def test_check_access_interaction_and_resource_type_no_resource(self): """ Tests no SupportedResourceType found returns 404 """ rr = get_resourcerouter() SupportedResourceType.objects.create( resource_name='Person-other', fhir_source=rr, resourceType='Person', secure_access=True, json_schema='{}', get=True, put=True, create=True, read=True, vread=True, update=False, delete=False, search=False, history=False, override_url_id=True, override_search=True, search_block="['Patient', 'patient', ]", search_add="patient=%PATIENT%" ) resource_type = 'Encounter' interaction_type = 'read' rr = get_resourcerouter() response = check_access_interaction_and_resource_type(resource_type, interaction_type, rr) self.assertEqual(response.status_code, 404)
def test_check_access_interaction_and_resource_type(self): """ test resource_type and interaction_type from SupportedResourceType """ """ Test 1: Patient GET = True """ resource_type = 'Patient' interaction_type = 'get' # True rr = get_resourcerouter() response = check_access_interaction_and_resource_type( resource_type, interaction_type, rr) self.assertEquals(response, False) """ Test 2: Patient get = True """ resource_type = 'Patient' interaction_type = 'GET' # True rr = get_resourcerouter() response = check_access_interaction_and_resource_type( resource_type, interaction_type, rr) self.assertEquals(response, False) """ Test 3: Patient UPdate = False """ resource_type = 'Patient' interaction_type = 'UPdate' # False rr = get_resourcerouter() response = check_access_interaction_and_resource_type( resource_type, interaction_type, rr) self.assertEquals(response.status_code, 403) """ Test 4: Patient UPdate = False """ resource_type = 'BadResourceName' interaction_type = 'get' # False rr = get_resourcerouter() response = check_access_interaction_and_resource_type( resource_type, interaction_type, rr) self.assertEquals(response.status_code, 404)
def test_check_access_interaction_and_resource_type_valid(self): """ Tests that SupportedResourceType returns valid result = False resource_name = 'Patient', fhir_source = 1, resourceType = 'Patient', secure_access = true, json_schema = '{}', get = true, put = true, create = true, read = true, vread = true, update = false, delete = false, search = false, history = false, override_url_id = true, override_search = true, search_block = "['Patient', 'patient', ]", search_add = "patient=%PATIENT%" """ rr = get_resourcerouter() SupportedResourceType.objects.create( resource_name='Person-First', fhir_source=rr, resourceType='Person', secure_access=True, json_schema='{}', get=True, put=True, create=True, read=True, vread=True, update=False, delete=False, search=False, history=False, override_url_id=True, override_search=True, search_block="['Patient', 'patient', ]", search_add="patient=%PATIENT%" ) resource_type = 'Person' interaction_type = 'read' rr = get_resourcerouter() response = check_access_interaction_and_resource_type(resource_type, interaction_type, rr) self.assertEqual(response, False)
def get_interactions(resource, item, rr=None): """ filter interactions within an approved resource interaction":[{"code":"read"}, {"code":"vread"}, {"code":"update"}, {"code":"delete"}, {"code":"history-instance"}, {"code":"history-type"}, {"code":"create"}, {"code":"search-type"} """ # DONE: Add rr to call if rr is None: rr = get_resourcerouter() valid_interactions = valid_interaction(resource, rr) permitted_interactions = [] # Now we have a resource let's filter the interactions for k, v in item.items(): if k == 'interaction': # We have a list of codes for interactions. # We have to filter them for action in v: # OrderedDict item with ('code', 'interaction') if action['code'] in valid_interactions: permitted_interactions.append(action) # Now we can replace item['interaction'] item['interaction'] = permitted_interactions return item
def history(request, resource_type, id): interaction_type = '_history' cx = get_crosswalk(request.user) # cx will be the crosswalk record or None rr = get_resourcerouter(cx) # Check if this interaction type and resource type combo is allowed. deny = check_access_interaction_and_resource_type(resource_type, interaction_type, rr) if deny: # If not allowed, return a 4xx error. return deny # Read Search Interaction # Example client use in curl: # curl -X GET http://127.0.0.1:8000/fhir/Practitioner/12345/_history if request.method != 'GET': msg = 'HTTP method %s not supported at this URL.' % (request.method) return kickout_400(msg) # testing direct response # return FHIR_BACKEND.history(request, resource_type, id) od = OrderedDict() od['request_method'] = request.method od['interaction_type'] = '_history' od['resource_type'] = resource_type od['id'] = id od['note'] = 'This is only a stub for future implementation' return HttpResponse(json.dumps(od, indent=4), content_type='application/json')
def create_user(group): if User.objects.filter(username="******").exists(): User.objects.filter(username="******").delete() u = User.objects.create_user(username="******", first_name="Fred", last_name="Flinstone", email='*****@*****.**', password="******",) UserProfile.objects.create(user=u, user_type="BEN", create_applications=True, password_reset_question_1='1', password_reset_answer_1='blue', password_reset_question_2='2', password_reset_answer_2='Frank', password_reset_question_3='3', password_reset_answer_3='Bentley') u.groups.add(group) c, g_o_c = Crosswalk.objects.get_or_create(user=u, fhir_id=settings.DEFAULT_SAMPLE_FHIR_ID, fhir_source=get_resourcerouter()) return u
def conformance_filter(text_block, resource_router): """ Filter FHIR Conformance Statement based on supported ResourceTypes """ # Get a list of resource names if resource_router is None: resource_router = get_resourcerouter() resource_names = get_resource_names(resource_router) ct = 0 if text_block: if 'rest' in text_block: for k in text_block['rest']: for i, v in k.items(): if i == 'resource': supp_resources = get_supported_resources( v, resource_names) text_block['rest'][ct]['resource'] = supp_resources ct += 1 else: text_block = "" else: text_block = "" return text_block
def test_with_default(self): """ Create a ResourceRouter Entry and compare result """ r_type = 'Patient' r_name = "Patient new" non_default = "https://example.com/fhir/crap/" rr = ResourceRouter.objects.create(name="Test Server", fhir_url=non_default) srtc = SupportedResourceType.objects.create(resourceType=r_type, resource_name=r_name, fhir_source=rr) # list_of_resources = SupportedResourceType.objects.all() rr.supported_resource.add(srtc) if rr: True # will return the path for the default ResourceRouter entry # unless the cx record overrides default_path = get_default_path(r_name) rr_expected = get_resourcerouter() self.assertEqual(default_path, rr_expected.fhir_url)
def conformance_filter(text_block, fmt, rr=None): """ Filter FHIR Conformance Statement based on supported ResourceTypes """ # if fmt == "xml": # # First attempt at xml filtering # # logger.debug("xml block as text:\n%s" % text_block) # # xml_dict = xml_to_dict(text_block) # # logger.debug("xml dict:\n%s" % xml_dict) # return xml_dict # Get a list of resource names if rr is None: rr = get_resourcerouter() resource_names = get_resource_names(rr) ct = 0 if text_block: if 'rest' in text_block: for k in text_block['rest']: for i, v in k.items(): if i == 'resource': supp_resources = get_supported_resources(v, resource_names, rr) text_block['rest'][ct]['resource'] = supp_resources ct += 1 else: text_block = "" else: text_block = "" return text_block
def save(self): self.instance.username = self.instance.email self.instance.is_active = False user = super().save() UserProfile.objects.create(user=user, organization_name=self.cleaned_data[ 'organization_name'], user_type="DEV", create_applications=True) # Attach the user to the default patient. Crosswalk.objects.create(user=user, fhir_source=get_resourcerouter(), fhir_id=settings.DEFAULT_SAMPLE_FHIR_ID) group = Group.objects.get(name='BlueButton') user.groups.add(group) # Assign user to identification label ident = self.cleaned_data['identification_choice'] ident.users.add(user) ident.save() # Send a verification email create_activation_key(user) return user
def read(request, resource_type, id): """ Read FHIR Interaction Example client use in curl: curl -X GET http://127.0.0.1:8000/fhir/Practitioner/1234 """ interaction_type = 'read' cx = get_crosswalk(request.user) # cx will be the crosswalk record or None rr = get_resourcerouter(cx) # Check if this interaction type and resource type combo is allowed. deny = check_access_interaction_and_resource_type(resource_type, interaction_type, rr) if deny: # If not allowed, return a 4xx error. return deny od = OrderedDict() od['request_method'] = request.method od['interaction_type'] = interaction_type od['resource_type'] = resource_type od['id'] = id od['note'] = 'This is only a stub for future implementation' return HttpResponse(json.dumps(od, indent=4), content_type='application/json')
def create_user(group, row): if User.objects.filter(username=row["username"]).exists(): User.objects.filter(username=row["username"]).delete() u = User.objects.create_user(username=row["username"], first_name=row["first_name"], last_name=row["last_name"], email=row["email"], password=row["password"]) UserProfile.objects.create(user=u, user_type=row["user_type"], create_applications=True, password_reset_question_1='1', password_reset_answer_1='blue', password_reset_question_2='2', password_reset_answer_2='Frank', password_reset_question_3='3', password_reset_answer_3='Bentley') u.groups.add(group) c, g_o_c = Crosswalk.objects.get_or_create(user=u, fhir_id=row["patient"], fhir_source=get_resourcerouter()) return u
def test_FhirServerAuth(self): """ Check FHIR Server ClientAuth settings """ """ Test 1: pass nothing""" resource_router = get_resourcerouter() expected = {} expected['client_auth'] = resource_router.client_auth expected['cert_file'] = os.path.join(settings.FHIR_CLIENT_CERTSTORE, resource_router.cert_file) expected['key_file'] = os.path.join(settings.FHIR_CLIENT_CERTSTORE, resource_router.key_file) response = FhirServerAuth() self.assertDictEqual(response, expected) """ Test 2: pass crosswalk """ crosswalk = Crosswalk.objects.get(pk=1) response = FhirServerAuth(crosswalk) expected = { 'client_auth': crosswalk.fhir_source.client_auth, 'cert_file': os.path.join(settings.FHIR_CLIENT_CERTSTORE, crosswalk.fhir_source.cert_file), 'key_file': os.path.join(settings.FHIR_CLIENT_CERTSTORE, crosswalk.fhir_source.key_file) } self.assertDictEqual(response, expected)
def test_FhirServerUrl(self): """ Build a fhir server url """ """ Test 1: Pass all parameters """ response = FhirServerUrl('http://localhost:8000', '/any_path', '/release') expected = 'http://localhost:8000/any_path/release/' self.assertEquals(response, expected) """ Test 2: Pass no parameters """ response = FhirServerUrl() # Should pull from _start.settings.base.py # FHIR_SERVER_CONF = {"SERVER":"http://fhir.bbonfhir.com/", # "PATH":"fhir-p/", # "RELEASE":"baseDstu2/", # "REWRITE_FROM":"http://ec2-52-4-198-86.compute-1. # amazonaws.com:8080/baseDstu2", # "REWRITE_TO":"http://localhost:8000/bluebutton/fhir/v1"} rr = get_resourcerouter() if settings.RUNNING_PYTHON2: rr_server_address = rr.server_address.encode('utf-8') else: rr_server_address = rr.server_address expected = rr_server_address expected += rr.server_path expected += rr.server_release if expected.endswith('/'): pass else: expected += '/' # expected = 'http://fhir.bbonfhir.com/fhir-p/baseDstu2/' self.assertEquals(response, expected)
def test_FhirServerAuth(self): """ Check FHIR Server ClientAuth settings """ """ Test 1: pass nothing""" rr = get_resourcerouter() expected = {} expected['client_auth'] = rr.client_auth expected['cert_file'] = os.path.join(settings.FHIR_CLIENT_CERTSTORE, rr.cert_file) expected['key_file'] = os.path.join(settings.FHIR_CLIENT_CERTSTORE, rr.key_file) response = FhirServerAuth() # print("Test 1: FHIRServerAuth %s %s" % (response, expected)) self.assertDictEqual(response, expected) """ Test 2: pass cx """ cx = Crosswalk.objects.get(pk=1) response = FhirServerAuth(cx) expected = { 'client_auth': cx.fhir_source.client_auth, 'cert_file': os.path.join(settings.FHIR_CLIENT_CERTSTORE, cx.fhir_source.cert_file), 'key_file': os.path.join(settings.FHIR_CLIENT_CERTSTORE, cx.fhir_source.key_file) } # print("\n Test 2: FHIRServerAuth %s %s" % (response, expected)) self.assertDictEqual(response, expected)
def get_and_update_user(user_info): username = convert_sls_uuid(user_info['sub']) try: user = User.objects.get(username=username) if not user.first_name: user.first_name = user_info['given_name'] if not user.last_name: user.last_name = user_info['family_name'] if not user.email: user.email = user_info['email'] user.save() except User.DoesNotExist: # Create a new user. Note that we can set password # to anything, because it won't be checked. user = User(username=username, password='', first_name=user_info['given_name'], last_name=user_info['family_name'], email=user_info['email']) user.set_unusable_password() user.save() UserProfile.objects.get_or_create(user=user, user_type='BEN') group = Group.objects.get(name='BlueButton') user.groups.add(group) # Log in the user user.backend = 'django.contrib.auth.backends.ModelBackend' # Determine patient_id fhir_source = get_resourcerouter() crosswalk, _ = Crosswalk.objects.get_or_create(user=user, fhir_source=fhir_source) hicn = user_info.get('hicn', "") crosswalk.set_hicn(hicn) crosswalk.save() try: backend_data = authenticate_crosswalk(crosswalk) # Get first and last name from FHIR if not in OIDC Userinfo response. if user_info['given_name'] == "" or user_info['family_name'] == "": if 'entry' in backend_data: if 'name' in backend_data['entry'][0]['resource']: names = backend_data['entry'][0]['resource']['name'] first_name = "" last_name = "" for n in names: if n['use'] == 'usual': last_name = n['family'] first_name = n['given'][0] if last_name or first_name: user.first_name = first_name user.last_name = last_name user.save() except (UpstreamServerException, exceptions.NotFound): logger.error("Failed to connect Beneficiary " "to FHIR") return user
def set_sample_patient_id(backend, user, response, *args, **kwargs): """If authenticating through Google, set patient_id to sample.""" if backend.name == 'google-oauth2': fhir_source = get_resourcerouter() cx, g_o_c = Crosswalk.objects.get_or_create( user=user, fhir_source=fhir_source) cx.fhir_id = getattr(settings, 'DEFAULT_SAMPLE_FHIR_ID', '3979') cx.save() return {'fhir_id': cx.fhir_id, 'patient_id': cx.fhir_id}
def fhir_conformance(request, via_oauth=False, v2=False, *args): """ Pull and filter fhir Conformance statement BaseStu3 = "CapabilityStatement" :param request: :param via_oauth: :param args: :param kwargs: :return: """ crosswalk = None resource_router = get_resourcerouter() parsed_url = urlparse(resource_router.fhir_url) call_to = None if parsed_url.path is not None: call_to = '{}://{}/{}/fhir/metadata'.format(parsed_url.scheme, parsed_url.netloc, 'v2' if v2 else 'v1') else: # url with no path call_to = '{}/{}/fhir/metadata'.format(resource_router.fhir_url, 'v2' if v2 else 'v1') pass_params = {'_format': 'json'} encoded_params = urlencode(pass_params) pass_params = prepend_q(encoded_params) r = request_call(request, call_to + pass_params, crosswalk) text_out = '' if r.status_code >= 300: logger.debug("We have an error code to deal with: %s" % r.status_code) return HttpResponse(json.dumps(r._content), status=r.status_code, content_type='application/json') text_in = get_response_text(fhir_response=r) text_out = json.loads(text_in, object_pairs_hook=OrderedDict) od = conformance_filter(text_out) # Append Security to ConformanceStatement security_endpoint = build_oauth_resource(request, v2, format_type="json") od['rest'][0]['security'] = security_endpoint # Fix format values od['format'] = ['application/json', 'application/fhir+json'] return JsonResponse(od)
def dataserver(): resource_router = get_resourcerouter() target_url = resource_router.fhir_url + "metadata" r = requests.get(target_url, params={"_format": "json"}, cert=backend_connection.certs(), verify=False) try: r.raise_for_status() except Exception: logger.exception("Failed to ping backend") return False return r.json()
def fhir_conformance(request, via_oauth=False, *args, **kwargs): """ Pull and filter fhir Conformance statement BaseStu3 = "CapabilityStatement" :param request: :param via_oauth: :param args: :param kwargs: :return: """ crosswalk = None resource_router = get_resourcerouter() call_to = FhirServerUrl() if call_to.endswith('/'): call_to += 'metadata' else: call_to += '/metadata' pass_params = {'_format': 'json'} encoded_params = urlencode(pass_params) pass_params = prepend_q(encoded_params) r = request_call(request, call_to + pass_params, crosswalk) text_out = '' host_path = get_host_url(request, '?') if r.status_code >= 300: logger.debug("We have an error code to deal with: %s" % r.status_code) return HttpResponse(json.dumps(r._content), status=r.status_code, content_type='application/json') rewrite_url_list = build_rewrite_list(crosswalk) text_in = get_response_text(fhir_response=r) text_out = post_process_request(request, host_path, text_in, rewrite_url_list) od = conformance_filter(text_out, resource_router) # Append Security to ConformanceStatement security_endpoint = build_oauth_resource(request, format_type="json") od['rest'][0]['security'] = security_endpoint # Fix format values od['format'] = ['application/json', 'application/fhir+json'] return JsonResponse(od)
def bfd_fhir_dataserver(v2=False): resource_router = get_resourcerouter() target_url = "{}{}".format(resource_router.fhir_url, "/v2/fhir/metadata" if v2 else "/v1/fhir/metadata") r = requests.get(target_url, params={"_format": "json"}, cert=backend_connection.certs(), verify=False, timeout=5) try: r.raise_for_status() except Exception: logger.exception("Failed to ping backend") return False return r.json()
def update(request, resource_type, id): """ Update FHIR Interaction Example client use in curl: curl -X PUT -H 'Content-Type: application/json' \ --data @test.json http://127.0.0.1:8000/fhir/Practitioner/12345 """ interaction_type = 'update' cx = get_crosswalk(request.user) # cx will be the crosswalk record or None rr = get_resourcerouter(cx) # Check if this interaction type and resource type combo is allowed. deny = check_access_interaction_and_resource_type(resource_type, interaction_type, rr) if deny: # If not allowed, return a 4xx error. return deny od = update_mongo_fhir( json.loads(request.body, object_pairs_hook=OrderedDict), 'fhir', resource_type, id) if od['code'] == 200: return HttpResponse(json.dumps(od['result'], indent=4), status=od['code'], content_type='application/json') else: oo = OrderedDict() oo['resourceType'] = 'OperationOutcome' oo['issue'] = [] issue = OrderedDict() if od['code'] == 500: issue['severity'] = 'fatal' issue['code'] = 'exception' issue['details'] = od['details'] if od['code'] == 400: issue['severity'] = 'fatal' issue['code'] = 'invalid' issue['details'] = od['details'] oo['issue'].append(issue) return HttpResponse(json.dumps(oo, indent=4), status=od['code'], content_type='application/json')
def test_FhirServerAuth(self): """ Check FHIR Server ClientAuth settings """ """ Test 1: pass nothing""" resource_router = get_resourcerouter() expected = {} expected['client_auth'] = resource_router.client_auth expected['cert_file'] = os.path.join(settings.FHIR_CLIENT_CERTSTORE, resource_router.cert_file) expected['key_file'] = os.path.join(settings.FHIR_CLIENT_CERTSTORE, resource_router.key_file) response = FhirServerAuth() self.assertDictEqual(response, expected)
def _create_user(self, username, password, fhir_id=settings.DEFAULT_SAMPLE_FHIR_ID, user_id_hash=test_hash, **extra_fields): """ Helper method that creates a user instance with `username` and `password` set. """ user = User.objects.create_user(username, password=password, **extra_fields) if Crosswalk.objects.filter(_fhir_id=fhir_id).exists(): Crosswalk.objects.filter(_fhir_id=fhir_id).delete() cw, _ = Crosswalk.objects.get_or_create(user=user, _fhir_id=fhir_id, _user_id_hash=user_id_hash, fhir_source=get_resourcerouter()) cw.save() return user
def save(self): if getattr(settings, 'REQUIRE_INVITE_TO_REGISTER', False): invitation_code = self.cleaned_data['invitation_code'] # make the invitation a invalid/spent. invite = Invitation.objects.get( code=str(invitation_code), valid=True) invite.valid = False invite.save() new_user = User.objects.create_user( username=self.cleaned_data['email'], first_name=self.cleaned_data['first_name'], last_name=self.cleaned_data['last_name'], password=self.cleaned_data['password1'], email=self.cleaned_data['email'], is_active=False) UserProfile.objects.create(user=new_user, organization_name=self.cleaned_data[ 'organization_name'], user_type="DEV", create_applications=True, password_reset_question_1=self.cleaned_data[ 'password_reset_question_1'], password_reset_answer_1=self.cleaned_data[ 'password_reset_answer_1'], password_reset_question_2=self.cleaned_data[ 'password_reset_question_2'], password_reset_answer_2=self.cleaned_data[ 'password_reset_answer_2'], password_reset_question_3=self.cleaned_data[ 'password_reset_question_3'], password_reset_answer_3=self.cleaned_data[ 'password_reset_answer_3'] ) # Attach the user to the default patient. Crosswalk.objects.create(user=new_user, fhir_source=get_resourcerouter(), fhir_id=settings.DEFAULT_SAMPLE_FHIR_ID) group = Group.objects.get(name='BlueButton') new_user.groups.add(group) # Send a verification email create_activation_key(new_user) return new_user
def get_and_update_user(user_info): """ Find or create the user associated with the identity information from the ID provider. Args: user_info: Identity response from the userinfo endpoint of the ID provider. Returns: A User Raises: KeyError: If an expected key is missing from user_info. KeyError: If response from fhir server is malformed. AssertionError: If a user is matched but not all identifiers match. """ subject = user_info['sub'] hicn = user_info['hicn'] hicn_hash = hash_hicn(hicn) # raises exceptions.NotFound: fhir_id, backend_data = match_hicn_hash(hicn_hash) try: user = User.objects.get(username=subject) assert user.crosswalk.user_id_hash == hicn_hash, "Found user's hicn did not match" assert user.crosswalk.fhir_id == fhir_id, "Found user's fhir_id did not match" return user except User.DoesNotExist: pass first_name = user_info.get('given_name', "") last_name = user_info.get('family_name', "") email = user_info.get('email', "") fhir_source = get_resourcerouter() user = create_beneficiary_record(username=subject, user_id_hash=hicn_hash, fhir_id=fhir_id, fhir_source=fhir_source, first_name=first_name, last_name=last_name, email=email) return user
def create_token_no_fhir(self, first_name, last_name): passwd = '123456' user = self._create_user(first_name, passwd, first_name=first_name, last_name=last_name, email="%s@%s.net" % (first_name, last_name)) Crosswalk.objects.get_or_create(user=user, fhir_source=get_resourcerouter()) # create a oauth2 application and add capabilities application = self._create_application("%s_%s_test" % (first_name, last_name), user=user) application.scope.add(self.read_capability, self.write_capability) # get the first access token for the user 'john' return self._get_access_token(first_name, passwd, application, scope='read')
def test_check_rt_controls(self): """ Get SupportedResourceType from resource_type """ """ Test 1: Good Resource """ resource_type = 'Patient' rr = get_resourcerouter() response = check_rt_controls(resource_type) expect = SupportedResourceType.objects.get(resourceType=resource_type, fhir_source=rr) # print("Resource:", response.id,"=", expect.id) self.assertEquals(response.id, expect.id) """ Test 2: Bad Resource """ resource_type = 'BadResource' response = check_rt_controls(resource_type) self.assertEquals(response, None)
def create_token_no_fhir(self, first_name, last_name): passwd = '123456' user = self._create_user(first_name, passwd, first_name=first_name, last_name=last_name, email="%s@%s.net" % (first_name, last_name)) Crosswalk.objects.get_or_create( user=user, user_id_hash= "139e178537ed3bc486e6a7195a47a82a2cd6f46e911660fe9775f6e0dd3f1130", fhir_source=get_resourcerouter()) # create a oauth2 application and add capabilities application = self._create_application("%s_%s_test" % (first_name, last_name), user=user) application.scope.add(self.read_capability, self.write_capability) # get the first access token for the user 'john' return self._get_access_token(first_name, passwd, application)
def create_token(self, first_name, last_name): passwd = '123456' user = self._create_user(first_name, passwd, first_name=first_name, last_name=last_name, email="%s@%s.net" % (first_name, last_name)) if Crosswalk.objects.filter(_fhir_id=settings.DEFAULT_SAMPLE_FHIR_ID).exists(): Crosswalk.objects.filter(_fhir_id=settings.DEFAULT_SAMPLE_FHIR_ID).delete() Crosswalk.objects.create(user=user, fhir_id=settings.DEFAULT_SAMPLE_FHIR_ID, user_id_hash=self.test_hash, fhir_source=get_resourcerouter()) # create a oauth2 application and add capabilities application = self._create_application("%s_%s_test" % (first_name, last_name), user=user) application.scope.add(self.read_capability, self.write_capability) # get the first access token for the user 'john' return self._get_access_token(first_name, passwd, application)