smart_app_launch_test_kit 0.6.1 → 0.6.3

data/lib/smart_app_launch/endpoints/mock_smart_server/smart_authorization_response_creation.rb

@@ -0,0 +1,30 @@
+require_relative '../../tags'
+require_relative '../mock_smart_server'
+require_relative '../../client_suite/oidc_jwks'
+
+module SMARTAppLaunch
+  module MockSMARTServer
+    module SMARTAuthorizationResponseCreation
+      def make_smart_authorization_response
+        redirect_uri = request.params[:redirect_uri]
+        if redirect_uri.blank?
+          response.status = 400
+          response.body = { 
+            error: 'Bad request',
+            message: 'Missing required redirect_uri parameter.'}.to_json
+          response.content_type = 'application/json'
+          return
+        end
+  
+        client_id = request.params[:client_id]
+        state = request.params[:state]
+  
+        exp_min = 10
+        token = MockSMARTServer.client_id_to_token(client_id, exp_min)
+        query_string = "code=#{ERB::Util.url_encode(token)}&state=#{ERB::Util.url_encode(state)}"
+        response.headers['Location'] =  "#{redirect_uri}#{redirect_uri.include?('?') ? '&' : '?'}#{query_string}"
+        response.status = 302
+      end
+    end 
+  end
+end

data/lib/smart_app_launch/endpoints/mock_smart_server/smart_introspection_response_creation.rb

@@ -0,0 +1,46 @@
+require_relative '../../tags'
+require_relative '../mock_smart_server'
+
+module SMARTAppLaunch
+  module MockSMARTServer
+    module SMARTIntrospectionResponseCreation 
+      def make_smart_introspection_response
+        target_token = request.params[:token]
+        introspection_inactive_response_body = { active: false }
+
+        return introspection_inactive_response_body if MockSMARTServer.token_expired?(target_token)
+        
+        token_requests = Inferno::Repositories::Requests.new.tagged_requests(test_run.test_session_id, [TOKEN_TAG])
+        original_response_body = nil
+        original_token_request = token_requests.find do |request|
+          next unless request.status == 200
+
+          original_response_body = JSON.parse(request.response_body)
+          [original_response_body['access_token'], original_response_body['refresh_token']].include?(target_token)
+        end
+        return introspection_inactive_response_body unless original_token_request.present?
+
+        decoded_token = MockSMARTServer.decode_token(target_token)
+        introspection_active_response_body = {
+          active: true,
+          client_id: decoded_token['client_id'],
+          exp: decoded_token['expiration']
+        }
+        original_response_body.each do |element, value|
+          next if ['access_token', 'refresh_token', 'token_type', 'expires_in'].include?(element)
+          next if introspection_active_response_body.key?(element)
+
+          introspection_active_response_body[element] = value
+        end
+        if original_response_body.key?('id_token')
+          user_claims, _header = JWT.decode(original_response_body['id_token'], nil, false)
+          introspection_active_response_body['iss'] = user_claims['iss']
+          introspection_active_response_body['sub'] = user_claims['sub']
+          introspection_active_response_body['fhirUser'] = user_claims['fhirUser'] if user_claims['fhirUser'].present?
+        end
+        
+        introspection_active_response_body
+      end
+    end 
+  end
+end

data/lib/smart_app_launch/endpoints/mock_smart_server/smart_token_response_creation.rb

@@ -0,0 +1,250 @@
+require_relative '../../tags'
+require_relative '../mock_smart_server'
+require_relative '../../client_suite/oidc_jwks'
+
+module SMARTAppLaunch
+  module MockSMARTServer
+    module SMARTTokenResponseCreation 
+      def make_smart_authorization_code_token_response(smart_authentication_approach)
+        authorization_code = request.params[:code]
+        client_id = MockSMARTServer.issued_token_to_client_id(authorization_code)
+        return unless authenticated?(client_id, smart_authentication_approach)
+
+        if MockSMARTServer.token_expired?(authorization_code)
+          MockSMARTServer.update_response_for_expired_token(response, 'Authorization code')
+          return
+        end
+
+        authorization_request = MockSMARTServer.authorization_request_for_code(authorization_code,
+                                                                               test_run.test_session_id)
+        if authorization_request.blank?
+          MockSMARTServer.update_response_for_error(
+            response,
+            "no authorization request found for code #{authorization_code}"
+          )
+          return
+        end
+        auth_code_request_inputs = MockSMARTServer.authorization_code_request_details(authorization_request)
+        if auth_code_request_inputs.blank?
+          MockSMARTServer.update_response_for_error(
+            response,
+            'invalid authorization request details'
+          )
+          return
+        end
+ 
+        return if request.params[:code_verifier].present? && !smart_pkce_valid?(auth_code_request_inputs)
+
+        exp_min = 60
+        response_body = {
+          access_token: MockSMARTServer.client_id_to_token(client_id, exp_min),
+          token_type: 'Bearer',
+          expires_in: 60 * exp_min,
+          scope: auth_code_request_inputs['scope']
+        }
+
+        launch_context =
+          begin
+            input_string = JSON.parse(result.input_json)&.find do |input|
+              input['name'] == 'launch_context'
+            end&.dig('value')
+            JSON.parse(input_string) if input_string.present?
+          rescue JSON::ParserError
+            nil
+          end
+        additional_context = smart_requested_scope_context(auth_code_request_inputs['scope'], authorization_code, 
+                                                           launch_context)
+
+        response.body = additional_context.merge(response_body).to_json # response body values take priority
+        response.headers['Cache-Control'] = 'no-store'
+        response.headers['Pragma'] = 'no-cache'
+        response.headers['Access-Control-Allow-Origin'] = '*'
+        response.content_type = 'application/json'
+        response.status = 200
+      end
+
+      def make_smart_refresh_token_response(smart_authentication_approach)
+        refresh_token = request.params[:refresh_token]
+        authorization_code = MockSMARTServer.refresh_token_to_authorization_code(refresh_token)
+        client_id = MockSMARTServer.issued_token_to_client_id(authorization_code)
+        return unless authenticated?(client_id, smart_authentication_approach)
+
+        # no expiration checks for refresh tokens
+
+        authorization_request = MockSMARTServer.authorization_request_for_code(authorization_code,
+                                                                               test_run.test_session_id)
+        if authorization_request.blank?
+          MockSMARTServer.update_response_for_error(
+            response,
+            "no authorization request found for refresh token #{refresh_token}"
+          )
+          return
+        end
+        auth_code_request_inputs = MockSMARTServer.authorization_code_request_details(authorization_request)
+        if auth_code_request_inputs.blank?
+          MockSMARTServer.update_response_for_error(
+            response,
+            'invalid authorization request details'
+          )
+          return
+        end
+
+        exp_min = 60
+        response_body = {
+          access_token: MockSMARTServer.client_id_to_token(client_id, exp_min),
+          token_type: 'Bearer',
+          expires_in: 60 * exp_min,
+          scope: request.params[:scope].present? ? request.params[:scope] : auth_code_request_inputs['scope']
+        }
+
+        launch_context =
+          begin
+            input_string = JSON.parse(result.input_json)&.find do |input|
+              input['name'] == 'launch_context'
+            end&.dig('value')
+            JSON.parse(input_string) if input_string.present?
+          rescue JSON::ParserError
+            nil
+          end
+        additional_context = smart_requested_scope_context(auth_code_request_inputs['scope'], authorization_code,
+                                                           launch_context)
+
+        response.body = additional_context.merge(response_body).to_json # response body values take priority
+        response.headers['Cache-Control'] = 'no-store'
+        response.headers['Pragma'] = 'no-cache'
+        response.headers['Access-Control-Allow-Origin'] = '*'
+        response.content_type = 'application/json'
+        response.status = 200
+      end
+
+      def make_smart_client_credential_token_response
+        assertion = request.params[:client_assertion]
+        client_id = MockSMARTServer.client_id_from_client_assertion(assertion)
+
+        # by loading from DB rather than result inputs don't have to be associated with specific tests
+        # e.g., key set input present on registration and auth checks, not during wait tests
+        key_set_input = Inferno::Repositories::SessionData.new.load( 
+          test_session_id: result.test_session_id, name: 'smart_jwk_set'
+        )
+        return unless confidential_asymmetric_authenticated?(key_set_input)
+
+        exp_min = 60
+        response_body = {
+          access_token: MockSMARTServer.client_id_to_token(client_id, exp_min),
+          token_type: 'Bearer',
+          expires_in: 60 * exp_min,
+          scope: request.params[:scope]
+        }
+
+        response.body = response_body.to_json
+        response.headers['Cache-Control'] = 'no-store'
+        response.headers['Pragma'] = 'no-cache'
+        response.headers['Access-Control-Allow-Origin'] = '*'
+        response.content_type = 'application/json'
+        response.status = 200
+      end
+
+      def smart_requested_scope_context(requested_scopes, authorization_code, launch_context)
+        context = launch_context.present? ? launch_context : {}
+        scopes_list = requested_scopes&.split || []
+
+        if scopes_list.include?('offline_access') || scopes_list.include?('online_access')
+          context[:refresh_token] = MockSMARTServer.authorization_code_to_refresh_token(authorization_code)
+        end
+
+        context[:id_token] = smart_construct_id_token(scopes_list.include?('fhirUser')) if scopes_list.include?('openid')
+
+        context
+      end
+
+      def smart_construct_id_token(include_fhir_user)
+        client_id = JSON.parse(result.input_json)&.find do |input|
+          input['name'] == 'client_id'
+        end&.dig('value')
+        fhir_user_relative_reference = JSON.parse(result.input_json)&.find do |input|
+          input['name'] == 'fhir_user_relative_reference'
+        end&.dig('value')
+        # TODO: how to generate the id - is this ok?
+        subject_id = if fhir_user_relative_reference.present?
+                      fhir_user_relative_reference.downcase.gsub('/', '-')
+                    else
+                      SecureRandom.uuid
+                    end
+
+        claims = {
+          iss: client_fhir_base_url,
+          sub: subject_id,
+          aud: client_id,
+          exp: 1.year.from_now.to_i,
+          iat: Time.now.to_i
+        }
+        if include_fhir_user && fhir_user_relative_reference.present?
+          claims[:fhirUser] = "#{client_fhir_base_url}/#{fhir_user_relative_reference}"
+        end
+
+        algorithm = 'RS256'
+        private_key = OIDCJWKS.jwks
+          .select { |key| key[:key_ops]&.include?('sign') }
+          .select { |key| key[:alg] == algorithm }
+          .first
+
+        JWT.encode claims, private_key.signing_key, algorithm, { alg: algorithm, kid: private_key.kid, typ: 'JWT' }
+      end
+
+      def smart_pkce_valid?(auth_code_request_inputs)
+        verifier = request.params[:code_verifier]
+        challenge = auth_code_request_inputs&.dig('code_challenge')
+        method = auth_code_request_inputs&.dig('code_challenge_method')
+        MockSMARTServer.pkce_valid?(verifier, challenge, method, response)
+      end
+
+      def authenticated?(client_id, smart_authentication_approach)
+        case smart_authentication_approach
+        when CONFIDENTIAL_ASYMMETRIC_TAG
+          key_set_input = Inferno::Repositories::SessionData.new.load( 
+            test_session_id: result.test_session_id, name: 'smart_jwk_set'
+          )
+          return confidential_asymmetric_authenticated?(key_set_input)
+        when CONFIDENTIAL_SYMMETRIC_TAG
+          client_secret_input = Inferno::Repositories::SessionData.new.load( 
+            test_session_id: result.test_session_id, name: 'smart_client_secret'
+          )
+          return confidential_symmetric_authenticated?(client_id, client_secret_input)
+        when PUBLIC_TAG
+          return true
+        end
+      end
+  
+      def confidential_asymmetric_authenticated?(jwks)
+        assertion = request.params[:client_assertion]
+        if assertion.blank?
+          MockSMARTServer.update_response_for_error(
+            response, 
+            'client_assertion missing from confidential asymmetric client request'
+          )
+          return false
+        end
+  
+        signature_error = MockSMARTServer.smart_assertion_signature_verification(assertion, jwks)
+  
+        if signature_error.present?
+          MockSMARTServer.update_response_for_error(response, signature_error)
+          return  false
+        end
+        
+        true
+      end
+  
+      def confidential_symmetric_authenticated?(client_id, client_secret)
+        auth_header_value = request.headers['authorization']
+        error = MockSMARTServer.confidential_symmetric_header_value_error(auth_header_value, client_id, client_secret)
+        if error.present?
+          MockSMARTServer.update_response_for_error(response, error)
+          return false
+        end
+        
+        true
+      end  
+    end 
+  end
+end

data/lib/smart_app_launch/endpoints/mock_smart_server/token_endpoint.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+require_relative '../../tags'
+require_relative '../mock_smart_server'
+require_relative 'smart_token_response_creation'
+
+module SMARTAppLaunch
+  module MockSMARTServer
+    class TokenEndpoint < Inferno::DSL::SuiteEndpoint
+      include URLs
+      include SMARTTokenResponseCreation
+
+      def test_run_identifier
+        case request.params[:grant_type]
+        when CLIENT_CREDENTIALS_TAG
+          MockSMARTServer.client_id_from_client_assertion(request.params[:client_assertion])
+        when AUTHORIZATION_CODE_TAG
+          MockSMARTServer.issued_token_to_client_id(request.params[:code])
+        when REFRESH_TOKEN_TAG
+          MockSMARTServer.issued_token_to_client_id(
+            MockSMARTServer.refresh_token_to_authorization_code(request.params[:refresh_token])
+          )
+        end
+      end
+
+      def make_response
+        return make_smart_client_credential_token_response if request.params[:grant_type] == CLIENT_CREDENTIALS_TAG
+        
+        suite_options_list = Inferno::Repositories::TestSessions.new.find(result.test_session_id)&.suite_options
+        suite_options_hash = suite_options_list&.map { |option| [option.id, option.value] }&.to_h
+        smart_authentication_approach = SMARTClientOptions.smart_authentication_approach(suite_options_hash)
+        
+        case request.params[:grant_type]
+        when AUTHORIZATION_CODE_TAG
+          make_smart_authorization_code_token_response(smart_authentication_approach)
+        when REFRESH_TOKEN_TAG
+          make_smart_refresh_token_response(smart_authentication_approach)
+        else
+          MockSMARTServer.update_response_for_error(
+            response,
+            "unsupported grant_type: #{request.params[:grant_type]}"
+          )
+        end
+      end
+
+      def update_result
+        nil # never update for now
+      end
+
+      def tags
+        tags = [TOKEN_TAG, SMART_TAG]
+        if [CLIENT_CREDENTIALS_TAG, AUTHORIZATION_CODE_TAG, REFRESH_TOKEN_TAG].include?(request.params[:grant_type])
+          tags << request.params[:grant_type]
+        end
+        tags
+      end    
+    end
+  end
+end

data/lib/smart_app_launch/endpoints/mock_smart_server.rb

@@ -1,12 +1,15 @@
 require 'jwt'
 require 'faraday'
 require 'time'
+require 'base64'
+require 'rack/utils'
 require_relative '../urls'
 require_relative '../tags'
+require_relative '../client_suite/client_options'
 
 module SMARTAppLaunch
   module MockSMARTServer
-    SUPPORTED_SCOPES = ['openid', 'system/*.read', 'user/*.read', 'patient/*.read'].freeze
+    SUPPORTED_SCOPES = ['system/*.read', 'user/*.read', 'patient/*.read'].freeze
 
     module_function
 
@@ -14,81 +17,45 @@ module SMARTAppLaunch
       base_url = "#{Inferno::Application['base_url']}/custom/#{suite_id}"
       response_body = {
         token_endpoint_auth_signing_alg_values_supported: ['RS384', 'ES384'],
-        capabilities: ['client-confidential-asymmetric'],
+        capabilities: ['client-confidential-asymmetric', 'launch-ehr' ,'launch-standalone', 'authorize-post',
+                       'client-public', 'client-confidential-symmetric', 'permission-offline', 'permission-online',
+                       'permission-patient', 'permission-user', 'permission-v1', 'permission-v2',
+                       'context-ehr-patient', 'context-ehr-encounter', 
+                       'context-standalone-patient', 'context-standalone-encounter',
+                       'context-banner', 'context-style'],
         code_challenge_methods_supported: ['S256'],
-        token_endpoint_auth_methods_supported: ['private_key_jwt'],
+        token_endpoint_auth_methods_supported: ['private_key_jwt', 'client_secret_basic', 'client_secret_post'],
         issuer: base_url + FHIR_PATH,
-        grant_types_supported: ['client_credentials'],
+        grant_types_supported: ['client_credentials', 'authorization_code'],
         scopes_supported: SUPPORTED_SCOPES,
-        token_endpoint: base_url + TOKEN_PATH
+        authorization_endpoint: base_url + AUTHORIZATION_PATH,
+        token_endpoint: base_url + TOKEN_PATH,
+        introspection_endpoint: base_url + INTROSPECTION_PATH
       }.to_json
 
       [200, { 'Content-Type' => 'application/json', 'Access-Control-Allow-Origin' => '*' }, [response_body]]
     end
 
-    def make_smart_token_response(request, response, result)
-      assertion = request.params[:client_assertion]
-      client_id = client_id_from_client_assertion(assertion)
-
-      key_set_input = JSON.parse(result.input_json)&.find do |input|
-        input['name'] == 'smart_jwk_set'
-      end&.dig('value')
-      signature_error = smart_assertion_signature_verification(assertion, key_set_input)
-
-      if signature_error.present?
-        update_response_for_invalid_assertion(response, signature_error)
-        return
-      end
-
-      exp_min = 60
+    def openid_connect_metadata(suite_id)
+      base_url = "#{Inferno::Application['base_url']}/custom/#{suite_id}"
       response_body = {
-        access_token: client_id_to_token(client_id, exp_min),
-        token_type: 'Bearer',
-        expires_in: 60 * exp_min,
-        scope: request.params[:scope]
-      }
+        issuer: base_url + FHIR_PATH,
+        authorization_endpoint: base_url + AUTHORIZATION_PATH,
+        token_endpoint: base_url + TOKEN_PATH,
+        jwks_uri: base_url + OIDC_JWKS_PATH,
+        response_types_supported: ['code', 'id_token', 'token id_token'],
+        subject_types_supported: ['pairwise', 'public'],
+        id_token_signing_alg_values_supported: ['RS256']
+      }.to_json
 
-      response.body = response_body.to_json
-      response.headers['Cache-Control'] = 'no-store'
-      response.headers['Pragma'] = 'no-cache'
-      response.headers['Access-Control-Allow-Origin'] = '*'
-      response.content_type = 'application/json'
-      response.status = 200
+      [200, { 'Content-Type' => 'application/json', 'Access-Control-Allow-Origin' => '*' }, [response_body]]
     end
 
     def client_id_from_client_assertion(client_assertion_jwt)
       return unless client_assertion_jwt.present?
 
-      jwt_claims(client_assertion_jwt)&.dig('iss')
-    end
-
-    def parsed_request_body(request)
-      JSON.parse(request.request_body)
-    rescue JSON::ParserError
-      nil
-    end
-
-    def parsed_io_body(request)
-      parsed_body = begin
-        JSON.parse(request.body.read)
-      rescue JSON::ParserError
-        nil
-      end
-      request.body.rewind
-
-      parsed_body
-    end
-
-    def jwt_claims(encoded_jwt)
-      JWT.decode(encoded_jwt, nil, false)[0]
-    end
-
-    def client_uri_to_client_id(client_uri)
-      Base64.urlsafe_encode64(client_uri, padding: false)
-    end
-
-    def client_id_to_client_uri(client_id)
-      Base64.urlsafe_decode64(client_id)
+      claims, _header = JWT.decode(client_assertion_jwt, nil, false)[0]
+      claims&.dig('iss')
     end
 
     def client_id_to_token(client_id, exp_min)
@@ -102,15 +69,35 @@ module SMARTAppLaunch
     end
 
     def decode_token(token)
-      JSON.parse(Base64.urlsafe_decode64(token))
-    rescue JSON::ParserError
+      token_to_decode = 
+        if issued_token_is_refresh_token(token)
+          refresh_token_to_authorization_code(token)
+        else
+          token
+        end
+      return unless token_to_decode.present?
+      
+      JSON.parse(Base64.urlsafe_decode64(token_to_decode))
+    rescue StandardError
       nil
     end
 
-    def token_to_client_id(token)
+    def issued_token_to_client_id(token)
       decode_token(token)&.dig('client_id')
     end
 
+    def issued_token_is_refresh_token(token)
+      token.end_with?('_rt')
+    end
+
+    def authorization_code_to_refresh_token(code)
+      "#{code}_rt"
+    end
+
+    def refresh_token_to_authorization_code(refresh_token)
+      refresh_token[..-4]
+    end
+
     def jwk_set(jku, warning_messages = []) # rubocop:disable Metrics/CyclomaticComplexity
       jwk_set = JWT::JWK::Set.new
 
@@ -132,7 +119,7 @@ module SMARTAppLaunch
           begin
             JSON.parse(retrieved.body)
           rescue JSON::ParserError
-            warning_messages << "Failed to fetch valid json from jwks uri #{jwk_set}."
+            warning_messages << "Failed to fetch valid json from jwks uri #{jku}."
             nil
           end
       else
@@ -160,18 +147,23 @@ module SMARTAppLaunch
       return false if request.params[:session_path].present?
 
       token = request.headers['authorization']&.delete_prefix('Bearer ')
+      token_expired?(token)
+    end
+
+    def token_expired?(token, check_time = nil)
       decoded_token = decode_token(token)
       return false unless decoded_token&.dig('expiration').present?
 
-      decoded_token['expiration'] < Time.now.to_i
+      check_time = Time.now.to_i unless check_time.present?
+      decoded_token['expiration'] < check_time
     end
 
-    def update_response_for_expired_token(response)
+    def update_response_for_expired_token(response, type)
       response.status = 401
       response.format = :json
       response.body = FHIR::OperationOutcome.new(
         issue: FHIR::OperationOutcome::Issue.new(severity: 'fatal', code: 'expired',
-                                                 details: FHIR::CodeableConcept.new(text: 'Bearer token has expired'))
+                                                 details: FHIR::CodeableConcept.new(text: "#{type} has expired"))
       ).to_json
     end
 
@@ -208,10 +200,79 @@ module SMARTAppLaunch
       parsed_key_set&.find { |key| key.kid == kid }
     end
 
-    def update_response_for_invalid_assertion(response, error_message)
+    def update_response_for_error(response, error_message)
       response.status = 401
       response.format = :json
       response.body = { error: 'invalid_client', error_description: error_message }.to_json
     end
+
+    def confidential_symmetric_header_value_error(authorization_header_value, client_id, client_secret)
+      unless authorization_header_value.present?
+        return 'authorization header missing from confidential symmetric client request'
+      end
+      unless authorization_header_value.start_with?('Basic ')
+        return 'authorization header for confidential symmetric client request does not use Basic auth'
+      end
+      
+      client_and_secret = 
+        begin
+          Base64.strict_decode64(authorization_header_value.delete_prefix('Basic '))
+        rescue
+          return 'Basic authorization header could not be decoded'
+        end
+      expected_client_and_secret = "#{client_id}:#{client_secret}"
+      unless client_and_secret == expected_client_and_secret
+        return 'basic authorization header has the wrong decoded value - ' \
+               "expected '#{expected_client_and_secret}', got '#{client_and_secret}'"
+      end
+
+      nil
+    end
+
+    def pkce_error(verifier, challenge, method)
+      if verifier.blank?
+        'pkce check failed: no verifier provided'
+      elsif challenge.blank?
+        'pkce check failed: no challenge code provided'
+      elsif method == 'S256'
+        return nil unless challenge != AppRedirectTest.calculate_s256_challenge(verifier)
+
+        "invalid S256 pkce verifier: got '#{AppRedirectTest.calculate_s256_challenge(verifier)}' " \
+          "expected '#{challenge}'"
+      else
+        "invalid pkce challenge method '#{method}'"
+      end
+    end
+
+    def pkce_valid?(verifier, challenge, method, response)
+      pkce_error = pkce_error(verifier, challenge, method)
+
+      if pkce_error.present?
+        update_response_for_error(response, pkce_error)
+        false
+      else
+        true
+      end
+    end
+
+    def authorization_request_for_code(code, test_session_id)
+      authorization_requests = Inferno::Repositories::Requests.new.tagged_requests(test_session_id, [AUTHORIZATION_TAG])
+      authorization_requests.find do |request|
+        location_header = request.response_headers.find { |header| header.name.downcase == 'location' }
+        if location_header.present? && location_header.value.present?
+          Rack::Utils.parse_query(URI(location_header.value)&.query)&.dig('code') == code
+        else
+          false
+        end
+      end
+    end
+
+    def authorization_code_request_details(inferno_request)
+      if inferno_request.verb.downcase == 'get'
+        Rack::Utils.parse_query(URI(inferno_request.url)&.query)
+      elsif inferno_request.verb.downcase == 'post'
+        Rack::Utils.parse_query(inferno_request.request_body)
+      end
+    end
   end
 end