Disable peer expiration of peers added with setup keys (#758)

netbirdio · Mar 23, 2023 · e6292e3 · e6292e3
1 parent 628b497
commit e6292e3
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 3 deletions.
diff --git a/management/server/account.go b/management/server/account.go
@@ -358,11 +358,11 @@ func (a *Account) GetNextPeerExpiration() (time.Duration, bool) {
 	return *nextExpiry, true
 }
 
-// GetPeersWithExpiration returns a list of peers that have Peer.LoginExpirationEnabled set to true
+// GetPeersWithExpiration returns a list of peers that have Peer.LoginExpirationEnabled set to true and that were added by a user
 func (a *Account) GetPeersWithExpiration() []*Peer {
 	peers := make([]*Peer, 0)
 	for _, peer := range a.Peers {
-		if peer.LoginExpirationEnabled {
+		if peer.LoginExpirationEnabled && peer.AddedWithSSOLogin() {
 			peers = append(peers, peer)
 		}
 	}

diff --git a/management/server/account_test.go b/management/server/account_test.go
@@ -1605,9 +1605,11 @@ func TestAccount_GetPeersWithExpiration(t *testing.T) {
 			peers: map[string]*Peer{
 				"peer-1": {
 					LoginExpirationEnabled: false,
+					UserID:                 userID,
 				},
 				"peer-2": {
 					LoginExpirationEnabled: false,
+					UserID:                 userID,
 				},
 			},
 			expectedPeers: map[string]struct{}{},
@@ -1618,9 +1620,11 @@ func TestAccount_GetPeersWithExpiration(t *testing.T) {
 				"peer-1": {
 					ID:                     "peer-1",
 					LoginExpirationEnabled: true,
+					UserID:                 userID,
 				},
 				"peer-2": {
 					LoginExpirationEnabled: false,
+					UserID:                 userID,
 				},
 			},
 			expectedPeers: map[string]struct{}{
@@ -1680,12 +1684,14 @@ func TestAccount_GetNextPeerExpiration(t *testing.T) {
 						Connected: false,
 					},
 					LoginExpirationEnabled: true,
+					UserID:                 userID,
 				},
 				"peer-2": {
 					Status: &PeerStatus{
 						Connected: true,
 					},
 					LoginExpirationEnabled: false,
+					UserID:                 userID,
 				},
 			},
 			expiration:             time.Second,
@@ -1701,12 +1707,14 @@ func TestAccount_GetNextPeerExpiration(t *testing.T) {
 						Connected: true,
 					},
 					LoginExpirationEnabled: false,
+					UserID:                 userID,
 				},
 				"peer-2": {
 					Status: &PeerStatus{
 						Connected: true,
 					},
 					LoginExpirationEnabled: false,
+					UserID:                 userID,
 				},
 			},
 			expiration:             time.Second,
@@ -1723,13 +1731,15 @@ func TestAccount_GetNextPeerExpiration(t *testing.T) {
 						LoginExpired: true,
 					},
 					LoginExpirationEnabled: true,
+					UserID:                 userID,
 				},
 				"peer-2": {
 					Status: &PeerStatus{
 						Connected:    true,
 						LoginExpired: true,
 					},
 					LoginExpirationEnabled: true,
+					UserID:                 userID,
 				},
 			},
 			expiration:             time.Second,
@@ -1747,20 +1757,47 @@ func TestAccount_GetNextPeerExpiration(t *testing.T) {
 					},
 					LoginExpirationEnabled: true,
 					LastLogin:              time.Now(),
+					UserID:                 userID,
 				},
 				"peer-2": {
 					Status: &PeerStatus{
 						Connected:    true,
 						LoginExpired: true,
 					},
 					LoginExpirationEnabled: true,
+					UserID:                 userID,
 				},
 			},
 			expiration:             time.Minute,
 			expirationEnabled:      false,
 			expectedNextRun:        true,
 			expectedNextExpiration: expectedNextExpiration,
 		},
+		{
+			name: "Peers added with setup keys, no expiration",
+			peers: map[string]*Peer{
+				"peer-1": {
+					Status: &PeerStatus{
+						Connected:    true,
+						LoginExpired: false,
+					},
+					LoginExpirationEnabled: true,
+					SetupKey:               "key",
+				},
+				"peer-2": {
+					Status: &PeerStatus{
+						Connected:    true,
+						LoginExpired: false,
+					},
+					LoginExpirationEnabled: true,
+					SetupKey:               "key",
+				},
+			},
+			expiration:             time.Second,
+			expirationEnabled:      false,
+			expectedNextRun:        false,
+			expectedNextExpiration: time.Duration(0),
+		},
 	}
 	for _, testCase := range testCases {
 		t.Run(testCase.name, func(t *testing.T) {

diff --git a/management/server/peer.go b/management/server/peer.go
@@ -528,7 +528,7 @@ func (am *DefaultAccountManager) AddPeer(setupKey, userID string, peer *Peer) (*
 		SSHEnabled:             false,
 		SSHKey:                 peer.SSHKey,
 		LastLogin:              time.Now(),
-		LoginExpirationEnabled: true,
+		LoginExpirationEnabled: addedByUser,
 	}
 
 	// add peer to 'All' group