juanfont/headscale v0.25.0-beta.1

on GitHub

Help beta testing:

We would like to encourage users, and especially companies/organisations using headscale to join testing of every release.
Headscale is open source and it is maintained by a small group of volunteers. We need your help to ensure that the software is stable and secure.
The previous release had some issues that was only found after release, we would like to avoid that in the future. This could have been avoided if
companies and organisations had helped tested the release before it was released.

This release improves and fixes some long standing bugs in the authentication flow, we need help testing this release to ensure new bugs are not introduced.
The interesting things would be to test the following:

• Logging in and out with the same user (with all auth methods)
• Changing user with the same node

BREAKING

• Authentication flow has been rewritten
  #2374 This change should be
  transparent to users with the exception of some buxfixes that has been
  discovered and was fixed as part of the rewrite.
  • When a node is registered with a new user, it will be registered as a new
    node (#2327 and
    #1310).
  • A logged out node logging in with the same user will replace the existing
    node.
• Remove support for Tailscale clients older than 1.62 (Capability version 87)
  #2405

Changes

• oidc.map_legacy_users is now false by default
  #2350
• Print Tailscale version instead of capability versions for outdated nodes
  #2391
• Do not allow renaming of users from OIDC
  #2393
• Change minimum hostname length to 2
  #2393
• Pre auth keys belonging to a user are no longer deleted with the user
  #2396
• Pre auth keys that are used by a node can no longer be deleted
  #2396
• Rehaul HTTP errors, return better status code and errors to users
  #2398

Changelog

• 8c09afe Headscale implements a single tailnet
• f12cb2e Headscale now updates the user profile
• 8076c94 Release docs 0.24 (#2349)
• f44b1d3 Remove routes without a node_id (#2386)
• 45752db Return better web errors to the user (#2398)
• d57a55c Rewrite authentication flow (#2374)
• 8b92c01 add 1.80 to capver and update deps (#2394)
• cd3b8e6 clean up handler methods, common logging (#2384)
• 2c279e0 create and rename usernames validated by new func (#2381)
• 9bd1438 do not allow preauth keys to be deleted if assigned to node (#2396)
• 9ae3570 drop versions older than 1.62 (#2405)
• d1dbe4e fix panic if derp update is 0 (#2368)
• 9e3f945 fix postgres migration issue with 0.24 (#2367)
• aa76980 flake.lock: Update (#2353)
• 97e5d95 flake.lock: Update (#2378)
• 9a7890d flake.lock: Update (#2402)
• e172c29 initial capver packet tracking version (#2391)
• 615ee5d make it harder to insert invalid routes (#2371)
• 1c7f3bc no edit of oidc users, minimum hostname length (#2393)
• c1f42cd relax user validation to allow emails, add tests from various oidc providers (#2364)
• 5b986ed set oidc.map_legacy_users false (#2350)
• 7ba6ad3 simplify findUserByToken in ACL, add missing testcases (#2388)
• 4c8e847 use dedicated registration ID for auth flow (#2337)