gds-api-adapters 69.3.0 → 71.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 36d53c764d0ec5abb1685e55ff91057da30c9ce250dd46c4d5ae350b7684f66c
-  data.tar.gz: 50687996dcb29b5ca7d8e0ec5cc3fca4ef40228ea2700d901528b9b2f98b30c4
+  metadata.gz: ea739e39026f239c010c4810ba88c6c0f8f77a0fb2375e24c9026cd2a388465e
+  data.tar.gz: c18db19adc96aab183ab99edfc30db4691d7ab5d055def3fbcfc406f6b16c1a8
 SHA512:
-  metadata.gz: 1c5cb0ce0c5bd0147374a6abff9a1e121ce811775b5120c73fc319df47aebd8c4acdbe264f3507be9e91b19e0a01e55e0711e9538237c940ad96f9de9ce9b08e
-  data.tar.gz: 6584391dac6990ab4adeedc04491a1a9dec7f7ced21e8adc0da65e7c7fcea2bb242ac56e194e8b6572039a9917b9c7b78601899e822b101ba89f294fbb3a7d34
+  metadata.gz: 1b03304634769b69d8549664720619081836366bacb76948e19275751b0f4d2482f0adf14977b82569e4e265b081e590c338f9a2167e78170bab9af0f8c27a68
+  data.tar.gz: b5dfc1690a1e783e67bf350d2d5fb8d66c9aa0eaaa758bdbb7be381cd34a76780de465c9bfc78b539c9712ba3e6b586788f7139edab07aa8fab7ea2d6ae974f9

data/Rakefile

@@ -30,5 +30,5 @@ end
 
 desc "Run the linter against changed files"
 task :lint do
-  sh "bundle exec rubocop --format clang"
+  sh "bundle exec rubocop"
 end

data/lib/gds_api.rb

@@ -1,6 +1,7 @@
 require "addressable"
 require "plek"
 require "time"
+require "gds_api/account_api"
 require "gds_api/asset_manager"
 require "gds_api/calendars"
 require "gds_api/content_store"
@@ -21,6 +22,19 @@ require "gds_api/worldwide"
 
 # @api documented
 module GdsApi
+  # Creates a GdsApi::AccountApi adapter
+  #
+  # This will set a bearer token if a ACCOUNT_API_BEARER_TOKEN environment
+  # variable is set
+  #
+  # @return [GdsApi::AccountApi]
+  def self.account_api(options = {})
+    GdsApi::AccountApi.new(
+      Plek.find("account-api"),
+      { bearer_token: ENV["ACCOUNT_API_BEARER_TOKEN"] }.merge(options),
+    )
+  end
+
   # Creates a GdsApi::AssetManager adapter
   #
   # This will set a bearer token if a ASSET_MANAGER_BEARER_TOKEN environment

data/lib/gds_api/account_api.rb

@@ -0,0 +1,157 @@
+require_relative "base"
+require_relative "exceptions"
+
+# Adapter for the Account API
+#
+# @see https://github.com/alphagov/account-api
+# @api documented
+class GdsApi::AccountApi < GdsApi::Base
+  AUTH_HEADER_NAME = "GOVUK-Account-Session".freeze
+
+  # Get an OAuth sign-in URL to redirect the user to
+  #
+  # @param [String, nil] redirect_path path on GOV.UK to send the user to after authentication
+  # @param [String, nil] state_id identifier originally returned by #create_registration_state
+  # @param [String, nil] level_of_authentication either "level1" (require MFA) or "level0" (do not require MFA)
+  #
+  # @return [Hash] An authentication URL and the OAuth state parameter (for CSRF protection)
+  def get_sign_in_url(redirect_path: nil, state_id: nil, level_of_authentication: nil)
+    querystring = nested_query_string(
+      {
+        redirect_path: redirect_path,
+        state_id: state_id,
+        level_of_authentication: level_of_authentication,
+      }.compact,
+    )
+    get_json("#{endpoint}/api/oauth2/sign-in?#{querystring}")
+  end
+
+  # Validate an OAuth authentication response
+  #
+  # @param [String] code The OAuth code parameter, from the auth server.
+  # @param [String] state The OAuth state parameter, from the auth server.
+  #
+  # @return [Hash] The value for the govuk_account_session header, the path to redirect the user to, and the GA client ID (if there is one)
+  def validate_auth_response(code:, state:)
+    post_json("#{endpoint}/api/oauth2/callback", code: code, state: state)
+  end
+
+  # Register some initial state, to pass to get_sign_in_url, which is used to initialise the account if the user signs up
+  #
+  # @param [Hash, nil] attributes Initial attributes to store
+  #
+  # @return [Hash] The state ID to pass to get_sign_in_url
+  def create_registration_state(attributes:)
+    post_json("#{endpoint}/api/oauth2/state", attributes: attributes)
+  end
+
+  # Get all the information about a user needed to render the account home page
+  #
+  # @param [String] govuk_account_session Value of the session header
+  #
+  # @return [Hash] Information about the user and the services they've used, and a new session header
+  def get_user(govuk_account_session:)
+    get_json("#{endpoint}/api/user", auth_headers(govuk_account_session))
+  end
+
+  # Check if a user has an email subscription for the Transition Checker
+  #
+  # @param [String] govuk_account_session Value of the session header
+  #
+  # @return [Hash] Whether the user has a subscription, and a new session header
+  def check_for_email_subscription(govuk_account_session:)
+    get_json("#{endpoint}/api/transition-checker-email-subscription", auth_headers(govuk_account_session))
+  end
+
+  # Create or update a user's email subscription for the Transition Checker
+  #
+  # @param [String] govuk_account_session Value of the session header
+  # @param [String] slug The email topic slug
+  #
+  # @return [Hash] Whether the user has a subscription, and a new session header
+  def set_email_subscription(govuk_account_session:, slug:)
+    post_json("#{endpoint}/api/transition-checker-email-subscription", { slug: slug }, auth_headers(govuk_account_session))
+  end
+
+  # Look up the values of a user's attributes
+  #
+  # @param [String] attributes Names of the attributes to check
+  # @param [String] govuk_account_session Value of the session header
+  #
+  # @return [Hash] The attribute values (if present), and a new session header
+  def get_attributes(attributes:, govuk_account_session:)
+    querystring = nested_query_string({ attributes: attributes }.compact)
+    get_json("#{endpoint}/api/attributes?#{querystring}", auth_headers(govuk_account_session))
+  end
+
+  # Create or update attributes for a user
+  #
+  # @param [String] attributes Hash of new attribute values
+  # @param [String] govuk_account_session Value of the session header
+  #
+  # @return [Hash] A new session header
+  def set_attributes(attributes:, govuk_account_session:)
+    patch_json("#{endpoint}/api/attributes", { attributes: attributes }, auth_headers(govuk_account_session))
+  end
+
+  # Look up the names of a user's attributes
+  #
+  # @param [String] attributes Names of the attributes to check
+  # @param [String] govuk_account_session Value of the session header
+  #
+  # @return [Hash] The attribute names (if present), and a new session header
+  def get_attributes_names(attributes:, govuk_account_session:)
+    querystring = nested_query_string({ attributes: attributes }.compact)
+    get_json("#{endpoint}/api/attributes/names?#{querystring}", auth_headers(govuk_account_session))
+  end
+
+  # Look up all pages saved by a user in their Account
+  #
+  # @param [String] govuk_account_session Value of the session header
+  #
+  # @return [Hash] containing :saved_pages, an array of single saved page hashes  def get_saved_pages(govuk_account_session:)
+  def get_saved_pages(govuk_account_session:)
+    get_json("#{endpoint}/api/saved_pages", auth_headers(govuk_account_session))
+  end
+
+  # Return a single page by unique URL
+  #
+  # @param [String] the path of a page to check
+  # @param [String] govuk_account_session Value of the session header
+  #
+  # @return [Hash] containing :saved_page, a hash of a single saved page value
+  def get_saved_page(page_path:, govuk_account_session:)
+    get_json("#{endpoint}/api/saved_pages/#{CGI.escape(page_path)}", auth_headers(govuk_account_session))
+  end
+
+  # Upsert a single saved page entry in a users account
+  #
+  # @param [String] the path of a page to check
+  # @param [String] govuk_account_session Value of the session header
+  #
+  # @return [Hash] A single saved page value (if sucessful)
+  def save_page(page_path:, govuk_account_session:)
+    put_json("#{endpoint}/api/saved_pages/#{CGI.escape(page_path)}", {}, auth_headers(govuk_account_session))
+  end
+
+  # Delete a single saved page entry from a users account
+  #
+  # @param [String] the path of a page to check
+  # @param [String] govuk_account_session Value of the session header
+  #
+  # @return [GdsApi::Response] A status code of 204 indicates the saved page has been successfully deleted.
+  #                            A status code of 404 indicates there is no saved page with this path.
+  def delete_saved_page(page_path:, govuk_account_session:)
+    delete_json("#{endpoint}/api/saved_pages/#{CGI.escape(page_path)}", {}, auth_headers(govuk_account_session))
+  end
+
+private
+
+  def nested_query_string(params)
+    Rack::Utils.build_nested_query(params)
+  end
+
+  def auth_headers(govuk_account_session)
+    { AUTH_HEADER_NAME => govuk_account_session }
+  end
+end

data/lib/gds_api/base.rb

@@ -71,7 +71,7 @@ private
       case value
       when Array
         value.map do |v|
-          "#{CGI.escape(key.to_s + '[]')}=#{CGI.escape(v.to_s)}"
+          "#{CGI.escape("#{key}[]")}=#{CGI.escape(v.to_s)}"
         end
       else
         "#{CGI.escape(key.to_s)}=#{CGI.escape(value.to_s)}"

data/lib/gds_api/content_store.rb

@@ -93,7 +93,7 @@ private
     def prefix_destination(redirect, path, query)
       uri = URI.parse(redirect["destination"])
       start_char = redirect["path"].length
-      suffix = path[start_char..-1]
+      suffix = path[start_char..]
 
       if uri.path == "" && suffix[0] != "/"
         uri.path = "/#{suffix}"

data/lib/gds_api/exceptions.rb

@@ -14,49 +14,66 @@ module GdsApi
   end
 
   class EndpointNotFound < BaseError; end
+
   class TimedOutException < BaseError; end
+
   class InvalidUrl < BaseError; end
+
   class SocketErrorException < BaseError; end
 
   # Superclass for all 4XX and 5XX errors
   class HTTPErrorResponse < BaseError
-    attr_accessor :code, :error_details
+    attr_accessor :code, :error_details, :http_body
 
-    def initialize(code, message = nil, error_details = nil)
+    def initialize(code, message = nil, error_details = nil, http_body = nil)
       super(message)
       @code = code
       @error_details = error_details
+      @http_body = http_body
     end
   end
 
   # Superclass & fallback for all 4XX errors
   class HTTPClientError < HTTPErrorResponse; end
+
   class HTTPIntermittentClientError < HTTPClientError; end
 
   class HTTPNotFound < HTTPClientError; end
+
   class HTTPGone < HTTPClientError; end
+
   class HTTPPayloadTooLarge < HTTPClientError; end
+
   class HTTPUnauthorized < HTTPClientError; end
+
   class HTTPForbidden < HTTPClientError; end
+
   class HTTPConflict < HTTPClientError; end
+
   class HTTPUnprocessableEntity < HTTPClientError; end
+
   class HTTPBadRequest < HTTPClientError; end
+
   class HTTPTooManyRequests < HTTPIntermittentClientError; end
 
   # Superclass & fallback for all 5XX errors
   class HTTPServerError < HTTPErrorResponse; end
+
   class HTTPIntermittentServerError < HTTPServerError; end
 
   class HTTPInternalServerError < HTTPServerError; end
+
   class HTTPBadGateway < HTTPIntermittentServerError; end
+
   class HTTPUnavailable < HTTPIntermittentServerError; end
+
   class HTTPGatewayTimeout < HTTPIntermittentServerError; end
 
   module ExceptionHandling
     def build_specific_http_error(error, url, details = nil)
       message = "URL: #{url}\nResponse body:\n#{error.http_body}"
       code = error.http_code
-      error_class_for_code(code).new(code, message, details)
+      error_class_for_code(code).new(code, message, details, error.http_body)
     end
 
     def error_class_for_code(code)

data/lib/gds_api/json_client.rb

@@ -101,10 +101,10 @@ module GdsApi
       rescue RestClient::Exception => e
         # Attempt to parse the body as JSON if possible
         error_details = begin
-                          e.http_body ? JSON.parse(e.http_body) : nil
-                        rescue JSON::ParserError
-                          nil
-                        end
+          e.http_body ? JSON.parse(e.http_body) : nil
+        rescue JSON::ParserError
+          nil
+        end
         raise build_specific_http_error(e, url, error_details)
       end
 
@@ -180,10 +180,10 @@ module GdsApi
       raise GdsApi::EndpointNotFound, "Could not connect to #{url}"
     rescue RestClient::Exceptions::Timeout => e
       logger.error loggable.merge(status: "timeout", error_message: e.message, error_class: e.class.name, end_time: Time.now.to_f).to_json
-      raise GdsApi::TimedOutException
+      raise GdsApi::TimedOutException, e.message
     rescue URI::InvalidURIError => e
       logger.error loggable.merge(status: "invalid_uri", error_message: e.message, error_class: e.class.name, end_time: Time.now.to_f).to_json
-      raise GdsApi::InvalidUrl
+      raise GdsApi::InvalidUrl, e.message
     rescue RestClient::Exception => e
       # Log the error here, since we have access to loggable, but raise the
       # exception up to the calling method to deal with
@@ -192,10 +192,10 @@ module GdsApi
       raise
     rescue Errno::ECONNRESET => e
       logger.error loggable.merge(status: "connection_reset", error_message: e.message, error_class: e.class.name, end_time: Time.now.to_f).to_json
-      raise GdsApi::TimedOutException
+      raise GdsApi::TimedOutException, e.message
     rescue SocketError => e
       logger.error loggable.merge(status: "socket_error", error_message: e.message, error_class: e.class.name, end_time: Time.now.to_f).to_json
-      raise GdsApi::SocketErrorException
+      raise GdsApi::SocketErrorException, e.message
     end
   end
 end

data/lib/gds_api/link_checker_api.rb

@@ -89,37 +89,6 @@ class GdsApi::LinkCheckerApi < GdsApi::Base
     )
   end
 
-  # Update or create a set of links to be monitored for a resource.
-  #
-  # Makes a +POST+ request to the link checker api to create a resource monitor.
-  #
-  # @param links [Array] A list of URIs to monitor.
-  # @param reference [String] A unique id for the resource being monitored
-  # @param app [String] The name of the service the call originated e.g. 'whitehall'
-  # @return [MonitorReport] A +SimpleDelegator+ of the +GdsApi::Response+ which
-  #   responds to:
-  #     :id            the ID of the created resource monitor
-  #
-  # @raise [HTTPErrorResponse] if the request returns an error
-
-  def upsert_resource_monitor(links, app, reference)
-    payload = {
-      links: links,
-      app: app,
-      reference: reference,
-    }
-
-    response = post_json("#{endpoint}/monitor", payload)
-
-    MonitorReport.new(response.to_hash)
-  end
-
-  class MonitorReport < SimpleDelegator
-    def id
-      self["id"]
-    end
-  end
-
   class LinkReport < SimpleDelegator
     def uri
       self["uri"]

data/lib/gds_api/response.rb

@@ -24,6 +24,7 @@ module GdsApi
       PATTERN = /([-a-z]+)(?:\s*=\s*([^,\s]+))?,?+/i.freeze
 
       def initialize(value = nil)
+        super()
         parse(value)
       end
 

data/lib/gds_api/search.rb

@@ -67,7 +67,7 @@ module GdsApi
     #
     # @param args [Hash] A valid search query. See search-api documentation for options.
     #
-    # @see https://github.com/alphagov/search-api/blob/master/doc/search-api.md
+    # @see https://github.com/alphagov/search-api/blob/master/docs/search-api.md
     def search(args, additional_headers = {})
       request_url = "#{base_url}/search.json?#{Rack::Utils.build_nested_query(args)}"
       get_json(request_url, additional_headers)
@@ -77,7 +77,7 @@ module GdsApi
     #
     # @param searches [Array] An array valid search queries. Maximum of 6. See search-api documentation for options.
     #
-    # # @see https://github.com/alphagov/search-api/blob/master/doc/search-api.md
+    # # @see https://github.com/alphagov/search-api/blob/master/docs/search-api.md
     def batch_search(searches, additional_headers = {})
       url_friendly_searches = searches.each_with_index.map do |search, index|
         { index => search }
@@ -95,7 +95,7 @@ module GdsApi
     # @param args [Hash] A valid search query. See search-api documentation for options.
     # @param page_size [Integer] Number of results in each page.
     #
-    # @see https://github.com/alphagov/search-api/blob/master/doc/search-api.md
+    # @see https://github.com/alphagov/search-api/blob/master/docs/search-api.md
     def search_enum(args, page_size: 100, additional_headers: {})
       Enumerator.new do |yielder|
         (0..Float::INFINITY).step(page_size).each do |index|
@@ -120,7 +120,7 @@ module GdsApi
     #   GOV.UK - we only allow deletion from metasearch
     # @return [GdsApi::Response] A status code of 202 indicates the document has been successfully queued.
     #
-    # @see https://github.com/alphagov/search-api/blob/master/doc/documents.md
+    # @see https://github.com/alphagov/search-api/blob/master/docs/documents.md
     def add_document(*args)
       @api.add_document(*args)
     end
@@ -132,7 +132,7 @@ module GdsApi
     # and contacts, which may be deleted with `delete_document`.
     #
     # @param base_path Base path of the page on GOV.UK.
-    # @see https://github.com/alphagov/search-api/blob/master/doc/content-api.md
+    # @see https://github.com/alphagov/search-api/blob/master/docs/content-api.md
     def delete_content(base_path)
       request_url = "#{base_url}/content?link=#{base_path}"
       delete_json(request_url)
@@ -145,7 +145,7 @@ module GdsApi
     # and contacts.
     #
     # @param base_path [String] Base path of the page on GOV.UK.
-    # @see https://github.com/alphagov/search-api/blob/master/doc/content-api.md
+    # @see https://github.com/alphagov/search-api/blob/master/docs/content-api.md
     def get_content(base_path)
       request_url = "#{base_url}/content?link=#{base_path}"
       get_json(request_url)

data/lib/gds_api/test_helpers/account_api.rb

@@ -0,0 +1,380 @@
+require "json"
+
+module GdsApi
+  module TestHelpers
+    module AccountApi
+      ACCOUNT_API_ENDPOINT = Plek.find("account-api")
+
+      def stub_account_api_get_sign_in_url(redirect_path: nil, state_id: nil, level_of_authentication: nil, auth_uri: "http://auth/provider", state: "state")
+        querystring = Rack::Utils.build_nested_query({ redirect_path: redirect_path, state_id: state_id, level_of_authentication: level_of_authentication }.compact)
+        stub_request(:get, "#{ACCOUNT_API_ENDPOINT}/api/oauth2/sign-in?#{querystring}")
+          .to_return(
+            status: 200,
+            body: { auth_uri: auth_uri, state: state }.to_json,
+          )
+      end
+
+      def stub_account_api_validates_auth_response(code: nil, state: nil, govuk_account_session: "govuk-account-session", redirect_path: "/", ga_client_id: "ga-client-id")
+        stub_request(:post, "#{ACCOUNT_API_ENDPOINT}/api/oauth2/callback")
+          .with(body: hash_including({ code: code, state: state }.compact))
+          .to_return(
+            status: 200,
+            body: { govuk_account_session: govuk_account_session, redirect_path: redirect_path, ga_client_id: ga_client_id }.to_json,
+          )
+      end
+
+      def stub_account_api_rejects_auth_response(code: nil, state: nil)
+        stub_request(:post, "#{ACCOUNT_API_ENDPOINT}/api/oauth2/callback")
+          .with(body: hash_including({ code: code, state: state }.compact))
+          .to_return(status: 401)
+      end
+
+      def stub_account_api_create_registration_state(attributes: nil, state_id: "state-id")
+        stub_request(:post, "#{ACCOUNT_API_ENDPOINT}/api/oauth2/state")
+          .with(body: hash_including({ attributes: attributes }.compact))
+          .to_return(
+            status: 200,
+            body: { state_id: state_id }.to_json,
+          )
+      end
+
+      def stub_account_api_user_info(level_of_authentication: "level0", email: "email@example.com", email_verified: true, services: {}, **options)
+        stub_account_api_request(
+          :get,
+          "/api/user",
+          response_body: {
+            level_of_authentication: level_of_authentication,
+            email: email,
+            email_verified: email_verified,
+            services: services,
+          },
+          **options,
+        )
+      end
+
+      def stub_account_api_user_info_service_state(service:, service_state: "yes", **options)
+        stub_account_api_user_info(
+          **options.merge(
+            services: options.fetch(:services, {}).merge(service => service_state),
+          ),
+        )
+      end
+
+      def stub_account_api_unauthorized_user_info(**options)
+        stub_account_api_request(
+          :get,
+          "/api/user",
+          response_status: 401,
+          **options,
+        )
+      end
+
+      def stub_account_api_has_email_subscription(**options)
+        stub_account_api_request(
+          :get,
+          "/api/transition-checker-email-subscription",
+          response_body: { has_subscription: true },
+          **options,
+        )
+      end
+
+      def stub_account_api_does_not_have_email_subscription(**options)
+        stub_account_api_request(
+          :get,
+          "/api/transition-checker-email-subscription",
+          response_body: { has_subscription: false },
+          **options,
+        )
+      end
+
+      def stub_account_api_unauthorized_get_email_subscription(**options)
+        stub_account_api_request(
+          :get,
+          "/api/transition-checker-email-subscription",
+          response_status: 401,
+          **options,
+        )
+      end
+
+      def stub_account_api_forbidden_get_email_subscription(needed_level_of_authentication: "level1", **options)
+        stub_account_api_request(
+          :get,
+          "/api/transition-checker-email-subscription",
+          response_status: 403,
+          response_body: { needed_level_of_authentication: needed_level_of_authentication },
+          **options,
+        )
+      end
+
+      def stub_account_api_set_email_subscription(slug: nil, **options)
+        stub_account_api_request(
+          :post,
+          "/api/transition-checker-email-subscription",
+          with: { body: hash_including({ slug: slug }.compact) },
+          **options,
+        )
+      end
+
+      def stub_account_api_unauthorized_set_email_subscription(slug: nil, **options)
+        stub_account_api_request(
+          :post,
+          "/api/transition-checker-email-subscription",
+          with: { body: hash_including({ slug: slug }.compact) },
+          response_status: 401,
+          **options,
+        )
+      end
+
+      def stub_account_api_forbidden_set_email_subscription(slug: nil, needed_level_of_authentication: "level1", **options)
+        stub_account_api_request(
+          :post,
+          "/api/transition-checker-email-subscription",
+          with: { body: hash_including({ slug: slug }.compact) },
+          response_status: 403,
+          response_body: { needed_level_of_authentication: needed_level_of_authentication },
+          **options,
+        )
+      end
+
+      def stub_account_api_has_attributes(attributes: [], values: {}, **options)
+        querystring = Rack::Utils.build_nested_query({ attributes: attributes }.compact)
+        stub_account_api_request(
+          :get,
+          "/api/attributes?#{querystring}",
+          response_body: { values: values },
+          **options,
+        )
+      end
+
+      def stub_account_api_unauthorized_has_attributes(attributes: [], **options)
+        querystring = Rack::Utils.build_nested_query({ attributes: attributes }.compact)
+        stub_account_api_request(
+          :get,
+          "/api/attributes?#{querystring}",
+          response_status: 401,
+          **options,
+        )
+      end
+
+      def stub_account_api_forbidden_has_attributes(attributes: [], needed_level_of_authentication: "level1", **options)
+        querystring = Rack::Utils.build_nested_query({ attributes: attributes }.compact)
+        stub_account_api_request(
+          :get,
+          "/api/attributes?#{querystring}",
+          response_status: 403,
+          response_body: { needed_level_of_authentication: needed_level_of_authentication },
+          **options,
+        )
+      end
+
+      def stub_account_api_set_attributes(attributes: nil, **options)
+        stub_account_api_request(
+          :patch,
+          "/api/attributes",
+          with: { body: hash_including({ attributes: attributes }.compact) },
+          **options,
+        )
+      end
+
+      def stub_account_api_unauthorized_set_attributes(attributes: nil, **options)
+        stub_account_api_request(
+          :patch,
+          "/api/attributes",
+          with: { body: hash_including({ attributes: attributes }.compact) },
+          response_status: 401,
+          **options,
+        )
+      end
+
+      def stub_account_api_forbidden_set_attributes(attributes: nil, needed_level_of_authentication: "level1", **options)
+        stub_account_api_request(
+          :patch,
+          "/api/attributes",
+          with: { body: hash_including({ attributes: attributes }.compact) },
+          response_status: 403,
+          response_body: { needed_level_of_authentication: needed_level_of_authentication },
+          **options,
+        )
+      end
+
+      def stub_account_api_get_attributes_names(attributes: [], **options)
+        querystring = Rack::Utils.build_nested_query({ attributes: attributes }.compact)
+        stub_account_api_request(
+          :get,
+          "/api/attributes/names?#{querystring}",
+          response_body: { values: attributes },
+          **options,
+        )
+      end
+
+      def stub_account_api_unauthorized_get_attributes_names(attributes: [], **options)
+        querystring = Rack::Utils.build_nested_query({ attributes: attributes }.compact)
+        stub_account_api_request(
+          :get,
+          "/api/attributes/names?#{querystring}",
+          response_status: 401,
+          **options,
+        )
+      end
+
+      def stub_account_api_forbidden_get_attributes_names(attributes: [], needed_level_of_authentication: "level1", **options)
+        querystring = Rack::Utils.build_nested_query({ attributes: attributes }.compact)
+        stub_account_api_request(
+          :get,
+          "/api/attributes/names?#{querystring}",
+          response_status: 403,
+          response_body: { needed_level_of_authentication: needed_level_of_authentication },
+          **options,
+        )
+      end
+
+      def stub_account_api_request(method, path, with: {}, response_status: 200, response_body: {}, govuk_account_session: nil, new_govuk_account_session: nil)
+        with.merge!(headers: { GdsApi::AccountApi::AUTH_HEADER_NAME => govuk_account_session }) if govuk_account_session
+        new_govuk_account_session = nil if response_status >= 400
+        to_return = { status: response_status, body: response_body.merge(govuk_account_session: new_govuk_account_session).compact.to_json }
+        if with.empty?
+          stub_request(method, "#{ACCOUNT_API_ENDPOINT}#{path}").to_return(**to_return)
+        else
+          stub_request(method, "#{ACCOUNT_API_ENDPOINT}#{path}").with(**with).to_return(**to_return)
+        end
+      end
+
+      ######################
+      # GET /api/saved_pages
+      ######################
+      def stub_account_api_returning_saved_pages(saved_pages: [], **options)
+        stub_account_api_request(
+          :get,
+          "/api/saved_pages",
+          response_body: { saved_pages: saved_pages },
+          **options,
+        )
+      end
+
+      def stub_account_api_unauthorized_get_saved_pages(**options)
+        stub_account_api_request(
+          :get,
+          "/api/saved_pages",
+          response_status: 401,
+          **options,
+        )
+      end
+
+      #################################
+      # GET /api/saved_pages/:page_path
+      #################################
+      def stub_account_api_get_saved_page(page_path:, content_id: "46163ed2-1777-4ee6-bdd4-6a2007e49d8f", title: "Ministry of Magic", **options)
+        stub_account_api_request(
+          :get,
+          "/api/saved_pages/#{CGI.escape(page_path)}",
+          response_body: {
+            saved_page: {
+              page_path: page_path,
+              content_id: content_id,
+              title: title,
+            },
+          },
+          **options,
+        )
+      end
+
+      def stub_account_api_does_not_have_saved_page(page_path:, **options)
+        stub_account_api_request(
+          :get,
+          "/api/saved_pages/#{CGI.escape(page_path)}",
+          response_status: 404,
+          **options,
+        )
+      end
+
+      def stub_account_api_unauthorized_get_saved_page(page_path:, **options)
+        stub_account_api_request(
+          :get,
+          "/api/saved_pages/#{CGI.escape(page_path)}",
+          response_status: 401,
+          **options,
+        )
+      end
+
+      #################################
+      # PUT /api/saved_pages/:page_path
+      #################################
+      def stub_account_api_save_page(page_path:, content_id: "c840bfa2-011a-42cc-ac7a-a6da990aff0b", title: "Ministry of Magic", **options)
+        stub_account_api_request(
+          :put,
+          "/api/saved_pages/#{CGI.escape(page_path)}",
+          response_body: {
+            saved_page: {
+              page_path: page_path,
+              content_id: content_id,
+              title: title,
+            },
+          },
+          **options,
+        )
+      end
+
+      def stub_account_api_save_page_already_exists(page_path:, **options)
+        stub_account_api_save_page(page_path: page_path, **options)
+      end
+
+      def stub_account_api_save_page_cannot_save_page(page_path:, **options)
+        stub_account_api_request(
+          :put,
+          "/api/saved_pages/#{CGI.escape(page_path)}",
+          response_status: 422,
+          response_body: cannot_save_page_problem_detail({ page_path: page_path }),
+          **options,
+        )
+      end
+
+      def stub_account_api_unauthorized_save_page(page_path:, **options)
+        stub_account_api_request(
+          :put,
+          "/api/saved_pages/#{CGI.escape(page_path)}",
+          response_status: 401,
+          **options,
+        )
+      end
+
+      def cannot_save_page_problem_detail(option = {})
+        {
+          title: "Cannot save page",
+          detail: "Cannot save page with path #{option['page_path']}, check it is not blank, and is a well formatted url path.",
+          type: "https://github.com/alphagov/account-api/blob/main/docs/api.md#cannot-save-page",
+          **option,
+        }
+      end
+
+      ####################################
+      # DELETE /api/saved-pages/:page_path
+      ####################################
+      def stub_account_api_delete_saved_page(page_path:, **options)
+        stub_account_api_request(
+          :delete,
+          "/api/saved_pages/#{CGI.escape(page_path)}",
+          response_status: 204,
+          **options,
+        )
+      end
+
+      def stub_account_api_delete_saved_page_does_not_exist(page_path:, **options)
+        stub_account_api_request(
+          :delete,
+          "/api/saved_pages/#{CGI.escape(page_path)}",
+          response_status: 404,
+          **options,
+        )
+      end
+
+      def stub_account_api_delete_saved_page_unauthorised(page_path:, **options)
+        stub_account_api_request(
+          :delete,
+          "/api/saved_pages/#{CGI.escape(page_path)}",
+          response_status: 401,
+          **options,
+        )
+      end
+    end
+  end
+end