onc_certification_g10_test_kit 2.0.0.rc1 → 2.0.0.rc2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 22654319a665e8dec89c10ea77df9f9053ad41655d477ef4911ee70d4eb9dbc4
4
- data.tar.gz: 8fdcd85421346c7bee498327c70249efa2c2971199f3ddb3ff455cd02af73bc2
3
+ metadata.gz: 185b5b5b6bcf810f64d23b22c5cc18295ad9235a79faddcf346d10f70f1eb4dc
4
+ data.tar.gz: be4d24ea5a4bc0e7fe12ef4f39fb5d1862e3fa780b816260d4f90645260e3bfd
5
5
  SHA512:
6
- metadata.gz: ee712d726c9fb438607abe8e3d2b2e84983bcb36300ea33fc741a6a89ae9ea1f6b7d9d1c069f688293bf044f963c73a09daac189d279915c4778922723d6f52d
7
- data.tar.gz: a713aaa7ac55ed4579bc5ac0dfa6aee7998be80266640d30582fe997454976a0a4dcd03987a451f39be133b68330e250272e47fbb3cbd4b887ae8843e1d7d9d3
6
+ metadata.gz: 4ce072840ba8339b3715985f036a80cdb43d60cf0b3341e4c3e43c5cb853b6d2221b06a278065b71bc74d646fd2b15c6d83072012006de9a4ecd4bc9d1d4181b
7
+ data.tar.gz: cbc9b029872252c9ad924bcc42c545205c7afdb272d2186472bd1eb8aa34cae54c7edd6c1803bbf61432f3116ede2c40261be466b29a48d209cc05526b0b6f60
@@ -1,3 +1,5 @@
1
+ require_relative 'temp_dir'
2
+
1
3
  module Inferno
2
4
  module Terminology
3
5
  module Tasks
@@ -12,7 +12,7 @@ module ONCCertificationG10TestKit
12
12
 
13
13
  Token refreshes are accomplished through a `POST` request to the token
14
14
  exchange endpoint as described in the [SMART App Launch
15
- Framework](http://www.hl7.org/fhir/smart-app-launch/#step-5-later-app-uses-a-refresh-token-to-obtain-a-new-access-token).
15
+ Framework](http://hl7.org/fhir/smart-app-launch/1.0.0/index.html#step-5-later-app-uses-a-refresh-token-to-obtain-a-new-access-token).
16
16
 
17
17
  # Test Methodology
18
18
 
@@ -25,7 +25,7 @@ module ONCCertificationG10TestKit
25
25
  * [The OAuth 2.0 Authorization
26
26
  Framework](https://tools.ietf.org/html/rfc6749)
27
27
  * [Using a refresh token to obtain a new access
28
- token](http://hl7.org/fhir/smart-app-launch/#step-5-later-app-uses-a-refresh-token-to-obtain-a-new-access-token)
28
+ token](http://hl7.org/fhir/smart-app-launch/1.0.0/index.html#step-5-later-app-uses-a-refresh-token-to-obtain-a-new-access-token)
29
29
  )
30
30
  id :g10_token_refresh
31
31
 
@@ -6,7 +6,7 @@ module ONCCertificationG10TestKit
6
6
  short_description 'Demonstrate SMART Backend Services Authorization for Bulk Data.'
7
7
  description <<~DESCRIPTION
8
8
  Bulk Data servers are required to authorize clients using the
9
- [Backend Service Authorization](http://hl7.org/fhir/uv/bulkdata/STU1/authorization/)
9
+ [Backend Service Authorization](http://hl7.org/fhir/uv/bulkdata/STU1/authorization/index.html)
10
10
  specification as defined in the [FHIR Bulk Data Access IG v1.0.0](http://hl7.org/fhir/uv/bulkdata/STU1/).
11
11
 
12
12
  In this set of tests, Inferno serves as a Bulk Data client that requests authorization
@@ -86,7 +86,7 @@ module ONCCertificationG10TestKit
86
86
  error response as described in [Section 5.2](https://tools.ietf.org/html/rfc6749#section-5.2).
87
87
  ```
88
88
  DESCRIPTION
89
- # link 'http://hl7.org/fhir/uv/bulkdata/authorization/index.html#protocol-details'
89
+ # link 'http://hl7.org/fhir/uv/bulkdata/STU1/authorization/index.html#protocol-details'
90
90
 
91
91
  run do
92
92
  post_request_content = AuthorizationRequestBuilder.build(encryption_method: bulk_encryption_method,
@@ -117,7 +117,7 @@ module ONCCertificationG10TestKit
117
117
  error response as described in [Section 5.2](https://tools.ietf.org/html/rfc6749#section-5.2).
118
118
  ```
119
119
  DESCRIPTION
120
- # link 'http://hl7.org/fhir/uv/bulkdata/authorization/index.html#protocol-details'
120
+ # link 'http://hl7.org/fhir/uv/bulkdata/STU1/authorization/index.html#protocol-details'
121
121
 
122
122
  run do
123
123
  post_request_content = AuthorizationRequestBuilder.build(encryption_method: bulk_encryption_method,
@@ -157,7 +157,7 @@ module ONCCertificationG10TestKit
157
157
  error response as described in [Section 5.2](https://tools.ietf.org/html/rfc6749#section-5.2).
158
158
  ```
159
159
  DESCRIPTION
160
- # link 'http://hl7.org/fhir/uv/bulkdata/authorization/index.html#protocol-details'
160
+ # link 'http://hl7.org/fhir/uv/bulkdata/STU1/authorization/index.html#protocol-details'
161
161
 
162
162
  run do
163
163
  post_request_content = AuthorizationRequestBuilder.build(encryption_method: bulk_encryption_method,
@@ -177,7 +177,7 @@ module ONCCertificationG10TestKit
177
177
  description <<~DESCRIPTION
178
178
  If the access token request is valid and authorized, the authorization server SHALL issue an access token in response.
179
179
  DESCRIPTION
180
- # link 'http://hl7.org/fhir/uv/bulkdata/authorization/index.html#issuing-access-tokens'
180
+ # link 'http://hl7.org/fhir/uv/bulkdata/STU1/authorization/index.html#issuing-access-tokens'
181
181
 
182
182
  output :authentication_response
183
183
 
@@ -208,7 +208,7 @@ module ONCCertificationG10TestKit
208
208
  | expires_in | required | The lifetime in seconds of the access token. The recommended value is 300, for a five-minute token lifetime. |
209
209
  | scope | required | Scope of access authorized. Note that this can be different from the scopes requested by the app. |
210
210
  DESCRIPTION
211
- # link 'http://hl7.org/fhir/uv/bulkdata/authorization/index.html#issuing-access-tokens'
211
+ # link 'http://hl7.org/fhir/uv/bulkdata/STU1/authorization/index.html#issuing-access-tokens'
212
212
 
213
213
  input :authentication_response
214
214
  output :bearer_token
@@ -58,7 +58,7 @@ module ONCCertificationG10TestKit
58
58
  description <<~DESCRIPTION
59
59
  The Bulk Data Server SHALL declare support for Group/[id]/$export operation in its server CapabilityStatement
60
60
  DESCRIPTION
61
- # link 'http://hl7.org/fhir/uv/bulkdata/OperationDefinition-group-export.html'
61
+ # link 'http://hl7.org/fhir/uv/bulkdata/STU1/OperationDefinition-group-export.html'
62
62
 
63
63
  run do
64
64
  fhir_get_capability_statement(client: :bulk_server)
@@ -91,7 +91,7 @@ module ONCCertificationG10TestKit
91
91
  [The OAuth 2.0 Authorization Framework: Bearer Token Usage](https://tools.ietf.org/html/rfc6750#section-3.1)
92
92
  recommend using HTTP status code 401 for invalid token but also allow the actual result be controlled by policy and context.
93
93
  DESCRIPTION
94
- # link 'http://hl7.org/fhir/uv/bulkdata/export/index.html#bulk-data-kick-off-request'
94
+ # link 'http://hl7.org/fhir/uv/bulkdata/STU1/export/index.html#bulk-data-kick-off-request'
95
95
 
96
96
  include ExportKickOffPerformer
97
97
 
@@ -111,7 +111,7 @@ module ONCCertificationG10TestKit
111
111
  * HTTP Status Code of 202 Accepted
112
112
  * Content-Location header with the absolute URL of an endpoint for subsequent status requests (polling location)
113
113
  DESCRIPTION
114
- # link 'http://hl7.org/fhir/uv/bulkdata/export/index.html#response---success'
114
+ # link 'http://hl7.org/fhir/uv/bulkdata/STU1/export/index.html#response---success'
115
115
 
116
116
  include ExportKickOffPerformer
117
117
 
@@ -140,7 +140,7 @@ module ONCCertificationG10TestKit
140
140
 
141
141
  * transactionTime, request, requiresAccessToken, output, and error
142
142
  DESCRIPTION
143
- # link 'http://hl7.org/fhir/uv/bulkdata/export/index.html#bulk-data-status-request'
143
+ # link 'http://hl7.org/fhir/uv/bulkdata/STU1/export/index.html#bulk-data-status-request'
144
144
 
145
145
  input :polling_url
146
146
 
@@ -205,7 +205,7 @@ module ONCCertificationG10TestKit
205
205
 
206
206
  * url - the path to the file. The format of the file SHOULD reflect that requested in the _outputFormat parameter of the initial kick-off request.
207
207
  DESCRIPTION
208
- # link 'http://hl7.org/fhir/uv/bulkdata/export/index.html#response---complete-status'
208
+ # link 'http://hl7.org/fhir/uv/bulkdata/STU1/export/index.html#response---complete-status'
209
209
 
210
210
  input :status_response
211
211
 
@@ -234,7 +234,7 @@ module ONCCertificationG10TestKit
234
234
  After a bulk data request has been started, a client MAY send a delete request to the URL provided in the Content-Location header to cancel the request.
235
235
  Bulk Data Server MUST support client's delete request and return HTTP Status Code of "202 Accepted"
236
236
  DESCRIPTION
237
- # link 'http://hl7.org/fhir/uv/bulkdata/export/index.html#bulk-data-delete-request'
237
+ # link 'http://hl7.org/fhir/uv/bulkdata/STU1/export/index.html#bulk-data-delete-request'
238
238
 
239
239
  include ExportKickOffPerformer
240
240
 
@@ -55,7 +55,7 @@ module ONCCertificationG10TestKit
55
55
  recommend using HTTP status code 401 for invalid token but also allow the actual result be controlled by policy#{' '}
56
56
  and context.
57
57
  DESCRIPTION
58
- # link 'http://hl7.org/fhir/uv/bulkdata/export/index.html#file-request'
58
+ # link 'http://hl7.org/fhir/uv/bulkdata/STU1/export/index.html#file-request'
59
59
 
60
60
  input :bulk_download_url
61
61
 
@@ -436,9 +436,10 @@ module ONCCertificationG10TestKit
436
436
  end
437
437
 
438
438
  test do
439
- title 'Location resources returned conform to the US Core Location Profile'
439
+ title 'Location resources returned conform to the HL7 FHIR Specification Location Resource if bulk data export' \
440
+ ' has Location resources'
440
441
  description <<~DESCRIPTION
441
- This test verifies that the resources returned from bulk data export conform to the US Core profiles. This includes checking for missing data elements and value set verification.
442
+ This test verifies that the resources returned from bulk data export conform to the US Core profiles. This includes checking for missing data elements and value set verification. This test is omitted if bulk data export does not return any Location resources.
442
443
  DESCRIPTION
443
444
  # link 'http://hl7.org/fhir/us/core/StructureDefinition/us-core-location'
444
445
 
@@ -454,9 +455,10 @@ module ONCCertificationG10TestKit
454
455
  end
455
456
 
456
457
  test do
457
- title 'Medication resources returned conform to the US Core Medication Profile'
458
+ title 'Medication resources returned conform to the US Core Medication Profile if bulk data export has' \
459
+ ' Medication resources'
458
460
  description <<~DESCRIPTION
459
- This test verifies that the resources returned from bulk data export conform to the US Core profiles. This includes checking for missing data elements and value set verification.
461
+ This test verifies that the resources returned from bulk data export conform to the US Core profiles. This includes checking for missing data elements and value set verification. This test is omitted if bulk data export does not return any Medication resources.
460
462
  DESCRIPTION
461
463
  # link 'http://hl7.org/fhir/us/core/StructureDefinition/us-core-medication'
462
464
 
@@ -9,6 +9,7 @@ module ONCCertificationG10TestKit
9
9
 
10
10
  MAX_NUM_COLLECTED_LINES = 100
11
11
  MIN_RESOURCE_COUNT = 2
12
+ OMIT_KLASS = ['Medication', 'Location'].freeze
12
13
 
13
14
  def observation_metadata
14
15
  [
@@ -97,6 +98,8 @@ module ONCCertificationG10TestKit
97
98
 
98
99
  def validate_conformance(resources)
99
100
  metadata_list.each do |meta|
101
+ next if resource_type == 'Location'
102
+
100
103
  skip_if resources[meta.profile_url].blank?,
101
104
  "No #{resource_type} resources found that conform to profile: #{meta.profile_url}."
102
105
  @metadata = meta
@@ -127,16 +130,18 @@ module ONCCertificationG10TestKit
127
130
  skip "Server response at line \"#{line_count}\" is not a processable FHIR resource."
128
131
  end
129
132
 
130
- skip_if resource.resourceType != resource_type,
131
- "Resource type \"#{resource.resourceType}\" at line \"#{line_count}\" does not match type " \
132
- "defined in output \"#{resource_type}\""
133
+ if resource.resourceType != resource_type
134
+ assert false, "Resource type \"#{resource.resourceType}\" at line \"#{line_count}\" does not match type" \
135
+ " defined in output \"#{resource_type}\""
136
+ end
133
137
 
134
138
  profile_url = determine_profile(resource)
135
139
  resources[profile_url] << resource
136
140
  scratch[:patient_ids_seen] = patient_ids_seen | [resource.id] if resource_type == 'Patient'
137
141
 
138
- skip_if !resource_is_valid?(resource: resource, profile_url: profile_url),
139
- "Resource at line \"#{line_count}\" does not conform to profile \"#{profile_url}\"."
142
+ unless resource_is_valid?(resource: resource, profile_url: profile_url)
143
+ assert false, "Resource at line \"#{line_count}\" does not conform to profile \"#{profile_url}\"."
144
+ end
140
145
  }
141
146
 
142
147
  process_headers = proc { |response|
@@ -158,7 +163,11 @@ module ONCCertificationG10TestKit
158
163
  'Could not verify this functionality when Bearer Token is required and not provided'
159
164
 
160
165
  file_list = JSON.parse(status_output).select { |file| file['type'] == resource_type }
161
- skip_if file_list.empty?, "No #{resource_type} resource file item returned by server."
166
+ if file_list.empty?
167
+ message = "No #{resource_type} resource file item returned by server."
168
+ omit_if (OMIT_KLASS.include? resource_type), message
169
+ skip message
170
+ end
162
171
 
163
172
  success_count = 0
164
173
  file_list.each do |file|
@@ -21,8 +21,8 @@ module ONCCertificationG10TestKit
21
21
  description %(
22
22
  Demonstrate the ability to export clinical data for multiple patients in
23
23
  a group using [FHIR Bulk Data Access
24
- IG](https://hl7.org/fhir/uv/bulkdata/). This test uses [Backend Services
25
- Authorization](https://hl7.org/fhir/uv/bulkdata/authorization/index.html)
24
+ IG](http://hl7.org/fhir/uv/bulkdata/STU1/). This test uses [Backend Services
25
+ Authorization](http://hl7.org/fhir/uv/bulkdata/STU1/authorization/index.html)
26
26
  to obtain an access token from the server. After authorization, a group
27
27
  level bulk data export request is initialized. Finally, this test reads
28
28
  exported NDJSON files from the server and validates the resources in
@@ -1,10 +1,13 @@
1
1
  module ONCCertificationG10TestKit
2
2
  module ProfileGuesser
3
3
  def extract_profile(profile)
4
- if ['Location', 'Medication'].include?(profile)
4
+ case profile
5
+ when 'Medication'
5
6
  return USCoreTestKit::USCoreTestSuite.metadata.find do |meta|
6
7
  meta.resource == profile
7
8
  end.profile_url
9
+ when 'Location'
10
+ return 'http://hl7.org/fhir/StructureDefinition/Location'
8
11
  end
9
12
  "USCoreTestKit::#{profile}Group".constantize.metadata.profile_url
10
13
  end
@@ -2,12 +2,17 @@ module ONCCertificationG10TestKit
2
2
  class SMARTAppLaunchInvalidAudGroup < Inferno::TestGroup
3
3
  title 'SMART App Launch Error: Invalid AUD Parameter'
4
4
  short_title 'SMART Invalid AUD Launch'
5
+ input_instructions %(
6
+ Register Inferno as a standalone application using the following information:
7
+
8
+ * Redirect URI: `#{SMARTAppLaunch::AppRedirectTest.config.options[:redirect_uri]}`
9
+ )
5
10
  description %(
6
11
  # Background
7
12
 
8
13
  The Invalid AUD Sequence verifies that a SMART Launch Sequence,
9
14
  specifically the [Standalone
10
- Launch](http://hl7.org/fhir/smart-app-launch/#standalone-launch-sequence)
15
+ Launch](http://hl7.org/fhir/smart-app-launch/1.0.0/index.html#standalone-launch-sequence)
11
16
  Sequence, does not work in the case where the client sends an invalid FHIR
12
17
  server as the `aud` parameter during launch. This must fail to ensure that
13
18
  a genuine bearer token is not leaked to a counterfit resource server.
@@ -24,7 +24,7 @@ module ONCCertificationG10TestKit
24
24
 
25
25
  description %(
26
26
  Demonstrate the ability to perform an EHR launch to a [SMART on
27
- FHIR](http://www.hl7.org/fhir/smart-app-launch/) confidential client with
27
+ FHIR](https://hl7.org/fhir/smart-app-launch/1.0.0/) confidential client with
28
28
  patient context, refresh token, and [OpenID Connect
29
29
  (OIDC)](https://openid.net/specs/openid-connect-core-1_0.html) identity
30
30
  token. After launch, a simple Patient resource read is performed on the
@@ -0,0 +1,139 @@
1
+ module ONCCertificationG10TestKit
2
+ class SMARTInvalidLaunchGroup < Inferno::TestGroup
3
+ title 'SMART App Launch Error: Invalid Launch Parameter'
4
+ short_title 'SMART Invalid Launch Parameter'
5
+ input_instructions %(
6
+ Register Inferno as an EHR-launched application using the following information:
7
+
8
+ * Launch URI: `#{SMARTAppLaunch::AppLaunchTest.config.options[:launch_uri]}`
9
+ * Redirect URI: `#{SMARTAppLaunch::AppRedirectTest.config.options[:redirect_uri]}`
10
+ )
11
+ description %(
12
+ # Background
13
+
14
+ The Invalid Launch Parameter Sequence verifies that a SMART Launch
15
+ Sequence, specifically the [EHR
16
+ Launch](http://www.hl7.org/fhir/smart-app-launch/#ehr-launch-sequence)
17
+ Sequence, does not work in the case where the client sends an invalid FHIR
18
+ server as the `launch` parameter during launch. This must fail to ensure
19
+ that a genuine bearer token is not leaked to a counterfit resource server.
20
+
21
+ This test is not included as part of a regular SMART Launch Sequence
22
+ because it requires the browser of the user to be redirected to the
23
+ authorization service, and there is no expectation that the authorization
24
+ service redirects the user back to Inferno with an error message. The only
25
+ requirement is that Inferno is not granted a code to exchange for a valid
26
+ access token. Since this is a special case, it is tested independently in
27
+ a separate sequence.
28
+ )
29
+ id :g10_smart_invalid_launch_param
30
+ run_as_group
31
+
32
+ input :client_id,
33
+ :client_secret,
34
+ :requested_scopes,
35
+ :url,
36
+ :smart_authorization_url,
37
+ :smart_token_url
38
+
39
+ config(
40
+ inputs: {
41
+ client_id: {
42
+ name: :ehr_client_id,
43
+ title: 'EHR Client ID',
44
+ description: 'Client ID provided during registration of Inferno as an EHR launch application'
45
+ },
46
+ client_secret: {
47
+ name: :standalone_client_secret,
48
+ title: 'EHR Client Secret',
49
+ description: 'Client Secret provided during registration of Inferno as an EHR launch application'
50
+ },
51
+ requested_scopes: {
52
+ name: :ehr_requested_scopes,
53
+ title: 'EHR Launch Scope',
54
+ description: 'OAuth 2.0 scope provided by system to enable all required functionality',
55
+ type: 'textarea',
56
+ default: %(
57
+ launch openid fhirUser offline_access user/Medication.read
58
+ user/AllergyIntolerance.read user/CarePlan.read user/CareTeam.read
59
+ user/Condition.read user/Device.read user/DiagnosticReport.read
60
+ user/DocumentReference.read user/Encounter.read user/Goal.read
61
+ user/Immunization.read user/Location.read
62
+ user/MedicationRequest.read user/Observation.read
63
+ user/Organization.read user/Patient.read user/Practitioner.read
64
+ user/Procedure.read user/Provenance.read user/PractitionerRole.read
65
+ ).gsub(/\s{2,}/, ' ').strip
66
+ },
67
+ url: {
68
+ title: 'EHR Launch FHIR Endpoint',
69
+ description: 'URL of the FHIR endpoint used by EHR launched applications'
70
+ },
71
+ smart_authorization_url: {
72
+ title: 'OAuth 2.0 Authorize Endpoint',
73
+ description: 'OAuth 2.0 Authorize Endpoint provided during an EHR launch'
74
+ },
75
+ smart_token_url: {
76
+ title: 'OAuth 2.0 Token Endpoint',
77
+ description: 'OAuth 2.0 Token Endpoint provided during an EHR launch'
78
+ }
79
+ },
80
+ outputs: {
81
+ state: { name: :invalid_launch_state }
82
+ },
83
+ requests: {
84
+ redirect: { name: :invalid_launch_redirect }
85
+ }
86
+ )
87
+
88
+ test from: :smart_app_launch
89
+ test from: :smart_launch_received
90
+ test from: :smart_app_redirect do
91
+ config(
92
+ options: { launch: 'INVALID_LAUNCH_PARAM' }
93
+ )
94
+
95
+ def wait_message(auth_url)
96
+ %(
97
+ Inferno will redirect you to an external website for authorization.
98
+ **It is expected this will fail**. If the server does not return to
99
+ Inferno automatically, but does provide an error message, you may
100
+ return to Inferno and confirm that an error was presented in this
101
+ window.
102
+
103
+ * [Perform Invalid Launch](#{auth_url})
104
+ * [Attest launch failed](/custom/smart/redirect?state=#{state}&confirm_fail=true)
105
+ )
106
+ end
107
+ end
108
+
109
+ test do
110
+ title 'Inferno client app does not receive code parameter redirect URI'
111
+ description %(
112
+ Inferno redirected the user to the authorization service with an invalid
113
+ launch parameter. Inferno expects that the authorization request will
114
+ not succeed. This can either be from the server explicitely pass an
115
+ error, or stopping and the tester returns to Inferno to confirm that the
116
+ server presented them a failure.
117
+ )
118
+ uses_request :redirect
119
+
120
+ run do
121
+ params = request.query_parameters
122
+
123
+ assert params['code'].blank?,
124
+ 'Authorization has incorrectly succeeded because access code provided to Inferno.'
125
+
126
+ pass_message =
127
+ if params['error'].present?
128
+ 'Server redirected the user back to the app with an error.'
129
+ elsif params['confirm_fail']
130
+ 'Tester attested that the authorization service did not succeed due to invalid AUD parameter.'
131
+ else
132
+ 'Server redirected the user back to the app without an access code.'
133
+ end
134
+
135
+ pass pass_message
136
+ end
137
+ end
138
+ end
139
+ end
@@ -2,12 +2,17 @@ module ONCCertificationG10TestKit
2
2
  class SMARTInvalidTokenGroup < Inferno::TestGroup
3
3
  title 'SMART App Launch Error: Invalid Access Token Request'
4
4
  short_title 'SMART Invalid Token Request'
5
+ input_instructions %(
6
+ Register Inferno as a standalone application using the following information:
7
+
8
+ * Redirect URI: `#{SMARTAppLaunch::AppRedirectTest.config.options[:redirect_uri]}`
9
+ )
5
10
  description %(
6
11
  # Background
7
12
 
8
13
  The Invalid Access Token Request Sequence verifies that a SMART Launch
9
14
  Sequence, specifically the [Standalone
10
- Launch](http://hl7.org/fhir/smart-app-launch/#standalone-launch-sequence)
15
+ Launch](http://hl7.org/fhir/smart-app-launch/1.0.0/index.html#standalone-launch-sequence)
11
16
  Sequence, does not work in the case where the client sends an invalid
12
17
  Authorization code or client ID during the code exchange step. This must
13
18
  not result in a successful launch.
@@ -17,7 +17,7 @@ module ONCCertificationG10TestKit
17
17
 
18
18
  description %(
19
19
  This scenario demonstrates the ability to perform a Patient Standalone
20
- Launch to a [SMART on FHIR](http://www.hl7.org/fhir/smart-app-launch/)
20
+ Launch to a [SMART on FHIR](http://hl7.org/fhir/smart-app-launch/1.0.0/)
21
21
  confidential client with limited access granted to the app based on user
22
22
  input. The tester is expected to grant the application access to a subset
23
23
  of desired resource types.
@@ -31,8 +31,8 @@ module ONCCertificationG10TestKit
31
31
  # Background
32
32
 
33
33
  The [Standalone
34
- Launch](http://hl7.org/fhir/smart-app-launch/#standalone-launch-sequence)
35
- Sequence allows an app, like Inferno, to be launched independent of an
34
+ Launch Sequence](http://hl7.org/fhir/smart-app-launch/1.0.0/index.html#standalone-launch-sequence)
35
+ allows an app, like Inferno, to be launched independent of an
36
36
  existing EHR session. It is one of the two launch methods described in
37
37
  the SMART App Launch Framework alongside EHR Launch. The app will
38
38
  request authorization for the provided scope from the authorization
@@ -49,7 +49,7 @@ module ONCCertificationG10TestKit
49
49
  For more information on the #{title}:
50
50
 
51
51
  * [Standalone Launch
52
- Sequence](http://hl7.org/fhir/smart-app-launch/#standalone-launch-sequence)
52
+ Sequence](http://hl7.org/fhir/smart-app-launch/1.0.0/index.html#standalone-launch-sequence)
53
53
  )
54
54
 
55
55
  config(
@@ -2,11 +2,21 @@ module ONCCertificationG10TestKit
2
2
  class SMARTPublicStandaloneLaunchGroup < SMARTAppLaunch::StandaloneLaunchGroup
3
3
  title 'Public Client Standalone Launch with OpenID Connect'
4
4
  short_title 'SMART Public Client Launch'
5
+ input_instructions %(
6
+ Register Inferno as a standalone application using the following information:
7
+
8
+ * Redirect URI: `#{SMARTAppLaunch::AppRedirectTest.config.options[:redirect_uri]}`
9
+
10
+ Enter in the appropriate scope to enable patient-level access to all
11
+ relevant resources. In addition, support for the OpenID Connect (openid
12
+ fhirUser), refresh tokens (offline_access), and patient context
13
+ (launch/patient) are required.
14
+ )
5
15
  description %(
6
16
  # Background
7
17
 
8
18
  The [Standalone
9
- Launch](http://hl7.org/fhir/smart-app-launch/#standalone-launch-sequence)
19
+ Launch](http://hl7.org/fhir/smart-app-launch/1.0.0/index.html#standalone-launch-sequence)
10
20
  Sequence allows an app, like Inferno, to be launched independent of an
11
21
  existing EHR session. It is one of the two launch methods described in
12
22
  the SMART App Launch Framework alongside EHR Launch. The app will
@@ -23,7 +33,7 @@ module ONCCertificationG10TestKit
23
33
 
24
34
  For more information on the #{title}:
25
35
 
26
- * [Standalone Launch Sequence](http://hl7.org/fhir/smart-app-launch/#standalone-launch-sequence)
36
+ * [Standalone Launch Sequence](http://hl7.org/fhir/smart-app-launch/1.0.0/index.html#standalone-launch-sequence)
27
37
  )
28
38
  id :g10_public_standalone_launch
29
39
  run_as_group
@@ -24,8 +24,8 @@ module ONCCertificationG10TestKit
24
24
  description %(
25
25
  This scenario demonstrates the ability of a system to perform a Patient
26
26
  Standalone Launch to a [SMART on
27
- FHIR](http://www.hl7.org/fhir/smart-app-launch/) confidential client
28
- with a patient context, refresh token, 1 1 and [OpenID Connect
27
+ FHIR](http://www.hl7.org/fhir/smart-app-launch/1.0.0/) confidential client
28
+ with a patient context, refresh token, and [OpenID Connect
29
29
  (OIDC)](https://openid.net/specs/openid-connect-core-1_0.html) identity
30
30
  token. After launch, a simple Patient resource read is performed on the
31
31
  patient in context. The access token is then refreshed, and the Patient
@@ -55,8 +55,8 @@ module ONCCertificationG10TestKit
55
55
  # Background
56
56
 
57
57
  The [Standalone
58
- Launch](http://hl7.org/fhir/smart-app-launch/#standalone-launch-sequence)
59
- Sequence allows an app, like Inferno, to be launched independent of an
58
+ Launch Sequence](http://hl7.org/fhir/smart-app-launch/1.0.0/index.html#standalone-launch-sequence)
59
+ allows an app, like Inferno, to be launched independent of an
60
60
  existing EHR session. It is one of the two launch methods described in
61
61
  the SMART App Launch Framework alongside EHR Launch. The app will
62
62
  request authorization for the provided scope from the authorization
@@ -73,7 +73,7 @@ module ONCCertificationG10TestKit
73
73
  For more information on the #{title}:
74
74
 
75
75
  * [Standalone Launch
76
- Sequence](http://hl7.org/fhir/smart-app-launch/#standalone-launch-sequence)
76
+ Sequence](http://hl7.org/fhir/smart-app-launch/1.0.0/index.html#standalone-launch-sequence)
77
77
  )
78
78
 
79
79
  test from: :g10_smart_scopes do
@@ -1,3 +1,3 @@
1
1
  module ONCCertificationG10TestKit
2
- VERSION = '2.0.0.rc1'.freeze
2
+ VERSION = '2.0.0.rc2'.freeze
3
3
  end
@@ -5,6 +5,7 @@ require_relative 'onc_certification_g10_test_kit/configuration_checker'
5
5
  require_relative 'onc_certification_g10_test_kit/version'
6
6
 
7
7
  require_relative 'onc_certification_g10_test_kit/smart_app_launch_invalid_aud_group'
8
+ require_relative 'onc_certification_g10_test_kit/smart_invalid_launch_group'
8
9
  require_relative 'onc_certification_g10_test_kit/smart_invalid_token_group'
9
10
  require_relative 'onc_certification_g10_test_kit/smart_limited_app_group'
10
11
  require_relative 'onc_certification_g10_test_kit/smart_standalone_patient_app_group'
@@ -190,6 +191,7 @@ module ONCCertificationG10TestKit
190
191
  group from: :g10_token_revocation
191
192
 
192
193
  group from: :g10_smart_invalid_aud
194
+ group from: :g10_smart_invalid_launch_param
193
195
  group from: :g10_smart_invalid_token_request
194
196
 
195
197
  group from: :g10_visual_inspection_and_attestations
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: onc_certification_g10_test_kit
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.0.rc1
4
+ version: 2.0.0.rc2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Stephen MacVicar
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-02-28 00:00:00.000000000 Z
11
+ date: 2022-03-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bloomer
@@ -114,14 +114,14 @@ dependencies:
114
114
  requirements:
115
115
  - - '='
116
116
  - !ruby/object:Gem::Version
117
- version: 0.1.0
117
+ version: 0.1.1
118
118
  type: :runtime
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - '='
123
123
  - !ruby/object:Gem::Version
124
- version: 0.1.0
124
+ version: 0.1.1
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: tls_test_kit
127
127
  requirement: !ruby/object:Gem::Requirement
@@ -270,6 +270,7 @@ files:
270
270
  - lib/onc_certification_g10_test_kit/restricted_resource_type_access_group.rb
271
271
  - lib/onc_certification_g10_test_kit/smart_app_launch_invalid_aud_group.rb
272
272
  - lib/onc_certification_g10_test_kit/smart_ehr_practitioner_app_group.rb
273
+ - lib/onc_certification_g10_test_kit/smart_invalid_launch_group.rb
273
274
  - lib/onc_certification_g10_test_kit/smart_invalid_token_group.rb
274
275
  - lib/onc_certification_g10_test_kit/smart_limited_app_group.rb
275
276
  - lib/onc_certification_g10_test_kit/smart_public_standalone_launch_group.rb