From c2b2c47e9bc9eb9610ab17138c6115565e47bbf5 Mon Sep 17 00:00:00 2001 From: Fernando Prado Date: Wed, 8 Nov 2023 17:40:49 +0100 Subject: [PATCH 1/8] initial proposal --- code/Test_definitions/checkSimSwap.feature | 193 ++++++++++++++++++ .../retrieveSimSwapDate.feature | 135 ++++++++++++ 2 files changed, 328 insertions(+) create mode 100644 code/Test_definitions/checkSimSwap.feature create mode 100644 code/Test_definitions/retrieveSimSwapDate.feature diff --git a/code/Test_definitions/checkSimSwap.feature b/code/Test_definitions/checkSimSwap.feature new file mode 100644 index 0000000..7ea2fb3 --- /dev/null +++ b/code/Test_definitions/checkSimSwap.feature @@ -0,0 +1,193 @@ +Feature: SIM Swap 0.4.0 - checkSimSwap + + check if SIM swap has been performed during a past period + + Background: An environment where Operator's API GW exposes checkSimSwap + Given an environment with Operator's API GW + And the endpoint "sim-swap/v0/check" + And the method "post" + And the request body is set to: + """ + { + "phoneNumber": "+346661113334" + } + """ + And the header "x-correlator" is set to "[UUIDv4]" + + + # Common errors + + + @checkSimSwap_E10.01 + Scenario: Error response for expired access token + Given I want to test "checkSimSwap" + And an expired access_token + When I request "checkSimSwap" + Then the response status code is "401" + And the API returns the error code "UNAUTHENTICATED" + And the API returns a human readable error message + + + @checkSimSwap_E10.02 + Scenario: Error response for invalid access token + Given I want to test "checkSimSwap" + And an invalid access_token + When I request "checkSimSwap" + Then the response status code is "401" + And the API returns the error code "UNAUTHENTICATED" + And the API returns a human readable error message + + + @checkSimSwap_E10.03 + Scenario: Error response for no header "Authorization" + Given I want to test "checkSimSwap" + And the header "Authorization" is not sent + When I request "checkSimSwap" + Then the response status code is "401" + And the API returns the error code "UNAUTHENTICATED" + And the API returns a human readable error message + + + # API Specific Errors + + + @checkSimSwap_E19.101_InvalidPhoneNumber + Scenario: Check that the response shows an error when the phone number is invalid + Given I want to test "checkSimSwap" + And a valid access_token + And the variable "[CONTEXT: phoneNumber]" is set to an invalid phone number + And the request body is set to: + """ + { + "phoneNumber": "[CONTEXT: phoneNumber]" + } + """ + When I request "checkSimSwap" + Then the response status code is "400" + And the API returns the error code "INVALID_ARGUMENT" + And the API returns a human readable error message + + + @checkSimSwap_E19.102_NoPhoneNumber + Scenario: Check that the response shows an error when the phone number is missing + Given I want to test "checkSimSwap" + And a valid access_token + And the request body is set to: + """ + {} + """ + When I request "checkSimSwap" + Then the response status code is "400" + And the API returns the error code "INVALID_ARGUMENT" + And the API returns a human readable error message + + + @checkSimSwap_E19.103_UnknownPhoneNumber + Scenario: Check that the response shows an error when the phone number does not belong to the Operator + Given I want to test "checkSimSwap" + And a valid access_token + And the variable "[CONTEXT: phoneNumber]" is set to a phone number that does not belong to the Operator + And the request body is set to: + """ + { + "phoneNumber": "[CONTEXT: phoneNumber]" + } + """ + When I request "checkSimSwap" + Then the response status code is "404" + And the API returns the error code "SIM_SWAP.UNKNOWN_PHONE_NUMBER" + And the API returns a human readable error message + + + # API Specific validations + + + @checkSimSwap_30.101_ValidSimSwapNoMaxAge + Scenario: Check that the response shows that the SIM has been swapped + Given I want to test "checkSimSwap" for a user which have a phone number connected to the Operator's network and swapped in the last 240 hours + And a valid access_token + And the variable "[CONTEXT: phoneNumber]" is set to a phone number connected to the network that has been swapped in the last 240 hours + And the request body is set to: + """ + { + "phoneNumber": "[CONTEXT: phoneNumber]" + } + """ + When I request "checkSimSwap" + Then the response status code is "200" + And the value of response property "$.swapped" == true + + + @checkSimSwap_30.102_ValidSimSwapMaxAge + Scenario Outline: Check that the response shows that the SIM has been swapped + Given I want to test "checkSimSwap" for a user which have a phone number connected to the Operator's network and swapped in the last "" hours + And a valid access_token + And the variable "[CONTEXT: phoneNumber]" is set to a phone number connected to the network that has been swapped in the last "" hours, where "" is equal or less than provided "maxAge" request body parameter + And the request body is set to: + """ + { + "phoneNumber": "[CONTEXT: phoneNumber]", + "maxAge": 260 + } + """ + When I request "checkSimSwap" + Then the response status code is "200" + And the value of response property "$.swapped" == true + + Examples: + | hours | + | 260 | + | 120 | + | 24 | + | 12 | + + + @checkSimSwap_30.103_MoreThan240Hours + Scenario: Check that the response shows that the SIM has not been swapped when the last swap was more than 240 hours ago + Given I want to test "checkSimSwap" for a user which have a phone number connected to the Operator's network and swapped more than 240 hours ago + And a valid access_token + And the variable "[CONTEXT: phoneNumber]" is set to a phone number connected to the network that has been swapped more than 240 hours ago + And the request body is set to: + """ + { + "phoneNumber": "[CONTEXT: phoneNumber]" + } + """ + When I request "checkSimSwap" + Then the response status code is "200" + And the value of response property "$.swapped" == false + + + @checkSimSwap_30.104_OutOfMaxAge + Scenario: Check that the response shows that the SIM has not been swapped when the last swap was before the maxAge field + Given I want to test "checkSimSwap" for a user which have a phone number connected to the Operator's network and swapped more than the maxAge field ago + And a valid access_token + And the variable "[CONTEXT: maxAge]" is set to the number of hours since the last SIM swap minus 1 + And the variable "[CONTEXT: phoneNumber]" is set to a phone number connected to the network whose last SIM swap was more than "[CONTEXT: maxAge]" hours ago + And the request body is set to: + """ + { + "phoneNumber": "[CONTEXT: phoneNumber]", + "maxAge": "[CONTEXT: maxAge]" + } + """ + When I request "checkSimSwap" + Then the response status code is "200" + And the value of response property "$.swapped" == false + + + @checkSimSwap_30.105_NoSimSwap + Scenario: Check that the response shows that the SIM has not been swapped + Given I want to test "checkSimSwap" for a user which have a SIM that has never been swapped + And a valid access_token + And the variable "[CONTEXT: phoneNumber]" is set to a phone number with a SIM that has never been swapped + And the request body is set to: + """ + { + "phoneNumber": "[CONTEXT: phoneNumber]" + } + """ + When I request "checkSimSwap" + Then the response status code is "200" + And the value of response property "$.swapped" == false + diff --git a/code/Test_definitions/retrieveSimSwapDate.feature b/code/Test_definitions/retrieveSimSwapDate.feature new file mode 100644 index 0000000..e3f07d3 --- /dev/null +++ b/code/Test_definitions/retrieveSimSwapDate.feature @@ -0,0 +1,135 @@ +Feature: SIM Swap 0.4.0 - retrieveSimSwapDate + + Get timestamp of last MSISDN <-> IMSI pairing change for a mobile user account provided with MSIDN. + + Background: An environment where Operator's API GW exposes retrieveSimSwapDate + Given an environment with Operator's API GW + And the endpoint "sim-swap/v0/retrieve-date" + And the method "post" + And the request body is set to: + """ + { + "phoneNumber": "+346661113334" + } + """ + And the header "x-correlator" is set to "[UUIDv4]" + + + # Common errors + + + @retrieveSimSwapDate_E10.01 + Scenario: Error response for expired access token + Given I want to test "retrieveSimSwapDate" + And an expired access_token + When I request "retrieveSimSwapDate" + Then the response status code is "401" + And the API returns the error code "UNAUTHENTICATED" + And the API returns a human readable error message + + + @retrieveSimSwapDate_E10.02 + Scenario: Error response for invalid access token + Given I want to test "retrieveSimSwapDate" + And an invalid access_token + When I request "retrieveSimSwapDate" + Then the response status code is "401" + And the API returns the error code "UNAUTHENTICATED" + And the API returns a human readable error message + + + @retrieveSimSwapDate_E10.03 + Scenario: Error response for no header "Authorization" + Given I want to test "retrieveSimSwapDate" + And the header "Authorization" is not sent + When I request "retrieveSimSwapDate" + Then the response status code is "401" + And the API returns the error code "UNAUTHENTICATED" + And the API returns a human readable error message + + + # API Specific Errors + + + @retrieveSimSwapDate_E19.101_InvalidPhoneNumber + Scenario: Check that the response shows an error when the phone number is invalid + Given I want to test "retrieveSimSwapDate" + And a valid access_token + And the variable "[CONTEXT: phoneNumber]" is set to an invalid phone number + And the request body is set to: + """ + { + "phoneNumber": "[CONTEXT: phoneNumber]" + } + """ + When I request "retrieveSimSwapDate" + Then the response status code is "400" + And the API returns the error code "INVALID_ARGUMENT" + And the API returns a human readable error message + + + @retrieveSimSwapDate_E19.102_NoPhoneNumber + Scenario: Check that the response shows an error when the phone number is missing + Given I want to test "retrieveSimSwapDate" + And a valid access_token + And the request body is set to: + """ + {} + """ + When I request "retrieveSimSwapDate" + Then the response status code is "400" + And the API returns the error code "INVALID_ARGUMENT" + And the API returns a human readable error message + + + @retrieveSimSwapDate_E19.103_UnknownPhoneNumber + Scenario: Check that the response shows an error when the phone number does not belong to the Operator + Given I want to test "retrieveSimSwapDate" + And a valid access_token + And the variable "[CONTEXT: phoneNumber]" is set to a phone number that does not belong to the Operator + And the request body is set to: + """ + { + "phoneNumber": "[CONTEXT: phoneNumber]" + } + """ + When I request "retrieveSimSwapDate" + Then the response status code is "404" + And the API returns the error code "SIM_SWAP.UNKNOWN_PHONE_NUMBER" + And the API returns a human readable error message + + + # API Specific validations + + + @retrieveSimSwapDate_30.101_ValidSimSwap + Scenario: Check SIM swap date for a valid SIM swap + Given I want to test "retrieveSimSwapDate" for a user which have a phone number connected to the Operator's network + And a valid access_token + And the variable "[CONTEXT: phoneNumber]" is set to a phone number connected to the network + And the request body is set to: + """ + { + "phoneNumber": "[CONTEXT: phoneNumber]" + } + """ + When I request "retrieveSimSwapDate" + Then the response status code is "200" + And the response property "$.latestSimChange" is present + + + @retrieveSimSwapDate_30.102_NoSimSwap + Scenario: Check SIM swap date for a valid SIM swap + Given I want to test "retrieveSimSwapDate" for a user which have a phone number never connected to the Operator's network + And a valid access_token + And the variable "[CONTEXT: phoneNumber]" is set to a phone number never connected to the network + And the request body is set to: + """ + { + "phoneNumber": "[CONTEXT: phoneNumber]" + } + """ + When I request "retrieveSimSwapDate" + Then the response status code is "200" + And the response property "$.latestSimChange" is not present + From 4b645704c942d135b56729921af85f1e72153d90 Mon Sep 17 00:00:00 2001 From: Fernando Prado Date: Thu, 16 Nov 2023 12:12:49 +0100 Subject: [PATCH 2/8] include 403 invalid token context test cases --- code/Test_definitions/checkSimSwap.feature | 60 +++++++++++++++++++ .../retrieveSimSwapDate.feature | 60 +++++++++++++++++++ 2 files changed, 120 insertions(+) diff --git a/code/Test_definitions/checkSimSwap.feature b/code/Test_definitions/checkSimSwap.feature index 7ea2fb3..b392b55 100644 --- a/code/Test_definitions/checkSimSwap.feature +++ b/code/Test_definitions/checkSimSwap.feature @@ -1,3 +1,6 @@ +# +# Revision: 0 + Feature: SIM Swap 0.4.0 - checkSimSwap check if SIM swap has been performed during a past period @@ -99,6 +102,63 @@ Feature: SIM Swap 0.4.0 - checkSimSwap And the API returns a human readable error message + @checkSimSwap_E19.104_PhoneNumberProvidedDoesNotMatchTheAccessToken + Scenario: Check that the response shows an error when phone number provided does not match the one in the access token + Given I want to test "checkSimSwap" + And a valid access_token + And the access token identifies the user + And the access token contains a phone number from the user + And the variable "[CONTEXT: phoneNumber]" is set to a phone number that does not belong to the Operator + And the request body is set to: + """ + { + "phoneNumber": "[CONTEXT: phoneNumber]" + } + """ + When I request "checkSimSwap" + Then the response status code is "403" + And the API returns the error code "SIM_SWAP.INVALID_TOKEN_CONTEXT" + And the API returns a human readable error message + + + @checkSimSwap_E19.105_PhoneNumberProvidedIsNotPresentInAccessToken + Scenario: Check that the response shows an error when phone number provided is not present in the access token + Given I want to test "checkSimSwap" + And a valid access_token + And the access token identifies the user + And the access token does not contain a phone number from the user + And the variable "[CONTEXT: phoneNumber]" is set to a phone number of the user + And the request body is set to: + """ + { + "phoneNumber": "[CONTEXT: phoneNumber]" + } + """ + When I request "checkSimSwap" + Then the response status code is "403" + And the API returns the error code "SIM_SWAP.INVALID_TOKEN_CONTEXT" + And the API returns a human readable error message + + + @checkSimSwap_E19.106_PhoneNumberNotProvidedAndAccessTokenDoesNotContainPhoneNumber + Scenario: Check that the response shows an error when phone number can not be deducted from access token and it is not provided in the request body + Given I want to test "checkSimSwap" + And a valid access_token + And the access token identifies the user + And the access token does not contain a phone number from the user + And the variable "[CONTEXT: phoneNumber]" is set to a phone number of the user + And the request body is set to: + """ + { + "phoneNumber": "" + } + """ + When I request "checkSimSwap" + Then the response status code is "403" + And the API returns the error code "SIM_SWAP.INVALID_TOKEN_CONTEXT" + And the API returns a human readable error message + + # API Specific validations diff --git a/code/Test_definitions/retrieveSimSwapDate.feature b/code/Test_definitions/retrieveSimSwapDate.feature index e3f07d3..fb0fb32 100644 --- a/code/Test_definitions/retrieveSimSwapDate.feature +++ b/code/Test_definitions/retrieveSimSwapDate.feature @@ -1,3 +1,6 @@ +# +# Revision: 0 + Feature: SIM Swap 0.4.0 - retrieveSimSwapDate Get timestamp of last MSISDN <-> IMSI pairing change for a mobile user account provided with MSIDN. @@ -99,6 +102,63 @@ Feature: SIM Swap 0.4.0 - retrieveSimSwapDate And the API returns a human readable error message + @retrieveSimSwapDate_E19.104_PhoneNumberProvidedDoesNotMatchTheAccessToken + Scenario: Check that the response shows an error when phone number provided does not match the one in the access token + Given I want to test "retrieveSimSwapDate" + And a valid access_token + And the access token identifies the user + And the access token contains a phone number from the user + And the variable "[CONTEXT: phoneNumber]" is set to a phone number that does not belong to the Operator + And the request body is set to: + """ + { + "phoneNumber": "[CONTEXT: phoneNumber]" + } + """ + When I request "retrieveSimSwapDate" + Then the response status code is "403" + And the API returns the error code "SIM_SWAP.INVALID_TOKEN_CONTEXT" + And the API returns a human readable error message + + + @retrieveSimSwapDate_E19.105_PhoneNumberProvidedIsNotPresentInAccessToken + Scenario: Check that the response shows an error when phone number provided is not present in the access token + Given I want to test "retrieveSimSwapDate" + And a valid access_token + And the access token identifies the user + And the access token does not contain a phone number from the user + And the variable "[CONTEXT: phoneNumber]" is set to a phone number of the user + And the request body is set to: + """ + { + "phoneNumber": "[CONTEXT: phoneNumber]" + } + """ + When I request "retrieveSimSwapDate" + Then the response status code is "403" + And the API returns the error code "SIM_SWAP.INVALID_TOKEN_CONTEXT" + And the API returns a human readable error message + + + @retrieveSimSwapDate_E19.106_PhoneNumberNotProvidedAndAccessTokenDoesNotContainPhoneNumber + Scenario: Check that the response shows an error when phone number can not be deducted from access token and it is not provided in the request body + Given I want to test "retrieveSimSwapDate" + And a valid access_token + And the access token identifies the user + And the access token does not contain a phone number from the user + And the variable "[CONTEXT: phoneNumber]" is set to a phone number of the user + And the request body is set to: + """ + { + "phoneNumber": "" + } + """ + When I request "retrieveSimSwapDate" + Then the response status code is "403" + And the API returns the error code "SIM_SWAP.INVALID_TOKEN_CONTEXT" + And the API returns a human readable error message + + # API Specific validations From 16a686c6d84bdf5732456b2dbf1baf590a3ce5c8 Mon Sep 17 00:00:00 2001 From: Fernando Prado Date: Thu, 16 Nov 2023 12:15:10 +0100 Subject: [PATCH 3/8] remove version date temporary --- code/Test_definitions/checkSimSwap.feature | 2 +- code/Test_definitions/retrieveSimSwapDate.feature | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/code/Test_definitions/checkSimSwap.feature b/code/Test_definitions/checkSimSwap.feature index b392b55..6eb5573 100644 --- a/code/Test_definitions/checkSimSwap.feature +++ b/code/Test_definitions/checkSimSwap.feature @@ -1,7 +1,7 @@ # # Revision: 0 -Feature: SIM Swap 0.4.0 - checkSimSwap +Feature: SIM Swap - checkSimSwap check if SIM swap has been performed during a past period diff --git a/code/Test_definitions/retrieveSimSwapDate.feature b/code/Test_definitions/retrieveSimSwapDate.feature index fb0fb32..5fb893a 100644 --- a/code/Test_definitions/retrieveSimSwapDate.feature +++ b/code/Test_definitions/retrieveSimSwapDate.feature @@ -1,7 +1,7 @@ # # Revision: 0 -Feature: SIM Swap 0.4.0 - retrieveSimSwapDate +Feature: SIM Swap - retrieveSimSwapDate Get timestamp of last MSISDN <-> IMSI pairing change for a mobile user account provided with MSIDN. From e1f7dbb1a9072ac55936a5a4277d0b86f9134930 Mon Sep 17 00:00:00 2001 From: Fernando Prado Date: Mon, 20 Nov 2023 16:49:03 +0100 Subject: [PATCH 4/8] fix scenario --- code/Test_definitions/checkSimSwap.feature | 2 +- code/Test_definitions/retrieveSimSwapDate.feature | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/code/Test_definitions/checkSimSwap.feature b/code/Test_definitions/checkSimSwap.feature index 6eb5573..09e2539 100644 --- a/code/Test_definitions/checkSimSwap.feature +++ b/code/Test_definitions/checkSimSwap.feature @@ -108,7 +108,7 @@ Feature: SIM Swap - checkSimSwap And a valid access_token And the access token identifies the user And the access token contains a phone number from the user - And the variable "[CONTEXT: phoneNumber]" is set to a phone number that does not belong to the Operator + And the variable "[CONTEXT: phoneNumber]" is set to a phone number that did not match the one encoded in the access token And the request body is set to: """ { diff --git a/code/Test_definitions/retrieveSimSwapDate.feature b/code/Test_definitions/retrieveSimSwapDate.feature index 5fb893a..7b1698d 100644 --- a/code/Test_definitions/retrieveSimSwapDate.feature +++ b/code/Test_definitions/retrieveSimSwapDate.feature @@ -108,7 +108,7 @@ Feature: SIM Swap - retrieveSimSwapDate And a valid access_token And the access token identifies the user And the access token contains a phone number from the user - And the variable "[CONTEXT: phoneNumber]" is set to a phone number that does not belong to the Operator + And the variable "[CONTEXT: phoneNumber]" is set to a phone number that did not match the one encoded in the access token And the request body is set to: """ { From fca89f221d208222bf82b1fdd9e3bc26a22e4ac0 Mon Sep 17 00:00:00 2001 From: Fernando Prado Date: Wed, 26 Jun 2024 17:39:55 +0200 Subject: [PATCH 5/8] include test cases with commonalities format --- code/Test_definitions/checkSimSwap.feature | 429 +++++++----------- .../retrieveSimSwapDate.feature | 358 +++++++-------- 2 files changed, 339 insertions(+), 448 deletions(-) diff --git a/code/Test_definitions/checkSimSwap.feature b/code/Test_definitions/checkSimSwap.feature index 09e2539..64b538f 100644 --- a/code/Test_definitions/checkSimSwap.feature +++ b/code/Test_definitions/checkSimSwap.feature @@ -1,253 +1,176 @@ -# -# Revision: 0 - -Feature: SIM Swap - checkSimSwap - - check if SIM swap has been performed during a past period - - Background: An environment where Operator's API GW exposes checkSimSwap - Given an environment with Operator's API GW - And the endpoint "sim-swap/v0/check" - And the method "post" - And the request body is set to: - """ - { - "phoneNumber": "+346661113334" - } - """ - And the header "x-correlator" is set to "[UUIDv4]" - - - # Common errors - - - @checkSimSwap_E10.01 - Scenario: Error response for expired access token - Given I want to test "checkSimSwap" - And an expired access_token - When I request "checkSimSwap" - Then the response status code is "401" - And the API returns the error code "UNAUTHENTICATED" - And the API returns a human readable error message - - - @checkSimSwap_E10.02 - Scenario: Error response for invalid access token - Given I want to test "checkSimSwap" - And an invalid access_token - When I request "checkSimSwap" - Then the response status code is "401" - And the API returns the error code "UNAUTHENTICATED" - And the API returns a human readable error message - - - @checkSimSwap_E10.03 - Scenario: Error response for no header "Authorization" - Given I want to test "checkSimSwap" - And the header "Authorization" is not sent - When I request "checkSimSwap" - Then the response status code is "401" - And the API returns the error code "UNAUTHENTICATED" - And the API returns a human readable error message - - - # API Specific Errors - - - @checkSimSwap_E19.101_InvalidPhoneNumber - Scenario: Check that the response shows an error when the phone number is invalid - Given I want to test "checkSimSwap" - And a valid access_token - And the variable "[CONTEXT: phoneNumber]" is set to an invalid phone number - And the request body is set to: - """ - { - "phoneNumber": "[CONTEXT: phoneNumber]" - } - """ - When I request "checkSimSwap" - Then the response status code is "400" - And the API returns the error code "INVALID_ARGUMENT" - And the API returns a human readable error message - - - @checkSimSwap_E19.102_NoPhoneNumber - Scenario: Check that the response shows an error when the phone number is missing - Given I want to test "checkSimSwap" - And a valid access_token - And the request body is set to: - """ - {} - """ - When I request "checkSimSwap" - Then the response status code is "400" - And the API returns the error code "INVALID_ARGUMENT" - And the API returns a human readable error message - - - @checkSimSwap_E19.103_UnknownPhoneNumber - Scenario: Check that the response shows an error when the phone number does not belong to the Operator - Given I want to test "checkSimSwap" - And a valid access_token - And the variable "[CONTEXT: phoneNumber]" is set to a phone number that does not belong to the Operator - And the request body is set to: - """ - { - "phoneNumber": "[CONTEXT: phoneNumber]" - } - """ - When I request "checkSimSwap" - Then the response status code is "404" - And the API returns the error code "SIM_SWAP.UNKNOWN_PHONE_NUMBER" - And the API returns a human readable error message - - - @checkSimSwap_E19.104_PhoneNumberProvidedDoesNotMatchTheAccessToken - Scenario: Check that the response shows an error when phone number provided does not match the one in the access token - Given I want to test "checkSimSwap" - And a valid access_token - And the access token identifies the user - And the access token contains a phone number from the user - And the variable "[CONTEXT: phoneNumber]" is set to a phone number that did not match the one encoded in the access token - And the request body is set to: - """ - { - "phoneNumber": "[CONTEXT: phoneNumber]" - } - """ - When I request "checkSimSwap" - Then the response status code is "403" - And the API returns the error code "SIM_SWAP.INVALID_TOKEN_CONTEXT" - And the API returns a human readable error message - - - @checkSimSwap_E19.105_PhoneNumberProvidedIsNotPresentInAccessToken - Scenario: Check that the response shows an error when phone number provided is not present in the access token - Given I want to test "checkSimSwap" - And a valid access_token - And the access token identifies the user - And the access token does not contain a phone number from the user - And the variable "[CONTEXT: phoneNumber]" is set to a phone number of the user - And the request body is set to: - """ - { - "phoneNumber": "[CONTEXT: phoneNumber]" - } - """ - When I request "checkSimSwap" - Then the response status code is "403" - And the API returns the error code "SIM_SWAP.INVALID_TOKEN_CONTEXT" - And the API returns a human readable error message - - - @checkSimSwap_E19.106_PhoneNumberNotProvidedAndAccessTokenDoesNotContainPhoneNumber - Scenario: Check that the response shows an error when phone number can not be deducted from access token and it is not provided in the request body - Given I want to test "checkSimSwap" - And a valid access_token - And the access token identifies the user - And the access token does not contain a phone number from the user - And the variable "[CONTEXT: phoneNumber]" is set to a phone number of the user - And the request body is set to: - """ - { - "phoneNumber": "" - } - """ - When I request "checkSimSwap" - Then the response status code is "403" - And the API returns the error code "SIM_SWAP.INVALID_TOKEN_CONTEXT" - And the API returns a human readable error message - - - # API Specific validations - - - @checkSimSwap_30.101_ValidSimSwapNoMaxAge - Scenario: Check that the response shows that the SIM has been swapped - Given I want to test "checkSimSwap" for a user which have a phone number connected to the Operator's network and swapped in the last 240 hours - And a valid access_token - And the variable "[CONTEXT: phoneNumber]" is set to a phone number connected to the network that has been swapped in the last 240 hours - And the request body is set to: - """ - { - "phoneNumber": "[CONTEXT: phoneNumber]" - } - """ - When I request "checkSimSwap" - Then the response status code is "200" - And the value of response property "$.swapped" == true - - - @checkSimSwap_30.102_ValidSimSwapMaxAge - Scenario Outline: Check that the response shows that the SIM has been swapped - Given I want to test "checkSimSwap" for a user which have a phone number connected to the Operator's network and swapped in the last "" hours - And a valid access_token - And the variable "[CONTEXT: phoneNumber]" is set to a phone number connected to the network that has been swapped in the last "" hours, where "" is equal or less than provided "maxAge" request body parameter - And the request body is set to: - """ - { - "phoneNumber": "[CONTEXT: phoneNumber]", - "maxAge": 260 - } - """ - When I request "checkSimSwap" - Then the response status code is "200" - And the value of response property "$.swapped" == true - - Examples: - | hours | - | 260 | - | 120 | - | 24 | - | 12 | - - - @checkSimSwap_30.103_MoreThan240Hours - Scenario: Check that the response shows that the SIM has not been swapped when the last swap was more than 240 hours ago - Given I want to test "checkSimSwap" for a user which have a phone number connected to the Operator's network and swapped more than 240 hours ago - And a valid access_token - And the variable "[CONTEXT: phoneNumber]" is set to a phone number connected to the network that has been swapped more than 240 hours ago - And the request body is set to: - """ - { - "phoneNumber": "[CONTEXT: phoneNumber]" - } - """ - When I request "checkSimSwap" - Then the response status code is "200" - And the value of response property "$.swapped" == false - - - @checkSimSwap_30.104_OutOfMaxAge - Scenario: Check that the response shows that the SIM has not been swapped when the last swap was before the maxAge field - Given I want to test "checkSimSwap" for a user which have a phone number connected to the Operator's network and swapped more than the maxAge field ago - And a valid access_token - And the variable "[CONTEXT: maxAge]" is set to the number of hours since the last SIM swap minus 1 - And the variable "[CONTEXT: phoneNumber]" is set to a phone number connected to the network whose last SIM swap was more than "[CONTEXT: maxAge]" hours ago - And the request body is set to: - """ - { - "phoneNumber": "[CONTEXT: phoneNumber]", - "maxAge": "[CONTEXT: maxAge]" - } - """ - When I request "checkSimSwap" - Then the response status code is "200" - And the value of response property "$.swapped" == false - - - @checkSimSwap_30.105_NoSimSwap - Scenario: Check that the response shows that the SIM has not been swapped - Given I want to test "checkSimSwap" for a user which have a SIM that has never been swapped - And a valid access_token - And the variable "[CONTEXT: phoneNumber]" is set to a phone number with a SIM that has never been swapped - And the request body is set to: - """ - { - "phoneNumber": "[CONTEXT: phoneNumber]" - } - """ - When I request "checkSimSwap" - Then the response status code is "200" - And the value of response property "$.swapped" == false - +Feature: CAMARA SIM Swap API, 0.5.0 - Operation checkSimSwap + + # Input to be provided by the implementation to the tester + # + # Testing assets: + # + # References to OAS spec schemas refer to schemas specifies in sim_swap.yaml, version 0.5.0 + + check if SIM swap has been performed during a past period + + Background: Common checkSimSwap setup + Given the resource "sim-swap/v0/check" + And the header "Content-Type" is set to "application/json" + And the header "Authorization" is set to a valid access token + And the header "x-correlator" is set to a UUID value + And the request body is set by default to a request body compliant with the schema + + + # This first scenario serves as a minimum, not testing any specific verificationResult + @check_sim_swap_1_generic_success_scenario + Scenario: Common validations for any sucess scenario + Given the request body property "$.phoneNumber" is set to a valid testing phoneNumber + When the request "checkSimSwap" is sent + Then the response status code is 200 + And the response header "Content-Type" is "application/json" + And the response header "x-correlator" has same value as the request header "x-correlator" + And the response body complies with the OAS schema at "/components/schemas/CheckSimSwapInfo" + + # Scenarios testing specific situations + + @check_sim_swap_2_valid_sim_swap_no_max_age + Scenario: Check that the response shows that the SIM has been swapped + Given the request body property "$.phoneNumber" is set to a phone number connected to the Operator's network that has been swapped in the last 240 hours + When the request "checkSimSwap" is sent + Then the response status code is 200 + And the value of response property "$.swapped" == true + + @check_sim_swap_3_valid_sim_swap_max_age + Scenario Outline: Check that the response shows that the SIM has been swapped + Given the request body property "$.phoneNumber" is set to a phone number connected to the Operator's network that has been swapped in the last "" hours, where "" is equal or less than provided "maxAge" request body parameter + When the request "checkSimSwap" is sent + Then the response status code is 200 + And the value of response property "$.swapped" == true + + Examples: + | hours | + | 260 | + | 120 | + | 24 | + | 12 | + + @check_sim_swap_4_more_than_240_hours + Scenario: Check that the response shows that the SIM has not been swapped when the last swap was more than 240 hours ago + Given the request body property "$.phoneNumber" is set to a phone number connected to the Operator's network that has been swapped more than 240 hours ago + When the request "checkSimSwap" is sent + Then the response status code is 200 + And the value of response property "$.swapped" == false + + @check_sim_swap_5_out_of_max_age + Scenario: Check that the response shows that the SIM has not been swapped when the last swap was before the maxAge field + Given the request body property "$.maxAge" is set to the number of hours since the last SIM swap minus 1 + And the request body property "$.phoneNumber" is set to a phone number connected to the network whose last SIM swap was more than "$.maxAge" hours ago + When the request "checkSimSwap" is sent + Then the response status code is 200 + And the value of response property "$.swapped" == false + + @check_sim_swap_6_no_sim_swap + Scenario: Check that the response shows that the SIM has not been swapped + Given the request body property "$.phoneNumber" is set to a phone number with a SIM that has never been swapped + When the request "checkSimSwap" is sent + Then the response status code is 200 + And the value of response property "$.swapped" == false + + # Specific errors + + @check_sim_swap_7_unknown_phone_number + Scenario: Error when the phone number does not belong to the Operator + Given the request body property "$.phoneNumber" is set to a phone number that does not belong to the Operator + When the request "checkSimSwap" is sent + Then the response status code is 404 + And the response property "$.status" is 404 + And the response property "$.code" is "SIM_SWAP.UNKNOWN_PHONE_NUMBER" + And the response property "$.message" contains a user friendly text + + @check_sim_swap_8_phone_number_provided_does_not_belong_to_the_user + Scenario: Error when provided phone number does not belong to the user + Given the request body property "$.phoneNumber" is set to a valid testing phoneNumber that does not belong to the user + And the header "Authorization" is set to a valid access token emitted for a different phone number + When the request "checkSimSwap" is sent + Then the response status code is 404 + And the response property "$.status" is 404 + And the response property "$.code" is "NOT_FOUND" + And the response property "$.message" contains a user friendly text + + @check_sim_swap_9_phone_number_provided_does_not_match_the_token + Scenario: Error when the phone number provided in the request body belongs to the user but does not match the phone number asssociated with the access token + Given the request body property "$.phoneNumber" is set to a valid testing phoneNumber that belongs to the user but does not match the one associated with the token + And the header "Authorization" is set to a valid access token + When the request "checkSimSwap" is sent + Then the response status code is 403 + And the response property "$.status" is 403 + And the response property "$.code" is "INVALID_TOKEN_CONTEXT" + And the response property "$.message" contains a user friendly text + + @check_sim_swap_10_phone_number_provided_cannot_be_deducted_from_access_token + Scenario: Error when the phone number is provided in the request body but cannot be deducted from the access token + Given the request body property "$.phoneNumber" is set to a valid testing phoneNumber of the user + And the header "Authorization" is set to a valid access token from which the phone number cannot be deduced + When the request "checkSimSwap" is sent + Then the response status code is 403 + And the response property "$.status" is 403 + And the response property "$.code" is "INVALID_TOKEN_CONTEXT" + And the response property "$.message" contains a user friendly text + + @check_sim_swap_11_phone_number_not_provided_and_cannot_be_deducted_from_access_token + Scenario: Error when phone number can not be deducted from access token and it is not provided in the request body + Given the header "Authorization" is set to a valid access token from which the phone number cannot be deduced + When the request "checkSimSwap" is sent + Then the response status code is 403 + And the response property "$.status" is 403 + And the response property "$.code" is "INVALID_TOKEN_CONTEXT" + And the response property "$.message" contains a user friendly text + + @check_sim_swap_12_phone_number_conflict + Scenario: Error when another request is created for the same phoneNumber + Given the request body property "$.phoneNumber" is set to a valid testing phoneNumber + And the header "Authorization" is set to a valid access token emitted + And another request is created for the same phoneNumber + When the request "checkSimSwap" is sent + Then the response status code is 409 + And the response property "$.status" is 409 + And the response property "$.code" is "CONFLICT" + And the response property "$.message" contains a user friendly text + + # Generic 401 errors + + @check_sim_swap_401.1_no_authorization_header + Scenario: No Authorization header + Given the header "Authorization" is removed + And the request body is set to a valid request body + When the request "checkSimSwap" is sent + Then the response status code is "401" + And the response property "$.status" is 401 + And the response property "$.code" is "UNAUTHENTICATED" + And the response property "$.message" contains a user friendly text + + @check_sim_swap_401.2_expired_access_token + Scenario: Expired access token + Given the header "Authorization" is set to an expired access token + And the request body is set to a valid request body + When the request "checkSimSwap" is sent + Then the response status code is "401" + And the response property "$.status" is 401 + And the response property "$.code" is "UNAUTHENTICATED" + And the response property "$.message" contains a user friendly text + + @check_sim_swap_401.3_invalid_access_token + Scenario: Invalid access token + Given the header "Authorization" is set to an invalid access token + And the request body is set to a valid request body + When the request "checkSimSwap" is sent + Then the response status code is "401" + And the response property "$.status" is 401 + And the response property "$.code" is "UNAUTHENTICATED" + And the response property "$.message" contains a user friendly text + + # Generic 400 errors + + @check_sim_swap_400.1_invalid_phone_number + Scenario: Check that the response shows an error when the phone number is invalid + Given the request body property "$.phoneNumber" does not comply with the OAS schema at "/components/schemas/PhoneNumber" + When the request "checkSimSwap" is sent + Then the response status code is 400 + And the response property "$.status" is 400 + And the response property "$.code" is "INVALID_ARGUMENT" + And the response property "$.message" contains a user friendly text diff --git a/code/Test_definitions/retrieveSimSwapDate.feature b/code/Test_definitions/retrieveSimSwapDate.feature index 7b1698d..b1e287f 100644 --- a/code/Test_definitions/retrieveSimSwapDate.feature +++ b/code/Test_definitions/retrieveSimSwapDate.feature @@ -1,195 +1,163 @@ -# -# Revision: 0 - -Feature: SIM Swap - retrieveSimSwapDate - - Get timestamp of last MSISDN <-> IMSI pairing change for a mobile user account provided with MSIDN. - - Background: An environment where Operator's API GW exposes retrieveSimSwapDate - Given an environment with Operator's API GW - And the endpoint "sim-swap/v0/retrieve-date" - And the method "post" - And the request body is set to: - """ - { - "phoneNumber": "+346661113334" - } - """ - And the header "x-correlator" is set to "[UUIDv4]" - - - # Common errors - - - @retrieveSimSwapDate_E10.01 - Scenario: Error response for expired access token - Given I want to test "retrieveSimSwapDate" - And an expired access_token - When I request "retrieveSimSwapDate" - Then the response status code is "401" - And the API returns the error code "UNAUTHENTICATED" - And the API returns a human readable error message - - - @retrieveSimSwapDate_E10.02 - Scenario: Error response for invalid access token - Given I want to test "retrieveSimSwapDate" - And an invalid access_token - When I request "retrieveSimSwapDate" - Then the response status code is "401" - And the API returns the error code "UNAUTHENTICATED" - And the API returns a human readable error message - - - @retrieveSimSwapDate_E10.03 - Scenario: Error response for no header "Authorization" - Given I want to test "retrieveSimSwapDate" - And the header "Authorization" is not sent - When I request "retrieveSimSwapDate" - Then the response status code is "401" - And the API returns the error code "UNAUTHENTICATED" - And the API returns a human readable error message - - - # API Specific Errors - - - @retrieveSimSwapDate_E19.101_InvalidPhoneNumber - Scenario: Check that the response shows an error when the phone number is invalid - Given I want to test "retrieveSimSwapDate" - And a valid access_token - And the variable "[CONTEXT: phoneNumber]" is set to an invalid phone number - And the request body is set to: - """ - { - "phoneNumber": "[CONTEXT: phoneNumber]" - } - """ - When I request "retrieveSimSwapDate" - Then the response status code is "400" - And the API returns the error code "INVALID_ARGUMENT" - And the API returns a human readable error message - - - @retrieveSimSwapDate_E19.102_NoPhoneNumber - Scenario: Check that the response shows an error when the phone number is missing - Given I want to test "retrieveSimSwapDate" - And a valid access_token - And the request body is set to: - """ - {} - """ - When I request "retrieveSimSwapDate" - Then the response status code is "400" - And the API returns the error code "INVALID_ARGUMENT" - And the API returns a human readable error message - - - @retrieveSimSwapDate_E19.103_UnknownPhoneNumber - Scenario: Check that the response shows an error when the phone number does not belong to the Operator - Given I want to test "retrieveSimSwapDate" - And a valid access_token - And the variable "[CONTEXT: phoneNumber]" is set to a phone number that does not belong to the Operator - And the request body is set to: - """ - { - "phoneNumber": "[CONTEXT: phoneNumber]" - } - """ - When I request "retrieveSimSwapDate" - Then the response status code is "404" - And the API returns the error code "SIM_SWAP.UNKNOWN_PHONE_NUMBER" - And the API returns a human readable error message - - - @retrieveSimSwapDate_E19.104_PhoneNumberProvidedDoesNotMatchTheAccessToken - Scenario: Check that the response shows an error when phone number provided does not match the one in the access token - Given I want to test "retrieveSimSwapDate" - And a valid access_token - And the access token identifies the user - And the access token contains a phone number from the user - And the variable "[CONTEXT: phoneNumber]" is set to a phone number that did not match the one encoded in the access token - And the request body is set to: - """ - { - "phoneNumber": "[CONTEXT: phoneNumber]" - } - """ - When I request "retrieveSimSwapDate" - Then the response status code is "403" - And the API returns the error code "SIM_SWAP.INVALID_TOKEN_CONTEXT" - And the API returns a human readable error message - - - @retrieveSimSwapDate_E19.105_PhoneNumberProvidedIsNotPresentInAccessToken - Scenario: Check that the response shows an error when phone number provided is not present in the access token - Given I want to test "retrieveSimSwapDate" - And a valid access_token - And the access token identifies the user - And the access token does not contain a phone number from the user - And the variable "[CONTEXT: phoneNumber]" is set to a phone number of the user - And the request body is set to: - """ - { - "phoneNumber": "[CONTEXT: phoneNumber]" - } - """ - When I request "retrieveSimSwapDate" - Then the response status code is "403" - And the API returns the error code "SIM_SWAP.INVALID_TOKEN_CONTEXT" - And the API returns a human readable error message - - - @retrieveSimSwapDate_E19.106_PhoneNumberNotProvidedAndAccessTokenDoesNotContainPhoneNumber - Scenario: Check that the response shows an error when phone number can not be deducted from access token and it is not provided in the request body - Given I want to test "retrieveSimSwapDate" - And a valid access_token - And the access token identifies the user - And the access token does not contain a phone number from the user - And the variable "[CONTEXT: phoneNumber]" is set to a phone number of the user - And the request body is set to: - """ - { - "phoneNumber": "" - } - """ - When I request "retrieveSimSwapDate" - Then the response status code is "403" - And the API returns the error code "SIM_SWAP.INVALID_TOKEN_CONTEXT" - And the API returns a human readable error message - - - # API Specific validations - - - @retrieveSimSwapDate_30.101_ValidSimSwap - Scenario: Check SIM swap date for a valid SIM swap - Given I want to test "retrieveSimSwapDate" for a user which have a phone number connected to the Operator's network - And a valid access_token - And the variable "[CONTEXT: phoneNumber]" is set to a phone number connected to the network - And the request body is set to: - """ - { - "phoneNumber": "[CONTEXT: phoneNumber]" - } - """ - When I request "retrieveSimSwapDate" - Then the response status code is "200" - And the response property "$.latestSimChange" is present - - - @retrieveSimSwapDate_30.102_NoSimSwap - Scenario: Check SIM swap date for a valid SIM swap - Given I want to test "retrieveSimSwapDate" for a user which have a phone number never connected to the Operator's network - And a valid access_token - And the variable "[CONTEXT: phoneNumber]" is set to a phone number never connected to the network - And the request body is set to: - """ - { - "phoneNumber": "[CONTEXT: phoneNumber]" - } - """ - When I request "retrieveSimSwapDate" - Then the response status code is "200" - And the response property "$.latestSimChange" is not present - +Feature: CAMARA SIM Swap API, 0.5.0 - Operation retrieveSimSwapDate + + # Input to be provided by the implementation to the tester + # + # Testing assets: + # + # References to OAS spec schemas refer to schemas specifies in sim_swap.yaml, version 0.5.0 + + Get timestamp of last MSISDN <-> IMSI pairing change for a mobile user account provided with MSIDN. + + Background: Common retrieveSimSwapDate setup + Given the resource "sim-swap/v0/retrieve-date" + And the header "Content-Type" is set to "application/json" + And the header "Authorization" is set to a valid access token + And the header "x-correlator" is set to a UUID value + And the request body is set by default to a request body compliant with the schema + + # This first scenario serves as a minimum, not testing any specific verificationResult + @retrieve_sim_swap_date_1_generic_success_scenario + Scenario: Common validations for any sucess scenario + Given the request body property "$.phoneNumber" is set to a valid testing phone number + When the request "retrieveSimSwapDate" is sent + Then the response status code is 200 + And the response header "Content-Type" is "application/json" + And the response header "x-correlator" has same value as the request header "x-correlator" + And the response body complies with the OAS schema at "/components/schemas/SimSwapInfo" + + + # Scenarios testing specific situations + + @retrieve_sim_swap_date_2_valid_sim_swap + Scenario: Check SIM swap date for a valid SIM swap + Given the request body property "$.phoneNumber" is set to a phone number connected to the Operator's network + When the request "retrieveSimSwapDate" is sent + Then the response status code is 200 + And the response property "$.latestSimChange" contains a valid timestamp + + @retrieve_sim_swap_date_3_no_sim_swap_returns_activation_date + Scenario: Response contains the sim's activation date when it hasn't been swapped + Given the request body property "$.phoneNumber" is set to a phone number connected to the Operator's network whose sim has never been swapped + When the request "retrieveSimSwapDate" is sent + Then the response status code is 200 + And the response property "$.latestSimChange" contains the sim's activation timestamp + + # This test applies if the operator allows to do the request for a sim that has never been connected to the network + @retrieve_sim_swap_date_4_sim_not_activated + Scenario: Check SIM swap date for a non-activated sim + Given the request body property "$.phoneNumber" is set to a phone number never connected to the Operator's network + When the request "retrieveSimSwapDate" is sent + Then the response status code is 200 + And the response property "$.latestSimChange" is null + + # This scenario applies when there is a local regulation with a time limitation on the information that can be returned + @retrieve_sim_swap_date_5_no_sim_swap_or_activation_date_due_to_legal_constrain + Scenario: Check SIM swap date for a valid SIM swap + Given the request body property "$.phoneNumber" is set to a valid testing phone number + When the request "retrieveSimSwapDate" is sent + Then the response status code is 200 + And the response property "$.latestSimChange" is null + + # Specific errors + + @retrieve_sim_swap_date_6_unknown_phone_number + Scenario: Check that the response shows an error when the phone number does not belong to the Operator + Given the request body property "$.phoneNumber" is set to a phone number that does not belong to the Operator + When the request "retrieveSimSwapDate" is sent + Then the response status code is 404 + And the response property "$.status" is 404 + And the response property "$.code" is "SIM_SWAP.UNKNOWN_PHONE_NUMBER" + And the response property "$.message" contains a user friendly text + + @retrieve_sim_swap_date_7_phone_number_provided_does_not_belong_to_the_user + Scenario: Error when provided phone number does not belong to the user + Given the request body property "$.phoneNumber" is set to a valid testing phoneNumber that does not belong to the user + And the header "Authorization" is set to a valid access token emitted for a different phone number + When the request "retrieveSimSwapDate" is sent + Then the response status code is 404 + And the response property "$.status" is 404 + And the response property "$.code" is "NOT_FOUND" + And the response property "$.message" contains a user friendly text + + @retrieve_sim_swap_date_8_phone_number_provided_does_not_match_the_token + Scenario: Error when the phone number provided in the request body belongs to the user but does not match the phone number asssociated with the access token + Given the request body property "$.phoneNumber" is set to a valid testing phoneNumber that belongs to the user but does not match the one associated with the token + And the header "Authorization" is set to a valid access token emitted for a different phone number + When the request "retrieveSimSwapDate" is sent + Then the response status code is 403 + And the response property "$.status" is 403 + And the response property "$.code" is "INVALID_TOKEN_CONTEXT" + And the response property "$.message" contains a user friendly text + + @retrieve_sim_swap_date_9_phone_number_provided_cannot_be_deducted_from_access_token + Scenario: Error when the phone number is provided in the request body but cannot be deducted from the access token + Given the request body property "$.phoneNumber" is set to a valid testing phoneNumber of the user + And the header "Authorization" is set to a valid access token from which the phone number cannot be deduced + When the request "retrieveSimSwapDate" is sent + Then the response status code is 403 + And the response property "$.status" is 403 + And the response property "$.code" is "INVALID_TOKEN_CONTEXT" + And the response property "$.message" contains a user friendly text + + @retrieve_sim_swap_date_10_phone_number_not_provided_and_cannot_be_deducted_from_access_token + Scenario: Error when phone number can not be deducted from access token and it is not provided in the request body + Given the header "Authorization" is set to a valid access token from which the phone number cannot be deduced + When the request "retrieveSimSwapDate" is sent + Then the response status code is 403 + And the response property "$.status" is 403 + And the response property "$.code" is "INVALID_TOKEN_CONTEXT" + And the response property "$.message" contains a user friendly text + + @retrieve_sim_swap_date_11_phone_number_conflict + Scenario: Check that the response shows an error when another request is created for the same phoneNumber + Given the request body property "$.phoneNumber" is set to a valid testing phone number + And the header "Authorization" is set to a valid access token emitted + And another request is created for the same phoneNumber + When the request "retrieveSimSwapDate" is sent + Then the response status code is "409" + And the response property "$.status" is 409 + And the response property "$.code" is "CONFLICT" + And the response property "$.message" contains a user friendly text + + # Generic 401 errors + + @retrieve_sim_swap_date_401.1_no_authorization_header + Scenario: No Authorization header + Given the header "Authorization" is removed + And the request body is set to a valid request body + When the request "retrieveSimSwapDate" is sent + Then the response status code is 401 + And the response property "$.status" is 401 + And the response property "$.code" is "UNAUTHENTICATED" + And the response property "$.message" contains a user friendly text + + @retrieve_sim_swap_date_401.2_expired_access_token + Scenario: Expired access token + Given the header "Authorization" is set to an expired access token + And the request body is set to a valid request body + When the request "retrieveSimSwapDate" is sent + Then the response status code is 401 + And the response property "$.status" is 401 + And the response property "$.code" is "UNAUTHENTICATED" + And the response property "$.message" contains a user friendly text + + @retrieve_sim_swap_date_401.3_invalid_access_token + Scenario: Invalid access token + Given the header "Authorization" is set to an invalid access token + And the request body is set to a valid request body + When the request "retrieveSimSwapDate" is sent + Then the response status code is 401 + And the response property "$.status" is 401 + And the response property "$.code" is "UNAUTHENTICATED" + And the response property "$.message" contains a user friendly text + + # Generic 400 errors + + @retrieve_sim_swap_date_4_invalid_phone_number + Scenario: Check that the response shows an error when the phone number is invalid + Given the request body property "$.phoneNumber" does not comply with the OAS schema at "/components/schemas/PhoneNumber" + When the request "retrieveSimSwapDate" is sent + Then the response status code is 400 + And the response property "$.status" is 400 + And the response property "$.code" is "INVALID_ARGUMENT" + And the response property "$.message" contains a user friendly text From c72087204e4cd0acaa3da9fb46c1c6f9efb9c909 Mon Sep 17 00:00:00 2001 From: Fernando Prado Date: Wed, 24 Jul 2024 17:47:21 +0200 Subject: [PATCH 6/8] update test cases --- code/Test_definitions/checkSimSwap.feature | 32 +++++++++---------- .../retrieveSimSwapDate.feature | 23 ++++--------- 2 files changed, 21 insertions(+), 34 deletions(-) diff --git a/code/Test_definitions/checkSimSwap.feature b/code/Test_definitions/checkSimSwap.feature index 64b538f..345a0c2 100644 --- a/code/Test_definitions/checkSimSwap.feature +++ b/code/Test_definitions/checkSimSwap.feature @@ -73,13 +73,13 @@ Feature: CAMARA SIM Swap API, 0.5.0 - Operation checkSimSwap # Specific errors - @check_sim_swap_7_unknown_phone_number - Scenario: Error when the phone number does not belong to the Operator - Given the request body property "$.phoneNumber" is set to a phone number that does not belong to the Operator + @check_sim_swap_7_phone_number_not_supported + Scenario: Error when the service is not supported for the provided phone number + Given the request body property "$.phoneNumber" is set to a phone number for which the service is not available When the request "checkSimSwap" is sent - Then the response status code is 404 - And the response property "$.status" is 404 - And the response property "$.code" is "SIM_SWAP.UNKNOWN_PHONE_NUMBER" + Then the response status code is 422 + And the response property "$.status" is 422 + And the response property "$.code" is "NOT_SUPPORTED" And the response property "$.message" contains a user friendly text @check_sim_swap_8_phone_number_provided_does_not_belong_to_the_user @@ -121,17 +121,6 @@ Feature: CAMARA SIM Swap API, 0.5.0 - Operation checkSimSwap And the response property "$.code" is "INVALID_TOKEN_CONTEXT" And the response property "$.message" contains a user friendly text - @check_sim_swap_12_phone_number_conflict - Scenario: Error when another request is created for the same phoneNumber - Given the request body property "$.phoneNumber" is set to a valid testing phoneNumber - And the header "Authorization" is set to a valid access token emitted - And another request is created for the same phoneNumber - When the request "checkSimSwap" is sent - Then the response status code is 409 - And the response property "$.status" is 409 - And the response property "$.code" is "CONFLICT" - And the response property "$.message" contains a user friendly text - # Generic 401 errors @check_sim_swap_401.1_no_authorization_header @@ -174,3 +163,12 @@ Feature: CAMARA SIM Swap API, 0.5.0 - Operation checkSimSwap And the response property "$.status" is 400 And the response property "$.code" is "INVALID_ARGUMENT" And the response property "$.message" contains a user friendly text + + @check_sim_swap_400.2_invalid_max_age + Scenario: Check that the response shows an error when the max age is invalid + Given the request body property "$.maxAge" does not comply with the OAS schema at "/components/schemas/CreateCheckSimSwap" + When the request "checkSimSwap" is sent + Then the response status code is 400 + And the response property "$.status" is 400 + And the response property "$.code" is "INVALID_ARGUMENT" + And the response property "$.message" contains a user friendly text diff --git a/code/Test_definitions/retrieveSimSwapDate.feature b/code/Test_definitions/retrieveSimSwapDate.feature index b1e287f..1158503 100644 --- a/code/Test_definitions/retrieveSimSwapDate.feature +++ b/code/Test_definitions/retrieveSimSwapDate.feature @@ -60,13 +60,13 @@ Feature: CAMARA SIM Swap API, 0.5.0 - Operation retrieveSimSwapDate # Specific errors - @retrieve_sim_swap_date_6_unknown_phone_number - Scenario: Check that the response shows an error when the phone number does not belong to the Operator - Given the request body property "$.phoneNumber" is set to a phone number that does not belong to the Operator + @retrieve_sim_swap_date_6_phone_number_not_supported + Scenario: Error when the service is not supported for the provided phone number + Given the request body property "$.phoneNumber" is set to a phone number for which the service is not available When the request "retrieveSimSwapDate" is sent - Then the response status code is 404 - And the response property "$.status" is 404 - And the response property "$.code" is "SIM_SWAP.UNKNOWN_PHONE_NUMBER" + Then the response status code is 422 + And the response property "$.status" is 422 + And the response property "$.code" is "NOT_SUPPORTED" And the response property "$.message" contains a user friendly text @retrieve_sim_swap_date_7_phone_number_provided_does_not_belong_to_the_user @@ -108,17 +108,6 @@ Feature: CAMARA SIM Swap API, 0.5.0 - Operation retrieveSimSwapDate And the response property "$.code" is "INVALID_TOKEN_CONTEXT" And the response property "$.message" contains a user friendly text - @retrieve_sim_swap_date_11_phone_number_conflict - Scenario: Check that the response shows an error when another request is created for the same phoneNumber - Given the request body property "$.phoneNumber" is set to a valid testing phone number - And the header "Authorization" is set to a valid access token emitted - And another request is created for the same phoneNumber - When the request "retrieveSimSwapDate" is sent - Then the response status code is "409" - And the response property "$.status" is 409 - And the response property "$.code" is "CONFLICT" - And the response property "$.message" contains a user friendly text - # Generic 401 errors @retrieve_sim_swap_date_401.1_no_authorization_header From ab5cccd5ffb641e1927821ba2a12e14a048d68ae Mon Sep 17 00:00:00 2001 From: Fernando Prado Date: Wed, 31 Jul 2024 15:49:58 +0200 Subject: [PATCH 7/8] update scenarios --- code/Test_definitions/checkSimSwap.feature | 48 +++++++---------- .../retrieveSimSwapDate.feature | 54 +++++++++---------- 2 files changed, 46 insertions(+), 56 deletions(-) diff --git a/code/Test_definitions/checkSimSwap.feature b/code/Test_definitions/checkSimSwap.feature index 345a0c2..873b487 100644 --- a/code/Test_definitions/checkSimSwap.feature +++ b/code/Test_definitions/checkSimSwap.feature @@ -1,10 +1,10 @@ -Feature: CAMARA SIM Swap API, 0.5.0 - Operation checkSimSwap +Feature: CAMARA SIM Swap API, 1.0.0 - Operation checkSimSwap # Input to be provided by the implementation to the tester # # Testing assets: # - # References to OAS spec schemas refer to schemas specifies in sim_swap.yaml, version 0.5.0 + # References to OAS spec schemas refer to schemas specifies in sim_swap.yaml, version 1.0.0 check if SIM swap has been performed during a past period @@ -19,7 +19,7 @@ Feature: CAMARA SIM Swap API, 0.5.0 - Operation checkSimSwap # This first scenario serves as a minimum, not testing any specific verificationResult @check_sim_swap_1_generic_success_scenario Scenario: Common validations for any sucess scenario - Given the request body property "$.phoneNumber" is set to a valid testing phoneNumber + Given the request header "Authorization" is set to a valid access token from which a valid testing phoneNumber can be deducted When the request "checkSimSwap" is sent Then the response status code is 200 And the response header "Content-Type" is "application/json" @@ -30,14 +30,14 @@ Feature: CAMARA SIM Swap API, 0.5.0 - Operation checkSimSwap @check_sim_swap_2_valid_sim_swap_no_max_age Scenario: Check that the response shows that the SIM has been swapped - Given the request body property "$.phoneNumber" is set to a phone number connected to the Operator's network that has been swapped in the last 240 hours + Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network that has been swapped in the last 240 hours can be deducted When the request "checkSimSwap" is sent Then the response status code is 200 And the value of response property "$.swapped" == true @check_sim_swap_3_valid_sim_swap_max_age Scenario Outline: Check that the response shows that the SIM has been swapped - Given the request body property "$.phoneNumber" is set to a phone number connected to the Operator's network that has been swapped in the last "" hours, where "" is equal or less than provided "maxAge" request body parameter + Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network that has been swapped in the last "" hours, where "" is equal or less than provided "maxAge" request body parameter can be deducted When the request "checkSimSwap" is sent Then the response status code is 200 And the value of response property "$.swapped" == true @@ -51,22 +51,22 @@ Feature: CAMARA SIM Swap API, 0.5.0 - Operation checkSimSwap @check_sim_swap_4_more_than_240_hours Scenario: Check that the response shows that the SIM has not been swapped when the last swap was more than 240 hours ago - Given the request body property "$.phoneNumber" is set to a phone number connected to the Operator's network that has been swapped more than 240 hours ago + Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network that has been swapped more than 240 hours ago can be deducted When the request "checkSimSwap" is sent Then the response status code is 200 And the value of response property "$.swapped" == false @check_sim_swap_5_out_of_max_age Scenario: Check that the response shows that the SIM has not been swapped when the last swap was before the maxAge field - Given the request body property "$.maxAge" is set to the number of hours since the last SIM swap minus 1 - And the request body property "$.phoneNumber" is set to a phone number connected to the network whose last SIM swap was more than "$.maxAge" hours ago + Given the request header "Authorization" is set to a valid access token from which a phone number connected to the network whose last SIM swap was more than "$.maxAge" hours ago can be deducted + And the request body property "$.maxAge" is set to the number of hours since the last SIM swap minus 1 When the request "checkSimSwap" is sent Then the response status code is 200 And the value of response property "$.swapped" == false @check_sim_swap_6_no_sim_swap Scenario: Check that the response shows that the SIM has not been swapped - Given the request body property "$.phoneNumber" is set to a phone number with a SIM that has never been swapped + Given the request header "Authorization" is set to a valid access token from which a phone number with a SIM that has never been swapped can be deducted When the request "checkSimSwap" is sent Then the response status code is 200 And the value of response property "$.swapped" == false @@ -82,19 +82,9 @@ Feature: CAMARA SIM Swap API, 0.5.0 - Operation checkSimSwap And the response property "$.code" is "NOT_SUPPORTED" And the response property "$.message" contains a user friendly text - @check_sim_swap_8_phone_number_provided_does_not_belong_to_the_user - Scenario: Error when provided phone number does not belong to the user - Given the request body property "$.phoneNumber" is set to a valid testing phoneNumber that does not belong to the user - And the header "Authorization" is set to a valid access token emitted for a different phone number - When the request "checkSimSwap" is sent - Then the response status code is 404 - And the response property "$.status" is 404 - And the response property "$.code" is "NOT_FOUND" - And the response property "$.message" contains a user friendly text - - @check_sim_swap_9_phone_number_provided_does_not_match_the_token - Scenario: Error when the phone number provided in the request body belongs to the user but does not match the phone number asssociated with the access token - Given the request body property "$.phoneNumber" is set to a valid testing phoneNumber that belongs to the user but does not match the one associated with the token + @check_sim_swap_8_phone_number_provided_does_not_match_the_token + Scenario: Error when the phone number provided in the request body does not match the phone number asssociated with the access token + Given the request body property "$.phoneNumber" is set to a valid testing phoneNumber does not match the one associated with the token And the header "Authorization" is set to a valid access token When the request "checkSimSwap" is sent Then the response status code is 403 @@ -102,23 +92,23 @@ Feature: CAMARA SIM Swap API, 0.5.0 - Operation checkSimSwap And the response property "$.code" is "INVALID_TOKEN_CONTEXT" And the response property "$.message" contains a user friendly text - @check_sim_swap_10_phone_number_provided_cannot_be_deducted_from_access_token + @check_sim_swap_9_phone_number_provided_cannot_be_deducted_from_access_token Scenario: Error when the phone number is provided in the request body but cannot be deducted from the access token Given the request body property "$.phoneNumber" is set to a valid testing phoneNumber of the user - And the header "Authorization" is set to a valid access token from which the phone number cannot be deduced + And the header "Authorization" is set to a valid access token from which the phone number cannot be deducted When the request "checkSimSwap" is sent Then the response status code is 403 And the response property "$.status" is 403 And the response property "$.code" is "INVALID_TOKEN_CONTEXT" And the response property "$.message" contains a user friendly text - @check_sim_swap_11_phone_number_not_provided_and_cannot_be_deducted_from_access_token + @check_sim_swap_10_phone_number_not_provided_and_cannot_be_deducted_from_access_token Scenario: Error when phone number can not be deducted from access token and it is not provided in the request body - Given the header "Authorization" is set to a valid access token from which the phone number cannot be deduced + Given the header "Authorization" is set to a valid access token from which the phone number cannot be deducted When the request "checkSimSwap" is sent - Then the response status code is 403 - And the response property "$.status" is 403 - And the response property "$.code" is "INVALID_TOKEN_CONTEXT" + Then the response status code is 422 + And the response property "$.status" is 422 + And the response property "$.code" is "UNIDENTIFIABLE_PHONE_NUMBER" And the response property "$.message" contains a user friendly text # Generic 401 errors diff --git a/code/Test_definitions/retrieveSimSwapDate.feature b/code/Test_definitions/retrieveSimSwapDate.feature index 1158503..9430643 100644 --- a/code/Test_definitions/retrieveSimSwapDate.feature +++ b/code/Test_definitions/retrieveSimSwapDate.feature @@ -1,10 +1,10 @@ -Feature: CAMARA SIM Swap API, 0.5.0 - Operation retrieveSimSwapDate +Feature: CAMARA SIM Swap API, 1.0.0 - Operation retrieveSimSwapDate # Input to be provided by the implementation to the tester # # Testing assets: # - # References to OAS spec schemas refer to schemas specifies in sim_swap.yaml, version 0.5.0 + # References to OAS spec schemas refer to schemas specifies in sim_swap.yaml, version 1.0.0 Get timestamp of last MSISDN <-> IMSI pairing change for a mobile user account provided with MSIDN. @@ -18,7 +18,7 @@ Feature: CAMARA SIM Swap API, 0.5.0 - Operation retrieveSimSwapDate # This first scenario serves as a minimum, not testing any specific verificationResult @retrieve_sim_swap_date_1_generic_success_scenario Scenario: Common validations for any sucess scenario - Given the request body property "$.phoneNumber" is set to a valid testing phone number + Given the request header "Authorization" is set to a valid access token from which a testing phone number When the request "retrieveSimSwapDate" is sent Then the response status code is 200 And the response header "Content-Type" is "application/json" @@ -29,31 +29,32 @@ Feature: CAMARA SIM Swap API, 0.5.0 - Operation retrieveSimSwapDate # Scenarios testing specific situations @retrieve_sim_swap_date_2_valid_sim_swap - Scenario: Check SIM swap date for a valid SIM swap - Given the request body property "$.phoneNumber" is set to a phone number connected to the Operator's network + Scenario: Retrieve SIM swap date for a valid SIM swap + Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network can be deducted When the request "retrieveSimSwapDate" is sent Then the response status code is 200 And the response property "$.latestSimChange" contains a valid timestamp + # This scenario applies for operators which do not limit the "monitoring history" @retrieve_sim_swap_date_3_no_sim_swap_returns_activation_date Scenario: Response contains the sim's activation date when it hasn't been swapped - Given the request body property "$.phoneNumber" is set to a phone number connected to the Operator's network whose sim has never been swapped + Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network whose sim has never been swapped can be deducted When the request "retrieveSimSwapDate" is sent Then the response status code is 200 And the response property "$.latestSimChange" contains the sim's activation timestamp # This test applies if the operator allows to do the request for a sim that has never been connected to the network @retrieve_sim_swap_date_4_sim_not_activated - Scenario: Check SIM swap date for a non-activated sim - Given the request body property "$.phoneNumber" is set to a phone number never connected to the Operator's network + Scenario: Retrieves SIM swap date for a non-activated sim + Given the request header "Authorization" is set to a valid access token from which a phone number never connected to the Operator's network can be deducted When the request "retrieveSimSwapDate" is sent Then the response status code is 200 And the response property "$.latestSimChange" is null # This scenario applies when there is a local regulation with a time limitation on the information that can be returned @retrieve_sim_swap_date_5_no_sim_swap_or_activation_date_due_to_legal_constrain - Scenario: Check SIM swap date for a valid SIM swap - Given the request body property "$.phoneNumber" is set to a valid testing phone number + Scenario: Retrieves SIM swap date for a valid SIM swap + Given the request header "Authorization" is set to a valid access token from which a valid testing phone number for which a SimSwap event happened before the limited history window threshold can be deducted When the request "retrieveSimSwapDate" is sent Then the response status code is 200 And the response property "$.latestSimChange" is null @@ -69,19 +70,9 @@ Feature: CAMARA SIM Swap API, 0.5.0 - Operation retrieveSimSwapDate And the response property "$.code" is "NOT_SUPPORTED" And the response property "$.message" contains a user friendly text - @retrieve_sim_swap_date_7_phone_number_provided_does_not_belong_to_the_user - Scenario: Error when provided phone number does not belong to the user - Given the request body property "$.phoneNumber" is set to a valid testing phoneNumber that does not belong to the user - And the header "Authorization" is set to a valid access token emitted for a different phone number - When the request "retrieveSimSwapDate" is sent - Then the response status code is 404 - And the response property "$.status" is 404 - And the response property "$.code" is "NOT_FOUND" - And the response property "$.message" contains a user friendly text - - @retrieve_sim_swap_date_8_phone_number_provided_does_not_match_the_token - Scenario: Error when the phone number provided in the request body belongs to the user but does not match the phone number asssociated with the access token - Given the request body property "$.phoneNumber" is set to a valid testing phoneNumber that belongs to the user but does not match the one associated with the token + @retrieve_sim_swap_date_7_phone_number_provided_does_not_match_the_token + Scenario: Error when the phone number provided in the request body does not match the phone number asssociated with the access token + Given the request body property "$.phoneNumber" is set to a valid testing phoneNumber that does not match the one associated with the token And the header "Authorization" is set to a valid access token emitted for a different phone number When the request "retrieveSimSwapDate" is sent Then the response status code is 403 @@ -89,25 +80,34 @@ Feature: CAMARA SIM Swap API, 0.5.0 - Operation retrieveSimSwapDate And the response property "$.code" is "INVALID_TOKEN_CONTEXT" And the response property "$.message" contains a user friendly text - @retrieve_sim_swap_date_9_phone_number_provided_cannot_be_deducted_from_access_token + @retrieve_sim_swap_date_8_phone_number_provided_cannot_be_deducted_from_access_token Scenario: Error when the phone number is provided in the request body but cannot be deducted from the access token Given the request body property "$.phoneNumber" is set to a valid testing phoneNumber of the user - And the header "Authorization" is set to a valid access token from which the phone number cannot be deduced + And the header "Authorization" is set to a valid access token from which the phone number cannot be deducted When the request "retrieveSimSwapDate" is sent Then the response status code is 403 And the response property "$.status" is 403 And the response property "$.code" is "INVALID_TOKEN_CONTEXT" And the response property "$.message" contains a user friendly text - @retrieve_sim_swap_date_10_phone_number_not_provided_and_cannot_be_deducted_from_access_token + @retrieve_sim_swap_date_9_phone_number_not_provided_and_cannot_be_deducted_from_access_token Scenario: Error when phone number can not be deducted from access token and it is not provided in the request body - Given the header "Authorization" is set to a valid access token from which the phone number cannot be deduced + Given the header "Authorization" is set to a valid access token from which the phone number cannot be deducted When the request "retrieveSimSwapDate" is sent Then the response status code is 403 And the response property "$.status" is 403 And the response property "$.code" is "INVALID_TOKEN_CONTEXT" And the response property "$.message" contains a user friendly text + @retrieve_sim_swap_date_10_phone_number_not_provided_and_cannot_be_deducted_from_access_token + Scenario: Error when phone number can not be deducted from access token and it is not provided in the request body + Given the header "Authorization" is set to a valid access token from which the phone number cannot be deducted + When the request "retrieveSimSwapDate" is sent + Then the response status code is 422 + And the response property "$.status" is 422 + And the response property "$.code" is "UNIDENTIFIABLE_PHONE_NUMBER" + And the response property "$.message" contains a user friendly text + # Generic 401 errors @retrieve_sim_swap_date_401.1_no_authorization_header From afb2a03a380869f071e9f158dcbd54a5e7e55b44 Mon Sep 17 00:00:00 2001 From: Fernando Prado Date: Thu, 1 Aug 2024 16:06:21 +0200 Subject: [PATCH 8/8] rephrase GIven conditions to improve readability --- code/Test_definitions/checkSimSwap.feature | 20 ++++++++++++------- .../retrieveSimSwapDate.feature | 20 +++++++------------ 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/code/Test_definitions/checkSimSwap.feature b/code/Test_definitions/checkSimSwap.feature index 873b487..41db871 100644 --- a/code/Test_definitions/checkSimSwap.feature +++ b/code/Test_definitions/checkSimSwap.feature @@ -30,14 +30,17 @@ Feature: CAMARA SIM Swap API, 1.0.0 - Operation checkSimSwap @check_sim_swap_2_valid_sim_swap_no_max_age Scenario: Check that the response shows that the SIM has been swapped - Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network that has been swapped in the last 240 hours can be deducted + Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network can be deducted + And the SIM for this phone number has been swapped in the last 240 hours When the request "checkSimSwap" is sent Then the response status code is 200 And the value of response property "$.swapped" == true @check_sim_swap_3_valid_sim_swap_max_age Scenario Outline: Check that the response shows that the SIM has been swapped - Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network that has been swapped in the last "" hours, where "" is equal or less than provided "maxAge" request body parameter can be deducted + Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network can be deducted + And the SIM for this phone number has been swapped in the last "" + And the "maxAge" request body property is set to a value equal or greater than "" within the allowed range When the request "checkSimSwap" is sent Then the response status code is 200 And the value of response property "$.swapped" == true @@ -51,22 +54,25 @@ Feature: CAMARA SIM Swap API, 1.0.0 - Operation checkSimSwap @check_sim_swap_4_more_than_240_hours Scenario: Check that the response shows that the SIM has not been swapped when the last swap was more than 240 hours ago - Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network that has been swapped more than 240 hours ago can be deducted + Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network can be deducted + And the SIM for this phone number has been swapped more than 240 hours ago When the request "checkSimSwap" is sent Then the response status code is 200 And the value of response property "$.swapped" == false @check_sim_swap_5_out_of_max_age Scenario: Check that the response shows that the SIM has not been swapped when the last swap was before the maxAge field - Given the request header "Authorization" is set to a valid access token from which a phone number connected to the network whose last SIM swap was more than "$.maxAge" hours ago can be deducted - And the request body property "$.maxAge" is set to the number of hours since the last SIM swap minus 1 + Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network can be deducted + And the request body property "maxAge" is set to the number of hours since the last SIM swap minus 1 + And the last swap for this phone number's SIM was more than "maxAge" hours ago When the request "checkSimSwap" is sent Then the response status code is 200 And the value of response property "$.swapped" == false @check_sim_swap_6_no_sim_swap Scenario: Check that the response shows that the SIM has not been swapped - Given the request header "Authorization" is set to a valid access token from which a phone number with a SIM that has never been swapped can be deducted + Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network can be deducted + And the SIM for this phone number has never been swapped When the request "checkSimSwap" is sent Then the response status code is 200 And the value of response property "$.swapped" == false @@ -84,7 +90,7 @@ Feature: CAMARA SIM Swap API, 1.0.0 - Operation checkSimSwap @check_sim_swap_8_phone_number_provided_does_not_match_the_token Scenario: Error when the phone number provided in the request body does not match the phone number asssociated with the access token - Given the request body property "$.phoneNumber" is set to a valid testing phoneNumber does not match the one associated with the token + Given the request body property "$.phoneNumber" is set to a valid testing phoneNumber that does not match the one associated with the token And the header "Authorization" is set to a valid access token When the request "checkSimSwap" is sent Then the response status code is 403 diff --git a/code/Test_definitions/retrieveSimSwapDate.feature b/code/Test_definitions/retrieveSimSwapDate.feature index 9430643..a70daee 100644 --- a/code/Test_definitions/retrieveSimSwapDate.feature +++ b/code/Test_definitions/retrieveSimSwapDate.feature @@ -6,7 +6,7 @@ Feature: CAMARA SIM Swap API, 1.0.0 - Operation retrieveSimSwapDate # # References to OAS spec schemas refer to schemas specifies in sim_swap.yaml, version 1.0.0 - Get timestamp of last MSISDN <-> IMSI pairing change for a mobile user account provided with MSIDN. + Get timestamp of last MSISDN <-> IMSI pairing change for the provided phone number. Background: Common retrieveSimSwapDate setup Given the resource "sim-swap/v0/retrieve-date" @@ -18,7 +18,7 @@ Feature: CAMARA SIM Swap API, 1.0.0 - Operation retrieveSimSwapDate # This first scenario serves as a minimum, not testing any specific verificationResult @retrieve_sim_swap_date_1_generic_success_scenario Scenario: Common validations for any sucess scenario - Given the request header "Authorization" is set to a valid access token from which a testing phone number + Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network can be deducted When the request "retrieveSimSwapDate" is sent Then the response status code is 200 And the response header "Content-Type" is "application/json" @@ -31,6 +31,7 @@ Feature: CAMARA SIM Swap API, 1.0.0 - Operation retrieveSimSwapDate @retrieve_sim_swap_date_2_valid_sim_swap Scenario: Retrieve SIM swap date for a valid SIM swap Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network can be deducted + And the SIM for this phone number has been swapped When the request "retrieveSimSwapDate" is sent Then the response status code is 200 And the response property "$.latestSimChange" contains a valid timestamp @@ -38,7 +39,8 @@ Feature: CAMARA SIM Swap API, 1.0.0 - Operation retrieveSimSwapDate # This scenario applies for operators which do not limit the "monitoring history" @retrieve_sim_swap_date_3_no_sim_swap_returns_activation_date Scenario: Response contains the sim's activation date when it hasn't been swapped - Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network whose sim has never been swapped can be deducted + Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network can be deducted + And the SIM for this phone number has never been swapped When the request "retrieveSimSwapDate" is sent Then the response status code is 200 And the response property "$.latestSimChange" contains the sim's activation timestamp @@ -54,7 +56,8 @@ Feature: CAMARA SIM Swap API, 1.0.0 - Operation retrieveSimSwapDate # This scenario applies when there is a local regulation with a time limitation on the information that can be returned @retrieve_sim_swap_date_5_no_sim_swap_or_activation_date_due_to_legal_constrain Scenario: Retrieves SIM swap date for a valid SIM swap - Given the request header "Authorization" is set to a valid access token from which a valid testing phone number for which a SimSwap event happened before the limited history window threshold can be deducted + Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network can be deducted + And the SIM for this phone number has been swapped before the limited history window threshold When the request "retrieveSimSwapDate" is sent Then the response status code is 200 And the response property "$.latestSimChange" is null @@ -91,15 +94,6 @@ Feature: CAMARA SIM Swap API, 1.0.0 - Operation retrieveSimSwapDate And the response property "$.message" contains a user friendly text @retrieve_sim_swap_date_9_phone_number_not_provided_and_cannot_be_deducted_from_access_token - Scenario: Error when phone number can not be deducted from access token and it is not provided in the request body - Given the header "Authorization" is set to a valid access token from which the phone number cannot be deducted - When the request "retrieveSimSwapDate" is sent - Then the response status code is 403 - And the response property "$.status" is 403 - And the response property "$.code" is "INVALID_TOKEN_CONTEXT" - And the response property "$.message" contains a user friendly text - - @retrieve_sim_swap_date_10_phone_number_not_provided_and_cannot_be_deducted_from_access_token Scenario: Error when phone number can not be deducted from access token and it is not provided in the request body Given the header "Authorization" is set to a valid access token from which the phone number cannot be deducted When the request "retrieveSimSwapDate" is sent