def bearer_auth(auth_header: str) -> RFC7662:
try:
_, token = auth_header.split("Bearer", 1)
except ValueError:
raise MKAuthException(None, "Not a valid Bearer token.")
try:
user_id, secret = token.strip().split(' ', 1)
except ValueError:
raise MKAuthException("No user/password combination in Bearer token.")
if not secret:
raise MKAuthException("Empty password not allowed.")
if not user_id:
raise MKAuthException("Empty user not allowed.")
if "/" in user_id:
raise MKAuthException("No slashes / allowed in username.")
if not verify_automation_secret(UserId(ensure_str(user_id)), secret):
raise MKAuthException("Not authenticated.")
# Auth with automation secret succeeded - mark transid as unneeded in this case
return rfc7662_subject(user_id, 'automation')
def bearer_auth(token: str) -> Optional[RFC7662]:
try:
user_id, secret = token.split(' ', 1)
except ValueError:
return None
if not secret:
return None
if not user_id:
return None
if "/" in user_id:
return None
if verify_automation_secret(UserId(ensure_str(user_id)), secret):
# Auth with automation secret succeeded - mark transid as unneeded in this case
return _subject(user_id)
return None
def automation_auth(user_id: UserId, secret: str) -> Optional[RFC7662]:
if verify_automation_secret(user_id, secret):
return rfc7662_subject(user_id, "automation")
return None
