🔥 Crucible web application for testing FHIR servers
A simple Rails app for evaluating FHIR.
git clone https://github.com/fhir-crucible/crucible.git
docker-compose build
docker-compose up
http://localhost:3000
rvm install 2.5
brew install mongodb
gem install bundler
brew install node
npm install -g bower
git clone https://github.com/fhir-crucible/crucible.git
bundle install
bower install
mongod
bundle exec rails server
RAILS_ENV=development bin/delayed_job start
bundle exec rake test
brew install phantomjs
npm install -g istanbul
bundle exec rake teaspoon
In order to authenticate a server with Crucible, the server must be capable of supporting the SMART On FHIR authorization workflows.
The server to be tested must declare their compliance with the SMART authorization specification by including security and extension elements in the conformance.
{
"resourceType": "Conformance",
"rest": [{
"security": {
"service": [
{
"coding": [
{
"system": "http://hl7.org/fhir/restful-security-service",
"code": "SMART-on-FHIR"
}
],
"text": "OAuth2 using SMART-on-FHIR profile (see http://docs.smarthealthit.org)"
}
],
"extension": [{
"url": "http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris",
"extension": [{
"url": "token",
"valueUri": "https://my-server.org/token"
},{
"url": "authorize",
"valueUri": "https://my-server.org/authorize"
}]
}],
Once this code has been included in the conformance, visiting the server's page in Crucible should display a red "padlock" icon in the upper left hand corner. If the padlock doesn't show up, you may have to refresh the conformance by going to the "Conformance" tab and clicking on the "Refresh" button, then refresh the page.
In order to use the FHIR server, you must first register a client with the FHIR server. The process for doing this varies depending on the server being accessed.
Clicking on the padlock icon brings up the "Authorize" popup. Here, you can add authorization details about the server being tested.
Patient/*.read
should be selected, to provide access to the requested patient and all resources associated with it. If using the EHR launch sequence, or otherwise not picking a patient through the UI, you should select adequate scopes for the resources being requested. fhir_complete
or user/*.read
, if available, are good choices. For Argonaut tests, Crucible only requires read permissions, as nothing is written to the FHIR server.Once the requisite details have been entered into the popup, scroll to the bottom and click "Authorize App". This should take you to the FHIR server's authorization page, where you can complete the process on the server side.
Once authorization has been completed successfully, you will see a green notice that says "Server successfully authorized", and the lock icon will turn green, indicating a valid access token has been issued. At this point, you can run any tests requiring authorization.
If the access token expires, as defined by the date passed by the server when the token was issued, Crucible will try to use a refresh token (if present) to request a new access token.
If no refresh token is available, or the refresh attempt fails, the lock icon will revert to red, showing that the server is no longer authorized. You will have to complete the authorization process again.
Copyright 2015-2019 The MITRE Corporation
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.