From 6ccaf0715baa9c748d9d209c661f13ea3849822b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?M=C3=A9di-R=C3=A9mi=20Hashim?=
 <4295266+mediremi@users.noreply.github.com>
Date: Thu, 27 May 2021 13:53:13 +0100
Subject: [PATCH] fix: remove d2 config author/organisation name check (#496)

* fix: remove d2 config author/organisation name check

* fix: remove manifest author/organisation name check
---
 server/src/security/verifyBundle.js | 40 ++++-------------------------
 1 file changed, 5 insertions(+), 35 deletions(-)

diff --git a/server/src/security/verifyBundle.js b/server/src/security/verifyBundle.js
index eb4919482..9afcdcee1 100644
--- a/server/src/security/verifyBundle.js
+++ b/server/src/security/verifyBundle.js
@@ -9,14 +9,7 @@ const isValidJSON = json => {
     }
 }
 
-const checkManifest = ({
-    manifest,
-    appId,
-    appName,
-    version,
-    organisationName,
-    canBeCoreApp
-}) => {
+const checkManifest = ({ manifest, appId, appName, version, canBeCoreApp }) => {
     if (manifest.app_hub_id && manifest.app_hub_id !== appId) {
         throw new Error('Manifest App Hub ID does not match app ID')
     }
@@ -26,23 +19,12 @@ const checkManifest = ({
     if (manifest.version !== version) {
         throw new Error('Manifest version does not match app version')
     }
-    const manifestDeveloper = manifest.developer?.name
-    if (manifestDeveloper && manifestDeveloper !== organisationName) {
-        throw new Error('Manifest developer does not match app organisation')
-    }
     if (!canBeCoreApp && manifest.core_app) {
         throw new Error('Manifest incorrectly declares app as core app')
     }
 }
 
-const checkD2Config = ({
-    d2Config,
-    appId,
-    appName,
-    version,
-    organisationName,
-    canBeCoreApp
-}) => {
+const checkD2Config = ({ d2Config, appId, appName, version, canBeCoreApp }) => {
     if (d2Config.id && d2Config.id !== appId) {
         throw new Error('D2 config App Hub ID does not match app ID')
     }
@@ -52,22 +34,12 @@ const checkD2Config = ({
     if (d2Config.version !== version) {
         throw new Error('D2 config version does not match app version')
     }
-    const d2ConfigDeveloper = d2Config.author?.name
-    if (d2ConfigDeveloper && d2ConfigDeveloper !== organisationName) {
-        throw new Error('D2 config developer does not match app organisation')
-    }
     if (!canBeCoreApp && d2Config.coreApp) {
         throw new Error('D2 config incorrectly declares app as core app')
     }
 }
 
-module.exports = ({
-    buffer,
-    appId,
-    appName,
-    version,
-    organisationName,
-}) => {
+module.exports = ({ buffer, appId, appName, version, organisationName }) => {
     const zip = new AdmZip(buffer)
     const entries = zip.getEntries().map(e => e.entryName)
     const manifestPath = 'manifest.webapp'
@@ -87,8 +59,7 @@ module.exports = ({
         appId,
         appName,
         version,
-        organisationName,
-        canBeCoreApp
+        canBeCoreApp,
     })
 
     // D2 config is optional
@@ -105,7 +76,6 @@ module.exports = ({
         appId,
         appName,
         version,
-        organisationName,
-        canBeCoreApp
+        canBeCoreApp,
     })
 }