Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
  • Records
  • Legit.Health Plus Version 1.1.0.0
    • Index
    • Overview and Device Description
    • Information provided by the Manufacturer
    • Design and Manufacturing Information
    • GSPR
    • Benefit-Risk Analysis and Risk Management
    • Product Verification and Validation
    • Design History File
      • Requirements
      • Test plans
        • PLAN-001 Users submit their credentials to receive an access token
        • PLAN_002 Token expiration in user authentication process
        • PLAN_003 Account lockout for user authentication
        • PLAN_004 Enforcing HTTPS protocol for API communications
        • PLAN_005 Valid SSL/TLS certificates
        • PLAN_006 Rate limiting for anonymous users
        • PLAN_007 Rate limiting for authenticated users
        • PLAN_008 Logging and monitoring of rate limit violations
        • PLAN_009 Validation of request and response data against FHIR schemas
        • PLAN_010 Base64 encoded images are accepted
        • PLAN_011 Non-Base64 encoded images are rejected
        • PLAN_012 Diagnosis support endpoint accepts multiple images
        • PLAN_013 Improved accuracy with multiple images
        • PLAN_014: Password hashing during user registration
        • PLAN_015: Password hash comparison during login
        • PLAN_016: Registration of a new user by authorized individuals
        • PLAN_017 Specification of body zone for scoring systems requiring zone factor
        • PLAN_018 The device's API maintains an uptime of at least 99% over a one-month period
        • PLAN_019 API penetration testing with Intruder.io
      • Test runs
      • Review meetings
      • REL-001 Version 1.1.0.0
    • Post-Market Surveillance
  • Legit.Health Plus Version 1.1.0.1
  • Licenses and accreditations
  • Applicable Standards and Regulations
  • Grants
  • Public tenders
  • Legit.Health Plus Version 1.1.0.0
  • Design History File
  • Test plans
  • PLAN_016: Registration of a new user by authorized individuals

PLAN_016: Registration of a new user by authorized individuals

Description​

This test verifies that Legit.Health personnel with authorized access to the user account management system can register new users of the device API using the provided command line application (CLI) within a restricted environment.

System requirements​

This test can be executed with standard hardware.

Preconditions​

  • A virtual instance has been set up and launched on the appropriate cloud provider.
  • The code repository of the user management system is cloned in the file system of the cloud instance.
  • The virtual instance has Python version 10 or higher installed.
  • A Python virtual environment (version 10 or higher) has been set up, and all necessary dependencies for the user management system have been installed successfully in this environment.

Input data​

The sample user data to be used for this test is the following:

  • Email: testuser123@legit.health
  • Institution: Legit.Test
  • Institution segment: Clinical support
  • Password: test.passWord@123

Steps​

  1. Connect to the virtual instance with your valid access keys, navigate to the user account manager repository, and run the CLI entrypoint file in the terminal using the command:
    python -m console.security_command
  2. From the options displayed by the application, enter the number corresponding to "Create a new institution" and follow the prompts. When asked, enter the name of the user's institution and the institution segment.
  3. After creating the institution successfully, enter "y" to proceed. The application will return to the home screen and display the available options again.
  4. Select the menu option to list all registered institutions and remember the slug associated with the institution you just created.
  5. Back to the home menu, enter the number for "Create a new user" and follow the prompts to specify the user's email address, password, and the institution's slug you have just read.
  6. Wait until the user is successfully created in the database, then return to the start menu and select the option to list all registered users.
  7. To revert everything to its original state, return to the start menu and choose the option to delete a user. Enter the username (email) and confirm the operation by typing "Confirm".
  8. After the user is deleted, select the option to delete an institution. Enter the institution's slug and type "Confirm".
  9. Use the appropriate console commands to check the lists of institutions and users.

Expected outcome​

  • A welcome message along with a menu of options is displayed on the terminal.
  • The program shows a message confirming the successful creation of the new institution and displays the ID assigned to it in the database.
  • Once the user has been successfully registered, the console temporarily displays the username, password, and ID of the user's entry in the database, allowing you to copy and save this information securely.
  • When selecting the option to list users, the console displays a list that includes the details of the user you just registered.
  • The new institution and user you created during the test do not appear in the lists of registered institutions and users.

Verifies software requirements​

  • REQ_005

Risk control for​

    1. An organisation that is not a licensed care provider gets access to the device
    1. Non-compliance with the General Safety & Performance Requirements (GSPR)
    1. Data breach or unauthorized access

Signature meaning

The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:

  • Tester: JD-017, JD-009, JD-004
  • Approver: JD-005
Previous
PLAN_015: Password hash comparison during login
Next
PLAN_017 Specification of body zone for scoring systems requiring zone factor
  • Description
  • System requirements
  • Preconditions
  • Input data
  • Steps
  • Expected outcome
  • Verifies software requirements
  • Risk control for
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI LABS GROUP S.L.)