RubyGems - davinci_crd_test_kit - Versions diffs - 0.9.0 → 0.9.1.rc - Mend

davinci_crd_test_kit 0.9.0 → 0.9.1.rc

Files changed (39) hide show

data/lib/davinci_crd_test_kit/client_tests/retrieve_jwks_test.rb CHANGED Viewed

@@ -1,5 +1,9 @@
+require_relative '../client_hook_request_validation'
 module DaVinciCRDTestKit
   class RetrieveJWKSTest < Inferno::Test
+    include ClientHookRequestValidation
     id :crd_retrieve_jwks
     title 'JWKS can be retrieved'
     description %(
@@ -10,7 +14,7 @@ module DaVinciCRDTestKit
         submit the jwk_set as an input to the test.
       )
-    input :auth_token_header_json
+    input :auth_token_headers_json
     input :jwk_set,
           title: "The Client's JWK Set containing it's public key",
           description: %(
@@ -20,46 +24,79 @@ module DaVinciCRDTestKit
           type: 'textarea',
           optional: true
     output :crd_jwks_json, :crd_jwks_keys_json
-    makes_request :crd_client_jwks
     run do
-      token_header = JSON.parse(auth_token_header_json)
-      jku = token_header['jku']
+      auth_token_headers = JSON.parse(auth_token_headers_json)
+      skip_if auth_token_headers.empty?, 'No Authorization tokens produced from the previous test.'
-      if jku.present?
-        get(jku, name: :crd_client_jwks)
+      crd_jwks_json = []
+      crd_jwks_keys_json = []
+      auth_token_headers.each_with_index do |token_header, index|
+        @request_number = index + 1
-        assert_response_status(200)
-        assert_valid_json(response[:body])
-        output crd_jwks_json: response[:body]
+        jku = JSON.parse(token_header)['jku']
+        if jku.present?
+          get(jku)
-        jwks = JSON.parse(response[:body])
-      else
-        skip_if jwk_set.blank?,
-                %(JWK Set must be inputted if Client's JWK Set is not available via a URL identified by the jku header
-                field)
+          if response[:status] != 200
+            add_message('error', %(
+                        #{request_number}Unexpected response status: expected 200, but received
+                        #{response[:status]}))
+            next
+          end
-        jwks = JSON.parse(jwk_set)
-      end
+          @request_number = index + 1
+          jwks = json_parse(response[:body])
+          next if jwks.blank?
-      keys = jwks['keys']
-      assert keys.is_a?(Array), 'JWKS `keys` field must be an array'
+          crd_jwks_json << response[:body]
-      assert keys.present?, 'The JWK set returned contains no public keys'
+          jwks = JSON.parse(response[:body])
+        else
+          skip_if jwk_set.blank?,
+                  %(#{request_number}JWK Set must be inputted if Client's JWK Set is not available via a URL
+                  identified by the jku header field)
-      keys.each do |jwk|
-        JWT::JWK.import(jwk.deep_symbolize_keys)
-      rescue StandardError
-        assert false, "Invalid JWK: #{jwk.to_json}"
-      end
+          jwks = JSON.parse(jwk_set)
+        end
+        keys = jwks['keys']
+        unless keys.is_a?(Array)
+          add_message('error', "#{request_number}JWKS `keys` field must be an array")
+          next
+        end
-      kid_presence = keys.all? { |key| key['kid'].present? }
-      assert kid_presence, '`kid` field must be present in each key if JWKS contains multiple keys'
+        if keys.blank?
+          add_message('error', "#{request_number}The JWK set returned contains no public keys")
+          next
+        end
+        keys.each do |jwk|
+          JWT::JWK.import(jwk.deep_symbolize_keys)
+        rescue StandardError
+          add_message('error', "#{request_number}Invalid JWK: #{jwk.to_json}")
+        end
+        kid_presence = keys.all? { |key| key['kid'].present? }
+        if kid_presence.blank?
+          add_message('error',
+                      "#{request_number}`kid` field must be present in each key if JWKS contains multiple keys")
+          next
+        end
+        kid_uniqueness = keys.map { |key| key['kid'] }.uniq.length == keys.length
+        if kid_uniqueness.blank?
+          add_message('error', "#{request_number}`kid` must be unique within the client's JWK Set.")
+          next
+        end
+        crd_jwks_keys_json << keys.to_json
+      end
-      kid_uniqueness = keys.map { |key| key['kid'] }.uniq.length == keys.length
-      assert kid_uniqueness, '`kid` must be unique within the client\' JWK Set.'
+      output crd_jwks_json: crd_jwks_json.to_json,
+             crd_jwks_keys_json: crd_jwks_keys_json.to_json
-      output crd_jwks_keys_json: keys.to_json
+      no_error_validation('Retrieving JWKS failed.')
     end
   end
 end

data/lib/davinci_crd_test_kit/client_tests/submitted_response_validation.rb ADDED Viewed

@@ -0,0 +1,44 @@
+module DaVinciCRDTestKit
+  class SubmittedResponseValidationTest < Inferno::Test
+    include CardsValidation
+    title 'Custom CDS Service Response is valid'
+    id :crd_submitted_response_validation
+    input :custom_response, optional: true
+    def hook_name
+      config.options[:hook_name]
+    end
+    def response_label(_index = nil)
+      'Custom response'
+    end
+    def valid_cards
+      @valid_cards ||= []
+    end
+    def validate_system_actions(system_actions)
+      return if system_actions.nil?
+      system_actions.each do |action|
+        action_fields_validation(action)
+      end
+    end
+    run do
+      omit_if custom_response.blank?, 'Custom response was not provided'
+      assert_valid_json custom_response
+      custom_response_hash = JSON.parse(custom_response)
+      perform_cards_validation(custom_response_hash['cards'])
+      validate_system_actions(custom_response_hash['systemActions'])
+      no_error_validation('Custom response is not valid. Check messages for issues found.')
+    end
+  end
+end

data/lib/davinci_crd_test_kit/client_tests/token_header_test.rb CHANGED Viewed

@@ -1,5 +1,9 @@
+require_relative '../client_hook_request_validation'
 module DaVinciCRDTestKit
   class TokenHeaderTest < Inferno::Test
+    include ClientHookRequestValidation
     id :crd_token_header
     title 'Authorization token header contains required information'
     description %(
@@ -8,27 +12,54 @@ module DaVinciCRDTestKit
       that the key used to sign the token can be identified in the JWKS.
     )
-    input :auth_token_header_json, :crd_jwks_keys_json
-    output :auth_token_jwk_json
+    input :auth_token_headers_json, :crd_jwks_keys_json
+    output :auth_tokens_jwk_json
     run do
-      header = JSON.parse(auth_token_header_json)
+      auth_token_headers = JSON.parse(auth_token_headers_json)
+      crd_jwks_keys = JSON.parse(crd_jwks_keys_json)
+      skip_if auth_token_headers.empty?, 'No Authorization tokens produced from the previous tests.'
+      skip_if crd_jwks_keys.empty?, 'No JWKS keys produced from the previous test.'
+      auth_tokens_jwk_json = []
+      auth_token_headers.each_with_index do |token_header, index|
+        @request_number = index + 1
+        header = JSON.parse(token_header)
+        algorithm = header['alg']
+        add_message('error', "#{request_number}Token header must have the `alg` field") if algorithm.blank?
+        add_message('error', "#{request_number}Token header `alg` field cannot be set to none") if algorithm == 'none'
+        if header['typ'].blank?
+          add_message('error', "#{request_number}Token header must have the `typ` field")
+        elsif header['typ'] != 'JWT'
+          add_message('error', %(
+                      #{request_number}Token header `typ` field must be set to 'JWT', instead was
+                      #{header['typ']}))
+        end
+        if header['kid'].blank?
+          add_message('error', "#{request_number}Token header must have the `kid` field")
+          next
+        end
-      algorithm = header['alg']
-      assert algorithm.present?, 'Token header must have the `alg` field'
-      assert algorithm != 'none', 'Token header `alg` field cannot be set to none'
+        kid = header['kid']
+        keys = JSON.parse(crd_jwks_keys[index])
-      assert header['typ'].present?, 'Token header must have the `typ` field'
-      assert header['typ'] == 'JWT', "Token header `typ` field must be set to 'JWT', instead was #{header['typ']}"
+        jwk = keys.find { |key| key['kid'] == kid }
+        if jwk.blank?
+          add_message('error', "#{request_number}JWKS did not contain a public key with an id of `#{kid}`")
+          next
+        end
-      assert header['kid'].present?, 'Token header must have the `kid` field'
-      kid = header['kid']
-      keys = JSON.parse(crd_jwks_keys_json)
+        auth_tokens_jwk_json << jwk.to_json
+      end
-      jwk = keys.find { |key| key['kid'] == kid }
-      assert jwk.present?, "JWKS did not contain a public key with an id of `#{kid}`"
+      output auth_tokens_jwk_json: auth_tokens_jwk_json.to_json
-      output auth_token_jwk_json: jwk.to_json
+      no_error_validation('Token headers missing required information.')
     end
   end
 end

data/lib/davinci_crd_test_kit/client_tests/token_payload_test.rb CHANGED Viewed

@@ -1,5 +1,8 @@
+require_relative '../client_hook_request_validation'
 module DaVinciCRDTestKit
   class TokenPayloadTest < Inferno::Test
+    include ClientHookRequestValidation
     include URLs
     id :crd_token_payload
     title 'Authorization token payload has required claims and a valid signature'
@@ -25,37 +28,51 @@ module DaVinciCRDTestKit
       base_url + config.options[:hook_path]
     end
-    input :auth_token,
-          :auth_token_jwk_json,
+    input :auth_tokens,
+          :auth_tokens_jwk_json,
           :iss
     run do
-      begin
-        jwk = JSON.parse(auth_token_jwk_json).deep_symbolize_keys
-        payload, =
-          JWT.decode(
-            auth_token,
-            JWT::JWK.import(jwk).public_key,
-            true,
-            algorithms: [jwk[:alg]],
-            exp_leeway: 60,
-            iss:,
-            aud: hook_url,
-            verify_not_before: false,
-            verify_iat: false,
-            verify_jti: true,
-            verify_iss: true,
-            verify_aud: true
-          )
-      rescue StandardError => e
-        assert false, "Token validation error: #{e.message}"
-      end
+      auth_tokens_list = JSON.parse(auth_tokens)
+      auth_tokens_jwk = JSON.parse(auth_tokens_jwk_json)
+      skip_if auth_tokens_list.empty?, 'No Authorization tokens produced from the previous tests.'
+      skip_if auth_tokens_jwk.empty?, 'No Authorization token JWK produced from the previous test.'
+      auth_tokens_jwk.each_with_index do |auth_token_jwk, index|
+        @request_number = index + 1
-      missing_claims = required_claims - payload.keys
-      missing_claims_string = missing_claims.map { |claim| "`#{claim}`" }.join(', ')
+        begin
+          jwk = JSON.parse(auth_token_jwk).deep_symbolize_keys
-      assert missing_claims.empty?, "JWT payload missing required claims: #{missing_claims_string}"
+          payload, =
+            JWT.decode(
+              auth_tokens_list[index],
+              JWT::JWK.import(jwk).public_key,
+              true,
+              algorithms: [jwk[:alg]],
+              exp_leeway: 60,
+              iss:,
+              aud: hook_url,
+              verify_not_before: false,
+              verify_iat: false,
+              verify_jti: true,
+              verify_iss: true,
+              verify_aud: true
+            )
+        rescue StandardError => e
+          add_message('error', "#{request_number}Token validation error: #{e.message}")
+          next
+        end
+        missing_claims = required_claims - payload.keys
+        missing_claims_string = missing_claims.map { |claim| "`#{claim}`" }.join(', ')
+        unless missing_claims.empty?
+          add_message('error', "#{request_number}JWT payload missing required claims: #{missing_claims_string}")
+          next
+        end
+      end
+      no_error_validation('Token payload is missing required claims or does not have a valid signiture.')
     end
   end
 end

data/lib/davinci_crd_test_kit/crd_client_suite.rb CHANGED Viewed

@@ -121,10 +121,6 @@ module DaVinciCRDTestKit
                    }
                  ]
-    def self.test_resumes?(test)
-      !test.config.options[:accepts_multiple_requests]
-    end
     def self.extract_token_from_query_params(request)
       request.query_parameters['token']
     end