diff --git a/.env b/.env index d3cc9c6..a816d36 100644 --- a/.env +++ b/.env @@ -1 +1,2 @@ JS_HOST="" +INFERNO_HOST="http://localhost:4567" \ No newline at end of file diff --git a/Gemfile.lock b/Gemfile.lock index c8d3ff8..f909878 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -4,6 +4,7 @@ PATH davinci_dtr_test_kit (0.12.0) inferno_core (~> 0.4.42) jwt (~> 2.6) + smart_app_launch_test_kit (~> 0.4.4) GEM remote: https://rubygems.org/ @@ -16,12 +17,14 @@ GEM zeitwerk (~> 2.3) addressable (2.8.7) public_suffix (>= 2.0.2, < 7.0) + aes_key_wrap (1.1.0) ast (2.4.2) base62-rb (0.3.1) base64 (0.2.0) bcp47 (0.3.3) i18n bigdecimal (3.1.8) + bindata (2.5.0) blueprinter (0.25.2) builder (3.3.0) byebug (11.1.3) @@ -133,6 +136,7 @@ GEM http-accept (1.7.0) http-cookie (1.0.7) domain_name (~> 0.5) + httpclient (2.8.3) i18n (1.14.6) concurrent-ruby (~> 1.0) inferno_core (0.4.42) @@ -166,6 +170,11 @@ GEM rdoc (>= 4.0.0) reline (>= 0.4.2) json (2.7.2) + json-jwt (1.15.3.1) + activesupport (>= 4.2) + aes_key_wrap + bindata + httpclient jwt (2.9.0) base64 kramdown (2.4.0) @@ -279,6 +288,11 @@ GEM connection_pool (>= 2.3.0) rack (>= 2.2.4) redis-client (>= 0.19.0) + smart_app_launch_test_kit (0.4.4) + inferno_core (>= 0.4.2) + json-jwt (~> 1.15.3) + jwt (~> 2.6) + tls_test_kit (~> 0.2.0) sqlite3 (1.7.3) mini_portile2 (~> 2.8.0) sqlite3 (1.7.3-arm64-darwin) @@ -292,6 +306,8 @@ GEM strings-ansi (0.2.0) thor (1.2.2) tilt (2.4.0) + tls_test_kit (0.2.2) + inferno_core (>= 0.4.2) tty-color (0.6.0) tty-markdown (0.7.2) kramdown (>= 1.16.2, < 3.0) diff --git a/README.md b/README.md index ba2d10f..7397028 100644 --- a/README.md +++ b/README.md @@ -1,18 +1,20 @@ # Da Vinci Documentation Templates and Rules (DTR) v2.0.1 Test Kit -The Da Vinci Documentation Templates and Rules (DTR) STU 2.0.1 Test Kit validates the -conformance of systems to the -[DTR STU 2.0.1 FHIR IG](https://hl7.org/fhir/us/davinci-dtr/STU2). +The Da Vinci Documentation Templates and Rules (DTR) STU 2.0.1 Test Kit validates the +conformance of systems to the +[DTR STU 2.0.1 FHIR IG](https://hl7.org/fhir/us/davinci-dtr/STU2). The test kit includes suites targeting the following actors from the specification: - **Payer Servers**: Inferno will act as a client and make a series of requests to the server under test requesting questionnaires. -- **DTR SMART App**: Inferno will act as a server implementing the +- **DTR SMART App**: Inferno will act as a server implementing the payer server and light EHR capabilities and responding to requests for questionnaires and clinical data made by the app under test. -- **DTR Full EHR**: Inferno will act as a server implementing the +- **DTR Full EHR**: Inferno will act as a server implementing the payer server responding to requests for questionnaires made by the EHR under test. +- **DTR Light EHR**: Inferno will act as a DTR SMART App that will connect + to the DTR Light EHR system under test and make requests to the Light EHR under test. In each case, content provided by the system under test will be checked individually for conformance and in aggregate to determine that the full set of features is @@ -27,28 +29,29 @@ FHIR-based data exchange. ## Status -These tests are a **DRAFT** intended to allow DTR implementers to perform -preliminary checks of their implementations against DTR IG requirements and provide -feedback on the tests. Future versions of these tests may validate other +These tests are a **DRAFT** intended to allow DTR implementers to perform +preliminary checks of their implementations against DTR IG requirements and provide +feedback on the tests. Future versions of these tests may validate other requirements and may change how these are tested. ## Test Scope and Limitations The DTR specification is complex and evolving and these tests do not yet -cover the full scope of the specification. In particular, tests have been +cover the full scope of the specification. In particular, tests have been started but not yet released Light DTR EMR actors responsible for launching a DTR SMART App and serving data that the app can use to populate questionnaires. For the implemented actors, see suite-specific documentation on current limitations for the [payer server](lib/davinci_dtr_test_kit/docs/dtr_payer_server_suite_description_v201.md#limitations), -[DTR SMART App](lib/davinci_dtr_test_kit/docs/dtr_smart_app_suite_description_v201.md#limitations), +[DTR SMART App](lib/davinci_dtr_test_kit/docs/dtr_smart_app_suite_description_v201.md#limitations), [DTR Full EHR](lib/davinci_dtr_test_kit/docs/dtr_full_ehr_suite_description_v201.md#limitations) tests +[DTR Light EHR](lib/davinci_dtr_test_kit/docs/dtr_light_ehr_suite_description_v201.md#limitations) ## How to Run Use either of the following methods to run the suites within this test kit. -If you would like to try out the tests but don’t have a DTR implementation, +If you would like to try out the tests but don’t have a DTR implementation, the test home pages include instructions for trying out the tests, including - For payer server testing: running the tests against the DTR SMART App tests in this Test Kit @@ -56,10 +59,11 @@ the test home pages include instructions for trying out the tests, including - For DTR Full EHR testing: [sample postman collection](config/DTR%20Full%20EHR%20Tests%20Postman%20Demo.postman_collection.json) Detailed instructions can be found in the suite descriptions when the tests -are run or within this repository for the -[payer server](lib/davinci_dtr_test_kit/docs/dtr_payer_server_suite_description_v201.md#running-the-tests), +are run or within this repository for the +[payer server](lib/davinci_dtr_test_kit/docs/dtr_payer_server_suite_description_v201.md#running-the-tests), [DTR SMART App](lib/davinci_dtr_test_kit/docs/dtr_smart_app_suite_description_v201.md#running-the-tests), -and [DTR Full EHR](lib/davinci_dtr_test_kit/docs/dtr_full_ehr_suite_description_v201.md#running-the-tests). +[DTR Full EHR](lib/davinci_dtr_test_kit/docs/dtr_full_ehr_suite_description_v201.md#running-the-tests), +and [DTR Light EHR](lib/davinci_dtr_test_kit/docs/dtr_light_ehr_suite_description_v201.md#running-the-tests). ### ONC Hosted Instance @@ -68,7 +72,7 @@ You can run the DTR test kit via the [ONC Inferno](https://inferno.healthit.gov/ ### Local Inferno Instance - Download the source code from this repository. -- [Start or identify](#fhir-server-simulation-for-the-client-suite) +- [Start or identify](#fhir-server-simulation-for-the-client-suite) an Inferno Reference Server instance for Inferno to use for simulation (only needed if planning to run the DTR SMART App test suite). - Open a terminal in the directory containing the downloaded code. @@ -79,8 +83,8 @@ You can run the DTR test kit via the [ONC Inferno](https://inferno.healthit.gov/ ## FHIR Server Simulation for the DTR SMART App Suite The DTR SMART App test suite needs to be able to return responses to FHIR read and search APIs. -These responses can be complex and so the suite relies on a full FHIR server to provide -responses for it to provide back to systems under test. The test kit was written to work +These responses can be complex and so the suite relies on a full FHIR server to provide +responses for it to provide back to systems under test. The test kit was written to work with the [Inferno Reference Server](https://github.com/inferno-framework/inferno-reference-server) - loaded with [patient pat015](https://github.com/inferno-framework/inferno-reference-server/blob/main/resources/dtr_bundle_patient_pat015.json) @@ -91,21 +95,22 @@ with the [Inferno Reference Server](https://github.com/inferno-framework/inferno The test kit can be configured to point to either a local instance of the reference server or to a public instance. The location of the The following are valid configuration approaches: -1. Point to a public instance of the Inferno reference server at either +1. Point to a public instance of the Inferno reference server at either `https://inferno.healthit.gov/reference-server/r4/` or `https://inferno-qa.healthit.gov/reference-server/r4/`: update the `FHIR_REFERENCE_SERVER` environment variable in the appropriate environment file (`.evn.production` when running - in docker [as above](#local-inferno-instance), or `env.development` when + in docker [as above](#local-inferno-instance), or `env.development` when [running the test kit in Ruby](#development)). -2. Run a local instance of the Inferno Reference Server, either - [with docker](https://github.com/inferno-framework/inferno-reference-server?tab=readme-ov-file#running-with-docker) - or [without docker](https://github.com/inferno-framework/inferno-reference-server?tab=readme-ov-file#running-without-docker) - (NOTE: this decision can be made independently from whether to run the test kit with +2. Run a local instance of the Inferno Reference Server, either + [with docker](https://github.com/inferno-framework/inferno-reference-server?tab=readme-ov-file#running-with-docker) + or [without docker](https://github.com/inferno-framework/inferno-reference-server?tab=readme-ov-file#running-without-docker) + (NOTE: this decision can be made independently from whether to run the test kit with docker or using Ruby). ## Providing Feedback and Reporting Issues We welcome feedback on the tests, including but not limited to the following areas: + - Validation logic, such as potential bugs, lax checks, and unexpected failures. - Requirements coverage, such as requirements that have been missed and tests that necessitate features that the IG does not require. - User experience, such as confusing or missing information in the test UI. @@ -114,14 +119,15 @@ Please report any issues with this set of tests in the issues section of this re ## Development -To make updates and additions to this test kit, see the +To make updates and additions to this test kit, see the [Inferno Framework Documentation](https://inferno-framework.github.io/docs/), -particularly the instructions on +particularly the instructions on [development with Ruby](https://inferno-framework.github.io/docs/getting-started/#development-with-ruby). ### Client Questionnaire Workflow Test Framework To support testing that clients can fetch, populate, and complete various questionnaires with different features, the test kit includes a framework for building different iterations of these tests. At a high-level, the framework includes the ability to associate a set of fixtures with a group of tests including + - a questionnaire that will be sent back when the client makes a $questionnaire-package request - a questionnaire response that contains expected pre-populated and overriden items. These are indicated by the origin.source extension on items with link ids corresponding to items in the questionnaire with cql expressions for pre-population. When it is `auto` that is the expected answer based on data Inferno has. When it is `override` that is the answer that would be present if the pre-populated answer were used, but Inferno will check that a different value is present since the tester will be expected to override the answer. @@ -140,9 +146,11 @@ them to send requests to Inferno for the purposes of testing. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at + ``` http://www.apache.org/licenses/LICENSE-2.0 ``` + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the @@ -151,4 +159,4 @@ specific language governing permissions and limitations under the License. ## Trademark Notice HL7, FHIR and the FHIR [FLAME DESIGN] are the registered trademarks of Health -Level Seven International and their use does not constitute endorsement by HL7. \ No newline at end of file +Level Seven International and their use does not constitute endorsement by HL7. diff --git a/config/presets/inferno_dtr_server_suite.json b/config/presets/inferno_dtr_server_suite.json new file mode 100644 index 0000000..d94372c --- /dev/null +++ b/config/presets/inferno_dtr_server_suite.json @@ -0,0 +1,26 @@ +{ + "title": "Inferno Reference Server", + "id": "smart_stu2_reference_server", + "test_suite_id": "dtr_light_ehr", + "inputs": [ + { + "name": "url", + "description": "URL of the FHIR endpoint used by SMART applications", + "title": "FHIR Endpoint", + "type": "text", + "value": "https://inferno-qa.healthit.gov/reference-server/r4" + }, + { + "name": "ehr_client_id", + "description": "Client ID provided during registration of Inferno as an EHR launch application", + "title": "EHR Launch Client ID", + "type": "text", + "value": "SAMPLE_PUBLIC_CLIENT_ID" + }, + { + "name": "standalone_client_id", + "type": "text", + "value": "SAMPLE_PUBLIC_CLIENT_ID" + } + ] +} diff --git a/davinci_dtr_test_kit.gemspec b/davinci_dtr_test_kit.gemspec index 06ae623..f12307c 100644 --- a/davinci_dtr_test_kit.gemspec +++ b/davinci_dtr_test_kit.gemspec @@ -11,6 +11,7 @@ Gem::Specification.new do |spec| spec.license = 'Apache-2.0' spec.add_dependency 'inferno_core', '~> 0.4.42' spec.add_dependency 'jwt', '~> 2.6' + spec.add_dependency 'smart_app_launch_test_kit', '~> 0.4.4' spec.required_ruby_version = Gem::Requirement.new('>= 3.1.2') spec.metadata['homepage_uri'] = spec.homepage spec.metadata['source_code_uri'] = spec.homepage diff --git a/lib/davinci_dtr_test_kit.rb b/lib/davinci_dtr_test_kit.rb index 22eec4c..8ef6198 100644 --- a/lib/davinci_dtr_test_kit.rb +++ b/lib/davinci_dtr_test_kit.rb @@ -1,4 +1,4 @@ require_relative 'davinci_dtr_test_kit/dtr_payer_server_suite' require_relative 'davinci_dtr_test_kit/dtr_smart_app_suite' require_relative 'davinci_dtr_test_kit/dtr_full_ehr_suite' -# require_relative 'davinci_dtr_test_kit/dtr_light_ehr_suite' +require_relative 'davinci_dtr_test_kit/dtr_light_ehr_suite' diff --git a/lib/davinci_dtr_test_kit/docs/dtr_light_ehr_suite_description_v201.md b/lib/davinci_dtr_test_kit/docs/dtr_light_ehr_suite_description_v201.md new file mode 100644 index 0000000..37bf5a0 --- /dev/null +++ b/lib/davinci_dtr_test_kit/docs/dtr_light_ehr_suite_description_v201.md @@ -0,0 +1,29 @@ +The Da Vinci DTR Test Kit Light EHR Suite validates the conformance of SMART apps +to the STU 2 version of the HL7® FHIR® +[Da Vinci Documentation Templates and Rules (DTR) Implementation Guide](https://hl7.org/fhir/us/davinci-dtr/STU2/). + +## Scope + +These tests are a **DRAFT** intended to allow app implementers to perform +preliminary checks of their systems against DTR IG requirements and [provide +feedback](https://github.com/inferno-framework/davinci-dtr-test-kit/issues) +on the tests. Future versions of these tests may validate other +requirements and may change the test validation logic. + +## Test Methodology + +Inferno will simulate a DTR SMART App that will connect to the DTR Light EHR system under test. The tester will need to launch Inferno using either an EHR launch or a Standalone launch. + +Once the connection between the DTR SMART App and the DTR Light EHR is established, tests within this suite check that the DTR Light EHR API is conformant to US Core and any other requirements outlined in the [Light DTR EHR Capability Statement](https://hl7.org/fhir/us/davinci-dtr/STU2/CapabilityStatement-light-dtr-ehr.html#root). + +## Running the Tests + +If you would like to try out the tests but don't have a DTR payer server implementation, you can run these tests against the [public instance of the Inferno Reference Server](https://inferno.healthit.gov/reference-server/r4/) by using the Inferno Reference Server preset in the test suite. + +In order to get the Inferno QA Reference Server to do an EHR launch, navigate to https://inferno.healthit.gov/reference-server/app/app-launch and use https://inferno.healthit.gov/custom/smart/launch as the App Launch URL. + +## Limitations + +The DTR IG is a complex specification and these tests currently validate conformance to only +a subset of IG requirements. Future versions of the test suite will test further +features. diff --git a/lib/davinci_dtr_test_kit/dtr_light_ehr_suite.rb b/lib/davinci_dtr_test_kit/dtr_light_ehr_suite.rb index a5a610c..dccccda 100644 --- a/lib/davinci_dtr_test_kit/dtr_light_ehr_suite.rb +++ b/lib/davinci_dtr_test_kit/dtr_light_ehr_suite.rb @@ -1,18 +1,14 @@ +require 'tls_test_kit' require_relative 'version' +require_relative 'dtr_options' +require 'smart_app_launch/smart_stu1_suite' +require 'smart_app_launch/smart_stu2_suite' module DaVinciDTRTestKit class DTRLightEHRSuite < Inferno::TestSuite id :dtr_light_ehr title 'Da Vinci DTR Light EHR Test Suite' - description %( - # Da Vinci DTR Light EHR Test Suite - - This suite validates that an EMR or other application - can act as a data source for a DTR SMART App. Inferno - will act as a DTR SMART App making requests for data - against the system under test and storing completed - questionnaire responses. - ) + description File.read(File.join(__dir__, 'docs', 'dtr_light_ehr_suite_description_v201.md')) version VERSION @@ -35,28 +31,45 @@ class DTRLightEHRSuite < Inferno::TestSuite } ] - # These inputs will be available to all tests in this suite input :url, - title: 'FHIR Server Base Url' + title: 'FHIR Endpoint', + description: 'URL of the DTR FHIR server' - input :credentials, - title: 'OAuth Credentials', - type: :oauth_credentials, - optional: true + group do + title 'Authorization' - # All FHIR requests in this suite will use this FHIR client - fhir_client do - url :url - oauth_credentials :credentials - end + group from: :smart_discovery_stu2 do + required_suite_options DTROptions::SMART_2_REQUIREMENT + run_as_group + + test from: :tls_version_test do + title 'DTR FHIR Server is secured by transport layer security' + description <<~DESCRIPTION + Under [Privacy, Security, and Safety](https://hl7.org/fhir/us/davinci-crd/STU2/security.html), + the DTR Implementation Guide imposes the following rule about TLS: + As per the [DTR Hook specification](https://cds-hooks.hl7.org/2.0/#security-and-safety), + communications between DTR Clients and DTR Servers SHALL + use TLS. Mutual TLS is not required by this specification but is permitted. DTR Servers and + DTR Clients SHOULD enforce a minimum version and other TLS configuration requirements based + on HRex rules for PHI exchange. + This test verifies that the FHIR server is using TLS 1.2 or higher. + DESCRIPTION - # Hl7 Validator Wrapper: - fhir_resource_validator do - igs 'hl7.fhir.us.davinci-dtr#2.0.1' + id :dtr_server_tls_version_stu2 - exclude_message do |message| - message.message.match?(/\A\S+: \S+: URL value '.*' does not resolve/) + config( + options: { minimum_allowed_version: OpenSSL::SSL::TLS1_2_VERSION } + ) + end end + + group from: :smart_ehr_launch_stu2, + required_suite_options: DTROptions::SMART_2_REQUIREMENT, + run_as_group: true + + group from: :smart_standalone_launch_stu2, + required_suite_options: DTROptions::SMART_2_REQUIREMENT, + run_as_group: true end end end diff --git a/lib/davinci_dtr_test_kit/dtr_options.rb b/lib/davinci_dtr_test_kit/dtr_options.rb new file mode 100644 index 0000000..cef1ded --- /dev/null +++ b/lib/davinci_dtr_test_kit/dtr_options.rb @@ -0,0 +1,7 @@ +module DaVinciDTRTestKit + module DTROptions + SMART_2 = 'smart_app_launch_2'.freeze + + SMART_2_REQUIREMENT = { smart_app_launch_version: SMART_2 }.freeze + end +end