问题
I tried another program to validate the saved list of username and encrypted password from the above table and username and allowed resources in a different table. This program needs to be integrated with API request, however I have changed to send event test parameters from lambda test config, I tried the same for decoding as guided in the previous comments. Based on the previous error and comments, I was able to resolve that. "errorMessage": "string argument without an encoding", TypeError: string argument without an encoding
This seemes to be same kind of issue. However I tried with below formats. The errors remains same for all three.
CiphertextBlob=bytes(base64.b64decode(secret, 'utf8')
CiphertextBlob=bytes(base64.b64decode(secret).decode('utf8'))
CiphertextBlob=bytes(base64.b64decode(secret), decoding='utf8')
Response:
{
"errorMessage": "argument should be a bytes-like object or ASCII string, not 'Binary'",
"errorType": "TypeError",
"stackTrace": [
" File \"/var/task/lambda_function.py\", line 45, in lambda_handler\n decrypted_password_from_table = decrypt(session,password_from_table)\n",
" File \"/var/task/lambda_function.py\", line 10, in decrypt\n CiphertextBlob=bytes(base64.b64decode(secret).decode('utf8'))\n",
" File \"/var/lang/lib/python3.8/base64.py\", line 80, in b64decode\n s = _bytes_from_decode_data(s)\n",
" File \"/var/lang/lib/python3.8/base64.py\", line 45, in _bytes_from_decode_data\n raise TypeError(\"argument should be a bytes-like object or ASCII \"\n"
]
}
import os
import boto3
import base64
from boto3.dynamodb.conditions import Key, Attr
#import botocore.vendored.requests.api as requests
def decrypt(session, secret):
client = session.client('kms')
plaintext = client.decrypt(
CiphertextBlob=bytes(base64.b64decode(secret), decoding='utf8')
)
return plaintext["Plaintext"]
def lambda_handler(event, context):
session = boto3.session.Session()
dynamodb = boto3.resource('dynamodb')
authentication_table_name = 'Authentication'
authorization_table = dynamodb.Table('Authorization')
authentication_table = dynamodb.Table(authentication_table_name)
# Extract the username, password, and resource from the message
#message = str(event['message'])
#password = message.split('password>')[1][:-2]
#username = message.split('username>')[1][:-2]
#resource = message.split('resource>')[1][:-2]
password = event['password']
username = event['username']
resource = event['resource']
#print('MESSAGE: ' + message)
#print('PASSWORD: ' + str(password))
#print('USERNAME: ' + str(username))
#print('RESOURCE: ' + str(resource))
# Authenticate user with encrypted DDB
entry = authentication_table.get_item(TableName=authentication_table_name, Key={'username':username})
if 'Item' in entry:
#print('entry["Item"]["password"]: ' + str(entry['Item']['password']))
password_from_table = entry['Item']['password']
decrypted_password_from_table = decrypt(session,password_from_table)
#decrypted_password_from_table = decrypted_password_from_table.decode('utf-8')
print('type(decrypted_password_from_table): ' + str(type(decrypted_password_from_table)))
print('attempted password: ' + str(password))
print('decrypted_password_from_table: ' + str(decrypted_password_from_table))
if password == decrypted_password_from_table:
print('User has been authenticated.')
else:
print('Incorrect password')
return 'Incorrect password'
else:
print('User is NOT VALID')
return 'Invalid User'
# Authorize user with unencrypted DDB
allowed_resources = authorization_table.get_item(Key={'username': username})['Item']['allowed_resources']
allowed_resources = allowed_resources.split(',')
print('allowed_resources: ' + str(allowed_resources))
if resource not in allowed_resources:
return 'USER NOT AUTHORIZED TO ACCESS RESOURCE'
# Forward message to endpoint
#response = requests.request('GET', 'https://postman-echo.com/get?foo1=bar1', params={'foo1': message})
# print('dummy echo api response.text: ' + str(response.text))
return_string = 'Success! Here is your API response: ' #+ str(response.text)
return return_string
来源:https://stackoverflow.com/questions/59590313/typeerror-errormessage-argument-should-be-a-bytes-like-object-or-ascii-str