onc_certification_g10_test_kit 2.0.0.rc3 → 2.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (27) hide show
  1. checksums.yaml +4 -4
  2. data/lib/inferno/terminology/tasks/check_built_terminology.rb +14 -12
  3. data/lib/onc_certification_g10_test_kit/bulk_data_authorization.rb +7 -4
  4. data/lib/onc_certification_g10_test_kit/bulk_data_group_export.rb +60 -17
  5. data/lib/onc_certification_g10_test_kit/bulk_data_group_export_validation.rb +10 -6
  6. data/lib/onc_certification_g10_test_kit/bulk_export_validation_tester.rb +48 -18
  7. data/lib/onc_certification_g10_test_kit/configuration_checker.rb +6 -5
  8. data/lib/onc_certification_g10_test_kit/multi_patient_api.rb +11 -0
  9. data/lib/onc_certification_g10_test_kit/onc_program_procedure.yml +1451 -0
  10. data/lib/onc_certification_g10_test_kit/profile_guesser.rb +2 -2
  11. data/lib/onc_certification_g10_test_kit/restricted_resource_type_access_group.rb +13 -13
  12. data/lib/onc_certification_g10_test_kit/single_patient_api_group.rb +89 -0
  13. data/lib/onc_certification_g10_test_kit/smart_app_launch_invalid_aud_group.rb +13 -12
  14. data/lib/onc_certification_g10_test_kit/smart_ehr_practitioner_app_group.rb +11 -5
  15. data/lib/onc_certification_g10_test_kit/smart_invalid_launch_group.rb +13 -16
  16. data/lib/onc_certification_g10_test_kit/smart_invalid_token_group.rb +11 -4
  17. data/lib/onc_certification_g10_test_kit/smart_limited_app_group.rb +18 -4
  18. data/lib/onc_certification_g10_test_kit/smart_public_standalone_launch_group.rb +15 -3
  19. data/lib/onc_certification_g10_test_kit/smart_standalone_patient_app_group.rb +8 -3
  20. data/lib/onc_certification_g10_test_kit/tasks/generate_matrix.rb +247 -0
  21. data/lib/onc_certification_g10_test_kit/tasks/test_procedure.rb +65 -0
  22. data/lib/onc_certification_g10_test_kit/token_revocation_group.rb +60 -60
  23. data/lib/onc_certification_g10_test_kit/unrestricted_resource_type_access_group.rb +13 -13
  24. data/lib/onc_certification_g10_test_kit/version.rb +1 -1
  25. data/lib/onc_certification_g10_test_kit/visual_inspection_and_attestations_group.rb +7 -6
  26. data/lib/onc_certification_g10_test_kit.rb +15 -82
  27. metadata +16 -12
@@ -3,13 +3,13 @@ module ONCCertificationG10TestKit
3
3
  def extract_profile(profile)
4
4
  case profile
5
5
  when 'Medication'
6
- return USCoreTestKit::USCoreTestSuite.metadata.find do |meta|
6
+ return USCoreTestKit::USCoreV311::USCoreTestSuite.metadata.find do |meta|
7
7
  meta.resource == profile
8
8
  end.profile_url
9
9
  when 'Location'
10
10
  return 'http://hl7.org/fhir/StructureDefinition/Location'
11
11
  end
12
- "USCoreTestKit::#{profile}Group".constantize.metadata.profile_url
12
+ "USCoreTestKit::USCoreV311::#{profile}Group".constantize.metadata.profile_url
13
13
  end
14
14
 
15
15
  def observation_contains_code(observation_resource, code)
@@ -80,7 +80,7 @@ module ONCCertificationG10TestKit
80
80
  id :g10_patient_restricted_access
81
81
 
82
82
  def resource_group
83
- USCoreTestKit::PatientGroup
83
+ USCoreTestKit::USCoreV311::PatientGroup
84
84
  end
85
85
  end
86
86
 
@@ -98,7 +98,7 @@ module ONCCertificationG10TestKit
98
98
  id :g10_allergy_intolerance_restricted_access
99
99
 
100
100
  def resource_group
101
- USCoreTestKit::AllergyIntoleranceGroup
101
+ USCoreTestKit::USCoreV311::AllergyIntoleranceGroup
102
102
  end
103
103
  end
104
104
 
@@ -116,7 +116,7 @@ module ONCCertificationG10TestKit
116
116
  id :g10_care_plan_restricted_access
117
117
 
118
118
  def resource_group
119
- USCoreTestKit::CarePlanGroup
119
+ USCoreTestKit::USCoreV311::CarePlanGroup
120
120
  end
121
121
  end
122
122
 
@@ -134,7 +134,7 @@ module ONCCertificationG10TestKit
134
134
  id :g10_care_team_restricted_access
135
135
 
136
136
  def resource_group
137
- USCoreTestKit::CareTeamGroup
137
+ USCoreTestKit::USCoreV311::CareTeamGroup
138
138
  end
139
139
  end
140
140
 
@@ -152,7 +152,7 @@ module ONCCertificationG10TestKit
152
152
  id :g10_condition_restricted_access
153
153
 
154
154
  def resource_group
155
- USCoreTestKit::ConditionGroup
155
+ USCoreTestKit::USCoreV311::ConditionGroup
156
156
  end
157
157
  end
158
158
 
@@ -170,7 +170,7 @@ module ONCCertificationG10TestKit
170
170
  id :g10_device_restricted_access
171
171
 
172
172
  def resource_group
173
- USCoreTestKit::DeviceGroup
173
+ USCoreTestKit::USCoreV311::DeviceGroup
174
174
  end
175
175
  end
176
176
 
@@ -188,7 +188,7 @@ module ONCCertificationG10TestKit
188
188
  id :g10_diagnostic_report_restricted_access
189
189
 
190
190
  def resource_group
191
- USCoreTestKit::DiagnosticReportLabGroup
191
+ USCoreTestKit::USCoreV311::DiagnosticReportLabGroup
192
192
  end
193
193
  end
194
194
 
@@ -206,7 +206,7 @@ module ONCCertificationG10TestKit
206
206
  id :g10_document_reference_restricted_access
207
207
 
208
208
  def resource_group
209
- USCoreTestKit::DocumentReferenceGroup
209
+ USCoreTestKit::USCoreV311::DocumentReferenceGroup
210
210
  end
211
211
  end
212
212
 
@@ -224,7 +224,7 @@ module ONCCertificationG10TestKit
224
224
  id :g10_goal_restricted_access
225
225
 
226
226
  def resource_group
227
- USCoreTestKit::GoalGroup
227
+ USCoreTestKit::USCoreV311::GoalGroup
228
228
  end
229
229
  end
230
230
 
@@ -242,7 +242,7 @@ module ONCCertificationG10TestKit
242
242
  id :g10_immunization_restricted_access
243
243
 
244
244
  def resource_group
245
- USCoreTestKit::ImmunizationGroup
245
+ USCoreTestKit::USCoreV311::ImmunizationGroup
246
246
  end
247
247
  end
248
248
 
@@ -260,7 +260,7 @@ module ONCCertificationG10TestKit
260
260
  id :g10_medication_request_access
261
261
 
262
262
  def resource_group
263
- USCoreTestKit::MedicationRequestGroup
263
+ USCoreTestKit::USCoreV311::MedicationRequestGroup
264
264
  end
265
265
  end
266
266
 
@@ -278,7 +278,7 @@ module ONCCertificationG10TestKit
278
278
  id :g10_observation_restricted_access
279
279
 
280
280
  def resource_group
281
- USCoreTestKit::PulseOximetryGroup
281
+ USCoreTestKit::USCoreV311::PulseOximetryGroup
282
282
  end
283
283
  end
284
284
 
@@ -296,7 +296,7 @@ module ONCCertificationG10TestKit
296
296
  id :g10_procedure_restricted_access
297
297
 
298
298
  def resource_group
299
- USCoreTestKit::ProcedureGroup
299
+ USCoreTestKit::USCoreV311::ProcedureGroup
300
300
  end
301
301
  end
302
302
  end
@@ -0,0 +1,89 @@
1
+ module ONCCertificationG10TestKit
2
+ class SinglePatientAPIGroup < Inferno::TestGroup
3
+ id :g10_single_patient_api
4
+ title 'Single Patient API'
5
+ description %(
6
+ For each of the relevant USCDI data elements provided in the
7
+ CapabilityStatement, this test executes the [required supported
8
+ searches](http://www.hl7.org/fhir/us/core/STU3.1.1/CapabilityStatement-us-core-server.html)
9
+ as defined by the US Core Implementation Guide v3.1.1.
10
+
11
+ The test begins by searching by one or more patients, with the expectation
12
+ that the Bearer token provided to the test grants access to all USCDI
13
+ resources. It uses results returned from that query to generate other
14
+ queries and checks that the results are consistent with the provided
15
+ search parameters. It then performs a read on each Resource returned and
16
+ validates the response against the relevant
17
+ [profile](http://www.hl7.org/fhir/us/core/STU3.1.1/profiles.html) as
18
+ currently defined in the US Core Implementation Guide.
19
+
20
+ All MUST SUPPORT elements must be seen before the test can pass, as well
21
+ as Data Absent Reason to demonstrate that the server can properly handle
22
+ missing data. Note that Encounter, Organization and Practitioner resources
23
+ must be accessible as references in some US Core profiles to satisfy must
24
+ support requirements, and those references will be validated to their US
25
+ Core profile. These resources will not be tested for FHIR search support.
26
+ )
27
+ run_as_group
28
+
29
+ input :url,
30
+ title: 'FHIR Endpoint',
31
+ description: 'URL of the FHIR endpoint used by SMART applications'
32
+ input :patient_id,
33
+ title: 'Patient ID from SMART App Launch',
34
+ locked: true
35
+ input :additional_patient_ids,
36
+ title: 'Additional Patient IDs',
37
+ description: <<~DESCRIPTION,
38
+ Comma separated list of Patient IDs that together with the Patient
39
+ ID from the SMART App Launch contain all MUST SUPPORT elements.
40
+ DESCRIPTION
41
+ optional: true
42
+ input :smart_credentials,
43
+ title: 'SMART App Launch Credentials',
44
+ type: :oauth_credentials,
45
+ locked: true
46
+
47
+ fhir_client do
48
+ url :url
49
+ oauth_credentials :smart_credentials
50
+ end
51
+
52
+ input_order :url, :patient_id, :additional_patient_ids, :implantable_device_codes, :smart_credentials
53
+
54
+ test do
55
+ id :g10_patient_id_setup
56
+ title 'Manage patient id list'
57
+
58
+ input :patient_id, :additional_patient_ids
59
+ output :patient_ids
60
+
61
+ run do
62
+ smart_app_launch_patient_id = patient_id.presence
63
+ additional_patient_ids_list =
64
+ additional_patient_ids
65
+ .split(',')
66
+ .map(&:strip)
67
+ .map(&:presence)
68
+ .compact
69
+
70
+ all_patient_ids = ([smart_app_launch_patient_id] + additional_patient_ids_list).compact.uniq
71
+
72
+ output patient_ids: all_patient_ids.join(',')
73
+ end
74
+ end
75
+
76
+ USCoreTestKit::USCoreV311::USCoreTestSuite.groups.each do |group|
77
+ test_group = group.ancestors[1]
78
+ id = test_group.id
79
+
80
+ group_config = {}
81
+ if test_group.respond_to?(:metadata) && test_group.metadata.delayed?
82
+ test_group.children.reject! { |child| child.include? USCoreTestKit::SearchTest }
83
+ group_config[:options] = { read_all_resources: true }
84
+ end
85
+
86
+ group(from: id, exclude_optional: true, config: group_config)
87
+ end
88
+ end
89
+ end
@@ -32,13 +32,6 @@ module ONCCertificationG10TestKit
32
32
  id :g10_smart_invalid_aud
33
33
  run_as_group
34
34
 
35
- input :client_id,
36
- :client_secret,
37
- :requested_scopes,
38
- :url,
39
- :smart_authorization_url,
40
- :smart_token_url
41
-
42
35
  config(
43
36
  inputs: {
44
37
  client_id: {
@@ -46,11 +39,6 @@ module ONCCertificationG10TestKit
46
39
  title: 'Standalone Client ID',
47
40
  description: 'Client ID provided during registration of Inferno as a standalone application'
48
41
  },
49
- client_secret: {
50
- name: :standalone_client_secret,
51
- title: 'Standalone Client Secret',
52
- description: 'Client Secret provided during registration of Inferno as a standalone application'
53
- },
54
42
  requested_scopes: {
55
43
  name: :standalone_requested_scopes,
56
44
  title: 'Standalone Scope',
@@ -90,7 +78,20 @@ module ONCCertificationG10TestKit
90
78
  }
91
79
  )
92
80
 
81
+ input_order :url,
82
+ :standalone_client_id,
83
+ :standalone_client_secret,
84
+ :standalone_requested_scopes,
85
+ :use_pkce,
86
+ :pkce_code_challenge_method,
87
+ :smart_authorization_url
88
+
93
89
  test from: :smart_app_redirect do
90
+ input :client_secret,
91
+ name: :standalone_client_secret,
92
+ title: 'Standalone Client Secret',
93
+ description: 'Client Secret provided during registration of Inferno as a standalone application'
94
+
94
95
  def aud
95
96
  'https://inferno.healthit.gov/invalid_aud'
96
97
  end
@@ -38,21 +38,25 @@ module ONCCertificationG10TestKit
38
38
 
39
39
  config(
40
40
  inputs: {
41
- client_secret: {
42
- optional: false
43
- },
44
41
  smart_credentials: {
45
42
  name: :ehr_smart_credentials
46
43
  }
47
44
  }
48
45
  )
49
46
 
47
+ input_order :url, :ehr_client_id, :ehr_client_secret
48
+
50
49
  group from: :smart_discovery do
51
50
  test from: 'g10_smart_well_known_capabilities'
52
51
  end
53
52
 
54
53
  group from: :smart_ehr_launch do
55
54
  title 'EHR Launch With Practitioner Scope'
55
+ input :client_secret,
56
+ name: :ehr_client_secret,
57
+ title: 'EHR Launch Client Secret',
58
+ description: 'Client Secret provided during registration of Inferno as an EHR launch application',
59
+ optional: false
56
60
 
57
61
  config(
58
62
  inputs: {
@@ -199,10 +203,12 @@ module ONCCertificationG10TestKit
199
203
  title 'Set SMART Credentials to EHR Launch Credentials'
200
204
 
201
205
  input :ehr_smart_credentials, type: :oauth_credentials
202
- output :smart_credentials
206
+ input :ehr_patient_id
207
+ output :smart_credentials, :patient_id
203
208
 
204
209
  run do
205
- output smart_credentials: ehr_smart_credentials.to_s
210
+ output smart_credentials: ehr_smart_credentials.to_s,
211
+ patient_id: ehr_patient_id
206
212
  end
207
213
  end
208
214
  end
@@ -29,13 +29,6 @@ module ONCCertificationG10TestKit
29
29
  id :g10_smart_invalid_launch_param
30
30
  run_as_group
31
31
 
32
- input :client_id,
33
- :client_secret,
34
- :requested_scopes,
35
- :url,
36
- :smart_authorization_url,
37
- :smart_token_url
38
-
39
32
  config(
40
33
  inputs: {
41
34
  client_id: {
@@ -43,11 +36,6 @@ module ONCCertificationG10TestKit
43
36
  title: 'EHR Client ID',
44
37
  description: 'Client ID provided during registration of Inferno as an EHR launch application'
45
38
  },
46
- client_secret: {
47
- name: :standalone_client_secret,
48
- title: 'EHR Client Secret',
49
- description: 'Client Secret provided during registration of Inferno as an EHR launch application'
50
- },
51
39
  requested_scopes: {
52
40
  name: :ehr_requested_scopes,
53
41
  title: 'EHR Launch Scope',
@@ -71,10 +59,6 @@ module ONCCertificationG10TestKit
71
59
  smart_authorization_url: {
72
60
  title: 'OAuth 2.0 Authorize Endpoint',
73
61
  description: 'OAuth 2.0 Authorize Endpoint provided during an EHR launch'
74
- },
75
- smart_token_url: {
76
- title: 'OAuth 2.0 Token Endpoint',
77
- description: 'OAuth 2.0 Token Endpoint provided during an EHR launch'
78
62
  }
79
63
  },
80
64
  outputs: {
@@ -85,9 +69,22 @@ module ONCCertificationG10TestKit
85
69
  }
86
70
  )
87
71
 
72
+ input_order :url,
73
+ :ehr_client_id,
74
+ :ehr_client_secret,
75
+ :ehr_requested_scopes,
76
+ :use_pkce,
77
+ :pkce_code_challenge_method,
78
+ :smart_authorization_url
79
+
88
80
  test from: :smart_app_launch
89
81
  test from: :smart_launch_received
90
82
  test from: :smart_app_redirect do
83
+ input :client_secret,
84
+ name: :ehr_client_secret,
85
+ title: 'EHR Client Secret',
86
+ description: 'Client Secret provided during registration of Inferno as an EHR launch application'
87
+
91
88
  config(
92
89
  options: { launch: 'INVALID_LAUNCH_PARAM' }
93
90
  )
@@ -24,8 +24,6 @@ module ONCCertificationG10TestKit
24
24
  id :g10_smart_invalid_token_request
25
25
  run_as_group
26
26
 
27
- input :client_id, :client_secret, :requested_scopes, :url, :smart_authorization_url, :smart_token_url
28
-
29
27
  input :use_pkce,
30
28
  title: 'Proof Key for Code Exchange (PKCE)',
31
29
  type: 'radio',
@@ -60,6 +58,15 @@ module ONCCertificationG10TestKit
60
58
  ]
61
59
  }
62
60
 
61
+ input_order :url,
62
+ :standalone_client_id,
63
+ :standalone_client_secret,
64
+ :standalone_requested_scopes,
65
+ :use_pkce,
66
+ :pkce_code_challenge_method,
67
+ :smart_authorization_url,
68
+ :smart_token_url
69
+
63
70
  config(
64
71
  inputs: {
65
72
  client_id: {
@@ -135,7 +142,7 @@ module ONCCertificationG10TestKit
135
142
  )
136
143
  uses_request :redirect
137
144
 
138
- input :use_pkce, :pkce_code_verifier
145
+ input :use_pkce, :pkce_code_verifier, :client_id, :client_secret, :smart_token_url
139
146
 
140
147
  run do
141
148
  skip_if request.query_parameters['error'].present?, 'Error during authorization request'
@@ -170,7 +177,7 @@ module ONCCertificationG10TestKit
170
177
  )
171
178
  uses_request :redirect
172
179
 
173
- input :use_pkce, :pkce_code_verifier, :code
180
+ input :use_pkce, :pkce_code_verifier, :code, :smart_token_url, :client_secret
174
181
 
175
182
  run do
176
183
  skip_if request.query_parameters['error'].present?, 'Error during authorization request'
@@ -25,6 +25,16 @@ module ONCCertificationG10TestKit
25
25
  id :g10_smart_limited_app
26
26
  run_as_group
27
27
 
28
+ input_order :expected_resources,
29
+ :limited_requested_scopes,
30
+ :use_pkce,
31
+ :pkce_code_challenge_method,
32
+ :url,
33
+ :standalone_client_id,
34
+ :standalone_client_secret,
35
+ :smart_authorization_url,
36
+ :smart_token_url
37
+
28
38
  group from: :smart_standalone_launch do
29
39
  title 'Standalone Launch With Limited Scope'
30
40
  description %(
@@ -61,9 +71,13 @@ module ONCCertificationG10TestKit
61
71
  state: { name: :limited_state },
62
72
  patient_id: { name: :limited_patient_id },
63
73
  access_token: { name: :limited_access_token },
64
- requested_scopes: { name: :limited_requested_scopes },
65
- smart_authorization_url: { locked: true }, # TODO: separate standalone/ehr discovery outputs
66
- smart_token_url: { locked: true }, # TODO: separate standalone/ehr discovery outputs
74
+ requested_scopes: {
75
+ name: :limited_requested_scopes,
76
+ title: 'Limited Access Scope'
77
+ },
78
+ # TODO: separate standalone/ehr discovery outputs
79
+ smart_authorization_url: { locked: true, title: 'SMART Authorization Url' },
80
+ smart_token_url: { locked: true, title: 'SMART Token Url' },
67
81
  received_scopes: { name: :limited_received_scopes },
68
82
  smart_credentials: { name: :limited_smart_credentials }
69
83
  },
@@ -88,7 +102,7 @@ module ONCCertificationG10TestKit
88
102
  )
89
103
 
90
104
  input :expected_resources,
91
- title: 'Expected Resource Grant',
105
+ title: 'Expected Resource Grant for Limited Access Launch',
92
106
  description: 'The user will only grant access to the following resources during authorization.',
93
107
  default: 'Patient, Condition, Observation'
94
108
 
@@ -41,19 +41,22 @@ module ONCCertificationG10TestKit
41
41
  config(
42
42
  inputs: {
43
43
  client_id: {
44
- name: :public_client_id
44
+ name: :public_client_id,
45
+ title: 'Public Launch Client ID'
45
46
  },
46
47
  client_secret: {
47
48
  name: :public_client_secret,
49
+ title: 'Public Launch Client Secret',
48
50
  default: nil,
49
51
  optional: true,
50
52
  locked: true
51
53
  },
52
54
  requested_scopes: {
53
- name: :public_requested_scopes
55
+ name: :public_requested_scopes,
56
+ title: 'Public Launch Scope'
54
57
  },
55
58
  url: {
56
- title: 'Standalone FHIR Endpoint',
59
+ title: 'Public Launch FHIR Endpoint',
57
60
  description: 'URL of the FHIR endpoint used by standalone applications'
58
61
  },
59
62
  code: {
@@ -94,6 +97,15 @@ module ONCCertificationG10TestKit
94
97
  }
95
98
  )
96
99
 
100
+ input_order :url,
101
+ :public_client_id,
102
+ :public_client_secret,
103
+ :public_requested_scopes,
104
+ :use_pkce,
105
+ :pkce_code_challenge_method,
106
+ :smart_authorization_url,
107
+ :smart_token_url
108
+
97
109
  test from: :g10_patient_context,
98
110
  config: {
99
111
  inputs: {
@@ -40,11 +40,14 @@ module ONCCertificationG10TestKit
40
40
  config(
41
41
  inputs: {
42
42
  client_secret: {
43
- optional: false
43
+ optional: false,
44
+ name: :standalone_client_secret
44
45
  }
45
46
  }
46
47
  )
47
48
 
49
+ input_order :url, :standalone_client_id, :standalone_client_secret
50
+
48
51
  group from: :smart_discovery do
49
52
  test from: 'g10_smart_well_known_capabilities'
50
53
  end
@@ -167,10 +170,12 @@ module ONCCertificationG10TestKit
167
170
  title 'Set SMART Credentials to Standalone Launch Credentials'
168
171
 
169
172
  input :standalone_smart_credentials, type: :oauth_credentials
170
- output :smart_credentials
173
+ input :standalone_patient_id
174
+ output :smart_credentials, :patient_id
171
175
 
172
176
  run do
173
- output smart_credentials: standalone_smart_credentials.to_s
177
+ output smart_credentials: standalone_smart_credentials.to_s,
178
+ patient_id: standalone_patient_id
174
179
  end
175
180
  end
176
181
  end