search

cevoaustralia / aws-google-auth

Provides AWS STS credentials based on Google Apps SAML SSO auth (what a jumble!)
MIT License
537 stars 181 forks source link

Failed to get password chalenge #248

Closed jorge-rabello closed 2 years ago

jorge-rabello commented 2 years ago

Environment:

I tried to use another python versions and another aws-google-auth version like 0.0.36 but without success.

ERROR:root:'NoneType' object has no attribute 'get'
Traceback (most recent call last):
  File "/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/site-packages/aws_google_auth/__init__.py", line 79, in cli
    process_auth(args, config)
  File "/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/site-packages/aws_google_auth/__init__.py", line 243, in process_auth
    google_client.do_login()
  File "/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/site-packages/aws_google_auth/google.py", line 256, in do_login
    passwd_challenge_url = 'https://accounts.google.com' + form.get('action')
AttributeError: 'NoneType' object has no attribute 'get'
oleg-pershin commented 2 years ago

+

razvanphp commented 2 years ago

We have the same problem with a new google account. Old accounts work as before (on the same machine/setup).

Running with -l debug we can see this:

DEBUG:urllib3.connectionpool:https://accounts.google.com:443 "POST /signin/v1/lookup HTTP/1.1" 302 242
DEBUG:urllib3.connectionpool:https://accounts.google.com:443 "GET /signin/rejected?rrk=88&hl=ro HTTP/1.1" 200 None
INFO:root:Handling new-style login page
ERROR:root:'NoneType' object has no attribute 'get'
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/site-packages/aws_google_auth-0.0.37-py3.8.egg/aws_google_auth/__init__.py", line 78, in cli
    process_auth(args, config)
  File "/usr/local/lib/python3.8/site-packages/aws_google_auth-0.0.37-py3.8.egg/aws_google_auth/__init__.py", line 242, in process_auth
    google_client.do_login()
  File "/usr/local/lib/python3.8/site-packages/aws_google_auth-0.0.37-py3.8.egg/aws_google_auth/google.py", line 233, in do_login
    passwd_challenge_url = 'https://accounts.google.com' + form.get('action')
AttributeError: 'NoneType' object has no attribute 'get'DEBUG:urllib3.connectionpool:https://accounts.google.com:443 "POST /signin/v1/lookup HTTP/1.1" 302 242
DEBUG:urllib3.connectionpool:https://accounts.google.com:443 "GET /signin/rejected?rrk=88&hl=ro HTTP/1.1" 200 None
INFO:root:Handling new-style login page
ERROR:root:'NoneType' object has no attribute 'get'
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/site-packages/aws_google_auth-0.0.37-py3.8.egg/aws_google_auth/__init__.py", line 78, in cli
    process_auth(args, config)
  File "/usr/local/lib/python3.8/site-packages/aws_google_auth-0.0.37-py3.8.egg/aws_google_auth/__init__.py", line 242, in process_auth
    google_client.do_login()
  File "/usr/local/lib/python3.8/site-packages/aws_google_auth-0.0.37-py3.8.egg/aws_google_auth/google.py", line 233, in do_login
    passwd_challenge_url = 'https://accounts.google.com' + form.get('action')
AttributeError: 'NoneType' object has no attribute 'get'

Basically this link says

The browser you’re using doesn’t support JavaScript, or has JavaScript turned off.

To keep your Google Account secure, try signing in on a browser that has JavaScript turned on. Learn more

If you continue to have problems signing in, please contact your administrator.

ezequielbarros commented 2 years ago

I fix this error as follows:

Added the parameter "--bg-response js_enabled"

$ aws-google-auth -u 'user' -I '' -S '' -R '' -d '' --bg-response js_enabled

After adding this parameter, proceed to the captcha but when filling it, the error continued to occur.

Debugging the page content with the error I noticed that by default aws-google-auth sends this parameter "bg_response" with value "js_disabled". The google auth flow must have changed to block browsers that don't support javascript. People who used it before seem to have no problem but new facilities are not working. My solution was to pass the value as "js_enabled" but as this parameter was not being passed in the payload of the request to captcha, the error continued to occur. The solution was to include the parameter in the payload of the request, which in my case and that of other co-workers fixed the problem.

I will submit a pull request for this fix.

This is the commit with that fix, you can test by adding these two lines of code locally to fix it temporarily until the fix is delivered.

Commit: https://github.com/ezequielsbarros/aws-google-auth/commit/d7d70010bac0494a5902e92a3bd7e124611cd6c1

alejobold commented 2 years ago

I have the same problem! any fix or idea?

nmehta001 commented 2 years ago

After entering the captcha that loads for me I get the following:

aws-google-auth -u <user> -I <id> -S <sid> -R eu-west-2 -p default -a --bg-response js_enabled -l debug
INFO:root:aws_google_auth: SAML cache not found
Google Password: 
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): accounts.google.com:443
DEBUG:urllib3.connectionpool:https://accounts.google.com:443 "GET /o/saml2/initsso?idpid=C00q79co4&spid=987953252410&forceauthn=false HTTP/1.1" 302 0
DEBUG:urllib3.connectionpool:https://accounts.google.com:443 "GET /ServiceLogin?passive=1209600&continue=https://accounts.google.com/o/saml2/initsso?idpid%3DC00q79co4%26spid%3D987953252410%26forceauthn%3Dfalse%26from_login%3D1%26as%3DN1gAbsXQeeQl1TNt2X6YHzQNd7_tbObRQIctoabJOTQ&followup=https://accounts.google.com/o/saml2/initsso?idpid%3DC00q79co4%26spid%3D987953252410%26forceauthn%3Dfalse%26from_login%3D1%26as%3DN1gAbsXQeeQl1TNt2X6YHzQNd7_tbObRQIctoabJOTQ&ltmpl=popup&oauth=1&faa=1&sarp=1&scc=1 HTTP/1.1" 200 None
DEBUG:urllib3.connectionpool:https://accounts.google.com:443 "POST /signin/v1/lookup HTTP/1.1" 200 None
DEBUG:urllib3.connectionpool:https://accounts.google.com:443 "POST /signin/v1/lookup HTTP/1.1" 200 None
Please visit the following URL to view your CAPTCHA: https://accounts.google.com/Captcha?v=2&ctoken=AAWk9lTygB7u9hkP-V2a-es0QizyZqh51yz2pPYFWBRc6JDl2phnpj9QPDbpdcholNIo7pf0AZne3XSNmUbl-HfyJ71ammUp3HAfIF8k_JhkARPg_J4i8lnn4ZpdCAARdTaQN8M-d6f7og_86L1CoxFiIdsSuucpEkuqerl64qmxZwDxRHtJpRY-MCm6kb4QlwJPleYaMsnV
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): accounts.google.com:443
DEBUG:urllib3.connectionpool:https://accounts.google.com:443 "GET /Captcha?v=2&ctoken=AAWk9lTygB7u9hkP-V2a-es0QizyZqh51yz2pPYFWBRc6JDl2phnpj9QPDbpdcholNIo7pf0AZne3XSNmUbl-HfyJ71ammUp3HAfIF8k_JhkARPg_J4i8lnn4ZpdCAARdTaQN8M-d6f7og_86L1CoxFiIdsSuucpEkuqerl64qmxZwDxRHtJpRY-MCm6kb4QlwJPleYaMsnV HTTP/1.1" 200 None
Captcha (case insensitive): ../src/intel/isl/isl.c:2212: FINISHME: ../src/intel/isl/isl.c:isl_surf_supports_ccs: CCS for 3D textures is disabled, but a workaround is available.
ulstralsaw
DEBUG:urllib3.connectionpool:https://accounts.google.com:443 "POST /signin/v1/lookup HTTP/1.1" 302 245
DEBUG:urllib3.connectionpool:https://accounts.google.com:443 "GET /signin/rejected?rrk=88&hl=en-GB HTTP/1.1" 200 None
ERROR:root:'NoneType' object has no attribute 'find_all'
Traceback (most recent call last):
  File "/home/nmehta/.local/lib/python3.10/site-packages/aws_google_auth/__init__.py", line 79, in cli
    process_auth(args, config)
  File "/home/nmehta/.local/lib/python3.10/site-packages/aws_google_auth/__init__.py", line 243, in process_auth
    google_client.do_login()
  File "/home/nmehta/.local/lib/python3.10/site-packages/aws_google_auth/google.py", line 291, in do_login
    sess = self.handle_captcha(sess, payload)
  File "/home/nmehta/.local/lib/python3.10/site-packages/aws_google_auth/google.py", line 432, in handle_captcha
    for tag in form.find_all('input'):
AttributeError: 'NoneType' object has no attribute 'find_all'
Renjie-d1g1t commented 2 years ago

After entering the captcha that loads for me I get the following:

aws-google-auth -u <user> -I <id> -S <sid> -R eu-west-2 -p default -a --bg-response js_enabled -l debug
INFO:root:aws_google_auth: SAML cache not found
Google Password: 
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): accounts.google.com:443
DEBUG:urllib3.connectionpool:https://accounts.google.com:443 "GET /o/saml2/initsso?idpid=C00q79co4&spid=987953252410&forceauthn=false HTTP/1.1" 302 0
DEBUG:urllib3.connectionpool:https://accounts.google.com:443 "GET /ServiceLogin?passive=1209600&continue=https://accounts.google.com/o/saml2/initsso?idpid%3DC00q79co4%26spid%3D987953252410%26forceauthn%3Dfalse%26from_login%3D1%26as%3DN1gAbsXQeeQl1TNt2X6YHzQNd7_tbObRQIctoabJOTQ&followup=https://accounts.google.com/o/saml2/initsso?idpid%3DC00q79co4%26spid%3D987953252410%26forceauthn%3Dfalse%26from_login%3D1%26as%3DN1gAbsXQeeQl1TNt2X6YHzQNd7_tbObRQIctoabJOTQ&ltmpl=popup&oauth=1&faa=1&sarp=1&scc=1 HTTP/1.1" 200 None
DEBUG:urllib3.connectionpool:https://accounts.google.com:443 "POST /signin/v1/lookup HTTP/1.1" 200 None
DEBUG:urllib3.connectionpool:https://accounts.google.com:443 "POST /signin/v1/lookup HTTP/1.1" 200 None
Please visit the following URL to view your CAPTCHA: https://accounts.google.com/Captcha?v=2&ctoken=AAWk9lTygB7u9hkP-V2a-es0QizyZqh51yz2pPYFWBRc6JDl2phnpj9QPDbpdcholNIo7pf0AZne3XSNmUbl-HfyJ71ammUp3HAfIF8k_JhkARPg_J4i8lnn4ZpdCAARdTaQN8M-d6f7og_86L1CoxFiIdsSuucpEkuqerl64qmxZwDxRHtJpRY-MCm6kb4QlwJPleYaMsnV
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): accounts.google.com:443
DEBUG:urllib3.connectionpool:https://accounts.google.com:443 "GET /Captcha?v=2&ctoken=AAWk9lTygB7u9hkP-V2a-es0QizyZqh51yz2pPYFWBRc6JDl2phnpj9QPDbpdcholNIo7pf0AZne3XSNmUbl-HfyJ71ammUp3HAfIF8k_JhkARPg_J4i8lnn4ZpdCAARdTaQN8M-d6f7og_86L1CoxFiIdsSuucpEkuqerl64qmxZwDxRHtJpRY-MCm6kb4QlwJPleYaMsnV HTTP/1.1" 200 None
Captcha (case insensitive): ../src/intel/isl/isl.c:2212: FINISHME: ../src/intel/isl/isl.c:isl_surf_supports_ccs: CCS for 3D textures is disabled, but a workaround is available.
ulstralsaw
DEBUG:urllib3.connectionpool:https://accounts.google.com:443 "POST /signin/v1/lookup HTTP/1.1" 302 245
DEBUG:urllib3.connectionpool:https://accounts.google.com:443 "GET /signin/rejected?rrk=88&hl=en-GB HTTP/1.1" 200 None
ERROR:root:'NoneType' object has no attribute 'find_all'
Traceback (most recent call last):
  File "/home/nmehta/.local/lib/python3.10/site-packages/aws_google_auth/__init__.py", line 79, in cli
    process_auth(args, config)
  File "/home/nmehta/.local/lib/python3.10/site-packages/aws_google_auth/__init__.py", line 243, in process_auth
    google_client.do_login()
  File "/home/nmehta/.local/lib/python3.10/site-packages/aws_google_auth/google.py", line 291, in do_login
    sess = self.handle_captcha(sess, payload)
  File "/home/nmehta/.local/lib/python3.10/site-packages/aws_google_auth/google.py", line 432, in handle_captcha
    for tag in form.find_all('input'):
AttributeError: 'NoneType' object has no attribute 'find_all'

I am getting the same error..

monkora commented 2 years ago

I have the same problem as @Renjie-d1g1t and @nmehta001

rdonkin-attest commented 2 years ago

@monkora - see PR #250, this is a simple two-line fix that worked well. Thanks @ezequielbarros for the fix!

stevemac007 commented 2 years ago

Google looks to have made changes to the responses, a fix for this should be available in release https://github.com/cevoaustralia/aws-google-auth/releases/tag/0.0.38

Renjie-d1g1t commented 2 years ago

Google looks to have made changes to the responses, a fix for this should be available in release https://github.com/cevoaustralia/aws-google-auth/releases/tag/0.0.38

great news, anyone tried 0.0.38 yet?