def _update_api_settings(self):
preset = AUTH_PRESETS[self.cleaned_data['auth_preset']]
self.instance.token_url = get_endpoint_url(self.instance.url,
preset.token_endpoint)
self.instance.refresh_url = get_endpoint_url(self.instance.url,
preset.refresh_endpoint)
self.instance.pass_credentials_in_header = preset.pass_credentials_in_header
def put(self, endpoint, data=None, json=None, *args, **kwargs):
kwargs.setdefault('headers', {
'Content-type': 'application/json',
'Accept': 'application/json'
})
url = get_endpoint_url(self.base_url, endpoint)
return self.send_request('PUT', url, *args,
data=data, json=json, **kwargs)
def get_search_result():
bundle_id = str(uuid4())
return {
"resourceType": "Bundle",
"id": bundle_id,
"meta": {
"lastUpdated": "2021-01-14T07:54:36.100+00:00"
},
"type": "searchset",
"total": 2,
"link": [
{
"relation": "self",
"url": get_endpoint_url(BASE_URL, '/Patient?birthdate=1990-01-01'),
},
# Keeping this here for reference. This is how pagination
# works by default in HAPI FHIR. We can use any GET params
# way we want, as long as the URL we provide here will
# return a Bundle with the next page of search results.
# {
# "relation": "next",
# "url": f'{BASE_URL}?'
# f"_getpages={bundle_id}"
# "&_getpagesoffset=20"
# "&_count=20"
# "&_bundletype=searchset"
# }
],
"entry": [
{
"fullUrl": get_endpoint_url(BASE_URL, f'/Patient/{FOO_CASE_ID}'),
"resource": FOO_PATIENT,
"search": {
"mode": "match"
}
}, {
"fullUrl": get_endpoint_url(BASE_URL, f'/Patient/{BAR_CASE_ID}'),
"resource": BAR_PATIENT,
"search": {
"mode": "match"
}
}
]
}
def get_session(self):
def set_last_token(token):
# Used by OAuth2Session
self.last_token = token
if not self.last_token:
client = LegacyApplicationClient(client_id=self.client_id)
session = OAuth2Session(client=client)
token_url = get_endpoint_url(
self.base_url,
self.api_settings.token_endpoint,
)
if self.api_settings.pass_credentials_in_header:
auth = HTTPBasicAuth(self.client_id, self.client_secret)
self.last_token = session.fetch_token(
token_url=token_url,
username=self.username,
password=self.password,
auth=auth,
)
else:
self.last_token = session.fetch_token(
token_url=token_url,
username=self.username,
password=self.password,
client_id=self.client_id,
client_secret=self.client_secret,
)
# Return session that refreshes token automatically
refresh_url = get_endpoint_url(
self.base_url,
self.api_settings.refresh_endpoint,
)
refresh_kwargs = {
'client_id': self.client_id,
'client_secret': self.client_secret,
}
return OAuth2Session(self.client_id,
token=self.last_token,
auto_refresh_url=refresh_url,
auto_refresh_kwargs=refresh_kwargs,
token_updater=set_last_token)
def test_search(self):
# Tests filtering by a non-indexed case property
url = get_endpoint_url(BASE_URL, '/Patient?birthdate=1990-01-01')
response = requests.get(url, auth=(API_USERNAME, API_PASSWORD))
# Some things will be different between the expected search
# result and the actual response. Use `json_diff()` to confirm
# expected differences, and that everything else is the same.
diffs = sorted([diff.path for diff in json_diff(response.json(),
get_search_result())])
self.assertEqual(diffs, [
'id', # a different UUID
'meta.lastUpdated', # a different timestamp
])
def test_search(self):
url = reverse("fhir_search", args=[DOMAIN, FHIR_VERSION, "Observation"]) + f"?patient_id={PERSON_CASE_ID}"
response = self.client.get(url)
self.assertEqual(
response.json(),
{
"resourceType": "Bundle",
"type": "searchset",
"entry": [
{
"fullUrl": get_endpoint_url(BASE_URL, f'/Observation/{TEST_CASE_ID}/'),
"search": {
"mode": "match"
}
}
]
}
)
def get(self, endpoint, *args, **kwargs):
kwargs.setdefault('headers', {'Accept': 'application/json'})
kwargs.setdefault('allow_redirects', True)
url = get_endpoint_url(self.base_url, endpoint)
return self.send_request('GET', url, *args, **kwargs)
def delete(self, endpoint, **kwargs):
kwargs.setdefault('headers', {'Accept': 'application/json'})
url = get_endpoint_url(self.base_url, endpoint)
return self.send_request('DELETE', url, **kwargs)
def test_auth_bad_resource(self):
url = get_endpoint_url(BASE_URL, f'/Patient/{BAZ_CASE_ID}')
with self.assertRaisesRegex(requests.HTTPError, '[Nn]ot found'):
requests.get(url, auth=(API_USERNAME, API_PASSWORD))
def test_auth_bad_username(self):
url = get_endpoint_url(BASE_URL, f'/Patient/{FOO_CASE_ID}')
with self.assertRaisesRegex(requests.HTTPError, '[Ff]orbidden'):
# Error should be the same as for bad password: It should
# not reveal that the user does not exist.
requests.get(url, auth=('*****@*****.**', API_PASSWORD))
def test_auth_bad_password(self):
# Authentication should use the same code as existing API
url = get_endpoint_url(BASE_URL, f'/Patient/{FOO_CASE_ID}')
with self.assertRaisesRegex(requests.HTTPError, '[Ff]orbidden'):
requests.get(url, auth=(API_USERNAME, 'bad_password'))
def test_get(self):
url = get_endpoint_url(BASE_URL, f'/Patient/{FOO_CASE_ID}')
response = requests.get(url, auth=(API_USERNAME, API_PASSWORD))
self.assertEqual(response.json(), FOO_PATIENT)
def test_no_urls_given(self):
with self.assertRaises(ValueError):
get_endpoint_url(None, None)
def test_trailing_slash(self):
url = get_endpoint_url('https://example.com/foo', '')
self.assertEqual(url, 'https://example.com/foo/')
def test_base_url_none(self):
url = get_endpoint_url(None, 'https://example.com/foo')
self.assertEqual(url, 'https://example.com/foo')
