Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ERROR:root:'NoneType' object has no attribute 'get' #280

Open
LeRocque opened this issue May 1, 2024 · 29 comments
Open

ERROR:root:'NoneType' object has no attribute 'get' #280

LeRocque opened this issue May 1, 2024 · 29 comments

Comments

@LeRocque
Copy link

LeRocque commented May 1, 2024

Attempting to use the tool this morning is resulting in

Screenshot 2024-05-01 081139

Is anybody else having this issue?

Thanks!

@lazerous42
Copy link

lazerous42 commented May 1, 2024

I've been digging into this issue a bit (I work with @LeRocque) to just poke around at the responses this tool is getting back from Google.

Using our identity provider and secret provider to build the URL in this code

In google.Google

@property
def login_url(self):
    return self.base_url + "/o/saml2/initsso?idpid={}&spid={}&forceauthn=false".format(
        self.config.idp_id, self.config.sp_id)

Does indeed produce a valid URL allow for my federated Google identity to provide access to AWS. If I was already logged into my corporate Google account, it routes me directly to the AWS console. If I'm not logged into said account, I'm dropped to the normal Google account selection page.

I'm currently analyzing the issue from the perspective of the first page that URL loads (probably not reflective of what I'm seeing in foreground testing) is not the page this tool is expecting to receive.

From what I currently understand about BeautifulSoup (never used it before today), the listed stack trace shows an inability to pull a named 'continue's value. More concerning though, is that if you comment this out or just feed it some value, the subsequent line fails

In google.Google.do_login
form = first_page.find('form', {'id': 'gaia_loginform'})

GAIA is Google's login and identity service (correct?) and there are no search hits on the text 'gaia' in the page I'm getting back at all.

I'm at a bit of a loss as to what to look into next here, so some input from a main dev would be greatly appreciated. Possibly worth noting here is that this issue started on May 1st, so a month transition (yes, we paid our bill). Likely nothing, but it's a more suspicious date of occurrence than most others.

@mestuddtc
Copy link

It seems Google has changed the workflow and all the pages are different. I have hacked together enough to successfully login with captcha and TOTP MFA. See #281

@fyodor-roam
Copy link

Same issue here, used to work just fine and all of a sudden started failing today. @mestuddtc I pulled down your fix and the process gets me to captcha but it always fails further on. Failure HTML look like that:

image

Looks like captcha field is not getting the text it's supposed to get?

@jonseymour
Copy link

jonseymour commented May 2, 2024

It seems Google has changed the workflow and all the pages are different. I have hacked together enough to successfully login with captcha and TOTP MFA. See #281

@mestuddtc I have tweaked your change to add support for the handle_dp method. I have raised the PR against your branch to simplify the process of delivering both. I assume the simplest thing to do would be for you to fast-forward your branch to the tip of mine which will close my PR and consolidate both fixes into your PR, but I leave that up to you.

mestuddtc#3 <- my tweak of your PR

@LeRocque
Copy link
Author

LeRocque commented May 2, 2024

Thank you everyone! I implemented your fix @jonseymour. It is working for me now.

@LukeMooney
Copy link

LukeMooney commented May 2, 2024

This fix is partially(?) working for me. I am getting through the password now but getting stuck on the captcha. Before this issue/fix, when I failed the captcha, it would give me an "invalid credential" type error. Now I am getting "Something went wrong - Could not find SAML response, check your credentials or use --save-failure-html to debug.", as shown in the pic. Is this the new "you failed captcha error"? or is this something else?

To implement this fix I replaced my "google.py" with the "google.py" from jonseymour's PR above.

image

Some people in my company have had success replacing their "google.py". The difference we've noticed is the people it works for have their installs in something like: /Unbuntu/usr/local/lib/python3.10/dist-packages/aws-google-auth
While the people it doesn't work for are more: \Ubuntu\home\[username]\.local\lib\python3.10\site-packages\aws_google_auth

@LeRocque
Copy link
Author

LeRocque commented May 2, 2024

To add to @LukeMooney's comment. It also seems to only work if you're using a MFA method of an authenticator token or by opening the Gmail app on your phone + clicking confirm. SMS is still broken

@juancarlosm
Copy link

@mestuddtc didn't work for me
@jonseymour still have problems:

Something went wrong - Could not find SAML response, check your credentials or use --save-failure-html to debug

I was able to log in with @jonseymour code but with a little change:

juancarlosm@fe70a3b

Now is working form me
Hope that helps!

@LukeMooney
Copy link

@juancarlosm fix worked for me.

@VicerExciser
Copy link

Thanks @juancarlosm and @jonseymour -- officially saved my workday.

@mestuddtc
Copy link

I'm pulling fixes into my PR and fork.

If you have problems, run with the --save-saml-flow option. That outputs the request data and responses, and you can try debugging what's missing.
The MFA methods I don't use aren't implemented. You should get an exception with the name of the unimplemented method. Thanks @jonseymour for implementing handle_dp. That solved some of my coworkers failures.

@mestuddtc
Copy link

Thanks @juancarlosm and @jonseymour -- officially saved my workday.

Right, this basically was my workday yesterday!

@ismail0352
Copy link

I have taken the latest google.py from https://github.com/mestuddtc/aws-google-auth/blob/master/aws_google_auth/google.py but still it did not fix the issue for me. My installation path: /usr/local/Cellar/aws-google-auth/0.0.38_10/libexec/lib/python3.12/site-packages/aws_google_auth
Here is the error:
image

@LukeMooney
Copy link

@ismail0352 that file doesn't have either of the fixes above. Try adding them manually.

@sungmincs
Copy link

Did anyone else start getting "Match the number" MFA prompt after clicking on "it's me" verification? now I have 33% of chance to go through the auth.

@decidev22
Copy link

decidev22 commented May 6, 2024

UPDATE: 7th May

It just started working for some reason.... very weird!


Is there a fix for this yet?
I still get

ERROR:root:'NoneType' object has no attribute 'get' Traceback (most recent call last): File "/opt/homebrew/Cellar/aws-google-auth/0.0.38_10/libexec/lib/python3.12/site-packages/aws_google_auth/__init__.py", line 79, in cli process_auth(args, config) File "/opt/homebrew/Cellar/aws-google-auth/0.0.38_10/libexec/lib/python3.12/site-packages/aws_google_auth/__init__.py", line 243, in process_auth google_client.do_login() File "/opt/homebrew/Cellar/aws-google-auth/0.0.38_10/libexec/lib/python3.12/site-packages/aws_google_auth/google.py", line 259, in do_login passwd_challenge_url = 'https://accounts.google.com' + form.get('action') ^^^^^^^^ AttributeError: 'NoneType' object has no attribute 'get'

when I try to run the aws-google-auth -u ...

@mestuddtc
Copy link

that file doesn't have either of the fixes above.

My master branch has all the fixes on it

image

That's in do_login_old, which means do_login chose the old workflow based on the login page google served. You'd have to use --save-saml-flow and debug the auth workflow google is serving to you.

@joselitodasilva
Copy link

Hello,
I'm also having the 'NoneType' error, however --save-saml-flow doesn't output/save anything. Does anybod know why?

@vrathore18
Copy link

I tried the solution provided by @juancarlosm and @jonseymour. Also, your master branch @mestuddtc but still having the same issue

ERROR:root:'NoneType' object has no attribute 'get'
Traceback (most recent call last):
  File "/usr/local/Cellar/aws-google-auth/0.0.38_11/libexec/lib/python3.12/site-packages/aws_google_auth/__init__.py", line 79, in cli
    process_auth(args, config)
  File "/usr/local/Cellar/aws-google-auth/0.0.38_11/libexec/lib/python3.12/site-packages/aws_google_auth/__init__.py", line 243, in process_auth
    google_client.do_login()
  File "/usr/local/Cellar/aws-google-auth/0.0.38_11/libexec/lib/python3.12/site-packages/aws_google_auth/google.py", line 218, in do_login
    self.cont = first_page.find('input', {'name': 'continue'}).get('value')
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
AttributeError: 'NoneType' object has no attribute 'get'

An error occurred (ExpiredToken) when calling the GetCallerIdentity operation: The security token included in the request is expired

@mestuddtc
Copy link

@vrathore18 Are you sure you're using the new code? The stack trace does not line up with it. It looks much closer to the old master branch without the fixes.

@jonseymour
Copy link

jonseymour commented May 25, 2024

@vrathore18 - make sure you have the version of @mestuddtc's branch that includes d363cad. I was happily using the slightly earlier revision I submitted until today, then started to experience the issues fyodor-roam reported. When I upgraded to d363cad which includes @juancarlosm's fixes, it started working again for me.

Prior to that time, the captcha request was silently failing and leaving the login sequence at the captcha submission stage, although it took some debugging to workout that was what was happening.

@fyodor-roam
Copy link

Started getting the issue today again. Can confirm that d363cad solves it for me.

@syedkumail95
Copy link

syedkumail95 commented Jun 3, 2024

Guys I applied the recent fix from @mestuddtc's branch and I am getting a different error now

Google Password: 
Please visit the following URL to view your CAPTCHA: <captcha-url>
Captcha (case insensitive):
Something went wrong - Could not find SAML response, check your credentials or use --save-failure-html to debug.

Can anyone be kind enough to create a docker image with the fix and share the public image here? That would be very helpful

@syedkumail95
Copy link

Guys I applied the recent fix from @mestuddtc's branch and I am getting a different error now

Google Password: 
Please visit the following URL to view your CAPTCHA: <captcha-url>
Captcha (case insensitive):
Something went wrong - Could not find SAML response, check your credentials or use --save-failure-html to debug.

Can anyone be kind enough to create a docker image with the fix and share the public image here? That would be very helpful

I used the --save-failure-html flag to see what is the issue and this is what the html was like (attaching screenshot)
google-html-image

@jonseymour
Copy link

jonseymour commented Jun 3, 2024

Guys I applied the recent fix from @mestuddtc's branch and I am getting a different error now

Google Password: 
Please visit the following URL to view your CAPTCHA: <captcha-url>
Captcha (case insensitive):
Something went wrong - Could not find SAML response, check your credentials or use --save-failure-html to debug.

@syedkumail95, independently of this issue, months ago, I experienced this prompt unexpectedly. If I initiated the login manually from an incognito window and selected the option I normally use, it didn't happen again when aws-google-auth was next called and I changed nothing else, indicating that this manual intervention caused a change of state on the Google side. So, worth trying that. It might be that now that Google has been rolling out passkey support, it is providing users with an opportunity to select it, though, of course, aws-google-auth may or not support it directly (IDK).

@syedkumail95
Copy link

Guys I applied the recent fix from @mestuddtc's branch and I am getting a different error now

Google Password: 
Please visit the following URL to view your CAPTCHA: <captcha-url>
Captcha (case insensitive):
Something went wrong - Could not find SAML response, check your credentials or use --save-failure-html to debug.

@syedkumail95, independently of this issue, months ago, I experienced this prompt unexpectedly. If I initiated the login manually from an incognito window and selected the option I normally use, it didn't happen again when aws-google-auth was next called and I changed nothing else, indicating that this manual intervention caused a change of state on the Google side. So, worth trying that. It might be that now that Google has been rolling out passkey support, it is providing users with an opportunity to select it, though, of course, aws-google-auth may or not support it directly (IDK).

@jonseymour thanks alot man. It worked :D

@ezloj
Copy link

ezloj commented Jun 6, 2024

Unfortunately, the fix from #281 stopped helping for me just today. It helped before, but now I'm getting a saml issue:

Captcha (case insensitive): courazie
ERROR:root:SAML lookup failed, storing failure page to 'saml.html' to assist with debugging.
Something went wrong - Could not find SAML response, check your credentials or use --save-failure-html to debug.

Saml response
image

@ezloj
Copy link

ezloj commented Jun 6, 2024

Hm never mind. Looks like this suggestion (just above my comment) fixes it: #280 (comment)

@manhtu57
Copy link

It seems Google has changed the workflow and all the pages are different. I have hacked together enough to successfully login with captcha and TOTP MFA. See #281

Thanks @mestuddtc , It's worked for me

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests