From a3e7da6bfab32b3bf125ac7bb40c9da8e432054e Mon Sep 17 00:00:00 2001
From: kevin-co-hmrc <129957464+kevin-co-hmrc@users.noreply.github.com>
Date: Wed, 14 Jun 2023 15:27:12 +0100
Subject: [PATCH] DCWL-1384 Refactor AuthAction.scala to be more readable
 (#178)

* DCWL-1384 Refactor AuthAction.scala to be more readable

* DCWL-1348 Improve parameter name

* DCWL-1384 Use isBlank from JDK11

* DCWL-1384 Fix client ID validation
---
 .../export/controllers/HeaderValidator.scala  | 98 ++++++++-----------
 .../actionbuilders/AuthAction.scala           | 93 +++++++-----------
 .../actionbuilders/actionBuildersModel.scala  |  4 -
 .../export/model/models.scala                 | 43 ++++++--
 .../export/services/CustomsAuthService.scala  |  3 +-
 .../export/xml/PayloadDecorator.scala         | 54 ++++++----
 .../exports/inventoryLinkingCommonTypes.xsd   |  1 -
 .../CustomsMetricsConnectorSpec.scala         |  2 +-
 test/integration/ExportsConnectorSpec.scala   |  9 +-
 .../connectors/ExportsConnectorSpec.scala     |  2 +-
 ...InventoryLinkingExportControllerSpec.scala |  2 +-
 .../actionbuilders/AuthActionSpec.scala       | 19 ++--
 .../PayloadValidationActionSpec.scala         |  4 +-
 test/unit/services/BusinessServiceSpec.scala  |  4 +-
 test/unit/xml/PayloadDecoratorSpec.scala      | 53 +++++-----
 test/util/TestData.scala                      | 22 ++---
 16 files changed, 201 insertions(+), 212 deletions(-)

diff --git a/app/uk/gov/hmrc/customs/inventorylinking/export/controllers/HeaderValidator.scala b/app/uk/gov/hmrc/customs/inventorylinking/export/controllers/HeaderValidator.scala
index 824aa37a..14088f2c 100644
--- a/app/uk/gov/hmrc/customs/inventorylinking/export/controllers/HeaderValidator.scala
+++ b/app/uk/gov/hmrc/customs/inventorylinking/export/controllers/HeaderValidator.scala
@@ -16,7 +16,6 @@
 
 package uk.gov.hmrc.customs.inventorylinking.export.controllers
 
-import javax.inject.{Inject, Singleton}
 import play.api.http.HeaderNames._
 import play.api.http.MimeTypes
 import play.api.mvc.Headers
@@ -24,17 +23,17 @@ import uk.gov.hmrc.customs.api.common.controllers.ErrorResponse
 import uk.gov.hmrc.customs.api.common.controllers.ErrorResponse._
 import uk.gov.hmrc.customs.inventorylinking.export.controllers.CustomHeaderNames._
 import uk.gov.hmrc.customs.inventorylinking.export.logging.ExportsLogger
+import uk.gov.hmrc.customs.inventorylinking.export.model._
 import uk.gov.hmrc.customs.inventorylinking.export.model.actionbuilders.{ApiVersionRequest, ExtractedHeadersImpl, HasConversationId, HasRequest}
-import uk.gov.hmrc.customs.inventorylinking.export.model.{ClientId, _}
+
+import javax.inject.{Inject, Singleton}
 
 @Singleton
 class HeaderValidator @Inject()(logger: ExportsLogger) {
 
   private lazy val validContentTypeHeaders = Seq(MimeTypes.XML + ";charset=utf-8", MimeTypes.XML + "; charset=utf-8")
-  private lazy val xClientIdRegex = "^\\S+$".r
 
   private lazy val xBadgeIdentifierRegex = "^[0-9A-Z]{6,12}$".r
-  private lazy val InvalidEoriHeaderRegex = "(^[\\s]*$|^.{18,}$)".r
 
   private val errorResponseBadgeIdentifierHeaderMissing = errorBadRequest(s"$XBadgeIdentifierHeaderName header is missing or invalid")
   private val errorResponseEoriIdentifierHeaderInvalid = errorBadRequest(s"$XSubmitterIdentifierHeaderName header is invalid")
@@ -44,79 +43,64 @@ class HeaderValidator @Inject()(logger: ExportsLogger) {
 
     def hasContentType: Either[ErrorResponse, String] = validateHeader(CONTENT_TYPE, s => validContentTypeHeaders.contains(s.toLowerCase()), ErrorContentTypeHeaderInvalid)
 
-    def hasXClientId: Either[ErrorResponse, String] = validateHeader(XClientIdHeaderName, xClientIdRegex.findFirstIn(_).nonEmpty, ErrorInternalServerError)
+    def hasXClientId: Either[ErrorResponse, String] = validateHeader(XClientIdHeaderName, _.forall(!_.isWhitespace), ErrorInternalServerError)
 
     val theResult: Either[ErrorResponse, ExtractedHeadersImpl] = for {
       contentTypeValue <- hasContentType
       xClientIdValue <- hasXClientId
     } yield {
       logger.debug(
-      s"\n$CONTENT_TYPE header passed validation: $contentTypeValue"
-      + s"\n$XClientIdHeaderName header passed validation: $xClientIdValue")
+        s"\n$CONTENT_TYPE header passed validation: $contentTypeValue"
+          + s"\n$XClientIdHeaderName header passed validation: $xClientIdValue")
       ExtractedHeadersImpl(ClientId(xClientIdValue))
     }
     theResult
   }
 
-  private def validateHeader[A](headerName: String, rule: String => Boolean, errorResponse: ErrorResponse)(implicit apiVersionRequest: ApiVersionRequest[A], h: Headers): Either[ErrorResponse, String] = {
-    val left = Left(errorResponse)
-    def leftWithLog(headerName: String) = {
-      logger.error(s"Error - header '$headerName' not present")
-      left
-    }
-    def leftWithLogContainingValue(headerName: String, value: String) = {
-      logger.error(s"Error - header '$headerName' value '$value' is not valid")
-      left
-    }
-
-    h.get(headerName).fold[Either[ErrorResponse, String]]{
-      leftWithLog(headerName)
-    }{
-      v =>
-        if (rule(v)) Right(v) else leftWithLogContainingValue(headerName, v)
-    }
-  }
-
-  def eitherBadgeIdentifier[A](allowNone: Boolean)(implicit vhr: HasRequest[A] with HasConversationId): Either[ErrorResponse, Option[BadgeIdentifier]] = {
-    val maybeBadgeId: Option[String] = vhr.request.headers.toSimpleMap.get(XBadgeIdentifierHeaderName)
-
-    if (allowNone && maybeBadgeId.isEmpty) {
-      logger.info(s"$XBadgeIdentifierHeaderName header empty and allowed")
-      Right(None)
-    } else {
-      maybeBadgeId.filter(xBadgeIdentifierRegex.findFirstIn(_).nonEmpty).map { b =>
-        logger.info(s"$XBadgeIdentifierHeaderName header passed validation: $b")
-        Some(BadgeIdentifier(b))
-      }.toRight[ErrorResponse] {
-        logger.error(s"$XBadgeIdentifierHeaderName invalid or not present for CSP")
-        errorResponseBadgeIdentifierHeaderMissing
-      }
+  private def validateHeader[A](headerName: String, rule: String => Boolean, errorResponse: ErrorResponse)(implicit apiVersionRequest: ApiVersionRequest[A], headers: Headers): Either[ErrorResponse, String] = {
+    headers.get(headerName) match {
+      case Some(value) if rule(value) =>
+        Right(value)
+      case Some(invalidValue) =>
+        logger.error(s"Error - header '$headerName' value '$invalidValue' is not valid")
+        Left(errorResponse)
+      case None =>
+        logger.error(s"Error - header '$headerName' not present")
+        Left(errorResponse)
     }
   }
 
-  private def validEori(eori: String) = InvalidEoriHeaderRegex.findFirstIn(eori).isEmpty
+  def eitherBadgeIdentifier[A](implicit vhr: HasRequest[A] with HasConversationId): Either[ErrorResponse, Option[BadgeIdentifier]] = {
+    val maybeBadgeId = vhr.request.headers.toSimpleMap.get(XBadgeIdentifierHeaderName)
+    logger.debug(s"maybeBadgeId => $maybeBadgeId")
 
-  private def convertEmptyHeaderToNone(eori: Option[String]) = {
-    if (eori.isDefined && eori.get.trim.isEmpty) {
-      None
-    } else {
-      eori
+    maybeBadgeId match {
+      case Some(badgeId) if xBadgeIdentifierRegex.pattern.matcher(badgeId).matches =>
+        logger.info(s"$XBadgeIdentifierHeaderName header passed validation: $badgeId")
+        Right(Some(BadgeIdentifier(badgeId)))
+      case Some(_) =>
+        logger.error(s"$XBadgeIdentifierHeaderName invalid or not present for CSP")
+        Left(errorResponseBadgeIdentifierHeaderMissing)
+      case None =>
+        logger.info(s"$XBadgeIdentifierHeaderName header empty and allowed")
+        Right(None)
     }
   }
 
   def eoriMustBeValidIfPresent[A](implicit vhr: HasRequest[A] with HasConversationId): Either[ErrorResponse, Option[Eori]] = {
-    val maybeEoriHeader: Option[String] = vhr.request.headers.toSimpleMap.get(XSubmitterIdentifierHeaderName)
+    val maybeEoriHeader: Option[String] = vhr.request.headers.toSimpleMap.get(XSubmitterIdentifierHeaderName).filter(!_.isBlank)
     logger.debug(s"maybeEori => $maybeEoriHeader")
-    val maybeEori = convertEmptyHeaderToNone(maybeEoriHeader)
-
-    maybeEori match {
-      case Some(eori) => if (validEori(eori)) {
-        logger.info(s"$XSubmitterIdentifierHeaderName header passed validation: $eori")
-        Right(Some(Eori(eori)))
-      } else {
-        logger.error(s"$XSubmitterIdentifierHeaderName header is invalid for CSP: $eori")
-        Left(errorResponseEoriIdentifierHeaderInvalid)
-      }
+
+    maybeEoriHeader match {
+      case Some(unvalidatedEori) =>
+        Eori.fromString(unvalidatedEori) match {
+          case Some(eori) =>
+            logger.info(s"$XSubmitterIdentifierHeaderName header passed validation: $eori")
+            Right(Some(eori))
+          case None =>
+            logger.error(s"$XSubmitterIdentifierHeaderName header is invalid for CSP: $unvalidatedEori")
+            Left(errorResponseEoriIdentifierHeaderInvalid)
+        }
       case None =>
         logger.info(s"$XSubmitterIdentifierHeaderName header not present or is empty")
         Right(None)
diff --git a/app/uk/gov/hmrc/customs/inventorylinking/export/controllers/actionbuilders/AuthAction.scala b/app/uk/gov/hmrc/customs/inventorylinking/export/controllers/actionbuilders/AuthAction.scala
index 611bb892..e3c53a3b 100644
--- a/app/uk/gov/hmrc/customs/inventorylinking/export/controllers/actionbuilders/AuthAction.scala
+++ b/app/uk/gov/hmrc/customs/inventorylinking/export/controllers/actionbuilders/AuthAction.scala
@@ -16,22 +16,19 @@
 
 package uk.gov.hmrc.customs.inventorylinking.export.controllers.actionbuilders
 
-import javax.inject.{Inject, Singleton}
 import play.api.mvc._
-import uk.gov.hmrc.customs.api.common.controllers.ErrorResponse
 import uk.gov.hmrc.customs.api.common.controllers.ErrorResponse.errorInternalServerError
-import uk.gov.hmrc.customs.inventorylinking.export.model.actionbuilders.{ApiSubscriptionFieldsRequest, HasConversationId, HasRequest}
-import uk.gov.hmrc.customs.inventorylinking.export.model.{AuthorisedAsCsp, BadgeIdentifier, Csp, Eori}
+import uk.gov.hmrc.customs.inventorylinking.`export`.model.{Csp, CspWithBadgeId, CspWithEori, CspWithEoriAndBadgeId, Eori}
 import uk.gov.hmrc.customs.inventorylinking.export.controllers.HeaderValidator
 import uk.gov.hmrc.customs.inventorylinking.export.logging.ExportsLogger
 import uk.gov.hmrc.customs.inventorylinking.export.model.actionbuilders.ActionBuilderModelHelper._
-import uk.gov.hmrc.customs.inventorylinking.export.model.actionbuilders.AuthorisedRequest
+import uk.gov.hmrc.customs.inventorylinking.export.model.actionbuilders.{ApiSubscriptionFieldsRequest, AuthorisedRequest}
 import uk.gov.hmrc.customs.inventorylinking.export.services.CustomsAuthService
 import uk.gov.hmrc.http.HeaderCarrier
 import uk.gov.hmrc.play.http.HeaderCarrierConverter
 
+import javax.inject.{Inject, Singleton}
 import scala.concurrent.{ExecutionContext, Future}
-import scala.util.Left
 
 /** Action builder that attempts to authorise request as a CSP or else NON CSP
  * <ul>
@@ -56,65 +53,47 @@ class AuthAction @Inject()(customsAuthService: CustomsAuthService,
 
   override def refine[A](asfr: ApiSubscriptionFieldsRequest[A]): Future[Either[Result, AuthorisedRequest[A]]] = {
     implicit val implicitAsfr: ApiSubscriptionFieldsRequest[A] = asfr
-    implicit def hc(implicit rh: RequestHeader): HeaderCarrier = HeaderCarrierConverter.fromRequest(rh)
 
-    authAsCspWithOptionalAuthHeaders.flatMap{
-      case Right(maybeAuthorisedAsCspWithIdentifierHeaders) =>
-        maybeAuthorisedAsCspWithIdentifierHeaders.fold{
-          customsAuthService.authAsNonCsp.map[Either[Result, AuthorisedRequest[A]]]{
-            case Left(errorResponse) =>
-              Left(errorResponse.XmlResult.withConversationId)
-            case Right(nonCspData) =>
-              Right(asfr.toNonCspAuthorisedRequest(nonCspData.eori))
-          }
-        }{ cspData =>
-          if (validIdentifier(cspData, asfr.apiSubscriptionFields.fields.authenticatedEori)) {
-            Future.successful(Right(asfr.toCspAuthorisedRequest(cspData)))
-          } else {
-            val msg = "Missing authenticated eori in service lookup. Alternately, use X-Badge-Identifier or X-Submitter-Identifier headers."
-            logger.error(s"For CSP request $msg")
-            Future.successful(Left(errorInternalServerError(msg).XmlResult.withConversationId))
-          }
+    implicit val hc: HeaderCarrier = HeaderCarrierConverter.fromRequest(asfr)
+
+    customsAuthService.authAsCsp.flatMap {
+      case Right(true) =>
+        Future.successful(maybeCspAuthorisedRequest(asfr))
+      case Right(false) =>
+        customsAuthService.authAsNonCsp.map {
+          case Right(nonCspData) =>
+            Right(asfr.toAuthorisedRequest(nonCspData))
+          case Left(errorResponse) =>
+            Left(errorResponse.XmlResult.withConversationId)
         }
       case Left(result) =>
         Future.successful(Left(result.XmlResult.withConversationId))
     }
   }
 
-  private def authAsCspWithOptionalAuthHeaders[A](implicit vfr: HasRequest[A] with HasConversationId, hc: HeaderCarrier): Future[Either[ErrorResponse, Option[AuthorisedAsCsp]]] = {
-    customsAuthService.authAsCsp.map {
-      case Right(isCsp) =>
-        if (isCsp) {
-          eitherCspAuthData.map(authAsCsp => Some(authAsCsp))
-        } else {
-          Right(None)
-        }
-      case Left(errorResponse) =>
-        Left(errorResponse)
-    }
-  }
-
-  def eitherCspAuthData[A](implicit vhr: HasRequest[A] with HasConversationId): Either[ErrorResponse, AuthorisedAsCsp] = {
-    for {
-      maybeBadgeId <- eitherBadgeIdentifier(allowNone = true)
-      maybeEori <- eitherEori
-    } yield Csp(maybeEori, maybeBadgeId)
-  }
-
-  private def eitherEori[A](implicit vhr: HasRequest[A] with HasConversationId): Either[ErrorResponse, Option[Eori]] = {
-    headerValidator.eoriMustBeValidIfPresent
-  }
+  private def maybeCspAuthorisedRequest[A](implicit asfr: ApiSubscriptionFieldsRequest[A])
+  : Either[Result, AuthorisedRequest[A]] = {
+    def toRight(csp: Csp): Right[Nothing, AuthorisedRequest[A]] = Right(asfr.toAuthorisedRequest(csp))
 
-  protected def eitherBadgeIdentifier[A](allowNone: Boolean)(implicit vhr: HasRequest[A] with HasConversationId): Either[ErrorResponse, Option[BadgeIdentifier]] = {
-    headerValidator.eitherBadgeIdentifier(allowNone = allowNone)
-  }
-
-  private def validIdentifier(cspData: AuthorisedAsCsp, authenticatedEori: Option[String]): Boolean = {
-    if (!cspData.isEmpty || (authenticatedEori.isDefined && !authenticatedEori.get.trim.isEmpty)) {
-      true
-    } else {
-      false
+    val maybeAuthenticatedEori = asfr.apiSubscriptionFields.fields.authenticatedEori.flatMap(Eori.fromString)
+    (for {
+      maybeEori <- headerValidator.eoriMustBeValidIfPresent
+      maybeBadgeId <- headerValidator.eitherBadgeIdentifier
+    } yield (maybeEori, maybeBadgeId, maybeAuthenticatedEori)) match {
+      case Right((Some(eori), None, _)) =>
+        toRight(CspWithEori(eori))
+      case Right((None, Some(badgeId), _)) =>
+        toRight(CspWithBadgeId(badgeId))
+      case Right((Some(eori), Some(badgeId), _)) =>
+        toRight(CspWithEoriAndBadgeId(eori, badgeId))
+      case Right((None, None, Some(authenticatedEori))) =>
+        toRight(CspWithEori(authenticatedEori))
+      case Right((None, None, None)) =>
+        val msg = "Missing authenticated eori in service lookup. Alternately, use X-Badge-Identifier or X-Submitter-Identifier headers."
+        logger.error(s"For CSP request $msg")
+        Left(errorInternalServerError(msg).XmlResult.withConversationId)
+      case Left(result) =>
+        Left(result.XmlResult.withConversationId)
     }
   }
-
 }
diff --git a/app/uk/gov/hmrc/customs/inventorylinking/export/model/actionbuilders/actionBuildersModel.scala b/app/uk/gov/hmrc/customs/inventorylinking/export/model/actionbuilders/actionBuildersModel.scala
index 97010449..974fa613 100644
--- a/app/uk/gov/hmrc/customs/inventorylinking/export/model/actionbuilders/actionBuildersModel.scala
+++ b/app/uk/gov/hmrc/customs/inventorylinking/export/model/actionbuilders/actionBuildersModel.scala
@@ -65,10 +65,6 @@ object ActionBuilderModelHelper {
 
   implicit class ApiSubscriptionFieldsRequestOps[A](val asf: ApiSubscriptionFieldsRequest[A]) extends AnyVal {
 
-    def toCspAuthorisedRequest(a: AuthorisedAsCsp): AuthorisedRequest[A] = toAuthorisedRequest(a)
-
-    def toNonCspAuthorisedRequest(eori: Eori): AuthorisedRequest[A] = toAuthorisedRequest(NonCsp(eori))
-
     def toAuthorisedRequest(authorisedAs: AuthorisedAs): AuthorisedRequest[A] = AuthorisedRequest(
       asf.conversationId,
       asf.start,
diff --git a/app/uk/gov/hmrc/customs/inventorylinking/export/model/models.scala b/app/uk/gov/hmrc/customs/inventorylinking/export/model/models.scala
index fbba9ae7..3f2adb5e 100644
--- a/app/uk/gov/hmrc/customs/inventorylinking/export/model/models.scala
+++ b/app/uk/gov/hmrc/customs/inventorylinking/export/model/models.scala
@@ -17,18 +17,35 @@
 package uk.gov.hmrc.customs.inventorylinking.export.model
 
 import java.util.UUID
-
 import play.api.libs.json.{JsString, Reads, Writes}
 
-case class Eori(value: String) extends AnyVal {
+import scala.util.matching.Regex
+
+case class Eori private(value: String) extends AnyVal {
   override def toString: String = value
 }
 
+object Eori {
+
+  private val ValidEoriHeaderRegex: Regex = "(^[A-Za-z]{2}[a-zA-Z0-9]{1,15}$)".r
+
+  private def apply(value: String): Eori = new Eori(value)
+
+  def fromString(value: String): Option[Eori] = {
+    if (ValidEoriHeaderRegex.pattern.matcher(value).matches) {
+      Some(new Eori(value))
+    } else {
+      None
+    }
+  }
+}
+
 case class ClientId(value: String) extends AnyVal
 
 case class ConversationId(uuid: UUID) extends AnyVal {
   override def toString: String = uuid.toString
 }
+
 object ConversationId {
   implicit val writer: Writes[ConversationId] = Writes[ConversationId] { x => JsString(x.uuid.toString) }
   implicit val reader: Reads[ConversationId] = Reads.of[UUID].map(new ConversationId(_))
@@ -45,22 +62,28 @@ case class SubscriptionFieldsId(value: String) extends AnyVal
 sealed trait ApiVersion {
   val value: String
   val configPrefix: String
+
   override def toString: String = value
 }
-object VersionOne extends ApiVersion{
+
+object VersionOne extends ApiVersion {
   override val value: String = "1.0"
   override val configPrefix: String = ""
 }
-object VersionTwo extends ApiVersion{
+
+object VersionTwo extends ApiVersion {
   override val value: String = "2.0"
   override val configPrefix: String = "v2."
 }
 
 sealed trait AuthorisedAs
-sealed trait AuthorisedAsCsp extends AuthorisedAs {
-  val eori: Option[Eori]
-  val badgeIdentifier: Option[BadgeIdentifier]
-  val isEmpty: Boolean = eori.isEmpty && badgeIdentifier.isEmpty
-}
-case class Csp(eori: Option[Eori], badgeIdentifier: Option[BadgeIdentifier]) extends AuthorisedAsCsp
+
+sealed trait Csp extends AuthorisedAs
+
+case class CspWithEori(eori: Eori) extends Csp
+
+case class CspWithBadgeId(badgeIdentifier: BadgeIdentifier) extends Csp
+
+case class CspWithEoriAndBadgeId(eori: Eori, badgeIdentifier: BadgeIdentifier) extends Csp
+
 case class NonCsp(eori: Eori) extends AuthorisedAs
diff --git a/app/uk/gov/hmrc/customs/inventorylinking/export/services/CustomsAuthService.scala b/app/uk/gov/hmrc/customs/inventorylinking/export/services/CustomsAuthService.scala
index eaa7901d..d923a561 100644
--- a/app/uk/gov/hmrc/customs/inventorylinking/export/services/CustomsAuthService.scala
+++ b/app/uk/gov/hmrc/customs/inventorylinking/export/services/CustomsAuthService.scala
@@ -110,7 +110,8 @@ class CustomsAuthService @Inject()(override val authConnector: AuthConnector,
     for {
       customsEnrolment <- maybeCustomsEnrolment
       eoriIdentifier <- customsEnrolment.getIdentifier("EORINumber")
-    } yield Eori(eoriIdentifier.value)
+      eori <- Eori.fromString(eoriIdentifier.value)
+    } yield eori
   }
 
 }
diff --git a/app/uk/gov/hmrc/customs/inventorylinking/export/xml/PayloadDecorator.scala b/app/uk/gov/hmrc/customs/inventorylinking/export/xml/PayloadDecorator.scala
index 5e8e186c..1d9a71b3 100644
--- a/app/uk/gov/hmrc/customs/inventorylinking/export/xml/PayloadDecorator.scala
+++ b/app/uk/gov/hmrc/customs/inventorylinking/export/xml/PayloadDecorator.scala
@@ -16,18 +16,49 @@
 
 package uk.gov.hmrc.customs.inventorylinking.export.xml
 
-import javax.inject.Singleton
 import org.joda.time.DateTime
 import org.joda.time.format.ISODateTimeFormat
+import uk.gov.hmrc.customs.inventorylinking.`export`.model._
 import uk.gov.hmrc.customs.inventorylinking.export.model.actionbuilders.ValidatedPayloadRequest
-import uk.gov.hmrc.customs.inventorylinking.export.model.{CorrelationId, Csp, NonCsp, SubscriptionFieldsId}
+import uk.gov.hmrc.customs.inventorylinking.export.model.{CorrelationId, NonCsp, SubscriptionFieldsId}
 
-import scala.xml.{NodeSeq, Text}
+import javax.inject.Singleton
+import scala.xml.NodeSeq
 
 @Singleton
 class PayloadDecorator() {
 
-  private val newLineAndIndentation = "\n        "
+  private def maybeBadgeIdentifierElement(authorisedAs: AuthorisedAs): NodeSeq = {
+    def badgeIdElementFrom(badgeIdentifier: BadgeIdentifier): NodeSeq = {
+      <gw:badgeIdentifier>{ badgeIdentifier.value }</gw:badgeIdentifier>
+    }
+
+    authorisedAs match {
+      case CspWithBadgeId(badgeIdentifier) =>
+        badgeIdElementFrom(badgeIdentifier)
+      case CspWithEoriAndBadgeId(_, badgeIdentifier) =>
+        badgeIdElementFrom(badgeIdentifier)
+      case _ =>
+        NodeSeq.Empty
+    }
+  }
+
+  private def submitterElement(authorisedAs: AuthorisedAs): NodeSeq = {
+    def submitterElementFrom(submitter: String): NodeSeq = {
+      <gw:submitter>{ submitter }</gw:submitter>
+    }
+
+    authorisedAs match {
+      case NonCsp(eori) =>
+        submitterElementFrom(eori.value)
+      case CspWithEori(eori) =>
+        submitterElementFrom(eori.value)
+      case CspWithEoriAndBadgeId(eori, _) =>
+        submitterElementFrom(eori.value)
+      case CspWithBadgeId(badgeIdentifier) =>
+        submitterElementFrom(badgeIdentifier.value)
+    }
+  }
 
   def decorate[A](xml: NodeSeq, clientId: SubscriptionFieldsId, correlationId: CorrelationId, dateTime: DateTime)(implicit vpr: ValidatedPayloadRequest[A]): NodeSeq = {
 
@@ -37,19 +68,8 @@ class PayloadDecorator() {
                                               xmlns:n1="http://www.hmrc.gov.uk/cds/inventorylinking/exportmovement"
                                               xsi:schemaLocation="http://www.hmrc.gov.uk/cds/inventorylinking/exportmovement DEC39_Root.xsd">
       <n1:requestCommon>
-        { vpr.authorisedAs match {
-            case NonCsp(eori) =>
-              <gw:submitter>{eori.value}</gw:submitter>
-            case Csp(eori, badgeId) =>
-              val badgeIdentifierElement: NodeSeq = {badgeId.fold(NodeSeq.Empty)(badge => <gw:badgeIdentifier>{badge.value}</gw:badgeIdentifier>)}
-              val submitterElement: NodeSeq = (eori, badgeId) match {
-                case (None, None) => <gw:submitter>{vpr.apiSubscriptionFields.fields.authenticatedEori.get}</gw:submitter>
-                case (None, Some(b)) => <gw:submitter>{b.value}</gw:submitter>
-                case _ => <gw:submitter>{eori.get.value}</gw:submitter>
-              }
-              Seq[NodeSeq](badgeIdentifierElement, Text(newLineAndIndentation), submitterElement)
-          }
-        }
+        { maybeBadgeIdentifierElement(vpr.authorisedAs) }
+        { submitterElement(vpr.authorisedAs) }
         <gw:clientID>{clientId.value}</gw:clientID>
         <gw:conversationID>{vpr.conversationId.toString}</gw:conversationID>
         <gw:correlationID>{correlationId.toString}</gw:correlationID>
diff --git a/public/api/conf/1.0/schemas/exports/inventoryLinkingCommonTypes.xsd b/public/api/conf/1.0/schemas/exports/inventoryLinkingCommonTypes.xsd
index 080e35ce..3c8b0eb1 100644
--- a/public/api/conf/1.0/schemas/exports/inventoryLinkingCommonTypes.xsd
+++ b/public/api/conf/1.0/schemas/exports/inventoryLinkingCommonTypes.xsd
@@ -129,7 +129,6 @@ Change History:
 
 	<xs:complexType name="errorBlock">
 		<xs:sequence>
-		<!-- TODO -->
 			<xs:element name="errorCode" minOccurs="1">
 			<xs:simpleType>
 					<xs:restriction base="xs:string">
diff --git a/test/integration/CustomsMetricsConnectorSpec.scala b/test/integration/CustomsMetricsConnectorSpec.scala
index b73fb687..6e2a852a 100644
--- a/test/integration/CustomsMetricsConnectorSpec.scala
+++ b/test/integration/CustomsMetricsConnectorSpec.scala
@@ -37,7 +37,7 @@ class CustomsMetricsConnectorSpec extends IntegrationTestSpec with GuiceOneAppPe
 
   private lazy val connector = app.injector.instanceOf[CustomsMetricsConnector]
 
-  private implicit val vpr: ValidatedPayloadRequest[AnyContentAsXml] = TestData.TestCspValidatedPayloadRequest
+  private implicit val vpr: ValidatedPayloadRequest[AnyContentAsXml] = TestData.TestCspValidatedPayloadRequestWithEori
   private implicit val mockExportsLogger: ExportsLogger = mock[ExportsLogger]
 
   /**
diff --git a/test/integration/ExportsConnectorSpec.scala b/test/integration/ExportsConnectorSpec.scala
index c9e92af5..c7566b27 100644
--- a/test/integration/ExportsConnectorSpec.scala
+++ b/test/integration/ExportsConnectorSpec.scala
@@ -16,7 +16,6 @@
 
 package integration
 
-import java.util.UUID
 import org.joda.time.DateTime
 import org.scalatest.prop.TableDrivenPropertyChecks
 import org.scalatestplus.mockito.MockitoSugar
@@ -26,13 +25,13 @@ import play.api.inject.guice.GuiceApplicationBuilder
 import play.api.test.Helpers._
 import uk.gov.hmrc.customs.inventorylinking.export.connectors.{ExportsConnector, Non2xxResponseException}
 import uk.gov.hmrc.customs.inventorylinking.export.model.actionbuilders.ValidatedPayloadRequest
-import uk.gov.hmrc.http._
-import uk.gov.hmrc.http.Authorization
+import uk.gov.hmrc.http.{Authorization, _}
 import util.ExternalServicesConfig.{AuthToken, Host, Port}
 import util.TestData
 import util.XMLTestData.ValidInventoryLinkingMovementRequestXML
 import util.externalservices.{ExportsExternalServicesConfig, InventoryLinkingExportsService}
 
+import java.util.UUID
 import scala.concurrent.Future
 import scala.xml.NodeSeq
 
@@ -60,7 +59,7 @@ class ExportsConnectorSpec extends IntegrationTestSpec with GuiceOneAppPerSuite
   private val incomingBearerToken = "some_client's_bearer_token"
   private val incomingAuthToken = s"Bearer $incomingBearerToken"
   private val correlationId = UUID.randomUUID()
-  private implicit val vpr = TestData.TestCspValidatedPayloadRequest
+  private implicit val vpr = TestData.TestCspValidatedPayloadRequestWithEori
 
   private implicit val hc: HeaderCarrier = HeaderCarrier(authorization = Some(Authorization(incomingAuthToken)))
 
@@ -72,7 +71,7 @@ class ExportsConnectorSpec extends IntegrationTestSpec with GuiceOneAppPerSuite
     resetMockServer()
   }
 
-  override protected def afterAll(): Unit =  {
+  override protected def afterAll() {
     stopMockServer()
   }
 
diff --git a/test/unit/connectors/ExportsConnectorSpec.scala b/test/unit/connectors/ExportsConnectorSpec.scala
index 45976450..3b63253a 100644
--- a/test/unit/connectors/ExportsConnectorSpec.scala
+++ b/test/unit/connectors/ExportsConnectorSpec.scala
@@ -78,7 +78,7 @@ class ExportsConnectorSpec extends UnitSpec with MockitoSugar with BeforeAndAfte
 
   private val httpFormattedDate = "Tue, 04 Jul 2017 13:45:00 UTC"
 
-  private implicit val vpr = TestCspValidatedPayloadRequest
+  private implicit val vpr = TestCspValidatedPayloadRequestWithEori
 
   "ExportsConnector" can {
 
diff --git a/test/unit/controllers/InventoryLinkingExportControllerSpec.scala b/test/unit/controllers/InventoryLinkingExportControllerSpec.scala
index ceadea55..b12119de 100644
--- a/test/unit/controllers/InventoryLinkingExportControllerSpec.scala
+++ b/test/unit/controllers/InventoryLinkingExportControllerSpec.scala
@@ -243,7 +243,7 @@ class InventoryLinkingExportControllerSpec extends UnitSpec
 
 
     "respond with status 202 and conversationId in header for a processed valid non-CSP request and ignoring the submitter id in the header that doesn't match our records" in new SetUp() {
-      authoriseNonCsp(Some(Eori("whatever")))
+      authoriseNonCsp(Eori.fromString("whatever"))
 
       val result: Result = awaitSubmit(ValidRequestWithSubmitterHeader)
 
diff --git a/test/unit/controllers/actionbuilders/AuthActionSpec.scala b/test/unit/controllers/actionbuilders/AuthActionSpec.scala
index 69280b57..8eb8f60a 100644
--- a/test/unit/controllers/actionbuilders/AuthActionSpec.scala
+++ b/test/unit/controllers/actionbuilders/AuthActionSpec.scala
@@ -23,14 +23,12 @@ import play.api.mvc.AnyContentAsXml
 import play.api.test.{FakeRequest, Helpers}
 import uk.gov.hmrc.customs.api.common.controllers.ErrorResponse
 import uk.gov.hmrc.customs.api.common.controllers.ErrorResponse.{ErrorInternalServerError, UnauthorizedCode, errorBadRequest, errorInternalServerError}
-import uk.gov.hmrc.customs.inventorylinking.export.model.VersionOne
-import uk.gov.hmrc.customs.inventorylinking.export.model.actionbuilders.ApiVersionRequest
 import uk.gov.hmrc.customs.inventorylinking.export.controllers.actionbuilders.AuthAction
 import uk.gov.hmrc.customs.inventorylinking.export.controllers.{CustomHeaderNames, HeaderValidator}
 import uk.gov.hmrc.customs.inventorylinking.export.logging.ExportsLogger
-import uk.gov.hmrc.customs.inventorylinking.export.model.ApiSubscriptionFields
+import uk.gov.hmrc.customs.inventorylinking.export.model.{ApiSubscriptionFields, NonCsp, VersionOne}
 import uk.gov.hmrc.customs.inventorylinking.export.model.actionbuilders.ActionBuilderModelHelper._
-import uk.gov.hmrc.customs.inventorylinking.export.model.actionbuilders.{ApiSubscriptionFieldsRequest, AuthorisedRequest}
+import uk.gov.hmrc.customs.inventorylinking.export.model.actionbuilders.{ApiSubscriptionFieldsRequest, ApiVersionRequest, AuthorisedRequest}
 import uk.gov.hmrc.customs.inventorylinking.export.services.CustomsAuthService
 import util.CustomsMetricsTestData.EventStart
 import util.TestData._
@@ -72,7 +70,7 @@ class AuthActionSpec extends UnitSpec with MockitoSugar {
       authoriseCsp()
 
       private val actual: AuthorisedRequest[AnyContentAsXml] = await(authAction.refine(request(testFakeRequestWithMaybeBadgeIdAndMaybeSubmitterId())).getOrElse(throw new RuntimeException("failed to refine test authAction")))
-      private val expected: AuthorisedRequest[AnyContentAsXml] = request(testFakeRequestWithMaybeBadgeIdAndMaybeSubmitterId()).toCspAuthorisedRequest(cspAuthorisedRequest)
+      private val expected: AuthorisedRequest[AnyContentAsXml] = request(testFakeRequestWithMaybeBadgeIdAndMaybeSubmitterId()).toAuthorisedRequest(cspAuthorisedRequestWithEoriAndBadgeIdentifier)
       actual.authorisedAs shouldBe expected.authorisedAs
 
       verifyNonCspAuthorisationNotCalled
@@ -82,7 +80,7 @@ class AuthActionSpec extends UnitSpec with MockitoSugar {
       authoriseCsp()
 
       private val actual = await(authAction.refine(request(testFakeRequestWithMaybeBadgeIdAndMaybeSubmitterId(maybeSubmitterIdString = None))).getOrElse(throw new RuntimeException("failed to refine test authAction")))
-      private val expected: AuthorisedRequest[AnyContentAsXml] = request(testFakeRequestWithMaybeBadgeIdAndMaybeSubmitterId(maybeSubmitterIdString = None)).toCspAuthorisedRequest(cspAuthorisedRequestWithoutEori)
+      private val expected: AuthorisedRequest[AnyContentAsXml] = request(testFakeRequestWithMaybeBadgeIdAndMaybeSubmitterId(maybeSubmitterIdString = None)).toAuthorisedRequest(cspAuthorisedRequestWithBadgeIdentifier)
 
       actual.authorisedAs shouldBe expected.authorisedAs
       verifyNonCspAuthorisationNotCalled
@@ -101,7 +99,7 @@ class AuthActionSpec extends UnitSpec with MockitoSugar {
       authoriseCsp()
 
       private val actual = await(authAction.refine(request(testFakeRequestWithMaybeBadgeIdAndMaybeSubmitterId(maybeSubmitterIdString = None), ApiSubscriptionFieldsTestData.apiSubscriptionFieldsNoAuthenticatedEori)).getOrElse(throw new RuntimeException("failed to refine test authAction")))
-      private val expected = request(testFakeRequestWithMaybeBadgeIdAndMaybeSubmitterId(maybeSubmitterIdString = None)).toCspAuthorisedRequest(cspAuthorisedRequestWithoutEori)
+      private val expected = request(testFakeRequestWithMaybeBadgeIdAndMaybeSubmitterId(maybeSubmitterIdString = None)).toAuthorisedRequest(cspAuthorisedRequestWithBadgeIdentifier)
 
       actual.authorisedAs shouldBe expected.authorisedAs
       verifyNonCspAuthorisationNotCalled
@@ -111,7 +109,7 @@ class AuthActionSpec extends UnitSpec with MockitoSugar {
       authoriseCsp()
 
       private val actual = await(authAction.refine(request(testFakeRequestWithMaybeBadgeIdAndMaybeSubmitterId(maybeSubmitterIdString = None), ApiSubscriptionFieldsTestData.apiSubscriptionFieldsBlankAuthenticatedEori)).getOrElse(throw new RuntimeException("failed to refine test authAction")))
-      private val expected = request(testFakeRequestWithMaybeBadgeIdAndMaybeSubmitterId(maybeSubmitterIdString = None)).toCspAuthorisedRequest(cspAuthorisedRequestWithoutEori)
+      private val expected = request(testFakeRequestWithMaybeBadgeIdAndMaybeSubmitterId(maybeSubmitterIdString = None)).toAuthorisedRequest(cspAuthorisedRequestWithBadgeIdentifier)
 
       actual.authorisedAs shouldBe expected.authorisedAs
       verifyNonCspAuthorisationNotCalled
@@ -121,8 +119,7 @@ class AuthActionSpec extends UnitSpec with MockitoSugar {
       authoriseCsp()
 
       private val actual = await(authAction.refine(request(testFakeRequestWithMaybeBadgeIdAndMaybeSubmitterId(maybeBadgeIdString = None))).getOrElse(throw new RuntimeException("failed to refine test authAction")))
-      private val expected = request(testFakeRequestWithMaybeBadgeIdAndMaybeSubmitterId(maybeBadgeIdString = None)).toCspAuthorisedRequest(cspAuthorisedRequestWithoutBadgeIdentifier)
-
+      private val expected = request(testFakeRequestWithMaybeBadgeIdAndMaybeSubmitterId(maybeBadgeIdString = None)).toAuthorisedRequest(cspAuthorisedRequestWithEori)
       actual.authorisedAs shouldBe expected.authorisedAs
       verifyNonCspAuthorisationNotCalled
     }
@@ -189,7 +186,7 @@ class AuthActionSpec extends UnitSpec with MockitoSugar {
 
       private val actual = await(authAction.refine(TestApiSubscriptionFieldsRequest))
 
-      actual shouldBe Right(TestApiSubscriptionFieldsRequest.toNonCspAuthorisedRequest(declarantEori))
+      actual shouldBe Right(TestApiSubscriptionFieldsRequest.toAuthorisedRequest(NonCsp(declarantEori)))
       verifyCspAuthorisationCalled(1)
       verifyNonCspAuthorisationCalled(1)
     }
diff --git a/test/unit/controllers/actionbuilders/PayloadValidationActionSpec.scala b/test/unit/controllers/actionbuilders/PayloadValidationActionSpec.scala
index b2bc05d7..fb804573 100644
--- a/test/unit/controllers/actionbuilders/PayloadValidationActionSpec.scala
+++ b/test/unit/controllers/actionbuilders/PayloadValidationActionSpec.scala
@@ -77,7 +77,7 @@ class PayloadValidationActionSpec extends UnitSpec with MockitoSugar {
 
       private val actual: Either[Result, ValidatedPayloadRequest[AnyContentAsXml]] = await(payloadValidationAction.refine(TestCspAuthorisedRequest))
 
-      actual shouldBe Right(TestCspValidatedPayloadRequest)
+      actual shouldBe Right(TestCspValidatedPayloadRequestWithEori)
     }
 
     "return 400 error response when XML is not well formed" in new SetUp {
@@ -92,7 +92,7 @@ class PayloadValidationActionSpec extends UnitSpec with MockitoSugar {
       val authorisedRequestWithNonWellFormedXml: AuthorisedRequest[AnyContentAsText] = ApiVersionRequest(conversationId, EventStart, VersionOne, FakeRequest().withTextBody("<foo><foo>"))
         .toValidatedHeadersRequest(TestExtractedHeaders)
         .toApiSubscriptionFieldsRequest(ApiSubscriptionFieldsTestData.apiSubscriptionFields)
-        .toCspAuthorisedRequest(cspAuthorisedRequest)
+        .toAuthorisedRequest(cspAuthorisedRequestWithEori)
 
       private val actual = await(payloadValidationAction.refine(authorisedRequestWithNonWellFormedXml))
 
diff --git a/test/unit/services/BusinessServiceSpec.scala b/test/unit/services/BusinessServiceSpec.scala
index a4d5773a..6256c389 100644
--- a/test/unit/services/BusinessServiceSpec.scala
+++ b/test/unit/services/BusinessServiceSpec.scala
@@ -51,7 +51,7 @@ class BusinessServiceSpec extends UnitSpec with MockitoSugar with BeforeAndAfter
   private implicit val ec = Helpers.stubControllerComponents().executionContext
   private val headerCarrier: HeaderCarrier = HeaderCarrier()
     .withExtraHeaders(RequestHeaders.API_SUBSCRIPTION_FIELDS_ID_HEADER)
-  private implicit val vpr: ValidatedPayloadRequest[AnyContentAsXml] = TestCspValidatedPayloadRequest
+  private implicit val vpr: ValidatedPayloadRequest[AnyContentAsXml] = TestCspValidatedPayloadRequestWithEori
   private val errorResponseServiceUnavailable = errorInternalServerError("This service is currently unavailable")
 
   trait SetUp {
@@ -64,7 +64,7 @@ class BusinessServiceSpec extends UnitSpec with MockitoSugar with BeforeAndAfter
     protected lazy val service: BusinessService = new BusinessService(mockLogger, mockExportsConnector,
       mockPayloadDecorator, mockDateTimeProvider, stubUniqueIdsService)
 
-    protected def send(vpr: ValidatedPayloadRequest[AnyContentAsXml] = TestCspValidatedPayloadRequest, hc: HeaderCarrier = headerCarrier): Either[Result, Unit] = {
+    protected def send(vpr: ValidatedPayloadRequest[AnyContentAsXml] = TestCspValidatedPayloadRequestWithEori, hc: HeaderCarrier = headerCarrier): Either[Result, Unit] = {
       await(service.send(vpr, hc))
     }
     // https://stackoverflow.com/questions/27289757/mockito-matchers-scala-value-class-and-nullpointerexception
diff --git a/test/unit/xml/PayloadDecoratorSpec.scala b/test/unit/xml/PayloadDecoratorSpec.scala
index f13d6d22..72716b86 100644
--- a/test/unit/xml/PayloadDecoratorSpec.scala
+++ b/test/unit/xml/PayloadDecoratorSpec.scala
@@ -37,18 +37,20 @@ class PayloadDecoratorSpec extends UnitSpec with MockitoSugar {
   private val decorator = new PayloadDecorator()
 
   "PayloadDecorator for CSP" should {
-    implicit val vpr: ValidatedPayloadRequest[AnyContentAsXml] = TestCspValidatedPayloadRequest
-    def wrapPayloadWithBadgeIdentifierAndEori(payload: NodeSeq = xmlPayload): NodeSeq = decorator.decorate(payload, TestSubscriptionFieldsId, correlationId, dateTime)
+    val vprWithEoriAndBadgeIdentifier: ValidatedPayloadRequest[AnyContentAsXml] = TestCspValidatedPayloadRequestWithEoriAndBadgeIdentifier
+    def wrapPayloadWithEoriAndBadgeIdentifier(payload: NodeSeq = xmlPayload): NodeSeq = {
+      decorator.decorate(payload, TestSubscriptionFieldsId, correlationId, dateTime)(vprWithEoriAndBadgeIdentifier)
+    }
 
     "wrap passed complete inventoryLinkingMovementRequest" in {
-      val result = wrapPayloadWithBadgeIdentifierAndEori(ValidInventoryLinkingMovementRequestXML)
+      val result = wrapPayloadWithEoriAndBadgeIdentifier(ValidInventoryLinkingMovementRequestXML)
 
        scala.xml.Utility.trim(result.head) shouldBe scala.xml.Utility.trim(wrappedValidXML.head)
     }
 
     forAll(xmlRequests) { (linkingType, xml) =>
       s"wrap passed $linkingType" in {
-        val result = wrapPayloadWithBadgeIdentifierAndEori(xml)
+        val result = wrapPayloadWithEoriAndBadgeIdentifier(xml)
 
         val header = result \ commonLabel
         val request = result \\ linkingType
@@ -59,7 +61,7 @@ class PayloadDecoratorSpec extends UnitSpec with MockitoSugar {
     }
 
     "set the timestamp in the wrapper" in {
-      val result = wrapPayloadWithBadgeIdentifierAndEori()
+      val result = wrapPayloadWithEoriAndBadgeIdentifier()
 
       val rd = result \ commonLabel \ "dateTimeStamp"
 
@@ -67,7 +69,7 @@ class PayloadDecoratorSpec extends UnitSpec with MockitoSugar {
     }
 
     "set the conversationId" in {
-      val result = wrapPayloadWithBadgeIdentifierAndEori()
+      val result = wrapPayloadWithEoriAndBadgeIdentifier()
 
       val rd = result \ commonLabel \ "conversationID"
 
@@ -75,7 +77,7 @@ class PayloadDecoratorSpec extends UnitSpec with MockitoSugar {
     }
 
     "set the correlationId" in {
-      val result = wrapPayloadWithBadgeIdentifierAndEori()
+      val result = wrapPayloadWithEoriAndBadgeIdentifier()
 
       val rd = result \ commonLabel \ "correlationID"
 
@@ -83,7 +85,7 @@ class PayloadDecoratorSpec extends UnitSpec with MockitoSugar {
     }
 
     "set the clientId" in {
-      val result = wrapPayloadWithBadgeIdentifierAndEori()
+      val result = wrapPayloadWithEoriAndBadgeIdentifier()
 
       val rd = result \ commonLabel \ "clientID"
 
@@ -91,7 +93,7 @@ class PayloadDecoratorSpec extends UnitSpec with MockitoSugar {
     }
 
     "set the badgeIdentifier when present" in {
-      val result = wrapPayloadWithBadgeIdentifierAndEori()
+      val result = decorator.decorate(xmlPayload, TestSubscriptionFieldsId, correlationId, dateTime)(TestCspValidatedPayloadRequestWithBadgeIdentifier)
 
       val rd = result \\ "badgeIdentifier"
 
@@ -99,7 +101,7 @@ class PayloadDecoratorSpec extends UnitSpec with MockitoSugar {
     }
 
     "omit the badgeIdentifier when absent" in {
-      implicit val vpr: ValidatedPayloadRequest[AnyContentAsXml] = TestCspValidatedPayloadRequestWithoutBadgeIdentifier
+      implicit val vpr: ValidatedPayloadRequest[AnyContentAsXml] = TestCspValidatedPayloadRequestWithEori
       val result = decorator.decorate(xmlPayload, TestSubscriptionFieldsId, correlationId, dateTime)
 
       val rd = result \\ "badgeIdentifier"
@@ -108,7 +110,7 @@ class PayloadDecoratorSpec extends UnitSpec with MockitoSugar {
     }
 
     "set the submitter when present" in {
-      val result = wrapPayloadWithBadgeIdentifierAndEori()
+      val result = wrapPayloadWithEoriAndBadgeIdentifier()
 
       val rd = result \\ "submitter"
 
@@ -116,30 +118,21 @@ class PayloadDecoratorSpec extends UnitSpec with MockitoSugar {
     }
     
     "set the submitter to badgeIdentifier when eori is absent" in {
-      implicit val vpr: ValidatedPayloadRequest[AnyContentAsXml] = TestCspValidatedPayloadRequestWithoutEori
+      implicit val vpr: ValidatedPayloadRequest[AnyContentAsXml] = TestCspValidatedPayloadRequestWithBadgeIdentifier
       val result = decorator.decorate(xmlPayload, TestSubscriptionFieldsId, correlationId, dateTime)
 
       val rd = result \\ "submitter"
 
       rd.head.text shouldBe badgeIdentifier.value
     }
-
-    "set the submitter to authenticated eori when both eori and badgeIdentifier are absent" in {
-      implicit val vpr: ValidatedPayloadRequest[AnyContentAsXml] = TestCspValidatedPayloadRequestWithoutEoriOrBadgeIdentifier
-      val result = decorator.decorate(xmlPayload, TestSubscriptionFieldsId, correlationId, dateTime)
-
-      val rd = result \\ "submitter"
-
-      rd.head.text shouldBe authenticatedEori.value
-    }
   }
 
   "PayloadDecorator for non-CSP" should {
     implicit val vpr: ValidatedPayloadRequest[AnyContentAsXml] = TestNonCspValidatedPayloadRequest
-    def wrapPayloadWithoutBadgeIdentifier(payload: NodeSeq = xmlPayload): NodeSeq = decorator.decorate(payload, TestSubscriptionFieldsId, correlationId, dateTime)
+    def wrapPayload(payload: NodeSeq = xmlPayload): NodeSeq = decorator.decorate(payload, TestSubscriptionFieldsId, correlationId, dateTime)
 
     "wrap passed complete inventoryLinkingMovementRequest" in {
-      val result = wrapPayloadWithoutBadgeIdentifier()
+      val result = wrapPayload()
 
       val requestDetail = result \\ "requestDetail"
       requestDetail.head.child.contains(<node1/>) shouldBe true
@@ -147,7 +140,7 @@ class PayloadDecoratorSpec extends UnitSpec with MockitoSugar {
 
     forAll(xmlRequests) { (linkingType, xml) =>
       s"wrap passed $linkingType" in {
-        val result = wrapPayloadWithoutBadgeIdentifier(xml)
+        val result = wrapPayload(xml)
 
         val header = result \ commonLabel
         val request = result \\ linkingType
@@ -158,7 +151,7 @@ class PayloadDecoratorSpec extends UnitSpec with MockitoSugar {
     }
 
     "set the timestamp in the wrapper" in {
-      val result = wrapPayloadWithoutBadgeIdentifier()
+      val result = wrapPayload()
 
       val rd = result \ commonLabel \ "dateTimeStamp"
 
@@ -166,7 +159,7 @@ class PayloadDecoratorSpec extends UnitSpec with MockitoSugar {
     }
 
     "set the conversationId" in {
-      val result = wrapPayloadWithoutBadgeIdentifier()
+      val result = wrapPayload()
 
       val rd = result \ commonLabel \ "conversationID"
 
@@ -174,7 +167,7 @@ class PayloadDecoratorSpec extends UnitSpec with MockitoSugar {
     }
 
     "set the correlationId" in {
-      val result = wrapPayloadWithoutBadgeIdentifier()
+      val result = wrapPayload()
 
       val rd = result \ commonLabel \ "correlationID"
 
@@ -182,7 +175,7 @@ class PayloadDecoratorSpec extends UnitSpec with MockitoSugar {
     }
 
     "set the clientId" in {
-      val result = wrapPayloadWithoutBadgeIdentifier()
+      val result = wrapPayload()
 
       val rd = result \ commonLabel \ "clientID"
 
@@ -190,7 +183,7 @@ class PayloadDecoratorSpec extends UnitSpec with MockitoSugar {
     }
 
     "should not set the badgeIdentifier when absent" in {
-      val result = wrapPayloadWithoutBadgeIdentifier()
+      val result = wrapPayload()
 
       val rd = result \\ "badgeIdentifier"
 
@@ -198,7 +191,7 @@ class PayloadDecoratorSpec extends UnitSpec with MockitoSugar {
     }
 
     "set the submitter identifier when present" in {
-      val result =  wrapPayloadWithoutBadgeIdentifier()
+      val result =  wrapPayload()
 
       val rd = result \\ "submitter"
 
diff --git a/test/util/TestData.scala b/test/util/TestData.scala
index 887f668c..492f45c5 100644
--- a/test/util/TestData.scala
+++ b/test/util/TestData.scala
@@ -49,13 +49,12 @@ object TestData {
 
   val declarantEoriValue = "ZZ123456789000"
   val authenticatedEoriValue = "AA123456789000"
-  val declarantEori = Eori(declarantEoriValue)
-  val authenticatedEori = Eori(authenticatedEoriValue)
+  val declarantEori = Eori.fromString(declarantEoriValue).get
+  val authenticatedEori = Eori.fromString(authenticatedEoriValue).get
 
-  val cspAuthorisedRequest = Csp(Some(declarantEori), Some(badgeIdentifier))
-  val cspAuthorisedRequestWithoutBadgeIdentifier = Csp(Some(declarantEori), None)
-  val cspAuthorisedRequestWithoutEori = Csp(None, Some(badgeIdentifier))
-  val cspAuthorisedRequestWithoutEoriOrBadgeIdentifier = Csp(None, None)
+  val cspAuthorisedRequestWithEoriAndBadgeIdentifier = CspWithEoriAndBadgeId(declarantEori, badgeIdentifier)
+  val cspAuthorisedRequestWithEori = CspWithEori(declarantEori)
+  val cspAuthorisedRequestWithBadgeIdentifier = CspWithBadgeId(badgeIdentifier)
 
   val dateTime: DateTime = DateTime.now(DateTimeZone.UTC)
   val dateTimeFormat = "YYYY-MM-dd'T'HH:mm:ss'Z'"
@@ -133,12 +132,11 @@ object TestData {
   val TestValidatedHeadersRequest: ValidatedHeadersRequest[AnyContentAsXml] = TestConversationIdRequest.toApiVersionRequest(VersionOne).toValidatedHeadersRequest(TestExtractedHeaders)
   val TestValidatedHeadersRequestV2: ValidatedHeadersRequest[AnyContentAsXml] = TestConversationIdRequest.toApiVersionRequest(VersionTwo).toValidatedHeadersRequest(TestExtractedHeaders)
   val TestApiSubscriptionFieldsRequest: ApiSubscriptionFieldsRequest[AnyContentAsXml] = TestValidatedHeadersRequest.toApiSubscriptionFieldsRequest(ApiSubscriptionFieldsTestData.apiSubscriptionFields)
-  val TestCspAuthorisedRequest: AuthorisedRequest[AnyContentAsXml] = TestApiSubscriptionFieldsRequest.toCspAuthorisedRequest(cspAuthorisedRequest)
-  val TestCspValidatedPayloadRequest: ValidatedPayloadRequest[AnyContentAsXml] = TestApiSubscriptionFieldsRequest.toCspAuthorisedRequest(cspAuthorisedRequest).toValidatedPayloadRequest(xmlBody = TestXmlPayload)
-  val TestCspValidatedPayloadRequestWithoutBadgeIdentifier: ValidatedPayloadRequest[AnyContentAsXml] = TestApiSubscriptionFieldsRequest.toCspAuthorisedRequest(cspAuthorisedRequestWithoutBadgeIdentifier).toValidatedPayloadRequest(xmlBody = TestXmlPayload)
-  val TestCspValidatedPayloadRequestWithoutEori: ValidatedPayloadRequest[AnyContentAsXml] = TestApiSubscriptionFieldsRequest.toCspAuthorisedRequest(cspAuthorisedRequestWithoutEori).toValidatedPayloadRequest(xmlBody = TestXmlPayload)
-  val TestCspValidatedPayloadRequestWithoutEoriOrBadgeIdentifier: ValidatedPayloadRequest[AnyContentAsXml] = TestApiSubscriptionFieldsRequest.toCspAuthorisedRequest(cspAuthorisedRequestWithoutEoriOrBadgeIdentifier).toValidatedPayloadRequest(xmlBody = TestXmlPayload)
-  val TestNonCspValidatedPayloadRequest: ValidatedPayloadRequest[AnyContentAsXml] = TestApiSubscriptionFieldsRequest.toNonCspAuthorisedRequest(declarantEori).toValidatedPayloadRequest(xmlBody = TestXmlPayload)
+  val TestCspAuthorisedRequest: AuthorisedRequest[AnyContentAsXml] = TestApiSubscriptionFieldsRequest.toAuthorisedRequest(cspAuthorisedRequestWithEori)
+  val TestCspValidatedPayloadRequestWithEoriAndBadgeIdentifier: ValidatedPayloadRequest[AnyContentAsXml] = TestApiSubscriptionFieldsRequest.toAuthorisedRequest(cspAuthorisedRequestWithEoriAndBadgeIdentifier).toValidatedPayloadRequest(xmlBody = TestXmlPayload)
+  val TestCspValidatedPayloadRequestWithEori: ValidatedPayloadRequest[AnyContentAsXml] = TestApiSubscriptionFieldsRequest.toAuthorisedRequest(cspAuthorisedRequestWithEori).toValidatedPayloadRequest(xmlBody = TestXmlPayload)
+  val TestCspValidatedPayloadRequestWithBadgeIdentifier: ValidatedPayloadRequest[AnyContentAsXml] = TestApiSubscriptionFieldsRequest.toAuthorisedRequest(cspAuthorisedRequestWithBadgeIdentifier).toValidatedPayloadRequest(xmlBody = TestXmlPayload)
+  val TestNonCspValidatedPayloadRequest: ValidatedPayloadRequest[AnyContentAsXml] = TestApiSubscriptionFieldsRequest.toAuthorisedRequest(NonCsp(declarantEori)).toValidatedPayloadRequest(xmlBody = TestXmlPayload)
 }
 
 object RequestHeaders {