search

ruimarinho / gsts

Obtain and store AWS STS credentials to interact with Amazon services by authenticating via G Suite SAML.
MIT License
212 stars 37 forks source link

Request to aws saml url fails due to disallowed requests to aws static resources #53

Closed innopbo closed 2 years ago

innopbo commented 2 years ago

Hi there,

I recently upgraded to v4.0.0 and started hitting this error:

ℹ Initiating request to "https://signin.aws.amazon.com/saml"
ℹ Aborting request to "https://signin.aws.amazon.com/static/js/jquery.min.js"
ℹ Aborting request to "https://signin.aws.amazon.com/static/image/down.png"
ℹ Request to "https://signin.aws.amazon.com/static/js/jquery.min.js" has failed
ℹ Aborted due to client request
ℹ An error has ocurred while authenticating page.waitForSelector: Target closed
=========================== logs ===========================
waiting for selector "#saml_form" to be visible
============================================================
    at RouteHandler.handler (/usr/local/lib/node_modules/gsts/index.js:279:22) {
  name: 'Error'
}
✖ An unknown error has ocurred with message "page.waitForSelector: Target closed
=========================== logs ===========================
waiting for selector "#saml_form" to be visible
============================================================". Please try again with --verbose
route.abort: Target page, context or browser has been closed
    at RouteHandler.handler (/usr/local/lib/node_modules/gsts/index.js:306:15) {
  name: 'Error'
}

The authentication succeeds and the token is stored correctly, but the error occurs when trying to access the saml url to confirm that the tool succeeded.

It looks like the check to allow requests to certain urls on line 313 of index.js doesn't include a pattern to match static resources from AWS.

I've fixed it locally by modifying the if block on line 313 to include aws.amazon.com/static, i.e.:

    if (/google|gstatic|youtube|googleusercontent|googleapis|gvt1|aws.amazon.com\/static/.test(route.request().url())) {
      logger.debug(`Allowing request to "${route.request().url()}"`);
      route.continue();
      return;
    }

Thanks for developing this great tool!

ruimarinho commented 2 years ago

@innopbo thanks for the kind words!

Static resources should not be fetched at all since requests to the AWS page are unnecessary, hence the page should not even be rendered to save time and gain performance. I believe what you're experiencing may be related to other issues. Could you please give v4.0.1 a try?

innopbo commented 2 years ago

Thanks for the quick reponse, it is indeed fixed in v4.0.1 👌