mirror of
https://github.com/juanfont/headscale.git
synced 2025-10-31 08:01:34 +01:00
45752db0f6
* add dedicated http error to propagate to user Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * classify user errors in http handlers Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * move validation of pre auth key out of db This move separates the logic a bit and allow us to write specific errors for the caller, in this case the web layer so we can present the user with the correct error codes without bleeding web stuff into a generic validate. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * update changelog Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
131 lines
2.6 KiB
Go
131 lines
2.6 KiB
Go
package hscontrol
|
|
|
|
import (
|
|
"net/http"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/google/go-cmp/cmp"
|
|
"github.com/juanfont/headscale/hscontrol/types"
|
|
)
|
|
|
|
func TestCanUsePreAuthKey(t *testing.T) {
|
|
now := time.Now()
|
|
past := now.Add(-time.Hour)
|
|
future := now.Add(time.Hour)
|
|
|
|
tests := []struct {
|
|
name string
|
|
pak *types.PreAuthKey
|
|
wantErr bool
|
|
err HTTPError
|
|
}{
|
|
{
|
|
name: "valid reusable key",
|
|
pak: &types.PreAuthKey{
|
|
Reusable: true,
|
|
Used: false,
|
|
Expiration: &future,
|
|
},
|
|
wantErr: false,
|
|
},
|
|
{
|
|
name: "valid non-reusable key",
|
|
pak: &types.PreAuthKey{
|
|
Reusable: false,
|
|
Used: false,
|
|
Expiration: &future,
|
|
},
|
|
wantErr: false,
|
|
},
|
|
{
|
|
name: "expired key",
|
|
pak: &types.PreAuthKey{
|
|
Reusable: false,
|
|
Used: false,
|
|
Expiration: &past,
|
|
},
|
|
wantErr: true,
|
|
err: NewHTTPError(http.StatusUnauthorized, "authkey expired", nil),
|
|
},
|
|
{
|
|
name: "used non-reusable key",
|
|
pak: &types.PreAuthKey{
|
|
Reusable: false,
|
|
Used: true,
|
|
Expiration: &future,
|
|
},
|
|
wantErr: true,
|
|
err: NewHTTPError(http.StatusUnauthorized, "authkey already used", nil),
|
|
},
|
|
{
|
|
name: "used reusable key",
|
|
pak: &types.PreAuthKey{
|
|
Reusable: true,
|
|
Used: true,
|
|
Expiration: &future,
|
|
},
|
|
wantErr: false,
|
|
},
|
|
{
|
|
name: "no expiration date",
|
|
pak: &types.PreAuthKey{
|
|
Reusable: false,
|
|
Used: false,
|
|
Expiration: nil,
|
|
},
|
|
wantErr: false,
|
|
},
|
|
{
|
|
name: "nil preauth key",
|
|
pak: nil,
|
|
wantErr: true,
|
|
err: NewHTTPError(http.StatusUnauthorized, "invalid authkey", nil),
|
|
},
|
|
{
|
|
name: "expired and used key",
|
|
pak: &types.PreAuthKey{
|
|
Reusable: false,
|
|
Used: true,
|
|
Expiration: &past,
|
|
},
|
|
wantErr: true,
|
|
err: NewHTTPError(http.StatusUnauthorized, "authkey expired", nil),
|
|
},
|
|
{
|
|
name: "no expiration and used key",
|
|
pak: &types.PreAuthKey{
|
|
Reusable: false,
|
|
Used: true,
|
|
Expiration: nil,
|
|
},
|
|
wantErr: true,
|
|
err: NewHTTPError(http.StatusUnauthorized, "authkey already used", nil),
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
err := canUsePreAuthKey(tt.pak)
|
|
if tt.wantErr {
|
|
if err == nil {
|
|
t.Errorf("expected error but got none")
|
|
} else {
|
|
httpErr, ok := err.(HTTPError)
|
|
if !ok {
|
|
t.Errorf("expected HTTPError but got %T", err)
|
|
} else {
|
|
if diff := cmp.Diff(tt.err, httpErr); diff != "" {
|
|
t.Errorf("unexpected error (-want +got):\n%s", diff)
|
|
}
|
|
}
|
|
}
|
|
} else {
|
|
if err != nil {
|
|
t.Errorf("expected no error but got %v", err)
|
|
}
|
|
}
|
|
})
|
|
}
|
|
}
|