RubyGems - smart_app_launch_test_kit - Versions diffs - 0.4.5 → 0.5.0 - Mend

smart_app_launch_test_kit 0.4.5 → 0.5.0

Files changed (33) hide show

data/lib/smart_app_launch/token_introspection_request_group.rb CHANGED Viewed

@@ -11,42 +11,44 @@ module SMARTAppLaunch
     id :smart_token_introspection_request_group
     description %(
       This group of tests executes the token introspection requests and ensures the correct HTTP response is returned
-      but does not validate the contents of the token introspection response.
+      but does not validate the contents of the token introspection response.
-      If Inferno cannot reasonably be configured to be authorized to access the token introspection endpoint, these tests
+      If Inferno cannot reasonably be configured to be authorized to access the token introspection endpoint, these tests
       can be skipped.  Instead, an out-of-band token introspection request must be completed and the response body
       manually provided as input for the Validate Introspection Response test group.
       )
     input_instructions %(
-      If the Request New Access Token group was executed, the access token input will auto-populate with that token.
-      Otherwise an active access token needs to be obtained out-of-band and input.
-      Per [RFC-7662](https://datatracker.ietf.org/doc/html/rfc7662#section-2), "the definition of an active token is
-      currently dependent upon the authorization server, but this is commonly a token that has been issued by this
-      authorization server, is not expired, has not been revoked, and is valid for use at the protected resource making
+      If the Request New Access Token group was executed, the access token input will auto-populate with that token.
+      Otherwise an active access token needs to be obtained out-of-band and input.
+      Per [RFC-7662](https://datatracker.ietf.org/doc/html/rfc7662#section-2), "the definition of an active token is
+      currently dependent upon the authorization server, but this is commonly a token that has been issued by this
+      authorization server, is not expired, has not been revoked, and is valid for use at the protected resource making
       the introspection call."
       If the introspection endpoint is protected, testers must enter their own HTTP Authorization header for the introspection request.  See
       [RFC 7616 The 'Basic' HTTP Authentication Scheme](https://datatracker.ietf.org/doc/html/rfc7617) for the most common
-      approach that uses client credentials.  Testers may also provide any additional parameters needed for their authorization
+      approach that uses client credentials.  Testers may also provide any additional parameters needed for their authorization
       server to complete the introspection request.
       **Note:** For both the Authorization header and request parameters, user-input
       values will be sent exactly as entered and therefore the tester must URI-encode any appropriate values.
     )
-    input :well_known_introspection_url,
-          title: 'Token Introspection Endpoint URL',
+    input :well_known_introspection_url,
+          title: 'Token Introspection Endpoint URL',
           description: 'The complete URL of the token introspection endpoint.'
     input :custom_authorization_header,
-          title: 'HTTP Authorization Header for Introspection Request',
+          title: 'Custom HTTP Headers for Introspection Request',
           type: 'textarea',
           optional: true,
           description: %(
-            Include header name, auth scheme, and auth parameters.
-            Ex: 'Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW'
+            Add custom headers for the introspection request by adding each header's name and value with a new line
+            between each header.
+            Ex:
+              <Header 1 Name>: <Value 1>
             )
     input :optional_introspection_request_params,
@@ -54,69 +56,78 @@ module SMARTAppLaunch
           type: 'textarea',
           optional: true,
           description: %(
-            Any additional parameters to append to the request body, separated by &. Example: 'param1=abc&param2=def'
+            Any additional parameters to append to the request body, separated by &. Example: 'param1=abc&param2=def'
           )
     test do
       title 'Token introspection endpoint returns a response when provided an active token'
       description %(
       This test will execute a token introspection request for an active token and ensure a 200 status and valid JSON
-      body are returned in the response.
+      body are returned in the response.
       )
-      input :standalone_access_token,
+      input :standalone_access_token,
             title: 'Access Token',
             description: 'The access token to be introspected. MUST be active.'
       output :active_token_introspection_response_body
       run do
         # If this is being chained from an earlier test, it might be blank if not present in the well-known endpoint
         skip_if well_known_introspection_url.nil?, 'No introspection URL present in SMART well-known endpoint.'
-        headers = {'Accept' => 'application/json', 'Content-Type' => 'application/x-www-form-urlencoded'}
+        headers = { 'Accept' => 'application/json', 'Content-Type' => 'application/x-www-form-urlencoded' }
         body = "token=#{standalone_access_token}"
         if custom_authorization_header.present?
-          parsed_header = custom_authorization_header.split(':', 2)
-          assert parsed_header.length == 2, "Incorrect custom HTTP header format input, expected: '<header name>: <header value>'"
-          headers[parsed_header[0]] = parsed_header[1].strip
+          custom_headers = custom_authorization_header.split("\n")
+          custom_headers.each do |custom_header|
+            parsed_header = custom_header.split(':', 2)
+            assert parsed_header.length == 2,
+                   'Incorrect custom HTTP header format input, expected: "<header name>: <header value>"'
+            headers[parsed_header[0]] = parsed_header[1].strip
+          end
         end
-        if optional_introspection_request_params.present?
-          body += "&#{optional_introspection_request_params}"
-        end
+        body += "&#{optional_introspection_request_params}" if optional_introspection_request_params.present?
-        post(well_known_introspection_url, body: body, headers: headers)
+        post(well_known_introspection_url, body:, headers:)
         assert_response_status(200)
         output active_token_introspection_response_body: request.response_body
       end
     end
-    test do
+    test do
       title 'Token introspection endpoint returns a response when provided an invalid token'
       description %(
         This test will execute a token introspection request for an invalid token and ensure a 200 status and valid JSON
-        body are returned in response.
+        body are returned in response.
       )
       output :invalid_token_introspection_response_body
       run do
         # If this is being chained from an earlier test, it might be blank if not present in the well-known endpoint
         skip_if well_known_introspection_url.nil?, 'No introspection URL present in SMART well-known endpoint.'
-        headers = {'Accept' => 'application/json', 'Content-Type' => 'application/x-www-form-urlencoded'}
-        body = "token=invalid_token_value"
-        post(well_known_introspection_url, body: body, headers: headers)
+        headers = { 'Accept' => 'application/json', 'Content-Type' => 'application/x-www-form-urlencoded' }
+        body = 'token=invalid_token_value'
+        if custom_authorization_header.present?
+          custom_headers = custom_authorization_header.split("\n")
+          custom_headers.each do |custom_header|
+            parsed_header = custom_header.split(':', 2)
+            assert parsed_header.length == 2,
+                   'Incorrect custom HTTP header format input, expected: "<header name>: <header value>"'
+            headers[parsed_header[0]] = parsed_header[1].strip
+          end
+        end
+        post(well_known_introspection_url, body:, headers:)
         assert_response_status(200)
         output invalid_token_introspection_response_body: request.response_body
       end
     end
   end
-end
+end

data/lib/smart_app_launch/token_refresh_test.rb CHANGED Viewed

@@ -30,6 +30,10 @@ module SMARTAppLaunch
       end
     end
+    def make_auth_token_request(smart_token_url, oauth2_params, oauth2_headers)
+      post(smart_token_url, body: oauth2_params, name: :token_refresh, headers: oauth2_headers)
+    end
     run do
       skip_if refresh_token.blank?
@@ -43,7 +47,7 @@ module SMARTAppLaunch
       add_credentials_to_request(oauth2_headers, oauth2_params)
-      post(smart_token_url, body: oauth2_params, name: :token_refresh, headers: oauth2_headers)
+      make_auth_token_request(smart_token_url, oauth2_params, oauth2_headers)
       assert_response_status(200)
       assert_valid_json(request.response_body)
@@ -52,14 +56,14 @@ module SMARTAppLaunch
       token_response_body = JSON.parse(request.response_body)
       output smart_credentials: {
-               refresh_token: token_response_body['refresh_token'].presence || refresh_token,
-               access_token: token_response_body['access_token'],
-               expires_in: token_response_body['expires_in'],
-               client_id: client_id,
-               client_secret: client_secret,
-               token_retrieval_time: token_retrieval_time,
-               token_url: smart_token_url
-             }.to_json
+        refresh_token: token_response_body['refresh_token'].presence || refresh_token,
+        access_token: token_response_body['access_token'],
+        expires_in: token_response_body['expires_in'],
+        client_id:,
+        client_secret:,
+        token_retrieval_time:,
+        token_url: smart_token_url
+      }.to_json
     end
   end
 end

data/lib/smart_app_launch/version.rb CHANGED Viewed

@@ -1,3 +1,4 @@
 module SMARTAppLaunch
-  VERSION = '0.4.5'.freeze
+  VERSION = '0.5.0'.freeze
+  LAST_UPDATED = '2025-02-10'.freeze # TODO: update next release
 end

data/lib/smart_app_launch_test_kit.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 require 'tls_test_kit'
+require_relative 'smart_app_launch/metadata'
 require_relative 'smart_app_launch/smart_stu1_suite'
 require_relative 'smart_app_launch/smart_stu2_suite'
 require_relative 'smart_app_launch/smart_stu2_2_suite'

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: smart_app_launch_test_kit
 version: !ruby/object:Gem::Version
-  version: 0.4.5
+  version: 0.5.0
 platform: ruby
 authors:
 - Stephen MacVicar
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-10-08 00:00:00.000000000 Z
+date: 2025-02-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: inferno_core
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.4.2
+        version: 0.6.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.4.2
+        version: 0.6.2
 - !ruby/object:Gem::Dependency
   name: json-jwt
   requirement: !ruby/object:Gem::Requirement
@@ -58,14 +58,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.2.0
+        version: 0.3.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.2.0
+        version: 0.3.0
 - !ruby/object:Gem::Dependency
   name: database_cleaner-sequel
   requirement: !ruby/object:Gem::Requirement
@@ -145,6 +145,14 @@ extensions: []
 extra_rdoc_files: []
 files:
 - LICENSE
+- config/presets/inferno_reference_server_preset.json
+- config/presets/inferno_reference_server_stu2_2_preset.json
+- config/presets/inferno_reference_server_stu2_preset.json
+- config/presets/smart_access_brands.json.erb
+- config/presets/smart_access_brands_example_1.json
+- config/presets/smart_access_brands_example_2.json
+- config/presets/smart_access_brands_example_3.json
+- config/presets/smart_access_brands_example_4.json
 - lib/smart_app_launch/app_launch_test.rb
 - lib/smart_app_launch/app_redirect_test.rb
 - lib/smart_app_launch/app_redirect_test_stu2.rb
@@ -157,14 +165,21 @@ files:
 - lib/smart_app_launch/backend_services_invalid_jwt_test.rb
 - lib/smart_app_launch/client_assertion_builder.rb
 - lib/smart_app_launch/code_received_test.rb
+- lib/smart_app_launch/cors_metadata_request_test.rb
+- lib/smart_app_launch/cors_openid_fhir_user_claim_test.rb
+- lib/smart_app_launch/cors_token_exchange_test.rb
+- lib/smart_app_launch/cors_well_known_endpoint_test.rb
 - lib/smart_app_launch/discovery_stu1_group.rb
+- lib/smart_app_launch/discovery_stu2_2_group.rb
 - lib/smart_app_launch/discovery_stu2_group.rb
 - lib/smart_app_launch/ehr_launch_group.rb
 - lib/smart_app_launch/ehr_launch_group_stu2.rb
 - lib/smart_app_launch/ehr_launch_group_stu2_2.rb
 - lib/smart_app_launch/jwks.rb
 - lib/smart_app_launch/launch_received_test.rb
+- lib/smart_app_launch/metadata.rb
 - lib/smart_app_launch/openid_connect_group.rb
+- lib/smart_app_launch/openid_connect_group_stu2_2.rb
 - lib/smart_app_launch/openid_decode_id_token_test.rb
 - lib/smart_app_launch/openid_fhir_user_claim_test.rb
 - lib/smart_app_launch/openid_required_configuration_fields_test.rb
@@ -174,6 +189,7 @@ files:
 - lib/smart_app_launch/openid_token_payload_test.rb
 - lib/smart_app_launch/post_auth.html
 - lib/smart_app_launch/smart_access_brands_examples/r4_capability_statement.json
+- lib/smart_app_launch/smart_access_brands_examples/smart_access_brands_example.json.erb
 - lib/smart_app_launch/smart_access_brands_group.rb
 - lib/smart_app_launch/smart_access_brands_retrieval_group.rb
 - lib/smart_app_launch/smart_access_brands_retrieve_bundle_test.rb
@@ -190,6 +206,7 @@ files:
 - lib/smart_app_launch/standalone_launch_group.rb
 - lib/smart_app_launch/standalone_launch_group_stu2.rb
 - lib/smart_app_launch/standalone_launch_group_stu2_2.rb
+- lib/smart_app_launch/token_exchange_stu2_2_test.rb
 - lib/smart_app_launch/token_exchange_stu2_test.rb
 - lib/smart_app_launch/token_exchange_test.rb
 - lib/smart_app_launch/token_introspection_access_token_group.rb
@@ -217,6 +234,7 @@ homepage: https://github.com/inferno-framework/smart-app-launch-test-kit
 licenses:
 - Apache-2.0
 metadata:
+  inferno_test_kit: 'true'
   homepage_uri: https://github.com/inferno-framework/smart-app-launch-test-kit
   source_code_uri: https://github.com/inferno-framework/smart-app-launch-test-kit
 post_install_message:
@@ -227,14 +245,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 3.1.2
+      version: 3.3.6
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.9
+rubygems_version: 3.5.22
 signing_key:
 specification_version: 4
 summary: Inferno Tests for the SMART Application Launch Framework Implementation Guide