search

cevoaustralia / aws-google-auth

Provides AWS STS credentials based on Google Apps SAML SSO auth (what a jumble!)
MIT License
537 stars 181 forks source link

aws-google-auth failing after captcha with AttributeError #253

Closed andybusuu closed 2 years ago

andybusuu commented 2 years ago

This worked this morning, but has just started failing recently. Perhaps Google have changed something recently.

$ aws-google-auth -k -a --idp-id ****** --sp-id ****** -R eu-west-1 -u andrew@***** -p **** -d 28800

Please visit the following URL to view your CAPTCHA: https://accounts.google.com/Captcha?v=2&ctoken=AAWk9lTZPTWjw0H2qZslq_5iOYNMgwYAp4YyWclEZ7tcbNSygw1uwrJBsuHN1x5ixClImPWivlzxazufFjr9czxGPpP30RnFLxAPCLiWo0gM6zEkj_5KHTzdJaPyQrUZJaq8A4fxPPkeG3PQkNC40tpjKDWGjkPfAg
Captcha (case insensitive): plingsmsp
ERROR:root:'NoneType' object has no attribute 'find_all'
Traceback (most recent call last):
  File "/Users/andrewlongwill/.pyenv/versions/3.9.10/envs/aws-google-auth-3.9.10/lib/python3.9/site-packages/aws_google_auth/__init__.py", line 79, in cli
    process_auth(args, config)
  File "/Users/andrewlongwill/.pyenv/versions/3.9.10/envs/aws-google-auth-3.9.10/lib/python3.9/site-packages/aws_google_auth/__init__.py", line 243, in process_auth
    google_client.do_login()
  File "/Users/andrewlongwill/.pyenv/versions/3.9.10/envs/aws-google-auth-3.9.10/lib/python3.9/site-packages/aws_google_auth/google.py", line 291, in do_login
    sess = self.handle_captcha(sess, payload)
  File "/Users/andrewlongwill/.pyenv/versions/3.9.10/envs/aws-google-auth-3.9.10/lib/python3.9/site-packages/aws_google_auth/google.py", line 432, in handle_captcha
    for tag in form.find_all('input'):
AttributeError: 'NoneType' object has no attribute 'find_all'

versions

python --version
Python 3.9.10
pip list                                                                                                                                                        ─╯
Package               Version
--------------------- -----------
aws-google-auth       0.0.37
beautifulsoup4        4.10.0
boto3                 1.20.51
botocore              1.23.51
certifi               2021.10.8
charset-normalizer    2.0.11
configparser          5.2.0
filelock              3.4.2
idna                  3.3
importlib-metadata    4.10.1
jmespath              0.10.0
keyring               23.5.0
keyrings.alt          4.1.0
lxml                  4.7.1
Pillow                9.0.1
pip                   22.0.4
python-dateutil       2.8.2
pytz-deprecation-shim 0.1.0.post0
requests              2.27.1
s3transfer            0.5.1
setuptools            58.1.0
six                   1.16.0
soupsieve             2.3.1
tabulate              0.8.9
tzdata                2021.5
tzlocal               4.1
urllib3               1.26.8
zipp                  3.7.0
rama3319 commented 2 years ago

My entire team is having issues with aws-google-auth today. I tried resetting user cookies, uninstalled & installed aws-google-auth but none of the solution did not fix the issue. Can some one shed the light what is going on. Error:

Google Password: ERROR:root:'NoneType' object has no attribute 'get' Traceback (most recent call last): File "/Users//Library/Python/3.8/lib/python/site-packages/aws_google_auth/init.py", line 79, in cli process_auth(args, config) File "/Users//Library/Python/3.8/lib/python/site-packages/aws_google_auth/init.py", line 243, in process_auth google_client.do_login() File "/Users/***/Library/Python/3.8/lib/python/site-packages/aws_google_auth/google.py", line 256, in do_login passwd_challenge_url = 'https://accounts.google.com' + form.get('action') AttributeError: 'NoneType' object has no attribute 'get'

tigum27 commented 2 years ago

same here

ghost commented 2 years ago

same here

stan-spring commented 2 years ago

What if handle_captcha used open or xdg_open by launching a browser instead of trying to look for the CAPTCHA img src? Seems like this breaks everytime Google changes something in the page structure.

slikk66 commented 2 years ago

yep, broke

silviolleite commented 2 years ago

Same here

lopezm1 commented 2 years ago

The amount of us staring at this page 👀 haha. Broken too.

I will try to help look for a fix.

slikk66 commented 2 years ago

Yea, setting up a venv to see if we can regex the URL to image or something, the tag parsing seems fragile

abrelsfo commented 2 years ago

I was having this issue last week and followed the fix in here

rama3319 commented 2 years ago

We tried --bg-response js_enabled, this time we are able pass through password but failing at captcha. I tried 0.0.036 but no luck. 8TkaZpIgOTWqbSam4ZHxIiE3c4I-AqYzeoNfCOysf4o3Fre3IYtR4BwE3FRxYX6utGC2M Captcha (case insensitive): undingent ERROR:root:'NoneType' object has no attribute 'find_all' Traceback (most recent call last): File "/Users/rama/Library/Python/3.8/lib/python/site-packages/aws_google_auth/init.py", line 79, in cli process_auth(args, config) File "/Users/rama/Library/Python/3.8/lib/python/site-packages/aws_google_auth/init.py", line 243, in process_auth google_client.do_login() File "/Users/rama/Library/Python/3.8/lib/python/site-packages/aws_google_auth/google.py", line 291, in do_login sess = self.handle_captcha(sess, payload) File "/Users/rama/Library/Python/3.8/lib/python/site-packages/aws_google_auth/google.py", line 432, in handle_captcha for tag in form.find_all('input'): AttributeError: 'NoneType' object has no attribute 'find_all'

cody-foltz commented 2 years ago

If you installed aws-google-auth via homebrew, you can directly replace the file mentioned in the error above with the one from the PR. My path was different than the one above so use the path in the error. Url to file from PR: https://github.com/ezequielsbarros/aws-google-auth/blob/d7d70010bac0494a5902e92a3bd7e124611cd6c1/aws_google_auth/google.py

slikk66 commented 2 years ago

You need to apply the fix, something like this (uninstall old one first):

git clone git@github.com:ezequielsbarros/aws-google-auth.git
Cloning into 'aws-google-auth'...
    ...

cd aws-google-auth 
git checkout fix-js-background-param-in-challenge 
    ...

pip3 install -e .

then after install had to symlink to the bin which on my system is this:

cd /usr/local/bin
ln -s  /usr/local/Cellar/python@3.9/3.9.12/Frameworks/Python.framework/Versions/3.9/bin/aws-google-auth

then also add the --bg-response js_enabled param to the actual call to updated binary, thats how we're doing it. Or just replace file directly however you have it installed.

rama3319 commented 2 years ago

Here is another fix. https://github.com/ezequielsbarros/aws-google-auth/commit/d7d70010bac0494a5902e92a3bd7e124611cd6c1

ghost commented 2 years ago

I'm using this tool now. No need to deal w/ captcha and MFA as well. you guys can check https://www.leapp.cloud/

andybusuu commented 2 years ago

@slikk66 / @ezequielsbarros 's fix works for me 👍 

docker run -ti --rm -v ~/.aws:/root/.aws python:3.10-buster /bin/bash
git clone https://github.com/ezequielsbarros/aws-google-auth.git
cd aws-google-auth
git checkout checkout fix-js-background-param-in-challenge
pip3 install -e .

aws-google-auth -k -a --idp-id ****** --sp-id ****** -R eu-west-1 -u andrew@***** -p **** -d 28800

UPDATE: This issue is fixed by https://github.com/cevoaustralia/aws-google-auth/pull/250

monkora commented 2 years ago

Same here

bityob commented 2 years ago

Simple fix based on the PR #250 -

Edit this file site-packages/aws_google_auth/google.py, and add those code lines in line 268 - 

        # Set bg_response in request payload to passwd challenge
        if self.config.bg_response:
            payload['bgresponse'] = self.config.bg_response

You can take the absolute path from the error above in your machine -

ERROR:root:'NoneType' object has no attribute 'find_all'
Traceback (most recent call last):
  File "/home/bityob/.local/lib/python3.8/site-packages/aws_google_auth/__init__.py", line 79, in cli
    process_auth(args, config)
  File "/home/bityob/.local/lib/python3.8/site-packages/aws_google_auth/__init__.py", line 243, in process_auth
    google_client.do_login()
  File "/home/bityob/.local/lib/python3.8/site-packages/aws_google_auth/google.py", line 291, in do_login
    sess = self.handle_captcha(sess, payload)
  File "/home/bityob/.local/lib/python3.8/site-packages/aws_google_auth/google.py", line 432, in handle_captcha
    for tag in form.find_all('input'):
AttributeError: 'NoneType' object has no attribute 'find_all'

"/home/bityob/.local/lib/python3.8/site-packages/aws_google_auth/google.py"

Example -

image

olegeech-me commented 2 years ago

thank you @bityob, works like a charm

graimondo commented 2 years ago

Can the PR approved?

ajoseph-uptycs commented 2 years ago

@bityob Thank you ! this works.

stevemac007 commented 2 years ago

This issue has been resolved with the release https://github.com/cevoaustralia/aws-google-auth/releases/tag/0.0.38

moringaman commented 2 years ago

Can you update the docker image on dockerhub to reflect the latest change?