RubyGems - smart_app_launch_test_kit - Versions diffs - 0.5.1 → 0.6.1 - Mend

smart_app_launch_test_kit 0.5.1 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (63) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f80a6156d7f541a28a876f54e29a1d7457b84c06feb6aea21d54a499e734ef91
-  data.tar.gz: 9f0990127c9bd562c1328e82a53d0c431c08fb3fbb1fbd24735049a40303eaba
+  metadata.gz: 2608337f4d0d2651ba2395ecda2f89263ebe14d039f3d730ae2f82df3fe49855
+  data.tar.gz: b7a480f55c94dec25865151faefd76045096d21b5333a9c5bf56cf73eb7310bd
 SHA512:
-  metadata.gz: 819be8732a3feed22713a508e3f316101c5cfab62055b68666c94991359c79bc41159086c721b62886c3e38db51305e085ef4ef0dcaed7a9ab615600542a417c
-  data.tar.gz: c811a8aaaea089ca2ebaddb559a3ab2fa3ab2a73e2afbcc485e2375654735a6a68ba20fcbc95e0483ba65c83fed367d449289ee79020522887d418e1e9a0a0fb
+  metadata.gz: 853bd240f1fccdfd72ab79ff89b420b9b1edebd1d1fbd01e9dd3f1e206a29fae3f84f79371e0c7406dc9f3f5bde6ddf7ef51167cf2537f97b56bc36d245d7ef8
+  data.tar.gz: 5cf5840b0061bb6605e68e5d2ce4bf8e07c3039b4e53d8678b2d5cad19e27c352c751eadc8325dfd6ba3df02ddc28f9a7a8e5664eda85aa6cb77c93d1485b52a

data/config/presets/SMART_RunClientAgainstServer.json.erb ADDED Viewed

@@ -0,0 +1,31 @@
+{
+  "title": "Demo: Run Against the SMART Server Suite",
+  "id": "smart_run_client_against_server_v2_2",
+  "test_suite_id": "smart_client_stu2_2",
+  "inputs": [
+    {
+      "name": "smart_jwk_set",
+      "description": "The SMART client's JSON Web Key Set. May be provided as either a publicly accessible url containing the JWKS, or the raw JWKS.",
+      "optional": true,
+      "title": "SMART JSON Web Key Set (JWKS)",
+      "type": "textarea",
+      "value": "<%= Inferno::Application['base_url'] %>/custom/smart_stu2_2/.well-known/jwks.json"
+    },
+    {
+      "name": "client_id",
+      "description": "If a particular client id is desired, put it here. Otherwise a default of the Inferno session id will be used.",
+      "optional": true,
+      "title": "Client Id",
+      "type": "text",
+      "value": "smart_client_test_demo"
+    },
+    {
+      "name": "echoed_fhir_response",
+      "description": "JSON representation of a FHIR resource for Inferno to echo when a request is made to the simulated FHIR server. The provided content will be echoed back exactly and no check will be made that it is appropriate for the request made. If nothing is provided, an OperationOutcome will be returned.",
+      "optional": true,
+      "title": "FHIR Response to Echo",
+      "type": "textarea",
+      "value": "{\n  \"resourceType\": \"Patient\",\n  \"id\": \"example\",\n  \"name\": [\n    {\n      \"family\": \"Chalmers\",\n      \"given\": [\n        \"Peter\",\n        \"James\"\n      ]\n    }\n  ],\n  \"gender\": \"male\",\n  \"birthDate\": \"1974-12-25\",\n  \"address\": [\n    {\n      \"line\": [\n        \"534 Erewhon St\"\n      ],\n      \"city\": \"Ann Arbor\",\n      \"state\": \"MI\",\n      \"postalCode\": \"48108\"\n    }\n  ]\n}"
+    }
+  ]
+}

data/config/presets/SMART_RunServerAgainstClient.json.erb ADDED Viewed

@@ -0,0 +1,42 @@
+{
+  "title": "Demo: Run Against the SMART Client Suite",
+  "id": "smart_run_server_against_client_v2_2",
+  "test_suite_id": "smart_stu2_2",
+  "inputs": [
+    {
+      "name": "url",
+      "description": "URL of the FHIR endpoint used by SMART applications",
+      "title": "FHIR Endpoint",
+      "type": "text",
+      "value": "<%= Inferno::Application['base_url'] %>/custom/smart_client_stu2_2/fhir"
+    },
+    {
+      "name": "backend_services_smart_auth_info",
+      "options": {
+        "mode": "auth",
+        "components": [
+          {
+            "name": "auth_type",
+            "default": "backend_services",
+            "locked": "true"
+          },
+          {
+            "name": "use_discovery",
+            "locked": true
+          }
+        ]
+      },
+      "title": "Backend Services Credentials",
+      "type": "auth_info",
+      "value": {
+        "encryption_algorithm": "ES384",
+        "auth_type": "backend_services",
+        "use_discovery": "true",
+        "token_url": "<%= Inferno::Application['base_url'] %>/custom/smart_client_stu2_2/auth/token",
+        "requested_scopes": "system/*.rs",
+        "client_id": "smart_client_test_demo"
+      },
+      "default": {}
+    }
+  ]
+}

data/config/presets/inferno_reference_server_preset.json CHANGED Viewed

@@ -9,95 +9,24 @@
       "value": "https://inferno.healthit.gov/reference-server/r4"
     },
     {
-      "name": "standalone_client_id",
-      "type": "text",
-      "value": "SAMPLE_PUBLIC_CLIENT_ID"
-    },
-    {
-      "name": "standalone_requested_scopes",
-      "type": "text",
-      "value": "launch/patient openid fhirUser offline_access patient/*.read"
-    },
-    {
-      "name": "use_pkce",
-      "type": "radio",
-      "title": "Proof Key for Code Exchange (PKCE)",
-      "options": {
-        "list_options": [
-          {
-            "label": "Enabled",
-            "value": "true"
-          },
-          {
-            "label": "Disabled",
-            "value": "false"
-          }
-        ]
-      },
-      "value": "false"
-    },
-    {
-      "name": "pkce_code_challenge_method",
-      "type": "radio",
-      "optional": true,
-      "title": "PKCE Code Challenge Method",
-      "options": {
-        "list_options": [
-          {
-            "label": "S256",
-            "value": "S256"
-          },
-          {
-            "label": "plain",
-            "value": "plain"
-          }
-        ]
-      },
-      "value": "S256"
-    },
-    {
-      "name": "client_auth_type",
-      "value": "public",
-      "_title": "Client Authentication Method",
-      "_type": "radio",
-      "_options": {
-        "list_options": [
-          {
-            "label": "Public",
-            "value": "public"
-          },
-          {
-            "label": "Confidential Symmetric",
-            "value": "confidential_symmetric"
-          },
-          {
-            "label": "Confidential Asymmetric",
-            "value": "confidential_asymmetric"
-          }
-        ]
+      "name": "standalone_smart_auth_info",
+      "type": "auth_info",
+      "value": {
+        "auth_type": "public",
+        "requested_scopes": "launch/patient openid fhirUser offline_access patient/*.read",
+        "client_id": "SAMPLE_PUBLIC_CLIENT_ID",
+        "pkce_support": "disabled"
       }
     },
     {
-      "name": "standalone_client_secret",
-      "type": "text",
-      "optional": true,
-      "value": null
-    },
-    {
-      "name": "ehr_client_id",
-      "type": "text",
-      "value": "SAMPLE_PUBLIC_CLIENT_ID"
-    },
-    {
-      "name": "ehr_requested_scopes",
-      "type": "text",
-      "value": "launch openid fhirUser offline_access user/*.read"
-    },
-    {
-      "name": "ehr_client_secret",
-      "type": "text",
-      "optional": true,
-      "value": null
+      "name": "ehr_smart_auth_info",
+      "type": "auth_info",
+      "value": {
+        "auth_type": "public",
+        "requested_scopes": "launch openid fhirUser offline_access user/*.read",
+        "client_id": "SAMPLE_PUBLIC_CLIENT_ID",
+        "pkce_support": "disabled"
+      }
     }
   ]
 }

data/config/presets/inferno_reference_server_stu2_2_preset.json CHANGED Viewed

@@ -9,81 +9,32 @@
       "value": "https://inferno.healthit.gov/reference-server/r4"
     },
     {
-      "name": "standalone_client_id",
-      "type": "text",
-      "value": "SAMPLE_PUBLIC_CLIENT_ID"
-    },
-    {
-      "name": "standalone_requested_scopes",
-      "type": "text",
-      "value": "launch/patient openid fhirUser offline_access patient/*.read"
-    },
-    {
-      "name": "standalone_client_secret",
-      "type": "text",
-      "optional": true,
-      "value": null
-    },
-    {
-      "name": "ehr_client_id",
-      "type": "text",
-      "value": "SAMPLE_PUBLIC_CLIENT_ID"
-    },
-    {
-      "name": "ehr_requested_scopes",
-      "type": "text",
-      "value": "launch openid fhirUser offline_access user/*.read"
-    },
-    {
-      "name": "ehr_client_secret",
-      "type": "text",
-      "optional": true,
-      "value": null
-    },
-    {
-      "name": "client_auth_encryption_method",
-      "value": "ES384",
-      "_title": "Encryption Method (Confidential Asymmetric Client Auth Only)",
-      "_type": "radio",
-      "_options": {
-        "list_options": [
-          {
-            "label": "ES384",
-            "value": "ES384"
-          },
-          {
-            "label": "RS384",
-            "value": "RS384"
-          }
-        ]
+      "name": "standalone_smart_auth_info",
+      "type": "auth_info",
+      "value": {
+        "auth_type":"public",
+        "requested_scopes":"launch/patient openid fhirUser offline_access patient/*.rs",
+        "client_id":"SAMPLE_PUBLIC_CLIENT_ID"
       }
     },
     {
-      "name": "client_auth_type",
-      "value": "public",
-      "_title": "Client Authentication Method",
-      "_type": "radio",
-      "_options": {
-        "list_options": [
-          {
-            "label": "Public",
-            "value": "public"
-          },
-          {
-            "label": "Confidential Symmetric",
-            "value": "confidential_symmetric"
-          },
-          {
-            "label": "Confidential Asymmetric",
-            "value": "confidential_asymmetric"
-          }
-        ]
+      "name": "ehr_smart_auth_info",
+      "type": "auth_info",
+      "value": {
+        "auth_type":"public",
+        "requested_scopes":"launch openid fhirUser offline_access user/*.rs",
+        "client_id":"SAMPLE_PUBLIC_CLIENT_ID"
       }
     },
     {
-      "name": "backend_services_client_id",
-      "type": "text",
-      "value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InJlZ2lzdHJhdGlvbi10b2tlbiJ9.eyJqd2tzX3VybCI6Imh0dHA6Ly8xMC4xNS4yNTIuNzMvaW5mZXJuby8ud2VsbC1rbm93bi9qd2tzLmpzb24iLCJhY2Nlc3NUb2tlbnNFeHBpcmVJbiI6MTUsImlhdCI6MTU5NzQxMzE5NX0.q4v4Msc74kN506KTZ0q_minyapJw0gwlT6M_uiL73S4"
+      "name": "backend_services_smart_auth_info",
+      "type": "auth_info",
+      "value": {
+        "auth_type":"backend_services",
+        "requested_scopes":"system/*.read",
+        "client_id":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InJlZ2lzdHJhdGlvbi10b2tlbiJ9.eyJqd2tzX3VybCI6Imh0dHA6Ly8xMC4xNS4yNTIuNzMvaW5mZXJuby8ud2VsbC1rbm93bi9qd2tzLmpzb24iLCJhY2Nlc3NUb2tlbnNFeHBpcmVJbiI6MTUsImlhdCI6MTU5NzQxMzE5NX0.q4v4Msc74kN506KTZ0q_minyapJw0gwlT6M_uiL73S4",
+        "encryption_algorithm":"ES384"
+      }
     }
   ]
 }

data/config/presets/inferno_reference_server_stu2_preset.json CHANGED Viewed

@@ -9,81 +9,32 @@
       "value": "https://inferno.healthit.gov/reference-server/r4"
     },
     {
-      "name": "standalone_client_id",
-      "type": "text",
-      "value": "SAMPLE_PUBLIC_CLIENT_ID"
-    },
-    {
-      "name": "standalone_requested_scopes",
-      "type": "text",
-      "value": "launch/patient openid fhirUser offline_access patient/*.read"
-    },
-    {
-      "name": "standalone_client_secret",
-      "type": "text",
-      "optional": true,
-      "value": null
-    },
-    {
-      "name": "ehr_client_id",
-      "type": "text",
-      "value": "SAMPLE_PUBLIC_CLIENT_ID"
-    },
-    {
-      "name": "ehr_requested_scopes",
-      "type": "text",
-      "value": "launch openid fhirUser offline_access user/*.read"
-    },
-    {
-      "name": "ehr_client_secret",
-      "type": "text",
-      "optional": true,
-      "value": null
-    },
-    {
-      "name": "client_auth_encryption_method",
-      "value": "ES384",
-      "_title": "Encryption Method (Confidential Asymmetric Client Auth Only)",
-      "_type": "radio",
-      "_options": {
-        "list_options": [
-          {
-            "label": "ES384",
-            "value": "ES384"
-          },
-          {
-            "label": "RS384",
-            "value": "RS384"
-          }
-        ]
+      "name": "standalone_smart_auth_info",
+      "type": "auth_info",
+      "value": {
+        "auth_type": "public",
+        "requested_scopes":"launch/patient openid fhirUser offline_access patient/*.rs",
+        "client_id":"SAMPLE_PUBLIC_CLIENT_ID"
       }
     },
     {
-      "name": "client_auth_type",
-      "value": "public",
-      "_title": "Client Authentication Method",
-      "_type": "radio",
-      "_options": {
-        "list_options": [
-          {
-            "label": "Public",
-            "value": "public"
-          },
-          {
-            "label": "Confidential Symmetric",
-            "value": "confidential_symmetric"
-          },
-          {
-            "label": "Confidential Asymmetric",
-            "value": "confidential_asymmetric"
-          }
-        ]
+      "name": "ehr_smart_auth_info",
+      "type": "auth_info",
+      "value": {
+        "auth_type":"public",
+        "requested_scopes":"launch openid fhirUser offline_access user/*.rs",
+        "client_id":"SAMPLE_PUBLIC_CLIENT_ID"
       }
     },
     {
-      "name": "backend_services_client_id",
-      "type": "text",
-      "value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InJlZ2lzdHJhdGlvbi10b2tlbiJ9.eyJqd2tzX3VybCI6Imh0dHA6Ly8xMC4xNS4yNTIuNzMvaW5mZXJuby8ud2VsbC1rbm93bi9qd2tzLmpzb24iLCJhY2Nlc3NUb2tlbnNFeHBpcmVJbiI6MTUsImlhdCI6MTU5NzQxMzE5NX0.q4v4Msc74kN506KTZ0q_minyapJw0gwlT6M_uiL73S4"
+      "name": "backend_services_smart_auth_info",
+      "type": "auth_info",
+      "value": {
+        "auth_type":"backend_services",
+        "requested_scopes":"system/*.read",
+        "client_id":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InJlZ2lzdHJhdGlvbi10b2tlbiJ9.eyJqd2tzX3VybCI6Imh0dHA6Ly8xMC4xNS4yNTIuNzMvaW5mZXJuby8ud2VsbC1rbm93bi9qd2tzLmpzb24iLCJhY2Nlc3NUb2tlbnNFeHBpcmVJbiI6MTUsImlhdCI6MTU5NzQxMzE5NX0.q4v4Msc74kN506KTZ0q_minyapJw0gwlT6M_uiL73S4",
+        "encryption_algorithm":"ES384"
+      }
     }
   ]
 }

data/lib/smart_app_launch/app_redirect_test.rb CHANGED Viewed

@@ -9,41 +9,8 @@ module SMARTAppLaunch
     )
     id :smart_app_redirect
-    input :client_id, :requested_scopes, :url, :smart_authorization_url
-    input :use_pkce,
-          title: 'Proof Key for Code Exchange (PKCE)',
-          type: 'radio',
-          default: 'false',
-          options: {
-            list_options: [
-              {
-                label: 'Enabled',
-                value: 'true'
-              },
-              {
-                label: 'Disabled',
-                value: 'false'
-              }
-            ]
-          }
-    input :pkce_code_challenge_method,
-          optional: true,
-          title: 'PKCE Code Challenge Method',
-          type: 'radio',
-          default: 'S256',
-          options: {
-            list_options: [
-              {
-                label: 'S256',
-                value: 'S256'
-              },
-              {
-                label: 'plain',
-                value: 'plain'
-              }
-            ]
-          }
+    input :url
+    input :smart_auth_info, type: :auth_info, options: { mode: 'auth' }
     output :state, :pkce_code_challenge, :pkce_code_verifier
     receives_request :redirect
@@ -91,17 +58,17 @@ module SMARTAppLaunch
     run do
       assert_valid_http_uri(
-        smart_authorization_url,
-        "OAuth2 Authorization Endpoint '#{smart_authorization_url}' is not a valid URI"
+        smart_auth_info.auth_url,
+        "OAuth2 Authorization Endpoint '#{smart_auth_info.auth_url}' is not a valid URI"
       )
       output state: SecureRandom.uuid
       oauth2_params = {
         'response_type' => 'code',
-        'client_id' => client_id,
+        'client_id' => smart_auth_info.client_id,
         'redirect_uri' => redirect_uri,
-        'scope' => requested_scopes,
+        'scope' => smart_auth_info.requested_scopes,
         'state' => state,
         'aud' => aud
       }
@@ -112,11 +79,11 @@ module SMARTAppLaunch
         oauth2_params['launch'] = launch
       end
-      if use_pkce == 'true'
+      if smart_auth_info.pkce_enabled?
         # code verifier must be between 43 and 128 characters
-        code_verifier = SecureRandom.uuid + '-' + SecureRandom.uuid
+        code_verifier = "#{SecureRandom.uuid}-#{SecureRandom.uuid}"
         code_challenge =
-          if pkce_code_challenge_method == 'S256'
+          if smart_auth_info.s256_code_challenge_method?
             self.class.calculate_s256_challenge(code_verifier)
           else
             code_verifier
@@ -124,11 +91,12 @@ module SMARTAppLaunch
         output pkce_code_verifier: code_verifier, pkce_code_challenge: code_challenge
-        oauth2_params.merge!('code_challenge' => code_challenge, 'code_challenge_method' => pkce_code_challenge_method)
+        oauth2_params.merge!('code_challenge' => code_challenge,
+                             'code_challenge_method' => smart_auth_info.pkce_code_challenge_method)
       end
       authorization_url = authorization_url_builder(
-        smart_authorization_url,
+        smart_auth_info.auth_url,
         oauth2_params
       )

data/lib/smart_app_launch/app_redirect_test_stu2.rb CHANGED Viewed

@@ -15,22 +15,7 @@ module SMARTAppLaunch
       Request](http://hl7.org/fhir/smart-app-launch/STU2/app-launch.html#request-4)
     )
-    input :authorization_method,
-          title: 'Authorization Request Method',
-          type: 'radio',
-          default: 'get',
-          options: {
-            list_options: [
-              {
-                label: 'GET',
-                value: 'get'
-              },
-              {
-                label: 'POST',
-                value: 'post'
-              }
-            ]
-          }
+    input :smart_auth_info, type: :auth_info, options: { mode: 'auth' }
     def default_post_authorization_uri
       "#{Inferno::Application['base_url']}/custom/smart_stu2/post_auth"
@@ -41,7 +26,7 @@ module SMARTAppLaunch
     end
     def authorization_url_builder(url, params)
-      return super if authorization_method == 'get'
+      return super if smart_auth_info.get_auth_request?
       post_params = params.merge(auth_url: url)

data/lib/smart_app_launch/backend_services_authorization_group.rb CHANGED Viewed

@@ -13,67 +13,41 @@ module SMARTAppLaunch
     id :backend_services_authorization
-    input :smart_token_url,
-          title: 'Backend Services Token Endpoint',
-          description: <<~DESCRIPTION
-            The OAuth 2.0 Token Endpoint used by the Backend Services specification to provide bearer tokens.
-          DESCRIPTION
-    input :backend_services_client_id,
-          title: 'Backend Services Client ID',
-          description: 'Client ID provided at registration to the Inferno application.'
-    input :backend_services_requested_scope,
-          title: 'Backend Services Requested Scopes',
-          description: 'Backend Services Scopes provided at registration to the Inferno application; will be `system/` scopes',
-          default: 'system/*.read'
-    input :client_auth_encryption_method,
-      title: 'Encryption Method for Asymmetric Confidential Client Authorization',
-      description: <<~DESCRIPTION,
-        The server is required to suport either ES384 or RS384 encryption methods for JWT signature verification.
-        Select which method to use.
-      DESCRIPTION
-      type: 'radio',
-      default: 'ES384',
-      options: {
-        list_options: [
-          {
-            label: 'ES384',
-            value: 'ES384'
-          },
-          {
-            label: 'RS384',
-            value: 'RS384'
+    input :smart_auth_info,
+          title: 'Backend Services Credentials',
+          type: :auth_info,
+          options: {
+            mode: 'auth',
+            components: [
+              {
+                name: :auth_type,
+                default: 'backend_services',
+                locked: 'true'
+              },
+              {
+                name: :use_discovery,
+                locked: true
+              }
+            ]
           }
-        ]
-      }
-    input :backend_services_jwks_kid,
-          title: 'Backend Services JWKS kid',
-          description: <<~DESCRIPTION,
-            The key ID of the JWKS private key to use for signing the client assertion when fetching an auth token.
-            Defaults to the first JWK in the list if no kid is supplied.
-          DESCRIPTION
-          optional: true
-    output :bearer_token
-    test from: :tls_version_test do
-      title 'Authorization service token endpoint secured by transport layer security'
-      description <<~DESCRIPTION
-        The [SMART App Launch 2.0.0 IG specification for Backend Services](https://hl7.org/fhir/smart-app-launch/STU2/backend-services.html#request-1)
-        states "the client SHALL use the Transport Layer Security (TLS) Protocol Version 1.2 (RFC5246)
-        or a more recent version of TLS to authenticate the identity of the FHIR authorization server and to
-        establish an encrypted, integrity-protected link for securing all exchanges between the client and the
-        FHIR authorization server’s token endpoint. All exchanges described herein between the client and the
-        FHIR server SHALL be secured using TLS V1.2 or a more recent version of TLS."
-      DESCRIPTION
-      id :smart_backend_services_token_tls_version
-      config(
-        inputs: { url: { name: :smart_token_url } },
-        options: {  minimum_allowed_version: OpenSSL::SSL::TLS1_2_VERSION }
-      )
-    end
+    test from: :smart_tls,
+         id: :smart_backend_services_token_tls_version,
+         title: 'Authorization service token endpoint secured by transport layer security',
+         description: <<~DESCRIPTION,
+           The [SMART App Launch 2.0.0 IG specification for Backend Services](https://hl7.org/fhir/smart-app-launch/STU2/backend-services.html#request-1)
+           states "the client SHALL use the Transport Layer Security (TLS) Protocol Version 1.2 (RFC5246)
+           or a more recent version of TLS to authenticate the identity of the FHIR authorization server and to
+           establish an encrypted, integrity-protected link for securing all exchanges between the client and the
+           FHIR authorization server’s token endpoint. All exchanges described herein between the client and the
+           FHIR server SHALL be secured using TLS V1.2 or a more recent version of TLS."
+         DESCRIPTION
+         config: {
+           options: {
+             minimum_allowed_version: OpenSSL::SSL::TLS1_2_VERSION,
+             smart_endpoint_key: :token_url
+           }
+         }
     test from: :smart_backend_services_invalid_grant_type