summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorSonia Appasamy <sonia@tailscale.com>2023-12-13 11:44:06 -0500
committerSonia Appasamy <appasamysm@gmail.com>2023-12-13 12:22:06 -0500
commit4fb679d9cd3d7fd18321e4dfd3d347e42830ed11 (patch)
tree40e9e5e4434fa74e6f00493cd05a22c248b4047e
parent869b34ddeb4175df2b08cdc3d6cd9a350ec81059 (diff)
downloadtailscale-4fb679d9cd3d7fd18321e4dfd3d347e42830ed11.tar.xz
tailscale-4fb679d9cd3d7fd18321e4dfd3d347e42830ed11.zip
client/web: fix redirect logic when accessing login client over TS IP
Was previously failing to redirect to the manage client when accessing the login client with the Tailscale IP. Updates #10261 Fixes tailscale/corp#16348 Co-authored-by: Will Norris <will@tailscale.com> Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
-rw-r--r--client/web/src/components/login-toggle.tsx4
-rw-r--r--client/web/src/hooks/auth.ts1
-rw-r--r--client/web/web.go2
-rw-r--r--client/web/web_test.go6
4 files changed, 8 insertions, 5 deletions
diff --git a/client/web/src/components/login-toggle.tsx b/client/web/src/components/login-toggle.tsx
index 850a2d8e2..79bc9efed 100644
--- a/client/web/src/components/login-toggle.tsx
+++ b/client/web/src/components/login-toggle.tsx
@@ -125,7 +125,7 @@ function LoginPopoverContent({
useEffect(() => checkTSConnection(), [])
const handleSignInClick = useCallback(() => {
- if (auth.viewerIdentity) {
+ if (auth.viewerIdentity && auth.serverMode === "manage") {
if (window.self !== window.top) {
// if we're inside an iframe, start session in new window
let url = new URL(window.location.href)
@@ -145,7 +145,7 @@ function LoginPopoverContent({
window.location.href = manageURL
}
}
- }, [node.IPv4, auth.viewerIdentity, newSession])
+ }, [auth.viewerIdentity, auth.serverMode, newSession, node.IPv4])
return (
<div onMouseEnter={!canConnectOverTS ? checkTSConnection : undefined}>
diff --git a/client/web/src/hooks/auth.ts b/client/web/src/hooks/auth.ts
index 6cc0e6f62..f3d2ea5f4 100644
--- a/client/web/src/hooks/auth.ts
+++ b/client/web/src/hooks/auth.ts
@@ -12,6 +12,7 @@ export enum AuthType {
export type AuthResponse = {
authNeeded?: AuthType
canManageNode: boolean
+ serverMode: "login" | "manage"
viewerIdentity?: {
loginName: string
nodeName: string
diff --git a/client/web/web.go b/client/web/web.go
index 1cd05a7b7..1fee3c62d 100644
--- a/client/web/web.go
+++ b/client/web/web.go
@@ -396,6 +396,7 @@ type authResponse struct {
AuthNeeded authType `json:"authNeeded,omitempty"` // filled when user needs to complete a specific type of auth
CanManageNode bool `json:"canManageNode"`
ViewerIdentity *viewerIdentity `json:"viewerIdentity,omitempty"`
+ ServerMode ServerMode `json:"serverMode"`
}
// viewerIdentity is the Tailscale identity of the source node
@@ -411,6 +412,7 @@ type viewerIdentity struct {
// and returns an authResponse indicating the current auth state and any steps the user needs to take.
func (s *Server) serveAPIAuth(w http.ResponseWriter, r *http.Request) {
var resp authResponse
+ resp.ServerMode = s.mode
session, whois, status, sErr := s.getSession(r)
if whois != nil {
diff --git a/client/web/web_test.go b/client/web/web_test.go
index a55dfdfd1..bbf764bc7 100644
--- a/client/web/web_test.go
+++ b/client/web/web_test.go
@@ -523,7 +523,7 @@ func TestServeAuth(t *testing.T) {
name: "no-session",
path: "/api/auth",
wantStatus: http.StatusOK,
- wantResp: &authResponse{AuthNeeded: tailscaleAuth, ViewerIdentity: vi},
+ wantResp: &authResponse{AuthNeeded: tailscaleAuth, ViewerIdentity: vi, ServerMode: ManageServerMode},
wantNewCookie: false,
wantSession: nil,
},
@@ -548,7 +548,7 @@ func TestServeAuth(t *testing.T) {
path: "/api/auth",
cookie: successCookie,
wantStatus: http.StatusOK,
- wantResp: &authResponse{AuthNeeded: tailscaleAuth, ViewerIdentity: vi},
+ wantResp: &authResponse{AuthNeeded: tailscaleAuth, ViewerIdentity: vi, ServerMode: ManageServerMode},
wantSession: &browserSession{
ID: successCookie,
SrcNode: remoteNode.Node.ID,
@@ -596,7 +596,7 @@ func TestServeAuth(t *testing.T) {
path: "/api/auth",
cookie: successCookie,
wantStatus: http.StatusOK,
- wantResp: &authResponse{CanManageNode: true, ViewerIdentity: vi},
+ wantResp: &authResponse{CanManageNode: true, ViewerIdentity: vi, ServerMode: ManageServerMode},
wantSession: &browserSession{
ID: successCookie,
SrcNode: remoteNode.Node.ID,