Finish the job

sydent/hs_federation/types.py

@@ -38,6 +38,7 @@ class SignedMatrixRequestRequired(TypedDict):
     uri: bytes
     destination_is: str
     signatures: Dict[str, Signature]
+    origin: str
 
 
 class SignedMatrixRequest(SignedMatrixRequestRequired, total=False):

sydent/hs_federation/verifier.py

@@ -182,37 +182,35 @@ async def authenticate_request(
 
         :return: The origin of the server whose signature was validated
         """
-        json_request: SignedMatrixRequest = {
-            "method": request.method,
-            "uri": request.uri,
-            "destination_is": self.sydent.config.general.server_name,
-            "signatures": {},
-        }
-
-        if content is not None:
-            json_request["content"] = content
-
-        origin = None
-
         auth_headers = request.requestHeaders.getRawHeaders("Authorization")
-
         if not auth_headers:
             raise NoAuthenticationError("Missing Authorization headers")
 
+        # Retrieve an origin and signatures from the authorization header.
+        origin = None
+        signatures: Dict[str, Dict[str, str]] = {}
         for auth in auth_headers:
             if auth.startswith("X-Matrix"):
                 (origin, key, sig) = parse_auth_header(auth)
-                json_request["origin"] = origin
-                json_request["signatures"].setdefault(origin, {})[key] = sig
+                signatures.setdefault(origin, {})[key] = sig
 
-        if not json_request["signatures"]:
+        if origin is None:
             raise NoAuthenticationError("Missing X-Matrix Authorization header")
-
-        if not is_valid_matrix_server_name(json_request["origin"]):
+        if not is_valid_matrix_server_name(origin):
             raise InvalidServerName(
                 "X-Matrix header's origin parameter must be a valid Matrix server name"
             )
 
+        json_request: SignedMatrixRequest = {
+            "method": request.method,
+            "uri": request.uri,
+            "destination_is": self.sydent.config.general.server_name,
+            "signatures": signatures,
+            "origin": origin,
+        }
+        if content is not None:
+            json_request["content"] = content
+
         await self.verifyServerSignedJson(json_request, [origin])
 
         logger.info("Verified request from HS %s", origin)