diff --git a/Gemfile b/Gemfile index 286b8cc84a..8885b2d588 100644 --- a/Gemfile +++ b/Gemfile @@ -61,6 +61,7 @@ gem 'active_storage_validations' gem 'faraday', '~> 2.9' gem 'faraday-follow_redirects', '~> 0.3' gem 'puma' +gem 'oauth2' group :development, :test do gem 'annotate' diff --git a/Gemfile.lock b/Gemfile.lock index c99450a6ad..01f51b50e7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -376,6 +376,8 @@ GEM msgpack (1.7.2) multi_json (1.15.0) multi_test (1.1.0) + multi_xml (0.7.1) + bigdecimal (~> 3.1) multipart-post (2.4.1) mustermann (3.0.0) ruby2_keywords (~> 0.0.1) @@ -402,6 +404,13 @@ GEM racc (~> 1.4) notifications-ruby-client (5.4.0) jwt (>= 1.5, < 3) + oauth2 (2.0.9) + faraday (>= 0.17.3, < 3.0) + jwt (>= 1.0, < 3.0) + multi_xml (~> 0.5) + rack (>= 1.2, < 4) + snaky_hash (~> 2.0) + version_gem (~> 1.1) orm_adapter (0.5.0) paper_trail (15.1.0) activerecord (>= 6.1) @@ -588,6 +597,9 @@ GEM capybara (~> 3.31) site_prism-all_there (> 2, < 5) site_prism-all_there (3.0.5) + snaky_hash (2.0.1) + hashie + version_gem (~> 1.1, >= 1.1.1) sprockets (4.2.1) concurrent-ruby (~> 1.0) rack (>= 2.2.4, < 4) @@ -627,6 +639,7 @@ GEM utf8-cleaner (1.0.0) activesupport vcr (6.2.0) + version_gem (1.1.4) virtus (2.0.0) axiom-types (~> 0.1) coercible (~> 1.0) @@ -715,6 +728,7 @@ DEPENDENCIES net-smtp net-ssh (~> 7.2) nokogiri (~> 1.16) + oauth2 paper_trail (~> 15.1.0) parallel_tests pg (~> 1.5.6) diff --git a/app/services/maat_service/connection.rb b/app/services/maat_service/connection.rb index be84ccd3b3..d96335a249 100644 --- a/app/services/maat_service/connection.rb +++ b/app/services/maat_service/connection.rb @@ -3,35 +3,22 @@ class Connection include Singleton def fetch(maat_reference) - JSON.parse(client.get("assessment/rep-orders/#{maat_reference}").body) - rescue Faraday::ConnectionFailed + JSON.parse(access.get("assessment/rep-orders/#{maat_reference}").body) + rescue OAuth2::Error {} end private - def client - @client ||= Faraday.new(Settings.maat_api_url, request: { timeout: 2 }) do |conn| - conn.headers['Authorization'] = "Bearer #{oauth_token}" - end - end - - def oauth_token - response = Faraday.post(Settings.maat_api_oauth_url, request_params, request_headers) - JSON.parse(response.body)['access_token'] - end + def access = @access ||= client.client_credentials.get_token - def request_params - { - client_id: Settings.maat_api_oauth_client_id, - client_secret: Settings.maat_api_oauth_client_secret, - scope: Settings.maat_api_oauth_scope, - grant_type: 'client_credentials' - } - end - - def request_headers - { content_type: 'application/x-www-form-urlencoded' } + def client + @client ||= OAuth2::Client.new( + Settings.maat_api_oauth_client_id, + Settings.maat_api_oauth_client_secret, + site: Settings.maat_api_url, + token_url: Settings.maat_api_oauth_url + ) end end end diff --git a/config/settings.yml b/config/settings.yml index 1d70990202..2b0055ddd1 100644 --- a/config/settings.yml +++ b/config/settings.yml @@ -234,5 +234,4 @@ maat_regexp: !ruby/regexp <%= ENV['MAAT_REGEXP'] || '/^[2-9][0-9]{6}$/' %> maat_api_url: <%= ENV['MAAT_API_URL'] %> maat_api_oauth_client_id: <%= ENV['OAUTH_CLIENT_ID'] %> maat_api_oauth_client_secret: <%= ENV['OAUTH_CLIENT_SECRET'] %> -maat_api_oauth_scope: <%=ENV['OAUTH_SCOPE'] %> maat_api_oauth_url: <%=ENV['OAUTH_URL']%> diff --git a/spec/services/maat_service_spec.rb b/spec/services/maat_service_spec.rb index 6b89974ffa..3d8e0c999f 100644 --- a/spec/services/maat_service_spec.rb +++ b/spec/services/maat_service_spec.rb @@ -1,8 +1,21 @@ RSpec.describe MaatService do before do - allow(Settings).to receive_messages(maat_api_url: 'https://example.com', maat_api_oauth_url: 'https://example.com/oauth') - stub_request(:post, 'https://example.com/oauth') - .to_return(body: { access_token: 'test_token' }.to_json) + allow(OAuth2::Client).to receive(:new).and_return( + OAuth2::Client.new( + Settings.maat_api_oauth_client_id, + Settings.maat_api_oauth_client_secret, + site: 'https://example.com', + token_url: 'https://example.com/oauth' + ) + ) + stub_request(:post, 'https://example.com/oauth').to_return( + body: { + access_token: 'test-token', + expires_in: 3600, + token_type: 'Bearer' + }.to_json, + headers: { 'content-type': 'application/json' } + ) end describe '.call' do @@ -14,10 +27,16 @@ context 'with a valid MAAT reference' do before do stub_request(:get, "https://example.com/assessment/rep-orders/#{maat_reference}") - .to_return(body: { caseId: 'TEST12345678', crownRepOrderDate: '2024-03-28' }.to_json) + .to_return( + body: { + caseId: 'TEST12345678', + crownRepOrderDate: '2024-03-28', + arrestSummonsNo: 'ABCDEF' + }.to_json + ) end - it { is_expected.to eq({ case_number: 'TEST12345678', representation_order_date: '2024-03-28' }) } + it { is_expected.to eq({ case_number: 'TEST12345678', representation_order_date: '2024-03-28', asn: 'ABCDEF' }) } end context 'with a valid MAAT reference with no date' do @@ -26,7 +45,7 @@ .to_return(body: { caseId: 'TEST12345678' }.to_json) end - it { is_expected.to eq({ case_number: 'TEST12345678', representation_order_date: nil }) } + it { is_expected.to eq({ case_number: 'TEST12345678', representation_order_date: nil, asn: nil }) } end context 'with an unknown MAAT reference' do @@ -35,7 +54,7 @@ .to_return(status: 404, body: { message: "No Rep Order found for ID: #{maat_reference}" }.to_json) end - it { is_expected.to eq({ case_number: nil, representation_order_date: nil }) } + it { is_expected.to eq({ case_number: nil, representation_order_date: nil, asn: nil }) } end context 'when unauthorized' do @@ -44,18 +63,20 @@ .to_return(status: 401, body: { message: 'Unauthorized' }.to_json) end - it { is_expected.to eq({ case_number: nil, representation_order_date: nil }) } + it { is_expected.to eq({ case_number: nil, representation_order_date: nil, asn: nil }) } end context 'when the OAuth settings are not correct' do before do stub_request(:post, 'https://example.com/oauth') - .to_return(status: 400, body: { error: 'invalid_client' }.to_json) - stub_request(:get, "https://example.com/assessment/rep-orders/#{maat_reference}") - .to_return(status: 401, body: { message: 'Unauthorized' }.to_json) + .to_return( + status: 400, + body: { error: 'invalid_client' }.to_json, + headers: { 'content-type': 'application/json' } + ) end - it { is_expected.to eq({ case_number: nil, representation_order_date: nil }) } + it { is_expected.to eq({ case_number: nil, representation_order_date: nil, asn: nil }) } end end end