vlaci / openconnect-sso

Wrapper script for OpenConnect supporting Azure AD (SAMLv2) authentication to Cisco SSL-VPNs
GNU General Public License v3.0
299 stars 131 forks source link

Got exception "binascii.Error" on every start, fixed with a hack... #143

Open WegDamit opened 1 year ago

WegDamit commented 1 year ago

on mac i get this after starting openconnect-sso:

Traceback (most recent call last):
  File "/Users/ar/.local/pipx/venvs/openconnect-sso/lib/python3.11/site-packages/openconnect_sso/config.py", line 129, in totp
    return pyotp.TOTP(totpsecret).now() if totpsecret else None
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/ar/.local/pipx/venvs/openconnect-sso/lib/python3.11/site-packages/pyotp/totp.py", line 64, in now
    return self.generate_otp(self.timecode(datetime.datetime.now()))
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/ar/.local/pipx/venvs/openconnect-sso/lib/python3.11/site-packages/pyotp/otp.py", line 35, in generate_otp
    hasher = hmac.new(self.byte_secret(), self.int_to_bytestring(input), self.digest)
                      ^^^^^^^^^^^^^^^^^^
  File "/Users/ar/.local/pipx/venvs/openconnect-sso/lib/python3.11/site-packages/pyotp/otp.py", line 52, in byte_secret
    return base64.b32decode(secret, casefold=True)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/Cellar/python@3.11/3.11.5/Frameworks/Python.framework/Versions/3.11/lib/python3.11/base64.py", line 254, in b32decode
    return _b32decode(_b32alphabet, s, casefold, map01)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/Cellar/python@3.11/3.11.5/Frameworks/Python.framework/Versions/3.11/lib/python3.11/base64.py", line 236, in _b32decode
    raise binascii.Error('Non-base32 digit found') from None
binascii.Error: Non-base32 digit found

fix was modifing config.py:

import binascii
# ...

    @property
    def totp(self):
        try:
            totpsecret = keyring.get_password(APP_NAME, "totp/" + self.username)
            return pyotp.TOTP(totpsecret).now() if totpsecret else None
        except (keyring.errors.KeyringError, binascii.Error):   # <-- added new exception
            logger.info("Cannot retrieve saved totp info from keyring.")
            return ""

in my pipx installed files, so... no PR, sorry.

Seems like a new issue with newer pythons or something.

PS: No i get a endless loop on M$ 2FA windows, because of confusion if app or code is used. Different topic...

tomm87 commented 1 year ago

I had the same problem, and this solution worked for me. Thanks WegDamit!

tomm87 commented 1 year ago

It just occurred to me that I could add some detail to make the above comment more useful.

WegDamit's fix is working fine for me, so this isn't meant as a nudge for a response.

tbfisher commented 1 year ago

@WegDamit thank you, this worked for me as well.

I'm on ubuntu 22.04 with python 3.10