starred/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-04-23 09:08:44 +02:00
Code Issues 98 Packages Projects Releases 10 Wiki Activity

integration: add SSH check mode tests

Browse Source 
Add ReadLog method to headscale integration container for log
inspection. Split SSH check mode tests into CLI and OIDC variants
and add comprehensive test coverage:

- TestSSHOneUserToOneCheckModeCLI: basic check mode with CLI approval
- TestSSHOneUserToOneCheckModeOIDC: check mode with OIDC approval
- TestSSHCheckModeUnapprovedTimeout: rejection on cache expiry
- TestSSHCheckModeCheckPeriodCLI: session expiry and re-auth
- TestSSHCheckModeAutoApprove: auto-approval within check period
- TestSSHCheckModeNegativeCLI: explicit rejection via CLI

Update existing integration tests to use headscale auth register.

Updates #1850
This commit is contained in:
Kristoffer Dalby
2026-02-24 18:56:50 +00:00
parent 7bab8da366
commit 3db0a483ed
8 changed files with 674 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
hscontrol/auth_test.go
View File

@@ -2948,7 +2948,7 @@ func TestPreAuthKeyLogoutAndReloginDifferentUser(t *testing.T) {
// Scenario:
// 1. Node registers with user1 via pre-auth key
// 2. Node logs out (expires)
// 3. Admin runs: headscale nodes register --user user2 --key <key>
// 3. Admin runs: headscale auth register --auth-id <id> --user user2
//
// Expected behavior:
// - User1's original node should STILL EXIST (expired)
@@ -3027,7 +3027,7 @@ func TestWebFlowReauthDifferentUser(t *testing.T) {
require.NotEmpty(t, regID, "Should have valid registration ID")
// Step 4: Admin completes authentication via CLI
// This simulates: headscale nodes register --user user2 --key <key>
// This simulates: headscale auth register --auth-id <id> --user user2
node, _, err := app.state.HandleNodeFromAuthPath(
regID,
types.UserID(user2.ID), // Register to user2, not user1!
@@ -3942,7 +3942,7 @@ func TestTaggedNodeWithoutUserToDifferentUser(t *testing.T) {
require.NotNil(t, alice, "Alice user should be created")
// Step 4: Re-register the node to alice via HandleNodeFromAuthPath
// This is what happens when running: headscale nodes register --user alice --key ...
// This is what happens when running: headscale auth register --auth-id <id> --user alice
nodeKey2 := key.NewNode()
registrationID := types.MustAuthID()
regEntry := types.NewRegisterAuthRequest(types.Node{