machine from API/CLI or auth callback")
 	if machineInterface, ok := h.registrationCache.Get(NodePublicKeyStripPrefix(nodeKey)); ok {
--- a/oidc.go
+++ b/oidc.go
@ -218,7 +218,7 @@ func (h *Headscale) OIDCCallback(
 		return
 	}
-	nodeKey, machineExists, err := h.validateMachineForOIDCCallback(writer, state, claims)
+	nodeKey, machineExists, err := h.validateMachineForOIDCCallback(writer, state, claims, idToken.Expiry)
 	if err != nil || machineExists {
 		return
 	}
@ -476,6 +476,7 @@ func (h *Headscale) validateMachineForOIDCCallback(
 	writer http.ResponseWriter,
 	state string,
 	claims *IDTokenClaims,
 	expiry time.Time,
 ) (*key.NodePublic, bool, error) {
 	// retrieve machinekey from state cache
 	nodeKeyIf, nodeKeyFound := h.registrationCache.Get(state)
@ -546,7 +547,7 @@ func (h *Headscale) validateMachineForOIDCCallback(
 			Str("machine", machine.Hostname).
 			Msg("machine already registered, reauthenticating")
-		err := h.RefreshMachine(machine, time.Time{})
+		err := h.RefreshMachine(machine, expiry)
 		if err != nil {
 			log.Error().
 				Caller().
@ -560,6 +561,10 @@ func (h *Headscale) validateMachineForOIDCCallback(
 			return nil, true, err
 		}
 		log.Debug().
 			Str("machine", machine.Hostname).
 			Str("expiresAt", fmt.Sprintf("%v", expiry)).
 			Msg("successfully refreshed machine")
 		var content bytes.Buffer
 		if err := oidcCallbackTemplate.Execute(&content, oidcCallbackTemplateConfig{