fix(backend/api): Fix & add tests for APIKeyAuthenticator (#10881)

- Resolves #10875

### Changes 🏗️

- Fix use of `super().__call__` in `APIKeyAuthenticator.__call__`
- Fix non-ASCII API key validation
- Add tests for `APIKeyAuthenticator`

### Checklist 📋

#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
  - [x] Test implementations have been verified manually
  - [x] All the new tests pass

Author: Pwuts

autogpt_platform/backend/backend/server/utils/api_key_auth.py

@@ -3,15 +3,18 @@
 """
 
 import inspect
+import logging
 import secrets
-from typing import Any, Callable, Optional
+from typing import Any, Awaitable, Callable, Optional
 
 from fastapi import HTTPException, Request
 from fastapi.security import APIKeyHeader
 from starlette.status import HTTP_401_UNAUTHORIZED
 
 from backend.util.exceptions import MissingConfigError
 
+logger = logging.getLogger(__name__)
+
 
 class APIKeyAuthenticator(APIKeyHeader):
     """
@@ -51,7 +54,8 @@ async def validate_with_db(api_key: str):
         header_name (str): The name of the header containing the API key
         expected_token (Optional[str]): The expected API key value for simple token matching
         validator (Optional[Callable]): Custom validation function that takes an API key
-            string and returns a boolean or object. Can be async.
+            string and returns a truthy value if and only if the passed string is a
+            valid API key. Can be async.
         status_if_missing (int): HTTP status code to use for validation errors
         message_if_invalid (str): Error message to return when validation fails
     """
@@ -60,7 +64,9 @@ def __init__(
         self,
         header_name: str,
         expected_token: Optional[str] = None,
-        validator: Optional[Callable[[str], bool]] = None,
+        validator: Optional[
+            Callable[[str], Any] | Callable[[str], Awaitable[Any]]
+        ] = None,
         status_if_missing: int = HTTP_401_UNAUTHORIZED,
         message_if_invalid: str = "Invalid API key",
     ):
@@ -75,7 +81,7 @@ def __init__(
         self.message_if_invalid = message_if_invalid
 
     async def __call__(self, request: Request) -> Any:
-        api_key = await super()(request)
+        api_key = await super().__call__(request)
         if api_key is None:
             raise HTTPException(
                 status_code=self.status_if_missing, detail="No API key in request"
@@ -106,4 +112,9 @@ async def default_validator(self, api_key: str) -> bool:
                 f"{self.__class__.__name__}.expected_token is not set; "
                 "either specify it or provide a custom validator"
             )
-        return secrets.compare_digest(api_key, self.expected_token)
+        try:
+            return secrets.compare_digest(api_key, self.expected_token)
+        except TypeError as e:
+            # If value is not an ASCII string, compare_digest raises a TypeError
+            logger.warning(f"{self.model.name} API key check failed: {e}")
+            return False