def add_required_clinical_data(self): " Add clinical data to get beyond the landing page " for cc in CC.BIOPSY, CC.PCaDIAG, CC.PCaLocalized: get_user(TEST_USER_ID).save_constrained_observation( codeable_concept=cc, value_quantity=CC.TRUE_VALUE, audit=Audit(user_id=TEST_USER_ID, subject_id=TEST_USER_ID))
def testP3Pstrategy(self): # Prior to meeting conditions in strategy, user shouldn't have access # (provided we turn off public access) INTERVENTION.DECISION_SUPPORT_P3P.public_access = False INTERVENTION.SEXUAL_RECOVERY.public_access = False # part of strat. user = self.test_user assert not INTERVENTION.DECISION_SUPPORT_P3P.display_for_user( user).access # Fulfill conditions enc = Encounter(status='in-progress', auth_method='url_authenticated', user_id=TEST_USER_ID, start_time=datetime.utcnow()) with SessionScope(db): db.session.add(enc) db.session.commit() self.add_procedure(code='424313000', display='Started active surveillance') get_user(TEST_USER_ID).save_observation( codeable_concept=CC.PCaLocalized, value_quantity=CC.TRUE_VALUE, audit=Audit(user_id=TEST_USER_ID, subject_id=TEST_USER_ID), status=None, issued=None) self.promote_user(user, role_name=ROLE.PATIENT.value) with SessionScope(db): db.session.commit() user = db.session.merge(user) # P3P strategy should now be in view for test user assert INTERVENTION.DECISION_SUPPORT_P3P.display_for_user(user).access
def testP3Pstrategy(self): # Prior to meeting conditions in strategy, user shouldn't have access # (provided we turn off public access) INTERVENTION.DECISION_SUPPORT_P3P.public_access = False INTERVENTION.SEXUAL_RECOVERY.public_access = False # part of strat. user = self.test_user assert not INTERVENTION.DECISION_SUPPORT_P3P.display_for_user( user).access # Fulfill conditions enc = Encounter(status='in-progress', auth_method='url_authenticated', user_id=TEST_USER_ID, start_time=datetime.utcnow()) with SessionScope(db): db.session.add(enc) db.session.commit() self.add_procedure( code='424313000', display='Started active surveillance') get_user(TEST_USER_ID).save_observation( codeable_concept=CC.PCaLocalized, value_quantity=CC.TRUE_VALUE, audit=Audit(user_id=TEST_USER_ID, subject_id=TEST_USER_ID), status=None, issued=None) self.promote_user(user, role_name=ROLE.PATIENT.value) with SessionScope(db): db.session.commit() user = db.session.merge(user) # P3P strategy should now be in view for test user assert INTERVENTION.DECISION_SUPPORT_P3P.display_for_user(user).access
def test_submit_assessment_for_qb(self): swagger_spec = swagger(self.app) data = swagger_spec['definitions']['QuestionnaireResponse']['example'] rp = ResearchProtocol(name='proto') with SessionScope(db): db.session.add(rp) db.session.commit() rp = db.session.merge(rp) rp_id = rp.id qn = self.add_questionnaire(name='epic26') org = Organization(name="testorg") org.research_protocols.append(rp) with SessionScope(db): db.session.add(qn) db.session.add(org) db.session.commit() qn, org = map(db.session.merge, (qn, org)) qb = QuestionnaireBank(name='Test Questionnaire Bank', classification='baseline', research_protocol_id=rp_id, start='{"days": 0}', overdue='{"days": 7}', expired='{"days": 90}') qbq = QuestionnaireBankQuestionnaire(questionnaire=qn, rank=0) qb.questionnaires.append(qbq) test_user = get_user(TEST_USER_ID) test_user.organizations.append(org) audit = Audit(user_id=TEST_USER_ID, subject_id=TEST_USER_ID) uc = UserConsent(user_id=TEST_USER_ID, organization=org, audit=audit, agreement_url='http://no.com') with SessionScope(db): db.session.add(qb) db.session.add(test_user) db.session.add(audit) db.session.add(uc) db.session.commit() qb = db.session.merge(qb) self.login() response = self.client.post( '/api/patient/{}/assessment'.format(TEST_USER_ID), content_type='application/json', data=json.dumps(data), ) assert response.status_code == 200 test_user = get_user(TEST_USER_ID) assert test_user.questionnaire_responses.count() == 1 assert test_user.questionnaire_responses[0].questionnaire_bank_id ==\ qb.id
def test_submit_assessment_for_qb(self): swagger_spec = swagger(self.app) data = swagger_spec['definitions']['QuestionnaireResponse']['example'] rp = ResearchProtocol(name='proto') with SessionScope(db): db.session.add(rp) db.session.commit() rp = db.session.merge(rp) rp_id = rp.id qn = self.add_questionnaire(name='epic26') org = Organization(name="testorg") org.research_protocols.append(rp) with SessionScope(db): db.session.add(qn) db.session.add(org) db.session.commit() qn, org = map(db.session.merge, (qn, org)) qb = QuestionnaireBank( name='Test Questionnaire Bank', classification='baseline', research_protocol_id=rp_id, start='{"days": 0}', overdue='{"days": 7}', expired='{"days": 90}') qbq = QuestionnaireBankQuestionnaire(questionnaire=qn, rank=0) qb.questionnaires.append(qbq) test_user = get_user(TEST_USER_ID) test_user.organizations.append(org) authored = FHIR_datetime.parse(data['authored']) audit = Audit(user_id=TEST_USER_ID, subject_id=TEST_USER_ID) uc = UserConsent( user_id=TEST_USER_ID, organization=org, audit=audit, agreement_url='http://no.com', acceptance_date=authored) with SessionScope(db): db.session.add(qb) db.session.add(test_user) db.session.add(audit) db.session.add(uc) db.session.commit() self.promote_user(role_name=ROLE.PATIENT.value) self.login() response = self.client.post( '/api/patient/{}/assessment'.format(TEST_USER_ID), json=data) assert response.status_code == 200 test_user = get_user(TEST_USER_ID) qb = db.session.merge(qb) assert test_user.questionnaire_responses.count() == 1 assert ( test_user.questionnaire_responses[0].questionnaire_bank_id == qb.id)
def add_required_clinical_data(self, backdate=None, setdate=None): """Add clinical data to get beyond the landing page :param backdate: timedelta value. Define to mock Dx happening said period in the past :param setdate: datetime value. Define to mock Dx happening at given time """ audit = Audit(user_id=TEST_USER_ID, subject_id=TEST_USER_ID) for cc in CC.BIOPSY, CC.PCaDIAG, CC.PCaLocalized: get_user(TEST_USER_ID).save_observation( codeable_concept=cc, value_quantity=CC.TRUE_VALUE, audit=audit, status='preliminary', issued=calc_date_params( backdate=backdate, setdate=setdate))
def test_post_patient_report(self): #tests whether we can successfully post a patient report -type user doc file client = self.add_client() client.intervention = INTERVENTION.SEXUAL_RECOVERY create_service_token(client=client, user=get_user(TEST_USER_ID)) self.login() test_contents = "This is a test." with NamedTemporaryFile( prefix='udoc_test_', suffix='.pdf', delete=True, ) as temp_pdf: temp_pdf.write(test_contents) temp_pdf.seek(0) tempfileIO = BytesIO(temp_pdf.read()) rv = self.client.post( '/api/user/{}/patient_report'.format(TEST_USER_ID), content_type='multipart/form-data', data=dict({'file': (tempfileIO, temp_pdf.name)})) self.assert200(rv) udoc = db.session.query(UserDocument).order_by( UserDocument.id.desc()).first() fpath = os.path.join(current_app.root_path, current_app.config.get("FILE_UPLOAD_DIR"), str(udoc.uuid)) with open(fpath, 'r') as udoc_file: self.assertEqual(udoc_file.read(), test_contents) os.remove(fpath) self.assertEqual(udoc.user_id, TEST_USER_ID) self.assertEqual(udoc.intervention.description, INTERVENTION.SEXUAL_RECOVERY.description)
def test_post_patient_report(self): # tests whether we can successfully post a patient report -type # user doc file client = self.add_client() client.intervention = INTERVENTION.SEXUAL_RECOVERY create_service_token(client=client, user=get_user(TEST_USER_ID)) self.login() test_contents = b"This is a test." response = self.client.post( '/api/user/{}/patient_report'.format(TEST_USER_ID), content_type='multipart/form-data', data={'file': (BytesIO(test_contents), 'udoc_test.pdf')}) assert response.status_code == 200 udoc = db.session.query(UserDocument).order_by( UserDocument.id.desc()).first() fpath = os.path.join(current_app.root_path, current_app.config.get("FILE_UPLOAD_DIR"), str(udoc.uuid)) with open(fpath, 'rb') as udoc_file: assert udoc_file.read() == test_contents os.remove(fpath) assert udoc.user_id == TEST_USER_ID assert (udoc.intervention.description == INTERVENTION.SEXUAL_RECOVERY.description)
def test_post_patient_report(self): # tests whether we can successfully post a patient report -type # user doc file client = self.add_client() client.intervention = INTERVENTION.SEXUAL_RECOVERY create_service_token(client=client, user=get_user(TEST_USER_ID)) self.login() test_contents = b"This is a test." response = self.client.post( '/api/user/{}/patient_report'.format(TEST_USER_ID), content_type='multipart/form-data', data={'file': (BytesIO(test_contents), 'udoc_test.pdf')}) assert response.status_code == 200 udoc = db.session.query(UserDocument).order_by( UserDocument.id.desc()).first() fpath = os.path.join( current_app.root_path, current_app.config.get("FILE_UPLOAD_DIR"), str(udoc.uuid)) with open(fpath, 'rb') as udoc_file: assert udoc_file.read() == test_contents os.remove(fpath) assert udoc.user_id == TEST_USER_ID assert (udoc.intervention.description == INTERVENTION.SEXUAL_RECOVERY.description)
def test_redirect_validation(self): self.promote_user(role_name=ROLE.ADMIN.value) self.promote_user(role_name=ROLE.STAFF.value) org = Organization(name='test org') user = get_user(TEST_USER_ID) with SessionScope(db): db.session.add(org) user.organizations.append(org) db.session.commit() self.login() client = self.add_client() client_url = client._redirect_uris local_url = "http://{}/home?test".format( self.app.config.get('SERVER_NAME')) invalid_url = 'http://invalid.org' # validate redirect of /website-consent-script GET response = self.client.get( '/website-consent-script/{}'.format(TEST_USER_ID), query_string={'redirect_url': local_url} ) assert response.status_code == 200 response2 = self.client.get( '/website-consent-script/{}'.format(TEST_USER_ID), query_string={'redirect_url': invalid_url} ) assert response2.status_code == 401 # validate session login redirect with valid url oauth_info = { 'user_id': TEST_USER_ID, 'next': client_url, } response3 = self.login(oauth_info=oauth_info) assert response3.status_code == 200 # validate session login redirect with invalid url oauth_info['next'] = invalid_url response4 = self.login(oauth_info=oauth_info) assert response4.status_code == 401 # validate provider login redirect with invalid url oauth_info = dict(OAUTH_INFO_PROVIDER_LOGIN) oauth_info['next'] = invalid_url response5 = self.login(oauth_info=oauth_info) assert response5.status_code == 401 # validate redirect of /challenge POST formdata = {'user_id': TEST_USER_ID, 'next_url': local_url} response6 = self.client.post('/challenge', data=formdata) assert response6.status_code == 200 formdata['next_url'] = invalid_url response7 = self.client.post('/challenge', data=formdata) assert response7.status_code == 401
def test_redirect_validation(self): self.promote_user(role_name=ROLE.ADMIN.value) self.promote_user(role_name=ROLE.STAFF.value) org = Organization(name='test org') user = get_user(TEST_USER_ID) with SessionScope(db): db.session.add(org) user.organizations.append(org) db.session.commit() self.login() client = self.add_client() client_url = client._redirect_uris local_url = "http://{}/home?test".format( self.app.config.get('SERVER_NAME')) invalid_url = 'http://invalid.org' # validate redirect of /website-consent-script GET response = self.client.get( '/website-consent-script/{}'.format(TEST_USER_ID), query_string={'redirect_url': local_url}) assert response.status_code == 200 response2 = self.client.get( '/website-consent-script/{}'.format(TEST_USER_ID), query_string={'redirect_url': invalid_url}) assert response2.status_code == 401 # validate session login redirect with valid url oauth_info = { 'user_id': TEST_USER_ID, 'next': client_url, } response3 = self.login(oauth_info=oauth_info) assert response3.status_code == 200 # validate session login redirect with invalid url oauth_info['next'] = invalid_url response4 = self.login(oauth_info=oauth_info) assert response4.status_code == 401 # validate provider login redirect with invalid url oauth_info = dict(OAUTH_INFO_PROVIDER_LOGIN) oauth_info['next'] = invalid_url response5 = self.login(oauth_info=oauth_info) assert response5.status_code == 401 # validate redirect of /challenge POST formdata = {'user_id': TEST_USER_ID, 'next_url': local_url} response6 = self.client.post('/challenge', data=formdata) assert response6.status_code == 200 formdata['next_url'] = invalid_url response7 = self.client.post('/challenge', data=formdata) assert response7.status_code == 401
def test_redirect_validation(self): self.promote_user(role_name=ROLE.ADMIN.value) self.promote_user(role_name=ROLE.STAFF.value) org = Organization(name='test org') user = get_user(TEST_USER_ID) with SessionScope(db): db.session.add(org) user.organizations.append(org) db.session.commit() self.login() client = self.add_client() client_url = client._redirect_uris local_url = "http://{}/home?test".format(self.app.config.get('SERVER_NAME')) invalid_url = 'http://invalid.org' # validate redirect of /website-consent-script GET rv = self.client.get('/website-consent-script/{}?redirect_url=' '{}'.format(TEST_USER_ID, local_url)) self.assert200(rv) rv2 = self.client.get('/website-consent-script/{}?redirect_url=' '{}'.format(TEST_USER_ID, invalid_url)) self.assert401(rv2) # validate redirect of /login/<provider> GET rv3 = self.client.get('/login/TESTING?user_id={}&next=' '{}'.format(TEST_USER_ID, client_url), follow_redirects=True) self.assert200(rv3) rv4 = self.client.get('/login/TESTING?user_id={}&next=' '{}'.format(TEST_USER_ID, invalid_url), follow_redirects=True) self.assert401(rv4) # validate redirect of /challenge POST formdata = {'user_id': TEST_USER_ID, 'next_url': local_url} rv5 = self.client.post('/challenge', data=formdata) self.assert200(rv5) formdata['next_url'] = invalid_url rv6 = self.client.post('/challenge', data=formdata) self.assert401(rv6)
def mock_qr(instrument_id, status='completed', timestamp=None, qb=None, doc_id=None, iteration=None): if not doc_id: doc_id = ''.join(choice(ascii_letters) for _ in range(10)) timestamp = timestamp or datetime.utcnow() qr_document = { "questionnaire": { "display": "Additional questions", "reference": "https://{}/api/questionnaires/{}".format('SERVER_NAME', instrument_id) }, "identifier": { "use": "official", "label": "cPRO survey session ID", "value": doc_id, "system": "https://stg-ae.us.truenth.org/eproms-demo" } } enc = Encounter(status='planned', auth_method='url_authenticated', user_id=TEST_USER_ID, start_time=timestamp) with SessionScope(db): db.session.add(enc) db.session.commit() enc = db.session.merge(enc) qb = qb or QuestionnaireBank.most_current_qb(get_user(TEST_USER_ID), timestamp).questionnaire_bank qr = QuestionnaireResponse(subject_id=TEST_USER_ID, status=status, authored=timestamp, document=qr_document, encounter_id=enc.id, questionnaire_bank=qb, qb_iteration=iteration) with SessionScope(db): db.session.add(qr) db.session.commit() invalidate_assessment_status_cache(TEST_USER_ID)
def mock_qr( instrument_id, status='completed', timestamp=None, qb=None, doc_id=None, iteration=None, user_id=TEST_USER_ID, entry_method=None): if not doc_id: doc_id = ''.join(choice(ascii_letters) for _ in range(10)) timestamp = timestamp or datetime.utcnow() qr_document = { "questionnaire": { "display": "Additional questions", "reference": "https://{}/api/questionnaires/{}".format( 'SERVER_NAME', instrument_id)}, "identifier": { "use": "official", "label": "cPRO survey session ID", "value": doc_id, "system": "https://stg-ae.us.truenth.org/eproms-demo"} } enc = Encounter( status='planned', auth_method='url_authenticated', user_id=user_id, start_time=timestamp) if entry_method: enc.type.append(entry_method.codings[0]) with SessionScope(db): db.session.add(enc) db.session.commit() enc = db.session.merge(enc) if not qb: qstats = QB_Status(get_user(user_id), timestamp) qbd = qstats.current_qbd() qb, iteration = qbd.questionnaire_bank, qbd.iteration qr = QuestionnaireResponse( subject_id=user_id, status=status, authored=timestamp, document=qr_document, encounter_id=enc.id, questionnaire_bank=qb, qb_iteration=iteration) with SessionScope(db): db.session.add(qr) db.session.commit() invalidate_users_QBT(user_id=user_id)