Add auth support for HMRC VAT number lookup API v2

.github/workflows/php.yml

@@ -44,5 +44,7 @@ jobs:
       run: ./vendor/bin/phpunit tests/
       env:
           vatlayer_api_key: ${{ secrets.VATLAYER_API_KEY }}
+          hmrc_client_id: ${{ secrets.HMRC_CLIENT_ID }}
+          hmrc_client_secret: ${{ secrets.HMRC_CLIENT_SECRET }}
           hmrc_use_live_api: false
           geoip_db_path: /tmp/GeoLite2-Country.mmdb

lib/Basket.php

@@ -132,8 +132,39 @@ public function validateVatNumberHandler( $args )
      * @param $args
      */
     private function validateGbVatNumber( $args ){
-
+
+        $clientId = $this->state->config->hmrcVatApiConfig->clientId;
+        $clientSecret = $this->state->config->hmrcVatApiConfig->clientSecret;
+        $oauthTokenUrl = $this->state->config->hmrcVatApiConfig->oauthTokenUrl;
         $vatUrl = $this->state->config->hmrcVatApiConfig->vatUrl;
+
+        // Retrieve OAuth token
+        $optsAr = [
+            'http' => [
+                'method' => 'POST',
+                'ignore_errors' => true, // Needed to get body of non-200 responses
+                'header' => "Content-Type: application/x-www-form-urlencoded",
+                'content' => http_build_query( [
+                    'client_id' => $clientId,
+                    'client_secret' => $clientSecret,
+                    'grant_type' => 'client_credentials'
+                ] )
+            ]
+        ];
+        $context = stream_context_create( $optsAr );
+
+        $tokenResRaw = file_get_contents( $oauthTokenUrl, false, $context );
+        if( $tokenResRaw === false ){
+            $this->log("Unexpected error from HMRC VAT API when attempting to log retrieve OAuth token: Connection failed or no response", LogLevel::ALERT);
+            $this->vatCheckFailedDueToTechnicalError( $args );
+            return;
+        }
+        $tokenRes = json_decode( $tokenResRaw );
+        if( isset( $tokenRes->error) ){
+            $this->log("Unexpected error from HMRC VAT API when attempting to log retrieve OAuth token: {$tokenRes->error} : {$tokenRes->error_description}", LogLevel::ALERT);
+            $this->vatCheckFailedDueToTechnicalError( $args );
+            return;
+        }
 
         // Do VAT check
         $optsAr = [
@@ -142,6 +173,7 @@ private function validateGbVatNumber( $args ){
                 'ignore_errors' => true, // Needed to get body of non-200 responses
                 'header' => [
                     "Accept: application/vnd.hmrc.1.0+json",
+                    "Authorization: Bearer {$tokenRes->access_token}",
                 ]
             ]
         ];

lib/Config/HmrcVatApiConfig.php

@@ -30,4 +30,31 @@ class HmrcVatApiConfig extends StructClass
      */
     public $vatUrl;
 
+    /**
+     * OAuth token request URL for HMRC VAT API
+     * @var string
+     *
+     * @Assert\Type( type="string" )
+     * @Assert\NotBlank
+     */
+    public $oauthTokenUrl;
+
+    /**
+     * OAuth client ID for HMRC VAT API
+     * @var string
+     *
+     * @Assert\Type( type="string" )
+     * @Assert\NotBlank
+     */
+    public $clientId;
+
+    /**
+     * OAuth client secret for HMRC VAT API
+     * @var string
+     *
+     * @Assert\Type( type="string" )
+     * @Assert\NotBlank
+     */
+    public $clientSecret;
+
 }

tests/BasketTest.php

@@ -848,16 +848,25 @@ private function prepareBasket(
         bool $passTemplatesAsConfig = false
     )
     {
+        if( ! getenv('hmrc_client_id') ){
+            throw new \Exception( "Please set the hmrc_client_id environment variable" );
+        }
+        if( ! getenv('hmrc_client_secret') ){
+            throw new \Exception( "Please set the hmrc_client_secret environment variable" );
+        }
+
         if( ! getenv('hmrc_use_live_api') ){
             throw new \Exception( "Please set the hmrc_use_live_api environment variable" );
         }
 
         $useHmrcLiveApi = strtolower(getenv('hmrc_use_live_api')); 
         if( $useHmrcLiveApi === "true" ){
             $vatUrl = "https://api.service.hmrc.gov.uk/organisations/vat/check-vat-number/lookup/";
+            $oauthTokenUrl = "https://api.service.hmrc.gov.uk/oauth/token";
             $this->validUkVatNumber = "569953277"; // Vodafone UK's VAT number
         }else{
             $vatUrl = "https://test-api.service.hmrc.gov.uk/organisations/vat/check-vat-number/lookup/";
+            $oauthTokenUrl = "https://test-api.service.hmrc.gov.uk/oauth/token";
             $this->validUkVatNumber = "166804280212"; // 166804280212 is a test vat number for use with the HMRC VAT API test environment
         }
 
@@ -880,7 +889,10 @@ private function prepareBasket(
             'paymentProviders' => $this->getPaymentProvidersConfig($passTemplatesAsConfig),
             'billingAddress' => $billingAddress,
             'hmrcVatApiConfig' => [
+                "oauthTokenUrl" => $oauthTokenUrl,
                 "vatUrl" => $vatUrl,
+                "clientId" => getenv('hmrc_client_id'),
+                "clientSecret" => getenv('hmrc_client_secret'),
             ],
             'geoIpDbPath' => $geoDbPath
         ];