From 92186c8c6f1c374146f085b46a440b69a1d97aa8 Mon Sep 17 00:00:00 2001
From: tobi <31960611+tsmethurst@users.noreply.github.com>
Date: Thu, 16 Sep 2021 11:35:09 +0200
Subject: federated authentication better logging + tidying (#232)

* change trace logging in authenticator

* messing about

* lil changes

* go fmt

* error fix

* Fix broken test
---
 internal/api/security/signaturecheck.go | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

(limited to 'internal/api/security')

diff --git a/internal/api/security/signaturecheck.go b/internal/api/security/signaturecheck.go
index 71e539e96..be8c87c0d 100644
--- a/internal/api/security/signaturecheck.go
+++ b/internal/api/security/signaturecheck.go
@@ -11,13 +11,10 @@ import (
 
 // SignatureCheck checks whether an incoming http request has been signed. If so, it will check if the domain
 // that signed the request is permitted to access the server. If it is permitted, the handler will set the key
-// verifier in the gin context for use down the line.
+// verifier and the signature in the gin context for use down the line.
 func (m *Module) SignatureCheck(c *gin.Context) {
 	l := m.log.WithField("func", "DomainBlockChecker")
 
-	// set this extra field for signature validation
-	c.Request.Header.Set("host", m.config.Host)
-
 	// create the verifier from the request
 	// if the request is signed, it will have a signature header
 	verifier, err := httpsig.NewVerifier(c.Request)
@@ -43,8 +40,12 @@ func (m *Module) SignatureCheck(c *gin.Context) {
 				return
 			}
 
-			// set the verifier on the context here to save some work further down the line
+			// set the verifier and signature on the context here to save some work further down the line
 			c.Set(string(util.APRequestingPublicKeyVerifier), verifier)
+			signature := c.GetHeader("Signature")
+			if signature != "" {
+				c.Set(string(util.APRequestingPublicKeySignature), signature)
+			}
 		}
 	}
 }
-- 
cgit v1.2.3