Mirrors/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-01-23 02:24:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

hscontrol/state: allow expired auth keys for node re-registration

Browse source 
Skip auth key validation for existing nodes re-registering with the same
NodeKey. Pre-auth keys are only required for initial authentication.

NodeKey rotation still requires a valid auth key as it is a security-sensitive
operation that changes the node's cryptographic identity.

Fixes #2830
This commit is contained in:
Kristoffer Dalby 2025-11-03 15:29:39 +01:00 committed by Kristoffer Dalby
parent abed534628
commit 4728a2ba9e
5 changed files with 369 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

2
integration/auth_key_test.go
View file

@ -223,6 +223,7 @@ func TestAuthKeyLogoutAndReloginNewUser(t *testing.T) {
scenario, err := NewScenario(spec)
require.NoError(t, err)
defer scenario.ShutdownAssertNoPanics(t)
err = scenario.CreateHeadscaleEnv([]tsic.Option{},
@ -454,3 +455,4 @@ func TestAuthKeyLogoutAndReloginSameUserExpiredKey(t *testing.T) {
})
}
}