allow users to be defined with @ in v1 (#2495)

* allow users to be defined with @ in v1 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove integration test rewrite hack Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove test rewrite hack Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * add @ to integration tests Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * a bit to agressive removeals Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * fix last test Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2025-03-30 13:19:05 +02:00 · 2025-03-30 13:19:05 +02:00 · e3521be705
commit e3521be705
parent f52f15ff08
12 changed files with 76 additions and 150 deletions
--- a/hscontrol/policy/v1/acls.go
+++ b/hscontrol/policy/v1/acls.go
@ -969,6 +969,10 @@ var (
 func findUserFromToken(users []types.User, token string) (types.User, error) {
 	var potentialUsers []types.User

+	// This adds the v2 support to looking up users with the new required
+	// policyv2 format where usernames have @ at the end if they are not emails.
+	token = strings.TrimSuffix(token, "@")
+
 	for _, user := range users {
 		if user.ProviderIdentifier.Valid && user.ProviderIdentifier.String == token {
 			// Prioritize ProviderIdentifier match and exit early