Telefonica test cases proposal

[fernandopradocabrillo]

What type of PR is this?

Add one of the following kinds:

• tests

What this PR does / why we need it:

Include an alternative proposal from Telefónica for the Sim swap ATP

Which issue(s) this PR fixes:

Fixes #63

Special notes for reviewers:

Alternative proposal to #68 from @trehman-gsma
Specifies a similar format but different enough to be placed in a new PR so that it can be easily reviewed.

Changelog input

Created /code/Test_definitions/check_simswap.feature containing test cases for POST /check

Created /code/Test_definitions/retrieve_simswap_date.feature containing test cases for POST /retrieve-date

[bigludo7]

Thanks @fernandopradocabrillo
Adding https://github.com/patrice-conil in the loop

What about one additional test for the check when the msisdn obtained from the network in the authorization first step (and passed in the token) is distinct from the one we get in the POST payload ?

[fernandopradocabrillo]

Thanks @fernandopradocabrillo Adding https://github.com/patrice-conil in the loop

What about one additional test for the check when the msisdn obtained from the network in the authorization first step (and passed in the token) is distinct from the one we get in the POST payload ?

@bigludo7
Regarding that, I think we should add the error explicitly in the API, as we do in other APIs, and then add the test case as well, I agree.

Phone number cannot be deducted from access token context.(`{"code": "SIM_SWAP.INVALID_TOKEN_CONTEXT","message": "Phone number cannot be deducted from access token context"}`)

[fernandopradocabrillo]

@bigludo7
Approved the PR, seems ok from my side.

For the test cases I'm considering the following:

1. The phoneNumber in the request body doesn't match the one in the access_token
2. The phoneNumber is not provided in the request body and cannot be deducted from the access token
3. The phoneNumber is provided in the request body but cannot be deducted from the access token

sounds good?

[bigludo7]

@bigludo7 Approved the PR, seems ok from my side.

For the test cases I'm considering the following:

1. The phoneNumber in the request body doesn't match the one in the access_token
2. The phoneNumber is not provided in the request body and cannot be deducted from the access token
3. The phoneNumber is provided in the request body but cannot be deducted from the access token

sounds good?

Yes very good. Thanks

[fernandopradocabrillo]

Included scenarios for HTTP 403 invalid token context

[bigludo7]

LGFM
Thanks @fernandopradocabrillo

[trehman-gsma]

Hi @fernandopradocabrillo,

Sorry I didn't see this earlier (notifications landed in an unmonitored email folder - my bad). Feedback below:

1 - For checkSimSwap, should we include a test case where phone number is missing? The retrieveSimSwapDate feature file has the test case already (@retrieveSimSwapDate_E19.102_NoPhoneNumber) so it aligns.

Sample:

    @checkSimSwap_EN.NNN_NoPhoneNumber
    Scenario: Check that the response shows an error when the phone number is missing
        Given I want to test "checkSimSwap"
        And a valid access_token
        And the request body is set to:
            """
            {}
            """
        When I request "checkSimSwap"
        Then the response status code is "400"
        And the API returns the error code "INVALID_ARGUMENT"
        And the API returns a human readable error message

2 - For checkSimSwap, 2 further test cases to confirm adherence to the maxAge range (min 1, max 2400). Samples below:

    @checkSimSwap_EN.NNN_BelowMaxAgeRange
    Scenario: Check that the response shows an error when the requested maxAge is below the minimum integer allowed (min=1)
        Given I want to test "checkSimSwap"
        And a valid access_token
        And the variable "[CONTEXT: phoneNumber]" is set to an valid phone number
        And the variable "maxAge" is set below the minimum integer allowed
        And the request body is set to:
            """
            {
              "phoneNumber": "[CONTEXT: phoneNumber]"
              "maxAge": -1
            }
            """
        When I request "checkSimSwap"
        Then the response status code is "400"
        And the API returns the error code "INVALID_ARGUMENT"
        And the API returns a human readable error message

    @checkSimSwap_EN.NNN_AboveMaxAgeRange
    Scenario: Check that the response shows an error when the requested maxAge is above the maximum integer allowed (max=2400)
        Given I want to test "checkSimSwap"
        And a valid access_token
        And the variable "[CONTEXT: phoneNumber]" is set to an valid phone number
        And the variable "maxAge" is set above the minimum integer allowed
        And the request body is set to:
            """
            {
              "phoneNumber": "[CONTEXT: phoneNumber]"
              "maxAge": 2401
            }
            """
        When I request "checkSimSwap"
        Then the response status code is "400"
        And the API returns the error code "INVALID_ARGUMENT"
        And the API returns a human readable error message

[trehman-gsma]

Another suggestion. To confirm adherence to the PhoneNumber pattern, have test cases where we input the phone number with a "+" prefix and without a "+" prefix.

This could be new test cases, or amend existing ones where at least one contains a "+" prefix and at least one does not contain the prefix.

(This is based on experience reviewing multiple Operator deployments - have seen that the prefix is not always supported)

[fernandopradocabrillo]

Hi @bigludo7 @trehman-gsma !

I have updated the test cases following Commonalities guidelines.
Take a look to check if it covers everything

[bigludo7]

One comment about adding 401 AUTHENTICATION_REQUIRED - this is related to the yaml but has impact on the Test Definition.
I used Location Verification TD as template.

[bigludo7]

LGTM

[trehman-gsma]

Hi @fernandopradocabrillo @bigludo7,

Regarding the test cases where there is a mismatch between access token and phoneNumber - are there wider CAMARA guidelines for the expected error responses (e.g. UNKNOWN_PHONE_NUMBER / NOT_FOUND / INVALID_TOKEN_CONTEXT)? Is it based on Commonalities' "Standardized use of CAMARA error responses"?

Some of the operator implementations I've experienced return a 403 in every case where there is a mismatch between access token (they do not implement the concept of a user owning multiple phone numbers at the CAMARA level), so I'm thinking these different mismatch error responses might be a little difficult to adopt across operators. If there is some guidelines I could point operators towards for these cases then that would be helpful.

[fernandopradocabrillo]

I don't think there is a clear guideline on this I'm afraid, but I'll check with my collegues if they have more info.

I have included our view on the scenarios and this is what we are implementing in TEF. We have a more complex filtering structure in the apigw so we are able to differenciate between these cases.

Maybe we can place a comment and clarify that depending on the auth implementations, the operator can return 404 or 403.

Edit: as stated in the issue #119 we are going to remove the unkown_phon_ number error

[trehman-gsma]

Hi @fernandopradocabrillo,

Apologies, I'm not able to comprehend this test case. Does it mean sending 2 requests using the same access token? If so, how does this result in 409?

[fernandopradocabrillo]

Hi @trehman-gsma!

I included this test just to cover all the errors defined in the API but, actually, I don't see any use for it.
I have an open issue to discuss whether we should remove it or not #119

[trehman-gsma]

Hi @bigludo7 @trehman-gsma !

I have updated the test cases following Commonalities guidelines. Take a look to check if it covers everything

Hi @fernandopradocabrillo - great job with the test cases. I have added a few comments to the changed files to request clarification. Thanks.

[gregory1g]

To which "the user" the phone number must belong? The client does not provide a user in the input.
Th test case logic is correct: "the header "Authorization" is set to a valid access token emitted for a different phone number" => access token does not matches provided phoenNumber (both can belong to the same person or nor - does not matter).
Suggest: adjust the name and scenario of the test to something like "access token does not match phone number".

[fernandopradocabrillo]

For us this is a step we have prior to any other validation.
To be a valid token, the phoneNumber needs to be related to a subscriber, so we have a validation to check that indeed the phoneNumber belongs to the subscriber.
I can remove this test to not block the release, but maybe we'll like to revisit the possibility to include it in the future.

[gregory1g]

yes, let's remove this for now.

to be honest, I do not fully understand how this could work. To check that phoneNumber belongs to the user, you need to get the user (user id) from somewhere. But user ID is not part of the input. Probably, you can find the user by access token, but access token is already for the exact phone number anyway. So, if the access token is generated correctly user id amd phone number "in" it must match...

[gregory1g]

success test cases (all of them) only cover scenario where $.phoneNumber is provided. However, the recommended way to use the API is without phoneNumber in the payload. And, it looks like there is no single test case which covers this.

[fernandopradocabrillo]

yes, I would keep the specification about the phone number tho. For example:

And the header "Authorization" is set to a valid access token from which a valid testing phoneNumber can be deducted

wdyt? @gregory1g

[gregory1g]

This still keeps the main usage scenario outside of the tests coverage. With this change the only valid shown success invocation includes both access token and phoneNumber, meanwhile the recommended way to do not send phoneNumber. Probably we should focus successful tests on access token identifcation only and only keep error tests when phoneNumber does not match access token?

[fernandopradocabrillo]

Yes, I think I haven't expressed it correctly. I agree with removing the phoneNumber from the body in the success scenarios, but I think we should keep the phone number characteristics for each case.

It is important for example to state that the phone number associated to the token didn't have a swap in the last X months or that there has been a swap but outside of the maxAge, etc

This way the tests can be set properly for the certification.

[gregory1g]

Fully agree. phoneNumber is still needed for the service logic. But for the main success cases, it is better to move a source of this information from the request body ("$.phoneNumber" reference request body) to access token.
No sure what is the best way to express this. Probably like:

@check_sim_swap_1_generic_success_scenario
  Scenario: Common validations for any sucess scenario
    Given the request header "Authorization" is set to a valid access token from which a valid testing phoneNumber can be deducted
. . .

[fernandopradocabrillo]

Yep, that sounds like what I had in mind, I'll update it

[gregory1g]

Should we probably use "retrieve" instead of "check" here (and for the following test cases)?

[gregory1g]

Given the request body property "$.phoneNumber" is set to a valid testing phone number
=>
Given the request body property "$.phoneNumber" is set to a valid testing phone number and SimSwap event happened before the limited history window threshold.

[gregory1g]

same concern as for the corresponding /check tests

[sfnuser]

I wonder how we can standardise the usage of code values across implementations? Here we have chosen NOT_SUPPORTED but the spec does not mandate this (it provides only generic error definitions with no specific values - only examples). I can't remember why we chose this approach. This applies to other CAMARA APIs too.

Also Commonalities seems to recommend the below error code

[fernandopradocabrillo]

The use of examples is something that comes from the beginning of CAMARA, it is the same in all APIs, I also agree it should be included as generic definition and not only examples.

Regarding the error, we haven't use that one since it only applies to APIs that use the device object. There is an agreement in Commonalities to use the NOT_SUPPORTED error. It is stated for example in this commonalities PR. Probably also in the meeting minutes.

[sfnuser]

@fernandopradocabrillo Thanks for the references 👍🏼

[fernandopradocabrillo]

@gregory1g I have updated the scenarios including your comments and the new UNIDENTIFIABLE_PHONE_NUMBER error. Thanks!

[gregory1g]

Most of the my comments are non-blocking nice to have improvement suggestions.
The one potentially blocking one is about "@retrieve_sim_swap_date_9_phone_number_not_provided_and_cannot_be_deducted_from_access_token" and "@retrieve_sim_swap_date_10_phone_number_not_provided_and_cannot_be_deducted_from_access_token"

[gregory1g]

Is it possible to split tis very long "given" into more "standard" parts like:
Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network can be deducted
AND $.maxAge is set to "X"
AND SIM for this phone number was swapped in the last "X" hours

@check_sim_swap_5_out_of_max_age is rather close to this already

Similar suggestion for other use cases where "given" combines multiple conditions

[fernandopradocabrillo]

Agree, I have split all the success scenarios into different steps, hope it is better now

[gregory1g]

Suggestion: extract "swap was more than X" in a separate AND condition. And put it after the "maxAge is set" condition to simplify reading. Like:
Given phoneNumber is here
and maxAge is set like ....
and swap was at maxAge+1 ago.

Currently we say:

1. swap was more than $.maxAge hoursAgo
2. $.maxAge is set to to swap -1
   so we define maxAge via simswap time, and at the same time we define simswap time via maxAge,

[gregory1g]

Looks a bit misleading: we do not user user accounts in camara
Suggestion:
Get timestamp of last MSISDN <-> IMSI pairing change for the provided phone number.

[fernandopradocabrillo]

Yeah, I basically used the endpoint description. I don't see any problem in changing it to the one you proposed.
We can update the description in the yaml in the future

[gregory1g]

conditions looks identical to @retrieve_sim_swap_date_9_phone_number_not_provided_and_cannot_be_deducted_from_access_token, but the response is different.

[fernandopradocabrillo]

totally, I forgot to remove the old one, fixed!

[sfnuser]

Aren't these error returns depends on the deployment architecture? For e.g. when the service is not supported for the phone number, my ID server may not even issue an access token and can return either 401 or 403. Should we have a list of possible error codes?

[fernandopradocabrillo]

Yeah, we have face a similar situation with one of the test cases above. I think this is something we'll have to discuss and decide how we can approach it.
For example, for us in Telefónica, we can differenciate if a phone number belongs to a suscriptor and return a different error when the provided phone number doesn't belong to the user associated to the token.
Maybe you can open an issue and we can discuss there, but it won't be part of this release I believe.

[sfnuser]

We also encountered similar scenario during GSMA certification test run as these test cases form the basis of the interoperability tests. I agree, this may not be something that can be done in this release and it may be applicable to other APIs as well. I will raise an issue here first - it can be tracked for the next release 👍🏼

[gregory1g]

lgfm

[bigludo7]

LGTM