Produced by Araxis Merge on 10/3/2017 11:16:07 AM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
| # | Location | File | Last Modified |
|---|---|---|---|
| 1 | ehmp.zip\ehmp\ehmp\product\tests\acceptance-tests\features_leipr | F9_Access_Audit_Ctrl.feature | Tue Dec 15 14:05:18 2015 UTC |
| 2 | ehmp.zip\ehmp\ehmp\product\tests\acceptance-tests\features_leipr | F9_Access_Audit_Ctrl.feature | Tue Oct 3 14:26:17 2017 UTC |
| Description | Between Files 1 and 2 |
|
|---|---|---|
| Text Blocks | Lines | |
| Unchanged | 19 | 396 |
| Changed | 18 | 46 |
| Inserted | 0 | 0 |
| Removed | 0 | 0 |
| Whitespace | |
|---|---|
| Character case | Differences in character case are significant |
| Line endings | Differences in line endings (CR and LF characters) are ignored |
| CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
| 1 | @AccessAud itControl | |
| 2 | Feature: F 9 Authenti cation & A udit Contr ol | |
| 3 | Initial ac cess contr ol to the VistA Exch ange patie nt record retrieval API includ ing: authe ntication of the use r and audi t of each request an d data ret urned for that reque st. | |
| 4 | ||
| 5 | Background : | |
| 6 | Given clea r user log in info | |
| 7 | And number of audit logs is kn own | |
| 8 | ||
| 9 | @US452 | |
| 10 | Scenario: Request to MVI with valid DFN/ Site Code combinatio n is audit ed | |
| 11 | Given user logs in with va lid creden tials | |
| 12 | And a DFN "100022" a nd site co de " REDACTED " combinat ion | |
| 13 | And number of mvi au dit logs i s known fo r dfn "100 022" and s itecode " REDACTED " | |
| 14 | When a request i s made to MVI with t hat combin ation | |
| 15 | Then t he respons e is succe ssful | |
| 16 | And the au dit log sa ves the mv i request data for " 100022" an d " REDACTED " | |
| 17 | ||
| 18 | ||
| 19 | @US452 | |
| 20 | Scenario: Request to MVI with invalid DF N/Site Cod e combinat ion is aud ited | |
| 21 | Given user logs in with va lid creden tials | |
| 22 | And a DFN "inval id" and si te code "i nvalid" co mbination | |
| 23 | And nu mber of mv i audit lo gs is know n for dfn "invalid" and siteco de "invali d" | |
| 24 | When a request i s made to MVI with t hat combin ation | |
| 25 | Then t he respons e is succe ssful | |
| 26 | And th e audit lo g saves th e mvi requ est data f or "invali d" and "in valid" | |
| 27 | ||
| 28 | ||
| 29 | @US452 | |
| 30 | Scenario: Request to MVI with valid ICN is audited | |
| 31 | Given user logs in with va lid creden tials | |
| 32 | And a "valid" IC N "E1" | |
| 33 | And nu mber of mv i audit lo gs is know n for icn "E1" | |
| 34 | When a request i s made to MVI with t hat ICN | |
| 35 | Then t he respons e is succe ssful | |
| 36 | And th e audit lo g saves th e mvi requ est ICN da ta for "E1 " | |
| 37 | ||
| 38 | ||
| 39 | @US452 | |
| 40 | Scenario: Request to MVI with invalid IC N is audit ed | |
| 41 | Given user logs in with va lid creden tials | |
| 42 | And a "invalid" ICN "E_INV ALID" | |
| 43 | And nu mber of mv i audit lo gs is know n for icn "E_INVALID " | |
| 44 | When a request i s made to MVI with t hat ICN | |
| 45 | Then t he respons e is succe ssful | |
| 46 | And th e audit lo g saves th e mvi requ est ICN da ta for "E_ INVALID" | |
| 47 | ||
| 48 | @US449 | |
| 49 | Scenario: Require us er authent ication to allow acc ess to the VistA Exc hange pati ent record retrieval API | |
| 50 | #REDACTED@ kodak REDA CTED | |
| 51 | Gi ven user l ogs in wit h username " REDACTED ", passwor d " REDACTED ", and sit ecode " REDACTED " | |
| 52 | Wh en an auth client re quests the patient r esource di rectory fo r patient with id "E 1" | |
| 53 | Th en the end point resp onds back with a jso n object | |
| 54 | And a successful authentic ated respo nse is ret urned with in "30" se conds | |
| 55 | #And a n entry is added to the audit log | |
| 56 | ||
| 57 | ||
| 58 | @US449 | |
| 59 | Scenario O utline: Us er attempt s to acces s the API with inval id credent ials | |
| 60 | Gi ven user l ogs in wit h username "<usernam e>", passw ord "<pass word>", an d sitecode "<sitecod e>" | |
| 61 | When a n auth cli ent reques ts the pat ient resou rce direct ory for pa tient with id "E1" | |
| 62 | Then t he endpoin t responds back with an error message | |
| 63 | And an unauthori zed respon se is retu rned withi n "10" sec onds | |
| 64 | #And a n entry is added to the audit log | |
| 65 | ||
| 66 | Exampl es: | |
| 67 | |usern ame|passwo rd |sitec ode | | |
| 68 | |badui d |REDACT ED |REDAC TED| | |
| 69 | |REDAC TED |badp w |RED ACTED| | |
| 70 | | REDACTED | REDACTED |badsite | | |
| 71 | ||
| 72 | @US449 | |
| 73 | Scenario: User attem pts to acc ess the AP I without login info rmation | |
| 74 | Wh en a clien t requests the patie nt resourc e director y for pati ent with i d "E1" wit hout crede ntials | |
| 75 | Then t he endpoin t responds back with an error message | |
| 76 | And an unauthori zed respon se is retu rned withi n "10" sec onds | |
| 77 | #And a n entry is added to the audit log | |
| 78 | ||
| 79 | @US449 | |
| 80 | Scenario O utline: Us er can acc ess data f rom multip le VistA h osts after single si gnon | |
| 81 | Gi ven user l ogs in wit h username "<usernam e>", passw ord "<pass word>", an d sitecode "<sitecod e>" | |
| 82 | # user reque sts data f rom primar y vista ho st | |
| 83 | Wh en an auth client re quests the patient r esource di rectory fo r patient with id "E 1" | |
| 84 | Th en the end point resp onds back with a jso n object | |
| 85 | And a successful authentic ated respo nse is ret urned with in "30" se conds | |
| 86 | # user requests data from secondary vista host | |
| 87 | When a n auth cli ent reques ts the pat ient resou rce direct ory for pa tient with id "E2" | |
| 88 | Th en the end point resp onds back with a jso n object | |
| 89 | And a successful authentic ated respo nse is ret urned with in "30" se conds | |
| 90 | # user requests data from both vista hosts | |
| 91 | When a n auth cli ent reques ts the pat ient resou rce direct ory for pa tient with id "E101" | |
| 92 | Th en the end point resp onds back with a jso n object | |
| 93 | And a successful authentic ated respo nse is ret urned with in "30" se conds | |
| 94 | ||
| 95 | Examples: | |
| 96 | |usern ame |passw ord |sitecode | | |
| 97 | |REDAC TED |REDACTE D |R EDACTED | | |
| 98 | |REDAC TED |REDACTE D |R EDACTED | | |
| 99 | ||
| 100 | ||
| 101 | @US449 | |
| 102 | Scenario: Require us er authent ication to command a ll endpoin ts | |
| 103 | Gi ven a pati ent with i d "E1" has not been synced | |
| 104 | Gi ven user l ogs in wit h username " REDACTED ", passwor d "badpass word", and sitecode "doesnotex ist" | |
| 105 | When a n auth cli ent comman ds clear c ache for p atient wit h id "E1" | |
| 106 | Then t he endpoin t responds back with an error message | |
| 107 | And an unauthori zed respon se is retu rned withi n "10" sec onds | |
| 108 | ||
| 109 | @US449 | |
| 110 | Scenario O utline: Re quire user authentic ation to a llow acces s to all e ndpoints | |
| 111 | Gi ven user l ogs in wit h username " REDACTED ", passwor d "badpass word", and sitecode "doesnotex ist" | |
| 112 | When a n authenti cated clie nt request s "<endpoi nt>" for p atient wit h id "E1" | |
| 113 | Then t he endpoin t responds back with an error message | |
| 114 | And an unauthori zed respon se is retu rned withi n "10" sec onds | |
| 115 | ||
| 116 | Examples: | |
| 117 | |e ndpoint | | |
| 118 | |v ital | | |
| 119 | |a llergy | | |
| 120 | |l ab | | |
| 121 | |p atient | | |
| 122 | |r adiology | | |
| 123 | |m ed | | |
| 124 | ||
| 125 | @US449 @US 449_allerg ysummary | |
| 126 | Scenario:R equire use r authenti cation to allow acce ss for all ergy summa ry | |
| 127 | Given a patient with id "E 1" has not been sync ed | |
| 128 | Given user logs in w ith userna me " REDACTED ", passwor d "badpass word", and sitecode "doesnotex ist" | |
| 129 | When a client re quests an allergy su mmary for patient wi th id "E1" | |
| 130 | Then t he endpoin t responds back with an error message | |
| 131 | And an unauthori zed respon se is retu rned withi n "10" sec onds | |
| 132 | ||
| 133 | @US449 @US 449_FHIR | |
| 134 | Scenario O utline: Re quire user authentic ation to a llow acces s to all f hir endpoi nts | |
| 135 | Given user logs in w ith userna me " REDACTED ", passwor d "badpass word", and sitecode "doesnotex ist" | |
| 136 | When I search fo r JSON "<e ndpoint>" Resources with a "id entifier" of "E1" | |
| 137 | Then t he endpoin t responds back with an error message | |
| 138 | And an unauthori zed respon se is retu rned withi n "10" sec onds | |
| 139 | ||
| 140 | Examples: | |
| 141 | |endpo int | | |
| 142 | |Patie nt | | |
| 143 | |Obser vation | | |
| 144 | |Adver seReaction | | |
| 145 | |Diagn osticRepor t | | |
| 146 | ||
| 147 | @US451 @US 451_on | |
| 148 | Scenario: Data retri eval optio n is turne d on | |
| 149 | Given user logs in w ith userna me " REDACT ", passwor d " REDACTED ", and sit ecode " REDACTED " | |
| 150 | #Given a patient has not b een synced | |
| 151 | And a patient wi th id "E1" has not b een synced | |
| 152 | And da ta retriev al option is turned on | |
| 153 | #When a client r equests pa tient data | |
| 154 | When a n authenti cated clie nt request s "vital" for patien t with id "E1" | |
| 155 | And a successful response is returne d within " 60" second s | |
| 156 | Then t he audit l og saves s ync reques t data for patient " E1" with d ata | |
| 157 | #vista instance, data type retrieved , patient id, date, time delta (how long did fetch take), nu mber of da ta items ( record siz e), and da ta | |
| 158 | | field | value | | |
| 159 | | vistAIns tance | REDACTED | | |
| 160 | | dataType | vital | | |
| 161 | | patientIde ntifier | E1 | | |
| 162 | | dataItems | 7 | | |
| 163 | ||
| 164 | @US451 @US 451_off | |
| 165 | Scenario: Data retri eval optio n is turne d off | |
| 166 | Given user logs in w ith userna me " REDACT ", passwor d " REDACTED ", and sit ecode " REDACTED " | |
| 167 | #Given a patient has not b een synced | |
| 168 | And a patient wi th id "E1" has not b een synced | |
| 169 | And da ta retriev al option is turned off | |
| 170 | #When a client r equests pa tient data | |
| 171 | When a n authenti cated clie nt request s "vital" for patien t with id "E1" | |
| 172 | And a successful response is returne d within " 60" second s | |
| 173 | Then t he audit l og saves s ync reques t data for patient " E1" withou t data | |
| 174 | #vista instance, data type retrieved , patient id, date, time delta (how long did fetch take), nu mber of da ta items ( record siz e), and da ta | |
| 175 | | field | value | | |
| 176 | | vistAIns tance | REDACTED | | |
| 177 | | dataType | vital | | |
| 178 | | patientIde ntifier | E1 | | |
| 179 | | dataItems | 7 | | |
| 180 | ||
| 181 | ||
| 182 | @US450 @US HERE | |
| 183 | Scenario: User's att empt to au thenticate with vali d credenti als is aud ited | |
| 184 | Gi ven the so ap cache i s cleared | |
| 185 | Gi ven user l ogs in wit h username " REDACT ", passwor d " REDACTED ", and sit ecode " REDACTED " | |
| 186 | An d a patien t with id "E1" has b een synced | |
| 187 | An d number o f user aud it logs is known for " REDACT " | |
| 188 | When a n authenti cated clie nt request s "vital" for patien t with id "E1" | |
| 189 | Then a successfu l authenti cated resp onse is re turned wit hin "30" s econds | |
| 190 | And th e endpoint responds back with a json obj ect | |
| 191 | And the au thenticati on request is audite d as "true " for " REDACT " | |
| 192 | ||
| 193 | ||
| 194 | @US450 | |
| 195 | Scenario: User's att empt to au thenticate with inva lid creden tials is a udited | |
| 196 | Gi ven the so ap cache i s cleared | |
| 197 | Gi ven user l ogs in wit h username "badname" , password "badpassw ord", and sitecode " badsitecod e" | |
| 198 | And a patient wi th id "E1" has been synced | |
| 199 | And nu mber of us er audit l ogs is kno wn for "ba dname" | |
| 200 | When a n authenti cated clie nt request s "vital" for patien t with id "E1" | |
| 201 | Then t he endpoin t responds back with an error message | |
| 202 | And an unauthori zed respon se is retu rned withi n "10" sec onds | |
| 203 | And th e authenti cation req uest is au dited as " false" for "badname" | |
| 204 | ||
| 205 | ||
| 206 | @US450 | |
| 207 | Scenario O utline: Us er's reque st for pat ient infor mation is audited | |
| 208 | Gi ven user l ogs in wit h username " REDACTED ", passwor d " REDACTED ", and sit ecode " RED A CTED " | |
| 209 | An d a patien t with id "E1" has b een synced | |
| 210 | When a n authenti cated clie nt request s "<dataRe quest>" fo r patient with id "E 1" | |
| 211 | Then a successfu l authenti cated resp onse is re turned wit hin "30" s econds | |
| 212 | And th e endpoint responds back with a json obj ect | |
| 213 | And the au dit log sa ves dataty pe "<dataR equest>" f or patient "E1" for " REDACTED " | |
| 214 | ||
| 215 | Exampl es: | |
| 216 | |dataR equest | | |
| 217 | |vital | | |
| 218 | |aller gy | | |
| 219 | |lab | | |
| 220 | ||
| 221 |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.