onc_certification_g10_test_kit 2.2.1 → 2.2.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b0f7ed41d6d4933c58e9bc4e8533c137ee30f0b16e17d64f823cce44c878e85c
4
- data.tar.gz: 69ccfbd00f84f63007b50a6b09ea93574673f1f2b0aa8e11ceb5233c9a313e3d
3
+ metadata.gz: fb3530831315a74fef8ddffba6114b0934ab651d459e516a662ef2482f53af51
4
+ data.tar.gz: add2b2f5e8f8483932cd75a971d3d4f94992c5cae208f60124c7201b43293b85
5
5
  SHA512:
6
- metadata.gz: 9122abab488efb86c982e2ab8012b749cb61f330c8a2f06844dbec26d1975564b80297b2b04027f694b1204f99f5eee89477d6729fa7004de7194c4ec2c0eaf2
7
- data.tar.gz: 95df85ff5d0c9e07f7e21ad645a2d31c78e60864c76f44d2e2ed018346a501c2fab0012fb119942efdf94adf364adf0f37189256fec5b9ea37a9d166a89acb22
6
+ metadata.gz: 6042c6a5161cb50757ebee1f17ddfb7ce8ae6734229a8d30342a99c24192cf3bd11b9d43c0326d3eb679837af46912b4c6b6735c4fcdd7148a2a42e264a163c3
7
+ data.tar.gz: 6add8a740467b5d1bc88148083d1ac244e3fdfa83fb45d4f6915040d1c35f0e2f5c7e67e26d21ff178815a889adf07256572cf38f701db03ce8fcf3f2cedbdb3
@@ -96,7 +96,7 @@ module ONCCertificationG10TestKit
96
96
  assert has_instantiates,
97
97
  'Server did not declare conformance to the Bulk Data IG by including ' \
98
98
  "'http://hl7.org/fhir/uv/bulkdata/CapabilityStatement/bulk-data' in " \
99
- " CapabilityStatement.instantiates element (#{capability_statement&.instantiates})"
99
+ "CapabilityStatement.instantiates element (#{capability_statement&.instantiates})"
100
100
  end
101
101
 
102
102
  group_resource_capabilities = nil
@@ -120,7 +120,7 @@ module ONCCertificationG10TestKit
120
120
  warning do
121
121
  assert has_export_operation,
122
122
  'Server CapabilityStatement did not declare support for an operation named "export" in the Group ' \
123
- ' resource (operation.name should be "export")'
123
+ 'resource (operation.name should be "export")'
124
124
  end
125
125
  end
126
126
  end
@@ -440,8 +440,8 @@ module ONCCertificationG10TestKit
440
440
  end
441
441
 
442
442
  test do
443
- title 'Location resources returned conform to the HL7 FHIR Specification Location Resource if bulk data export' \
444
- ' has Location resources'
443
+ title 'Location resources returned conform to the HL7 FHIR Specification Location Resource if bulk data export ' \
444
+ 'has Location resources'
445
445
  description <<~DESCRIPTION
446
446
  This test verifies that the resources returned from bulk data export conform to the US Core profiles. This includes checking for missing data elements and value set verification. This test is omitted if bulk data export does not return any Location resources.
447
447
  DESCRIPTION
@@ -459,8 +459,8 @@ module ONCCertificationG10TestKit
459
459
  end
460
460
 
461
461
  test do
462
- title 'Medication resources returned conform to the US Core Medication Profile if bulk data export has' \
463
- ' Medication resources'
462
+ title 'Medication resources returned conform to the US Core Medication Profile if bulk data export has ' \
463
+ 'Medication resources'
464
464
  description <<~DESCRIPTION
465
465
  This test verifies that the resources returned from bulk data export conform to the US Core profiles. This includes checking for missing data elements and value set verification. This test is omitted if bulk data export does not return any Medication resources.
466
466
  DESCRIPTION
@@ -161,8 +161,8 @@ module ONCCertificationG10TestKit
161
161
  end
162
162
 
163
163
  if resource.resourceType != resource_type
164
- assert false, "Resource type \"#{resource.resourceType}\" at line \"#{line_count}\" does not match type" \
165
- " defined in output \"#{resource_type}\""
164
+ assert false, "Resource type \"#{resource.resourceType}\" at line \"#{line_count}\" does not match type " \
165
+ "defined in output \"#{resource_type}\""
166
166
  end
167
167
 
168
168
  profile_url = determine_profile(resource)
@@ -16,7 +16,7 @@ procedure:
16
16
  registration functions to enable authentication and authorization in §
17
17
  170.315(g)(10)(v).
18
18
  inferno_tests:
19
- - 6.6.01
19
+ - 6.5.01
20
20
  inferno_supported: 'yes'
21
21
  inferno_notes: |
22
22
  This requires a visual inspection and attestation because it is not
@@ -36,7 +36,7 @@ procedure:
36
36
  registration functions to enable authentication and authorization in §
37
37
  170.315(g)(10)(v).
38
38
  inferno_tests:
39
- - 6.6.02
39
+ - 6.5.02
40
40
  inferno_supported: 'yes'
41
41
  inferno_notes: |
42
42
  This requires a visual inspection and attestation because it is not
@@ -417,29 +417,20 @@ procedure:
417
417
  based on previously selected preferences.
418
418
  - id: AUTH-PATIENT-13
419
419
  SUT: |
420
- [Both] The health IT developer demonstrates the ability of
421
- the Health IT Module to return an error response if the following
422
- parameters provided by an application to the Health IT Module in
423
- step 8 of this section do not match the parameters originally
424
- provided to an application by the Health IT Module in step 2 of
425
- this section according to the implementation specification
426
- adopted in § 170.215(a)(3):
427
- * “launch”; and
428
- * “aud”.
420
+ [Both] The health IT developer demonstrates the ability of the Health
421
+ IT Module to return an error response if the "aud" parameter provided
422
+ by an application to the Health IT Module in Step 8, is not a valid
423
+ FHIR® resource server associated with the Health IT Module's
424
+ authorization server.
429
425
  TLV: |
430
- [Both] The tester verifies the ability of the Health IT
431
- Module to return an error response if the following parameters
432
- provided by an application to the Health IT Module in step 8 of
433
- this section do not match the parameters originally provided to an
434
- application by the Health IT Module in step 2 of this section
435
- according to the implementation specification adopted in §
436
- 170.215(a)(3):
437
- * “launch”; and
438
- * “aud”.
426
+ [Both] The tester verifies the ability of the Health IT Module to
427
+ return an error response if the "aud" parameter provided by an
428
+ application to the Health IT Module in Step 8, is not a valid FHIR®
429
+ resource server associated with the Health IT Module's authorization
430
+ server.
439
431
  inferno_supported: 'yes'
440
432
  inferno_tests:
441
433
  - 6.3.01 - 6.3.02
442
- - 6.4.01 - 6.4.04
443
434
  - id: AUTH-PATIENT-14
444
435
  SUT: |
445
436
  [Both] The health IT developer demonstrates the ability of the
@@ -566,7 +557,7 @@ procedure:
566
557
  inferno_tests:
567
558
  - 2.1.02 - 2.1.09
568
559
  - 2.2.01 - 2.2.13
569
- - 6.5.01 - 6.5.04
560
+ - 6.4.01 - 6.4.04
570
561
  - id: AUTH-PATIENT-19
571
562
  SUT: |
572
563
  [Standalone-Launch] The health IT developer the ability of the Health IT
@@ -609,7 +600,7 @@ procedure:
609
600
  months to native applications capable of storing a refresh token.
610
601
  inferno_supported: 'yes'
611
602
  inferno_tests:
612
- - 6.6.13
603
+ - 6.5.13
613
604
  - group: 'Subsequent Connections: Authentication and Authorization for Patient and User Scopes'
614
605
  id: AUTH-PATIENT-22
615
606
  SUT: |
@@ -628,7 +619,7 @@ procedure:
628
619
  in § 170.215(a)(3).
629
620
  inferno_supported: 'yes'
630
621
  inferno_tests:
631
- - 6.6.05
622
+ - 6.5.05
632
623
  inferno_notes: |
633
624
  Inferno cannot verify the three month token expiration requirement
634
625
  automatically during the token refresh tests, but the tester can
@@ -762,7 +753,7 @@ procedure:
762
753
  This test requires the tester to register an attestation from the
763
754
  Health IT Module that the "cache-control" header is obeyed.
764
755
  inferno_tests:
765
- - 6.6.10
756
+ - 6.5.10
766
757
  - id: AUTH-SYSTEM-6
767
758
  SUT: |
768
759
  The health IT developer demonstrates the ability of the Health IT
@@ -811,7 +802,7 @@ procedure:
811
802
  more than what was pre-authorized. The Health IT module must
812
803
  demonstrate this and register its attestation within Inferno.
813
804
  inferno_tests:
814
- - 6.6.08
805
+ - 6.5.08
815
806
  - id: AUTH-SYSTEM-9
816
807
  SUT: |
817
808
  The health IT developer demonstrates the ability of the Health IT
@@ -865,7 +856,7 @@ procedure:
865
856
  an automated fashion and this is recorded as an attestation
866
857
  within Inferno.
867
858
  inferno_tests:
868
- - 6.6.06
859
+ - 6.5.06
869
860
  - section: Paragraph (g)(10)(ii) – Supported search operations
870
861
  steps:
871
862
  - group: Supported Search Operations for a Single Patient’s Data
@@ -1072,9 +1063,9 @@ procedure:
1072
1063
  * All references within the resources can be resolved and validated, as applicable, according to steps 2-6 of this section
1073
1064
  inferno_supported: 'yes'
1074
1065
  inferno_tests:
1075
- - 6.6.07
1076
- - 6.6.11
1077
- - 6.6.12
1066
+ - 6.5.07
1067
+ - 6.5.11
1068
+ - 6.5.12
1078
1069
  - 4.2.01
1079
1070
  - 4.3.01
1080
1071
  - 4.4.01
@@ -1434,7 +1425,7 @@ procedure:
1434
1425
  * All technical requirements and attributes necessary for registration.
1435
1426
  inferno_supported: 'yes'
1436
1427
  inferno_tests:
1437
- - 6.6.09
1428
+ - 6.5.09
1438
1429
  - id: DOCUMENTATION-2
1439
1430
  SUT: |
1440
1431
  The health IT developer demonstrates that the documentation
@@ -1448,4 +1439,4 @@ procedure:
1448
1439
  additional steps to access.
1449
1440
  inferno_supported: 'yes'
1450
1441
  inferno_tests:
1451
- - 6.6.09
1442
+ - 6.5.09
@@ -1,3 +1,3 @@
1
1
  module ONCCertificationG10TestKit
2
- VERSION = '2.2.1'.freeze
2
+ VERSION = '2.2.2'.freeze
3
3
  end
@@ -1,4 +1,4 @@
1
- require 'smart_app_launch_test_kit'
1
+ require 'smart_app_launch/smart_stu1_suite'
2
2
  require 'us_core_test_kit/generated/v3.1.1/us_core_test_suite'
3
3
 
4
4
  require_relative 'onc_certification_g10_test_kit/configuration_checker'
@@ -6,7 +6,6 @@ require_relative 'onc_certification_g10_test_kit/version'
6
6
 
7
7
  require_relative 'onc_certification_g10_test_kit/single_patient_api_group'
8
8
  require_relative 'onc_certification_g10_test_kit/smart_app_launch_invalid_aud_group'
9
- require_relative 'onc_certification_g10_test_kit/smart_invalid_launch_group'
10
9
  require_relative 'onc_certification_g10_test_kit/smart_invalid_token_group'
11
10
  require_relative 'onc_certification_g10_test_kit/smart_limited_app_group'
12
11
  require_relative 'onc_certification_g10_test_kit/smart_standalone_patient_app_group'
@@ -46,8 +45,8 @@ module ONCCertificationG10TestKit
46
45
  us_core_message_filters.any? { |filter| filter.match? message.message } ||
47
46
  (
48
47
  message.type == 'error' && (
49
- message.message.match?(/\A\S+: Unknown Code/) ||
50
- message.message.match?(/\A\S+: None of the codings provided are in the value set/)
48
+ message.message.match?(/\A\S+: \S+: Unknown Code/) ||
49
+ message.message.match?(/\A\S+: \S+: None of the codings provided are in the value set/)
51
50
  )
52
51
  )
53
52
  true
@@ -154,7 +153,6 @@ module ONCCertificationG10TestKit
154
153
  group from: :g10_token_revocation
155
154
 
156
155
  group from: :g10_smart_invalid_aud
157
- group from: :g10_smart_invalid_launch_param
158
156
  group from: :g10_smart_invalid_token_request
159
157
 
160
158
  group from: :g10_visual_inspection_and_attestations
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: onc_certification_g10_test_kit
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.1
4
+ version: 2.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Stephen MacVicar
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-05-17 00:00:00.000000000 Z
11
+ date: 2022-07-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bloomer
@@ -114,14 +114,14 @@ dependencies:
114
114
  requirements:
115
115
  - - '='
116
116
  - !ruby/object:Gem::Version
117
- version: 0.1.3
117
+ version: 0.1.4
118
118
  type: :runtime
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - '='
123
123
  - !ruby/object:Gem::Version
124
- version: 0.1.3
124
+ version: 0.1.4
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: tls_test_kit
127
127
  requirement: !ruby/object:Gem::Requirement
@@ -142,14 +142,14 @@ dependencies:
142
142
  requirements:
143
143
  - - '='
144
144
  - !ruby/object:Gem::Version
145
- version: 0.2.2
145
+ version: 0.2.4
146
146
  type: :runtime
147
147
  prerelease: false
148
148
  version_requirements: !ruby/object:Gem::Requirement
149
149
  requirements:
150
150
  - - '='
151
151
  - !ruby/object:Gem::Version
152
- version: 0.2.2
152
+ version: 0.2.4
153
153
  - !ruby/object:Gem::Dependency
154
154
  name: database_cleaner-sequel
155
155
  requirement: !ruby/object:Gem::Requirement
@@ -272,7 +272,6 @@ files:
272
272
  - lib/onc_certification_g10_test_kit/single_patient_api_group.rb
273
273
  - lib/onc_certification_g10_test_kit/smart_app_launch_invalid_aud_group.rb
274
274
  - lib/onc_certification_g10_test_kit/smart_ehr_practitioner_app_group.rb
275
- - lib/onc_certification_g10_test_kit/smart_invalid_launch_group.rb
276
275
  - lib/onc_certification_g10_test_kit/smart_invalid_token_group.rb
277
276
  - lib/onc_certification_g10_test_kit/smart_limited_app_group.rb
278
277
  - lib/onc_certification_g10_test_kit/smart_public_standalone_launch_group.rb
@@ -1,137 +0,0 @@
1
- module ONCCertificationG10TestKit
2
- class SMARTInvalidLaunchGroup < Inferno::TestGroup
3
- title 'SMART App Launch Error: Invalid Launch Parameter'
4
- short_title 'SMART Invalid Launch Parameter'
5
- input_instructions %(
6
- Register Inferno as an EHR-launched application using the following information:
7
-
8
- * Launch URI: `#{SMARTAppLaunch::AppLaunchTest.config.options[:launch_uri]}`
9
- * Redirect URI: `#{SMARTAppLaunch::AppRedirectTest.config.options[:redirect_uri]}`
10
- )
11
- description %(
12
- # Background
13
-
14
- The Invalid Launch Parameter Sequence verifies that a SMART Launch
15
- Sequence, specifically the [EHR
16
- Launch](http://www.hl7.org/fhir/smart-app-launch/#ehr-launch-sequence)
17
- Sequence, does not work in the case where the client sends an invalid FHIR
18
- server as the `launch` parameter during launch. This must fail to ensure
19
- that a genuine bearer token is not leaked to a counterfit resource server.
20
-
21
- This test is not included as part of a regular SMART Launch Sequence
22
- because it requires the browser of the user to be redirected to the
23
- authorization service, and there is no expectation that the authorization
24
- service redirects the user back to Inferno with an error message. The only
25
- requirement is that Inferno is not granted a code to exchange for a valid
26
- access token. Since this is a special case, it is tested independently in
27
- a separate sequence.
28
- )
29
- id :g10_smart_invalid_launch_param
30
- run_as_group
31
-
32
- config(
33
- inputs: {
34
- client_id: {
35
- name: :ehr_client_id,
36
- title: 'EHR Client ID',
37
- description: 'Client ID provided during registration of Inferno as an EHR launch application'
38
- },
39
- requested_scopes: {
40
- name: :ehr_requested_scopes,
41
- title: 'EHR Launch Scope',
42
- description: 'OAuth 2.0 scope provided by system to enable all required functionality',
43
- type: 'textarea',
44
- default: %(
45
- launch openid fhirUser offline_access user/Medication.read
46
- user/AllergyIntolerance.read user/CarePlan.read user/CareTeam.read
47
- user/Condition.read user/Device.read user/DiagnosticReport.read
48
- user/DocumentReference.read user/Encounter.read user/Goal.read
49
- user/Immunization.read user/Location.read
50
- user/MedicationRequest.read user/Observation.read
51
- user/Organization.read user/Patient.read user/Practitioner.read
52
- user/Procedure.read user/Provenance.read user/PractitionerRole.read
53
- ).gsub(/\s{2,}/, ' ').strip
54
- },
55
- url: {
56
- title: 'EHR Launch FHIR Endpoint',
57
- description: 'URL of the FHIR endpoint used by EHR launched applications'
58
- },
59
- smart_authorization_url: {
60
- title: 'OAuth 2.0 Authorize Endpoint',
61
- description: 'OAuth 2.0 Authorize Endpoint provided during an EHR launch'
62
- }
63
- },
64
- outputs: {
65
- state: { name: :invalid_launch_state }
66
- },
67
- requests: {
68
- redirect: { name: :invalid_launch_redirect }
69
- }
70
- )
71
-
72
- input_order :url,
73
- :ehr_client_id,
74
- :ehr_client_secret,
75
- :ehr_requested_scopes,
76
- :use_pkce,
77
- :pkce_code_challenge_method,
78
- :smart_authorization_url
79
-
80
- test from: :smart_app_launch
81
- test from: :smart_launch_received
82
- test from: :smart_app_redirect do
83
- input :client_secret,
84
- name: :ehr_client_secret,
85
- title: 'EHR Client Secret',
86
- description: 'Client Secret provided during registration of Inferno as an EHR launch application'
87
-
88
- config(
89
- options: { launch: 'INVALID_LAUNCH_PARAM' }
90
- )
91
-
92
- def wait_message(auth_url)
93
- %(
94
- Inferno will redirect you to an external website for authorization.
95
- **It is expected this will fail**. If the server does not return to
96
- Inferno automatically, but does provide an error message, you may
97
- return to Inferno and confirm that an error was presented in this
98
- window.
99
-
100
- * [Perform Invalid Launch](#{auth_url})
101
- * [Attest launch
102
- failed](#{Inferno::Application['base_url']}/custom/smart/redirect?state=#{state}&confirm_fail=true)
103
- )
104
- end
105
- end
106
-
107
- test do
108
- title 'Inferno client app does not receive code parameter redirect URI'
109
- description %(
110
- Inferno redirected the user to the authorization service with an invalid
111
- launch parameter. Inferno expects that the authorization request will
112
- not succeed. This can either be from the server explicitely pass an
113
- error, or stopping and the tester returns to Inferno to confirm that the
114
- server presented them a failure.
115
- )
116
- uses_request :redirect
117
-
118
- run do
119
- params = request.query_parameters
120
-
121
- assert params['code'].blank?,
122
- 'Authorization has incorrectly succeeded because access code provided to Inferno.'
123
-
124
- pass_message =
125
- if params['error'].present?
126
- 'Server redirected the user back to the app with an error.'
127
- elsif params['confirm_fail']
128
- 'Tester attested that the authorization service did not succeed due to invalid AUD parameter.'
129
- else
130
- 'Server redirected the user back to the app without an access code.'
131
- end
132
-
133
- pass pass_message
134
- end
135
- end
136
- end
137
- end