smart_app_launch_test_kit 0.4.3 → 0.4.4

data/lib/smart_app_launch/token_payload_validation.rb

@@ -5,66 +5,66 @@ module SMARTAppLaunch
 
     # All resource types from DSTU3, STU3, R4, R4B, and R5
     FHIR_RESOURCE_TYPES = [
-      "Account", "ActivityDefinition", "ActorDefinition",
-      "AdministrableProductDefinition", "AdverseEvent", "AllergyIntolerance",
-      "Appointment", "AppointmentResponse", "ArtifactAssessment", "AuditEvent",
-      "Basic", "Binary", "BiologicallyDerivedProduct",
-      "BiologicallyDerivedProductDispense", "BodySite", "BodyStructure",
-      "Bundle", "CapabilityStatement", "CarePlan", "CareTeam", "CatalogEntry",
-      "ChargeItem", "ChargeItemDefinition", "Citation", "Claim",
-      "ClaimResponse", "ClinicalImpression", "ClinicalUseDefinition",
-      "CodeSystem", "Communication", "CommunicationRequest",
-      "CompartmentDefinition", "Composition", "ConceptMap", "Condition",
-      "ConditionDefinition", "Conformance", "Consent", "Contract", "Coverage",
-      "CoverageEligibilityRequest", "CoverageEligibilityResponse",
-      "DataElement", "DetectedIssue", "Device", "DeviceAssociation",
-      "DeviceComponent", "DeviceDefinition", "DeviceDispense", "DeviceMetric",
-      "DeviceRequest", "DeviceUsage", "DeviceUseRequest", "DeviceUseStatement",
-      "DiagnosticOrder", "DiagnosticReport", "DocumentManifest",
-      "DocumentReference", "EffectEvidenceSynthesis", "EligibilityRequest",
-      "EligibilityResponse", "Encounter", "EncounterHistory", "Endpoint",
-      "EnrollmentRequest", "EnrollmentResponse", "EpisodeOfCare",
-      "EventDefinition", "Evidence", "EvidenceReport", "EvidenceVariable",
-      "ExampleScenario", "ExpansionProfile", "ExplanationOfBenefit",
-      "FamilyMemberHistory", "Flag", "FormularyItem", "GenomicStudy", "Goal",
-      "GraphDefinition", "Group", "GuidanceResponse", "HealthcareService",
-      "ImagingManifest", "ImagingObjectSelection", "ImagingSelection",
-      "ImagingStudy", "Immunization", "ImmunizationEvaluation",
-      "ImmunizationRecommendation", "ImplementationGuide", "Ingredient",
-      "InsurancePlan", "InventoryItem", "InventoryReport", "Invoice", "Library",
-      "Linkage", "List", "Location", "ManufacturedItemDefinition", "Measure",
-      "MeasureReport", "Media", "Medication", "MedicationAdministration",
-      "MedicationDispense", "MedicationKnowledge", "MedicationOrder",
-      "MedicationRequest", "MedicationStatement", "MedicinalProduct",
-      "MedicinalProductAuthorization", "MedicinalProductContraindication",
-      "MedicinalProductDefinition", "MedicinalProductIndication",
-      "MedicinalProductIngredient", "MedicinalProductInteraction",
-      "MedicinalProductManufactured", "MedicinalProductPackaged",
-      "MedicinalProductPharmaceutical", "MedicinalProductUndesirableEffect",
-      "MessageDefinition", "MessageHeader", "MolecularSequence", "NamingSystem",
-      "NutritionIntake", "NutritionOrder", "NutritionProduct", "Observation",
-      "ObservationDefinition", "OperationDefinition", "OperationOutcome",
-      "Order", "OrderResponse", "Organization", "OrganizationAffiliation",
-      "PackagedProductDefinition", "Patient", "PaymentNotice",
-      "PaymentReconciliation", "Permission", "Person", "PlanDefinition",
-      "Practitioner", "PractitionerRole", "Procedure", "ProcedureRequest",
-      "ProcessRequest", "ProcessResponse", "Provenance", "Questionnaire",
-      "QuestionnaireResponse", "ReferralRequest", "RegulatedAuthorization",
-      "RelatedPerson", "RequestGroup", "RequestOrchestration", "Requirements",
-      "ResearchDefinition", "ResearchElementDefinition", "ResearchStudy",
-      "ResearchSubject", "RiskAssessment", "RiskEvidenceSynthesis", "Schedule",
-      "SearchParameter", "Sequence", "ServiceDefinition", "ServiceRequest",
-      "Slot", "Specimen", "SpecimenDefinition", "StructureDefinition",
-      "StructureMap", "Subscription", "SubscriptionStatus", "SubscriptionTopic",
-      "Substance", "SubstanceDefinition", "SubstanceNucleicAcid",
-      "SubstancePolymer", "SubstanceProtein", "SubstanceReferenceInformation",
-      "SubstanceSourceMaterial", "SubstanceSpecification", "SupplyDelivery",
-      "SupplyRequest", "Task", "TerminologyCapabilities", "TestPlan",
-      "TestReport", "TestScript", "Transport", "ValueSet", "VerificationResult",
-      "VisionPrescription"
+      'Account', 'ActivityDefinition', 'ActorDefinition',
+      'AdministrableProductDefinition', 'AdverseEvent', 'AllergyIntolerance',
+      'Appointment', 'AppointmentResponse', 'ArtifactAssessment', 'AuditEvent',
+      'Basic', 'Binary', 'BiologicallyDerivedProduct',
+      'BiologicallyDerivedProductDispense', 'BodySite', 'BodyStructure',
+      'Bundle', 'CapabilityStatement', 'CarePlan', 'CareTeam', 'CatalogEntry',
+      'ChargeItem', 'ChargeItemDefinition', 'Citation', 'Claim',
+      'ClaimResponse', 'ClinicalImpression', 'ClinicalUseDefinition',
+      'CodeSystem', 'Communication', 'CommunicationRequest',
+      'CompartmentDefinition', 'Composition', 'ConceptMap', 'Condition',
+      'ConditionDefinition', 'Conformance', 'Consent', 'Contract', 'Coverage',
+      'CoverageEligibilityRequest', 'CoverageEligibilityResponse',
+      'DataElement', 'DetectedIssue', 'Device', 'DeviceAssociation',
+      'DeviceComponent', 'DeviceDefinition', 'DeviceDispense', 'DeviceMetric',
+      'DeviceRequest', 'DeviceUsage', 'DeviceUseRequest', 'DeviceUseStatement',
+      'DiagnosticOrder', 'DiagnosticReport', 'DocumentManifest',
+      'DocumentReference', 'EffectEvidenceSynthesis', 'EligibilityRequest',
+      'EligibilityResponse', 'Encounter', 'EncounterHistory', 'Endpoint',
+      'EnrollmentRequest', 'EnrollmentResponse', 'EpisodeOfCare',
+      'EventDefinition', 'Evidence', 'EvidenceReport', 'EvidenceVariable',
+      'ExampleScenario', 'ExpansionProfile', 'ExplanationOfBenefit',
+      'FamilyMemberHistory', 'Flag', 'FormularyItem', 'GenomicStudy', 'Goal',
+      'GraphDefinition', 'Group', 'GuidanceResponse', 'HealthcareService',
+      'ImagingManifest', 'ImagingObjectSelection', 'ImagingSelection',
+      'ImagingStudy', 'Immunization', 'ImmunizationEvaluation',
+      'ImmunizationRecommendation', 'ImplementationGuide', 'Ingredient',
+      'InsurancePlan', 'InventoryItem', 'InventoryReport', 'Invoice', 'Library',
+      'Linkage', 'List', 'Location', 'ManufacturedItemDefinition', 'Measure',
+      'MeasureReport', 'Media', 'Medication', 'MedicationAdministration',
+      'MedicationDispense', 'MedicationKnowledge', 'MedicationOrder',
+      'MedicationRequest', 'MedicationStatement', 'MedicinalProduct',
+      'MedicinalProductAuthorization', 'MedicinalProductContraindication',
+      'MedicinalProductDefinition', 'MedicinalProductIndication',
+      'MedicinalProductIngredient', 'MedicinalProductInteraction',
+      'MedicinalProductManufactured', 'MedicinalProductPackaged',
+      'MedicinalProductPharmaceutical', 'MedicinalProductUndesirableEffect',
+      'MessageDefinition', 'MessageHeader', 'MolecularSequence', 'NamingSystem',
+      'NutritionIntake', 'NutritionOrder', 'NutritionProduct', 'Observation',
+      'ObservationDefinition', 'OperationDefinition', 'OperationOutcome',
+      'Order', 'OrderResponse', 'Organization', 'OrganizationAffiliation',
+      'PackagedProductDefinition', 'Patient', 'PaymentNotice',
+      'PaymentReconciliation', 'Permission', 'Person', 'PlanDefinition',
+      'Practitioner', 'PractitionerRole', 'Procedure', 'ProcedureRequest',
+      'ProcessRequest', 'ProcessResponse', 'Provenance', 'Questionnaire',
+      'QuestionnaireResponse', 'ReferralRequest', 'RegulatedAuthorization',
+      'RelatedPerson', 'RequestGroup', 'RequestOrchestration', 'Requirements',
+      'ResearchDefinition', 'ResearchElementDefinition', 'ResearchStudy',
+      'ResearchSubject', 'RiskAssessment', 'RiskEvidenceSynthesis', 'Schedule',
+      'SearchParameter', 'Sequence', 'ServiceDefinition', 'ServiceRequest',
+      'Slot', 'Specimen', 'SpecimenDefinition', 'StructureDefinition',
+      'StructureMap', 'Subscription', 'SubscriptionStatus', 'SubscriptionTopic',
+      'Substance', 'SubstanceDefinition', 'SubstanceNucleicAcid',
+      'SubstancePolymer', 'SubstanceProtein', 'SubstanceReferenceInformation',
+      'SubstanceSourceMaterial', 'SubstanceSpecification', 'SupplyDelivery',
+      'SupplyRequest', 'Task', 'TerminologyCapabilities', 'TestPlan',
+      'TestReport', 'TestScript', 'Transport', 'ValueSet', 'VerificationResult',
+      'VisionPrescription'
     ].to_set.freeze
 
-    FHIR_ID_REGEX = /[A-Za-z0-9\-\.]{1,64}(\/_history\/[A-Za-z0-9\-\.]{1,64})?(#[A-Za-z0-9\-\.]{1,64})?/.freeze
+    FHIR_ID_REGEX = %r{[A-Za-z0-9\-\.]{1,64}(/_history/[A-Za-z0-9\-\.]{1,64})?(#[A-Za-z0-9\-\.]{1,64})?}
 
     def validate_required_fields_present(body, required_fields)
       missing_fields = required_fields.select { |field| body[field].blank? }
@@ -93,7 +93,7 @@ module SMARTAppLaunch
 
     def validate_scope_subset(received_scopes, original_scopes)
       extra_scopes = received_scopes.split - original_scopes.split
-      assert extra_scopes.empty?, "Token response contained scopes which are not a subset of the scope granted to the "\
+      assert extra_scopes.empty?, 'Token response contained scopes which are not a subset of the scope granted to the ' \
                                   "original access token: #{extra_scopes.join(', ')}"
     end
 
@@ -124,7 +124,6 @@ module SMARTAppLaunch
 
       fhir_context.each do |reference|
         assert !reference.start_with?('http'), "`#{reference}` is not a relative reference"
-
         resource_type, id = reference.split('/')
         assert FHIR_RESOURCE_TYPES.include?(resource_type),
                "`#{resource_type}` is not a valid FHIR resource type"
@@ -132,5 +131,75 @@ module SMARTAppLaunch
         assert id.match?(FHIR_ID_REGEX), "`#{id}` is not a valid FHIR id"
       end
     end
+
+    def check_fhir_context_reference(reference)
+      assert reference.is_a?(String), "`#{reference.inspect}` is not a String"
+      assert !reference.start_with?('http'), "`#{reference}` is not a relative reference"
+
+      resource_type, id = reference.split('/')
+
+      assert FHIR_RESOURCE_TYPES.include?(resource_type),
+             "`#{resource_type}` in `reference` is not a valid FHIR resource type"
+
+      assert id.match?(FHIR_ID_REGEX), "`#{id}` in `reference` is not a valid FHIR id"
+    end
+
+    def check_fhir_context_canonical(canonical)
+      assert canonical.is_a?(String), "`#{canonical.inspect}` is not a String"
+      assert canonical.start_with?('http'), "`#{canonical}` is not a canonical reference"
+
+      split_canonical = canonical.split('/')
+
+      if split_canonical.last.start_with?(/&|\|/)
+        resource_type = split_canonical[-3]
+        id = split_canonical[-2]
+      else
+        resource_type = split_canonical[-2]
+        id = split_canonical.last.split(/&|\|/).first
+      end
+
+      assert FHIR_RESOURCE_TYPES.include?(resource_type),
+             "`#{resource_type}` in `canonical` is not a valid FHIR resource type"
+
+      assert id.match?(FHIR_ID_REGEX), "`#{id}` in `canonical` is not a valid FHIR id"
+    end
+
+    def check_fhir_context_identifier(identifier)
+      assert identifier.is_a?(Hash), "`#{identifier.inspect}` is not an Object"
+    end
+
+    def validate_fhir_context_stu2_2(fhir_context)
+      return if fhir_context.nil?
+
+      assert fhir_context.is_a?(Array), "`fhirContext` field is a #{fhir_context.class.name}, but should be an Array"
+
+      fhir_context.each do |reference|
+        assert reference.is_a?(Hash), "`#{reference.inspect}` is not an Object"
+      end
+
+      fhir_context.each do |context|
+        reference = context['reference']
+        canonical = context['canonical']
+        identifier = context['identifier']
+
+        type = context['type']
+
+        assert reference.present? || canonical.present? || identifier.present?,
+               '`fhirContext` array SHALL include at least one of "reference", "canonical", or "identifier"'
+
+        check_fhir_context_reference(reference) if reference.present?
+        check_fhir_context_canonical(canonical) if canonical.present?
+        check_fhir_context_identifier(identifier) if identifier.present?
+
+        if (canonical.present? || identifier.present?) && type.blank?
+          info 'The `type` field is recommended when "canonical" or "identifier" is present in `fhirContext` object'
+        end
+
+        next unless type.present?
+
+        assert FHIR_RESOURCE_TYPES.include?(type),
+               "`#{type}` in `type` is not a valid FHIR resource type"
+      end
+    end
   end
 end

data/lib/smart_app_launch/token_response_body_test_stu2_2.rb

@@ -0,0 +1,32 @@
+require_relative 'token_payload_validation'
+
+module SMARTAppLaunch
+  class TokenResponseBodyTestSTU22 < TokenResponseBodyTest
+    title 'Token exchange response body contains required information encoded in JSON'
+    description %(
+      The EHR authorization server shall return a JSON structure that includes
+      an access token or a message indicating that the authorization request
+      has been denied. `access_token`, `token_type`, and `scope` are required.
+      `token_type` must be Bearer. `expires_in` is required for token
+      refreshes.
+
+      The format of the optional `fhirContext` field is validated if present.
+    )
+    id :smart_token_response_body_stu2_2
+
+    input :requested_scopes
+    output :id_token,
+           :refresh_token,
+           :access_token,
+           :expires_in,
+           :patient_id,
+           :encounter_id,
+           :received_scopes,
+           :intent
+    uses_request :token
+
+    def validate_fhir_context(fhir_context)
+      validate_fhir_context_stu2_2(fhir_context)
+    end
+  end
+end

data/lib/smart_app_launch/version.rb

@@ -1,3 +1,3 @@
 module SMARTAppLaunch
-  VERSION = '0.4.3'.freeze
+  VERSION = '0.4.4'.freeze
 end

data/lib/smart_app_launch/well_known_endpoint_test.rb

@@ -13,6 +13,7 @@ module SMARTAppLaunch
     input :url,
           title: 'FHIR Endpoint',
           description: 'URL of the FHIR endpoint used by SMART applications'
+
     output :well_known_configuration,
            :well_known_authorization_url,
            :well_known_introspection_url,
@@ -34,9 +35,12 @@ module SMARTAppLaunch
       base_url = "#{url.chomp('/')}/"
       config = JSON.parse(request.response_body)
 
+      if config['introspection_endpoint'].present?
+        output well_known_introspection_url: make_url_absolute(base_url, config['introspection_endpoint'])
+      end
+
       output well_known_configuration: request.response_body,
              well_known_authorization_url: make_url_absolute(base_url, config['authorization_endpoint']),
-             well_known_introspection_url: make_url_absolute(base_url, config['introspection_endpoint']),
              well_known_management_url: make_url_absolute(base_url, config['management_endpoint']),
              well_known_registration_url: make_url_absolute(base_url, config['registration_endpoint']),
              well_known_revocation_url: make_url_absolute(base_url, config['revocation_endpoint']),

data/lib/smart_app_launch_test_kit.rb

@@ -2,3 +2,5 @@ require 'tls_test_kit'
 
 require_relative 'smart_app_launch/smart_stu1_suite'
 require_relative 'smart_app_launch/smart_stu2_suite'
+require_relative 'smart_app_launch/smart_stu2_2_suite'
+require_relative 'smart_app_launch/smart_access_brands_suite'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: smart_app_launch_test_kit
 version: !ruby/object:Gem::Version
-  version: 0.4.3
+  version: 0.4.4
 platform: ruby
 authors:
 - Stephen MacVicar
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-07-12 00:00:00.000000000 Z
+date: 2024-10-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: inferno_core
@@ -161,6 +161,7 @@ files:
 - lib/smart_app_launch/discovery_stu2_group.rb
 - lib/smart_app_launch/ehr_launch_group.rb
 - lib/smart_app_launch/ehr_launch_group_stu2.rb
+- lib/smart_app_launch/ehr_launch_group_stu2_2.rb
 - lib/smart_app_launch/jwks.rb
 - lib/smart_app_launch/launch_received_test.rb
 - lib/smart_app_launch/openid_connect_group.rb
@@ -172,15 +173,29 @@ files:
 - lib/smart_app_launch/openid_token_header_test.rb
 - lib/smart_app_launch/openid_token_payload_test.rb
 - lib/smart_app_launch/post_auth.html
+- lib/smart_app_launch/smart_access_brands_examples/r4_capability_statement.json
+- lib/smart_app_launch/smart_access_brands_group.rb
+- lib/smart_app_launch/smart_access_brands_retrieval_group.rb
+- lib/smart_app_launch/smart_access_brands_retrieve_bundle_test.rb
+- lib/smart_app_launch/smart_access_brands_suite.rb
+- lib/smart_app_launch/smart_access_brands_validate_brands_test.rb
+- lib/smart_app_launch/smart_access_brands_validate_bundle_test.rb
+- lib/smart_app_launch/smart_access_brands_validate_endpoint_urls_test.rb
+- lib/smart_app_launch/smart_access_brands_validate_endpoints_test.rb
+- lib/smart_app_launch/smart_access_brands_validation_group.rb
 - lib/smart_app_launch/smart_jwks.json
 - lib/smart_app_launch/smart_stu1_suite.rb
+- lib/smart_app_launch/smart_stu2_2_suite.rb
 - lib/smart_app_launch/smart_stu2_suite.rb
 - lib/smart_app_launch/standalone_launch_group.rb
 - lib/smart_app_launch/standalone_launch_group_stu2.rb
+- lib/smart_app_launch/standalone_launch_group_stu2_2.rb
 - lib/smart_app_launch/token_exchange_stu2_test.rb
 - lib/smart_app_launch/token_exchange_test.rb
 - lib/smart_app_launch/token_introspection_access_token_group.rb
+- lib/smart_app_launch/token_introspection_access_token_group_stu2_2.rb
 - lib/smart_app_launch/token_introspection_group.rb
+- lib/smart_app_launch/token_introspection_group_stu2_2.rb
 - lib/smart_app_launch/token_introspection_request_group.rb
 - lib/smart_app_launch/token_introspection_response_group.rb
 - lib/smart_app_launch/token_payload_validation.rb
@@ -190,6 +205,7 @@ files:
 - lib/smart_app_launch/token_refresh_stu2_test.rb
 - lib/smart_app_launch/token_refresh_test.rb
 - lib/smart_app_launch/token_response_body_test.rb
+- lib/smart_app_launch/token_response_body_test_stu2_2.rb
 - lib/smart_app_launch/token_response_headers_test.rb
 - lib/smart_app_launch/url_helpers.rb
 - lib/smart_app_launch/version.rb