LG-10062 Accept compressed Service Provider

app/controllers/service_provider_controller.rb

@@ -3,8 +3,12 @@ class ServiceProviderController < ApplicationController
 
   def update
     authorize do
-      ServiceProviderUpdater.new.run(sp_params[:service_provider]) if
-        FeatureManagement.use_dashboard_service_providers?
+      if !FeatureManagement.use_dashboard_service_providers?
+        render json: { status: 'Service providers updater has not been enabled.' }
+        return
+      end
+
+      ServiceProviderUpdater.new.run(sp_params['service_provider'])
 
       render json: { status: 'If the feature is enabled, service providers have been updated.' }
     end
@@ -32,6 +36,15 @@ def authorization_token
   end
 
   def sp_params
-    params.permit(service_provider: {})
+    if request.headers['Content-Type'] == 'gzip/json'
+      body = request.body.read
+      if body.present?
+        JSON.parse(Zlib.gunzip(body))
+      else
+        {}
+      end
+    else
+      params.permit(service_provider: {})
+    end
   end
 end

spec/controllers/service_provider_controller_spec.rb

@@ -20,15 +20,16 @@
       }
     end
     let(:dashboard_service_providers) { [attributes] }
+    let(:token) { '123ABC' }
+    let(:use_feature) { true }
 
-    context 'feature on, correct token in headers' do
-      before do
-        correct_token = '123ABC'
-        headers(correct_token)
-        allow(IdentityConfig.store).to receive(:use_dashboard_service_providers).and_return(true)
-      end
+    before do
+      headers(token)
+      allow(IdentityConfig.store).to receive(:use_dashboard_service_providers) { use_feature }
+    end
 
-      context 'with no params' do
+    context 'feature on, correct token in headers' do
+      context 'with no body' do
         before do
           allow_any_instance_of(ServiceProviderUpdater).to receive(:dashboard_service_providers).
             and_return(dashboard_service_providers)
@@ -66,38 +67,64 @@
         end
       end
 
-      context 'with a service provider passed via params' do
-        let(:friendly_name) { 'A new friendly name' }
-        let(:params) do
-          {
-            service_provider: attributes.merge(friendly_name:),
-          }
-        end
+      context 'with a service provider passed in via a request body' do
+        describe 'with the req Content-Type set to "gzip/json"' do
+          let(:friendly_name) { 'A new friendly name' }
+          let(:body) do
+            Zlib.gzip({ service_provider: attributes.merge(friendly_name:) }.to_json)
+          end
 
-        before do
-          request.content_type = 'application/json'
-          post :update, params:
-        end
+          before do
+            # Rails controller tests will fail unless the Content-Type is registered
+            # Not needed in production
+            Mime::Type.register 'gzip/json', :gzip_json
+            request.headers['Content-Type'] = 'gzip/json'
+            post :update, body:
+          end
 
-        it 'returns 200' do
-          expect(response.status).to eq 200
+          after do
+            Mime::Type.unregister :gzip_json
+          end
+
+          it 'returns 200' do
+            expect(response.status).to eq 200
+          end
+
+          it 'updates the matching ServiceProvider in the DB' do
+            sp = ServiceProvider.find_by(issuer: dashboard_sp_issuer)
+
+            expect(sp.agency).to eq agency
+            expect(sp.friendly_name).to eq friendly_name
+            expect(sp.active?).to eq true
+          end
         end
 
-        it 'updates the matching ServiceProvider in the DB' do
-          sp = ServiceProvider.find_by(issuer: dashboard_sp_issuer)
+        describe 'with a different Content-Type' do
+          let(:friendly_name) { 'A new friendly name' }
+          let(:params) { { service_provider: attributes.merge(friendly_name:) } }
 
-          expect(sp.agency).to eq agency
-          expect(sp.friendly_name).to eq friendly_name
-          expect(sp.active?).to eq true
+          before do
+            request.headers['Content-Type'] = 'application/json'
+            post :update, params:
+          end
+
+          it 'returns 200' do
+            expect(response.status).to eq 200
+          end
+
+          it 'updates the matching ServiceProvider in the DB' do
+            sp = ServiceProvider.find_by(issuer: dashboard_sp_issuer)
+
+            expect(sp.agency).to eq agency
+            expect(sp.friendly_name).to eq friendly_name
+            expect(sp.active?).to eq true
+          end
         end
       end
     end
 
     context 'incorrect token in header' do
-      before do
-        incorrect_token = 'BAD'
-        headers(incorrect_token)
-      end
+      let(:token) { 'BAD' }
 
       it 'returns a 401' do
         post :update
@@ -106,6 +133,20 @@
       end
     end
 
+    context 'feature off' do
+      let(:use_feature) { false }
+      before { post :update }
+
+      it 'returns 200' do
+        expect(response.status).to eq 200
+      end
+
+      it 'returns the body' do
+        body = { status: 'Service providers updater has not been enabled.' }.to_json
+        expect(response.body).to eq body
+      end
+    end
+
     def headers(token)
       request.headers['X-LOGIN-DASHBOARD-TOKEN'] = token
     end