fix: correct registration and cli authentication flows

2026-04-05 12:32:58 +01:00 · 2022-09-07 10:25:40 +02:00
parent 550febc5ba
commit c193a4bf71
1 changed files with 42 additions and 29 deletions
@@ -134,45 +134,58 @@ func (h *AuthenticationHandlers) Callback(c echo.Context) error {
 		return err
 	}

-	isSystemAdmin, err := h.isSystemAdmin(ctx, user)
-	if err != nil {
-		return err
-	}
-
 	tailnets, err := h.listAvailableTailnets(ctx, user)
 	if err != nil {
 		return err
 	}

-	if !isSystemAdmin && len(tailnets) == 0 {
-		if state.Flow == "r" {
-			req, err := h.repository.GetRegistrationRequestByKey(ctx, state.Key)
-			if err == nil && req != nil {
-				req.Error = "unauthorized"
-				_ = h.repository.SaveRegistrationRequest(ctx, req)
-			}
-		} else {
-			req, err := h.repository.GetAuthenticationRequest(ctx, state.Key)
-			if err == nil && req != nil {
-				req.Error = "unauthorized"
-				_ = h.repository.SaveAuthenticationRequest(ctx, req)
-			}
-		}
-		return c.Redirect(http.StatusFound, "/a/error?e=ua")
-	}
-
 	account, _, err := h.repository.GetOrCreateAccount(ctx, user.ID, user.Name)
 	if err != nil {
 		return err
 	}

 	csrf := c.Get(middleware.DefaultCSRFConfig.ContextKey).(string)
-	return c.Render(http.StatusOK, "tailnets.html", &TailnetSelectionData{
-		Csrf:        csrf,
-		Tailnets:    tailnets,
-		SystemAdmin: isSystemAdmin,
-		AccountID:   account.ID,
-	})
+
+	if state.Flow == "r" {
+		if len(tailnets) == 0 {
+			registrationRequest, err := h.repository.GetRegistrationRequestByKey(ctx, state.Key)
+			if err == nil && registrationRequest != nil {
+				registrationRequest.Error = "unauthorized"
+				_ = h.repository.SaveRegistrationRequest(ctx, registrationRequest)
+			}
+			return c.Redirect(http.StatusFound, "/a/error?e=ua")
+		}
+		return c.Render(http.StatusOK, "tailnets.html", &TailnetSelectionData{
+			Csrf:        csrf,
+			Tailnets:    tailnets,
+			SystemAdmin: false,
+			AccountID:   account.ID,
+		})
+	}
+
+	if state.Flow == "c" {
+		isSystemAdmin, err := h.isSystemAdmin(ctx, user)
+		if err != nil {
+			return err
+		}
+
+		if !isSystemAdmin && len(tailnets) == 0 {
+			req, err := h.repository.GetAuthenticationRequest(ctx, state.Key)
+			if err == nil && req != nil {
+				req.Error = "unauthorized"
+				_ = h.repository.SaveAuthenticationRequest(ctx, req)
+			}
+			return c.Redirect(http.StatusFound, "/a/error?e=ua")
+		}
+		return c.Render(http.StatusOK, "tailnets.html", &TailnetSelectionData{
+			Csrf:        csrf,
+			Tailnets:    tailnets,
+			SystemAdmin: isSystemAdmin,
+			AccountID:   account.ID,
+		})
+	}
+
+	return c.Redirect(http.StatusFound, "/a/error")
 }

 func (h *AuthenticationHandlers) isSystemAdmin(ctx context.Context, u *provider.User) (bool, error) {
@@ -359,7 +372,7 @@ func (h *AuthenticationHandlers) endMachineRegistrationFlow(c echo.Context, regi
 			return c.Redirect(http.StatusFound, "/a/error")
 		}

-		selectedUser, _, err := h.repository.GetOrCreateUserWithAccount(ctx, tailnet, account)
+		selectedUser, _, err := h.repository.GetOrCreateUserWithAccount(ctx, selectedTailnet, account)
 		if err != nil {
 			return err
 		}