valvat 1.4.4 → 2.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e8469dde623b4fba82a31eeb1e18b71d6def4524028246af63ac9818d298529b
-  data.tar.gz: '07599d80cff37cfce5f52ae2652241c299e8e09f6ef8c16082fa8b09ca69cd8b'
+  metadata.gz: 07de71a83be21df648e4865c840e533ef9e4c1a88ba874cb8840737226df37b9
+  data.tar.gz: 29580e05eeb6e02ad91ea9854bb3c5e6df74092e2381732da98d77ea4912cc25
 SHA512:
-  metadata.gz: fc3dd4cf4b265689807e50602dbb9b3d72f16db6c10ad644a84468d077aba1eed2c6dc95930a6ec48983232231ea4704a53679fe2f780eeb98184379ee304009
-  data.tar.gz: 35d0b10616341c4174d766f6f18ba40f432789fb0f83601e72e7dad7b8527c51c60e88cf851f50c25bad5c346b05ab5b0f9a82853226ebb514f0654d8ddf01bf
+  metadata.gz: 822844919a568bad7b2e576f101d123347455efc8b0fa5813edebf612e3160385923e016285d19cffe9d98fc6e6bd22620b2c8be245ef77cb98bf9810365bad3
+  data.tar.gz: 8b54c2f90276b904358187037d239798f8d0f404ed62cb75c74cfb6b28f8a49d91797912990510c9d232d08b7cd4929ea2f81a5d59de53f9596cb4284bed8e8b

data/lib/valvat/configuration.rb

@@ -7,7 +7,7 @@ class Valvat
   # Configuration options should be set by passing a hash:
   #
   #   Valvat.configure(
-  #     uk: true
+  #     uk: { client_id: '<client_id>', client_secret: '<client_secret>' }
   #   )
   #
   def self.configure(options)
@@ -42,7 +42,15 @@ class Valvat
 
       # Use lookup via HMRC for VAT numbers from the UK
       # if set to false lookup will always return false for UK VAT numbers
-      uk: false
+      # HMRC options:
+      # :client_id and :client_secret     API credentials for OAuth 2.0 Authentication
+      # :sandbox                          Use sandboxed instead of production API (defaults to false)
+      # See more details https://developer.service.hmrc.gov.uk/api-documentation/docs/development-practices
+      #
+      uk: false,
+
+      # Rate limit for Lookup and HMRC authentication requests
+      rate_limit: 5
     }.freeze
 
     def self.initialize
@@ -53,8 +61,12 @@ class Valvat
       @data[key]
     end
 
+    def dig(*keys)
+      @data.dig(*keys)
+    end
+
     def configure(options)
-      @data = @data.merge(Utils.deep_symbolize_keys(options))
+      @data = Utils.deep_merge(@data, Utils.deep_symbolize_keys(options))
     end
 
     def initialize

data/lib/valvat/error.rb

@@ -31,4 +31,6 @@ class Valvat
   UnknownLookupError = Class.new(LookupError)
 
   HTTPError = Class.new(LookupError)
+
+  AuthorizationError = Class.new(LookupError)
 end

data/lib/valvat/hmrc/access_token.rb

@@ -0,0 +1,102 @@
+# frozen_string_literal: true
+
+require 'net/http'
+require 'json'
+
+class Valvat
+  module HMRC
+    class AccessToken
+      Error = Class.new(StandardError)
+
+      PRODUCTION_ENDPOINT_URL = 'https://api.service.hmrc.gov.uk/oauth/token'
+      SANDBOX_ENDPOINT_URL = 'https://test-api.service.hmrc.gov.uk/oauth/token'
+      SCOPE = 'read:vat'
+      GRANT_TYPE = 'client_credentials'
+
+      def initialize(options = {})
+        uk_options = options[:uk].is_a?(Hash) ? options[:uk] : {}
+
+        @client_id = uk_options[:client_id].to_s
+        @client_secret = uk_options[:client_secret].to_s
+        @rate_limit = options[:rate_limit]
+        @endpoint_uri = URI(uk_options[:sandbox] ? SANDBOX_ENDPOINT_URL : PRODUCTION_ENDPOINT_URL)
+      end
+
+      def self.fetch(options = {})
+        new(options).fetch
+      end
+
+      def fetch(uri = @endpoint_uri, request_count = 0)
+        raise_if_invalid!
+
+        request = build_request(uri)
+        response = build_https.request(request)
+        handle_response!(response, request_count)
+      rescue Errno::ECONNRESET, IOError
+        raise if request_count > @rate_limit
+
+        fetch(uri, request_count + 1)
+      end
+
+      private
+
+      def raise_if_invalid!
+        raise Error, 'Client ID is missing' if @client_id.empty?
+        raise Error, 'Client secret is missing' if @client_secret.empty?
+      end
+
+      def build_request(uri)
+        request = Net::HTTP::Post.new(uri)
+        request['Content-Type'] = 'application/x-www-form-urlencoded'
+        request.body = build_body
+        request
+      end
+
+      def build_body
+        URI.encode_www_form(
+          scope: SCOPE,
+          grant_type: GRANT_TYPE,
+          client_id: @client_id,
+          client_secret: @client_secret
+        )
+      end
+
+      def build_https
+        https = Net::HTTP.new(@endpoint_uri.host, @endpoint_uri.port)
+        https.use_ssl = true
+        https
+      end
+
+      def parse_response!(response)
+        JSON.parse(response.read_body)
+      end
+
+      def parse_response_location(response)
+        URI.parse(response['Location'])
+      end
+
+      # See https://developer.service.hmrc.gov.uk/api-documentation/docs/authorisation/application-restricted-endpoints
+      def handle_response!(response, request_count)
+        if response.is_a?(Net::HTTPRedirection) && request_count < @rate_limit
+          fetch(parse_response_location(response), request_count + 1)
+        elsif response.code == '200'
+          # {"access_token":"<access_token>","token_type":"bearer","expires_in":14400,"scope":"read:vat"}
+          parse_response!(response)['access_token']
+        else
+          raise Error, "Failed to fetch access token: #{handle_response_error(response, request_count)}"
+        end
+      end
+
+      def handle_response_error(response, request_count)
+        if response.code.match?(/4\d\d/)
+          # For 4xx codes: {"error":"invalid_client","error_description":"invalid client id or secret"}
+          parse_response!(response)['error_description']
+        elsif request_count >= @rate_limit
+          'rate limit exceeded'
+        else
+          response.read_body
+        end
+      end
+    end
+  end
+end

data/lib/valvat/locales/it.yml

@@ -2,6 +2,7 @@ it:
   errors:
     messages:
       invalid_vat: IVA non valido per %{country_adjective}
+      vies_down: "Impossibile convalidare la tua partita IVA: Il servizio VIES non è disponibile, riprova più tardi."
   valvat:
     country_adjectives:
       eu: Europa

data/lib/valvat/lookup/base.rb

@@ -10,6 +10,7 @@ class Valvat
         @vat = Valvat(vat)
         @options = Valvat::Options(options)
         @requester = @options[:requester] && Valvat(@options[:requester])
+        @rate_limit = @options[:rate_limit]
       end
 
       def perform
@@ -40,13 +41,13 @@ class Valvat
       def fetch(uri, limit = 0)
         response = send_request(uri)
 
-        if response == Net::HTTPRedirection && limit < 5
+        if response == Net::HTTPRedirection && limit < @rate_limit
           fetch(URI.parse(response['Location']), limit + 1)
         else
           response
         end
       rescue Errno::ECONNRESET, IOError
-        raise if limit > 5
+        raise if limit > @rate_limit
 
         fetch(uri, limit + 1)
       end

data/lib/valvat/lookup/hmrc.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require_relative 'base'
+require_relative '../hmrc/access_token'
 require 'net/http'
 require 'json'
 require 'time'
@@ -8,16 +9,19 @@ require 'time'
 class Valvat
   class Lookup
     class HMRC < Base
-      ENDPOINT_URL = 'https://api.service.hmrc.gov.uk/organisations/vat/check-vat-number/lookup'
+      PRODUCTION_ENDPOINT_URL = 'https://api.service.hmrc.gov.uk/organisations/vat/check-vat-number/lookup'
+      SANDBOX_ENDPOINT_URL = 'https://test-api.service.hmrc.gov.uk/organisations/vat/check-vat-number/lookup'
       HEADERS = {
         # https://developer.service.hmrc.gov.uk/api-documentation/docs/reference-guide#versioning
-        'Accept' => 'application/vnd.hmrc.1.0+json'
+        'Accept' => 'application/vnd.hmrc.2.0+json'
       }.freeze
 
       def perform
-        return { valid: false } unless @options[:uk]
+        return { valid: false } unless @options[:uk].is_a?(Hash)
 
         parse(fetch(endpoint_uri).body)
+      rescue Valvat::HMRC::AccessToken::Error => e
+        { error: e }
       end
 
       private
@@ -25,11 +29,12 @@ class Valvat
       def endpoint_uri
         endpoint = "/#{@vat.to_s_wo_country}"
         endpoint += "/#{@requester.to_s_wo_country}" if @requester
-        URI.parse(ENDPOINT_URL + endpoint)
+        endpoint_url = @options.dig(:uk, :sandbox) ? SANDBOX_ENDPOINT_URL : PRODUCTION_ENDPOINT_URL
+        URI.parse(endpoint_url + endpoint)
       end
 
       def build_request(uri)
-        Net::HTTP::Get.new(uri.request_uri, HEADERS)
+        Net::HTTP::Get.new(uri.request_uri, build_headers!)
       end
 
       def parse(body)
@@ -72,7 +77,8 @@ class Valvat
         'SCHEDULED_MAINTENANCE' => ServiceUnavailable,
         'SERVER_ERROR' => ServiceUnavailable,
         'INVALID_REQUEST' => InvalidRequester,
-        'GATEWAY_TIMEOUT' => Timeout
+        'GATEWAY_TIMEOUT' => Timeout,
+        'INVALID_CREDENTIALS' => AuthorizationError
       }.freeze
 
       def build_fault(raw)
@@ -82,6 +88,14 @@ class Valvat
         exception = FAULTS[fault] || UnknownLookupError
         { error: exception.new("#{fault}#{raw['message'] ? " (#{raw['message']})" : ''}", self.class) }
       end
+
+      def build_headers!
+        HEADERS.merge('Authorization' => "Bearer #{fetch_access_token!}")
+      end
+
+      def fetch_access_token!
+        @fetch_access_token ||= Valvat::HMRC::AccessToken.fetch(@options)
+      end
     end
   end
 end

data/lib/valvat/options.rb

@@ -18,11 +18,26 @@ class Valvat
           @options[key] ||= @options[deprecated]
         end
       end
+
+      check_uk_key(silence)
     end
 
     def [](key)
       @options.key?(key) ? @options[key] : Valvat.config[key]
     end
+
+    def dig(*keys)
+      @options.dig(*keys).nil? ? Valvat.config.dig(*keys) : @options.dig(*keys)
+    end
+
+    private
+
+    def check_uk_key(silence)
+      return if @options[:uk] != true || silence
+
+      puts 'DEPRECATED: The option :uk is not allowed to be set to `true` anymore. ' \
+           'Instead it needs to be set to your HMRC API authentication credentials.'
+    end
   end
 
   def self.Options(options)

data/lib/valvat/utils.rb

@@ -45,5 +45,10 @@ class Valvat
         val.is_a?(Hash) ? deep_symbolize_keys(val) : val
       end
     end
+
+    def self.deep_merge(original_hash, hash_to_merge)
+      merger = proc { |_key, v1, v2| v1.is_a?(Hash) && v2.is_a?(Hash) ? v1.merge(v2, &merger) : v2 }
+      original_hash.merge(hash_to_merge, &merger)
+    end
   end
 end

data/lib/valvat/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 class Valvat
-  VERSION = '1.4.4'
+  VERSION = '2.0.1'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: valvat
 version: !ruby/object:Gem::Version
-  version: 1.4.4
+  version: 2.0.1
 platform: ruby
 authors:
 - Sebastian Munz
@@ -34,7 +34,7 @@ cert_chain:
   4+Gn3/xNnr5M7CdCGOG96P+gnx508xxiuMas8SvHl0/WB4kFpSGTH3uKzFh9fF+I
   36KG/gudYiTEZqWbjFIh4jJceFclxM/L
   -----END CERTIFICATE-----
-date: 2024-07-11 00:00:00.000000000 Z
+date: 2024-12-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rexml
@@ -42,7 +42,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.2.7
+        version: 3.3.6
     - - "<"
       - !ruby/object:Gem::Version
         version: 4.0.0
@@ -52,7 +52,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.2.7
+        version: 3.3.6
     - - "<"
       - !ruby/object:Gem::Version
         version: 4.0.0
@@ -93,6 +93,7 @@ files:
 - lib/valvat/checksum/si.rb
 - lib/valvat/configuration.rb
 - lib/valvat/error.rb
+- lib/valvat/hmrc/access_token.rb
 - lib/valvat/local.rb
 - lib/valvat/locales/bg.yml
 - lib/valvat/locales/ca.yml