RubyGems - onc_certification_g10_test_kit - Versions diffs - 3.1.0 → 3.2.0 - Mend

onc_certification_g10_test_kit 3.1.0 → 3.2.0

Files changed (37) hide show

data/lib/onc_certification_g10_test_kit/single_patient_api_group.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+require_relative 'incorrectly_permitted_tls_versions_messages_setup_test'
 module ONCCertificationG10TestKit
   class SinglePatientAPIGroup < Inferno::TestGroup
     id :g10_single_patient_api
@@ -92,5 +94,7 @@ module ONCCertificationG10TestKit
       group(from: id, exclude_optional: true, config: group_config)
     end
+    test from: :g10_incorrectly_permitted_tls_versions_messages_setup
   end
 end

data/lib/onc_certification_g10_test_kit/single_patient_us_core_4_api_group.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+require_relative 'incorrectly_permitted_tls_versions_messages_setup_test'
 module ONCCertificationG10TestKit
   class SinglePatientUSCore4APIGroup < Inferno::TestGroup
     id :g10_single_patient_us_core_4_api
@@ -92,5 +94,7 @@ module ONCCertificationG10TestKit
       group(from: id, exclude_optional: true, config: group_config)
     end
+    test from: :g10_incorrectly_permitted_tls_versions_messages_setup
   end
 end

data/lib/onc_certification_g10_test_kit/single_patient_us_core_5_api_group.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+require_relative 'incorrectly_permitted_tls_versions_messages_setup_test'
 module ONCCertificationG10TestKit
   class SinglePatientUSCore5APIGroup < Inferno::TestGroup
     id :g10_single_patient_us_core_5_api
@@ -92,5 +94,7 @@ module ONCCertificationG10TestKit
       group(from: id, exclude_optional: true, config: group_config)
     end
+    test from: :g10_incorrectly_permitted_tls_versions_messages_setup
   end
 end

data/lib/onc_certification_g10_test_kit/smart_app_launch_invalid_aud_group.rb CHANGED Viewed

@@ -91,7 +91,7 @@ module ONCCertificationG10TestKit
                 :smart_authorization_url
     test from: :smart_app_redirect do
-      required_suite_options smart_app_launch_version: 'smart_app_launch_1'
+      required_suite_options G10Options::SMART_1_REQUIREMENT
       input :client_secret,
             name: :standalone_client_secret,
@@ -118,7 +118,7 @@ module ONCCertificationG10TestKit
     end
     test from: :smart_app_redirect_stu2 do
-      required_suite_options smart_app_launch_version: 'smart_app_launch_2'
+      required_suite_options G10Options::SMART_2_REQUIREMENT
       config(
         inputs: {

data/lib/onc_certification_g10_test_kit/smart_ehr_practitioner_app_group.rb CHANGED Viewed

@@ -60,7 +60,7 @@ module ONCCertificationG10TestKit
     input_order :url, :ehr_client_id, :ehr_client_secret
     group from: :smart_discovery do
-      required_suite_options(smart_app_launch_version: 'smart_app_launch_1')
+      required_suite_options(G10Options::SMART_1_REQUIREMENT)
       test from: 'g10_smart_well_known_capabilities',
            config: {
@@ -80,7 +80,7 @@ module ONCCertificationG10TestKit
     end
     group from: :smart_discovery_stu2 do
-      required_suite_options(smart_app_launch_version: 'smart_app_launch_2')
+      required_suite_options(G10Options::SMART_2_REQUIREMENT)
       test from: 'g10_smart_well_known_capabilities',
            config: {
@@ -103,7 +103,7 @@ module ONCCertificationG10TestKit
     end
     group from: :smart_ehr_launch do
-      required_suite_options(smart_app_launch_version: 'smart_app_launch_1')
+      required_suite_options(G10Options::SMART_1_REQUIREMENT)
       title 'EHR Launch With Practitioner Scope'
       input :client_secret,
@@ -173,7 +173,7 @@ module ONCCertificationG10TestKit
                access_token: { name: :ehr_access_token }
              }
            },
-           required_suite_options: { us_core_version: 'us_core_5' }
+           required_suite_options: G10Options::US_CORE_5_REQUIREMENT
       test do
         title 'Launch context contains smart_style_url which links to valid JSON'
@@ -221,6 +221,22 @@ module ONCCertificationG10TestKit
                  'Token response did not contain `need_patient_banner`'
         end
       end
+      tests[2].config(
+        outputs: {
+          incorrectly_permitted_tls_versions_messages: {
+            name: :auth_incorrectly_permitted_tls_versions_messages
+          }
+        }
+      )
+      tests[5].config(
+        outputs: {
+          incorrectly_permitted_tls_versions_messages: {
+            name: :token_incorrectly_permitted_tls_versions_messages
+          }
+        }
+      )
     end
     group from: :smart_ehr_launch_stu2,
@@ -240,7 +256,7 @@ module ONCCertificationG10TestKit
               }
             }
           } do
-      required_suite_options(smart_app_launch_version: 'smart_app_launch_2')
+      required_suite_options(G10Options::SMART_2_REQUIREMENT)
       title 'EHR Launch With Practitioner Scope'
       input :client_secret,
@@ -309,7 +325,7 @@ module ONCCertificationG10TestKit
                access_token: { name: :ehr_access_token }
              }
            },
-           required_suite_options: { us_core_version: 'us_core_5' }
+           required_suite_options: G10Options::US_CORE_5_REQUIREMENT
       test do
         title 'Launch context contains smart_style_url which links to valid JSON'
@@ -357,6 +373,22 @@ module ONCCertificationG10TestKit
                  'Token response did not contain `need_patient_banner`'
         end
       end
+      tests[2].config(
+        outputs: {
+          incorrectly_permitted_tls_versions_messages: {
+            name: :auth_incorrectly_permitted_tls_versions_messages
+          }
+        }
+      )
+      tests[5].config(
+        outputs: {
+          incorrectly_permitted_tls_versions_messages: {
+            name: :token_incorrectly_permitted_tls_versions_messages
+          }
+        }
+      )
     end
     group from: :smart_openid_connect,
@@ -417,5 +449,25 @@ module ONCCertificationG10TestKit
                patient_id: ehr_patient_id
       end
     end
+    test from: :g10_incorrectly_permitted_tls_versions_messages_setup,
+         id: :g10_auth_incorrectly_permitted_tls_versions_messages_setup,
+         config: {
+           inputs: {
+             incorrectly_permitted_tls_versions_messages: {
+               name: :auth_incorrectly_permitted_tls_versions_messages
+             }
+           }
+         }
+    test from: :g10_incorrectly_permitted_tls_versions_messages_setup,
+         id: :g10_token_incorrectly_permitted_tls_versions_messages_setup,
+         config: {
+           inputs: {
+             incorrectly_permitted_tls_versions_messages: {
+               name: :token_incorrectly_permitted_tls_versions_messages
+             }
+           }
+         }
   end
 end

data/lib/onc_certification_g10_test_kit/smart_limited_app_group.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+require_relative 'g10_options'
 require_relative 'patient_context_test'
 require_relative 'limited_scope_grant_test'
 require_relative 'restricted_resource_type_access_group'
@@ -80,7 +81,7 @@ module ONCCertificationG10TestKit
           Sequence](http://hl7.org/fhir/smart-app-launch/1.0.0/index.html#standalone-launch-sequence)
       )
-      required_suite_options smart_app_launch_version: 'smart_app_launch_1'
+      required_suite_options G10Options::SMART_1_REQUIREMENT
       config(
         inputs: {
@@ -203,7 +204,7 @@ module ONCCertificationG10TestKit
           Sequence](http://hl7.org/fhir/smart-app-launch/STU2/app-launch.html#launch-app-standalone-launch)
       )
-      required_suite_options smart_app_launch_version: 'smart_app_launch_2'
+      required_suite_options G10Options::SMART_2_REQUIREMENT
       config(
         inputs: {

data/lib/onc_certification_g10_test_kit/smart_scopes_test.rb CHANGED Viewed

@@ -1,5 +1,7 @@
 module ONCCertificationG10TestKit
   class SMARTScopesTest < Inferno::Test
+    include G10Options
     title 'Patient-level access with OpenID Connect and Refresh Token scopes used.'
     description %(
       The scopes being input must follow the guidelines specified in the
@@ -62,13 +64,13 @@ module ONCCertificationG10TestKit
       (PATIENT_COMPARTMENT_RESOURCE_TYPES + ['ServiceRequest']).freeze
     def patient_compartment_resource_types
-      return PATIENT_COMPARTMENT_RESOURCE_TYPES unless suite_options[:us_core_version] == 'us_core_5'
+      return PATIENT_COMPARTMENT_RESOURCE_TYPES unless using_us_core_5?
       V5_PATIENT_COMPARTMENT_RESOURCE_TYPES
     end
     def valid_resource_types
-      return VALID_RESOURCE_TYPES unless suite_options[:us_core_version] == 'us_core_5'
+      return VALID_RESOURCE_TYPES unless using_us_core_5?
       V5_VALID_RESOURCE_TYPES
     end

data/lib/onc_certification_g10_test_kit/smart_standalone_patient_app_group.rb CHANGED Viewed

@@ -5,6 +5,7 @@ require_relative 'smart_scopes_test'
 require_relative 'unauthorized_access_test'
 require_relative 'unrestricted_resource_type_access_group'
 require_relative 'well_known_capabilities_test'
+require_relative 'incorrectly_permitted_tls_versions_messages_setup_test'
 module ONCCertificationG10TestKit
   class SmartStandalonePatientAppGroup < Inferno::TestGroup
@@ -56,7 +57,7 @@ module ONCCertificationG10TestKit
     input_order :url, :standalone_client_id, :standalone_client_secret
     group from: :smart_discovery do
-      required_suite_options(smart_app_launch_version: 'smart_app_launch_1')
+      required_suite_options(G10Options::SMART_1_REQUIREMENT)
       test from: 'g10_smart_well_known_capabilities',
            config: {
@@ -75,7 +76,7 @@ module ONCCertificationG10TestKit
     end
     group from: :smart_discovery_stu2 do
-      required_suite_options(smart_app_launch_version: 'smart_app_launch_2')
+      required_suite_options(G10Options::SMART_2_REQUIREMENT)
       test from: 'g10_smart_well_known_capabilities',
            config: {
@@ -98,7 +99,7 @@ module ONCCertificationG10TestKit
     end
     group from: :smart_standalone_launch do
-      required_suite_options(smart_app_launch_version: 'smart_app_launch_1')
+      required_suite_options(G10Options::SMART_1_REQUIREMENT)
       title 'Standalone Launch With Patient Scope'
       description %(
@@ -179,6 +180,22 @@ module ONCCertificationG10TestKit
                smart_credentials: { name: :standalone_smart_credentials }
              }
            }
+      tests[0].config(
+        outputs: {
+          incorrectly_permitted_tls_versions_messages: {
+            name: :auth_incorrectly_permitted_tls_versions_messages
+          }
+        }
+      )
+      tests[3].config(
+        outputs: {
+          incorrectly_permitted_tls_versions_messages: {
+            name: :token_incorrectly_permitted_tls_versions_messages
+          }
+        }
+      )
     end
     group from: :smart_standalone_launch_stu2,
@@ -198,7 +215,7 @@ module ONCCertificationG10TestKit
               }
             }
           } do
-      required_suite_options(smart_app_launch_version: 'smart_app_launch_2')
+      required_suite_options(G10Options::SMART_2_REQUIREMENT)
       title 'Standalone Launch With Patient Scope'
       description %(
@@ -279,6 +296,22 @@ module ONCCertificationG10TestKit
                smart_credentials: { name: :standalone_smart_credentials }
              }
            }
+      tests[0].config(
+        outputs: {
+          incorrectly_permitted_tls_versions_messages: {
+            name: :auth_incorrectly_permitted_tls_versions_messages
+          }
+        }
+      )
+      tests[3].config(
+        outputs: {
+          incorrectly_permitted_tls_versions_messages: {
+            name: :token_incorrectly_permitted_tls_versions_messages
+          }
+        }
+      )
     end
     group from: :smart_openid_connect,
@@ -349,5 +382,25 @@ module ONCCertificationG10TestKit
                patient_id: standalone_patient_id
       end
     end
+    test from: :g10_incorrectly_permitted_tls_versions_messages_setup,
+         id: :g10_auth_incorrectly_permitted_tls_versions_messages_setup,
+         config: {
+           inputs: {
+             incorrectly_permitted_tls_versions_messages: {
+               name: :auth_incorrectly_permitted_tls_versions_messages
+             }
+           }
+         }
+    test from: :g10_incorrectly_permitted_tls_versions_messages_setup,
+         id: :g10_token_incorrectly_permitted_tls_versions_messages_setup,
+         config: {
+           inputs: {
+             incorrectly_permitted_tls_versions_messages: {
+               name: :token_incorrectly_permitted_tls_versions_messages
+             }
+           }
+         }
   end
 end

data/lib/onc_certification_g10_test_kit/unrestricted_resource_type_access_group.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+require_relative 'g10_options'
 require_relative 'resource_access_test'
 module ONCCertificationG10TestKit
@@ -111,6 +112,8 @@ module ONCCertificationG10TestKit
       (NON_PATIENT_COMPARTMENT_RESOURCES - ['Encounter'] + ['ServiceRequest']).freeze
     test do
+      include G10Options
       title 'Scope granted enables access to all US Core resource types.'
       description %(
         This test confirms that the scopes granted during authorization are
@@ -118,13 +121,13 @@ module ONCCertificationG10TestKit
       )
       def all_resources
-        return V5_ALL_RESOURCES if suite_options[:us_core_version] == 'us_core_5'
+        return V5_ALL_RESOURCES if using_us_core_5?
         ALL_RESOURCES
       end
       def non_patient_compartment_resources
-        return V5_NON_PATIENT_COMPARTMENT_RESOURCES if suite_options[:us_core_version] == 'us_core_5'
+        return V5_NON_PATIENT_COMPARTMENT_RESOURCES if using_us_core_5?
         NON_PATIENT_COMPARTMENT_RESOURCES
       end
@@ -335,7 +338,7 @@ module ONCCertificationG10TestKit
       )
       id :g10_encounter_unrestricted_access
-      required_suite_options us_core_version: 'us_core_5'
+      required_suite_options G10Options::US_CORE_5_REQUIREMENT
       def resource_group
         USCoreTestKit::USCoreV501::EncounterGroup
@@ -349,7 +352,7 @@ module ONCCertificationG10TestKit
       )
       id :g10_service_request_unrestricted_access
-      required_suite_options us_core_version: 'us_core_5'
+      required_suite_options G10Options::US_CORE_5_REQUIREMENT
       def resource_group
         USCoreTestKit::USCoreV501::ServiceRequestGroup

data/lib/onc_certification_g10_test_kit/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module ONCCertificationG10TestKit
-  VERSION = '3.1.0'.freeze
+  VERSION = '3.2.0'.freeze
 end

data/lib/onc_certification_g10_test_kit/visual_inspection_and_attestations_group.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+require_relative 'g10_options'
 module ONCCertificationG10TestKit
   class VisualInspectionAndAttestationsGroup < Inferno::TestGroup
     title 'Visual Inspection and Attestation'
@@ -374,7 +376,7 @@ module ONCCertificationG10TestKit
       )
       id 'Test11'
-      required_suite_options us_core_version: 'us_core_3'
+      required_suite_options G10Options::US_CORE_3_REQUIREMENT
       input :patient_suffix_attestation,
             title: 'Health IT developer demonstrates support for the Patient Demographics Suffix USCDI v1 element.',
@@ -416,7 +418,7 @@ module ONCCertificationG10TestKit
       )
       id 'Test12'
-      required_suite_options us_core_version: 'us_core_3'
+      required_suite_options G10Options::US_CORE_3_REQUIREMENT
       input :patient_previous_name_attestation,
             title: 'Health IT developer demonstrates support for the Patient Demographics Previous Name USCDI v1 element.', # rubocop:disable Layout/LineLength
@@ -522,5 +524,53 @@ module ONCCertificationG10TestKit
         pass public_url_attestation_notes if public_url_attestation_notes.present?
       end
     end
+    test do
+      title 'TLS version 1.2 or above must be enforced'
+      description %(
+        If TLS connections below version 1.2 have been allowed in any previous
+        tests, Health IT developers must document how the Health IT Module
+        enforces TLS version 1.2 or above.
+        If no TLS connections below version 1.2 have been allowed, no
+        documentation is necessary and this test will automatically pass.
+      )
+      id :g10_tls_version_attestation
+      input :unique_incorrectly_permitted_tls_versions_messages,
+            title: 'TLS Issues',
+            type: 'textarea',
+            locked: true,
+            optional: true
+      input :tls_documentation_required,
+            title: 'Health IT developers must document how the Health IT Module enforces TLs version 1.2 or above',
+            type: 'radio',
+            default: 'false',
+            locked: true,
+            options: {
+              list_options: [
+                {
+                  label: 'Yes',
+                  value: 'true'
+                },
+                {
+                  label: 'No',
+                  value: 'false'
+                }
+              ]
+            }
+      input :tls_version_attestation_notes,
+            title: 'Document how TLS version 1.2 or above is enforced, if required:',
+            type: 'textarea',
+            optional: true
+      run do
+        if tls_documentation_required == 'true'
+          assert tls_version_attestation_notes.present?,
+                 'Health IT developer did not document how the system under test enforces TLS version 1.2 or above'
+        end
+        pass tls_version_attestation_notes if tls_version_attestation_notes.present?
+      end
+    end
   end
 end

data/lib/onc_certification_g10_test_kit/well_known_capabilities_test.rb CHANGED Viewed

@@ -1,5 +1,7 @@
 module ONCCertificationG10TestKit
   class SMARTWellKnownCapabilitiesTest < Inferno::Test
+    include G10Options
     title 'Well-known configuration declares support for required capabilities'
     description %(
       A SMART on FHIR server SHALL convey its capabilities to app developers
@@ -21,7 +23,7 @@ module ONCCertificationG10TestKit
       required_capabilities = config.options[:required_capabilities] || []
-      if suite_options[:us_core_version] == 'us_core_5' && required_capabilities.include?('launch-ehr')
+      if using_us_core_5? && required_capabilities.include?('launch-ehr')
         required_capabilities += ['context-ehr-encounter']
       end

data/lib/onc_certification_g10_test_kit.rb CHANGED Viewed

@@ -6,6 +6,7 @@ require_relative 'onc_certification_g10_test_kit/configuration_checker'
 require_relative 'onc_certification_g10_test_kit/version'
 require_relative 'onc_certification_g10_test_kit/feature'
+require_relative 'onc_certification_g10_test_kit/g10_options'
 require_relative 'onc_certification_g10_test_kit/single_patient_api_group'
 require_relative 'onc_certification_g10_test_kit/single_patient_us_core_4_api_group'
 require_relative 'onc_certification_g10_test_kit/single_patient_us_core_5_api_group'
@@ -26,6 +27,7 @@ require_relative 'onc_certification_g10_test_kit/terminology_binding_validator'
 require_relative 'onc_certification_g10_test_kit/token_revocation_group'
 require_relative 'onc_certification_g10_test_kit/visual_inspection_and_attestations_group'
 require_relative 'inferno/terminology'
+require_relative 'onc_certification_g10_test_kit/short_id_manager'
 Inferno::Terminology::Loader.load_validators
@@ -123,15 +125,15 @@ module ONCCertificationG10TestKit
                  list_options: [
                    {
                      label: 'US Core 3.1.1 / USCDI v1',
-                     value: 'us_core_3'
+                     value: G10Options::US_CORE_3
                    },
                    {
                      label: 'US Core 4.0.0 / USCDI v1',
-                     value: 'us_core_4'
+                     value: G10Options::US_CORE_4
                    },
                    {
                      label: 'US Core 5.0.1 / USCDI v2',
-                     value: 'us_core_5'
+                     value: G10Options::US_CORE_5
                    }
                  ]
@@ -140,11 +142,11 @@ module ONCCertificationG10TestKit
                  list_options: [
                    {
                      label: 'SMART App Launch 1.0.0',
-                     value: 'smart_app_launch_1'
+                     value: G10Options::SMART_1
                    },
                    {
                      label: 'SMART App Launch 2.0.0',
-                     value: 'smart_app_launch_2'
+                     value: G10Options::SMART_2
                    }
                  ]
@@ -153,17 +155,18 @@ module ONCCertificationG10TestKit
                  list_options: [
                    {
                      label: 'Bulk Data 1.0.1',
-                     value: 'multi_patient_api_stu1'
+                     value: G10Options::BULK_DATA_1
                    },
                    {
                      label: 'Bulk Data 2.0.0',
-                     value: 'multi_patient_api_stu2'
+                     value: G10Options::BULK_DATA_2
                    }
                  ]
     config(
       options: {
-        post_authorization_uri: "#{Inferno::Application['base_url']}/custom/smart_stu2/post_auth"
+        post_authorization_uri: "#{Inferno::Application['base_url']}/custom/smart_stu2/post_auth",
+        incorrectly_permitted_tls_version_message_type: 'warning'
       }
     )
@@ -220,16 +223,16 @@ module ONCCertificationG10TestKit
     group from: 'g10_smart_ehr_practitioner_app'
     group from: 'g10_single_patient_api',
-          required_suite_options: { us_core_version: 'us_core_3' }
+          required_suite_options: G10Options::US_CORE_3_REQUIREMENT
     group from: 'g10_single_patient_us_core_4_api',
-          required_suite_options: { us_core_version: 'us_core_4' }
+          required_suite_options: G10Options::US_CORE_4_REQUIREMENT
     group from: 'g10_single_patient_us_core_5_api',
-          required_suite_options: { us_core_version: 'us_core_5' }
+          required_suite_options: G10Options::US_CORE_5_REQUIREMENT
     group from: 'multi_patient_api',
-          required_suite_options: { multi_patient_version: 'multi_patient_api_stu1' }
+          required_suite_options: G10Options::BULK_DATA_1_REQUIREMENT
     group from: 'multi_patient_api_stu2',
-          required_suite_options: { multi_patient_version: 'multi_patient_api_stu2' }
+          required_suite_options: G10Options::BULK_DATA_2_REQUIREMENT
     group do
       title 'Additional Tests'
@@ -254,10 +257,10 @@ module ONCCertificationG10TestKit
       end
       group from: :g10_public_standalone_launch,
-            required_suite_options: { smart_app_launch_version: 'smart_app_launch_1' },
+            required_suite_options: G10Options::SMART_1_REQUIREMENT,
             config: { options: { redirect_message_proc: default_redirect_message_proc } }
       group from: :g10_public_standalone_launch_stu2,
-            required_suite_options: { smart_app_launch_version: 'smart_app_launch_2' },
+            required_suite_options: G10Options::SMART_2_REQUIREMENT,
             config: { options: { redirect_message_proc: default_redirect_message_proc } }
       group from: :g10_token_revocation
@@ -266,21 +269,23 @@ module ONCCertificationG10TestKit
             config: { options: { redirect_message_proc: default_redirect_message_proc } }
       group from: :g10_smart_invalid_token_request,
-            required_suite_options: { smart_app_launch_version: 'smart_app_launch_1' },
+            required_suite_options: G10Options::SMART_1_REQUIREMENT,
             config: { options: { redirect_message_proc: default_redirect_message_proc } }
       group from: :g10_smart_invalid_token_request_stu2,
-            required_suite_options: { smart_app_launch_version: 'smart_app_launch_2' },
+            required_suite_options: G10Options::SMART_2_REQUIREMENT,
             config: { options: { redirect_message_proc: default_redirect_message_proc } }
       group from: :g10_smart_invalid_pkce_code_verifier_group,
-            required_suite_options: { smart_app_launch_version: 'smart_app_launch_2' }
+            required_suite_options: G10Options::SMART_2_REQUIREMENT
       group from: :g10_ehr_patient_launch,
-            required_suite_options: { smart_app_launch_version: 'smart_app_launch_1' }
+            required_suite_options: G10Options::SMART_1_REQUIREMENT
       group from: :g10_ehr_patient_launch_stu2,
-            required_suite_options: { smart_app_launch_version: 'smart_app_launch_2' }
+            required_suite_options: G10Options::SMART_2_REQUIREMENT
       group from: :g10_visual_inspection_and_attestations
     end
   end
 end
+ONCCertificationG10TestKit::ShortIDManager.assign_short_ids