isomerpages · alexanderleegs · Jul 19, 2023 · Jul 18, 2023 · Jul 18, 2023 · kishore03109
diff --git a/src/integration/Privatisation.spec.ts b/src/integration/Privatisation.spec.ts
@@ -16,6 +16,7 @@ import {
   Site,
   SiteMember,
   User,
+  Whitelist,
 } from "@database/models"
 import { generateRouterForUserWithSite } from "@fixtures/app"
 import {
@@ -39,6 +40,7 @@ import {
   MOCK_USER_DBENTRY_THREE,
   MOCK_USER_DBENTRY_TWO,
 } from "@fixtures/users"
+import { AuthorizationMiddleware } from "@root/middleware/authorization"
 import { SettingsRouter as _SettingsRouter } from "@root/routes/v2/authenticatedSites/settings"
 import { SettingsService } from "@root/services/configServices/SettingsService"
 import { BaseDirectoryService } from "@root/services/directoryServices/BaseDirectoryService"
@@ -54,11 +56,13 @@ import { CollectionYmlService } from "@root/services/fileServices/YmlFileService
 import { ConfigService } from "@root/services/fileServices/YmlFileServices/ConfigService"
 import { FooterYmlService } from "@root/services/fileServices/YmlFileServices/FooterYmlService"
 import { NavYmlService } from "@root/services/fileServices/YmlFileServices/NavYmlService"
+import CollaboratorsService from "@root/services/identity/CollaboratorsService"
 import DeploymentsService from "@root/services/identity/DeploymentsService"
+import AuthorizationMiddlewareService from "@root/services/middlewareServices/AuthorizationMiddlewareService"
 import { GitHubService } from "@services/db/GitHubService"
 import * as ReviewApi from "@services/db/review"
 import { ConfigYmlService } from "@services/fileServices/YmlFileServices/ConfigYmlService"
-import { getUsersService } from "@services/identity"
+import { getIdentityAuthService, getUsersService } from "@services/identity"
 import IsomerAdminsService from "@services/identity/IsomerAdminsService"
 import SitesService from "@services/identity/SitesService"
 import ReviewRequestService from "@services/review/ReviewRequestService"
@@ -155,6 +159,24 @@ const deploymentsService = new DeploymentsService({
   deploymentsRepository: Deployment,
 })
 
+const identityAuthService = getIdentityAuthService(gitHubService)
+const collaboratorsService = new CollaboratorsService({
+  siteRepository: Site,
+  siteMemberRepository: SiteMember,
+  sitesService,
+  usersService,
+  whitelist: Whitelist,
+})
+const authorizationMiddlewareService = new AuthorizationMiddlewareService({
+  identityAuthService,
+  usersService,
+  isomerAdminsService,
+  collaboratorsService,
+})
+const authorizationMiddleware = new AuthorizationMiddleware({
+  authorizationMiddlewareService,
+})
+
 const settingsService = new SettingsService({
   configYmlService,
   footerYmlService,
@@ -164,7 +186,10 @@ const settingsService = new SettingsService({
   deploymentsService,
   gitHubService,
 })
-const SettingsRouter = new _SettingsRouter({ settingsService })
+const SettingsRouter = new _SettingsRouter({
+  settingsService,
+  authorizationMiddleware,
+})
 const settingsSubrouter = SettingsRouter.getRouter()
 const subrouter = express()
 subrouter.use("/:siteName", settingsSubrouter)

diff --git a/src/routes/v2/authenticatedSites/__tests__/Settings.spec.js b/src/routes/v2/authenticatedSites/__tests__/Settings.spec.js
@@ -32,8 +32,11 @@ describe("Settings Router", () => {
     extractNavFields: SettingsService.extractNavFields,
   }
 
+  const mockAuthorizationMiddleware = jest.fn()
+
   const router = new SettingsRouter({
     settingsService: mockSettingsService,
+    authorizationMiddleware: mockAuthorizationMiddleware,
   })
 
   const subrouter = express()

diff --git a/src/routes/v2/authenticatedSites/index.js b/src/routes/v2/authenticatedSites/index.js
@@ -187,7 +187,10 @@ const getAuthenticatedSitesSubrouter = ({
   })
   const contactUsV2Router = new ContactUsRouter({ contactUsPageService })
   const homepageV2Router = new HomepageRouter({ homepagePageService })
-  const settingsV2Router = new SettingsRouter({ settingsService })
+  const settingsV2Router = new SettingsRouter({
+    settingsService,
+    authorizationMiddleware,
+  })
   const navigationV2Router = new NavigationRouter({
     navigationYmlService: navYmlService,
   })

diff --git a/src/routes/v2/authenticatedSites/settings.js b/src/routes/v2/authenticatedSites/settings.js
@@ -20,7 +20,8 @@ const { isPasswordValid } = require("@root/validators/validators")
 const { SettingsService } = require("@services/configServices/SettingsService")
 
 class SettingsRouter {
-  constructor({ settingsService }) {
+  constructor({ settingsService, authorizationMiddleware }) {
+    this.authorizationMiddleware = authorizationMiddleware
     this.settingsService = settingsService
     // We need to bind all methods because we don't invoke them from the class directly
     autoBind(this)
@@ -129,10 +130,12 @@ class SettingsRouter {
     router.post("/", attachRollbackRouteHandlerWrapper(this.updateSettingsPage))
     router.get(
       "/repo-password",
+      this.authorizationMiddleware.verifyIsEmailUser,
       attachReadRouteHandlerWrapper(this.getRepoPassword)
     )
     router.post(
       "/repo-password",
+      this.authorizationMiddleware.verifyIsEmailUser,
       attachWriteRouteHandlerWrapper(this.updateRepoPassword)
     )