public void GivenAResourceWithInvalidId_WhenValidatingUpsert_ThenInvalidShouldBeReturned(string id, string maliciousNarrative)
{
var contextAccessor = Substitute.For <RequestContextAccessor <IFhirRequestContext> >();
var profileValidator = Substitute.For <IProfileValidator>();
var config = Substitute.For <IOptions <CoreFeatureConfiguration> >();
config.Value.Returns(new CoreFeatureConfiguration());
contextAccessor.RequestContext.RequestHeaders.Returns(new Dictionary <string, StringValues>());
var validator = new CreateResourceValidator(
new ModelAttributeValidator(),
new NarrativeHtmlSanitizer(NullLogger <NarrativeHtmlSanitizer> .Instance),
profileValidator,
contextAccessor,
config);
var defaultObservation = Samples.GetDefaultObservation().ToPoco <Observation>();
defaultObservation.Text.Div = maliciousNarrative;
var defaultPatient = Samples.GetDefaultPatient().ToPoco <Patient>();
defaultPatient.Text.Div = maliciousNarrative;
var bundle = new Bundle();
bundle.Entry.Add(new Bundle.EntryComponent {
Resource = defaultObservation
});
bundle.Entry.Add(new Bundle.EntryComponent {
Resource = defaultPatient
});
var resource = bundle.ToResourceElement()
.UpdateId(id);
var createResourceRequest = new CreateResourceRequest(resource);
var result = validator.Validate(createResourceRequest);
Assert.False(result.IsValid);
Assert.True(result.Errors.Count >= 3);
Assert.NotEmpty(result.Errors.Where(e => e.ErrorMessage.Contains("min. cardinality 1 cannot be null")));
Assert.NotEmpty(result.Errors.Where(e => e.ErrorMessage.Contains("XHTML content should be contained within a single <div> element")));
Assert.NotEmpty(result.Errors.Where(e => e.ErrorMessage.Contains("Id must be any combination of upper or lower case ASCII letters")));
}
public void GivenConfigOrHeader_WhenValidatingCreate_ThenProfileValidationShouldOrShouldntBeCalled(bool configValue, bool?headerValue, bool shouldCallProfileValidation)
{
var contextAccessor = Substitute.For <RequestContextAccessor <IFhirRequestContext> >();
var profileValidator = Substitute.For <IProfileValidator>();
var config = Substitute.For <IOptions <CoreFeatureConfiguration> >();
config.Value.Returns(new CoreFeatureConfiguration()
{
ProfileValidationOnCreate = configValue
});
var headers = new Dictionary <string, StringValues>();
if (headerValue != null)
{
headers.Add(KnownHeaders.ProfileValidation, new StringValues(headerValue.Value.ToString()));
}
contextAccessor.RequestContext.RequestHeaders.Returns(headers);
var validator = new CreateResourceValidator(
new ModelAttributeValidator(),
new NarrativeHtmlSanitizer(NullLogger <NarrativeHtmlSanitizer> .Instance),
profileValidator,
contextAccessor,
config);
var resource = Samples.GetDefaultObservation();
var createResourceRequest = new CreateResourceRequest(resource);
validator.Validate(createResourceRequest);
if (shouldCallProfileValidation)
{
profileValidator.Received().TryValidate(Arg.Any <ITypedElement>(), Arg.Any <string>());
}
else
{
profileValidator.DidNotReceive().TryValidate(Arg.Any <ITypedElement>(), Arg.Any <string>());
}
}
public void GivenAResourceWithoutInvalidId_WhenValidatingUpsert_ThenInvalidShouldBeReturned(string id)
{
var contextAccessor = Substitute.For <RequestContextAccessor <IFhirRequestContext> >();
var profileValidator = Substitute.For <IProfileValidator>();
var config = Substitute.For <IOptions <CoreFeatureConfiguration> >();
config.Value.Returns(new CoreFeatureConfiguration());
contextAccessor.RequestContext.RequestHeaders.Returns(new Dictionary <string, StringValues>());
var validator = new CreateResourceValidator(
new ModelAttributeValidator(),
new NarrativeHtmlSanitizer(NullLogger <NarrativeHtmlSanitizer> .Instance),
profileValidator,
contextAccessor,
config);
var resource = Samples.GetDefaultObservation()
.UpdateId(id);
var createResourceRequest = new CreateResourceRequest(resource);
var result = validator.Validate(createResourceRequest);
Assert.False(result.IsValid);
}
