From 9c05433c86d92ead1dcf6c6ee6504c21c9aca3e5 Mon Sep 17 00:00:00 2001 From: Ludovic Robert <30499179+bigludo7@users.noreply.github.com> Date: Mon, 20 Nov 2023 16:08:33 +0100 Subject: [PATCH 1/8] Add Test Definition for location Retrieval In order to prepare a release candidate added Test Definition for location Retrieval --- .../LocationRetrieval.feature | 83 +++++++++++++++++++ 1 file changed, 83 insertions(+) create mode 100644 code/Test_definitions/LocationRetrieval.feature diff --git a/code/Test_definitions/LocationRetrieval.feature b/code/Test_definitions/LocationRetrieval.feature new file mode 100644 index 00000000..5ac4c8b0 --- /dev/null +++ b/code/Test_definitions/LocationRetrieval.feature @@ -0,0 +1,83 @@ +Feature: Get a device location (POST /retrieve) + + @Test_Retrieve_location_not_by_ipv4Address + Scenario: Get the location of a device + Given a valid device identified by a + And a provided maxAge of 80 seconds + When a retrieve device location request is made + Then the response status code should be 200 + And the response body should provide a valid area + + Examples: + | deviceIdentifierName | deviceIdentifierValue | + | phoneNumber | +34666111333 | + | networkAccessIdentifier | 123456789@domain.com | + | ipv6Address | 2001:db8:85a3:8d3:1319:8a2e:370:7344 | + + + @Test_Retrieve_location_by_ipv4Address + Scenario: Get the location of a device + Given a valid device identified by a + And a provided maxAge of 80 seconds + When a retrieve device location request is made + Then the response status code should be 200 + And the response body should provide a valid area + + Examples: + | publicAddress | privateAddress | publicPort | + | 84.125.93.10 | null | 59765 | + | 84.125.93.10 | 84.125.93.10 | null | + + + @Test_Retrieve_location_Invalid_MaxAge + Scenario: Input an invalid maxAge value (less than 60) + Given a valid device identified with phoneNumber +34666111333 + When a retrieve request is made with a valid maxAge parameter of 59 + Then the response status code should be 400 + And the response body should contain an error message indicating an invalid argument + + + @Test_Retrieve_location_Missing_MaxAge + Scenario: Input did not feature a maxAge + Given a valid device identified with phoneNumber +34666111333 + When a retrieve request is made without a maxAge parameter + Then the response status code should be 400 + And the response body should contain an error message indicating an invalid argument + + + @Test_Missing_Device_Identifier + Scenario: Perform a request without a device identifier + When a Check SimSwap request is made without a deviceIdentifier + Then the response status code should be 400 + And the response should contain an error message indicating a missing field + + + @Test_Unknown_Device_Identifier + Scenario: Input an unknown device identifier + Given a device identified by +33999999999 + When a retrieve request is made + Then the response status code should be 404 + And the response should contain an error message indicating that the specified resource is not found + + + @Test_Unauthorized_Request + Scenario: Perform an unauthorized request + Given that the requester is unauthorized + When a retrieve request is made + Then the response status code should be 401 + And the response should contain an error message indicating unauthorized access + + + @Test_Inconsistency_Access_Token_Payload + Scenario: Perform an request + Given the phoneNumber +33666111333 is retrieved from the authentification step + And the phoneNumber is provided in the body + And a provided maxAge of 80 seconds + When a retrieve request is made + Then the response status code should be > + + Examples + | bodyPhoneNumber| code | + | null | 200 | + | +33666111333 | 200 | + | +33666111339 | 401 | \ No newline at end of file From 2efcf50a83c638ab64390ef993da702afcf6dc97 Mon Sep 17 00:00:00 2001 From: Ludovic Robert <30499179+bigludo7@users.noreply.github.com> Date: Fri, 12 Jan 2024 14:23:09 +0100 Subject: [PATCH 2/8] Update LocationRetrieval.feature Update following https://github.com/camaraproject/Commonalities/pull/117 proposal. --- .../Test_definitions/LocationRetrieval.feature | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/code/Test_definitions/LocationRetrieval.feature b/code/Test_definitions/LocationRetrieval.feature index 5ac4c8b0..3cdabf28 100644 --- a/code/Test_definitions/LocationRetrieval.feature +++ b/code/Test_definitions/LocationRetrieval.feature @@ -1,6 +1,6 @@ Feature: Get a device location (POST /retrieve) - @Test_Retrieve_location_not_by_ipv4Address + @location_retrieval_01_by_phoneNumber_or_ipv4Address_or_networkAccessIdentifier Scenario: Get the location of a device Given a valid device identified by a And a provided maxAge of 80 seconds @@ -15,7 +15,7 @@ Feature: Get a device location (POST /retrieve) | ipv6Address | 2001:db8:85a3:8d3:1319:8a2e:370:7344 | - @Test_Retrieve_location_by_ipv4Address + @location_retrieval_02_by_ipv4Address Scenario: Get the location of a device Given a valid device identified by a And a provided maxAge of 80 seconds @@ -29,7 +29,7 @@ Feature: Get a device location (POST /retrieve) | 84.125.93.10 | 84.125.93.10 | null | - @Test_Retrieve_location_Invalid_MaxAge + @location_retrieval_03_Invalid_MaxAge Scenario: Input an invalid maxAge value (less than 60) Given a valid device identified with phoneNumber +34666111333 When a retrieve request is made with a valid maxAge parameter of 59 @@ -37,7 +37,7 @@ Feature: Get a device location (POST /retrieve) And the response body should contain an error message indicating an invalid argument - @Test_Retrieve_location_Missing_MaxAge + @location_retrieval_04_Missing_MaxAge Scenario: Input did not feature a maxAge Given a valid device identified with phoneNumber +34666111333 When a retrieve request is made without a maxAge parameter @@ -45,14 +45,14 @@ Feature: Get a device location (POST /retrieve) And the response body should contain an error message indicating an invalid argument - @Test_Missing_Device_Identifier + @location_retrieval_05_Missing_Device_Identifier Scenario: Perform a request without a device identifier When a Check SimSwap request is made without a deviceIdentifier Then the response status code should be 400 And the response should contain an error message indicating a missing field - @Test_Unknown_Device_Identifier + @location_retrieval_06_Unknown_Device_Identifier Scenario: Input an unknown device identifier Given a device identified by +33999999999 When a retrieve request is made @@ -60,7 +60,7 @@ Feature: Get a device location (POST /retrieve) And the response should contain an error message indicating that the specified resource is not found - @Test_Unauthorized_Request + @location_retrieval_07_Unauthorized_Request Scenario: Perform an unauthorized request Given that the requester is unauthorized When a retrieve request is made @@ -68,7 +68,7 @@ Feature: Get a device location (POST /retrieve) And the response should contain an error message indicating unauthorized access - @Test_Inconsistency_Access_Token_Payload + @location_retrieval_08_Inconsistency_Access_Token_Payload Scenario: Perform an request Given the phoneNumber +33666111333 is retrieved from the authentification step And the phoneNumber is provided in the body @@ -80,4 +80,4 @@ Feature: Get a device location (POST /retrieve) | bodyPhoneNumber| code | | null | 200 | | +33666111333 | 200 | - | +33666111339 | 401 | \ No newline at end of file + | +33666111339 | 401 | From 54a2986dcaee0c3ffc01d1e87b7026e03bb88e52 Mon Sep 17 00:00:00 2001 From: Ludovic Robert <30499179+bigludo7@users.noreply.github.com> Date: Fri, 26 Jan 2024 15:28:15 +0100 Subject: [PATCH 3/8] Update LocationRetrieval.feature Fixed after Cetin review + added a TC to differentiate unauthenticated from unauthorized + added error code for rainy scenario. --- .../LocationRetrieval.feature | 65 ++++++++++++------- 1 file changed, 41 insertions(+), 24 deletions(-) diff --git a/code/Test_definitions/LocationRetrieval.feature b/code/Test_definitions/LocationRetrieval.feature index 3cdabf28..f60680e5 100644 --- a/code/Test_definitions/LocationRetrieval.feature +++ b/code/Test_definitions/LocationRetrieval.feature @@ -29,55 +29,72 @@ Feature: Get a device location (POST /retrieve) | 84.125.93.10 | 84.125.93.10 | null | - @location_retrieval_03_Invalid_MaxAge - Scenario: Input an invalid maxAge value (less than 60) - Given a valid device identified with phoneNumber +34666111333 - When a retrieve request is made with a valid maxAge parameter of 59 - Then the response status code should be 400 - And the response body should contain an error message indicating an invalid argument - - - @location_retrieval_04_Missing_MaxAge + @location_retrieval_03_Missing_MaxAge Scenario: Input did not feature a maxAge Given a valid device identified with phoneNumber +34666111333 When a retrieve request is made without a maxAge parameter + Then the response status code should be 200 + And the response body should provide a valid area + + + @location_retrieval_04_unretrieval_Device + Scenario: Device location cannot be returned + Given a device switch off for more than 100 seconds identified with phoneNumber +34666111333 + When a provided maxAge of 80 seconds Then the response status code should be 400 - And the response body should contain an error message indicating an invalid argument + And the response should contain error code 'LOCATION_RETRIEVAL.MAXAGE_INVALID_ARGUMENT' - @location_retrieval_05_Missing_Device_Identifier + @location_retrieval_05_Invalid_MaxAge + Scenario: Input an invalid maxAge value (less than 60) + Given a valid device identified with phoneNumber +34666111333 + When a retrieve request is made with a valid maxAge parameter of 59 + Then the response status code should be 400 + And the response should contain error code 'INVALID_ARGUMENT' + + + @location_retrieval_06_Missing_Device_Identifier Scenario: Perform a request without a device identifier When a Check SimSwap request is made without a deviceIdentifier Then the response status code should be 400 - And the response should contain an error message indicating a missing field + And the response should contain error code 'INVALID_ARGUMENT' - @location_retrieval_06_Unknown_Device_Identifier + @location_retrieval_07_Unknown_Device_Identifier Scenario: Input an unknown device identifier Given a device identified by +33999999999 When a retrieve request is made Then the response status code should be 404 - And the response should contain an error message indicating that the specified resource is not found + And the response should contain error code 'NOT_FOUND' - @location_retrieval_07_Unauthorized_Request - Scenario: Perform an unauthorized request - Given that the requester is unauthorized + @location_retrieval_08_Unauthenticated_Request + Scenario: Perform an unauthenticated request + Given that the requester is not authenticated When a retrieve request is made Then the response status code should be 401 - And the response should contain an error message indicating unauthorized access + And the response should contain error code 'UNAUTHENTICATED' + + + @location_retrieval_09_Unauthorized_Request + Scenario: Perform an unauthorized request + Given that the requester is authenticated but not authorized for this API + When a retrieve request is made + Then the response status code should be 403 + And the response should contain error code 'PERMISSION_DENIED' + - @location_retrieval_08_Inconsistency_Access_Token_Payload + @location_retrieval_010_Inconsistency_Access_Token_Payload Scenario: Perform an request Given the phoneNumber +33666111333 is retrieved from the authentification step And the phoneNumber is provided in the body And a provided maxAge of 80 seconds When a retrieve request is made - Then the response status code should be > + Then the response status code should be <> and > Examples - | bodyPhoneNumber| code | - | null | 200 | - | +33666111333 | 200 | - | +33666111339 | 401 | + | bodyPhoneNumber| status | code | + | null | 200 | OK | + | +33666111333 | 200 | OK | + | +33666111339 | 403 | 'PERMISSION_DENIED' | From 4189b356e198a2f7132bad5de12382e3a06eeebe Mon Sep 17 00:00:00 2001 From: Ludovic Robert <30499179+bigludo7@users.noreply.github.com> Date: Fri, 2 Feb 2024 17:54:41 +0100 Subject: [PATCH 4/8] Update code/Test_definitions/LocationRetrieval.feature Co-authored-by: Jose Luis Urien --- code/Test_definitions/LocationRetrieval.feature | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/code/Test_definitions/LocationRetrieval.feature b/code/Test_definitions/LocationRetrieval.feature index f60680e5..691af989 100644 --- a/code/Test_definitions/LocationRetrieval.feature +++ b/code/Test_definitions/LocationRetrieval.feature @@ -2,7 +2,17 @@ Feature: Get a device location (POST /retrieve) @location_retrieval_01_by_phoneNumber_or_ipv4Address_or_networkAccessIdentifier Scenario: Get the location of a device - Given a valid device identified by a + Given a device identified by a at a well known location + And the body parameter "maxAge" is set to 80 + When the operation "retrieveLocation" is requested + Then the response status code is 200 + And the response body should provide the area where the device is located + + Examples: + | deviceIdentifierName | + | phoneNumber | + | networkAccessIdentifier | + | ipv6Address | And a provided maxAge of 80 seconds When a retrieve device location request is made Then the response status code should be 200 From 4aa4d28e7e218b0522e01494a467f75fd3b28045 Mon Sep 17 00:00:00 2001 From: Ludovic Robert <30499179+bigludo7@users.noreply.github.com> Date: Tue, 4 Jun 2024 12:12:34 +0200 Subject: [PATCH 5/8] Update and rename LocationRetrieval.feature to Location-Retrieval.feature --- .../Location-Retrieval.feature | 270 ++++++++++++++++++ .../LocationRetrieval.feature | 110 ------- 2 files changed, 270 insertions(+), 110 deletions(-) create mode 100644 code/Test_definitions/Location-Retrieval.feature delete mode 100644 code/Test_definitions/LocationRetrieval.feature diff --git a/code/Test_definitions/Location-Retrieval.feature b/code/Test_definitions/Location-Retrieval.feature new file mode 100644 index 00000000..0be3782c --- /dev/null +++ b/code/Test_definitions/Location-Retrieval.feature @@ -0,0 +1,270 @@ +Feature: CAMARA Device location retrieval API, v0.2.0 - Operation retrieveLocation + # Input to be provided by the imnplementation to the tester + # + # Implementation indications: + # * identifier_types_unsupported: List of device identifier types which are not supported, among: phoneNumber, networkAccessIdentifier, ipv4Address, ipv6Address + # * device_not_applicable: A device object identifying a device commercialized by the implemenation for which the service is not applicable + # * locatable_device: A device object which location is known by the network when connected. 2 distinct device are required for some scenario. + # * unlocatable_device: A device object which location cannot be provided during test by the network. + # Environment variables: + # * api_root: API root of the server URL + # + # References to OAS spec schemas refer to schemas specifies in location-retrieval.yaml, version 0.2.0 + + Background: Common retrieveLocation setup + Given the resource "/location-retrieval/v0/retrieve" | + And the header "Content-Type" is set to "application/json" + And the header "Authorization" is set to a valid access token + And the header "x-correlator" is set to a UUID value + And the request body is set by default to a request body compliant with the schema + + # Happy path scenarios + + # This first scenario serves as a minimum + @location_retrieval_01_generic_success_scenario + Scenario: Common validations for any success scenario + # Valid testing device and default request body compliant with the schema + Given the request body property "$.device" is set to config_var: "locatable_device" + When the HTTP "POST" request is sent + Then the response status code is 200 + And the response header "Content-Type" is "application/json" + And the response header "x-correlator" has same value as the request header "x-correlator" + # The response has to comply with the generic response schema which is part of the spec + And the response body complies with the OAS schema at "/components/schemas/Location" + + # The following succeess scenarios test that service is working as expected in terms of quality + # TBD the level of testing for successs scenarios + + @location_retrieval_02_location_retrieval_for_device_no_maxAge + Scenario: Retrieve location of a device without specifying maxAge + Given the testing device is connected to the network + And the request body property "$.device" is set to config_var: "locatable_device" + And the request body property "$.maxAge" is not included + When the HTTP "POST" request is sent + Then the response status code is 200 + And the response header "Content-Type" is "application/json" + And the response header "x-correlator" has same value as the request header "x-correlator" + And the response body complies with the OAS schema at "/components/schemas/Location" + + + @location_retrieval_03_location_retrieval_for_device_with_maxAge + Scenario Outline: Retrieve location of a device specifying maxAge + # maxAge could be tested with several values with scenario variable + Given the testing device is connected to the network + And the request body property "$.device" is set to config_var: "locatable_device" + And the request body property "$.maxAge" is set to: + When the HTTP "POST" request is sent + Then the response status code is 200 + And the response header "Content-Type" is "application/json" + And the response header "x-correlator" has same value as the request header "x-correlator" + And the response body complies with the OAS schema at "/components/schemas/Location" + And the response property "$.lastLocationTime" value is not older than 600 seconds from the request time + + Examples: + | max_age_value | + | 60 | + | 0 | + | 6000 | + + + @location_retrieval_04_location_retrieval_unable_to_locate_device + # Input area set to a value where the device could not be located + Scenario: Unable to provide device location without requesting maxAge + Given the request body property "$.device" is set to config_var: "unlocatable_device" + And the request body property "$.maxAge" is not included + When the HTTP "POST" request is sent + Then the response status code is 404 + And the response header "Content-Type" is "application/json" + And the response header "x-correlator" has same value as the request header "x-correlator" + And the response property "$.status" is 404 + And the response property "$.code" is "LOCATION_RETRIEVAL.DEVICE_NOT_FOUND" + And the response property "$.message" contains a user friendly text + + + @location_retrieval_05_location_retrieval_unable_to_locate_device_with_required_freshness + Scenario: Unable to provide device location with required maxAge + Given the testing device is not connected to the network for more than 60 seconds + And request body property "$.device" is set to config_var: "locatable_device" + And the request body property "$.maxAge" is set to: 60 + When the HTTP "POST" request is sent + Then the response status code is 422 + And the response header "Content-Type" is "application/json" + And the response header "x-correlator" has same value as the request header "x-correlator" + And the response property "$.status" is 422 + And the response property "$.code" is "LOCATION_RETRIEVAL.UNABLE_TO_FULFILL_MAX_AGE" + And the response property "$.message" contains a user friendly text + + # Generic device errors. Scenarios common to several APIs could be maintained in Commonalities + # And get specific test numbers + + @location_retrieval_10_device_empty + Scenario: The device value is an empty object + Given the request body property "$.device" is set to empty object + When the HTTP "POST" request is sent + Then the response status code is 400 + And the response property "$.status" is 400 + And the response property "$.code" is "INVALID_ARGUMENT" + And the response property "$.message" contains a user friendly text + + @location_retrieval_11_device_schema_compliant + # Test every type of identifier even if not supported by the implementation + Scenario Outline: Some device identifier value does not comply with the schema + Given the request body property "" does not comply with the OAS schema at "" + When the HTTP "POST" request is sent + Then the response status code is 400 + And the response property "$.status" is 400 + And the response property "$.code" is "INVALID_ARGUMENT" + And the response property "$.message" contains a user friendly text + + Examples: + | device_identifier | oas_spec_schema | + | $.device.phoneNumber | /components/schemas/PhoneNumber | + | $.device.ipv4Address | /components/schemas/NetworkAccessIdentifier | + | $.device.ipv6Address | /components/schemas/DeviceIpv4Addr | + | $.device.networkIdentifier | /components/schemas/DeviceIpv6Address | + + @location_retrieval_11.1_device_phoneNumber_schema_compliant + # Example of the scenario above with a higher level of specification + # TBD if test plan has to provide specific testing values to provoke an error + Scenario Outline: Device identifier phoneNumber value does not comply with the schema + Given the request body property "$.device.phoneNumber" is set to: + When the HTTP "POST" request is sent + Then the response status code is 400 + And the response property "$.status" is 400 + And the response property "$.code" is "INVALID_ARGUMENT" + And the response property "$.message" contains a user friendly text + + Examples: + | phone_number_value | + | string_value | + | 1234567890 | + | +12334foo22222 | + | +00012230304913849 | + | 123 | + | ++49565456787 | + + @location_retrieval_12_device_identifiers_unsupported + Scenario: None of the provided device identifiers is supported by the implementation + Given that config_var "identifier_types_unsupported" is not empty + And the request body property "$.device" only includes properties in config_var "identifier_types_unsupported" + When the HTTP "POST" request is sent + Then the response status code is 422 + And the response property "$.status" is 422 + And the response property "$.code" is "UNSUPPORTED_DEVICE_IDENTIFIERS" + And the response property "$.message" contains a user friendly text + + @location_retrieval_13_device_not_found + Scenario: Some identifier cannot be matched to a device + Given the request body property "$.device" is set to a value compliant to the OAS schema at "/components/schemas/Device" which does not identify a valid device + When the HTTP "POST" request is sent + Then the response status code is 404 + And the response property "$.status" is 404 + And the response property "$.code" is "DEVICE_NOT_FOUND" + And the response property "$.message" contains a user friendly text + + @location_retrieval_14_device_identifiers_mismatch + Scenario: Device identifiers mismatch + # To test this, at least 2 types of identifiers have to be provided, e.g. a phoneNumber and the IP address of a device associated to a different phoneNumber + Given that config_var "identifier_types_unsupported" contains at least 2 items + And the request body property "$.device" is set to several identifiers, each of them identifying a valid device + When the HTTP "POST" request is sent + Then the response status code is 422 + And the response property "$.status" is 422 + And the response property "$.code" is "DEVICE_IDENTIFIERS_MISMATCH" + And the response property "$.message" contains a user friendly text + + @location_retrieval_15_device_token_mismatch + Scenario: Inconsistent access token context for the device + # To test this, a token have to be obtained for a different device + Given the request body property "$.device" is set to config_var: "locatable_device" + And the header "Authorization" is set to a valid access token identifying a different device + When the HTTP "POST" request is sent + Then the response status code is 403 + And the response property "$.status" is 403 + And the response property "$.code" is "DEVICE_INVALID_TOKEN_CONTEXT" + And the response property "$.message" contains a user friendly text + + @location_retrieval_16_device_not_supported + Scenario: Service not available for the device + Given that config_var: "device_not_applicable" is not empty + And the request body property "$.device" is set to config_var: "device_not_applicable" + And the header "Authorization" is set to a valid access token identifying a different device + When the HTTP "POST" request is sent + Then the response status code is 422 + And the response property "$.status" is 422 + And the response property "$.code" is "DEVICE_NOT_APPLICABLE" + And the response property "$.message" contains a user friendly text + + # Generic 400 errors + + @location_retrieval_400.1_no_request_body + Scenario: Missing request body + Given the request body is not included + When the HTTP "POST" request is sent + Then the response status code is 400 + And the response property "$.status" is 400 + And the response property "$.code" is "INVALID_ARGUMENT" + And the response property "$.message" contains a user friendly text + + @location_retrieval_400.2_empty_request_body + Scenario: Empty object as request body + Given the request body is set to "{}" + When the HTTP "POST" request is sent + Then the response status code is 400 + And the response property "$.status" is 400 + And the response property "$.code" is "INVALID_ARGUMENT" + And the response property "$.message" contains a user friendly text + + # Other specific 400 errors + + @location_retrieval_400.3_max_age_schema_compliant + Scenario: Input property values doe not comply with the schema + Given the request body property "$.device" is set to config_var: "locatable_device" + And the "maxAge" is set to 6a0 + When the HTTP "POST" request is sent + Then the response status code is 400 + And the response property "$.status" is 400 + And the response property "$.code" is "INVALID_ARGUMENT" + And the response property "$.message" contains a user friendly text + + + @location_retrieval_400.4_required_device_identifier_missing + Scenario: Required device identifier is missing + Given the request body property "$.device" is not included + When the HTTP "POST" request is sent + Then the response status code is 400 + And the response property "$.status" is 400 + And the response property "$.code" is "INVALID_ARGUMENT" + And the response property "$.message" contains a user friendly text + + # Generic 401 errors + + @location_retrieval_401.1_no_authorization_header + Scenario: No Authorization header + Given the header "Authorization" is removed + When the HTTP "POST" request is sent + Then the response status code is 401 + And the response property "$.status" is 401 + And the response property "$.code" is "UNAUTHENTICATED" + And the response property "$.message" contains a user friendly text + + + @location_retrieval_401.2_expired_access_token + Scenario: Expired access token + Given the header "Authorization" is set to an expired access token + When the HTTP "POST" request is sent + Then the response status code is 401 + And the response property "$.status" is 401 + And the response property "$.code" is "UNAUTHENTICATED" + And the response property "$.message" contains a user friendly text + + + @location_retrieval_401.3_invalid_access_token + Scenario: Invalid access token + Given the header "Authorization" is set to an invalid access token + When the HTTP "POST" request is sent + Then the response status code is 401 + And the response header "Content-Type" is "application/json" + And the response property "$.status" is 401 + And the response property "$.code" is "UNAUTHENTICATED" + And the response property "$.message" contains a user friendly text diff --git a/code/Test_definitions/LocationRetrieval.feature b/code/Test_definitions/LocationRetrieval.feature deleted file mode 100644 index 691af989..00000000 --- a/code/Test_definitions/LocationRetrieval.feature +++ /dev/null @@ -1,110 +0,0 @@ -Feature: Get a device location (POST /retrieve) - - @location_retrieval_01_by_phoneNumber_or_ipv4Address_or_networkAccessIdentifier - Scenario: Get the location of a device - Given a device identified by a at a well known location - And the body parameter "maxAge" is set to 80 - When the operation "retrieveLocation" is requested - Then the response status code is 200 - And the response body should provide the area where the device is located - - Examples: - | deviceIdentifierName | - | phoneNumber | - | networkAccessIdentifier | - | ipv6Address | - And a provided maxAge of 80 seconds - When a retrieve device location request is made - Then the response status code should be 200 - And the response body should provide a valid area - - Examples: - | deviceIdentifierName | deviceIdentifierValue | - | phoneNumber | +34666111333 | - | networkAccessIdentifier | 123456789@domain.com | - | ipv6Address | 2001:db8:85a3:8d3:1319:8a2e:370:7344 | - - - @location_retrieval_02_by_ipv4Address - Scenario: Get the location of a device - Given a valid device identified by a - And a provided maxAge of 80 seconds - When a retrieve device location request is made - Then the response status code should be 200 - And the response body should provide a valid area - - Examples: - | publicAddress | privateAddress | publicPort | - | 84.125.93.10 | null | 59765 | - | 84.125.93.10 | 84.125.93.10 | null | - - - @location_retrieval_03_Missing_MaxAge - Scenario: Input did not feature a maxAge - Given a valid device identified with phoneNumber +34666111333 - When a retrieve request is made without a maxAge parameter - Then the response status code should be 200 - And the response body should provide a valid area - - - @location_retrieval_04_unretrieval_Device - Scenario: Device location cannot be returned - Given a device switch off for more than 100 seconds identified with phoneNumber +34666111333 - When a provided maxAge of 80 seconds - Then the response status code should be 400 - And the response should contain error code 'LOCATION_RETRIEVAL.MAXAGE_INVALID_ARGUMENT' - - - @location_retrieval_05_Invalid_MaxAge - Scenario: Input an invalid maxAge value (less than 60) - Given a valid device identified with phoneNumber +34666111333 - When a retrieve request is made with a valid maxAge parameter of 59 - Then the response status code should be 400 - And the response should contain error code 'INVALID_ARGUMENT' - - - @location_retrieval_06_Missing_Device_Identifier - Scenario: Perform a request without a device identifier - When a Check SimSwap request is made without a deviceIdentifier - Then the response status code should be 400 - And the response should contain error code 'INVALID_ARGUMENT' - - - @location_retrieval_07_Unknown_Device_Identifier - Scenario: Input an unknown device identifier - Given a device identified by +33999999999 - When a retrieve request is made - Then the response status code should be 404 - And the response should contain error code 'NOT_FOUND' - - - @location_retrieval_08_Unauthenticated_Request - Scenario: Perform an unauthenticated request - Given that the requester is not authenticated - When a retrieve request is made - Then the response status code should be 401 - And the response should contain error code 'UNAUTHENTICATED' - - - @location_retrieval_09_Unauthorized_Request - Scenario: Perform an unauthorized request - Given that the requester is authenticated but not authorized for this API - When a retrieve request is made - Then the response status code should be 403 - And the response should contain error code 'PERMISSION_DENIED' - - - - @location_retrieval_010_Inconsistency_Access_Token_Payload - Scenario: Perform an request - Given the phoneNumber +33666111333 is retrieved from the authentification step - And the phoneNumber is provided in the body - And a provided maxAge of 80 seconds - When a retrieve request is made - Then the response status code should be <> and > - - Examples - | bodyPhoneNumber| status | code | - | null | 200 | OK | - | +33666111333 | 200 | OK | - | +33666111339 | 403 | 'PERMISSION_DENIED' | From a92feaab8991d6947f1a274929cb46e3d30dfc42 Mon Sep 17 00:00:00 2001 From: Ludovic Robert <30499179+bigludo7@users.noreply.github.com> Date: Tue, 18 Jun 2024 16:09:31 +0200 Subject: [PATCH 6/8] Update Location-Retrieval.feature --- .../Location-Retrieval.feature | 72 +++++++++---------- 1 file changed, 33 insertions(+), 39 deletions(-) diff --git a/code/Test_definitions/Location-Retrieval.feature b/code/Test_definitions/Location-Retrieval.feature index 0be3782c..2dda10d0 100644 --- a/code/Test_definitions/Location-Retrieval.feature +++ b/code/Test_definitions/Location-Retrieval.feature @@ -1,13 +1,13 @@ Feature: CAMARA Device location retrieval API, v0.2.0 - Operation retrieveLocation - # Input to be provided by the imnplementation to the tester + # Input to be provided by the implementation to the tester # # Implementation indications: - # * identifier_types_unsupported: List of device identifier types which are not supported, among: phoneNumber, networkAccessIdentifier, ipv4Address, ipv6Address - # * device_not_applicable: A device object identifying a device commercialized by the implemenation for which the service is not applicable - # * locatable_device: A device object which location is known by the network when connected. 2 distinct device are required for some scenario. - # * unlocatable_device: A device object which location cannot be provided during test by the network. - # Environment variables: - # * api_root: API root of the server URL + # * List of device identifier types which are not supported, among: phoneNumber, networkAccessIdentifier, ipv4Address, ipv6Address + # + # Testing assets: + # * A device object which location is known by the network when connected. 2 distinct device are required for some scenario. + # * A device object identifying a device commercialized by the implementation for which the service is not applicable + # * A device object which location cannot be provided during test by the network. # # References to OAS spec schemas refer to schemas specifies in location-retrieval.yaml, version 0.2.0 @@ -24,7 +24,8 @@ Feature: CAMARA Device location retrieval API, v0.2.0 - Operation retrieveLocat @location_retrieval_01_generic_success_scenario Scenario: Common validations for any success scenario # Valid testing device and default request body compliant with the schema - Given the request body property "$.device" is set to config_var: "locatable_device" + Given the request body property "$.device" is set to a valid testing device supported by the service + And the request body is set to a valid request body When the HTTP "POST" request is sent Then the response status code is 200 And the response header "Content-Type" is "application/json" @@ -32,13 +33,12 @@ Feature: CAMARA Device location retrieval API, v0.2.0 - Operation retrieveLocat # The response has to comply with the generic response schema which is part of the spec And the response body complies with the OAS schema at "/components/schemas/Location" - # The following succeess scenarios test that service is working as expected in terms of quality - # TBD the level of testing for successs scenarios + # Scenarios testing specific situations for the device location @location_retrieval_02_location_retrieval_for_device_no_maxAge Scenario: Retrieve location of a device without specifying maxAge Given the testing device is connected to the network - And the request body property "$.device" is set to config_var: "locatable_device" + And the request body property "$.device" is set to a valid testing device supported by the service And the request body property "$.maxAge" is not included When the HTTP "POST" request is sent Then the response status code is 200 @@ -51,26 +51,20 @@ Feature: CAMARA Device location retrieval API, v0.2.0 - Operation retrieveLocat Scenario Outline: Retrieve location of a device specifying maxAge # maxAge could be tested with several values with scenario variable Given the testing device is connected to the network - And the request body property "$.device" is set to config_var: "locatable_device" - And the request body property "$.maxAge" is set to: + And the request body property "$.device" is set to a valid testing device supported by the service + And the request body property "$.maxAge" is included When the HTTP "POST" request is sent Then the response status code is 200 And the response header "Content-Type" is "application/json" And the response header "x-correlator" has same value as the request header "x-correlator" And the response body complies with the OAS schema at "/components/schemas/Location" - And the response property "$.lastLocationTime" value is not older than 600 seconds from the request time - - Examples: - | max_age_value | - | 60 | - | 0 | - | 6000 | + And the response property "$.lastLocationTime" value is not older than the value of "$.maxAge" the request time @location_retrieval_04_location_retrieval_unable_to_locate_device - # Input area set to a value where the device could not be located - Scenario: Unable to provide device location without requesting maxAge - Given the request body property "$.device" is set to config_var: "unlocatable_device" + # Input set to a device that could not be located + Scenario: Unable to provide device location + Given the request body property "$.device" is set to a valid testing device which cannot be located by the network And the request body property "$.maxAge" is not included When the HTTP "POST" request is sent Then the response status code is 404 @@ -80,12 +74,11 @@ Feature: CAMARA Device location retrieval API, v0.2.0 - Operation retrieveLocat And the response property "$.code" is "LOCATION_RETRIEVAL.DEVICE_NOT_FOUND" And the response property "$.message" contains a user friendly text - @location_retrieval_05_location_retrieval_unable_to_locate_device_with_required_freshness Scenario: Unable to provide device location with required maxAge - Given the testing device is not connected to the network for more than 60 seconds - And request body property "$.device" is set to config_var: "locatable_device" - And the request body property "$.maxAge" is set to: 60 + Given the testing device is not connected to the network for some time + And request body property "$.device" is set to a valid testing device which is not connected to the network for some time + And the request body property "$.maxAge" is set to a value shorter than that time When the HTTP "POST" request is sent Then the response status code is 422 And the response header "Content-Type" is "application/json" @@ -94,8 +87,7 @@ Feature: CAMARA Device location retrieval API, v0.2.0 - Operation retrieveLocat And the response property "$.code" is "LOCATION_RETRIEVAL.UNABLE_TO_FULFILL_MAX_AGE" And the response property "$.message" contains a user friendly text - # Generic device errors. Scenarios common to several APIs could be maintained in Commonalities - # And get specific test numbers + # Error scenarios for object device @location_retrieval_10_device_empty Scenario: The device value is an empty object @@ -145,8 +137,8 @@ Feature: CAMARA Device location retrieval API, v0.2.0 - Operation retrieveLocat @location_retrieval_12_device_identifiers_unsupported Scenario: None of the provided device identifiers is supported by the implementation - Given that config_var "identifier_types_unsupported" is not empty - And the request body property "$.device" only includes properties in config_var "identifier_types_unsupported" + Given that some type of device identifiers are not supported by the implementation + And the request body property "$.device" only includes device identifiers not supported by the implementation When the HTTP "POST" request is sent Then the response status code is 422 And the response property "$.status" is 422 @@ -155,7 +147,7 @@ Feature: CAMARA Device location retrieval API, v0.2.0 - Operation retrieveLocat @location_retrieval_13_device_not_found Scenario: Some identifier cannot be matched to a device - Given the request body property "$.device" is set to a value compliant to the OAS schema at "/components/schemas/Device" which does not identify a valid device + Given the request body property "$.device" is set to a value compliant to the OAS schema at "/components/schemas/Device" but does not identify a valid device When the HTTP "POST" request is sent Then the response status code is 404 And the response property "$.status" is 404 @@ -166,7 +158,7 @@ Feature: CAMARA Device location retrieval API, v0.2.0 - Operation retrieveLocat Scenario: Device identifiers mismatch # To test this, at least 2 types of identifiers have to be provided, e.g. a phoneNumber and the IP address of a device associated to a different phoneNumber Given that config_var "identifier_types_unsupported" contains at least 2 items - And the request body property "$.device" is set to several identifiers, each of them identifying a valid device + And the request body property "$.device" includes several identifiers, each of them identifying a valid but different device When the HTTP "POST" request is sent Then the response status code is 422 And the response property "$.status" is 422 @@ -176,8 +168,8 @@ Feature: CAMARA Device location retrieval API, v0.2.0 - Operation retrieveLocat @location_retrieval_15_device_token_mismatch Scenario: Inconsistent access token context for the device # To test this, a token have to be obtained for a different device - Given the request body property "$.device" is set to config_var: "locatable_device" - And the header "Authorization" is set to a valid access token identifying a different device + Given the request body property "$.device" is set to a valid testing device + And the header "Authorization" is set to a valid access token emitted for a different device When the HTTP "POST" request is sent Then the response status code is 403 And the response property "$.status" is 403 @@ -186,9 +178,8 @@ Feature: CAMARA Device location retrieval API, v0.2.0 - Operation retrieveLocat @location_retrieval_16_device_not_supported Scenario: Service not available for the device - Given that config_var: "device_not_applicable" is not empty - And the request body property "$.device" is set to config_var: "device_not_applicable" - And the header "Authorization" is set to a valid access token identifying a different device + Given that service is not supported for all devices commercialized by the operator + And the request body property "$.device" is set to a valid device for which the service is not applicable When the HTTP "POST" request is sent Then the response status code is 422 And the response property "$.status" is 422 @@ -219,7 +210,7 @@ Feature: CAMARA Device location retrieval API, v0.2.0 - Operation retrieveLocat @location_retrieval_400.3_max_age_schema_compliant Scenario: Input property values doe not comply with the schema - Given the request body property "$.device" is set to config_var: "locatable_device" + Given the request body property "$.device" is set to a valid testing device And the "maxAge" is set to 6a0 When the HTTP "POST" request is sent Then the response status code is 400 @@ -242,6 +233,7 @@ Feature: CAMARA Device location retrieval API, v0.2.0 - Operation retrieveLocat @location_retrieval_401.1_no_authorization_header Scenario: No Authorization header Given the header "Authorization" is removed + And the request body is set to a valid request body When the HTTP "POST" request is sent Then the response status code is 401 And the response property "$.status" is 401 @@ -252,6 +244,7 @@ Feature: CAMARA Device location retrieval API, v0.2.0 - Operation retrieveLocat @location_retrieval_401.2_expired_access_token Scenario: Expired access token Given the header "Authorization" is set to an expired access token + And the request body is set to a valid request body When the HTTP "POST" request is sent Then the response status code is 401 And the response property "$.status" is 401 @@ -262,6 +255,7 @@ Feature: CAMARA Device location retrieval API, v0.2.0 - Operation retrieveLocat @location_retrieval_401.3_invalid_access_token Scenario: Invalid access token Given the header "Authorization" is set to an invalid access token + And the request body is set to a valid request body When the HTTP "POST" request is sent Then the response status code is 401 And the response header "Content-Type" is "application/json" From 89efe6a9dced83c3a0cdadcebb84922c7e9d7383 Mon Sep 17 00:00:00 2001 From: Ludovic Robert <30499179+bigludo7@users.noreply.github.com> Date: Tue, 2 Jul 2024 11:47:23 +0200 Subject: [PATCH 7/8] Update Location-Retrieval.feature Aligned with change on error code --- code/Test_definitions/Location-Retrieval.feature | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/code/Test_definitions/Location-Retrieval.feature b/code/Test_definitions/Location-Retrieval.feature index 2dda10d0..f611ccd7 100644 --- a/code/Test_definitions/Location-Retrieval.feature +++ b/code/Test_definitions/Location-Retrieval.feature @@ -173,7 +173,7 @@ Feature: CAMARA Device location retrieval API, v0.2.0 - Operation retrieveLocat When the HTTP "POST" request is sent Then the response status code is 403 And the response property "$.status" is 403 - And the response property "$.code" is "DEVICE_INVALID_TOKEN_CONTEXT" + And the response property "$.code" is "INVALID_TOKEN_CONTEXT" And the response property "$.message" contains a user friendly text @location_retrieval_16_device_not_supported @@ -248,7 +248,7 @@ Feature: CAMARA Device location retrieval API, v0.2.0 - Operation retrieveLocat When the HTTP "POST" request is sent Then the response status code is 401 And the response property "$.status" is 401 - And the response property "$.code" is "UNAUTHENTICATED" + And the response property "$.code" is "AUTHENTICATION_REQUIRED" And the response property "$.message" contains a user friendly text From 7c66be828513f02745fde4a24eb76227f437f9cc Mon Sep 17 00:00:00 2001 From: Ludovic Robert <30499179+bigludo7@users.noreply.github.com> Date: Fri, 5 Jul 2024 10:26:52 +0200 Subject: [PATCH 8/8] Update Location-Retrieval.feature For expired access token changed code to UNAUTHENTICATED --- code/Test_definitions/Location-Retrieval.feature | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code/Test_definitions/Location-Retrieval.feature b/code/Test_definitions/Location-Retrieval.feature index f611ccd7..4c64d60b 100644 --- a/code/Test_definitions/Location-Retrieval.feature +++ b/code/Test_definitions/Location-Retrieval.feature @@ -248,7 +248,7 @@ Feature: CAMARA Device location retrieval API, v0.2.0 - Operation retrieveLocat When the HTTP "POST" request is sent Then the response status code is 401 And the response property "$.status" is 401 - And the response property "$.code" is "AUTHENTICATION_REQUIRED" + And the response property "$.code" is "UNAUTHENTICATED" And the response property "$.message" contains a user friendly text