#472: add quick error message if not https

Badgerati · Sep 24, 2020 · 778a0f6 · 778a0f6
1 parent 8831609
commit 778a0f6
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/docs/Tutorials/Authentication/Methods/ClientCertificate.md b/docs/Tutorials/Authentication/Methods/ClientCertificate.md
@@ -2,6 +2,8 @@
 
 Client Certificate Authentication is when the server requires the client to supply a certificate on the request, to verify themselves with the server. This only works over HTTPS connections.
 
+If at any point to you need to access the client's certificate outside of this validator, then it can be found on the web event object at `Request.ClientCertificate`.
+
 ## Setup
 
 To setup and start using Client Certificate Authentication in Pode you use the `New-PodeAuthScheme -ClientCertificate` function, and then pipe this into the [`Add-PodeAuth`](../../../../Functions/Authentication/Add-PodeAuth) function. The [`Add-PodeAuth`](../../../../Functions/Authentication/Add-PodeAuth) function's ScriptBlock is supplied the client's certificate, and any SSL errors that may have occurred (like chain issues, etc).

diff --git a/src/Public/Core.ps1 b/src/Public/Core.ps1
@@ -762,6 +762,11 @@ function Add-PodeEndpoint
         throw "An endpoint with the name '$($Name)' has already been defined"
     }
 
+    # protocol must be https for client certs
+    if (($Protocol -ine 'https') -and $AllowClientCertificate) {
+        throw "Client certificates are only supported on HTTPS endpoints"
+    }
+
     # new endpoint object
     $obj = @{
         Name = $Name