starred/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-01-11 20:00:28 +01:00
Code Issues 98 Packages Projects Releases 10 Wiki Activity

[PR #2859] [MERGED] state: allow expired auth keys for node re-registration #2902

New Issue
Closed
opened 2025-12-29 04:19:35 +01:00 by adam · 0 comments
adam commented 2025-12-29 04:19:35 +01:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/juanfont/headscale/pull/2859
Author: @kradalby
Created: 11/3/2025
Status: Merged
Merged: 11/11/2025
Merged by: @kradalby

Base: mainHead: kradalby/2830-unsolicited-logout

📝 Commits (1)

  • a78d4d1 hscontrol/state: allow expired auth keys for node re-registration

📊 Changes

5 files changed (+369 additions, -6 deletions)

View changed files

📝 hscontrol/auth_test.go (+293 -0)
📝 hscontrol/state/state.go (+40 -6)
📝 integration/auth_key_test.go (+2 -0)
📝 integration/tailscale.go (+1 -0)
📝 integration/tsic/tsic.go (+33 -0)

📄 Description

Skip auth key validation for existing nodes re-registering with the same
NodeKey. Pre-auth keys are only required for initial authentication.

NodeKey rotation still requires a valid auth key as it is a security-sensitive
operation that changes the node's cryptographic identity.

Fixes #2830

claude was used in this PR.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/juanfont/headscale/pull/2859 **Author:** [@kradalby](https://github.com/kradalby) **Created:** 11/3/2025 **Status:** ✅ Merged **Merged:** 11/11/2025 **Merged by:** [@kradalby](https://github.com/kradalby) **Base:** `main` ← **Head:** `kradalby/2830-unsolicited-logout` --- ### 📝 Commits (1) - [`a78d4d1`](https://github.com/juanfont/headscale/commit/a78d4d154de48bff86cbaef2e6114cabd2f32ba9) hscontrol/state: allow expired auth keys for node re-registration ### 📊 Changes **5 files changed** (+369 additions, -6 deletions) <details> <summary>View changed files</summary> 📝 `hscontrol/auth_test.go` (+293 -0) 📝 `hscontrol/state/state.go` (+40 -6) 📝 `integration/auth_key_test.go` (+2 -0) 📝 `integration/tailscale.go` (+1 -0) 📝 `integration/tsic/tsic.go` (+33 -0) </details> ### 📄 Description Skip auth key validation for existing nodes re-registering with the same NodeKey. Pre-auth keys are only required for initial authentication. NodeKey rotation still requires a valid auth key as it is a security-sensitive operation that changes the node's cryptographic identity. Fixes #2830 claude was used in this PR. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
adam added the pull-request label 2025-12-29 04:19:35 +01:00
adam closed this issue 2025-12-29 04:19:35 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
CLI
DERP
DNS
Nix
OIDC
SSH
bug
database
documentation
duplicate
enhancement
faq
good first issue
grants
help wanted
might-come
needs design doc
needs investigation
no-stale-bot
out of scope
performance
policy 📝
pull-request
Mirrored from GitHub Pull Request
 question
regression
routes
stale
tags
tailscale-feature-gap
well described ❤️
wontfix
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/headscale#2902
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?