@icure/api 8.6.18 → 8.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (328) hide show
  1. package/icc-api/api/IccDocumentApi.d.ts +10 -2
  2. package/icc-api/api/IccDocumentApi.js +22 -4
  3. package/icc-api/api/IccDocumentApi.js.map +1 -1
  4. package/icc-api/api/IccReceiptApi.d.ts +17 -0
  5. package/icc-api/api/IccReceiptApi.js +52 -0
  6. package/icc-api/api/IccReceiptApi.js.map +1 -1
  7. package/icc-api/model/DataAttachment.d.ts +22 -0
  8. package/icc-api/model/DataAttachment.js.map +1 -1
  9. package/icc-api/model/Document.d.ts +6 -0
  10. package/icc-api/model/Document.js.map +1 -1
  11. package/icc-api/model/Receipt.d.ts +6 -0
  12. package/icc-api/model/Receipt.js.map +1 -1
  13. package/icc-x-api/crypto/BaseExchangeDataManager.js +2 -2
  14. package/icc-x-api/crypto/BaseExchangeDataManager.js.map +1 -1
  15. package/icc-x-api/crypto/ExchangeDataManager.js +3 -3
  16. package/icc-x-api/crypto/ExchangeDataManager.js.map +1 -1
  17. package/icc-x-api/crypto/ExtendedApisUtils.d.ts +1 -1
  18. package/icc-x-api/crypto/ExtendedApisUtils.js.map +1 -1
  19. package/icc-x-api/crypto/ExtendedApisUtilsImpl.d.ts +1 -1
  20. package/icc-x-api/crypto/ExtendedApisUtilsImpl.js +8 -2
  21. package/icc-x-api/crypto/ExtendedApisUtilsImpl.js.map +1 -1
  22. package/icc-x-api/crypto/RecoveryDataEncryption.js.map +1 -1
  23. package/icc-x-api/icc-accesslog-x-api.js +7 -7
  24. package/icc-x-api/icc-accesslog-x-api.js.map +1 -1
  25. package/icc-x-api/icc-calendar-item-x-api.js +7 -7
  26. package/icc-x-api/icc-calendar-item-x-api.js.map +1 -1
  27. package/icc-x-api/icc-classification-x-api.js +4 -5
  28. package/icc-x-api/icc-classification-x-api.js.map +1 -1
  29. package/icc-x-api/icc-code-x-api.d.ts +2 -2
  30. package/icc-x-api/icc-code-x-api.js +3 -33
  31. package/icc-x-api/icc-code-x-api.js.map +1 -1
  32. package/icc-x-api/icc-contact-x-api.js +20 -33
  33. package/icc-x-api/icc-contact-x-api.js.map +1 -1
  34. package/icc-x-api/icc-doctemplate-x-api.js.map +1 -1
  35. package/icc-x-api/icc-document-x-api.d.ts +8 -7
  36. package/icc-x-api/icc-document-x-api.js +64 -22
  37. package/icc-x-api/icc-document-x-api.js.map +1 -1
  38. package/icc-x-api/icc-form-x-api.js +3 -4
  39. package/icc-x-api/icc-form-x-api.js.map +1 -1
  40. package/icc-x-api/icc-helement-x-api.js +11 -11
  41. package/icc-x-api/icc-helement-x-api.js.map +1 -1
  42. package/icc-x-api/icc-invoice-x-api.js +3 -4
  43. package/icc-x-api/icc-invoice-x-api.js.map +1 -1
  44. package/icc-x-api/icc-maintenance-task-x-api.js +3 -3
  45. package/icc-x-api/icc-maintenance-task-x-api.js.map +1 -1
  46. package/icc-x-api/icc-patient-x-api.js +29 -29
  47. package/icc-x-api/icc-patient-x-api.js.map +1 -1
  48. package/icc-x-api/icc-receipt-x-api.d.ts +40 -0
  49. package/icc-x-api/icc-receipt-x-api.js +79 -1
  50. package/icc-x-api/icc-receipt-x-api.js.map +1 -1
  51. package/icc-x-api/icc-topic-x-api.js.map +1 -1
  52. package/icc-x-api/index.js +1 -1
  53. package/icc-x-api/index.js.map +1 -1
  54. package/icc-x-api/utils/code-util.d.ts +23 -0
  55. package/icc-x-api/utils/code-util.js +39 -2
  56. package/icc-x-api/utils/code-util.js.map +1 -1
  57. package/icc-x-api/utils/collection-utils.d.ts +13 -0
  58. package/icc-x-api/utils/collection-utils.js +69 -0
  59. package/icc-x-api/utils/collection-utils.js.map +1 -1
  60. package/icc-x-api/utils/compression-utils.d.ts +28 -0
  61. package/icc-x-api/utils/compression-utils.js +106 -0
  62. package/icc-x-api/utils/compression-utils.js.map +1 -0
  63. package/icc-x-api/utils/crypto-utils.js +7 -7
  64. package/icc-x-api/utils/crypto-utils.js.map +1 -1
  65. package/icc-x-api/utils/formatting-util.d.ts +1 -3
  66. package/icc-x-api/utils/formatting-util.js +15 -17
  67. package/icc-x-api/utils/formatting-util.js.map +1 -1
  68. package/icc-x-api/utils/hcp-util.js +2 -3
  69. package/icc-x-api/utils/hcp-util.js.map +1 -1
  70. package/icc-x-api/utils/insurability-util.js +10 -8
  71. package/icc-x-api/utils/insurability-util.js.map +1 -1
  72. package/icc-x-api/utils/lzma-wasm.d.ts +6 -0
  73. package/icc-x-api/utils/lzma-wasm.js +81 -0
  74. package/icc-x-api/utils/lzma-wasm.js.map +1 -0
  75. package/icc-x-api/utils/mutex.d.ts +12 -0
  76. package/icc-x-api/utils/mutex.js +26 -0
  77. package/icc-x-api/utils/mutex.js.map +1 -0
  78. package/icc-x-api/utils/websocket.js +7 -7
  79. package/icc-x-api/utils/websocket.js.map +1 -1
  80. package/icc-x-api/wasm/lzma/lzma.js +2 -0
  81. package/icc-x-api/wasm/lzma/lzma.wasm +0 -0
  82. package/package.json +2 -11
  83. package/icc-x-api/utils/uuid-encoder.d.ts +0 -44
  84. package/icc-x-api/utils/uuid-encoder.js +0 -114
  85. package/icc-x-api/utils/uuid-encoder.js.map +0 -1
  86. package/test/icc-api/api/IccAgendaApi.d.ts +0 -1
  87. package/test/icc-api/api/IccAgendaApi.js +0 -64
  88. package/test/icc-api/api/IccAgendaApi.js.map +0 -1
  89. package/test/icc-api/api/IccAnonymousAccessApi.d.ts +0 -1
  90. package/test/icc-api/api/IccAnonymousAccessApi.js +0 -58
  91. package/test/icc-api/api/IccAnonymousAccessApi.js.map +0 -1
  92. package/test/icc-api/api/IccCalendarItemApi.d.ts +0 -1
  93. package/test/icc-api/api/IccCalendarItemApi.js +0 -67
  94. package/test/icc-api/api/IccCalendarItemApi.js.map +0 -1
  95. package/test/icc-api/api/IccCalendarItemTypeApi.d.ts +0 -1
  96. package/test/icc-api/api/IccCalendarItemTypeApi.js +0 -96
  97. package/test/icc-api/api/IccCalendarItemTypeApi.js.map +0 -1
  98. package/test/icc-api/api/IccCodeApi.d.ts +0 -1
  99. package/test/icc-api/api/IccCodeApi.js +0 -38
  100. package/test/icc-api/api/IccCodeApi.js.map +0 -1
  101. package/test/icc-api/api/IccDocumentApi.d.ts +0 -1
  102. package/test/icc-api/api/IccDocumentApi.js +0 -199
  103. package/test/icc-api/api/IccDocumentApi.js.map +0 -1
  104. package/test/icc-api/api/IccGroupApi.d.ts +0 -1
  105. package/test/icc-api/api/IccGroupApi.js +0 -50
  106. package/test/icc-api/api/IccGroupApi.js.map +0 -1
  107. package/test/icc-api/api/IccKeywordApi.d.ts +0 -1
  108. package/test/icc-api/api/IccKeywordApi.js +0 -64
  109. package/test/icc-api/api/IccKeywordApi.js.map +0 -1
  110. package/test/icc-api/api/IccMedicalLocationApi.d.ts +0 -1
  111. package/test/icc-api/api/IccMedicalLocationApi.js +0 -64
  112. package/test/icc-api/api/IccMedicalLocationApi.js.map +0 -1
  113. package/test/icc-api/api/IccPlaceApi.d.ts +0 -1
  114. package/test/icc-api/api/IccPlaceApi.js +0 -64
  115. package/test/icc-api/api/IccPlaceApi.js.map +0 -1
  116. package/test/icc-api/api/IccRecoveryDataApi.d.ts +0 -1
  117. package/test/icc-api/api/IccRecoveryDataApi.js +0 -95
  118. package/test/icc-api/api/IccRecoveryDataApi.js.map +0 -1
  119. package/test/icc-api/api/IccRoleApi.d.ts +0 -1
  120. package/test/icc-api/api/IccRoleApi.js +0 -34
  121. package/test/icc-api/api/IccRoleApi.js.map +0 -1
  122. package/test/icc-api/api/IccUserApi.d.ts +0 -1
  123. package/test/icc-api/api/IccUserApi.js +0 -96
  124. package/test/icc-api/api/IccUserApi.js.map +0 -1
  125. package/test/icc-api/e2e/IccCalendarItemApi.d.ts +0 -1
  126. package/test/icc-api/e2e/IccCalendarItemApi.js +0 -46
  127. package/test/icc-api/e2e/IccCalendarItemApi.js.map +0 -1
  128. package/test/icc-api/model/modelHelpersTest.d.ts +0 -1
  129. package/test/icc-api/model/modelHelpersTest.js +0 -45
  130. package/test/icc-api/model/modelHelpersTest.js.map +0 -1
  131. package/test/icc-x-api/auth/group-switch-test.d.ts +0 -1
  132. package/test/icc-x-api/auth/group-switch-test.js +0 -81
  133. package/test/icc-x-api/auth/group-switch-test.js.map +0 -1
  134. package/test/icc-x-api/auth/jwt-concurrency-test.d.ts +0 -2
  135. package/test/icc-x-api/auth/jwt-concurrency-test.js +0 -112
  136. package/test/icc-x-api/auth/jwt-concurrency-test.js.map +0 -1
  137. package/test/icc-x-api/auth/jwt-provider-test.d.ts +0 -1
  138. package/test/icc-x-api/auth/jwt-provider-test.js +0 -197
  139. package/test/icc-x-api/auth/jwt-provider-test.js.map +0 -1
  140. package/test/icc-x-api/auth/smart-auth-provider-test.d.ts +0 -1
  141. package/test/icc-x-api/auth/smart-auth-provider-test.js +0 -224
  142. package/test/icc-x-api/auth/smart-auth-provider-test.js.map +0 -1
  143. package/test/icc-x-api/autofix-anonymity-test.d.ts +0 -1
  144. package/test/icc-x-api/autofix-anonymity-test.js +0 -122
  145. package/test/icc-x-api/autofix-anonymity-test.js.map +0 -1
  146. package/test/icc-x-api/confidential-entities-test.d.ts +0 -1
  147. package/test/icc-x-api/confidential-entities-test.js +0 -168
  148. package/test/icc-x-api/confidential-entities-test.js.map +0 -1
  149. package/test/icc-x-api/crud/comprehensive-crud-test.d.ts +0 -1
  150. package/test/icc-x-api/crud/comprehensive-crud-test.js +0 -276
  151. package/test/icc-x-api/crud/comprehensive-crud-test.js.map +0 -1
  152. package/test/icc-x-api/crud/entities-crud-test-interface.d.ts +0 -16
  153. package/test/icc-x-api/crud/entities-crud-test-interface.js +0 -408
  154. package/test/icc-x-api/crud/entities-crud-test-interface.js.map +0 -1
  155. package/test/icc-x-api/crypto/anonymous-delegations-test.d.ts +0 -1
  156. package/test/icc-x-api/crypto/anonymous-delegations-test.js +0 -587
  157. package/test/icc-x-api/crypto/anonymous-delegations-test.js.map +0 -1
  158. package/test/icc-x-api/crypto/concurrency.d.ts +0 -1
  159. package/test/icc-x-api/crypto/concurrency.js +0 -35
  160. package/test/icc-x-api/crypto/concurrency.js.map +0 -1
  161. package/test/icc-x-api/crypto/crypto-utils.d.ts +0 -1
  162. package/test/icc-x-api/crypto/crypto-utils.js +0 -79
  163. package/test/icc-x-api/crypto/crypto-utils.js.map +0 -1
  164. package/test/icc-x-api/crypto/cryptoTest.d.ts +0 -2
  165. package/test/icc-x-api/crypto/cryptoTest.js +0 -402
  166. package/test/icc-x-api/crypto/cryptoTest.js.map +0 -1
  167. package/test/icc-x-api/crypto/delegate-ci-to-patient-with-missing-keys-test.d.ts +0 -1
  168. package/test/icc-x-api/crypto/delegate-ci-to-patient-with-missing-keys-test.js +0 -166
  169. package/test/icc-x-api/crypto/delegate-ci-to-patient-with-missing-keys-test.js.map +0 -1
  170. package/test/icc-x-api/crypto/exchange-data-manager-test.d.ts +0 -1
  171. package/test/icc-x-api/crypto/exchange-data-manager-test.js +0 -674
  172. package/test/icc-x-api/crypto/exchange-data-manager-test.js.map +0 -1
  173. package/test/icc-x-api/crypto/full-crypto-test.d.ts +0 -1
  174. package/test/icc-x-api/crypto/full-crypto-test.js +0 -454
  175. package/test/icc-x-api/crypto/full-crypto-test.js.map +0 -1
  176. package/test/icc-x-api/crypto/legacy-metadata-migration-test.d.ts +0 -1
  177. package/test/icc-x-api/crypto/legacy-metadata-migration-test.js +0 -379
  178. package/test/icc-x-api/crypto/legacy-metadata-migration-test.js.map +0 -1
  179. package/test/icc-x-api/crypto/secure-delegations-manager-test.d.ts +0 -1
  180. package/test/icc-x-api/crypto/secure-delegations-manager-test.js +0 -278
  181. package/test/icc-x-api/crypto/secure-delegations-manager-test.js.map +0 -1
  182. package/test/icc-x-api/crypto/shamir.d.ts +0 -2
  183. package/test/icc-x-api/crypto/shamir.js +0 -167
  184. package/test/icc-x-api/crypto/shamir.js.map +0 -1
  185. package/test/icc-x-api/crypto/share-to-newly-created-patient-from-hcp.d.ts +0 -1
  186. package/test/icc-x-api/crypto/share-to-newly-created-patient-from-hcp.js +0 -71
  187. package/test/icc-x-api/crypto/share-to-newly-created-patient-from-hcp.js.map +0 -1
  188. package/test/icc-x-api/crypto/soft-deleted-data-owners.d.ts +0 -2
  189. package/test/icc-x-api/crypto/soft-deleted-data-owners.js +0 -113
  190. package/test/icc-x-api/crypto/soft-deleted-data-owners.js.map +0 -1
  191. package/test/icc-x-api/crypto/user-encryption-keys-manager-test.d.ts +0 -1
  192. package/test/icc-x-api/crypto/user-encryption-keys-manager-test.js +0 -246
  193. package/test/icc-x-api/crypto/user-encryption-keys-manager-test.js.map +0 -1
  194. package/test/icc-x-api/entity-with-attachments-api-test.d.ts +0 -1
  195. package/test/icc-x-api/entity-with-attachments-api-test.js +0 -142
  196. package/test/icc-x-api/entity-with-attachments-api-test.js.map +0 -1
  197. package/test/icc-x-api/filters/filters.d.ts +0 -1
  198. package/test/icc-x-api/filters/filters.js +0 -49
  199. package/test/icc-x-api/filters/filters.js.map +0 -1
  200. package/test/icc-x-api/filters/healthelement.d.ts +0 -1
  201. package/test/icc-x-api/filters/healthelement.js +0 -333
  202. package/test/icc-x-api/filters/healthelement.js.map +0 -1
  203. package/test/icc-x-api/icc-accesslog-x-api.d.ts +0 -1
  204. package/test/icc-x-api/icc-accesslog-x-api.js +0 -106
  205. package/test/icc-x-api/icc-accesslog-x-api.js.map +0 -1
  206. package/test/icc-x-api/icc-application-settings-x-api.d.ts +0 -1
  207. package/test/icc-x-api/icc-application-settings-x-api.js +0 -91
  208. package/test/icc-x-api/icc-application-settings-x-api.js.map +0 -1
  209. package/test/icc-x-api/icc-auth-api.d.ts +0 -1
  210. package/test/icc-x-api/icc-auth-api.js +0 -47
  211. package/test/icc-x-api/icc-auth-api.js.map +0 -1
  212. package/test/icc-x-api/icc-calendar-item-x-api.d.ts +0 -1
  213. package/test/icc-x-api/icc-calendar-item-x-api.js +0 -150
  214. package/test/icc-x-api/icc-calendar-item-x-api.js.map +0 -1
  215. package/test/icc-x-api/icc-contact-x-api.d.ts +0 -1
  216. package/test/icc-x-api/icc-contact-x-api.js +0 -355
  217. package/test/icc-x-api/icc-contact-x-api.js.map +0 -1
  218. package/test/icc-x-api/icc-document-x-api.d.ts +0 -1
  219. package/test/icc-x-api/icc-document-x-api.js +0 -76
  220. package/test/icc-x-api/icc-document-x-api.js.map +0 -1
  221. package/test/icc-x-api/icc-form-x-api.d.ts +0 -1
  222. package/test/icc-x-api/icc-form-x-api.js +0 -413
  223. package/test/icc-x-api/icc-form-x-api.js.map +0 -1
  224. package/test/icc-x-api/icc-hcparty-x-api-test.d.ts +0 -1
  225. package/test/icc-x-api/icc-hcparty-x-api-test.js +0 -43
  226. package/test/icc-x-api/icc-hcparty-x-api-test.js.map +0 -1
  227. package/test/icc-x-api/icc-helement-x-api-test.d.ts +0 -1
  228. package/test/icc-x-api/icc-helement-x-api-test.js +0 -155
  229. package/test/icc-x-api/icc-helement-x-api-test.js.map +0 -1
  230. package/test/icc-x-api/icc-invoice-x-api.d.ts +0 -1
  231. package/test/icc-x-api/icc-invoice-x-api.js +0 -99
  232. package/test/icc-x-api/icc-invoice-x-api.js.map +0 -1
  233. package/test/icc-x-api/icc-maintenance-task-x-api-test.d.ts +0 -1
  234. package/test/icc-x-api/icc-maintenance-task-x-api-test.js +0 -222
  235. package/test/icc-x-api/icc-maintenance-task-x-api-test.js.map +0 -1
  236. package/test/icc-x-api/icc-message-x-api.d.ts +0 -1
  237. package/test/icc-x-api/icc-message-x-api.js +0 -54
  238. package/test/icc-x-api/icc-message-x-api.js.map +0 -1
  239. package/test/icc-x-api/icc-patient-x-api-test.d.ts +0 -1
  240. package/test/icc-x-api/icc-patient-x-api-test.js +0 -165
  241. package/test/icc-x-api/icc-patient-x-api-test.js.map +0 -1
  242. package/test/icc-x-api/icc-recovery-x-api.d.ts +0 -1
  243. package/test/icc-x-api/icc-recovery-x-api.js +0 -175
  244. package/test/icc-x-api/icc-recovery-x-api.js.map +0 -1
  245. package/test/icc-x-api/icc-topic-x-api.d.ts +0 -1
  246. package/test/icc-x-api/icc-topic-x-api.js +0 -269
  247. package/test/icc-x-api/icc-topic-x-api.js.map +0 -1
  248. package/test/icc-x-api/icc-user-x-api-test.d.ts +0 -1
  249. package/test/icc-x-api/icc-user-x-api-test.js +0 -99
  250. package/test/icc-x-api/icc-user-x-api-test.js.map +0 -1
  251. package/test/icc-x-api/keyless-api.d.ts +0 -1
  252. package/test/icc-x-api/keyless-api.js +0 -125
  253. package/test/icc-x-api/keyless-api.js.map +0 -1
  254. package/test/icc-x-api/patient-user.d.ts +0 -2
  255. package/test/icc-x-api/patient-user.js +0 -103
  256. package/test/icc-x-api/patient-user.js.map +0 -1
  257. package/test/icc-x-api/storage/storage.d.ts +0 -1
  258. package/test/icc-x-api/storage/storage.js +0 -48
  259. package/test/icc-x-api/storage/storage.js.map +0 -1
  260. package/test/icc-x-api/test-api-no-parent.d.ts +0 -1
  261. package/test/icc-x-api/test-api-no-parent.js +0 -79
  262. package/test/icc-x-api/test-api-no-parent.js.map +0 -1
  263. package/test/icc-x-api/test-legacy-data-support.d.ts +0 -1
  264. package/test/icc-x-api/test-legacy-data-support.js +0 -375
  265. package/test/icc-x-api/test-legacy-data-support.js.map +0 -1
  266. package/test/icc-x-api/utils/graph-test.d.ts +0 -1
  267. package/test/icc-x-api/utils/graph-test.js +0 -54
  268. package/test/icc-x-api/utils/graph-test.js.map +0 -1
  269. package/test/icc-x-api/utils/lru-temporised-async-cache-test.d.ts +0 -1
  270. package/test/icc-x-api/utils/lru-temporised-async-cache-test.js +0 -364
  271. package/test/icc-x-api/utils/lru-temporised-async-cache-test.js.map +0 -1
  272. package/test/support/CSM-185.d.ts +0 -1
  273. package/test/support/CSM-185.js +0 -124
  274. package/test/support/CSM-185.js.map +0 -1
  275. package/test/support/CSM-243.d.ts +0 -1
  276. package/test/support/CSM-243.js +0 -120
  277. package/test/support/CSM-243.js.map +0 -1
  278. package/test/support/CSM-543.d.ts +0 -1
  279. package/test/support/CSM-543.js +0 -164
  280. package/test/support/CSM-543.js.map +0 -1
  281. package/test/support/CSM-729.d.ts +0 -1
  282. package/test/support/CSM-729.js +0 -225
  283. package/test/support/CSM-729.js.map +0 -1
  284. package/test/support/CSM-87.d.ts +0 -0
  285. package/test/support/CSM-87.js +0 -21
  286. package/test/support/CSM-87.js.map +0 -1
  287. package/test/support/CSM-93.d.ts +0 -1
  288. package/test/support/CSM-93.js +0 -112
  289. package/test/support/CSM-93.js.map +0 -1
  290. package/test/utils/FakeDataOwnerApi.d.ts +0 -32
  291. package/test/utils/FakeDataOwnerApi.js +0 -136
  292. package/test/utils/FakeDataOwnerApi.js.map +0 -1
  293. package/test/utils/FakeEncryptionKeysManager.d.ts +0 -36
  294. package/test/utils/FakeEncryptionKeysManager.js +0 -98
  295. package/test/utils/FakeEncryptionKeysManager.js.map +0 -1
  296. package/test/utils/FakeExchangeDataApi.d.ts +0 -32
  297. package/test/utils/FakeExchangeDataApi.js +0 -92
  298. package/test/utils/FakeExchangeDataApi.js.map +0 -1
  299. package/test/utils/FakeExchangeDataManager.d.ts +0 -48
  300. package/test/utils/FakeExchangeDataManager.js +0 -82
  301. package/test/utils/FakeExchangeDataManager.js.map +0 -1
  302. package/test/utils/FakeExchangeDataMapManager.d.ts +0 -12
  303. package/test/utils/FakeExchangeDataMapManager.js +0 -38
  304. package/test/utils/FakeExchangeDataMapManager.js.map +0 -1
  305. package/test/utils/FakeGenericApi.d.ts +0 -16
  306. package/test/utils/FakeGenericApi.js +0 -65
  307. package/test/utils/FakeGenericApi.js.map +0 -1
  308. package/test/utils/KeylessCryptoStrategies.d.ts +0 -23
  309. package/test/utils/KeylessCryptoStrategies.js +0 -26
  310. package/test/utils/KeylessCryptoStrategies.js.map +0 -1
  311. package/test/utils/TestApi.d.ts +0 -3
  312. package/test/utils/TestApi.js +0 -30
  313. package/test/utils/TestApi.js.map +0 -1
  314. package/test/utils/TestCollectionUtils.d.ts +0 -1
  315. package/test/utils/TestCollectionUtils.js +0 -109
  316. package/test/utils/TestCollectionUtils.js.map +0 -1
  317. package/test/utils/TestCryptoStrategies.d.ts +0 -42
  318. package/test/utils/TestCryptoStrategies.js +0 -80
  319. package/test/utils/TestCryptoStrategies.js.map +0 -1
  320. package/test/utils/TestStorage.d.ts +0 -23
  321. package/test/utils/TestStorage.js +0 -61
  322. package/test/utils/TestStorage.js.map +0 -1
  323. package/test/utils/roles.d.ts +0 -14
  324. package/test/utils/roles.js +0 -345
  325. package/test/utils/roles.js.map +0 -1
  326. package/test/utils/test_utils.d.ts +0 -87
  327. package/test/utils/test_utils.js +0 -452
  328. package/test/utils/test_utils.js.map +0 -1
@@ -1,224 +0,0 @@
1
- "use strict";
2
- var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
3
- function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
4
- return new (P || (P = Promise))(function (resolve, reject) {
5
- function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
6
- function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
7
- function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
8
- step((generator = generator.apply(thisArg, _arguments || [])).next());
9
- });
10
- };
11
- Object.defineProperty(exports, "__esModule", { value: true });
12
- const types_1 = require("@icure/test-setup/types");
13
- const mocha_1 = require("mocha");
14
- const test_utils_1 = require("../../utils/test_utils");
15
- const icc_x_api_1 = require("../../../icc-x-api");
16
- const icc_api_1 = require("../../../icc-api");
17
- require("isomorphic-fetch");
18
- const SmartAuthProvider_1 = require("../../../icc-x-api/auth/SmartAuthProvider");
19
- const chai_1 = require("chai");
20
- const crypto_1 = require("crypto");
21
- var initMasterApi = test_utils_1.TestUtils.initMasterApi;
22
- const assert_1 = require("assert");
23
- const otpauth_1 = require("otpauth");
24
- (0, test_utils_1.setLocalStorage)(fetch);
25
- let env;
26
- let authApi;
27
- describe('Smart authentication provider', () => {
28
- (0, mocha_1.before)(function () {
29
- return __awaiter(this, void 0, void 0, function* () {
30
- this.timeout(600000);
31
- const initializer = yield (0, test_utils_1.getEnvironmentInitializer)();
32
- env = yield initializer.execute((0, types_1.getEnvVariables)());
33
- authApi = new icc_api_1.IccAuthApi(env.iCureUrl, {}, new icc_x_api_1.NoAuthenticationProvider(), fetch);
34
- });
35
- });
36
- function userApiWithProvider(authProvider) {
37
- return new icc_api_1.IccUserApi(env.iCureUrl, {}, authProvider, fetch);
38
- }
39
- it('Should automatically ask for secret to get a new token, and reasks the secret if it is not valid', () => __awaiter(void 0, void 0, void 0, function* () {
40
- const { credentials } = yield (0, test_utils_1.createNewHcpApi)(env);
41
- let calls = 0;
42
- const authProvider = yield SmartAuthProvider_1.SmartAuthProvider.initialise(authApi, credentials.user, {
43
- getSecret: (acceptedSecrets, previousAttempts) => __awaiter(void 0, void 0, void 0, function* () {
44
- (0, chai_1.expect)(acceptedSecrets).to.include(SmartAuthProvider_1.AuthSecretType.PASSWORD);
45
- (0, chai_1.expect)(acceptedSecrets).to.include(SmartAuthProvider_1.AuthSecretType.LONG_LIVED_TOKEN);
46
- (0, chai_1.expect)(acceptedSecrets).to.include(SmartAuthProvider_1.AuthSecretType.SHORT_LIVED_TOKEN);
47
- (0, chai_1.expect)(acceptedSecrets).to.not.include(SmartAuthProvider_1.AuthSecretType.TWO_FACTOR_AUTHENTICATION_TOKEN);
48
- if (calls == 0) {
49
- (0, chai_1.expect)(previousAttempts).to.be.empty;
50
- }
51
- else if (calls == 1) {
52
- (0, chai_1.expect)(previousAttempts).to.have.length(1);
53
- (0, chai_1.expect)(previousAttempts[0].value).to.equal('wrong');
54
- (0, chai_1.expect)(previousAttempts[0].secretType).to.equal(SmartAuthProvider_1.AuthSecretType.LONG_LIVED_TOKEN);
55
- }
56
- else
57
- (0, assert_1.fail)(`Unexpected number of calls: ${calls}`);
58
- return calls++ == 0
59
- ? { value: 'wrong', secretType: SmartAuthProvider_1.AuthSecretType.LONG_LIVED_TOKEN } // pragma: allowlist secret
60
- : { value: credentials.password, secretType: SmartAuthProvider_1.AuthSecretType.LONG_LIVED_TOKEN };
61
- }),
62
- });
63
- const userApi = userApiWithProvider(authProvider);
64
- const user = yield userApi.getCurrentUser();
65
- (0, chai_1.expect)(user.healthcarePartyId).to.equal(credentials.dataOwnerId);
66
- (0, chai_1.expect)(calls).to.equal(2);
67
- }));
68
- (0, test_utils_1.itNoLite)('Should automatically ask for a more powerful secret to perform elevated-security operations if the available secret/token is not good enough', () => __awaiter(void 0, void 0, void 0, function* () {
69
- const { credentials, api } = yield (0, test_utils_1.createNewHcpApi)(env);
70
- const initialUser = yield api.userApi.getCurrentUser();
71
- const masterApi = yield initMasterApi(env);
72
- const userToken = (0, crypto_1.randomUUID)();
73
- const userPw = (0, crypto_1.randomUUID)();
74
- const userWithLongTokenAndPw = yield masterApi.userApi.modifyUser(Object.assign(Object.assign({}, initialUser), { passwordHash: userPw, authenticationTokens: {
75
- 'test-long-lived-token': {
76
- token: userToken,
77
- creationTime: Date.now(),
78
- validity: 60 * 60 * 24 * 7,
79
- },
80
- } }));
81
- let calls = 0;
82
- const authProvider = yield SmartAuthProvider_1.SmartAuthProvider.initialise(authApi, credentials.user, {
83
- getSecret: (acceptedSecrets, previousAttempts) => __awaiter(void 0, void 0, void 0, function* () {
84
- if (calls == 0) {
85
- (0, chai_1.expect)(acceptedSecrets).to.include(SmartAuthProvider_1.AuthSecretType.PASSWORD);
86
- (0, chai_1.expect)(acceptedSecrets).to.include(SmartAuthProvider_1.AuthSecretType.LONG_LIVED_TOKEN);
87
- (0, chai_1.expect)(acceptedSecrets).to.include(SmartAuthProvider_1.AuthSecretType.SHORT_LIVED_TOKEN);
88
- (0, chai_1.expect)(acceptedSecrets).to.not.include(SmartAuthProvider_1.AuthSecretType.TWO_FACTOR_AUTHENTICATION_TOKEN);
89
- (0, chai_1.expect)(previousAttempts).to.be.empty;
90
- calls++;
91
- return { value: userToken, secretType: SmartAuthProvider_1.AuthSecretType.LONG_LIVED_TOKEN };
92
- }
93
- else if (calls == 1) {
94
- (0, chai_1.expect)(acceptedSecrets).to.include(SmartAuthProvider_1.AuthSecretType.PASSWORD);
95
- (0, chai_1.expect)(acceptedSecrets).to.not.include(SmartAuthProvider_1.AuthSecretType.LONG_LIVED_TOKEN);
96
- (0, chai_1.expect)(acceptedSecrets).to.include(SmartAuthProvider_1.AuthSecretType.SHORT_LIVED_TOKEN);
97
- (0, chai_1.expect)(acceptedSecrets).to.not.include(SmartAuthProvider_1.AuthSecretType.TWO_FACTOR_AUTHENTICATION_TOKEN);
98
- (0, chai_1.expect)(previousAttempts).to.be.empty;
99
- calls++;
100
- return { value: userPw, secretType: SmartAuthProvider_1.AuthSecretType.PASSWORD };
101
- }
102
- else
103
- throw new Error(`Unexpected number of calls: ${calls}`);
104
- }),
105
- });
106
- const userApi = userApiWithProvider(authProvider);
107
- (0, chai_1.expect)((yield userApi.getCurrentUser()).rev).to.equal(userWithLongTokenAndPw.rev);
108
- (0, chai_1.expect)(calls).to.equal(1);
109
- const newPw = (0, crypto_1.randomUUID)();
110
- const userWithNewPw = yield userApi.modifyUser(Object.assign(Object.assign({}, userWithLongTokenAndPw), { passwordHash: newPw }));
111
- (0, chai_1.expect)(userWithNewPw.rev).to.not.equal(userWithLongTokenAndPw.rev);
112
- (0, chai_1.expect)(calls).to.equal(2);
113
- const retrievedWithNewPw = yield userApiWithProvider(new icc_x_api_1.BasicAuthenticationProvider(credentials.user, newPw)).getCurrentUser();
114
- (0, chai_1.expect)(retrievedWithNewPw.rev).to.equal(userWithNewPw.rev);
115
- const couldRetrieveWithOldPw = yield userApiWithProvider(new icc_x_api_1.BasicAuthenticationProvider(credentials.user, userPw))
116
- .getCurrentUser()
117
- .then(() => true, () => false);
118
- (0, chai_1.expect)(couldRetrieveWithOldPw).to.be.false;
119
- }));
120
- (0, test_utils_1.itNoLite)('Should automatically ask for TOTP after password if user has 2fa enabled', () => __awaiter(void 0, void 0, void 0, function* () {
121
- const { credentials, api } = yield (0, test_utils_1.createNewHcpApi)(env);
122
- const initialUser = yield api.userApi.getCurrentUser();
123
- const masterApi = yield initMasterApi(env);
124
- const totpSecret = 'AAPX7PW2RJIGZ3D4'; // pragma: allowlist secret (fake secret generated only for test)
125
- const totp = new otpauth_1.TOTP({
126
- algorithm: 'SHA1',
127
- digits: 6,
128
- period: 30,
129
- secret: totpSecret,
130
- });
131
- const userPw = (0, crypto_1.randomUUID)();
132
- yield masterApi.userApi.enable2fa(initialUser.id, totpSecret);
133
- const userWithPwAnd2fa = yield masterApi.userApi.modifyUser(Object.assign(Object.assign({}, initialUser), { passwordHash: userPw }));
134
- let calls = 0;
135
- const authProvider = yield SmartAuthProvider_1.SmartAuthProvider.initialise(authApi, credentials.user, {
136
- getSecret: (acceptedSecrets, previousAttempts) => __awaiter(void 0, void 0, void 0, function* () {
137
- if (calls == 0) {
138
- (0, chai_1.expect)(acceptedSecrets).to.include(SmartAuthProvider_1.AuthSecretType.PASSWORD);
139
- (0, chai_1.expect)(acceptedSecrets).to.include(SmartAuthProvider_1.AuthSecretType.LONG_LIVED_TOKEN);
140
- (0, chai_1.expect)(acceptedSecrets).to.include(SmartAuthProvider_1.AuthSecretType.SHORT_LIVED_TOKEN);
141
- (0, chai_1.expect)(acceptedSecrets).to.not.include(SmartAuthProvider_1.AuthSecretType.TWO_FACTOR_AUTHENTICATION_TOKEN);
142
- (0, chai_1.expect)(previousAttempts).to.be.empty;
143
- calls++;
144
- return { value: userPw, secretType: SmartAuthProvider_1.AuthSecretType.PASSWORD };
145
- }
146
- else if (calls == 1 || calls == 2) {
147
- (0, chai_1.expect)(acceptedSecrets).to.have.members([SmartAuthProvider_1.AuthSecretType.TWO_FACTOR_AUTHENTICATION_TOKEN]);
148
- if (calls == 1)
149
- (0, chai_1.expect)(previousAttempts).to.be.empty;
150
- if (calls == 2)
151
- (0, chai_1.expect)(previousAttempts).to.have.length(1);
152
- return calls++ == 1
153
- ? { value: totp.generate() + '13', secretType: SmartAuthProvider_1.AuthSecretType.TWO_FACTOR_AUTHENTICATION_TOKEN }
154
- : { value: totp.generate(), secretType: SmartAuthProvider_1.AuthSecretType.TWO_FACTOR_AUTHENTICATION_TOKEN };
155
- }
156
- else
157
- throw new Error(`Unexpected number of calls: ${calls}`);
158
- }),
159
- });
160
- const userApi = userApiWithProvider(authProvider);
161
- (0, chai_1.expect)((yield userApi.getCurrentUser()).rev).to.equal(userWithPwAnd2fa.rev);
162
- (0, chai_1.expect)(calls).to.equal(3);
163
- }));
164
- (0, test_utils_1.itNoLite)('Should ask for TOTP directly if password is cached', () => __awaiter(void 0, void 0, void 0, function* () {
165
- const { credentials, api } = yield (0, test_utils_1.createNewHcpApi)(env);
166
- const initialUser = yield api.userApi.getCurrentUser();
167
- const masterApi = yield initMasterApi(env);
168
- const totpSecret = 'AAPX7PW2RJIGZ3D4'; // pragma: allowlist secret (fake secret generated only for test)
169
- const totp = new otpauth_1.TOTP({
170
- algorithm: 'SHA1',
171
- digits: 6,
172
- period: 30,
173
- secret: totpSecret,
174
- });
175
- const userPw = (0, crypto_1.randomUUID)();
176
- yield masterApi.userApi.enable2fa(initialUser.id, totpSecret);
177
- const userWithPwAnd2fa = yield masterApi.userApi.modifyUser(Object.assign(Object.assign({}, initialUser), { passwordHash: userPw }));
178
- let calls = 0;
179
- const authProvider = yield SmartAuthProvider_1.SmartAuthProvider.initialise(authApi, credentials.user, {
180
- getSecret: (acceptedSecrets, previousAttempts) => __awaiter(void 0, void 0, void 0, function* () {
181
- (0, chai_1.expect)(acceptedSecrets).to.have.members([SmartAuthProvider_1.AuthSecretType.TWO_FACTOR_AUTHENTICATION_TOKEN]);
182
- (0, chai_1.expect)(previousAttempts).to.be.empty;
183
- (0, chai_1.expect)(calls++).to.equal(0);
184
- return { value: totp.generate(), secretType: SmartAuthProvider_1.AuthSecretType.TWO_FACTOR_AUTHENTICATION_TOKEN };
185
- }),
186
- }, {
187
- initialSecret: { password: userPw },
188
- });
189
- const userApi = userApiWithProvider(authProvider);
190
- (0, chai_1.expect)((yield userApi.getCurrentUser()).rev).to.equal(userWithPwAnd2fa.rev);
191
- (0, chai_1.expect)(calls).to.equal(1);
192
- }));
193
- (0, test_utils_1.itNoLite)('Switched provider should keep cached secrets and should be able to have elevated security context', () => __awaiter(void 0, void 0, void 0, function* () {
194
- var _a;
195
- const details = yield (0, test_utils_1.createUserInMultipleGroups)(env);
196
- let calls = 0;
197
- const authProvider = yield SmartAuthProvider_1.SmartAuthProvider.initialise(authApi, details.userLogin, {
198
- getSecret: (acceptedSecrets, previousAttempts) => __awaiter(void 0, void 0, void 0, function* () {
199
- (0, chai_1.expect)(acceptedSecrets).to.have.include(SmartAuthProvider_1.AuthSecretType.PASSWORD);
200
- (0, chai_1.expect)(previousAttempts).to.be.empty;
201
- (0, chai_1.expect)(calls++).to.equal(0);
202
- return { value: details.userPw12, secretType: SmartAuthProvider_1.AuthSecretType.PASSWORD };
203
- }),
204
- });
205
- const defaultGroupUserApi = userApiWithProvider(authProvider);
206
- const defaultGroupUser = yield defaultGroupUserApi.getCurrentUser();
207
- const otherGroupId = details.group1.id == defaultGroupUser.groupId ? details.group2.id : details.group1.id;
208
- const matches = yield defaultGroupUserApi.getMatchingUsers();
209
- const switchedUserApi = userApiWithProvider(yield authProvider.switchGroup(otherGroupId, matches));
210
- const switchedUser = yield switchedUserApi.getCurrentUser();
211
- (0, chai_1.expect)(switchedUser.id).to.not.equal(defaultGroupUser.id);
212
- (0, chai_1.expect)(switchedUser.groupId).to.equal(otherGroupId);
213
- const updatedDefault = yield switchedUserApi.modifyUser(Object.assign(Object.assign({}, switchedUser), { authenticationTokens: {
214
- 'new-token': {
215
- token: (0, crypto_1.randomUUID)(),
216
- creationTime: Date.now(),
217
- validity: 60 * 60 * 24 * 7,
218
- },
219
- } }));
220
- (0, chai_1.expect)(updatedDefault.rev).to.not.equal(switchedUser.rev);
221
- (0, chai_1.expect)(Object.keys((_a = updatedDefault.authenticationTokens) !== null && _a !== void 0 ? _a : {})).to.not.be.empty;
222
- }));
223
- });
224
- //# sourceMappingURL=smart-auth-provider-test.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"smart-auth-provider-test.js","sourceRoot":"","sources":["../../../../test/icc-x-api/auth/smart-auth-provider-test.ts"],"names":[],"mappings":";;;;;;;;;;;AAAA,mDAAmE;AACnE,iCAA8B;AAC9B,uDAAqJ;AACrJ,kDAAkH;AAClH,8CAAyD;AACzD,4BAAyB;AACzB,iFAAgH;AAChH,+BAA6B;AAC7B,mCAAmC;AACnC,IAAO,aAAa,GAAG,sBAAS,CAAC,aAAa,CAAA;AAC9C,mCAA6B;AAC7B,qCAA8B;AAC9B,IAAA,4BAAe,EAAC,KAAK,CAAC,CAAA;AAEtB,IAAI,GAAa,CAAA;AACjB,IAAI,OAAmB,CAAA;AAEvB,QAAQ,CAAC,+BAA+B,EAAE,GAAG,EAAE;IAC7C,IAAA,cAAM,EAAC;;YACL,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAA;YACpB,MAAM,WAAW,GAAG,MAAM,IAAA,sCAAyB,GAAE,CAAA;YACrD,GAAG,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,IAAA,uBAAe,GAAE,CAAC,CAAA;YAClD,OAAO,GAAG,IAAI,oBAAU,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,EAAE,IAAI,oCAAwB,EAAE,EAAE,KAAK,CAAC,CAAA;QACnF,CAAC;KAAA,CAAC,CAAA;IAEF,SAAS,mBAAmB,CAAC,YAAoC;QAC/D,OAAO,IAAI,oBAAU,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,EAAE,YAAY,EAAE,KAAK,CAAC,CAAA;IAC9D,CAAC;IAED,EAAE,CAAC,kGAAkG,EAAE,GAAS,EAAE;QAChH,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,IAAA,4BAAe,EAAC,GAAG,CAAC,CAAA;QAClD,IAAI,KAAK,GAAG,CAAC,CAAA;QACb,MAAM,YAAY,GAAG,MAAM,qCAAiB,CAAC,UAAU,CAAC,OAAO,EAAE,WAAW,CAAC,IAAI,EAAE;YACjF,SAAS,EAAE,CAAO,eAAiC,EAAE,gBAAqC,EAAE,EAAE;gBAC5F,IAAA,aAAM,EAAC,eAAe,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,kCAAc,CAAC,QAAQ,CAAC,CAAA;gBAC3D,IAAA,aAAM,EAAC,eAAe,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,kCAAc,CAAC,gBAAgB,CAAC,CAAA;gBACnE,IAAA,aAAM,EAAC,eAAe,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,kCAAc,CAAC,iBAAiB,CAAC,CAAA;gBACpE,IAAA,aAAM,EAAC,eAAe,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,kCAAc,CAAC,+BAA+B,CAAC,CAAA;gBACtF,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;oBACf,IAAA,aAAM,EAAC,gBAAgB,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,KAAK,CAAA;gBACtC,CAAC;qBAAM,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;oBACtB,IAAA,aAAM,EAAC,gBAAgB,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAA;oBAC1C,IAAA,aAAM,EAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;oBACnD,IAAA,aAAM,EAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,kCAAc,CAAC,gBAAgB,CAAC,CAAA;gBAClF,CAAC;;oBAAM,IAAA,aAAI,EAAC,+BAA+B,KAAK,EAAE,CAAC,CAAA;gBACnD,OAAO,KAAK,EAAE,IAAI,CAAC;oBACjB,CAAC,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,UAAU,EAAE,kCAAc,CAAC,gBAAgB,EAAE,CAAC,2BAA2B;oBAC7F,CAAC,CAAC,EAAE,KAAK,EAAE,WAAW,CAAC,QAAQ,EAAE,UAAU,EAAE,kCAAc,CAAC,gBAAgB,EAAE,CAAA;YAClF,CAAC,CAAA;SACF,CAAC,CAAA;QACF,MAAM,OAAO,GAAG,mBAAmB,CAAC,YAAY,CAAC,CAAA;QACjD,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,cAAc,EAAE,CAAA;QAC3C,IAAA,aAAM,EAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,WAAW,CAAC,WAAW,CAAC,CAAA;QAChE,IAAA,aAAM,EAAC,KAAK,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAC3B,CAAC,CAAA,CAAC,CAAA;IAEF,IAAA,qBAAQ,EACN,8IAA8I,EAC9I,GAAS,EAAE;QACT,MAAM,EAAE,WAAW,EAAE,GAAG,EAAE,GAAG,MAAM,IAAA,4BAAe,EAAC,GAAG,CAAC,CAAA;QACvD,MAAM,WAAW,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,cAAc,EAAE,CAAA;QACtD,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,GAAG,CAAC,CAAA;QAC1C,MAAM,SAAS,GAAG,IAAA,mBAAU,GAAE,CAAA;QAC9B,MAAM,MAAM,GAAG,IAAA,mBAAU,GAAE,CAAA;QAC3B,MAAM,sBAAsB,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,UAAU,iCAC5D,WAAW,KACd,YAAY,EAAE,MAAM,EACpB,oBAAoB,EAAE;gBACpB,uBAAuB,EAAE;oBACvB,KAAK,EAAE,SAAS;oBAChB,YAAY,EAAE,IAAI,CAAC,GAAG,EAAE;oBACxB,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC;iBAC3B;aACF,IACD,CAAA;QACF,IAAI,KAAK,GAAG,CAAC,CAAA;QACb,MAAM,YAAY,GAAG,MAAM,qCAAiB,CAAC,UAAU,CAAC,OAAO,EAAE,WAAW,CAAC,IAAI,EAAE;YACjF,SAAS,EAAE,CAAO,eAAiC,EAAE,gBAAqC,EAAE,EAAE;gBAC5F,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;oBACf,IAAA,aAAM,EAAC,eAAe,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,kCAAc,CAAC,QAAQ,CAAC,CAAA;oBAC3D,IAAA,aAAM,EAAC,eAAe,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,kCAAc,CAAC,gBAAgB,CAAC,CAAA;oBACnE,IAAA,aAAM,EAAC,eAAe,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,kCAAc,CAAC,iBAAiB,CAAC,CAAA;oBACpE,IAAA,aAAM,EAAC,eAAe,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,kCAAc,CAAC,+BAA+B,CAAC,CAAA;oBACtF,IAAA,aAAM,EAAC,gBAAgB,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,KAAK,CAAA;oBACpC,KAAK,EAAE,CAAA;oBACP,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,kCAAc,CAAC,gBAAgB,EAAE,CAAA;gBAC1E,CAAC;qBAAM,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;oBACtB,IAAA,aAAM,EAAC,eAAe,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,kCAAc,CAAC,QAAQ,CAAC,CAAA;oBAC3D,IAAA,aAAM,EAAC,eAAe,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,kCAAc,CAAC,gBAAgB,CAAC,CAAA;oBACvE,IAAA,aAAM,EAAC,eAAe,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,kCAAc,CAAC,iBAAiB,CAAC,CAAA;oBACpE,IAAA,aAAM,EAAC,eAAe,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,kCAAc,CAAC,+BAA+B,CAAC,CAAA;oBACtF,IAAA,aAAM,EAAC,gBAAgB,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,KAAK,CAAA;oBACpC,KAAK,EAAE,CAAA;oBACP,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,kCAAc,CAAC,QAAQ,EAAE,CAAA;gBAC/D,CAAC;;oBAAM,MAAM,IAAI,KAAK,CAAC,+BAA+B,KAAK,EAAE,CAAC,CAAA;YAChE,CAAC,CAAA;SACF,CAAC,CAAA;QACF,MAAM,OAAO,GAAG,mBAAmB,CAAC,YAAY,CAAC,CAAA;QACjD,IAAA,aAAM,EAAC,CAAC,MAAM,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAA;QACjF,IAAA,aAAM,EAAC,KAAK,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;QACzB,MAAM,KAAK,GAAG,IAAA,mBAAU,GAAE,CAAA;QAC1B,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,UAAU,iCAAM,sBAAsB,KAAE,YAAY,EAAE,KAAK,IAAG,CAAA;QAClG,IAAA,aAAM,EAAC,aAAa,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAA;QAClE,IAAA,aAAM,EAAC,KAAK,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;QACzB,MAAM,kBAAkB,GAAG,MAAM,mBAAmB,CAAC,IAAI,uCAA2B,CAAC,WAAW,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,cAAc,EAAE,CAAA;QAC/H,IAAA,aAAM,EAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA;QAC1D,MAAM,sBAAsB,GAAG,MAAM,mBAAmB,CAAC,IAAI,uCAA2B,CAAC,WAAW,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;aAChH,cAAc,EAAE;aAChB,IAAI,CACH,GAAG,EAAE,CAAC,IAAI,EACV,GAAG,EAAE,CAAC,KAAK,CACZ,CAAA;QACH,IAAA,aAAM,EAAC,sBAAsB,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,KAAK,CAAA;IAC5C,CAAC,CAAA,CACF,CAAA;IAED,IAAA,qBAAQ,EAAC,0EAA0E,EAAE,GAAS,EAAE;QAC9F,MAAM,EAAE,WAAW,EAAE,GAAG,EAAE,GAAG,MAAM,IAAA,4BAAe,EAAC,GAAG,CAAC,CAAA;QACvD,MAAM,WAAW,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,cAAc,EAAE,CAAA;QACtD,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,GAAG,CAAC,CAAA;QAC1C,MAAM,UAAU,GAAG,kBAAkB,CAAA,CAAC,iEAAiE;QACvG,MAAM,IAAI,GAAG,IAAI,cAAI,CAAC;YACpB,SAAS,EAAE,MAAM;YACjB,MAAM,EAAE,CAAC;YACT,MAAM,EAAE,EAAE;YACV,MAAM,EAAE,UAAU;SACnB,CAAC,CAAA;QACF,MAAM,MAAM,GAAG,IAAA,mBAAU,GAAE,CAAA;QAC3B,MAAM,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,WAAW,CAAC,EAAG,EAAE,UAAU,CAAC,CAAA;QAC9D,MAAM,gBAAgB,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,UAAU,iCACtD,WAAW,KACd,YAAY,EAAE,MAAM,IACpB,CAAA;QACF,IAAI,KAAK,GAAG,CAAC,CAAA;QACb,MAAM,YAAY,GAAG,MAAM,qCAAiB,CAAC,UAAU,CAAC,OAAO,EAAE,WAAW,CAAC,IAAI,EAAE;YACjF,SAAS,EAAE,CAAO,eAAiC,EAAE,gBAAqC,EAAE,EAAE;gBAC5F,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;oBACf,IAAA,aAAM,EAAC,eAAe,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,kCAAc,CAAC,QAAQ,CAAC,CAAA;oBAC3D,IAAA,aAAM,EAAC,eAAe,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,kCAAc,CAAC,gBAAgB,CAAC,CAAA;oBACnE,IAAA,aAAM,EAAC,eAAe,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,kCAAc,CAAC,iBAAiB,CAAC,CAAA;oBACpE,IAAA,aAAM,EAAC,eAAe,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,kCAAc,CAAC,+BAA+B,CAAC,CAAA;oBACtF,IAAA,aAAM,EAAC,gBAAgB,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,KAAK,CAAA;oBACpC,KAAK,EAAE,CAAA;oBACP,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,kCAAc,CAAC,QAAQ,EAAE,CAAA;gBAC/D,CAAC;qBAAM,IAAI,KAAK,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;oBACpC,IAAA,aAAM,EAAC,eAAe,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,kCAAc,CAAC,+BAA+B,CAAC,CAAC,CAAA;oBACzF,IAAI,KAAK,IAAI,CAAC;wBAAE,IAAA,aAAM,EAAC,gBAAgB,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,KAAK,CAAA;oBACpD,IAAI,KAAK,IAAI,CAAC;wBAAE,IAAA,aAAM,EAAC,gBAAgB,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAA;oBAC1D,OAAO,KAAK,EAAE,IAAI,CAAC;wBACjB,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,GAAG,IAAI,EAAE,UAAU,EAAE,kCAAc,CAAC,+BAA+B,EAAE;wBAC/F,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,EAAE,UAAU,EAAE,kCAAc,CAAC,+BAA+B,EAAE,CAAA;gBAC5F,CAAC;;oBAAM,MAAM,IAAI,KAAK,CAAC,+BAA+B,KAAK,EAAE,CAAC,CAAA;YAChE,CAAC,CAAA;SACF,CAAC,CAAA;QACF,MAAM,OAAO,GAAG,mBAAmB,CAAC,YAAY,CAAC,CAAA;QACjD,IAAA,aAAM,EAAC,CAAC,MAAM,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAA;QAC3E,IAAA,aAAM,EAAC,KAAK,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAC3B,CAAC,CAAA,CAAC,CAAA;IAEF,IAAA,qBAAQ,EAAC,oDAAoD,EAAE,GAAS,EAAE;QACxE,MAAM,EAAE,WAAW,EAAE,GAAG,EAAE,GAAG,MAAM,IAAA,4BAAe,EAAC,GAAG,CAAC,CAAA;QACvD,MAAM,WAAW,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,cAAc,EAAE,CAAA;QACtD,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,GAAG,CAAC,CAAA;QAC1C,MAAM,UAAU,GAAG,kBAAkB,CAAA,CAAC,iEAAiE;QACvG,MAAM,IAAI,GAAG,IAAI,cAAI,CAAC;YACpB,SAAS,EAAE,MAAM;YACjB,MAAM,EAAE,CAAC;YACT,MAAM,EAAE,EAAE;YACV,MAAM,EAAE,UAAU;SACnB,CAAC,CAAA;QACF,MAAM,MAAM,GAAG,IAAA,mBAAU,GAAE,CAAA;QAC3B,MAAM,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,WAAW,CAAC,EAAG,EAAE,UAAU,CAAC,CAAA;QAC9D,MAAM,gBAAgB,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,UAAU,iCACtD,WAAW,KACd,YAAY,EAAE,MAAM,IACpB,CAAA;QACF,IAAI,KAAK,GAAG,CAAC,CAAA;QACb,MAAM,YAAY,GAAG,MAAM,qCAAiB,CAAC,UAAU,CACrD,OAAO,EACP,WAAW,CAAC,IAAI,EAChB;YACE,SAAS,EAAE,CAAO,eAAiC,EAAE,gBAAqC,EAAE,EAAE;gBAC5F,IAAA,aAAM,EAAC,eAAe,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,kCAAc,CAAC,+BAA+B,CAAC,CAAC,CAAA;gBACzF,IAAA,aAAM,EAAC,gBAAgB,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,KAAK,CAAA;gBACpC,IAAA,aAAM,EAAC,KAAK,EAAE,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;gBAC3B,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,EAAE,UAAU,EAAE,kCAAc,CAAC,+BAA+B,EAAE,CAAA;YAC/F,CAAC,CAAA;SACF,EACD;YACE,aAAa,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE;SACpC,CACF,CAAA;QACD,MAAM,OAAO,GAAG,mBAAmB,CAAC,YAAY,CAAC,CAAA;QACjD,IAAA,aAAM,EAAC,CAAC,MAAM,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAA;QAC3E,IAAA,aAAM,EAAC,KAAK,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAC3B,CAAC,CAAA,CAAC,CAAA;IAEF,IAAA,qBAAQ,EAAC,mGAAmG,EAAE,GAAS,EAAE;;QACvH,MAAM,OAAO,GAAG,MAAM,IAAA,uCAA0B,EAAC,GAAG,CAAC,CAAA;QACrD,IAAI,KAAK,GAAG,CAAC,CAAA;QACb,MAAM,YAAY,GAAG,MAAM,qCAAiB,CAAC,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,SAAS,EAAE;YAClF,SAAS,EAAE,CAAO,eAAiC,EAAE,gBAAqC,EAAE,EAAE;gBAC5F,IAAA,aAAM,EAAC,eAAe,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,kCAAc,CAAC,QAAQ,CAAC,CAAA;gBAChE,IAAA,aAAM,EAAC,gBAAgB,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,KAAK,CAAA;gBACpC,IAAA,aAAM,EAAC,KAAK,EAAE,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;gBAC3B,OAAO,EAAE,KAAK,EAAE,OAAO,CAAC,QAAQ,EAAE,UAAU,EAAE,kCAAc,CAAC,QAAQ,EAAE,CAAA;YACzE,CAAC,CAAA;SACF,CAAC,CAAA;QACF,MAAM,mBAAmB,GAAG,mBAAmB,CAAC,YAAY,CAAC,CAAA;QAC7D,MAAM,gBAAgB,GAAG,MAAM,mBAAmB,CAAC,cAAc,EAAE,CAAA;QACnE,MAAM,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAA;QAC1G,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC,gBAAgB,EAAE,CAAA;QAC5D,MAAM,eAAe,GAAG,mBAAmB,CAAC,MAAM,YAAY,CAAC,WAAW,CAAC,YAAa,EAAE,OAAO,CAAC,CAAC,CAAA;QACnG,MAAM,YAAY,GAAG,MAAM,eAAe,CAAC,cAAc,EAAE,CAAA;QAC3D,IAAA,aAAM,EAAC,YAAY,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAA;QACzD,IAAA,aAAM,EAAC,YAAY,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,YAAY,CAAC,CAAA;QACnD,MAAM,cAAc,GAAG,MAAM,eAAe,CAAC,UAAU,iCAClD,YAAY,KACf,oBAAoB,EAAE;gBACpB,WAAW,EAAE;oBACX,KAAK,EAAE,IAAA,mBAAU,GAAE;oBACnB,YAAY,EAAE,IAAI,CAAC,GAAG,EAAE;oBACxB,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC;iBAC3B;aACF,IACD,CAAA;QACF,IAAA,aAAM,EAAC,cAAc,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,YAAY,CAAC,GAAG,CAAC,CAAA;QACzD,IAAA,aAAM,EAAC,MAAM,CAAC,IAAI,CAAC,MAAA,cAAc,CAAC,oBAAoB,mCAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,KAAK,CAAA;IAChF,CAAC,CAAA,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA","sourcesContent":["import { getEnvVariables, TestVars } from '@icure/test-setup/types'\nimport { before } from 'mocha'\nimport { createNewHcpApi, createUserInMultipleGroups, getEnvironmentInitializer, itNoLite, setLocalStorage, TestUtils } from '../../utils/test_utils'\nimport { AuthenticationProvider, BasicAuthenticationProvider, NoAuthenticationProvider } from '../../../icc-x-api'\nimport { IccAuthApi, IccUserApi } from '../../../icc-api'\nimport 'isomorphic-fetch'\nimport { AuthSecretDetails, AuthSecretType, SmartAuthProvider } from '../../../icc-x-api/auth/SmartAuthProvider'\nimport { expect } from 'chai'\nimport { randomUUID } from 'crypto'\nimport initMasterApi = TestUtils.initMasterApi\nimport { fail } from 'assert'\nimport { TOTP } from 'otpauth'\nsetLocalStorage(fetch)\n\nlet env: TestVars\nlet authApi: IccAuthApi\n\ndescribe('Smart authentication provider', () => {\n before(async function () {\n this.timeout(600000)\n const initializer = await getEnvironmentInitializer()\n env = await initializer.execute(getEnvVariables())\n authApi = new IccAuthApi(env.iCureUrl, {}, new NoAuthenticationProvider(), fetch)\n })\n\n function userApiWithProvider(authProvider: AuthenticationProvider): IccUserApi {\n return new IccUserApi(env.iCureUrl, {}, authProvider, fetch)\n }\n\n it('Should automatically ask for secret to get a new token, and reasks the secret if it is not valid', async () => {\n const { credentials } = await createNewHcpApi(env)\n let calls = 0\n const authProvider = await SmartAuthProvider.initialise(authApi, credentials.user, {\n getSecret: async (acceptedSecrets: AuthSecretType[], previousAttempts: AuthSecretDetails[]) => {\n expect(acceptedSecrets).to.include(AuthSecretType.PASSWORD)\n expect(acceptedSecrets).to.include(AuthSecretType.LONG_LIVED_TOKEN)\n expect(acceptedSecrets).to.include(AuthSecretType.SHORT_LIVED_TOKEN)\n expect(acceptedSecrets).to.not.include(AuthSecretType.TWO_FACTOR_AUTHENTICATION_TOKEN)\n if (calls == 0) {\n expect(previousAttempts).to.be.empty\n } else if (calls == 1) {\n expect(previousAttempts).to.have.length(1)\n expect(previousAttempts[0].value).to.equal('wrong')\n expect(previousAttempts[0].secretType).to.equal(AuthSecretType.LONG_LIVED_TOKEN)\n } else fail(`Unexpected number of calls: ${calls}`)\n return calls++ == 0\n ? { value: 'wrong', secretType: AuthSecretType.LONG_LIVED_TOKEN } // pragma: allowlist secret\n : { value: credentials.password, secretType: AuthSecretType.LONG_LIVED_TOKEN }\n },\n })\n const userApi = userApiWithProvider(authProvider)\n const user = await userApi.getCurrentUser()\n expect(user.healthcarePartyId).to.equal(credentials.dataOwnerId)\n expect(calls).to.equal(2)\n })\n\n itNoLite(\n 'Should automatically ask for a more powerful secret to perform elevated-security operations if the available secret/token is not good enough',\n async () => {\n const { credentials, api } = await createNewHcpApi(env)\n const initialUser = await api.userApi.getCurrentUser()\n const masterApi = await initMasterApi(env)\n const userToken = randomUUID()\n const userPw = randomUUID()\n const userWithLongTokenAndPw = await masterApi.userApi.modifyUser({\n ...initialUser,\n passwordHash: userPw,\n authenticationTokens: {\n 'test-long-lived-token': {\n token: userToken,\n creationTime: Date.now(),\n validity: 60 * 60 * 24 * 7,\n },\n },\n })\n let calls = 0\n const authProvider = await SmartAuthProvider.initialise(authApi, credentials.user, {\n getSecret: async (acceptedSecrets: AuthSecretType[], previousAttempts: AuthSecretDetails[]) => {\n if (calls == 0) {\n expect(acceptedSecrets).to.include(AuthSecretType.PASSWORD)\n expect(acceptedSecrets).to.include(AuthSecretType.LONG_LIVED_TOKEN)\n expect(acceptedSecrets).to.include(AuthSecretType.SHORT_LIVED_TOKEN)\n expect(acceptedSecrets).to.not.include(AuthSecretType.TWO_FACTOR_AUTHENTICATION_TOKEN)\n expect(previousAttempts).to.be.empty\n calls++\n return { value: userToken, secretType: AuthSecretType.LONG_LIVED_TOKEN }\n } else if (calls == 1) {\n expect(acceptedSecrets).to.include(AuthSecretType.PASSWORD)\n expect(acceptedSecrets).to.not.include(AuthSecretType.LONG_LIVED_TOKEN)\n expect(acceptedSecrets).to.include(AuthSecretType.SHORT_LIVED_TOKEN)\n expect(acceptedSecrets).to.not.include(AuthSecretType.TWO_FACTOR_AUTHENTICATION_TOKEN)\n expect(previousAttempts).to.be.empty\n calls++\n return { value: userPw, secretType: AuthSecretType.PASSWORD }\n } else throw new Error(`Unexpected number of calls: ${calls}`)\n },\n })\n const userApi = userApiWithProvider(authProvider)\n expect((await userApi.getCurrentUser()).rev).to.equal(userWithLongTokenAndPw.rev)\n expect(calls).to.equal(1)\n const newPw = randomUUID()\n const userWithNewPw = await userApi.modifyUser({ ...userWithLongTokenAndPw, passwordHash: newPw })\n expect(userWithNewPw.rev).to.not.equal(userWithLongTokenAndPw.rev)\n expect(calls).to.equal(2)\n const retrievedWithNewPw = await userApiWithProvider(new BasicAuthenticationProvider(credentials.user, newPw)).getCurrentUser()\n expect(retrievedWithNewPw.rev).to.equal(userWithNewPw.rev)\n const couldRetrieveWithOldPw = await userApiWithProvider(new BasicAuthenticationProvider(credentials.user, userPw))\n .getCurrentUser()\n .then(\n () => true,\n () => false\n )\n expect(couldRetrieveWithOldPw).to.be.false\n }\n )\n\n itNoLite('Should automatically ask for TOTP after password if user has 2fa enabled', async () => {\n const { credentials, api } = await createNewHcpApi(env)\n const initialUser = await api.userApi.getCurrentUser()\n const masterApi = await initMasterApi(env)\n const totpSecret = 'AAPX7PW2RJIGZ3D4' // pragma: allowlist secret (fake secret generated only for test)\n const totp = new TOTP({\n algorithm: 'SHA1',\n digits: 6,\n period: 30,\n secret: totpSecret,\n })\n const userPw = randomUUID()\n await masterApi.userApi.enable2fa(initialUser.id!, totpSecret)\n const userWithPwAnd2fa = await masterApi.userApi.modifyUser({\n ...initialUser,\n passwordHash: userPw,\n })\n let calls = 0\n const authProvider = await SmartAuthProvider.initialise(authApi, credentials.user, {\n getSecret: async (acceptedSecrets: AuthSecretType[], previousAttempts: AuthSecretDetails[]) => {\n if (calls == 0) {\n expect(acceptedSecrets).to.include(AuthSecretType.PASSWORD)\n expect(acceptedSecrets).to.include(AuthSecretType.LONG_LIVED_TOKEN)\n expect(acceptedSecrets).to.include(AuthSecretType.SHORT_LIVED_TOKEN)\n expect(acceptedSecrets).to.not.include(AuthSecretType.TWO_FACTOR_AUTHENTICATION_TOKEN)\n expect(previousAttempts).to.be.empty\n calls++\n return { value: userPw, secretType: AuthSecretType.PASSWORD }\n } else if (calls == 1 || calls == 2) {\n expect(acceptedSecrets).to.have.members([AuthSecretType.TWO_FACTOR_AUTHENTICATION_TOKEN])\n if (calls == 1) expect(previousAttempts).to.be.empty\n if (calls == 2) expect(previousAttempts).to.have.length(1)\n return calls++ == 1\n ? { value: totp.generate() + '13', secretType: AuthSecretType.TWO_FACTOR_AUTHENTICATION_TOKEN }\n : { value: totp.generate(), secretType: AuthSecretType.TWO_FACTOR_AUTHENTICATION_TOKEN }\n } else throw new Error(`Unexpected number of calls: ${calls}`)\n },\n })\n const userApi = userApiWithProvider(authProvider)\n expect((await userApi.getCurrentUser()).rev).to.equal(userWithPwAnd2fa.rev)\n expect(calls).to.equal(3)\n })\n\n itNoLite('Should ask for TOTP directly if password is cached', async () => {\n const { credentials, api } = await createNewHcpApi(env)\n const initialUser = await api.userApi.getCurrentUser()\n const masterApi = await initMasterApi(env)\n const totpSecret = 'AAPX7PW2RJIGZ3D4' // pragma: allowlist secret (fake secret generated only for test)\n const totp = new TOTP({\n algorithm: 'SHA1',\n digits: 6,\n period: 30,\n secret: totpSecret,\n })\n const userPw = randomUUID()\n await masterApi.userApi.enable2fa(initialUser.id!, totpSecret)\n const userWithPwAnd2fa = await masterApi.userApi.modifyUser({\n ...initialUser,\n passwordHash: userPw,\n })\n let calls = 0\n const authProvider = await SmartAuthProvider.initialise(\n authApi,\n credentials.user,\n {\n getSecret: async (acceptedSecrets: AuthSecretType[], previousAttempts: AuthSecretDetails[]) => {\n expect(acceptedSecrets).to.have.members([AuthSecretType.TWO_FACTOR_AUTHENTICATION_TOKEN])\n expect(previousAttempts).to.be.empty\n expect(calls++).to.equal(0)\n return { value: totp.generate(), secretType: AuthSecretType.TWO_FACTOR_AUTHENTICATION_TOKEN }\n },\n },\n {\n initialSecret: { password: userPw },\n }\n )\n const userApi = userApiWithProvider(authProvider)\n expect((await userApi.getCurrentUser()).rev).to.equal(userWithPwAnd2fa.rev)\n expect(calls).to.equal(1)\n })\n\n itNoLite('Switched provider should keep cached secrets and should be able to have elevated security context', async () => {\n const details = await createUserInMultipleGroups(env)\n let calls = 0\n const authProvider = await SmartAuthProvider.initialise(authApi, details.userLogin, {\n getSecret: async (acceptedSecrets: AuthSecretType[], previousAttempts: AuthSecretDetails[]) => {\n expect(acceptedSecrets).to.have.include(AuthSecretType.PASSWORD)\n expect(previousAttempts).to.be.empty\n expect(calls++).to.equal(0)\n return { value: details.userPw12, secretType: AuthSecretType.PASSWORD }\n },\n })\n const defaultGroupUserApi = userApiWithProvider(authProvider)\n const defaultGroupUser = await defaultGroupUserApi.getCurrentUser()\n const otherGroupId = details.group1.id == defaultGroupUser.groupId ? details.group2.id : details.group1.id\n const matches = await defaultGroupUserApi.getMatchingUsers()\n const switchedUserApi = userApiWithProvider(await authProvider.switchGroup(otherGroupId!, matches))\n const switchedUser = await switchedUserApi.getCurrentUser()\n expect(switchedUser.id).to.not.equal(defaultGroupUser.id)\n expect(switchedUser.groupId).to.equal(otherGroupId)\n const updatedDefault = await switchedUserApi.modifyUser({\n ...switchedUser,\n authenticationTokens: {\n 'new-token': {\n token: randomUUID(),\n creationTime: Date.now(),\n validity: 60 * 60 * 24 * 7,\n },\n },\n })\n expect(updatedDefault.rev).to.not.equal(switchedUser.rev)\n expect(Object.keys(updatedDefault.authenticationTokens ?? {})).to.not.be.empty\n })\n})\n"]}
@@ -1 +0,0 @@
1
- import 'isomorphic-fetch';
@@ -1,122 +0,0 @@
1
- "use strict";
2
- var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
3
- function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
4
- return new (P || (P = Promise))(function (resolve, reject) {
5
- function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
6
- function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
7
- function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
8
- step((generator = generator.apply(thisArg, _arguments || [])).next());
9
- });
10
- };
11
- Object.defineProperty(exports, "__esModule", { value: true });
12
- const mocha_1 = require("mocha");
13
- const test_utils_1 = require("../utils/test_utils");
14
- const types_1 = require("@icure/test-setup/types");
15
- const DataOwnerTypeEnum_1 = require("../../icc-api/model/DataOwnerTypeEnum");
16
- const icc_x_api_1 = require("../../icc-x-api");
17
- const chai_1 = require("chai");
18
- const TestStorage_1 = require("../utils/TestStorage");
19
- const crypto_1 = require("crypto");
20
- require("isomorphic-fetch");
21
- (0, test_utils_1.setLocalStorage)(fetch);
22
- let env;
23
- describe('Autofix anonymity tests', () => {
24
- (0, mocha_1.before)(function () {
25
- return __awaiter(this, void 0, void 0, function* () {
26
- this.timeout(600000);
27
- const initializer = yield (0, test_utils_1.getEnvironmentInitializer)();
28
- env = yield initializer.execute((0, types_1.getEnvVariables)());
29
- });
30
- });
31
- function initApi(dataOwnerType, isAnonymous) {
32
- return __awaiter(this, void 0, void 0, function* () {
33
- const cryptoStrats = {
34
- dataOwnerRequiresAnonymousDelegation(dataOwner) {
35
- if (isAnonymous)
36
- return dataOwner.type == dataOwnerType;
37
- else
38
- return false;
39
- },
40
- generateNewKeyForDataOwner(self, cryptoPrimitives) {
41
- throw new Error('This method should not be necessary for this test');
42
- },
43
- recoverAndVerifySelfHierarchyKeys(keysData, cryptoPrimitives) {
44
- throw new Error('This method should not be necessary for this test');
45
- },
46
- verifyDelegatePublicKeys(delegate, publicKeys, cryptoPrimitives) {
47
- return Promise.resolve(publicKeys);
48
- },
49
- };
50
- let userDetails;
51
- if (dataOwnerType == DataOwnerTypeEnum_1.DataOwnerTypeEnum.Patient) {
52
- userDetails = (yield (0, test_utils_1.createNewPatientApi)(env)).credentials;
53
- }
54
- else if (dataOwnerType == DataOwnerTypeEnum_1.DataOwnerTypeEnum.Hcp) {
55
- userDetails = (yield (0, test_utils_1.createNewHcpApi)(env)).credentials;
56
- }
57
- else
58
- throw new Error('Unsupported data owner type');
59
- const storage = yield (0, TestStorage_1.testStorageWithKeys)([
60
- {
61
- dataOwnerId: userDetails.dataOwnerId,
62
- pairs: [{ keyPair: { publicKey: userDetails.publicKey, privateKey: userDetails.privateKey }, shaVersion: icc_x_api_1.ShaVersion.Sha1 }],
63
- },
64
- ]);
65
- const api = yield icc_x_api_1.IcureApi.initialise(env.iCureUrl, { username: userDetails.user, password: userDetails.password }, cryptoStrats, crypto_1.webcrypto, fetch, {
66
- keyStorage: storage.keyStorage,
67
- entryKeysFactory: storage.keyFactory,
68
- storage: storage.storage,
69
- });
70
- (0, chai_1.expect)((yield api.dataOwnerApi.getCurrentDataOwnerStub()).type).to.eq(dataOwnerType);
71
- return api;
72
- });
73
- }
74
- function doTest(dataOwnerType, isAnonymous) {
75
- return __awaiter(this, void 0, void 0, function* () {
76
- const api = yield initApi(dataOwnerType, isAnonymous);
77
- const user = yield api.userApi.getCurrentUser();
78
- const createdWithNewInstance = yield api.patientApi.createPatientWithUser(user, yield api.patientApi.newInstance(user, { firstName: 'q', lastName: 'q' }));
79
- const createdByBackend = yield api.agendaApi.createAgenda({ id: api.cryptoApi.primitives.randomUuid(), name: 'whatever' });
80
- if (isAnonymous) {
81
- (0, chai_1.expect)(createdWithNewInstance.author).to.eq(undefined);
82
- (0, chai_1.expect)(createdWithNewInstance.responsible).to.eq(undefined);
83
- (0, chai_1.expect)(createdByBackend.author).to.eq(undefined);
84
- (0, chai_1.expect)(createdByBackend.responsible).to.eq(undefined);
85
- }
86
- else {
87
- const doId = api.dataOwnerApi.getDataOwnerIdOf(user);
88
- (0, chai_1.expect)(createdWithNewInstance.author).to.eq(user.id);
89
- (0, chai_1.expect)(createdWithNewInstance.responsible).to.eq(doId);
90
- (0, chai_1.expect)(createdByBackend.author).to.eq(user.id);
91
- (0, chai_1.expect)(createdByBackend.responsible).to.eq(doId);
92
- }
93
- const modified = yield api.agendaApi.modifyAgenda(Object.assign(Object.assign({}, createdByBackend), { name: 'whatever 2' }));
94
- if (isAnonymous) {
95
- (0, chai_1.expect)(createdWithNewInstance.author).to.eq(undefined);
96
- (0, chai_1.expect)(createdWithNewInstance.responsible).to.eq(undefined);
97
- (0, chai_1.expect)(createdByBackend.author).to.eq(undefined);
98
- (0, chai_1.expect)(createdByBackend.responsible).to.eq(undefined);
99
- }
100
- else {
101
- const doId = api.dataOwnerApi.getDataOwnerIdOf(user);
102
- (0, chai_1.expect)(createdWithNewInstance.author).to.eq(user.id);
103
- (0, chai_1.expect)(createdWithNewInstance.responsible).to.eq(doId);
104
- (0, chai_1.expect)(createdByBackend.author).to.eq(user.id);
105
- (0, chai_1.expect)(createdByBackend.responsible).to.eq(doId);
106
- }
107
- });
108
- }
109
- it('Entity created by a patient should omit author and responsible if crypto strategies require anonymous delegations for the user', () => __awaiter(void 0, void 0, void 0, function* () {
110
- yield doTest(DataOwnerTypeEnum_1.DataOwnerTypeEnum.Patient, true);
111
- }));
112
- it('Entity created by a patient should autofix author and responsible if crypto strategies does not require anonymous delegations for the user', () => __awaiter(void 0, void 0, void 0, function* () {
113
- yield doTest(DataOwnerTypeEnum_1.DataOwnerTypeEnum.Patient, false);
114
- }));
115
- it('Entity created by a HCP should omit author and responsible if crypto strategies require anonymous delegations for the user', () => __awaiter(void 0, void 0, void 0, function* () {
116
- yield doTest(DataOwnerTypeEnum_1.DataOwnerTypeEnum.Hcp, true);
117
- }));
118
- it('Entity created by a HCP should autofix author and responsible if crypto strategies does not require anonymous delegations for the user', () => __awaiter(void 0, void 0, void 0, function* () {
119
- yield doTest(DataOwnerTypeEnum_1.DataOwnerTypeEnum.Hcp, false);
120
- }));
121
- });
122
- //# sourceMappingURL=autofix-anonymity-test.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"autofix-anonymity-test.js","sourceRoot":"","sources":["../../../test/icc-x-api/autofix-anonymity-test.ts"],"names":[],"mappings":";;;;;;;;;;;AAAA,iCAA8B;AAC9B,oDAAsH;AACtH,mDAAgF;AAChF,6EAAyE;AACzE,+CAAmG;AACnG,+BAA6B;AAG7B,sDAA0D;AAC1D,mCAAkC;AAElC,4BAAyB;AAEzB,IAAA,4BAAe,EAAC,KAAK,CAAC,CAAA;AAEtB,IAAI,GAAa,CAAA;AAEjB,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;IACvC,IAAA,cAAM,EAAC;;YACL,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAA;YACpB,MAAM,WAAW,GAAG,MAAM,IAAA,sCAAyB,GAAE,CAAA;YACrD,GAAG,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,IAAA,uBAAe,GAAE,CAAC,CAAA;QACpD,CAAC;KAAA,CAAC,CAAA;IAEF,SAAe,OAAO,CAAC,aAAgC,EAAE,WAAoB;;YAC3E,MAAM,YAAY,GAAqB;gBACrC,oCAAoC,CAAC,SAAkC;oBACrE,IAAI,WAAW;wBAAE,OAAO,SAAS,CAAC,IAAI,IAAI,aAAa,CAAA;;wBAClD,OAAO,KAAK,CAAA;gBACnB,CAAC;gBACD,0BAA0B,CAAC,IAAuB,EAAE,gBAAkC;oBACpF,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAA;gBACtE,CAAC;gBACD,iCAAiC,CAC/B,QAIG,EACH,gBAAkC;oBAIlC,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAA;gBACtE,CAAC;gBACD,wBAAwB,CAAC,QAAiC,EAAE,UAAoB,EAAE,gBAAkC;oBAClH,OAAO,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,CAAA;gBACpC,CAAC;aACF,CAAA;YACD,IAAI,WAAwB,CAAA;YAC5B,IAAI,aAAa,IAAI,qCAAiB,CAAC,OAAO,EAAE,CAAC;gBAC/C,WAAW,GAAG,CAAC,MAAM,IAAA,gCAAmB,EAAC,GAAG,CAAC,CAAC,CAAC,WAAW,CAAA;YAC5D,CAAC;iBAAM,IAAI,aAAa,IAAI,qCAAiB,CAAC,GAAG,EAAE,CAAC;gBAClD,WAAW,GAAG,CAAC,MAAM,IAAA,4BAAe,EAAC,GAAG,CAAC,CAAC,CAAC,WAAW,CAAA;YACxD,CAAC;;gBAAM,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAA;YACrD,MAAM,OAAO,GAAG,MAAM,IAAA,iCAAmB,EAAC;gBACxC;oBACE,WAAW,EAAE,WAAW,CAAC,WAAW;oBACpC,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,SAAS,EAAE,WAAW,CAAC,SAAS,EAAE,UAAU,EAAE,WAAW,CAAC,UAAU,EAAE,EAAE,UAAU,EAAE,sBAAU,CAAC,IAAI,EAAE,CAAC;iBAC5H;aACF,CAAC,CAAA;YACF,MAAM,GAAG,GAAG,MAAM,oBAAQ,CAAC,UAAU,CACnC,GAAG,CAAC,QAAQ,EACZ,EAAE,QAAQ,EAAE,WAAW,CAAC,IAAI,EAAE,QAAQ,EAAE,WAAW,CAAC,QAAQ,EAAE,EAC9D,YAAY,EACZ,kBAAgB,EAChB,KAAK,EACL;gBACE,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,gBAAgB,EAAE,OAAO,CAAC,UAAU;gBACpC,OAAO,EAAE,OAAO,CAAC,OAAO;aACzB,CACF,CAAA;YACD,IAAA,aAAM,EAAC,CAAC,MAAM,GAAG,CAAC,YAAY,CAAC,uBAAuB,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,aAAa,CAAC,CAAA;YACpF,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAED,SAAe,MAAM,CAAC,aAAgC,EAAE,WAAoB;;YAC1E,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,aAAa,EAAE,WAAW,CAAC,CAAA;YACrD,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,cAAc,EAAE,CAAA;YAC/C,MAAM,sBAAsB,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,qBAAqB,CACvE,IAAI,EACJ,MAAM,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC,IAAI,EAAE,EAAE,SAAS,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC,CAC1E,CAAA;YACD,MAAM,gBAAgB,GAAG,MAAM,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE,EAAE,EAAE,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAA;YAC1H,IAAI,WAAW,EAAE,CAAC;gBAChB,IAAA,aAAM,EAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,SAAS,CAAC,CAAA;gBACtD,IAAA,aAAM,EAAC,sBAAsB,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,SAAS,CAAC,CAAA;gBAC3D,IAAA,aAAM,EAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,SAAS,CAAC,CAAA;gBAChD,IAAA,aAAM,EAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,SAAS,CAAC,CAAA;YACvD,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAA;gBACpD,IAAA,aAAM,EAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;gBACpD,IAAA,aAAM,EAAC,sBAAsB,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,CAAA;gBACtD,IAAA,aAAM,EAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;gBAC9C,IAAA,aAAM,EAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,CAAA;YAClD,CAAC;YACD,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,SAAS,CAAC,YAAY,iCAAM,gBAAgB,KAAE,IAAI,EAAE,YAAY,IAAG,CAAA;YAC9F,IAAI,WAAW,EAAE,CAAC;gBAChB,IAAA,aAAM,EAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,SAAS,CAAC,CAAA;gBACtD,IAAA,aAAM,EAAC,sBAAsB,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,SAAS,CAAC,CAAA;gBAC3D,IAAA,aAAM,EAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,SAAS,CAAC,CAAA;gBAChD,IAAA,aAAM,EAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,SAAS,CAAC,CAAA;YACvD,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAA;gBACpD,IAAA,aAAM,EAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;gBACpD,IAAA,aAAM,EAAC,sBAAsB,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,CAAA;gBACtD,IAAA,aAAM,EAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;gBAC9C,IAAA,aAAM,EAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,CAAA;YAClD,CAAC;QACH,CAAC;KAAA;IAED,EAAE,CAAC,gIAAgI,EAAE,GAAS,EAAE;QAC9I,MAAM,MAAM,CAAC,qCAAiB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;IAC/C,CAAC,CAAA,CAAC,CAAA;IAEF,EAAE,CAAC,4IAA4I,EAAE,GAAS,EAAE;QAC1J,MAAM,MAAM,CAAC,qCAAiB,CAAC,OAAO,EAAE,KAAK,CAAC,CAAA;IAChD,CAAC,CAAA,CAAC,CAAA;IAEF,EAAE,CAAC,4HAA4H,EAAE,GAAS,EAAE;QAC1I,MAAM,MAAM,CAAC,qCAAiB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;IAC3C,CAAC,CAAA,CAAC,CAAA;IAEF,EAAE,CAAC,wIAAwI,EAAE,GAAS,EAAE;QACtJ,MAAM,MAAM,CAAC,qCAAiB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;IAC5C,CAAC,CAAA,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA","sourcesContent":["import { before } from 'mocha'\nimport { createNewHcpApi, createNewPatientApi, getEnvironmentInitializer, setLocalStorage } from '../utils/test_utils'\nimport { getEnvVariables, TestVars, UserDetails } from '@icure/test-setup/types'\nimport { DataOwnerTypeEnum } from '../../icc-api/model/DataOwnerTypeEnum'\nimport { CryptoPrimitives, CryptoStrategies, IcureApi, KeyPair, ShaVersion } from '../../icc-x-api'\nimport { expect } from 'chai'\nimport { CryptoActorStubWithType } from '../../icc-api/model/CryptoActorStub'\nimport { DataOwnerWithType } from '../../icc-api/model/DataOwnerWithType'\nimport { testStorageWithKeys } from '../utils/TestStorage'\nimport { webcrypto } from 'crypto'\n\nimport 'isomorphic-fetch'\n\nsetLocalStorage(fetch)\n\nlet env: TestVars\n\ndescribe('Autofix anonymity tests', () => {\n before(async function () {\n this.timeout(600000)\n const initializer = await getEnvironmentInitializer()\n env = await initializer.execute(getEnvVariables())\n })\n\n async function initApi(dataOwnerType: DataOwnerTypeEnum, isAnonymous: boolean): Promise<IcureApi> {\n const cryptoStrats: CryptoStrategies = {\n dataOwnerRequiresAnonymousDelegation(dataOwner: CryptoActorStubWithType): boolean {\n if (isAnonymous) return dataOwner.type == dataOwnerType\n else return false\n },\n generateNewKeyForDataOwner(self: DataOwnerWithType, cryptoPrimitives: CryptoPrimitives): Promise<KeyPair<CryptoKey> | boolean> {\n throw new Error('This method should not be necessary for this test')\n },\n recoverAndVerifySelfHierarchyKeys(\n keysData: {\n dataOwner: DataOwnerWithType\n unknownKeys: string[]\n unavailableKeys: string[]\n }[],\n cryptoPrimitives: CryptoPrimitives\n ): Promise<{\n [p: string]: { recoveredKeys: { [p: string]: KeyPair<CryptoKey> }; keyAuthenticity: { [p: string]: boolean } }\n }> {\n throw new Error('This method should not be necessary for this test')\n },\n verifyDelegatePublicKeys(delegate: CryptoActorStubWithType, publicKeys: string[], cryptoPrimitives: CryptoPrimitives): Promise<string[]> {\n return Promise.resolve(publicKeys)\n },\n }\n let userDetails: UserDetails\n if (dataOwnerType == DataOwnerTypeEnum.Patient) {\n userDetails = (await createNewPatientApi(env)).credentials\n } else if (dataOwnerType == DataOwnerTypeEnum.Hcp) {\n userDetails = (await createNewHcpApi(env)).credentials\n } else throw new Error('Unsupported data owner type')\n const storage = await testStorageWithKeys([\n {\n dataOwnerId: userDetails.dataOwnerId,\n pairs: [{ keyPair: { publicKey: userDetails.publicKey, privateKey: userDetails.privateKey }, shaVersion: ShaVersion.Sha1 }],\n },\n ])\n const api = await IcureApi.initialise(\n env.iCureUrl,\n { username: userDetails.user, password: userDetails.password },\n cryptoStrats,\n webcrypto as any,\n fetch,\n {\n keyStorage: storage.keyStorage,\n entryKeysFactory: storage.keyFactory,\n storage: storage.storage,\n }\n )\n expect((await api.dataOwnerApi.getCurrentDataOwnerStub()).type).to.eq(dataOwnerType)\n return api\n }\n\n async function doTest(dataOwnerType: DataOwnerTypeEnum, isAnonymous: boolean) {\n const api = await initApi(dataOwnerType, isAnonymous)\n const user = await api.userApi.getCurrentUser()\n const createdWithNewInstance = await api.patientApi.createPatientWithUser(\n user,\n await api.patientApi.newInstance(user, { firstName: 'q', lastName: 'q' })\n )\n const createdByBackend = await api.agendaApi.createAgenda({ id: api.cryptoApi.primitives.randomUuid(), name: 'whatever' })\n if (isAnonymous) {\n expect(createdWithNewInstance.author).to.eq(undefined)\n expect(createdWithNewInstance.responsible).to.eq(undefined)\n expect(createdByBackend.author).to.eq(undefined)\n expect(createdByBackend.responsible).to.eq(undefined)\n } else {\n const doId = api.dataOwnerApi.getDataOwnerIdOf(user)\n expect(createdWithNewInstance.author).to.eq(user.id)\n expect(createdWithNewInstance.responsible).to.eq(doId)\n expect(createdByBackend.author).to.eq(user.id)\n expect(createdByBackend.responsible).to.eq(doId)\n }\n const modified = await api.agendaApi.modifyAgenda({ ...createdByBackend, name: 'whatever 2' })\n if (isAnonymous) {\n expect(createdWithNewInstance.author).to.eq(undefined)\n expect(createdWithNewInstance.responsible).to.eq(undefined)\n expect(createdByBackend.author).to.eq(undefined)\n expect(createdByBackend.responsible).to.eq(undefined)\n } else {\n const doId = api.dataOwnerApi.getDataOwnerIdOf(user)\n expect(createdWithNewInstance.author).to.eq(user.id)\n expect(createdWithNewInstance.responsible).to.eq(doId)\n expect(createdByBackend.author).to.eq(user.id)\n expect(createdByBackend.responsible).to.eq(doId)\n }\n }\n\n it('Entity created by a patient should omit author and responsible if crypto strategies require anonymous delegations for the user', async () => {\n await doTest(DataOwnerTypeEnum.Patient, true)\n })\n\n it('Entity created by a patient should autofix author and responsible if crypto strategies does not require anonymous delegations for the user', async () => {\n await doTest(DataOwnerTypeEnum.Patient, false)\n })\n\n it('Entity created by a HCP should omit author and responsible if crypto strategies require anonymous delegations for the user', async () => {\n await doTest(DataOwnerTypeEnum.Hcp, true)\n })\n\n it('Entity created by a HCP should autofix author and responsible if crypto strategies does not require anonymous delegations for the user', async () => {\n await doTest(DataOwnerTypeEnum.Hcp, false)\n })\n})\n"]}
@@ -1 +0,0 @@
1
- import 'isomorphic-fetch';
@@ -1,168 +0,0 @@
1
- "use strict";
2
- var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
3
- function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
4
- return new (P || (P = Promise))(function (resolve, reject) {
5
- function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
6
- function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
7
- function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
8
- step((generator = generator.apply(thisArg, _arguments || [])).next());
9
- });
10
- };
11
- Object.defineProperty(exports, "__esModule", { value: true });
12
- const test_utils_1 = require("../utils/test_utils");
13
- const types_1 = require("@icure/test-setup/types");
14
- const chai_1 = require("chai");
15
- require("isomorphic-fetch");
16
- const icc_x_api_1 = require("../../icc-x-api");
17
- const SecretIdUseOption_1 = require("../../icc-x-api/crypto/SecretIdUseOption");
18
- var UseAnyConfidential = SecretIdUseOption_1.SecretIdUseOption.UseAnyConfidential;
19
- var UseAnySharedWithParent = SecretIdUseOption_1.SecretIdUseOption.UseAnySharedWithParent;
20
- const crypto_1 = require("crypto");
21
- var UseAllConfidential = SecretIdUseOption_1.SecretIdUseOption.UseAllConfidential;
22
- var UseAllSharedWithParent = SecretIdUseOption_1.SecretIdUseOption.UseAllSharedWithParent;
23
- var UseNone = SecretIdUseOption_1.SecretIdUseOption.UseNone;
24
- (0, test_utils_1.setLocalStorage)(fetch);
25
- var env;
26
- describe('test confidential helement', () => {
27
- before(function () {
28
- return __awaiter(this, void 0, void 0, function* () {
29
- this.timeout(600000);
30
- const initializer = yield (0, test_utils_1.getEnvironmentInitializer)();
31
- env = yield initializer.execute((0, types_1.getEnvVariables)());
32
- });
33
- });
34
- it('confidential entity should be accessible only to user, non confidential should be accessible also to parent', () => __awaiter(void 0, void 0, void 0, function* () {
35
- // Use only the top of the hierarchy for simplicity of the test
36
- const { parentApi: childApi, parentUser: childUser, grandApi: parentApi, grandUser: parentUser } = yield (0, test_utils_1.createHcpHierarchyApis)(env);
37
- const pat = yield childApi.patientApi.newInstance(childUser, { firstName: 'John', lastName: 'Doe' });
38
- const modifiedPatient = (yield childApi.patientApi.initConfidentialSecretId(pat, childUser));
39
- const patientSecretIdsForParent = yield parentApi.patientApi.decryptSecretIdsOf(modifiedPatient);
40
- const patientSecretIdsForChild = yield childApi.patientApi.decryptSecretIdsOf(modifiedPatient);
41
- (0, chai_1.expect)(patientSecretIdsForParent).to.have.length(1);
42
- (0, chai_1.expect)(patientSecretIdsForChild).to.have.length(2);
43
- (0, chai_1.expect)(patientSecretIdsForChild).to.contain(patientSecretIdsForParent[0]);
44
- (0, chai_1.expect)(patientSecretIdsForChild[0]).to.not.eq(patientSecretIdsForChild[1]);
45
- const confidentialHe = yield childApi.healthcareElementApi.createHealthElementWithUser(childUser, yield childApi.healthcareElementApi.newInstance(childUser, modifiedPatient, { descr: 'Confidential info' }, { sfkOption: UseAnyConfidential, ignoreAutoDelegations: true }));
46
- (0, chai_1.expect)(confidentialHe.descr).to.eq('Confidential info');
47
- const nonConfidentialHe = yield childApi.healthcareElementApi.createHealthElementWithUser(childUser, yield childApi.healthcareElementApi.newInstance(childUser, modifiedPatient, { descr: 'Non confidential info' }, { sfkOption: UseAnySharedWithParent }));
48
- (0, chai_1.expect)(nonConfidentialHe.descr).to.eq('Non confidential info');
49
- const retrievedHesAsUser = yield childApi.healthcareElementApi.findBy(childUser.healthcarePartyId, modifiedPatient);
50
- (0, chai_1.expect)(retrievedHesAsUser.length).to.equal(2, 'Child should see confidential and non-confidential data created by him');
51
- (0, chai_1.expect)(retrievedHesAsUser.map((he) => he.id)).to.have.members([confidentialHe.id, nonConfidentialHe.id]);
52
- const retrievedConfidential = retrievedHesAsUser.find((he) => he.id === confidentialHe.id);
53
- const retrievedNonConfidential = retrievedHesAsUser.find((he) => he.id === nonConfidentialHe.id);
54
- (0, chai_1.expect)(retrievedConfidential).to.deep.eq(confidentialHe);
55
- (0, chai_1.expect)(retrievedNonConfidential).to.deep.eq(nonConfidentialHe);
56
- const retrievedHesAsParent = yield parentApi.healthcareElementApi.findBy(parentUser.healthcarePartyId, modifiedPatient);
57
- (0, chai_1.expect)(retrievedHesAsParent.length).to.equal(1, 'Parent should not see confidential data, but only non-confidential data created by child');
58
- (0, chai_1.expect)(retrievedHesAsParent[0]).to.deep.eq(nonConfidentialHe);
59
- let failedToRetrieve = false;
60
- try {
61
- yield parentApi.healthcareElementApi.getHealthElementWithUser(parentUser, confidentialHe.id);
62
- }
63
- catch (e) {
64
- console.log(e);
65
- failedToRetrieve = true;
66
- }
67
- if (!(0, test_utils_1.isLiteTest)()) {
68
- (0, chai_1.expect)(failedToRetrieve).to.equal(true, 'Parent should fail to retrieve confidential data');
69
- }
70
- // Even if in some way I could get the contact I should not be able to decrypt it
71
- (0, chai_1.expect)(yield parentApi.cryptoApi.xapi.encryptionKeysOf({ entity: confidentialHe, type: icc_x_api_1.EntityWithDelegationTypeName.HealthElement }, undefined)).to.have.length(0);
72
- }));
73
- it('creation of confidential data should fail if no confidential secret id is available for patient', () => __awaiter(void 0, void 0, void 0, function* () {
74
- // Use only the top of the hierarchy for simplicity of the test
75
- const { parentApi: childApi, parentUser: childUser, grandApi: parentApi, grandUser: parentUser } = yield (0, test_utils_1.createHcpHierarchyApis)(env);
76
- const pat = yield childApi.patientApi.createPatientWithUser(childUser, yield childApi.patientApi.newInstance(childUser, { firstName: 'John', lastName: 'Doe' }));
77
- let failed = false;
78
- try {
79
- yield childApi.healthcareElementApi.newInstance(childUser, pat, { descr: 'Confidential info' }, { sfkOption: UseAnyConfidential, ignoreAutoDelegations: true });
80
- }
81
- catch (_a) {
82
- failed = true;
83
- }
84
- (0, chai_1.expect)(failed).to.equal(true, 'Creation of confidential data should fail if no confidential secret id is available for patient');
85
- }));
86
- it('creation of non-confidential data should fail if no secret id is available for parent', () => __awaiter(void 0, void 0, void 0, function* () {
87
- // Use only the top of the hierarchy for simplicity of the test
88
- const { parentApi: childApi, parentUser: childUser, grandApi: parentApi, grandUser: parentUser } = yield (0, test_utils_1.createHcpHierarchyApis)(env, false);
89
- const pat = yield childApi.patientApi.createPatientWithUser(childUser, yield childApi.patientApi.newInstance(childUser, { firstName: 'John', lastName: 'Doe' }));
90
- let failed = false;
91
- try {
92
- yield childApi.healthcareElementApi.newInstance(childUser, pat, { descr: 'Confidential info' }, { sfkOption: UseAnySharedWithParent });
93
- }
94
- catch (_a) {
95
- failed = true;
96
- }
97
- (0, chai_1.expect)(failed).to.equal(true, 'Creation of confidential data should fail if no non-confidential secret id is available for patient');
98
- }));
99
- it('confidential or non-confidential is irrelevant if api is initialised without parent key initialisation: data created by user is only accessible to him', () => __awaiter(void 0, void 0, void 0, function* () {
100
- // Use only the top of the hierarchy for simplicity of the test
101
- const { parentApi: childApi, parentUser: childUser, grandApi: parentApi, grandUser: parentUser } = yield (0, test_utils_1.createHcpHierarchyApis)(env, false, true);
102
- const pat = yield childApi.patientApi.newInstance(childUser, { firstName: 'John', lastName: 'Doe' });
103
- const confidentialHe = yield childApi.healthcareElementApi.createHealthElementWithUser(childUser, yield childApi.healthcareElementApi.newInstance(childUser, pat, { descr: 'Confidential info' }, { sfkOption: UseAnyConfidential, ignoreAutoDelegations: true }));
104
- (0, chai_1.expect)(confidentialHe.descr).to.eq('Confidential info');
105
- const nonConfidentialHe = yield childApi.healthcareElementApi.createHealthElementWithUser(childUser, yield childApi.healthcareElementApi.newInstance(childUser, pat, { descr: 'Non confidential info' }, { sfkOption: UseAnySharedWithParent }));
106
- (0, chai_1.expect)(nonConfidentialHe.descr).to.eq('Non confidential info');
107
- const retrievedHesAsUser = yield childApi.healthcareElementApi.findBy(childUser.healthcarePartyId, pat);
108
- (0, chai_1.expect)(retrievedHesAsUser.length).to.equal(2, 'Child should see confidential and non-confidential data created by him');
109
- (0, chai_1.expect)(retrievedHesAsUser.map((he) => he.id)).to.have.members([confidentialHe.id, nonConfidentialHe.id]);
110
- const retrievedConfidential = retrievedHesAsUser.find((he) => he.id === confidentialHe.id);
111
- const retrievedNonConfidential = retrievedHesAsUser.find((he) => he.id === nonConfidentialHe.id);
112
- (0, chai_1.expect)(retrievedConfidential).to.deep.eq(confidentialHe);
113
- (0, chai_1.expect)(retrievedNonConfidential).to.deep.eq(nonConfidentialHe);
114
- yield parentApi.patientApi.decryptSecretIdsOf(pat);
115
- }));
116
- it('sfk confidential option should use one or all secret ids as requested', () => __awaiter(void 0, void 0, void 0, function* () {
117
- // Use only the top of the hierarchy for simplicity of the test
118
- const { parentApi: childApi, parentUser: childUser, grandApi: parentApi, grandUser: parentUser } = yield (0, test_utils_1.createHcpHierarchyApis)(env);
119
- const pat = yield childApi.patientApi.newInstance(childUser, { firstName: 'John', lastName: 'Doe' });
120
- let modifiedPatient = (yield childApi.patientApi.initConfidentialSecretId(pat, childUser));
121
- modifiedPatient = yield childApi.patientApi.shareWith(childUser.healthcarePartyId, modifiedPatient, [(0, crypto_1.randomUUID)()]);
122
- modifiedPatient = yield childApi.patientApi.shareWith(parentUser.healthcarePartyId, modifiedPatient, [(0, crypto_1.randomUUID)()]);
123
- const patientSecretIdsForParent = yield parentApi.patientApi.decryptSecretIdsOf(modifiedPatient);
124
- const patientSecretIdsForChild = yield childApi.patientApi.decryptSecretIdsOf(modifiedPatient);
125
- (0, chai_1.expect)(patientSecretIdsForParent).to.have.length(2);
126
- (0, chai_1.expect)(patientSecretIdsForChild).to.have.length(4);
127
- const confidentialSecretIds = patientSecretIdsForChild.filter((x) => !patientSecretIdsForParent.includes(x));
128
- const nonConfidentialSecretIds = patientSecretIdsForParent;
129
- (0, chai_1.expect)(confidentialSecretIds).to.have.length(2);
130
- (0, chai_1.expect)(yield childApi.patientApi.decryptConfidentialSecretIdsOf(modifiedPatient)).to.have.members(confidentialSecretIds);
131
- (0, chai_1.expect)(yield childApi.patientApi.decryptNonConfidentialSecretIdsOf(modifiedPatient)).to.have.members(nonConfidentialSecretIds);
132
- const anyConfidentialHe = yield childApi.healthcareElementApi.newInstance(childUser, modifiedPatient, { descr: 'Confidential info' }, { sfkOption: UseAnyConfidential, ignoreAutoDelegations: true });
133
- (0, chai_1.expect)(anyConfidentialHe.secretForeignKeys).to.have.length(1);
134
- (0, chai_1.expect)(confidentialSecretIds).to.include(anyConfidentialHe.secretForeignKeys[0]);
135
- const allConfidentialHe = yield childApi.healthcareElementApi.newInstance(childUser, modifiedPatient, { descr: 'Confidential info' }, { sfkOption: UseAllConfidential, ignoreAutoDelegations: true });
136
- (0, chai_1.expect)(allConfidentialHe.secretForeignKeys).to.have.members(confidentialSecretIds);
137
- const anyNonConfidentialHe = yield childApi.healthcareElementApi.newInstance(childUser, modifiedPatient, { descr: 'Confidential info' }, { sfkOption: UseAnySharedWithParent });
138
- (0, chai_1.expect)(anyNonConfidentialHe.secretForeignKeys).to.have.length(1);
139
- (0, chai_1.expect)(nonConfidentialSecretIds).to.include(anyNonConfidentialHe.secretForeignKeys[0]);
140
- const allNonConfidentialHe = yield childApi.healthcareElementApi.newInstance(childUser, modifiedPatient, { descr: 'Confidential info' }, { sfkOption: UseAllSharedWithParent });
141
- (0, chai_1.expect)(allNonConfidentialHe.secretForeignKeys).to.have.members(nonConfidentialSecretIds);
142
- }));
143
- it('Should allow creation of half-links by using no sfk', () => __awaiter(void 0, void 0, void 0, function* () {
144
- const { parentApi: childApi, parentUser: childUser, grandApi: parentApi, grandUser: parentUser } = yield (0, test_utils_1.createHcpHierarchyApis)(env);
145
- const pat = yield childApi.patientApi.newInstance(childUser, { firstName: 'John', lastName: 'Doe' });
146
- const halfLinkedHe = yield childApi.healthcareElementApi.newInstance(childUser, pat, { descr: 'Confidential info' }, { sfkOption: UseNone, ignoreAutoDelegations: true });
147
- (0, chai_1.expect)(halfLinkedHe.secretForeignKeys).to.have.length(0);
148
- const decryptedPatientId = yield childApi.healthcareElementApi.decryptPatientIdOf(halfLinkedHe);
149
- (0, chai_1.expect)(decryptedPatientId).to.have.length(1);
150
- (0, chai_1.expect)(decryptedPatientId[0]).to.equal(pat.id);
151
- }));
152
- it('Should allow creation of links using the provided sfks', () => __awaiter(void 0, void 0, void 0, function* () {
153
- const { parentApi: childApi, parentUser: childUser, grandApi: parentApi, grandUser: parentUser } = yield (0, test_utils_1.createHcpHierarchyApis)(env);
154
- const pat = yield childApi.patientApi.newInstance(childUser, { firstName: 'John', lastName: 'Doe' });
155
- const modifiedPatient = (yield childApi.patientApi.initConfidentialSecretId(pat, childUser));
156
- const secretIds = yield childApi.patientApi.decryptSecretIdsOf(modifiedPatient);
157
- (0, chai_1.expect)(secretIds).to.have.length(2);
158
- const halfLinkedHe = yield childApi.healthcareElementApi.newInstance(childUser, pat, { descr: 'Confidential info' }, { sfkOption: new SecretIdUseOption_1.SecretIdUseOption.Use([]), ignoreAutoDelegations: true });
159
- (0, chai_1.expect)(halfLinkedHe.secretForeignKeys).to.have.length(0);
160
- const linkedHeSfk0 = yield childApi.healthcareElementApi.newInstance(childUser, pat, { descr: 'Confidential info' }, { sfkOption: new SecretIdUseOption_1.SecretIdUseOption.Use([secretIds[0]]), ignoreAutoDelegations: true });
161
- (0, chai_1.expect)(linkedHeSfk0.secretForeignKeys).to.have.members([secretIds[0]]);
162
- const linkedHeSfk1 = yield childApi.healthcareElementApi.newInstance(childUser, pat, { descr: 'Confidential info' }, { sfkOption: new SecretIdUseOption_1.SecretIdUseOption.Use([secretIds[1]]), ignoreAutoDelegations: true });
163
- (0, chai_1.expect)(linkedHeSfk1.secretForeignKeys).to.have.members([secretIds[1]]);
164
- const linkedHeSfkBoth = yield childApi.healthcareElementApi.newInstance(childUser, pat, { descr: 'Confidential info' }, { sfkOption: new SecretIdUseOption_1.SecretIdUseOption.Use(secretIds), ignoreAutoDelegations: true });
165
- (0, chai_1.expect)(linkedHeSfkBoth.secretForeignKeys).to.have.members(secretIds);
166
- }));
167
- });
168
- //# sourceMappingURL=confidential-entities-test.js.map