onc_certification_g10_test_kit 2.2.2 → 2.3.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fb3530831315a74fef8ddffba6114b0934ab651d459e516a662ef2482f53af51
4
- data.tar.gz: add2b2f5e8f8483932cd75a971d3d4f94992c5cae208f60124c7201b43293b85
3
+ metadata.gz: 26db3a7b89aa5bfcd52c5e918543a6a8883e7672825b4c821bc90b7d86f92f39
4
+ data.tar.gz: ae93cb1f1d78eda01567a1e85071605a190e6e3c6473a65508a6977229282236
5
5
  SHA512:
6
- metadata.gz: 6042c6a5161cb50757ebee1f17ddfb7ce8ae6734229a8d30342a99c24192cf3bd11b9d43c0326d3eb679837af46912b4c6b6735c4fcdd7148a2a42e264a163c3
7
- data.tar.gz: 6add8a740467b5d1bc88148083d1ac244e3fdfa83fb45d4f6915040d1c35f0e2f5c7e67e26d21ff178815a889adf07256572cf38f701db03ce8fcf3f2cedbdb3
6
+ metadata.gz: c9f971806d40478dd207b333073433741a9dc3b596de17d0bd6d6e3b2507dcdac2031dad2227eec0b090aec38bc79f21271d1b0fd17d8233c6d1f517359671ff
7
+ data.tar.gz: 70a818c745d8f7068bb0834885f3e0215b20115232f1a73c2265a499df8fc164265c73706d75d6eb6934f3a6bbe4fa7e71001766603b86933b0d0fe0cdb98c98
@@ -7,7 +7,8 @@ module ONCCertificationG10TestKit
7
7
  end
8
8
 
9
9
  def self.bulk_data_jwks
10
- @bulk_data_jwks ||= JSON.parse(File.read(File.join(__dir__, 'bulk_data_jwks.json')))
10
+ @bulk_data_jwks ||= JSON.parse(File.read(ENV.fetch('G10_BULK_DATA_JWKS',
11
+ File.join(__dir__, 'bulk_data_jwks.json'))))
11
12
  end
12
13
 
13
14
  attr_reader :encryption_method, :scope, :iss, :sub, :aud, :content_type, :grant_type, :client_assertion_type, :exp,
@@ -4,18 +4,6 @@ module ONCCertificationG10TestKit
4
4
  class BulkDataAuthorization < Inferno::TestGroup
5
5
  title 'Bulk Data Authorization'
6
6
  short_description 'Demonstrate SMART Backend Services Authorization for Bulk Data.'
7
- description <<~DESCRIPTION
8
- Bulk Data servers are required to authorize clients using the
9
- [Backend Service Authorization](http://hl7.org/fhir/uv/bulkdata/STU1.0.1/authorization/index.html)
10
- specification as defined in the [FHIR Bulk Data Access IG v1.0.1](http://hl7.org/fhir/uv/bulkdata/STU1.0.1/).
11
-
12
- In this set of tests, Inferno serves as a Bulk Data client that requests authorization
13
- from the Bulk Data authorization server. It also performs a number of negative tests
14
- to validate that the authorization service does not improperly authorize invalid
15
- requests.
16
-
17
- This test returns an access token.
18
- DESCRIPTION
19
7
 
20
8
  id :bulk_data_authorization
21
9
 
@@ -1,13 +1,12 @@
1
1
  require_relative 'export_kick_off_performer'
2
2
 
3
3
  module ONCCertificationG10TestKit
4
- class BulkDataGroupExport < Inferno::TestGroup
4
+ class BulkDataGroupExportSTU1 < Inferno::TestGroup
5
5
  title 'Group Compartment Export Tests'
6
6
  short_description 'Verify that the system supports Group compartment export.'
7
7
  description <<~DESCRIPTION
8
8
  Verify that system level export on the Bulk Data server follow the Bulk Data Access Implementation Guide
9
9
  DESCRIPTION
10
-
11
10
  id :bulk_data_group_export
12
11
 
13
12
  input :bearer_token
@@ -79,7 +78,6 @@ module ONCCertificationG10TestKit
79
78
  Additionally, this test provides a warning if the bulk data server does
80
79
  not include the following URL in its `CapabilityStatement.instantiates`
81
80
  element: http://hl7.org/fhir/uv/bulkdata/CapabilityStatement/bulk-data
82
-
83
81
  DESCRIPTION
84
82
 
85
83
  run do
@@ -285,13 +283,7 @@ module ONCCertificationG10TestKit
285
283
  perform_export_kick_off_request
286
284
  assert_response_status(202)
287
285
 
288
- polling_url = request.response_header('content-location')&.value
289
- assert polling_url.present?, 'Export response header did not include "Content-Location"'
290
-
291
- headers = { accept: 'application/json', authorization: "Bearer #{bearer_token}" }
292
-
293
- delete(polling_url, headers: headers)
294
- assert_response_status(202)
286
+ delete_export_kick_off_request
295
287
  end
296
288
  end
297
289
  end
@@ -0,0 +1,41 @@
1
+ require_relative 'bulk_data_group_export_stu1'
2
+ require_relative 'export_kick_off_performer'
3
+
4
+ module ONCCertificationG10TestKit
5
+ class BulkDataGroupExportSTU2 < BulkDataGroupExportSTU1
6
+ title 'Group Compartment Export Tests STU2'
7
+ id :bulk_data_group_export_stu2
8
+
9
+ test do
10
+ title 'Bulk Data Server supports "_outputFormat" query parameter'
11
+ description <<~DESCRIPTION
12
+ [_outputFormat](http://hl7.org/fhir/uv/bulkdata/STU2/export.html#query-parameters):
13
+ The format for the requested Bulk Data files to be
14
+ generated as per FHIR Asynchronous Request Pattern. Defaults to
15
+ application/fhir+ndjson. The server SHALL support Newline Delimited
16
+ JSON, but MAY choose to support additional output formats. The server
17
+ SHALL accept the full content type of application/fhir+ndjson as well
18
+ as the abbreviated representations application/ndjson and ndjson.
19
+ DESCRIPTION
20
+
21
+ id :output_format_in_export_response
22
+
23
+ include ExportKickOffPerformer
24
+
25
+ input :bearer_token, :group_id, :bulk_server_url
26
+
27
+ http_client :bulk_server do
28
+ url :bulk_server_url
29
+ end
30
+
31
+ run do
32
+ ['application/fhir+ndjson', 'application/ndjson', 'ndjson'].each do |format|
33
+ perform_export_kick_off_request(params: "_outputFormat=#{format}")
34
+ assert_response_status(202)
35
+
36
+ delete_export_kick_off_request
37
+ end
38
+ end
39
+ end
40
+ end
41
+ end
@@ -1,12 +1,24 @@
1
1
  module ONCCertificationG10TestKit
2
2
  module ExportKickOffPerformer
3
- def perform_export_kick_off_request(use_token: true)
3
+ def perform_export_kick_off_request(use_token: true, params: '')
4
4
  skip_if use_token && bearer_token.blank?, 'Could not verify this functionality when bearer token is not set'
5
5
 
6
6
  headers = { accept: 'application/fhir+json', prefer: 'respond-async' }
7
7
  headers.merge!({ authorization: "Bearer #{bearer_token}" }) if use_token
8
8
 
9
- get("Group/#{group_id}/$export", client: :bulk_server, name: :export, headers: headers)
9
+ url = "Group/#{group_id}/$export"
10
+ url.concat("?#{params}") unless params.empty?
11
+ get(url, client: :bulk_server, name: :export, headers: headers)
12
+ end
13
+
14
+ def delete_export_kick_off_request
15
+ polling_url = request&.response_header('content-location')&.value
16
+ assert polling_url.present?, 'Export response header did not include "Content-Location"'
17
+
18
+ headers = { accept: 'application/json', authorization: "Bearer #{bearer_token}" }
19
+
20
+ delete(polling_url, headers: headers)
21
+ assert_response_status(202)
10
22
  end
11
23
  end
12
24
  end
@@ -0,0 +1,13 @@
1
+ module ONCCertificationG10TestKit
2
+ module Feature
3
+ class << self
4
+ def us_core_v4?
5
+ ENV.fetch('US_CORE_4_ENABLED', 'false')&.casecmp?('true')
6
+ end
7
+
8
+ def bulk_data_v2?
9
+ ENV.fetch('BULk_DATA_V2_ENABLED', 'false')&.casecmp?('true')
10
+ end
11
+ end
12
+ end
13
+ end
@@ -1,9 +1,9 @@
1
1
  require_relative 'bulk_data_authorization'
2
- require_relative 'bulk_data_group_export'
2
+ require_relative 'bulk_data_group_export_stu1'
3
3
  require_relative 'bulk_data_group_export_validation'
4
4
 
5
5
  module ONCCertificationG10TestKit
6
- class MultiPatientAPIGroup < Inferno::TestGroup
6
+ class MultiPatientAPIGroupSTU1 < Inferno::TestGroup
7
7
  title 'Multi-Patient Authorization and API'
8
8
  short_title 'Multi-Patient API'
9
9
 
@@ -47,7 +47,21 @@ module ONCCertificationG10TestKit
47
47
  :lines_to_validate,
48
48
  :bulk_timeout
49
49
 
50
- group from: :bulk_data_authorization
50
+ group from: :bulk_data_authorization,
51
+ description: <<~DESCRIPTION
52
+ Bulk Data servers are required to authorize clients using the [Backend Service
53
+ Authorization](http://hl7.org/fhir/uv/bulkdata/STU1.0.1/authorization/index.html)
54
+ specification as defined in the [FHIR Bulk Data Access IG
55
+ v1.0.1](http://hl7.org/fhir/uv/bulkdata/STU1.0.1/).
56
+
57
+ In this set of tests, Inferno serves as a Bulk Data client that requests authorization
58
+ from the Bulk Data authorization server. It also performs a number of negative tests
59
+ to validate that the authorization service does not improperly authorize invalid
60
+ requests.
61
+
62
+ This test returns an access token.
63
+ DESCRIPTION
64
+
51
65
  group from: :bulk_data_group_export
52
66
  group from: :bulk_data_group_export_validation
53
67
  end
@@ -0,0 +1,68 @@
1
+ require_relative 'bulk_data_authorization'
2
+ require_relative 'bulk_data_group_export_stu2'
3
+ require_relative 'bulk_data_group_export_validation'
4
+
5
+ module ONCCertificationG10TestKit
6
+ class MultiPatientAPIGroupSTU2 < Inferno::TestGroup
7
+ title 'Multi-Patient Authorization and API STU2'
8
+ short_title 'Multi-Patient API STU2'
9
+
10
+ input_instructions %(
11
+ Register Inferno as a bulk data client with the following information, and
12
+ enter the client id and client registration in the appropriate fields.
13
+ This set of tests only checks the Group export. Enter the group export
14
+ information in the appropriate box.
15
+
16
+ Register Inferno with the following JWK Set Url:
17
+
18
+ * `#{Inferno::Application[:base_url]}/custom/g10_certification/.well-known/jwks.json`
19
+ )
20
+
21
+ description %(
22
+ Demonstrate the ability to export clinical data for multiple patients in
23
+ a group using [FHIR Bulk Data Access
24
+ IG](https://hl7.org/fhir/uv/bulkdata/STU2/). This test uses [Backend Services
25
+ Authorization](http://www.hl7.org/fhir/smart-app-launch/backend-services.html)
26
+ to obtain an access token from the server. After authorization, a group
27
+ level bulk data export request is initialized. Finally, this test reads
28
+ exported NDJSON files from the server and validates the resources in
29
+ each file. To run the test successfully, the selected group export is
30
+ required to have every type of resource mapped to [USCDI data
31
+ elements](https://www.healthit.gov/isa/us-core-data-interoperability-uscdi).
32
+ Additionally, it is expected the server will provide Encounter,
33
+ Location, Organization, and Practitioner resources as they are
34
+ referenced as must support elements in required resources.
35
+ )
36
+ id :multi_patient_api_stu2
37
+ run_as_group
38
+
39
+ input_order :bulk_server_url,
40
+ :bulk_token_endpoint,
41
+ :bulk_client_id,
42
+ :bulk_scope,
43
+ :bulk_encryption_method,
44
+ :group_id,
45
+ :bulk_patient_ids_in_group,
46
+ :bulk_device_types_in_group,
47
+ :lines_to_validate,
48
+ :bulk_timeout
49
+
50
+ group from: :bulk_data_authorization,
51
+ description: <<~DESCRIPTION
52
+ Bulk Data servers are required to authorize clients using the [Backend Service
53
+ Authorization](http://www.hl7.org/fhir/smart-app-launch/backend-services.html)
54
+ specification as defined in the [FHIR Bulk Data Access IG
55
+ v2.0.0](https://hl7.org/fhir/uv/bulkdata/STU2/).
56
+
57
+ In this set of tests, Inferno serves as a Bulk Data client that requests authorization
58
+ from the Bulk Data authorization server. It also performs a number of negative tests
59
+ to validate that the authorization service does not improperly authorize invalid
60
+ requests.
61
+
62
+ This test returns an access token.
63
+ DESCRIPTION
64
+
65
+ group from: :bulk_data_group_export_stu2
66
+ group from: :bulk_data_group_export_validation
67
+ end
68
+ end
@@ -80,7 +80,7 @@ module ONCCertificationG10TestKit
80
80
  assert false, error_message
81
81
  end
82
82
  fhir_search(
83
- :allergy_intolerance,
83
+ resource_type,
84
84
  params: search_params.merge(status_search_params)
85
85
  )
86
86
  end
@@ -0,0 +1,93 @@
1
+ module ONCCertificationG10TestKit
2
+ class SinglePatientUSCore4APIGroup < Inferno::TestGroup
3
+ id :g10_single_patient_us_core_4_api
4
+ title 'Single Patient API (US Core 4.0.0)'
5
+ description %(
6
+ For each of the relevant USCDI data elements provided in the
7
+ CapabilityStatement, this test executes the [required supported
8
+ searches](http://hl7.org/fhir/us/core/STU4/CapabilityStatement-us-core-server.html)
9
+ as defined by the US Core Implementation Guide v4.0.0.
10
+
11
+ The test begins by searching by one or more patients, with the expectation
12
+ that the Bearer token provided to the test grants access to all USCDI
13
+ resources. It uses results returned from that query to generate other
14
+ queries and checks that the results are consistent with the provided
15
+ search parameters. It then performs a read on each Resource returned and
16
+ validates the response against the relevant
17
+ [profile](http://hl7.org/fhir/us/core/STU4/profiles-and-extensions.html)
18
+ as currently defined in the US Core Implementation Guide.
19
+
20
+ All MUST SUPPORT elements must be seen before the test can pass, as well
21
+ as Data Absent Reason to demonstrate that the server can properly handle
22
+ missing data. Note that Encounter, Organization and Practitioner resources
23
+ must be accessible as references in some US Core profiles to satisfy must
24
+ support requirements, and those references will be validated to their US
25
+ Core profile. These resources will not be tested for FHIR search support.
26
+ )
27
+ run_as_group
28
+
29
+ input :url,
30
+ title: 'FHIR Endpoint',
31
+ description: 'URL of the FHIR endpoint used by SMART applications'
32
+ input :patient_id,
33
+ title: 'Patient ID from SMART App Launch',
34
+ locked: true
35
+ input :additional_patient_ids,
36
+ title: 'Additional Patient IDs',
37
+ description: <<~DESCRIPTION,
38
+ Comma separated list of Patient IDs that together with the Patient
39
+ ID from the SMART App Launch contain all MUST SUPPORT elements.
40
+ DESCRIPTION
41
+ optional: true
42
+ input :smart_credentials,
43
+ title: 'SMART App Launch Credentials',
44
+ type: :oauth_credentials,
45
+ locked: true
46
+
47
+ fhir_client do
48
+ url :url
49
+ oauth_credentials :smart_credentials
50
+ end
51
+
52
+ input_order :url, :patient_id, :additional_patient_ids, :implantable_device_codes, :smart_credentials
53
+
54
+ test do
55
+ id :g10_patient_id_setup
56
+ title 'Manage patient id list'
57
+
58
+ input :patient_id, :additional_patient_ids
59
+ output :patient_ids
60
+
61
+ run do
62
+ smart_app_launch_patient_id = patient_id.presence
63
+ additional_patient_ids_list =
64
+ if additional_patient_ids.present?
65
+ additional_patient_ids
66
+ .split(',')
67
+ .map(&:strip)
68
+ .map(&:presence)
69
+ .compact
70
+ else
71
+ []
72
+ end
73
+
74
+ all_patient_ids = ([smart_app_launch_patient_id] + additional_patient_ids_list).compact.uniq
75
+
76
+ output patient_ids: all_patient_ids.join(',')
77
+ end
78
+ end
79
+
80
+ USCoreTestKit::USCoreV400::USCoreTestSuite.groups.each do |group|
81
+ test_group = group.ancestors[1]
82
+ id = test_group.id
83
+
84
+ group_config = {}
85
+ if test_group.respond_to?(:metadata) && test_group.metadata.delayed?
86
+ test_group.children.reject! { |child| child.include? USCoreTestKit::SearchTest }
87
+ group_config[:options] = { read_all_resources: true }
88
+ end
89
+
90
+ group(from: id, exclude_optional: true, config: group_config)
91
+ end
92
+ end
93
+ end
@@ -32,6 +32,11 @@ module ONCCertificationG10TestKit
32
32
  resource is read using the new access token to ensure that the refresh was
33
33
  successful. Finally, the authentication information provided by OpenID
34
34
  Connect is decoded and validated.
35
+
36
+ For EHRs that use Internet Explorer 11 to display embedded apps,
37
+ please review [instructions on how to complete the EHR Practitioner App
38
+ test](https://github.com/onc-healthit/onc-certification-g10-test-kit/wiki/Completing-EHR-Practitioner-App-test-in-Internet-Explorer/).
39
+
35
40
  )
36
41
  id :g10_smart_ehr_practitioner_app
37
42
  run_as_group
@@ -8,11 +8,14 @@ module ONCCertificationG10TestKit
8
8
  short_title 'Limited Access App'
9
9
 
10
10
  input_instructions %(
11
- The purpose of this test is to demonstrate that users can restrict access
12
- granted to apps to a limited number of resources. Enter which resources the
13
- user will grant access to below, and during the launch process only grant
14
- access to those resources. Inferno will verify that access granted matches
15
- these expectations.
11
+ The purpose of this test is to demonstrate that app users can restrict
12
+ access granted to apps to a limited number of resources. Enter which
13
+ resources the user will grant access to below, and during the launch
14
+ process only grant access to those resources. Inferno will verify that
15
+ access granted matches these expectations.
16
+
17
+ All other inputs are locked to ensure the same app configuration as in the
18
+ Standalone Patient App - Full Access test.
16
19
  )
17
20
 
18
21
  description %(
@@ -20,13 +23,15 @@ module ONCCertificationG10TestKit
20
23
  Launch to a [SMART on FHIR](http://hl7.org/fhir/smart-app-launch/1.0.0/)
21
24
  confidential client with limited access granted to the app based on user
22
25
  input. The tester is expected to grant the application access to a subset
23
- of desired resource types.
26
+ of desired resource types. The launch is performed using the same app
27
+ configuration as in the Standalone Patient App test, demonstrating that
28
+ the user is control over what scopes are granted to the app as required in
29
+ the (g)(10) Standardized API criterion.
24
30
  )
25
31
  id :g10_smart_limited_app
26
32
  run_as_group
27
33
 
28
34
  input_order :expected_resources,
29
- :limited_requested_scopes,
30
35
  :use_pkce,
31
36
  :pkce_code_challenge_method,
32
37
  :url,
@@ -45,16 +50,25 @@ module ONCCertificationG10TestKit
45
50
  allows an app, like Inferno, to be launched independent of an
46
51
  existing EHR session. It is one of the two launch methods described in
47
52
  the SMART App Launch Framework alongside EHR Launch. The app will
48
- request authorization for the provided scope from the authorization
49
- endpoint, ultimately receiving an authorization token which can be used
50
- to gain access to resources on the FHIR server.
53
+ request authorization for the provided scope(s) from the authorization
54
+ endpoint, and the user of the app will choose to either grant
55
+ the app access to the requested scope(s), or to deny one or all of the requested
56
+ scope(s).
57
+
58
+ This test verifies the ability of a server to provide a user
59
+ with the choice of which scopes to grant an app. Allowing users to choose
60
+ which resource types to grant access to is a requirement of the ONC
61
+ (g)(10) certification criteria. Prior to the test, the tester specifies
62
+ which resource types will be granted, and then during the authorization
63
+ process the tester grants access to those scopes.
51
64
 
52
65
  # Test Methodology
53
66
 
54
- Inferno will redirect the user to the the authorization endpoint so that
67
+ Inferno will redirect the user to the authorization endpoint so that
55
68
  they may provide any required credentials and authorize the application.
56
69
  Upon successful authorization, Inferno will exchange the authorization
57
- code provided for an access token.
70
+ code provided for an access token. Inferno verifies that the server only
71
+ grants access to the resources specified by the user.
58
72
 
59
73
  For more information on the #{title}:
60
74
 
@@ -65,16 +79,15 @@ module ONCCertificationG10TestKit
65
79
  config(
66
80
  inputs: {
67
81
  client_id: { locked: true },
68
- client_secret: { locked: true },
82
+ client_secret: { locked: true, optional: false },
69
83
  url: { locked: true },
84
+ requested_scopes: { locked: true },
85
+ use_pkce: { locked: true },
86
+ pkce_code_challenge_method: { locked: true },
70
87
  code: { name: :limited_code },
71
88
  state: { name: :limited_state },
72
89
  patient_id: { name: :limited_patient_id },
73
90
  access_token: { name: :limited_access_token },
74
- requested_scopes: {
75
- name: :limited_requested_scopes,
76
- title: 'Limited Access Scope'
77
- },
78
91
  # TODO: separate standalone/ehr discovery outputs
79
92
  smart_authorization_url: { locked: true, title: 'SMART Authorization Url' },
80
93
  smart_token_url: { locked: true, title: 'SMART Token Url' },
@@ -98,6 +111,31 @@ module ONCCertificationG10TestKit
98
111
  requests: {
99
112
  redirect: { name: :limited_redirect },
100
113
  token: { name: :limited_token }
114
+ },
115
+ options: {
116
+ ignore_missing_scopes_check: true,
117
+ redirect_message_proc: lambda do |auth_url|
118
+ expected_resource_string =
119
+ expected_resources
120
+ .split(',')
121
+ .map(&:strip)
122
+ .map { |resource_type| "* #{resource_type}\n" }
123
+ .join
124
+
125
+ <<~MESSAGE
126
+ ### #{self.class.parent.parent.title}
127
+
128
+ [Follow this link to authorize with the SMART
129
+ server](#{auth_url}).
130
+
131
+ Tests will resume once Inferno receives a request at
132
+ `#{config.options[:redirect_uri]}` with a state of `#{state}`.
133
+
134
+ Access should only be granted to the following resources:
135
+
136
+ #{expected_resource_string}
137
+ MESSAGE
138
+ end
101
139
  }
102
140
  )
103
141
 
@@ -117,7 +155,6 @@ module ONCCertificationG10TestKit
117
155
  test from: :g10_limited_scope_grant do
118
156
  config(
119
157
  inputs: {
120
- requested_scopes: { name: :limited_requested_scopes },
121
158
  received_scopes: { name: :limited_received_scopes }
122
159
  }
123
160
  )
@@ -128,7 +165,6 @@ module ONCCertificationG10TestKit
128
165
  config: {
129
166
  inputs: {
130
167
  patient_id: { name: :limited_patient_id },
131
- requested_scopes: { name: :limited_requested_scopes },
132
168
  received_scopes: { name: :limited_received_scopes },
133
169
  smart_credentials: { name: :limited_smart_credentials }
134
170
  }
@@ -1,3 +1,3 @@
1
1
  module ONCCertificationG10TestKit
2
- VERSION = '2.2.2'.freeze
2
+ VERSION = '2.3.0'.freeze
3
3
  end
@@ -1,17 +1,24 @@
1
+ require_relative 'onc_certification_g10_test_kit/feature'
2
+
1
3
  require 'smart_app_launch/smart_stu1_suite'
2
4
  require 'us_core_test_kit/generated/v3.1.1/us_core_test_suite'
5
+ require 'us_core_test_kit/generated/v4.0.0/us_core_test_suite' if ONCCertificationG10TestKit::Feature.us_core_v4?
3
6
 
4
7
  require_relative 'onc_certification_g10_test_kit/configuration_checker'
5
8
  require_relative 'onc_certification_g10_test_kit/version'
6
9
 
7
10
  require_relative 'onc_certification_g10_test_kit/single_patient_api_group'
11
+ if ONCCertificationG10TestKit::Feature.us_core_v4?
12
+ require_relative 'onc_certification_g10_test_kit/single_patient_us_core_4_api_group'
13
+ end
8
14
  require_relative 'onc_certification_g10_test_kit/smart_app_launch_invalid_aud_group'
9
15
  require_relative 'onc_certification_g10_test_kit/smart_invalid_token_group'
10
16
  require_relative 'onc_certification_g10_test_kit/smart_limited_app_group'
11
17
  require_relative 'onc_certification_g10_test_kit/smart_standalone_patient_app_group'
12
18
  require_relative 'onc_certification_g10_test_kit/smart_ehr_practitioner_app_group'
13
19
  require_relative 'onc_certification_g10_test_kit/smart_public_standalone_launch_group'
14
- require_relative 'onc_certification_g10_test_kit/multi_patient_api'
20
+ require_relative 'onc_certification_g10_test_kit/multi_patient_api_stu1'
21
+ require_relative 'onc_certification_g10_test_kit/multi_patient_api_stu2'
15
22
  require_relative 'onc_certification_g10_test_kit/terminology_binding_validator'
16
23
  require_relative 'onc_certification_g10_test_kit/token_revocation_group'
17
24
  require_relative 'onc_certification_g10_test_kit/visual_inspection_and_attestations_group'
@@ -25,6 +32,20 @@ module ONCCertificationG10TestKit
25
32
  short_title '(g)(10) Standardized API'
26
33
  version VERSION
27
34
  id :g10_certification
35
+ links [
36
+ {
37
+ label: 'Report Issue',
38
+ url: 'https://github.com/onc-healthit/onc-certification-g10-test-kit/issues/'
39
+ },
40
+ {
41
+ label: 'Open Source',
42
+ url: 'https://github.com/onc-healthit/onc-certification-g10-test-kit/'
43
+ },
44
+ {
45
+ label: 'Download',
46
+ url: 'https://github.com/onc-healthit/onc-certification-g10-test-kit/releases'
47
+ }
48
+ ]
28
49
 
29
50
  check_configuration do
30
51
  ConfigurationChecker.new.configuration_messages
@@ -73,9 +94,11 @@ module ONCCertificationG10TestKit
73
94
  end
74
95
 
75
96
  def self.jwks_json
76
- bulk_data_jwks = JSON.parse(
77
- File.read(File.join(__dir__, 'onc_certification_g10_test_kit', 'bulk_data_jwks.json'))
78
- )
97
+ bulk_data_jwks = JSON.parse(File.read(
98
+ ENV.fetch('G10_BULK_DATA_JWKS',
99
+ File.join(__dir__, 'onc_certification_g10_test_kit',
100
+ 'bulk_data_jwks.json'))
101
+ ))
79
102
  @jwks_json ||= JSON.pretty_generate(
80
103
  { keys: bulk_data_jwks['keys'].select { |key| key['key_ops']&.include?('verify') } }
81
104
  )
@@ -91,6 +114,36 @@ module ONCCertificationG10TestKit
91
114
  well_known_route_handler
92
115
  )
93
116
 
117
+ if Feature.us_core_v4?
118
+ suite_option :us_core_version,
119
+ title: 'US Core Version',
120
+ list_options: [
121
+ {
122
+ label: 'US Core 3.1.1',
123
+ value: 'us_core_3'
124
+ },
125
+ {
126
+ label: 'US Core 4.0.0',
127
+ value: 'us_core_4'
128
+ }
129
+ ]
130
+ end
131
+
132
+ if Feature.bulk_data_v2?
133
+ suite_option :multi_patient_version,
134
+ title: 'Multi-Patient Authorization and API Version',
135
+ list_options: [
136
+ {
137
+ label: 'Multi-Patient Authorization and API STU1',
138
+ value: 'multi_patient_api_stu1'
139
+ },
140
+ {
141
+ label: 'Multi-Patient Authorization and API STU2',
142
+ value: 'multi_patient_api_stu2'
143
+ }
144
+ ]
145
+ end
146
+
94
147
  description %(
95
148
  The ONC Certification (g)(10) Standardized API Test Kit is a testing tool for
96
149
  Health Level 7 (HL7®) Fast Healthcare Interoperability Resources (FHIR®)
@@ -135,12 +188,27 @@ module ONCCertificationG10TestKit
135
188
 
136
189
  group from: 'g10_smart_ehr_practitioner_app'
137
190
 
138
- group from: 'g10_single_patient_api'
191
+ group from: 'g10_single_patient_api' do
192
+ required_suite_options us_core_version: 'us_core_3' if Feature.us_core_v4?
193
+ end
139
194
 
140
- group from: 'multi_patient_api'
195
+ if Feature.us_core_v4?
196
+ group from: 'g10_single_patient_us_core_4_api',
197
+ required_suite_options: { us_core_version: 'us_core_4' }
198
+ end
199
+
200
+ group from: 'multi_patient_api' do
201
+ required_suite_options multi_patient_version: 'multi_patient_api_stu1' if Feature.bulk_data_v2?
202
+ end
203
+
204
+ if Feature.bulk_data_v2?
205
+ group from: 'multi_patient_api_stu2',
206
+ required_suite_options: { multi_patient_version: 'multi_patient_api_stu2' }
207
+ end
141
208
 
142
209
  group do
143
210
  title 'Additional Tests'
211
+ id 'Group06'
144
212
  description %(
145
213
  Not all requirements that need to be tested fit within the previous
146
214
  scenarios. The tests contained in this section addresses remaining
@@ -149,6 +217,22 @@ module ONCCertificationG10TestKit
149
217
  may require special setup on the part of the tester.
150
218
  )
151
219
 
220
+ config(
221
+ options: {
222
+ redirect_message_proc: lambda do |auth_url|
223
+ %(
224
+ ### #{self.class.parent.title}
225
+
226
+ [Follow this link to authorize with the SMART
227
+ server](#{auth_url}).
228
+
229
+ Tests will resume once Inferno receives a request at
230
+ `#{config.options[:redirect_uri]}` with a state of `#{state}`.
231
+ )
232
+ end
233
+ }
234
+ )
235
+
152
236
  group from: :g10_public_standalone_launch
153
237
  group from: :g10_token_revocation
154
238
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: onc_certification_g10_test_kit
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.2
4
+ version: 2.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Stephen MacVicar
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-07-11 00:00:00.000000000 Z
11
+ date: 2022-08-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bloomer
@@ -42,16 +42,16 @@ dependencies:
42
42
  name: inferno_core
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - ">"
45
+ - - ">="
46
46
  - !ruby/object:Gem::Version
47
- version: 0.2.0
47
+ version: 0.3.7
48
48
  type: :runtime
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - ">"
52
+ - - ">="
53
53
  - !ruby/object:Gem::Version
54
- version: 0.2.0
54
+ version: 0.3.7
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: json-jwt
57
57
  requirement: !ruby/object:Gem::Requirement
@@ -114,14 +114,14 @@ dependencies:
114
114
  requirements:
115
115
  - - '='
116
116
  - !ruby/object:Gem::Version
117
- version: 0.1.4
117
+ version: 0.1.5
118
118
  type: :runtime
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - '='
123
123
  - !ruby/object:Gem::Version
124
- version: 0.1.4
124
+ version: 0.1.5
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: tls_test_kit
127
127
  requirement: !ruby/object:Gem::Requirement
@@ -142,14 +142,14 @@ dependencies:
142
142
  requirements:
143
143
  - - '='
144
144
  - !ruby/object:Gem::Version
145
- version: 0.2.4
145
+ version: 0.2.5
146
146
  type: :runtime
147
147
  prerelease: false
148
148
  version_requirements: !ruby/object:Gem::Requirement
149
149
  requirements:
150
150
  - - '='
151
151
  - !ruby/object:Gem::Version
152
- version: 0.2.4
152
+ version: 0.2.5
153
153
  - !ruby/object:Gem::Dependency
154
154
  name: database_cleaner-sequel
155
155
  requirement: !ruby/object:Gem::Requirement
@@ -249,12 +249,14 @@ files:
249
249
  - lib/onc_certification_g10_test_kit/authorization_request_builder.rb
250
250
  - lib/onc_certification_g10_test_kit/base_token_refresh_group.rb
251
251
  - lib/onc_certification_g10_test_kit/bulk_data_authorization.rb
252
- - lib/onc_certification_g10_test_kit/bulk_data_group_export.rb
252
+ - lib/onc_certification_g10_test_kit/bulk_data_group_export_stu1.rb
253
+ - lib/onc_certification_g10_test_kit/bulk_data_group_export_stu2.rb
253
254
  - lib/onc_certification_g10_test_kit/bulk_data_group_export_validation.rb
254
255
  - lib/onc_certification_g10_test_kit/bulk_data_jwks.json
255
256
  - lib/onc_certification_g10_test_kit/bulk_export_validation_tester.rb
256
257
  - lib/onc_certification_g10_test_kit/configuration_checker.rb
257
258
  - lib/onc_certification_g10_test_kit/export_kick_off_performer.rb
259
+ - lib/onc_certification_g10_test_kit/feature.rb
258
260
  - lib/onc_certification_g10_test_kit/igs/StructureDefinition-bodyheight.json
259
261
  - lib/onc_certification_g10_test_kit/igs/StructureDefinition-bodytemp.json
260
262
  - lib/onc_certification_g10_test_kit/igs/StructureDefinition-bodyweight.json
@@ -262,7 +264,8 @@ files:
262
264
  - lib/onc_certification_g10_test_kit/igs/StructureDefinition-heartrate.json
263
265
  - lib/onc_certification_g10_test_kit/igs/StructureDefinition-resprate.json
264
266
  - lib/onc_certification_g10_test_kit/limited_scope_grant_test.rb
265
- - lib/onc_certification_g10_test_kit/multi_patient_api.rb
267
+ - lib/onc_certification_g10_test_kit/multi_patient_api_stu1.rb
268
+ - lib/onc_certification_g10_test_kit/multi_patient_api_stu2.rb
266
269
  - lib/onc_certification_g10_test_kit/onc_program_procedure.yml
267
270
  - lib/onc_certification_g10_test_kit/patient_context_test.rb
268
271
  - lib/onc_certification_g10_test_kit/profile_guesser.rb
@@ -270,6 +273,7 @@ files:
270
273
  - lib/onc_certification_g10_test_kit/restricted_access_test.rb
271
274
  - lib/onc_certification_g10_test_kit/restricted_resource_type_access_group.rb
272
275
  - lib/onc_certification_g10_test_kit/single_patient_api_group.rb
276
+ - lib/onc_certification_g10_test_kit/single_patient_us_core_4_api_group.rb
273
277
  - lib/onc_certification_g10_test_kit/smart_app_launch_invalid_aud_group.rb
274
278
  - lib/onc_certification_g10_test_kit/smart_ehr_practitioner_app_group.rb
275
279
  - lib/onc_certification_g10_test_kit/smart_invalid_token_group.rb
@@ -292,7 +296,7 @@ licenses:
292
296
  metadata:
293
297
  homepage_uri: https://github.com/inferno_framework/onc-certification-g10-test-kit
294
298
  source_code_uri: https://github.com/inferno_framework/onc-certification-g10-test-kit
295
- post_install_message:
299
+ post_install_message:
296
300
  rdoc_options: []
297
301
  require_paths:
298
302
  - lib
@@ -308,7 +312,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
308
312
  version: '0'
309
313
  requirements: []
310
314
  rubygems_version: 3.1.6
311
- signing_key:
315
+ signing_key:
312
316
  specification_version: 4
313
317
  summary: ONC Certification (g)(10) Test Kit
314
318
  test_files: []