federated authentication better logging + tidying (#232)

* change trace logging in authenticator

* messing about

* lil changes

* go fmt

* error fix

* Fix broken test

1 files changed, 6 insertions, 5 deletions

diff --git a/internal/api/security/signaturecheck.go b/internal/api/security/signaturecheck.go
index 71e539e96..be8c87c0d 100644
--- a/internal/api/security/signaturecheck.go
+++ b/internal/api/security/signaturecheck.go
@@ -11,13 +11,10 @@ import (
 
 // SignatureCheck checks whether an incoming http request has been signed. If so, it will check if the domain
 // that signed the request is permitted to access the server. If it is permitted, the handler will set the key
-// verifier in the gin context for use down the line.
+// verifier and the signature in the gin context for use down the line.
 func (m *Module) SignatureCheck(c *gin.Context) {
 	l := m.log.WithField("func", "DomainBlockChecker")
 
-	// set this extra field for signature validation
-	c.Request.Header.Set("host", m.config.Host)
-
 	// create the verifier from the request
 	// if the request is signed, it will have a signature header
 	verifier, err := httpsig.NewVerifier(c.Request)
@@ -43,8 +40,12 @@ func (m *Module) SignatureCheck(c *gin.Context) {
 				return
 			}
 
-			// set the verifier on the context here to save some work further down the line
+			// set the verifier and signature on the context here to save some work further down the line
 			c.Set(string(util.APRequestingPublicKeyVerifier), verifier)
+			signature := c.GetHeader("Signature")
+			if signature != "" {
+				c.Set(string(util.APRequestingPublicKeySignature), signature)
+			}
 		}
 	}
 }