Bugfix/signature verify always true (#29)

* fix recipient list not copied to request envelope

* fixed signature check masking invalid signatures

agrirouter/auth/response.py

@@ -48,6 +48,7 @@ def verify(self, public_key) -> None:
         unquoted_signature = unquote(self.signature)
         encoded_signature = base64.b64decode(unquoted_signature.encode("utf-8"))
 
+        self._is_valid = True
         try:
             verify_signature(encoded_data, encoded_signature, public_key)
         except InvalidSignature:
@@ -56,7 +57,6 @@ def verify(self, public_key) -> None:
         finally:
             self._was_verified = True
 
-        self._is_valid = True
 
     @staticmethod
     def decode_token(token: Union[str, bytes]) -> AuthorizationToken: