FI-3064: Fix v2 scope check in EHR Launch with Patient Scopes (#558)

* add passing patient scope test specs * add spec for separate read and search scopes * support receiving read and search scopes separately * remove old spec
onc-healthit · Sep 6, 2024 · 34e8874 · 34e8874
1 parent f6ce4f5
commit 34e8874
Show file tree

Hide file tree

Showing 4 changed files with 110 additions and 99 deletions.
diff --git a/lib/onc_certification_g10_test_kit/patient_scope_test.rb b/lib/onc_certification_g10_test_kit/patient_scope_test.rb
@@ -16,14 +16,40 @@ class PatientScopeTest < Inferno::Test
     id :g10_patient_scope
     input :received_scopes
 
+    def scope_version
+      config.options[:scope_version]
+    end
+
     run do
-      expected_scope = if config.options[:scope_version] == :v2
-                         'patient/Patient.rs'
-                       else
-                         'patient/Patient.read'
-                       end
-      assert received_scopes&.include?(expected_scope),
-             "#{expected_scope} scope was requested, but not received. Received: `#{received_scopes}`"
+      expected_scopes =
+        if scope_version == :v2
+          [
+            Regexp.new(scope_regex_string('patient/Patient.rs').gsub('.rs', '.r?s')),
+            Regexp.new(scope_regex_string('patient/Patient.rs').gsub('.rs', '.rs?'))
+          ]
+        else
+          [Regexp.new(scope_regex_string('patient/Patient.read'))]
+        end
+
+      received_scopes = self.received_scopes.split
+
+      unmatched_scopes =
+        expected_scopes.reject do |expected_scope|
+          received_scopes.any? { |received_scope| received_scope.match? expected_scope }
+        end
+
+      assert unmatched_scopes.blank?,
+             "No scope matching the following was received: `#{unmatched_scopes_string(unmatched_scopes)}`"
+    end
+
+    def scope_regex_string(scope)
+      "\\A#{Regexp.quote(scope)}\\z"
+    end
+
+    def unmatched_scopes_string(unmatched_scopes)
+      unmatched_scopes
+        .map { |scope| "`#{scope.source}`" }
+        .join(', ')
     end
   end
 end
diff --git a/spec/onc_certification_g10_test_kit/patient_scope_test_spec.rb b/spec/onc_certification_g10_test_kit/patient_scope_test_spec.rb
@@ -0,0 +1,77 @@
+RSpec.describe ONCCertificationG10TestKit::PatientScopeTest do
+  def run(runnable, inputs = {})
+    test_run_params = { test_session_id: test_session.id }.merge(runnable.reference_hash)
+    test_run = Inferno::Repositories::TestRuns.new.create(test_run_params)
+    inputs.each do |name, value|
+      session_data_repo.save(
+        test_session_id: test_session.id,
+        name:,
+        value:,
+        type: runnable.config.input_type(name)
+      )
+    end
+    Inferno::TestRunner.new(test_session:, test_run:).run(runnable)
+  end
+
+  let(:test_session) { repo_create(:test_session, test_suite_id: 'g10_certification') }
+  let(:session_data_repo) { Inferno::Repositories::SessionData.new }
+  let(:test) { described_class }
+
+  context 'with v1 scopes' do
+    let(:received_scopes) { 'launch openid fhirUser patient/Patient.read' }
+
+    it 'passes when a patient scope is received' do
+      result = run(test, received_scopes:)
+
+      expect(result.result).to eq('pass')
+    end
+
+    it 'fails when a patient scope is not received' do
+      received_scopes.gsub!('patient/', 'user/')
+      result = run(test, received_scopes:)
+
+      expect(result.result).to eq('fail')
+      expect(result.result_message).to match(/No scope matching/)
+    end
+  end
+
+  context 'with v2 scopes' do
+    let(:received_scopes) { 'launch openid fhirUser patient/Patient.rs' }
+
+    before do
+      allow_any_instance_of(test).to receive(:scope_version).and_return(:v2)
+    end
+
+    it 'passes when patient read and search scopes are received together' do
+      result = run(test, received_scopes:)
+
+      expect(result.result).to eq('pass')
+    end
+
+    it 'passes when patient read and search scopes are received separately' do
+      received_scopes.gsub!('.rs', '.r')
+      received_scopes.concat(' patient/Patient.s')
+
+      result = run(test, received_scopes:)
+
+      expect(result.result).to eq('pass')
+    end
+
+    it 'fails when a patient read and search scopes are not received' do
+      received_scopes.gsub!('patient/', 'user/')
+      result = run(test, received_scopes:)
+
+      expect(result.result).to eq('fail')
+      expect(result.result_message).to match(/No scope matching/)
+    end
+
+    it 'fails if both read and search scopes are not received' do
+      received_scopes.gsub!('.rs', '.r')
+
+      result = run(test, received_scopes:)
+
+      expect(result.result).to eq('fail')
+      expect(result.result_message).to match(/No scope matching/)
+    end
+  end
+end
diff --git a/spec/onc_certification_g10_test_kit/smart_ehr_patient_launch_group_spec.rb b/spec/onc_certification_g10_test_kit/smart_ehr_patient_launch_group_spec.rb
diff --git a/spec/onc_certification_g10_test_kit/smart_ehr_patient_launch_group_stu2_spec.rb b/spec/onc_certification_g10_test_kit/smart_ehr_patient_launch_group_stu2_spec.rb