Adding captcha challenge support. If prompted, a captcha image will b…

[louahola]

…e opened in the default image viewer and the user prompted for the text.

[coveralls]

Coverage decreased (-2.4%) to 45.184% when pulling ce88bd4cda1e079ba581491c8dcc2923ef6bf7fe on louahola:captcha_support into a3450e031d27fccd77b50e90422042b4435796c6 on cevoaustralia:master.

[brokenthumbs]

Opened a PR against @louahola fork, adding alpine-linux Pillow dependencies for both Dockerfiles.

https://github.com/louahola/aws-google-auth/pull/1

[mide]

What are your thoughts on breaking the code into handle_captcha() like we do the other handle_* functions? My 2c on just separating out some of the logic.

[Colgaton]

Hello besides the pull request is there a fix for this? We are having a hard time because of it.

[maratsh]

How to open captcha inside docker? Can we just print captcha URL to console?

[brokenthumbs]

@maratsh https://github.com/cevoaustralia/aws-google-auth/pull/91/files#diff-ad879f154c6e5e24eb1f5e7615f90866R318 The PR uses Image.open to show the captcha image, if you're running on Mac.

If you're inside Docker, I suppose you wouldn't have access to an image viewing utility. Does it make sense to print the captcha URL to console? @mide @louahola

[mide]

That's correct. If you're in Docker, you wouldn't have the ability to open the image as implemented. Perhaps we always print out the URL of the captcha and try to open it.

Something like:

import sys

...

print("CAPTCHA URL: {}".format(captcha_url))

# If we're on MacOS, try to open the image for the user automatically. 
# This implementation does not work if you're in Docker.
if sys.platform == 'darwin':
    try:
        with requests.get(captcha_url) as url:
            with io.BytesIO(url.content) as f:
                Image.open(f).show()
    except Exception:
        logger.debug("Failed to open image.")

I'm actually not sure if Image.open() work on other OS's (Linux with GUI, Windows, etc). So maybe checking for Mac isn't the right thing to do here. 🤔 Below is another option that doesn't show the URL if it's able to display it (which makes more sense, I guess).

# Try to open the image for the user automatically, but if that fails for 
# any reason, just display the URL for the user to visit.  
try:
    with requests.get(captcha_url) as url:
        with io.BytesIO(url.content) as f:
            Image.open(f).show()
except Exception:
    print("Please visit the following URL to view your CAPTCHA: {}".format(captcha_url))

[tjbaker]

I cloned this pr and can confirm that it works. It opened a window showing the captcha image, prompted with Captcha (case insensitive):, then prompted me to touch my security key, then I got the expected credentials.

[Chandrian]

I just tried on mac and I get the captcha image and then my token. It's working perfectly for me!

[FabianFrank]

I keep getting captcha'd without a way to avoid it, so I also tested this PR and it works well for me as well.

[ricktbaker]

@stevemac007 Looking forward to hearing what you can find out. My one concern on moving to this company wide is if Google just periodically decides to change things up and we run into various scraping issues.

[mide]

I'm personally shocked that Google doesn't provide a tool to perform SAML auth via CLI. Other providers (like OneLogin) provide APIs for use. Oh well ¯\_(ツ)_/¯

[afosterw]

For what it's worth I contacted Google yesterday and they were pretty unhelpful. They said:

• There is no way to whitelist IPs for reCaptcha
• There is no mechanism for using OAuth/GSuite APIs to make requests to a SAML endpoint

YMMV

[max-rocket-internet]

Great solution, thanks for this PR.

[toddmcneill]

A coworker and I both use this tool on the Linux subsystem for Windows. We both updated to version 0.0.27 (which includes this pull request), and are still stuck on the captcha. The Captcha (case insensitive): prompt appears (from line 325 in aws_google_auth/google.py) without either the image appearing or the Please visit the following URL to view your CAPTCHA: message appearing (from line 322 of the same file). It appears as though even though the image is not being shown, no exception is thrown, so the captcha url isn't printed.

[maratsh]

This is because Image.show is not throwing an exception in case of problems.

[JeremJR]

@toddmcneill @maratsh I've proposed this https://github.com/cevoaustralia/aws-google-auth/pull/105 to display the url

[stevemac007]

I'm merging in some of these fixes - sorry for the radio silence - and I'm now not sure if this has been made better or worse with my changes as I currently don't have a good way to test this across all operating systems and combinations.

I'll ship 0.0.28 with the changes, and if we see issues please log them and I'll get on fixes ASAP.