RubyGems - onc_certification_g10_test_kit - Versions diffs - 7.0.3 → 7.2.0 - Mend

onc_certification_g10_test_kit 7.0.3 → 7.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (63) hide show

data/lib/onc_certification_g10_test_kit/smart_invalid_pkce_group.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+require_relative 'scope_constants'
 module ONCCertificationG10TestKit
   class InvalidSMARTTokenRequestTest < Inferno::Test
     title 'OAuth token exchange fails when supplied invalid code_verifier'
@@ -8,7 +10,8 @@ module ONCCertificationG10TestKit
     uses_request :redirect
     id :invalid_pkce_request
-    input :code, :use_pkce, :pkce_code_verifier, :client_id, :client_secret, :smart_token_url
+    input :code, :pkce_code_verifier
+    input :smart_auth_info, type: :auth_info
     def modify_oauth_params(oauth_params)
       oauth_params
@@ -20,33 +23,35 @@ module ONCCertificationG10TestKit
       oauth2_params = {
         grant_type: 'authorization_code',
         code:,
-        redirect_uri: config.options[:redirect_uri]
+        redirect_uri: REDIRECT_URI
       }
       oauth2_headers = { 'Content-Type' => 'application/x-www-form-urlencoded' }
-      if client_secret.present?
-        client_credentials = "#{client_id}:#{client_secret}"
+      if smart_auth_info.symmetric_auth?
+        client_credentials = "#{smart_auth_info.client_id}:#{smart_auth_info.client_secret}"
         oauth2_headers['Authorization'] = "Basic #{Base64.strict_encode64(client_credentials)}"
       else
-        oauth2_params[:client_id] = client_id
+        oauth2_params[:client_id] = smart_auth_info.client_id
       end
       modify_oauth_params(oauth2_params)
-      post(smart_token_url, body: oauth2_params, name: :token, headers: oauth2_headers)
+      post(smart_auth_info.token_url, body: oauth2_params, name: :token, headers: oauth2_headers)
       assert_response_status([400, 401])
     end
   end
   class SMARTInvalidPKCEGroup < Inferno::TestGroup
+    include ScopeConstants
     title 'Invalid PKCE Code Verifier'
     short_title 'Invalid PKCE Code Verifier'
     input_instructions %(
       Register Inferno as a standalone application using the following information:
-      * Redirect URI: `#{SMARTAppLaunch::AppRedirectTest.config.options[:redirect_uri]}`
+      * Redirect URI: `#{REDIRECT_URI}`
     )
     description %(
       This scenario verifies that a SMART Launch Sequence, specifically the
@@ -70,80 +75,41 @@ module ONCCertificationG10TestKit
     id :g10_smart_invalid_pkce_code_verifier_group
     run_as_group
-    input :use_pkce,
-          title: 'Proof Key for Code Exchange (PKCE)',
-          type: 'radio',
-          default: 'true',
-          locked: true,
+    input :smart_auth_info, type: :auth_info
+    config(
+      inputs: {
+        smart_auth_info: {
+          name: :standalone_smart_auth_info,
+          title: 'Standalone Launch Credentials',
           options: {
-            list_options: [
+            mode: 'auth',
+            components: [
               {
-                label: 'Enabled',
-                value: 'true'
+                name: :requested_scopes,
+                default: STANDALONE_SMART_1_SCOPES
               },
               {
-                label: 'Disabled',
-                value: 'false'
-              }
-            ]
-          }
-    input :pkce_code_challenge_method,
-          optional: true,
-          title: 'PKCE Code Challenge Method',
-          type: 'radio',
-          default: 'S256',
-          locked: true,
-          options: {
-            list_options: [
+                name: :auth_type,
+                default: 'symmetric',
+                locked: true
+              },
+              {
+                name: :use_discovery,
+                locked: true
+              },
               {
-                label: 'S256',
-                value: 'S256'
+                name: :pkce_support,
+                default: 'enabled',
+                locked: true
               },
               {
-                label: 'Plain',
-                value: 'plain'
+                name: :pkce_code_challenge_method,
+                default: 'S256',
+                locked: true
               }
             ]
           }
-    input_order :url,
-                :standalone_client_id,
-                :standalone_client_secret,
-                :standalone_requested_scopes,
-                :use_pkce,
-                :pkce_code_challenge_method,
-                :smart_authorization_url,
-                :smart_token_url
-    config(
-      inputs: {
-        client_id: {
-          name: :standalone_client_id,
-          title: 'Standalone Client ID',
-          description: 'Client ID provided during registration of Inferno as a standalone application'
-        },
-        client_secret: {
-          name: :standalone_client_secret,
-          title: 'Standalone Client Secret',
-          description: 'Client Secret provided during registration of Inferno as a standalone application'
-        },
-        requested_scopes: {
-          name: :standalone_requested_scopes,
-          title: 'Standalone Scope',
-          description: 'OAuth 2.0 scope provided by system to enable all required functionality',
-          type: 'textarea',
-          default: %(
-            launch/patient openid fhirUser offline_access
-            patient/Medication.read patient/AllergyIntolerance.read
-            patient/CarePlan.read patient/CareTeam.read patient/Condition.read
-            patient/Device.read patient/DiagnosticReport.read
-            patient/DocumentReference.read patient/Encounter.read
-            patient/Goal.read patient/Immunization.read patient/Location.read
-            patient/MedicationRequest.read patient/Observation.read
-            patient/Organization.read patient/Patient.read
-            patient/Practitioner.read patient/Procedure.read
-            patient/Provenance.read patient/PractitionerRole.read
-          ).gsub(/\s{2,}/, ' ').strip
         },
         url: {
           title: 'Standalone FHIR Endpoint',
@@ -155,31 +121,19 @@ module ONCCertificationG10TestKit
         state: {
           name: :invalid_token_state
         },
-        smart_authorization_url: {
-          title: 'OAuth 2.0 Authorize Endpoint',
-          description: 'OAuth 2.0 Authorize Endpoint provided during the patient standalone launch'
-        },
-        smart_token_url: {
-          title: 'OAuth 2.0 Token Endpoint',
-          description: 'OAuth 2.0 Token Endpoint provided during the patient standalone launch'
-        },
         pkce_code_challenge: {
           name: :invalid_token_pkce_code_challenge
         },
         pkce_code_verifier: {
           name: :invalid_token_pkce_code_verifier
-        },
-        client_auth_type: {
-          locked: true,
-          default: 'confidential_symmetric'
         }
       },
       outputs: {
         code: { name: :invalid_token_code },
         state: { name: :invalid_token_state },
-        expires_in: { name: :invalid_token_expires_in },
         pkce_code_challenge: { name: :invalid_token_pkce_code_challenge },
-        pkce_code_verifier: { name: :invalid_token_pkce_code_verifier }
+        pkce_code_verifier: { name: :invalid_token_pkce_code_verifier },
+        smart_auth_info: { name: :standalone_smart_auth_info }
       },
       requests: {
         redirect: { name: :invalid_token_redirect },
@@ -187,6 +141,8 @@ module ONCCertificationG10TestKit
       }
     )
+    test from: :well_known_endpoint
     test from: :smart_app_redirect_stu2,
          id: :smart_no_code_verifier_redirect,
          config: {
@@ -202,7 +158,7 @@ module ONCCertificationG10TestKit
                 server](#{auth_url}).
                   Tests will resume once Inferno receives a request at
-                  `#{config.options[:redirect_uri]}` with a state of `#{state}`.
+                  `#{REDIRECT_URI}` with a state of `#{state}`.
                )
              end
            }
@@ -229,7 +185,7 @@ module ONCCertificationG10TestKit
                 server](#{auth_url}).
                   Tests will resume once Inferno receives a request at
-                  `#{config.options[:redirect_uri]}` with a state of `#{state}`.
+                  `#{REDIRECT_URI}` with a state of `#{state}`.
                )
              end
            }
@@ -260,7 +216,7 @@ module ONCCertificationG10TestKit
                 server](#{auth_url}).
                   Tests will resume once Inferno receives a request at
-                  `#{config.options[:redirect_uri]}` with a state of `#{state}`.
+                  `#{REDIRECT_URI}` with a state of `#{state}`.
                )
              end
            }
@@ -292,7 +248,7 @@ module ONCCertificationG10TestKit
                 server](#{auth_url}).
                   Tests will resume once Inferno receives a request at
-                  `#{config.options[:redirect_uri]}` with a state of `#{state}`.
+                  `#{REDIRECT_URI}` with a state of `#{state}`.
                )
              end
            }

data/lib/onc_certification_g10_test_kit/smart_invalid_token_group.rb CHANGED Viewed

@@ -1,11 +1,15 @@
+require_relative 'scope_constants'
 module ONCCertificationG10TestKit
   class SMARTInvalidTokenGroup < Inferno::TestGroup
+    include ScopeConstants
     title 'Invalid Access Token Request'
     short_title 'Invalid Token Request'
     input_instructions %(
       Register Inferno as a standalone application using the following information:
-      * Redirect URI: `#{SMARTAppLaunch::AppRedirectTest.config.options[:redirect_uri]}`
+      * Redirect URI: `#{REDIRECT_URI}`
     )
     description %(
       This scenario verifies that a SMART Launch
@@ -22,78 +26,34 @@ module ONCCertificationG10TestKit
     id :g10_smart_invalid_token_request
     run_as_group
-    input :use_pkce,
-          title: 'Proof Key for Code Exchange (PKCE)',
-          type: 'radio',
-          default: 'false',
+    config(
+      inputs: {
+        smart_auth_info: {
+          name: :standalone_smart_auth_info,
+          title: 'Standalone Launch Credentials',
           options: {
-            list_options: [
+            mode: 'auth',
+            components: [
               {
-                label: 'Enabled',
-                value: 'true'
+                name: :requested_scopes,
+                default: STANDALONE_SMART_1_SCOPES
               },
               {
-                label: 'Disabled',
-                value: 'false'
-              }
-            ]
-          }
-    input :pkce_code_challenge_method,
-          optional: true,
-          title: 'PKCE Code Challenge Method',
-          type: 'radio',
-          default: 'S256',
-          options: {
-            list_options: [
+                name: :auth_type,
+                default: 'symmetric',
+                locked: true
+              },
               {
-                label: 'S256',
-                value: 'S256'
+                name: :auth_request_method,
+                default: 'GET',
+                locked: true
               },
               {
-                label: 'plain',
-                value: 'plain'
+                name: :use_discovery,
+                locked: true
               }
             ]
           }
-    input_order :url,
-                :standalone_client_id,
-                :standalone_client_secret,
-                :standalone_requested_scopes,
-                :use_pkce,
-                :pkce_code_challenge_method,
-                :smart_authorization_url,
-                :smart_token_url
-    config(
-      inputs: {
-        client_id: {
-          name: :standalone_client_id,
-          title: 'Standalone Client ID',
-          description: 'Client ID provided during registration of Inferno as a standalone application'
-        },
-        client_secret: {
-          name: :standalone_client_secret,
-          title: 'Standalone Client Secret',
-          description: 'Client Secret provided during registration of Inferno as a standalone application'
-        },
-        requested_scopes: {
-          name: :standalone_requested_scopes,
-          title: 'Standalone Scope',
-          description: 'OAuth 2.0 scope provided by system to enable all required functionality',
-          type: 'textarea',
-          default: %(
-            launch/patient openid fhirUser offline_access
-            patient/Medication.read patient/AllergyIntolerance.read
-            patient/CarePlan.read patient/CareTeam.read patient/Condition.read
-            patient/Device.read patient/DiagnosticReport.read
-            patient/DocumentReference.read patient/Encounter.read
-            patient/Goal.read patient/Immunization.read patient/Location.read
-            patient/MedicationRequest.read patient/Observation.read
-            patient/Organization.read patient/Patient.read
-            patient/Practitioner.read patient/Procedure.read
-            patient/Provenance.read patient/PractitionerRole.read
-          ).gsub(/\s{2,}/, ' ').strip
         },
         url: {
           title: 'Standalone FHIR Endpoint',
@@ -105,14 +65,6 @@ module ONCCertificationG10TestKit
         state: {
           name: :invalid_token_state
         },
-        smart_authorization_url: {
-          title: 'OAuth 2.0 Authorize Endpoint',
-          description: 'OAuth 2.0 Authorize Endpoint provided during the patient standalone launch'
-        },
-        smart_token_url: {
-          title: 'OAuth 2.0 Token Endpoint',
-          description: 'OAuth 2.0 Token Endpoint provided during the patient standalone launch'
-        },
         pkce_code_verifier: {
           name: :invalid_token_pkce_code_verifier
         }
@@ -121,7 +73,8 @@ module ONCCertificationG10TestKit
         code: { name: :invalid_token_code },
         state: { name: :invalid_token_state },
         expires_in: { name: :invalid_token_expires_in },
-        pkce_code_verifier: { name: :invalid_token_pkce_code_verifier }
+        pkce_code_verifier: { name: :invalid_token_pkce_code_verifier },
+        smart_auth_info: { name: :standalone_smart_auth_info }
       },
       requests: {
         redirect: { name: :invalid_token_redirect },
@@ -129,10 +82,13 @@ module ONCCertificationG10TestKit
       }
     )
+    test from: :well_known_endpoint
     test from: :smart_app_redirect
     test from: :smart_code_received
     test do
+      id 'Test03'
       title ' OAuth token exchange fails when supplied invalid code'
       description %(
         If the request failed verification or is invalid, the authorization
@@ -140,9 +96,8 @@ module ONCCertificationG10TestKit
       )
       uses_request :redirect
-      input :use_pkce, :client_id, :client_secret, :smart_token_url
-      input :pkce_code_verifier,
-            optional: true
+      input :smart_auth_info, type: :auth_info
+      input :pkce_code_verifier, optional: true
       run do
         skip_if request.query_parameters['error'].present?, 'Error during authorization request'
@@ -150,26 +105,27 @@ module ONCCertificationG10TestKit
         oauth2_params = {
           grant_type: 'authorization_code',
           code: 'BAD_CODE',
-          redirect_uri: config.options[:redirect_uri]
+          redirect_uri: REDIRECT_URI
         }
         oauth2_headers = { 'Content-Type' => 'application/x-www-form-urlencoded' }
-        if client_secret.present?
-          client_credentials = "#{client_id}:#{client_secret}"
+        if smart_auth_info.symmetric_auth?
+          client_credentials = "#{smart_auth_info.client_id}:#{smart_auth_info.client_secret}"
           oauth2_headers['Authorization'] = "Basic #{Base64.strict_encode64(client_credentials)}"
         else
-          oauth2_params[:client_id] = client_id
+          oauth2_params[:client_id] = smart_auth_info.client_id
         end
-        oauth2_params[:code_verifier] = pkce_code_verifier if use_pkce == 'true'
+        oauth2_params[:code_verifier] = pkce_code_verifier if smart_auth_info.pkce_enabled?
-        post(smart_token_url, body: oauth2_params, name: :token, headers: oauth2_headers)
+        post(smart_auth_info.token_url, body: oauth2_params, name: :token, headers: oauth2_headers)
         assert_response_status(400)
       end
     end
     test do
+      id 'Test04'
       title 'OAuth token exchange fails when supplied invalid client ID'
       description %(
         If the request failed verification or is invalid, the authorization
@@ -177,9 +133,9 @@ module ONCCertificationG10TestKit
       )
       uses_request :redirect
-      input :use_pkce, :code, :smart_token_url, :client_secret
-      input :pkce_code_verifier,
-            optional: true
+      input :smart_auth_info, type: :auth_info
+      input :code
+      input :pkce_code_verifier, optional: true
       run do
         skip_if request.query_parameters['error'].present?, 'Error during authorization request'
@@ -189,20 +145,20 @@ module ONCCertificationG10TestKit
         oauth2_params = {
           grant_type: 'authorization_code',
           code:,
-          redirect_uri: config.options[:redirect_uri]
+          redirect_uri: REDIRECT_URI
         }
         oauth2_headers = { 'Content-Type' => 'application/x-www-form-urlencoded' }
-        if client_secret.present?
-          client_credentials = "#{client_id}:#{client_secret}"
+        if smart_auth_info.symmetric_auth?
+          client_credentials = "#{client_id}:#{smart_auth_info.client_secret}"
           oauth2_headers['Authorization'] = "Basic #{Base64.strict_encode64(client_credentials)}"
         else
           oauth2_params[:client_id] = client_id
         end
-        oauth2_params[:code_verifier] = pkce_code_verifier if use_pkce == 'true'
+        oauth2_params[:code_verifier] = pkce_code_verifier if smart_auth_info.pkce_enabled?
-        post(smart_token_url, body: oauth2_params, name: :token, headers: oauth2_headers)
+        post(smart_auth_info.token_url, body: oauth2_params, name: :token, headers: oauth2_headers)
         assert_response_status([400, 401])
       end