diff --git a/lib/udap_security_test_kit/registration_failure_invalid_contents_test.rb b/lib/udap_security_test_kit/registration_failure_invalid_contents_test.rb index 59780d4..2c96c56 100644 --- a/lib/udap_security_test_kit/registration_failure_invalid_contents_test.rb +++ b/lib/udap_security_test_kit/registration_failure_invalid_contents_test.rb @@ -8,7 +8,7 @@ class RegistrationFailureInvalidContentsTest < Inferno::Test description %( The [UDAP IG Section 3.1](https://hl7.org/fhir/us/udap-security/STU1/registration.html#software-statement) states: > The unique client URI used for the iss claim SHALL match the uriName entry in the Subject Alternative Name - > extension of the client app operator’s X.509 certificate, and SHALL uniquely identify a single client app + > extension of the client app operator’s X.509 certificate, and SHALL uniquelys identify a single client app > operator and application over time The [UDAP IG Section 3.2.3](https://hl7.org/fhir/us/udap-security/STU1/registration.html#request-body) states: diff --git a/spec/udap_security_test_kit/authorization_code_redirect_test_spec.rb b/spec/udap_security_test_kit/authorization_code_redirect_test_spec.rb index 305165a..43fd9ab 100644 --- a/spec/udap_security_test_kit/authorization_code_redirect_test_spec.rb +++ b/spec/udap_security_test_kit/authorization_code_redirect_test_spec.rb @@ -2,12 +2,10 @@ RSpec.describe UDAPSecurityTestKit::AuthorizationCodeRedirectTest, :request do let(:suite_id) { 'udap_security' } - let(:test) { Inferno::Repositories::Tests.new.find('udap_authorization_code_redirect') } - let(:session_data_repo) { Inferno::Repositories::SessionData.new } + let(:test) { find_test(suite, 'udap_authorization_code_redirect') } + let(:url) { 'http://example.com/fhir' } let(:results_repo) { Inferno::Repositories::Results.new } let(:requests_repo) { Inferno::Repositories::Requests.new } - let(:test_session) { repo_create(:test_session, test_suite_id: 'udap_security') } - let(:url) { 'http://example.com/fhir' } let(:inputs) do { udap_fhir_base_url: url, @@ -23,22 +21,6 @@ } end - def run(runnable, inputs = {}) - test_run_params = { test_session_id: test_session.id }.merge(runnable.reference_hash) - test_run = Inferno::Repositories::TestRuns.new.create(test_run_params) - inputs.each do |name, value| - type = runnable.config.input_type(name) - type = 'text' if type == 'radio' - session_data_repo.save( - test_session_id: test_session.id, - name:, - value:, - type: - ) - end - Inferno::TestRunner.new(test_session:, test_run:).run(runnable) - end - context "when optional 'scope' and 'aud' inputs are omitted" do it 'waits and then passes when it receives a request with the correct state' do allow(test).to receive(:parent).and_return(Inferno::TestGroup) diff --git a/spec/udap_security_test_kit/authorization_code_token_exchange_test_spec.rb b/spec/udap_security_test_kit/authorization_code_token_exchange_test_spec.rb index 9fa29b2..eb3357a 100644 --- a/spec/udap_security_test_kit/authorization_code_token_exchange_test_spec.rb +++ b/spec/udap_security_test_kit/authorization_code_token_exchange_test_spec.rb @@ -4,10 +4,7 @@ RSpec.describe UDAPSecurityTestKit::AuthorizationCodeTokenExchangeTest do let(:suite_id) { 'udap_security' } - let(:runnable) { Inferno::Repositories::Tests.new.find('udap_authorization_code_token_exchange') } - let(:session_data_repo) { Inferno::Repositories::SessionData.new } - let(:results_repo) { Inferno::Repositories::Results.new } - let(:test_session) { repo_create(:test_session, test_suite_id: 'udap_security') } + let(:runnable) { find_test(suite, 'udap_authorization_code_token_exchange') } let(:udap_auth_code_flow_client_cert_pem) do UDAPSecurityTestKit::DefaultCertFileLoader.load_test_client_cert_pem_file end @@ -40,20 +37,6 @@ def create_redirect_request(url) ) end - def run(runnable, inputs = {}) - test_run_params = { test_session_id: test_session.id }.merge(runnable.reference_hash) - test_run = Inferno::Repositories::TestRuns.new.create(test_run_params) - inputs.each do |name, value| - session_data_repo.save( - test_session_id: test_session.id, - name:, - value:, - type: runnable.config.input_type(name) - ) - end - Inferno::TestRunner.new(test_session:, test_run:).run(runnable) - end - it 'passes if the token response has a 200 status' do create_redirect_request('http://example.com/redirect?code=CODE') diff --git a/spec/udap_security_test_kit/authorization_endpoint_field_test_spec.rb b/spec/udap_security_test_kit/authorization_endpoint_field_test_spec.rb index 0179697..b5951f7 100644 --- a/spec/udap_security_test_kit/authorization_endpoint_field_test_spec.rb +++ b/spec/udap_security_test_kit/authorization_endpoint_field_test_spec.rb @@ -2,24 +2,7 @@ RSpec.describe UDAPSecurityTestKit::AuthorizationEndpointFieldTest do let(:suite_id) { 'udap_security' } - let(:runnable) { Inferno::Repositories::Tests.new.find('udap_authorization_endpoint_field') } - let(:session_data_repo) { Inferno::Repositories::SessionData.new } - let(:results_repo) { Inferno::Repositories::Results.new } - let(:test_session) { repo_create(:test_session, test_suite_id: 'udap_security') } - - def run(runnable, inputs = {}) - test_run_params = { test_session_id: test_session.id }.merge(runnable.reference_hash) - test_run = Inferno::Repositories::TestRuns.new.create(test_run_params) - inputs.each do |name, value| - session_data_repo.save( - test_session_id: test_session.id, - name:, - value:, - type: runnable.config.input_type(name) - ) - end - Inferno::TestRunner.new(test_session:, test_run:).run(runnable) - end + let(:runnable) { find_test(suite, 'udap_authorization_endpoint_field') } it 'skips if grant_types_supported field is not present' do config = {} diff --git a/spec/udap_security_test_kit/client_credentials_token_exchange_test_spec.rb b/spec/udap_security_test_kit/client_credentials_token_exchange_test_spec.rb index e468329..ad6d349 100644 --- a/spec/udap_security_test_kit/client_credentials_token_exchange_test_spec.rb +++ b/spec/udap_security_test_kit/client_credentials_token_exchange_test_spec.rb @@ -3,10 +3,7 @@ RSpec.describe UDAPSecurityTestKit::ClientCredentialsTokenExchangeTest do let(:suite_id) { 'udap_security' } - let(:runnable) { Inferno::Repositories::Tests.new.find('udap_client_credentials_token_exchange') } - let(:session_data_repo) { Inferno::Repositories::SessionData.new } - let(:results_repo) { Inferno::Repositories::Results.new } - let(:test_session) { repo_create(:test_session, test_suite_id: 'udap_security') } + let(:runnable) { find_test(suite, 'udap_client_credentials_token_exchange') } let(:udap_client_credentials_flow_client_cert_pem) do UDAPSecurityTestKit::DefaultCertFileLoader.load_test_client_cert_pem_file end @@ -17,7 +14,6 @@ let(:base_url) { 'http://example.com/fhir' } let(:udap_token_endpoint) { 'http://example.com/token' } - let(:input) do { udap_token_endpoint:, @@ -28,20 +24,6 @@ } end - def run(runnable, inputs = {}) - test_run_params = { test_session_id: test_session.id }.merge(runnable.reference_hash) - test_run = Inferno::Repositories::TestRuns.new.create(test_run_params) - inputs.each do |name, value| - session_data_repo.save( - test_session_id: test_session.id, - name:, - value:, - type: runnable.config.input_type(name) - ) - end - Inferno::TestRunner.new(test_session:, test_run:).run(runnable) - end - it 'passes if the token response has a 200 status' do stub_request(:post, udap_token_endpoint) .to_return(status: 200, body: {}.to_json) diff --git a/spec/udap_security_test_kit/grant_types_supported_field_test_spec.rb b/spec/udap_security_test_kit/grant_types_supported_field_test_spec.rb index 772bdbe..4df6f07 100644 --- a/spec/udap_security_test_kit/grant_types_supported_field_test_spec.rb +++ b/spec/udap_security_test_kit/grant_types_supported_field_test_spec.rb @@ -2,26 +2,9 @@ RSpec.describe UDAPSecurityTestKit::GrantTypesSupportedFieldTest do let(:suite_id) { 'udap_security' } - let(:runnable) { Inferno::Repositories::Tests.new.find('udap_grant_types_supported_field') } - let(:session_data_repo) { Inferno::Repositories::SessionData.new } - let(:results_repo) { Inferno::Repositories::Results.new } - let(:test_session) { repo_create(:test_session, test_suite_id: 'udap_security') } + let(:runnable) { find_test(suite, 'udap_grant_types_supported_field') } let(:required_flow_type) { [''] } - def run(runnable, inputs = {}) - test_run_params = { test_session_id: test_session.id }.merge(runnable.reference_hash) - test_run = Inferno::Repositories::TestRuns.new.create(test_run_params) - inputs.each do |name, value| - session_data_repo.save( - test_session_id: test_session.id, - name:, - value:, - type: runnable.config.input_type(name) - ) - end - Inferno::TestRunner.new(test_session:, test_run:).run(runnable) - end - context 'when the server can support any authorization flow(s)' do it 'fails if field is not present' do config = {} diff --git a/spec/udap_security_test_kit/reg_endpoint_jwt_signing_alg_values_supported_field_test_spec.rb b/spec/udap_security_test_kit/reg_endpoint_jwt_signing_alg_values_supported_field_test_spec.rb index 7569f3d..e5a94e0 100644 --- a/spec/udap_security_test_kit/reg_endpoint_jwt_signing_alg_values_supported_field_test_spec.rb +++ b/spec/udap_security_test_kit/reg_endpoint_jwt_signing_alg_values_supported_field_test_spec.rb @@ -2,24 +2,7 @@ RSpec.describe UDAPSecurityTestKit::RegEndpointJWTSigningAlgValuesSupportedFieldTest do let(:suite_id) { 'udap_security' } - let(:runnable) { Inferno::Repositories::Tests.new.find('udap_reg_endpoint_jwt_signing_alg_values_supported_field') } - let(:session_data_repo) { Inferno::Repositories::SessionData.new } - let(:results_repo) { Inferno::Repositories::Results.new } - let(:test_session) { repo_create(:test_session, test_suite_id: 'udap_security') } - - def run(runnable, inputs = {}) - test_run_params = { test_session_id: test_session.id }.merge(runnable.reference_hash) - test_run = Inferno::Repositories::TestRuns.new.create(test_run_params) - inputs.each do |name, value| - session_data_repo.save( - test_session_id: test_session.id, - name:, - value:, - type: runnable.config.input_type(name) - ) - end - Inferno::TestRunner.new(test_session:, test_run:).run(runnable) - end + let(:runnable) { find_test(suite, 'udap_reg_endpoint_jwt_signing_alg_values_supported_field') } it 'omits if field is not present' do config = {} diff --git a/spec/udap_security_test_kit/registration_endpoint_field_test_spec.rb b/spec/udap_security_test_kit/registration_endpoint_field_test_spec.rb index 294d830..b521a51 100644 --- a/spec/udap_security_test_kit/registration_endpoint_field_test_spec.rb +++ b/spec/udap_security_test_kit/registration_endpoint_field_test_spec.rb @@ -2,24 +2,7 @@ RSpec.describe UDAPSecurityTestKit::RegistrationEndpointFieldTest do let(:suite_id) { 'udap_security' } - let(:runnable) { Inferno::Repositories::Tests.new.find('udap_registration_endpoint_field') } - let(:session_data_repo) { Inferno::Repositories::SessionData.new } - let(:results_repo) { Inferno::Repositories::Results.new } - let(:test_session) { repo_create(:test_session, test_suite_id: 'udap_security') } - - def run(runnable, inputs = {}) - test_run_params = { test_session_id: test_session.id }.merge(runnable.reference_hash) - test_run = Inferno::Repositories::TestRuns.new.create(test_run_params) - inputs.each do |name, value| - session_data_repo.save( - test_session_id: test_session.id, - name:, - value:, - type: runnable.config.input_type(name) - ) - end - Inferno::TestRunner.new(test_session:, test_run:).run(runnable) - end + let(:runnable) { find_test(suite, 'udap_registration_endpoint_field') } it 'fails if field is not present' do config = {} diff --git a/spec/udap_security_test_kit/registration_failure_invalid_contents_test_spec.rb b/spec/udap_security_test_kit/registration_failure_invalid_contents_test_spec.rb index e060cee..473da64 100644 --- a/spec/udap_security_test_kit/registration_failure_invalid_contents_test_spec.rb +++ b/spec/udap_security_test_kit/registration_failure_invalid_contents_test_spec.rb @@ -3,10 +3,7 @@ RSpec.describe UDAPSecurityTestKit::RegistrationFailureInvalidContentsTest do let(:suite_id) { 'udap_security' } - let(:runnable) { Inferno::Repositories::Tests.new.find('udap_registration_failure_invalid_contents') } - let(:session_data_repo) { Inferno::Repositories::SessionData.new } - let(:results_repo) { Inferno::Repositories::Results.new } - let(:test_session) { repo_create(:test_session, test_suite_id: 'udap_security') } + let(:runnable) { find_test(suite, 'udap_registration_failure_invalid_contents') } let(:udap_client_cert_pem) do UDAPSecurityTestKit::DefaultCertFileLoader.load_test_client_cert_pem_file end @@ -28,31 +25,19 @@ udap_jwt_signing_alg:, udap_registration_requested_scope:, udap_registration_grant_type:, - udap_registration_certifications: + udap_registration_certifications:, + udap_auth_code_flow_client_registration_status: 'update', + udap_auth_code_flow_cert_iss: 'https://inferno.healthit.gov' } end - def run(runnable, inputs = {}) - test_run_params = { test_session_id: test_session.id }.merge(runnable.reference_hash) - test_run = Inferno::Repositories::TestRuns.new.create(test_run_params) - inputs.each do |name, value| - session_data_repo.save( - test_session_id: test_session.id, - name:, - value:, - type: runnable.config.input_type(name) - ) - end - Inferno::TestRunner.new(test_session:, test_run:).run(runnable) - end - it 'fails if response status is not 400' do stub_request(:post, udap_registration_endpoint) .to_return(status: 200, body: {}.to_json) result = run(runnable, input) - expect(result.result).to eq('fail') + expect(result.result).to eq('fail'), result.result_message end it 'passes when response status is 400' do @@ -61,6 +46,6 @@ def run(runnable, inputs = {}) result = run(runnable, input) - expect(result.result).to eq('pass') + expect(result.result).to eq('pass'), result.result_message end end diff --git a/spec/udap_security_test_kit/registration_failure_invalid_jwt_signature_test_spec.rb b/spec/udap_security_test_kit/registration_failure_invalid_jwt_signature_test_spec.rb index 1357c12..7e0e730 100644 --- a/spec/udap_security_test_kit/registration_failure_invalid_jwt_signature_test_spec.rb +++ b/spec/udap_security_test_kit/registration_failure_invalid_jwt_signature_test_spec.rb @@ -3,10 +3,7 @@ RSpec.describe UDAPSecurityTestKit::RegistrationFailureInvalidJWTSignatureTest do let(:suite_id) { 'udap_security' } - let(:runnable) { Inferno::Repositories::Tests.new.find('udap_registration_failure_invalid_jwt_signature') } - let(:session_data_repo) { Inferno::Repositories::SessionData.new } - let(:results_repo) { Inferno::Repositories::Results.new } - let(:test_session) { repo_create(:test_session, test_suite_id: 'udap_security') } + let(:runnable) { find_test(suite, 'udap_registration_failure_invalid_jwt_signature') } let(:udap_client_cert_pem) do UDAPSecurityTestKit::DefaultCertFileLoader.load_test_client_cert_pem_file end @@ -17,6 +14,15 @@ let(:udap_registration_requested_scope) { 'system/*' } let(:udap_registration_grant_type) { 'client_credentials' } let(:udap_registration_certifications) { '' } + let(:udap_auth_code_flow_client_registration_status) { 'update' } + let(:udap_auth_code_flow_client_cert_pem) do + UDAPSecurityTestKit::DefaultCertFileLoader.load_test_client_cert_pem_file + end + + let(:udap_auth_code_flow_client_private_key) do + UDAPSecurityTestKit::DefaultCertFileLoader.load_test_client_private_key_file + end + let(:input) do { udap_client_cert_pem:, @@ -25,31 +31,19 @@ udap_jwt_signing_alg:, udap_registration_requested_scope:, udap_registration_grant_type:, - udap_registration_certifications: + udap_registration_certifications:, + udap_auth_code_flow_client_registration_status:, + udap_auth_code_flow_client_private_key: } end - def run(runnable, inputs = {}) - test_run_params = { test_session_id: test_session.id }.merge(runnable.reference_hash) - test_run = Inferno::Repositories::TestRuns.new.create(test_run_params) - inputs.each do |name, value| - session_data_repo.save( - test_session_id: test_session.id, - name:, - value:, - type: runnable.config.input_type(name) - ) - end - Inferno::TestRunner.new(test_session:, test_run:).run(runnable) - end - it 'fails if response status is not 400' do stub_request(:post, udap_registration_endpoint) .to_return(status: 200, body: {}.to_json) result = run(runnable, input) - expect(result.result).to eq('fail') + expect(result.result).to eq('fail'), result.result_message end it 'passes when response status is 400' do @@ -58,6 +52,6 @@ def run(runnable, inputs = {}) result = run(runnable, input) - expect(result.result).to eq('pass') + expect(result.result).to eq('pass'), result.result_message end end diff --git a/spec/udap_security_test_kit/registration_success_contents_test_spec.rb b/spec/udap_security_test_kit/registration_success_contents_test_spec.rb index 4254129..e19685a 100644 --- a/spec/udap_security_test_kit/registration_success_contents_test_spec.rb +++ b/spec/udap_security_test_kit/registration_success_contents_test_spec.rb @@ -1,11 +1,9 @@ require_relative '../../lib/udap_security_test_kit/registration_success_contents_test' +require_relative '../../lib/udap_security_test_kit/default_cert_file_loader' RSpec.describe UDAPSecurityTestKit::RegistrationSuccessContentsTest do let(:suite_id) { 'udap_security' } - let(:runnable) { Inferno::Repositories::Tests.new.find('udap_registration_success_contents') } - let(:session_data_repo) { Inferno::Repositories::SessionData.new } - let(:results_repo) { Inferno::Repositories::Results.new } - let(:test_session) { repo_create(:test_session, test_suite_id: 'udap_security') } + let(:runnable) { find_test(suite, 'udap_registration_success_contents') } let(:udap_software_statement_json) do '{"iss":"https://inferno.org/udap_security_test_kit/1716937143", @@ -36,6 +34,14 @@ "scope": "user/*.read"}' end + let(:udap_auth_code_flow_client_cert_pem) do + UDAPSecurityTestKit::DefaultCertFileLoader.load_test_client_cert_pem_file + end + + let(:udap_auth_code_flow_client_private_key) do + UDAPSecurityTestKit::DefaultCertFileLoader.load_test_client_private_key_file + end + let(:required_immutable_claims) do ['grant_types', 'token_endpoint_auth_method'] @@ -49,30 +55,27 @@ (required_immutable_claims + required_mutable_claims).append('client_id') end - def run(runnable, inputs = {}) - test_run_params = { test_session_id: test_session.id }.merge(runnable.reference_hash) - test_run = Inferno::Repositories::TestRuns.new.create(test_run_params) - inputs.each do |name, value| - session_data_repo.save( - test_session_id: test_session.id, - name:, - value:, - type: runnable.config.input_type(name) - ) - end - Inferno::TestRunner.new(test_session:, test_run:).run(runnable) + let(:inputs) do + { + udap_software_statement_json:, + udap_software_statement_jwt:, + udap_registration_grant_type:, + udap_registration_endpoint: 'https://udap-security.fast.hl7.org/connect/register', + udap_auth_code_flow_client_registration_status: 'update', + udap_auth_code_flow_client_cert_pem:, + udap_auth_code_flow_client_private_key:, + udap_auth_code_flow_cert_iss: 'https://inferno.org/udap_security_test_kit/1716937143', + udap_jwt_signing_alg: 'RS256', + udap_auth_code_flow_registration_scope: 'user/*.read' + } end it 'fails if response does not include required claims' do all_required_claims.each do |key| response_json = JSON.parse(correct_response) response_json.delete(key) - result = run(runnable, - udap_software_statement_json:, - udap_software_statement_jwt:, - udap_registration_response: JSON.generate(response_json), - udap_registration_grant_type:) - expect(result.result).to eq('fail') + result = run(runnable, inputs.merge({ udap_registration_response: JSON.generate(response_json) })) + expect(result.result).to eq('fail'), result.result_message expect(result.result_message).to match(key.to_s) end end @@ -81,12 +84,8 @@ def run(runnable, inputs = {}) all_required_claims.each do |key| response_json = JSON.parse(correct_response) response_json[key] = '' - result = run(runnable, - udap_software_statement_json:, - udap_software_statement_jwt:, - udap_registration_response: JSON.generate(response_json), - udap_registration_grant_type:) - expect(result.result).to eq('fail') + result = run(runnable, inputs.merge(udap_registration_response: JSON.generate(response_json))) + expect(result.result).to eq('fail'), result.result_message expect(result.result_message).to match(key.to_s) end end @@ -95,12 +94,8 @@ def run(runnable, inputs = {}) required_immutable_claims.each do |key| response_json = JSON.parse(correct_response) response_json[key] = 'CHANGED_VALUE' - result = run(runnable, - udap_software_statement_json:, - udap_software_statement_jwt:, - udap_registration_response: JSON.generate(response_json), - udap_registration_grant_type:) - expect(result.result).to eq('fail') + result = run(runnable, inputs.merge(udap_registration_response: JSON.generate(response_json))) + expect(result.result).to eq('fail'), result.result_message expect(result.result_message).to match(key.to_s) end end @@ -109,22 +104,14 @@ def run(runnable, inputs = {}) required_mutable_claims.each do |key| response_json = JSON.parse(correct_response) response_json[key] = 'CHANGED VALUE' - result = run(runnable, - udap_software_statement_json:, - udap_software_statement_jwt:, - udap_registration_response: JSON.generate(response_json), - udap_registration_grant_type:) - expect(result.result).to eq('pass') + result = run(runnable, inputs.merge(udap_registration_response: JSON.generate(response_json))) + expect(result.result).to eq('pass'), result.result_message end end it 'passes when all required values in registration response exactly match original client request values' do - result = run(runnable, - udap_software_statement_json:, - udap_software_statement_jwt:, - udap_registration_response: correct_response, - udap_registration_grant_type:) + result = run(runnable, inputs.merge(udap_registration_response: correct_response)) - expect(result.result).to eq('pass') + expect(result.result).to eq('pass'), result.result_message end end diff --git a/spec/udap_security_test_kit/registration_success_test_spec.rb b/spec/udap_security_test_kit/registration_success_test_spec.rb index ffbdee1..567a92f 100644 --- a/spec/udap_security_test_kit/registration_success_test_spec.rb +++ b/spec/udap_security_test_kit/registration_success_test_spec.rb @@ -3,10 +3,7 @@ RSpec.describe UDAPSecurityTestKit::RegistrationSuccessTest do let(:suite_id) { 'udap_security' } - let(:runnable) { Inferno::Repositories::Tests.new.find('udap_registration_success') } - let(:session_data_repo) { Inferno::Repositories::SessionData.new } - let(:results_repo) { Inferno::Repositories::Results.new } - let(:test_session) { repo_create(:test_session, test_suite_id: 'udap_security') } + let(:runnable) { find_test(suite, 'udap_registration_success') } let(:udap_client_cert_pem) do UDAPSecurityTestKit::DefaultCertFileLoader.load_test_client_cert_pem_file end @@ -36,20 +33,6 @@ } end - def run(runnable, inputs = {}) - test_run_params = { test_session_id: test_session.id }.merge(runnable.reference_hash) - test_run = Inferno::Repositories::TestRuns.new.create(test_run_params) - inputs.each do |name, value| - session_data_repo.save( - test_session_id: test_session.id, - name:, - value:, - type: runnable.config.input_type(name) - ) - end - Inferno::TestRunner.new(test_session:, test_run:).run(runnable) - end - context 'when new client is being registered' do it 'fails if response status is not 201' do stub_request(:post, udap_registration_endpoint) diff --git a/spec/udap_security_test_kit/scopes_supported_field_test_spec.rb b/spec/udap_security_test_kit/scopes_supported_field_test_spec.rb index 3fa9d9e..17b2fc7 100644 --- a/spec/udap_security_test_kit/scopes_supported_field_test_spec.rb +++ b/spec/udap_security_test_kit/scopes_supported_field_test_spec.rb @@ -2,24 +2,7 @@ RSpec.describe UDAPSecurityTestKit::ScopesSupportedFieldTest do let(:suite_id) { 'udap_security' } - let(:runnable) { Inferno::Repositories::Tests.new.find('udap_scopes_supported_field') } - let(:session_data_repo) { Inferno::Repositories::SessionData.new } - let(:results_repo) { Inferno::Repositories::Results.new } - let(:test_session) { repo_create(:test_session, test_suite_id: 'udap_security') } - - def run(runnable, inputs = {}) - test_run_params = { test_session_id: test_session.id }.merge(runnable.reference_hash) - test_run = Inferno::Repositories::TestRuns.new.create(test_run_params) - inputs.each do |name, value| - session_data_repo.save( - test_session_id: test_session.id, - name:, - value:, - type: runnable.config.input_type(name) - ) - end - Inferno::TestRunner.new(test_session:, test_run:).run(runnable) - end + let(:runnable) { find_test(suite, 'udap_scopes_supported_field') } it 'omits if field is not present' do config = {} diff --git a/spec/udap_security_test_kit/signed_metadata_contents_test_spec.rb b/spec/udap_security_test_kit/signed_metadata_contents_test_spec.rb index fa5ff79..3631a3f 100644 --- a/spec/udap_security_test_kit/signed_metadata_contents_test_spec.rb +++ b/spec/udap_security_test_kit/signed_metadata_contents_test_spec.rb @@ -5,10 +5,7 @@ RSpec.describe UDAPSecurityTestKit::SignedMetadataContentsTest do let(:suite_id) { 'udap_security' } - let(:runnable) { Inferno::Repositories::Tests.new.find('udap_signed_metadata_contents') } - let(:session_data_repo) { Inferno::Repositories::SessionData.new } - let(:results_repo) { Inferno::Repositories::Results.new } - let(:test_session) { repo_create(:test_session, test_suite_id: 'udap_security') } + let(:runnable) { find_test(suite, 'udap_signed_metadata_contents') } let(:udap_well_known_metadata) do { 'udap_versions_supported' => ['1'], @@ -66,20 +63,6 @@ let(:signing_algorithm) { 'RS256' } - def run(runnable, inputs = {}) - test_run_params = { test_session_id: test_session.id }.merge(runnable.reference_hash) - test_run = Inferno::Repositories::TestRuns.new.create(test_run_params) - inputs.each do |name, value| - session_data_repo.save( - test_session_id: test_session.id, - name:, - value:, - type: runnable.config.input_type(name) - ) - end - Inferno::TestRunner.new(test_session:, test_run:).run(runnable) - end - it 'skips if signed_metadata_jwt is blank' do config = {} udap_fhir_base_url = 'http://example.fhir.com' diff --git a/spec/udap_security_test_kit/signed_metadata_field_test_spec.rb b/spec/udap_security_test_kit/signed_metadata_field_test_spec.rb index 9b6ac10..9b4d0db 100644 --- a/spec/udap_security_test_kit/signed_metadata_field_test_spec.rb +++ b/spec/udap_security_test_kit/signed_metadata_field_test_spec.rb @@ -2,24 +2,7 @@ RSpec.describe UDAPSecurityTestKit::SignedMetadataFieldTest do let(:suite_id) { 'udap_security' } - let(:runnable) { Inferno::Repositories::Tests.new.find('udap_signed_metadata_field') } - let(:session_data_repo) { Inferno::Repositories::SessionData.new } - let(:results_repo) { Inferno::Repositories::Results.new } - let(:test_session) { repo_create(:test_session, test_suite_id: 'udap_security') } - - def run(runnable, inputs = {}) - test_run_params = { test_session_id: test_session.id }.merge(runnable.reference_hash) - test_run = Inferno::Repositories::TestRuns.new.create(test_run_params) - inputs.each do |name, value| - session_data_repo.save( - test_session_id: test_session.id, - name:, - value:, - type: runnable.config.input_type(name) - ) - end - Inferno::TestRunner.new(test_session:, test_run:).run(runnable) - end + let(:runnable) { find_test(suite, 'udap_signed_metadata_field') } it 'fails if field is not present' do config = {} diff --git a/spec/udap_security_test_kit/signed_metadata_trust_verification_test_spec.rb b/spec/udap_security_test_kit/signed_metadata_trust_verification_test_spec.rb index 30bce9d..5cf1121 100644 --- a/spec/udap_security_test_kit/signed_metadata_trust_verification_test_spec.rb +++ b/spec/udap_security_test_kit/signed_metadata_trust_verification_test_spec.rb @@ -4,10 +4,7 @@ RSpec.describe UDAPSecurityTestKit::SignedMetadataTrustVerificationTest do let(:suite_id) { 'udap_security' } - let(:runnable) { Inferno::Repositories::Tests.new.find('udap_signed_metadata_trust_verification') } - let(:session_data_repo) { Inferno::Repositories::SessionData.new } - let(:results_repo) { Inferno::Repositories::Results.new } - let(:test_session) { repo_create(:test_session, test_suite_id: 'udap_security') } + let(:runnable) { find_test(suite, 'udap_signed_metadata_trust_verification') } let(:client_cert) do UDAPSecurityTestKit::DefaultCertFileLoader.load_test_client_cert_pem_file @@ -59,20 +56,6 @@ # Or, intermediate CA is in chain but system does not have access to root CA let(:missing_cert_error) { /unable to get local issuer certificate/ } - def run(runnable, inputs = {}) - test_run_params = { test_session_id: test_session.id }.merge(runnable.reference_hash) - test_run = Inferno::Repositories::TestRuns.new.create(test_run_params) - inputs.each do |name, value| - session_data_repo.save( - test_session_id: test_session.id, - name:, - value:, - type: runnable.config.input_type(name) - ) - end - Inferno::TestRunner.new(test_session:, test_run:).run(runnable) - end - def create_test_jwt(include_root_ca: true) rsa_private = OpenSSL::PKey::RSA.generate 2048 x5c_certs = [client_cert] diff --git a/spec/udap_security_test_kit/token_endpoint_auth_methods_supported_field_test_spec.rb b/spec/udap_security_test_kit/token_endpoint_auth_methods_supported_field_test_spec.rb index d23922d..8b0f9d6 100644 --- a/spec/udap_security_test_kit/token_endpoint_auth_methods_supported_field_test_spec.rb +++ b/spec/udap_security_test_kit/token_endpoint_auth_methods_supported_field_test_spec.rb @@ -2,24 +2,7 @@ RSpec.describe UDAPSecurityTestKit::TokenEndpointAuthMethodsSupportedFieldTest do let(:suite_id) { 'udap_security' } - let(:runnable) { Inferno::Repositories::Tests.new.find('udap_token_endpoint_auth_methods_supported_field') } - let(:session_data_repo) { Inferno::Repositories::SessionData.new } - let(:results_repo) { Inferno::Repositories::Results.new } - let(:test_session) { repo_create(:test_session, test_suite_id: 'udap_security') } - - def run(runnable, inputs = {}) - test_run_params = { test_session_id: test_session.id }.merge(runnable.reference_hash) - test_run = Inferno::Repositories::TestRuns.new.create(test_run_params) - inputs.each do |name, value| - session_data_repo.save( - test_session_id: test_session.id, - name:, - value:, - type: runnable.config.input_type(name) - ) - end - Inferno::TestRunner.new(test_session:, test_run:).run(runnable) - end + let(:runnable) { find_test(suite, 'udap_token_endpoint_auth_methods_supported_field') } it 'fails if field is not present' do config = {} diff --git a/spec/udap_security_test_kit/token_endpoint_auth_signing_alg_values_supported_field_test_spec.rb b/spec/udap_security_test_kit/token_endpoint_auth_signing_alg_values_supported_field_test_spec.rb index 27b2051..4d9705e 100644 --- a/spec/udap_security_test_kit/token_endpoint_auth_signing_alg_values_supported_field_test_spec.rb +++ b/spec/udap_security_test_kit/token_endpoint_auth_signing_alg_values_supported_field_test_spec.rb @@ -2,26 +2,7 @@ RSpec.describe UDAPSecurityTestKit::TokenEndpointAuthSigningAlgValuesSupportedFieldTest do let(:suite_id) { 'udap_security' } - let(:runnable) do - Inferno::Repositories::Tests.new.find('udap_token_endpoint_auth_signing_alg_values_supported_field') - end - let(:session_data_repo) { Inferno::Repositories::SessionData.new } - let(:results_repo) { Inferno::Repositories::Results.new } - let(:test_session) { repo_create(:test_session, test_suite_id: 'udap_security') } - - def run(runnable, inputs = {}) - test_run_params = { test_session_id: test_session.id }.merge(runnable.reference_hash) - test_run = Inferno::Repositories::TestRuns.new.create(test_run_params) - inputs.each do |name, value| - session_data_repo.save( - test_session_id: test_session.id, - name:, - value:, - type: runnable.config.input_type(name) - ) - end - Inferno::TestRunner.new(test_session:, test_run:).run(runnable) - end + let(:runnable) { find_test(suite, 'udap_token_endpoint_auth_signing_alg_values_supported_field') } it 'fails if field is not present' do config = {} diff --git a/spec/udap_security_test_kit/token_endpoint_field_test_spec.rb b/spec/udap_security_test_kit/token_endpoint_field_test_spec.rb index 430d535..753471c 100644 --- a/spec/udap_security_test_kit/token_endpoint_field_test_spec.rb +++ b/spec/udap_security_test_kit/token_endpoint_field_test_spec.rb @@ -2,24 +2,7 @@ RSpec.describe UDAPSecurityTestKit::TokenEndpointFieldTest do let(:suite_id) { 'udap_security' } - let(:runnable) { Inferno::Repositories::Tests.new.find('udap_token_endpoint_field') } - let(:session_data_repo) { Inferno::Repositories::SessionData.new } - let(:results_repo) { Inferno::Repositories::Results.new } - let(:test_session) { repo_create(:test_session, test_suite_id: 'udap_security') } - - def run(runnable, inputs = {}) - test_run_params = { test_session_id: test_session.id }.merge(runnable.reference_hash) - test_run = Inferno::Repositories::TestRuns.new.create(test_run_params) - inputs.each do |name, value| - session_data_repo.save( - test_session_id: test_session.id, - name:, - value:, - type: runnable.config.input_type(name) - ) - end - Inferno::TestRunner.new(test_session:, test_run:).run(runnable) - end + let(:runnable) { find_test(suite, 'udap_token_endpoint_field') } it 'fails if field is not present' do config = {} diff --git a/spec/udap_security_test_kit/token_exchange_response_body_test_spec.rb b/spec/udap_security_test_kit/token_exchange_response_body_test_spec.rb index ff588ff..a762bad 100644 --- a/spec/udap_security_test_kit/token_exchange_response_body_test_spec.rb +++ b/spec/udap_security_test_kit/token_exchange_response_body_test_spec.rb @@ -2,10 +2,7 @@ RSpec.describe UDAPSecurityTestKit::TokenExchangeResponseBodyTest do let(:suite_id) { 'udap_security' } - let(:runnable) { Inferno::Repositories::Tests.new.find('udap_token_exchange_response_body') } - let(:session_data_repo) { Inferno::Repositories::SessionData.new } - let(:results_repo) { Inferno::Repositories::Results.new } - let(:test_session) { repo_create(:test_session, test_suite_id: 'udap_security') } + let(:runnable) { find_test(suite, 'udap_token_exchange_response_body') } let(:required_parameters) do [ @@ -21,20 +18,6 @@ } end - def run(runnable, inputs = {}) - test_run_params = { test_session_id: test_session.id }.merge(runnable.reference_hash) - test_run = Inferno::Repositories::TestRuns.new.create(test_run_params) - inputs.each do |name, value| - session_data_repo.save( - test_session_id: test_session.id, - name:, - value:, - type: runnable.config.input_type(name) - ) - end - Inferno::TestRunner.new(test_session:, test_run:).run(runnable) - end - it 'fails if response is not valid JSON' do invalid_response_body = '{invalid_key: invalid_value}' result = run(runnable, token_response_body: invalid_response_body) diff --git a/spec/udap_security_test_kit/udap_auth_extensions_required_field_test_spec.rb b/spec/udap_security_test_kit/udap_auth_extensions_required_field_test_spec.rb index 670d0cb..5a33f9e 100644 --- a/spec/udap_security_test_kit/udap_auth_extensions_required_field_test_spec.rb +++ b/spec/udap_security_test_kit/udap_auth_extensions_required_field_test_spec.rb @@ -2,24 +2,7 @@ RSpec.describe UDAPSecurityTestKit::UDAPAuthExtensionsRequiredFieldTest do let(:suite_id) { 'udap_security' } - let(:runnable) { Inferno::Repositories::Tests.new.find('udap_auth_extensions_required_field') } - let(:session_data_repo) { Inferno::Repositories::SessionData.new } - let(:results_repo) { Inferno::Repositories::Results.new } - let(:test_session) { repo_create(:test_session, test_suite_id: 'udap_security') } - - def run(runnable, inputs = {}) - test_run_params = { test_session_id: test_session.id }.merge(runnable.reference_hash) - test_run = Inferno::Repositories::TestRuns.new.create(test_run_params) - inputs.each do |name, value| - session_data_repo.save( - test_session_id: test_session.id, - name:, - value:, - type: runnable.config.input_type(name) - ) - end - Inferno::TestRunner.new(test_session:, test_run:).run(runnable) - end + let(:runnable) { find_test(suite, 'udap_auth_extensions_required_field') } it 'skips if udap_authorization_extensions_supported field is not present' do config = {} diff --git a/spec/udap_security_test_kit/udap_auth_extensions_supported_field_test_spec.rb b/spec/udap_security_test_kit/udap_auth_extensions_supported_field_test_spec.rb index a1c0cfb..db793ab 100644 --- a/spec/udap_security_test_kit/udap_auth_extensions_supported_field_test_spec.rb +++ b/spec/udap_security_test_kit/udap_auth_extensions_supported_field_test_spec.rb @@ -2,26 +2,9 @@ RSpec.describe UDAPSecurityTestKit::UDAPAuthExtensionsSupportedFieldTest do let(:suite_id) { 'udap_security' } - let(:runnable) { Inferno::Repositories::Tests.new.find('udap_auth_extensions_supported_field') } - let(:session_data_repo) { Inferno::Repositories::SessionData.new } - let(:results_repo) { Inferno::Repositories::Results.new } - let(:test_session) { repo_create(:test_session, test_suite_id: 'udap_security') } + let(:runnable) { find_test(suite, 'udap_auth_extensions_supported_field') } let(:required_flow_type) { [''] } - def run(runnable, inputs = {}) - test_run_params = { test_session_id: test_session.id }.merge(runnable.reference_hash) - test_run = Inferno::Repositories::TestRuns.new.create(test_run_params) - inputs.each do |name, value| - session_data_repo.save( - test_session_id: test_session.id, - name:, - value:, - type: runnable.config.input_type(name) - ) - end - Inferno::TestRunner.new(test_session:, test_run:).run(runnable) - end - context 'when the server can support any authorization flow(s)' do it 'fails if field is not present' do config = {} diff --git a/spec/udap_security_test_kit/udap_certifications_required_field_test_spec.rb b/spec/udap_security_test_kit/udap_certifications_required_field_test_spec.rb index 2b39cc5..7f1cf65 100644 --- a/spec/udap_security_test_kit/udap_certifications_required_field_test_spec.rb +++ b/spec/udap_security_test_kit/udap_certifications_required_field_test_spec.rb @@ -2,24 +2,7 @@ RSpec.describe UDAPSecurityTestKit::UDAPCertificationsRequiredFieldTest do let(:suite_id) { 'udap_security' } - let(:runnable) { Inferno::Repositories::Tests.new.find('udap_certifications_required_field') } - let(:session_data_repo) { Inferno::Repositories::SessionData.new } - let(:results_repo) { Inferno::Repositories::Results.new } - let(:test_session) { repo_create(:test_session, test_suite_id: 'udap_security') } - - def run(runnable, inputs = {}) - test_run_params = { test_session_id: test_session.id }.merge(runnable.reference_hash) - test_run = Inferno::Repositories::TestRuns.new.create(test_run_params) - inputs.each do |name, value| - session_data_repo.save( - test_session_id: test_session.id, - name:, - value:, - type: runnable.config.input_type(name) - ) - end - Inferno::TestRunner.new(test_session:, test_run:).run(runnable) - end + let(:runnable) { find_test(suite, 'udap_certifications_required_field') } it 'skips if udap_certifications_supported field is not present' do config = {} diff --git a/spec/udap_security_test_kit/udap_certifications_supported_field_test_spec.rb b/spec/udap_security_test_kit/udap_certifications_supported_field_test_spec.rb index 41eed24..c1e84bd 100644 --- a/spec/udap_security_test_kit/udap_certifications_supported_field_test_spec.rb +++ b/spec/udap_security_test_kit/udap_certifications_supported_field_test_spec.rb @@ -2,24 +2,7 @@ RSpec.describe UDAPSecurityTestKit::UDAPCertificationsSupportedFieldTest do let(:suite_id) { 'udap_security' } - let(:runnable) { Inferno::Repositories::Tests.new.find('udap_certifications_supported_field') } - let(:session_data_repo) { Inferno::Repositories::SessionData.new } - let(:results_repo) { Inferno::Repositories::Results.new } - let(:test_session) { repo_create(:test_session, test_suite_id: 'udap_security') } - - def run(runnable, inputs = {}) - test_run_params = { test_session_id: test_session.id }.merge(runnable.reference_hash) - test_run = Inferno::Repositories::TestRuns.new.create(test_run_params) - inputs.each do |name, value| - session_data_repo.save( - test_session_id: test_session.id, - name:, - value:, - type: runnable.config.input_type(name) - ) - end - Inferno::TestRunner.new(test_session:, test_run:).run(runnable) - end + let(:runnable) { find_test(suite, 'udap_certifications_supported_field') } it 'fails if field is not present' do config = {} diff --git a/spec/udap_security_test_kit/udap_jwt_validator_spec.rb b/spec/udap_security_test_kit/udap_jwt_validator_spec.rb index fe21d12..f0ffee9 100644 --- a/spec/udap_security_test_kit/udap_jwt_validator_spec.rb +++ b/spec/udap_security_test_kit/udap_jwt_validator_spec.rb @@ -2,7 +2,6 @@ require_relative '../../lib/udap_security_test_kit/udap_jwt_builder' require_relative '../../lib/udap_security_test_kit/udap_x509_certificate' require_relative '../../lib/udap_security_test_kit/default_cert_file_loader' -require 'pry' RSpec.describe UDAPSecurityTestKit::UDAPJWTValidator do # rubocop:disable RSpec/SpecFilePathFormat let(:inferno_client_cert) do diff --git a/spec/udap_security_test_kit/udap_profiles_supported_field_test_spec.rb b/spec/udap_security_test_kit/udap_profiles_supported_field_test_spec.rb index 8379be1..538a28a 100644 --- a/spec/udap_security_test_kit/udap_profiles_supported_field_test_spec.rb +++ b/spec/udap_security_test_kit/udap_profiles_supported_field_test_spec.rb @@ -2,24 +2,7 @@ RSpec.describe UDAPSecurityTestKit::UDAPProfilesSupportedFieldTest do let(:suite_id) { 'udap_security' } - let(:runnable) { Inferno::Repositories::Tests.new.find('udap_profiles_supported_field') } - let(:session_data_repo) { Inferno::Repositories::SessionData.new } - let(:results_repo) { Inferno::Repositories::Results.new } - let(:test_session) { repo_create(:test_session, test_suite_id: 'udap_security') } - - def run(runnable, inputs = {}) - test_run_params = { test_session_id: test_session.id }.merge(runnable.reference_hash) - test_run = Inferno::Repositories::TestRuns.new.create(test_run_params) - inputs.each do |name, value| - session_data_repo.save( - test_session_id: test_session.id, - name:, - value:, - type: runnable.config.input_type(name) - ) - end - Inferno::TestRunner.new(test_session:, test_run:).run(runnable) - end + let(:runnable) { find_test(suite, 'udap_profiles_supported_field') } it 'fails if field is not present' do config = {} diff --git a/spec/udap_security_test_kit/udap_versions_supported_field_test_spec.rb b/spec/udap_security_test_kit/udap_versions_supported_field_test_spec.rb index b451901..24cd8b4 100644 --- a/spec/udap_security_test_kit/udap_versions_supported_field_test_spec.rb +++ b/spec/udap_security_test_kit/udap_versions_supported_field_test_spec.rb @@ -2,24 +2,7 @@ RSpec.describe UDAPSecurityTestKit::UDAPVersionsSupportedFieldTest do let(:suite_id) { 'udap_security' } - let(:runnable) { Inferno::Repositories::Tests.new.find('udap_versions_supported_field') } - let(:session_data_repo) { Inferno::Repositories::SessionData.new } - let(:results_repo) { Inferno::Repositories::Results.new } - let(:test_session) { repo_create(:test_session, test_suite_id: 'udap_security') } - - def run(runnable, inputs = {}) - test_run_params = { test_session_id: test_session.id }.merge(runnable.reference_hash) - test_run = Inferno::Repositories::TestRuns.new.create(test_run_params) - inputs.each do |name, value| - session_data_repo.save( - test_session_id: test_session.id, - name:, - value:, - type: runnable.config.input_type(name) - ) - end - Inferno::TestRunner.new(test_session:, test_run:).run(runnable) - end + let(:runnable) { find_test suite, 'udap_versions_supported_field' } it 'fails if field is not ["1"]' do config = {} diff --git a/spec/udap_security_test_kit/well_known_endpoint_test_spec.rb b/spec/udap_security_test_kit/well_known_endpoint_test_spec.rb index 6cc3d1f..cb27609 100644 --- a/spec/udap_security_test_kit/well_known_endpoint_test_spec.rb +++ b/spec/udap_security_test_kit/well_known_endpoint_test_spec.rb @@ -2,26 +2,9 @@ RSpec.describe UDAPSecurityTestKit::WellKnownEndpointTest do let(:suite_id) { 'udap_security' } - let(:runnable) { Inferno::Repositories::Tests.new.find('udap_well_known_endpoint') } - let(:session_data_repo) { Inferno::Repositories::SessionData.new } - let(:results_repo) { Inferno::Repositories::Results.new } - let(:test_session) { repo_create(:test_session, test_suite_id: 'udap_security') } + let(:runnable) { find_test(suite, 'udap_well_known_endpoint') } let(:udap_fhir_base_url) { 'http://example.com/fhir' } - def run(runnable, inputs = {}) - test_run_params = { test_session_id: test_session.id }.merge(runnable.reference_hash) - test_run = Inferno::Repositories::TestRuns.new.create(test_run_params) - inputs.each do |name, value| - session_data_repo.save( - test_session_id: test_session.id, - name:, - value:, - type: runnable.config.input_type(name) - ) - end - Inferno::TestRunner.new(test_session:, test_run:).run(runnable) - end - it 'passes if JSON is served from the UDAP well-known endpoint' do stub_request(:get, "#{udap_fhir_base_url}/.well-known/udap") .to_return(status: 200, body: {}.to_json)