davinci_crd_test_kit 0.12.0 → 0.12.1

data/lib/davinci_crd_test_kit/client_tests/order_select_receive_request_test.rb

@@ -10,10 +10,19 @@ module DaVinciCRDTestKit
       This test waits for multiple incoming [order-select](https://hl7.org/fhir/us/davinci-crd/STU2/hooks.html#order-select)
       hook requests and responds to the client with the response types selected as an input.
       )
+    verifies_requirements 'hl7.fhir.us.davinci-crd_2.0.1@209', 'hl7.fhir.us.davinci-crd_2.0.1@243',
+                          'hl7.fhir.us.davinci-crd_2.0.1@244', 'hl7.fhir.us.davinci-crd_2.0.1@245'
 
     config options: { accepts_multiple_requests: true }
 
-    input :iss
+    input :cds_jwt_iss,
+          title: 'CRD JWT Issuer',
+          description: %(
+            Value of the `iss` claim that must be sent on the Bearer token in the `Authorization`
+            header of all requests. Run or re-run the **Client Registration** group to set or
+            change this value.
+          ),
+          locked: true
     input :order_select_selected_response_types,
           title: 'Response types to return from order-select hook requests',
           description: %(
@@ -70,7 +79,7 @@ module DaVinciCRDTestKit
 
     run do
       wait(
-        identifier: "order-select #{iss}",
+        identifier: "order-select #{cds_jwt_iss}",
         message: %(
           **Order Select CDS Service Test**:
 
@@ -80,7 +89,8 @@ module DaVinciCRDTestKit
 
           Inferno will process the requests and return CDS cards if successful.
 
-          [Click here](#{resume_pass_url}?token=order-select%20#{iss}) when you have finished submitting requests.
+          [Click here](#{resume_pass_url}?token=order-select%20#{cds_jwt_iss}) when you have finished submitting
+          requests.
         )
       )
     end

data/lib/davinci_crd_test_kit/client_tests/order_sign_receive_request_test.rb

@@ -13,10 +13,20 @@ module DaVinciCRDTestKit
         system action for these hooks, even if the response indicates that further information is needed or that the
         level of detail provided is insufficient to determine coverage.
       )
+    verifies_requirements 'hl7.fhir.us.davinci-crd_2.0.1@218', 'hl7.fhir.us.davinci-crd_2.0.1@225',
+                          'hl7.fhir.us.davinci-crd_2.0.1@243', 'hl7.fhir.us.davinci-crd_2.0.1@244',
+                          'hl7.fhir.us.davinci-crd_2.0.1@245'
 
     config options: { accepts_multiple_requests: true }
 
-    input :iss
+    input :cds_jwt_iss,
+          title: 'CRD JWT Issuer',
+          description: %(
+            Value of the `iss` claim that must be sent on the Bearer token in the `Authorization`
+            header of all requests. Run or re-run the **Client Registration** group to set or
+            change this value.
+          ),
+          locked: true
     input :order_sign_selected_response_types,
           title: 'Response types to return from order-sign hook requests',
           description: %(
@@ -73,7 +83,7 @@ module DaVinciCRDTestKit
 
     run do
       wait(
-        identifier: "order-sign #{iss}",
+        identifier: "order-sign #{cds_jwt_iss}",
         message: %(
           **Order Sign CDS Service Test**:
 
@@ -83,7 +93,7 @@ module DaVinciCRDTestKit
 
           Inferno will process the requests and return CDS cards if successful.
 
-          [Click here](#{resume_pass_url}?token=order-sign%20#{iss}) when you have finished submitting requests.
+          [Click here](#{resume_pass_url}?token=order-sign%20#{cds_jwt_iss}) when you have finished submitting requests.
         )
       )
     end

data/lib/davinci_crd_test_kit/client_tests/retrieve_jwks_test.rb

@@ -9,19 +9,22 @@ module DaVinciCRDTestKit
     description %(
         Verify that the JWKS can be retrieved from the JWKS uri if it is present in the `jku` field within the JWT token
         header. As per the [CDS hooks specification](https://cds-hooks.hl7.org/2.0#trusting-cds-clients), if the jku
-        header field is ommitted, the CDS Client and CDS Service SHALL communicate the JWK Set out-of-band. Therefore,
+        header field is omitted, the CDS Client and CDS Service SHALL communicate the JWK Set out-of-band. Therefore,
         if the client does not make their keys publicly available via a uri in the `jku` field, the user must
         submit the jwk_set as an input to the test.
       )
 
     input :auth_token_headers_json
-    input :jwk_set,
-          title: "The Client's JWK Set containing it's public key",
+    input :cds_jwk_set,
+          title: 'CRD JSON Web Key Set (JWKS)',
+          type: 'textarea',
           description: %(
-            Must supply if you do not make your keys publicly available via a uri in the authorization JWT header `jku`
-            field'
+            The client's registered JWK Set containing it's public key, either
+            as a publicly accessible url containing the JWKS, or the raw JWKS.
+            Run or re-run the **Client Registration** group to set or
+            change this value. Used if the `jku` header is not found in the auth token jwt.
           ),
-          type: 'textarea',
+          locked: true,
           optional: true
     output :crd_jwks_json, :crd_jwks_keys_json
 
@@ -53,11 +56,11 @@ module DaVinciCRDTestKit
 
           jwks = JSON.parse(response[:body])
         else
-          skip_if jwk_set.blank?,
+          skip_if cds_jwk_set.blank?,
                   %(#{request_number}JWK Set must be inputted if Client's JWK Set is not available via a URL
                   identified by the jku header field)
 
-          jwks = JSON.parse(jwk_set)
+          jwks = JSON.parse(cds_jwk_set)
         end
 
         keys = jwks['keys']

data/lib/davinci_crd_test_kit/client_tests/token_payload_test.rb

@@ -12,7 +12,7 @@ module DaVinciCRDTestKit
       The `iss`, `aud`, `exp`, `iat`, and `jti` claims are required.
       Additionally:
 
-      - `iss` must match the `issuer` from the `iss` input
+      - `iss` must match the `issuer` from the **CRD JWT Issuer** input
       - `aud` must match the URL of the CDS Service endpoint being invoked
       - `exp` must represent a time in the future
       - `jti` must be a non-blank string that uniquely identifies this authentication JWT
@@ -30,7 +30,7 @@ module DaVinciCRDTestKit
 
     input :auth_tokens,
           :auth_tokens_jwk_json,
-          :iss
+          :cds_jwt_iss
 
     run do
       auth_tokens_list = JSON.parse(auth_tokens)
@@ -51,7 +51,7 @@ module DaVinciCRDTestKit
               true,
               algorithms: [jwk[:alg]],
               exp_leeway: 60,
-              iss:,
+              iss: cds_jwt_iss,
               aud: hook_url,
               verify_not_before: false,
               verify_iat: false,

data/lib/davinci_crd_test_kit/crd_client_suite.rb

@@ -1,5 +1,6 @@
 require_relative 'client_fhir_api_group'
 require_relative 'client_hooks_group'
+require_relative 'client_registration_group'
 require_relative 'routes/cds_services_discovery_handler'
 require_relative 'tags'
 require_relative 'urls'
@@ -33,8 +34,10 @@ module DaVinciCRDTestKit
       ## SMART App Launch
       Use this information when registering Inferno as a SMART App:
 
-      * Launch URI: `#{SMARTAppLaunch::AppLaunchTest.config.options[:launch_uri]}`
-      * Redirect URI: `#{SMARTAppLaunch::AppRedirectTest.config.options[:redirect_uri]}`
+      * Launch URI: `#{SMARTAppLaunch::AppLaunchTest.config.options[:launch_uri] ||
+                       "#{Inferno::Application['base_url']}/custom/smart/launch"}`
+      * Redirect URI: `#{SMARTAppLaunch::AppRedirectTest.config.options[:redirect_uri] ||
+                         "#{Inferno::Application['base_url']}/custom/smart/redirect"}`
 
       If a client receives a SMART App Launch card in a response and would like
       to test their ability to launch Inferno as a SMART App, first run the
@@ -70,6 +73,29 @@ module DaVinciCRDTestKit
         based on the provided inputs, as the resource might not exist on the
         client's FHIR server.
 
+      ## Running the Tests aginst the Server Suite
+
+      You can also run these tests against the Inferno CRD Server test suite.
+      The server suite will not render cards like a real CRD client would do,
+      but will simulate and verify the interactions between the client and
+      server.
+
+      1. Start a "Da Vinci CRD Client Test Suite" session.
+      1. Choose the "Inferno CRD Server Suite" preset from the drop down in the upper left.
+      1. Run the Client Registration test group. It should pass.
+      1. Run the Hooks > Appointment Book test group leaving the inputs as is. A
+         "User Action Dialog" will appear indicating that Inferno is waiting for the
+         `appointment-book` hook invocation.
+      1. In another tab, start a "Da Vinci CRD Server Test Suite" session.
+      1. Choose the "Inferno CRD Client Suite" preset from the drop down in the upper left.
+      1. Run the Discovery test group. It should pass.
+      1. Run the Demonstrate A Hook Response test. It should pass
+      1. Return to the client suite and click the link to continue the tests.
+      1. When the attestation wait dialog appears, return to the server tests and look in test
+         **2.04** "All service responses contain valid cards and optional systemActions"
+         for the CDS hooks request made and look at the response to verify that the
+         indicate cards are present. Attest accordingly in the client suite to complete the tests.
+
       ## Limitations
       The test suite does not implement any sort of payer business logic, so the
       responses to hook calls are simple hard-coded responses. Hook
@@ -142,6 +168,8 @@ module DaVinciCRDTestKit
       CRDClientSuite.extract_token_from_query_params(request)
     end
 
+    group from: :crd_client_registration
+
     group from: :crd_client_hooks
 
     group from: :crd_client_fhir_api

data/lib/davinci_crd_test_kit/hook_request_field_validation.rb

@@ -286,6 +286,14 @@ module DaVinciCRDTestKit
     end
 
     def bundle_entries_check(context, context_field_name, bundle, resource_types, status = nil)
+      bundle.entry.each do |entry|
+        resource_id = entry.resource.id
+        next unless resource_id.blank?
+
+        error_msg = 'Resource in the FHIR Bundle does not have an id'
+        add_message('error', error_msg)
+      end
+
       target_resources = bundle.entry.map(&:resource).select { |r| resource_types.include?(r.resourceType) }
       if target_resources.blank?
         error_msg = "#{request_number}`#{context_field_name}` bundle must contain at least one of the " \

data/lib/davinci_crd_test_kit/requirements/davinci-crd-test-kit_out_of_scope_requirements.csv

@@ -0,0 +1 @@
+Req Set,ID,Reason,Details