FI-3039 Add support for separately returned granular scopes (#196)

inferno-framework · Sep 5, 2024 · 303315d · 303315d
1 parent 5ae5c1d
commit 303315d
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 4 deletions.
diff --git a/lib/us_core_test_kit/custom_groups/granted_granular_scopes_test.rb b/lib/us_core_test_kit/custom_groups/granted_granular_scopes_test.rb
@@ -13,18 +13,30 @@ class GrantedGranularScopesTest < Inferno::Test
           .options[:required_scopes]
           .map { |scope| scope[scope.index('/') + 1, scope.length] }
 
+      required_granular_regexes = 
+        required_granular_scopes.flat_map do |scope|
+          [ 
+            Regexp.new(Regexp.quote(scope).gsub(".rs", ".r?s")),
+            Regexp.new(Regexp.quote(scope).gsub(".rs", ".rs?"))
+          ]
+        end
+
       received_granular_scopes =
         received_scopes
           .split(' ')
           .select { |scope| scope.include? '?' }
           .map { |scope| scope[scope.index('/') + 1, scope.length] }
 
-      missing_scopes = required_granular_scopes - received_granular_scopes
+      missing_scopes = 
+        required_granular_regexes
+          .reject do |required_scope|
+            received_granular_scopes.any? { |received_scope| received_scope.match?(required_scope) }
+          end
 
-      wrapped_missing_scopes = missing_scopes.map { |scope| "`#{scope}`" }
+      wrapped_missing_scopes = missing_scopes.map { |scope| "`#{scope.source}`" }
 
       assert missing_scopes.empty?,
-             "The following granular scopes were not granted: #{wrapped_missing_scopes.to_sentence}"
+             "Granular scopes matching the following were not matched: #{wrapped_missing_scopes.to_sentence}"
 
       granular_scope_resource_types =
         required_granular_scopes

diff --git a/spec/us_core/granted_granular_scopes_test_spec.rb b/spec/us_core/granted_granular_scopes_test_spec.rb
@@ -34,9 +34,21 @@ def run(runnable, inputs = {})
     expect(result.result).to eq('pass')
   end
 
+  it 'passes if server returns read and search scopes separately' do
+    received_scopes =
+      required_scopes
+        .map { |scope| scope.gsub('patient/', 'user/') }
+        .flat_map { |scope| [scope.gsub('.rs', '.r'), scope.gsub('.rs', '.s')] }
+        .join(' ')
+        .concat(' launch/patient openid')
+
+    result = run(test, received_scopes:)
+    expect(result.result).to eq('pass')
+  end
+
   it 'fails if not all required scopes were received' do
     received_scopes = required_scopes.dup
-    missing_scope = received_scopes.pop.delete_prefix('patient/')
+    missing_scope = Regexp.quote(received_scopes.pop.split('?').last)
 
     result = run(test, received_scopes: received_scopes.join(' '))