def test_del_vars_from_post():
environ = create_environ(
input_stream=io.BytesIO(b"_username=foo&_secret=bar"),
content_type="application/x-www-form-urlencoded",
)
with application_and_request_context(environ):
assert global_request.form
global_request.del_var_from_env("_username")
global_request.del_var_from_env("_secret")
assert not global_request.form
def _check_auth_automation() -> UserId:
secret = request.get_str_input_mandatory("_secret", "").strip()
user_id = request.get_unicode_input_mandatory("_username", "")
user_id = UserId(user_id.strip())
request.del_var_from_env("_username")
request.del_var_from_env("_secret")
if verify_automation_secret(user_id, secret):
# Auth with automation secret succeeded - mark transid as unneeded in this case
transactions.ignore()
set_auth_type("automation")
return user_id
raise MKAuthException(_("Invalid automation secret for user %s") % user_id)