Numberverify verify Test definition #124
initial commit of "share" test definitions
Signed-off-by: Axel Nennker <axel.nennker@telekom.de>
- Loading branch information
commit e0e2c58394d1f7b800e9d1d0c06bb57175635c1c
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,75 @@ | ||
|
|
||
|
|
||
| @NumberVerification_device_phone_number_share | ||
| Feature: Camara Number Verification API device phone number share | ||
|
|
||
| # Input to be provided by the implementation to the tests | ||
| # References to OAS spec schemas refer to schemas specified in | ||
| # https://raw.githubusercontent.com/camaraproject/NumberVerification/main/code/API_definitions/number_verification.yaml | ||
| # | ||
| # Implementation indications: | ||
| # * api_root: API root of the server URL | ||
| # | ||
| # Testing assets: | ||
| # * a mobile device with SIM card with NUMBERVERIFY_SHARE_PHONENUMBER1 | ||
| # * a mobile device with SIM card with NUMBERVERIFY_SHARE_PHONENUMBER2 | ||
|
|
||
| Background: Common Number Verification phone number share setup | ||
| Given the resource "/device-phone-number/v0" as base url | ||
| And the header "Content-Type" is set to "application/json" | ||
| And the header "Authorization" is set to a valid access token | ||
| And the header "x-correlator" is set to a UUID value | ||
| And the request body is compliant with the schema NumberVerificationRequestBody | ||
| And the response body is compliant with the schema NumberVerificationMatchResponse | ||
| And the header "x-correlator" is set to a UUID value | ||
| And NUMBERVERIFY_SHARE_PHONENUMBER1 is compliant with the schema DevicePhoneNumber | ||
| And NUMBERVERIFY_SHARE_PHONENUMBER2 is compliant with the schema DevicePhoneNumber | ||
| And NUMBERVERIFY_SHARE_PHONENUMBER1 is different to NUMBERVERIFY_SHARE_PHONENUMBER2 | ||
|
|
||
| @NumberVerification_phone_number_share100_match_true | ||
| Scenario: share phone number NUMBERVERIFY_SHARE_PHONENUMBER1, network connection and access token matches NUMBERVERIFY_SHARE_PHONENUMBER1 | ||
| Given they use the base url | ||
| And the resource is "/device-phone-number" | ||
| And they acquired a valid access token associated with NUMBERVERIFY_SHARE_PHONENUMBER1 through OIDC authorization code flow | ||
| And one of the scopes associated with the access token is number-verification:device-phone-number:read | ||
| When the HTTPS "GET" request is sent | ||
| And the response header "x-correlator" has same value as the request header "x-correlator" | ||
| And the response body complies with the OAS schema at "/components/schemas/NumberVerificationShareResponse" | ||
| Then the response status code is 200 | ||
| And the response property "$.devicePhoneNumber" is set to NUMBERVERIFY_SHARE_PHONENUMBER1 | ||
|
|
||
| @NumberVerification_phone_number_share201_missing_scope | ||
| Scenario: share phone number with valid access token but scope number-verification:device-phone-number:read is missing | ||
| Given they use the base url | ||
| And the resource is "/device-phone-number" | ||
| And they acquired a valid access token associated with NUMBERVERIFY_SHARE_PHONENUMBER1 through OIDC authorization code flow | ||
| And none of the scopes associated with the access token is number-verification:device-phone-number:read | ||
| When the HTTPS "GET" request is sent | ||
| And the request body has the field phoneNumber with a value of NUMBERVERIFY_SHARE_PHONENUMBER1 | ||
| And the response header "x-correlator" has same value as the request header "x-correlator" | ||
| And the response header "Content-Type" is "application/json" | ||
| And the response body complies with the OAS schema at "/components/schemas/NumberVerificationShareResponse" | ||
| Then the response status code is 401 | ||
| And the response property "$.status" is 401 | ||
| And the response property "$.code" is "UNAUTHENTICATED" | ||
AxelNennker marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| And the response property "$.message" is "Request not authenticated due to missing, invalid, or expired credentials." | ||
|
|
||
| @NumberVerification_phone_number_share202_expired_access_token | ||
| Scenario: share phone number with expired access token | ||
| Given they use the base url | ||
| And the resource is "/device-phone-number" | ||
| And they acquired a valid access token associated with NUMBERVERIFY_SHARE_PHONENUMBER1 through OIDC authorization code flow | ||
| And one of the scopes associated with the access token is number-verification:device-phone-number:read | ||
| When the HTTPS "GET" request is sent | ||
| And the access token has expired | ||
| And the response header "x-correlator" has same value as the request header "x-correlator" | ||
| And the response header "Content-Type" is "application/json" | ||
| And the response body complies with the OAS schema at "/components/schemas/NumberVerificationShareResponse" | ||
| Then the response status code is 401 | ||
| And the response property "$.status" is 401 | ||
| And the response property "$.code" is "AUTHENTICATION_REQUIRED" | ||
| And the response property "$.message" is "New authentication is required." | ||
|
|
||
|
|
||
|
|
||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Test included for share operation:
Pending test to be included:
cc: @bigludo7 @AxelNennker
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
regarding "pending tests" 1.
Maybe the authorization server should never create an access token if the scope is a "number verification"-scope and never did network authentication?! There is probably no way for the resource server / API endpoint to identify the authentication method used.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
regarding "pending tests" 2.
This also sounds like an internal authorization server error and should never happen - like the access token creation without network authentication for nv-scopes.
The resource server / API-endpoint can detect this condition
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://github.com/camaraproject/NumberVerification/blob/main/code/API_definitions/number_verification.yaml#L270 talks about AMR
As Camara does not specify the access token nor the information associated with it other than the API's subject like phoneNumber, this would be a NV requirement on the telco issuing access tokens
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
wdyt @bigludo7? I don't know if we can leave that validation to the authserver as something external to the API.
The auth process will validate if a phone number has access to certain scopes but I don't know if it can also check the auth method at token generation time.
And being Auth Code where the authentication is not done by the authserver itself but maybe something like an IDP.
I tend to think that is better to include the test mainly because is an error specified in the API yaml and we should cover it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not as expert that both of you on this specific point but as we have the error in the YAML we must have a test case covered it.
By preference it to have it and then we can always discuss in the future to remove it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added a test to "verify" that uses USER_NOT_AUTHENTICATED_BY_MOBILE_NETWORK
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added a test to "share" that uses USER_NOT_AUTHENTICATED_BY_MOBILE_NETWORK
https://github.com/camaraproject/NumberVerification/blob/test_definition/code/Test_Definitions/NumberVerification_device_phone_number_share.feature#L90