18F · Sgtpluck · Aug 21, 2023 · Aug 17, 2023 · Aug 17, 2023 · Aug 18, 2023
diff --git a/app/controllers/service_provider_controller.rb b/app/controllers/service_provider_controller.rb
@@ -3,7 +3,8 @@ class ServiceProviderController < ApplicationController
 
   def update
     authorize do
-      ServiceProviderUpdater.new.run if FeatureManagement.use_dashboard_service_providers?
+      ServiceProviderUpdater.new.run(sp_params[:service_provider]) if
+        FeatureManagement.use_dashboard_service_providers?
 
       render json: { status: 'If the feature is enabled, service providers have been updated.' }
     end
@@ -29,4 +30,8 @@ def authorization_token_valid?
   def authorization_token
     request.headers['X-LOGIN-DASHBOARD-TOKEN']
   end
+
+  def sp_params
+    params.permit(service_provider: {})
+  end
 end
diff --git a/app/services/service_provider_updater.rb b/app/services/service_provider_updater.rb
@@ -11,20 +11,26 @@ class ServiceProviderUpdater
     cert
   ]
 
-  def run
-    dashboard_service_providers.each do |service_provider|
+  def run(service_provider = nil)
+    if service_provider.present?
       update_local_caches(ActiveSupport::HashWithIndifferentAccess.new(service_provider))
+    else
+      dashboard_service_providers.each do |dashboard_service_provider|
+        update_local_caches(
+          ActiveSupport::HashWithIndifferentAccess.new(dashboard_service_provider),
+        )
+      end
     end
   end
 
   private
 
   def update_local_caches(service_provider)
-    issuer = service_provider['issuer']
-    update_cache(issuer, service_provider)
+    update_cache(service_provider)
   end
 
-  def update_cache(issuer, service_provider)
+  def update_cache(service_provider)
+    issuer = service_provider['issuer']
     if service_provider['active'] == true
       create_or_update_service_provider(issuer, service_provider)
     else

diff --git a/spec/controllers/service_provider_controller_spec.rb b/spec/controllers/service_provider_controller_spec.rb
@@ -6,66 +6,89 @@
   describe '#update' do
     let(:dashboard_sp_issuer) { 'some-dashboard-service-provider' }
     let(:agency) { create(:agency) }
-    let(:dashboard_service_providers) do
-      [
-        {
-          issuer: dashboard_sp_issuer,
-          agency_id: agency.id,
-          friendly_name: 'a friendly service provider',
-          description: 'user friendly Login.gov dashboard',
-          acs_url: 'http://sp.example.org/saml/login',
-          assertion_consumer_logout_service_url: 'http://sp.example.org/saml/logout',
-          block_encryption: 'aes256-cbc',
-          certs: [saml_test_sp_cert],
-          active: true,
-        },
-      ]
+    let(:attributes) do
+      {
+        issuer: dashboard_sp_issuer,
+        agency_id: agency.id,
+        friendly_name: 'a friendly service provider',
+        description: 'user friendly Login.gov dashboard',
+        acs_url: 'http://sp.example.org/saml/login',
+        assertion_consumer_logout_service_url: 'http://sp.example.org/saml/logout',
+        block_encryption: 'aes256-cbc',
+        certs: [saml_test_sp_cert],
+        active: true,
+      }
     end
+    let(:dashboard_service_providers) { [attributes] }
 
     context 'feature on, correct token in headers' do
       before do
         correct_token = '123ABC'
         headers(correct_token)
         allow(IdentityConfig.store).to receive(:use_dashboard_service_providers).and_return(true)
-        allow_any_instance_of(ServiceProviderUpdater).to receive(:dashboard_service_providers).
-          and_return(dashboard_service_providers)
       end
 
-      after do
-        ServiceProvider.find_by(issuer: dashboard_sp_issuer)&.destroy
-      end
+      context 'with no params' do
+        before do
+          allow_any_instance_of(ServiceProviderUpdater).to receive(:dashboard_service_providers).
+            and_return(dashboard_service_providers)
+          post :update
+        end
 
-      it 'returns 200' do
-        post :update
+        after do
+          ServiceProvider.find_by(issuer: dashboard_sp_issuer)&.destroy
+        end
 
-        expect(response.status).to eq 200
-      end
+        it 'returns 200' do
+          expect(response.status).to eq 200
+        end
 
-      it 'updates the matching ServiceProvider in the DB' do
-        post :update
+        it 'updates the matching ServiceProvider in the DB' do
+          sp = ServiceProvider.find_by(issuer: dashboard_sp_issuer)
+
+          expect(sp.metadata[:agency]).to eq dashboard_service_providers.first[:agency]
+          expect(sp.ssl_certs.first).to be_a OpenSSL::X509::Certificate
+          expect(sp.active?).to eq true
+        end
 
-        sp = ServiceProvider.find_by(issuer: dashboard_sp_issuer)
+        context 'with CSRF protection enabled' do
+          before do
+            ActionController::Base.allow_forgery_protection = true
+          end
 
-        expect(sp.metadata[:agency]).to eq dashboard_service_providers.first[:agency]
-        expect(sp.ssl_certs.first).to be_a OpenSSL::X509::Certificate
-        expect(sp.active?).to eq true
+          after do
+            ActionController::Base.allow_forgery_protection = false
+          end
+
+          it 'ignores invalid CSRF tokens' do
+            expect(response.status).to eq(200)
+          end
+        end
       end
 
-      context 'with CSRF protection enabled' do
+      context 'with a service provider passed via params' do
+        let(:friendly_name) { 'A new friendly name' }
+        let(:params) do
+          {
+            service_provider: attributes.merge(friendly_name:),
+          }
+        end
+
         before do
-          correct_token = '123ABC'
-          headers(correct_token)
-          ActionController::Base.allow_forgery_protection = true
+          request.content_type = 'application/json'
+          post :update, params:
         end
 
-        after do
-          ActionController::Base.allow_forgery_protection = false
+        it 'returns 200' do
+          expect(response.status).to eq 200
         end
 
-        it 'ignores invalid CSRF tokens' do
-          post :update
+        it 'updates the matching ServiceProvider in the DB' do
+          sp = ServiceProvider.find_by(issuer: dashboard_sp_issuer)
 
-          expect(response.status).to eq(200)
+          expect(sp.agency).to eq agency
+          expect(sp.friendly_name).to eq friendly_name
+          expect(sp.active?).to eq true
         end
       end
     end

diff --git a/spec/services/service_provider_updater_spec.rb b/spec/services/service_provider_updater_spec.rb
@@ -27,7 +27,7 @@
       block_encryption: 'aes256-cbc',
       certs: [saml_test_sp_cert],
       active: true,
-      native: true,
+      native: false,
       approved: true,
       help_text: {
         sign_in: { en: '<b>A new different sign-in help text</b>' },
@@ -252,5 +252,69 @@
         expect(ServiceProvider.count).to eq before_count
       end
     end
+
+    context 'run is called with service_provider attributes' do
+      let(:attributes) { friendly_sp.except(:id) }
+      let(:friendly_name) { 'A different name' }
+
+      before { attributes[:friendly_name] = friendly_name }
+
+      it 'does not try to send a GET to the dashboard' do
+        expect(Faraday).not_to receive(:get)
+
+        subject.run(attributes)
+      end
+
+      context 'service provider attributes has active: true' do
+        context 'service provider exists' do
+          let(:sp) { create(:service_provider, issuer: attributes[:issuer]) }
+          it 'updates the single service provider' do
+            subject.run(attributes)
+
+            sp = ServiceProvider.find_by(issuer: attributes[:issuer])
+
+            expect(sp.friendly_name).to eq friendly_name
+          end
+        end
+
+        context 'service provider does not yet exist' do
+          it 'creates the service provider' do
+            expect(ServiceProvider.find_by(issuer: attributes[:issuer])).to be nil
+
+            subject.run(attributes)
+
+            sp = ServiceProvider.find_by(issuer: attributes[:issuer])
+
+            expect(sp.friendly_name).to eq friendly_name
+          end
+        end
+      end
+
+      context 'service provider attributes has active: false' do
+        let(:sp) { create(:service_provider, issuer: attributes[:issuer]) }
+        before { attributes[:active] = false }
+
+        context 'it is not a native service provider' do
+          it 'destroys the service_provider' do
+            subject.run(attributes)
+
+            destroyed_sp = ServiceProvider.find_by(issuer: attributes[:issuer])
+
+            expect(destroyed_sp).to be nil
+          end
+        end
+
+        context 'it is a native service provider' do
+          before { sp.update!(native: true) }
+          it 'is not destroyed' do
+            subject.run(attributes)
+
+            destroyed_sp = ServiceProvider.find_by(issuer: attributes[:issuer])
+
+            expect(destroyed_sp).to eq sp
+          end
+        end
+      end
+    end
   end
 end