fix double login URL with OIDC (#2445)

* factor out login url parser Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * move to not trigger test gen checker Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * return regresp or err after waiting for registration Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * update changelog Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2025-02-25 09:16:07 -08:00 · 2025-02-25 09:16:07 -08:00 · 16868190c8
commit 16868190c8
parent da2ca054b1
8 changed files with 151 additions and 26 deletions
--- a/hscontrol/util/util.go
+++ b/hscontrol/util/util.go
@ -1,6 +1,13 @@
 package util

-import "tailscale.com/util/cmpver"
+import (
+	"errors"
+	"fmt"
+	"net/url"
+	"strings"
+
+	"tailscale.com/util/cmpver"
+)

 func TailscaleVersionNewerOrEqual(minimum, toCheck string) bool {
 	if cmpver.Compare(minimum, toCheck) <= 0 ||
@ -11,3 +18,31 @@ func TailscaleVersionNewerOrEqual(minimum, toCheck string) bool {

 	return false
 }
+
+// ParseLoginURLFromCLILogin parses the output of the tailscale up command to extract the login URL.
+// It returns an error if not exactly one URL is found.
+func ParseLoginURLFromCLILogin(output string) (*url.URL, error) {
+	lines := strings.Split(output, "\n")
+	var urlStr string
+
+	for _, line := range lines {
+		line = strings.TrimSpace(line)
+		if strings.HasPrefix(line, "http://") || strings.HasPrefix(line, "https://") {
+			if urlStr != "" {
+				return nil, fmt.Errorf("multiple URLs found: %s and %s", urlStr, line)
+			}
+			urlStr = line
+		}
+	}
+
+	if urlStr == "" {
+		return nil, errors.New("no URL found")
+	}
+
+	loginURL, err := url.Parse(urlStr)
+	if err != nil {
+		return nil, fmt.Errorf("failed to parse URL: %w", err)
+	}
+
+	return loginURL, nil
+}
--- a/hscontrol/util/util_test.go
+++ b/hscontrol/util/util_test.go
@ -93,3 +93,88 @@ func TestTailscaleVersionNewerOrEqual(t *testing.T) {
 		})
 	}
 }
+
+func TestParseLoginURLFromCLILogin(t *testing.T) {
+	tests := []struct {
+		name    string
+		output  string
+		wantURL string
+		wantErr string
+	}{
+		{
+			name: "valid https URL",
+			output: `
+To authenticate, visit:
+
+        https://headscale.example.com/register/3oYCOZYA2zZmGB4PQ7aHBaMi
+
+Success.`,
+			wantURL: "https://headscale.example.com/register/3oYCOZYA2zZmGB4PQ7aHBaMi",
+			wantErr: "",
+		},
+		{
+			name: "valid http URL",
+			output: `
+To authenticate, visit:
+
+        http://headscale.example.com/register/3oYCOZYA2zZmGB4PQ7aHBaMi
+
+Success.`,
+			wantURL: "http://headscale.example.com/register/3oYCOZYA2zZmGB4PQ7aHBaMi",
+			wantErr: "",
+		},
+		{
+			name: "no URL",
+			output: `
+To authenticate, visit:
+
+Success.`,
+			wantURL: "",
+			wantErr: "no URL found",
+		},
+		{
+			name: "multiple URLs",
+			output: `
+To authenticate, visit:
+
+        https://headscale.example.com/register/3oYCOZYA2zZmGB4PQ7aHBaMi
+
+To authenticate, visit:
+
+        http://headscale.example.com/register/dv1l2k5FackOYl-7-V3mSd_E
+
+Success.`,
+			wantURL: "",
+			wantErr: "multiple URLs found: https://headscale.example.com/register/3oYCOZYA2zZmGB4PQ7aHBaMi and http://headscale.example.com/register/dv1l2k5FackOYl-7-V3mSd_E",
+		},
+		{
+			name: "invalid URL",
+			output: `
+To authenticate, visit:
+
+        invalid-url
+
+Success.`,
+			wantURL: "",
+			wantErr: "no URL found",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			gotURL, err := ParseLoginURLFromCLILogin(tt.output)
+			if tt.wantErr != "" {
+				if err == nil || err.Error() != tt.wantErr {
+					t.Errorf("ParseLoginURLFromCLILogin() error = %v, wantErr %v", err, tt.wantErr)
+				}
+			} else {
+				if err != nil {
+					t.Errorf("ParseLoginURLFromCLILogin() error = %v, wantErr %v", err, tt.wantErr)
+				}
+				if gotURL.String() != tt.wantURL {
+					t.Errorf("ParseLoginURLFromCLILogin() = %v, want %v", gotURL, tt.wantURL)
+				}
+			}
+		})
+	}
+}