Add temporary check for mismatch proxy/auth version (#3462)

* Add temp. check for mismatch proxy/auth version * Follow standard for making code temporary * Rename confusing variable names * Add rolling version and modify message
2024-10-21 17:53:28 +00:00 · 2020-03-27 08:53:04 -07:00 · 2020-03-27 08:53:04 -07:00 · ed72863ccb
parent 4aa06fdfe7
commit ed72863ccb
2 changed files with 31 additions and 0 deletions
--- a/lib/web/apiserver.go
+++ b/lib/web/apiserver.go
@ -20,6 +20,7 @@ package web

 import (
 	"compress/gzip"
+	"context"
 	"crypto/subtle"
 	"encoding/base64"
 	"encoding/json"
@ -282,6 +283,30 @@ func NewHandler(cfg Config, opts ...HandlerOption) (*RewritingHandler, error) {
 			return
 		}

+		// check proxy and auth node versions (breaking change from v5).
+		// If there is a mismatch with the current proxy client, redirect users to an error page to update proxy.
+		//
+		// DELETE IN 5.0: this block only serves to notify users of v4.3+ to upgrade to v5.0.0
+		if strings.HasPrefix(r.URL.Path, "/web/newuser") {
+			res, err := h.auth.Ping(context.TODO())
+			if err != nil {
+				log.WithError(err).Debugf("Could not ping auth server")
+			} else {
+				isProxyV4x := strings.Index(teleport.Version, "4.") == 0
+				isAuthV5x := strings.Index(res.GetServerVersion(), "5.") == 0
+
+				if isAuthV5x && isProxyV4x {
+					message := fmt.Sprintf("Your Teleport proxy and auth service versions are incompatible. Please upgrade your Teleport proxy service to version %v", res.GetServerVersion())
+					pathToError := url.URL{
+						Path:     "/web/msg/error",
+						RawQuery: url.Values{"details": []string{message}}.Encode(),
+					}
+					http.Redirect(w, r, pathToError.String(), http.StatusFound)
+					return
+				}
+			}
+		}
+
 		// serve Web UI:
 		if strings.HasPrefix(r.URL.Path, "/web/app") {
 			httplib.SetStaticFileHeaders(w.Header())
--- a/lib/web/sessions.go
+++ b/lib/web/sessions.go
@ -31,6 +31,7 @@ import (

 	"github.com/gravitational/teleport"
 	"github.com/gravitational/teleport/lib/auth"
+	"github.com/gravitational/teleport/lib/auth/proto"
 	"github.com/gravitational/teleport/lib/client"
 	"github.com/gravitational/teleport/lib/reversetunnel"
 	"github.com/gravitational/teleport/lib/services"
@ -473,6 +474,11 @@ func (s *sessionCache) GetUserInviteInfo(token string) (user string, otpQRCode [
 	return s.proxyClient.GetSignupTokenData(token)
 }

+// Ping gets basic info about the auth server.
+func (s *sessionCache) Ping(ctx context.Context) (proto.PingResponse, error) {
+	return s.proxyClient.Ping(ctx)
+}
+
 func (s *sessionCache) GetUserInviteU2FRegisterRequest(token string) (*u2f.RegisterRequest, error) {
 	return s.proxyClient.GetSignupU2FRegisterRequest(token)
 }