From e7a4e44b45375da61367304c1701cf65f804479a Mon Sep 17 00:00:00 2001
From: Joe Haig <joseph.haig@digital.justice.gov.uk>
Date: Mon, 17 Jun 2024 10:44:01 +0100
Subject: [PATCH] Use oauth2 gem

---
 Gemfile                                 |  1 +
 Gemfile.lock                            | 14 ++++++++
 app/services/maat_service/connection.rb | 33 ++++++------------
 config/settings.yml                     |  1 -
 spec/services/maat_service_spec.rb      | 45 ++++++++++++++++++-------
 5 files changed, 58 insertions(+), 36 deletions(-)

diff --git a/Gemfile b/Gemfile
index b9515dda59..b9a864db58 100644
--- a/Gemfile
+++ b/Gemfile
@@ -61,6 +61,7 @@ gem 'active_storage_validations'
 gem 'faraday', '~> 2.10'
 gem 'faraday-follow_redirects', '~> 0.3'
 gem 'puma'
+gem 'oauth2'
 
 group :development, :test do
   gem 'annotate'
diff --git a/Gemfile.lock b/Gemfile.lock
index 1b43c73341..7a693093cc 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -378,6 +378,8 @@ GEM
     msgpack (1.7.2)
     multi_json (1.15.0)
     multi_test (1.1.0)
+    multi_xml (0.7.1)
+      bigdecimal (~> 3.1)
     multipart-post (2.4.1)
     mustermann (3.0.0)
       ruby2_keywords (~> 0.0.1)
@@ -404,6 +406,13 @@ GEM
       racc (~> 1.4)
     notifications-ruby-client (5.4.0)
       jwt (>= 1.5, < 3)
+    oauth2 (2.0.9)
+      faraday (>= 0.17.3, < 3.0)
+      jwt (>= 1.0, < 3.0)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 4)
+      snaky_hash (~> 2.0)
+      version_gem (~> 1.1)
     orm_adapter (0.5.0)
     paper_trail (15.1.0)
       activerecord (>= 6.1)
@@ -592,6 +601,9 @@ GEM
       capybara (~> 3.32)
       site_prism-all_there (> 2, < 5)
     site_prism-all_there (3.0.5)
+    snaky_hash (2.0.1)
+      hashie
+      version_gem (~> 1.1, >= 1.1.1)
     sprockets (4.2.1)
       concurrent-ruby (~> 1.0)
       rack (>= 2.2.4, < 4)
@@ -631,6 +643,7 @@ GEM
     utf8-cleaner (1.0.0)
       activesupport
     vcr (6.2.0)
+    version_gem (1.1.4)
     virtus (2.0.0)
       axiom-types (~> 0.1)
       coercible (~> 1.0)
@@ -719,6 +732,7 @@ DEPENDENCIES
   net-smtp
   net-ssh (~> 7.2)
   nokogiri (~> 1.16)
+  oauth2
   paper_trail (~> 15.1.0)
   parallel_tests
   pg (~> 1.5.6)
diff --git a/app/services/maat_service/connection.rb b/app/services/maat_service/connection.rb
index be84ccd3b3..d96335a249 100644
--- a/app/services/maat_service/connection.rb
+++ b/app/services/maat_service/connection.rb
@@ -3,35 +3,22 @@ class Connection
     include Singleton
 
     def fetch(maat_reference)
-      JSON.parse(client.get("assessment/rep-orders/#{maat_reference}").body)
-    rescue Faraday::ConnectionFailed
+      JSON.parse(access.get("assessment/rep-orders/#{maat_reference}").body)
+    rescue OAuth2::Error
       {}
     end
 
     private
 
-    def client
-      @client ||= Faraday.new(Settings.maat_api_url, request: { timeout: 2 }) do |conn|
-        conn.headers['Authorization'] = "Bearer #{oauth_token}"
-      end
-    end
-
-    def oauth_token
-      response = Faraday.post(Settings.maat_api_oauth_url, request_params, request_headers)
-      JSON.parse(response.body)['access_token']
-    end
+    def access = @access ||= client.client_credentials.get_token
 
-    def request_params
-      {
-        client_id: Settings.maat_api_oauth_client_id,
-        client_secret: Settings.maat_api_oauth_client_secret,
-        scope: Settings.maat_api_oauth_scope,
-        grant_type: 'client_credentials'
-      }
-    end
-
-    def request_headers
-      { content_type: 'application/x-www-form-urlencoded' }
+    def client
+      @client ||= OAuth2::Client.new(
+        Settings.maat_api_oauth_client_id,
+        Settings.maat_api_oauth_client_secret,
+        site: Settings.maat_api_url,
+        token_url: Settings.maat_api_oauth_url
+      )
     end
   end
 end
diff --git a/config/settings.yml b/config/settings.yml
index 1d70990202..2b0055ddd1 100644
--- a/config/settings.yml
+++ b/config/settings.yml
@@ -234,5 +234,4 @@ maat_regexp: !ruby/regexp <%= ENV['MAAT_REGEXP'] || '/^[2-9][0-9]{6}$/' %>
 maat_api_url: <%= ENV['MAAT_API_URL'] %>
 maat_api_oauth_client_id: <%= ENV['OAUTH_CLIENT_ID'] %>
 maat_api_oauth_client_secret: <%= ENV['OAUTH_CLIENT_SECRET'] %>
-maat_api_oauth_scope: <%=ENV['OAUTH_SCOPE'] %>
 maat_api_oauth_url: <%=ENV['OAUTH_URL']%>
diff --git a/spec/services/maat_service_spec.rb b/spec/services/maat_service_spec.rb
index 6b89974ffa..3d8e0c999f 100644
--- a/spec/services/maat_service_spec.rb
+++ b/spec/services/maat_service_spec.rb
@@ -1,8 +1,21 @@
 RSpec.describe MaatService do
   before do
-    allow(Settings).to receive_messages(maat_api_url: 'https://example.com', maat_api_oauth_url: 'https://example.com/oauth')
-    stub_request(:post, 'https://example.com/oauth')
-      .to_return(body: { access_token: 'test_token' }.to_json)
+    allow(OAuth2::Client).to receive(:new).and_return(
+      OAuth2::Client.new(
+        Settings.maat_api_oauth_client_id,
+        Settings.maat_api_oauth_client_secret,
+        site: 'https://example.com',
+        token_url: 'https://example.com/oauth'
+      )
+    )
+    stub_request(:post, 'https://example.com/oauth').to_return(
+      body: {
+        access_token: 'test-token',
+        expires_in: 3600,
+        token_type: 'Bearer'
+      }.to_json,
+      headers: { 'content-type': 'application/json' }
+    )
   end
 
   describe '.call' do
@@ -14,10 +27,16 @@
     context 'with a valid MAAT reference' do
       before do
         stub_request(:get, "https://example.com/assessment/rep-orders/#{maat_reference}")
-          .to_return(body: { caseId: 'TEST12345678', crownRepOrderDate: '2024-03-28' }.to_json)
+          .to_return(
+            body: {
+              caseId: 'TEST12345678',
+              crownRepOrderDate: '2024-03-28',
+              arrestSummonsNo: 'ABCDEF'
+            }.to_json
+          )
       end
 
-      it { is_expected.to eq({ case_number: 'TEST12345678', representation_order_date: '2024-03-28' }) }
+      it { is_expected.to eq({ case_number: 'TEST12345678', representation_order_date: '2024-03-28', asn: 'ABCDEF' }) }
     end
 
     context 'with a valid MAAT reference with no date' do
@@ -26,7 +45,7 @@
           .to_return(body: { caseId: 'TEST12345678' }.to_json)
       end
 
-      it { is_expected.to eq({ case_number: 'TEST12345678', representation_order_date: nil }) }
+      it { is_expected.to eq({ case_number: 'TEST12345678', representation_order_date: nil, asn: nil }) }
     end
 
     context 'with an unknown MAAT reference' do
@@ -35,7 +54,7 @@
           .to_return(status: 404, body: { message: "No Rep Order found for ID: #{maat_reference}" }.to_json)
       end
 
-      it { is_expected.to eq({ case_number: nil, representation_order_date: nil }) }
+      it { is_expected.to eq({ case_number: nil, representation_order_date: nil, asn: nil }) }
     end
 
     context 'when unauthorized' do
@@ -44,18 +63,20 @@
           .to_return(status: 401, body: { message: 'Unauthorized' }.to_json)
       end
 
-      it { is_expected.to eq({ case_number: nil, representation_order_date: nil }) }
+      it { is_expected.to eq({ case_number: nil, representation_order_date: nil, asn: nil }) }
     end
 
     context 'when the OAuth settings are not correct' do
       before do
         stub_request(:post, 'https://example.com/oauth')
-          .to_return(status: 400, body: { error: 'invalid_client' }.to_json)
-        stub_request(:get, "https://example.com/assessment/rep-orders/#{maat_reference}")
-          .to_return(status: 401, body: { message: 'Unauthorized' }.to_json)
+          .to_return(
+            status: 400,
+            body: { error: 'invalid_client' }.to_json,
+            headers: { 'content-type': 'application/json' }
+          )
       end
 
-      it { is_expected.to eq({ case_number: nil, representation_order_date: nil }) }
+      it { is_expected.to eq({ case_number: nil, representation_order_date: nil, asn: nil }) }
     end
   end
 end