Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Telefonica test cases proposal #70

164 changes: 164 additions & 0 deletions code/Test_definitions/checkSimSwap.feature
Original file line number Diff line number Diff line change
@@ -0,0 +1,164 @@
Feature: CAMARA SIM Swap API, 1.0.0 - Operation checkSimSwap

# Input to be provided by the implementation to the tester
#
# Testing assets:
#
# References to OAS spec schemas refer to schemas specifies in sim_swap.yaml, version 1.0.0

check if SIM swap has been performed during a past period

Background: Common checkSimSwap setup
Given the resource "sim-swap/v0/check"
And the header "Content-Type" is set to "application/json"
And the header "Authorization" is set to a valid access token
And the header "x-correlator" is set to a UUID value
And the request body is set by default to a request body compliant with the schema


# This first scenario serves as a minimum, not testing any specific verificationResult
@check_sim_swap_1_generic_success_scenario
Scenario: Common validations for any sucess scenario
Given the request header "Authorization" is set to a valid access token from which a valid testing phoneNumber can be deducted
When the request "checkSimSwap" is sent
Then the response status code is 200
And the response header "Content-Type" is "application/json"
And the response header "x-correlator" has same value as the request header "x-correlator"
And the response body complies with the OAS schema at "/components/schemas/CheckSimSwapInfo"

# Scenarios testing specific situations

@check_sim_swap_2_valid_sim_swap_no_max_age
Scenario: Check that the response shows that the SIM has been swapped
Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network that has been swapped in the last 240 hours can be deducted
When the request "checkSimSwap" is sent
Then the response status code is 200
And the value of response property "$.swapped" == true

@check_sim_swap_3_valid_sim_swap_max_age
Scenario Outline: Check that the response shows that the SIM has been swapped
Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network that has been swapped in the last "<hours>" hours, where "<hours>" is equal or less than provided "maxAge" request body parameter can be deducted
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it possible to split tis very long "given" into more "standard" parts like:
Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network can be deducted
AND $.maxAge is set to "X"
AND SIM for this phone number was swapped in the last "X" hours

@check_sim_swap_5_out_of_max_age is rather close to this already

Similar suggestion for other use cases where "given" combines multiple conditions

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agree, I have split all the success scenarios into different steps, hope it is better now

When the request "checkSimSwap" is sent
Then the response status code is 200
And the value of response property "$.swapped" == true

Examples:
| hours |
| 260 |
| 120 |
| 24 |
| 12 |

@check_sim_swap_4_more_than_240_hours
Scenario: Check that the response shows that the SIM has not been swapped when the last swap was more than 240 hours ago
Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network that has been swapped more than 240 hours ago can be deducted
When the request "checkSimSwap" is sent
Then the response status code is 200
And the value of response property "$.swapped" == false

@check_sim_swap_5_out_of_max_age
Scenario: Check that the response shows that the SIM has not been swapped when the last swap was before the maxAge field
Given the request header "Authorization" is set to a valid access token from which a phone number connected to the network whose last SIM swap was more than "$.maxAge" hours ago can be deducted
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion: extract "swap was more than X" in a separate AND condition. And put it after the "maxAge is set" condition to simplify reading. Like:
Given phoneNumber is here
and maxAge is set like ....
and swap was at maxAge+1 ago.

Currently we say:

  1. swap was more than $.maxAge hoursAgo
  2. $.maxAge is set to to swap -1
    so we define maxAge via simswap time, and at the same time we define simswap time via maxAge,

And the request body property "$.maxAge" is set to the number of hours since the last SIM swap minus 1
When the request "checkSimSwap" is sent
Then the response status code is 200
And the value of response property "$.swapped" == false

@check_sim_swap_6_no_sim_swap
Scenario: Check that the response shows that the SIM has not been swapped
Given the request header "Authorization" is set to a valid access token from which a phone number with a SIM that has never been swapped can be deducted
When the request "checkSimSwap" is sent
Then the response status code is 200
And the value of response property "$.swapped" == false

# Specific errors

@check_sim_swap_7_phone_number_not_supported
Scenario: Error when the service is not supported for the provided phone number
Given the request body property "$.phoneNumber" is set to a phone number for which the service is not available
When the request "checkSimSwap" is sent
Then the response status code is 422
And the response property "$.status" is 422
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Aren't these error returns depends on the deployment architecture? For e.g. when the service is not supported for the phone number, my ID server may not even issue an access token and can return either 401 or 403. Should we have a list of possible error codes?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, we have face a similar situation with one of the test cases above. I think this is something we'll have to discuss and decide how we can approach it.
For example, for us in Telefónica, we can differenciate if a phone number belongs to a suscriptor and return a different error when the provided phone number doesn't belong to the user associated to the token.
Maybe you can open an issue and we can discuss there, but it won't be part of this release I believe.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We also encountered similar scenario during GSMA certification test run as these test cases form the basis of the interoperability tests. I agree, this may not be something that can be done in this release and it may be applicable to other APIs as well. I will raise an issue here first - it can be tracked for the next release 👍🏼

And the response property "$.code" is "NOT_SUPPORTED"
And the response property "$.message" contains a user friendly text

@check_sim_swap_8_phone_number_provided_does_not_match_the_token
Scenario: Error when the phone number provided in the request body does not match the phone number asssociated with the access token
Given the request body property "$.phoneNumber" is set to a valid testing phoneNumber does not match the one associated with the token
And the header "Authorization" is set to a valid access token
When the request "checkSimSwap" is sent
Then the response status code is 403
And the response property "$.status" is 403
And the response property "$.code" is "INVALID_TOKEN_CONTEXT"
And the response property "$.message" contains a user friendly text

@check_sim_swap_9_phone_number_provided_cannot_be_deducted_from_access_token
Scenario: Error when the phone number is provided in the request body but cannot be deducted from the access token
Given the request body property "$.phoneNumber" is set to a valid testing phoneNumber of the user
And the header "Authorization" is set to a valid access token from which the phone number cannot be deducted
When the request "checkSimSwap" is sent
Then the response status code is 403
And the response property "$.status" is 403
And the response property "$.code" is "INVALID_TOKEN_CONTEXT"
And the response property "$.message" contains a user friendly text

@check_sim_swap_10_phone_number_not_provided_and_cannot_be_deducted_from_access_token
Scenario: Error when phone number can not be deducted from access token and it is not provided in the request body
Given the header "Authorization" is set to a valid access token from which the phone number cannot be deducted
When the request "checkSimSwap" is sent
Then the response status code is 422
And the response property "$.status" is 422
And the response property "$.code" is "UNIDENTIFIABLE_PHONE_NUMBER"
And the response property "$.message" contains a user friendly text

# Generic 401 errors

@check_sim_swap_401.1_no_authorization_header
Scenario: No Authorization header
Given the header "Authorization" is removed
And the request body is set to a valid request body
When the request "checkSimSwap" is sent
Then the response status code is "401"
And the response property "$.status" is 401
And the response property "$.code" is "UNAUTHENTICATED"
And the response property "$.message" contains a user friendly text

@check_sim_swap_401.2_expired_access_token
Scenario: Expired access token
Given the header "Authorization" is set to an expired access token
And the request body is set to a valid request body
When the request "checkSimSwap" is sent
Then the response status code is "401"
And the response property "$.status" is 401
And the response property "$.code" is "UNAUTHENTICATED"
bigludo7 marked this conversation as resolved.
Show resolved Hide resolved
And the response property "$.message" contains a user friendly text

@check_sim_swap_401.3_invalid_access_token
Scenario: Invalid access token
Given the header "Authorization" is set to an invalid access token
And the request body is set to a valid request body
When the request "checkSimSwap" is sent
Then the response status code is "401"
And the response property "$.status" is 401
And the response property "$.code" is "UNAUTHENTICATED"
And the response property "$.message" contains a user friendly text

# Generic 400 errors

@check_sim_swap_400.1_invalid_phone_number
Scenario: Check that the response shows an error when the phone number is invalid
Given the request body property "$.phoneNumber" does not comply with the OAS schema at "/components/schemas/PhoneNumber"
When the request "checkSimSwap" is sent
Then the response status code is 400
And the response property "$.status" is 400
And the response property "$.code" is "INVALID_ARGUMENT"
And the response property "$.message" contains a user friendly text
fernandopradocabrillo marked this conversation as resolved.
Show resolved Hide resolved

@check_sim_swap_400.2_invalid_max_age
fernandopradocabrillo marked this conversation as resolved.
Show resolved Hide resolved
Scenario: Check that the response shows an error when the max age is invalid
Given the request body property "$.maxAge" does not comply with the OAS schema at "/components/schemas/CreateCheckSimSwap"
When the request "checkSimSwap" is sent
Then the response status code is 400
And the response property "$.status" is 400
And the response property "$.code" is "INVALID_ARGUMENT"
And the response property "$.message" contains a user friendly text
152 changes: 152 additions & 0 deletions code/Test_definitions/retrieveSimSwapDate.feature
Original file line number Diff line number Diff line change
@@ -0,0 +1,152 @@
Feature: CAMARA SIM Swap API, 1.0.0 - Operation retrieveSimSwapDate

# Input to be provided by the implementation to the tester
#
# Testing assets:
#
# References to OAS spec schemas refer to schemas specifies in sim_swap.yaml, version 1.0.0

Get timestamp of last MSISDN <-> IMSI pairing change for a mobile user account provided with MSIDN.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks a bit misleading: we do not user user accounts in camara
Suggestion:
Get timestamp of last MSISDN <-> IMSI pairing change for the provided phone number.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I basically used the endpoint description. I don't see any problem in changing it to the one you proposed.
We can update the description in the yaml in the future


Background: Common retrieveSimSwapDate setup
Given the resource "sim-swap/v0/retrieve-date"
And the header "Content-Type" is set to "application/json"
And the header "Authorization" is set to a valid access token
And the header "x-correlator" is set to a UUID value
And the request body is set by default to a request body compliant with the schema

# This first scenario serves as a minimum, not testing any specific verificationResult
@retrieve_sim_swap_date_1_generic_success_scenario
Scenario: Common validations for any sucess scenario
Given the request header "Authorization" is set to a valid access token from which a testing phone number
When the request "retrieveSimSwapDate" is sent
Then the response status code is 200
And the response header "Content-Type" is "application/json"
And the response header "x-correlator" has same value as the request header "x-correlator"
And the response body complies with the OAS schema at "/components/schemas/SimSwapInfo"


# Scenarios testing specific situations

@retrieve_sim_swap_date_2_valid_sim_swap
Scenario: Retrieve SIM swap date for a valid SIM swap
Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network can be deducted
When the request "retrieveSimSwapDate" is sent
Then the response status code is 200
And the response property "$.latestSimChange" contains a valid timestamp

# This scenario applies for operators which do not limit the "monitoring history"
@retrieve_sim_swap_date_3_no_sim_swap_returns_activation_date

This comment was marked as resolved.

Scenario: Response contains the sim's activation date when it hasn't been swapped
Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network whose sim has never been swapped can be deducted
When the request "retrieveSimSwapDate" is sent
Then the response status code is 200
And the response property "$.latestSimChange" contains the sim's activation timestamp

# This test applies if the operator allows to do the request for a sim that has never been connected to the network
@retrieve_sim_swap_date_4_sim_not_activated
Scenario: Retrieves SIM swap date for a non-activated sim
Given the request header "Authorization" is set to a valid access token from which a phone number never connected to the Operator's network can be deducted
When the request "retrieveSimSwapDate" is sent
Then the response status code is 200
And the response property "$.latestSimChange" is null

# This scenario applies when there is a local regulation with a time limitation on the information that can be returned
@retrieve_sim_swap_date_5_no_sim_swap_or_activation_date_due_to_legal_constrain
Scenario: Retrieves SIM swap date for a valid SIM swap
Given the request header "Authorization" is set to a valid access token from which a valid testing phone number for which a SimSwap event happened before the limited history window threshold can be deducted
When the request "retrieveSimSwapDate" is sent
Then the response status code is 200
And the response property "$.latestSimChange" is null

# Specific errors

@retrieve_sim_swap_date_6_phone_number_not_supported
Scenario: Error when the service is not supported for the provided phone number
Given the request body property "$.phoneNumber" is set to a phone number for which the service is not available
When the request "retrieveSimSwapDate" is sent
Then the response status code is 422
And the response property "$.status" is 422
And the response property "$.code" is "NOT_SUPPORTED"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder how we can standardise the usage of code values across implementations? Here we have chosen NOT_SUPPORTED but the spec does not mandate this (it provides only generic error definitions with no specific values - only examples). I can't remember why we chose this approach. This applies to other CAMARA APIs too.

Also Commonalities seems to recommend the below error code
image

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The use of examples is something that comes from the beginning of CAMARA, it is the same in all APIs, I also agree it should be included as generic definition and not only examples.

Regarding the error, we haven't use that one since it only applies to APIs that use the device object. There is an agreement in Commonalities to use the NOT_SUPPORTED error. It is stated for example in this commonalities PR. Probably also in the meeting minutes.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@fernandopradocabrillo Thanks for the references 👍🏼

And the response property "$.message" contains a user friendly text

@retrieve_sim_swap_date_7_phone_number_provided_does_not_match_the_token
Scenario: Error when the phone number provided in the request body does not match the phone number asssociated with the access token
Given the request body property "$.phoneNumber" is set to a valid testing phoneNumber that does not match the one associated with the token
And the header "Authorization" is set to a valid access token emitted for a different phone number
When the request "retrieveSimSwapDate" is sent
Then the response status code is 403
And the response property "$.status" is 403
And the response property "$.code" is "INVALID_TOKEN_CONTEXT"
And the response property "$.message" contains a user friendly text

@retrieve_sim_swap_date_8_phone_number_provided_cannot_be_deducted_from_access_token
Scenario: Error when the phone number is provided in the request body but cannot be deducted from the access token
Given the request body property "$.phoneNumber" is set to a valid testing phoneNumber of the user
And the header "Authorization" is set to a valid access token from which the phone number cannot be deducted
When the request "retrieveSimSwapDate" is sent
Then the response status code is 403
And the response property "$.status" is 403
And the response property "$.code" is "INVALID_TOKEN_CONTEXT"
And the response property "$.message" contains a user friendly text

@retrieve_sim_swap_date_9_phone_number_not_provided_and_cannot_be_deducted_from_access_token
Scenario: Error when phone number can not be deducted from access token and it is not provided in the request body
Given the header "Authorization" is set to a valid access token from which the phone number cannot be deducted
When the request "retrieveSimSwapDate" is sent
Then the response status code is 403
And the response property "$.status" is 403
And the response property "$.code" is "INVALID_TOKEN_CONTEXT"
And the response property "$.message" contains a user friendly text

@retrieve_sim_swap_date_10_phone_number_not_provided_and_cannot_be_deducted_from_access_token
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

conditions looks identical to @retrieve_sim_swap_date_9_phone_number_not_provided_and_cannot_be_deducted_from_access_token, but the response is different.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

totally, I forgot to remove the old one, fixed!

Scenario: Error when phone number can not be deducted from access token and it is not provided in the request body
Given the header "Authorization" is set to a valid access token from which the phone number cannot be deducted
When the request "retrieveSimSwapDate" is sent
Then the response status code is 422
And the response property "$.status" is 422
And the response property "$.code" is "UNIDENTIFIABLE_PHONE_NUMBER"
And the response property "$.message" contains a user friendly text

# Generic 401 errors

@retrieve_sim_swap_date_401.1_no_authorization_header
Scenario: No Authorization header
Given the header "Authorization" is removed
And the request body is set to a valid request body
When the request "retrieveSimSwapDate" is sent
Then the response status code is 401
And the response property "$.status" is 401
And the response property "$.code" is "UNAUTHENTICATED"
And the response property "$.message" contains a user friendly text

@retrieve_sim_swap_date_401.2_expired_access_token
Scenario: Expired access token
Given the header "Authorization" is set to an expired access token
And the request body is set to a valid request body
When the request "retrieveSimSwapDate" is sent
Then the response status code is 401
And the response property "$.status" is 401
And the response property "$.code" is "UNAUTHENTICATED"
bigludo7 marked this conversation as resolved.
Show resolved Hide resolved
And the response property "$.message" contains a user friendly text

@retrieve_sim_swap_date_401.3_invalid_access_token
Scenario: Invalid access token
Given the header "Authorization" is set to an invalid access token
And the request body is set to a valid request body
When the request "retrieveSimSwapDate" is sent
Then the response status code is 401
And the response property "$.status" is 401
And the response property "$.code" is "UNAUTHENTICATED"
And the response property "$.message" contains a user friendly text

# Generic 400 errors

@retrieve_sim_swap_date_4_invalid_phone_number
Scenario: Check that the response shows an error when the phone number is invalid
Given the request body property "$.phoneNumber" does not comply with the OAS schema at "/components/schemas/PhoneNumber"
When the request "retrieveSimSwapDate" is sent
Then the response status code is 400
And the response property "$.status" is 400
And the response property "$.code" is "INVALID_ARGUMENT"
And the response property "$.message" contains a user friendly text