RubyGems - udap_security_test_kit - Versions diffs - 0.11.6 → 0.12.0 - Mend

udap_security_test_kit 0.11.6 → 0.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (79) hide show

data/lib/udap_security_test_kit/visual_inspection_and_attestation/server/error_handling_group/invalid_id_token_test.rb ADDED Viewed

@@ -0,0 +1,43 @@
+module UDAPSecurityTestKit
+  class InvalidIDTokenErrorAttestationTest < Inferno::Test
+    title 'Handles invalid ID token error correctly'
+    id :udap_security_invalid_id_token_error
+    description %(
+      Data Holder either returns an `invalid_idp` error code or attempts alternate authentication when the IdP
+      does not return an ID Token or validation fails.
+    )
+    verifies_requirements 'hl7.fhir.us.udap-security_1.0.0@291'
+    input :invalid_id_token_error_handling_correct,
+          title: 'Error Handling: Handles invalid ID token error correctly',
+          description: %(
+            I attest that the Data Holder either returns an `invalid_idp` error code or attempts alternate
+            authentication when the IdP does not return an ID Token or validation fails.
+          ),
+          type: 'radio',
+          default: 'false',
+          options: {
+            list_options: [
+              {
+                label: 'Yes',
+                value: 'true'
+              },
+              {
+                label: 'No',
+                value: 'false'
+              }
+            ]
+          }
+    input :invalid_id_token_error_handling_note,
+          title: 'Notes, if applicable:',
+          type: 'textarea',
+          optional: true
+    run do
+      assert invalid_id_token_error_handling_correct == 'true',
+             'Data Holder does not return an `invalid_idp` error code or attempt alternate authentication
+              when the IdP does not return an ID Token or validation fails.'
+      pass invalid_id_token_error_handling_note if invalid_id_token_error_handling_note.present?
+    end
+  end
+end

data/lib/udap_security_test_kit/visual_inspection_and_attestation/server/error_handling_group/invalid_idp_test.rb ADDED Viewed

@@ -0,0 +1,39 @@
+module UDAPSecurityTestKit
+  class InvalidIdpErrorAttestationTest < Inferno::Test
+    title 'Handles invalid_idp error correctly'
+    id :udap_security_invalid_idp_error
+    description %(
+      Data Holder returns an error response with the `invalid_idp` extension error code
+      when the IdP is rejected, as per
+      [Section 4.1.2.1 of RFC 6749](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1).
+    )
+    verifies_requirements 'hl7.fhir.us.udap-security_1.0.0@241'
+    input :invalid_idp_error_handling_correct,
+          title: 'Error Handling: Handles invalid_idp error correctly',
+          description: %(
+            I attest that the Data Holder returns an error response with the `invalid_idp`
+            extension error code when the IdP is rejected, as per
+            [Section 4.1.2.1 of RFC 6749](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1).
+          ),
+          type: 'radio',
+          default: 'false',
+          options: {
+            list_options: [
+              { label: 'Yes', value: 'true' },
+              { label: 'No', value: 'false' }
+            ]
+          }
+    input :invalid_idp_error_handling_note,
+          title: 'Notes, if applicable:',
+          type: 'textarea',
+          optional: true
+    run do
+      assert invalid_idp_error_handling_correct == 'true',
+             'Data Holder does not return an error response with the `invalid_idp` extension error code when the
+              IdP is rejected.'
+      pass invalid_idp_error_handling_note if invalid_idp_error_handling_note.present?
+    end
+  end
+end

data/lib/udap_security_test_kit/visual_inspection_and_attestation/server/error_handling_group/invalid_redirection_uri_test.rb ADDED Viewed

@@ -0,0 +1,43 @@
+module UDAPSecurityTestKit
+  class InvalidRedirectionURIAttestationTest < Inferno::Test
+    title 'Handles invalid redirection URI correctly'
+    id :udap_security_invalid_redirection_uri
+    description %(
+      The Authorization Server does NOT redirect the user-agent to an invalid redirection URI when the request
+      fails due to a missing or invalid redirection URI.
+    )
+    verifies_requirements 'hl7.fhir.us.udap-security_1.0.0@242'
+    input :invalid_redirection_uri_handling_correct,
+          title: 'Error Handling: Handles Invalid redirection URI correctly',
+          description: %(
+            I attest that the Authorization Server does NOT redirect the user-agent to an invalid redirection
+            URI when the request fails due to a missing or invalid redirection URI.
+          ),
+          type: 'radio',
+          default: 'false',
+          options: {
+            list_options: [
+              {
+                label: 'Yes',
+                value: 'true'
+              },
+              {
+                label: 'No',
+                value: 'false'
+              }
+            ]
+          }
+    input :invalid_redirection_uri_handling_note,
+          title: 'Notes, if applicable:',
+          type: 'textarea',
+          optional: true
+    run do
+      assert invalid_redirection_uri_handling_correct == 'true',
+             'Authorization Server redirects the user-agent to an invalid redirection URI when the
+              request fails due to a missing or invalid URI.'
+      pass invalid_redirection_uri_handling_note if invalid_redirection_uri_handling_note.present?
+    end
+  end
+end

data/lib/udap_security_test_kit/visual_inspection_and_attestation/server/error_handling_group/prompt_none_test.rb ADDED Viewed

@@ -0,0 +1,39 @@
+module UDAPSecurityTestKit
+  class PromptNoneErrorAttestationTest < Inferno::Test
+    title 'Returns error for prompt=none when user not authenticated'
+    id :udap_security_prompt_none_error
+    description %(
+      Authorization Server returns an error if the authentication request contains prompt=none
+      and the End-User is not already authenticated or could not be silently authenticated.
+    )
+    verifies_requirements 'hl7.fhir.us.udap-security_1.0.0@267',
+                          'hl7.fhir.us.udap-security_1.0.0@268'
+    input :prompt_none_error_handling_correct,
+          title: 'Error Handling: Returns error for prompt=none when user not authenticated',
+          description: %(
+            I attest that the Authorization Server returns an error if the authentication
+            request contains prompt=none and the End-User is not already authenticated or
+            could not be silently authenticated.
+          ),
+          type: 'radio',
+          default: 'false',
+          options: {
+            list_options: [
+              { label: 'Yes', value: 'true' },
+              { label: 'No', value: 'false' }
+            ]
+          }
+    input :prompt_none_error_handling_note,
+          title: 'Notes, if applicable:',
+          type: 'textarea',
+          optional: true
+    run do
+      assert prompt_none_error_handling_correct == 'true',
+             'Authorization Server does not return an error for prompt=none when the End-User
+              is not authenticated or could not be silently authenticated.'
+      pass prompt_none_error_handling_note if prompt_none_error_handling_note.present?
+    end
+  end
+end

data/lib/udap_security_test_kit/visual_inspection_and_attestation/server/error_handling_group/state_mismatch_test.rb ADDED Viewed

@@ -0,0 +1,43 @@
+module UDAPSecurityTestKit
+  class StateMismatchErrorAttestationTest < Inferno::Test
+    title 'Handles state mismatch error correctly'
+    id :udap_security_state_mismatch_error
+    description %(
+      If the `state` parameter does NOT match, the Resource Holder MUST terminate the workflow and redirect with a
+      `server_error`.
+    )
+    verifies_requirements 'hl7.fhir.us.udap-security_1.0.0@271'
+    input :state_mismatch_error_handling_correct,
+          title: 'Error Handling: State mismatch error is handled correctly',
+          description: %(
+            I attest that the Resource Holder terminates the workflow and redirects with a `server_error` when the
+            `state` parameter does NOT match.
+          ),
+          type: 'radio',
+          default: 'false',
+          options: {
+            list_options: [
+              {
+                label: 'Yes',
+                value: 'true'
+              },
+              {
+                label: 'No',
+                value: 'false'
+              }
+            ]
+          }
+    input :state_mismatch_error_handling_note,
+          title: 'Notes, if applicable:',
+          type: 'textarea',
+          optional: true
+    run do
+      assert state_mismatch_error_handling_correct == 'true',
+             'Resource Holder does not terminate the workflow or redirect with a `server_error` when the
+             `state` parameter does NOT match.'
+      pass state_mismatch_error_handling_note if state_mismatch_error_handling_note.present?
+    end
+  end
+end

data/lib/udap_security_test_kit/visual_inspection_and_attestation/server/error_handling_group/unauthenticated_user_test.rb ADDED Viewed

@@ -0,0 +1,42 @@
+module UDAPSecurityTestKit
+  class UnauthenticatedUserErrorAttestationTest < Inferno::Test
+    title 'Handles unauthenticated user error correctly'
+    id :udap_security_unauthenticated_user_error
+    description %(
+      Data Holder returns an `access_denied` error response when it cannot resolve the authenticated user.
+    )
+    verifies_requirements 'hl7.fhir.us.udap-security_1.0.0@296'
+    input :unauthenticated_user_error_handling_correct,
+          title: 'Error Handling: Handles unauthenticated user error correctly',
+          description: %(
+            I attest that the Data Holder returns an `access_denied` error response when it cannot resolve
+            the authenticated user.
+          ),
+          type: 'radio',
+          default: 'false',
+          options: {
+            list_options: [
+              {
+                label: 'Yes',
+                value: 'true'
+              },
+              {
+                label: 'No',
+                value: 'false'
+              }
+            ]
+          }
+    input :unauthenticated_user_error_handling_note,
+          title: 'Notes, if applicable:',
+          type: 'textarea',
+          optional: true
+    run do
+      assert unauthenticated_user_error_handling_correct == 'true',
+             'Data Holder does not return an `access_denied` error response when it cannot resolve the
+              authenticated user.'
+      pass unauthenticated_user_error_handling_note if unauthenticated_user_error_handling_note.present?
+    end
+  end
+end

data/lib/udap_security_test_kit/visual_inspection_and_attestation/server/error_handling_group/valid_state_error_response_test.rb ADDED Viewed

@@ -0,0 +1,43 @@
+module UDAPSecurityTestKit
+  class ValidStateErrorResponseAttestationTest < Inferno::Test
+    title 'Handles valid state error correctly'
+    id :udap_security_valid_state_error_response
+    description %(
+      Resource Holder redirects with an `access_denied` error code when the `state` value is valid
+      on an error response.
+    )
+    verifies_requirements 'hl7.fhir.us.udap-security_1.0.0@273'
+    input :valid_state_error_response_handling_correct,
+          title: 'Error Handling: Handles valid state error correctly',
+          description: %(
+            I attest that the Resource Holder redirects with an `access_denied` error code when the
+            `state` value is valid on an error response.
+          ),
+          type: 'radio',
+          default: 'false',
+          options: {
+            list_options: [
+              {
+                label: 'Yes',
+                value: 'true'
+              },
+              {
+                label: 'No',
+                value: 'false'
+              }
+            ]
+          }
+    input :valid_state_error_response_handling_note,
+          title: 'Notes, if applicable:',
+          type: 'textarea',
+          optional: true
+    run do
+      assert valid_state_error_response_handling_correct == 'true',
+             'Resource Holder does not redirect with an `access_denied` error code when the `state`
+              value is valid on an error response.'
+      pass valid_state_error_response_handling_note if valid_state_error_response_handling_note.present?
+    end
+  end
+end

data/lib/udap_security_test_kit/visual_inspection_and_attestation/server/error_handling_group.rb ADDED Viewed

@@ -0,0 +1,27 @@
+require_relative 'error_handling_group/deny_token_request_test'
+require_relative 'error_handling_group/general_error_response_test'
+require_relative 'error_handling_group/invalid_id_token_test'
+require_relative 'error_handling_group/invalid_idp_test'
+require_relative 'error_handling_group/invalid_redirection_uri_test'
+require_relative 'error_handling_group/prompt_none_test'
+require_relative 'error_handling_group/state_mismatch_test'
+require_relative 'error_handling_group/unauthenticated_user_test'
+require_relative 'error_handling_group/valid_state_error_response_test'
+module UDAPSecurityTestKit
+  class ErrorHandlingAttestationGroup < Inferno::TestGroup
+    id :udap_server_v100_error_handling_group
+    title 'Error Handling'
+    run_as_group
+    test from: :udap_security_invalid_idp_error
+    test from: :udap_security_invalid_id_token_error
+    test from: :udap_security_deny_token_request
+    test from: :udap_security_prompt_none_error
+    test from: :udap_security_invalid_redirection_uri
+    test from: :udap_security_state_mismatch_error
+    test from: :udap_security_unauthenticated_user_error
+    test from: :udap_security_valid_state_error_response
+    :udap_security_general_error_response
+  end
+end

data/lib/udap_security_test_kit/visual_inspection_and_attestation/server/id_token_access_token_validation_group/access_token_validation_test.rb ADDED Viewed

@@ -0,0 +1,47 @@
+module UDAPSecurityTestKit
+  class AccessTokenValidationAttestationTest < Inferno::Test
+    title 'Validates access token correctly'
+    id :udap_security_access_token_validation
+    description %(
+      Data Holder validates the Access Token as per the Access Token validation rules,
+      including:
+      - Verifying the token's integrity.
+      - Checking claims such as `exp` and other relevant attributes.
+    )
+    verifies_requirements 'hl7.fhir.us.udap-security_1.0.0@283',
+                          'hl7.fhir.us.udap-security_1.0.0@290'
+    input :access_token_validation_correct,
+          title: 'ID Token and Access Token Validation: Validates access token correctly',
+          description: %(
+            I attest that the Data Holder validates the Access Token as per the Access Token validation rules,
+            including:
+            - Verifying the token's integrity.
+            - Checking claims such as `exp` and other relevant attributes.
+          ),
+          type: 'radio',
+          default: 'false',
+          options: {
+            list_options: [
+              {
+                label: 'Yes',
+                value: 'true'
+              },
+              {
+                label: 'No',
+                value: 'false'
+              }
+            ]
+          }
+    input :access_token_validation_note,
+          title: 'Notes, if applicable:',
+          type: 'textarea',
+          optional: true
+    run do
+      assert access_token_validation_correct == 'true',
+             'Access Token validation is not implemented correctly as per the Access Token validation rules.'
+      pass access_token_validation_note if access_token_validation_note.present?
+    end
+  end
+end

data/lib/udap_security_test_kit/visual_inspection_and_attestation/server/id_token_access_token_validation_group/id_token_validation_test.rb ADDED Viewed

@@ -0,0 +1,45 @@
+module UDAPSecurityTestKit
+  class IDTokenValidationAttestationTest < Inferno::Test
+    title 'Validates ID Token correctly'
+    id :udap_security_id_token_validation
+    description %(
+      Data Holder validates the ID Token as per OIDC Core specifications, including:
+      - Verifying the token's signature.
+      - Checking claims such as `iss`, `aud`, and `exp`.
+    )
+    verifies_requirements 'hl7.fhir.us.udap-security_1.0.0@282',
+                          'hl7.fhir.us.udap-security_1.0.0@289'
+    input :id_token_validation_correct,
+          title: 'ID Token and Access Token Validation: ID Token is validated correctly',
+          description: %(
+            I attest that the Data Holder validates the ID Token as per OIDC Core specifications, including:
+            - Verifying the token's signature.
+            - Checking claims such as `iss`, `aud`, and `exp`.
+          ),
+          type: 'radio',
+          default: 'false',
+          options: {
+            list_options: [
+              {
+                label: 'Yes',
+                value: 'true'
+              },
+              {
+                label: 'No',
+                value: 'false'
+              }
+            ]
+          }
+    input :id_token_validation_note,
+          title: 'Notes, if applicable:',
+          type: 'textarea',
+          optional: true
+    run do
+      assert id_token_validation_correct == 'true',
+             'ID Token validation is not implemented correctly as per OIDC Core specifications.'
+      pass id_token_validation_note if id_token_validation_note.present?
+    end
+  end
+end

data/lib/udap_security_test_kit/visual_inspection_and_attestation/server/id_token_access_token_validation_group/token_response_validation_test.rb ADDED Viewed

@@ -0,0 +1,47 @@
+module UDAPSecurityTestKit
+  class TokenResponseValidationAttestationTest < Inferno::Test
+    title 'Validates token response correctly'
+    id :udap_security_token_response_validation
+    description %(
+      Client validates the Token Response as per RFC 6749 and OIDC Core specifications, including:
+      - Ensuring the presence of `access_token` and `token_type` parameters.
+      - Validating the response structure and data integrity.
+    )
+    verifies_requirements 'hl7.fhir.us.udap-security_1.0.0@283',
+                          'hl7.fhir.us.udap-security_1.0.0@284',
+                          'hl7.fhir.us.udap-security_1.0.0@285'
+    input :token_response_validation_correct,
+          title: 'ID Token and Access Token Validation: Validates token response correctly',
+          description: %(
+            I attest that the Client validates the Token Response as per RFC 6749 and OIDC Core specifications,
+            including:
+            - Ensuring the presence of `access_token` and `token_type` parameters.
+            - Validating the response structure and data integrity.
+          ),
+          type: 'radio',
+          default: 'false',
+          options: {
+            list_options: [
+              {
+                label: 'Yes',
+                value: 'true'
+              },
+              {
+                label: 'No',
+                value: 'false'
+              }
+            ]
+          }
+    input :token_response_validation_note,
+          title: 'Notes, if applicable:',
+          type: 'textarea',
+          optional: true
+    run do
+      assert token_response_validation_correct == 'true',
+             'Token Response validation is not implemented correctly as per RFC 6749 and OIDC Core specifications.'
+      pass token_response_validation_note if token_response_validation_note.present?
+    end
+  end
+end

data/lib/udap_security_test_kit/visual_inspection_and_attestation/server/id_token_access_token_validation_group.rb ADDED Viewed

@@ -0,0 +1,15 @@
+require_relative 'id_token_access_token_validation_group/id_token_validation_test'
+require_relative 'id_token_access_token_validation_group/access_token_validation_test'
+require_relative 'id_token_access_token_validation_group/token_response_validation_test'
+module UDAPSecurityTestKit
+  class IDTokenAccessTokenValidationAttestationGroup < Inferno::TestGroup
+    id :udap_server_v100_id_token_access_token_validation_group
+    title 'ID Token and Access Token Validation'
+    run_as_group
+    test from: :udap_security_id_token_validation
+    test from: :udap_security_access_token_validation
+    test from: :udap_security_token_response_validation
+  end
+end

data/lib/udap_security_test_kit/visual_inspection_and_attestation/server/identity_provider_interaction_group/idp_authentication_request_test.rb ADDED Viewed

@@ -0,0 +1,45 @@
+module UDAPSecurityTestKit
+  class IdPAuthenticationRequestAttestationTest < Inferno::Test
+    title 'Performs Authentication request to the IdP’s authorization endpoint'
+    id :udap_security_idp_authentication_request
+    description %(
+      Data Holder makes an authentication request to the IdP’s authorization endpoint when the IdP is trusted.
+    )
+    verifies_requirements 'hl7.fhir.us.udap-security_1.0.0@245'
+    input :idp_authentication_request_correct,
+          title: %(
+            Interaction with Identity Providers (IdPs): Performs Authentication request to the IdP’s authorization
+            endpoint
+          ),
+          description: %(
+            I attest that the Data Holder makes an authentication request to the IdP’s authorization endpoint when the
+            IdP is trusted.
+          ),
+          type: 'radio',
+          default: 'false',
+          options: {
+            list_options: [
+              {
+                label: 'Yes',
+                value: 'true'
+              },
+              {
+                label: 'No',
+                value: 'false'
+              }
+            ]
+          }
+    input :idp_authentication_request_note,
+          title: 'Notes, if applicable:',
+          type: 'textarea',
+          optional: true
+    run do
+      assert idp_authentication_request_correct == 'true',
+             'Data Holder does not make an authentication request to the IdP’s authorization endpoint when the IdP
+              is trusted.'
+      pass idp_authentication_request_note if idp_authentication_request_note.present?
+    end
+  end
+end

data/lib/udap_security_test_kit/visual_inspection_and_attestation/server/identity_provider_interaction_group/idp_dynamic_registration_test.rb ADDED Viewed

@@ -0,0 +1,45 @@
+module UDAPSecurityTestKit
+  class IdPDynamicRegistrationAttestationTest < Inferno::Test
+    title 'Performs IdP dynamic registration if supported'
+    id :udap_security_idp_dynamic_registration
+    description %(
+      Data Holder registers as a client with the IdP if:
+      - The IdP is trusted.
+      - The IdP supports UDAP Dynamic Registration.
+    )
+    verifies_requirements 'hl7.fhir.us.udap-security_1.0.0@239'
+    input :idp_dynamic_registration_correct,
+          title: 'Interaction with Identity Providers (IdPs): Performs IdP dynamic registration if supported',
+          description: %(
+            I attest that the Data Holder registers as a client with the IdP if:
+            - The IdP is trusted.
+            - The IdP supports UDAP Dynamic Registration.
+          ),
+          type: 'radio',
+          default: 'false',
+          options: {
+            list_options: [
+              {
+                label: 'Yes',
+                value: 'true'
+              },
+              {
+                label: 'No',
+                value: 'false'
+              }
+            ]
+          }
+    input :idp_dynamic_registration_note,
+          title: 'Notes, if applicable:',
+          type: 'textarea',
+          optional: true
+    run do
+      assert idp_dynamic_registration_correct == 'true',
+             'Data Holder does not register as a client with the IdP when it is trusted and supports
+              UDAP Dynamic Registration.'
+      pass idp_dynamic_registration_note if idp_dynamic_registration_note.present?
+    end
+  end
+end

data/lib/udap_security_test_kit/visual_inspection_and_attestation/server/identity_provider_interaction_group/idp_metadata_validation_test.rb ADDED Viewed

@@ -0,0 +1,44 @@
+module UDAPSecurityTestKit
+  class IdPMetadataValidationAttestationTest < Inferno::Test
+    title 'Validates IdP metadata to determine trust'
+    id :udap_security_idp_metadata_validation
+    description %(
+      Data Holder validates the IdP’s UDAP metadata to determine trustworthiness, including:
+      - Verifying the authenticity of the metadata.
+      - Ensuring the metadata meets UDAP specifications.
+    )
+    verifies_requirements 'hl7.fhir.us.udap-security_1.0.0@238'
+    input :idp_metadata_validation_correct,
+          title: 'Interaction with Identity Providers (IdPs): Validates IdP metadata to determine trust',
+          description: %(
+            I attest that the Data Holder validates the IdP’s UDAP metadata to determine trustworthiness, including:
+            - Verifying the authenticity of the metadata.
+            - Ensuring the metadata meets UDAP specifications.
+          ),
+          type: 'radio',
+          default: 'false',
+          options: {
+            list_options: [
+              {
+                label: 'Yes',
+                value: 'true'
+              },
+              {
+                label: 'No',
+                value: 'false'
+              }
+            ]
+          }
+    input :idp_metadata_validation_note,
+          title: 'Notes, if applicable:',
+          type: 'textarea',
+          optional: true
+    run do
+      assert idp_metadata_validation_correct == 'true',
+             'Data Holder does not validate the IdP’s UDAP metadata to determine trustworthiness.'
+      pass idp_metadata_validation_note if idp_metadata_validation_note.present?
+    end
+  end
+end

data/lib/udap_security_test_kit/visual_inspection_and_attestation/server/identity_provider_interaction_group/idp_token_exchange_test.rb ADDED Viewed

@@ -0,0 +1,46 @@
+module UDAPSecurityTestKit
+  class IdPTokenExchangeAttestationTest < Inferno::Test
+    title 'Exchanges code for tokens after successful authentication response'
+    id :udap_security_idp_token_exchange
+    description %(
+      Data Holder exchanges the authorization code for tokens after receiving a successful
+      authentication response from the IdP.
+    )
+    verifies_requirements 'hl7.fhir.us.udap-security_1.0.0@279'
+    input :idp_token_exchange_correct,
+          title: %(
+            'Interaction with Identity Providers (IdPs): Exchanges code for tokens after successful
+             authentication response'
+          ),
+          description: %(
+            I attest that the Data Holder exchanges the authorization code for tokens after receiving a
+            successful authentication response from the IdP.
+          ),
+          type: 'radio',
+          default: 'false',
+          options: {
+            list_options: [
+              {
+                label: 'Yes',
+                value: 'true'
+              },
+              {
+                label: 'No',
+                value: 'false'
+              }
+            ]
+          }
+    input :idp_token_exchange_note,
+          title: 'Notes, if applicable:',
+          type: 'textarea',
+          optional: true
+    run do
+      assert idp_token_exchange_correct == 'true',
+             'Data Holder does not exchange the authorization code for tokens after receiving a successful
+             authentication response from the IdP.'
+      pass idp_token_exchange_note if idp_token_exchange_note.present?
+    end
+  end
+end