onc_certification_g10_test_kit 2.2.1 → 2.2.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/onc_certification_g10_test_kit/bulk_data_group_export.rb +2 -2
- data/lib/onc_certification_g10_test_kit/bulk_data_group_export_validation.rb +4 -4
- data/lib/onc_certification_g10_test_kit/bulk_export_validation_tester.rb +2 -2
- data/lib/onc_certification_g10_test_kit/onc_program_procedure.yml +23 -32
- data/lib/onc_certification_g10_test_kit/version.rb +1 -1
- data/lib/onc_certification_g10_test_kit.rb +3 -5
- metadata +6 -7
- data/lib/onc_certification_g10_test_kit/smart_invalid_launch_group.rb +0 -137
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fb3530831315a74fef8ddffba6114b0934ab651d459e516a662ef2482f53af51
|
|
4
|
+
data.tar.gz: add2b2f5e8f8483932cd75a971d3d4f94992c5cae208f60124c7201b43293b85
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6042c6a5161cb50757ebee1f17ddfb7ce8ae6734229a8d30342a99c24192cf3bd11b9d43c0326d3eb679837af46912b4c6b6735c4fcdd7148a2a42e264a163c3
|
|
7
|
+
data.tar.gz: 6add8a740467b5d1bc88148083d1ac244e3fdfa83fb45d4f6915040d1c35f0e2f5c7e67e26d21ff178815a889adf07256572cf38f701db03ce8fcf3f2cedbdb3
|
|
@@ -96,7 +96,7 @@ module ONCCertificationG10TestKit
|
|
|
96
96
|
assert has_instantiates,
|
|
97
97
|
'Server did not declare conformance to the Bulk Data IG by including ' \
|
|
98
98
|
"'http://hl7.org/fhir/uv/bulkdata/CapabilityStatement/bulk-data' in " \
|
|
99
|
-
"
|
|
99
|
+
"CapabilityStatement.instantiates element (#{capability_statement&.instantiates})"
|
|
100
100
|
end
|
|
101
101
|
|
|
102
102
|
group_resource_capabilities = nil
|
|
@@ -120,7 +120,7 @@ module ONCCertificationG10TestKit
|
|
|
120
120
|
warning do
|
|
121
121
|
assert has_export_operation,
|
|
122
122
|
'Server CapabilityStatement did not declare support for an operation named "export" in the Group ' \
|
|
123
|
-
'
|
|
123
|
+
'resource (operation.name should be "export")'
|
|
124
124
|
end
|
|
125
125
|
end
|
|
126
126
|
end
|
|
@@ -440,8 +440,8 @@ module ONCCertificationG10TestKit
|
|
|
440
440
|
end
|
|
441
441
|
|
|
442
442
|
test do
|
|
443
|
-
title 'Location resources returned conform to the HL7 FHIR Specification Location Resource if bulk data export' \
|
|
444
|
-
'
|
|
443
|
+
title 'Location resources returned conform to the HL7 FHIR Specification Location Resource if bulk data export ' \
|
|
444
|
+
'has Location resources'
|
|
445
445
|
description <<~DESCRIPTION
|
|
446
446
|
This test verifies that the resources returned from bulk data export conform to the US Core profiles. This includes checking for missing data elements and value set verification. This test is omitted if bulk data export does not return any Location resources.
|
|
447
447
|
DESCRIPTION
|
|
@@ -459,8 +459,8 @@ module ONCCertificationG10TestKit
|
|
|
459
459
|
end
|
|
460
460
|
|
|
461
461
|
test do
|
|
462
|
-
title 'Medication resources returned conform to the US Core Medication Profile if bulk data export has' \
|
|
463
|
-
'
|
|
462
|
+
title 'Medication resources returned conform to the US Core Medication Profile if bulk data export has ' \
|
|
463
|
+
'Medication resources'
|
|
464
464
|
description <<~DESCRIPTION
|
|
465
465
|
This test verifies that the resources returned from bulk data export conform to the US Core profiles. This includes checking for missing data elements and value set verification. This test is omitted if bulk data export does not return any Medication resources.
|
|
466
466
|
DESCRIPTION
|
|
@@ -161,8 +161,8 @@ module ONCCertificationG10TestKit
|
|
|
161
161
|
end
|
|
162
162
|
|
|
163
163
|
if resource.resourceType != resource_type
|
|
164
|
-
assert false, "Resource type \"#{resource.resourceType}\" at line \"#{line_count}\" does not match type" \
|
|
165
|
-
"
|
|
164
|
+
assert false, "Resource type \"#{resource.resourceType}\" at line \"#{line_count}\" does not match type " \
|
|
165
|
+
"defined in output \"#{resource_type}\""
|
|
166
166
|
end
|
|
167
167
|
|
|
168
168
|
profile_url = determine_profile(resource)
|
|
@@ -16,7 +16,7 @@ procedure:
|
|
|
16
16
|
registration functions to enable authentication and authorization in §
|
|
17
17
|
170.315(g)(10)(v).
|
|
18
18
|
inferno_tests:
|
|
19
|
-
- 6.
|
|
19
|
+
- 6.5.01
|
|
20
20
|
inferno_supported: 'yes'
|
|
21
21
|
inferno_notes: |
|
|
22
22
|
This requires a visual inspection and attestation because it is not
|
|
@@ -36,7 +36,7 @@ procedure:
|
|
|
36
36
|
registration functions to enable authentication and authorization in §
|
|
37
37
|
170.315(g)(10)(v).
|
|
38
38
|
inferno_tests:
|
|
39
|
-
- 6.
|
|
39
|
+
- 6.5.02
|
|
40
40
|
inferno_supported: 'yes'
|
|
41
41
|
inferno_notes: |
|
|
42
42
|
This requires a visual inspection and attestation because it is not
|
|
@@ -417,29 +417,20 @@ procedure:
|
|
|
417
417
|
based on previously selected preferences.
|
|
418
418
|
- id: AUTH-PATIENT-13
|
|
419
419
|
SUT: |
|
|
420
|
-
[Both] The health IT developer demonstrates the ability of
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
this section according to the implementation specification
|
|
426
|
-
adopted in § 170.215(a)(3):
|
|
427
|
-
* “launch”; and
|
|
428
|
-
* “aud”.
|
|
420
|
+
[Both] The health IT developer demonstrates the ability of the Health
|
|
421
|
+
IT Module to return an error response if the "aud" parameter provided
|
|
422
|
+
by an application to the Health IT Module in Step 8, is not a valid
|
|
423
|
+
FHIR® resource server associated with the Health IT Module's
|
|
424
|
+
authorization server.
|
|
429
425
|
TLV: |
|
|
430
|
-
[Both] The tester verifies the ability of the Health IT
|
|
431
|
-
|
|
432
|
-
|
|
433
|
-
|
|
434
|
-
|
|
435
|
-
according to the implementation specification adopted in §
|
|
436
|
-
170.215(a)(3):
|
|
437
|
-
* “launch”; and
|
|
438
|
-
* “aud”.
|
|
426
|
+
[Both] The tester verifies the ability of the Health IT Module to
|
|
427
|
+
return an error response if the "aud" parameter provided by an
|
|
428
|
+
application to the Health IT Module in Step 8, is not a valid FHIR®
|
|
429
|
+
resource server associated with the Health IT Module's authorization
|
|
430
|
+
server.
|
|
439
431
|
inferno_supported: 'yes'
|
|
440
432
|
inferno_tests:
|
|
441
433
|
- 6.3.01 - 6.3.02
|
|
442
|
-
- 6.4.01 - 6.4.04
|
|
443
434
|
- id: AUTH-PATIENT-14
|
|
444
435
|
SUT: |
|
|
445
436
|
[Both] The health IT developer demonstrates the ability of the
|
|
@@ -566,7 +557,7 @@ procedure:
|
|
|
566
557
|
inferno_tests:
|
|
567
558
|
- 2.1.02 - 2.1.09
|
|
568
559
|
- 2.2.01 - 2.2.13
|
|
569
|
-
- 6.
|
|
560
|
+
- 6.4.01 - 6.4.04
|
|
570
561
|
- id: AUTH-PATIENT-19
|
|
571
562
|
SUT: |
|
|
572
563
|
[Standalone-Launch] The health IT developer the ability of the Health IT
|
|
@@ -609,7 +600,7 @@ procedure:
|
|
|
609
600
|
months to native applications capable of storing a refresh token.
|
|
610
601
|
inferno_supported: 'yes'
|
|
611
602
|
inferno_tests:
|
|
612
|
-
- 6.
|
|
603
|
+
- 6.5.13
|
|
613
604
|
- group: 'Subsequent Connections: Authentication and Authorization for Patient and User Scopes'
|
|
614
605
|
id: AUTH-PATIENT-22
|
|
615
606
|
SUT: |
|
|
@@ -628,7 +619,7 @@ procedure:
|
|
|
628
619
|
in § 170.215(a)(3).
|
|
629
620
|
inferno_supported: 'yes'
|
|
630
621
|
inferno_tests:
|
|
631
|
-
- 6.
|
|
622
|
+
- 6.5.05
|
|
632
623
|
inferno_notes: |
|
|
633
624
|
Inferno cannot verify the three month token expiration requirement
|
|
634
625
|
automatically during the token refresh tests, but the tester can
|
|
@@ -762,7 +753,7 @@ procedure:
|
|
|
762
753
|
This test requires the tester to register an attestation from the
|
|
763
754
|
Health IT Module that the "cache-control" header is obeyed.
|
|
764
755
|
inferno_tests:
|
|
765
|
-
- 6.
|
|
756
|
+
- 6.5.10
|
|
766
757
|
- id: AUTH-SYSTEM-6
|
|
767
758
|
SUT: |
|
|
768
759
|
The health IT developer demonstrates the ability of the Health IT
|
|
@@ -811,7 +802,7 @@ procedure:
|
|
|
811
802
|
more than what was pre-authorized. The Health IT module must
|
|
812
803
|
demonstrate this and register its attestation within Inferno.
|
|
813
804
|
inferno_tests:
|
|
814
|
-
- 6.
|
|
805
|
+
- 6.5.08
|
|
815
806
|
- id: AUTH-SYSTEM-9
|
|
816
807
|
SUT: |
|
|
817
808
|
The health IT developer demonstrates the ability of the Health IT
|
|
@@ -865,7 +856,7 @@ procedure:
|
|
|
865
856
|
an automated fashion and this is recorded as an attestation
|
|
866
857
|
within Inferno.
|
|
867
858
|
inferno_tests:
|
|
868
|
-
- 6.
|
|
859
|
+
- 6.5.06
|
|
869
860
|
- section: Paragraph (g)(10)(ii) – Supported search operations
|
|
870
861
|
steps:
|
|
871
862
|
- group: Supported Search Operations for a Single Patient’s Data
|
|
@@ -1072,9 +1063,9 @@ procedure:
|
|
|
1072
1063
|
* All references within the resources can be resolved and validated, as applicable, according to steps 2-6 of this section
|
|
1073
1064
|
inferno_supported: 'yes'
|
|
1074
1065
|
inferno_tests:
|
|
1075
|
-
- 6.
|
|
1076
|
-
- 6.
|
|
1077
|
-
- 6.
|
|
1066
|
+
- 6.5.07
|
|
1067
|
+
- 6.5.11
|
|
1068
|
+
- 6.5.12
|
|
1078
1069
|
- 4.2.01
|
|
1079
1070
|
- 4.3.01
|
|
1080
1071
|
- 4.4.01
|
|
@@ -1434,7 +1425,7 @@ procedure:
|
|
|
1434
1425
|
* All technical requirements and attributes necessary for registration.
|
|
1435
1426
|
inferno_supported: 'yes'
|
|
1436
1427
|
inferno_tests:
|
|
1437
|
-
- 6.
|
|
1428
|
+
- 6.5.09
|
|
1438
1429
|
- id: DOCUMENTATION-2
|
|
1439
1430
|
SUT: |
|
|
1440
1431
|
The health IT developer demonstrates that the documentation
|
|
@@ -1448,4 +1439,4 @@ procedure:
|
|
|
1448
1439
|
additional steps to access.
|
|
1449
1440
|
inferno_supported: 'yes'
|
|
1450
1441
|
inferno_tests:
|
|
1451
|
-
- 6.
|
|
1442
|
+
- 6.5.09
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
require '
|
|
1
|
+
require 'smart_app_launch/smart_stu1_suite'
|
|
2
2
|
require 'us_core_test_kit/generated/v3.1.1/us_core_test_suite'
|
|
3
3
|
|
|
4
4
|
require_relative 'onc_certification_g10_test_kit/configuration_checker'
|
|
@@ -6,7 +6,6 @@ require_relative 'onc_certification_g10_test_kit/version'
|
|
|
6
6
|
|
|
7
7
|
require_relative 'onc_certification_g10_test_kit/single_patient_api_group'
|
|
8
8
|
require_relative 'onc_certification_g10_test_kit/smart_app_launch_invalid_aud_group'
|
|
9
|
-
require_relative 'onc_certification_g10_test_kit/smart_invalid_launch_group'
|
|
10
9
|
require_relative 'onc_certification_g10_test_kit/smart_invalid_token_group'
|
|
11
10
|
require_relative 'onc_certification_g10_test_kit/smart_limited_app_group'
|
|
12
11
|
require_relative 'onc_certification_g10_test_kit/smart_standalone_patient_app_group'
|
|
@@ -46,8 +45,8 @@ module ONCCertificationG10TestKit
|
|
|
46
45
|
us_core_message_filters.any? { |filter| filter.match? message.message } ||
|
|
47
46
|
(
|
|
48
47
|
message.type == 'error' && (
|
|
49
|
-
message.message.match?(/\A\S+: Unknown Code/) ||
|
|
50
|
-
message.message.match?(/\A\S+: None of the codings provided are in the value set/)
|
|
48
|
+
message.message.match?(/\A\S+: \S+: Unknown Code/) ||
|
|
49
|
+
message.message.match?(/\A\S+: \S+: None of the codings provided are in the value set/)
|
|
51
50
|
)
|
|
52
51
|
)
|
|
53
52
|
true
|
|
@@ -154,7 +153,6 @@ module ONCCertificationG10TestKit
|
|
|
154
153
|
group from: :g10_token_revocation
|
|
155
154
|
|
|
156
155
|
group from: :g10_smart_invalid_aud
|
|
157
|
-
group from: :g10_smart_invalid_launch_param
|
|
158
156
|
group from: :g10_smart_invalid_token_request
|
|
159
157
|
|
|
160
158
|
group from: :g10_visual_inspection_and_attestations
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: onc_certification_g10_test_kit
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.2.
|
|
4
|
+
version: 2.2.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Stephen MacVicar
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-07-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bloomer
|
|
@@ -114,14 +114,14 @@ dependencies:
|
|
|
114
114
|
requirements:
|
|
115
115
|
- - '='
|
|
116
116
|
- !ruby/object:Gem::Version
|
|
117
|
-
version: 0.1.
|
|
117
|
+
version: 0.1.4
|
|
118
118
|
type: :runtime
|
|
119
119
|
prerelease: false
|
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
121
|
requirements:
|
|
122
122
|
- - '='
|
|
123
123
|
- !ruby/object:Gem::Version
|
|
124
|
-
version: 0.1.
|
|
124
|
+
version: 0.1.4
|
|
125
125
|
- !ruby/object:Gem::Dependency
|
|
126
126
|
name: tls_test_kit
|
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -142,14 +142,14 @@ dependencies:
|
|
|
142
142
|
requirements:
|
|
143
143
|
- - '='
|
|
144
144
|
- !ruby/object:Gem::Version
|
|
145
|
-
version: 0.2.
|
|
145
|
+
version: 0.2.4
|
|
146
146
|
type: :runtime
|
|
147
147
|
prerelease: false
|
|
148
148
|
version_requirements: !ruby/object:Gem::Requirement
|
|
149
149
|
requirements:
|
|
150
150
|
- - '='
|
|
151
151
|
- !ruby/object:Gem::Version
|
|
152
|
-
version: 0.2.
|
|
152
|
+
version: 0.2.4
|
|
153
153
|
- !ruby/object:Gem::Dependency
|
|
154
154
|
name: database_cleaner-sequel
|
|
155
155
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -272,7 +272,6 @@ files:
|
|
|
272
272
|
- lib/onc_certification_g10_test_kit/single_patient_api_group.rb
|
|
273
273
|
- lib/onc_certification_g10_test_kit/smart_app_launch_invalid_aud_group.rb
|
|
274
274
|
- lib/onc_certification_g10_test_kit/smart_ehr_practitioner_app_group.rb
|
|
275
|
-
- lib/onc_certification_g10_test_kit/smart_invalid_launch_group.rb
|
|
276
275
|
- lib/onc_certification_g10_test_kit/smart_invalid_token_group.rb
|
|
277
276
|
- lib/onc_certification_g10_test_kit/smart_limited_app_group.rb
|
|
278
277
|
- lib/onc_certification_g10_test_kit/smart_public_standalone_launch_group.rb
|
|
@@ -1,137 +0,0 @@
|
|
|
1
|
-
module ONCCertificationG10TestKit
|
|
2
|
-
class SMARTInvalidLaunchGroup < Inferno::TestGroup
|
|
3
|
-
title 'SMART App Launch Error: Invalid Launch Parameter'
|
|
4
|
-
short_title 'SMART Invalid Launch Parameter'
|
|
5
|
-
input_instructions %(
|
|
6
|
-
Register Inferno as an EHR-launched application using the following information:
|
|
7
|
-
|
|
8
|
-
* Launch URI: `#{SMARTAppLaunch::AppLaunchTest.config.options[:launch_uri]}`
|
|
9
|
-
* Redirect URI: `#{SMARTAppLaunch::AppRedirectTest.config.options[:redirect_uri]}`
|
|
10
|
-
)
|
|
11
|
-
description %(
|
|
12
|
-
# Background
|
|
13
|
-
|
|
14
|
-
The Invalid Launch Parameter Sequence verifies that a SMART Launch
|
|
15
|
-
Sequence, specifically the [EHR
|
|
16
|
-
Launch](http://www.hl7.org/fhir/smart-app-launch/#ehr-launch-sequence)
|
|
17
|
-
Sequence, does not work in the case where the client sends an invalid FHIR
|
|
18
|
-
server as the `launch` parameter during launch. This must fail to ensure
|
|
19
|
-
that a genuine bearer token is not leaked to a counterfit resource server.
|
|
20
|
-
|
|
21
|
-
This test is not included as part of a regular SMART Launch Sequence
|
|
22
|
-
because it requires the browser of the user to be redirected to the
|
|
23
|
-
authorization service, and there is no expectation that the authorization
|
|
24
|
-
service redirects the user back to Inferno with an error message. The only
|
|
25
|
-
requirement is that Inferno is not granted a code to exchange for a valid
|
|
26
|
-
access token. Since this is a special case, it is tested independently in
|
|
27
|
-
a separate sequence.
|
|
28
|
-
)
|
|
29
|
-
id :g10_smart_invalid_launch_param
|
|
30
|
-
run_as_group
|
|
31
|
-
|
|
32
|
-
config(
|
|
33
|
-
inputs: {
|
|
34
|
-
client_id: {
|
|
35
|
-
name: :ehr_client_id,
|
|
36
|
-
title: 'EHR Client ID',
|
|
37
|
-
description: 'Client ID provided during registration of Inferno as an EHR launch application'
|
|
38
|
-
},
|
|
39
|
-
requested_scopes: {
|
|
40
|
-
name: :ehr_requested_scopes,
|
|
41
|
-
title: 'EHR Launch Scope',
|
|
42
|
-
description: 'OAuth 2.0 scope provided by system to enable all required functionality',
|
|
43
|
-
type: 'textarea',
|
|
44
|
-
default: %(
|
|
45
|
-
launch openid fhirUser offline_access user/Medication.read
|
|
46
|
-
user/AllergyIntolerance.read user/CarePlan.read user/CareTeam.read
|
|
47
|
-
user/Condition.read user/Device.read user/DiagnosticReport.read
|
|
48
|
-
user/DocumentReference.read user/Encounter.read user/Goal.read
|
|
49
|
-
user/Immunization.read user/Location.read
|
|
50
|
-
user/MedicationRequest.read user/Observation.read
|
|
51
|
-
user/Organization.read user/Patient.read user/Practitioner.read
|
|
52
|
-
user/Procedure.read user/Provenance.read user/PractitionerRole.read
|
|
53
|
-
).gsub(/\s{2,}/, ' ').strip
|
|
54
|
-
},
|
|
55
|
-
url: {
|
|
56
|
-
title: 'EHR Launch FHIR Endpoint',
|
|
57
|
-
description: 'URL of the FHIR endpoint used by EHR launched applications'
|
|
58
|
-
},
|
|
59
|
-
smart_authorization_url: {
|
|
60
|
-
title: 'OAuth 2.0 Authorize Endpoint',
|
|
61
|
-
description: 'OAuth 2.0 Authorize Endpoint provided during an EHR launch'
|
|
62
|
-
}
|
|
63
|
-
},
|
|
64
|
-
outputs: {
|
|
65
|
-
state: { name: :invalid_launch_state }
|
|
66
|
-
},
|
|
67
|
-
requests: {
|
|
68
|
-
redirect: { name: :invalid_launch_redirect }
|
|
69
|
-
}
|
|
70
|
-
)
|
|
71
|
-
|
|
72
|
-
input_order :url,
|
|
73
|
-
:ehr_client_id,
|
|
74
|
-
:ehr_client_secret,
|
|
75
|
-
:ehr_requested_scopes,
|
|
76
|
-
:use_pkce,
|
|
77
|
-
:pkce_code_challenge_method,
|
|
78
|
-
:smart_authorization_url
|
|
79
|
-
|
|
80
|
-
test from: :smart_app_launch
|
|
81
|
-
test from: :smart_launch_received
|
|
82
|
-
test from: :smart_app_redirect do
|
|
83
|
-
input :client_secret,
|
|
84
|
-
name: :ehr_client_secret,
|
|
85
|
-
title: 'EHR Client Secret',
|
|
86
|
-
description: 'Client Secret provided during registration of Inferno as an EHR launch application'
|
|
87
|
-
|
|
88
|
-
config(
|
|
89
|
-
options: { launch: 'INVALID_LAUNCH_PARAM' }
|
|
90
|
-
)
|
|
91
|
-
|
|
92
|
-
def wait_message(auth_url)
|
|
93
|
-
%(
|
|
94
|
-
Inferno will redirect you to an external website for authorization.
|
|
95
|
-
**It is expected this will fail**. If the server does not return to
|
|
96
|
-
Inferno automatically, but does provide an error message, you may
|
|
97
|
-
return to Inferno and confirm that an error was presented in this
|
|
98
|
-
window.
|
|
99
|
-
|
|
100
|
-
* [Perform Invalid Launch](#{auth_url})
|
|
101
|
-
* [Attest launch
|
|
102
|
-
failed](#{Inferno::Application['base_url']}/custom/smart/redirect?state=#{state}&confirm_fail=true)
|
|
103
|
-
)
|
|
104
|
-
end
|
|
105
|
-
end
|
|
106
|
-
|
|
107
|
-
test do
|
|
108
|
-
title 'Inferno client app does not receive code parameter redirect URI'
|
|
109
|
-
description %(
|
|
110
|
-
Inferno redirected the user to the authorization service with an invalid
|
|
111
|
-
launch parameter. Inferno expects that the authorization request will
|
|
112
|
-
not succeed. This can either be from the server explicitely pass an
|
|
113
|
-
error, or stopping and the tester returns to Inferno to confirm that the
|
|
114
|
-
server presented them a failure.
|
|
115
|
-
)
|
|
116
|
-
uses_request :redirect
|
|
117
|
-
|
|
118
|
-
run do
|
|
119
|
-
params = request.query_parameters
|
|
120
|
-
|
|
121
|
-
assert params['code'].blank?,
|
|
122
|
-
'Authorization has incorrectly succeeded because access code provided to Inferno.'
|
|
123
|
-
|
|
124
|
-
pass_message =
|
|
125
|
-
if params['error'].present?
|
|
126
|
-
'Server redirected the user back to the app with an error.'
|
|
127
|
-
elsif params['confirm_fail']
|
|
128
|
-
'Tester attested that the authorization service did not succeed due to invalid AUD parameter.'
|
|
129
|
-
else
|
|
130
|
-
'Server redirected the user back to the app without an access code.'
|
|
131
|
-
end
|
|
132
|
-
|
|
133
|
-
pass pass_message
|
|
134
|
-
end
|
|
135
|
-
end
|
|
136
|
-
end
|
|
137
|
-
end
|