davinci_crd_test_kit 0.9.0 → 0.9.1

data/lib/davinci_crd_test_kit/hook_request_field_validation.rb

@@ -1,5 +1,20 @@
 module DaVinciCRDTestKit
   module HookRequestFieldValidation
+    def request_number
+      if @request_number.blank?
+        ''
+      else
+        "Request #{@request_number}: "
+      end
+    end
+
+    def json_parse(json)
+      JSON.parse(json)
+    rescue JSON::ParserError
+      add_message('error', "#{request_number}Invalid JSON.")
+      false
+    end
+
     def hook_required_fields
       {
         'hook' => String,
@@ -82,23 +97,61 @@ module DaVinciCRDTestKit
         'Medication' => 'http://hl7.org/fhir/us/core/StructureDefinition/us-core-medication',
         'Device' => 'http://hl7.org/fhir/us/davinci-crd/StructureDefinition/profile-device',
         'CommunicationRequest' => 'http://hl7.org/fhir/us/davinci-crd/StructureDefinition/profile-communicationrequest',
-        'Task' => 'http://hl7.org/fhir/us/davinci-crd/StructureDefinition/profile-taskquestionnaire'
+        'Task' => 'http://hl7.org/fhir/us/davinci-crd/StructureDefinition/profile-taskquestionnaire',
+        'Coverage' => 'http://hl7.org/fhir/us/davinci-crd/StructureDefinition/profile-coverage',
+        'Location' => 'http://hl7.org/fhir/us/davinci-crd/StructureDefinition/profile-location',
+        'Organization' => 'http://hl7.org/fhir/us/davinci-crd/StructureDefinition/profile-organization'
       }.freeze
     end
 
     def hook_request_required_fields_check(request_body, hook_name)
       hook_required_fields.each do |field, type|
-        assert(request_body[field], "Hook request did not contain required field: `#{field}`")
-        assert(request_body[field].is_a?(type), "Hook request field #{field} is not of type #{type}")
+        if request_body[field].blank?
+          add_message('error', "#{request_number}Hook request did not contain required field: `#{field}`")
+          next
+        end
+
+        unless request_body[field].is_a?(type)
+          add_message('error', "#{request_number}Hook request field #{field} is not of type #{type}")
+          next
+        end
+      end
+
+      if request_body['hook'] != hook_name
+        add_message('error',
+                    "#{request_number}The `hook` field should be #{hook_name}, but was #{request_body['hook']}")
+        return
       end
 
-      assert(request_body['hook'] == hook_name,
-             "The `hook` field should be #{hook_name}, but was #{request_body['hook']}")
+      return unless request_body['fhirAuthorization'].present? && request_body['fhirServer'].blank?
 
-      return unless request_body['fhirAuthorization']
+      add_message('error', %(
+                  #{request_number}Missing `fhirServer` field: If `fhirAuthorization` is provided, this field is
+                  #REQUIRED.))
+    end
+
+    def fhir_auth_fields_valid?(fhir_authorization_required_fields, fhir_authorization)
+      fhir_auth_valid = true
+      fhir_authorization_required_fields.each do |field, type|
+        if fhir_authorization[field].blank?
+          add_message('error', "#{request_number}`fhirAuthorization` did not contain required field: `#{field}`")
+          fhir_auth_valid = false
+        end
+        unless fhir_authorization[field].is_a?(type)
+          add_message('error', "#{request_number}`fhirAuthorization` field #{field} is not of type #{type}")
+          fhir_auth_valid = false
+        end
+      end
+      fhir_auth_valid
+    end
 
-      assert(request_body['fhirServer'],
-             'Missing `fhirServer` field: If `fhirAuthorization` is provided, this field is REQUIRED.')
+    def check_patient_scope_requirement(scopes, fhir_authorization)
+      if scopes.any? { |scope| scope.start_with?('patient/') } &&
+         !(fhir_authorization['patient'] && fhir_authorization['patient'].is_a?(String))
+        info %(
+           #{request_number}The `patient` field for request SHOULD be populated to identify the FHIR id of that
+           patient when the granted SMART scopes include patient scopes)
+      end
     end
 
     def hook_request_fhir_auth_check(request_body)
@@ -106,36 +159,27 @@ module DaVinciCRDTestKit
 
         fhir_authorization = request_body['fhirAuthorization']
 
-        fhir_authorization_required_fields.each do |field, type|
-          assert(fhir_authorization[field], "`fhirAuthorization` did not contain required field: `#{field}`")
-          assert(fhir_authorization[field].is_a?(type), "`fhirAuthorization` field #{field} is not of type #{type}")
-        end
+        return unless fhir_auth_fields_valid?(fhir_authorization_required_fields, fhir_authorization)
 
-        assert(fhir_authorization['token_type'] == 'Bearer',
-               "`fhirAuthorization` `token_type` field is not set to 'Bearer'")
+        if fhir_authorization['token_type'] != 'Bearer'
+          add_message('error', "#{request_number}`fhirAuthorization` `token_type` field is not set to 'Bearer'")
+        end
 
         access_token = fhir_authorization['access_token']
 
         scopes = fhir_authorization['scope'].split
 
-        if scopes.any? { |scope| scope.start_with?('patient/') }
-          info do
-            assert(fhir_authorization['patient'] && fhir_authorization['patient'].is_a?(String),
-                   %(The `patient` field SHOULD be populated to identify the FHIR id of that patient when the granted
-                    SMART scopes include patient scopes))
-          end
-        end
+        check_patient_scope_requirement(scopes, fhir_authorization)
       end
       { fhir_server_uri: request_body['fhirServer'], fhir_access_token: access_token }
     end
 
     def hook_request_optional_fields_check(request_body)
       hook_optional_fields.each do |field, type|
-        info do
-          assert(request_body[field], "Hook request did not contain optional field: `#{field}`")
-        end
-        if request_body[field]
-          assert(request_body[field].is_a?(type), "Hook request field #{field} is not of type #{type}")
+        info "#{request_number}Hook request did not contain optional field: `#{field}`" if request_body[field].blank?
+
+        if request_body[field] && !request_body[field].is_a?(type)
+          add_message('error', "#{request_number}Hook request field #{field} is not of type #{type}")
         end
       end
       hook_request_fhir_auth_check(request_body)
@@ -165,7 +209,8 @@ module DaVinciCRDTestKit
     def hook_request_context_check(context, hook_name)
       required_fields = context_required_fields_by_hook[hook_name]
       required_fields.each do |field, type|
-        validate_presence_and_type(context, field, type, "#{hook_name} request context")
+        validate_presence_and_type(context, field, type,
+                                   "#{request_number}#{hook_name} request context")
       end
       context_validate_optional_fields(context, hook_name)
       hook_specific_context_check(context, hook_name)
@@ -195,7 +240,7 @@ module DaVinciCRDTestKit
       resource_type, resource_id = reference.split('/')
 
       if supported_resource_types && !supported_resource_types.include?(resource_type)
-        error_msg = "Unsupported resource type: `#{field_name}` type should be one " \
+        error_msg = "#{request_number}Unsupported resource type: `#{field_name}` type should be one " \
                     "of the following: #{supported_resource_types.to_sentence}, but " \
                     "received #{resource_type}."
 
@@ -210,7 +255,10 @@ module DaVinciCRDTestKit
       resource_type, resource_id = reference.split('/')
       return true if resource_type.present? && resource_id.present?
 
-      add_message('error', "Invalid `#{field_name}` format. Expected `{resourceType}/{id}`, received `#{reference}`.")
+      add_message('error', %(
+        #{request_number}Invalid `#{field_name}` format. Expected `{resourceType}/{id}`,
+        received `#{reference}`.
+      ))
       false
     end
 
@@ -228,7 +276,9 @@ module DaVinciCRDTestKit
 
     def valid_id_format?(field, hook_name, resource_id)
       if resource_id.include?('/')
-        error_msg = "`#{field}` in #{hook_name} context should be a plain ID, not a reference. Got: `#{resource_id}`."
+        error_msg = %(
+          #{request_number}`#{field}` in #{hook_name} context should be a plain ID, not a reference.
+          Got: `#{resource_id}`.)
         add_message('error', error_msg)
         false
       end
@@ -237,9 +287,9 @@ module DaVinciCRDTestKit
 
     def bundle_entries_check(context, context_field_name, bundle, resource_types, status = nil)
       target_resources = bundle.entry.map(&:resource).select { |r| resource_types.include?(r.resourceType) }
-      unless target_resources.present?
-        error_msg = "`#{context_field_name}` bundle must contain at least one of the expected resource types: " \
-                    "#{resource_types.to_sentence}. In Context `#{context}`"
+      if target_resources.blank?
+        error_msg = "#{request_number}`#{context_field_name}` bundle must contain at least one of the " \
+                    "expected resource types: #{resource_types.to_sentence}. In Context `#{context}`"
         add_message('error', error_msg)
         return
       end
@@ -254,24 +304,24 @@ module DaVinciCRDTestKit
     def status_check(context, context_field_name, status, resources)
       return unless status && !resources.all? { |resource| resource.status == status }
 
-      error_msg = "All #{resources.map(&:resourceType).uniq.to_sentence} resources in `#{context_field_name}` " \
-                  "bundle must have a `#{status}` status. In Context `#{context}`"
+      error_msg = "#{request_number}All #{resources.map(&:resourceType).uniq.to_sentence} resources in " \
+                  "`#{context_field_name}` bundle must have a `#{status}` status. In Context `#{context}`"
       add_message('error', error_msg)
     end
 
     def parse_fhir_bundle_from_context(context_field_name, context)
       fhir_bundle = FHIR.from_contents(context[context_field_name].to_json)
-      unless fhir_bundle
-        error_msg = "`#{context_field_name}` field is not a FHIR resource: `#{context[context_field_name]}`. " \
-                    "In Context `#{context}`"
+      if fhir_bundle.blank?
+        error_msg = "#{request_number}`#{context_field_name}` field is not a FHIR resource: " \
+                    "`#{context[context_field_name]}`. In Context `#{context}`"
         add_message('error', error_msg)
         return
       end
 
       return fhir_bundle if fhir_bundle.is_a?(FHIR::Bundle)
 
-      error_msg = "Wrong context resource type: Expected `Bundle`, got `#{fhir_bundle.resourceType}`. " \
-                  "In Context `#{context}`"
+      error_msg = "#{request_number}Wrong context resource type: Expected `Bundle`, got " \
+                  "`#{fhir_bundle.resourceType}`. In Context `#{context}`"
       add_message('error', error_msg)
       nil
     end
@@ -283,7 +333,7 @@ module DaVinciCRDTestKit
         resource_reference_check(reference, 'selections item', supported_resource_types: expected_resource_types)
         next if order_refs.include?(reference)
 
-        error_msg = '`selections` field must reference FHIR resources in `draftOrders`. ' \
+        error_msg = "#{request_number}`selections` field must reference FHIR resources in `draftOrders`. " \
                     "#{reference} is not in `draftOrders`. In Context `#{context}`"
         add_message('error', error_msg)
       end
@@ -294,7 +344,7 @@ module DaVinciCRDTestKit
       id_only_fields_check('appointment-book', context, ['patientId'])
 
       appointment_bundle = parse_fhir_bundle_from_context('appointments', context)
-      return unless appointment_bundle
+      return if appointment_bundle.blank?
 
       expected_resource_types = ['Appointment']
       bundle_entries_check(context, 'appointments', appointment_bundle, expected_resource_types, 'proposed')
@@ -310,7 +360,7 @@ module DaVinciCRDTestKit
       id_only_fields_check(hook_name, context, ['patientId'])
 
       draft_orders_bundle = parse_fhir_bundle_from_context('draftOrders', context)
-      return unless draft_orders_bundle
+      return if draft_orders_bundle.blank?
 
       expected_resource_types = [
         'DeviceRequest', 'MedicationRequest', 'NutritionOrder',
@@ -352,15 +402,20 @@ module DaVinciCRDTestKit
       fhir_read(resource_type, resource_id)
       status = request.response[:status]
       unless status == 200
-        add_message('error', "Unexpected response status: expected 200, but received #{status}")
+        add_message('error', "#{request_number}Unexpected response status: expected 200, but received #{status}")
         return
       end
       unless resource.resourceType == resource_type
-        add_message('error', "Unexpected resource type: Expected `#{resource_type}`. Got `#{resource.resourceType}`.")
+        add_message('error', %(
+          #{request_number}Unexpected resource type: Expected `#{resource_type}`. Got
+          `#{resource.resourceType}`.
+        ))
         return
       end
       unless resource.id == resource_id
-        add_message('error', "Requested resource with id #{resource_id}, received resource with id #{resource.id}")
+        add_message('error', %(
+          #{request_number}Requested resource with id #{resource_id}, received resource with id #{resource.id}
+          ))
         return
       end
 
@@ -370,7 +425,7 @@ module DaVinciCRDTestKit
 
     def context_validate_optional_fields(hook_context, hook_name)
       hook_optional_context_fields = context_optional_fields_by_hook[hook_name]
-      return unless hook_optional_context_fields.present?
+      return if hook_optional_context_fields.blank?
 
       hook_optional_context_fields.each do |field, type|
         validate_presence_and_type(hook_context, field, type, "#{hook_name} request context") if hook_context[field]
@@ -394,17 +449,152 @@ module DaVinciCRDTestKit
       hash_context_fields.each do |field, entry|
         resource_json = entry.to_json
         fhir_resource = FHIR.from_contents(resource_json)
-        unless fhir_resource
-          add_message('error', "Field `#{field}` is not a FHIR resource.")
+        if fhir_resource.blank?
+          add_message('error', "#{request_number}Field `#{field}` is not a FHIR resource.")
           next
         end
         resource_type = optional_field_resource_types[field]
         unless fhir_resource.resourceType == resource_type
-          add_message('error', "Field `#{field}` must be a `#{resource_type}`. Got `#{fhir_resource.resourceType}`.")
+          add_message('error', %(
+            #{request_number}Field `#{field}` must be a `#{resource_type}`. Got
+            `#{fhir_resource.resourceType}`.
+          ))
           next
         end
         resource_is_valid?(resource: fhir_resource)
       end
     end
+
+    def hook_request_prefetch_check(advertised_prefetch_fields, received_prefetch, received_context)
+      advertised_prefetch_fields.each do |advertised_prefetch_key, advertised_prefetch_template|
+        next if received_prefetch[advertised_prefetch_key].blank?
+
+        unless received_prefetch[advertised_prefetch_key].is_a?(Hash)
+          add_message('error', "#{request_number}Prefetch field `#{advertised_prefetch_key}` is not of type `Hash`.")
+          next
+        end
+
+        received_prefetch_resource = FHIR.from_contents(received_prefetch[advertised_prefetch_key].to_json)
+
+        if advertised_prefetch_template.include?('?')
+          advertised_prefetch_fhir_search = advertised_prefetch_template.gsub(/{|}/, '').split('?')
+          advertised_prefetch_resource_type = advertised_prefetch_fhir_search.first
+
+          if advertised_prefetch_resource_type == 'Coverage'
+            advertised_coverage_query_params = Rack::Utils.parse_nested_query(advertised_prefetch_fhir_search.last)
+
+            advertised_patient_token = advertised_coverage_query_params['patient']
+            advertised_context_patient_id_key = advertised_patient_token.split('.').last
+            received_context_patient_id = received_context[advertised_context_patient_id_key]
+
+            advertised_status_param = advertised_coverage_query_params['status']
+
+            validate_prefetch_coverage(received_prefetch_resource, advertised_prefetch_key, received_context_patient_id,
+                                       advertised_status_param)
+          end
+        else
+          advertised_prefetch_token = advertised_prefetch_template.gsub(/{|}/, '').split('/')
+          advertised_context_id = advertised_prefetch_token.last.split('.').last
+
+          if advertised_prefetch_token.length == 1
+            received_context_reference = FHIR::Reference.new(reference: received_context[advertised_context_id])
+            received_context_resource_type = received_context_reference.resource_type
+            received_context_id = received_context_reference.reference_id
+          else
+            received_context_id = received_context[advertised_context_id]
+            received_context_resource_type = advertised_prefetch_token.first
+          end
+          validate_prefetch_resource(received_prefetch_resource, advertised_prefetch_key,
+                                     received_context_resource_type, received_context_id)
+        end
+      end
+    end
+
+    def validate_prefetch_coverage(received_resource, advertised_prefetch_key,
+                                   received_context_patient_id, advertised_status)
+      unless received_resource.resourceType == 'Bundle'
+        add_message('error', %(
+          #{request_number}Unexpected resource type: Expected `Bundle`. Got
+          `#{received_resource.resourceType}`.
+        ))
+        return
+      end
+
+      if received_resource.entry.empty?
+        add_message('error', "#{request_number}Bundle of coverage resources received from prefetch is empty")
+        return
+      end
+
+      coverage_resource = received_resource.entry.first.resource
+      unless coverage_resource.resourceType == 'Coverage'
+        add_message('error', %(
+          #{request_number}Unexpected resource type: Expected `Coverage`. Got
+          `#{coverage_resource.resourceType}`.
+        ))
+        return
+      end
+
+      resource_is_valid?(resource: coverage_resource,
+                         profile_url: structure_definition_map['Coverage'])
+
+      coverage_beneficiary_reference = coverage_resource.beneficiary
+      coverage_beneficiary_patient_id = coverage_beneficiary_reference.reference_id
+      if coverage_beneficiary_patient_id.blank?
+        add_message('error', %(
+          #{request_number}Could not get beneficiary reference id from `#{advertised_prefetch_key}` field's Coverage
+          resource
+        ))
+        return
+      end
+
+      if coverage_beneficiary_patient_id != received_context_patient_id
+        add_message('error', %(
+          #{request_number}Expected `#{advertised_prefetch_key}` field's Coverage resource to have a `beneficiary`
+          reference id of '#{received_context_patient_id}', instead was '#{coverage_beneficiary_patient_id}'
+        ))
+        return
+      end
+
+      coverage_status = coverage_resource.status
+      return unless coverage_status != advertised_status
+
+      add_message('error', %(
+          #{request_number}Expected `#{advertised_prefetch_key}` field's Coverage resource to have a `status` of
+          '#{advertised_status}', instead was '#{coverage_status}'
+        ))
+    end
+
+    def validate_prefetch_resource(received_resource, advertised_prefetch_key, context_field_resource_type,
+                                   context_field_id)
+      unless received_resource.resourceType == context_field_resource_type
+        add_message('error', %(
+          #{request_number}Unexpected resource type: Expected `#{context_field_resource_type}`. Got
+          `#{received_resource.resourceType}`.
+        ))
+        return
+      end
+
+      if hook_name == 'order-dispatch'
+        resource_is_valid?(resource: received_resource)
+      else
+        resource_is_valid?(resource: received_resource,
+                           profile_url: structure_definition_map[context_field_resource_type])
+      end
+
+      received_prefetch_resource_id = received_resource.id
+      if received_prefetch_resource_id.blank?
+        add_message('error', %(
+          #{request_number}#{advertised_prefetch_key}` field's FHIR resource does not contain the `id` field
+        ))
+        return
+      end
+
+      return unless received_prefetch_resource_id != context_field_id
+
+      add_message('error', %(
+        #{request_number}Expected `#{advertised_prefetch_key}` field's FHIR resource to have an `id` of
+        '#{context_field_id}', instead was '#{received_prefetch_resource_id}'
+      ))
+    end
   end
 end