Exemple #1
0
        public async Task WhenHardDeletingAResource_GivenAUserWithNoHardDeletePermissions_TheServerShouldReturnForbidden()
        {
            FhirClient  tempClient      = Client.CreateClientForUser(TestUsers.WriteOnlyUser, TestApplications.NativeClient);
            Observation createdResource = await tempClient.CreateAsync(Samples.GetDefaultObservation().ToPoco <Observation>());

            FhirException fhirException = await Assert.ThrowsAsync <FhirException>(async() => await tempClient.HardDeleteAsync(createdResource));

            Assert.Equal(ForbiddenMessage, fhirException.Message);
            Assert.Equal(HttpStatusCode.Forbidden, fhirException.StatusCode);
        }
        public static async Task <TResource[]> CreateResourcesAsync <TResource>(this FhirClient client, int count)
            where TResource : Resource, new()
        {
            TResource[] resources = new TResource[count];

            for (int i = 0; i < resources.Length; i++)
            {
                TResource resource = new TResource();

                resources[i] = await client.CreateAsync(resource);
            }

            return(resources);
        }
Exemple #3
0
        public async Task WhenGettingAResource_GivenAUserWithReadPermissions_TheServerShouldReturnSuccess()
        {
            FhirClient  tempClient      = Client.CreateClientForClientApplication(TestApplications.ServiceClient);
            Observation createdResource = await tempClient.CreateAsync(Samples.GetDefaultObservation().ToPoco <Observation>());

            tempClient = Client.CreateClientForUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient);
            FhirResponse <Observation> readResponse = await tempClient.ReadAsync <Observation>(ResourceType.Observation, createdResource.Id);

            Observation readResource = readResponse.Resource;

            Assert.Equal(createdResource.Id, readResource.Id);
            Assert.Equal(createdResource.Meta.VersionId, readResource.Meta.VersionId);
            Assert.Equal(createdResource.Meta.LastUpdated, readResource.Meta.LastUpdated);
        }
Exemple #4
0
 public async Task GivenAResource_WhenCreated_ThenAuditLogEntriesShouldBeCreated()
 {
     await ExecuteAndValidate(
         () => _client.CreateAsync(Samples.GetDefaultObservation().ToPoco()),
         "create",
         ResourceType.Observation,
         _ => "Observation",
         HttpStatusCode.Created);
 }
        public static async Task <TResource[]> CreateResourcesAsync <TResource>(this FhirClient client, params Action <TResource>[] resourceCustomizer)
            where TResource : Resource, new()
        {
            TResource[] resources = new TResource[resourceCustomizer.Length];

            for (int i = 0; i < resources.Length; i++)
            {
                TResource resource = new TResource();

                resourceCustomizer[i](resource);

                resources[i] = await client.CreateAsync(resource);
            }

            return(resources);
        }
Exemple #6
0
        public async Task WhenUpdatingAResource_GivenAUserWithUpdatePermissions_TheServerShouldReturnSuccess()
        {
            FhirClient  tempClient      = Client.CreateClientForUser(TestUsers.AdminUser, TestApplications.NativeClient);
            Observation createdResource = await tempClient.CreateAsync(Samples.GetDefaultObservation().ToPoco <Observation>());

            tempClient = Client.CreateClientForUser(TestUsers.ReadWriteUser, TestApplications.NativeClient);
            FhirResponse <Observation> updateResponse = await tempClient.UpdateAsync(createdResource);

            Assert.Equal(System.Net.HttpStatusCode.OK, updateResponse.StatusCode);

            Observation updatedResource = updateResponse.Resource;

            Assert.NotNull(updatedResource);
            Assert.Equal(createdResource.Id, updatedResource.Id);
            Assert.NotEqual(createdResource.Meta.VersionId, updatedResource.Meta.VersionId);
            Assert.NotEqual(createdResource.Meta.LastUpdated, updatedResource.Meta.LastUpdated);
        }
Exemple #7
0
        public async Task WhenHardDeletingAResource_GivenAUserWithHardDeletePermissions_TheServerShouldReturnSuccess()
        {
            FhirClient  tempClient      = Client.CreateClientForUser(TestUsers.WriteOnlyUser, TestApplications.NativeClient);
            Observation createdResource = await tempClient.CreateAsync(Samples.GetDefaultObservation().ToPoco <Observation>());

            tempClient = Client.CreateClientForUser(TestUsers.HardDeleteUser, TestApplications.NativeClient);

            // Hard-delete the resource.
            await tempClient.HardDeleteAsync(createdResource);

            tempClient = Client.CreateClientForUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient);

            // Getting the resource should result in NotFound.
            await ExecuteAndValidateNotFoundStatus(() => tempClient.ReadAsync <Observation>(ResourceType.Observation, createdResource.Id));

            async Task <FhirException> ExecuteAndValidateNotFoundStatus(Func <Task> action)
            {
                FhirException exception = await Assert.ThrowsAsync <FhirException>(action);

                Assert.Equal(HttpStatusCode.NotFound, exception.StatusCode);
                return(exception);
            }
        }
Exemple #8
0
        public async Task WhenCreatingAResource_GivenAClientWithWrongAudience_TheServerShouldReturnUnauthorized()
        {
            FhirClient    tempClient    = Client.CreateClientForClientApplication(TestApplications.WrongAudienceClient);
            FhirException fhirException = await Assert.ThrowsAsync <FhirException>(async() => await tempClient.CreateAsync(Samples.GetDefaultObservation().ToPoco <Observation>()));

            Assert.Equal(UnauthorizedMessage, fhirException.Message);
            Assert.Equal(HttpStatusCode.Unauthorized, fhirException.StatusCode);
        }
Exemple #9
0
        public async Task WhenCreatingAResource_GivenAClientWithInvalidAuthToken_TheServerShouldReturnUnauthorized()
        {
            FhirClient tempClient = Client.CreateClientForClientApplication(TestApplications.InvalidClient).Clone();

            tempClient.HttpClient.SetBearerToken(Invalidtoken);
            FhirException fhirException = await Assert.ThrowsAsync <FhirException>(async() => await tempClient.CreateAsync(Samples.GetDefaultObservation().ToPoco <Observation>()));

            Assert.Equal(UnauthorizedMessage, fhirException.Message);
            Assert.Equal(HttpStatusCode.Unauthorized, fhirException.StatusCode);
        }
Exemple #10
0
        public async Task WhenCreatingAResource_GivenAClientWithNoAuthToken_TheServerShouldReturnUnauthorized()
        {
            FhirClient tempClient = Client.CreateClientForClientApplication(TestApplications.InvalidClient);

            FhirException fhirException = await Assert.ThrowsAsync <FhirException>(async() => await tempClient.CreateAsync(Samples.GetDefaultObservation().ToPoco <Observation>()));

            Assert.Equal(UnauthorizedMessage, fhirException.Message);
            Assert.Equal(HttpStatusCode.Unauthorized, fhirException.StatusCode);

            List <AuthenticationHeaderValue> wwwAuthenticationHeaderValues = fhirException.Headers.WwwAuthenticate.Where(h => h.Scheme == "Bearer").ToList();

            Assert.Single(wwwAuthenticationHeaderValues);

            Match matchResults = WwwAuthenticatePattern.Match(wwwAuthenticationHeaderValues.First().Parameter);

            Assert.Single(matchResults.Groups["authorization_uri"].Captures);
            var authorizationUri = matchResults.Groups["authorization_uri"].Captures[0].Value;

            Assert.Single(matchResults.Groups["realm"].Captures);
            var realm = matchResults.Groups["realm"].Captures[0].Value;

            Assert.Single(matchResults.Groups["resource_id"].Captures);
            var resourceId = matchResults.Groups["resource_id"].Captures[0].Value;

            Assert.Equal(AuthenticationSettings.Resource, realm);
            Assert.Equal(realm, resourceId);

            // We can only verify that this is a URI since a server with SmartOnFHIR enabled will not report the actual authorization server anywhere else.
            Assert.True(Uri.TryCreate(authorizationUri, UriKind.Absolute, out _));
        }