Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Telefonica test cases proposal #70

Merged
merged 9 commits into from
Aug 21, 2024
Merged

Telefonica test cases proposal #70

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
c2b2c47
initial proposal
fernandopradocabrillo Nov 8, 2023
4b64570
include 403 invalid token context test cases
fernandopradocabrillo Nov 16, 2023
16a686c
remove version date temporary
fernandopradocabrillo Nov 16, 2023
e1f7dbb
fix scenario
fernandopradocabrillo Nov 20, 2023
d463d55
Merge branch 'main' of https://github.com/fernandopradocabrillo/SimSw…
fernandopradocabrillo Jun 26, 2024
fca89f2
include test cases with commonalities format
fernandopradocabrillo Jun 26, 2024
c720872
update test cases
fernandopradocabrillo Jul 24, 2024
ab5cccd
update scenarios
fernandopradocabrillo Jul 31, 2024
afb2a03
rephrase GIven conditions to improve readability
fernandopradocabrillo Aug 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
170 changes: 170 additions & 0 deletions code/Test_definitions/checkSimSwap.feature
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,170 @@
Feature: CAMARA SIM Swap API, 1.0.0 - Operation checkSimSwap

# Input to be provided by the implementation to the tester
#
# Testing assets:
#
# References to OAS spec schemas refer to schemas specifies in sim_swap.yaml, version 1.0.0

check if SIM swap has been performed during a past period

Background: Common checkSimSwap setup
Given the resource "sim-swap/v0/check"
And the header "Content-Type" is set to "application/json"
And the header "Authorization" is set to a valid access token
And the header "x-correlator" is set to a UUID value
And the request body is set by default to a request body compliant with the schema


# This first scenario serves as a minimum, not testing any specific verificationResult
@check_sim_swap_1_generic_success_scenario
Scenario: Common validations for any sucess scenario
Given the request header "Authorization" is set to a valid access token from which a valid testing phoneNumber can be deducted
When the request "checkSimSwap" is sent
Then the response status code is 200
And the response header "Content-Type" is "application/json"
And the response header "x-correlator" has same value as the request header "x-correlator"
And the response body complies with the OAS schema at "/components/schemas/CheckSimSwapInfo"

# Scenarios testing specific situations

@check_sim_swap_2_valid_sim_swap_no_max_age
Scenario: Check that the response shows that the SIM has been swapped
Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network can be deducted
And the SIM for this phone number has been swapped in the last 240 hours
When the request "checkSimSwap" is sent
Then the response status code is 200
And the value of response property "$.swapped" == true

@check_sim_swap_3_valid_sim_swap_max_age
Scenario Outline: Check that the response shows that the SIM has been swapped
Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network can be deducted
And the SIM for this phone number has been swapped in the last "<hours>"
And the "maxAge" request body property is set to a value equal or greater than "<hours>" within the allowed range
When the request "checkSimSwap" is sent
Then the response status code is 200
And the value of response property "$.swapped" == true

Examples:
| hours |
| 260 |
| 120 |
| 24 |
| 12 |

@check_sim_swap_4_more_than_240_hours
Scenario: Check that the response shows that the SIM has not been swapped when the last swap was more than 240 hours ago
Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network can be deducted
And the SIM for this phone number has been swapped more than 240 hours ago
When the request "checkSimSwap" is sent
Then the response status code is 200
And the value of response property "$.swapped" == false

@check_sim_swap_5_out_of_max_age
Scenario: Check that the response shows that the SIM has not been swapped when the last swap was before the maxAge field
Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network can be deducted
And the request body property "maxAge" is set to the number of hours since the last SIM swap minus 1
And the last swap for this phone number's SIM was more than "maxAge" hours ago
When the request "checkSimSwap" is sent
Then the response status code is 200
And the value of response property "$.swapped" == false

@check_sim_swap_6_no_sim_swap
Scenario: Check that the response shows that the SIM has not been swapped
Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network can be deducted
And the SIM for this phone number has never been swapped
When the request "checkSimSwap" is sent
Then the response status code is 200
And the value of response property "$.swapped" == false

# Specific errors

@check_sim_swap_7_phone_number_not_supported
Scenario: Error when the service is not supported for the provided phone number
Given the request body property "$.phoneNumber" is set to a phone number for which the service is not available
When the request "checkSimSwap" is sent
Then the response status code is 422
And the response property "$.status" is 422
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Aren't these error returns depends on the deployment architecture? For e.g. when the service is not supported for the phone number, my ID server may not even issue an access token and can return either 401 or 403. Should we have a list of possible error codes?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, we have face a similar situation with one of the test cases above. I think this is something we'll have to discuss and decide how we can approach it.
For example, for us in Telefónica, we can differenciate if a phone number belongs to a suscriptor and return a different error when the provided phone number doesn't belong to the user associated to the token.
Maybe you can open an issue and we can discuss there, but it won't be part of this release I believe.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We also encountered similar scenario during GSMA certification test run as these test cases form the basis of the interoperability tests. I agree, this may not be something that can be done in this release and it may be applicable to other APIs as well. I will raise an issue here first - it can be tracked for the next release 👍🏼

And the response property "$.code" is "NOT_SUPPORTED"
And the response property "$.message" contains a user friendly text

@check_sim_swap_8_phone_number_provided_does_not_match_the_token
Scenario: Error when the phone number provided in the request body does not match the phone number asssociated with the access token
Given the request body property "$.phoneNumber" is set to a valid testing phoneNumber that does not match the one associated with the token
And the header "Authorization" is set to a valid access token
When the request "checkSimSwap" is sent
Then the response status code is 403
And the response property "$.status" is 403
And the response property "$.code" is "INVALID_TOKEN_CONTEXT"
And the response property "$.message" contains a user friendly text

@check_sim_swap_9_phone_number_provided_cannot_be_deducted_from_access_token
Scenario: Error when the phone number is provided in the request body but cannot be deducted from the access token
Given the request body property "$.phoneNumber" is set to a valid testing phoneNumber of the user
And the header "Authorization" is set to a valid access token from which the phone number cannot be deducted
When the request "checkSimSwap" is sent
Then the response status code is 403
And the response property "$.status" is 403
And the response property "$.code" is "INVALID_TOKEN_CONTEXT"
And the response property "$.message" contains a user friendly text

@check_sim_swap_10_phone_number_not_provided_and_cannot_be_deducted_from_access_token
Scenario: Error when phone number can not be deducted from access token and it is not provided in the request body
Given the header "Authorization" is set to a valid access token from which the phone number cannot be deducted
When the request "checkSimSwap" is sent
Then the response status code is 422
And the response property "$.status" is 422
And the response property "$.code" is "UNIDENTIFIABLE_PHONE_NUMBER"
And the response property "$.message" contains a user friendly text

# Generic 401 errors

@check_sim_swap_401.1_no_authorization_header
Scenario: No Authorization header
Given the header "Authorization" is removed
And the request body is set to a valid request body
When the request "checkSimSwap" is sent
Then the response status code is "401"
And the response property "$.status" is 401
And the response property "$.code" is "UNAUTHENTICATED"
And the response property "$.message" contains a user friendly text

@check_sim_swap_401.2_expired_access_token
Scenario: Expired access token
Given the header "Authorization" is set to an expired access token
And the request body is set to a valid request body
When the request "checkSimSwap" is sent
Then the response status code is "401"
And the response property "$.status" is 401
And the response property "$.code" is "UNAUTHENTICATED"
bigludo7 marked this conversation as resolved.
Show resolved Hide resolved
And the response property "$.message" contains a user friendly text

@check_sim_swap_401.3_invalid_access_token
Scenario: Invalid access token
Given the header "Authorization" is set to an invalid access token
And the request body is set to a valid request body
When the request "checkSimSwap" is sent
Then the response status code is "401"
And the response property "$.status" is 401
And the response property "$.code" is "UNAUTHENTICATED"
And the response property "$.message" contains a user friendly text

# Generic 400 errors

@check_sim_swap_400.1_invalid_phone_number
Scenario: Check that the response shows an error when the phone number is invalid
Given the request body property "$.phoneNumber" does not comply with the OAS schema at "/components/schemas/PhoneNumber"
When the request "checkSimSwap" is sent
Then the response status code is 400
And the response property "$.status" is 400
And the response property "$.code" is "INVALID_ARGUMENT"
And the response property "$.message" contains a user friendly text
fernandopradocabrillo marked this conversation as resolved.
Show resolved Hide resolved

@check_sim_swap_400.2_invalid_max_age
fernandopradocabrillo marked this conversation as resolved.
Show resolved Hide resolved
Scenario: Check that the response shows an error when the max age is invalid
Given the request body property "$.maxAge" does not comply with the OAS schema at "/components/schemas/CreateCheckSimSwap"
When the request "checkSimSwap" is sent
Then the response status code is 400
And the response property "$.status" is 400
And the response property "$.code" is "INVALID_ARGUMENT"
And the response property "$.message" contains a user friendly text
146 changes: 146 additions & 0 deletions code/Test_definitions/retrieveSimSwapDate.feature
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,146 @@
Feature: CAMARA SIM Swap API, 1.0.0 - Operation retrieveSimSwapDate

# Input to be provided by the implementation to the tester
#
# Testing assets:
#
# References to OAS spec schemas refer to schemas specifies in sim_swap.yaml, version 1.0.0

Get timestamp of last MSISDN <-> IMSI pairing change for the provided phone number.

Background: Common retrieveSimSwapDate setup
Given the resource "sim-swap/v0/retrieve-date"
And the header "Content-Type" is set to "application/json"
And the header "Authorization" is set to a valid access token
And the header "x-correlator" is set to a UUID value
And the request body is set by default to a request body compliant with the schema

# This first scenario serves as a minimum, not testing any specific verificationResult
@retrieve_sim_swap_date_1_generic_success_scenario
Scenario: Common validations for any sucess scenario
Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network can be deducted
When the request "retrieveSimSwapDate" is sent
Then the response status code is 200
And the response header "Content-Type" is "application/json"
And the response header "x-correlator" has same value as the request header "x-correlator"
And the response body complies with the OAS schema at "/components/schemas/SimSwapInfo"


# Scenarios testing specific situations

@retrieve_sim_swap_date_2_valid_sim_swap
Scenario: Retrieve SIM swap date for a valid SIM swap
Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network can be deducted
And the SIM for this phone number has been swapped
When the request "retrieveSimSwapDate" is sent
Then the response status code is 200
And the response property "$.latestSimChange" contains a valid timestamp

# This scenario applies for operators which do not limit the "monitoring history"
@retrieve_sim_swap_date_3_no_sim_swap_returns_activation_date

This comment was marked as resolved.

Sign in to view

Scenario: Response contains the sim's activation date when it hasn't been swapped
Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network can be deducted
And the SIM for this phone number has never been swapped
When the request "retrieveSimSwapDate" is sent
Then the response status code is 200
And the response property "$.latestSimChange" contains the sim's activation timestamp

# This test applies if the operator allows to do the request for a sim that has never been connected to the network
@retrieve_sim_swap_date_4_sim_not_activated
Scenario: Retrieves SIM swap date for a non-activated sim
Given the request header "Authorization" is set to a valid access token from which a phone number never connected to the Operator's network can be deducted
When the request "retrieveSimSwapDate" is sent
Then the response status code is 200
And the response property "$.latestSimChange" is null

# This scenario applies when there is a local regulation with a time limitation on the information that can be returned
@retrieve_sim_swap_date_5_no_sim_swap_or_activation_date_due_to_legal_constrain
Scenario: Retrieves SIM swap date for a valid SIM swap
Given the request header "Authorization" is set to a valid access token from which a phone number connected to the Operator's network can be deducted
And the SIM for this phone number has been swapped before the limited history window threshold
When the request "retrieveSimSwapDate" is sent
Then the response status code is 200
And the response property "$.latestSimChange" is null

# Specific errors

@retrieve_sim_swap_date_6_phone_number_not_supported
Scenario: Error when the service is not supported for the provided phone number
Given the request body property "$.phoneNumber" is set to a phone number for which the service is not available
When the request "retrieveSimSwapDate" is sent
Then the response status code is 422
And the response property "$.status" is 422
And the response property "$.code" is "NOT_SUPPORTED"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder how we can standardise the usage of code values across implementations? Here we have chosen NOT_SUPPORTED but the spec does not mandate this (it provides only generic error definitions with no specific values - only examples). I can't remember why we chose this approach. This applies to other CAMARA APIs too.

Also Commonalities seems to recommend the below error code
image

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The use of examples is something that comes from the beginning of CAMARA, it is the same in all APIs, I also agree it should be included as generic definition and not only examples.

Regarding the error, we haven't use that one since it only applies to APIs that use the device object. There is an agreement in Commonalities to use the NOT_SUPPORTED error. It is stated for example in this commonalities PR. Probably also in the meeting minutes.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@fernandopradocabrillo Thanks for the references 👍🏼

And the response property "$.message" contains a user friendly text

@retrieve_sim_swap_date_7_phone_number_provided_does_not_match_the_token
Scenario: Error when the phone number provided in the request body does not match the phone number asssociated with the access token
Given the request body property "$.phoneNumber" is set to a valid testing phoneNumber that does not match the one associated with the token
And the header "Authorization" is set to a valid access token emitted for a different phone number
When the request "retrieveSimSwapDate" is sent
Then the response status code is 403
And the response property "$.status" is 403
And the response property "$.code" is "INVALID_TOKEN_CONTEXT"
And the response property "$.message" contains a user friendly text

@retrieve_sim_swap_date_8_phone_number_provided_cannot_be_deducted_from_access_token
Scenario: Error when the phone number is provided in the request body but cannot be deducted from the access token
Given the request body property "$.phoneNumber" is set to a valid testing phoneNumber of the user
And the header "Authorization" is set to a valid access token from which the phone number cannot be deducted
When the request "retrieveSimSwapDate" is sent
Then the response status code is 403
And the response property "$.status" is 403
And the response property "$.code" is "INVALID_TOKEN_CONTEXT"
And the response property "$.message" contains a user friendly text

@retrieve_sim_swap_date_9_phone_number_not_provided_and_cannot_be_deducted_from_access_token
Scenario: Error when phone number can not be deducted from access token and it is not provided in the request body
Given the header "Authorization" is set to a valid access token from which the phone number cannot be deducted
When the request "retrieveSimSwapDate" is sent
Then the response status code is 422
And the response property "$.status" is 422
And the response property "$.code" is "UNIDENTIFIABLE_PHONE_NUMBER"
And the response property "$.message" contains a user friendly text

# Generic 401 errors

@retrieve_sim_swap_date_401.1_no_authorization_header
Scenario: No Authorization header
Given the header "Authorization" is removed
And the request body is set to a valid request body
When the request "retrieveSimSwapDate" is sent
Then the response status code is 401
And the response property "$.status" is 401
And the response property "$.code" is "UNAUTHENTICATED"
And the response property "$.message" contains a user friendly text

@retrieve_sim_swap_date_401.2_expired_access_token
Scenario: Expired access token
Given the header "Authorization" is set to an expired access token
And the request body is set to a valid request body
When the request "retrieveSimSwapDate" is sent
Then the response status code is 401
And the response property "$.status" is 401
And the response property "$.code" is "UNAUTHENTICATED"
bigludo7 marked this conversation as resolved.
Show resolved Hide resolved
And the response property "$.message" contains a user friendly text

@retrieve_sim_swap_date_401.3_invalid_access_token
Scenario: Invalid access token
Given the header "Authorization" is set to an invalid access token
And the request body is set to a valid request body
When the request "retrieveSimSwapDate" is sent
Then the response status code is 401
And the response property "$.status" is 401
And the response property "$.code" is "UNAUTHENTICATED"
And the response property "$.message" contains a user friendly text

# Generic 400 errors

@retrieve_sim_swap_date_4_invalid_phone_number
Scenario: Check that the response shows an error when the phone number is invalid
Given the request body property "$.phoneNumber" does not comply with the OAS schema at "/components/schemas/PhoneNumber"
When the request "retrieveSimSwapDate" is sent
Then the response status code is 400
And the response property "$.status" is 400
And the response property "$.code" is "INVALID_ARGUMENT"
And the response property "$.message" contains a user friendly text