onc_certification_g10_test_kit 2.0.0.rc1

data/lib/onc_certification_g10_test_kit/limited_scope_grant_test.rb

@@ -0,0 +1,66 @@
+module ONCCertificationG10TestKit
+  class LimitedScopeGrantTest < Inferno::Test
+    title 'OAuth token exchange response grants scope that is limited to those selected by user'
+    description %(
+      The ONC certification criteria requires that patients are capable of
+      choosing which FHIR resources to authorize to the application. For this
+      test, the tester specifies which resources will be selected during
+      authorization, and this verifies that only those resources are granted
+      according to the scopes returned during the access token response.
+    )
+    id :g10_limited_scope_grant
+
+    input :received_scopes, :expected_resources
+
+    def possible_resources
+      [
+        'AllergyIntolerance',
+        'CarePlan',
+        'CareTeam',
+        'Condition',
+        'Device',
+        'DiagnosticReport',
+        'DocumentReference',
+        'Goal',
+        'Immunization',
+        'MedicationRequest',
+        'Observation',
+        'Procedure',
+        'Patient'
+      ]
+    end
+
+    def scope_granting_access?(resource_type, scopes)
+      scopes.any? do |scope|
+        scope.start_with?("patient/#{resource_type}", 'patient/*') && scope.end_with?('*', 'read')
+      end
+    end
+
+    run do
+      expected_resources_list = expected_resources.split(',').map(&:strip).map(&:downcase)
+      allowed_resources =
+        possible_resources.select { |resource_type| expected_resources_list.include? resource_type.downcase }
+      forbidden_resources = possible_resources - allowed_resources
+
+      received_scope_list = received_scopes.split
+
+      improperly_granted_resources =
+        forbidden_resources.select { |resource_type| scope_granting_access?(resource_type, received_scope_list) }
+      improperly_denied_resources =
+        allowed_resources.reject { |resource_type| scope_granting_access?(resource_type, received_scope_list) }
+
+      assert improperly_granted_resources.empty?,
+             'User expected to deny the following resources that were granted: ' \
+             "#{improperly_granted_resources.join(', ')}"
+      assert improperly_denied_resources.empty?,
+             'User expected to grant access to the following resources: ' \
+             "#{improperly_denied_resources.join(', ')}"
+
+      assert forbidden_resources.present?,
+             'This test requires at least one resource to be denied, but the received scopes ' \
+             "`#{received_scopes}` grant access to all resource types."
+
+      pass "Resources to be denied: #{forbidden_resources.join(', ')}"
+    end
+  end
+end

data/lib/onc_certification_g10_test_kit/multi_patient_api.rb

@@ -0,0 +1,43 @@
+require_relative 'bulk_data_authorization'
+require_relative 'bulk_data_group_export'
+require_relative 'bulk_data_group_export_validation'
+
+module ONCCertificationG10TestKit
+  class MultiPatientAPIGroup < Inferno::TestGroup
+    title 'Multi-Patient Authorization and API'
+    short_title 'Multi-Patient API'
+
+    input_instructions %(
+      Register Inferno as a bulk data client with the following information, and
+      enter the client id and client registration in the appropriate fields.
+      This set of tests only checks the Group export. Enter the group export
+      information in the appropriate box.
+
+      Register Inferno with the following JWK Set Url:
+
+      * `#{Inferno::Application[:base_url]}/custom/g10_certification/.well-known/jwks.json`
+    )
+
+    description %(
+      Demonstrate the ability to export clinical data for multiple patients in
+      a group using [FHIR Bulk Data Access
+      IG](https://hl7.org/fhir/uv/bulkdata/). This test uses [Backend Services
+      Authorization](https://hl7.org/fhir/uv/bulkdata/authorization/index.html)
+      to obtain an access token from the server. After authorization, a group
+      level bulk data export request is initialized. Finally, this test reads
+      exported NDJSON files from the server and validates the resources in
+      each file. To run the test successfully, the selected group export is
+      required to have every type of resource mapped to [USCDI data
+      elements](https://www.healthit.gov/isa/us-core-data-interoperability-uscdi).
+      Additionally, it is expected the server will provide Encounter,
+      Location, Organization, and Practitioner resources as they are
+      referenced as must support elements in required resources.
+    )
+    id :multi_patient_api
+    run_as_group
+
+    group from: :bulk_data_authorization
+    group from: :bulk_data_group_export
+    group from: :bulk_data_group_export_validation
+  end
+end

data/lib/onc_certification_g10_test_kit/patient_context_test.rb

@@ -0,0 +1,30 @@
+module ONCCertificationG10TestKit
+  class PatientContextTest < Inferno::Test
+    title 'OAuth token exchange response body contains patient context and patient resource can be retrieved'
+    description %(
+      The `patient` field is a String value with a patient id, indicating that
+      the app was launched in the context of this FHIR Patient.
+    )
+    id :g10_patient_context
+    input :patient_id, :url
+    input :smart_credentials, type: :oauth_credentials
+
+    fhir_client :authenticated do
+      url :url
+      oauth_credentials :smart_credentials
+    end
+
+    run do
+      skip_if smart_credentials.access_token.blank?, 'No access token was received during the SMART launch'
+
+      skip_if patient_id.blank?, 'Token response did not contain `patient` field'
+
+      skip_if request.status != 200, 'Token was not successfully refreshed' if config.options[:refresh_test]
+
+      fhir_read(:patient, patient_id, client: :authenticated)
+
+      assert_response_status(200)
+      assert_resource_type(:patient)
+    end
+  end
+end

data/lib/onc_certification_g10_test_kit/profile_guesser.rb

@@ -0,0 +1,69 @@
+module ONCCertificationG10TestKit
+  module ProfileGuesser
+    def extract_profile(profile)
+      if ['Location', 'Medication'].include?(profile)
+        return USCoreTestKit::USCoreTestSuite.metadata.find do |meta|
+                 meta.resource == profile
+               end.profile_url
+      end
+      "USCoreTestKit::#{profile}Group".constantize.metadata.profile_url
+    end
+
+    def observation_contains_code(observation_resource, code)
+      observation_resource&.code&.coding&.any? { |coding| coding&.code == code }
+    end
+
+    def resource_contains_category(resource, category_code, category_system = nil) # rubocop:disable Metrics/CyclomaticComplexity
+      resource&.category&.any? do |category|
+        category.coding&.any? do |coding|
+          coding.code == category_code &&
+            (category_system.blank? || coding.system.blank? || category_system == coding.system)
+        end
+      end
+    end
+
+    def guess_profile(resource) # rubocop:disable Metrics/CyclomaticComplexity
+      case resource.resourceType
+      when 'DiagnosticReport'
+        return extract_profile('DiagnosticReportLab') if resource_contains_category(resource, 'LAB', 'http://terminology.hl7.org/CodeSystem/v2-0074')
+
+        extract_profile('DiagnosticReportNote')
+      when 'Observation'
+        return extract_profile('Smokingstatus') if observation_contains_code(resource, '72166-2')
+
+        return extract_profile('ObservationLab') if resource_contains_category(resource, 'laboratory', 'http://terminology.hl7.org/CodeSystem/observation-category')
+
+        return extract_profile('PediatricBmiForAge') if observation_contains_code(resource, '59576-9')
+
+        return extract_profile('PediatricWeightForHeight') if observation_contains_code(resource, '77606-2')
+
+        return extract_profile('PulseOximetry') if observation_contains_code(resource, '59408-5')
+
+        return extract_profile('HeadCircumference') if observation_contains_code(resource, '8289-1')
+
+        # FHIR Vital Signs profiles: https://www.hl7.org/fhir/observation-vitalsigns.html
+        # Vital Signs Panel, Oxygen Saturation are not required by USCDI
+        # Body Mass Index is replaced by :pediatric_bmi_age Profile
+        # Systolic Blood Pressure, Diastolic Blood Pressure are covered by :blood_pressure Profile
+        # Head Circumference is replaced by US Core Head Occipital-frontal Circumference Percentile Profile
+        return extract_profile('Bp') if observation_contains_code(resource, '85354-9')
+
+        return extract_profile('Bodyheight') if observation_contains_code(resource, '8302-2')
+
+        return extract_profile('Bodytemp') if observation_contains_code(resource, '8310-5')
+
+        return extract_profile('Bodyweight') if observation_contains_code(resource, '29463-7')
+
+        return extract_profile('Heartrate') if observation_contains_code(resource, '8867-4')
+
+        return extract_profile('Resprate') if observation_contains_code(resource, '9279-1')
+
+        nil
+      else
+        extract_profile(resource.resourceType)
+      end
+    rescue StandardError
+      skip "Could not determine profile of \"#{resource.resourceType}\" resource."
+    end
+  end
+end

data/lib/onc_certification_g10_test_kit/resource_access_test.rb

@@ -0,0 +1,96 @@
+module ONCCertificationG10TestKit
+  class ResourceAccessTest < Inferno::Test
+    id :g10_resource_access_test
+    input :patient_id, :received_scopes
+
+    title 'Access to resources are restricted properly based on patient-selected scope'
+    description %(
+      This test ensures that access to the resource is granted or denied
+      based on the selection by the tester prior to the execution of the test.
+      If the tester indicated that access will be granted to this resource,
+      this test verifies that a search by patient in this resource does not
+      result in an access denied result. If the tester indicated that access
+      will be denied for this resource, this verifies that search by patient
+      in the resource results in an access denied result.
+    )
+
+    def resource_group
+      raise StandardError, '#resource_group must be overridden'
+    end
+
+    def search_params
+      @search_params ||=
+        resource_group.metadata.searches.first[:names].each_with_object({}) do |name, params|
+          params[name] = search_param_value(name)
+        end
+    end
+
+    def search_param_value(name)
+      return patient_id if ['patient', '_id', 'subject'].include?(name)
+
+      resource_group.metadata.search_definitions[name.to_sym][:values].first
+    end
+
+    def status_search_params
+      {
+        "#{status_search_param_name}": search_param_value(status_search_param_name)
+      }
+    end
+
+    def status_search_param_name
+      @status_search_param_name ||=
+        resource_group.metadata.search_definitions.keys.find { |key| key.to_s.include? 'status' }
+    end
+
+    def status_search_param_value
+      @status_search_param_value ||=
+        resource_group.metadata.search_definitions[status_search_param_name][:values].first
+    end
+
+    def resource_search_test
+      resource_group.tests.first
+    end
+
+    def request_should_succeed?
+      true
+    end
+
+    def resource_type
+      resource_search_test.properties.resource_type
+    end
+
+    run do
+      skip_if patient_id.blank?, 'Patient ID not provided to test.'
+      skip_if received_scopes.blank?, 'No scopes were received.'
+
+      fhir_search(resource_type, params: search_params)
+
+      if request_should_succeed?
+        if request.status == 400 && resource_search_test.properties.possible_status_search?
+          error_message = %(
+            Server is expected to grant access to the resource. A search
+            without a status can return an HTTP 400 status, but must also must
+            include an OperationOutcome. No OperationOutcome is present in the
+            body of the response.
+          )
+          begin
+            parsed_body = JSON.parse(response[:body])
+            assert parsed_body['resourceType'] == 'OperationOutcome', error_message
+          rescue JSON::ParserError
+            assert false, error_message
+          end
+          fhir_search(
+            :allergy_intolerance,
+            params: search_params.merge(status_search_params)
+          )
+        end
+
+        assert_response_status(200)
+        pass "Access expected to be granted and request properly returned #{request.status}"
+      else
+        message = "Bad response code: expected 403 (Forbidden) or 401 (Unauthorized), but found #{request.status}."
+        assert [401, 403].include?(request.status), message
+      end
+    end
+  end
+end

data/lib/onc_certification_g10_test_kit/restricted_access_test.rb

@@ -0,0 +1,12 @@
+require_relative 'resource_access_test'
+
+module ONCCertificationG10TestKit
+  class RestrictedAccessTest < ResourceAccessTest
+    id :g10_restricted_access_test
+    input :expected_resources
+
+    def request_should_succeed?
+      expected_resources.split(',').any? { |resource| resource.strip.casecmp? resource_type }
+    end
+  end
+end

data/lib/onc_certification_g10_test_kit/restricted_resource_type_access_group.rb

@@ -0,0 +1,303 @@
+require_relative 'restricted_access_test'
+
+module ONCCertificationG10TestKit
+  class RestrictedResourceTypeAccessGroup < Inferno::TestGroup
+    title 'Restricted Resource Type Access'
+    description %(
+      This test ensures that patients are able to grant or deny access to a
+      subset of resources to an app as requied by the certification criteria.
+      The tester provides a list of resources that will be granted during the
+      SMART App Launch process, and this test verifies that the scopes granted
+      are consistent with what the tester provided. It also formulates queries
+      to ensure that the app is either given access to, or denied access to, the
+      appropriate resource types based on those chosen by the tester.
+
+      Resources that can be mapped to USCDI are checked in this test, including:
+
+        * AllergyIntolerance
+        * CarePlan
+        * CareTeam
+        * Condition
+        * Device
+        * DiagnosticReport
+        * DocumentReference
+        * Goal
+        * Immunization
+        * MedicationRequest
+        * Observation
+        * Procedure
+
+      For each of the resources that can be mapped to USCDI data class or
+      elements, this set of tests performs a minimum number of requests to
+      determine if access to the resource type is appropriately allowed or
+      denied given the scope granted. In the case of the Patient resource, this
+      test simply performs a read request. For other resources, it performs a
+      search by patient that must be supported by the server. In some cases,
+      servers can return an error message if a status search parameter is not
+      provided. For these, the test will perform an additional search with the
+      required status search parameter.
+
+      This set of tests does not attempt to access resources that do not
+      directly map to USCDI v1, including Encounter, Location, Organization, and
+      Practitioner. It also does not test Provenance, as this resource type is
+      accessed by queries through other resource types. These resource types are
+      accessed in the more comprehensive Single Patient Query tests.
+
+      If the tester chooses to not grant access to a resource, the queries
+      associated with that resource must result in either a 401 (Unauthorized)
+      or 403 (Forbidden) status code. The flexiblity provided here is due to
+      some ambiguity in the specifications tested.
+    )
+    id :g10_restricted_resource_type_access
+
+    input :url, :patient_id, :received_scopes, :expected_resources
+    input :smart_credentials, type: :oauth_credentials
+
+    config(
+      inputs: {
+        client_secret: {
+          optional: false
+        }
+      }
+    )
+
+    fhir_client do
+      url :url
+      oauth_credentials :smart_credentials
+    end
+
+    test from: :g10_restricted_access_test do
+      title 'Access to Patient resources are restricted properly based on patient-selected scope'
+      description %(
+        This test ensures that access to the Patient is granted or
+        denied based on the selection by the tester prior to the execution of
+        the test. If the tester indicated that access will be granted to this
+        resource, this test verifies that a search by patient in this resource
+        does not result in an access denied result. If the tester indicated that
+        access will be denied for this resource, this verifies that search by
+        patient in the resource results in an access denied result.
+      )
+      id :g10_patient_restricted_access
+
+      def resource_group
+        USCoreTestKit::PatientGroup
+      end
+    end
+
+    test from: :g10_restricted_access_test do
+      title 'Access to AllergyIntolerance resources are restricted properly based on patient-selected scope'
+      description %(
+        This test ensures that access to the AllergyIntolerance is granted or
+        denied based on the selection by the tester prior to the execution of
+        the test. If the tester indicated that access will be granted to this
+        resource, this test verifies that a search by patient in this resource
+        does not result in an access denied result. If the tester indicated that
+        access will be denied for this resource, this verifies that search by
+        patient in the resource results in an access denied result.
+      )
+      id :g10_allergy_intolerance_restricted_access
+
+      def resource_group
+        USCoreTestKit::AllergyIntoleranceGroup
+      end
+    end
+
+    test from: :g10_restricted_access_test do
+      title 'Access to CarePlan resources are restricted properly based on patient-selected scope'
+      description %(
+        This test ensures that access to the CarePlan is granted or
+        denied based on the selection by the tester prior to the execution of
+        the test. If the tester indicated that access will be granted to this
+        resource, this test verifies that a search by patient in this resource
+        does not result in an access denied result. If the tester indicated that
+        access will be denied for this resource, this verifies that search by
+        patient in the resource results in an access denied result.
+      )
+      id :g10_care_plan_restricted_access
+
+      def resource_group
+        USCoreTestKit::CarePlanGroup
+      end
+    end
+
+    test from: :g10_restricted_access_test do
+      title 'Access to CareTeam resources are restricted properly based on patient-selected scope'
+      description %(
+        This test ensures that access to the CareTeam is granted or
+        denied based on the selection by the tester prior to the execution of
+        the test. If the tester indicated that access will be granted to this
+        resource, this test verifies that a search by patient in this resource
+        does not result in an access denied result. If the tester indicated that
+        access will be denied for this resource, this verifies that search by
+        patient in the resource results in an access denied result.
+      )
+      id :g10_care_team_restricted_access
+
+      def resource_group
+        USCoreTestKit::CareTeamGroup
+      end
+    end
+
+    test from: :g10_restricted_access_test do
+      title 'Access to Condition resources are restricted properly based on patient-selected scope'
+      description %(
+        This test ensures that access to the Condition is granted or
+        denied based on the selection by the tester prior to the execution of
+        the test. If the tester indicated that access will be granted to this
+        resource, this test verifies that a search by patient in this resource
+        does not result in an access denied result. If the tester indicated that
+        access will be denied for this resource, this verifies that search by
+        patient in the resource results in an access denied result.
+      )
+      id :g10_condition_restricted_access
+
+      def resource_group
+        USCoreTestKit::ConditionGroup
+      end
+    end
+
+    test from: :g10_restricted_access_test do
+      title 'Access to Device resources are restricted properly based on patient-selected scope'
+      description %(
+        This test ensures that access to the Device is granted or
+        denied based on the selection by the tester prior to the execution of
+        the test. If the tester indicated that access will be granted to this
+        resource, this test verifies that a search by patient in this resource
+        does not result in an access denied result. If the tester indicated that
+        access will be denied for this resource, this verifies that search by
+        patient in the resource results in an access denied result.
+      )
+      id :g10_device_restricted_access
+
+      def resource_group
+        USCoreTestKit::DeviceGroup
+      end
+    end
+
+    test from: :g10_restricted_access_test do
+      title 'Access to DiagnosticReport resources are restricted properly based on patient-selected scope'
+      description %(
+        This test ensures that access to the DiagnosticReport is granted or
+        denied based on the selection by the tester prior to the execution of
+        the test. If the tester indicated that access will be granted to this
+        resource, this test verifies that a search by patient in this resource
+        does not result in an access denied result. If the tester indicated that
+        access will be denied for this resource, this verifies that search by
+        patient in the resource results in an access denied result.
+      )
+      id :g10_diagnostic_report_restricted_access
+
+      def resource_group
+        USCoreTestKit::DiagnosticReportLabGroup
+      end
+    end
+
+    test from: :g10_restricted_access_test do
+      title 'Access to DocumentReference resources are restricted properly based on patient-selected scope'
+      description %(
+        This test ensures that access to the DocumentReference is granted or
+        denied based on the selection by the tester prior to the execution of
+        the test. If the tester indicated that access will be granted to this
+        resource, this test verifies that a search by patient in this resource
+        does not result in an access denied result. If the tester indicated that
+        access will be denied for this resource, this verifies that search by
+        patient in the resource results in an access denied result.
+      )
+      id :g10_document_reference_restricted_access
+
+      def resource_group
+        USCoreTestKit::DocumentReferenceGroup
+      end
+    end
+
+    test from: :g10_restricted_access_test do
+      title 'Access to Goal resources are restricted properly based on patient-selected scope'
+      description %(
+        This test ensures that access to the Goal is granted or
+        denied based on the selection by the tester prior to the execution of
+        the test. If the tester indicated that access will be granted to this
+        resource, this test verifies that a search by patient in this resource
+        does not result in an access denied result. If the tester indicated that
+        access will be denied for this resource, this verifies that search by
+        patient in the resource results in an access denied result.
+      )
+      id :g10_goal_restricted_access
+
+      def resource_group
+        USCoreTestKit::GoalGroup
+      end
+    end
+
+    test from: :g10_restricted_access_test do
+      title 'Access to Immunization resources are restricted properly based on patient-selected scope'
+      description %(
+        This test ensures that access to the Immunization is granted or
+        denied based on the selection by the tester prior to the execution of
+        the test. If the tester indicated that access will be granted to this
+        resource, this test verifies that a search by patient in this resource
+        does not result in an access denied result. If the tester indicated that
+        access will be denied for this resource, this verifies that search by
+        patient in the resource results in an access denied result.
+      )
+      id :g10_immunization_restricted_access
+
+      def resource_group
+        USCoreTestKit::ImmunizationGroup
+      end
+    end
+
+    test from: :g10_restricted_access_test do
+      title 'Access to MedicationRequest resources are restricted properly based on patient-selected scope'
+      description %(
+        This test ensures that access to the MedicationRequest is granted or
+        denied based on the selection by the tester prior to the execution of
+        the test. If the tester indicated that access will be granted to this
+        resource, this test verifies that a search by patient in this resource
+        does not result in an access denied result. If the tester indicated that
+        access will be denied for this resource, this verifies that search by
+        patient in the resource results in an access denied result.
+      )
+      id :g10_medication_request_access
+
+      def resource_group
+        USCoreTestKit::MedicationRequestGroup
+      end
+    end
+
+    test from: :g10_restricted_access_test do
+      title 'Access to Observation resources are restricted properly based on patient-selected scope'
+      description %(
+        This test ensures that access to the Observation is granted or
+        denied based on the selection by the tester prior to the execution of
+        the test. If the tester indicated that access will be granted to this
+        resource, this test verifies that a search by patient in this resource
+        does not result in an access denied result. If the tester indicated that
+        access will be denied for this resource, this verifies that search by
+        patient in the resource results in an access denied result.
+      )
+      id :g10_observation_restricted_access
+
+      def resource_group
+        USCoreTestKit::PulseOximetryGroup
+      end
+    end
+
+    test from: :g10_restricted_access_test do
+      title 'Access to Procedure resources are restricted properly based on patient-selected scope'
+      description %(
+        This test ensures that access to the Procedure is granted or
+        denied based on the selection by the tester prior to the execution of
+        the test. If the tester indicated that access will be granted to this
+        resource, this test verifies that a search by patient in this resource
+        does not result in an access denied result. If the tester indicated that
+        access will be denied for this resource, this verifies that search by
+        patient in the resource results in an access denied result.
+      )
+      id :g10_procedure_restricted_access
+
+      def resource_group
+        USCoreTestKit::ProcedureGroup
+      end
+    end
+  end
+end