RubyGems - davinci_crd_test_kit - Versions diffs - 0.9.0 → 0.9.1 - Mend

davinci_crd_test_kit 0.9.0 → 0.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (39) hide show

data/lib/davinci_crd_test_kit/client_tests/retrieve_jwks_test.rb CHANGED Viewed

@@ -1,5 +1,9 @@
+require_relative '../client_hook_request_validation'
 module DaVinciCRDTestKit
   class RetrieveJWKSTest < Inferno::Test
+    include ClientHookRequestValidation
     id :crd_retrieve_jwks
     title 'JWKS can be retrieved'
     description %(
@@ -10,7 +14,7 @@ module DaVinciCRDTestKit
         submit the jwk_set as an input to the test.
       )
-    input :auth_token_header_json
+    input :auth_token_headers_json
     input :jwk_set,
           title: "The Client's JWK Set containing it's public key",
           description: %(
@@ -20,46 +24,79 @@ module DaVinciCRDTestKit
           type: 'textarea',
           optional: true
     output :crd_jwks_json, :crd_jwks_keys_json
-    makes_request :crd_client_jwks
     run do
-      token_header = JSON.parse(auth_token_header_json)
-      jku = token_header['jku']
+      auth_token_headers = JSON.parse(auth_token_headers_json)
+      skip_if auth_token_headers.empty?, 'No Authorization tokens produced from the previous test.'
-      if jku.present?
-        get(jku, name: :crd_client_jwks)
+      crd_jwks_json = []
+      crd_jwks_keys_json = []
+      auth_token_headers.each_with_index do |token_header, index|
+        @request_number = index + 1
-        assert_response_status(200)
-        assert_valid_json(response[:body])
-        output crd_jwks_json: response[:body]
+        jku = JSON.parse(token_header)['jku']
+        if jku.present?
+          get(jku)
-        jwks = JSON.parse(response[:body])
-      else
-        skip_if jwk_set.blank?,
-                %(JWK Set must be inputted if Client's JWK Set is not available via a URL identified by the jku header
-                field)
+          if response[:status] != 200
+            add_message('error', %(
+                        #{request_number}Unexpected response status: expected 200, but received
+                        #{response[:status]}))
+            next
+          end
-        jwks = JSON.parse(jwk_set)
-      end
+          @request_number = index + 1
+          jwks = json_parse(response[:body])
+          next if jwks.blank?
-      keys = jwks['keys']
-      assert keys.is_a?(Array), 'JWKS `keys` field must be an array'
+          crd_jwks_json << response[:body]
-      assert keys.present?, 'The JWK set returned contains no public keys'
+          jwks = JSON.parse(response[:body])
+        else
+          skip_if jwk_set.blank?,
+                  %(#{request_number}JWK Set must be inputted if Client's JWK Set is not available via a URL
+                  identified by the jku header field)
-      keys.each do |jwk|
-        JWT::JWK.import(jwk.deep_symbolize_keys)
-      rescue StandardError
-        assert false, "Invalid JWK: #{jwk.to_json}"
-      end
+          jwks = JSON.parse(jwk_set)
+        end
+        keys = jwks['keys']
+        unless keys.is_a?(Array)
+          add_message('error', "#{request_number}JWKS `keys` field must be an array")
+          next
+        end
-      kid_presence = keys.all? { |key| key['kid'].present? }
-      assert kid_presence, '`kid` field must be present in each key if JWKS contains multiple keys'
+        if keys.blank?
+          add_message('error', "#{request_number}The JWK set returned contains no public keys")
+          next
+        end
+        keys.each do |jwk|
+          JWT::JWK.import(jwk.deep_symbolize_keys)
+        rescue StandardError
+          add_message('error', "#{request_number}Invalid JWK: #{jwk.to_json}")
+        end
+        kid_presence = keys.all? { |key| key['kid'].present? }
+        if kid_presence.blank?
+          add_message('error',
+                      "#{request_number}`kid` field must be present in each key if JWKS contains multiple keys")
+          next
+        end
+        kid_uniqueness = keys.map { |key| key['kid'] }.uniq.length == keys.length
+        if kid_uniqueness.blank?
+          add_message('error', "#{request_number}`kid` must be unique within the client's JWK Set.")
+          next
+        end
+        crd_jwks_keys_json << keys.to_json
+      end
-      kid_uniqueness = keys.map { |key| key['kid'] }.uniq.length == keys.length
-      assert kid_uniqueness, '`kid` must be unique within the client\' JWK Set.'
+      output crd_jwks_json: crd_jwks_json.to_json,
+             crd_jwks_keys_json: crd_jwks_keys_json.to_json
-      output crd_jwks_keys_json: keys.to_json
+      no_error_validation('Retrieving JWKS failed.')
     end
   end
 end

data/lib/davinci_crd_test_kit/client_tests/submitted_response_validation.rb ADDED Viewed

@@ -0,0 +1,44 @@
+module DaVinciCRDTestKit
+  class SubmittedResponseValidationTest < Inferno::Test
+    include CardsValidation
+    title 'Custom CDS Service Response is valid'
+    id :crd_submitted_response_validation
+    input :custom_response, optional: true
+    def hook_name
+      config.options[:hook_name]
+    end
+    def response_label(_index = nil)
+      'Custom response'
+    end
+    def valid_cards
+      @valid_cards ||= []
+    end
+    def validate_system_actions(system_actions)
+      return if system_actions.nil?
+      system_actions.each do |action|
+        action_fields_validation(action)
+      end
+    end
+    run do
+      omit_if custom_response.blank?, 'Custom response was not provided'
+      assert_valid_json custom_response
+      custom_response_hash = JSON.parse(custom_response)
+      perform_cards_validation(custom_response_hash['cards'])
+      validate_system_actions(custom_response_hash['systemActions'])
+      no_error_validation('Custom response is not valid. Check messages for issues found.')
+    end
+  end
+end

data/lib/davinci_crd_test_kit/client_tests/token_header_test.rb CHANGED Viewed

@@ -1,5 +1,9 @@
+require_relative '../client_hook_request_validation'
 module DaVinciCRDTestKit
   class TokenHeaderTest < Inferno::Test
+    include ClientHookRequestValidation
     id :crd_token_header
     title 'Authorization token header contains required information'
     description %(
@@ -8,27 +12,54 @@ module DaVinciCRDTestKit
       that the key used to sign the token can be identified in the JWKS.
     )
-    input :auth_token_header_json, :crd_jwks_keys_json
-    output :auth_token_jwk_json
+    input :auth_token_headers_json, :crd_jwks_keys_json
+    output :auth_tokens_jwk_json
     run do
-      header = JSON.parse(auth_token_header_json)
+      auth_token_headers = JSON.parse(auth_token_headers_json)
+      crd_jwks_keys = JSON.parse(crd_jwks_keys_json)
+      skip_if auth_token_headers.empty?, 'No Authorization tokens produced from the previous tests.'
+      skip_if crd_jwks_keys.empty?, 'No JWKS keys produced from the previous test.'
+      auth_tokens_jwk_json = []
+      auth_token_headers.each_with_index do |token_header, index|
+        @request_number = index + 1
+        header = JSON.parse(token_header)
+        algorithm = header['alg']
+        add_message('error', "#{request_number}Token header must have the `alg` field") if algorithm.blank?
+        add_message('error', "#{request_number}Token header `alg` field cannot be set to none") if algorithm == 'none'
+        if header['typ'].blank?
+          add_message('error', "#{request_number}Token header must have the `typ` field")
+        elsif header['typ'] != 'JWT'
+          add_message('error', %(
+                      #{request_number}Token header `typ` field must be set to 'JWT', instead was
+                      #{header['typ']}))
+        end
+        if header['kid'].blank?
+          add_message('error', "#{request_number}Token header must have the `kid` field")
+          next
+        end
-      algorithm = header['alg']
-      assert algorithm.present?, 'Token header must have the `alg` field'
-      assert algorithm != 'none', 'Token header `alg` field cannot be set to none'
+        kid = header['kid']
+        keys = JSON.parse(crd_jwks_keys[index])
-      assert header['typ'].present?, 'Token header must have the `typ` field'
-      assert header['typ'] == 'JWT', "Token header `typ` field must be set to 'JWT', instead was #{header['typ']}"
+        jwk = keys.find { |key| key['kid'] == kid }
+        if jwk.blank?
+          add_message('error', "#{request_number}JWKS did not contain a public key with an id of `#{kid}`")
+          next
+        end
-      assert header['kid'].present?, 'Token header must have the `kid` field'
-      kid = header['kid']
-      keys = JSON.parse(crd_jwks_keys_json)
+        auth_tokens_jwk_json << jwk.to_json
+      end
-      jwk = keys.find { |key| key['kid'] == kid }
-      assert jwk.present?, "JWKS did not contain a public key with an id of `#{kid}`"
+      output auth_tokens_jwk_json: auth_tokens_jwk_json.to_json
-      output auth_token_jwk_json: jwk.to_json
+      no_error_validation('Token headers missing required information.')
     end
   end
 end

data/lib/davinci_crd_test_kit/client_tests/token_payload_test.rb CHANGED Viewed

@@ -1,5 +1,8 @@
+require_relative '../client_hook_request_validation'
 module DaVinciCRDTestKit
   class TokenPayloadTest < Inferno::Test
+    include ClientHookRequestValidation
     include URLs
     id :crd_token_payload
     title 'Authorization token payload has required claims and a valid signature'
@@ -25,37 +28,51 @@ module DaVinciCRDTestKit
       base_url + config.options[:hook_path]
     end
-    input :auth_token,
-          :auth_token_jwk_json,
+    input :auth_tokens,
+          :auth_tokens_jwk_json,
           :iss
     run do
-      begin
-        jwk = JSON.parse(auth_token_jwk_json).deep_symbolize_keys
-        payload, =
-          JWT.decode(
-            auth_token,
-            JWT::JWK.import(jwk).public_key,
-            true,
-            algorithms: [jwk[:alg]],
-            exp_leeway: 60,
-            iss:,
-            aud: hook_url,
-            verify_not_before: false,
-            verify_iat: false,
-            verify_jti: true,
-            verify_iss: true,
-            verify_aud: true
-          )
-      rescue StandardError => e
-        assert false, "Token validation error: #{e.message}"
-      end
+      auth_tokens_list = JSON.parse(auth_tokens)
+      auth_tokens_jwk = JSON.parse(auth_tokens_jwk_json)
+      skip_if auth_tokens_list.empty?, 'No Authorization tokens produced from the previous tests.'
+      skip_if auth_tokens_jwk.empty?, 'No Authorization token JWK produced from the previous test.'
+      auth_tokens_jwk.each_with_index do |auth_token_jwk, index|
+        @request_number = index + 1
-      missing_claims = required_claims - payload.keys
-      missing_claims_string = missing_claims.map { |claim| "`#{claim}`" }.join(', ')
+        begin
+          jwk = JSON.parse(auth_token_jwk).deep_symbolize_keys
-      assert missing_claims.empty?, "JWT payload missing required claims: #{missing_claims_string}"
+          payload, =
+            JWT.decode(
+              auth_tokens_list[index],
+              JWT::JWK.import(jwk).public_key,
+              true,
+              algorithms: [jwk[:alg]],
+              exp_leeway: 60,
+              iss:,
+              aud: hook_url,
+              verify_not_before: false,
+              verify_iat: false,
+              verify_jti: true,
+              verify_iss: true,
+              verify_aud: true
+            )
+        rescue StandardError => e
+          add_message('error', "#{request_number}Token validation error: #{e.message}")
+          next
+        end
+        missing_claims = required_claims - payload.keys
+        missing_claims_string = missing_claims.map { |claim| "`#{claim}`" }.join(', ')
+        unless missing_claims.empty?
+          add_message('error', "#{request_number}JWT payload missing required claims: #{missing_claims_string}")
+          next
+        end
+      end
+      no_error_validation('Token payload is missing required claims or does not have a valid signiture.')
     end
   end
 end

data/lib/davinci_crd_test_kit/crd_client_suite.rb CHANGED Viewed

@@ -121,10 +121,6 @@ module DaVinciCRDTestKit
                    }
                  ]
-    def self.test_resumes?(test)
-      !test.config.options[:accepts_multiple_requests]
-    end
     def self.extract_token_from_query_params(request)
       request.query_parameters['token']
     end