RubyGems - udap_security_test_kit - Versions diffs - 0.11.4 → 0.11.5 - Mend

udap_security_test_kit 0.11.4 → 0.11.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 93cc168a29a41ac4c22bdcb8a4124aa85c370d3a0ae8ac1851090555ab3a2e8b
-  data.tar.gz: d31eee97042a453fe3ccf6c72c1421309ff4d367eb87ff6d2f3a63a96529041d
+  metadata.gz: 8cd9e461b7c07f1562d3cd0633dad2816f6b9a93b56a4f21d82ed608386e2035
+  data.tar.gz: 636e8a27be86aaca468218ed36f8253e6ede05ef995c8cd28664636944a52b72
 SHA512:
-  metadata.gz: 69293481ba6a4edeca09cf992cd7b7ff97ff380636a43e1d40cb6dd2610711bb1feac263cdf887fbb7e74e8c72ed15329335b8d3b4fdd3a4d3ed1f3f73341eef
-  data.tar.gz: 90878299bfb40e53ad43ff65144d008f3793a1654c8f61ff3dd24a4a8cb6f3dcef11c092cac49ccdadb7dec165ed20134213cc56a566b8e78792e0b83c6ca872
+  metadata.gz: 8f6b32492245d75331ca03fa96a6fcd3169894e6cb09788a2e07cd851f40fcdb776133c91488e806e663e0166042e0f361ddcd59e350664c1b2ecfce316513ef
+  data.tar.gz: 4b6f85396f9dd0b4918672756471a9690f56e8b0161bd6b097baa0317728bb8491c0629792b5255dc2c25f092cfc61f0ee368ab110ca45fadf21614a8d1a3834

data/lib/udap_security_test_kit/client_suite.rb CHANGED Viewed

@@ -1,6 +1,7 @@
 require_relative 'endpoints/mock_udap_server/registration_endpoint'
 require_relative 'endpoints/mock_udap_server/authorization_endpoint'
 require_relative 'endpoints/mock_udap_server/token_endpoint'
+require_relative 'endpoints/mock_udap_server/introspection_endpoint'
 require_relative 'endpoints/echoing_fhir_responder_endpoint'
 require_relative 'urls'
 require_relative 'client_suite/registration_ac_group'
@@ -61,6 +62,7 @@ module UDAPSecurityTestKit
     suite_endpoint :post, REGISTRATION_PATH, MockUDAPServer::RegistrationEndpoint
     suite_endpoint :get, AUTHORIZATION_PATH, MockUDAPServer::AuthorizationEndpoint
     suite_endpoint :post, AUTHORIZATION_PATH, MockUDAPServer::AuthorizationEndpoint
+    suite_endpoint :post, INTROSPECTION_PATH, MockUDAPServer::IntrospectionEndpoint
     suite_endpoint :post, TOKEN_PATH, MockUDAPServer::TokenEndpoint
     suite_endpoint :get, FHIR_PATH, EchoingFHIRResponderEndpoint
     suite_endpoint :post, FHIR_PATH, EchoingFHIRResponderEndpoint

data/lib/udap_security_test_kit/endpoints/mock_udap_server/introspection_endpoint.rb ADDED Viewed

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+require_relative '../../tags'
+require_relative '../mock_udap_server'
+require_relative 'udap_introspection_response_creation'
+module UDAPSecurityTestKit
+  module MockUDAPServer
+    class IntrospectionEndpoint < Inferno::DSL::SuiteEndpoint
+      include UDAPIntrospectionResponseCreation
+      def test_run_identifier
+        MockUDAPServer.issued_token_to_client_id(request.params[:token])
+      end
+      def make_response
+        response.body = make_udap_introspection_response.to_json
+        response.headers['Cache-Control'] = 'no-store'
+        response.headers['Pragma'] = 'no-cache'
+        response.headers['Access-Control-Allow-Origin'] = '*'
+        response.content_type = 'application/json'
+        response.status = 200
+      end
+      def update_result
+        nil # never update for now
+      end
+      def tags
+        [INTROSPECTION_TAG, UDAP_TAG]
+      end
+    end
+  end
+end

data/lib/udap_security_test_kit/endpoints/mock_udap_server/udap_introspection_response_creation.rb ADDED Viewed

@@ -0,0 +1,71 @@
+require_relative '../../tags'
+require_relative '../mock_udap_server'
+module UDAPSecurityTestKit
+  module MockUDAPServer
+    module UDAPIntrospectionResponseCreation
+      def make_udap_introspection_response # rubocop:disable Metrics/CyclomaticComplexity
+        target_token = request.params[:token]
+        introspection_inactive_response_body = { active: false }
+        return introspection_inactive_response_body if MockUDAPServer.token_expired?(target_token)
+        token_requests = Inferno::Repositories::Requests.new.tagged_requests(test_run.test_session_id, [TOKEN_TAG])
+        original_response_body = nil
+        original_token_request = token_requests.find do |request|
+          next unless request.status == 200
+          original_response_body = JSON.parse(request.response_body)
+          original_response_body['access_token'] == target_token
+        end
+        return introspection_inactive_response_body unless original_token_request.present?
+        decoded_token = MockUDAPServer.decode_token(target_token)
+        introspection_active_response_body = {
+          active: true,
+          client_id: decoded_token['client_id'],
+          exp: decoded_token['expiration']
+        }
+        original_response_body.each do |element, value|
+          next if ['access_token', 'refresh_token', 'token_type', 'expires_in'].include?(element)
+          next if introspection_active_response_body.key?(element)
+          introspection_active_response_body[element] = value
+        end
+        unless introspection_active_response_body.key?('scope')
+          introspection_active_response_body['scope'] = requested_scope(original_token_request)
+        end
+        if original_response_body.key?('id_token')
+          user_claims, _header = JWT.decode(original_response_body['id_token'], nil, false)
+          introspection_active_response_body['iss'] = user_claims['iss']
+          introspection_active_response_body['sub'] = user_claims['sub']
+          introspection_active_response_body['fhirUser'] = user_claims['fhirUser'] if user_claims['fhirUser'].present?
+        end
+        introspection_active_response_body
+      end
+      def requested_scope(token_request)
+        # token request
+        original_request_body = Rack::Utils.parse_query(token_request.request_body)
+        return original_request_body['scope'] if original_request_body['scope'].present?
+        # authorization request
+        authorization_request = MockUDAPServer.authorization_request_for_code(original_request_body['code'],
+                                                                              test_run.test_session_id)
+        auth_code_request_inputs = MockUDAPServer.authorization_code_request_details(authorization_request)
+        return auth_code_request_inputs['scope'] if auth_code_request_inputs&.dig('scope').present?
+        # registration request
+        # not looking in registration response since the simulation currently echoes the requested scopes
+        registered_software_statement = MockUDAPServer.udap_registration_software_statement(test_run.test_session_id)
+        if registered_software_statement.present?
+          registration_body, _registration_header = JWT.decode(registered_software_statement, nil, false)
+          return registration_body['scope'] if registration_body['scope'].present?
+        end
+        nil
+      end
+    end
+  end
+end

data/lib/udap_security_test_kit/endpoints/mock_udap_server.rb CHANGED Viewed

@@ -29,6 +29,7 @@ module UDAPSecurityTestKit
         token_endpoint: base_url + TOKEN_PATH,
         token_endpoint_auth_methods_supported: ['private_key_jwt'],
         token_endpoint_auth_signing_alg_values_supported: ['RS256', 'RS384', 'ES384'],
+        introspection_endpoint: base_url + INTROSPECTION_PATH,
         signed_metadata: udap_signed_metadata_jwt(base_url)
       }.to_json
@@ -165,8 +166,8 @@ module UDAPSecurityTestKit
         end
       return unless token_to_decode.present?
-      JSON.parse(Base64.urlsafe_decode64(token))
-    rescue JSON::ParserError
+      JSON.parse(Base64.urlsafe_decode64(token_to_decode))
+    rescue StandardError
       nil
     end
@@ -206,7 +207,7 @@ module UDAPSecurityTestKit
       response.format = :json
       response.body = FHIR::OperationOutcome.new(
         issue: FHIR::OperationOutcome::Issue.new(severity: 'fatal', code: 'expired',
-                                                 details: FHIR::CodeableConcept.new(text: "#{type}has expired"))
+                                                 details: FHIR::CodeableConcept.new(text: "#{type} has expired"))
       ).to_json
     end
@@ -372,6 +373,8 @@ module UDAPSecurityTestKit
     end
     def authorization_code_request_details(inferno_request)
+      return unless inferno_request.present?
       if inferno_request.verb.downcase == 'get'
         Rack::Utils.parse_query(URI(inferno_request.url)&.query)
       elsif inferno_request.verb.downcase == 'post'

data/lib/udap_security_test_kit/tags.rb CHANGED Viewed

@@ -3,6 +3,7 @@
 module UDAPSecurityTestKit
   REGISTRATION_TAG = 'registration'
   AUTHORIZATION_TAG = 'authorization'
+  INTROSPECTION_TAG = 'introspection'
   TOKEN_TAG = 'token'
   UDAP_TAG = 'udap'
   ACCESS_TAG = 'access'

data/lib/udap_security_test_kit/urls.rb CHANGED Viewed

@@ -8,6 +8,7 @@ module UDAPSecurityTestKit
   AUTH_SERVER_PATH = '/auth'
   REGISTRATION_PATH = "#{AUTH_SERVER_PATH}/register".freeze
   AUTHORIZATION_PATH = "#{AUTH_SERVER_PATH}/authorization".freeze
+  INTROSPECTION_PATH = "#{AUTH_SERVER_PATH}/introspect".freeze
   TOKEN_PATH = "#{AUTH_SERVER_PATH}/token".freeze
   RESUME_PASS_PATH = '/resume_pass'
   RESUME_FAIL_PATH = '/resume_fail'
@@ -41,6 +42,10 @@ module UDAPSecurityTestKit
       @client_authorization_url ||= client_base_url + AUTHORIZATION_PATH
     end
+    def client_introspection_url
+      @client_introspection_url ||= client_base_url + INTROSPECTION_PATH
+    end
     def client_token_url
       @client_token_url ||= client_base_url + TOKEN_PATH
     end

data/lib/udap_security_test_kit/version.rb CHANGED Viewed

@@ -1,4 +1,4 @@
 module UDAPSecurityTestKit
-  VERSION = '0.11.4'.freeze
-  LAST_UPDATED = '2025-05-02'.freeze
+  VERSION = '0.11.5'.freeze
+  LAST_UPDATED = '2025-05-14'.freeze
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: udap_security_test_kit
 version: !ruby/object:Gem::Version
-  version: 0.11.4
+  version: 0.11.5
 platform: ruby
 authors:
 - Stephen MacVicar
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-05-02 00:00:00.000000000 Z
+date: 2025-05-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: inferno_core
@@ -93,9 +93,11 @@ files:
 - lib/udap_security_test_kit/endpoints/echoing_fhir_responder_endpoint.rb
 - lib/udap_security_test_kit/endpoints/mock_udap_server.rb
 - lib/udap_security_test_kit/endpoints/mock_udap_server/authorization_endpoint.rb
+- lib/udap_security_test_kit/endpoints/mock_udap_server/introspection_endpoint.rb
 - lib/udap_security_test_kit/endpoints/mock_udap_server/registration_endpoint.rb
 - lib/udap_security_test_kit/endpoints/mock_udap_server/token_endpoint.rb
 - lib/udap_security_test_kit/endpoints/mock_udap_server/udap_authorization_response_creation.rb
+- lib/udap_security_test_kit/endpoints/mock_udap_server/udap_introspection_response_creation.rb
 - lib/udap_security_test_kit/endpoints/mock_udap_server/udap_registration_response_creation.rb
 - lib/udap_security_test_kit/endpoints/mock_udap_server/udap_token_response_creation.rb
 - lib/udap_security_test_kit/grant_types_supported_field_test.rb