def bearer_auth(auth_header: str) -> RFC7662: try: _, token = auth_header.split("Bearer", 1) except ValueError: raise MKAuthException(None, "Not a valid Bearer token.") try: user_id, secret = token.strip().split(' ', 1) except ValueError: raise MKAuthException("No user/password combination in Bearer token.") if not secret: raise MKAuthException("Empty password not allowed.") if not user_id: raise MKAuthException("Empty user not allowed.") if "/" in user_id: raise MKAuthException("No slashes / allowed in username.") if not verify_automation_secret(UserId(ensure_str(user_id)), secret): raise MKAuthException("Not authenticated.") # Auth with automation secret succeeded - mark transid as unneeded in this case return rfc7662_subject(user_id, 'automation')
def bearer_auth(token: str) -> Optional[RFC7662]: try: user_id, secret = token.split(' ', 1) except ValueError: return None if not secret: return None if not user_id: return None if "/" in user_id: return None if verify_automation_secret(UserId(ensure_str(user_id)), secret): # Auth with automation secret succeeded - mark transid as unneeded in this case return _subject(user_id) return None
def automation_auth(user_id: UserId, secret: str) -> Optional[RFC7662]: if verify_automation_secret(user_id, secret): return rfc7662_subject(user_id, "automation") return None