onc_certification_g10_test_kit 7.1.0 → 7.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/config/presets/g10_reference_server_preset.json +708 -532
- data/lib/onc_certification_g10_test_kit/bulk_data_authorization.rb +73 -67
- data/lib/onc_certification_g10_test_kit/bulk_data_group_export_cancel_stu1.rb +1 -2
- data/lib/onc_certification_g10_test_kit/bulk_data_group_export_cancel_stu2.rb +7 -1
- data/lib/onc_certification_g10_test_kit/bulk_data_group_export_parameters.rb +1 -1
- data/lib/onc_certification_g10_test_kit/bulk_data_group_export_stu1.rb +10 -2
- data/lib/onc_certification_g10_test_kit/bulk_data_group_export_validation.rb +6 -2
- data/lib/onc_certification_g10_test_kit/bulk_export_validation_tester.rb +4 -0
- data/lib/onc_certification_g10_test_kit/configuration_checker.rb +1 -1
- data/lib/onc_certification_g10_test_kit/encounter_context_test.rb +3 -3
- data/lib/onc_certification_g10_test_kit/export_kick_off_performer.rb +7 -3
- data/lib/onc_certification_g10_test_kit/multi_patient_api_stu1.rb +0 -4
- data/lib/onc_certification_g10_test_kit/multi_patient_api_stu2.rb +8 -4
- data/lib/onc_certification_g10_test_kit/patient_context_test.rb +3 -3
- data/lib/onc_certification_g10_test_kit/restricted_resource_type_access_group.rb +3 -10
- data/lib/onc_certification_g10_test_kit/scope_constants.rb +52 -0
- data/lib/onc_certification_g10_test_kit/short_id_map.yml +11 -20
- data/lib/onc_certification_g10_test_kit/single_patient_api_group.rb +4 -4
- data/lib/onc_certification_g10_test_kit/single_patient_us_core_4_api_group.rb +4 -4
- data/lib/onc_certification_g10_test_kit/single_patient_us_core_5_api_group.rb +4 -4
- data/lib/onc_certification_g10_test_kit/single_patient_us_core_6_api_group.rb +4 -4
- data/lib/onc_certification_g10_test_kit/single_patient_us_core_7_api_group.rb +4 -4
- data/lib/onc_certification_g10_test_kit/smart_app_launch_invalid_aud_group.rb +107 -64
- data/lib/onc_certification_g10_test_kit/smart_asymmetric_launch_group.rb +41 -88
- data/lib/onc_certification_g10_test_kit/smart_ehr_patient_launch_group.rb +31 -41
- data/lib/onc_certification_g10_test_kit/smart_ehr_patient_launch_group_stu2.rb +30 -52
- data/lib/onc_certification_g10_test_kit/smart_ehr_patient_launch_group_stu2_2.rb +32 -53
- data/lib/onc_certification_g10_test_kit/smart_ehr_practitioner_app_group.rb +99 -142
- data/lib/onc_certification_g10_test_kit/smart_fine_grained_scopes_group.rb +16 -54
- data/lib/onc_certification_g10_test_kit/smart_fine_grained_scopes_group_stu2_2.rb +16 -54
- data/lib/onc_certification_g10_test_kit/smart_fine_grained_scopes_us_core_7_group.rb +16 -54
- data/lib/onc_certification_g10_test_kit/smart_fine_grained_scopes_us_core_7_group_stu2_2.rb +16 -54
- data/lib/onc_certification_g10_test_kit/smart_granular_scope_selection_group.rb +29 -64
- data/lib/onc_certification_g10_test_kit/smart_granular_scope_selection_test.rb +4 -3
- data/lib/onc_certification_g10_test_kit/smart_invalid_pkce_group.rb +39 -83
- data/lib/onc_certification_g10_test_kit/smart_invalid_token_group.rb +42 -86
- data/lib/onc_certification_g10_test_kit/smart_invalid_token_group_stu2.rb +50 -88
- data/lib/onc_certification_g10_test_kit/smart_invalid_token_refresh_test.rb +9 -6
- data/lib/onc_certification_g10_test_kit/smart_limited_app_group.rb +86 -278
- data/lib/onc_certification_g10_test_kit/smart_public_standalone_launch_group.rb +30 -57
- data/lib/onc_certification_g10_test_kit/smart_public_standalone_launch_group_stu2.rb +34 -73
- data/lib/onc_certification_g10_test_kit/smart_public_standalone_launch_group_stu2_2.rb +34 -73
- data/lib/onc_certification_g10_test_kit/smart_scopes_test.rb +6 -1
- data/lib/onc_certification_g10_test_kit/smart_standalone_patient_app_group.rb +88 -116
- data/lib/onc_certification_g10_test_kit/smart_v1_scopes_group.rb +60 -114
- data/lib/onc_certification_g10_test_kit/tasks/generate_matrix.rb +2 -11
- data/lib/onc_certification_g10_test_kit/token_introspection_group.rb +12 -25
- data/lib/onc_certification_g10_test_kit/token_introspection_group_stu2_2.rb +12 -14
- data/lib/onc_certification_g10_test_kit/token_revocation_group.rb +44 -33
- data/lib/onc_certification_g10_test_kit/unrestricted_resource_type_access_group.rb +3 -3
- data/lib/onc_certification_g10_test_kit/version.rb +2 -2
- data/lib/onc_certification_g10_test_kit.rb +104 -40
- metadata +9 -8
|
@@ -7,43 +7,33 @@ module ONCCertificationG10TestKit
|
|
|
7
7
|
|
|
8
8
|
id :bulk_data_authorization
|
|
9
9
|
|
|
10
|
-
input :
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
The OAuth 2.0 Token Endpoint used by the Backend Services specification to provide bearer tokens.
|
|
14
|
-
DESCRIPTION
|
|
15
|
-
input :bulk_client_id,
|
|
16
|
-
title: 'Bulk Data Client ID',
|
|
17
|
-
description: 'Client ID provided at registration to the Inferno application.'
|
|
18
|
-
input :bulk_scope,
|
|
19
|
-
title: 'Bulk Data Scopes',
|
|
20
|
-
description: 'Bulk Data Scopes provided at registration to the Inferno application.',
|
|
21
|
-
default: 'system/*.read'
|
|
22
|
-
input :bulk_encryption_method,
|
|
23
|
-
title: 'Encryption Method',
|
|
24
|
-
description: <<~DESCRIPTION,
|
|
25
|
-
The server is required to suport either ES384 or RS384 encryption methods for JWT signature verification.
|
|
26
|
-
Select which method to use.
|
|
27
|
-
DESCRIPTION
|
|
28
|
-
type: 'radio',
|
|
29
|
-
default: 'ES384',
|
|
10
|
+
input :bulk_smart_auth_info,
|
|
11
|
+
type: :auth_info,
|
|
12
|
+
title: 'Multi-Patient API Credentials',
|
|
30
13
|
options: {
|
|
31
|
-
|
|
14
|
+
mode: :auth,
|
|
15
|
+
components: [
|
|
32
16
|
{
|
|
33
|
-
|
|
34
|
-
|
|
17
|
+
name: :auth_type,
|
|
18
|
+
default: 'backend_services',
|
|
19
|
+
locked: true
|
|
35
20
|
},
|
|
36
21
|
{
|
|
37
|
-
|
|
38
|
-
|
|
22
|
+
name: :use_discovery,
|
|
23
|
+
default: false,
|
|
24
|
+
locked: true
|
|
25
|
+
},
|
|
26
|
+
{
|
|
27
|
+
name: :token_url,
|
|
28
|
+
optional: false
|
|
29
|
+
},
|
|
30
|
+
{
|
|
31
|
+
name: :jwks,
|
|
32
|
+
locked: true
|
|
39
33
|
}
|
|
40
34
|
]
|
|
41
35
|
}
|
|
42
|
-
output :
|
|
43
|
-
|
|
44
|
-
http_client :token_endpoint do
|
|
45
|
-
url :bulk_token_endpoint
|
|
46
|
-
end
|
|
36
|
+
output :bulk_smart_auth_info
|
|
47
37
|
|
|
48
38
|
test from: :tls_version_test do
|
|
49
39
|
title 'Authorization service token endpoint secured by transport layer security'
|
|
@@ -56,8 +46,13 @@ module ONCCertificationG10TestKit
|
|
|
56
46
|
DESCRIPTION
|
|
57
47
|
id :g10_bulk_token_tls_version
|
|
58
48
|
|
|
49
|
+
input :bulk_smart_auth_info, type: :auth_info
|
|
50
|
+
|
|
51
|
+
def url
|
|
52
|
+
bulk_smart_auth_info.token_url
|
|
53
|
+
end
|
|
54
|
+
|
|
59
55
|
config(
|
|
60
|
-
inputs: { url: { name: :bulk_token_endpoint } },
|
|
61
56
|
options: { minimum_allowed_version: OpenSSL::SSL::TLS1_2_VERSION }
|
|
62
57
|
)
|
|
63
58
|
end
|
|
@@ -80,14 +75,17 @@ module ONCCertificationG10TestKit
|
|
|
80
75
|
# link 'http://hl7.org/fhir/uv/bulkdata/STU1.0.1/authorization/index.html#protocol-details'
|
|
81
76
|
|
|
82
77
|
run do
|
|
83
|
-
post_request_content =
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
78
|
+
post_request_content =
|
|
79
|
+
AuthorizationRequestBuilder.build(
|
|
80
|
+
encryption_method: bulk_smart_auth_info.encryption_algorithm,
|
|
81
|
+
scope: bulk_smart_auth_info.requested_scopes,
|
|
82
|
+
iss: bulk_smart_auth_info.client_id,
|
|
83
|
+
sub: bulk_smart_auth_info.client_id,
|
|
84
|
+
aud: bulk_smart_auth_info.token_url,
|
|
85
|
+
grant_type: 'not_a_grant_type'
|
|
86
|
+
)
|
|
87
|
+
|
|
88
|
+
post(bulk_smart_auth_info.token_url, **post_request_content)
|
|
91
89
|
|
|
92
90
|
assert_response_status(400)
|
|
93
91
|
end
|
|
@@ -111,14 +109,17 @@ module ONCCertificationG10TestKit
|
|
|
111
109
|
# link 'http://hl7.org/fhir/uv/bulkdata/STU1.0.1/authorization/index.html#protocol-details'
|
|
112
110
|
|
|
113
111
|
run do
|
|
114
|
-
post_request_content =
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
112
|
+
post_request_content =
|
|
113
|
+
AuthorizationRequestBuilder.build(
|
|
114
|
+
encryption_method: bulk_smart_auth_info.encryption_algorithm,
|
|
115
|
+
scope: bulk_smart_auth_info.requested_scopes,
|
|
116
|
+
iss: bulk_smart_auth_info.client_id,
|
|
117
|
+
sub: bulk_smart_auth_info.client_id,
|
|
118
|
+
aud: bulk_smart_auth_info.token_url,
|
|
119
|
+
client_assertion_type: 'not_an_assertion_type'
|
|
120
|
+
)
|
|
121
|
+
|
|
122
|
+
post(bulk_smart_auth_info.token_url, **post_request_content)
|
|
122
123
|
|
|
123
124
|
assert_response_status(400)
|
|
124
125
|
end
|
|
@@ -151,13 +152,16 @@ module ONCCertificationG10TestKit
|
|
|
151
152
|
# link 'http://hl7.org/fhir/uv/bulkdata/STU1.0.1/authorization/index.html#protocol-details'
|
|
152
153
|
|
|
153
154
|
run do
|
|
154
|
-
post_request_content =
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
155
|
+
post_request_content =
|
|
156
|
+
AuthorizationRequestBuilder.build(
|
|
157
|
+
encryption_method: bulk_smart_auth_info.encryption_algorithm,
|
|
158
|
+
scope: bulk_smart_auth_info.requested_scopes,
|
|
159
|
+
iss: 'not_a_valid_iss',
|
|
160
|
+
sub: bulk_smart_auth_info.client_id,
|
|
161
|
+
aud: bulk_smart_auth_info.token_url
|
|
162
|
+
)
|
|
159
163
|
|
|
160
|
-
post(
|
|
164
|
+
post(bulk_smart_auth_info.token_url, **post_request_content)
|
|
161
165
|
|
|
162
166
|
assert_response_status([400, 401])
|
|
163
167
|
end
|
|
@@ -170,20 +174,21 @@ module ONCCertificationG10TestKit
|
|
|
170
174
|
DESCRIPTION
|
|
171
175
|
# link 'http://hl7.org/fhir/uv/bulkdata/STU1.0.1/authorization/index.html#issuing-access-tokens'
|
|
172
176
|
|
|
173
|
-
|
|
177
|
+
makes_request :bulk_authentication
|
|
174
178
|
|
|
175
179
|
run do
|
|
176
|
-
post_request_content =
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
180
|
+
post_request_content =
|
|
181
|
+
AuthorizationRequestBuilder.build(
|
|
182
|
+
encryption_method: bulk_smart_auth_info.encryption_algorithm,
|
|
183
|
+
scope: bulk_smart_auth_info.requested_scopes,
|
|
184
|
+
iss: bulk_smart_auth_info.client_id,
|
|
185
|
+
sub: bulk_smart_auth_info.client_id,
|
|
186
|
+
aud: bulk_smart_auth_info.token_url
|
|
187
|
+
)
|
|
181
188
|
|
|
182
|
-
|
|
189
|
+
post(bulk_smart_auth_info.token_url, **post_request_content, name: :bulk_authentication)
|
|
183
190
|
|
|
184
191
|
assert_response_status([200, 201])
|
|
185
|
-
|
|
186
|
-
output authentication_response: authentication_response.response_body
|
|
187
192
|
end
|
|
188
193
|
end
|
|
189
194
|
|
|
@@ -201,17 +206,18 @@ module ONCCertificationG10TestKit
|
|
|
201
206
|
DESCRIPTION
|
|
202
207
|
# link 'http://hl7.org/fhir/uv/bulkdata/STU1.0.1/authorization/index.html#issuing-access-tokens'
|
|
203
208
|
|
|
204
|
-
|
|
205
|
-
output :
|
|
209
|
+
uses_request :bulk_authentication
|
|
210
|
+
output :bulk_smart_auth_info
|
|
206
211
|
|
|
207
212
|
run do
|
|
208
|
-
assert_valid_json(
|
|
209
|
-
response_body = JSON.parse(
|
|
213
|
+
assert_valid_json(request.response_body)
|
|
214
|
+
response_body = JSON.parse(request.response_body)
|
|
210
215
|
|
|
211
216
|
access_token = response_body['access_token']
|
|
212
217
|
assert access_token.present?, 'Token response did not contain access_token as required'
|
|
213
218
|
|
|
214
|
-
|
|
219
|
+
bulk_smart_auth_info.update_from_response_body(request)
|
|
220
|
+
output bulk_smart_auth_info: bulk_smart_auth_info
|
|
215
221
|
|
|
216
222
|
required_keys = ['token_type', 'expires_in', 'scope']
|
|
217
223
|
|
|
@@ -10,8 +10,7 @@ module ONCCertificationG10TestKit
|
|
|
10
10
|
correct behavior.
|
|
11
11
|
)
|
|
12
12
|
|
|
13
|
-
input :
|
|
14
|
-
optional: true
|
|
13
|
+
input :bulk_smart_auth_info, type: :auth_info
|
|
15
14
|
input :bulk_server_url,
|
|
16
15
|
title: 'Bulk Data FHIR URL',
|
|
17
16
|
description: 'The URL of the Bulk FHIR server.'
|
|
@@ -21,7 +21,13 @@ module ONCCertificationG10TestKit
|
|
|
21
21
|
run do
|
|
22
22
|
skip 'No polling url available' unless cancelled_polling_url.present?
|
|
23
23
|
|
|
24
|
-
get(
|
|
24
|
+
get(
|
|
25
|
+
cancelled_polling_url,
|
|
26
|
+
headers: {
|
|
27
|
+
authorization: "Bearer #{bulk_smart_auth_info.access_token}",
|
|
28
|
+
accept: 'application/json'
|
|
29
|
+
}
|
|
30
|
+
)
|
|
25
31
|
|
|
26
32
|
assert_response_status(404)
|
|
27
33
|
|
|
@@ -8,7 +8,7 @@ module ONCCertificationG10TestKit
|
|
|
8
8
|
Verify that the Bulk Data server supports required query parameters.
|
|
9
9
|
)
|
|
10
10
|
|
|
11
|
-
input :
|
|
11
|
+
input :bulk_smart_auth_info, type: :auth_info
|
|
12
12
|
input :bulk_server_url,
|
|
13
13
|
title: 'Bulk Data FHIR URL',
|
|
14
14
|
description: 'The URL of the Bulk FHIR server.'
|
|
@@ -9,7 +9,7 @@ module ONCCertificationG10TestKit
|
|
|
9
9
|
DESCRIPTION
|
|
10
10
|
id :bulk_data_group_export
|
|
11
11
|
|
|
12
|
-
input :
|
|
12
|
+
input :bulk_smart_auth_info, type: :auth_info
|
|
13
13
|
input :bulk_server_url,
|
|
14
14
|
title: 'Bulk Data FHIR URL',
|
|
15
15
|
description: 'The URL of the Bulk FHIR server.'
|
|
@@ -137,6 +137,8 @@ module ONCCertificationG10TestKit
|
|
|
137
137
|
include ExportKickOffPerformer
|
|
138
138
|
|
|
139
139
|
run do
|
|
140
|
+
skip_if bulk_smart_auth_info.access_token.blank?, 'No access token was received'
|
|
141
|
+
|
|
140
142
|
perform_export_kick_off_request(use_token: false)
|
|
141
143
|
assert_response_status([400, 401])
|
|
142
144
|
end
|
|
@@ -199,7 +201,13 @@ module ONCCertificationG10TestKit
|
|
|
199
201
|
used_time = 0
|
|
200
202
|
|
|
201
203
|
loop do
|
|
202
|
-
get(
|
|
204
|
+
get(
|
|
205
|
+
polling_url,
|
|
206
|
+
headers: {
|
|
207
|
+
authorization: "Bearer #{bulk_smart_auth_info.access_token}",
|
|
208
|
+
accept: 'application/json'
|
|
209
|
+
}
|
|
210
|
+
)
|
|
203
211
|
|
|
204
212
|
retry_after_val = request.response_header('retry-after')&.value.to_i
|
|
205
213
|
|
|
@@ -10,7 +10,8 @@ module ONCCertificationG10TestKit
|
|
|
10
10
|
|
|
11
11
|
id :g10_bulk_data_group_export_validation
|
|
12
12
|
|
|
13
|
-
input :status_output, :requires_access_token, :
|
|
13
|
+
input :status_output, :requires_access_token, :bulk_download_url
|
|
14
|
+
input :bulk_smart_auth_info, type: :auth_info
|
|
14
15
|
input :lines_to_validate,
|
|
15
16
|
title: 'Limit validation to a maximum resource count',
|
|
16
17
|
description: 'To validate all, leave blank.',
|
|
@@ -62,12 +63,15 @@ module ONCCertificationG10TestKit
|
|
|
62
63
|
DESCRIPTION
|
|
63
64
|
# link 'http://hl7.org/fhir/uv/bulkdata/STU1.0.1/export/index.html#file-request'
|
|
64
65
|
|
|
65
|
-
input :bulk_download_url, :requires_access_token
|
|
66
|
+
input :bulk_download_url, :requires_access_token
|
|
67
|
+
input :bulk_smart_auth_info, type: :auth_info
|
|
66
68
|
|
|
67
69
|
run do
|
|
68
70
|
omit_if requires_access_token == 'false',
|
|
69
71
|
'Could not verify this functionality when requiresAccessToken is false'
|
|
70
72
|
|
|
73
|
+
skip_if bulk_smart_auth_info.access_token.blank?, 'No access token was received'
|
|
74
|
+
|
|
71
75
|
get(bulk_download_url, headers: { accept: 'application/fhir+ndjson' })
|
|
72
76
|
assert_response_status([400, 401])
|
|
73
77
|
end
|
|
@@ -36,6 +36,10 @@ module ONCCertificationG10TestKit
|
|
|
36
36
|
scratch[:patient_ids_seen] ||= []
|
|
37
37
|
end
|
|
38
38
|
|
|
39
|
+
def bearer_token
|
|
40
|
+
bulk_smart_auth_info.access_token
|
|
41
|
+
end
|
|
42
|
+
|
|
39
43
|
def build_headers(use_token)
|
|
40
44
|
headers = { accept: 'application/fhir+ndjson' }
|
|
41
45
|
headers.merge!({ authorization: "Bearer #{bearer_token}" }) if use_token == 'true'
|
|
@@ -2,7 +2,7 @@ require_relative '../inferno/terminology/tasks/check_built_terminology'
|
|
|
2
2
|
|
|
3
3
|
module ONCCertificationG10TestKit
|
|
4
4
|
class ConfigurationChecker
|
|
5
|
-
EXPECTED_HL7_VALIDATOR_VERSION = '1.0.
|
|
5
|
+
EXPECTED_HL7_VALIDATOR_VERSION = '1.0.65'.freeze
|
|
6
6
|
HL7_VALIDATOR_VERSION_KEY = 'validatorWrapperVersion'.freeze
|
|
7
7
|
|
|
8
8
|
def configuration_messages
|
|
@@ -7,15 +7,15 @@ module ONCCertificationG10TestKit
|
|
|
7
7
|
)
|
|
8
8
|
id :g10_encounter_context
|
|
9
9
|
input :encounter_id, :url
|
|
10
|
-
input :
|
|
10
|
+
input :smart_auth_info, type: :auth_info
|
|
11
11
|
|
|
12
12
|
fhir_client :authenticated do
|
|
13
13
|
url :url
|
|
14
|
-
|
|
14
|
+
auth_info :smart_auth_info
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
run do
|
|
18
|
-
skip_if
|
|
18
|
+
skip_if smart_auth_info.access_token.blank?, 'No access token was received during the SMART launch'
|
|
19
19
|
|
|
20
20
|
skip_if encounter_id.blank?, 'Token response did not contain `encounter` field'
|
|
21
21
|
|
|
@@ -1,10 +1,14 @@
|
|
|
1
1
|
module ONCCertificationG10TestKit
|
|
2
2
|
module ExportKickOffPerformer
|
|
3
|
+
def access_token
|
|
4
|
+
bulk_smart_auth_info.access_token
|
|
5
|
+
end
|
|
6
|
+
|
|
3
7
|
def perform_export_kick_off_request(use_token: true, params: {})
|
|
4
|
-
skip_if use_token &&
|
|
8
|
+
skip_if use_token && access_token.blank?, 'Could not verify this functionality when bearer token is not set'
|
|
5
9
|
|
|
6
10
|
headers = { accept: 'application/fhir+json', prefer: 'respond-async' }
|
|
7
|
-
headers.merge!({ authorization: "Bearer #{
|
|
11
|
+
headers.merge!({ authorization: "Bearer #{access_token}" }) if use_token
|
|
8
12
|
|
|
9
13
|
url = "Group/#{group_id}/$export"
|
|
10
14
|
param_str = params.map { |k, v| URI.encode_www_form(k => v) }.join('&')
|
|
@@ -16,7 +20,7 @@ module ONCCertificationG10TestKit
|
|
|
16
20
|
polling_url = request&.response_header('content-location')&.value
|
|
17
21
|
assert polling_url.present?, 'Export response header did not include "Content-Location"'
|
|
18
22
|
|
|
19
|
-
headers = { accept: 'application/json', authorization: "Bearer #{
|
|
23
|
+
headers = { accept: 'application/json', authorization: "Bearer #{access_token}" }
|
|
20
24
|
|
|
21
25
|
delete(polling_url, headers:)
|
|
22
26
|
assert_response_status(202)
|
|
@@ -45,16 +45,20 @@ module ONCCertificationG10TestKit
|
|
|
45
45
|
run_as_group
|
|
46
46
|
|
|
47
47
|
input_order :bulk_server_url,
|
|
48
|
-
:bulk_token_endpoint,
|
|
49
|
-
:bulk_client_id,
|
|
50
|
-
:bulk_scope,
|
|
51
|
-
:bulk_encryption_method,
|
|
52
48
|
:group_id,
|
|
53
49
|
:bulk_patient_ids_in_group,
|
|
54
50
|
:bulk_device_types_in_group,
|
|
55
51
|
:lines_to_validate,
|
|
56
52
|
:bulk_timeout
|
|
57
53
|
|
|
54
|
+
config(
|
|
55
|
+
inputs: {
|
|
56
|
+
url: {
|
|
57
|
+
name: :bulk_server_url
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
)
|
|
61
|
+
|
|
58
62
|
group from: :bulk_data_authorization,
|
|
59
63
|
description: <<~DESCRIPTION
|
|
60
64
|
Bulk Data servers are required to authorize clients using the [Backend Service
|
|
@@ -8,15 +8,15 @@ module ONCCertificationG10TestKit
|
|
|
8
8
|
)
|
|
9
9
|
id :g10_patient_context
|
|
10
10
|
input :patient_id, :url
|
|
11
|
-
input :
|
|
11
|
+
input :smart_auth_info, type: 'auth_info'
|
|
12
12
|
|
|
13
13
|
fhir_client :authenticated do
|
|
14
14
|
url :url
|
|
15
|
-
|
|
15
|
+
auth_info :smart_auth_info
|
|
16
16
|
end
|
|
17
17
|
|
|
18
18
|
run do
|
|
19
|
-
skip_if
|
|
19
|
+
skip_if smart_auth_info.access_token.blank?, 'No access token was received during the SMART launch'
|
|
20
20
|
|
|
21
21
|
skip_if patient_id.blank?, 'Token response did not contain `patient` field'
|
|
22
22
|
|
|
@@ -85,19 +85,12 @@ module ONCCertificationG10TestKit
|
|
|
85
85
|
id :g10_restricted_resource_type_access
|
|
86
86
|
|
|
87
87
|
input :url, :patient_id, :received_scopes, :expected_resources
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
config(
|
|
91
|
-
inputs: {
|
|
92
|
-
client_secret: {
|
|
93
|
-
optional: false
|
|
94
|
-
}
|
|
95
|
-
}
|
|
96
|
-
)
|
|
88
|
+
|
|
89
|
+
input :smart_auth_info, type: :auth_info
|
|
97
90
|
|
|
98
91
|
fhir_client do
|
|
99
92
|
url :url
|
|
100
|
-
|
|
93
|
+
auth_info :smart_auth_info
|
|
101
94
|
end
|
|
102
95
|
|
|
103
96
|
test from: :g10_restricted_access_test do
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
module ONCCertificationG10TestKit
|
|
2
|
+
module ScopeConstants
|
|
3
|
+
STANDALONE_SMART_1_SCOPES =
|
|
4
|
+
%(
|
|
5
|
+
launch/patient openid fhirUser offline_access patient/Medication.read
|
|
6
|
+
patient/AllergyIntolerance.read patient/CarePlan.read
|
|
7
|
+
patient/CareTeam.read patient/Condition.read patient/Device.read
|
|
8
|
+
patient/DiagnosticReport.read patient/DocumentReference.read
|
|
9
|
+
patient/Encounter.read patient/Goal.read patient/Immunization.read
|
|
10
|
+
patient/Location.read patient/MedicationRequest.read
|
|
11
|
+
patient/Observation.read patient/Organization.read patient/Patient.read
|
|
12
|
+
patient/Practitioner.read patient/Procedure.read patient/Provenance.read
|
|
13
|
+
patient/PractitionerRole.read
|
|
14
|
+
).gsub(/\s{2,}/, ' ').strip.freeze
|
|
15
|
+
|
|
16
|
+
STANDALONE_SMART_2_SCOPES =
|
|
17
|
+
%(
|
|
18
|
+
launch/patient openid fhirUser offline_access patient/Medication.rs
|
|
19
|
+
patient/AllergyIntolerance.rs patient/CarePlan.rs patient/CareTeam.rs
|
|
20
|
+
patient/Condition.rs patient/Device.rs patient/DiagnosticReport.rs
|
|
21
|
+
patient/DocumentReference.rs patient/Encounter.rs patient/Goal.rs
|
|
22
|
+
patient/Immunization.rs patient/Location.rs patient/MedicationRequest.rs
|
|
23
|
+
patient/Observation.rs patient/Organization.rs patient/Patient.rs
|
|
24
|
+
patient/Practitioner.rs patient/Procedure.rs patient/Provenance.rs
|
|
25
|
+
patient/PractitionerRole.rs
|
|
26
|
+
).gsub(/\s{2,}/, ' ').strip.freeze
|
|
27
|
+
|
|
28
|
+
EHR_SMART_1_SCOPES =
|
|
29
|
+
%(
|
|
30
|
+
launch openid fhirUser offline_access user/Medication.read
|
|
31
|
+
user/AllergyIntolerance.read user/CarePlan.read user/CareTeam.read
|
|
32
|
+
user/Condition.read user/Device.read user/DiagnosticReport.read
|
|
33
|
+
user/DocumentReference.read user/Encounter.read user/Goal.read
|
|
34
|
+
user/Immunization.read user/Location.read user/MedicationRequest.read
|
|
35
|
+
user/Observation.read user/Organization.read user/Patient.read
|
|
36
|
+
user/Practitioner.read user/Procedure.read user/Provenance.read
|
|
37
|
+
user/PractitionerRole.read
|
|
38
|
+
).gsub(/\s{2,}/, ' ').strip.freeze
|
|
39
|
+
|
|
40
|
+
EHR_SMART_2_SCOPES =
|
|
41
|
+
%(
|
|
42
|
+
launch openid fhirUser offline_access user/Medication.rs
|
|
43
|
+
user/AllergyIntolerance.rs user/CarePlan.rs user/CareTeam.rs
|
|
44
|
+
user/Condition.rs user/Device.rs user/DiagnosticReport.rs
|
|
45
|
+
user/DocumentReference.rs user/Encounter.rs user/Goal.rs
|
|
46
|
+
user/Immunization.rs user/Location.rs user/MedicationRequest.rs
|
|
47
|
+
user/Observation.rs user/Organization.rs user/Patient.rs
|
|
48
|
+
user/Practitioner.rs user/Procedure.rs user/Provenance.rs
|
|
49
|
+
user/PractitionerRole.rs
|
|
50
|
+
).gsub(/\s{2,}/, ' ').strip.freeze
|
|
51
|
+
end
|
|
52
|
+
end
|
|
@@ -2769,6 +2769,7 @@ g10_certification-multi_patient_api_stu2-g10_bulk_data_export_parameters-output_
|
|
|
2769
2769
|
g10_certification-multi_patient_api_stu2-g10_bulk_data_export_parameters-g10_since_in_export_response: 8.5.02
|
|
2770
2770
|
g10_certification-Group06: '9'
|
|
2771
2771
|
g10_certification-Group06-g10_public_standalone_launch: '9.1'
|
|
2772
|
+
g10_certification-Group06-g10_public_standalone_launch-well_known_endpoint: 9.1.10
|
|
2772
2773
|
g10_certification-Group06-g10_public_standalone_launch-standalone_auth_tls: 9.1.01
|
|
2773
2774
|
g10_certification-Group06-g10_public_standalone_launch-smart_app_redirect: 9.1.02
|
|
2774
2775
|
g10_certification-Group06-g10_public_standalone_launch-smart_code_received: 9.1.03
|
|
@@ -2779,6 +2780,7 @@ g10_certification-Group06-g10_public_standalone_launch-smart_token_response_head
|
|
|
2779
2780
|
g10_certification-Group06-g10_public_standalone_launch-g10_patient_context: 9.1.08
|
|
2780
2781
|
g10_certification-Group06-g10_public_standalone_launch-g10_public_launch_id_token: 9.1.09
|
|
2781
2782
|
g10_certification-Group06-g10_public_standalone_launch_stu2: '9.2'
|
|
2783
|
+
g10_certification-Group06-g10_public_standalone_launch_stu2-well_known_endpoint: 9.2.10
|
|
2782
2784
|
g10_certification-Group06-g10_public_standalone_launch_stu2-standalone_auth_tls: 9.2.01
|
|
2783
2785
|
g10_certification-Group06-g10_public_standalone_launch_stu2-smart_app_redirect_stu2: 9.2.02
|
|
2784
2786
|
g10_certification-Group06-g10_public_standalone_launch_stu2-smart_code_received: 9.2.03
|
|
@@ -2789,6 +2791,7 @@ g10_certification-Group06-g10_public_standalone_launch_stu2-smart_token_response
|
|
|
2789
2791
|
g10_certification-Group06-g10_public_standalone_launch_stu2-g10_patient_context: 9.2.08
|
|
2790
2792
|
g10_certification-Group06-g10_public_standalone_launch_stu2-g10_public_launch_id_token: 9.2.09
|
|
2791
2793
|
g10_certification-Group06-g10_public_standalone_launch_stu2_2: '9.16'
|
|
2794
|
+
g10_certification-Group06-g10_public_standalone_launch_stu2_2-well_known_endpoint: 9.16.10
|
|
2792
2795
|
g10_certification-Group06-g10_public_standalone_launch_stu2_2-standalone_auth_tls: 9.16.01
|
|
2793
2796
|
g10_certification-Group06-g10_public_standalone_launch_stu2_2-smart_app_redirect_stu2: 9.16.02
|
|
2794
2797
|
g10_certification-Group06-g10_public_standalone_launch_stu2_2-smart_code_received: 9.16.03
|
|
@@ -2808,21 +2811,25 @@ g10_certification-Group06-g10_smart_invalid_aud-smart_app_redirect_stu2: 9.4.02
|
|
|
2808
2811
|
g10_certification-Group06-g10_smart_invalid_aud-smart_app_redirect_stu2_2: 9.4.03
|
|
2809
2812
|
g10_certification-Group06-g10_smart_invalid_aud-Test04: 9.4.04
|
|
2810
2813
|
g10_certification-Group06-g10_smart_invalid_token_request: '9.5'
|
|
2814
|
+
g10_certification-Group06-g10_smart_invalid_token_request-well_known_endpoint: 9.5.06
|
|
2811
2815
|
g10_certification-Group06-g10_smart_invalid_token_request-smart_app_redirect: 9.5.01
|
|
2812
2816
|
g10_certification-Group06-g10_smart_invalid_token_request-smart_code_received: 9.5.02
|
|
2813
2817
|
g10_certification-Group06-g10_smart_invalid_token_request-Test03: 9.5.03
|
|
2814
2818
|
g10_certification-Group06-g10_smart_invalid_token_request-Test04: 9.5.04
|
|
2815
2819
|
g10_certification-Group06-g10_smart_invalid_token_request_stu2: '9.6'
|
|
2820
|
+
g10_certification-Group06-g10_smart_invalid_token_request_stu2-well_known_endpoint: 9.6.06
|
|
2816
2821
|
g10_certification-Group06-g10_smart_invalid_token_request_stu2-smart_app_redirect_stu2: 9.6.01
|
|
2817
2822
|
g10_certification-Group06-g10_smart_invalid_token_request_stu2-smart_code_received: 9.6.02
|
|
2818
2823
|
g10_certification-Group06-g10_smart_invalid_token_request_stu2-Test03: 9.6.03
|
|
2819
2824
|
g10_certification-Group06-g10_smart_invalid_token_request_stu2-Test04: 9.6.04
|
|
2820
2825
|
g10_certification-Group06-g10_smart_invalid_token_request_stu2_2: '9.17'
|
|
2826
|
+
g10_certification-Group06-g10_smart_invalid_token_request_stu2_2-well_known_endpoint: 9.17.06
|
|
2821
2827
|
g10_certification-Group06-g10_smart_invalid_token_request_stu2_2-smart_app_redirect_stu2: 9.17.01
|
|
2822
2828
|
g10_certification-Group06-g10_smart_invalid_token_request_stu2_2-smart_code_received: 9.17.02
|
|
2823
2829
|
g10_certification-Group06-g10_smart_invalid_token_request_stu2_2-Test03: 9.17.03
|
|
2824
2830
|
g10_certification-Group06-g10_smart_invalid_token_request_stu2_2-Test04: 9.17.04
|
|
2825
2831
|
g10_certification-Group06-g10_smart_invalid_pkce_code_verifier_group: '9.7'
|
|
2832
|
+
g10_certification-Group06-g10_smart_invalid_pkce_code_verifier_group-well_known_endpoint: 9.7.13
|
|
2826
2833
|
g10_certification-Group06-g10_smart_invalid_pkce_code_verifier_group-smart_no_code_verifier_redirect: 9.7.01
|
|
2827
2834
|
g10_certification-Group06-g10_smart_invalid_pkce_code_verifier_group-smart_no_code_verifier_code_received: 9.7.02
|
|
2828
2835
|
g10_certification-Group06-g10_smart_invalid_pkce_code_verifier_group-smart_no_verifier_token_request: 9.7.03
|
|
@@ -2836,6 +2843,7 @@ g10_certification-Group06-g10_smart_invalid_pkce_code_verifier_group-smart_plain
|
|
|
2836
2843
|
g10_certification-Group06-g10_smart_invalid_pkce_code_verifier_group-smart_plain_code_verifier_code_received: 9.7.11
|
|
2837
2844
|
g10_certification-Group06-g10_smart_invalid_pkce_code_verifier_group-smart_plain_code_verifier_token_request: 9.7.12
|
|
2838
2845
|
g10_certification-Group06-g10_smart_invalid_pkce_code_verifier_group_stu2_2: '9.18'
|
|
2846
|
+
g10_certification-Group06-g10_smart_invalid_pkce_code_verifier_group_stu2_2-well_known_endpoint: 9.18.13
|
|
2839
2847
|
g10_certification-Group06-g10_smart_invalid_pkce_code_verifier_group_stu2_2-smart_no_code_verifier_redirect: 9.18.01
|
|
2840
2848
|
g10_certification-Group06-g10_smart_invalid_pkce_code_verifier_group_stu2_2-smart_no_code_verifier_code_received: 9.18.02
|
|
2841
2849
|
g10_certification-Group06-g10_smart_invalid_pkce_code_verifier_group_stu2_2-smart_no_verifier_token_request: 9.18.03
|
|
@@ -2849,6 +2857,7 @@ g10_certification-Group06-g10_smart_invalid_pkce_code_verifier_group_stu2_2-smar
|
|
|
2849
2857
|
g10_certification-Group06-g10_smart_invalid_pkce_code_verifier_group_stu2_2-smart_plain_code_verifier_code_received: 9.18.11
|
|
2850
2858
|
g10_certification-Group06-g10_smart_invalid_pkce_code_verifier_group_stu2_2-smart_plain_code_verifier_token_request: 9.18.12
|
|
2851
2859
|
g10_certification-Group06-g10_ehr_patient_launch: '9.8'
|
|
2860
|
+
g10_certification-Group06-g10_ehr_patient_launch-well_known_endpoint: 9.8.12
|
|
2852
2861
|
g10_certification-Group06-g10_ehr_patient_launch-smart_app_launch: 9.8.01
|
|
2853
2862
|
g10_certification-Group06-g10_ehr_patient_launch-smart_launch_received: 9.8.02
|
|
2854
2863
|
g10_certification-Group06-g10_ehr_patient_launch-ehr_auth_tls: 9.8.03
|
|
@@ -2861,6 +2870,7 @@ g10_certification-Group06-g10_ehr_patient_launch-smart_token_response_headers: 9
|
|
|
2861
2870
|
g10_certification-Group06-g10_ehr_patient_launch-g10_patient_context: 9.8.10
|
|
2862
2871
|
g10_certification-Group06-g10_ehr_patient_launch-g10_patient_scope: 9.8.11
|
|
2863
2872
|
g10_certification-Group06-g10_ehr_patient_launch_stu2: '9.9'
|
|
2873
|
+
g10_certification-Group06-g10_ehr_patient_launch_stu2-well_known_endpoint: 9.9.12
|
|
2864
2874
|
g10_certification-Group06-g10_ehr_patient_launch_stu2-smart_app_launch: 9.9.01
|
|
2865
2875
|
g10_certification-Group06-g10_ehr_patient_launch_stu2-smart_launch_received: 9.9.02
|
|
2866
2876
|
g10_certification-Group06-g10_ehr_patient_launch_stu2-ehr_auth_tls: 9.9.03
|
|
@@ -2873,6 +2883,7 @@ g10_certification-Group06-g10_ehr_patient_launch_stu2-smart_token_response_heade
|
|
|
2873
2883
|
g10_certification-Group06-g10_ehr_patient_launch_stu2-g10_patient_context: 9.9.10
|
|
2874
2884
|
g10_certification-Group06-g10_ehr_patient_launch_stu2-g10_patient_scope: 9.9.11
|
|
2875
2885
|
g10_certification-Group06-g10_ehr_patient_launch_stu2_2: '9.19'
|
|
2886
|
+
g10_certification-Group06-g10_ehr_patient_launch_stu2_2-well_known_endpoint: 9.19.13
|
|
2876
2887
|
g10_certification-Group06-g10_ehr_patient_launch_stu2_2-smart_app_launch: 9.19.01
|
|
2877
2888
|
g10_certification-Group06-g10_ehr_patient_launch_stu2_2-smart_launch_received: 9.19.02
|
|
2878
2889
|
g10_certification-Group06-g10_ehr_patient_launch_stu2_2-ehr_auth_tls: 9.19.03
|
|
@@ -2907,26 +2918,6 @@ g10_certification-Group06-g10_token_introspection-smart_token_introspection_acce
|
|
|
2907
2918
|
: 9.11.1.2.06
|
|
2908
2919
|
? g10_certification-Group06-g10_token_introspection-smart_token_introspection_access_token_group-smart_standalone_launch_stu2-smart_token_response_headers
|
|
2909
2920
|
: 9.11.1.2.07
|
|
2910
|
-
g10_certification-Group06-g10_token_introspection-smart_token_introspection_access_token_group-smart_discovery: 9.11.1.3
|
|
2911
|
-
g10_certification-Group06-g10_token_introspection-smart_token_introspection_access_token_group-smart_discovery-Test01: 9.11.1.3.01
|
|
2912
|
-
g10_certification-Group06-g10_token_introspection-smart_token_introspection_access_token_group-smart_discovery-Test02: 9.11.1.3.02
|
|
2913
|
-
g10_certification-Group06-g10_token_introspection-smart_token_introspection_access_token_group-smart_discovery-Test03: 9.11.1.3.03
|
|
2914
|
-
g10_certification-Group06-g10_token_introspection-smart_token_introspection_access_token_group-smart_discovery-Test04: 9.11.1.3.04
|
|
2915
|
-
g10_certification-Group06-g10_token_introspection-smart_token_introspection_access_token_group-smart_standalone_launch: 9.11.1.4
|
|
2916
|
-
? g10_certification-Group06-g10_token_introspection-smart_token_introspection_access_token_group-smart_standalone_launch-standalone_auth_tls
|
|
2917
|
-
: 9.11.1.4.01
|
|
2918
|
-
? g10_certification-Group06-g10_token_introspection-smart_token_introspection_access_token_group-smart_standalone_launch-smart_app_redirect
|
|
2919
|
-
: 9.11.1.4.02
|
|
2920
|
-
? g10_certification-Group06-g10_token_introspection-smart_token_introspection_access_token_group-smart_standalone_launch-smart_code_received
|
|
2921
|
-
: 9.11.1.4.03
|
|
2922
|
-
? g10_certification-Group06-g10_token_introspection-smart_token_introspection_access_token_group-smart_standalone_launch-standalone_token_tls
|
|
2923
|
-
: 9.11.1.4.04
|
|
2924
|
-
? g10_certification-Group06-g10_token_introspection-smart_token_introspection_access_token_group-smart_standalone_launch-smart_token_exchange
|
|
2925
|
-
: 9.11.1.4.05
|
|
2926
|
-
? g10_certification-Group06-g10_token_introspection-smart_token_introspection_access_token_group-smart_standalone_launch-smart_token_response_body
|
|
2927
|
-
: 9.11.1.4.06
|
|
2928
|
-
? g10_certification-Group06-g10_token_introspection-smart_token_introspection_access_token_group-smart_standalone_launch-smart_token_response_headers
|
|
2929
|
-
: 9.11.1.4.07
|
|
2930
2921
|
g10_certification-Group06-g10_token_introspection-smart_token_introspection_request_group: 9.11.2
|
|
2931
2922
|
g10_certification-Group06-g10_token_introspection-smart_token_introspection_request_group-Test01: 9.11.2.01
|
|
2932
2923
|
g10_certification-Group06-g10_token_introspection-smart_token_introspection_request_group-Test02: 9.11.2.02
|
|
@@ -49,17 +49,17 @@ module ONCCertificationG10TestKit
|
|
|
49
49
|
ID from the SMART App Launch contain all MUST SUPPORT elements.
|
|
50
50
|
DESCRIPTION
|
|
51
51
|
optional: true
|
|
52
|
-
input :
|
|
52
|
+
input :smart_auth_info,
|
|
53
53
|
title: 'SMART App Launch Credentials',
|
|
54
|
-
type: :
|
|
54
|
+
type: :auth_info,
|
|
55
55
|
locked: true
|
|
56
56
|
|
|
57
57
|
fhir_client do
|
|
58
58
|
url :url
|
|
59
|
-
|
|
59
|
+
auth_info :smart_auth_info
|
|
60
60
|
end
|
|
61
61
|
|
|
62
|
-
input_order :url, :patient_id, :additional_patient_ids, :implantable_device_codes, :
|
|
62
|
+
input_order :url, :patient_id, :additional_patient_ids, :implantable_device_codes, :smart_auth_info
|
|
63
63
|
|
|
64
64
|
config(
|
|
65
65
|
options: {
|