onc_certification_g10_test_kit 2.1.0 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 645d73a288a5f76e9b94634ed2be17253ce34f0e0eb6df7df6b7410e7a1d9175
-  data.tar.gz: f299ae93813a1b05ef838824bfbb4f7f7734e8695118e37f0eb7b3c08e28a2c1
+  metadata.gz: b212142dbe987304c75b5323fd3ac1b2323f929a4e01b41f7722bff79db61fee
+  data.tar.gz: 3100cda0404c14b097e68adbdfbbc2e8e77590f53b6912c34c69560410e17a70
 SHA512:
-  metadata.gz: 46773dc8eb92ee96afb593506a1b16b5f6af23c62f9ff7f988789d27a38b7a54bab21f69e03f336df1d9c8d3e4f3929b69028a9d99fffebdeb2eda12f66fbce7
-  data.tar.gz: 87c04c10d334d9c469af26d8618cfa7ec83246b008f0f05fae632f8f2029a11f89e00dda164b2aedc318aab02055f4e928d8bb11545d84f9c32f2be70477116a
+  metadata.gz: 15417eeffcbbf4ba250c19b810ef4d8a6e5cd7a967e736321c92a5c39a1ba24aff1d9be8d362f41a368cb1d52a25be1bb756db0352c55bf9fff851d1ca688c1c
+  data.tar.gz: 171dcdaaf6bc3be2ec31a1169aaea28d255ae920732042989d48983e9db90aafb8859447fa18526aef86c36d945d29ded1581a2b921283acb7aee95e39f97443

data/lib/onc_certification_g10_test_kit/bulk_data_authorization.rb

@@ -6,8 +6,8 @@ module ONCCertificationG10TestKit
     short_description 'Demonstrate SMART Backend Services Authorization for Bulk Data.'
     description <<~DESCRIPTION
       Bulk Data servers are required to authorize clients using the
-      [Backend Service Authorization](http://hl7.org/fhir/uv/bulkdata/STU1/authorization/index.html)
-      specification as defined in the [FHIR Bulk Data Access IG v1.0.0](http://hl7.org/fhir/uv/bulkdata/STU1/).
+      [Backend Service Authorization](http://hl7.org/fhir/uv/bulkdata/STU1.0.1/authorization/index.html)
+      specification as defined in the [FHIR Bulk Data Access IG v1.0.1](http://hl7.org/fhir/uv/bulkdata/STU1.0.1/).
 
       In this set of tests, Inferno serves as a Bulk Data client that requests authorization
       from the Bulk Data authorization server.  It also performs a number of negative tests
@@ -89,7 +89,7 @@ module ONCCertificationG10TestKit
         error response as described in [Section 5.2](https://tools.ietf.org/html/rfc6749#section-5.2).
         ```
       DESCRIPTION
-      # link 'http://hl7.org/fhir/uv/bulkdata/STU1/authorization/index.html#protocol-details'
+      # link 'http://hl7.org/fhir/uv/bulkdata/STU1.0.1/authorization/index.html#protocol-details'
 
       run do
         post_request_content = AuthorizationRequestBuilder.build(encryption_method: bulk_encryption_method,
@@ -120,7 +120,7 @@ module ONCCertificationG10TestKit
         error response as described in [Section 5.2](https://tools.ietf.org/html/rfc6749#section-5.2).
         ```
       DESCRIPTION
-      # link 'http://hl7.org/fhir/uv/bulkdata/STU1/authorization/index.html#protocol-details'
+      # link 'http://hl7.org/fhir/uv/bulkdata/STU1.0.1/authorization/index.html#protocol-details'
 
       run do
         post_request_content = AuthorizationRequestBuilder.build(encryption_method: bulk_encryption_method,
@@ -160,7 +160,7 @@ module ONCCertificationG10TestKit
         error response as described in [Section 5.2](https://tools.ietf.org/html/rfc6749#section-5.2).
         ```
       DESCRIPTION
-      # link 'http://hl7.org/fhir/uv/bulkdata/STU1/authorization/index.html#protocol-details'
+      # link 'http://hl7.org/fhir/uv/bulkdata/STU1.0.1/authorization/index.html#protocol-details'
 
       run do
         post_request_content = AuthorizationRequestBuilder.build(encryption_method: bulk_encryption_method,
@@ -180,7 +180,7 @@ module ONCCertificationG10TestKit
       description <<~DESCRIPTION
         If the access token request is valid and authorized, the authorization server SHALL issue an access token in response.
       DESCRIPTION
-      # link 'http://hl7.org/fhir/uv/bulkdata/STU1/authorization/index.html#issuing-access-tokens'
+      # link 'http://hl7.org/fhir/uv/bulkdata/STU1.0.1/authorization/index.html#issuing-access-tokens'
 
       output :authentication_response
 
@@ -211,7 +211,7 @@ module ONCCertificationG10TestKit
         | expires_in | required | The lifetime in seconds of the access token. The recommended value is 300, for a five-minute token lifetime. |
         | scope | required | Scope of access authorized. Note that this can be different from the scopes requested by the app. |
       DESCRIPTION
-      # link 'http://hl7.org/fhir/uv/bulkdata/STU1/authorization/index.html#issuing-access-tokens'
+      # link 'http://hl7.org/fhir/uv/bulkdata/STU1.0.1/authorization/index.html#issuing-access-tokens'
 
       input :authentication_response
       output :bearer_token

data/lib/onc_certification_g10_test_kit/bulk_data_group_export.rb

@@ -130,11 +130,11 @@ module ONCCertificationG10TestKit
       description <<~DESCRIPTION
         The FHIR server SHALL limit the data returned to only those FHIR resources for which the client is authorized.
 
-        [FHIR R4 Security](http://build.fhir.org/security.html#AccessDenied) and
+        [FHIR R4 Security](https://www.hl7.org/fhir/security.html#AccessDenied) and
         [The OAuth 2.0 Authorization Framework: Bearer Token Usage](https://tools.ietf.org/html/rfc6750#section-3.1)
         recommend using HTTP status code 401 for invalid token but also allow the actual result be controlled by policy and context.
       DESCRIPTION
-      # link 'http://hl7.org/fhir/uv/bulkdata/STU1/export/index.html#bulk-data-kick-off-request'
+      # link 'http://hl7.org/fhir/uv/bulkdata/STU1.0.1/export/index.html#bulk-data-kick-off-request'
 
       include ExportKickOffPerformer
 
@@ -154,7 +154,7 @@ module ONCCertificationG10TestKit
         * HTTP Status Code of 202 Accepted
         * Content-Location header with the absolute URL of an endpoint for subsequent status requests (polling location)
       DESCRIPTION
-      # link 'http://hl7.org/fhir/uv/bulkdata/STU1/export/index.html#response---success'
+      # link 'http://hl7.org/fhir/uv/bulkdata/STU1.0.1/export/index.html#response---success'
 
       include ExportKickOffPerformer
 
@@ -183,7 +183,7 @@ module ONCCertificationG10TestKit
 
         * transactionTime, request, requiresAccessToken, output, and error
       DESCRIPTION
-      # link 'http://hl7.org/fhir/uv/bulkdata/STU1/export/index.html#bulk-data-status-request'
+      # link 'http://hl7.org/fhir/uv/bulkdata/STU1.0.1/export/index.html#bulk-data-status-request'
 
       input :polling_url
 
@@ -248,7 +248,7 @@ module ONCCertificationG10TestKit
 
         * url - the path to the file. The format of the file SHOULD reflect that requested in the _outputFormat parameter of the initial kick-off request.
       DESCRIPTION
-      # link 'http://hl7.org/fhir/uv/bulkdata/STU1/export/index.html#response---complete-status'
+      # link 'http://hl7.org/fhir/uv/bulkdata/STU1.0.1/export/index.html#response---complete-status'
 
       input :status_response
 
@@ -277,7 +277,7 @@ module ONCCertificationG10TestKit
         After a bulk data request has been started, a client MAY send a delete request to the URL provided in the Content-Location header to cancel the request.
         Bulk Data Server MUST support client's delete request and return HTTP Status Code of "202 Accepted"
       DESCRIPTION
-      # link 'http://hl7.org/fhir/uv/bulkdata/STU1/export/index.html#bulk-data-delete-request'
+      # link 'http://hl7.org/fhir/uv/bulkdata/STU1.0.1/export/index.html#bulk-data-delete-request'
 
       include ExportKickOffPerformer
 

data/lib/onc_certification_g10_test_kit/bulk_data_group_export_validation.rb

@@ -54,12 +54,12 @@ module ONCCertificationG10TestKit
         If the requiresAccessToken field in the Complete Status body is set to true, the request SHALL include a valid#{' '}
         access token.
 
-        [FHIR R4 Security](http://build.fhir.org/security.html#AccessDenied) and
+        [FHIR R4 Security](https://www.hl7.org/fhir/security.html#AccessDenied) and
         [The OAuth 2.0 Authorization Framework: Bearer Token Usage](https://tools.ietf.org/html/rfc6750#section-3.1)
         recommend using HTTP status code 401 for invalid token but also allow the actual result be controlled by policy#{' '}
         and context.
       DESCRIPTION
-      # link 'http://hl7.org/fhir/uv/bulkdata/STU1/export/index.html#file-request'
+      # link 'http://hl7.org/fhir/uv/bulkdata/STU1.0.1/export/index.html#file-request'
 
       input :bulk_download_url
 

data/lib/onc_certification_g10_test_kit/bulk_export_validation_tester.rb

@@ -55,6 +55,10 @@ module ONCCertificationG10TestKit
       @resources_from_all_files ||= {}
     end
 
+    def first_error
+      @first_error ||= {}
+    end
+
     def patient_ids_seen
       scratch[:patient_ids_seen] ||= []
     end
@@ -166,7 +170,13 @@ module ONCCertificationG10TestKit
         scratch[:patient_ids_seen] = patient_ids_seen | [resource.id] if resource_type == 'Patient'
 
         unless resource_is_valid?(resource: resource, profile_url: profile_url)
-          assert false, "Resource at line \"#{line_count}\" does not conform to profile \"#{profile_url}\"."
+          if first_error.key?(:line_number)
+            @invalid_resource_count += 1
+          else
+            @invalid_resource_count = 1
+            first_error[:line_number] = line_count
+            first_error[:messages] = messages.dup
+          end
         end
       }
 
@@ -184,6 +194,19 @@ module ONCCertificationG10TestKit
       line_count
     end
 
+    def process_validation_errors(resource_count)
+      return if @invalid_resource_count.nil? || @invalid_resource_count.zero?
+
+      first_error_message = "The line number for the first failed resource is #{first_error[:line_number]}."
+
+      messages.clear
+      messages.concat(first_error[:messages])
+
+      assert false,
+             "#{@invalid_resource_count} / #{resource_count} #{resource_type} resources failed profile validation. " \
+             "#{first_error_message}"
+    end
+
     def perform_bulk_export_validation
       skip_if status_output.blank?, 'Could not verify this functionality when Bulk Status Output is not provided'
       skip_if (requires_access_token == 'true' && bearer_token.blank?),
@@ -192,19 +215,22 @@ module ONCCertificationG10TestKit
       file_list = JSON.parse(status_output).select { |file| file['type'] == resource_type }
       if file_list.empty?
         message = "No #{resource_type} resource file item returned by server."
-        omit_if (OMIT_KLASS.include? resource_type), message
+        omit_if (OMIT_KLASS.include? resource_type), "#{message} #{resource_type} resources are optional."
         skip message
       end
 
       @resources_from_all_files = {}
-      success_count = 0
+      resource_count = 0
+
       file_list.each do |file|
-        success_count += check_file_request(file['url'])
+        resource_count += check_file_request(file['url'])
       end
 
+      process_validation_errors(resource_count)
+
       validate_conformance(resources_from_all_files)
 
-      pass "Successfully validated #{success_count} #{resource_type} resource(s)."
+      pass "Successfully validated #{resource_count} #{resource_type} resource(s)."
     end
   end
 end

data/lib/onc_certification_g10_test_kit/configuration_checker.rb

@@ -5,7 +5,7 @@ module ONCCertificationG10TestKit
     EXPECTED_VALIDATOR_VERSION = '2.1.0'.freeze
 
     def configuration_messages
-      validator_version_message + terminology_messages
+      validator_version_message + terminology_messages + version_message
     end
 
     def terminology_checker
@@ -101,5 +101,20 @@ module ONCCertificationG10TestKit
 
       messages
     end
+
+    def version_message
+      return [] if VERSION.match?(/\A\d+\.\d+\.\d+\z/)
+
+      [{
+        type: 'error',
+        message: <<~MESSAGE
+          This is a development version (`#{VERSION}`) of the ONC Certification
+          (g)(10) Standardized API Test Kit and is not suitable for
+          certification. Please [download an official
+          release](https://github.com/onc-healthit/onc-certification-g10-test-kit/releases)
+          if you did not intend to use the development version.
+        MESSAGE
+      }]
+    end
   end
 end

data/lib/onc_certification_g10_test_kit/multi_patient_api.rb

@@ -21,8 +21,8 @@ module ONCCertificationG10TestKit
     description %(
       Demonstrate the ability to export clinical data for multiple patients in
       a group using [FHIR Bulk Data Access
-      IG](http://hl7.org/fhir/uv/bulkdata/STU1/). This test uses [Backend Services
-      Authorization](http://hl7.org/fhir/uv/bulkdata/STU1/authorization/index.html)
+      IG](http://hl7.org/fhir/uv/bulkdata/STU1.0.1/). This test uses [Backend Services
+      Authorization](http://hl7.org/fhir/uv/bulkdata/STU1.0.1/authorization/index.html)
       to obtain an access token from the server. After authorization, a group
       level bulk data export request is initialized. Finally, this test reads
       exported NDJSON files from the server and validates the resources in

data/lib/onc_certification_g10_test_kit/single_patient_api_group.rb

@@ -61,11 +61,15 @@ module ONCCertificationG10TestKit
       run do
         smart_app_launch_patient_id = patient_id.presence
         additional_patient_ids_list =
-          additional_patient_ids
-            .split(',')
-            .map(&:strip)
-            .map(&:presence)
-            .compact
+          if additional_patient_ids.present?
+            additional_patient_ids
+              .split(',')
+              .map(&:strip)
+              .map(&:presence)
+              .compact
+          else
+            []
+          end
 
         all_patient_ids = ([smart_app_launch_patient_id] + additional_patient_ids_list).compact.uniq
 

data/lib/onc_certification_g10_test_kit/smart_ehr_practitioner_app_group.rb

@@ -47,7 +47,21 @@ module ONCCertificationG10TestKit
     input_order :url, :ehr_client_id, :ehr_client_secret
 
     group from: :smart_discovery do
-      test from: 'g10_smart_well_known_capabilities'
+      test from: 'g10_smart_well_known_capabilities',
+           config: {
+             options: {
+               required_capabilities: [
+                 'launch-ehr',
+                 'client-confidential-symmetric',
+                 'sso-openid-connect',
+                 'context-banner',
+                 'context-style',
+                 'context-ehr-patient',
+                 'permission-offline',
+                 'permission-user'
+               ]
+             }
+           }
     end
 
     group from: :smart_ehr_launch do

data/lib/onc_certification_g10_test_kit/smart_standalone_patient_app_group.rb

@@ -49,7 +49,20 @@ module ONCCertificationG10TestKit
     input_order :url, :standalone_client_id, :standalone_client_secret
 
     group from: :smart_discovery do
-      test from: 'g10_smart_well_known_capabilities'
+      test from: 'g10_smart_well_known_capabilities',
+           config: {
+             options: {
+               required_capabilities: [
+                 'launch-standalone',
+                 'client-public',
+                 'client-confidential-symmetric',
+                 'sso-openid-connect',
+                 'context-standalone-patient',
+                 'permission-offline',
+                 'permission-patient'
+               ]
+             }
+           }
     end
 
     group from: :smart_standalone_launch do

data/lib/onc_certification_g10_test_kit/version.rb

@@ -1,3 +1,3 @@
 module ONCCertificationG10TestKit
-  VERSION = '2.1.0'.freeze
+  VERSION = '2.2.0'.freeze
 end

data/lib/onc_certification_g10_test_kit/well_known_capabilities_test.rb

@@ -19,17 +19,7 @@ module ONCCertificationG10TestKit
       assert capabilities.is_a?(Array),
              "Expected the well-known capabilities to be an Array, but found #{capabilities.class.name}"
 
-      required_smart_capabilities = [
-        'launch-standalone',
-        'client-public',
-        'client-confidential-symmetric',
-        'sso-openid-connect',
-        'context-standalone-patient',
-        'permission-offline',
-        'permission-patient'
-      ]
-
-      missing_capabilities = required_smart_capabilities - capabilities
+      missing_capabilities = (config.options[:required_capabilities] || []) - capabilities
       assert missing_capabilities.empty?,
              "The following capabilities required for this scenario are missing: #{missing_capabilities.join(', ')}"
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: onc_certification_g10_test_kit
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 2.2.0
 platform: ruby
 authors:
 - Stephen MacVicar
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-04-12 00:00:00.000000000 Z
+date: 2022-05-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bloomer
@@ -114,14 +114,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.1.2
+        version: 0.1.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.1.2
+        version: 0.1.3
 - !ruby/object:Gem::Dependency
   name: tls_test_kit
   requirement: !ruby/object:Gem::Requirement
@@ -142,14 +142,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.2.1
+        version: 0.2.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.2.1
+        version: 0.2.2
 - !ruby/object:Gem::Dependency
   name: database_cleaner-sequel
   requirement: !ruby/object:Gem::Requirement