Merge pull request #34 from Nictiz/UseQualificationTokensJSON

Use qualification tokens json

Author: pieter-edelman-nictiz

generate/README.md

@@ -204,30 +204,51 @@ It is also possible implicitly declare the rule when it is used by adding the `h
 </assert>  
 ```
 
-### Patient token and date T
+### Date T and authorization headers
 
-There are two special elements for use cases that are common across Nictiz test scripts.
+There are special elements for two use cases that are common across Nictiz test scripts.
 
-The first one for including the patient authorization token in the TestScript:
+The first one is to indicate that the "date T" variable should be defined for the TestScript:
 
 ```xml
-<nts:patientTokenFixture href="..">
+<nts:includeDateT value="yes|no">
 ```
 
-The `href` attribute should point to the `Patient` instance containing the token, as is commonly done with the Nictiz test scripts, placed in the "_reference"-folder. The `nts:scenario` attribute on the TestScript root determines how this tag is expanded:
+If this element is present, and `value` is absent or set to "yes", a variable for setting date T will be included in the TestScript.
 
-* for "server", a variable will be created which the test script executor can set, defaulting to the value from the fixture.
-* for "client", the fixture will be included and a variable called "patient-token-id" will be created that reads the value from the fixture
+The second one deals with the authorization header for defining the patient context in the TestScript. The assumption here is that the (static) content of an `Authorization` header associated with a specific Patient resource `.id` is defined in a JSON file with the following syntax:
+```json
+{
+    "accessToken": "Bearer ...",
+    "resourceId": "[resource.id of Patient resource]",
+}
+```
 
-The token filename should end with `token.xml` and the token id should start with `Bearer`.
+This file should be passed as the `tokens.json` parameter to the build script. The token can then be imported into a TestScript using:
 
-The second element is to indicate that the "date T" variable should be defined for the testscript:
+```xml
+<nts:authToken patientResourceId="[resource.id of Patient resource]" {id="[patient-token-id]"}/>
+```
+
+This sets an NTS parameter with the specified `id`, which can then be used throughout the NTS file. `id` is usually omitted, in which case it defaults to "patient-token-id". 
 
+For example, if you included a token with id "patient-token-id", you can use it to define the Authorization header with: 
 ```xml
-<nts:includeDateT value="yes|no">
+<requestHeader>
+  <field value="Authorization"/>
+  <value value="{$patient-token}"/>  
+</requestHeader>
 ```
 
-If this element is present, and `value` is absent or set to "yes", a variable for setting date T will be included in the TestScript.
+The output depends on `nts:scenario`. For client scripts, the content of the access token will be hardcoded in the TestScript output. For server scripts, a TestScript variable will be defined that defaults to the access token, but which can be overruled by the tester. The NTS variable will be translated to this TestScript variable.
+
+There is actually a second (outdated) mechanism to import authorization tokens:
+
+```xml
+<nts:patientTokenFixture href="..">
+```
+
+The `href` attribute should point to a `Patient` instance containing the content of the authorization header as its `.id`, placed in the "_reference"-folder and with a file name ending in `-token.xml`. This will always result in definig the TestScript variable `patient-token-id`, for both client and server scripts.
 
 ### Scenario: server (xis) or client (phr)
 
@@ -357,6 +378,12 @@ Because of the verbosity of the ANT build, the logging level is set to 1 (warnin
 
 ## Changelog
 
+### 2.5.0
+- Add the tag `<nts:authToken/>` to work with authorization tokens defined in a JSON file, as is expected for mock authentication on Touchstone. This supersedes the `<nts:patientTokenFixture/>` tag.
+
+### 2.4.1
+- Make the magic _FORMAT parameter available to nts:ifset
+
 ### 2.4.0
 - Add an extra script to convert XML fixtures to JSON. This can be used separately or in conjunction with the NTS build script.
 

generate/ant/build-multiple.xml

@@ -26,6 +26,7 @@
                     <property name="lib.dir" value="${lib.dir}"/>
                     <property name="commoncomponents.dir" value="${commoncomponents.dir}"/>
                     <property name="version.addition" value="${version.addition}"/>
+                    <property name="tokens.json" value="${tokens.json}"/>
                     <property name="convert.to.json.file" value="${convert.to.json.file}"/>
                 </ant>
             </sequential>

generate/ant/build.xml

@@ -17,6 +17,7 @@
     - lib.dir                 : The directory where all build dependency's will be placed. It's a good idea to add this to
                                 .gitignore.
     - [components.dir]        : Optional - the directory containing the project components, relative to input.dir. Defaults to '_components'.
+    - [tokens.json]           : Optional - the relative path to a JSON file linking Patient resource id's to authorization tokens. This is a feature specifically for the mocked authorization mechanism on Touchstone.
     - [loadresources.exclude] : Optional - A relative path to a folder containing the fixtures or to specific filenames to be excluded from 
                                 the LoadResources script. Multiple entries can be comma separated. `*` is accepted as a wildcard.
     - [processfixtures.skip]  : Optional - If 'true' (or any other non-empty value) processing fixtures is skipped.
@@ -54,6 +55,12 @@
     <property name="commoncomponents.dir.abs" location="${commoncomponents.dir}"/>
     <property name="reference.subdir"         value="_reference"/>
 
+    <!-- Construct a file URL to the tokens JSON file. -->
+    <pathconvert property="tokens.json.url" targetos="unix">
+        <path location="${tokens.json}"/>
+        <mapper type="regexp" from="(.*)" to="file:/\1"/>
+    </pathconvert>
+    
     <!-- Try to read all project property's defined in build.properties -->
     <property file="${input.dir.abs}/build.properties"/>
 
@@ -236,6 +243,7 @@
                                     <param name="expectedResponseFormat" expression="@{expectedResponseFormat}"/>
                                     <param name="target" expression="@{target}"/>
                                     <param name="versionAddition" expression="${version.addition}"/>
+                                    <param name="tokensJsonFile" expression="${tokens.json.url}"/>
                                 </parameters>
                             </saxon-transform>
 
@@ -253,6 +261,7 @@
                             <param name="projectComponentFolder" expression="${components.dir.abs}"/>
                             <param name="target" expression="@{target}"/>
                             <param name="versionAddition" expression="${version.addition}"/>
+                            <param name="tokensJsonFile" expression="${tokens.json.url}"/>
                         </parameters>
                     </saxon-transform>
                     <collect-references testscript.path="@{output.dir}/${nts.file.newname}" references.file="@{references.file}" reference.dir.rel="@{reference.dir.rel}"/>
@@ -395,6 +404,7 @@
                     <param name="referenceBase" expression="${reference.dir.loadresourcesrelative.normalized}"/>
                     <param name="referenceDir" expression="${input.dir.abs}/${reference.subdir}/"/>
                     <param name="loadResourcesExclude" expression="${loadresources.exclude}"/>
+                    <param name="tokensJsonFile" expression="${tokens.json.url}"/>
                 </parameters>
             </saxon-transform>
 

generate/xslt/generateLoadResources.xsl

@@ -1,5 +1,10 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xd="http://www.oxygenxml.com/ns/doc/xsl" xmlns:f="http://hl7.org/fhir" exclude-result-prefixes="#all" version="2.0">
+<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+    xmlns:xs="http://www.w3.org/2001/XMLSchema"
+    xmlns:xd="http://www.oxygenxml.com/ns/doc/xsl"
+    xmlns:f="http://hl7.org/fhir"
+    xmlns:nts="http://nictiz.nl/xsl/testscript"
+    exclude-result-prefixes="#all" version="2.0">
     <!-- Stylesheet to write out the special TestScript resource that is used to load all fixtures to the test 
          server (the load script) -->
 
@@ -14,6 +19,10 @@
     <!-- Comma-separated list of paths to exclude -->
     <xsl:param name="loadResourcesExclude"/>
 
+    <!-- Include the machinery to resolve auth tokens from a JSON file. This adds the parameter tokensJSONFile, which
+         should hold an URL. -->
+    <xsl:include href="resolveAuthTokens.xsl"/>
+    
     <xsl:template match="/">
 
         <!-- Convert the reference to a file:// URL and make sure it ends with a slash. -->
@@ -59,9 +68,6 @@
             </xsl:choose>
         </xsl:variable>
 
-        <!-- And collect all bearer fixtures as file URLs -->
-        <xsl:variable name="tokens" select="collection(iri-to-uri(concat(resolve-uri($referenceDirAsUrl), '?select=', '*token.xml;recurse=yes')))/f:*"/>
-        
         <xsl:choose>
             <xsl:when test="$fixtures">
                 <!-- Write out the TestScript resource -->
@@ -117,9 +123,38 @@
                         <description value="Date that data and queries are expected to be relative to."/>
                     </variable>
 
+                    <xsl:variable name="tokens" as="element(nts:authToken)*">
+                        <xsl:variable name="tokensCached" as="element(nts:authToken)*">
+                            <!-- Collect all Patient resources that exist or are referred from other resources -->
+                            <xsl:variable name="patientReferences" as="xs:string*">
+                                <xsl:for-each select="$fixtures[local-name() = 'Patient']">
+                                    <xsl:value-of select="./f:id/@value"/>
+                                </xsl:for-each>
+                                <xsl:for-each select="$fixtures//f:reference[starts-with(@value, 'Patient/')]">
+                                    <xsl:value-of select="substring(./@value, 9)"/>
+                                </xsl:for-each>
+                            </xsl:variable>
+                            <!-- ... and find the matching tokens, if they exists in the JSON file. -->
+                            <xsl:for-each select="distinct-values($patientReferences)">
+                                <xsl:copy-of select="nts:resolveAuthToken(., '', false())"/>
+                            </xsl:for-each>
+                            
+                            <!-- Add to this the tokens from token files (where the resource id's are extracted from
+                                 the file names. --> 
+                            <xsl:for-each select="collection(iri-to-uri(concat(resolve-uri($referenceDirAsUrl), '?select=', '*token.xml;recurse=yes')))">
+                                <nts:authToken patientResourceId="{tokenize(substring-before(base-uri(), '-token.xml'), '/')[last()]}" token="{.//f:id/@value}"/>
+                            </xsl:for-each>
+                        </xsl:variable>
+                        
+                        <!-- Make everything unique by token -->
+                        <xsl:for-each-group select="$tokensCached" group-by="./@token">
+                            <xsl:copy-of select="current-group()[1]"/>
+                        </xsl:for-each-group>
+                    </xsl:variable>
+                    
                     <!-- Purge Patients in setup -->
                     <setup>
-                        <xsl:for-each select="$tokens">
+                        <xsl:for-each select="$tokens[@token]">
                             <action>
                                 <operation>
                                     <type>
@@ -130,10 +165,10 @@
                                     <accept value="xml"/>
                                     <contentType value="xml"/>
                                     <encodeRequestUrl value="true"/>
-                                    <params value="{tokenize(substring-before(base-uri(), '-token.xml'), '/')[last()]}/$purge"/>
+                                    <params value="{./@patientResourceId}/$purge"/>
                                     <requestHeader>
                                         <field value="Authorization"/>
-                                        <value value="{f:id/@value}"/>
+                                        <value value="{./@token}"/>
                                     </requestHeader>
                                 </operation>
                             </action>
@@ -177,12 +212,12 @@
                                         <field value="Authorization"/>
                                         <!-- KT-330: In MedMij R4, it is required to use the correct patient token for updateCreate of Patients, but it doesn't hurt for STU3 -->
                                         <xsl:choose>
-                                            <xsl:when test="$tokens[contains(base-uri(), $resourceId)]">
-                                                <value value="{$tokens[contains(base-uri(), $resourceId)][1]/f:id/@value}"/>
+                                            <xsl:when test="$tokens[@token != '' and @patientResourceId = $resourceId]">
+                                                <value value="{$tokens[@token != '' and @patientResourceId = $resourceId]/@token}"/>
                                             </xsl:when>
                                             <xsl:otherwise>
                                                 <!-- Use first patient token, or should we check fixture .subject to determine correct token? -->
-                                                <value value="{$tokens[1]/f:id/@value}"/>
+                                                <value value="{$tokens[@token != ''][1]/@token}"/>
                                             </xsl:otherwise>
                                         </xsl:choose>
                                     </requestHeader>

generate/xslt/generateTestScript.xsl

@@ -2,6 +2,9 @@
     xmlns="http://hl7.org/fhir"
     xmlns:f="http://hl7.org/fhir"
     xmlns:xs="http://www.w3.org/2001/XMLSchema"
+    xmlns:fn="http://www.w3.org/2005/xpath-functions"
+    xmlns:array="http://www.w3.org/2005/xpath-functions/array"
+    xmlns:map="http://www.w3.org/2005/xpath-functions/map"
     xmlns:nts="http://nictiz.nl/xsl/testscript"
     exclude-result-prefixes="#all">
     <xsl:output method="xml" indent="yes"/>
@@ -29,6 +32,10 @@
     <!-- Optional string that will be appended verbatim to the verson string. If there is no version element in the
          input, it will be set to this parameter. -->
     <xsl:param name="versionAddition" select="''"/>
+
+    <!-- Include the machinery to resolve auth tokens from a JSON file. This adds the parameter tokensJSONFile, which
+         should hold an URL. -->
+    <xsl:include href="resolveAuthTokens.xsl"/>
 
     <!-- The main template, which will call the remaining templates. -->
     <xsl:template name="generate" match="f:TestScript">
@@ -47,13 +54,46 @@
         <xsl:if test="$scenario = 'server' and not($expectedResponseFormat = ('xml', 'json'))">
             <xsl:message terminate="yes" select="concat('Invalid value ''', $expectedResponseFormat, ''' for parameter ''expectedResponseFormat''; should be either ''xml'' or ''json''')"></xsl:message>
         </xsl:if>
+
+        <!-- Extract the authorization tokens specified using the nts:authToken element(s). These tokens can then be used within 
+             the nts:authHeader element, referenced by their id. -->
+        <xsl:if test="count(//nts:authToken[@patientResourceId]) &gt; 0 and not($tokensJsonFile)">
+            <xsl:message terminate="yes">If you use the nts:authToken element, you need to pass in a file containing the tokens using the tokensJsonFile parameter.</xsl:message>
+        </xsl:if>
+        <xsl:if test="count(//nts:authToken[not(@id)]) &gt; 1">
+            <xsl:message terminate="yes">When using multiple nts:authToken elements, at most one may have the default id. All other instances must be uniquely identified with an id.</xsl:message>
+        </xsl:if>
+        <xsl:variable name="authTokens" as="element(nts:authToken)*">
+            <xsl:for-each select="//nts:authToken[@patientResourceId]">
+                <xsl:variable name="id" select="if (.[@id]) then ./@id else 'patient-token-id'"/>
+                <xsl:copy-of select="nts:resolveAuthToken(./@patientResourceId, $id, true())"/>
+            </xsl:for-each>
+        </xsl:variable>
+        
+        <!-- Seed the parameters used during expansion with the id's of nts:authToken declarations.
+             The value of these "magic" parameters depend on the scenario. For server scripts, this will be expanded
+             to a corresponding TestScript variable. For client scripts, this will contain the literal content of the
+             token. -->
+        <xsl:variable name="inclusionParameters" as="element(nts:with-parameter)*">
+            <xsl:for-each select="$authTokens">
+                <xsl:if test="$scenario = 'server'">
+                    <nts:with-parameter name="{./@id}" value="{concat('${', ./@id, '}')}"/>    
+                </xsl:if>
+                <xsl:if test="$scenario = 'client'">
+                    <nts:with-parameter name="{./@id}" value="{./@token}"/>
+                </xsl:if>
+            </xsl:for-each>
+        </xsl:variable>
+        
 
         <!-- Expand all the Nictiz inclusion elements to their FHIR representation --> 
         <xsl:variable name="expanded">
             <xsl:apply-templates mode="expand" select=".">
                 <xsl:with-param name="scenario" select="$scenario" tunnel="yes"/>
                 <xsl:with-param name="expectedResponseFormat" select="$expectedResponseFormat" tunnel="yes"/>
                 <xsl:with-param name="basePath" select="$basePath" tunnel="yes"/>
+                <xsl:with-param name="inclusionParameters" select="$inclusionParameters" tunnel="yes"/>
+                <xsl:with-param name="authTokens" select="$authTokens" tunnel="yes"/>
             </xsl:apply-templates>
         </xsl:variable>
 
@@ -376,6 +416,22 @@
         </xsl:choose>
     </xsl:template>
 
+    <!-- Expand an nts:authToken element. For server scripts, this will result in a variable with a default value which
+         the tester can override. For client scripts, this doesn't result in any output (but the element is used 
+         beforehand for finding the correct authorization token to use. -->
+    <xsl:template match="nts:authToken[@patientResourceId]" mode="expand">
+        <xsl:param name="scenario" tunnel="yes"/>
+        <xsl:param name="authTokens" tunnel="yes"/>
+        
+        <xsl:if test="$scenario='server'">
+            <variable>
+                <name value="{if (.[@id]) then ./@id else 'patient-token-id'}"/>
+                <defaultValue value="{$authTokens[@id = ./@id]/@token}"/>
+                <description value="OAuth Token for current patient"/>
+            </variable>
+        </xsl:if>
+    </xsl:template>
+    
     <!-- Expand an nts:patientTokenFixture element to create a variable called 'patient-token-id'. How this is handled
          is different for server and client scripts:
          - for a server script, it will be provided with a default value read from the fixture, which can be overridden
@@ -694,7 +750,6 @@
         <xsl:value-of select="$fullFilename"/>
     </xsl:function>
 
-    
     <!-- Construct a file path from the elements.
          param base is the folder where the file resides
          param filename is the name of the file in the folder including the extension