diff options
| author | Andrea Gottardo <andrea@tailscale.com> | 2024-02-08 13:04:01 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-02-08 13:04:01 -0800 |
| commit | 6c79f55d4890326edd468589919c1ed74caf4623 (patch) | |
| tree | 53584c93274443ca4e6864d43b0549ec090d25da /control/controlknobs/controlknobs_test.go | |
| parent | 1217f655c0dac6ebd17c70a52b8f4b6366079c23 (diff) | |
| download | tailscale-6c79f55d4890326edd468589919c1ed74caf4623.tar.xz tailscale-6c79f55d4890326edd468589919c1ed74caf4623.zip | |
ipnlocal: force-regen new authURL when it is too old (#10971)
Fixes tailscale/support-escalations#23.
authURLs returned by control expire after 1 hour from creation. Customer reported that the Tailscale client on macOS would sending users to a stale authentication page when clicking on the `Login...` menu item. This can happen when clicking on Login after leaving the device unattended for several days. The device key expires, leading to the creation of a new authURL, however the client doesn't keep track of when the authURL was created. Meaning that `login-interactive` would send the user to an authURL that had expired server-side a long time before.
This PR ensures that whenever `login-interactive` is called via LocalAPI, an authURL that is too old won't be used. We force control to give us a new authURL whenever it's been more than 30 minutes since the last authURL was sent down from control.
Apply suggestions from code review
Set interval to 6 days and 23 hours
Signed-off-by: Andrea Gottardo <andrea@tailscale.com>
Signed-off-by: Andrea Gottardo <andrea@gottardo.me>
Diffstat (limited to 'control/controlknobs/controlknobs_test.go')
0 files changed, 0 insertions, 0 deletions