public async Task WhenHardDeletingAResource_GivenAUserWithNoHardDeletePermissions_TheServerShouldReturnForbidden()
{
FhirClient tempClient = Client.CreateClientForUser(TestUsers.WriteOnlyUser, TestApplications.NativeClient);
Observation createdResource = await tempClient.CreateAsync(Samples.GetDefaultObservation().ToPoco <Observation>());
FhirException fhirException = await Assert.ThrowsAsync <FhirException>(async() => await tempClient.HardDeleteAsync(createdResource));
Assert.Equal(ForbiddenMessage, fhirException.Message);
Assert.Equal(HttpStatusCode.Forbidden, fhirException.StatusCode);
}
public static async Task <TResource[]> CreateResourcesAsync <TResource>(this FhirClient client, int count)
where TResource : Resource, new()
{
TResource[] resources = new TResource[count];
for (int i = 0; i < resources.Length; i++)
{
TResource resource = new TResource();
resources[i] = await client.CreateAsync(resource);
}
return(resources);
}
public async Task WhenGettingAResource_GivenAUserWithReadPermissions_TheServerShouldReturnSuccess()
{
FhirClient tempClient = Client.CreateClientForClientApplication(TestApplications.ServiceClient);
Observation createdResource = await tempClient.CreateAsync(Samples.GetDefaultObservation().ToPoco <Observation>());
tempClient = Client.CreateClientForUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient);
FhirResponse <Observation> readResponse = await tempClient.ReadAsync <Observation>(ResourceType.Observation, createdResource.Id);
Observation readResource = readResponse.Resource;
Assert.Equal(createdResource.Id, readResource.Id);
Assert.Equal(createdResource.Meta.VersionId, readResource.Meta.VersionId);
Assert.Equal(createdResource.Meta.LastUpdated, readResource.Meta.LastUpdated);
}
public async Task GivenAResource_WhenCreated_ThenAuditLogEntriesShouldBeCreated()
{
await ExecuteAndValidate(
() => _client.CreateAsync(Samples.GetDefaultObservation().ToPoco()),
"create",
ResourceType.Observation,
_ => "Observation",
HttpStatusCode.Created);
}
public static async Task <TResource[]> CreateResourcesAsync <TResource>(this FhirClient client, params Action <TResource>[] resourceCustomizer)
where TResource : Resource, new()
{
TResource[] resources = new TResource[resourceCustomizer.Length];
for (int i = 0; i < resources.Length; i++)
{
TResource resource = new TResource();
resourceCustomizer[i](resource);
resources[i] = await client.CreateAsync(resource);
}
return(resources);
}
public async Task WhenUpdatingAResource_GivenAUserWithUpdatePermissions_TheServerShouldReturnSuccess()
{
FhirClient tempClient = Client.CreateClientForUser(TestUsers.AdminUser, TestApplications.NativeClient);
Observation createdResource = await tempClient.CreateAsync(Samples.GetDefaultObservation().ToPoco <Observation>());
tempClient = Client.CreateClientForUser(TestUsers.ReadWriteUser, TestApplications.NativeClient);
FhirResponse <Observation> updateResponse = await tempClient.UpdateAsync(createdResource);
Assert.Equal(System.Net.HttpStatusCode.OK, updateResponse.StatusCode);
Observation updatedResource = updateResponse.Resource;
Assert.NotNull(updatedResource);
Assert.Equal(createdResource.Id, updatedResource.Id);
Assert.NotEqual(createdResource.Meta.VersionId, updatedResource.Meta.VersionId);
Assert.NotEqual(createdResource.Meta.LastUpdated, updatedResource.Meta.LastUpdated);
}
public async Task WhenHardDeletingAResource_GivenAUserWithHardDeletePermissions_TheServerShouldReturnSuccess()
{
FhirClient tempClient = Client.CreateClientForUser(TestUsers.WriteOnlyUser, TestApplications.NativeClient);
Observation createdResource = await tempClient.CreateAsync(Samples.GetDefaultObservation().ToPoco <Observation>());
tempClient = Client.CreateClientForUser(TestUsers.HardDeleteUser, TestApplications.NativeClient);
// Hard-delete the resource.
await tempClient.HardDeleteAsync(createdResource);
tempClient = Client.CreateClientForUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient);
// Getting the resource should result in NotFound.
await ExecuteAndValidateNotFoundStatus(() => tempClient.ReadAsync <Observation>(ResourceType.Observation, createdResource.Id));
async Task <FhirException> ExecuteAndValidateNotFoundStatus(Func <Task> action)
{
FhirException exception = await Assert.ThrowsAsync <FhirException>(action);
Assert.Equal(HttpStatusCode.NotFound, exception.StatusCode);
return(exception);
}
}
public async Task WhenCreatingAResource_GivenAClientWithWrongAudience_TheServerShouldReturnUnauthorized()
{
FhirClient tempClient = Client.CreateClientForClientApplication(TestApplications.WrongAudienceClient);
FhirException fhirException = await Assert.ThrowsAsync <FhirException>(async() => await tempClient.CreateAsync(Samples.GetDefaultObservation().ToPoco <Observation>()));
Assert.Equal(UnauthorizedMessage, fhirException.Message);
Assert.Equal(HttpStatusCode.Unauthorized, fhirException.StatusCode);
}
public async Task WhenCreatingAResource_GivenAClientWithInvalidAuthToken_TheServerShouldReturnUnauthorized()
{
FhirClient tempClient = Client.CreateClientForClientApplication(TestApplications.InvalidClient).Clone();
tempClient.HttpClient.SetBearerToken(Invalidtoken);
FhirException fhirException = await Assert.ThrowsAsync <FhirException>(async() => await tempClient.CreateAsync(Samples.GetDefaultObservation().ToPoco <Observation>()));
Assert.Equal(UnauthorizedMessage, fhirException.Message);
Assert.Equal(HttpStatusCode.Unauthorized, fhirException.StatusCode);
}
public async Task WhenCreatingAResource_GivenAClientWithNoAuthToken_TheServerShouldReturnUnauthorized()
{
FhirClient tempClient = Client.CreateClientForClientApplication(TestApplications.InvalidClient);
FhirException fhirException = await Assert.ThrowsAsync <FhirException>(async() => await tempClient.CreateAsync(Samples.GetDefaultObservation().ToPoco <Observation>()));
Assert.Equal(UnauthorizedMessage, fhirException.Message);
Assert.Equal(HttpStatusCode.Unauthorized, fhirException.StatusCode);
List <AuthenticationHeaderValue> wwwAuthenticationHeaderValues = fhirException.Headers.WwwAuthenticate.Where(h => h.Scheme == "Bearer").ToList();
Assert.Single(wwwAuthenticationHeaderValues);
Match matchResults = WwwAuthenticatePattern.Match(wwwAuthenticationHeaderValues.First().Parameter);
Assert.Single(matchResults.Groups["authorization_uri"].Captures);
var authorizationUri = matchResults.Groups["authorization_uri"].Captures[0].Value;
Assert.Single(matchResults.Groups["realm"].Captures);
var realm = matchResults.Groups["realm"].Captures[0].Value;
Assert.Single(matchResults.Groups["resource_id"].Captures);
var resourceId = matchResults.Groups["resource_id"].Captures[0].Value;
Assert.Equal(AuthenticationSettings.Resource, realm);
Assert.Equal(realm, resourceId);
// We can only verify that this is a URI since a server with SmartOnFHIR enabled will not report the actual authorization server anywhere else.
Assert.True(Uri.TryCreate(authorizationUri, UriKind.Absolute, out _));
}