onc_certification_g10_test_kit 2.3.0 → 3.0.0

data/lib/onc_certification_g10_test_kit/profile_selector.rb

@@ -0,0 +1,175 @@
+module ONCCertificationG10TestKit
+  module ProfileSelector
+    def extract_profile(profile)
+      case profile
+      when 'Medication'
+        return versioned_us_core_module.const_get('USCoreTestSuite').metadata.find do |meta|
+                 meta.resource == profile
+               end.profile_url
+      when 'Location'
+        return 'http://hl7.org/fhir/StructureDefinition/Location'
+      end
+      versioned_us_core_module.const_get("#{profile}Group").metadata.profile_url
+    end
+
+    def observation_contains_code(observation_resource, code)
+      observation_resource&.code&.coding&.any? { |coding| coding&.code == code }
+    end
+
+    def resource_contains_category(resource, category_code, category_system = nil) # rubocop:disable Metrics/CyclomaticComplexity
+      resource&.category&.any? do |category|
+        category.coding&.any? do |coding|
+          coding.code == category_code &&
+            (category_system.blank? || coding.system.blank? || category_system == coding.system)
+        end
+      end
+    end
+
+    def select_profile(resource) # rubocop:disable Metrics/CyclomaticComplexity
+      case resource.resourceType
+      when 'Condition'
+        case suite_options[:us_core_version]
+        when 'us_core_5'
+          if resource_contains_category(resource, 'encounter-diagnosis', 'http://terminology.hl7.org/CodeSystem/condition-category')
+            extract_profile('ConditionEncounterDiagnosis')
+          elsif resource_contains_category(resource, 'problem-list-item',
+                                           'http://terminology.hl7.org/CodeSystem/condition-category') ||
+                resource_contains_category(resource, 'health-concern', 'http://terminology.hl7.org/CodeSystem/condition-category')
+            extract_profile('ConditionProblemsHealthConcerns')
+          end
+        else
+          extract_profile(resource.resourceType)
+        end
+      when 'DiagnosticReport'
+        return extract_profile('DiagnosticReportLab') if resource_contains_category(resource, 'LAB', 'http://terminology.hl7.org/CodeSystem/v2-0074')
+
+        extract_profile('DiagnosticReportNote')
+      when 'Observation'
+        return extract_profile('Smokingstatus') if observation_contains_code(resource, '72166-2')
+
+        return extract_profile('ObservationLab') if resource_contains_category(resource, 'laboratory', 'http://terminology.hl7.org/CodeSystem/observation-category')
+
+        return extract_profile('PediatricBmiForAge') if observation_contains_code(resource, '59576-9')
+
+        return extract_profile('PediatricWeightForHeight') if observation_contains_code(resource, '77606-2')
+
+        return extract_profile('PulseOximetry') if observation_contains_code(resource, '59408-5')
+
+        if observation_contains_code(resource, '8289-1')
+          case suite_options[:us_core_version]
+          when 'us_core_3'
+            return extract_profile('HeadCircumference')
+          else
+            return extract_profile('HeadCircumferencePercentile')
+          end
+        end
+
+        return extract_profile('HeadCircumference') if observation_contains_code(resource, '9843-4')
+
+        # FHIR Vital Signs profiles: https://www.hl7.org/fhir/observation-vitalsigns.html
+        # Vital Signs Panel, Oxygen Saturation are not required by USCDI
+        # Body Mass Index is replaced by :pediatric_bmi_age Profile
+        # Systolic Blood Pressure, Diastolic Blood Pressure are covered by :blood_pressure Profile
+        # Head Circumference is replaced by US Core Head Occipital-frontal Circumference Percentile Profile
+        if observation_contains_code(resource, '39156-5') && suite_options[:us_core_version] != 'us_core_3'
+          return extract_profile('Bmi')
+        end
+
+        if observation_contains_code(resource, '85354-9')
+          case suite_options[:us_core_version]
+          when 'us_core_3'
+            return extract_profile('Bp')
+          else
+            return extract_profile('BloodPressure')
+          end
+        end
+
+        if observation_contains_code(resource, '8302-2')
+          case suite_options[:us_core_version]
+          when 'us_core_3'
+            return extract_profile('Bodyheight')
+          else
+            return extract_profile('BodyHeight')
+          end
+        end
+
+        if observation_contains_code(resource, '8310-5')
+          case suite_options[:us_core_version]
+          when 'us_core_3'
+            return extract_profile('Bodytemp')
+          else
+            return extract_profile('BodyTemperature')
+          end
+        end
+
+        if observation_contains_code(resource, '29463-7')
+          case suite_options[:us_core_version]
+          when 'us_core_3'
+            return extract_profile('Bodyweight')
+          else
+            return extract_profile('BodyWeight')
+          end
+        end
+
+        if observation_contains_code(resource, '8867-4')
+          case suite_options[:us_core_version]
+          when 'us_core_3'
+            return extract_profile('Heartrate')
+          else
+            return extract_profile('HeartRate')
+          end
+        end
+
+        if observation_contains_code(resource, '9279-1')
+          case suite_options[:us_core_version]
+          when 'us_core_3'
+            return extract_profile('Resprate')
+          else
+            return extract_profile('RespiratoryRate')
+          end
+        end
+
+        if suite_options[:us_core_version] == 'us_core_5' &&
+           resource_contains_category(
+             resource, 'clinical-test', 'http://terminology.hl7.org/CodeSystem/observation-category'
+           )
+          return extract_profile('ObservationClinicalTest')
+        end
+
+        if suite_options[:us_core_version] == 'us_core_5' && observation_contains_code(resource, '76690-7')
+          return extract_profile('ObservationSexualOrientation')
+        end
+
+        if suite_options[:us_core_version] == 'us_core_5' &&
+           resource_contains_category(resource, 'social-history',
+                                      'http://terminology.hl7.org/CodeSystem/observation-category')
+          return extract_profile('ObservationSocialHistory')
+        end
+
+        # We will simply match all Observations of category "survey" to SDOH,
+        # and do not look at the category "sdoh".  US Core spec team says that
+        # support for the "sdoh" category is limited, and the validation rules
+        # allow for very generic surveys to validate against this profile.
+        # And will not validate against the ObservationSurvey profile itself.
+        # This may not be exactly precise but it works out the same
+
+        # if we wanted to be more specific here, we would add:
+        # `resource_contains_category(resource, 'sdoh',
+        #                                       'http://terminology.hl7.org/CodeSystem/observation-category') &&`
+        # along with a specific extract_profile('ObservationSurvey') to catch non-sdoh.
+        if suite_options[:us_core_version] == 'us_core_5' &&
+           resource_contains_category(resource, 'survey',
+                                      'http://terminology.hl7.org/CodeSystem/observation-category')
+
+          return extract_profile('ObservationSdohAssessment')
+        end
+
+        nil
+      else
+        extract_profile(resource.resourceType)
+      end
+    rescue StandardError
+      skip "Could not determine profile of \"#{resource.resourceType}\" resource."
+    end
+  end
+end

data/lib/onc_certification_g10_test_kit/restricted_resource_type_access_group.rb

@@ -27,6 +27,8 @@ module ONCCertificationG10TestKit
         * Observation
         * Procedure
 
+      If testing against USCDI v2, ServiceRequest is also checked.
+
       For each of the resources that can be mapped to USCDI data class or
       elements, this set of tests performs a minimum number of requests to
       determine if access to the resource type is appropriately allowed or
@@ -38,10 +40,18 @@ module ONCCertificationG10TestKit
       required status search parameter.
 
       This set of tests does not attempt to access resources that do not
-      directly map to USCDI v1, including Encounter, Location, Organization, and
-      Practitioner. It also does not test Provenance, as this resource type is
-      accessed by queries through other resource types. These resource types are
-      accessed in the more comprehensive Single Patient Query tests.
+      directly map to USCDI. For USCDI v1 this includes:
+
+        * Encounter
+        * Location
+        * Organization
+        * Practitioner
+
+      For USCDI v2 this includes:
+
+        * Location
+        * Organization
+        * Practitioner
 
       If the tester chooses to not grant access to a resource, the queries
       associated with that resource must result in either a 401 (Unauthorized)
@@ -299,5 +309,45 @@ module ONCCertificationG10TestKit
         USCoreTestKit::USCoreV311::ProcedureGroup
       end
     end
+
+    test from: :g10_restricted_access_test do
+      title 'Access to Encounter resources are restricted properly based on patient-selected scope'
+      description %(
+        This test ensures that access to the Encounter is granted or
+        denied based on the selection by the tester prior to the execution of
+        the test. If the tester indicated that access will be granted to this
+        resource, this test verifies that a search by patient in this resource
+        does not result in an access denied result. If the tester indicated that
+        access will be denied for this resource, this verifies that search by
+        patient in the resource results in an access denied result.
+      )
+      id :g10_encounter_restricted_access
+
+      required_suite_options us_core_version: 'us_core_5'
+
+      def resource_group
+        USCoreTestKit::USCoreV501::EncounterGroup
+      end
+    end
+
+    test from: :g10_restricted_access_test do
+      title 'Access to ServiceRequest resources are restricted properly based on patient-selected scope'
+      description %(
+        This test ensures that access to the ServiceRequest is granted or
+        denied based on the selection by the tester prior to the execution of
+        the test. If the tester indicated that access will be granted to this
+        resource, this test verifies that a search by patient in this resource
+        does not result in an access denied result. If the tester indicated that
+        access will be denied for this resource, this verifies that search by
+        patient in the resource results in an access denied result.
+      )
+      id :g10_service_request_restricted_access
+
+      required_suite_options us_core_version: 'us_core_5'
+
+      def resource_group
+        USCoreTestKit::USCoreV501::ServiceRequestGroup
+      end
+    end
   end
 end

data/lib/onc_certification_g10_test_kit/single_patient_us_core_5_api_group.rb

@@ -0,0 +1,93 @@
+module ONCCertificationG10TestKit
+  class SinglePatientUSCore5APIGroup < Inferno::TestGroup
+    id :g10_single_patient_us_core_5_api
+    title 'Single Patient API (US Core 5.0.1)'
+    description %(
+      For each of the relevant USCDI data elements provided in the
+      CapabilityStatement, this test executes the [required supported
+      searches](http://hl7.org/fhir/us/core/STU4/CapabilityStatement-us-core-server.html)
+      as defined by the US Core Implementation Guide v4.0.0.
+
+      The test begins by searching by one or more patients, with the expectation
+      that the Bearer token provided to the test grants access to all USCDI
+      resources. It uses results returned from that query to generate other
+      queries and checks that the results are consistent with the provided
+      search parameters. It then performs a read on each Resource returned and
+      validates the response against the relevant
+      [profile](http://hl7.org/fhir/us/core/STU4/profiles-and-extensions.html)
+      as currently defined in the US Core Implementation Guide.
+
+      All MUST SUPPORT elements must be seen before the test can pass, as well
+      as Data Absent Reason to demonstrate that the server can properly handle
+      missing data. Note that Encounter, Organization and Practitioner resources
+      must be accessible as references in some US Core profiles to satisfy must
+      support requirements, and those references will be validated to their US
+      Core profile. These resources will not be tested for FHIR search support.
+    )
+    run_as_group
+
+    input :url,
+          title: 'FHIR Endpoint',
+          description: 'URL of the FHIR endpoint used by SMART applications'
+    input :patient_id,
+          title: 'Patient ID from SMART App Launch',
+          locked: true
+    input :additional_patient_ids,
+          title: 'Additional Patient IDs',
+          description: <<~DESCRIPTION,
+            Comma separated list of Patient IDs that together with the Patient
+            ID from the SMART App Launch contain all MUST SUPPORT elements.
+          DESCRIPTION
+          optional: true
+    input :smart_credentials,
+          title: 'SMART App Launch Credentials',
+          type: :oauth_credentials,
+          locked: true
+
+    fhir_client do
+      url :url
+      oauth_credentials :smart_credentials
+    end
+
+    input_order :url, :patient_id, :additional_patient_ids, :implantable_device_codes, :smart_credentials
+
+    test do
+      id :g10_patient_id_setup
+      title 'Manage patient id list'
+
+      input :patient_id, :additional_patient_ids
+      output :patient_ids
+
+      run do
+        smart_app_launch_patient_id = patient_id.presence
+        additional_patient_ids_list =
+          if additional_patient_ids.present?
+            additional_patient_ids
+              .split(',')
+              .map(&:strip)
+              .map(&:presence)
+              .compact
+          else
+            []
+          end
+
+        all_patient_ids = ([smart_app_launch_patient_id] + additional_patient_ids_list).compact.uniq
+
+        output patient_ids: all_patient_ids.join(',')
+      end
+    end
+
+    USCoreTestKit::USCoreV501::USCoreTestSuite.groups.each do |group|
+      test_group = group.ancestors[1]
+      id = test_group.id
+
+      group_config = {}
+      if test_group.respond_to?(:metadata) && test_group.metadata.delayed?
+        test_group.children.reject! { |child| child.include? USCoreTestKit::SearchTest }
+        group_config[:options] = { read_all_resources: true }
+      end
+
+      group(from: id, exclude_optional: true, config: group_config)
+    end
+  end
+end

data/lib/onc_certification_g10_test_kit/smart_app_launch_invalid_aud_group.rb

@@ -11,11 +11,10 @@ module ONCCertificationG10TestKit
       # Background
 
       The Invalid AUD Sequence verifies that a SMART Launch Sequence,
-      specifically the [Standalone
-      Launch](http://hl7.org/fhir/smart-app-launch/1.0.0/index.html#standalone-launch-sequence)
-      Sequence, does not work in the case where the client sends an invalid FHIR
-      server as the `aud` parameter during launch. This must fail to ensure that
-      a genuine bearer token is not leaked to a counterfit resource server.
+      specifically the Standalone Launch Sequence, does not work in the case
+      where the client sends an invalid FHIR server as the `aud` parameter
+      during launch. This must fail to ensure that a genuine bearer token is not
+      leaked to a counterfit resource server.
 
       This test is not included as part of a regular SMART Launch Sequence
       because it requires the browser of the user to be redirected to the
@@ -28,6 +27,11 @@ module ONCCertificationG10TestKit
       Note that this test will launch a new browser window. The user is required
       to 'Attest' in the Inferno user interface after the launch does not
       succeed, if the server does not return an error code.
+
+      * [Standalone Launch Sequence
+        (STU1)](http://hl7.org/fhir/smart-app-launch/1.0.0/index.html#standalone-launch-sequence)
+      * [Standalone Launch
+        (STU2)](http://hl7.org/fhir/smart-app-launch/STU2/app-launch.html#launch-app-standalone-launch)
     )
     id :g10_smart_invalid_aud
     run_as_group
@@ -87,6 +91,47 @@ module ONCCertificationG10TestKit
                 :smart_authorization_url
 
     test from: :smart_app_redirect do
+      required_suite_options smart_app_launch_version: 'smart_app_launch_1'
+
+      input :client_secret,
+            name: :standalone_client_secret,
+            title: 'Standalone Client Secret',
+            description: 'Client Secret provided during registration of Inferno as a standalone application'
+
+      def aud
+        'https://inferno.healthit.gov/invalid_aud'
+      end
+
+      def wait_message(auth_url)
+        %(
+          Inferno will redirect you to an external website for authorization.
+          **It is expected this will fail**. If the server does not return to
+          Inferno automatically, but does provide an error message, you may
+          return to Inferno and confirm that an error was presented in this
+          window.
+
+          * [Perform Invalid Launch](#{auth_url})
+          * [Attest launch
+            failed](#{Inferno::Application['base_url']}/custom/smart/redirect?state=#{state}&confirm_fail=true)
+        )
+      end
+    end
+
+    test from: :smart_app_redirect_stu2 do
+      required_suite_options smart_app_launch_version: 'smart_app_launch_2'
+
+      config(
+        inputs: {
+          use_pkce: {
+            default: 'true',
+            locked: true
+          },
+          pkce_code_challenge_method: {
+            locked: true
+          }
+        }
+      )
+
       input :client_secret,
             name: :standalone_client_secret,
             title: 'Standalone Client Secret',

data/lib/onc_certification_g10_test_kit/smart_ehr_patient_launch_group.rb

@@ -0,0 +1,94 @@
+module ONCCertificationG10TestKit
+  class SMARTEHRPatientLaunchGroup < SMARTAppLaunch::EHRLaunchGroup
+    title 'EHR Launch with Patient Scopes'
+    description %(
+      # Background
+
+      If an application launched from an EHR requests and is granted a clinical
+      scope restricted to a single patient, the EHR SHALL establish a patient in
+      context.
+
+      # Test Methodology
+
+      Inferno will attempt an EHR Launch with a clinical scope restricted to a
+      single patient and verify that a patient id is received.
+
+      For more information on the #{title}
+
+      * [Apps that launch from the
+        EHR](http://hl7.org/fhir/smart-app-launch/STU2/scopes-and-launch-context.html#apps-that-launch-from-the-ehr)
+    )
+    id :g10_ehr_patient_launch
+    run_as_group
+
+    config(
+      inputs: {
+        client_id: {
+          name: :ehr_patient_client_id
+        },
+        client_secret: {
+          name: :ehr_patient_client_secret
+        },
+        requested_scopes: {
+          name: :ehr_patient_requested_scopes,
+          default: 'launch openid fhirUser offline_access patient/Patient.read',
+          locked: true
+        },
+        code: {
+          name: :ehr_patient_code
+        },
+        state: {
+          name: :ehr_patient_state
+        },
+        launch: {
+          name: :ehr_patient_launch
+        },
+        smart_credentials: {
+          name: :ehr_patient_smart_credentials
+        },
+        smart_authorization_url: {
+          title: 'OAuth 2.0 Authorize Endpoint',
+          description: 'OAuth 2.0 Authorize Endpoint provided during the EHR launch'
+        },
+        smart_token_url: {
+          title: 'OAuth 2.0 Token Endpoint',
+          description: 'OAuth 2.0 Token Endpoint provided during the EHR launch'
+        }
+      },
+      outputs: {
+        launch: { name: :ehr_patient_launch },
+        code: { name: :ehr_patient_code },
+        token_retrieval_time: { name: :ehr_patient_token_retrieval_time },
+        state: { name: :ehr_patient_state },
+        id_token: { name: :ehr_patient_id_token },
+        refresh_token: { name: :ehr_patient_refresh_token },
+        access_token: { name: :ehr_patient_access_token },
+        expires_in: { name: :ehr_patient_expires_in },
+        patient_id: { name: :ehr_patient_patient_id },
+        encounter_id: { name: :ehr_patient_encounter_id },
+        received_scopes: { name: :ehr_patient_received_scopes },
+        intent: { name: :ehr_patient_intent },
+        smart_credentials: { name: :ehr_patient_smart_credentials }
+      },
+      requests: {
+        redirect: { name: :ehr_patient_redirect },
+        token: { name: :ehr_patient_token }
+      }
+    )
+
+    input_order :url,
+                :ehr_patient_client_id,
+                :ehr_patient_client_secret,
+                :smart_authorization_url,
+                :smart_token_url,
+                :authorization_method
+
+    test from: :g10_patient_context,
+         config: {
+           inputs: {
+             patient_id: { name: :ehr_patient_patient_id },
+             smart_credentials: { name: :ehr_patient_smart_credentials }
+           }
+         }
+  end
+end

data/lib/onc_certification_g10_test_kit/smart_ehr_patient_launch_group_stu2.rb

@@ -0,0 +1,94 @@
+module ONCCertificationG10TestKit
+  class SMARTEHRPatientLaunchGroupSTU2 < SMARTAppLaunch::EHRLaunchGroupSTU2
+    title 'EHR Launch with Patient Scopes'
+    description %(
+      # Background
+
+      If an application launched from an EHR requests and is granted a clinical
+      scope restricted to a single patient, the EHR SHALL establish a patient in
+      context.
+
+      # Test Methodology
+
+      Inferno will attempt an EHR Launch with a clinical scope restricted to a
+      single patient and verify that a patient id is received.
+
+      For more information on the #{title}
+
+      * [Apps that launch from the
+        EHR](http://hl7.org/fhir/smart-app-launch/STU2/scopes-and-launch-context.html#apps-that-launch-from-the-ehr)
+    )
+    id :g10_ehr_patient_launch_stu2
+    run_as_group
+
+    config(
+      inputs: {
+        client_id: {
+          name: :ehr_patient_client_id
+        },
+        client_secret: {
+          name: :ehr_patient_client_secret
+        },
+        requested_scopes: {
+          name: :ehr_patient_requested_scopes,
+          default: 'launch openid fhirUser offline_access patient/Patient.rs',
+          locked: true
+        },
+        code: {
+          name: :ehr_patient_code
+        },
+        state: {
+          name: :ehr_patient_state
+        },
+        launch: {
+          name: :ehr_patient_launch
+        },
+        smart_credentials: {
+          name: :ehr_patient_smart_credentials
+        },
+        smart_authorization_url: {
+          title: 'OAuth 2.0 Authorize Endpoint',
+          description: 'OAuth 2.0 Authorize Endpoint provided during the EHR launch'
+        },
+        smart_token_url: {
+          title: 'OAuth 2.0 Token Endpoint',
+          description: 'OAuth 2.0 Token Endpoint provided during the EHR launch'
+        }
+      },
+      outputs: {
+        launch: { name: :ehr_patient_launch },
+        code: { name: :ehr_patient_code },
+        token_retrieval_time: { name: :ehr_patient_token_retrieval_time },
+        state: { name: :ehr_patient_state },
+        id_token: { name: :ehr_patient_id_token },
+        refresh_token: { name: :ehr_patient_refresh_token },
+        access_token: { name: :ehr_patient_access_token },
+        expires_in: { name: :ehr_patient_expires_in },
+        patient_id: { name: :ehr_patient_patient_id },
+        encounter_id: { name: :ehr_patient_encounter_id },
+        received_scopes: { name: :ehr_patient_received_scopes },
+        intent: { name: :ehr_patient_intent },
+        smart_credentials: { name: :ehr_patient_smart_credentials }
+      },
+      requests: {
+        redirect: { name: :ehr_patient_redirect },
+        token: { name: :ehr_patient_token }
+      }
+    )
+
+    input_order :url,
+                :ehr_patient_client_id,
+                :ehr_patient_client_secret,
+                :smart_authorization_url,
+                :smart_token_url,
+                :authorization_method
+
+    test from: :g10_patient_context,
+         config: {
+           inputs: {
+             patient_id: { name: :ehr_patient_patient_id },
+             smart_credentials: { name: :ehr_patient_smart_credentials }
+           }
+         }
+  end
+end