Make MyPy happy

Fixes for various type errors throw by mypy.

portal/api/auth.py

 # Login code adapted from the flaskr tutorial (see LICENSE-3RD-PARTY.md for details)
 # See https://flask.palletsprojects.com/en/2.0.x/tutorial/views/
 import functools
+from typing import Any, Callable
 
-from flask import request, g
+from flask import g, request
 
 from portal import db
 
+from ..model import Key, User
+from ..problem_details import ProblemResponse, not_found, unauthorized
 from .blueprint import bp
-from ..model import User, Key
-from ..problem_details import not_found, unauthorized
 
 
 @bp.before_app_request
-def set_user_if_valid():
-    if not request.authorization or request.authorization.type != "basic":
+def set_user_if_valid() -> None:
+    if (
+        not request.authorization
+        or request.authorization.type != "basic"
+        or request.authorization.username is None
+        or request.authorization.password is None
+    ):
         g.user = None
         return
 
@@ -23,15 +29,19 @@ def set_user_if_valid():
 
 
 @bp.before_app_request
-def set_key_if_valid():
-    if not request.authorization or request.authorization.type != "bearer":
+def set_key_if_valid() -> None:
+    if (
+        not request.authorization
+        or request.authorization.type != "bearer"
+        or request.authorization.token is None
+    ):
         g.key = None
         return
 
     g.key = Key.get_by_secret_unless_expired(request.authorization.token)
 
 
-def require_valid(credential_type):
+def require_valid(credential_type: type[User | Key]) -> Callable:
     """
     Requires that valid credentials are provided before allowing access to a route.
     If no valid credentials are provided, abort and send a 401.
@@ -41,9 +51,9 @@ def require_valid(credential_type):
     - `@require_valid(Key)` to require a valid key
     """
 
-    def decorator(route):
+    def decorator(route: Callable) -> Callable:
         @functools.wraps(route)
-        def protected_route(**kwargs):
+        def protected_route(**kwargs: Any) -> Any:
             # Determine which credentials to use
             credentials = {User: g.user, Key: g.key}.get(credential_type)
 
@@ -60,14 +70,14 @@ def require_valid(credential_type):
 
 @bp.post("/keys")
 @require_valid(User)
-def post_key():
+def post_key() -> tuple[dict, int]:
     key, secret = Key.generate(g.user)
     return key.to_dict() | {"secret": secret}, 201
 
 
 @bp.delete("/keys/<string:uuid>")
 @require_valid(Key)
-def delete_key(uuid: str):
+def delete_key(uuid: str) -> tuple[str, int] | ProblemResponse:
     key_to_delete = Key.get_only(uuid)
 
     if not key_to_delete: