search

bluehalo / node-fhir-server-core

An Open Source secure REST implementation for the HL7 FHIR Specification. For API documentation, please see https://github.com/Asymmetrik/node-fhir-server-core/wiki.
https://asymmetrik.com/healthcare
MIT License
391 stars 120 forks source link

SOF scope middleware capitalization issue #229

Closed dwwinters closed 4 years ago

dwwinters commented 4 years ago

Do you want to request a feature, report a bug, or improve documentation?

Report a bug

If you are reporting a bug?

What is the current behavior?

Pretty certain there is an issue with this line of the SMART on FHIR scope middleware. Since the profile names are all lowercase, scope checking will fail for the case of resources with more than one capital letter in their name (e.g., AllergyIntolerance). So the current code will convert "foobar" to "Foobar" even though it should be "FooBar".

What is the expected behavior?

Requested scopes for resources with more than one capital letter in their name should pass the scope checker if the resource is within the requested and granted scopes.

What are the steps to reproduce?

Authenticate to server via SMART on FHIR strategy and request scope for a resource with more than one capital letter in its name. Then make a FHIR call for that resource. Scope checking should incorrectly fail.

What OS are you using and what version of node.js and @asymmetrik/node-fhir-server-core are you running?

node.js v13.10 node-fhir-server-core v2.0.4

dwwinters commented 4 years ago

My mistake (too early in the morning). Realized that the profile keys are named in the configuration and that capitalization matters there. I should have paid closer attention to your MongoDB implementation. Thanks for the great work you're contributing to the community!