use dedicated registration ID for auth flow (#2337)
This commit is contained in:
Kristoffer Dalby
GitHub
parent
97e5d95399
commit
4c8e847f47
26 changed files with 586 additions and 586 deletions
|
|
@ -1,13 +1,9 @@
|
|||
package integration
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"log"
|
||||
"net/http"
|
||||
"net/netip"
|
||||
"net/url"
|
||||
"strings"
|
||||
|
|
@ -47,7 +43,6 @@ func TestAuthWebFlowAuthenticationPingAll(t *testing.T) {
|
|||
hsic.WithTestName("webauthping"),
|
||||
hsic.WithEmbeddedDERPServerOnly(),
|
||||
hsic.WithTLS(),
|
||||
hsic.WithHostnameAsServerURL(),
|
||||
)
|
||||
assertNoErrHeadscaleEnv(t, err)
|
||||
|
||||
|
|
@ -87,7 +82,10 @@ func TestAuthWebFlowLogoutAndRelogin(t *testing.T) {
|
|||
"user2": len(MustTestVersions),
|
||||
}
|
||||
|
||||
err = scenario.CreateHeadscaleEnv(spec, hsic.WithTestName("weblogout"))
|
||||
err = scenario.CreateHeadscaleEnv(spec,
|
||||
hsic.WithTestName("weblogout"),
|
||||
hsic.WithTLS(),
|
||||
)
|
||||
assertNoErrHeadscaleEnv(t, err)
|
||||
|
||||
allClients, err := scenario.ListTailscaleClients()
|
||||
|
|
@ -135,7 +133,7 @@ func TestAuthWebFlowLogoutAndRelogin(t *testing.T) {
|
|||
for userName := range spec {
|
||||
err = scenario.runTailscaleUp(userName, headscale.GetEndpoint())
|
||||
if err != nil {
|
||||
t.Fatalf("failed to run tailscale up: %s", err)
|
||||
t.Fatalf("failed to run tailscale up (%q): %s", headscale.GetEndpoint(), err)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -227,11 +225,12 @@ func (s *AuthWebFlowScenario) CreateHeadscaleEnv(
|
|||
func (s *AuthWebFlowScenario) runTailscaleUp(
|
||||
userStr, loginServer string,
|
||||
) error {
|
||||
log.Printf("running tailscale up for user %s", userStr)
|
||||
log.Printf("running tailscale up for user %q", userStr)
|
||||
if user, ok := s.users[userStr]; ok {
|
||||
for _, client := range user.Clients {
|
||||
c := client
|
||||
user.joinWaitGroup.Go(func() error {
|
||||
log.Printf("logging %q into %q", c.Hostname(), loginServer)
|
||||
loginURL, err := c.LoginWithURL(loginServer)
|
||||
if err != nil {
|
||||
log.Printf("failed to run tailscale up (%s): %s", c.Hostname(), err)
|
||||
|
|
@ -273,39 +272,11 @@ func (s *AuthWebFlowScenario) runTailscaleUp(
|
|||
}
|
||||
|
||||
func (s *AuthWebFlowScenario) runHeadscaleRegister(userStr string, loginURL *url.URL) error {
|
||||
headscale, err := s.Headscale()
|
||||
body, err := doLoginURL("web-auth-not-set", loginURL)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
log.Printf("loginURL: %s", loginURL)
|
||||
loginURL.Host = fmt.Sprintf("%s:8080", headscale.GetIP())
|
||||
loginURL.Scheme = "http"
|
||||
|
||||
if len(headscale.GetCert()) > 0 {
|
||||
loginURL.Scheme = "https"
|
||||
}
|
||||
|
||||
insecureTransport := &http.Transport{
|
||||
TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, // nolint
|
||||
}
|
||||
httpClient := &http.Client{
|
||||
Transport: insecureTransport,
|
||||
}
|
||||
ctx := context.Background()
|
||||
req, _ := http.NewRequestWithContext(ctx, http.MethodGet, loginURL.String(), nil)
|
||||
resp, err := httpClient.Do(req)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
body, err := io.ReadAll(resp.Body)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
defer resp.Body.Close()
|
||||
|
||||
// see api.go HTML template
|
||||
codeSep := strings.Split(string(body), "</code>")
|
||||
if len(codeSep) != 2 {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue